From 2a4a2606babf035a4970dca607338e0d49e9307f Mon Sep 17 00:00:00 2001 From: rtrimana Date: Tue, 7 Nov 2017 11:39:20 -0800 Subject: [PATCH] Adding time series analysis run script --- json/eth1.dump.json | 1215830 --------------------------- parser/parse_packet_frequency.py | 10 +- ts_analysis_run.sh | 31 + 3 files changed, 38 insertions(+), 1215833 deletions(-) delete mode 100644 json/eth1.dump.json create mode 100755 ts_analysis_run.sh diff --git a/json/eth1.dump.json b/json/eth1.dump.json deleted file mode 100644 index d61fcaa..0000000 --- a/json/eth1.dump.json +++ /dev/null @@ -1,1215830 +0,0 @@ -[ - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:46:31.460686000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493591.460686000", - "frame.time_delta": "0.000000000", - "frame.time_delta_displayed": "0.000000000", - "frame.time_relative": "0.000000000", - "frame.number": "1", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.160" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:46:31.461239000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493591.461239000", - "frame.time_delta": "0.000553000", - "frame.time_delta_displayed": "0.000553000", - "frame.time_relative": "0.000553000", - "frame.number": "2", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "00:17:88:69:ee:e4", - "arp.src.proto_ipv4": "192.168.0.160", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:46:31.525095000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493591.525095000", - "frame.time_delta": "0.063856000", - "frame.time_delta_displayed": "0.063856000", - "frame.time_relative": "0.064409000", - "frame.number": "3", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "106", - "ip.id": "0x000094e8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007861", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "54", - "tcp.seq": "1", - "tcp.nxtseq": "55", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00001f54", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:24:b0:f1:a7:9a:fb:27", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2404593, TSecr 2811951911": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2404593", - "tcp.options.timestamp.tsecr": "2811951911" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "54", - "tcp.analysis.push_bytes_sent": "54" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:8f:40:fd:3b:3e:a4:2f:33:d8:3d:bc:c6:60:44:79:44:61:7e:ac:88:d7:ed:89:13:61:c2:de:36:ba:86:be:cb:cd:ac:1a:a3:07:bd:e3:0a:70:8a" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:46:31.585328000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493591.585328000", - "frame.time_delta": "0.060233000", - "frame.time_delta_displayed": "0.060233000", - "frame.time_relative": "0.124642000", - "frame.number": "4", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002be8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003997", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "55", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000fbf4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9a:fb:74:00:24:b0:f1", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2811951988, TSecr 2404593": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2811951988", - "tcp.options.timestamp.tsecr": "2404593" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3", - "tcp.analysis.ack_rtt": "0.060233000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:46:33.000259000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493593.000259000", - "frame.time_delta": "1.414931000", - "frame.time_delta_displayed": "1.414931000", - "frame.time_relative": "1.539573000", - "frame.number": "5", - "frame.len": "136", - "frame.cap_len": "136", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "122", - "ip.id": "0x0000affd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000295c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "102", - "udp.checksum": "0x0000302a", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000003", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", - "dns.qry.name.len": "70", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:46:34.421324000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493594.421324000", - "frame.time_delta": "1.421065000", - "frame.time_delta_displayed": "1.421065000", - "frame.time_relative": "2.960638000", - "frame.number": "6", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000057ce", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a6c3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000006bf", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:46:34.559535000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493594.559535000", - "frame.time_delta": "0.138211000", - "frame.time_delta_displayed": "0.138211000", - "frame.time_relative": "3.098849000", - "frame.number": "7", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "106", - "ip.id": "0x000094e9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007860", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "54", - "tcp.seq": "55", - "tcp.nxtseq": "109", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000714d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:24:b2:21:a7:9a:fb:74", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2404897, TSecr 2811951988": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2404897", - "tcp.options.timestamp.tsecr": "2811951988" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "54", - "tcp.analysis.push_bytes_sent": "54" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:90:47:73:e4:b3:40:55:49:ce:dd:2d:ea:3a:54:db:c0:d8:86:e7:de:c4:47:a6:dd:55:5f:9a:ba:06:d3:2b:bb:33:22:7d:1e:03:fd:43:97:1b:90" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:46:34.564399000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493594.564399000", - "frame.time_delta": "0.004864000", - "frame.time_delta_displayed": "0.004864000", - "frame.time_relative": "3.103713000", - "frame.number": "8", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000fc0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fdd1", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "2", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00001134", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.ack_lost_segment": "", - "_ws.expert.message": "ACKed segment that wasn't captured (common at capture start)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:46:34.619651000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493594.619651000", - "frame.time_delta": "0.055252000", - "frame.time_delta_displayed": "0.055252000", - "frame.time_relative": "3.158965000", - "frame.number": "9", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002be9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003996", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "109", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f797", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9a:fe:6b:00:24:b2:21", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2811952747, TSecr 2404897": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2811952747", - "tcp.options.timestamp.tsecr": "2404897" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7", - "tcp.analysis.ack_rtt": "0.060116000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:46:35.983656000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493595.983656000", - "frame.time_delta": "1.364005000", - "frame.time_delta_displayed": "1.364005000", - "frame.time_relative": "4.522970000", - "frame.number": "10", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005ab2", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x00005d37", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:46:40.218247000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493600.218247000", - "frame.time_delta": "4.234591000", - "frame.time_delta_displayed": "4.234591000", - "frame.time_relative": "8.757561000", - "frame.number": "11", - "frame.len": "130", - "frame.cap_len": "130", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "116", - "ip.id": "0x00000a7c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ee14", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "96", - "udp.checksum": "0x0000af75", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "58:00:00:54:42:52:4b:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:00:c4:01:79:55:6e:cc:f2:14:6b:00:00:00:52:a0:21:21:33:33:34:21:00:00:00:00:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", - "data.len": "88" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:46:53.696454000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493613.696454000", - "frame.time_delta": "13.478207000", - "frame.time_delta_displayed": "13.478207000", - "frame.time_relative": "22.235768000", - "frame.number": "12", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "50:c7:bf:59:d5:84", - "eth.src_tree": { - "eth.src_resolved": "Tp-LinkT_59:d5:84", - "eth.addr": "50:c7:bf:59:d5:84", - "eth.addr_resolved": "Tp-LinkT_59:d5:84", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "50:c7:bf:59:d5:84", - "arp.src.proto_ipv4": "192.168.0.221", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:46:54.771721000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493614.771721000", - "frame.time_delta": "1.075267000", - "frame.time_delta_displayed": "1.075267000", - "frame.time_relative": "23.311035000", - "frame.number": "13", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:igmp:igmp" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_16", - "eth.addr": "01:00:5e:00:00:16", - "eth.addr_resolved": "IPv4mcast_16", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "24", - "ip.dsfield": "0x000000c0", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "48", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "2", - "ip.checksum": "0x000042dc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.22", - "ip.addr": "224.0.0.22", - "ip.dst_host": "224.0.0.22", - "ip.host": "224.0.0.22", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "Options: (4 bytes), Router Alert": { - "Router Alert (4 bytes): Router shall examine packet (0)": { - "ip.opt.type": "148", - "ip.opt.type_tree": { - "ip.opt.type.copy": "1", - "ip.opt.type.class": "0", - "ip.opt.type.number": "20" - }, - "ip.opt.len": "4", - "ip.opt.ra": "0" - } - } - }, - "igmp": { - "igmp.version": "3", - "igmp.type": "0x00000022", - "igmp.reserved": "00", - "igmp.checksum": "0x0000fa02", - "igmp.checksum.status": "1", - "igmp.reserved": "00:00", - "igmp.num_grp_recs": "1", - "Group Record : 224.0.0.251 Change To Include Mode": { - "igmp.record_type": "3", - "igmp.aux_data_len": "0", - "igmp.num_src": "0", - "igmp.maddr": "224.0.0.251" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:46:55.758033000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493615.758033000", - "frame.time_delta": "0.986312000", - "frame.time_delta_displayed": "0.986312000", - "frame.time_relative": "24.297347000", - "frame.number": "14", - "frame.len": "20", - "frame.cap_len": "20", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:llc" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.len": "6" - }, - "llc": { - "llc.dsap": "0x00000000", - "llc.dsap_tree": { - "llc.dsap.sap": "0", - "llc.dsap.ig": "0" - }, - "llc.ssap": "0x00000001", - "llc.ssap_tree": { - "llc.ssap.sap": "0", - "llc.ssap.cr": "1" - }, - "llc.control": "0x000000af", - "llc.control_tree": { - "llc.control.u_modifier_resp": "0x0000002b", - "llc.control.ftype": "0x00000003" - } - }, - "basicxid": { - "basicxid.llc.xid.format": "0x00000081", - "basicxid.llc.xid.types": "0x00000001", - "basicxid.llc.xid.wsize": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:46:56.017456000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493616.017456000", - "frame.time_delta": "0.259423000", - "frame.time_delta_displayed": "0.259423000", - "frame.time_relative": "24.556770000", - "frame.number": "15", - "frame.len": "350", - "frame.cap_len": "350", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:bootp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "336", - "ip.id": "0x00000000", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ba9d", - "ip.checksum.status": "2", - "ip.src": "0.0.0.0", - "ip.addr": "0.0.0.0", - "ip.src_host": "0.0.0.0", - "ip.host": "0.0.0.0", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "68", - "udp.dstport": "67", - "udp.port": "68", - "udp.port": "67", - "udp.length": "316", - "udp.checksum": "0x00004f9e", - "udp.checksum.status": "2", - "udp.stream": "3" - }, - "bootp": { - "bootp.type": "1", - "bootp.hw.type": "0x00000001", - "bootp.hw.len": "6", - "bootp.hops": "0", - "bootp.id": "0xabcd0001", - "bootp.secs": "0", - "bootp.flags": "0x00000000", - "bootp.flags_tree": { - "bootp.flags.bc": "0", - "bootp.flags.reserved": "0x00000000" - }, - "bootp.ip.client": "0.0.0.0", - "bootp.ip.your": "0.0.0.0", - "bootp.ip.server": "0.0.0.0", - "bootp.ip.relay": "0.0.0.0", - "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", - "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", - "bootp.server": "", - "bootp.file": "", - "bootp.dhcp": "1", - "bootp.cookie": "99.130.83.99", - "bootp.option.type": "53", - "bootp.option.type_tree": { - "bootp.option.length": "1", - "bootp.option.value": "01", - "bootp.option.dhcp": "1" - }, - "bootp.option.type": "12", - "bootp.option.type_tree": { - "bootp.option.length": "14", - "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", - "bootp.option.hostname": "USR-WIFI232-G2" - }, - "bootp.option.type": "57", - "bootp.option.type_tree": { - "bootp.option.length": "2", - "bootp.option.value": "05:dc", - "bootp.option.dhcp_max_message_size": "1500" - }, - "bootp.option.type": "55", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "01:03:1c:06", - "bootp.option.request_list_item": "1", - "bootp.option.request_list_item": "3", - "bootp.option.request_list_item": "28", - "bootp.option.request_list_item": "6" - }, - "bootp.option.type": "0", - "bootp.option.type_tree": { - "bootp.option.end": "255" - }, - "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:46:56.033832000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493616.033832000", - "frame.time_delta": "0.016376000", - "frame.time_delta_displayed": "0.016376000", - "frame.time_relative": "24.573146000", - "frame.number": "16", - "frame.len": "350", - "frame.cap_len": "350", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:bootp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "336", - "ip.id": "0x00000001", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ba9c", - "ip.checksum.status": "2", - "ip.src": "0.0.0.0", - "ip.addr": "0.0.0.0", - "ip.src_host": "0.0.0.0", - "ip.host": "0.0.0.0", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "68", - "udp.dstport": "67", - "udp.port": "68", - "udp.port": "67", - "udp.length": "316", - "udp.checksum": "0x000080b3", - "udp.checksum.status": "2", - "udp.stream": "3" - }, - "bootp": { - "bootp.type": "1", - "bootp.hw.type": "0x00000001", - "bootp.hw.len": "6", - "bootp.hops": "0", - "bootp.id": "0xabcd0002", - "bootp.secs": "0", - "bootp.flags": "0x00000000", - "bootp.flags_tree": { - "bootp.flags.bc": "0", - "bootp.flags.reserved": "0x00000000" - }, - "bootp.ip.client": "0.0.0.0", - "bootp.ip.your": "0.0.0.0", - "bootp.ip.server": "0.0.0.0", - "bootp.ip.relay": "0.0.0.0", - "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", - "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", - "bootp.server": "", - "bootp.file": "", - "bootp.dhcp": "1", - "bootp.cookie": "99.130.83.99", - "bootp.option.type": "53", - "bootp.option.type_tree": { - "bootp.option.length": "1", - "bootp.option.value": "03", - "bootp.option.dhcp": "3" - }, - "bootp.option.type": "12", - "bootp.option.type_tree": { - "bootp.option.length": "14", - "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", - "bootp.option.hostname": "USR-WIFI232-G2" - }, - "bootp.option.type": "57", - "bootp.option.type_tree": { - "bootp.option.length": "2", - "bootp.option.value": "05:dc", - "bootp.option.dhcp_max_message_size": "1500" - }, - "bootp.option.type": "50", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "c0:a8:00:72", - "bootp.option.requested_ip_address": "192.168.0.114" - }, - "bootp.option.type": "54", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "c0:a8:00:01", - "bootp.option.dhcp_server_id": "192.168.0.1" - }, - "bootp.option.type": "55", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "01:03:1c:06", - "bootp.option.request_list_item": "1", - "bootp.option.request_list_item": "3", - "bootp.option.request_list_item": "28", - "bootp.option.request_list_item": "6" - }, - "bootp.option.type": "0", - "bootp.option.type_tree": { - "bootp.option.end": "255" - }, - "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:46:56.048621000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493616.048621000", - "frame.time_delta": "0.014789000", - "frame.time_delta_displayed": "0.014789000", - "frame.time_relative": "24.587935000", - "frame.number": "17", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", - "arp.src.proto_ipv4": "0.0.0.0", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.114" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:46:56.132571000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493616.132571000", - "frame.time_delta": "0.083950000", - "frame.time_delta_displayed": "0.083950000", - "frame.time_relative": "24.671885000", - "frame.number": "18", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", - "arp.src.proto_ipv4": "0.0.0.0", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.114" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:46:58.485460000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493618.485460000", - "frame.time_delta": "2.352889000", - "frame.time_delta_displayed": "2.352889000", - "frame.time_relative": "27.024774000", - "frame.number": "19", - "frame.len": "90", - "frame.cap_len": "90", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ntp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000010", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "4", - "ip.dsfield.ecn": "0" - }, - "ip.len": "76", - "ip.id": "0x00004864", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000106c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "74.117.214.3", - "ip.addr": "74.117.214.3", - "ip.dst_host": "74.117.214.3", - "ip.host": "74.117.214.3", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS4539 Schweitzer Engineering Laboratories, Inc., Pullman, WA, 46.732201, -117.245598": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS4539 Schweitzer Engineering Laboratories, Inc.", - "ip.geoip.asnum": "AS4539 Schweitzer Engineering Laboratories, Inc.", - "ip.geoip.dst_city": "Pullman, WA", - "ip.geoip.city": "Pullman, WA", - "ip.geoip.dst_lat": "46.732201", - "ip.geoip.lat": "46.732201", - "ip.geoip.dst_lon": "-117.245598", - "ip.geoip.lon": "-117.245598" - } - }, - "udp": { - "udp.srcport": "34835", - "udp.dstport": "123", - "udp.port": "34835", - "udp.port": "123", - "udp.length": "56", - "udp.checksum": "0x0000311c", - "udp.checksum.status": "2", - "udp.stream": "4" - }, - "ntp": { - "ntp.flags": "0x00000023", - "ntp.flags_tree": { - "ntp.flags.li": "0", - "ntp.flags.vn": "4", - "ntp.flags.mode": "3" - }, - "ntp.stratum": "0", - "ntp.ppoll": "0", - "ntp.precision": "0", - "ntp.rootdelay": "0", - "ntp.rootdispersion": "0", - "ntp.refid": "00:00:00:00", - "ntp.reftime": "Dec 31, 1969 16:00:00.000000000 PST", - "ntp.org": "Dec 31, 1969 16:00:00.000000000 PST", - "ntp.rec": "Dec 31, 1969 16:00:00.000000000 PST", - "ntp.xmt": "Jan 7, 2089 02:20:12.279176000 PST" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:46:58.525889000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493618.525889000", - "frame.time_delta": "0.040429000", - "frame.time_delta_displayed": "0.040429000", - "frame.time_relative": "27.065203000", - "frame.number": "20", - "frame.len": "90", - "frame.cap_len": "90", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ntp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "76", - "ip.id": "0x0000c8eb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "44", - "ip.proto": "17", - "ip.checksum": "0x0000a3f4", - "ip.checksum.status": "2", - "ip.src": "74.117.214.3", - "ip.addr": "74.117.214.3", - "ip.src_host": "74.117.214.3", - "ip.host": "74.117.214.3", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS4539 Schweitzer Engineering Laboratories, Inc., Pullman, WA, 46.732201, -117.245598": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS4539 Schweitzer Engineering Laboratories, Inc.", - "ip.geoip.asnum": "AS4539 Schweitzer Engineering Laboratories, Inc.", - "ip.geoip.src_city": "Pullman, WA", - "ip.geoip.city": "Pullman, WA", - "ip.geoip.src_lat": "46.732201", - "ip.geoip.lat": "46.732201", - "ip.geoip.src_lon": "-117.245598", - "ip.geoip.lon": "-117.245598" - }, - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "123", - "udp.dstport": "34835", - "udp.port": "123", - "udp.port": "34835", - "udp.length": "56", - "udp.checksum": "0x000063c1", - "udp.checksum.status": "2", - "udp.stream": "4" - }, - "ntp": { - "ntp.flags": "0x00000024", - "ntp.flags_tree": { - "ntp.flags.li": "0", - "ntp.flags.vn": "4", - "ntp.flags.mode": "4" - }, - "ntp.stratum": "1", - "ntp.ppoll": "3", - "ntp.precision": "-23", - "ntp.rootdelay": "0", - "ntp.rootdispersion": "0.001068115234375", - "ntp.refid": "50:50:53:00", - "ntp.reftime": "Oct 31, 2017 16:46:53.114475000 PDT", - "ntp.org": "Jan 7, 2089 02:20:12.279176000 PST", - "ntp.rec": "Oct 31, 2017 16:46:58.514446000 PDT", - "ntp.xmt": "Oct 31, 2017 16:46:58.514477000 PDT" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:00.543661000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493620.543661000", - "frame.time_delta": "2.017772000", - "frame.time_delta_displayed": "2.017772000", - "frame.time_relative": "29.082975000", - "frame.number": "21", - "frame.len": "115", - "frame.cap_len": "115", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "101", - "ip.id": "0x000094ea", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007864", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "49", - "tcp.seq": "109", - "tcp.nxtseq": "158", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00005de4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:24:bc:47:a7:9a:fe:6b", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2407495, TSecr 2811952747": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2407495", - "tcp.options.timestamp.tsecr": "2811952747" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "49", - "tcp.analysis.push_bytes_sent": "49" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "44", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:91:96:6d:d1:4d:44:24:23:66:a2:95:ac:22:a2:1e:a9:8c:7d:3a:ba:54:0b:7a:83:23:4b:76:94:8b:6a:3b:c2:e4:f3:9b:15:67" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:00.603876000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493620.603876000", - "frame.time_delta": "0.060215000", - "frame.time_delta_displayed": "0.060215000", - "frame.time_relative": "29.143190000", - "frame.number": "22", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002bea", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003995", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "158", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000d3e0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9b:17:cb:00:24:bc:47", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2811959243, TSecr 2407495": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2811959243", - "tcp.options.timestamp.tsecr": "2407495" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "21", - "tcp.analysis.ack_rtt": "0.060215000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:00.604430000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493620.604430000", - "frame.time_delta": "0.000554000", - "frame.time_delta_displayed": "0.000554000", - "frame.time_relative": "29.143744000", - "frame.number": "23", - "frame.len": "121", - "frame.cap_len": "121", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "107", - "ip.id": "0x00002beb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000395d", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "55", - "tcp.seq": "1", - "tcp.nxtseq": "56", - "tcp.ack": "158", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000913d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9b:17:cb:00:24:bc:47", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2811959243, TSecr 2407495": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2811959243", - "tcp.options.timestamp.tsecr": "2407495" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "55", - "tcp.analysis.push_bytes_sent": "55" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "50", - "ssl.app_data": "34:cd:34:17:47:48:0e:2d:cd:91:0a:2a:7b:f0:0d:6f:02:ea:4c:c2:c1:25:61:5c:a0:94:d4:c7:75:e1:78:0d:a0:ed:b3:8c:e2:31:ea:1a:39:f2:81:f0:4e:c0:99:a3:a6:f9" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:00.638103000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493620.638103000", - "frame.time_delta": "0.033673000", - "frame.time_delta_displayed": "0.033673000", - "frame.time_relative": "29.177417000", - "frame.number": "24", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x000094eb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007894", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "158", - "tcp.ack": "56", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000d2b0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:24:bc:51:a7:9b:17:cb", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2407505, TSecr 2811959243": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2407505", - "tcp.options.timestamp.tsecr": "2811959243" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "23", - "tcp.analysis.ack_rtt": "0.033673000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:01.221862000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493621.221862000", - "frame.time_delta": "0.583759000", - "frame.time_delta_displayed": "0.583759000", - "frame.time_relative": "29.761176000", - "frame.number": "25", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", - "arp.src.proto_ipv4": "192.168.0.114", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:03.491176000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493623.491176000", - "frame.time_delta": "2.269314000", - "frame.time_delta_displayed": "2.269314000", - "frame.time_relative": "32.030490000", - "frame.number": "26", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "00:17:88:69:ee:e4", - "arp.src.proto_ipv4": "192.168.0.160", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:03.491268000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493623.491268000", - "frame.time_delta": "0.000092000", - "frame.time_delta_displayed": "0.000092000", - "frame.time_relative": "32.030582000", - "frame.number": "27", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:17:88:69:ee:e4", - "arp.dst.proto_ipv4": "192.168.0.160" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:03.527902000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493623.527902000", - "frame.time_delta": "0.036634000", - "frame.time_delta_displayed": "0.036634000", - "frame.time_relative": "32.067216000", - "frame.number": "28", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001cc7", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000bb29", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1315", - "udp.dstport": "5353", - "udp.port": "1315", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x000013a3", - "udp.checksum.status": "2", - "udp.stream": "5" - }, - "mdns": { - "dns.id": "0x0000025a", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=602", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=58873" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:03.528427000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493623.528427000", - "frame.time_delta": "0.000525000", - "frame.time_delta_displayed": "0.000525000", - "frame.time_relative": "32.067741000", - "frame.number": "29", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001cc8", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009c24", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1315", - "udp.dstport": "5353", - "udp.port": "1315", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f49e", - "udp.checksum.status": "2", - "udp.stream": "6" - }, - "mdns": { - "dns.id": "0x0000025a", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=602", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=58873" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:03.529067000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493623.529067000", - "frame.time_delta": "0.000640000", - "frame.time_delta_displayed": "0.000640000", - "frame.time_relative": "32.068381000", - "frame.number": "30", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1316", - "udp.dstport": "5353", - "udp.port": "1316", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00008264", - "udp.checksum.status": "2", - "udp.stream": "7" - }, - "mdns": { - "dns.id": "0x0000025a", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=602", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=58873" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:04.561273000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493624.561273000", - "frame.time_delta": "1.032206000", - "frame.time_delta_displayed": "1.032206000", - "frame.time_relative": "33.100587000", - "frame.number": "31", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000057cf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a6c2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000006bf", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "tcp.analysis.duplicate_ack": "" - }, - "tcp.analysis.duplicate_ack_num": "1", - "tcp.analysis.duplicate_ack_frame": "6", - "tcp.analysis.duplicate_ack_frame_tree": { - "_ws.expert": { - "tcp.analysis.duplicate_ack": "", - "_ws.expert.message": "Duplicate ACK (#1)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:04.704683000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493624.704683000", - "frame.time_delta": "0.143410000", - "frame.time_delta_displayed": "0.143410000", - "frame.time_relative": "33.243997000", - "frame.number": "32", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000fc1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fdd0", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "2", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00001134", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.ack_lost_segment": "", - "_ws.expert.message": "ACKed segment that wasn't captured (common at capture start)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - }, - "tcp.analysis.duplicate_ack": "" - }, - "tcp.analysis.duplicate_ack_num": "1", - "tcp.analysis.duplicate_ack_frame": "8", - "tcp.analysis.duplicate_ack_frame_tree": { - "_ws.expert": { - "tcp.analysis.duplicate_ack": "", - "_ws.expert.message": "Duplicate ACK (#1)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:05.302997000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493625.302997000", - "frame.time_delta": "0.598314000", - "frame.time_delta_displayed": "0.598314000", - "frame.time_relative": "33.842311000", - "frame.number": "33", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x00003bf8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00008d5f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:05.355881000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493625.355881000", - "frame.time_delta": "0.052884000", - "frame.time_delta_displayed": "0.052884000", - "frame.time_relative": "33.895195000", - "frame.number": "34", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x00003bfc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00008d5b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:05.408741000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493625.408741000", - "frame.time_delta": "0.052860000", - "frame.time_delta_displayed": "0.052860000", - "frame.time_relative": "33.948055000", - "frame.number": "35", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x00003c01", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00008d4d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:05.461937000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493625.461937000", - "frame.time_delta": "0.053196000", - "frame.time_delta_displayed": "0.053196000", - "frame.time_relative": "34.001251000", - "frame.number": "36", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x00003c05", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00008d49", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:05.514848000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493625.514848000", - "frame.time_delta": "0.052911000", - "frame.time_delta_displayed": "0.052911000", - "frame.time_relative": "34.054162000", - "frame.number": "37", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x00003c06", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00008d4e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:05.567770000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493625.567770000", - "frame.time_delta": "0.052922000", - "frame.time_delta_displayed": "0.052922000", - "frame.time_relative": "34.107084000", - "frame.number": "38", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x00003c08", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00008d4c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:05.610387000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493625.610387000", - "frame.time_delta": "0.042617000", - "frame.time_delta_displayed": "0.042617000", - "frame.time_relative": "34.149701000", - "frame.number": "39", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.242" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:05.610787000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493625.610787000", - "frame.time_delta": "0.000400000", - "frame.time_delta_displayed": "0.000400000", - "frame.time_relative": "34.150101000", - "frame.number": "40", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "d0:52:a8:a3:60:0f", - "arp.src.proto_ipv4": "192.168.0.242", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:05.984178000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493625.984178000", - "frame.time_delta": "0.373391000", - "frame.time_delta_displayed": "0.373391000", - "frame.time_relative": "34.523492000", - "frame.number": "41", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005ab9", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x00005d30", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:07.419592000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493627.419592000", - "frame.time_delta": "1.435414000", - "frame.time_delta_displayed": "1.435414000", - "frame.time_relative": "35.958906000", - "frame.number": "42", - "frame.len": "130", - "frame.cap_len": "130", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "116", - "ip.id": "0x00000a7e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ee12", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "96", - "udp.checksum": "0x0000a334", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:28:84:cf:a8:aa:74:cc:f2:14:6b:00:00:00:52:a0:21:21:33:33:34:21:00:00:00:00:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", - "data.len": "88" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:08.528314000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493628.528314000", - "frame.time_delta": "1.108722000", - "frame.time_delta_displayed": "1.108722000", - "frame.time_relative": "37.067628000", - "frame.number": "43", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001ccc", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000bb24", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1315", - "udp.dstport": "5353", - "udp.port": "1315", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x000013a3", - "udp.checksum.status": "2", - "udp.stream": "5" - }, - "mdns": { - "dns.id": "0x0000025a", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=602", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=58873" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:08.528845000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493628.528845000", - "frame.time_delta": "0.000531000", - "frame.time_delta_displayed": "0.000531000", - "frame.time_relative": "37.068159000", - "frame.number": "44", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001ccd", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009c1f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1315", - "udp.dstport": "5353", - "udp.port": "1315", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f49e", - "udp.checksum.status": "2", - "udp.stream": "6" - }, - "mdns": { - "dns.id": "0x0000025a", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=602", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=58873" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:08.529437000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493628.529437000", - "frame.time_delta": "0.000592000", - "frame.time_delta_displayed": "0.000592000", - "frame.time_relative": "37.068751000", - "frame.number": "45", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1316", - "udp.dstport": "5353", - "udp.port": "1316", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00008264", - "udp.checksum.status": "2", - "udp.stream": "7" - }, - "mdns": { - "dns.id": "0x0000025a", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=602", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=58873" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:09.719995000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493629.719995000", - "frame.time_delta": "1.190558000", - "frame.time_delta_displayed": "1.190558000", - "frame.time_relative": "38.259309000", - "frame.number": "46", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.160" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:09.720362000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493629.720362000", - "frame.time_delta": "0.000367000", - "frame.time_delta_displayed": "0.000367000", - "frame.time_relative": "38.259676000", - "frame.number": "47", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "00:17:88:69:ee:e4", - "arp.src.proto_ipv4": "192.168.0.160", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:13.528861000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493633.528861000", - "frame.time_delta": "3.808499000", - "frame.time_delta_displayed": "3.808499000", - "frame.time_relative": "42.068175000", - "frame.number": "48", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001cce", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000bb22", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1315", - "udp.dstport": "5353", - "udp.port": "1315", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x000013a3", - "udp.checksum.status": "2", - "udp.stream": "5" - }, - "mdns": { - "dns.id": "0x0000025a", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=602", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=58873" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:13.529225000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493633.529225000", - "frame.time_delta": "0.000364000", - "frame.time_delta_displayed": "0.000364000", - "frame.time_relative": "42.068539000", - "frame.number": "49", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001ccf", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009c1d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1315", - "udp.dstport": "5353", - "udp.port": "1315", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f49e", - "udp.checksum.status": "2", - "udp.stream": "6" - }, - "mdns": { - "dns.id": "0x0000025a", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=602", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=58873" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:13.530911000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493633.530911000", - "frame.time_delta": "0.001686000", - "frame.time_delta_displayed": "0.001686000", - "frame.time_relative": "42.070225000", - "frame.number": "50", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1316", - "udp.dstport": "5353", - "udp.port": "1316", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00008264", - "udp.checksum.status": "2", - "udp.stream": "7" - }, - "mdns": { - "dns.id": "0x0000025a", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=602", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=58873" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:13.541745000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493633.541745000", - "frame.time_delta": "0.010834000", - "frame.time_delta_displayed": "0.010834000", - "frame.time_relative": "42.081059000", - "frame.number": "51", - "frame.len": "90", - "frame.cap_len": "90", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ntp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000010", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "4", - "ip.dsfield.ecn": "0" - }, - "ip.len": "76", - "ip.id": "0x000075f1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000038ed", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "216.93.242.12", - "ip.addr": "216.93.242.12", - "ip.dst_host": "216.93.242.12", - "ip.host": "216.93.242.12", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS27552 TowardEX Technologies International, Inc., Boston, MA, 42.358398, -71.059799": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS27552 TowardEX Technologies International, Inc.", - "ip.geoip.asnum": "AS27552 TowardEX Technologies International, Inc.", - "ip.geoip.dst_city": "Boston, MA", - "ip.geoip.city": "Boston, MA", - "ip.geoip.dst_lat": "42.358398", - "ip.geoip.lat": "42.358398", - "ip.geoip.dst_lon": "-71.059799", - "ip.geoip.lon": "-71.059799" - } - }, - "udp": { - "udp.srcport": "40339", - "udp.dstport": "123", - "udp.port": "40339", - "udp.port": "123", - "udp.length": "56", - "udp.checksum": "0x00009ecf", - "udp.checksum.status": "2", - "udp.stream": "9" - }, - "ntp": { - "ntp.flags": "0x00000023", - "ntp.flags_tree": { - "ntp.flags.li": "0", - "ntp.flags.vn": "4", - "ntp.flags.mode": "3" - }, - "ntp.stratum": "0", - "ntp.ppoll": "0", - "ntp.precision": "0", - "ntp.rootdelay": "0", - "ntp.rootdispersion": "0", - "ntp.refid": "00:00:00:00", - "ntp.reftime": "Dec 31, 1969 16:00:00.000000000 PST", - "ntp.org": "Dec 31, 1969 16:00:00.000000000 PST", - "ntp.rec": "Dec 31, 1969 16:00:00.000000000 PST", - "ntp.xmt": "Jun 10, 2096 18:29:07.167176000 PDT" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:13.621058000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493633.621058000", - "frame.time_delta": "0.079313000", - "frame.time_delta_displayed": "0.079313000", - "frame.time_relative": "42.160372000", - "frame.number": "52", - "frame.len": "90", - "frame.cap_len": "90", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ntp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "76", - "ip.id": "0x000086d8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "48", - "ip.proto": "17", - "ip.checksum": "0x00003816", - "ip.checksum.status": "2", - "ip.src": "216.93.242.12", - "ip.addr": "216.93.242.12", - "ip.src_host": "216.93.242.12", - "ip.host": "216.93.242.12", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS27552 TowardEX Technologies International, Inc., Boston, MA, 42.358398, -71.059799": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS27552 TowardEX Technologies International, Inc.", - "ip.geoip.asnum": "AS27552 TowardEX Technologies International, Inc.", - "ip.geoip.src_city": "Boston, MA", - "ip.geoip.city": "Boston, MA", - "ip.geoip.src_lat": "42.358398", - "ip.geoip.lat": "42.358398", - "ip.geoip.src_lon": "-71.059799", - "ip.geoip.lon": "-71.059799" - }, - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "123", - "udp.dstport": "40339", - "udp.port": "123", - "udp.port": "40339", - "udp.length": "56", - "udp.checksum": "0x00003b96", - "udp.checksum.status": "2", - "udp.stream": "9" - }, - "ntp": { - "ntp.flags": "0x00000024", - "ntp.flags_tree": { - "ntp.flags.li": "0", - "ntp.flags.vn": "4", - "ntp.flags.mode": "4" - }, - "ntp.stratum": "2", - "ntp.ppoll": "3", - "ntp.precision": "-23", - "ntp.rootdelay": "0.0053558349609375", - "ntp.rootdispersion": "0.03155517578125", - "ntp.refid": "c8:62:c4:d4", - "ntp.reftime": "Oct 31, 2017 16:33:49.359642000 PDT", - "ntp.org": "Jun 10, 2096 18:29:07.167176000 PDT", - "ntp.rec": "Oct 31, 2017 16:47:13.588613000 PDT", - "ntp.xmt": "Oct 31, 2017 16:47:13.588671000 PDT" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:13.746762000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493633.746762000", - "frame.time_delta": "0.125704000", - "frame.time_delta_displayed": "0.125704000", - "frame.time_relative": "42.286076000", - "frame.number": "53", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "60:f1:89:96:45:f6", - "arp.src.proto_ipv4": "192.168.0.86", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:25.218154000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493645.218154000", - "frame.time_delta": "11.471392000", - "frame.time_delta_displayed": "11.471392000", - "frame.time_relative": "53.757468000", - "frame.number": "54", - "frame.len": "80", - "frame.cap_len": "80", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "66", - "ip.id": "0x00000a80", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ee42", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "46", - "udp.checksum": "0x00007e94", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "26:00:00:54:42:52:4b:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:00:84:41:9f:cf:78:cc:f2:14:6f:00:00:00:c1:0b", - "data.len": "38" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:26.083960000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493646.083960000", - "frame.time_delta": "0.865806000", - "frame.time_delta_displayed": "0.865806000", - "frame.time_relative": "54.623274000", - "frame.number": "55", - "frame.len": "264", - "frame.cap_len": "264", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "250", - "ip.id": "0x00002bec", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038cd", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "198", - "tcp.seq": "56", - "tcp.nxtseq": "254", - "tcp.ack": "158", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00007695", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9b:30:ad:00:24:bc:51", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2811965613, TSecr 2407505": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2811965613", - "tcp.options.timestamp.tsecr": "2407505" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "198", - "tcp.analysis.push_bytes_sent": "198" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "193", - "ssl.app_data": "34:cd:34:17:47:48:0e:2e:ee:3f:a7:c9:bc:b0:9f:d9:c7:77:ff:f8:d5:80:aa:68:73:b1:2f:53:62:1f:d4:32:93:57:02:85:54:a8:6e:f7:42:17:b5:18:2d:f5:51:18:5f:e5:0b:6c:64:e2:90:d4:46:86:b7:f8:ed:69:35:4e:50:5b:8c:78:d3:4a:4e:6f:0e:12:ce:69:c3:ea:b8:31:ca:f4:92:44:78:b1:c6:3c:1b:a2:5b:47:0e:55:bb:72:63:e2:17:87:e6:fe:0c:1d:a2:0f:df:eb:6c:db:de:93:3e:87:04:4e:67:6e:9b:71:0e:2a:ef:43:0f:22:47:f7:a9:84:3f:b8:d2:24:ed:8a:a1:1c:9b:d6:b4:1e:ab:30:42:20:20:79:f3:c9:cf:66:e0:9e:3e:38:45:1c:d7:b3:37:e7:0b:b3:89:f9:c8:54:2a:b7:f8:b6:ec:31:d9:65:73:65:f8:7c:d2:b5:41:38:ec:78:be:b1:75:8c:07:8c:5b" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:26.084449000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493646.084449000", - "frame.time_delta": "0.000489000", - "frame.time_delta_displayed": "0.000489000", - "frame.time_relative": "54.623763000", - "frame.number": "56", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x000094ec", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007893", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "158", - "tcp.ack": "254", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000af18", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:24:c6:41:a7:9b:30:ad", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2410049, TSecr 2811965613": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2410049", - "tcp.options.timestamp.tsecr": "2811965613" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "55", - "tcp.analysis.ack_rtt": "0.000489000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:26.093607000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493646.093607000", - "frame.time_delta": "0.009158000", - "frame.time_delta_displayed": "0.009158000", - "frame.time_relative": "54.632921000", - "frame.number": "57", - "frame.len": "119", - "frame.cap_len": "119", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "105", - "ip.id": "0x000094ed", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000785d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "53", - "tcp.seq": "158", - "tcp.nxtseq": "211", - "tcp.ack": "254", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00001096", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:24:c6:42:a7:9b:30:ad", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2410050, TSecr 2811965613": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2410050", - "tcp.options.timestamp.tsecr": "2811965613" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "53", - "tcp.analysis.push_bytes_sent": "53" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "48", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:92:ea:b5:ea:52:5f:79:7f:ed:24:82:0c:61:88:ff:f9:75:9c:b5:d1:61:d4:68:42:e7:9f:b5:88:74:80:8d:23:8d:e6:97:e8:4e:34:b2:67:f8" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:26.190175000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493646.190175000", - "frame.time_delta": "0.096568000", - "frame.time_delta_displayed": "0.096568000", - "frame.time_relative": "54.729489000", - "frame.number": "58", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002bed", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003992", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "254", - "tcp.ack": "211", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000afb6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9b:30:c8:00:24:c6:42", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2811965640, TSecr 2410050": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2811965640", - "tcp.options.timestamp.tsecr": "2410050" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "57", - "tcp.analysis.ack_rtt": "0.096568000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:26.190781000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493646.190781000", - "frame.time_delta": "0.000606000", - "frame.time_delta_displayed": "0.000606000", - "frame.time_relative": "54.730095000", - "frame.number": "59", - "frame.len": "1442", - "frame.cap_len": "1442", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1428", - "ip.id": "0x000094ee", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007331", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "1376", - "tcp.seq": "211", - "tcp.nxtseq": "1587", - "tcp.ack": "254", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000ee28", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:24:c6:4c:a7:9b:30:c8", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2410060, TSecr 2811965640": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2410060", - "tcp.options.timestamp.tsecr": "2811965640" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "1376", - "tcp.analysis.push_bytes_sent": "1376" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:93:8b:91:05:ee:e1:b3:91:e0:b7:a8:b8:72:99:dc:43:29:06:04:59:82:24:7f:11:37:e9:6a:e7:9f:b6:55:9c:6f:1a:7f:29:19:f0:e2:34:43:fa" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "96", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:94:c6:c7:78:fd:42:3c:36:57:cb:d3:53:48:5e:98:fa:d5:72:6e:ec:c1:99:dc:37:45:63:10:04:af:37:34:75:b8:8a:b6:3f:5c:71:4b:d9:0c:49:11:d6:88:85:8d:4d:88:97:bd:98:d6:c6:d2:e4:e0:2d:51:88:75:63:1f:9b:5d:a2:0e:ed:31:d0:5d:f7:d5:2d:c8:96:fa:03:4a:51:64:c6:85:ff:e3:4d:b1:b2:5e" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "1078", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:95:c7:e4:55:6e:36:ac:bf:c2:43:35:cf:b0:b8:3e:22:5b:8f:f7:f8:df:56:c3:5d:35:fd:27:5c:27:05:67:ac:81:9d:3a:c4:85:3b:64:35:65:11:ca:d1:49:2a:b6:8a:fb:ec:bf:38:67:a9:b6:d8:3e:01:32:9e:c0:06:e0:49:66:32:fe:45:24:dc:a7:0d:bd:2b:e2:1d:48:50:5d:ee:74:b9:68:4e:79:15:9f:60:59:3a:23:ad:bd:1d:0a:de:a7:e4:a0:78:5e:08:34:1b:21:8c:0e:94:6f:03:92:8f:8d:5c:2a:5b:67:0a:b4:c5:d4:0a:fa:af:bc:ff:2c:a2:a9:c0:de:b3:81:69:5e:f2:a3:0b:f9:de:c8:e1:0b:da:35:d6:ac:48:47:3d:f2:d8:47:8f:ce:6b:30:4a:fa:d4:e8:ff:11:dd:92:64:b3:1a:2b:d5:0b:2a:b9:cf:37:19:0d:e6:22:f4:e6:dc:0a:16:17:e4:1f:a3:fc:e5:5b:73:d9:df:82:4f:bd:04:0b:b7:b8:35:29:e4:10:5e:1f:09:10:4b:25:d4:83:9e:f4:ea:24:05:00:a9:fc:b0:dc:8a:54:ad:2b:ae:3c:97:1c:d7:1c:6a:8a:5d:ac:8a:78:54:c9:d9:fe:da:2c:cd:d7:7e:bf:ad:da:06:b7:47:3f:49:bf:27:ec:13:63:c1:08:22:99:b6:e3:03:0b:0d:15:45:ae:81:b9:05:ea:3e:74:82:89:eb:2a:f0:e9:91:e9:44:bb:c5:a3:c5:9e:55:9c:52:45:1b:04:7f:94:7d:0e:50:c1:6a:3c:58:3e:59:8f:ff:36:d8:27:64:ec:1f:b0:c8:d2:ae:ef:e4:f1:4c:19:cb:3a:2e:44:04:8d:38:10:13:d5:df:fb:6a:56:67:76:95:30:01:77:b8:fc:cd:7d:f6:9d:bc:dd:bf:50:13:00:43:58:19:35:7b:2d:d0:2a:8b:d0:2e:b2:fc:20:97:14:58:b6:19:f8:7e:69:61:43:45:d1:3c:0e:85:27:b1:a4:90:78:92:a8:4f:ef:de:a4:ee:37:df:31:00:98:ee:88:7b:e6:4e:44:3d:22:11:74:c2:75:68:1b:d7:e7:f9:9d:bc:2d:3e:be:af:6d:0f:b7:3a:64:48:13:c0:ce:49:68:cb:a3:6d:52:54:27:4e:4f:65:10:2c:0b:63:d4:d9:a4:57:65:63:08:4b:24:d8:46:d7:74:d5:20:b0:db:e0:26:ee:67:f4:1b:c2:a5:32:26:56:4b:d3:c2:c8:c5:71:e6:91:4b:0d:83:95:ae:4f:c1:a3:7a:9e:2b:14:d3:d4:23:ca:b7:16:d3:0b:d1:0a:ae:b9:6e:8a:e2:88:6d:e4:e4:a0:b5:ca:7a:81:19:1e:6b:27:dd:2e:22:8e:7d:55:79:71:7a:67:5e:90:a2:17:8f:22:d9:dd:15:e8:21:7a:17:6c:4e:00:45:4c:37:4c:77:6b:8a:3f:43:65:6c:93:91:48:7e:0e:0f:ed:0d:a8:3e:bd:44:4b:00:d2:52:76:31:7f:54:2b:f2:78:96:5e:61:67:f4:0a:64:ad:1b:39:3b:b7:0b:b1:a9:13:77:18:27:8f:61:87:36:2b:93:aa:fc:35:4d:05:04:76:a7:0a:31:e9:c4:6e:4a:f7:e1:11:79:10:bc:98:f9:19:a4:fb:82:1f:ea:1f:6b:a4:5a:25:d7:3e:c6:9d:fa:b9:16:22:1f:e6:93:10:0d:17:d7:5c:c0:53:69:9d:d2:f0:f6:71:57:35:c5:6b:5f:d9:f2:67:83:65:81:87:1a:74:96:c0:50:79:85:88:ab:bc:26:56:58:e0:da:e7:f5:a6:3b:f5:cb:70:76:ea:70:42:97:7f:4e:ec:56:34:99:82:e0:40:ad:99:80:f6:81:5d:1a:55:e0:68:44:0e:b3:f4:cf:5c:01:02:e3:16:f8:d7:47:52:79:72:bb:07:2a:d8:7e:1b:89:36:37:2e:70:32:67:f2:51:fe:c0:c3:24:de:34:c3:b5:37:52:85:0a:13:ec:04:55:a6:60:13:80:4c:ff:f1:66:c9:5f:ca:a4:69:e5:42:cf:b6:7e:b6:7f:70:de:7a:1a:09:35:e7:d5:1a:1f:89:a4:3e:3a:cb:c1:7b:41:77:80:52:81:84:37:7b:28:5f:ad:b9:6d:cc:71:c3:30:12:5d:99:93:c7:ef:7b:4b:ce:a3:d4:12:90:41:20:4b:d6:0c:43:96:5d:fc:35:07:e1:14:6a:b3:8f:c8:54:6c:8b:2d:df:d1:e7:81:aa:6b:74:d4:54:8b:41:b2:86:fc:0e:a2:85:10:d5:03:41:8b:e7:e9:00:52:79:32:3c:08:68:f8:e4:66:af:7c:04:0d:2a:6c:b4:a6:82:0b:1f:b3:45:60:d6:ba:5f:b7:3e:72:f4:cd:b6:47:79:db:82:65:59:4d:3c:66:1f:73:cc:6e:08:3d:6d:04:54:dc:3a:23:e3:06:81:ce:99:e9:07:0a:c5:f4:d0:19:b5:55:40:d0:40:37:31:66:da:5d:0f:0e:47:0d:73:48:cc:75:7e:79:b6:a8:82:3e:a3:76:b4:3d:86:51:e2:ff:b3:dd:67:d5:29:ab:e6:cd:ac:e2:9f:48:b1:e3:e1:ee:27:47:ab:d5:4a:8b:23:3f:60:49:96:3b:c6:a6:f3:83:53:17:6a:8b:d9:f8:5d:9f:66:31:12:5a:ae:c6:e3:7c:8a:ba:ed:61:0f:43:e4:bb:06:ae:34:33:6c:3d:a6:76:e7:76:4f:9e:88:14:ec:be:84:e1:9d:6e:fc:09:16:b4:72:a6:1f:e2:29:26" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "133", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:96:01:34:45:a8:77:0f:e6:a5:79:36:ee:5e:94:9b:6a:23:38:63:d3:30:11:7d:3f:78:e5:b0:ff:1a:7c:4a:46:4b:37:6f:c4:dc:e0:10:8a:8a:fd:2f:02:38:dd:0e:cb:f7:b4:52:b0:e1:c9:ed:0b:0f:a9:eb:e6:4e:c6:41:07:37:ca:57:33:51:d1:b0:7f:17:54:7c:41:48:77:35:bb:50:f3:35:af:17:da:99:d5:9f:7c:99:1e:d8:5c:65:ac:94:5f:d1:ab:c0:da:ed:80:8c:07:17:a2:e5:18:00:d1:72:7f:ac:ad:57:6e:b0:71:3b:d3:ec:00:61:5e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:26.319405000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493646.319405000", - "frame.time_delta": "0.128624000", - "frame.time_delta_displayed": "0.128624000", - "frame.time_relative": "54.858719000", - "frame.number": "60", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002bee", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003991", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "254", - "tcp.ack": "1587", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000aa3d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9b:30:d7:00:24:c6:4c", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2811965655, TSecr 2410060": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2811965655", - "tcp.options.timestamp.tsecr": "2410060" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "59", - "tcp.analysis.ack_rtt": "0.128624000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:26.508912000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493646.508912000", - "frame.time_delta": "0.189507000", - "frame.time_delta_displayed": "0.189507000", - "frame.time_relative": "55.048226000", - "frame.number": "61", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "106", - "ip.id": "0x000094ef", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000785a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "54", - "tcp.seq": "1587", - "tcp.nxtseq": "1641", - "tcp.ack": "254", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000bbc2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:24:c6:6c:a7:9b:30:d7", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2410092, TSecr 2811965655": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2410092", - "tcp.options.timestamp.tsecr": "2811965655" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "54", - "tcp.analysis.push_bytes_sent": "54" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:97:3c:9f:c9:ef:3f:50:f0:6f:40:e1:3b:93:b6:11:d8:1a:1d:95:50:a9:77:6e:4a:1f:d5:eb:c9:f0:48:c7:6e:d3:59:5e:d2:11:7d:75:38:35:65" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:26.569125000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493646.569125000", - "frame.time_delta": "0.060213000", - "frame.time_delta_displayed": "0.060213000", - "frame.time_relative": "55.108439000", - "frame.number": "62", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002bef", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003990", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "254", - "tcp.ack": "1641", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000a998", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9b:31:26:00:24:c6:6c", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2811965734, TSecr 2410092": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2811965734", - "tcp.options.timestamp.tsecr": "2410092" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "61", - "tcp.analysis.ack_rtt": "0.060213000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:28.852812000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493648.852812000", - "frame.time_delta": "2.283687000", - "frame.time_delta_displayed": "2.283687000", - "frame.time_relative": "57.392126000", - "frame.number": "63", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "3c:ef:8c:6f:79:5a", - "eth.src_tree": { - "eth.src_resolved": "Zhejiang_6f:79:5a", - "eth.addr": "3c:ef:8c:6f:79:5a", - "eth.addr_resolved": "Zhejiang_6f:79:5a", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.isgratuitous": "1", - "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", - "arp.src.proto_ipv4": "192.168.0.71", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.71" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:30.286678000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493650.286678000", - "frame.time_delta": "1.433866000", - "frame.time_delta_displayed": "1.433866000", - "frame.time_relative": "58.825992000", - "frame.number": "64", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "60:57:18:8e:aa:94", - "arp.src.proto_ipv4": "192.168.0.108", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:30.445912000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493650.445912000", - "frame.time_delta": "0.159234000", - "frame.time_delta_displayed": "0.159234000", - "frame.time_relative": "58.985226000", - "frame.number": "65", - "frame.len": "168", - "frame.cap_len": "168", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "154", - "ip.id": "0x000020ce", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e776", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "52117", - "udp.dstport": "1900", - "udp.port": "52117", - "udp.port": "1900", - "udp.length": "134", - "udp.checksum": "0x00004d48", - "udp.checksum.status": "2", - "udp.stream": "10" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:30.825318000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493650.825318000", - "frame.time_delta": "0.379406000", - "frame.time_delta_displayed": "0.379406000", - "frame.time_relative": "59.364632000", - "frame.number": "66", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000d9b1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000dd99", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "305", - "udp.checksum": "0x0000f985", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:30.833656000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493650.833656000", - "frame.time_delta": "0.008338000", - "frame.time_delta_displayed": "0.008338000", - "frame.time_relative": "59.372970000", - "frame.number": "67", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001850", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00006017", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54493", - "tcp.dstport": "80", - "tcp.port": "54493", - "tcp.port": "80", - "tcp.stream": "2", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x00007f60", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:30.834203000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493650.834203000", - "frame.time_delta": "0.000547000", - "frame.time_delta_displayed": "0.000547000", - "frame.time_relative": "59.373517000", - "frame.number": "68", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54493", - "tcp.port": "80", - "tcp.port": "54493", - "tcp.stream": "2", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x000036a6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "67", - "tcp.analysis.ack_rtt": "0.000547000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:30.836513000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493650.836513000", - "frame.time_delta": "0.002310000", - "frame.time_delta_displayed": "0.002310000", - "frame.time_relative": "59.375827000", - "frame.number": "69", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001851", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00006022", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54493", - "tcp.dstport": "80", - "tcp.port": "54493", - "tcp.port": "80", - "tcp.stream": "2", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000e884", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "68", - "tcp.analysis.ack_rtt": "0.002310000", - "tcp.analysis.initial_rtt": "0.002857000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:30.837198000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493650.837198000", - "frame.time_delta": "0.000685000", - "frame.time_delta_displayed": "0.000685000", - "frame.time_relative": "59.376512000", - "frame.number": "70", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001852", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f7a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54493", - "tcp.dstport": "80", - "tcp.port": "54493", - "tcp.port": "80", - "tcp.stream": "2", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000fdfd", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002857000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:30.837672000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493650.837672000", - "frame.time_delta": "0.000474000", - "frame.time_delta_displayed": "0.000474000", - "frame.time_relative": "59.376986000", - "frame.number": "71", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000cc21", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ec51", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54493", - "tcp.port": "80", - "tcp.port": "54493", - "tcp.stream": "2", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000da15", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "70", - "tcp.analysis.ack_rtt": "0.000474000", - "tcp.analysis.initial_rtt": "0.002857000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:30.838314000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493650.838314000", - "frame.time_delta": "0.000642000", - "frame.time_delta_displayed": "0.000642000", - "frame.time_relative": "59.377628000", - "frame.number": "72", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000cc22", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ec3f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54493", - "tcp.port": "80", - "tcp.port": "54493", - "tcp.stream": "2", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00001a37", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002857000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:30.838816000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493650.838816000", - "frame.time_delta": "0.000502000", - "frame.time_delta_displayed": "0.000502000", - "frame.time_relative": "59.378130000", - "frame.number": "73", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000cc23", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e86c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54493", - "tcp.port": "80", - "tcp.port": "54493", - "tcp.stream": "2", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00006ca0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002857000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "72", - "tcp.segment": "73", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001618000", - "http.request_in": "70", - "http.file_data": "\n\n\n1<\/major>\n0<\/minor>\n<\/specVersion>\nhttp:\/\/192.168.0.160:80\/<\/URLBase>\n\nurn:schemas-upnp-org:device:Basic:1<\/deviceType>\nPhilips hue (192.168.0.160)<\/friendlyName>\nRoyal Philips Electronics<\/manufacturer>\nhttp:\/\/www.philips.com<\/manufacturerURL>\nPhilips hue Personal Wireless Lighting<\/modelDescription>\nPhilips hue bridge 2015<\/modelName>\nBSB002<\/modelNumber>\nhttp:\/\/www.meethue.com<\/modelURL>\n00178869eee4<\/serialNumber>\nuuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\nindex.html<\/presentationURL>\n\n\nimage\/png<\/mimetype>\n48<\/height>\n48<\/width>\n24<\/depth>\nhue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "", - "xml.tag_tree": { - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.tag": "", - "xml.tag_tree": { - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:30.841299000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493650.841299000", - "frame.time_delta": "0.002483000", - "frame.time_delta_displayed": "0.002483000", - "frame.time_relative": "59.380613000", - "frame.number": "74", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000cc24", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e86b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54493", - "tcp.port": "80", - "tcp.port": "54493", - "tcp.stream": "2", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00006ca0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002857000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.out_of_order": "", - "_ws.expert.message": "This frame is a (suspected) out-of-order segment", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - } - } - }, - "_ws.malformed": { - "_ws.expert": { - "_ws.malformed.reassembly": "", - "_ws.expert.message": "New fragment overlaps old data (retransmission?)", - "_ws.expert.severity": "8388608", - "_ws.expert.group": "117440512" - }, - "_ws.malformed": "Malformed Packet" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:30.842579000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493650.842579000", - "frame.time_delta": "0.001280000", - "frame.time_delta_displayed": "0.001280000", - "frame.time_relative": "59.381893000", - "frame.number": "75", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001853", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00006020", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54493", - "tcp.dstport": "80", - "tcp.port": "54493", - "tcp.port": "80", - "tcp.stream": "2", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000e3ec", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "73", - "tcp.analysis.ack_rtt": "0.003763000", - "tcp.analysis.initial_rtt": "0.002857000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:30.843148000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493650.843148000", - "frame.time_delta": "0.000569000", - "frame.time_delta_displayed": "0.000569000", - "frame.time_relative": "59.382462000", - "frame.number": "76", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001854", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x0000601f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54493", - "tcp.dstport": "80", - "tcp.port": "54493", - "tcp.port": "80", - "tcp.stream": "2", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000e3eb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:30.843569000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493650.843569000", - "frame.time_delta": "0.000421000", - "frame.time_delta_displayed": "0.000421000", - "frame.time_relative": "59.382883000", - "frame.number": "77", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000b6ab", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000001c8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54493", - "tcp.port": "80", - "tcp.port": "54493", - "tcp.stream": "2", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000d61f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "76", - "tcp.analysis.ack_rtt": "0.000421000", - "tcp.analysis.initial_rtt": "0.002857000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:30.845747000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493650.845747000", - "frame.time_delta": "0.002178000", - "frame.time_delta_displayed": "0.002178000", - "frame.time_relative": "59.385061000", - "frame.number": "78", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001855", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00006012", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54493", - "tcp.dstport": "80", - "tcp.port": "54493", - "tcp.port": "80", - "tcp.stream": "2", - "tcp.len": "0", - "tcp.seq": "169", - "tcp.ack": "1014", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000006b0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:05:0a:8b:cf:45:d1:8b:cf:49:b4", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "SACK: 18-1013": { - "tcp.option_kind": "5", - "tcp.option_len": "10", - "tcp.options.sack": "1", - "tcp.options.sack_le": "18", - "tcp.options.sack_re": "1013", - "tcp.options.sack.count": "1" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002857000", - "tcp.analysis.flags": { - "tcp.analysis.duplicate_ack": "" - }, - "tcp.analysis.duplicate_ack_num": "1", - "tcp.analysis.duplicate_ack_frame": "75", - "tcp.analysis.duplicate_ack_frame_tree": { - "_ws.expert": { - "tcp.analysis.duplicate_ack": "", - "_ws.expert.message": "Duplicate ACK (#1)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:30.878281000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493650.878281000", - "frame.time_delta": "0.032534000", - "frame.time_delta_displayed": "0.032534000", - "frame.time_relative": "59.417595000", - "frame.number": "79", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000d9b4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000dd8d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "314", - "udp.checksum": "0x00000771", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "2", - "http.prev_response_in": "66" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:30.881433000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493650.881433000", - "frame.time_delta": "0.003152000", - "frame.time_delta_displayed": "0.003152000", - "frame.time_relative": "59.420747000", - "frame.number": "80", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001856", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00006011", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54494", - "tcp.dstport": "80", - "tcp.port": "54494", - "tcp.port": "80", - "tcp.stream": "3", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x00009daa", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:30.881982000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493650.881982000", - "frame.time_delta": "0.000549000", - "frame.time_delta_displayed": "0.000549000", - "frame.time_relative": "59.421296000", - "frame.number": "81", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54494", - "tcp.port": "80", - "tcp.port": "54494", - "tcp.stream": "3", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000fe50", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "80", - "tcp.analysis.ack_rtt": "0.000549000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:30.884916000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493650.884916000", - "frame.time_delta": "0.002934000", - "frame.time_delta_displayed": "0.002934000", - "frame.time_relative": "59.424230000", - "frame.number": "82", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001857", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x0000601c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54494", - "tcp.dstport": "80", - "tcp.port": "54494", - "tcp.port": "80", - "tcp.stream": "3", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000b02f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "81", - "tcp.analysis.ack_rtt": "0.002934000", - "tcp.analysis.initial_rtt": "0.003483000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:30.885582000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493650.885582000", - "frame.time_delta": "0.000666000", - "frame.time_delta_displayed": "0.000666000", - "frame.time_relative": "59.424896000", - "frame.number": "83", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001858", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f74", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54494", - "tcp.dstport": "80", - "tcp.port": "54494", - "tcp.port": "80", - "tcp.stream": "3", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000c5a8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003483000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:30.886068000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493650.886068000", - "frame.time_delta": "0.000486000", - "frame.time_delta_displayed": "0.000486000", - "frame.time_relative": "59.425382000", - "frame.number": "84", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000755d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004316", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54494", - "tcp.port": "80", - "tcp.port": "54494", - "tcp.stream": "3", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000a1c0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "83", - "tcp.analysis.ack_rtt": "0.000486000", - "tcp.analysis.initial_rtt": "0.003483000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:30.886638000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493650.886638000", - "frame.time_delta": "0.000570000", - "frame.time_delta_displayed": "0.000570000", - "frame.time_relative": "59.425952000", - "frame.number": "85", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000755e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004304", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54494", - "tcp.port": "80", - "tcp.port": "54494", - "tcp.stream": "3", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000e1e1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003483000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:30.886985000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493650.886985000", - "frame.time_delta": "0.000347000", - "frame.time_delta_displayed": "0.000347000", - "frame.time_relative": "59.426299000", - "frame.number": "86", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000755f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003f31", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54494", - "tcp.port": "80", - "tcp.port": "54494", - "tcp.stream": "3", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000344b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003483000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "85", - "tcp.segment": "86", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001403000", - "http.request_in": "83", - "http.file_data": "\n\n\n1<\/major>\n0<\/minor>\n<\/specVersion>\nhttp:\/\/192.168.0.160:80\/<\/URLBase>\n\nurn:schemas-upnp-org:device:Basic:1<\/deviceType>\nPhilips hue (192.168.0.160)<\/friendlyName>\nRoyal Philips Electronics<\/manufacturer>\nhttp:\/\/www.philips.com<\/manufacturerURL>\nPhilips hue Personal Wireless Lighting<\/modelDescription>\nPhilips hue bridge 2015<\/modelName>\nBSB002<\/modelNumber>\nhttp:\/\/www.meethue.com<\/modelURL>\n00178869eee4<\/serialNumber>\nuuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\nindex.html<\/presentationURL>\n\n\nimage\/png<\/mimetype>\n48<\/height>\n48<\/width>\n24<\/depth>\nhue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "", - "xml.tag_tree": { - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.tag": "", - "xml.tag_tree": { - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:30.889188000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493650.889188000", - "frame.time_delta": "0.002203000", - "frame.time_delta_displayed": "0.002203000", - "frame.time_relative": "59.428502000", - "frame.number": "87", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001859", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x0000601a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54494", - "tcp.dstport": "80", - "tcp.port": "54494", - "tcp.port": "80", - "tcp.stream": "3", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000ab97", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "86", - "tcp.analysis.ack_rtt": "0.002203000", - "tcp.analysis.initial_rtt": "0.003483000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:30.889781000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493650.889781000", - "frame.time_delta": "0.000593000", - "frame.time_delta_displayed": "0.000593000", - "frame.time_relative": "59.429095000", - "frame.number": "88", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000185a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00006019", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54494", - "tcp.dstport": "80", - "tcp.port": "54494", - "tcp.port": "80", - "tcp.stream": "3", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000ab96", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:30.890234000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493650.890234000", - "frame.time_delta": "0.000453000", - "frame.time_delta_displayed": "0.000453000", - "frame.time_relative": "59.429548000", - "frame.number": "89", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000b6ac", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000001c7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54494", - "tcp.port": "80", - "tcp.port": "54494", - "tcp.stream": "3", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00009dca", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "88", - "tcp.analysis.ack_rtt": "0.000453000", - "tcp.analysis.initial_rtt": "0.003483000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:30.931133000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493650.931133000", - "frame.time_delta": "0.040899000", - "frame.time_delta_displayed": "0.040899000", - "frame.time_relative": "59.470447000", - "frame.number": "90", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000d9b8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000dd8f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "308", - "udp.checksum": "0x00002afb", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "3", - "http.prev_response_in": "79" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:30.940158000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493650.940158000", - "frame.time_delta": "0.009025000", - "frame.time_delta_displayed": "0.009025000", - "frame.time_relative": "59.479472000", - "frame.number": "91", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000185b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x0000600c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54495", - "tcp.dstport": "80", - "tcp.port": "54495", - "tcp.port": "80", - "tcp.stream": "4", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x00001c3d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:30.940708000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493650.940708000", - "frame.time_delta": "0.000550000", - "frame.time_delta_displayed": "0.000550000", - "frame.time_relative": "59.480022000", - "frame.number": "92", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54495", - "tcp.port": "80", - "tcp.port": "54495", - "tcp.stream": "4", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000ff8f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "91", - "tcp.analysis.ack_rtt": "0.000550000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:30.944047000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493650.944047000", - "frame.time_delta": "0.003339000", - "frame.time_delta_displayed": "0.003339000", - "frame.time_relative": "59.483361000", - "frame.number": "93", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000185c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00006017", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54495", - "tcp.dstport": "80", - "tcp.port": "54495", - "tcp.port": "80", - "tcp.stream": "4", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000b16e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "92", - "tcp.analysis.ack_rtt": "0.003339000", - "tcp.analysis.initial_rtt": "0.003889000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:30.944633000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493650.944633000", - "frame.time_delta": "0.000586000", - "frame.time_delta_displayed": "0.000586000", - "frame.time_relative": "59.483947000", - "frame.number": "94", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x0000185d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f6f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54495", - "tcp.dstport": "80", - "tcp.port": "54495", - "tcp.port": "80", - "tcp.stream": "4", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000c6e7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003889000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:30.945104000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493650.945104000", - "frame.time_delta": "0.000471000", - "frame.time_delta_displayed": "0.000471000", - "frame.time_relative": "59.484418000", - "frame.number": "95", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000018a5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009fce", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54495", - "tcp.port": "80", - "tcp.port": "54495", - "tcp.stream": "4", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000a2ff", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "94", - "tcp.analysis.ack_rtt": "0.000471000", - "tcp.analysis.initial_rtt": "0.003889000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:30.945669000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493650.945669000", - "frame.time_delta": "0.000565000", - "frame.time_delta_displayed": "0.000565000", - "frame.time_relative": "59.484983000", - "frame.number": "96", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x000018a6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009fbc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54495", - "tcp.port": "80", - "tcp.port": "54495", - "tcp.stream": "4", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000e320", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003889000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:30.946020000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493650.946020000", - "frame.time_delta": "0.000351000", - "frame.time_delta_displayed": "0.000351000", - "frame.time_relative": "59.485334000", - "frame.number": "97", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x000018a7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009be9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54495", - "tcp.port": "80", - "tcp.port": "54495", - "tcp.stream": "4", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000358a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003889000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "96", - "tcp.segment": "97", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001387000", - "http.request_in": "94", - "http.file_data": "\n\n\n1<\/major>\n0<\/minor>\n<\/specVersion>\nhttp:\/\/192.168.0.160:80\/<\/URLBase>\n\nurn:schemas-upnp-org:device:Basic:1<\/deviceType>\nPhilips hue (192.168.0.160)<\/friendlyName>\nRoyal Philips Electronics<\/manufacturer>\nhttp:\/\/www.philips.com<\/manufacturerURL>\nPhilips hue Personal Wireless Lighting<\/modelDescription>\nPhilips hue bridge 2015<\/modelName>\nBSB002<\/modelNumber>\nhttp:\/\/www.meethue.com<\/modelURL>\n00178869eee4<\/serialNumber>\nuuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\nindex.html<\/presentationURL>\n\n\nimage\/png<\/mimetype>\n48<\/height>\n48<\/width>\n24<\/depth>\nhue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "", - "xml.tag_tree": { - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.tag": "", - "xml.tag_tree": { - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:30.948635000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493650.948635000", - "frame.time_delta": "0.002615000", - "frame.time_delta_displayed": "0.002615000", - "frame.time_relative": "59.487949000", - "frame.number": "98", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000185e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00006015", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54495", - "tcp.dstport": "80", - "tcp.port": "54495", - "tcp.port": "80", - "tcp.stream": "4", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000acd6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "97", - "tcp.analysis.ack_rtt": "0.002615000", - "tcp.analysis.initial_rtt": "0.003889000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:30.949227000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493650.949227000", - "frame.time_delta": "0.000592000", - "frame.time_delta_displayed": "0.000592000", - "frame.time_relative": "59.488541000", - "frame.number": "99", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000185f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00006014", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54495", - "tcp.dstport": "80", - "tcp.port": "54495", - "tcp.port": "80", - "tcp.stream": "4", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000acd5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:30.949658000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493650.949658000", - "frame.time_delta": "0.000431000", - "frame.time_delta_displayed": "0.000431000", - "frame.time_relative": "59.488972000", - "frame.number": "100", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000b6ae", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000001c5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54495", - "tcp.port": "80", - "tcp.port": "54495", - "tcp.stream": "4", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00009f09", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "99", - "tcp.analysis.ack_rtt": "0.000431000", - "tcp.analysis.initial_rtt": "0.003889000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:31.878132000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493651.878132000", - "frame.time_delta": "0.928474000", - "frame.time_delta_displayed": "0.928474000", - "frame.time_relative": "60.417446000", - "frame.number": "101", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000da06", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000dd44", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "305", - "udp.checksum": "0x0000f985", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "4", - "http.prev_response_in": "90" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:31.882510000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493651.882510000", - "frame.time_delta": "0.004378000", - "frame.time_delta_displayed": "0.004378000", - "frame.time_relative": "60.421824000", - "frame.number": "102", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001860", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00006007", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54496", - "tcp.dstport": "80", - "tcp.port": "54496", - "tcp.port": "80", - "tcp.stream": "5", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x00000e75", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:31.883053000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493651.883053000", - "frame.time_delta": "0.000543000", - "frame.time_delta_displayed": "0.000543000", - "frame.time_relative": "60.422367000", - "frame.number": "103", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54496", - "tcp.port": "80", - "tcp.port": "54496", - "tcp.stream": "5", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x000033e3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "102", - "tcp.analysis.ack_rtt": "0.000543000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:31.885882000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493651.885882000", - "frame.time_delta": "0.002829000", - "frame.time_delta_displayed": "0.002829000", - "frame.time_relative": "60.425196000", - "frame.number": "104", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001861", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00006012", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54496", - "tcp.dstport": "80", - "tcp.port": "54496", - "tcp.port": "80", - "tcp.stream": "5", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000e5c1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "103", - "tcp.analysis.ack_rtt": "0.002829000", - "tcp.analysis.initial_rtt": "0.003372000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:31.886538000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493651.886538000", - "frame.time_delta": "0.000656000", - "frame.time_delta_displayed": "0.000656000", - "frame.time_relative": "60.425852000", - "frame.number": "105", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001862", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f6a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54496", - "tcp.dstport": "80", - "tcp.port": "54496", - "tcp.port": "80", - "tcp.stream": "5", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000fb3a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003372000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:31.887027000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493651.887027000", - "frame.time_delta": "0.000489000", - "frame.time_delta_displayed": "0.000489000", - "frame.time_relative": "60.426341000", - "frame.number": "106", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00003bab", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007cc8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54496", - "tcp.port": "80", - "tcp.port": "54496", - "tcp.stream": "5", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000d752", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "105", - "tcp.analysis.ack_rtt": "0.000489000", - "tcp.analysis.initial_rtt": "0.003372000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:31.887597000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493651.887597000", - "frame.time_delta": "0.000570000", - "frame.time_delta_displayed": "0.000570000", - "frame.time_relative": "60.426911000", - "frame.number": "107", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00003bac", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007cb6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54496", - "tcp.port": "80", - "tcp.port": "54496", - "tcp.stream": "5", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00001774", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003372000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:31.887945000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493651.887945000", - "frame.time_delta": "0.000348000", - "frame.time_delta_displayed": "0.000348000", - "frame.time_relative": "60.427259000", - "frame.number": "108", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00003bad", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000078e3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54496", - "tcp.port": "80", - "tcp.port": "54496", - "tcp.stream": "5", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000069dd", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003372000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "107", - "tcp.segment": "108", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001407000", - "http.request_in": "105", - "http.file_data": "\n\n\n1<\/major>\n0<\/minor>\n<\/specVersion>\nhttp:\/\/192.168.0.160:80\/<\/URLBase>\n\nurn:schemas-upnp-org:device:Basic:1<\/deviceType>\nPhilips hue (192.168.0.160)<\/friendlyName>\nRoyal Philips Electronics<\/manufacturer>\nhttp:\/\/www.philips.com<\/manufacturerURL>\nPhilips hue Personal Wireless Lighting<\/modelDescription>\nPhilips hue bridge 2015<\/modelName>\nBSB002<\/modelNumber>\nhttp:\/\/www.meethue.com<\/modelURL>\n00178869eee4<\/serialNumber>\nuuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\nindex.html<\/presentationURL>\n\n\nimage\/png<\/mimetype>\n48<\/height>\n48<\/width>\n24<\/depth>\nhue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "", - "xml.tag_tree": { - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.tag": "", - "xml.tag_tree": { - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:31.890093000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493651.890093000", - "frame.time_delta": "0.002148000", - "frame.time_delta_displayed": "0.002148000", - "frame.time_relative": "60.429407000", - "frame.number": "109", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001863", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00006010", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54496", - "tcp.dstport": "80", - "tcp.port": "54496", - "tcp.port": "80", - "tcp.stream": "5", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000e129", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "108", - "tcp.analysis.ack_rtt": "0.002148000", - "tcp.analysis.initial_rtt": "0.003372000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:31.890680000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493651.890680000", - "frame.time_delta": "0.000587000", - "frame.time_delta_displayed": "0.000587000", - "frame.time_relative": "60.429994000", - "frame.number": "110", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001864", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x0000600f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54496", - "tcp.dstport": "80", - "tcp.port": "54496", - "tcp.port": "80", - "tcp.stream": "5", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000e128", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:31.891164000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493651.891164000", - "frame.time_delta": "0.000484000", - "frame.time_delta_displayed": "0.000484000", - "frame.time_relative": "60.430478000", - "frame.number": "111", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000b706", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000016d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54496", - "tcp.port": "80", - "tcp.port": "54496", - "tcp.stream": "5", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000d35c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "110", - "tcp.analysis.ack_rtt": "0.000484000", - "tcp.analysis.initial_rtt": "0.003372000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:31.931049000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493651.931049000", - "frame.time_delta": "0.039885000", - "frame.time_delta_displayed": "0.039885000", - "frame.time_relative": "60.470363000", - "frame.number": "112", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000da08", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000dd39", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "314", - "udp.checksum": "0x00000771", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "5", - "http.prev_response_in": "101" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:31.941375000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493651.941375000", - "frame.time_delta": "0.010326000", - "frame.time_delta_displayed": "0.010326000", - "frame.time_relative": "60.480689000", - "frame.number": "113", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001865", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00006002", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54497", - "tcp.dstport": "80", - "tcp.port": "54497", - "tcp.port": "80", - "tcp.stream": "6", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x0000dbfc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:31.941920000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493651.941920000", - "frame.time_delta": "0.000545000", - "frame.time_delta_displayed": "0.000545000", - "frame.time_relative": "60.481234000", - "frame.number": "114", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54497", - "tcp.port": "80", - "tcp.port": "54497", - "tcp.stream": "6", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00000e83", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "113", - "tcp.analysis.ack_rtt": "0.000545000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:31.952588000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493651.952588000", - "frame.time_delta": "0.010668000", - "frame.time_delta_displayed": "0.010668000", - "frame.time_relative": "60.491902000", - "frame.number": "115", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001866", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x0000600d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54497", - "tcp.dstport": "80", - "tcp.port": "54497", - "tcp.port": "80", - "tcp.stream": "6", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000c061", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "114", - "tcp.analysis.ack_rtt": "0.010668000", - "tcp.analysis.initial_rtt": "0.011213000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:31.953267000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493651.953267000", - "frame.time_delta": "0.000679000", - "frame.time_delta_displayed": "0.000679000", - "frame.time_relative": "60.492581000", - "frame.number": "116", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001867", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f65", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54497", - "tcp.dstport": "80", - "tcp.port": "54497", - "tcp.port": "80", - "tcp.stream": "6", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000d5da", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.011213000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:31.953759000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493651.953759000", - "frame.time_delta": "0.000492000", - "frame.time_delta_displayed": "0.000492000", - "frame.time_relative": "60.493073000", - "frame.number": "117", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000039ce", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007ea5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54497", - "tcp.port": "80", - "tcp.port": "54497", - "tcp.stream": "6", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000b1f2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "116", - "tcp.analysis.ack_rtt": "0.000492000", - "tcp.analysis.initial_rtt": "0.011213000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:31.954328000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493651.954328000", - "frame.time_delta": "0.000569000", - "frame.time_delta_displayed": "0.000569000", - "frame.time_relative": "60.493642000", - "frame.number": "118", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x000039cf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007e93", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54497", - "tcp.port": "80", - "tcp.port": "54497", - "tcp.stream": "6", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000f213", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.011213000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:31.954675000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493651.954675000", - "frame.time_delta": "0.000347000", - "frame.time_delta_displayed": "0.000347000", - "frame.time_relative": "60.493989000", - "frame.number": "119", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x000039d0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007ac0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54497", - "tcp.port": "80", - "tcp.port": "54497", - "tcp.stream": "6", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000447d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.011213000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "118", - "tcp.segment": "119", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001408000", - "http.request_in": "116", - "http.file_data": "\n\n\n1<\/major>\n0<\/minor>\n<\/specVersion>\nhttp:\/\/192.168.0.160:80\/<\/URLBase>\n\nurn:schemas-upnp-org:device:Basic:1<\/deviceType>\nPhilips hue (192.168.0.160)<\/friendlyName>\nRoyal Philips Electronics<\/manufacturer>\nhttp:\/\/www.philips.com<\/manufacturerURL>\nPhilips hue Personal Wireless Lighting<\/modelDescription>\nPhilips hue bridge 2015<\/modelName>\nBSB002<\/modelNumber>\nhttp:\/\/www.meethue.com<\/modelURL>\n00178869eee4<\/serialNumber>\nuuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\nindex.html<\/presentationURL>\n\n\nimage\/png<\/mimetype>\n48<\/height>\n48<\/width>\n24<\/depth>\nhue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "", - "xml.tag_tree": { - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.tag": "", - "xml.tag_tree": { - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:31.960719000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493651.960719000", - "frame.time_delta": "0.006044000", - "frame.time_delta_displayed": "0.006044000", - "frame.time_relative": "60.500033000", - "frame.number": "120", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001868", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x0000600b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54497", - "tcp.dstport": "80", - "tcp.port": "54497", - "tcp.port": "80", - "tcp.stream": "6", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000bbc9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "119", - "tcp.analysis.ack_rtt": "0.006044000", - "tcp.analysis.initial_rtt": "0.011213000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:31.962055000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493651.962055000", - "frame.time_delta": "0.001336000", - "frame.time_delta_displayed": "0.001336000", - "frame.time_relative": "60.501369000", - "frame.number": "121", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001869", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x0000600a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54497", - "tcp.dstport": "80", - "tcp.port": "54497", - "tcp.port": "80", - "tcp.stream": "6", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000bbc8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:31.962513000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493651.962513000", - "frame.time_delta": "0.000458000", - "frame.time_delta_displayed": "0.000458000", - "frame.time_relative": "60.501827000", - "frame.number": "122", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000b70d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000166", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54497", - "tcp.port": "80", - "tcp.port": "54497", - "tcp.stream": "6", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000adfc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "121", - "tcp.analysis.ack_rtt": "0.000458000", - "tcp.analysis.initial_rtt": "0.011213000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:31.984257000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493651.984257000", - "frame.time_delta": "0.021744000", - "frame.time_delta_displayed": "0.021744000", - "frame.time_relative": "60.523571000", - "frame.number": "123", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000da0b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000dd3c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "308", - "udp.checksum": "0x00002afb", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "6", - "http.prev_response_in": "112" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:32.012206000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493652.012206000", - "frame.time_delta": "0.027949000", - "frame.time_delta_displayed": "0.027949000", - "frame.time_relative": "60.551520000", - "frame.number": "124", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000186a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005ffd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54498", - "tcp.dstport": "80", - "tcp.port": "54498", - "tcp.port": "80", - "tcp.stream": "7", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x00004a32", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:32.012762000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493652.012762000", - "frame.time_delta": "0.000556000", - "frame.time_delta_displayed": "0.000556000", - "frame.time_relative": "60.552076000", - "frame.number": "125", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54498", - "tcp.port": "80", - "tcp.port": "54498", - "tcp.stream": "7", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00002823", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "124", - "tcp.analysis.ack_rtt": "0.000556000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:32.015559000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493652.015559000", - "frame.time_delta": "0.002797000", - "frame.time_delta_displayed": "0.002797000", - "frame.time_relative": "60.554873000", - "frame.number": "126", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000186b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00006008", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54498", - "tcp.dstport": "80", - "tcp.port": "54498", - "tcp.port": "80", - "tcp.stream": "7", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000da01", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "125", - "tcp.analysis.ack_rtt": "0.002797000", - "tcp.analysis.initial_rtt": "0.003353000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:32.016233000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493652.016233000", - "frame.time_delta": "0.000674000", - "frame.time_delta_displayed": "0.000674000", - "frame.time_relative": "60.555547000", - "frame.number": "127", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x0000186c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f60", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54498", - "tcp.dstport": "80", - "tcp.port": "54498", - "tcp.port": "80", - "tcp.stream": "7", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000ef7a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003353000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:32.016727000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493652.016727000", - "frame.time_delta": "0.000494000", - "frame.time_delta_displayed": "0.000494000", - "frame.time_relative": "60.556041000", - "frame.number": "128", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00006d4f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004b24", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54498", - "tcp.port": "80", - "tcp.port": "54498", - "tcp.stream": "7", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000cb92", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "127", - "tcp.analysis.ack_rtt": "0.000494000", - "tcp.analysis.initial_rtt": "0.003353000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:32.017322000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493652.017322000", - "frame.time_delta": "0.000595000", - "frame.time_delta_displayed": "0.000595000", - "frame.time_relative": "60.556636000", - "frame.number": "129", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00006d50", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004b12", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54498", - "tcp.port": "80", - "tcp.port": "54498", - "tcp.stream": "7", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00000bb4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003353000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:32.017677000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493652.017677000", - "frame.time_delta": "0.000355000", - "frame.time_delta_displayed": "0.000355000", - "frame.time_relative": "60.556991000", - "frame.number": "130", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00006d51", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000473f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54498", - "tcp.port": "80", - "tcp.port": "54498", - "tcp.stream": "7", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00005e1d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003353000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "129", - "tcp.segment": "130", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001444000", - "http.request_in": "127", - "http.file_data": "\n\n\n1<\/major>\n0<\/minor>\n<\/specVersion>\nhttp:\/\/192.168.0.160:80\/<\/URLBase>\n\nurn:schemas-upnp-org:device:Basic:1<\/deviceType>\nPhilips hue (192.168.0.160)<\/friendlyName>\nRoyal Philips Electronics<\/manufacturer>\nhttp:\/\/www.philips.com<\/manufacturerURL>\nPhilips hue Personal Wireless Lighting<\/modelDescription>\nPhilips hue bridge 2015<\/modelName>\nBSB002<\/modelNumber>\nhttp:\/\/www.meethue.com<\/modelURL>\n00178869eee4<\/serialNumber>\nuuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\nindex.html<\/presentationURL>\n\n\nimage\/png<\/mimetype>\n48<\/height>\n48<\/width>\n24<\/depth>\nhue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "", - "xml.tag_tree": { - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.tag": "", - "xml.tag_tree": { - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:32.020984000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493652.020984000", - "frame.time_delta": "0.003307000", - "frame.time_delta_displayed": "0.003307000", - "frame.time_relative": "60.560298000", - "frame.number": "131", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000186d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00006006", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54498", - "tcp.dstport": "80", - "tcp.port": "54498", - "tcp.port": "80", - "tcp.stream": "7", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000d569", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "130", - "tcp.analysis.ack_rtt": "0.003307000", - "tcp.analysis.initial_rtt": "0.003353000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:32.021327000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493652.021327000", - "frame.time_delta": "0.000343000", - "frame.time_delta_displayed": "0.000343000", - "frame.time_relative": "60.560641000", - "frame.number": "132", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00006d52", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000473e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54498", - "tcp.port": "80", - "tcp.port": "54498", - "tcp.stream": "7", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00005e1d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003353000", - "tcp.analysis.bytes_in_flight": "996", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.spurious_retransmission": "", - "_ws.expert.message": "This frame is a (suspected) spurious retransmission", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - }, - "_ws.expert": { - "tcp.analysis.retransmission": "", - "_ws.expert.message": "This frame is a (suspected) retransmission", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - }, - "_ws.malformed": { - "_ws.expert": { - "_ws.malformed.reassembly": "", - "_ws.expert.message": "New fragment overlaps old data (retransmission?)", - "_ws.expert.severity": "8388608", - "_ws.expert.group": "117440512" - }, - "_ws.malformed": "Malformed Packet" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:32.021612000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493652.021612000", - "frame.time_delta": "0.000285000", - "frame.time_delta_displayed": "0.000285000", - "frame.time_relative": "60.560926000", - "frame.number": "133", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000186e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00006005", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54498", - "tcp.dstport": "80", - "tcp.port": "54498", - "tcp.port": "80", - "tcp.stream": "7", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000d568", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "132", - "tcp.analysis.ack_rtt": "0.000285000", - "tcp.analysis.initial_rtt": "0.003353000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:32.022049000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493652.022049000", - "frame.time_delta": "0.000437000", - "frame.time_delta_displayed": "0.000437000", - "frame.time_relative": "60.561363000", - "frame.number": "134", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000b712", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000161", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54498", - "tcp.port": "80", - "tcp.port": "54498", - "tcp.stream": "7", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000c79c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "133", - "tcp.analysis.ack_rtt": "0.000437000", - "tcp.analysis.initial_rtt": "0.003353000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:32.025421000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493652.025421000", - "frame.time_delta": "0.003372000", - "frame.time_delta_displayed": "0.003372000", - "frame.time_relative": "60.564735000", - "frame.number": "135", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000186f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005ff8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54498", - "tcp.dstport": "80", - "tcp.port": "54498", - "tcp.port": "80", - "tcp.stream": "7", - "tcp.len": "0", - "tcp.seq": "169", - "tcp.ack": "1014", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00004583", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:05:0a:c3:cb:e7:29:c3:cb:eb:0c", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "SACK: 18-1013": { - "tcp.option_kind": "5", - "tcp.option_len": "10", - "tcp.options.sack": "1", - "tcp.options.sack_le": "18", - "tcp.options.sack_re": "1013", - "tcp.options.sack.count": "1" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003353000", - "tcp.analysis.flags": { - "tcp.analysis.duplicate_ack": "" - }, - "tcp.analysis.duplicate_ack_num": "1", - "tcp.analysis.duplicate_ack_frame": "131", - "tcp.analysis.duplicate_ack_frame_tree": { - "_ws.expert": { - "tcp.analysis.duplicate_ack": "", - "_ws.expert.message": "Duplicate ACK (#1)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:34.701205000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493654.701205000", - "frame.time_delta": "2.675784000", - "frame.time_delta_displayed": "2.675784000", - "frame.time_relative": "63.240519000", - "frame.number": "136", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000057d0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a6c1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000006bf", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "tcp.analysis.duplicate_ack": "" - }, - "tcp.analysis.duplicate_ack_num": "2", - "tcp.analysis.duplicate_ack_frame": "6", - "tcp.analysis.duplicate_ack_frame_tree": { - "_ws.expert": { - "tcp.analysis.duplicate_ack": "", - "_ws.expert.message": "Duplicate ACK (#2)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:34.844461000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493654.844461000", - "frame.time_delta": "0.143256000", - "frame.time_delta_displayed": "0.143256000", - "frame.time_relative": "63.383775000", - "frame.number": "137", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000fc2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fdcf", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "2", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00001134", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.ack_lost_segment": "", - "_ws.expert.message": "ACKed segment that wasn't captured (common at capture start)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - }, - "tcp.analysis.duplicate_ack": "" - }, - "tcp.analysis.duplicate_ack_num": "2", - "tcp.analysis.duplicate_ack_frame": "8", - "tcp.analysis.duplicate_ack_frame_tree": { - "_ws.expert": { - "tcp.analysis.duplicate_ack": "", - "_ws.expert.message": "Duplicate ACK (#2)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:34.881774000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493654.881774000", - "frame.time_delta": "0.037313000", - "frame.time_delta_displayed": "0.037313000", - "frame.time_relative": "63.421088000", - "frame.number": "138", - "frame.len": "413", - "frame.cap_len": "413", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "399", - "ip.id": "0x000094f0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007734", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "347", - "tcp.seq": "1641", - "tcp.nxtseq": "1988", - "tcp.ack": "254", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000055a5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:24:c9:b1:a7:9b:31:26", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2410929, TSecr 2811965734": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2410929", - "tcp.options.timestamp.tsecr": "2811965734" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "347", - "tcp.analysis.push_bytes_sent": "347" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "342", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:98:7b:f3:ed:32:d2:c7:75:6e:81:35:c7:dd:79:13:3f:20:ef:5a:75:de:e8:5a:78:5c:e9:2f:76:1d:14:60:d0:cf:01:60:38:d5:4a:fe:f4:ec:78:f7:0e:18:e1:33:17:0d:ac:10:cb:bf:e0:01:b7:af:5f:7f:28:92:9e:50:07:ac:ce:28:70:c2:a4:5a:c6:f7:e9:d6:b1:9b:c3:e6:fa:d4:86:41:00:9e:8e:78:23:d2:63:d8:9b:c1:bb:03:04:9a:14:0c:af:22:66:87:a9:fb:23:2c:f9:ab:6b:b0:e2:af:1e:af:5c:63:b2:b0:2e:c1:83:60:eb:54:ba:2f:7c:5f:14:c7:a6:8f:ce:cf:f2:8c:e4:fa:9e:7e:b0:9b:8d:4d:c5:d7:99:bb:37:18:34:32:ac:3c:95:44:01:33:5c:be:09:bc:3e:ba:30:88:6b:c7:35:15:d2:cb:bc:1f:ec:3e:74:c5:ee:31:b3:f2:70:5c:ab:b1:7b:82:85:8b:cf:69:db:87:d3:cb:6b:86:51:d0:68:a8:22:f6:80:c7:7c:b2:cf:1d:c4:b5:48:cb:35:0d:6e:a2:cf:d2:e9:70:96:58:2f:2b:8b:65:ee:31:ad:ec:e8:18:92:bc:e0:fb:94:f6:9b:e0:c9:0b:30:69:b8:97:d4:2d:f7:80:26:94:0f:8d:1c:3e:6f:32:5c:c1:1f:e0:0f:25:0a:83:3a:8b:76:ce:d8:60:64:fa:25:7f:49:d6:b3:ae:28:f6:16:3d:81:46:27:2b:c4:f5:98:25:c1:8a:1d:6c:e8:13:75:8c:77:c1:3b:81:7b:50:88:03:71:1c:e9:c1:82:97:35:f2:19:04:1d:6f:a4:38:5f:5d:07:ab:33:c5:e8:50:8f:a3" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:34.942984000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493654.942984000", - "frame.time_delta": "0.061210000", - "frame.time_delta_displayed": "0.061210000", - "frame.time_relative": "63.482298000", - "frame.number": "139", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002bf0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000398f", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "254", - "tcp.ack": "1988", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00009ccb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9b:39:53:00:24:c9:b1", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2811967827, TSecr 2410929": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2811967827", - "tcp.options.timestamp.tsecr": "2410929" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "138", - "tcp.analysis.ack_rtt": "0.061210000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:34.943420000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493654.943420000", - "frame.time_delta": "0.000436000", - "frame.time_delta_displayed": "0.000436000", - "frame.time_relative": "63.482734000", - "frame.number": "140", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002bf1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000395f", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "254", - "tcp.nxtseq": "301", - "tcp.ack": "1988", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00000ba8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9b:39:54:00:24:c9:b1", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2811967828, TSecr 2410929": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2811967828", - "tcp.options.timestamp.tsecr": "2410929" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:2f:03:6c:e6:77:f6:e6:b9:5f:29:ae:f9:d0:b7:49:cf:67:77:90:cc:a4:9d:cb:a1:5f:be:ac:77:68:86:f0:ff:ae:a5:80" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:34.976671000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493654.976671000", - "frame.time_delta": "0.033251000", - "frame.time_delta_displayed": "0.033251000", - "frame.time_relative": "63.515985000", - "frame.number": "141", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x000094f1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000788e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "1988", - "tcp.ack": "301", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00009ba2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:24:c9:bb:a7:9b:39:54", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2410939, TSecr 2811967828": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2410939", - "tcp.options.timestamp.tsecr": "2811967828" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "140", - "tcp.analysis.ack_rtt": "0.033251000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:36.032382000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493656.032382000", - "frame.time_delta": "1.055711000", - "frame.time_delta_displayed": "1.055711000", - "frame.time_relative": "64.571696000", - "frame.number": "142", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005ae0", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x00005d09", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:36.729036000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493656.729036000", - "frame.time_delta": "0.696654000", - "frame.time_delta_displayed": "0.696654000", - "frame.time_relative": "65.268350000", - "frame.number": "143", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x000020cf", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e745", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "50192", - "udp.dstport": "1900", - "udp.port": "50192", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x0000864d", - "udp.checksum.status": "2", - "udp.stream": "12" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:37.465248000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493657.465248000", - "frame.time_delta": "0.736212000", - "frame.time_delta_displayed": "0.736212000", - "frame.time_relative": "66.004562000", - "frame.number": "144", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000da6a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000dce0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50192", - "udp.port": "1900", - "udp.port": "50192", - "udp.length": "305", - "udp.checksum": "0x0000010b", - "udp.checksum.status": "2", - "udp.stream": "13" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:37.518073000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493657.518073000", - "frame.time_delta": "0.052825000", - "frame.time_delta_displayed": "0.052825000", - "frame.time_relative": "66.057387000", - "frame.number": "145", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000da6c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000dcd5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50192", - "udp.port": "1900", - "udp.port": "50192", - "udp.length": "314", - "udp.checksum": "0x00000ef6", - "udp.checksum.status": "2", - "udp.stream": "13" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "2", - "http.prev_response_in": "144" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:37.570980000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493657.570980000", - "frame.time_delta": "0.052907000", - "frame.time_delta_displayed": "0.052907000", - "frame.time_relative": "66.110294000", - "frame.number": "146", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000da6e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000dcd9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50192", - "udp.port": "1900", - "udp.port": "50192", - "udp.length": "308", - "udp.checksum": "0x00003280", - "udp.checksum.status": "2", - "udp.stream": "13" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "3", - "http.prev_response_in": "145" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:37.691543000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493657.691543000", - "frame.time_delta": "0.120563000", - "frame.time_delta_displayed": "0.120563000", - "frame.time_relative": "66.230857000", - "frame.number": "147", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x000020d0", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e744", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "50192", - "udp.dstport": "1900", - "udp.port": "50192", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x0000864d", - "udp.checksum.status": "2", - "udp.stream": "12" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "2", - "http.prev_request_in": "143" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:38.522999000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493658.522999000", - "frame.time_delta": "0.831456000", - "frame.time_delta_displayed": "0.831456000", - "frame.time_relative": "67.062313000", - "frame.number": "148", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000daac", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000dc9e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50192", - "udp.port": "1900", - "udp.port": "50192", - "udp.length": "305", - "udp.checksum": "0x0000010b", - "udp.checksum.status": "2", - "udp.stream": "13" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "4", - "http.prev_response_in": "146" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:38.575837000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493658.575837000", - "frame.time_delta": "0.052838000", - "frame.time_delta_displayed": "0.052838000", - "frame.time_relative": "67.115151000", - "frame.number": "149", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000dab0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000dc91", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50192", - "udp.port": "1900", - "udp.port": "50192", - "udp.length": "314", - "udp.checksum": "0x00000ef6", - "udp.checksum.status": "2", - "udp.stream": "13" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "5", - "http.prev_response_in": "148" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:38.628594000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493658.628594000", - "frame.time_delta": "0.052757000", - "frame.time_delta_displayed": "0.052757000", - "frame.time_relative": "67.167908000", - "frame.number": "150", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000dab1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000dc96", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50192", - "udp.port": "1900", - "udp.port": "50192", - "udp.length": "308", - "udp.checksum": "0x00003280", - "udp.checksum.status": "2", - "udp.stream": "13" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "6", - "http.prev_response_in": "149" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:38.692856000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493658.692856000", - "frame.time_delta": "0.064262000", - "frame.time_delta_displayed": "0.064262000", - "frame.time_relative": "67.232170000", - "frame.number": "151", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x000020d1", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e743", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "50192", - "udp.dstport": "1900", - "udp.port": "50192", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x0000864d", - "udp.checksum.status": "2", - "udp.stream": "12" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "3", - "http.prev_request_in": "147" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:39.259287000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493659.259287000", - "frame.time_delta": "0.566431000", - "frame.time_delta_displayed": "0.566431000", - "frame.time_relative": "67.798601000", - "frame.number": "152", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000dae2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000dc68", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50192", - "udp.port": "1900", - "udp.port": "50192", - "udp.length": "305", - "udp.checksum": "0x0000010b", - "udp.checksum.status": "2", - "udp.stream": "13" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "7", - "http.prev_response_in": "150" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:39.312084000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493659.312084000", - "frame.time_delta": "0.052797000", - "frame.time_delta_displayed": "0.052797000", - "frame.time_relative": "67.851398000", - "frame.number": "153", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000dae4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000dc5d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50192", - "udp.port": "1900", - "udp.port": "50192", - "udp.length": "314", - "udp.checksum": "0x00000ef6", - "udp.checksum.status": "2", - "udp.stream": "13" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "8", - "http.prev_response_in": "152" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:39.364839000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493659.364839000", - "frame.time_delta": "0.052755000", - "frame.time_delta_displayed": "0.052755000", - "frame.time_relative": "67.904153000", - "frame.number": "154", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000dae7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000dc60", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50192", - "udp.port": "1900", - "udp.port": "50192", - "udp.length": "308", - "udp.checksum": "0x00003280", - "udp.checksum.status": "2", - "udp.stream": "13" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "9", - "http.prev_response_in": "153" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:39.693459000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493659.693459000", - "frame.time_delta": "0.328620000", - "frame.time_delta_displayed": "0.328620000", - "frame.time_relative": "68.232773000", - "frame.number": "155", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x000020d2", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e742", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "50192", - "udp.dstport": "1900", - "udp.port": "50192", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x0000864d", - "udp.checksum.status": "2", - "udp.stream": "12" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "4", - "http.prev_request_in": "151" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:40.311784000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493660.311784000", - "frame.time_delta": "0.618325000", - "frame.time_delta_displayed": "0.618325000", - "frame.time_relative": "68.851098000", - "frame.number": "156", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000daef", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000dc5b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50192", - "udp.port": "1900", - "udp.port": "50192", - "udp.length": "305", - "udp.checksum": "0x0000010b", - "udp.checksum.status": "2", - "udp.stream": "13" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "10", - "http.prev_response_in": "154" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:40.364626000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493660.364626000", - "frame.time_delta": "0.052842000", - "frame.time_delta_displayed": "0.052842000", - "frame.time_relative": "68.903940000", - "frame.number": "157", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000daf3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000dc4e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50192", - "udp.port": "1900", - "udp.port": "50192", - "udp.length": "314", - "udp.checksum": "0x00000ef6", - "udp.checksum.status": "2", - "udp.stream": "13" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "11", - "http.prev_response_in": "156" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:40.396530000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493660.396530000", - "frame.time_delta": "0.031904000", - "frame.time_delta_displayed": "0.031904000", - "frame.time_relative": "68.935844000", - "frame.number": "158", - "frame.len": "318", - "frame.cap_len": "318", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:data-text-lines" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "304", - "ip.id": "0x00006386", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "47", - "ip.proto": "6", - "ip.checksum": "0x00002f45", - "ip.checksum.status": "2", - "ip.src": "54.241.191.235", - "ip.addr": "54.241.191.235", - "ip.src_host": "54.241.191.235", - "ip.host": "54.241.191.235", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.src_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.src_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.src_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49765", - "tcp.port": "80", - "tcp.port": "49765", - "tcp.stream": "8", - "tcp.len": "264", - "tcp.seq": "1", - "tcp.nxtseq": "265", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "30016", - "tcp.window_size": "30016", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000aa29", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "264", - "tcp.analysis.push_bytes_sent": "264" - } - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.date": "Tue, 31 Oct 2017 23:47:40 GMT", - "http.response.line": "Date: Tue, 31 Oct 2017 23:47:40 GMT\r\n", - "http.content_type": "text\/javascript; charset=\"UTF-8\"", - "http.response.line": "Content-Type: text\/javascript; charset=\"UTF-8\"\r\n", - "http.content_length_header": "24", - "http.content_length_header_tree": { - "http.content_length": "24" - }, - "http.response.line": "Content-Length: 24\r\n", - "http.connection": "keep-alive", - "http.response.line": "Connection: keep-alive\r\n", - "http.cache_control": "no-cache", - "http.response.line": "Cache-Control: no-cache\r\n", - "http.response.line": "Access-Control-Allow-Origin: *\r\n", - "http.response.line": "Access-Control-Allow-Methods: GET\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.file_data": "[[],\"15094933571306917\"]" - }, - "data-text-lines": { - "[[],\"15094933571306917\"]": "" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:40.417444000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493660.417444000", - "frame.time_delta": "0.020914000", - "frame.time_delta_displayed": "0.020914000", - "frame.time_relative": "68.956758000", - "frame.number": "159", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000daf7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000dc50", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50192", - "udp.port": "1900", - "udp.port": "50192", - "udp.length": "308", - "udp.checksum": "0x00003280", - "udp.checksum.status": "2", - "udp.stream": "13" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "12", - "http.prev_response_in": "157" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:40.429943000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493660.429943000", - "frame.time_delta": "0.012499000", - "frame.time_delta_displayed": "0.012499000", - "frame.time_relative": "68.969257000", - "frame.number": "160", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000100b", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x0000f3c7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.241.191.235", - "ip.addr": "54.241.191.235", - "ip.dst_host": "54.241.191.235", - "ip.host": "54.241.191.235", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49765", - "tcp.dstport": "80", - "tcp.port": "49765", - "tcp.port": "80", - "tcp.stream": "8", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "265", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "5336", - "tcp.window_size": "5336", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000089a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "158", - "tcp.analysis.ack_rtt": "0.033413000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:40.441384000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493660.441384000", - "frame.time_delta": "0.011441000", - "frame.time_delta_displayed": "0.011441000", - "frame.time_relative": "68.980698000", - "frame.number": "161", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00006387", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "47", - "ip.proto": "6", - "ip.checksum": "0x0000304c", - "ip.checksum.status": "2", - "ip.src": "54.241.191.235", - "ip.addr": "54.241.191.235", - "ip.src_host": "54.241.191.235", - "ip.host": "54.241.191.235", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.src_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.src_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.src_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49765", - "tcp.port": "80", - "tcp.port": "49765", - "tcp.stream": "8", - "tcp.len": "0", - "tcp.seq": "265", - "tcp.ack": "2", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "30016", - "tcp.window_size": "30016", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000a830", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "160", - "tcp.analysis.ack_rtt": "0.011441000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:40.446914000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493660.446914000", - "frame.time_delta": "0.005530000", - "frame.time_delta_displayed": "0.005530000", - "frame.time_relative": "68.986228000", - "frame.number": "162", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000100c", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x0000f3c6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.241.191.235", - "ip.addr": "54.241.191.235", - "ip.dst_host": "54.241.191.235", - "ip.host": "54.241.191.235", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49765", - "tcp.dstport": "80", - "tcp.port": "49765", - "tcp.port": "80", - "tcp.stream": "8", - "tcp.len": "0", - "tcp.seq": "2", - "tcp.ack": "266", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5335", - "tcp.window_size": "5335", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000089a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "161", - "tcp.analysis.ack_rtt": "0.005530000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:40.888286000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493660.888286000", - "frame.time_delta": "0.441372000", - "frame.time_delta_displayed": "0.441372000", - "frame.time_relative": "69.427600000", - "frame.number": "163", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000dafe", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000dc4c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50192", - "udp.port": "1900", - "udp.port": "50192", - "udp.length": "305", - "udp.checksum": "0x0000010b", - "udp.checksum.status": "2", - "udp.stream": "13" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "13", - "http.prev_response_in": "159" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:40.895844000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493660.895844000", - "frame.time_delta": "0.007558000", - "frame.time_delta_displayed": "0.007558000", - "frame.time_relative": "69.435158000", - "frame.number": "164", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000daff", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000dc42", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50192", - "udp.port": "1900", - "udp.port": "50192", - "udp.length": "314", - "udp.checksum": "0x00000ef6", - "udp.checksum.status": "2", - "udp.stream": "13" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "14", - "http.prev_response_in": "163" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:40.948644000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493660.948644000", - "frame.time_delta": "0.052800000", - "frame.time_delta_displayed": "0.052800000", - "frame.time_relative": "69.487958000", - "frame.number": "165", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000db04", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000dc43", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50192", - "udp.port": "1900", - "udp.port": "50192", - "udp.length": "308", - "udp.checksum": "0x00003280", - "udp.checksum.status": "2", - "udp.stream": "13" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "15", - "http.prev_response_in": "164" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:41.437489000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493661.437489000", - "frame.time_delta": "0.488845000", - "frame.time_delta_displayed": "0.488845000", - "frame.time_relative": "69.976803000", - "frame.number": "166", - "frame.len": "77", - "frame.cap_len": "77", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "63", - "ip.id": "0x0000100d", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000029d7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "49153", - "udp.dstport": "53", - "udp.port": "49153", - "udp.port": "53", - "udp.length": "43", - "udp.checksum": "0x0000ae31", - "udp.checksum.status": "2", - "udp.stream": "14" - }, - "dns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "pubsub.pubnub.com: type A, class IN": { - "dns.qry.name": "pubsub.pubnub.com", - "dns.qry.name.len": "17", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:41.442343000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493661.442343000", - "frame.time_delta": "0.004854000", - "frame.time_delta_displayed": "0.004854000", - "frame.time_relative": "69.981657000", - "frame.number": "167", - "frame.len": "540", - "frame.cap_len": "540", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "526", - "ip.id": "0x0000c088", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000f68c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "49153", - "udp.port": "53", - "udp.port": "49153", - "udp.length": "506", - "udp.checksum": "0x000083d5", - "udp.checksum.status": "2", - "udp.stream": "14" - }, - "dns": { - "dns.response_to": "166", - "dns.time": "0.004854000", - "dns.id": "0x00000000", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "2", - "dns.count.auth_rr": "8", - "dns.count.add_rr": "11", - "Queries": { - "pubsub.pubnub.com: type A, class IN": { - "dns.qry.name": "pubsub.pubnub.com", - "dns.qry.name.len": "17", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "pubsub.pubnub.com: type A, class IN, addr 54.241.191.236": { - "dns.resp.name": "pubsub.pubnub.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "288", - "dns.resp.len": "4", - "dns.a": "54.241.191.236" - }, - "pubsub.pubnub.com: type A, class IN, addr 54.219.189.240": { - "dns.resp.name": "pubsub.pubnub.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "288", - "dns.resp.len": "4", - "dns.a": "54.219.189.240" - } - }, - "Authoritative nameservers": { - "pubnub.com: type NS, class IN, ns ns1.p19.dynect.net": { - "dns.resp.name": "pubnub.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "53898", - "dns.resp.len": "20", - "dns.ns": "ns1.p19.dynect.net" - }, - "pubnub.com: type NS, class IN, ns ns3.p19.dynect.net": { - "dns.resp.name": "pubnub.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "53898", - "dns.resp.len": "6", - "dns.ns": "ns3.p19.dynect.net" - }, - "pubnub.com: type NS, class IN, ns ns4.p19.dynect.net": { - "dns.resp.name": "pubnub.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "53898", - "dns.resp.len": "6", - "dns.ns": "ns4.p19.dynect.net" - }, - "pubnub.com: type NS, class IN, ns ns2.p19.dynect.net": { - "dns.resp.name": "pubnub.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "53898", - "dns.resp.len": "6", - "dns.ns": "ns2.p19.dynect.net" - }, - "pubnub.com: type NS, class IN, ns ns-22.awsdns-02.com": { - "dns.resp.name": "pubnub.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "53898", - "dns.resp.len": "18", - "dns.ns": "ns-22.awsdns-02.com" - }, - "pubnub.com: type NS, class IN, ns ns-1979.awsdns-55.co.uk": { - "dns.resp.name": "pubnub.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "53898", - "dns.resp.len": "25", - "dns.ns": "ns-1979.awsdns-55.co.uk" - }, - "pubnub.com: type NS, class IN, ns ns-1127.awsdns-12.org": { - "dns.resp.name": "pubnub.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "53898", - "dns.resp.len": "23", - "dns.ns": "ns-1127.awsdns-12.org" - }, - "pubnub.com: type NS, class IN, ns ns-907.awsdns-49.net": { - "dns.resp.name": "pubnub.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "53898", - "dns.resp.len": "19", - "dns.ns": "ns-907.awsdns-49.net" - } - }, - "Additional records": { - "ns1.p19.dynect.net: type A, class IN, addr 208.78.70.19": { - "dns.resp.name": "ns1.p19.dynect.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "6189", - "dns.resp.len": "4", - "dns.a": "208.78.70.19" - }, - "ns2.p19.dynect.net: type A, class IN, addr 204.13.250.19": { - "dns.resp.name": "ns2.p19.dynect.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "58149", - "dns.resp.len": "4", - "dns.a": "204.13.250.19" - }, - "ns3.p19.dynect.net: type A, class IN, addr 208.78.71.19": { - "dns.resp.name": "ns3.p19.dynect.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "4459", - "dns.resp.len": "4", - "dns.a": "208.78.71.19" - }, - "ns4.p19.dynect.net: type A, class IN, addr 204.13.251.19": { - "dns.resp.name": "ns4.p19.dynect.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "58150", - "dns.resp.len": "4", - "dns.a": "204.13.251.19" - }, - "ns-22.awsdns-02.com: type A, class IN, addr 205.251.192.22": { - "dns.resp.name": "ns-22.awsdns-02.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "58891", - "dns.resp.len": "4", - "dns.a": "205.251.192.22" - }, - "ns-907.awsdns-49.net: type A, class IN, addr 205.251.195.139": { - "dns.resp.name": "ns-907.awsdns-49.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "58999", - "dns.resp.len": "4", - "dns.a": "205.251.195.139" - }, - "ns-1127.awsdns-12.org: type A, class IN, addr 205.251.196.103": { - "dns.resp.name": "ns-1127.awsdns-12.org", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "58541", - "dns.resp.len": "4", - "dns.a": "205.251.196.103" - }, - "ns-1979.awsdns-55.co.uk: type A, class IN, addr 205.251.199.187": { - "dns.resp.name": "ns-1979.awsdns-55.co.uk", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "58342", - "dns.resp.len": "4", - "dns.a": "205.251.199.187" - }, - "ns-22.awsdns-02.com: type AAAA, class IN, addr 2600:9000:5300:1600::1": { - "dns.resp.name": "ns-22.awsdns-02.com", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "58891", - "dns.resp.len": "16", - "dns.aaaa": "2600:9000:5300:1600::1" - }, - "ns-907.awsdns-49.net: type AAAA, class IN, addr 2600:9000:5303:8b00::1": { - "dns.resp.name": "ns-907.awsdns-49.net", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "58999", - "dns.resp.len": "16", - "dns.aaaa": "2600:9000:5303:8b00::1" - }, - "ns-1127.awsdns-12.org: type AAAA, class IN, addr 2600:9000:5304:6700::1": { - "dns.resp.name": "ns-1127.awsdns-12.org", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "58541", - "dns.resp.len": "16", - "dns.aaaa": "2600:9000:5304:6700::1" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:41.460523000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493661.460523000", - "frame.time_delta": "0.018180000", - "frame.time_delta_displayed": "0.018180000", - "frame.time_relative": "69.999837000", - "frame.number": "168", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "44", - "ip.id": "0x0000100e", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x0000f3bf", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.241.191.236", - "ip.addr": "54.241.191.236", - "ip.dst_host": "54.241.191.236", - "ip.host": "54.241.191.236", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49766", - "tcp.dstport": "80", - "tcp.port": "49766", - "tcp.port": "80", - "tcp.stream": "9", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "24", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "5600", - "tcp.window_size": "5600", - "tcp.checksum": "0x00003607", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:78", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1400" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:41.472318000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493661.472318000", - "frame.time_delta": "0.011795000", - "frame.time_delta_displayed": "0.011795000", - "frame.time_relative": "70.011632000", - "frame.number": "169", - "frame.len": "58", - "frame.cap_len": "58", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "44", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "47", - "ip.proto": "6", - "ip.checksum": "0x000093ce", - "ip.checksum.status": "2", - "ip.src": "54.241.191.236", - "ip.addr": "54.241.191.236", - "ip.src_host": "54.241.191.236", - "ip.host": "54.241.191.236", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.src_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.src_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.src_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49766", - "tcp.port": "80", - "tcp.port": "49766", - "tcp.stream": "9", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "24", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00007ba9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "168", - "tcp.analysis.ack_rtt": "0.011795000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:41.477368000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493661.477368000", - "frame.time_delta": "0.005050000", - "frame.time_delta_displayed": "0.005050000", - "frame.time_relative": "70.016682000", - "frame.number": "170", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000100f", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x0000f3c2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.241.191.236", - "ip.addr": "54.241.191.236", - "ip.dst_host": "54.241.191.236", - "ip.host": "54.241.191.236", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49766", - "tcp.dstport": "80", - "tcp.port": "49766", - "tcp.port": "80", - "tcp.stream": "9", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5600", - "tcp.window_size": "5600", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000ef96", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "169", - "tcp.analysis.ack_rtt": "0.005050000", - "tcp.analysis.initial_rtt": "0.016845000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:41.496686000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493661.496686000", - "frame.time_delta": "0.019318000", - "frame.time_delta_displayed": "0.019318000", - "frame.time_relative": "70.036000000", - "frame.number": "171", - "frame.len": "69", - "frame.cap_len": "69", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "55", - "ip.id": "0x00001010", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x0000f3b2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.241.191.236", - "ip.addr": "54.241.191.236", - "ip.dst_host": "54.241.191.236", - "ip.host": "54.241.191.236", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49766", - "tcp.dstport": "80", - "tcp.port": "49766", - "tcp.port": "80", - "tcp.stream": "9", - "tcp.len": "15", - "tcp.seq": "1", - "tcp.nxtseq": "16", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5600", - "tcp.window_size": "5600", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00003812", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.016845000", - "tcp.analysis.bytes_in_flight": "15", - "tcp.analysis.push_bytes_sent": "15" - }, - "tcp.segment_data": "47:45:54:20:2f:73:75:62:73:63:72:69:62:65:2f" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:41.508209000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493661.508209000", - "frame.time_delta": "0.011523000", - "frame.time_delta_displayed": "0.011523000", - "frame.time_relative": "70.047523000", - "frame.number": "172", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000546f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "47", - "ip.proto": "6", - "ip.checksum": "0x00003f63", - "ip.checksum.status": "2", - "ip.src": "54.241.191.236", - "ip.addr": "54.241.191.236", - "ip.src_host": "54.241.191.236", - "ip.host": "54.241.191.236", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.src_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.src_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.src_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49766", - "tcp.port": "80", - "tcp.port": "49766", - "tcp.stream": "9", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "16", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00009357", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "171", - "tcp.analysis.ack_rtt": "0.011523000", - "tcp.analysis.initial_rtt": "0.016845000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:41.513209000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493661.513209000", - "frame.time_delta": "0.005000000", - "frame.time_delta_displayed": "0.005000000", - "frame.time_relative": "70.052523000", - "frame.number": "173", - "frame.len": "296", - "frame.cap_len": "296", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "282", - "ip.id": "0x00001011", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x0000f2ce", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.241.191.236", - "ip.addr": "54.241.191.236", - "ip.dst_host": "54.241.191.236", - "ip.host": "54.241.191.236", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49766", - "tcp.dstport": "80", - "tcp.port": "49766", - "tcp.port": "80", - "tcp.stream": "9", - "tcp.len": "242", - "tcp.seq": "16", - "tcp.nxtseq": "258", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5600", - "tcp.window_size": "5600", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00007da4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.016845000", - "tcp.analysis.bytes_in_flight": "242", - "tcp.analysis.push_bytes_sent": "242" - }, - "tcp.segment_data": "73:75:62:2d:63:2d:62:35:62:35:65:61:61:65:2d:38:63:64:39:2d:31:31:65:33:2d:61:35:36:62:2d:30:32:65:65:32:64:64:61:62:37:66:65:2f:63:68:61:6e:6e:65:6c:5f:39:62:63:34:31:61:63:34:2d:37:39:61:36:2d:34:35:65:31:2d:39:37:64:32:2d:34:62:30:65:31:64:62:65:35:39:32:33:2f:30:2f:31:35:30:39:34:39:33:33:35:37:31:33:30:36:39:31:37:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:70:75:62:73:75:62:2e:70:75:62:6e:75:62:2e:63:6f:6d:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:6c:77:73:6f:63:6b:65:74:73:2f:30:2e:31:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:6b:65:65:70:2d:61:6c:69:76:65:0d:0a:43:61:63:68:65:2d:43:6f:6e:74:72:6f:6c:3a:20:6e:6f:2d:63:61:63:68:65:2c:20:6e:6f:2d:73:74:6f:72:65:2c:20:6d:61:78:2d:61:67:65:3d:30:0d:0a:0d:0a" - }, - "tcp.segments": { - "tcp.segment": "171", - "tcp.segment": "173", - "tcp.segment.count": "2", - "tcp.reassembled.length": "257", - "tcp.reassembled.data": "47:45:54:20:2f:73:75:62:73:63:72:69:62:65:2f:73:75:62:2d:63:2d:62:35:62:35:65:61:61:65:2d:38:63:64:39:2d:31:31:65:33:2d:61:35:36:62:2d:30:32:65:65:32:64:64:61:62:37:66:65:2f:63:68:61:6e:6e:65:6c:5f:39:62:63:34:31:61:63:34:2d:37:39:61:36:2d:34:35:65:31:2d:39:37:64:32:2d:34:62:30:65:31:64:62:65:35:39:32:33:2f:30:2f:31:35:30:39:34:39:33:33:35:37:31:33:30:36:39:31:37:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:70:75:62:73:75:62:2e:70:75:62:6e:75:62:2e:63:6f:6d:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:6c:77:73:6f:63:6b:65:74:73:2f:30:2e:31:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:6b:65:65:70:2d:61:6c:69:76:65:0d:0a:43:61:63:68:65:2d:43:6f:6e:74:72:6f:6c:3a:20:6e:6f:2d:63:61:63:68:65:2c:20:6e:6f:2d:73:74:6f:72:65:2c:20:6d:61:78:2d:61:67:65:3d:30:0d:0a:0d:0a" - }, - "http": { - "GET \/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094933571306917 HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094933571306917 HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094933571306917", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "pubsub.pubnub.com", - "http.request.line": "Host: pubsub.pubnub.com\r\n", - "http.user_agent": "lwsockets\/0.1", - "http.request.line": "User-Agent: lwsockets\/0.1\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.cache_control": "no-cache, no-store, max-age=0", - "http.request.line": "Cache-Control: no-cache, no-store, max-age=0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/pubsub.pubnub.com\/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094933571306917", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:41.525476000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493661.525476000", - "frame.time_delta": "0.012267000", - "frame.time_delta_displayed": "0.012267000", - "frame.time_relative": "70.064790000", - "frame.number": "174", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005470", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "47", - "ip.proto": "6", - "ip.checksum": "0x00003f62", - "ip.checksum.status": "2", - "ip.src": "54.241.191.236", - "ip.addr": "54.241.191.236", - "ip.src_host": "54.241.191.236", - "ip.host": "54.241.191.236", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.src_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.src_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.src_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49766", - "tcp.port": "80", - "tcp.port": "49766", - "tcp.stream": "9", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "258", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "30016", - "tcp.window_size": "30016", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00008f35", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "173", - "tcp.analysis.ack_rtt": "0.012267000", - "tcp.analysis.initial_rtt": "0.016845000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:41.895682000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493661.895682000", - "frame.time_delta": "0.370206000", - "frame.time_delta_displayed": "0.370206000", - "frame.time_relative": "70.434996000", - "frame.number": "175", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000db0c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000dc3e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50192", - "udp.port": "1900", - "udp.port": "50192", - "udp.length": "305", - "udp.checksum": "0x0000010b", - "udp.checksum.status": "2", - "udp.stream": "13" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "16", - "http.prev_response_in": "165" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:41.948511000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493661.948511000", - "frame.time_delta": "0.052829000", - "frame.time_delta_displayed": "0.052829000", - "frame.time_relative": "70.487825000", - "frame.number": "176", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000db0f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000dc32", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50192", - "udp.port": "1900", - "udp.port": "50192", - "udp.length": "314", - "udp.checksum": "0x00000ef6", - "udp.checksum.status": "2", - "udp.stream": "13" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "17", - "http.prev_response_in": "175" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:42.001280000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493662.001280000", - "frame.time_delta": "0.052769000", - "frame.time_delta_displayed": "0.052769000", - "frame.time_relative": "70.540594000", - "frame.number": "177", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000db15", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000dc32", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50192", - "udp.port": "1900", - "udp.port": "50192", - "udp.length": "308", - "udp.checksum": "0x00003280", - "udp.checksum.status": "2", - "udp.stream": "13" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "18", - "http.prev_response_in": "176" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:43.000495000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493663.000495000", - "frame.time_delta": "0.999215000", - "frame.time_delta_displayed": "0.999215000", - "frame.time_relative": "71.539809000", - "frame.number": "178", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000db26", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000dc24", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50192", - "udp.port": "1900", - "udp.port": "50192", - "udp.length": "305", - "udp.checksum": "0x0000010b", - "udp.checksum.status": "2", - "udp.stream": "13" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "19", - "http.prev_response_in": "177" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:43.053376000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493663.053376000", - "frame.time_delta": "0.052881000", - "frame.time_delta_displayed": "0.052881000", - "frame.time_relative": "71.592690000", - "frame.number": "179", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000db27", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000dc1a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50192", - "udp.port": "1900", - "udp.port": "50192", - "udp.length": "314", - "udp.checksum": "0x00000ef6", - "udp.checksum.status": "2", - "udp.stream": "13" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "20", - "http.prev_response_in": "178" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:43.106114000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493663.106114000", - "frame.time_delta": "0.052738000", - "frame.time_delta_displayed": "0.052738000", - "frame.time_relative": "71.645428000", - "frame.number": "180", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000db2c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000dc1b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50192", - "udp.port": "1900", - "udp.port": "50192", - "udp.length": "308", - "udp.checksum": "0x00003280", - "udp.checksum.status": "2", - "udp.stream": "13" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "21", - "http.prev_response_in": "179" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:44.053018000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493664.053018000", - "frame.time_delta": "0.946904000", - "frame.time_delta_displayed": "0.946904000", - "frame.time_relative": "72.592332000", - "frame.number": "181", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000db2f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000dc1b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50192", - "udp.port": "1900", - "udp.port": "50192", - "udp.length": "305", - "udp.checksum": "0x0000010b", - "udp.checksum.status": "2", - "udp.stream": "13" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "22", - "http.prev_response_in": "180" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:44.105935000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493664.105935000", - "frame.time_delta": "0.052917000", - "frame.time_delta_displayed": "0.052917000", - "frame.time_relative": "72.645249000", - "frame.number": "182", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000db30", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000dc11", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50192", - "udp.port": "1900", - "udp.port": "50192", - "udp.length": "314", - "udp.checksum": "0x00000ef6", - "udp.checksum.status": "2", - "udp.stream": "13" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "23", - "http.prev_response_in": "181" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:44.158795000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493664.158795000", - "frame.time_delta": "0.052860000", - "frame.time_delta_displayed": "0.052860000", - "frame.time_relative": "72.698109000", - "frame.number": "183", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000db31", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000dc16", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50192", - "udp.port": "1900", - "udp.port": "50192", - "udp.length": "308", - "udp.checksum": "0x00003280", - "udp.checksum.status": "2", - "udp.stream": "13" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "24", - "http.prev_response_in": "182" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:45.400471000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493665.400471000", - "frame.time_delta": "1.241676000", - "frame.time_delta_displayed": "1.241676000", - "frame.time_relative": "73.939785000", - "frame.number": "184", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.120" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:45.407424000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493665.407424000", - "frame.time_delta": "0.006953000", - "frame.time_delta_displayed": "0.006953000", - "frame.time_relative": "73.946738000", - "frame.number": "185", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "e4:95:6e:b0:20:39", - "arp.src.proto_ipv4": "192.168.0.120", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:46.158400000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493666.158400000", - "frame.time_delta": "0.750976000", - "frame.time_delta_displayed": "0.750976000", - "frame.time_relative": "74.697714000", - "frame.number": "186", - "frame.len": "62", - "frame.cap_len": "62", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_02", - "eth.addr": "33:33:00:00:00:02", - "eth.addr_resolved": "IPv6mcast_02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "8", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "::", - "ipv6.addr": "::", - "ipv6.src_host": "::", - "ipv6.host": "::", - "ipv6.dst": "ff02::2", - "ipv6.addr": "ff02::2", - "ipv6.dst_host": "ff02::2", - "ipv6.host": "ff02::2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "133", - "icmpv6.code": "0", - "icmpv6.checksum": "0x00007bb8", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:46.161216000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493666.161216000", - "frame.time_delta": "0.002816000", - "frame.time_delta_displayed": "0.002816000", - "frame.time_relative": "74.700530000", - "frame.number": "187", - "frame.len": "174", - "frame.cap_len": "174", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:01", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01", - "eth.addr": "33:33:00:00:00:01", - "eth.addr_resolved": "IPv6mcast_01", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00016898", - "ipv6.plen": "120", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "fe80::b2b9:8aff:fe73:698e", - "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.dst": "ff02::1", - "ipv6.addr": "ff02::1", - "ipv6.dst_host": "ff02::1", - "ipv6.host": "ff02::1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "134", - "icmpv6.code": "0", - "icmpv6.checksum": "0x00006442", - "icmpv6.checksum.status": "1", - "icmpv6.nd.ra.cur_hop_limit": "64", - "icmpv6.nd.ra.flag": "0x000000c0", - "icmpv6.nd.ra.flag_tree": { - "icmpv6.nd.ra.flag.m": "1", - "icmpv6.nd.ra.flag.o": "1", - "icmpv6.nd.ra.flag.h": "0", - "icmpv6.nd.ra.flag.prf": "0", - "icmpv6.nd.ra.flag.p": "0", - "icmpv6.nd.ra.flag.rsv": "0" - }, - "icmpv6.nd.ra.router_lifetime": "0", - "icmpv6.nd.ra.reachable_time": "0", - "icmpv6.nd.ra.retrans_timer": "0", - "icmpv6.opt": { - "icmpv6.opt.type": "1", - "icmpv6.opt.length": "1", - "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", - "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "5", - "icmpv6.opt.length": "1", - "icmpv6.opt.reserved": "", - "icmpv6.opt.mtu": "1500" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "3", - "icmpv6.opt.length": "4", - "icmpv6.opt.prefix.length": "64", - "icmpv6.opt.prefix.flag": "0x000000c0", - "icmpv6.opt.prefix.flag_tree": { - "icmpv6.opt.prefix.flag.l": "1", - "icmpv6.opt.prefix.flag.a": "1", - "icmpv6.opt.prefix.flag.r": "0", - "icmpv6.opt.prefix.flag.reserved": "0" - }, - "icmpv6.opt.prefix.valid_lifetime": "4294967295", - "icmpv6.opt.prefix.preferred_lifetime": "4294967295", - "icmpv6.opt.reserved": "", - "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "24", - "icmpv6.opt.length": "3", - "icmpv6.opt.prefix.length": "48", - "icmpv6.opt.route_info.flag": "0x00000000", - "icmpv6.opt.route_info.flag_tree": { - "icmpv6.opt.route_info.flag.route_preference": "0", - "icmpv6.opt.route_info.flag.reserved": "0" - }, - "icmpv6.opt.route_lifetime": "4294967295", - "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "25", - "icmpv6.opt.length": "3", - "icmpv6.opt.reserved": "", - "icmpv6.opt.rdnss.lifetime": "6000", - "icmpv6.opt.rdnss": "fd1e:4e89:3b7b::1" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "7", - "icmpv6.opt.length": "1", - "icmpv6.opt.reserved": "", - "icmpv6.opt.advertisement_interval": "600000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:46.179163000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493666.179163000", - "frame.time_delta": "0.017947000", - "frame.time_delta_displayed": "0.017947000", - "frame.time_relative": "74.718477000", - "frame.number": "188", - "frame.len": "150", - "frame.cap_len": "150", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "96", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000b490", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "4", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::fb" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:46.319944000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493666.319944000", - "frame.time_delta": "0.140781000", - "frame.time_delta_displayed": "0.140781000", - "frame.time_relative": "74.859258000", - "frame.number": "189", - "frame.len": "150", - "frame.cap_len": "150", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "96", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000b590", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "4", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::fb" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:47.167775000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493667.167775000", - "frame.time_delta": "0.847831000", - "frame.time_delta_displayed": "0.847831000", - "frame.time_relative": "75.707089000", - "frame.number": "190", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" - }, - "eth": { - "eth.dst": "33:33:00:01:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:02", - "eth.addr": "33:33:00:01:00:02", - "eth.addr_resolved": "IPv6mcast_01:00:02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "66", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::1:2", - "ipv6.addr": "ff02::1:2", - "ipv6.dst_host": "ff02::1:2", - "ipv6.host": "ff02::1:2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "546", - "udp.dstport": "547", - "udp.port": "546", - "udp.port": "547", - "udp.length": "66", - "udp.checksum": "0x000074a3", - "udp.checksum.status": "2", - "udp.stream": "15" - }, - "dhcpv6": { - "dhcpv6.msgtype": "1", - "dhcpv6.xid": "0x00c4a775", - "Elapsed time": { - "dhcpv6.option.type": "8", - "dhcpv6.option.length": "2", - "dhcpv6.option.value": "00:00", - "dhcpv6.elapsed_time": "0" - }, - "Rapid Commit": { - "dhcpv6.option.type": "14", - "dhcpv6.option.length": "0" - }, - "Client Identifier": { - "dhcpv6.option.type": "1", - "dhcpv6.option.length": "14", - "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.type": "1", - "dhcpv6.duidllt.hwtype": "1", - "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", - "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" - }, - "Identity Association for Non-temporary Address": { - "dhcpv6.option.type": "3", - "dhcpv6.option.length": "12", - "dhcpv6.option.value": "30:bf:34:7e:00:00:00:00:00:00:00:00", - "dhcpv6.iaid": "30bf347e", - "dhcpv6.iaid.t1": "0", - "dhcpv6.iaid.t2": "0" - }, - "Option Request": { - "dhcpv6.option.type": "6", - "dhcpv6.option.length": "6", - "dhcpv6.option.value": "00:17:00:18:00:1f", - "dhcpv6.requested_option_code": "23", - "dhcpv6.requested_option_code": "24", - "dhcpv6.requested_option_code": "31" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:47.180808000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493667.180808000", - "frame.time_delta": "0.013033000", - "frame.time_delta_displayed": "0.013033000", - "frame.time_relative": "75.720122000", - "frame.number": "191", - "frame.len": "158", - "frame.cap_len": "158", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" - }, - "eth": { - "eth.dst": "33:33:00:01:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:02", - "eth.addr": "33:33:00:01:00:02", - "eth.addr_resolved": "IPv6mcast_01:00:02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "104", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::1:2", - "ipv6.addr": "ff02::1:2", - "ipv6.dst_host": "ff02::1:2", - "ipv6.host": "ff02::1:2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "546", - "udp.dstport": "547", - "udp.port": "546", - "udp.port": "547", - "udp.length": "104", - "udp.checksum": "0x0000aac2", - "udp.checksum.status": "2", - "udp.stream": "15" - }, - "dhcpv6": { - "dhcpv6.msgtype": "3", - "dhcpv6.xid": "0x0033671f", - "Elapsed time": { - "dhcpv6.option.type": "8", - "dhcpv6.option.length": "2", - "dhcpv6.option.value": "00:00", - "dhcpv6.elapsed_time": "0" - }, - "Server Identifier": { - "dhcpv6.option.type": "2", - "dhcpv6.option.length": "10", - "dhcpv6.option.value": "00:03:00:01:b0:b9:8a:73:69:8e", - "dhcpv6.duid.bytes": "00:03:00:01:b0:b9:8a:73:69:8e", - "dhcpv6.duid.type": "3", - "dhcpv6.duidll.hwtype": "1", - "dhcpv6.duidll.link_layer_addr": "b0:b9:8a:73:69:8e" - }, - "Client Identifier": { - "dhcpv6.option.type": "1", - "dhcpv6.option.length": "14", - "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.type": "1", - "dhcpv6.duidllt.hwtype": "1", - "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", - "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" - }, - "Identity Association for Non-temporary Address": { - "dhcpv6.option.type": "3", - "dhcpv6.option.length": "40", - "dhcpv6.option.value": "30:bf:34:7e:00:00:54:60:00:00:87:00:00:05:00:18:fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", - "dhcpv6.iaid": "30bf347e", - "dhcpv6.iaid.t1": "21600", - "dhcpv6.iaid.t2": "34560", - "IA Address": { - "dhcpv6.option.type": "5", - "dhcpv6.option.length": "24", - "dhcpv6.option.value": "fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", - "dhcpv6.iaaddr.ip": "fd1e:4e89:3b7b::101", - "dhcpv6.iaaddr.pref_lifetime": "0", - "dhcpv6.iaaddr.valid_lifetime": "0" - } - }, - "Option Request": { - "dhcpv6.option.type": "6", - "dhcpv6.option.length": "6", - "dhcpv6.option.value": "00:17:00:18:00:1f", - "dhcpv6.requested_option_code": "23", - "dhcpv6.requested_option_code": "24", - "dhcpv6.requested_option_code": "31" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:47.187984000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493667.187984000", - "frame.time_delta": "0.007176000", - "frame.time_delta_displayed": "0.007176000", - "frame.time_relative": "75.727298000", - "frame.number": "192", - "frame.len": "78", - "frame.cap_len": "78", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:ff:00:01:01", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_ff:00:01:01", - "eth.addr": "33:33:ff:00:01:01", - "eth.addr_resolved": "IPv6mcast_ff:00:01:01", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "24", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "::", - "ipv6.addr": "::", - "ipv6.src_host": "::", - "ipv6.host": "::", - "ipv6.dst": "ff02::1:ff00:101", - "ipv6.addr": "ff02::1:ff00:101", - "ipv6.dst_host": "ff02::1:ff00:101", - "ipv6.host": "ff02::1:ff00:101", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "135", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000f182", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00:00:00", - "icmpv6.nd.ns.target_address": "fd1e:4e89:3b7b::101" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:47.198021000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493667.198021000", - "frame.time_delta": "0.010037000", - "frame.time_delta_displayed": "0.010037000", - "frame.time_relative": "75.737335000", - "frame.number": "193", - "frame.len": "110", - "frame.cap_len": "110", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "56", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000effa", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "2", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:47.605552000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493667.605552000", - "frame.time_delta": "0.407531000", - "frame.time_delta_displayed": "0.407531000", - "frame.time_relative": "76.144866000", - "frame.number": "194", - "frame.len": "145", - "frame.cap_len": "145", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "131", - "ip.id": "0x000094f2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000783e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "79", - "tcp.seq": "1988", - "tcp.nxtseq": "2067", - "tcp.ack": "301", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f501", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:24:ce:a9:a7:9b:39:54", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2412201, TSecr 2811967828": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2412201", - "tcp.options.timestamp.tsecr": "2811967828" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "79", - "tcp.analysis.push_bytes_sent": "79" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "74", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:99:2f:84:c4:45:a1:1d:71:63:63:dc:4c:2b:9a:8c:57:6f:4f:4c:c9:03:6d:a0:f5:db:74:08:66:0a:f8:48:04:0e:d1:23:0c:f2:f5:9d:c6:ca:ab:49:84:a9:a7:64:c7:0c:12:de:ca:a9:0c:88:8a:c6:db:a8:8b:36:33:77:84:82:74:d0" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:47.667473000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493667.667473000", - "frame.time_delta": "0.061921000", - "frame.time_delta_displayed": "0.061921000", - "frame.time_relative": "76.206787000", - "frame.number": "195", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002bf2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000395e", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "301", - "tcp.nxtseq": "348", - "tcp.ack": "2067", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000085d0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9b:45:c1:00:24:ce:a9", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2811971009, TSecr 2412201": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2811971009", - "tcp.options.timestamp.tsecr": "2412201" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "194", - "tcp.analysis.ack_rtt": "0.061921000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:30:10:55:98:2d:49:3e:4d:7f:09:a0:0d:78:01:b1:3e:02:8b:d5:a1:fa:5d:4c:43:fd:94:d2:4c:3b:ac:fa:7f:96:ab:9f" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:47.667968000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493667.667968000", - "frame.time_delta": "0.000495000", - "frame.time_delta_displayed": "0.000495000", - "frame.time_relative": "76.207282000", - "frame.number": "196", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x000094f3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000788c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "2067", - "tcp.ack": "348", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000089c2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:24:ce:b0:a7:9b:45:c1", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2412208, TSecr 2811971009": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2412208", - "tcp.options.timestamp.tsecr": "2811971009" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "195", - "tcp.analysis.ack_rtt": "0.000495000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:48.200978000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493668.200978000", - "frame.time_delta": "0.533010000", - "frame.time_delta_displayed": "0.533010000", - "frame.time_relative": "76.740292000", - "frame.number": "197", - "frame.len": "62", - "frame.cap_len": "62", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_02", - "eth.addr": "33:33:00:00:00:02", - "eth.addr_resolved": "IPv6mcast_02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "8", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "::", - "ipv6.addr": "::", - "ipv6.src_host": "::", - "ipv6.host": "::", - "ipv6.dst": "ff02::2", - "ipv6.addr": "ff02::2", - "ipv6.dst_host": "ff02::2", - "ipv6.host": "ff02::2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "133", - "icmpv6.code": "0", - "icmpv6.checksum": "0x00007bb8", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:48.203256000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493668.203256000", - "frame.time_delta": "0.002278000", - "frame.time_delta_displayed": "0.002278000", - "frame.time_relative": "76.742570000", - "frame.number": "198", - "frame.len": "174", - "frame.cap_len": "174", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:01", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01", - "eth.addr": "33:33:00:00:00:01", - "eth.addr_resolved": "IPv6mcast_01", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00016898", - "ipv6.plen": "120", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "fe80::b2b9:8aff:fe73:698e", - "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.dst": "ff02::1", - "ipv6.addr": "ff02::1", - "ipv6.dst_host": "ff02::1", - "ipv6.host": "ff02::1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "134", - "icmpv6.code": "0", - "icmpv6.checksum": "0x00006442", - "icmpv6.checksum.status": "1", - "icmpv6.nd.ra.cur_hop_limit": "64", - "icmpv6.nd.ra.flag": "0x000000c0", - "icmpv6.nd.ra.flag_tree": { - "icmpv6.nd.ra.flag.m": "1", - "icmpv6.nd.ra.flag.o": "1", - "icmpv6.nd.ra.flag.h": "0", - "icmpv6.nd.ra.flag.prf": "0", - "icmpv6.nd.ra.flag.p": "0", - "icmpv6.nd.ra.flag.rsv": "0" - }, - "icmpv6.nd.ra.router_lifetime": "0", - "icmpv6.nd.ra.reachable_time": "0", - "icmpv6.nd.ra.retrans_timer": "0", - "icmpv6.opt": { - "icmpv6.opt.type": "1", - "icmpv6.opt.length": "1", - "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", - "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "5", - "icmpv6.opt.length": "1", - "icmpv6.opt.reserved": "", - "icmpv6.opt.mtu": "1500" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "3", - "icmpv6.opt.length": "4", - "icmpv6.opt.prefix.length": "64", - "icmpv6.opt.prefix.flag": "0x000000c0", - "icmpv6.opt.prefix.flag_tree": { - "icmpv6.opt.prefix.flag.l": "1", - "icmpv6.opt.prefix.flag.a": "1", - "icmpv6.opt.prefix.flag.r": "0", - "icmpv6.opt.prefix.flag.reserved": "0" - }, - "icmpv6.opt.prefix.valid_lifetime": "4294967295", - "icmpv6.opt.prefix.preferred_lifetime": "4294967295", - "icmpv6.opt.reserved": "", - "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "24", - "icmpv6.opt.length": "3", - "icmpv6.opt.prefix.length": "48", - "icmpv6.opt.route_info.flag": "0x00000000", - "icmpv6.opt.route_info.flag_tree": { - "icmpv6.opt.route_info.flag.route_preference": "0", - "icmpv6.opt.route_info.flag.reserved": "0" - }, - "icmpv6.opt.route_lifetime": "4294967295", - "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "25", - "icmpv6.opt.length": "3", - "icmpv6.opt.reserved": "", - "icmpv6.opt.rdnss.lifetime": "6000", - "icmpv6.opt.rdnss": "fd1e:4e89:3b7b::1" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "7", - "icmpv6.opt.length": "1", - "icmpv6.opt.reserved": "", - "icmpv6.opt.advertisement_interval": "600000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:48.219350000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493668.219350000", - "frame.time_delta": "0.016094000", - "frame.time_delta_displayed": "0.016094000", - "frame.time_relative": "76.758664000", - "frame.number": "199", - "frame.len": "150", - "frame.cap_len": "150", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "96", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000b490", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "4", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::fb" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:48.235130000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493668.235130000", - "frame.time_delta": "0.015780000", - "frame.time_delta_displayed": "0.015780000", - "frame.time_relative": "76.774444000", - "frame.number": "200", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:igmp:igmp" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_16", - "eth.addr": "01:00:5e:00:00:16", - "eth.addr_resolved": "IPv4mcast_16", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "24", - "ip.dsfield": "0x000000c0", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "48", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "2", - "ip.checksum": "0x000042dc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.22", - "ip.addr": "224.0.0.22", - "ip.dst_host": "224.0.0.22", - "ip.host": "224.0.0.22", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "Options: (4 bytes), Router Alert": { - "Router Alert (4 bytes): Router shall examine packet (0)": { - "ip.opt.type": "148", - "ip.opt.type_tree": { - "ip.opt.type.copy": "1", - "ip.opt.type.class": "0", - "ip.opt.type.number": "20" - }, - "ip.opt.len": "4", - "ip.opt.ra": "0" - } - } - }, - "igmp": { - "igmp.version": "3", - "igmp.type": "0x00000022", - "igmp.reserved": "00", - "igmp.checksum": "0x0000fa02", - "igmp.checksum.status": "1", - "igmp.reserved": "00:00", - "igmp.num_grp_recs": "1", - "Group Record : 224.0.0.251 Change To Include Mode": { - "igmp.record_type": "3", - "igmp.aux_data_len": "0", - "igmp.num_src": "0", - "igmp.maddr": "224.0.0.251" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:48.357500000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493668.357500000", - "frame.time_delta": "0.122370000", - "frame.time_delta_displayed": "0.122370000", - "frame.time_relative": "76.896814000", - "frame.number": "201", - "frame.len": "418", - "frame.cap_len": "418", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "404", - "ip.id": "0x000094f4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000772b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "352", - "tcp.seq": "2067", - "tcp.nxtseq": "2419", - "tcp.ack": "348", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00000aa9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:24:ce:f5:a7:9b:45:c1", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2412277, TSecr 2811971009": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2412277", - "tcp.options.timestamp.tsecr": "2811971009" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "352", - "tcp.analysis.push_bytes_sent": "352" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "347", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:9a:e9:1a:03:c9:86:61:16:c7:07:e6:5c:1c:c7:fc:5b:ae:c4:9a:40:4b:de:31:b9:40:69:9c:fb:7c:ca:a3:d4:c5:80:9e:f1:8e:05:0e:9c:f7:21:dc:fd:25:c4:4a:6f:19:b3:99:dd:67:9a:a0:91:4e:7c:25:75:d2:b7:54:f6:ad:2c:49:87:45:1b:2e:73:a3:1c:ef:58:fd:69:71:e7:ff:a4:28:79:71:5c:0f:c6:bb:9a:03:32:a5:62:3b:35:17:bb:39:28:5f:86:dc:4a:6f:57:d5:1d:29:ce:fa:b3:47:db:2a:1d:05:ce:42:aa:b8:35:82:04:64:65:81:ed:9c:f8:b8:ed:ad:d9:07:f1:f1:b7:e6:b7:95:73:80:36:4e:55:2e:c5:e2:cd:87:ef:f7:87:fb:f4:98:c8:68:84:0c:4c:45:8f:fa:fd:d6:d5:cb:2f:9e:72:54:8b:83:66:29:2b:13:dd:45:9d:44:30:72:1f:41:03:47:01:7f:3a:ba:a2:b6:29:4c:1f:72:7e:5e:a5:9a:ce:1c:02:da:6c:f3:48:17:4d:ac:d1:93:94:fe:f8:3d:76:55:4e:1c:2b:71:3b:a9:88:d5:9d:cb:0a:27:6d:5f:f5:06:ee:41:ec:54:0d:da:0c:5d:fc:2b:d1:2f:92:9d:9f:0e:66:c8:48:27:05:68:bf:85:74:1b:0f:c1:4c:7f:0f:aa:07:c8:ee:bf:15:dc:af:2c:74:87:15:6c:a7:10:20:82:ad:04:96:02:49:91:b9:49:70:be:ea:ef:ff:41:8f:06:30:b9:6b:e3:0b:b9:35:49:d7:8e:0e:06:f9:d4:50:cb:fc:ad:6a:9d:89:45:c8:34:d8:49:83:37:d9:c4:e8:0c:7d:12:30:43:79:f6:08" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:48.369346000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493668.369346000", - "frame.time_delta": "0.011846000", - "frame.time_delta_displayed": "0.011846000", - "frame.time_relative": "76.908660000", - "frame.number": "202", - "frame.len": "150", - "frame.cap_len": "150", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "96", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000b590", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "4", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::fb" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:48.418285000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493668.418285000", - "frame.time_delta": "0.048939000", - "frame.time_delta_displayed": "0.048939000", - "frame.time_relative": "76.957599000", - "frame.number": "203", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002bf3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000395d", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "348", - "tcp.nxtseq": "395", - "tcp.ack": "2419", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000883f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9b:46:7d:00:24:ce:f5", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2811971197, TSecr 2412277": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2811971197", - "tcp.options.timestamp.tsecr": "2412277" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "201", - "tcp.analysis.ack_rtt": "0.060785000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:31:5f:b8:fc:5d:01:6e:e3:d9:1b:db:0e:b5:2b:fd:51:df:3e:0c:98:ff:e7:d5:88:39:4b:10:86:84:6d:ae:b0:c6:f7:6d" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:48.418724000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493668.418724000", - "frame.time_delta": "0.000439000", - "frame.time_delta_displayed": "0.000439000", - "frame.time_relative": "76.958038000", - "frame.number": "204", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x000094f5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000788a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "2419", - "tcp.ack": "395", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000872c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:24:ce:fb:a7:9b:46:7d", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2412283, TSecr 2811971197": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2412283", - "tcp.options.timestamp.tsecr": "2811971197" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "203", - "tcp.analysis.ack_rtt": "0.000439000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:48.443753000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493668.443753000", - "frame.time_delta": "0.025029000", - "frame.time_delta_displayed": "0.025029000", - "frame.time_relative": "76.983067000", - "frame.number": "205", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" - }, - "eth": { - "eth.dst": "33:33:00:01:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:02", - "eth.addr": "33:33:00:01:00:02", - "eth.addr_resolved": "IPv6mcast_01:00:02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "66", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::1:2", - "ipv6.addr": "ff02::1:2", - "ipv6.dst_host": "ff02::1:2", - "ipv6.host": "ff02::1:2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "546", - "udp.dstport": "547", - "udp.port": "546", - "udp.port": "547", - "udp.length": "66", - "udp.checksum": "0x0000bdf8", - "udp.checksum.status": "2", - "udp.stream": "15" - }, - "dhcpv6": { - "dhcpv6.msgtype": "1", - "dhcpv6.xid": "0x00d95e0b", - "Elapsed time": { - "dhcpv6.option.type": "8", - "dhcpv6.option.length": "2", - "dhcpv6.option.value": "00:00", - "dhcpv6.elapsed_time": "0" - }, - "Rapid Commit": { - "dhcpv6.option.type": "14", - "dhcpv6.option.length": "0" - }, - "Client Identifier": { - "dhcpv6.option.type": "1", - "dhcpv6.option.length": "14", - "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.type": "1", - "dhcpv6.duidllt.hwtype": "1", - "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", - "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" - }, - "Identity Association for Non-temporary Address": { - "dhcpv6.option.type": "3", - "dhcpv6.option.length": "12", - "dhcpv6.option.value": "30:bf:34:7e:00:00:00:00:00:00:00:00", - "dhcpv6.iaid": "30bf347e", - "dhcpv6.iaid.t1": "0", - "dhcpv6.iaid.t2": "0" - }, - "Option Request": { - "dhcpv6.option.type": "6", - "dhcpv6.option.length": "6", - "dhcpv6.option.value": "00:17:00:18:00:1f", - "dhcpv6.requested_option_code": "23", - "dhcpv6.requested_option_code": "24", - "dhcpv6.requested_option_code": "31" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:48.449822000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493668.449822000", - "frame.time_delta": "0.006069000", - "frame.time_delta_displayed": "0.006069000", - "frame.time_relative": "76.989136000", - "frame.number": "206", - "frame.len": "158", - "frame.cap_len": "158", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" - }, - "eth": { - "eth.dst": "33:33:00:01:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:02", - "eth.addr": "33:33:00:01:00:02", - "eth.addr_resolved": "IPv6mcast_01:00:02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "104", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::1:2", - "ipv6.addr": "ff02::1:2", - "ipv6.dst_host": "ff02::1:2", - "ipv6.host": "ff02::1:2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "546", - "udp.dstport": "547", - "udp.port": "546", - "udp.port": "547", - "udp.length": "104", - "udp.checksum": "0x000065b7", - "udp.checksum.status": "2", - "udp.stream": "15" - }, - "dhcpv6": { - "dhcpv6.msgtype": "3", - "dhcpv6.xid": "0x0064abf9", - "Elapsed time": { - "dhcpv6.option.type": "8", - "dhcpv6.option.length": "2", - "dhcpv6.option.value": "00:00", - "dhcpv6.elapsed_time": "0" - }, - "Server Identifier": { - "dhcpv6.option.type": "2", - "dhcpv6.option.length": "10", - "dhcpv6.option.value": "00:03:00:01:b0:b9:8a:73:69:8e", - "dhcpv6.duid.bytes": "00:03:00:01:b0:b9:8a:73:69:8e", - "dhcpv6.duid.type": "3", - "dhcpv6.duidll.hwtype": "1", - "dhcpv6.duidll.link_layer_addr": "b0:b9:8a:73:69:8e" - }, - "Client Identifier": { - "dhcpv6.option.type": "1", - "dhcpv6.option.length": "14", - "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.type": "1", - "dhcpv6.duidllt.hwtype": "1", - "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", - "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" - }, - "Identity Association for Non-temporary Address": { - "dhcpv6.option.type": "3", - "dhcpv6.option.length": "40", - "dhcpv6.option.value": "30:bf:34:7e:00:00:54:60:00:00:87:00:00:05:00:18:fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", - "dhcpv6.iaid": "30bf347e", - "dhcpv6.iaid.t1": "21600", - "dhcpv6.iaid.t2": "34560", - "IA Address": { - "dhcpv6.option.type": "5", - "dhcpv6.option.length": "24", - "dhcpv6.option.value": "fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", - "dhcpv6.iaaddr.ip": "fd1e:4e89:3b7b::101", - "dhcpv6.iaaddr.pref_lifetime": "0", - "dhcpv6.iaaddr.valid_lifetime": "0" - } - }, - "Option Request": { - "dhcpv6.option.type": "6", - "dhcpv6.option.length": "6", - "dhcpv6.option.value": "00:17:00:18:00:1f", - "dhcpv6.requested_option_code": "23", - "dhcpv6.requested_option_code": "24", - "dhcpv6.requested_option_code": "31" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:48.459032000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493668.459032000", - "frame.time_delta": "0.009210000", - "frame.time_delta_displayed": "0.009210000", - "frame.time_relative": "76.998346000", - "frame.number": "207", - "frame.len": "78", - "frame.cap_len": "78", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:ff:00:01:01", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_ff:00:01:01", - "eth.addr": "33:33:ff:00:01:01", - "eth.addr_resolved": "IPv6mcast_ff:00:01:01", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "24", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "::", - "ipv6.addr": "::", - "ipv6.src_host": "::", - "ipv6.host": "::", - "ipv6.dst": "ff02::1:ff00:101", - "ipv6.addr": "ff02::1:ff00:101", - "ipv6.dst_host": "ff02::1:ff00:101", - "ipv6.host": "ff02::1:ff00:101", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "135", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000f182", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00:00:00", - "icmpv6.nd.ns.target_address": "fd1e:4e89:3b7b::101" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:48.470824000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493668.470824000", - "frame.time_delta": "0.011792000", - "frame.time_delta_displayed": "0.011792000", - "frame.time_relative": "77.010138000", - "frame.number": "208", - "frame.len": "110", - "frame.cap_len": "110", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "56", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000effa", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "2", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:49.477746000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493669.477746000", - "frame.time_delta": "1.006922000", - "frame.time_delta_displayed": "1.006922000", - "frame.time_relative": "78.017060000", - "frame.number": "209", - "frame.len": "62", - "frame.cap_len": "62", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_02", - "eth.addr": "33:33:00:00:00:02", - "eth.addr_resolved": "IPv6mcast_02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "8", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "::", - "ipv6.addr": "::", - "ipv6.src_host": "::", - "ipv6.host": "::", - "ipv6.dst": "ff02::2", - "ipv6.addr": "ff02::2", - "ipv6.dst_host": "ff02::2", - "ipv6.host": "ff02::2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "133", - "icmpv6.code": "0", - "icmpv6.checksum": "0x00007bb8", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:49.480532000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493669.480532000", - "frame.time_delta": "0.002786000", - "frame.time_delta_displayed": "0.002786000", - "frame.time_relative": "78.019846000", - "frame.number": "210", - "frame.len": "174", - "frame.cap_len": "174", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:01", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01", - "eth.addr": "33:33:00:00:00:01", - "eth.addr_resolved": "IPv6mcast_01", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00016898", - "ipv6.plen": "120", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "fe80::b2b9:8aff:fe73:698e", - "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.dst": "ff02::1", - "ipv6.addr": "ff02::1", - "ipv6.dst_host": "ff02::1", - "ipv6.host": "ff02::1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "134", - "icmpv6.code": "0", - "icmpv6.checksum": "0x00006442", - "icmpv6.checksum.status": "1", - "icmpv6.nd.ra.cur_hop_limit": "64", - "icmpv6.nd.ra.flag": "0x000000c0", - "icmpv6.nd.ra.flag_tree": { - "icmpv6.nd.ra.flag.m": "1", - "icmpv6.nd.ra.flag.o": "1", - "icmpv6.nd.ra.flag.h": "0", - "icmpv6.nd.ra.flag.prf": "0", - "icmpv6.nd.ra.flag.p": "0", - "icmpv6.nd.ra.flag.rsv": "0" - }, - "icmpv6.nd.ra.router_lifetime": "0", - "icmpv6.nd.ra.reachable_time": "0", - "icmpv6.nd.ra.retrans_timer": "0", - "icmpv6.opt": { - "icmpv6.opt.type": "1", - "icmpv6.opt.length": "1", - "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", - "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "5", - "icmpv6.opt.length": "1", - "icmpv6.opt.reserved": "", - "icmpv6.opt.mtu": "1500" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "3", - "icmpv6.opt.length": "4", - "icmpv6.opt.prefix.length": "64", - "icmpv6.opt.prefix.flag": "0x000000c0", - "icmpv6.opt.prefix.flag_tree": { - "icmpv6.opt.prefix.flag.l": "1", - "icmpv6.opt.prefix.flag.a": "1", - "icmpv6.opt.prefix.flag.r": "0", - "icmpv6.opt.prefix.flag.reserved": "0" - }, - "icmpv6.opt.prefix.valid_lifetime": "4294967295", - "icmpv6.opt.prefix.preferred_lifetime": "4294967295", - "icmpv6.opt.reserved": "", - "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "24", - "icmpv6.opt.length": "3", - "icmpv6.opt.prefix.length": "48", - "icmpv6.opt.route_info.flag": "0x00000000", - "icmpv6.opt.route_info.flag_tree": { - "icmpv6.opt.route_info.flag.route_preference": "0", - "icmpv6.opt.route_info.flag.reserved": "0" - }, - "icmpv6.opt.route_lifetime": "4294967295", - "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "25", - "icmpv6.opt.length": "3", - "icmpv6.opt.reserved": "", - "icmpv6.opt.rdnss.lifetime": "6000", - "icmpv6.opt.rdnss": "fd1e:4e89:3b7b::1" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "7", - "icmpv6.opt.length": "1", - "icmpv6.opt.reserved": "", - "icmpv6.opt.advertisement_interval": "600000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:49.484163000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493669.484163000", - "frame.time_delta": "0.003631000", - "frame.time_delta_displayed": "0.003631000", - "frame.time_relative": "78.023477000", - "frame.number": "211", - "frame.len": "150", - "frame.cap_len": "150", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "96", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000b490", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "4", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::fb" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:49.534422000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493669.534422000", - "frame.time_delta": "0.050259000", - "frame.time_delta_displayed": "0.050259000", - "frame.time_relative": "78.073736000", - "frame.number": "212", - "frame.len": "150", - "frame.cap_len": "150", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "96", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000b490", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "4", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::fb" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:49.589156000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493669.589156000", - "frame.time_delta": "0.054734000", - "frame.time_delta_displayed": "0.054734000", - "frame.time_relative": "78.128470000", - "frame.number": "213", - "frame.len": "90", - "frame.cap_len": "90", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "36", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000f315", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "1", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:50.063961000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493670.063961000", - "frame.time_delta": "0.474805000", - "frame.time_delta_displayed": "0.474805000", - "frame.time_relative": "78.603275000", - "frame.number": "214", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" - }, - "eth": { - "eth.dst": "33:33:00:01:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:02", - "eth.addr": "33:33:00:01:00:02", - "eth.addr_resolved": "IPv6mcast_01:00:02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "66", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::1:2", - "ipv6.addr": "ff02::1:2", - "ipv6.dst_host": "ff02::1:2", - "ipv6.host": "ff02::1:2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "546", - "udp.dstport": "547", - "udp.port": "546", - "udp.port": "547", - "udp.length": "66", - "udp.checksum": "0x0000b2a1", - "udp.checksum.status": "2", - "udp.stream": "15" - }, - "dhcpv6": { - "dhcpv6.msgtype": "1", - "dhcpv6.xid": "0x00bd697e", - "Elapsed time": { - "dhcpv6.option.type": "8", - "dhcpv6.option.length": "2", - "dhcpv6.option.value": "00:00", - "dhcpv6.elapsed_time": "0" - }, - "Rapid Commit": { - "dhcpv6.option.type": "14", - "dhcpv6.option.length": "0" - }, - "Client Identifier": { - "dhcpv6.option.type": "1", - "dhcpv6.option.length": "14", - "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.type": "1", - "dhcpv6.duidllt.hwtype": "1", - "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", - "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" - }, - "Identity Association for Non-temporary Address": { - "dhcpv6.option.type": "3", - "dhcpv6.option.length": "12", - "dhcpv6.option.value": "30:bf:34:7e:00:00:00:00:00:00:00:00", - "dhcpv6.iaid": "30bf347e", - "dhcpv6.iaid.t1": "0", - "dhcpv6.iaid.t2": "0" - }, - "Option Request": { - "dhcpv6.option.type": "6", - "dhcpv6.option.length": "6", - "dhcpv6.option.value": "00:17:00:18:00:1f", - "dhcpv6.requested_option_code": "23", - "dhcpv6.requested_option_code": "24", - "dhcpv6.requested_option_code": "31" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:50.071084000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493670.071084000", - "frame.time_delta": "0.007123000", - "frame.time_delta_displayed": "0.007123000", - "frame.time_relative": "78.610398000", - "frame.number": "215", - "frame.len": "158", - "frame.cap_len": "158", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" - }, - "eth": { - "eth.dst": "33:33:00:01:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:02", - "eth.addr": "33:33:00:01:00:02", - "eth.addr_resolved": "IPv6mcast_01:00:02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "104", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::1:2", - "ipv6.addr": "ff02::1:2", - "ipv6.dst_host": "ff02::1:2", - "ipv6.host": "ff02::1:2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "546", - "udp.dstport": "547", - "udp.port": "546", - "udp.port": "547", - "udp.length": "104", - "udp.checksum": "0x0000e8f4", - "udp.checksum.status": "2", - "udp.stream": "15" - }, - "dhcpv6": { - "dhcpv6.msgtype": "3", - "dhcpv6.xid": "0x004828d8", - "Elapsed time": { - "dhcpv6.option.type": "8", - "dhcpv6.option.length": "2", - "dhcpv6.option.value": "00:00", - "dhcpv6.elapsed_time": "0" - }, - "Server Identifier": { - "dhcpv6.option.type": "2", - "dhcpv6.option.length": "10", - "dhcpv6.option.value": "00:03:00:01:b0:b9:8a:73:69:8e", - "dhcpv6.duid.bytes": "00:03:00:01:b0:b9:8a:73:69:8e", - "dhcpv6.duid.type": "3", - "dhcpv6.duidll.hwtype": "1", - "dhcpv6.duidll.link_layer_addr": "b0:b9:8a:73:69:8e" - }, - "Client Identifier": { - "dhcpv6.option.type": "1", - "dhcpv6.option.length": "14", - "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.type": "1", - "dhcpv6.duidllt.hwtype": "1", - "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", - "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" - }, - "Identity Association for Non-temporary Address": { - "dhcpv6.option.type": "3", - "dhcpv6.option.length": "40", - "dhcpv6.option.value": "30:bf:34:7e:00:00:54:60:00:00:87:00:00:05:00:18:fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", - "dhcpv6.iaid": "30bf347e", - "dhcpv6.iaid.t1": "21600", - "dhcpv6.iaid.t2": "34560", - "IA Address": { - "dhcpv6.option.type": "5", - "dhcpv6.option.length": "24", - "dhcpv6.option.value": "fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", - "dhcpv6.iaaddr.ip": "fd1e:4e89:3b7b::101", - "dhcpv6.iaaddr.pref_lifetime": "0", - "dhcpv6.iaaddr.valid_lifetime": "0" - } - }, - "Option Request": { - "dhcpv6.option.type": "6", - "dhcpv6.option.length": "6", - "dhcpv6.option.value": "00:17:00:18:00:1f", - "dhcpv6.requested_option_code": "23", - "dhcpv6.requested_option_code": "24", - "dhcpv6.requested_option_code": "31" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:50.078839000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493670.078839000", - "frame.time_delta": "0.007755000", - "frame.time_delta_displayed": "0.007755000", - "frame.time_relative": "78.618153000", - "frame.number": "216", - "frame.len": "78", - "frame.cap_len": "78", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:ff:00:01:01", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_ff:00:01:01", - "eth.addr": "33:33:ff:00:01:01", - "eth.addr_resolved": "IPv6mcast_ff:00:01:01", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "24", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "::", - "ipv6.addr": "::", - "ipv6.src_host": "::", - "ipv6.host": "::", - "ipv6.dst": "ff02::1:ff00:101", - "ipv6.addr": "ff02::1:ff00:101", - "ipv6.dst_host": "ff02::1:ff00:101", - "ipv6.host": "ff02::1:ff00:101", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "135", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000f182", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00:00:00", - "icmpv6.nd.ns.target_address": "fd1e:4e89:3b7b::101" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:50.088237000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493670.088237000", - "frame.time_delta": "0.009398000", - "frame.time_delta_displayed": "0.009398000", - "frame.time_relative": "78.627551000", - "frame.number": "217", - "frame.len": "110", - "frame.cap_len": "110", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "56", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000effa", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "2", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:51.100942000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493671.100942000", - "frame.time_delta": "1.012705000", - "frame.time_delta_displayed": "1.012705000", - "frame.time_relative": "79.640256000", - "frame.number": "218", - "frame.len": "62", - "frame.cap_len": "62", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_02", - "eth.addr": "33:33:00:00:00:02", - "eth.addr_resolved": "IPv6mcast_02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "8", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "::", - "ipv6.addr": "::", - "ipv6.src_host": "::", - "ipv6.host": "::", - "ipv6.dst": "ff02::2", - "ipv6.addr": "ff02::2", - "ipv6.dst_host": "ff02::2", - "ipv6.host": "ff02::2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "133", - "icmpv6.code": "0", - "icmpv6.checksum": "0x00007bb8", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:51.103287000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493671.103287000", - "frame.time_delta": "0.002345000", - "frame.time_delta_displayed": "0.002345000", - "frame.time_relative": "79.642601000", - "frame.number": "219", - "frame.len": "174", - "frame.cap_len": "174", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:01", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01", - "eth.addr": "33:33:00:00:00:01", - "eth.addr_resolved": "IPv6mcast_01", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00016898", - "ipv6.plen": "120", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "fe80::b2b9:8aff:fe73:698e", - "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.dst": "ff02::1", - "ipv6.addr": "ff02::1", - "ipv6.dst_host": "ff02::1", - "ipv6.host": "ff02::1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "134", - "icmpv6.code": "0", - "icmpv6.checksum": "0x00006442", - "icmpv6.checksum.status": "1", - "icmpv6.nd.ra.cur_hop_limit": "64", - "icmpv6.nd.ra.flag": "0x000000c0", - "icmpv6.nd.ra.flag_tree": { - "icmpv6.nd.ra.flag.m": "1", - "icmpv6.nd.ra.flag.o": "1", - "icmpv6.nd.ra.flag.h": "0", - "icmpv6.nd.ra.flag.prf": "0", - "icmpv6.nd.ra.flag.p": "0", - "icmpv6.nd.ra.flag.rsv": "0" - }, - "icmpv6.nd.ra.router_lifetime": "0", - "icmpv6.nd.ra.reachable_time": "0", - "icmpv6.nd.ra.retrans_timer": "0", - "icmpv6.opt": { - "icmpv6.opt.type": "1", - "icmpv6.opt.length": "1", - "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", - "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "5", - "icmpv6.opt.length": "1", - "icmpv6.opt.reserved": "", - "icmpv6.opt.mtu": "1500" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "3", - "icmpv6.opt.length": "4", - "icmpv6.opt.prefix.length": "64", - "icmpv6.opt.prefix.flag": "0x000000c0", - "icmpv6.opt.prefix.flag_tree": { - "icmpv6.opt.prefix.flag.l": "1", - "icmpv6.opt.prefix.flag.a": "1", - "icmpv6.opt.prefix.flag.r": "0", - "icmpv6.opt.prefix.flag.reserved": "0" - }, - "icmpv6.opt.prefix.valid_lifetime": "4294967295", - "icmpv6.opt.prefix.preferred_lifetime": "4294967295", - "icmpv6.opt.reserved": "", - "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "24", - "icmpv6.opt.length": "3", - "icmpv6.opt.prefix.length": "48", - "icmpv6.opt.route_info.flag": "0x00000000", - "icmpv6.opt.route_info.flag_tree": { - "icmpv6.opt.route_info.flag.route_preference": "0", - "icmpv6.opt.route_info.flag.reserved": "0" - }, - "icmpv6.opt.route_lifetime": "4294967295", - "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "25", - "icmpv6.opt.length": "3", - "icmpv6.opt.reserved": "", - "icmpv6.opt.rdnss.lifetime": "6000", - "icmpv6.opt.rdnss": "fd1e:4e89:3b7b::1" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "7", - "icmpv6.opt.length": "1", - "icmpv6.opt.reserved": "", - "icmpv6.opt.advertisement_interval": "600000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:51.105093000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493671.105093000", - "frame.time_delta": "0.001806000", - "frame.time_delta_displayed": "0.001806000", - "frame.time_relative": "79.644407000", - "frame.number": "220", - "frame.len": "150", - "frame.cap_len": "150", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "96", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000b490", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "4", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::fb" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:51.299297000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493671.299297000", - "frame.time_delta": "0.194204000", - "frame.time_delta_displayed": "0.194204000", - "frame.time_relative": "79.838611000", - "frame.number": "221", - "frame.len": "150", - "frame.cap_len": "150", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "96", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000b590", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "4", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::fb" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:51.842410000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493671.842410000", - "frame.time_delta": "0.543113000", - "frame.time_delta_displayed": "0.543113000", - "frame.time_relative": "80.381724000", - "frame.number": "222", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" - }, - "eth": { - "eth.dst": "33:33:00:01:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:02", - "eth.addr": "33:33:00:01:00:02", - "eth.addr_resolved": "IPv6mcast_01:00:02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "66", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::1:2", - "ipv6.addr": "ff02::1:2", - "ipv6.dst_host": "ff02::1:2", - "ipv6.host": "ff02::1:2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "546", - "udp.dstport": "547", - "udp.port": "546", - "udp.port": "547", - "udp.length": "66", - "udp.checksum": "0x0000e591", - "udp.checksum.status": "2", - "udp.stream": "15" - }, - "dhcpv6": { - "dhcpv6.msgtype": "1", - "dhcpv6.xid": "0x009c36af", - "Elapsed time": { - "dhcpv6.option.type": "8", - "dhcpv6.option.length": "2", - "dhcpv6.option.value": "00:00", - "dhcpv6.elapsed_time": "0" - }, - "Rapid Commit": { - "dhcpv6.option.type": "14", - "dhcpv6.option.length": "0" - }, - "Client Identifier": { - "dhcpv6.option.type": "1", - "dhcpv6.option.length": "14", - "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.type": "1", - "dhcpv6.duidllt.hwtype": "1", - "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", - "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" - }, - "Identity Association for Non-temporary Address": { - "dhcpv6.option.type": "3", - "dhcpv6.option.length": "12", - "dhcpv6.option.value": "30:bf:34:7e:00:00:00:00:00:00:00:00", - "dhcpv6.iaid": "30bf347e", - "dhcpv6.iaid.t1": "0", - "dhcpv6.iaid.t2": "0" - }, - "Option Request": { - "dhcpv6.option.type": "6", - "dhcpv6.option.length": "6", - "dhcpv6.option.value": "00:17:00:18:00:1f", - "dhcpv6.requested_option_code": "23", - "dhcpv6.requested_option_code": "24", - "dhcpv6.requested_option_code": "31" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:51.846984000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493671.846984000", - "frame.time_delta": "0.004574000", - "frame.time_delta_displayed": "0.004574000", - "frame.time_relative": "80.386298000", - "frame.number": "223", - "frame.len": "158", - "frame.cap_len": "158", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" - }, - "eth": { - "eth.dst": "33:33:00:01:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:02", - "eth.addr": "33:33:00:01:00:02", - "eth.addr_resolved": "IPv6mcast_01:00:02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "104", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::1:2", - "ipv6.addr": "ff02::1:2", - "ipv6.dst_host": "ff02::1:2", - "ipv6.host": "ff02::1:2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "546", - "udp.dstport": "547", - "udp.port": "546", - "udp.port": "547", - "udp.length": "104", - "udp.checksum": "0x0000a9c2", - "udp.checksum.status": "2", - "udp.stream": "15" - }, - "dhcpv6": { - "dhcpv6.msgtype": "3", - "dhcpv6.xid": "0x009967b9", - "Elapsed time": { - "dhcpv6.option.type": "8", - "dhcpv6.option.length": "2", - "dhcpv6.option.value": "00:00", - "dhcpv6.elapsed_time": "0" - }, - "Server Identifier": { - "dhcpv6.option.type": "2", - "dhcpv6.option.length": "10", - "dhcpv6.option.value": "00:03:00:01:b0:b9:8a:73:69:8e", - "dhcpv6.duid.bytes": "00:03:00:01:b0:b9:8a:73:69:8e", - "dhcpv6.duid.type": "3", - "dhcpv6.duidll.hwtype": "1", - "dhcpv6.duidll.link_layer_addr": "b0:b9:8a:73:69:8e" - }, - "Client Identifier": { - "dhcpv6.option.type": "1", - "dhcpv6.option.length": "14", - "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.type": "1", - "dhcpv6.duidllt.hwtype": "1", - "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", - "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" - }, - "Identity Association for Non-temporary Address": { - "dhcpv6.option.type": "3", - "dhcpv6.option.length": "40", - "dhcpv6.option.value": "30:bf:34:7e:00:00:54:60:00:00:87:00:00:05:00:18:fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", - "dhcpv6.iaid": "30bf347e", - "dhcpv6.iaid.t1": "21600", - "dhcpv6.iaid.t2": "34560", - "IA Address": { - "dhcpv6.option.type": "5", - "dhcpv6.option.length": "24", - "dhcpv6.option.value": "fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", - "dhcpv6.iaaddr.ip": "fd1e:4e89:3b7b::101", - "dhcpv6.iaaddr.pref_lifetime": "0", - "dhcpv6.iaaddr.valid_lifetime": "0" - } - }, - "Option Request": { - "dhcpv6.option.type": "6", - "dhcpv6.option.length": "6", - "dhcpv6.option.value": "00:17:00:18:00:1f", - "dhcpv6.requested_option_code": "23", - "dhcpv6.requested_option_code": "24", - "dhcpv6.requested_option_code": "31" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:51.857232000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493671.857232000", - "frame.time_delta": "0.010248000", - "frame.time_delta_displayed": "0.010248000", - "frame.time_relative": "80.396546000", - "frame.number": "224", - "frame.len": "78", - "frame.cap_len": "78", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:ff:00:01:01", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_ff:00:01:01", - "eth.addr": "33:33:ff:00:01:01", - "eth.addr_resolved": "IPv6mcast_ff:00:01:01", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "24", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "::", - "ipv6.addr": "::", - "ipv6.src_host": "::", - "ipv6.host": "::", - "ipv6.dst": "ff02::1:ff00:101", - "ipv6.addr": "ff02::1:ff00:101", - "ipv6.dst_host": "ff02::1:ff00:101", - "ipv6.host": "ff02::1:ff00:101", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "135", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000f182", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00:00:00", - "icmpv6.nd.ns.target_address": "fd1e:4e89:3b7b::101" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:51.868193000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493671.868193000", - "frame.time_delta": "0.010961000", - "frame.time_delta_displayed": "0.010961000", - "frame.time_relative": "80.407507000", - "frame.number": "225", - "frame.len": "110", - "frame.cap_len": "110", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "56", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000effa", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "2", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:52.670783000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493672.670783000", - "frame.time_delta": "0.802590000", - "frame.time_delta_displayed": "0.802590000", - "frame.time_relative": "81.210097000", - "frame.number": "226", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.242" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:52.671257000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493672.671257000", - "frame.time_delta": "0.000474000", - "frame.time_delta_displayed": "0.000474000", - "frame.time_relative": "81.210571000", - "frame.number": "227", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "d0:52:a8:a3:60:0f", - "arp.src.proto_ipv4": "192.168.0.242", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:54.047053000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493674.047053000", - "frame.time_delta": "1.375796000", - "frame.time_delta_displayed": "1.375796000", - "frame.time_relative": "82.586367000", - "frame.number": "228", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "60:f1:89:96:45:f6", - "arp.src.proto_ipv4": "192.168.0.86", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:56.586071000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493676.586071000", - "frame.time_delta": "2.539018000", - "frame.time_delta_displayed": "2.539018000", - "frame.time_relative": "85.125385000", - "frame.number": "229", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "60:57:18:8e:aa:94", - "arp.src.proto_ipv4": "192.168.0.108", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:58.531102000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493678.531102000", - "frame.time_delta": "1.945031000", - "frame.time_delta_displayed": "1.945031000", - "frame.time_relative": "87.070416000", - "frame.number": "230", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001cd5", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000bb1b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1315", - "udp.dstport": "5353", - "udp.port": "1315", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x000012a2", - "udp.checksum.status": "2", - "udp.stream": "5" - }, - "mdns": { - "dns.id": "0x0000025b", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=603", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=58873" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:58.531622000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493678.531622000", - "frame.time_delta": "0.000520000", - "frame.time_delta_displayed": "0.000520000", - "frame.time_relative": "87.070936000", - "frame.number": "231", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001cd6", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009c16", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1315", - "udp.dstport": "5353", - "udp.port": "1315", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f39d", - "udp.checksum.status": "2", - "udp.stream": "6" - }, - "mdns": { - "dns.id": "0x0000025b", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=603", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=58873" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:47:58.532220000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493678.532220000", - "frame.time_delta": "0.000598000", - "frame.time_delta_displayed": "0.000598000", - "frame.time_relative": "87.071534000", - "frame.number": "232", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1316", - "udp.dstport": "5353", - "udp.port": "1316", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00008163", - "udp.checksum.status": "2", - "udp.stream": "7" - }, - "mdns": { - "dns.id": "0x0000025b", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=603", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=58873" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:03.531393000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493683.531393000", - "frame.time_delta": "4.999173000", - "frame.time_delta_displayed": "4.999173000", - "frame.time_relative": "92.070707000", - "frame.number": "233", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001cd7", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000bb19", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1315", - "udp.dstport": "5353", - "udp.port": "1315", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x000012a2", - "udp.checksum.status": "2", - "udp.stream": "5" - }, - "mdns": { - "dns.id": "0x0000025b", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=603", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=58873" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:03.531912000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493683.531912000", - "frame.time_delta": "0.000519000", - "frame.time_delta_displayed": "0.000519000", - "frame.time_relative": "92.071226000", - "frame.number": "234", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001cd8", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009c14", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1315", - "udp.dstport": "5353", - "udp.port": "1315", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f39d", - "udp.checksum.status": "2", - "udp.stream": "6" - }, - "mdns": { - "dns.id": "0x0000025b", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=603", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=58873" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:03.532533000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493683.532533000", - "frame.time_delta": "0.000621000", - "frame.time_delta_displayed": "0.000621000", - "frame.time_relative": "92.071847000", - "frame.number": "235", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1316", - "udp.dstport": "5353", - "udp.port": "1316", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00008163", - "udp.checksum.status": "2", - "udp.stream": "7" - }, - "mdns": { - "dns.id": "0x0000025b", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=603", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=58873" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:04.089085000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493684.089085000", - "frame.time_delta": "0.556552000", - "frame.time_delta_displayed": "0.556552000", - "frame.time_relative": "92.628399000", - "frame.number": "236", - "frame.len": "94", - "frame.cap_len": "94", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "80", - "ip.id": "0x000057d1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a698", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "40", - "tcp.seq": "2", - "tcp.nxtseq": "42", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00005968", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.lost_segment": "", - "_ws.expert.message": "Previous segment not captured (common at capture start)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - } - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "35", - "ssl.app_data": "c1:4c:bc:6e:d4:4e:36:dc:54:16:9a:8b:4e:19:e3:20:3b:8e:8d:af:ea:2c:93:b6:af:f1:91:71:e8:bc:60:69:cc:01:dc" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:04.271766000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493684.271766000", - "frame.time_delta": "0.182681000", - "frame.time_delta_displayed": "0.182681000", - "frame.time_relative": "92.811080000", - "frame.number": "237", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000fc3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fdce", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "42", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000110c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "236", - "tcp.analysis.ack_rtt": "0.182681000", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.ack_lost_segment": "", - "_ws.expert.message": "ACKed segment that wasn't captured (common at capture start)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:04.294896000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493684.294896000", - "frame.time_delta": "0.023130000", - "frame.time_delta_displayed": "0.023130000", - "frame.time_relative": "92.834210000", - "frame.number": "238", - "frame.len": "90", - "frame.cap_len": "90", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "76", - "ip.id": "0x00000fc4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fda9", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "36", - "tcp.seq": "1", - "tcp.nxtseq": "37", - "tcp.ack": "42", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000cc00", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "36", - "tcp.analysis.push_bytes_sent": "36" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "31", - "ssl.app_data": "54:26:79:5a:1e:3d:fa:62:10:75:8f:ec:d9:59:42:2b:f3:cd:1c:b1:e6:73:c7:33:fe:04:10:d3:e0:04:8d" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:04.295387000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493684.295387000", - "frame.time_delta": "0.000491000", - "frame.time_delta_displayed": "0.000491000", - "frame.time_relative": "92.834701000", - "frame.number": "239", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000057d2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a6bf", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "42", - "tcp.ack": "37", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00000672", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "238", - "tcp.analysis.ack_rtt": "0.000491000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:05.090043000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493685.090043000", - "frame.time_delta": "0.794656000", - "frame.time_delta_displayed": "0.794656000", - "frame.time_relative": "93.629357000", - "frame.number": "240", - "frame.len": "1325", - "frame.cap_len": "1325", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1311", - "ip.id": "0x000094f6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000739e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "1259", - "tcp.seq": "2419", - "tcp.nxtseq": "3678", - "tcp.ack": "395", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000208a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:24:d5:7e:a7:9b:46:7d", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2413950, TSecr 2811971197": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2413950", - "tcp.options.timestamp.tsecr": "2811971197" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "1259", - "tcp.analysis.push_bytes_sent": "1259" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "1254", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:9b:98:e1:bc:a7:db:6e:85:c5:54:5d:b7:88:54:74:05:74:f3:a7:ff:e8:a3:f7:8c:03:58:d5:ef:85:52:c0:8e:8f:50:99:0a:e5:c9:fa:db:85:b2:de:0f:59:e8:16:3b:5f:28:8d:ad:b2:6f:44:84:b0:91:39:61:b1:41:88:3b:df:6a:7c:67:bc:3d:95:bd:a2:7d:b9:4b:9d:2d:67:a0:82:08:fa:49:ec:c8:92:67:b2:48:3d:0e:5d:91:b4:20:b2:cc:db:f1:fe:e2:94:e9:2f:4f:f1:6b:17:c6:1f:46:0d:9d:f3:47:85:22:fd:8d:8f:7d:31:64:35:79:95:f4:a0:82:d2:91:f8:41:e8:f7:9b:8c:b0:de:d5:fc:d4:61:93:1e:ee:44:40:37:7a:aa:f1:19:e6:20:68:ee:b1:35:c8:51:2c:77:d5:8d:8d:24:d2:a6:86:78:25:a1:22:52:75:dd:30:4d:66:f3:ff:b0:6a:df:88:8a:40:36:7b:20:a4:dd:6d:ed:6f:ce:54:dd:c1:6d:3b:66:b2:22:89:7a:84:8d:5b:e7:75:8c:60:13:ef:a3:00:55:b8:63:34:ec:61:43:d5:cb:5d:bb:f2:4e:55:4e:ef:a4:32:8c:ad:e6:2e:e0:5d:57:fd:b5:26:8e:95:e3:59:87:e6:d1:6f:0a:bc:b9:30:c2:8b:c8:d4:53:8d:84:d6:81:bf:5b:e8:ff:0c:a1:fd:f3:b6:ec:06:2e:fb:d9:fc:e6:a6:0d:45:be:9b:ca:20:25:87:8e:39:0a:d6:7d:13:4b:78:56:f3:2c:db:6f:3f:e8:52:2a:9a:f1:90:d6:98:60:bc:1a:88:b5:9b:3f:45:88:ad:dd:2b:eb:c4:b0:29:fa:f7:8a:31:ef:2b:a7:12:a0:59:cb:99:1c:a4:67:4b:05:74:08:fd:48:fe:8d:b2:39:57:43:32:dc:1a:b3:ce:54:fd:cb:e3:86:06:52:2a:3f:ea:3c:49:20:29:6c:c5:1c:24:2f:70:52:7e:ff:dd:26:6d:29:de:1b:e9:3d:66:d2:f8:a9:63:e7:4e:ca:13:97:82:56:81:66:eb:b0:e2:b0:20:26:fa:1e:c9:ab:0d:2d:3d:81:ad:ed:de:16:b9:24:d1:c0:bd:4b:69:98:87:01:c1:66:3d:04:d6:ac:31:9c:8c:e7:2c:d4:df:1e:49:19:16:32:eb:1e:25:d9:00:49:09:4c:ea:82:cd:72:e1:2c:a8:17:55:36:7b:cb:d4:c6:cf:27:bd:b8:f4:fa:8c:3f:12:bd:2a:f7:f4:4c:1f:e8:10:75:28:7c:ff:4f:b4:72:41:8a:45:22:31:b0:12:18:3c:f5:4a:1a:66:7b:ab:ec:b3:f4:33:8e:f6:69:7f:51:e6:c9:80:d5:b4:7f:e7:50:7a:86:d3:e2:c7:c3:3e:83:91:a9:89:98:5e:b6:26:fc:ac:32:a9:b5:74:92:05:40:df:6c:a0:30:74:3d:4b:6f:35:97:1b:6e:d4:89:c5:ea:40:7e:35:4d:07:ff:65:50:8b:4a:90:fb:5e:4a:f9:14:aa:73:4b:74:78:03:93:2f:c1:d1:a0:74:87:df:88:4a:96:97:fc:b4:00:aa:9f:47:39:28:8d:44:4d:7a:48:f0:02:dd:27:35:4c:1e:4b:73:94:f7:68:bf:62:a1:8a:f0:a3:30:9f:66:d6:50:d8:aa:86:89:4b:6f:6b:81:13:b2:0b:99:56:c2:9c:1a:a7:ac:7c:af:ec:53:e1:37:57:43:61:74:6e:d7:3f:32:33:29:65:78:8a:d7:42:43:7b:25:27:1b:ee:ca:59:d6:c7:7d:bf:46:b1:bf:ba:bc:8c:36:64:32:25:72:0a:57:29:46:a1:15:8c:96:19:a1:8b:ea:f3:5b:7b:24:1b:c4:8c:d7:77:c9:84:d7:91:e9:12:25:a8:9e:9c:b5:71:04:47:e1:76:02:e6:0e:25:1e:e2:94:fd:9a:f4:e0:85:79:1e:ce:1c:12:63:3c:fb:e0:45:d8:8c:91:c2:af:80:77:e1:4d:91:1b:d7:d0:a2:7b:e8:3a:0d:57:e9:dd:c2:5f:b8:f5:f5:09:eb:b6:72:48:d1:ee:a4:4f:78:6d:ee:59:dc:b7:6c:fe:8a:96:a7:83:a4:c0:7c:fc:58:ff:06:76:9a:6e:6e:13:28:41:8b:65:40:50:44:7d:50:a9:ba:9b:0a:08:ae:ba:42:7d:2c:a0:75:13:92:17:df:36:01:9b:16:c5:e6:80:78:95:d2:a9:5e:e1:37:25:ff:dd:e6:2b:7a:18:d4:79:9a:8d:aa:92:6e:23:66:17:81:f2:c3:11:6a:d9:62:67:72:45:f9:f5:b1:29:5e:74:9e:4a:76:5f:d8:ca:4d:dc:4b:3a:1f:bd:db:54:29:a5:a7:84:fd:c7:3e:88:3d:9e:0c:9a:ee:2f:91:9b:50:53:71:cf:76:8e:8c:a2:4d:77:0b:56:e5:ce:7e:a5:10:0a:cc:c7:2f:1d:3c:18:09:e0:ee:70:7b:cc:15:85:b4:19:55:d8:c9:f2:c8:a3:b9:6e:ed:fe:99:bb:da:9e:db:94:f2:74:a8:91:63:cb:6b:6d:3e:02:ce:89:10:b2:ef:da:01:e0:85:9f:c8:d5:b2:e5:25:86:47:74:d6:96:dd:75:ef:25:23:a8:fa:d9:0d:41:4e:72:e5:ac:c0:6d:01:0c:2e:28:a4:43:ac:ec:da:fe:58:19:24:35:60:09:3b:8a:2b:7e:46:fe:67:36:9f:40:3e:dc:31:8a:75:42:5b:2d:74:0f:a5:d0:14:38:72:6f:13:ed:07:56:28:55:36:5e:cb:9b:fe:7d:31:ed:fc:65:8b:cc:fa:45:aa:5d:c6:5e:a4:ed:70:32:81:3a:ab:56:8b:35:56:9f:70:8e:40:4f:b0:18:9a:39:d6:0c:33:b5:a2:38:1e:bd:18:69:79:fc:15:32:68:2e:6b:c9:72:40:dc:0b:c2:b3:5f:90:85:dd:1c:a7:45:40:7b:03:72:00:94:96:49:36:2c:98:7a:c9:a3:87:7b:86:fc:2c:94:71:df:03:17:8b:42:76:c7:12:c5:c2:7a:e5:8d:02:ad:b2:fa:96:4a:4b:dc:6a:9b:68:c7:40:af:c8:62:8d:20:5e:03:ec:2f:22:7a:4a:33:fa:b9:ad:76:2b:eb:63:83:cf:dd:1c:db:5e:59:97:96:f9:21:eb:40:5e:e8:0d:3b:3e:20:38:f8:b5:23:ac:5b:ca:4e:47:ea:f1:86:88:a1:38:19:31:eb:e2:60:fb:f7:80:be" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:05.190550000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493685.190550000", - "frame.time_delta": "0.100507000", - "frame.time_delta_displayed": "0.100507000", - "frame.time_relative": "93.729864000", - "frame.number": "241", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002bf4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000398b", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "395", - "tcp.ack": "3678", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00006c4c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9b:56:de:00:24:d5:7e", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2811975390, TSecr 2413950": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2811975390", - "tcp.options.timestamp.tsecr": "2413950" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "240", - "tcp.analysis.ack_rtt": "0.100507000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:06.083765000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493686.083765000", - "frame.time_delta": "0.893215000", - "frame.time_delta_displayed": "0.893215000", - "frame.time_relative": "94.623079000", - "frame.number": "242", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005ae7", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x00005d02", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:07.150303000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493687.150303000", - "frame.time_delta": "1.066538000", - "frame.time_delta_displayed": "1.066538000", - "frame.time_relative": "95.689617000", - "frame.number": "243", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x000047cb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000818c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:07.203151000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493687.203151000", - "frame.time_delta": "0.052848000", - "frame.time_delta_displayed": "0.052848000", - "frame.time_relative": "95.742465000", - "frame.number": "244", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x000047d1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00008186", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:07.255990000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493687.255990000", - "frame.time_delta": "0.052839000", - "frame.time_delta_displayed": "0.052839000", - "frame.time_relative": "95.795304000", - "frame.number": "245", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x000047d5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00008179", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:07.308800000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493687.308800000", - "frame.time_delta": "0.052810000", - "frame.time_delta_displayed": "0.052810000", - "frame.time_relative": "95.848114000", - "frame.number": "246", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x000047d8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00008176", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:07.361707000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493687.361707000", - "frame.time_delta": "0.052907000", - "frame.time_delta_displayed": "0.052907000", - "frame.time_relative": "95.901021000", - "frame.number": "247", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x000047dd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00008177", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:07.414627000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493687.414627000", - "frame.time_delta": "0.052920000", - "frame.time_delta_displayed": "0.052920000", - "frame.time_relative": "95.953941000", - "frame.number": "248", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x000047de", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00008176", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:08.531673000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493688.531673000", - "frame.time_delta": "1.117046000", - "frame.time_delta_displayed": "1.117046000", - "frame.time_relative": "97.070987000", - "frame.number": "249", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001cd9", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000bb17", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1315", - "udp.dstport": "5353", - "udp.port": "1315", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x000012a2", - "udp.checksum.status": "2", - "udp.stream": "5" - }, - "mdns": { - "dns.id": "0x0000025b", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=603", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=58873" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:08.532473000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493688.532473000", - "frame.time_delta": "0.000800000", - "frame.time_delta_displayed": "0.000800000", - "frame.time_relative": "97.071787000", - "frame.number": "250", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001cda", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009c12", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1315", - "udp.dstport": "5353", - "udp.port": "1315", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f39d", - "udp.checksum.status": "2", - "udp.stream": "6" - }, - "mdns": { - "dns.id": "0x0000025b", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=603", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=58873" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:08.532897000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493688.532897000", - "frame.time_delta": "0.000424000", - "frame.time_delta_displayed": "0.000424000", - "frame.time_relative": "97.072211000", - "frame.number": "251", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1316", - "udp.dstport": "5353", - "udp.port": "1316", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00008163", - "udp.checksum.status": "2", - "udp.stream": "7" - }, - "mdns": { - "dns.id": "0x0000025b", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=603", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=58873" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:09.281174000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493689.281174000", - "frame.time_delta": "0.748277000", - "frame.time_delta_displayed": "0.748277000", - "frame.time_relative": "97.820488000", - "frame.number": "252", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.160" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:09.281570000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493689.281570000", - "frame.time_delta": "0.000396000", - "frame.time_delta_displayed": "0.000396000", - "frame.time_relative": "97.820884000", - "frame.number": "253", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "00:17:88:69:ee:e4", - "arp.src.proto_ipv4": "192.168.0.160", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:10.217254000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493690.217254000", - "frame.time_delta": "0.935684000", - "frame.time_delta_displayed": "0.935684000", - "frame.time_relative": "98.756568000", - "frame.number": "254", - "frame.len": "92", - "frame.cap_len": "92", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "78", - "ip.id": "0x00000a83", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ee33", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "58", - "udp.checksum": "0x000048bd", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "32:00:00:54:42:52:4b:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:00:44:81:c5:49:83:cc:f2:14:0d:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:5c:11", - "data.len": "50" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:19.428308000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493699.428308000", - "frame.time_delta": "9.211054000", - "frame.time_delta_displayed": "9.211054000", - "frame.time_relative": "107.967622000", - "frame.number": "255", - "frame.len": "115", - "frame.cap_len": "115", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "101", - "ip.id": "0x000094f7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007857", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "49", - "tcp.seq": "3678", - "tcp.nxtseq": "3727", - "tcp.ack": "395", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00005cb3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:24:db:18:a7:9b:56:de", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2415384, TSecr 2811975390": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2415384", - "tcp.options.timestamp.tsecr": "2811975390" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "49", - "tcp.analysis.push_bytes_sent": "49" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "44", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:9c:96:9c:51:4b:d1:2e:48:46:23:3a:fc:66:3a:c2:e2:8c:9d:2c:5c:f8:e3:f9:32:f5:a7:ae:6c:14:f7:cc:e1:93:3a:c1:40:24" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:19.488599000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493699.488599000", - "frame.time_delta": "0.060291000", - "frame.time_delta_displayed": "0.060291000", - "frame.time_relative": "108.027913000", - "frame.number": "256", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002bf5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000398a", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "395", - "tcp.ack": "3727", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000588b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9b:64:d4:00:24:db:18", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2811978964, TSecr 2415384": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2811978964", - "tcp.options.timestamp.tsecr": "2415384" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "255", - "tcp.analysis.ack_rtt": "0.060291000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:19.489103000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493699.489103000", - "frame.time_delta": "0.000504000", - "frame.time_delta_displayed": "0.000504000", - "frame.time_relative": "108.028417000", - "frame.number": "257", - "frame.len": "121", - "frame.cap_len": "121", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "107", - "ip.id": "0x00002bf6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003952", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "55", - "tcp.seq": "395", - "tcp.nxtseq": "450", - "tcp.ack": "3727", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00003223", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9b:64:d4:00:24:db:18", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2811978964, TSecr 2415384": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2811978964", - "tcp.options.timestamp.tsecr": "2415384" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "55", - "tcp.analysis.push_bytes_sent": "55" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "50", - "ssl.app_data": "34:cd:34:17:47:48:0e:32:fa:bb:8a:08:61:c4:a6:26:5a:a8:a1:ff:d5:2d:e4:f0:ab:a2:22:95:74:6e:2e:1b:80:3f:10:ab:c6:81:f6:41:fc:02:66:6c:7d:22:fc:77:89:8b" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:19.489535000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493699.489535000", - "frame.time_delta": "0.000432000", - "frame.time_delta_displayed": "0.000432000", - "frame.time_relative": "108.028849000", - "frame.number": "258", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x000094f8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007887", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "3727", - "tcp.ack": "450", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000575f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:24:db:1e:a7:9b:64:d4", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2415390, TSecr 2811978964": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2415390", - "tcp.options.timestamp.tsecr": "2811978964" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "257", - "tcp.analysis.ack_rtt": "0.000432000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:28.852420000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493708.852420000", - "frame.time_delta": "9.362885000", - "frame.time_delta_displayed": "9.362885000", - "frame.time_relative": "117.391734000", - "frame.number": "259", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "3c:ef:8c:6f:79:5a", - "eth.src_tree": { - "eth.src_resolved": "Zhejiang_6f:79:5a", - "eth.addr": "3c:ef:8c:6f:79:5a", - "eth.addr_resolved": "Zhejiang_6f:79:5a", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.isgratuitous": "1", - "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", - "arp.src.proto_ipv4": "192.168.0.71", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.71" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:34.341163000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493714.341163000", - "frame.time_delta": "5.488743000", - "frame.time_delta_displayed": "5.488743000", - "frame.time_relative": "122.880477000", - "frame.number": "260", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000057d3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a6be", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "41", - "tcp.ack": "37", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00000673", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive": "", - "_ws.expert.message": "TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:34.484610000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493714.484610000", - "frame.time_delta": "0.143447000", - "frame.time_delta_displayed": "0.143447000", - "frame.time_relative": "123.023924000", - "frame.number": "261", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000fc5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fdcc", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "37", - "tcp.ack": "42", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000010e8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive_ack": "", - "_ws.expert.message": "ACK to a TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:36.085662000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493716.085662000", - "frame.time_delta": "1.601052000", - "frame.time_delta_displayed": "1.601052000", - "frame.time_relative": "124.624976000", - "frame.number": "262", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005aee", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x00005cfb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:37.817664000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493717.817664000", - "frame.time_delta": "1.732002000", - "frame.time_delta_displayed": "1.732002000", - "frame.time_relative": "126.356978000", - "frame.number": "263", - "frame.len": "20", - "frame.cap_len": "20", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:llc" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.len": "6" - }, - "llc": { - "llc.dsap": "0x00000000", - "llc.dsap_tree": { - "llc.dsap.sap": "0", - "llc.dsap.ig": "0" - }, - "llc.ssap": "0x00000001", - "llc.ssap_tree": { - "llc.ssap.sap": "0", - "llc.ssap.cr": "1" - }, - "llc.control": "0x000000af", - "llc.control_tree": { - "llc.control.u_modifier_resp": "0x0000002b", - "llc.control.ftype": "0x00000003" - } - }, - "basicxid": { - "basicxid.llc.xid.format": "0x00000081", - "basicxid.llc.xid.types": "0x00000001", - "basicxid.llc.xid.wsize": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:38.043531000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493718.043531000", - "frame.time_delta": "0.225867000", - "frame.time_delta_displayed": "0.225867000", - "frame.time_relative": "126.582845000", - "frame.number": "264", - "frame.len": "350", - "frame.cap_len": "350", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:bootp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "336", - "ip.id": "0x00000000", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ba9d", - "ip.checksum.status": "2", - "ip.src": "0.0.0.0", - "ip.addr": "0.0.0.0", - "ip.src_host": "0.0.0.0", - "ip.host": "0.0.0.0", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "68", - "udp.dstport": "67", - "udp.port": "68", - "udp.port": "67", - "udp.length": "316", - "udp.checksum": "0x00004f9e", - "udp.checksum.status": "2", - "udp.stream": "3" - }, - "bootp": { - "bootp.type": "1", - "bootp.hw.type": "0x00000001", - "bootp.hw.len": "6", - "bootp.hops": "0", - "bootp.id": "0xabcd0001", - "bootp.secs": "0", - "bootp.flags": "0x00000000", - "bootp.flags_tree": { - "bootp.flags.bc": "0", - "bootp.flags.reserved": "0x00000000" - }, - "bootp.ip.client": "0.0.0.0", - "bootp.ip.your": "0.0.0.0", - "bootp.ip.server": "0.0.0.0", - "bootp.ip.relay": "0.0.0.0", - "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", - "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", - "bootp.server": "", - "bootp.file": "", - "bootp.dhcp": "1", - "bootp.cookie": "99.130.83.99", - "bootp.option.type": "53", - "bootp.option.type_tree": { - "bootp.option.length": "1", - "bootp.option.value": "01", - "bootp.option.dhcp": "1" - }, - "bootp.option.type": "12", - "bootp.option.type_tree": { - "bootp.option.length": "14", - "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", - "bootp.option.hostname": "USR-WIFI232-G2" - }, - "bootp.option.type": "57", - "bootp.option.type_tree": { - "bootp.option.length": "2", - "bootp.option.value": "05:dc", - "bootp.option.dhcp_max_message_size": "1500" - }, - "bootp.option.type": "55", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "01:03:1c:06", - "bootp.option.request_list_item": "1", - "bootp.option.request_list_item": "3", - "bootp.option.request_list_item": "28", - "bootp.option.request_list_item": "6" - }, - "bootp.option.type": "0", - "bootp.option.type_tree": { - "bootp.option.end": "255" - }, - "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:38.084466000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493718.084466000", - "frame.time_delta": "0.040935000", - "frame.time_delta_displayed": "0.040935000", - "frame.time_relative": "126.623780000", - "frame.number": "265", - "frame.len": "350", - "frame.cap_len": "350", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:bootp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "336", - "ip.id": "0x00000001", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ba9c", - "ip.checksum.status": "2", - "ip.src": "0.0.0.0", - "ip.addr": "0.0.0.0", - "ip.src_host": "0.0.0.0", - "ip.host": "0.0.0.0", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "68", - "udp.dstport": "67", - "udp.port": "68", - "udp.port": "67", - "udp.length": "316", - "udp.checksum": "0x000080b3", - "udp.checksum.status": "2", - "udp.stream": "3" - }, - "bootp": { - "bootp.type": "1", - "bootp.hw.type": "0x00000001", - "bootp.hw.len": "6", - "bootp.hops": "0", - "bootp.id": "0xabcd0002", - "bootp.secs": "0", - "bootp.flags": "0x00000000", - "bootp.flags_tree": { - "bootp.flags.bc": "0", - "bootp.flags.reserved": "0x00000000" - }, - "bootp.ip.client": "0.0.0.0", - "bootp.ip.your": "0.0.0.0", - "bootp.ip.server": "0.0.0.0", - "bootp.ip.relay": "0.0.0.0", - "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", - "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", - "bootp.server": "", - "bootp.file": "", - "bootp.dhcp": "1", - "bootp.cookie": "99.130.83.99", - "bootp.option.type": "53", - "bootp.option.type_tree": { - "bootp.option.length": "1", - "bootp.option.value": "03", - "bootp.option.dhcp": "3" - }, - "bootp.option.type": "12", - "bootp.option.type_tree": { - "bootp.option.length": "14", - "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", - "bootp.option.hostname": "USR-WIFI232-G2" - }, - "bootp.option.type": "57", - "bootp.option.type_tree": { - "bootp.option.length": "2", - "bootp.option.value": "05:dc", - "bootp.option.dhcp_max_message_size": "1500" - }, - "bootp.option.type": "50", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "c0:a8:00:72", - "bootp.option.requested_ip_address": "192.168.0.114" - }, - "bootp.option.type": "54", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "c0:a8:00:01", - "bootp.option.dhcp_server_id": "192.168.0.1" - }, - "bootp.option.type": "55", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "01:03:1c:06", - "bootp.option.request_list_item": "1", - "bootp.option.request_list_item": "3", - "bootp.option.request_list_item": "28", - "bootp.option.request_list_item": "6" - }, - "bootp.option.type": "0", - "bootp.option.type_tree": { - "bootp.option.end": "255" - }, - "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:38.105159000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493718.105159000", - "frame.time_delta": "0.020693000", - "frame.time_delta_displayed": "0.020693000", - "frame.time_relative": "126.644473000", - "frame.number": "266", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", - "arp.src.proto_ipv4": "0.0.0.0", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.114" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:38.142983000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493718.142983000", - "frame.time_delta": "0.037824000", - "frame.time_delta_displayed": "0.037824000", - "frame.time_relative": "126.682297000", - "frame.number": "267", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", - "arp.src.proto_ipv4": "0.0.0.0", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.114" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:39.490154000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493719.490154000", - "frame.time_delta": "1.347171000", - "frame.time_delta_displayed": "1.347171000", - "frame.time_relative": "128.029468000", - "frame.number": "268", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.160" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:39.490558000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493719.490558000", - "frame.time_delta": "0.000404000", - "frame.time_delta_displayed": "0.000404000", - "frame.time_relative": "128.029872000", - "frame.number": "269", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "00:17:88:69:ee:e4", - "arp.src.proto_ipv4": "192.168.0.160", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:43.211745000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493723.211745000", - "frame.time_delta": "3.721187000", - "frame.time_delta_displayed": "3.721187000", - "frame.time_relative": "131.751059000", - "frame.number": "270", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", - "arp.src.proto_ipv4": "192.168.0.114", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:45.553546000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493725.553546000", - "frame.time_delta": "2.341801000", - "frame.time_delta_displayed": "2.341801000", - "frame.time_relative": "134.092860000", - "frame.number": "271", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001ce0", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000bb10", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00000da8", - "udp.checksum.status": "2", - "udp.stream": "16" - }, - "mdns": { - "dns.id": "0x0000025c", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=604", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:45.554140000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493725.554140000", - "frame.time_delta": "0.000594000", - "frame.time_delta_displayed": "0.000594000", - "frame.time_relative": "134.093454000", - "frame.number": "272", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001ce1", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009c0b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000eea3", - "udp.checksum.status": "2", - "udp.stream": "17" - }, - "mdns": { - "dns.id": "0x0000025c", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=604", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:45.554691000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493725.554691000", - "frame.time_delta": "0.000551000", - "frame.time_delta_displayed": "0.000551000", - "frame.time_relative": "134.094005000", - "frame.number": "273", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1319", - "udp.dstport": "5353", - "udp.port": "1319", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00007c69", - "udp.checksum.status": "2", - "udp.stream": "18" - }, - "mdns": { - "dns.id": "0x0000025c", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=604", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:50.508869000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493730.508869000", - "frame.time_delta": "4.954178000", - "frame.time_delta_displayed": "4.954178000", - "frame.time_relative": "139.048183000", - "frame.number": "274", - "frame.len": "115", - "frame.cap_len": "115", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "101", - "ip.id": "0x000094f9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007855", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "49", - "tcp.seq": "3727", - "tcp.nxtseq": "3776", - "tcp.ack": "450", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f00d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:24:e7:3c:a7:9b:64:d4", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2418492, TSecr 2811978964": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2418492", - "tcp.options.timestamp.tsecr": "2811978964" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "49", - "tcp.analysis.push_bytes_sent": "49" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "44", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:9d:7a:de:b2:09:da:43:61:53:a5:b9:8d:0d:dd:de:32:ff:da:dd:1e:b9:36:b6:87:1c:5e:22:a5:43:bc:22:01:4a:e2:e4:d3:75" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:50.554014000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493730.554014000", - "frame.time_delta": "0.045145000", - "frame.time_delta_displayed": "0.045145000", - "frame.time_relative": "139.093328000", - "frame.number": "275", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001ce2", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000bb0e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00000da8", - "udp.checksum.status": "2", - "udp.stream": "16" - }, - "mdns": { - "dns.id": "0x0000025c", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=604", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:50.554572000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493730.554572000", - "frame.time_delta": "0.000558000", - "frame.time_delta_displayed": "0.000558000", - "frame.time_relative": "139.093886000", - "frame.number": "276", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001ce3", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009c09", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000eea3", - "udp.checksum.status": "2", - "udp.stream": "17" - }, - "mdns": { - "dns.id": "0x0000025c", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=604", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:50.555146000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493730.555146000", - "frame.time_delta": "0.000574000", - "frame.time_delta_displayed": "0.000574000", - "frame.time_relative": "139.094460000", - "frame.number": "277", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1319", - "udp.dstport": "5353", - "udp.port": "1319", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00007c69", - "udp.checksum.status": "2", - "udp.stream": "18" - }, - "mdns": { - "dns.id": "0x0000025c", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=604", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:50.569933000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493730.569933000", - "frame.time_delta": "0.014787000", - "frame.time_delta_displayed": "0.014787000", - "frame.time_relative": "139.109247000", - "frame.number": "278", - "frame.len": "121", - "frame.cap_len": "121", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "107", - "ip.id": "0x00002bf7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003951", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "55", - "tcp.seq": "450", - "tcp.nxtseq": "505", - "tcp.ack": "3776", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00003310", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9b:83:2e:00:24:e7:3c", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2811986734, TSecr 2418492": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2811986734", - "tcp.options.timestamp.tsecr": "2418492" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "274", - "tcp.analysis.ack_rtt": "0.061064000", - "tcp.analysis.bytes_in_flight": "55", - "tcp.analysis.push_bytes_sent": "55" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "50", - "ssl.app_data": "34:cd:34:17:47:48:0e:33:b7:ac:75:4f:f9:6d:13:07:e9:c0:73:26:ad:85:57:04:ac:e9:8b:aa:67:30:64:5f:45:d9:6d:7d:55:0d:ac:92:9a:bf:32:f0:2e:bc:62:6d:e1:77" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:50.570438000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493730.570438000", - "frame.time_delta": "0.000505000", - "frame.time_delta_displayed": "0.000505000", - "frame.time_relative": "139.109752000", - "frame.number": "279", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x000094fa", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007885", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "3776", - "tcp.ack": "505", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00002c79", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:24:e7:42:a7:9b:83:2e", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2418498, TSecr 2811986734": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2418498", - "tcp.options.timestamp.tsecr": "2811986734" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "278", - "tcp.analysis.ack_rtt": "0.000505000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:50.644308000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493730.644308000", - "frame.time_delta": "0.073870000", - "frame.time_delta_displayed": "0.073870000", - "frame.time_relative": "139.183622000", - "frame.number": "280", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x000082ac", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000360e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "52151", - "udp.dstport": "53", - "udp.port": "52151", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x0000ea7d", - "udp.checksum.status": "2", - "udp.stream": "19" - }, - "dns": { - "dns.id": "0x00000f08", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:51.106932000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493731.106932000", - "frame.time_delta": "0.462624000", - "frame.time_delta_displayed": "0.462624000", - "frame.time_relative": "139.646246000", - "frame.number": "281", - "frame.len": "137", - "frame.cap_len": "137", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "123", - "ip.id": "0x00007594", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000042ec", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "52151", - "udp.port": "53", - "udp.port": "52151", - "udp.length": "103", - "udp.checksum": "0x0000826a", - "udp.checksum.status": "2", - "udp.stream": "19" - }, - "dns": { - "dns.response_to": "280", - "dns.time": "0.462624000", - "dns.id": "0x00000f08", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "1", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - }, - "Authoritative nameservers": { - "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": { - "dns.resp.name": "cpp.philips.com", - "dns.resp.type": "6", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3600", - "dns.resp.len": "46", - "dns.soa.mname": "ns1.ext.philips.com", - "dns.soa.rname": "ddi-authority.philips.com", - "dns.soa.serial_number": "387", - "dns.soa.refresh_interval": "1200", - "dns.soa.retry_interval": "300", - "dns.soa.expire_limit": "1209600", - "dns.soa.mininum_ttl": "3600" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:51.107840000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493731.107840000", - "frame.time_delta": "0.000908000", - "frame.time_delta_displayed": "0.000908000", - "frame.time_relative": "139.647154000", - "frame.number": "282", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x000082cc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000035ee", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "37265", - "udp.dstport": "53", - "udp.port": "37265", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x00003fa3", - "udp.checksum.status": "2", - "udp.stream": "20" - }, - "dns": { - "dns.id": "0x00000f09", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:51.108291000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493731.108291000", - "frame.time_delta": "0.000451000", - "frame.time_delta_displayed": "0.000451000", - "frame.time_relative": "139.647605000", - "frame.number": "283", - "frame.len": "95", - "frame.cap_len": "95", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "81", - "ip.id": "0x00007595", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00004315", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "37265", - "udp.port": "53", - "udp.port": "37265", - "udp.length": "61", - "udp.checksum": "0x00008240", - "udp.checksum.status": "2", - "udp.stream": "20" - }, - "dns": { - "dns.response_to": "282", - "dns.time": "0.000451000", - "dns.id": "0x00000f09", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "1", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { - "dns.resp.name": "dcp.cpp.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "46", - "dns.resp.len": "4", - "dns.a": "5.79.62.93" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:51.109099000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493731.109099000", - "frame.time_delta": "0.000808000", - "frame.time_delta_displayed": "0.000808000", - "frame.time_relative": "139.648413000", - "frame.number": "284", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00005d77", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d858", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35286", - "tcp.dstport": "80", - "tcp.port": "35286", - "tcp.port": "80", - "tcp.stream": "10", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x000082f4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:51.244593000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493731.244593000", - "frame.time_delta": "0.135494000", - "frame.time_delta_displayed": "0.135494000", - "frame.time_relative": "139.783907000", - "frame.number": "285", - "frame.len": "62", - "frame.cap_len": "62", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "48", - "ip.id": "0x0000d6cf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x0000b403", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35286", - "tcp.port": "80", - "tcp.port": "35286", - "tcp.stream": "10", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "28", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "4140", - "tcp.window_size": "4140", - "tcp.checksum": "0x00008114", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:64:04:02:00:00", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1380" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "End of Option List (EOL)": { - "tcp.options.type": "0", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "0" - } - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "284", - "tcp.analysis.ack_rtt": "0.135494000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:51.245148000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493731.245148000", - "frame.time_delta": "0.000555000", - "frame.time_delta_displayed": "0.000555000", - "frame.time_relative": "139.784462000", - "frame.number": "286", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005d78", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d863", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35286", - "tcp.dstport": "80", - "tcp.port": "35286", - "tcp.port": "80", - "tcp.stream": "10", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00004aa3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "285", - "tcp.analysis.ack_rtt": "0.000555000", - "tcp.analysis.initial_rtt": "0.136049000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:51.245161000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493731.245161000", - "frame.time_delta": "0.000013000", - "frame.time_delta_displayed": "0.000013000", - "frame.time_relative": "139.784475000", - "frame.number": "287", - "frame.len": "654", - "frame.cap_len": "654", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "640", - "ip.id": "0x00005d79", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d60a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35286", - "tcp.dstport": "80", - "tcp.port": "35286", - "tcp.port": "80", - "tcp.stream": "10", - "tcp.len": "600", - "tcp.seq": "1", - "tcp.nxtseq": "601", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x000021e4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.136049000", - "tcp.analysis.bytes_in_flight": "600", - "tcp.analysis.push_bytes_sent": "600" - }, - "tcp.segment_data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:37:36:22:2c:20:4e:6f:6e:63:65:3d:22:45:51:52:32:64:61:4f:62:33:78:47:35:49:4e:55:49:6e:30:76:43:47:41:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:66:78:67:38:61:75:38:44:5a:4e:72:78:63:43:49:34:41:61:52:32:4f:67:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:51.381729000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493731.381729000", - "frame.time_delta": "0.136568000", - "frame.time_delta_displayed": "0.136568000", - "frame.time_relative": "139.921043000", - "frame.number": "288", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001087", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x00007a54", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35286", - "tcp.port": "80", - "tcp.port": "35286", - "tcp.stream": "10", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "601", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4740", - "tcp.window_size": "4740", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000a7d7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "287", - "tcp.analysis.ack_rtt": "0.136568000", - "tcp.analysis.initial_rtt": "0.136049000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:51.382367000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493731.382367000", - "frame.time_delta": "0.000638000", - "frame.time_delta_displayed": "0.000638000", - "frame.time_relative": "139.921681000", - "frame.number": "289", - "frame.len": "1302", - "frame.cap_len": "1302", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:media" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1288", - "ip.id": "0x00005d7a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d381", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35286", - "tcp.dstport": "80", - "tcp.port": "35286", - "tcp.port": "80", - "tcp.stream": "10", - "tcp.len": "1248", - "tcp.seq": "601", - "tcp.nxtseq": "1849", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00002472", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.136049000", - "tcp.analysis.bytes_in_flight": "1248", - "tcp.analysis.push_bytes_sent": "1248" - }, - "tcp.segment_data": "f8:23:49:33:2b:14:dd:ad:92:ab:30:c6:42:0a:9d:11:d5:5f:ae:20:07:c1:76:6c:63:44:31:a9:4f:88:50:6d:5f:bd:6f:3c:c5:30:22:78:cd:3a:3e:ca:f3:89:3c:8a:3b:30:a0:6f:b8:3e:58:ae:7b:61:3d:88:79:3b:dc:03:28:b4:3d:d0:aa:89:ed:a9:86:fe:4b:9a:00:c2:ec:aa:29:dd:82:41:6f:4d:64:7a:1c:86:29:3f:8a:72:5a:2e:9d:e1:a6:d3:c4:73:c8:36:fa:23:9e:ef:10:fd:59:b7:c6:95:5a:1d:18:c4:68:d1:b9:7b:eb:c3:90:78:ae:51:ff:9d:a4:19:48:21:10:99:66:56:08:59:09:19:d9:b8:75:16:89:d9:c6:9f:d9:8e:9d:12:bb:e8:e6:ef:06:0b:a9:c7:12:be:53:24:1a:ff:61:df:1a:d5:c4:9c:09:17:eb:dd:33:45:64:0f:ef:85:ed:44:9a:88:94:7d:a4:54:6f:d0:df:b6:47:3b:ba:98:69:96:13:2f:3f:56:95:bf:db:b6:d5:58:0c:8f:83:e8:5b:2c:d7:68:1a:81:03:e2:e2:bf:b9:00:f7:44:a1:9c:fe:90:1e:42:75:9c:68:48:b8:08:94:20:12:0f:9f:0f:07:89:b9:69:80:69:3f:93:6e:28:d8:09:0e:d5:a5:54:f9:7c:95:19:bd:5e:b6:62:43:53:52:e8:b3:8d:72:f9:aa:e3:7c:20:37:a6:36:aa:97:f6:ab:a9:90:7e:a8:cf:4f:8e:2b:7f:73:5f:a3:6d:fb:c3:02:e3:13:48:05:d6:56:6e:19:df:f9:3e:88:6a:58:4f:81:0b:5b:0e:64:2f:25:65:5a:85:c9:4a:35:64:d0:49:3b:ee:2e:68:ff:55:d1:a1:77:b1:c8:40:92:d1:07:1b:92:7a:ea:15:40:1a:0e:14:ab:2a:88:c2:a1:65:10:69:24:c9:12:7e:2c:ec:07:da:d0:9f:0c:54:5e:d8:f8:df:00:2e:b3:d9:6b:72:9e:be:0e:ca:53:9b:0e:0e:0d:ea:4f:ec:d3:9b:3e:92:44:9a:cc:eb:b9:d3:5b:b8:6f:15:dd:d1:82:05:45:fc:f3:1b:e4:a7:b6:b6:c9:f8:e6:e7:4e:56:0a:7f:b7:fb:2e:2d:39:c6:f6:44:1d:24:3e:3c:18:b5:6a:2c:66:fc:42:34:69:b7:cc:40:b7:28:75:ef:1a:66:91:b4:6e:79:81:d4:c1:b1:b7:8f:97:28:8b:9f:e9:1f:4b:e8:84:5f:8f:4d:b0:a3:2a:e6:3f:ee:87:64:4c:0f:fc:3b:26:ba:d1:bc:d6:e1:7d:7d:05:e1:31:a9:b0:eb:52:c1:6a:e3:af:4f:46:90:e1:27:73:e3:f1:3f:78:88:61:da:31:e9:7a:3f:4e:22:ce:c9:97:27:0c:33:2b:5b:88:e1:c5:57:bc:0f:af:35:52:01:0e:91:f4:46:e1:76:98:67:c9:ba:4c:f9:41:73:48:09:74:5a:3a:cd:e6:98:cb:a2:48:c9:2e:30:e4:b0:b5:cb:17:76:be:6c:cf:18:af:a4:c7:70:b0:c1:87:06:14:33:68:d1:9c:7a:db:ca:75:95:b1:0f:b4:f6:8b:ce:56:62:81:33:6b:dd:13:df:33:a1:d8:58:b7:eb:9d:31:2b:39:4e:25:7c:7d:27:e5:82:52:ee:95:01:51:fe:e9:e3:8f:fa:8b:e7:27:4c:b8:f1:98:8e:06:32:be:e4:e6:0f:6a:40:e6:e7:0b:8b:0e:28:8c:ed:99:e4:bc:18:b6:17:10:ff:2a:56:92:ad:7c:35:4c:58:fa:a7:5e:9b:43:fd:f6:63:83:4e:33:41:02:df:39:2f:05:c2:13:08:58:6f:89:95:7c:4a:81:e7:ac:8a:4c:ff:f7:16:a2:b2:d3:6d:6c:eb:da:b3:db:81:9f:3b:74:59:7d:6c:c9:f6:e1:3a:e2:26:c2:6e:c1:f0:c0:5e:da:0b:2a:51:6c:0f:53:bc:fd:32:83:f2:19:8e:97:37:a3:be:1c:f8:92:82:ce:51:7a:27:a1:c6:1e:4c:b5:81:76:27:75:44:ba:7a:ae:a0:c1:90:03:d7:05:43:b7:f8:99:6b:fd:5d:87:f2:79:6d:a2:9f:4e:5d:31:f5:97:bf:6b:b4:47:53:43:92:ee:b2:73:2f:4c:64:c0:c6:51:d4:42:f6:a0:e7:c8:b2:9c:c4:18:2f:c6:e6:0b:2a:eb:6b:4b:4f:42:6e:45:2a:7d:a2:2c:45:e8:df:30:fa:78:81:ba:aa:52:06:1f:5d:d9:51:d4:8c:2d:84:a8:d7:82:e4:a3:63:44:63:d7:c2:14:2b:d7:7e:f1:3d:37:3b:9b:78:04:2c:be:fa:1c:59:81:03:df:f3:97:7d:cc:63:95:22:92:f6:f1:f1:bf:b3:6a:83:f8:01:92:58:a5:e0:42:19:fc:85:38:df:66:e3:d3:45:8b:9e:0f:36:17:04:f1:ad:1d:c9:21:fb:df:41:d9:82:3b:f5:d3:77:56:f5:33:c6:ac:27:07:bd:fc:3b:d5:4c:19:be:81:24:c4:09:10:18:82:bb:c3:e3:b8:9b:28:bf:49:6f:24:7b:b9:31:d0:59:1a:a2:93:5f:e3:ce:08:b7:9d:82:2b:3f:32:cc:3f:5a:2e:f9:a0:74:bf:e0:02:06:6f:d5:b3:90:97:21:9d:7e:36:96:45:0e:06:a4:57:e0:9b:49:d4:8b:fd:04:b4:4c:d3:fd:57:c3:d4:66:16:ec:c1:29:7a:87:e0:b6:aa:23:2d:8b:39:6a:d5:34:5e:d6:25:e7:0e:f5:fe:10:19:4e:e2:f0:fa:98:88:10:83:e0:87:cf:7a:ae:33:ed:1a:45:13:cd:67:0b:de:98:b4:5a:84:f1:a4:a9:c6:73:27:3d:05:73:64:10:21:75:36:c5:34:5c:44:68:cd:f6:dc:27:cf:89:39:ba:36:3a:9e:71:dc:a6:02:bd:9c:93:36:69:fe:d0:b4:af:d3:dc:dd:9a:1a:93:85:06:99:ed:df:f6:86:25:80:de:d3:0f:d8:8f:ec:0e:03:eb:51:48:c9:cd:00:2b:4e:12:c7:52:bc:d9:ee:da:02:13:33:64:a5:26:52:2f:f3:40:32:bc:7d:e1:f7:33:66:21:47:a1:92:5c:33:b8:71:3f:8d:05:20:53:54:51:6a:24:b1:e3:83:88:58:bb:7f:99:7a:39:bf:88:14:72:e5:62:1f:33:b6:f2:f4:55:76:3b:2e:91:cf:c2:33:a5:5f" - }, - "tcp.segments": { - "tcp.segment": "287", - "tcp.segment": "289", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1848", - "tcp.reassembled.data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:37:36:22:2c:20:4e:6f:6e:63:65:3d:22:45:51:52:32:64:61:4f:62:33:78:47:35:49:4e:55:49:6e:30:76:43:47:41:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:66:78:67:38:61:75:38:44:5a:4e:72:78:63:43:49:34:41:61:52:32:4f:67:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a:f8:23:49:33:2b:14:dd:ad:92:ab:30:c6:42:0a:9d:11:d5:5f:ae:20:07:c1:76:6c:63:44:31:a9:4f:88:50:6d:5f:bd:6f:3c:c5:30:22:78:cd:3a:3e:ca:f3:89:3c:8a:3b:30:a0:6f:b8:3e:58:ae:7b:61:3d:88:79:3b:dc:03:28:b4:3d:d0:aa:89:ed:a9:86:fe:4b:9a:00:c2:ec:aa:29:dd:82:41:6f:4d:64:7a:1c:86:29:3f:8a:72:5a:2e:9d:e1:a6:d3:c4:73:c8:36:fa:23:9e:ef:10:fd:59:b7:c6:95:5a:1d:18:c4:68:d1:b9:7b:eb:c3:90:78:ae:51:ff:9d:a4:19:48:21:10:99:66:56:08:59:09:19:d9:b8:75:16:89:d9:c6:9f:d9:8e:9d:12:bb:e8:e6:ef:06:0b:a9:c7:12:be:53:24:1a:ff:61:df:1a:d5:c4:9c:09:17:eb:dd:33:45:64:0f:ef:85:ed:44:9a:88:94:7d:a4:54:6f:d0:df:b6:47:3b:ba:98:69:96:13:2f:3f:56:95:bf:db:b6:d5:58:0c:8f:83:e8:5b:2c:d7:68:1a:81:03:e2:e2:bf:b9:00:f7:44:a1:9c:fe:90:1e:42:75:9c:68:48:b8:08:94:20:12:0f:9f:0f:07:89:b9:69:80:69:3f:93:6e:28:d8:09:0e:d5:a5:54:f9:7c:95:19:bd:5e:b6:62:43:53:52:e8:b3:8d:72:f9:aa:e3:7c:20:37:a6:36:aa:97:f6:ab:a9:90:7e:a8:cf:4f:8e:2b:7f:73:5f:a3:6d:fb:c3:02:e3:13:48:05:d6:56:6e:19:df:f9:3e:88:6a:58:4f:81:0b:5b:0e:64:2f:25:65:5a:85:c9:4a:35:64:d0:49:3b:ee:2e:68:ff:55:d1:a1:77:b1:c8:40:92:d1:07:1b:92:7a:ea:15:40:1a:0e:14:ab:2a:88:c2:a1:65:10:69:24:c9:12:7e:2c:ec:07:da:d0:9f:0c:54:5e:d8:f8:df:00:2e:b3:d9:6b:72:9e:be:0e:ca:53:9b:0e:0e:0d:ea:4f:ec:d3:9b:3e:92:44:9a:cc:eb:b9:d3:5b:b8:6f:15:dd:d1:82:05:45:fc:f3:1b:e4:a7:b6:b6:c9:f8:e6:e7:4e:56:0a:7f:b7:fb:2e:2d:39:c6:f6:44:1d:24:3e:3c:18:b5:6a:2c:66:fc:42:34:69:b7:cc:40:b7:28:75:ef:1a:66:91:b4:6e:79:81:d4:c1:b1:b7:8f:97:28:8b:9f:e9:1f:4b:e8:84:5f:8f:4d:b0:a3:2a:e6:3f:ee:87:64:4c:0f:fc:3b:26:ba:d1:bc:d6:e1:7d:7d:05:e1:31:a9:b0:eb:52:c1:6a:e3:af:4f:46:90:e1:27:73:e3:f1:3f:78:88:61:da:31:e9:7a:3f:4e:22:ce:c9:97:27:0c:33:2b:5b:88:e1:c5:57:bc:0f:af:35:52:01:0e:91:f4:46:e1:76:98:67:c9:ba:4c:f9:41:73:48:09:74:5a:3a:cd:e6:98:cb:a2:48:c9:2e:30:e4:b0:b5:cb:17:76:be:6c:cf:18:af:a4:c7:70:b0:c1:87:06:14:33:68:d1:9c:7a:db:ca:75:95:b1:0f:b4:f6:8b:ce:56:62:81:33:6b:dd:13:df:33:a1:d8:58:b7:eb:9d:31:2b:39:4e:25:7c:7d:27:e5:82:52:ee:95:01:51:fe:e9:e3:8f:fa:8b:e7:27:4c:b8:f1:98:8e:06:32:be:e4:e6:0f:6a:40:e6:e7:0b:8b:0e:28:8c:ed:99:e4:bc:18:b6:17:10:ff:2a:56:92:ad:7c:35:4c:58:fa:a7:5e:9b:43:fd:f6:63:83:4e:33:41:02:df:39:2f:05:c2:13:08:58:6f:89:95:7c:4a:81:e7:ac:8a:4c:ff:f7:16:a2:b2:d3:6d:6c:eb:da:b3:db:81:9f:3b:74:59:7d:6c:c9:f6:e1:3a:e2:26:c2:6e:c1:f0:c0:5e:da:0b:2a:51:6c:0f:53:bc:fd:32:83:f2:19:8e:97:37:a3:be:1c:f8:92:82:ce:51:7a:27:a1:c6:1e:4c:b5:81:76:27:75:44:ba:7a:ae:a0:c1:90:03:d7:05:43:b7:f8:99:6b:fd:5d:87:f2:79:6d:a2:9f:4e:5d:31:f5:97:bf:6b:b4:47:53:43:92:ee:b2:73:2f:4c:64:c0:c6:51:d4:42:f6:a0:e7:c8:b2:9c:c4:18:2f:c6:e6:0b:2a:eb:6b:4b:4f:42:6e:45:2a:7d:a2:2c:45:e8:df:30:fa:78:81:ba:aa:52:06:1f:5d:d9:51:d4:8c:2d:84:a8:d7:82:e4:a3:63:44:63:d7:c2:14:2b:d7:7e:f1:3d:37:3b:9b:78:04:2c:be:fa:1c:59:81:03:df:f3:97:7d:cc:63:95:22:92:f6:f1:f1:bf:b3:6a:83:f8:01:92:58:a5:e0:42:19:fc:85:38:df:66:e3:d3:45:8b:9e:0f:36:17:04:f1:ad:1d:c9:21:fb:df:41:d9:82:3b:f5:d3:77:56:f5:33:c6:ac:27:07:bd:fc:3b:d5:4c:19:be:81:24:c4:09:10:18:82:bb:c3:e3:b8:9b:28:bf:49:6f:24:7b:b9:31:d0:59:1a:a2:93:5f:e3:ce:08:b7:9d:82:2b:3f:32:cc:3f:5a:2e:f9:a0:74:bf:e0:02:06:6f:d5:b3:90:97:21:9d:7e:36:96:45:0e:06:a4:57:e0:9b:49:d4:8b:fd:04:b4:4c:d3:fd:57:c3:d4:66:16:ec:c1:29:7a:87:e0:b6:aa:23:2d:8b:39:6a:d5:34:5e:d6:25:e7:0e:f5:fe:10:19:4e:e2:f0:fa:98:88:10:83:e0:87:cf:7a:ae:33:ed:1a:45:13:cd:67:0b:de:98:b4:5a:84:f1:a4:a9:c6:73:27:3d:05:73:64:10:21:75:36:c5:34:5c:44:68:cd:f6:dc:27:cf:89:39:ba:36:3a:9e:71:dc:a6:02:bd:9c:93:36:69:fe:d0:b4:af:d3:dc:dd:9a:1a:93:85:06:99:ed:df:f6:86:25:80:de:d3:0f:d8:8f:ec:0e:03:eb:51:48:c9:cd:00:2b:4e:12:c7:52:bc:d9:ee:da:02:13:33:64:a5:26:52:2f:f3:40:32:bc:7d:e1:f7:33:66:21:47:a1:92:5c:33:b8:71:3f:8d:05:20:53:54:51:6a:24:b1:e3:83:88:58:bb:7f:99:7a:39:bf:88:14:72:e5:62:1f:33:b6:f2:f4:55:76:3b:2e:91:cf:c2:33:a5:5f" - }, - "http": { - "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "POST", - "http.request.uri": "\/DcpRequestHandler\/index.ashx", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "dcp.cpp.philips.com:80", - "http.request.line": "Host: dcp.cpp.philips.com:80\r\n", - "http.authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"176\", Nonce=\"EQR2daOb3xG5INUIn0vCGA==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"fxg8au8DZNrxcCI4AaR2Og==\"", - "http.request.line": "Authorization: CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"176\", Nonce=\"EQR2daOb3xG5INUIn0vCGA==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"fxg8au8DZNrxcCI4AaR2Og==\"\r\n", - "http.content_length_header": "1248 ", - "http.content_length_header_tree": { - "http.content_length": "1248" - }, - "http.request.line": "Content-Length: 1248 \r\n", - "http.content_type": "application\/CB-Encrypted; cipher=AES", - "http.request.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", - "http.connection": "close", - "http.request.line": "Connection: close\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/dcp.cpp.philips.com:80\/DcpRequestHandler\/index.ashx", - "http.request": "1", - "http.request_number": "1", - "http.file_data": "\u00ef\u00bf\u00bd#I3+\u0014\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd0\u00ef\u00bf\u00bdB\n\u00ef\u00bf\u00bd\u0011\u00ef\u00bf\u00bd_\u00ef\u00bf\u00bd \u0007\u00ef\u00bf\u00bdvlcD1\u00ef\u00bf\u00bdO\u00ef\u00bf\u00bdPm_\u00ef\u00bf\u00bdo<\u00ef\u00bf\u00bd0\"x\u00ef\u00bf\u00bd:>\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd<\u00ef\u00bf\u00bd;0\u00ef\u00bf\u00bdo\u00ef\u00bf\u00bd>X\u00ef\u00bf\u00bd{a=\u00ef\u00bf\u00bdy;\u00ef\u00bf\u00bd\u0003(\u00ef\u00bf\u00bd=\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdK\u00ef\u00bf\u00bd" - }, - "media": { - "media.type": "f8:23:49:33:2b:14:dd:ad:92:ab:30:c6:42:0a:9d:11:d5:5f:ae:20:07:c1:76:6c:63:44:31:a9:4f:88:50:6d:5f:bd:6f:3c:c5:30:22:78:cd:3a:3e:ca:f3:89:3c:8a:3b:30:a0:6f:b8:3e:58:ae:7b:61:3d:88:79:3b:dc:03:28:b4:3d:d0:aa:89:ed:a9:86:fe:4b:9a:00:c2:ec:aa:29:dd:82:41:6f:4d:64:7a:1c:86:29:3f:8a:72:5a:2e:9d:e1:a6:d3:c4:73:c8:36:fa:23:9e:ef:10:fd:59:b7:c6:95:5a:1d:18:c4:68:d1:b9:7b:eb:c3:90:78:ae:51:ff:9d:a4:19:48:21:10:99:66:56:08:59:09:19:d9:b8:75:16:89:d9:c6:9f:d9:8e:9d:12:bb:e8:e6:ef:06:0b:a9:c7:12:be:53:24:1a:ff:61:df:1a:d5:c4:9c:09:17:eb:dd:33:45:64:0f:ef:85:ed:44:9a:88:94:7d:a4:54:6f:d0:df:b6:47:3b:ba:98:69:96:13:2f:3f:56:95:bf:db:b6:d5:58:0c:8f:83:e8:5b:2c:d7:68:1a:81:03:e2:e2:bf:b9:00:f7:44:a1:9c:fe:90:1e:42:75:9c:68:48:b8:08:94:20:12:0f:9f:0f:07:89:b9:69:80:69:3f:93:6e:28:d8:09:0e:d5:a5:54:f9:7c:95:19:bd:5e:b6:62:43:53:52:e8:b3:8d:72:f9:aa:e3:7c:20:37:a6:36:aa:97:f6:ab:a9:90:7e:a8:cf:4f:8e:2b:7f:73:5f:a3:6d:fb:c3:02:e3:13:48:05:d6:56:6e:19:df:f9:3e:88:6a:58:4f:81:0b:5b:0e:64:2f:25:65:5a:85:c9:4a:35:64:d0:49:3b:ee:2e:68:ff:55:d1:a1:77:b1:c8:40:92:d1:07:1b:92:7a:ea:15:40:1a:0e:14:ab:2a:88:c2:a1:65:10:69:24:c9:12:7e:2c:ec:07:da:d0:9f:0c:54:5e:d8:f8:df:00:2e:b3:d9:6b:72:9e:be:0e:ca:53:9b:0e:0e:0d:ea:4f:ec:d3:9b:3e:92:44:9a:cc:eb:b9:d3:5b:b8:6f:15:dd:d1:82:05:45:fc:f3:1b:e4:a7:b6:b6:c9:f8:e6:e7:4e:56:0a:7f:b7:fb:2e:2d:39:c6:f6:44:1d:24:3e:3c:18:b5:6a:2c:66:fc:42:34:69:b7:cc:40:b7:28:75:ef:1a:66:91:b4:6e:79:81:d4:c1:b1:b7:8f:97:28:8b:9f:e9:1f:4b:e8:84:5f:8f:4d:b0:a3:2a:e6:3f:ee:87:64:4c:0f:fc:3b:26:ba:d1:bc:d6:e1:7d:7d:05:e1:31:a9:b0:eb:52:c1:6a:e3:af:4f:46:90:e1:27:73:e3:f1:3f:78:88:61:da:31:e9:7a:3f:4e:22:ce:c9:97:27:0c:33:2b:5b:88:e1:c5:57:bc:0f:af:35:52:01:0e:91:f4:46:e1:76:98:67:c9:ba:4c:f9:41:73:48:09:74:5a:3a:cd:e6:98:cb:a2:48:c9:2e:30:e4:b0:b5:cb:17:76:be:6c:cf:18:af:a4:c7:70:b0:c1:87:06:14:33:68:d1:9c:7a:db:ca:75:95:b1:0f:b4:f6:8b:ce:56:62:81:33:6b:dd:13:df:33:a1:d8:58:b7:eb:9d:31:2b:39:4e:25:7c:7d:27:e5:82:52:ee:95:01:51:fe:e9:e3:8f:fa:8b:e7:27:4c:b8:f1:98:8e:06:32:be:e4:e6:0f:6a:40:e6:e7:0b:8b:0e:28:8c:ed:99:e4:bc:18:b6:17:10:ff:2a:56:92:ad:7c:35:4c:58:fa:a7:5e:9b:43:fd:f6:63:83:4e:33:41:02:df:39:2f:05:c2:13:08:58:6f:89:95:7c:4a:81:e7:ac:8a:4c:ff:f7:16:a2:b2:d3:6d:6c:eb:da:b3:db:81:9f:3b:74:59:7d:6c:c9:f6:e1:3a:e2:26:c2:6e:c1:f0:c0:5e:da:0b:2a:51:6c:0f:53:bc:fd:32:83:f2:19:8e:97:37:a3:be:1c:f8:92:82:ce:51:7a:27:a1:c6:1e:4c:b5:81:76:27:75:44:ba:7a:ae:a0:c1:90:03:d7:05:43:b7:f8:99:6b:fd:5d:87:f2:79:6d:a2:9f:4e:5d:31:f5:97:bf:6b:b4:47:53:43:92:ee:b2:73:2f:4c:64:c0:c6:51:d4:42:f6:a0:e7:c8:b2:9c:c4:18:2f:c6:e6:0b:2a:eb:6b:4b:4f:42:6e:45:2a:7d:a2:2c:45:e8:df:30:fa:78:81:ba:aa:52:06:1f:5d:d9:51:d4:8c:2d:84:a8:d7:82:e4:a3:63:44:63:d7:c2:14:2b:d7:7e:f1:3d:37:3b:9b:78:04:2c:be:fa:1c:59:81:03:df:f3:97:7d:cc:63:95:22:92:f6:f1:f1:bf:b3:6a:83:f8:01:92:58:a5:e0:42:19:fc:85:38:df:66:e3:d3:45:8b:9e:0f:36:17:04:f1:ad:1d:c9:21:fb:df:41:d9:82:3b:f5:d3:77:56:f5:33:c6:ac:27:07:bd:fc:3b:d5:4c:19:be:81:24:c4:09:10:18:82:bb:c3:e3:b8:9b:28:bf:49:6f:24:7b:b9:31:d0:59:1a:a2:93:5f:e3:ce:08:b7:9d:82:2b:3f:32:cc:3f:5a:2e:f9:a0:74:bf:e0:02:06:6f:d5:b3:90:97:21:9d:7e:36:96:45:0e:06:a4:57:e0:9b:49:d4:8b:fd:04:b4:4c:d3:fd:57:c3:d4:66:16:ec:c1:29:7a:87:e0:b6:aa:23:2d:8b:39:6a:d5:34:5e:d6:25:e7:0e:f5:fe:10:19:4e:e2:f0:fa:98:88:10:83:e0:87:cf:7a:ae:33:ed:1a:45:13:cd:67:0b:de:98:b4:5a:84:f1:a4:a9:c6:73:27:3d:05:73:64:10:21:75:36:c5:34:5c:44:68:cd:f6:dc:27:cf:89:39:ba:36:3a:9e:71:dc:a6:02:bd:9c:93:36:69:fe:d0:b4:af:d3:dc:dd:9a:1a:93:85:06:99:ed:df:f6:86:25:80:de:d3:0f:d8:8f:ec:0e:03:eb:51:48:c9:cd:00:2b:4e:12:c7:52:bc:d9:ee:da:02:13:33:64:a5:26:52:2f:f3:40:32:bc:7d:e1:f7:33:66:21:47:a1:92:5c:33:b8:71:3f:8d:05:20:53:54:51:6a:24:b1:e3:83:88:58:bb:7f:99:7a:39:bf:88:14:72:e5:62:1f:33:b6:f2:f4:55:76:3b:2e:91:cf:c2:33:a5:5f" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:51.517981000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493731.517981000", - "frame.time_delta": "0.135614000", - "frame.time_delta_displayed": "0.135614000", - "frame.time_relative": "140.057295000", - "frame.number": "290", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000445d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x0000467e", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35286", - "tcp.port": "80", - "tcp.port": "35286", - "tcp.stream": "10", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1849", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00009e17", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "289", - "tcp.analysis.ack_rtt": "0.135614000", - "tcp.analysis.initial_rtt": "0.136049000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:51.521080000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493731.521080000", - "frame.time_delta": "0.003099000", - "frame.time_delta_displayed": "0.003099000", - "frame.time_relative": "140.060394000", - "frame.number": "291", - "frame.len": "1434", - "frame.cap_len": "1434", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1420", - "ip.id": "0x00004515", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x00004062", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35286", - "tcp.port": "80", - "tcp.port": "35286", - "tcp.stream": "10", - "tcp.len": "1380", - "tcp.seq": "1", - "tcp.nxtseq": "1381", - "tcp.ack": "1849", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00000a73", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.136049000", - "tcp.analysis.bytes_in_flight": "1380", - "tcp.analysis.push_bytes_sent": "1380" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:34:30:31:20:55:6e:61:75:74:68:6f:72:69:7a:65:64:0d:0a:43:61:63:68:65:2d:43:6f:6e:74:72:6f:6c:3a:20:70:72:69:76:61:74:65:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:74:65:78:74:2f:68:74:6d:6c:0d:0a:53:65:72:76:65:72:3a:20:4d:69:63:72:6f:73:6f:66:74:2d:49:49:53:2f:37:2e:35:0d:0a:57:57:57:2d:41:75:74:68:65:6e:74:69:63:61:74:65:3a:20:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:52:65:6e:65:77:4e:6f:6e:63:65:3d:22:54:72:75:65:22:2c:20:4e:6f:6e:63:65:3d:22:4a:73:6a:74:79:6b:4e:7a:52:66:43:35:49:4e:55:49:7a:52:72:69:4c:77:3d:3d:22:0d:0a:58:2d:41:73:70:4e:65:74:2d:56:65:72:73:69:6f:6e:3a:20:34:2e:30:2e:33:30:33:31:39:0d:0a:58:2d:50:6f:77:65:72:65:64:2d:42:79:3a:20:41:53:50:2e:4e:45:54:0d:0a:44:61:74:65:3a:20:54:75:65:2c:20:33:31:20:4f:63:74:20:32:30:31:37:20:32:33:3a:34:38:3a:35:31:20:47:4d:54:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:39:33:0d:0a:0d:0a:3c:21:44:4f:43:54:59:50:45:20:68:74:6d:6c:20:50:55:42:4c:49:43:20:22:2d:2f:2f:57:33:43:2f:2f:44:54:44:20:58:48:54:4d:4c:20:31:2e:30:20:53:74:72:69:63:74:2f:2f:45:4e:22:20:22:68:74:74:70:3a:2f:2f:77:77:77:2e:77:33:2e:6f:72:67:2f:54:52:2f:78:68:74:6d:6c:31:2f:44:54:44:2f:78:68:74:6d:6c:31:2d:73:74:72:69:63:74:2e:64:74:64:22:3e:0d:0a:3c:68:74:6d:6c:20:78:6d:6c:6e:73:3d:22:68:74:74:70:3a:2f:2f:77:77:77:2e:77:33:2e:6f:72:67:2f:31:39:39:39:2f:78:68:74:6d:6c:22:3e:0d:0a:3c:68:65:61:64:3e:0d:0a:3c:6d:65:74:61:20:68:74:74:70:2d:65:71:75:69:76:3d:22:43:6f:6e:74:65:6e:74:2d:54:79:70:65:22:20:63:6f:6e:74:65:6e:74:3d:22:74:65:78:74:2f:68:74:6d:6c:3b:20:63:68:61:72:73:65:74:3d:69:73:6f:2d:38:38:35:39:2d:31:22:2f:3e:0d:0a:3c:74:69:74:6c:65:3e:34:30:31:20:2d:20:55:6e:61:75:74:68:6f:72:69:7a:65:64:3a:20:41:63:63:65:73:73:20:69:73:20:64:65:6e:69:65:64:20:64:75:65:20:74:6f:20:69:6e:76:61:6c:69:64:20:63:72:65:64:65:6e:74:69:61:6c:73:2e:3c:2f:74:69:74:6c:65:3e:0d:0a:3c:73:74:79:6c:65:20:74:79:70:65:3d:22:74:65:78:74:2f:63:73:73:22:3e:0d:0a:3c:21:2d:2d:0d:0a:62:6f:64:79:7b:6d:61:72:67:69:6e:3a:30:3b:66:6f:6e:74:2d:73:69:7a:65:3a:2e:37:65:6d:3b:66:6f:6e:74:2d:66:61:6d:69:6c:79:3a:56:65:72:64:61:6e:61:2c:20:41:72:69:61:6c:2c:20:48:65:6c:76:65:74:69:63:61:2c:20:73:61:6e:73:2d:73:65:72:69:66:3b:62:61:63:6b:67:72:6f:75:6e:64:3a:23:45:45:45:45:45:45:3b:7d:0d:0a:66:69:65:6c:64:73:65:74:7b:70:61:64:64:69:6e:67:3a:30:20:31:35:70:78:20:31:30:70:78:20:31:35:70:78:3b:7d:20:0d:0a:68:31:7b:66:6f:6e:74:2d:73:69:7a:65:3a:32:2e:34:65:6d:3b:6d:61:72:67:69:6e:3a:30:3b:63:6f:6c:6f:72:3a:23:46:46:46:3b:7d:0d:0a:68:32:7b:66:6f:6e:74:2d:73:69:7a:65:3a:31:2e:37:65:6d:3b:6d:61:72:67:69:6e:3a:30:3b:63:6f:6c:6f:72:3a:23:43:43:30:30:30:30:3b:7d:20:0d:0a:68:33:7b:66:6f:6e:74:2d:73:69:7a:65:3a:31:2e:32:65:6d:3b:6d:61:72:67:69:6e:3a:31:30:70:78:20:30:20:30:20:30:3b:63:6f:6c:6f:72:3a:23:30:30:30:30:30:30:3b:7d:20:0d:0a:23:68:65:61:64:65:72:7b:77:69:64:74:68:3a:39:36:25:3b:6d:61:72:67:69:6e:3a:30:20:30:20:30:20:30:3b:70:61:64:64:69:6e:67:3a:36:70:78:20:32:25:20:36:70:78:20:32:25:3b:66:6f:6e:74:2d:66:61:6d:69:6c:79:3a:22:74:72:65:62:75:63:68:65:74:20:4d:53:22:2c:20:56:65:72:64:61:6e:61:2c:20:73:61:6e:73:2d:73:65:72:69:66:3b:63:6f:6c:6f:72:3a:23:46:46:46:3b:0d:0a:62:61:63:6b:67:72:6f:75:6e:64:2d:63:6f:6c:6f:72:3a:23:35:35:35:35:35:35:3b:7d:0d:0a:23:63:6f:6e:74:65:6e:74:7b:6d:61:72:67:69:6e:3a:30:20:30:20:30:20:32:25:3b:70:6f:73:69:74:69:6f:6e:3a:72:65:6c:61:74:69:76:65:3b:7d:0d:0a:2e:63:6f:6e:74:65:6e:74:2d:63:6f:6e:74:61:69:6e:65:72:7b:62:61:63:6b:67:72:6f:75:6e:64:3a:23:46:46:46:3b:77:69:64:74:68:3a:39:36:25:3b:6d:61:72:67:69:6e:2d:74:6f:70:3a:38:70:78:3b:70:61:64:64:69:6e:67:3a:31:30:70:78:3b:70:6f:73:69:74:69:6f:6e:3a:72:65:6c:61:74:69:76:65:3b:7d:0d:0a:2d:2d:3e:0d:0a:3c:2f:73:74:79:6c:65:3e:0d:0a:3c:2f:68:65:61:64:3e:0d:0a:3c:62:6f:64:79:3e:0d:0a:3c:64:69:76:20:69:64:3d:22:68:65:61:64:65:72:22:3e:3c:68:31:3e:53:65:72:76:65:72:20:45:72:72:6f:72:3c:2f:68:31:3e:3c:2f:64:69:76:3e:0d:0a:3c:64:69:76:20:69:64:3d:22:63:6f:6e:74:65:6e:74:22:3e:0d:0a:20:3c:64:69:76:20:63:6c:61:73:73:3d:22:63:6f:6e:74:65:6e:74:2d:63:6f:6e:74:61:69:6e:65:72:22:3e:3c:66:69:65:6c:64:73" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:51.521106000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493731.521106000", - "frame.time_delta": "0.000026000", - "frame.time_delta_displayed": "0.000026000", - "frame.time_relative": "140.060420000", - "frame.number": "292", - "frame.len": "134", - "frame.cap_len": "134", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "120", - "ip.id": "0x00004516", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x00004575", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35286", - "tcp.port": "80", - "tcp.port": "35286", - "tcp.stream": "10", - "tcp.len": "80", - "tcp.seq": "1381", - "tcp.nxtseq": "1461", - "tcp.ack": "1849", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000055f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.136049000", - "tcp.analysis.bytes_in_flight": "1460", - "tcp.analysis.push_bytes_sent": "1460" - }, - "tcp.segment_data": "65:74:3e:0d:0a:20:20:3c:68:32:3e:34:30:31:20:2d:20:55:6e:61:75:74:68:6f:72:69:7a:65:64:3a:20:41:63:63:65:73:73:20:69:73:20:64:65:6e:69:65:64:20:64:75:65:20:74:6f:20:69:6e:76:61:6c:69:64:20:63:72:65:64:65:6e:74:69:61:6c:73:2e:3c:2f:68:32:3e" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:51.521182000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493731.521182000", - "frame.time_delta": "0.000076000", - "frame.time_delta_displayed": "0.000076000", - "frame.time_relative": "140.060496000", - "frame.number": "293", - "frame.len": "213", - "frame.cap_len": "213", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:data-text-lines" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "199", - "ip.id": "0x00004517", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x00004525", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35286", - "tcp.port": "80", - "tcp.port": "35286", - "tcp.stream": "10", - "tcp.len": "159", - "tcp.seq": "1461", - "tcp.nxtseq": "1620", - "tcp.ack": "1849", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00003296", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.136049000", - "tcp.analysis.bytes_in_flight": "1619", - "tcp.analysis.push_bytes_sent": "159" - }, - "tcp.segment_data": "0d:0a:20:20:3c:68:33:3e:59:6f:75:20:64:6f:20:6e:6f:74:20:68:61:76:65:20:70:65:72:6d:69:73:73:69:6f:6e:20:74:6f:20:76:69:65:77:20:74:68:69:73:20:64:69:72:65:63:74:6f:72:79:20:6f:72:20:70:61:67:65:20:75:73:69:6e:67:20:74:68:65:20:63:72:65:64:65:6e:74:69:61:6c:73:20:74:68:61:74:20:79:6f:75:20:73:75:70:70:6c:69:65:64:2e:3c:2f:68:33:3e:0d:0a:20:3c:2f:66:69:65:6c:64:73:65:74:3e:3c:2f:64:69:76:3e:0d:0a:3c:2f:64:69:76:3e:0d:0a:3c:2f:62:6f:64:79:3e:0d:0a:3c:2f:68:74:6d:6c:3e:0d:0a" - }, - "tcp.segments": { - "tcp.segment": "291", - "tcp.segment": "292", - "tcp.segment": "293", - "tcp.segment.count": "3", - "tcp.reassembled.length": "1619", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:34:30:31:20:55:6e:61:75:74:68:6f:72:69:7a:65:64:0d:0a:43:61:63:68:65:2d:43:6f:6e:74:72:6f:6c:3a:20:70:72:69:76:61:74:65:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:74:65:78:74:2f:68:74:6d:6c:0d:0a:53:65:72:76:65:72:3a:20:4d:69:63:72:6f:73:6f:66:74:2d:49:49:53:2f:37:2e:35:0d:0a:57:57:57:2d:41:75:74:68:65:6e:74:69:63:61:74:65:3a:20:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:52:65:6e:65:77:4e:6f:6e:63:65:3d:22:54:72:75:65:22:2c:20:4e:6f:6e:63:65:3d:22:4a:73:6a:74:79:6b:4e:7a:52:66:43:35:49:4e:55:49:7a:52:72:69:4c:77:3d:3d:22:0d:0a:58:2d:41:73:70:4e:65:74:2d:56:65:72:73:69:6f:6e:3a:20:34:2e:30:2e:33:30:33:31:39:0d:0a:58:2d:50:6f:77:65:72:65:64:2d:42:79:3a:20:41:53:50:2e:4e:45:54:0d:0a:44:61:74:65:3a:20:54:75:65:2c:20:33:31:20:4f:63:74:20:32:30:31:37:20:32:33:3a:34:38:3a:35:31:20:47:4d:54:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:39:33:0d:0a:0d:0a:3c:21:44:4f:43:54:59:50:45:20:68:74:6d:6c:20:50:55:42:4c:49:43:20:22:2d:2f:2f:57:33:43:2f:2f:44:54:44:20:58:48:54:4d:4c:20:31:2e:30:20:53:74:72:69:63:74:2f:2f:45:4e:22:20:22:68:74:74:70:3a:2f:2f:77:77:77:2e:77:33:2e:6f:72:67:2f:54:52:2f:78:68:74:6d:6c:31:2f:44:54:44:2f:78:68:74:6d:6c:31:2d:73:74:72:69:63:74:2e:64:74:64:22:3e:0d:0a:3c:68:74:6d:6c:20:78:6d:6c:6e:73:3d:22:68:74:74:70:3a:2f:2f:77:77:77:2e:77:33:2e:6f:72:67:2f:31:39:39:39:2f:78:68:74:6d:6c:22:3e:0d:0a:3c:68:65:61:64:3e:0d:0a:3c:6d:65:74:61:20:68:74:74:70:2d:65:71:75:69:76:3d:22:43:6f:6e:74:65:6e:74:2d:54:79:70:65:22:20:63:6f:6e:74:65:6e:74:3d:22:74:65:78:74:2f:68:74:6d:6c:3b:20:63:68:61:72:73:65:74:3d:69:73:6f:2d:38:38:35:39:2d:31:22:2f:3e:0d:0a:3c:74:69:74:6c:65:3e:34:30:31:20:2d:20:55:6e:61:75:74:68:6f:72:69:7a:65:64:3a:20:41:63:63:65:73:73:20:69:73:20:64:65:6e:69:65:64:20:64:75:65:20:74:6f:20:69:6e:76:61:6c:69:64:20:63:72:65:64:65:6e:74:69:61:6c:73:2e:3c:2f:74:69:74:6c:65:3e:0d:0a:3c:73:74:79:6c:65:20:74:79:70:65:3d:22:74:65:78:74:2f:63:73:73:22:3e:0d:0a:3c:21:2d:2d:0d:0a:62:6f:64:79:7b:6d:61:72:67:69:6e:3a:30:3b:66:6f:6e:74:2d:73:69:7a:65:3a:2e:37:65:6d:3b:66:6f:6e:74:2d:66:61:6d:69:6c:79:3a:56:65:72:64:61:6e:61:2c:20:41:72:69:61:6c:2c:20:48:65:6c:76:65:74:69:63:61:2c:20:73:61:6e:73:2d:73:65:72:69:66:3b:62:61:63:6b:67:72:6f:75:6e:64:3a:23:45:45:45:45:45:45:3b:7d:0d:0a:66:69:65:6c:64:73:65:74:7b:70:61:64:64:69:6e:67:3a:30:20:31:35:70:78:20:31:30:70:78:20:31:35:70:78:3b:7d:20:0d:0a:68:31:7b:66:6f:6e:74:2d:73:69:7a:65:3a:32:2e:34:65:6d:3b:6d:61:72:67:69:6e:3a:30:3b:63:6f:6c:6f:72:3a:23:46:46:46:3b:7d:0d:0a:68:32:7b:66:6f:6e:74:2d:73:69:7a:65:3a:31:2e:37:65:6d:3b:6d:61:72:67:69:6e:3a:30:3b:63:6f:6c:6f:72:3a:23:43:43:30:30:30:30:3b:7d:20:0d:0a:68:33:7b:66:6f:6e:74:2d:73:69:7a:65:3a:31:2e:32:65:6d:3b:6d:61:72:67:69:6e:3a:31:30:70:78:20:30:20:30:20:30:3b:63:6f:6c:6f:72:3a:23:30:30:30:30:30:30:3b:7d:20:0d:0a:23:68:65:61:64:65:72:7b:77:69:64:74:68:3a:39:36:25:3b:6d:61:72:67:69:6e:3a:30:20:30:20:30:20:30:3b:70:61:64:64:69:6e:67:3a:36:70:78:20:32:25:20:36:70:78:20:32:25:3b:66:6f:6e:74:2d:66:61:6d:69:6c:79:3a:22:74:72:65:62:75:63:68:65:74:20:4d:53:22:2c:20:56:65:72:64:61:6e:61:2c:20:73:61:6e:73:2d:73:65:72:69:66:3b:63:6f:6c:6f:72:3a:23:46:46:46:3b:0d:0a:62:61:63:6b:67:72:6f:75:6e:64:2d:63:6f:6c:6f:72:3a:23:35:35:35:35:35:35:3b:7d:0d:0a:23:63:6f:6e:74:65:6e:74:7b:6d:61:72:67:69:6e:3a:30:20:30:20:30:20:32:25:3b:70:6f:73:69:74:69:6f:6e:3a:72:65:6c:61:74:69:76:65:3b:7d:0d:0a:2e:63:6f:6e:74:65:6e:74:2d:63:6f:6e:74:61:69:6e:65:72:7b:62:61:63:6b:67:72:6f:75:6e:64:3a:23:46:46:46:3b:77:69:64:74:68:3a:39:36:25:3b:6d:61:72:67:69:6e:2d:74:6f:70:3a:38:70:78:3b:70:61:64:64:69:6e:67:3a:31:30:70:78:3b:70:6f:73:69:74:69:6f:6e:3a:72:65:6c:61:74:69:76:65:3b:7d:0d:0a:2d:2d:3e:0d:0a:3c:2f:73:74:79:6c:65:3e:0d:0a:3c:2f:68:65:61:64:3e:0d:0a:3c:62:6f:64:79:3e:0d:0a:3c:64:69:76:20:69:64:3d:22:68:65:61:64:65:72:22:3e:3c:68:31:3e:53:65:72:76:65:72:20:45:72:72:6f:72:3c:2f:68:31:3e:3c:2f:64:69:76:3e:0d:0a:3c:64:69:76:20:69:64:3d:22:63:6f:6e:74:65:6e:74:22:3e:0d:0a:20:3c:64:69:76:20:63:6c:61:73:73:3d:22:63:6f:6e:74:65:6e:74:2d:63:6f:6e:74:61:69:6e:65:72:22:3e:3c:66:69:65:6c:64:73:65:74:3e:0d:0a:20:20:3c:68:32:3e:34:30:31:20:2d:20:55:6e:61:75:74:68:6f:72:69:7a:65:64:3a:20:41:63:63:65:73:73:20:69:73:20:64:65:6e:69:65:64:20:64:75:65:20:74:6f:20:69:6e:76:61:6c:69:64:20:63:72:65:64:65:6e:74:69:61:6c:73:2e:3c:2f:68:32:3e:0d:0a:20:20:3c:68:33:3e:59:6f:75:20:64:6f:20:6e:6f:74:20:68:61:76:65:20:70:65:72:6d:69:73:73:69:6f:6e:20:74:6f:20:76:69:65:77:20:74:68:69:73:20:64:69:72:65:63:74:6f:72:79:20:6f:72:20:70:61:67:65:20:75:73:69:6e:67:20:74:68:65:20:63:72:65:64:65:6e:74:69:61:6c:73:20:74:68:61:74:20:79:6f:75:20:73:75:70:70:6c:69:65:64:2e:3c:2f:68:33:3e:0d:0a:20:3c:2f:66:69:65:6c:64:73:65:74:3e:3c:2f:64:69:76:3e:0d:0a:3c:2f:64:69:76:3e:0d:0a:3c:2f:62:6f:64:79:3e:0d:0a:3c:2f:68:74:6d:6c:3e:0d:0a" - }, - "http": { - "HTTP\/1.1 401 Unauthorized\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 401 Unauthorized\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "401", - "http.response.phrase": "Unauthorized" - }, - "http.cache_control": "private", - "http.response.line": "Cache-Control: private\r\n", - "http.content_type": "text\/html", - "http.response.line": "Content-Type: text\/html\r\n", - "http.server": "Microsoft-IIS\/7.5", - "http.response.line": "Server: Microsoft-IIS\/7.5\r\n", - "http.www_authenticate": "CBAuth Type=\"SSO\", RenewNonce=\"True\", Nonce=\"JsjtykNzRfC5INUIzRriLw==\"", - "http.response.line": "WWW-Authenticate: CBAuth Type=\"SSO\", RenewNonce=\"True\", Nonce=\"JsjtykNzRfC5INUIzRriLw==\"\r\n", - "http.response.line": "X-AspNet-Version: 4.0.30319\r\n", - "http.response.line": "X-Powered-By: ASP.NET\r\n", - "http.date": "Tue, 31 Oct 2017 23:48:51 GMT", - "http.response.line": "Date: Tue, 31 Oct 2017 23:48:51 GMT\r\n", - "http.connection": "close", - "http.response.line": "Connection: close\r\n", - "http.content_length_header": "1293", - "http.content_length_header_tree": { - "http.content_length": "1293" - }, - "http.response.line": "Content-Length: 1293\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.138815000", - "http.request_in": "289", - "http.file_data": "\r\n\r\n\r\n\r\n401 - Unauthorized: Access is denied due to invalid credentials.<\/title>\r\n<style type=\"text\/css\">\r\n<!--\r\nbody{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}\r\nfieldset{padding:0 15px 10px 15px;} \r\nh1{font-size:2.4em;margin:0;color:#FFF;}\r\nh2{font-size:1.7em;margin:0;color:#CC0000;} \r\nh3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} \r\n#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:\"trebuchet MS\", Verdana, sans-serif;color:#FFF;\r\nbackground-color:#555555;}\r\n#content{margin:0 0 0 2%;position:relative;}\r\n.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}\r\n-->\r\n<\/style>\r\n<\/head>\r\n<body>\r\n<div id=\"header\"><h1>Server Error<\/h1><\/div>\r\n<div id=\"content\">\r\n <div class=\"content-container\"><fieldset>\r\n <h2>401 - Unauthorized: Access is denied due to invalid credentials.<\/h2>\r\n <h3>You do not have permission to view this directory or page using the credentials that you supplied.<\/h3>\r\n <\/fieldset><\/div>\r\n<\/div>\r\n<\/body>\r\n<\/html>\r\n" - }, - "data-text-lines": { - "<!DOCTYPE html PUBLIC \"-\/\/W3C\/\/DTD XHTML 1.0 Strict\/\/EN\" \"http:\/\/www.w3.org\/TR\/xhtml1\/DTD\/xhtml1-strict.dtd\">\\r\\n": "", - "<html xmlns=\"http:\/\/www.w3.org\/1999\/xhtml\">\\r\\n": "", - "<head>\\r\\n": "", - "<meta http-equiv=\"Content-Type\" content=\"text\/html; charset=iso-8859-1\"\/>\\r\\n": "", - "<title>401 - Unauthorized: Access is denied due to invalid credentials.<\/title>\\r\\n": "", - "<style type=\"text\/css\">\\r\\n": "", - "<!--\\r\\n": "", - "body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}\\r\\n": "", - "fieldset{padding:0 15px 10px 15px;} \\r\\n": "", - "h1{font-size:2.4em;margin:0;color:#FFF;}\\r\\n": "", - "h2{font-size:1.7em;margin:0;color:#CC0000;} \\r\\n": "", - "h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} \\r\\n": "", - "#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:\"trebuchet MS\", Verdana, sans-serif;color:#FFF;\\r\\n": "", - "background-color:#555555;}\\r\\n": "", - "#content{margin:0 0 0 2%;position:relative;}\\r\\n": "", - ".content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}\\r\\n": "", - "-->\\r\\n": "", - "<\/style>\\r\\n": "", - "<\/head>\\r\\n": "", - "<body>\\r\\n": "", - "<div id=\"header\"><h1>Server Error<\/h1><\/div>\\r\\n": "", - "<div id=\"content\">\\r\\n": "", - " <div class=\"content-container\"><fieldset>\\r\\n": "", - " <h2>401 - Unauthorized: Access is denied due to invalid credentials.<\/h2>\\r\\n": "", - " <h3>You do not have permission to view this directory or page using the credentials that you supplied.<\/h3>\\r\\n": "", - " <\/fieldset><\/div>\\r\\n": "", - "<\/div>\\r\\n": "", - "<\/body>\\r\\n": "", - "<\/html>\\r\\n": "" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:51.521259000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493731.521259000", - "frame.time_delta": "0.000077000", - "frame.time_delta_displayed": "0.000077000", - "frame.time_relative": "140.060573000", - "frame.number": "294", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00004519", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x000045c2", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35286", - "tcp.port": "80", - "tcp.port": "35286", - "tcp.stream": "10", - "tcp.len": "0", - "tcp.seq": "1620", - "tcp.ack": "1849", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x000097c3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:51.521698000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493731.521698000", - "frame.time_delta": "0.000439000", - "frame.time_delta_displayed": "0.000439000", - "frame.time_relative": "140.061012000", - "frame.number": "295", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005d7b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d860", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35286", - "tcp.dstport": "80", - "tcp.port": "35286", - "tcp.port": "80", - "tcp.stream": "10", - "tcp.len": "0", - "tcp.seq": "1849", - "tcp.ack": "1381", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "31740", - "tcp.window_size": "31740", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000341b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "291", - "tcp.analysis.ack_rtt": "0.000618000", - "tcp.analysis.initial_rtt": "0.136049000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:51.521711000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493731.521711000", - "frame.time_delta": "0.000013000", - "frame.time_delta_displayed": "0.000013000", - "frame.time_relative": "140.061025000", - "frame.number": "296", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005d7c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d85f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35286", - "tcp.dstport": "80", - "tcp.port": "35286", - "tcp.port": "80", - "tcp.stream": "10", - "tcp.len": "0", - "tcp.seq": "1849", - "tcp.ack": "1461", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "31740", - "tcp.window_size": "31740", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x000033cb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "292", - "tcp.analysis.ack_rtt": "0.000605000", - "tcp.analysis.initial_rtt": "0.136049000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:51.521720000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493731.521720000", - "frame.time_delta": "0.000009000", - "frame.time_delta_displayed": "0.000009000", - "frame.time_relative": "140.061034000", - "frame.number": "297", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005d7d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d85e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35286", - "tcp.dstport": "80", - "tcp.port": "35286", - "tcp.port": "80", - "tcp.stream": "10", - "tcp.len": "0", - "tcp.seq": "1849", - "tcp.ack": "1620", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "31740", - "tcp.window_size": "31740", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000332c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "293", - "tcp.analysis.ack_rtt": "0.000538000", - "tcp.analysis.initial_rtt": "0.136049000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:51.522082000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493731.522082000", - "frame.time_delta": "0.000362000", - "frame.time_delta_displayed": "0.000362000", - "frame.time_relative": "140.061396000", - "frame.number": "298", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005d7e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d85d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35286", - "tcp.dstport": "80", - "tcp.port": "35286", - "tcp.port": "80", - "tcp.stream": "10", - "tcp.len": "0", - "tcp.seq": "1849", - "tcp.ack": "1621", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "31740", - "tcp.window_size": "31740", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000332a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "294", - "tcp.analysis.ack_rtt": "0.000823000", - "tcp.analysis.initial_rtt": "0.136049000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:51.522980000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493731.522980000", - "frame.time_delta": "0.000898000", - "frame.time_delta_displayed": "0.000898000", - "frame.time_relative": "140.062294000", - "frame.number": "299", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x000082ce", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000035ec", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "43891", - "udp.dstport": "53", - "udp.port": "43891", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x00000ac0", - "udp.checksum.status": "2", - "udp.stream": "21" - }, - "dns": { - "dns.id": "0x00000f0a", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:51.523566000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493731.523566000", - "frame.time_delta": "0.000586000", - "frame.time_delta_displayed": "0.000586000", - "frame.time_relative": "140.062880000", - "frame.number": "300", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x000075b9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00004301", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "43891", - "udp.port": "53", - "udp.port": "43891", - "udp.length": "45", - "udp.checksum": "0x00008230", - "udp.checksum.status": "2", - "udp.stream": "21" - }, - "dns": { - "dns.response_to": "299", - "dns.time": "0.000586000", - "dns.id": "0x00000f0a", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:51.524360000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493731.524360000", - "frame.time_delta": "0.000794000", - "frame.time_delta_displayed": "0.000794000", - "frame.time_relative": "140.063674000", - "frame.number": "301", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x000082cf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000035eb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "59246", - "udp.dstport": "53", - "udp.port": "59246", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x0000e9c3", - "udp.checksum.status": "2", - "udp.stream": "22" - }, - "dns": { - "dns.id": "0x00000f0b", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:51.524893000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493731.524893000", - "frame.time_delta": "0.000533000", - "frame.time_delta_displayed": "0.000533000", - "frame.time_relative": "140.064207000", - "frame.number": "302", - "frame.len": "95", - "frame.cap_len": "95", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "81", - "ip.id": "0x000075ba", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000042f0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "59246", - "udp.port": "53", - "udp.port": "59246", - "udp.length": "61", - "udp.checksum": "0x00008240", - "udp.checksum.status": "2", - "udp.stream": "22" - }, - "dns": { - "dns.response_to": "301", - "dns.time": "0.000533000", - "dns.id": "0x00000f0b", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "1", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { - "dns.resp.name": "dcp.cpp.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "46", - "dns.resp.len": "4", - "dns.a": "5.79.62.93" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:51.526070000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493731.526070000", - "frame.time_delta": "0.001177000", - "frame.time_delta_displayed": "0.001177000", - "frame.time_relative": "140.065384000", - "frame.number": "303", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x000052d4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e2fb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35287", - "tcp.dstport": "80", - "tcp.port": "35287", - "tcp.port": "80", - "tcp.stream": "11", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00000c3b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:51.657135000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493731.657135000", - "frame.time_delta": "0.131065000", - "frame.time_delta_displayed": "0.131065000", - "frame.time_relative": "140.196449000", - "frame.number": "304", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00007ef0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x00000beb", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35286", - "tcp.port": "80", - "tcp.port": "35286", - "tcp.stream": "10", - "tcp.len": "0", - "tcp.seq": "1621", - "tcp.ack": "1850", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x000097c2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "298", - "tcp.analysis.ack_rtt": "0.135053000", - "tcp.analysis.initial_rtt": "0.136049000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:51.662655000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493731.662655000", - "frame.time_delta": "0.005520000", - "frame.time_delta_displayed": "0.005520000", - "frame.time_relative": "140.201969000", - "frame.number": "305", - "frame.len": "62", - "frame.cap_len": "62", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "48", - "ip.id": "0x0000efa1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x00009b31", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35287", - "tcp.port": "80", - "tcp.port": "35287", - "tcp.stream": "11", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "28", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "4140", - "tcp.window_size": "4140", - "tcp.checksum": "0x0000fc37", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:64:04:02:00:00", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1380" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "End of Option List (EOL)": { - "tcp.options.type": "0", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "0" - } - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "303", - "tcp.analysis.ack_rtt": "0.136585000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:51.663154000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493731.663154000", - "frame.time_delta": "0.000499000", - "frame.time_delta_displayed": "0.000499000", - "frame.time_relative": "140.202468000", - "frame.number": "306", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000052d5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e306", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35287", - "tcp.dstport": "80", - "tcp.port": "35287", - "tcp.port": "80", - "tcp.stream": "11", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000c5c6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "305", - "tcp.analysis.ack_rtt": "0.000499000", - "tcp.analysis.initial_rtt": "0.137084000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:51.663439000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493731.663439000", - "frame.time_delta": "0.000285000", - "frame.time_delta_displayed": "0.000285000", - "frame.time_relative": "140.202753000", - "frame.number": "307", - "frame.len": "654", - "frame.cap_len": "654", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "640", - "ip.id": "0x000052d6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e0ad", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35287", - "tcp.dstport": "80", - "tcp.port": "35287", - "tcp.port": "80", - "tcp.stream": "11", - "tcp.len": "600", - "tcp.seq": "1", - "tcp.nxtseq": "601", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00006049", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.137084000", - "tcp.analysis.bytes_in_flight": "600", - "tcp.analysis.push_bytes_sent": "600" - }, - "tcp.segment_data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:37:37:22:2c:20:4e:6f:6e:63:65:3d:22:4a:73:6a:74:79:6b:4e:7a:52:66:43:35:49:4e:55:49:7a:52:72:69:4c:77:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:41:2b:43:42:52:42:49:44:33:2f:54:5a:71:66:46:55:78:4d:67:70:67:77:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:51.800484000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493731.800484000", - "frame.time_delta": "0.137045000", - "frame.time_delta_displayed": "0.137045000", - "frame.time_relative": "140.339798000", - "frame.number": "308", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002ce8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x00005df3", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35287", - "tcp.port": "80", - "tcp.port": "35287", - "tcp.stream": "11", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "601", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4740", - "tcp.window_size": "4740", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x000022fb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "307", - "tcp.analysis.ack_rtt": "0.137045000", - "tcp.analysis.initial_rtt": "0.137084000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:51.801113000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493731.801113000", - "frame.time_delta": "0.000629000", - "frame.time_delta_displayed": "0.000629000", - "frame.time_relative": "140.340427000", - "frame.number": "309", - "frame.len": "1302", - "frame.cap_len": "1302", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:media" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1288", - "ip.id": "0x000052d7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000de24", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35287", - "tcp.dstport": "80", - "tcp.port": "35287", - "tcp.port": "80", - "tcp.stream": "11", - "tcp.len": "1248", - "tcp.seq": "601", - "tcp.nxtseq": "1849", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000b40d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.137084000", - "tcp.analysis.bytes_in_flight": "1248", - "tcp.analysis.push_bytes_sent": "1248" - }, - "tcp.segment_data": "2a:6d:fc:a6:7e:49:84:19:5e:c3:71:da:3f:36:c2:60:92:e9:cf:c0:d3:7f:32:a9:c8:2d:3c:1b:07:d7:6c:ec:c0:f6:ed:b2:9f:12:e1:99:c1:ed:8e:e5:1c:27:82:53:48:a6:7a:fe:99:da:da:f3:18:fd:9b:bb:f4:35:94:36:e6:7e:31:ce:15:c1:7a:47:83:ec:87:42:27:4e:ea:80:80:20:4b:b3:24:c6:0b:66:74:15:07:03:42:c6:bd:da:31:b7:2b:3e:dd:fa:8c:f0:57:3b:5f:17:bc:44:a0:70:81:48:34:1f:78:57:68:40:f9:40:be:4a:5f:30:71:89:10:95:f4:98:94:95:0d:3e:77:28:bd:d7:47:c4:04:2b:18:3c:83:29:44:30:f6:09:85:7e:40:b9:96:9b:18:44:58:02:f1:9a:36:c8:30:cf:41:08:6c:52:10:4c:26:8c:72:12:cd:12:24:64:a9:80:5d:0c:08:4d:a1:7d:fc:16:2c:95:14:dd:76:9f:b8:2f:79:73:a9:c3:ad:57:4e:40:e9:95:6e:21:7a:d8:0e:95:71:5e:69:b3:4e:5e:87:03:2d:5e:58:90:e0:e5:8b:a6:02:cd:c6:e0:cc:a2:8a:ab:ce:70:c9:05:8b:d5:d3:a1:22:e2:0e:ce:45:da:b9:24:35:d2:84:8f:a6:40:5f:98:7c:57:9b:0c:7f:6f:78:6a:27:13:9c:60:23:fc:35:a6:de:86:f4:2a:48:25:49:18:fa:dd:f0:1b:01:cd:21:31:84:45:73:9d:46:39:fe:54:b1:51:ce:dc:7d:a0:fb:cf:33:da:ad:1e:bf:9a:f6:43:5a:d3:cb:df:26:c8:e5:5c:c7:de:c3:3f:51:3e:ae:19:d9:cf:2f:18:e2:e4:39:d8:78:83:c1:8c:1b:46:e6:9c:bc:fa:ef:8f:8d:2c:7f:b6:f3:d3:ce:14:91:44:a8:b6:d2:0c:2b:55:1b:57:f2:e2:5d:d2:0c:e0:b4:2a:d9:7a:88:54:5a:e6:68:32:7d:d6:c8:e4:9c:7e:8e:4d:ae:0c:22:91:55:2d:11:ff:31:c9:66:e4:1c:9e:94:9d:65:c5:30:d1:26:f1:64:67:34:50:64:47:9c:29:ef:16:bf:4b:9a:eb:c8:15:40:43:39:34:06:57:12:b8:b0:96:b1:1f:e6:9a:e3:0a:e7:b7:61:2f:58:a5:39:e6:35:bf:d7:78:31:e2:d8:59:40:bf:00:80:e3:de:57:3d:40:7b:57:ac:63:e3:68:c1:23:c6:6c:47:5e:ce:d7:15:c6:c2:5b:41:91:c6:a8:a7:c9:46:5f:2a:b8:c9:c3:0f:52:e9:3b:f5:30:a7:b3:b1:bd:c8:dd:97:02:6f:3c:ef:af:b7:45:b7:2a:e5:97:f7:8b:3b:77:b9:9e:b8:21:16:6e:e9:0e:0f:44:8a:fa:aa:7a:63:4c:6c:ea:47:2f:06:33:09:8a:df:26:c2:47:56:72:43:4b:5c:2b:b4:3d:c3:98:46:d8:2a:7f:53:d9:bc:ed:94:74:00:5a:a8:9b:7e:d0:68:52:c2:a5:04:e7:6b:ab:4b:b0:bd:1c:43:d9:87:43:bb:ee:2b:16:e3:5f:84:4a:b5:97:2e:a3:6f:7a:ae:8e:e1:36:b6:54:00:12:5f:b2:c0:60:c4:d2:24:81:36:47:63:0e:18:bf:61:f4:c9:b8:ab:fb:dd:20:fa:31:ba:69:3f:03:7d:cb:54:01:33:7d:6c:e7:fb:c3:44:99:4e:1d:e7:25:38:00:18:84:43:5b:51:92:ea:b6:3a:09:6d:e5:4b:57:5e:dd:5c:94:a3:22:d0:61:43:d8:d9:2e:1e:b3:b8:d5:24:fd:96:83:ef:80:bf:90:7e:40:97:92:40:c0:17:45:d6:c0:75:8e:9c:0d:9c:80:db:bd:d8:15:39:1b:53:a4:5b:65:6e:4f:18:ae:73:ce:d0:4d:40:b0:70:d6:b2:ba:5c:75:9a:2d:1f:b0:fa:d2:c6:34:97:fd:18:2e:aa:b3:69:10:a9:63:c3:46:38:e5:ea:85:d9:01:e7:ef:87:2c:5f:57:e6:49:23:3c:bb:4e:5c:9f:37:02:1f:6f:db:11:95:4d:21:53:21:f2:88:f1:ff:b7:3d:ca:ea:52:f9:65:e1:c9:26:4a:30:19:86:f6:77:50:2a:f0:a8:f4:86:21:c7:e3:32:07:57:92:84:30:db:3b:37:2f:7f:a6:fe:3d:56:75:aa:04:35:b0:9f:3e:9b:fe:c0:2c:4a:4e:de:0d:f2:91:be:c8:38:9a:fa:bc:05:62:46:ca:e3:22:61:04:04:b7:01:44:6f:51:9d:e9:32:56:d3:a2:38:54:78:31:a3:35:84:f8:ab:09:69:17:a8:49:f7:bf:04:8b:ef:f3:0d:c0:04:5e:31:5b:dc:ac:8e:e6:b9:3a:79:03:2a:f6:a3:0d:80:44:da:72:b4:0e:4b:dd:fd:38:d1:12:18:46:e0:b7:22:f5:f4:ba:5f:95:7f:f5:00:73:c0:23:13:9f:3f:6f:7b:ab:42:b0:31:fc:b2:82:fe:a4:18:72:0d:fb:61:dc:6e:1b:ae:7e:b5:f4:e9:de:e5:a7:95:90:d3:80:b6:8c:4d:b8:29:b6:0e:be:dd:fd:5e:70:c3:1f:1b:9a:74:bc:d2:d8:73:ab:87:08:0c:ec:d5:49:ae:aa:a2:39:10:75:22:67:d9:55:ad:6f:2f:28:8c:80:33:52:19:39:09:08:9b:17:11:3d:a9:b9:e6:8d:28:7a:20:33:87:80:73:22:f0:aa:43:78:78:fc:fb:57:ab:49:0c:1d:09:26:61:9e:ae:04:c6:17:8d:05:8f:1a:7d:28:d6:51:91:6e:26:9b:d0:57:c6:bc:5f:23:78:44:6a:05:16:64:eb:cb:0a:be:a7:09:1c:15:7c:5b:fb:97:21:be:b2:1e:24:85:24:cc:f1:b3:bf:31:ee:85:83:0d:22:6c:47:6f:ec:76:5a:25:3a:c4:fa:f2:59:ff:ff:64:15:4b:86:43:3a:9a:62:bf:78:a1:a9:53:0c:13:9a:1e:fa:7f:9b:17:82:82:cb:b1:1a:e2:7b:43:95:af:5c:2a:d5:d5:ca:84:73:92:94:6f:a9:cf:4f:b5:1a:ba:47:64:7c:c3:94:df:c7:5a:d2:be:1e:bf:f0:d5:3c:82:b0:4a:09:b4:02:35:ee:3c:a1:2f:fc:53:1b:fe:2f:26:98:80:b8:1e:be:fd:8c:b4:ed:69:42:bd:c5:bc:59:63:f7:f2:47:6d:32:62:c9:10:12" - }, - "tcp.segments": { - "tcp.segment": "307", - "tcp.segment": "309", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1848", - "tcp.reassembled.data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:37:37:22:2c:20:4e:6f:6e:63:65:3d:22:4a:73:6a:74:79:6b:4e:7a:52:66:43:35:49:4e:55:49:7a:52:72:69:4c:77:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:41:2b:43:42:52:42:49:44:33:2f:54:5a:71:66:46:55:78:4d:67:70:67:77:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a:2a:6d:fc:a6:7e:49:84:19:5e:c3:71:da:3f:36:c2:60:92:e9:cf:c0:d3:7f:32:a9:c8:2d:3c:1b:07:d7:6c:ec:c0:f6:ed:b2:9f:12:e1:99:c1:ed:8e:e5:1c:27:82:53:48:a6:7a:fe:99:da:da:f3:18:fd:9b:bb:f4:35:94:36:e6:7e:31:ce:15:c1:7a:47:83:ec:87:42:27:4e:ea:80:80:20:4b:b3:24:c6:0b:66:74:15:07:03:42:c6:bd:da:31:b7:2b:3e:dd:fa:8c:f0:57:3b:5f:17:bc:44:a0:70:81:48:34:1f:78:57:68:40:f9:40:be:4a:5f:30:71:89:10:95:f4:98:94:95:0d:3e:77:28:bd:d7:47:c4:04:2b:18:3c:83:29:44:30:f6:09:85:7e:40:b9:96:9b:18:44:58:02:f1:9a:36:c8:30:cf:41:08:6c:52:10:4c:26:8c:72:12:cd:12:24:64:a9:80:5d:0c:08:4d:a1:7d:fc:16:2c:95:14:dd:76:9f:b8:2f:79:73:a9:c3:ad:57:4e:40:e9:95:6e:21:7a:d8:0e:95:71:5e:69:b3:4e:5e:87:03:2d:5e:58:90:e0:e5:8b:a6:02:cd:c6:e0:cc:a2:8a:ab:ce:70:c9:05:8b:d5:d3:a1:22:e2:0e:ce:45:da:b9:24:35:d2:84:8f:a6:40:5f:98:7c:57:9b:0c:7f:6f:78:6a:27:13:9c:60:23:fc:35:a6:de:86:f4:2a:48:25:49:18:fa:dd:f0:1b:01:cd:21:31:84:45:73:9d:46:39:fe:54:b1:51:ce:dc:7d:a0:fb:cf:33:da:ad:1e:bf:9a:f6:43:5a:d3:cb:df:26:c8:e5:5c:c7:de:c3:3f:51:3e:ae:19:d9:cf:2f:18:e2:e4:39:d8:78:83:c1:8c:1b:46:e6:9c:bc:fa:ef:8f:8d:2c:7f:b6:f3:d3:ce:14:91:44:a8:b6:d2:0c:2b:55:1b:57:f2:e2:5d:d2:0c:e0:b4:2a:d9:7a:88:54:5a:e6:68:32:7d:d6:c8:e4:9c:7e:8e:4d:ae:0c:22:91:55:2d:11:ff:31:c9:66:e4:1c:9e:94:9d:65:c5:30:d1:26:f1:64:67:34:50:64:47:9c:29:ef:16:bf:4b:9a:eb:c8:15:40:43:39:34:06:57:12:b8:b0:96:b1:1f:e6:9a:e3:0a:e7:b7:61:2f:58:a5:39:e6:35:bf:d7:78:31:e2:d8:59:40:bf:00:80:e3:de:57:3d:40:7b:57:ac:63:e3:68:c1:23:c6:6c:47:5e:ce:d7:15:c6:c2:5b:41:91:c6:a8:a7:c9:46:5f:2a:b8:c9:c3:0f:52:e9:3b:f5:30:a7:b3:b1:bd:c8:dd:97:02:6f:3c:ef:af:b7:45:b7:2a:e5:97:f7:8b:3b:77:b9:9e:b8:21:16:6e:e9:0e:0f:44:8a:fa:aa:7a:63:4c:6c:ea:47:2f:06:33:09:8a:df:26:c2:47:56:72:43:4b:5c:2b:b4:3d:c3:98:46:d8:2a:7f:53:d9:bc:ed:94:74:00:5a:a8:9b:7e:d0:68:52:c2:a5:04:e7:6b:ab:4b:b0:bd:1c:43:d9:87:43:bb:ee:2b:16:e3:5f:84:4a:b5:97:2e:a3:6f:7a:ae:8e:e1:36:b6:54:00:12:5f:b2:c0:60:c4:d2:24:81:36:47:63:0e:18:bf:61:f4:c9:b8:ab:fb:dd:20:fa:31:ba:69:3f:03:7d:cb:54:01:33:7d:6c:e7:fb:c3:44:99:4e:1d:e7:25:38:00:18:84:43:5b:51:92:ea:b6:3a:09:6d:e5:4b:57:5e:dd:5c:94:a3:22:d0:61:43:d8:d9:2e:1e:b3:b8:d5:24:fd:96:83:ef:80:bf:90:7e:40:97:92:40:c0:17:45:d6:c0:75:8e:9c:0d:9c:80:db:bd:d8:15:39:1b:53:a4:5b:65:6e:4f:18:ae:73:ce:d0:4d:40:b0:70:d6:b2:ba:5c:75:9a:2d:1f:b0:fa:d2:c6:34:97:fd:18:2e:aa:b3:69:10:a9:63:c3:46:38:e5:ea:85:d9:01:e7:ef:87:2c:5f:57:e6:49:23:3c:bb:4e:5c:9f:37:02:1f:6f:db:11:95:4d:21:53:21:f2:88:f1:ff:b7:3d:ca:ea:52:f9:65:e1:c9:26:4a:30:19:86:f6:77:50:2a:f0:a8:f4:86:21:c7:e3:32:07:57:92:84:30:db:3b:37:2f:7f:a6:fe:3d:56:75:aa:04:35:b0:9f:3e:9b:fe:c0:2c:4a:4e:de:0d:f2:91:be:c8:38:9a:fa:bc:05:62:46:ca:e3:22:61:04:04:b7:01:44:6f:51:9d:e9:32:56:d3:a2:38:54:78:31:a3:35:84:f8:ab:09:69:17:a8:49:f7:bf:04:8b:ef:f3:0d:c0:04:5e:31:5b:dc:ac:8e:e6:b9:3a:79:03:2a:f6:a3:0d:80:44:da:72:b4:0e:4b:dd:fd:38:d1:12:18:46:e0:b7:22:f5:f4:ba:5f:95:7f:f5:00:73:c0:23:13:9f:3f:6f:7b:ab:42:b0:31:fc:b2:82:fe:a4:18:72:0d:fb:61:dc:6e:1b:ae:7e:b5:f4:e9:de:e5:a7:95:90:d3:80:b6:8c:4d:b8:29:b6:0e:be:dd:fd:5e:70:c3:1f:1b:9a:74:bc:d2:d8:73:ab:87:08:0c:ec:d5:49:ae:aa:a2:39:10:75:22:67:d9:55:ad:6f:2f:28:8c:80:33:52:19:39:09:08:9b:17:11:3d:a9:b9:e6:8d:28:7a:20:33:87:80:73:22:f0:aa:43:78:78:fc:fb:57:ab:49:0c:1d:09:26:61:9e:ae:04:c6:17:8d:05:8f:1a:7d:28:d6:51:91:6e:26:9b:d0:57:c6:bc:5f:23:78:44:6a:05:16:64:eb:cb:0a:be:a7:09:1c:15:7c:5b:fb:97:21:be:b2:1e:24:85:24:cc:f1:b3:bf:31:ee:85:83:0d:22:6c:47:6f:ec:76:5a:25:3a:c4:fa:f2:59:ff:ff:64:15:4b:86:43:3a:9a:62:bf:78:a1:a9:53:0c:13:9a:1e:fa:7f:9b:17:82:82:cb:b1:1a:e2:7b:43:95:af:5c:2a:d5:d5:ca:84:73:92:94:6f:a9:cf:4f:b5:1a:ba:47:64:7c:c3:94:df:c7:5a:d2:be:1e:bf:f0:d5:3c:82:b0:4a:09:b4:02:35:ee:3c:a1:2f:fc:53:1b:fe:2f:26:98:80:b8:1e:be:fd:8c:b4:ed:69:42:bd:c5:bc:59:63:f7:f2:47:6d:32:62:c9:10:12" - }, - "http": { - "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "POST", - "http.request.uri": "\/DcpRequestHandler\/index.ashx", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "dcp.cpp.philips.com:80", - "http.request.line": "Host: dcp.cpp.philips.com:80\r\n", - "http.authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"177\", Nonce=\"JsjtykNzRfC5INUIzRriLw==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"A+CBRBID3\/TZqfFUxMgpgw==\"", - "http.request.line": "Authorization: CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"177\", Nonce=\"JsjtykNzRfC5INUIzRriLw==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"A+CBRBID3\/TZqfFUxMgpgw==\"\r\n", - "http.content_length_header": "1248 ", - "http.content_length_header_tree": { - "http.content_length": "1248" - }, - "http.request.line": "Content-Length: 1248 \r\n", - "http.content_type": "application\/CB-Encrypted; cipher=AES", - "http.request.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", - "http.connection": "close", - "http.request.line": "Connection: close\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/dcp.cpp.philips.com:80\/DcpRequestHandler\/index.ashx", - "http.request": "1", - "http.request_number": "1", - "http.file_data": "*m\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd~I\u00ef\u00bf\u00bd\u0019^\u00ef\u00bf\u00bdq\u00ef\u00bf\u00bd?6\u00ef\u00bf\u00bd`\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u007f2\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd-<\u001b\u0007\u00ef\u00bf\u00bdl\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0012\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001c'\u00ef\u00bf\u00bdSH\u00ef\u00bf\u00bdz\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0018\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd5\u00ef\u00bf\u00bd6\u00ef\u00bf\u00bd~1\u00ef\u00bf\u00bd\u0015\u00ef\u00bf\u00bdzG\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdB'N\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd K\u00ef\u00bf\u00bd$\u00ef\u00bf\u00bd\u000bft\u0015\u0007\u0003B\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd1\u00ef\u00bf\u00bd+>\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdW;_\u0017\u00ef\u00bf\u00bdD\u00ef\u00bf\u00bdp\u00ef\u00bf\u00bdH4\u001fxWh@\u00ef\u00bf\u00bd@\u00ef\u00bf\u00bdJ_0q\u00ef\u00bf\u00bd\u0010\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\r>w(\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdG\u00ef\u00bf\u00bd\u0004+\u0018<\u00ef\u00bf\u00bd)D0\u00ef\u00bf\u00bd\t\u00ef\u00bf\u00bd~@\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0018DX\u0002\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd6\u00ef\u00bf\u00bd0\u00ef\u00bf\u00bdA\blR\u0010L&\u00ef\u00bf\u00bdr\u0012\u00ef\u00bf\u00bd\u0012$d\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd]\f\bM\u00ef\u00bf\u00bd}\u00ef\u00bf\u00bd\u0016,\u00ef\u00bf\u00bd\u0014\u00ef\u00bf\u00bdv\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\/ys\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdWN@\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdn!z\u00ef\u00bf\u00bd\u000e\u00ef\u00bf\u00bdq^i\u00ef\u00bf\u00bdN^\u00ef\u00bf\u00bd\u0003-^X\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0002\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdp\u00ef\u00bf\u00bd\u0005\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\"\u00ef\u00bf\u00bd\u000e\u00ef\u00bf\u00bdE\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd$5\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd@_\u00ef\u00bf\u00bd|W\u00ef\u00bf\u00bd\f\u007foxj'\u0013\u00ef\u00bf\u00bd`#\u00ef\u00bf\u00bd5\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd*H%I\u0018\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001b\u0001\u00ef\u00bf\u00bd!1\u00ef\u00bf\u00bdEs\u00ef\u00bf\u00bdF9\u00ef\u00bf\u00bdT\u00ef\u00bf\u00bdQ\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd}\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd3\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001e\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdCZ\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd&\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\\\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd?Q>\u00ef\u00bf\u00bd\u0019\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\/\u0018\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd9\u00ef\u00bf\u00bdx\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001bF\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd,\u007f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0014\u00ef\u00bf\u00bdD\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\f+U\u001bW\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd]\u00ef\u00bf\u00bd\f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd*\u00ef\u00bf\u00bdz\u00ef\u00bf\u00bdTZ\u00ef\u00bf\u00bdh2}\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd~\u00ef\u00bf\u00bdM\u00ef\u00bf\u00bd\f\"\u00ef\u00bf\u00bdU-\u0011\u00ef\u00bf\u00bd1\u00ef\u00bf\u00bdf\u00ef\u00bf\u00bd\u001c\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bde\u00ef\u00bf\u00bd0\u00ef\u00bf\u00bd&\u00ef\u00bf\u00bddg4PdG\u00ef\u00bf\u00bd)\u00ef\u00bf\u00bd\u0016\u00ef\u00bf\u00bdK\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0015@C94\u0006W\u0012\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\n\u00ef\u00bf\u00bd\u00ef\u00bf\u00bda\/X\u00ef\u00bf\u00bd9\u00ef\u00bf\u00bd5\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdx1\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdY@\u00ef\u00bf\u00bd" - }, - "media": { - "media.type": "2a:6d:fc:a6:7e:49:84:19:5e:c3:71:da:3f:36:c2:60:92:e9:cf:c0:d3:7f:32:a9:c8:2d:3c:1b:07:d7:6c:ec:c0:f6:ed:b2:9f:12:e1:99:c1:ed:8e:e5:1c:27:82:53:48:a6:7a:fe:99:da:da:f3:18:fd:9b:bb:f4:35:94:36:e6:7e:31:ce:15:c1:7a:47:83:ec:87:42:27:4e:ea:80:80:20:4b:b3:24:c6:0b:66:74:15:07:03:42:c6:bd:da:31:b7:2b:3e:dd:fa:8c:f0:57:3b:5f:17:bc:44:a0:70:81:48:34:1f:78:57:68:40:f9:40:be:4a:5f:30:71:89:10:95:f4:98:94:95:0d:3e:77:28:bd:d7:47:c4:04:2b:18:3c:83:29:44:30:f6:09:85:7e:40:b9:96:9b:18:44:58:02:f1:9a:36:c8:30:cf:41:08:6c:52:10:4c:26:8c:72:12:cd:12:24:64:a9:80:5d:0c:08:4d:a1:7d:fc:16:2c:95:14:dd:76:9f:b8:2f:79:73:a9:c3:ad:57:4e:40:e9:95:6e:21:7a:d8:0e:95:71:5e:69:b3:4e:5e:87:03:2d:5e:58:90:e0:e5:8b:a6:02:cd:c6:e0:cc:a2:8a:ab:ce:70:c9:05:8b:d5:d3:a1:22:e2:0e:ce:45:da:b9:24:35:d2:84:8f:a6:40:5f:98:7c:57:9b:0c:7f:6f:78:6a:27:13:9c:60:23:fc:35:a6:de:86:f4:2a:48:25:49:18:fa:dd:f0:1b:01:cd:21:31:84:45:73:9d:46:39:fe:54:b1:51:ce:dc:7d:a0:fb:cf:33:da:ad:1e:bf:9a:f6:43:5a:d3:cb:df:26:c8:e5:5c:c7:de:c3:3f:51:3e:ae:19:d9:cf:2f:18:e2:e4:39:d8:78:83:c1:8c:1b:46:e6:9c:bc:fa:ef:8f:8d:2c:7f:b6:f3:d3:ce:14:91:44:a8:b6:d2:0c:2b:55:1b:57:f2:e2:5d:d2:0c:e0:b4:2a:d9:7a:88:54:5a:e6:68:32:7d:d6:c8:e4:9c:7e:8e:4d:ae:0c:22:91:55:2d:11:ff:31:c9:66:e4:1c:9e:94:9d:65:c5:30:d1:26:f1:64:67:34:50:64:47:9c:29:ef:16:bf:4b:9a:eb:c8:15:40:43:39:34:06:57:12:b8:b0:96:b1:1f:e6:9a:e3:0a:e7:b7:61:2f:58:a5:39:e6:35:bf:d7:78:31:e2:d8:59:40:bf:00:80:e3:de:57:3d:40:7b:57:ac:63:e3:68:c1:23:c6:6c:47:5e:ce:d7:15:c6:c2:5b:41:91:c6:a8:a7:c9:46:5f:2a:b8:c9:c3:0f:52:e9:3b:f5:30:a7:b3:b1:bd:c8:dd:97:02:6f:3c:ef:af:b7:45:b7:2a:e5:97:f7:8b:3b:77:b9:9e:b8:21:16:6e:e9:0e:0f:44:8a:fa:aa:7a:63:4c:6c:ea:47:2f:06:33:09:8a:df:26:c2:47:56:72:43:4b:5c:2b:b4:3d:c3:98:46:d8:2a:7f:53:d9:bc:ed:94:74:00:5a:a8:9b:7e:d0:68:52:c2:a5:04:e7:6b:ab:4b:b0:bd:1c:43:d9:87:43:bb:ee:2b:16:e3:5f:84:4a:b5:97:2e:a3:6f:7a:ae:8e:e1:36:b6:54:00:12:5f:b2:c0:60:c4:d2:24:81:36:47:63:0e:18:bf:61:f4:c9:b8:ab:fb:dd:20:fa:31:ba:69:3f:03:7d:cb:54:01:33:7d:6c:e7:fb:c3:44:99:4e:1d:e7:25:38:00:18:84:43:5b:51:92:ea:b6:3a:09:6d:e5:4b:57:5e:dd:5c:94:a3:22:d0:61:43:d8:d9:2e:1e:b3:b8:d5:24:fd:96:83:ef:80:bf:90:7e:40:97:92:40:c0:17:45:d6:c0:75:8e:9c:0d:9c:80:db:bd:d8:15:39:1b:53:a4:5b:65:6e:4f:18:ae:73:ce:d0:4d:40:b0:70:d6:b2:ba:5c:75:9a:2d:1f:b0:fa:d2:c6:34:97:fd:18:2e:aa:b3:69:10:a9:63:c3:46:38:e5:ea:85:d9:01:e7:ef:87:2c:5f:57:e6:49:23:3c:bb:4e:5c:9f:37:02:1f:6f:db:11:95:4d:21:53:21:f2:88:f1:ff:b7:3d:ca:ea:52:f9:65:e1:c9:26:4a:30:19:86:f6:77:50:2a:f0:a8:f4:86:21:c7:e3:32:07:57:92:84:30:db:3b:37:2f:7f:a6:fe:3d:56:75:aa:04:35:b0:9f:3e:9b:fe:c0:2c:4a:4e:de:0d:f2:91:be:c8:38:9a:fa:bc:05:62:46:ca:e3:22:61:04:04:b7:01:44:6f:51:9d:e9:32:56:d3:a2:38:54:78:31:a3:35:84:f8:ab:09:69:17:a8:49:f7:bf:04:8b:ef:f3:0d:c0:04:5e:31:5b:dc:ac:8e:e6:b9:3a:79:03:2a:f6:a3:0d:80:44:da:72:b4:0e:4b:dd:fd:38:d1:12:18:46:e0:b7:22:f5:f4:ba:5f:95:7f:f5:00:73:c0:23:13:9f:3f:6f:7b:ab:42:b0:31:fc:b2:82:fe:a4:18:72:0d:fb:61:dc:6e:1b:ae:7e:b5:f4:e9:de:e5:a7:95:90:d3:80:b6:8c:4d:b8:29:b6:0e:be:dd:fd:5e:70:c3:1f:1b:9a:74:bc:d2:d8:73:ab:87:08:0c:ec:d5:49:ae:aa:a2:39:10:75:22:67:d9:55:ad:6f:2f:28:8c:80:33:52:19:39:09:08:9b:17:11:3d:a9:b9:e6:8d:28:7a:20:33:87:80:73:22:f0:aa:43:78:78:fc:fb:57:ab:49:0c:1d:09:26:61:9e:ae:04:c6:17:8d:05:8f:1a:7d:28:d6:51:91:6e:26:9b:d0:57:c6:bc:5f:23:78:44:6a:05:16:64:eb:cb:0a:be:a7:09:1c:15:7c:5b:fb:97:21:be:b2:1e:24:85:24:cc:f1:b3:bf:31:ee:85:83:0d:22:6c:47:6f:ec:76:5a:25:3a:c4:fa:f2:59:ff:ff:64:15:4b:86:43:3a:9a:62:bf:78:a1:a9:53:0c:13:9a:1e:fa:7f:9b:17:82:82:cb:b1:1a:e2:7b:43:95:af:5c:2a:d5:d5:ca:84:73:92:94:6f:a9:cf:4f:b5:1a:ba:47:64:7c:c3:94:df:c7:5a:d2:be:1e:bf:f0:d5:3c:82:b0:4a:09:b4:02:35:ee:3c:a1:2f:fc:53:1b:fe:2f:26:98:80:b8:1e:be:fd:8c:b4:ed:69:42:bd:c5:bc:59:63:f7:f2:47:6d:32:62:c9:10:12" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:51.937967000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493731.937967000", - "frame.time_delta": "0.136854000", - "frame.time_delta_displayed": "0.136854000", - "frame.time_relative": "140.477281000", - "frame.number": "310", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00006dfb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x00001ce0", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35287", - "tcp.port": "80", - "tcp.port": "35287", - "tcp.stream": "11", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1849", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000193b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "309", - "tcp.analysis.ack_rtt": "0.136854000", - "tcp.analysis.initial_rtt": "0.137084000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:51.981196000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493731.981196000", - "frame.time_delta": "0.043229000", - "frame.time_delta_displayed": "0.043229000", - "frame.time_relative": "140.520510000", - "frame.number": "311", - "frame.len": "925", - "frame.cap_len": "925", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:media" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "911", - "ip.id": "0x000082c4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x000004b0", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35287", - "tcp.port": "80", - "tcp.port": "35287", - "tcp.stream": "11", - "tcp.len": "871", - "tcp.seq": "1", - "tcp.nxtseq": "872", - "tcp.ack": "1849", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00004f60", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.137084000", - "tcp.analysis.bytes_in_flight": "871", - "tcp.analysis.push_bytes_sent": "871" - } - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.cache_control": "private", - "http.response.line": "Cache-Control: private\r\n", - "http.content_length_header": "560", - "http.content_length_header_tree": { - "http.content_length": "560" - }, - "http.response.line": "Content-Length: 560\r\n", - "http.content_type": "application\/CB-Encrypted; cipher=AES", - "http.response.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", - "http.server": "Microsoft-IIS\/7.5", - "http.response.line": "Server: Microsoft-IIS\/7.5\r\n", - "http.www_authenticate": "CBAuth Nonce=\"k4+7poeHhvC5INUIIwONFg==\"", - "http.response.line": "WWW-Authenticate: CBAuth Nonce=\"k4+7poeHhvC5INUIIwONFg==\"\r\n", - "http.response.line": "X-AspNet-Version: 4.0.30319\r\n", - "http.response.line": "X-Powered-By: ASP.NET\r\n", - "http.date": "Tue, 31 Oct 2017 23:48:51 GMT", - "http.response.line": "Date: Tue, 31 Oct 2017 23:48:51 GMT\r\n", - "http.connection": "close", - "http.response.line": "Connection: close\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.180083000", - "http.request_in": "309", - "http.file_data": "*m\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd~I\u00ef\u00bf\u00bd\u0019^\u00ef\u00bf\u00bdq\u00ef\u00bf\u00bd?6\u00ef\u00bf\u00bd`\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u007f2\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd-<\u001b\u0007\u00ef\u00bf\u00bdl\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001d\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u000e\u00ef\u00bf\u00bd4AV\u001f\u00ef\u00bf\u00bd.('\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\/\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd}z\u0010m{\u00ef\u00bf\u00bd\u0001\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdv\u000eK\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd^NU\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdN\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd^\u00ef\u00bf\u00bd#\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd~\u00ef\u00bf\u00bd1n\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd<F\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd|i\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdF\u000f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdI\u00ef\u00bf\u00bd\u001d\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd0" - }, - "media": { - "media.type": "2a:6d:fc:a6:7e:49:84:19:5e:c3:71:da:3f:36:c2:60:92:e9:cf:c0:d3:7f:32:a9:c8:2d:3c:1b:07:d7:6c:ec:f6:da:1d:d7:b4:bb:d9:a5:0e:e4:34:41:56:1f:e1:2e:28:27:a4:b4:94:2f:fe:da:d4:a2:7d:7a:10:6d:7b:ef:01:a5:c2:a2:d0:ed:8f:76:0e:4b:85:d6:5e:4e:55:d7:85:be:e3:fe:4e:ef:f5:af:5e:96:23:a0:a7:7e:f7:31:6e:b8:d6:98:3c:46:e8:d6:da:7c:69:a0:96:46:0f:e4:a0:49:db:1d:8f:ee:30:00:9e:eb:e2:fc:9c:f6:ea:94:aa:00:cd:d9:4d:23:bb:51:08:bb:a3:d7:01:67:7f:15:01:78:0b:7d:5e:f7:18:eb:51:36:11:7f:69:8e:f5:3e:e8:46:3e:f6:2d:34:7b:b2:b3:16:3a:45:a1:63:71:d8:1e:fe:13:7e:16:7e:29:ff:f7:42:59:9d:5e:21:68:b4:3c:5b:d3:58:14:a4:3a:06:8a:62:12:ee:1e:c6:cd:0f:df:f0:a8:11:79:74:dc:bf:bf:43:87:66:fb:2c:01:c6:ce:89:28:be:b0:b8:3d:fb:e6:02:4d:05:e9:fb:0c:9a:7f:55:97:af:38:87:aa:40:eb:f1:cb:3a:3d:b9:48:58:57:55:1e:35:34:d0:84:b5:a4:58:df:3c:7f:23:b2:b6:94:d4:38:79:88:c0:2c:8e:ad:fb:d5:07:94:57:3d:85:69:79:5c:72:09:42:48:54:84:ba:cb:61:16:76:c6:24:ac:74:70:df:33:c0:54:d2:2e:27:ba:b9:d9:76:83:41:e9:56:42:ce:94:56:16:7e:c5:37:23:22:5a:ed:27:db:51:c2:75:a7:f4:41:a8:13:f7:56:f5:79:d6:d1:00:c0:01:97:35:c0:d0:82:49:db:a3:e8:f6:9b:31:86:b6:c7:93:72:9b:de:18:0d:1b:6f:fb:8f:91:31:3b:1b:e1:70:fe:f3:7b:a0:5b:4e:fe:99:14:b6:c2:c4:3a:15:c0:e4:1f:16:aa:be:9f:4a:94:91:7e:8e:12:9f:e5:a5:53:09:08:29:13:f5:bc:eb:72:74:25:8a:57:14:3d:cb:e4:21:04:ad:96:9f:57:52:7f:61:37:82:d1:cf:c5:44:9c:e5:e8:be:00:2b:0e:76:84:d7:3c:54:9e:f3:b6:7b:f7:00:d9:1a:8f:83:16:da:be:73:f5:cf:65:5a:92:2d:89:14:91:aa:c5:8e:d6:02:94:cf:c9:50:ae:5a:39:35:d1:75:29:4a:fa:74:62:33:74:b7:84:73:1e:43:ac:4c:12:41:17:9c:f5:6f:d6:65:61:d0:46:24:8d:53:fe:b0:65:39:ef:b3:b7:10:00:f4:d2:ed:2a:68:85:10:4b:21:af:3b:9c:b4:24:c7:d2:e1:29:48:3b:5c:96:8e:55:7b:35:d5" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:51.981285000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493731.981285000", - "frame.time_delta": "0.000089000", - "frame.time_delta_displayed": "0.000089000", - "frame.time_relative": "140.520599000", - "frame.number": "312", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000082c6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x00000815", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35287", - "tcp.port": "80", - "tcp.port": "35287", - "tcp.stream": "11", - "tcp.len": "0", - "tcp.seq": "872", - "tcp.ack": "1849", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x000015d3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:51.981753000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493731.981753000", - "frame.time_delta": "0.000468000", - "frame.time_delta_displayed": "0.000468000", - "frame.time_relative": "140.521067000", - "frame.number": "313", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000052d8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e303", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35287", - "tcp.dstport": "80", - "tcp.port": "35287", - "tcp.port": "80", - "tcp.stream": "11", - "tcp.len": "0", - "tcp.seq": "1849", - "tcp.ack": "872", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "30485", - "tcp.window_size": "30485", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000b622", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "311", - "tcp.analysis.ack_rtt": "0.000557000", - "tcp.analysis.initial_rtt": "0.137084000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:51.982460000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493731.982460000", - "frame.time_delta": "0.000707000", - "frame.time_delta_displayed": "0.000707000", - "frame.time_relative": "140.521774000", - "frame.number": "314", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000052d9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e302", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35287", - "tcp.dstport": "80", - "tcp.port": "35287", - "tcp.port": "80", - "tcp.stream": "11", - "tcp.len": "0", - "tcp.seq": "1849", - "tcp.ack": "873", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "30485", - "tcp.window_size": "30485", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000b620", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "312", - "tcp.analysis.ack_rtt": "0.001175000", - "tcp.analysis.initial_rtt": "0.137084000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:52.118868000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493732.118868000", - "frame.time_delta": "0.136408000", - "frame.time_delta_displayed": "0.136408000", - "frame.time_relative": "140.658182000", - "frame.number": "315", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000c4b4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x0000c626", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35287", - "tcp.port": "80", - "tcp.port": "35287", - "tcp.stream": "11", - "tcp.len": "0", - "tcp.seq": "873", - "tcp.ack": "1850", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x000015d2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "314", - "tcp.analysis.ack_rtt": "0.136408000", - "tcp.analysis.initial_rtt": "0.137084000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:55.368751000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493735.368751000", - "frame.time_delta": "3.249883000", - "frame.time_delta_displayed": "3.249883000", - "frame.time_relative": "143.908065000", - "frame.number": "316", - "frame.len": "92", - "frame.cap_len": "92", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "78", - "ip.id": "0x00000a89", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ee2d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "58", - "udp.checksum": "0x000051cb", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "32:00:00:54:42:52:4b:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:00:84:a4:56:cd:8d:cc:f2:14:11:00:00:00:ae:73:a3:3c:d8:1c:02:00:46:8f:01:00:00:00", - "data.len": "50" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:55.554278000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493735.554278000", - "frame.time_delta": "0.185527000", - "frame.time_delta_displayed": "0.185527000", - "frame.time_relative": "144.093592000", - "frame.number": "317", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001ce4", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000bb0c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00000da8", - "udp.checksum.status": "2", - "udp.stream": "16" - }, - "mdns": { - "dns.id": "0x0000025c", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=604", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:55.554840000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493735.554840000", - "frame.time_delta": "0.000562000", - "frame.time_delta_displayed": "0.000562000", - "frame.time_relative": "144.094154000", - "frame.number": "318", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001ce5", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009c07", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000eea3", - "udp.checksum.status": "2", - "udp.stream": "17" - }, - "mdns": { - "dns.id": "0x0000025c", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=604", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:55.555425000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493735.555425000", - "frame.time_delta": "0.000585000", - "frame.time_delta_displayed": "0.000585000", - "frame.time_relative": "144.094739000", - "frame.number": "319", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1319", - "udp.dstport": "5353", - "udp.port": "1319", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00007c69", - "udp.checksum.status": "2", - "udp.stream": "18" - }, - "mdns": { - "dns.id": "0x0000025c", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=604", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:55.570183000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493735.570183000", - "frame.time_delta": "0.014758000", - "frame.time_delta_displayed": "0.014758000", - "frame.time_relative": "144.109497000", - "frame.number": "320", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.242" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:48:55.570600000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493735.570600000", - "frame.time_delta": "0.000417000", - "frame.time_delta_displayed": "0.000417000", - "frame.time_relative": "144.109914000", - "frame.number": "321", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "d0:52:a8:a3:60:0f", - "arp.src.proto_ipv4": "192.168.0.242", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:00.233997000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493740.233997000", - "frame.time_delta": "4.663397000", - "frame.time_delta_displayed": "4.663397000", - "frame.time_relative": "148.773311000", - "frame.number": "322", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x00004c59", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00007cfe", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:00.286853000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493740.286853000", - "frame.time_delta": "0.052856000", - "frame.time_delta_displayed": "0.052856000", - "frame.time_relative": "148.826167000", - "frame.number": "323", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x00004c5d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00007cfa", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:00.339708000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493740.339708000", - "frame.time_delta": "0.052855000", - "frame.time_delta_displayed": "0.052855000", - "frame.time_relative": "148.879022000", - "frame.number": "324", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x00004c5e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00007cf0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:00.392592000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493740.392592000", - "frame.time_delta": "0.052884000", - "frame.time_delta_displayed": "0.052884000", - "frame.time_relative": "148.931906000", - "frame.number": "325", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x00004c62", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00007cec", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:00.445463000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493740.445463000", - "frame.time_delta": "0.052871000", - "frame.time_delta_displayed": "0.052871000", - "frame.time_relative": "148.984777000", - "frame.number": "326", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x00004c65", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00007cef", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:00.498394000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493740.498394000", - "frame.time_delta": "0.052931000", - "frame.time_delta_displayed": "0.052931000", - "frame.time_relative": "149.037708000", - "frame.number": "327", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x00004c67", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00007ced", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:02.662755000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493742.662755000", - "frame.time_delta": "2.164361000", - "frame.time_delta_displayed": "2.164361000", - "frame.time_relative": "151.202069000", - "frame.number": "328", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x00008492", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003428", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56551", - "udp.dstport": "53", - "udp.port": "56551", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x0000d949", - "udp.checksum.status": "2", - "udp.stream": "23" - }, - "dns": { - "dns.id": "0x00000f0c", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:02.663365000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493742.663365000", - "frame.time_delta": "0.000610000", - "frame.time_delta_displayed": "0.000610000", - "frame.time_relative": "151.202679000", - "frame.number": "329", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x0000798f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003f2b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "56551", - "udp.port": "53", - "udp.port": "56551", - "udp.length": "45", - "udp.checksum": "0x00008230", - "udp.checksum.status": "2", - "udp.stream": "23" - }, - "dns": { - "dns.response_to": "328", - "dns.time": "0.000610000", - "dns.id": "0x00000f0c", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:02.664177000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493742.664177000", - "frame.time_delta": "0.000812000", - "frame.time_delta_displayed": "0.000812000", - "frame.time_relative": "151.203491000", - "frame.number": "330", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x00008493", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003427", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "48862", - "udp.dstport": "53", - "udp.port": "48862", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x00001252", - "udp.checksum.status": "2", - "udp.stream": "24" - }, - "dns": { - "dns.id": "0x00000f0d", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:02.664593000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493742.664593000", - "frame.time_delta": "0.000416000", - "frame.time_delta_displayed": "0.000416000", - "frame.time_relative": "151.203907000", - "frame.number": "331", - "frame.len": "95", - "frame.cap_len": "95", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "81", - "ip.id": "0x00007990", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003f1a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "48862", - "udp.port": "53", - "udp.port": "48862", - "udp.length": "61", - "udp.checksum": "0x00008240", - "udp.checksum.status": "2", - "udp.stream": "24" - }, - "dns": { - "dns.response_to": "330", - "dns.time": "0.000416000", - "dns.id": "0x00000f0d", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "1", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { - "dns.resp.name": "dcp.cpp.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "35", - "dns.resp.len": "4", - "dns.a": "5.79.62.93" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:02.665670000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493742.665670000", - "frame.time_delta": "0.001077000", - "frame.time_delta_displayed": "0.001077000", - "frame.time_relative": "151.204984000", - "frame.number": "332", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000aa37", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008b98", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35288", - "tcp.dstport": "80", - "tcp.port": "35288", - "tcp.port": "80", - "tcp.stream": "12", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x000051d0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:02.802696000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493742.802696000", - "frame.time_delta": "0.137026000", - "frame.time_delta_displayed": "0.137026000", - "frame.time_relative": "151.342010000", - "frame.number": "333", - "frame.len": "62", - "frame.cap_len": "62", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "48", - "ip.id": "0x00001b99", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x00006f3a", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35288", - "tcp.port": "80", - "tcp.port": "35288", - "tcp.stream": "12", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "28", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "4140", - "tcp.window_size": "4140", - "tcp.checksum": "0x00007514", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:64:04:02:00:00", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1380" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "End of Option List (EOL)": { - "tcp.options.type": "0", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "0" - } - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "332", - "tcp.analysis.ack_rtt": "0.137026000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:02.803234000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493742.803234000", - "frame.time_delta": "0.000538000", - "frame.time_delta_displayed": "0.000538000", - "frame.time_relative": "151.342548000", - "frame.number": "334", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000aa38", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008ba3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35288", - "tcp.dstport": "80", - "tcp.port": "35288", - "tcp.port": "80", - "tcp.stream": "12", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00003ea3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "333", - "tcp.analysis.ack_rtt": "0.000538000", - "tcp.analysis.initial_rtt": "0.137564000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:02.803248000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493742.803248000", - "frame.time_delta": "0.000014000", - "frame.time_delta_displayed": "0.000014000", - "frame.time_relative": "151.342562000", - "frame.number": "335", - "frame.len": "654", - "frame.cap_len": "654", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "640", - "ip.id": "0x0000aa39", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000894a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35288", - "tcp.dstport": "80", - "tcp.port": "35288", - "tcp.port": "80", - "tcp.stream": "12", - "tcp.len": "600", - "tcp.seq": "1", - "tcp.nxtseq": "601", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00008c94", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.137564000", - "tcp.analysis.bytes_in_flight": "600", - "tcp.analysis.push_bytes_sent": "600" - }, - "tcp.segment_data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:37:38:22:2c:20:4e:6f:6e:63:65:3d:22:6b:34:2b:37:70:6f:65:48:68:76:43:35:49:4e:55:49:49:77:4f:4e:46:67:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:47:48:50:49:47:43:2b:59:50:72:54:49:34:2b:38:47:73:6d:6b:6e:4d:67:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:02.940621000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493742.940621000", - "frame.time_delta": "0.137373000", - "frame.time_delta_displayed": "0.137373000", - "frame.time_relative": "151.479935000", - "frame.number": "336", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005a47", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x00003094", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35288", - "tcp.port": "80", - "tcp.port": "35288", - "tcp.stream": "12", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "601", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4740", - "tcp.window_size": "4740", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00009bd7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "335", - "tcp.analysis.ack_rtt": "0.137373000", - "tcp.analysis.initial_rtt": "0.137564000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:02.941267000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493742.941267000", - "frame.time_delta": "0.000646000", - "frame.time_delta_displayed": "0.000646000", - "frame.time_relative": "151.480581000", - "frame.number": "337", - "frame.len": "1302", - "frame.cap_len": "1302", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:media" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1288", - "ip.id": "0x0000aa3a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000086c1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35288", - "tcp.dstport": "80", - "tcp.port": "35288", - "tcp.port": "80", - "tcp.stream": "12", - "tcp.len": "1248", - "tcp.seq": "601", - "tcp.nxtseq": "1849", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00003739", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.137564000", - "tcp.analysis.bytes_in_flight": "1248", - "tcp.analysis.push_bytes_sent": "1248" - }, - "tcp.segment_data": "5b:d9:6c:c9:bc:95:28:0b:62:2f:1b:31:59:1f:cc:ad:a3:d1:95:75:03:72:71:3e:a1:7d:1f:8d:ad:54:5c:9f:18:11:b0:08:94:3d:55:76:16:63:ad:41:7c:e8:96:13:1c:f2:15:b4:41:94:ad:78:88:03:0b:5c:95:0e:b5:6a:c6:85:14:0f:49:b2:6e:35:17:4b:07:c2:5a:23:1d:cc:36:e9:5d:3d:ce:4d:58:88:18:d8:fa:14:1b:f3:1d:28:a3:d3:99:33:b7:15:68:a8:6a:c3:fe:2b:86:94:5a:0f:46:d6:42:4c:0b:47:5d:e4:f8:23:c8:76:ee:09:90:2f:88:c5:24:40:3f:25:df:63:f3:8c:88:0d:4c:6f:3e:31:3d:9b:cc:96:a7:a7:74:52:b3:26:93:ce:b9:a6:01:d4:2f:66:fd:6b:0d:f7:2d:ec:36:4a:c9:ab:52:71:1c:43:c5:d6:e1:3e:c4:2e:47:3b:6a:fc:ba:9b:82:42:44:6a:e0:0b:ec:a7:3c:d8:aa:ae:cc:91:3f:5a:d8:8a:a2:e1:c3:61:78:6a:3b:e4:f1:f7:03:20:b7:2f:f6:69:16:11:95:0d:0d:8a:01:8b:07:d3:21:75:03:60:30:52:36:05:15:29:36:7d:bd:fb:b3:f0:dd:e0:c0:9e:74:b2:a3:cd:3f:30:7d:7b:79:78:7e:7d:d3:f8:50:09:7d:dc:85:4f:29:8a:2c:22:83:79:8a:b8:87:61:f0:06:5d:7e:ef:5b:b5:27:e2:04:87:28:b0:2b:6f:ef:e0:f9:a3:b3:d1:1d:20:4d:bb:cb:01:8c:27:b5:ed:c2:bf:a6:ca:d8:7f:ca:f6:4b:cc:9e:22:0a:67:4d:61:de:bb:b9:be:a0:d7:16:fb:9c:ef:11:b2:e5:05:5f:23:67:54:42:81:e6:2b:0d:25:d9:41:20:c7:81:94:53:84:48:25:65:77:64:6c:d8:3a:1e:2d:51:e7:3c:4f:86:ef:96:03:84:dc:63:a4:a3:e5:18:c1:5f:f0:0b:7b:77:54:c2:24:df:1a:ee:52:ae:cb:1e:8b:fd:63:8f:7e:df:f3:f3:1e:d9:8b:84:82:15:a0:cf:63:ec:98:a8:ea:90:08:4b:00:3a:e7:32:3c:32:11:f4:30:61:c9:65:c0:a2:4f:e7:b0:e7:1f:f5:04:a3:b4:7d:9c:ea:21:66:59:07:6d:67:37:60:9a:a0:a7:22:e2:44:8d:7c:cd:25:aa:8a:6a:e3:fa:b0:37:e8:75:1c:01:4c:9c:7f:12:e7:c2:4d:55:5b:03:23:cc:15:d8:c4:50:a5:d3:2a:32:70:c7:1a:93:7b:be:7b:65:c9:9a:27:52:d0:8c:5c:70:84:2b:2a:78:c5:be:f4:07:15:69:26:fa:8b:52:e3:09:d7:8c:1c:07:e3:29:2f:f2:55:cc:98:37:cc:7b:9e:2b:bc:b8:60:84:59:09:c2:f2:ed:9a:81:82:b0:be:e2:22:24:fc:8f:97:8d:28:4e:81:ef:68:28:2b:6f:5c:93:64:36:86:0a:16:8c:81:35:0a:4c:26:44:4d:57:47:6e:0e:bd:cd:e9:3e:e6:48:bc:01:b8:26:45:d2:76:11:b4:67:74:c8:a7:9d:1c:27:79:d3:eb:43:81:03:85:88:f6:39:92:e1:6b:a2:9f:89:78:da:b4:1d:35:86:d9:33:36:06:18:0d:f7:4b:1f:f9:44:14:78:08:81:6b:33:e3:75:5a:fd:68:ca:17:5d:2d:5d:bf:f3:68:71:de:a0:dd:17:1e:b3:ee:b0:15:da:c1:21:41:8f:65:5e:61:24:27:86:61:5c:ec:30:18:a5:b2:7b:3d:0f:08:9b:0f:a4:33:48:9e:76:11:5f:3f:36:d9:32:90:3a:e9:89:64:ff:b7:7c:5c:bf:85:c7:fe:7a:58:fd:67:f7:40:48:83:25:c1:88:5e:da:12:2f:10:66:de:83:3a:8f:9d:32:60:47:15:6d:4a:fb:3a:d3:80:ed:9f:fb:16:27:43:ad:c3:fb:41:33:c3:ad:6e:64:82:a7:40:d4:20:1f:c2:68:62:44:df:34:f3:a7:07:32:92:46:d6:2f:13:76:bc:bb:13:6d:d6:3e:68:8d:e1:48:b4:a3:61:77:3b:63:f4:1e:ff:b2:ba:0b:6a:ff:53:44:5e:d9:8a:ed:57:a0:86:3f:0c:08:6c:c5:a4:22:b8:c8:45:70:c7:de:2b:c3:1a:2f:82:26:d4:f2:c3:3f:f3:97:2f:f1:d8:00:08:cb:b7:00:0c:5f:7c:e6:6c:de:67:a1:53:3d:0a:3a:b0:bb:fb:81:fb:27:ea:18:51:db:f7:f8:1f:d2:dd:55:b1:f8:e1:ea:3b:3c:9d:bc:25:72:a8:19:9a:34:c6:c2:b5:cc:d1:fd:15:00:2a:89:cc:d4:66:d5:fb:d8:50:0c:ef:47:80:82:5a:ea:e2:41:d5:48:83:15:5b:03:1e:0d:13:a9:d0:b7:b3:ae:72:24:9c:d2:d7:85:93:17:d9:77:b6:0c:42:0c:25:fa:dd:80:2b:19:a1:ad:0a:c5:a9:fd:26:ba:43:f8:9c:1d:ef:e5:e0:68:1c:cd:14:5e:9a:7f:19:0a:6d:b3:4b:26:08:b0:29:f0:24:ce:a1:88:62:aa:27:5c:4a:8f:32:a7:6e:e0:fe:2f:8a:78:8b:25:18:76:9d:28:f1:0d:ff:6c:ce:a1:32:7a:28:d3:75:72:c1:cc:9c:73:04:05:9f:32:a8:40:58:06:5d:ab:16:36:04:82:0c:4e:ba:c6:9f:dc:a5:5b:94:18:be:85:3d:c0:43:6b:51:98:82:2e:55:0c:f9:f2:7f:74:d3:32:48:c8:37:39:83:9d:17:72:d3:e9:10:0e:90:7b:96:3b:8a:bd:4a:b2:3f:11:cd:cf:69:33:8e:fc:a6:6a:d8:21:28:08:1a:80:a5:37:1f:cd:df:9d:c1:0b:1e:36:87:53:43:7f:65:31:bd:59:5b:aa:10:8f:6b:86:e4:85:33:ab:00:02:e9:6d:e4:ab:b6:ef:e7:df:90:d5:92:60:39:2a:07:4d:ac:91:a0:1f:28:05:4f:59:69:3f:15:6b:d4:f3:1d:ee:a1:1f:a0:f6:b5:56:ba:02:a9:32:82:2f:2f:58:be:bb:b5:ab:2e:6c:00:90:a7:27:90:51:fe:21:f1:7c:e7:14:54:78:2e:7e:3a:e8:2c:55:84:27:5f:af:d7:b5:d0:42:0e:8a:84:a5:54:76:d7:62:af:15:54:35:62:1f:84:19:0f:da:2e:97:05:25" - }, - "tcp.segments": { - "tcp.segment": "335", - "tcp.segment": "337", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1848", - "tcp.reassembled.data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:37:38:22:2c:20:4e:6f:6e:63:65:3d:22:6b:34:2b:37:70:6f:65:48:68:76:43:35:49:4e:55:49:49:77:4f:4e:46:67:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:47:48:50:49:47:43:2b:59:50:72:54:49:34:2b:38:47:73:6d:6b:6e:4d:67:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a:5b:d9:6c:c9:bc:95:28:0b:62:2f:1b:31:59:1f:cc:ad:a3:d1:95:75:03:72:71:3e:a1:7d:1f:8d:ad:54:5c:9f:18:11:b0:08:94:3d:55:76:16:63:ad:41:7c:e8:96:13:1c:f2:15:b4:41:94:ad:78:88:03:0b:5c:95:0e:b5:6a:c6:85:14:0f:49:b2:6e:35:17:4b:07:c2:5a:23:1d:cc:36:e9:5d:3d:ce:4d:58:88:18:d8:fa:14:1b:f3:1d:28:a3:d3:99:33:b7:15:68:a8:6a:c3:fe:2b:86:94:5a:0f:46:d6:42:4c:0b:47:5d:e4:f8:23:c8:76:ee:09:90:2f:88:c5:24:40:3f:25:df:63:f3:8c:88:0d:4c:6f:3e:31:3d:9b:cc:96:a7:a7:74:52:b3:26:93:ce:b9:a6:01:d4:2f:66:fd:6b:0d:f7:2d:ec:36:4a:c9:ab:52:71:1c:43:c5:d6:e1:3e:c4:2e:47:3b:6a:fc:ba:9b:82:42:44:6a:e0:0b:ec:a7:3c:d8:aa:ae:cc:91:3f:5a:d8:8a:a2:e1:c3:61:78:6a:3b:e4:f1:f7:03:20:b7:2f:f6:69:16:11:95:0d:0d:8a:01:8b:07:d3:21:75:03:60:30:52:36:05:15:29:36:7d:bd:fb:b3:f0:dd:e0:c0:9e:74:b2:a3:cd:3f:30:7d:7b:79:78:7e:7d:d3:f8:50:09:7d:dc:85:4f:29:8a:2c:22:83:79:8a:b8:87:61:f0:06:5d:7e:ef:5b:b5:27:e2:04:87:28:b0:2b:6f:ef:e0:f9:a3:b3:d1:1d:20:4d:bb:cb:01:8c:27:b5:ed:c2:bf:a6:ca:d8:7f:ca:f6:4b:cc:9e:22:0a:67:4d:61:de:bb:b9:be:a0:d7:16:fb:9c:ef:11:b2:e5:05:5f:23:67:54:42:81:e6:2b:0d:25:d9:41:20:c7:81:94:53:84:48:25:65:77:64:6c:d8:3a:1e:2d:51:e7:3c:4f:86:ef:96:03:84:dc:63:a4:a3:e5:18:c1:5f:f0:0b:7b:77:54:c2:24:df:1a:ee:52:ae:cb:1e:8b:fd:63:8f:7e:df:f3:f3:1e:d9:8b:84:82:15:a0:cf:63:ec:98:a8:ea:90:08:4b:00:3a:e7:32:3c:32:11:f4:30:61:c9:65:c0:a2:4f:e7:b0:e7:1f:f5:04:a3:b4:7d:9c:ea:21:66:59:07:6d:67:37:60:9a:a0:a7:22:e2:44:8d:7c:cd:25:aa:8a:6a:e3:fa:b0:37:e8:75:1c:01:4c:9c:7f:12:e7:c2:4d:55:5b:03:23:cc:15:d8:c4:50:a5:d3:2a:32:70:c7:1a:93:7b:be:7b:65:c9:9a:27:52:d0:8c:5c:70:84:2b:2a:78:c5:be:f4:07:15:69:26:fa:8b:52:e3:09:d7:8c:1c:07:e3:29:2f:f2:55:cc:98:37:cc:7b:9e:2b:bc:b8:60:84:59:09:c2:f2:ed:9a:81:82:b0:be:e2:22:24:fc:8f:97:8d:28:4e:81:ef:68:28:2b:6f:5c:93:64:36:86:0a:16:8c:81:35:0a:4c:26:44:4d:57:47:6e:0e:bd:cd:e9:3e:e6:48:bc:01:b8:26:45:d2:76:11:b4:67:74:c8:a7:9d:1c:27:79:d3:eb:43:81:03:85:88:f6:39:92:e1:6b:a2:9f:89:78:da:b4:1d:35:86:d9:33:36:06:18:0d:f7:4b:1f:f9:44:14:78:08:81:6b:33:e3:75:5a:fd:68:ca:17:5d:2d:5d:bf:f3:68:71:de:a0:dd:17:1e:b3:ee:b0:15:da:c1:21:41:8f:65:5e:61:24:27:86:61:5c:ec:30:18:a5:b2:7b:3d:0f:08:9b:0f:a4:33:48:9e:76:11:5f:3f:36:d9:32:90:3a:e9:89:64:ff:b7:7c:5c:bf:85:c7:fe:7a:58:fd:67:f7:40:48:83:25:c1:88:5e:da:12:2f:10:66:de:83:3a:8f:9d:32:60:47:15:6d:4a:fb:3a:d3:80:ed:9f:fb:16:27:43:ad:c3:fb:41:33:c3:ad:6e:64:82:a7:40:d4:20:1f:c2:68:62:44:df:34:f3:a7:07:32:92:46:d6:2f:13:76:bc:bb:13:6d:d6:3e:68:8d:e1:48:b4:a3:61:77:3b:63:f4:1e:ff:b2:ba:0b:6a:ff:53:44:5e:d9:8a:ed:57:a0:86:3f:0c:08:6c:c5:a4:22:b8:c8:45:70:c7:de:2b:c3:1a:2f:82:26:d4:f2:c3:3f:f3:97:2f:f1:d8:00:08:cb:b7:00:0c:5f:7c:e6:6c:de:67:a1:53:3d:0a:3a:b0:bb:fb:81:fb:27:ea:18:51:db:f7:f8:1f:d2:dd:55:b1:f8:e1:ea:3b:3c:9d:bc:25:72:a8:19:9a:34:c6:c2:b5:cc:d1:fd:15:00:2a:89:cc:d4:66:d5:fb:d8:50:0c:ef:47:80:82:5a:ea:e2:41:d5:48:83:15:5b:03:1e:0d:13:a9:d0:b7:b3:ae:72:24:9c:d2:d7:85:93:17:d9:77:b6:0c:42:0c:25:fa:dd:80:2b:19:a1:ad:0a:c5:a9:fd:26:ba:43:f8:9c:1d:ef:e5:e0:68:1c:cd:14:5e:9a:7f:19:0a:6d:b3:4b:26:08:b0:29:f0:24:ce:a1:88:62:aa:27:5c:4a:8f:32:a7:6e:e0:fe:2f:8a:78:8b:25:18:76:9d:28:f1:0d:ff:6c:ce:a1:32:7a:28:d3:75:72:c1:cc:9c:73:04:05:9f:32:a8:40:58:06:5d:ab:16:36:04:82:0c:4e:ba:c6:9f:dc:a5:5b:94:18:be:85:3d:c0:43:6b:51:98:82:2e:55:0c:f9:f2:7f:74:d3:32:48:c8:37:39:83:9d:17:72:d3:e9:10:0e:90:7b:96:3b:8a:bd:4a:b2:3f:11:cd:cf:69:33:8e:fc:a6:6a:d8:21:28:08:1a:80:a5:37:1f:cd:df:9d:c1:0b:1e:36:87:53:43:7f:65:31:bd:59:5b:aa:10:8f:6b:86:e4:85:33:ab:00:02:e9:6d:e4:ab:b6:ef:e7:df:90:d5:92:60:39:2a:07:4d:ac:91:a0:1f:28:05:4f:59:69:3f:15:6b:d4:f3:1d:ee:a1:1f:a0:f6:b5:56:ba:02:a9:32:82:2f:2f:58:be:bb:b5:ab:2e:6c:00:90:a7:27:90:51:fe:21:f1:7c:e7:14:54:78:2e:7e:3a:e8:2c:55:84:27:5f:af:d7:b5:d0:42:0e:8a:84:a5:54:76:d7:62:af:15:54:35:62:1f:84:19:0f:da:2e:97:05:25" - }, - "http": { - "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "POST", - "http.request.uri": "\/DcpRequestHandler\/index.ashx", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "dcp.cpp.philips.com:80", - "http.request.line": "Host: dcp.cpp.philips.com:80\r\n", - "http.authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"178\", Nonce=\"k4+7poeHhvC5INUIIwONFg==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"GHPIGC+YPrTI4+8GsmknMg==\"", - "http.request.line": "Authorization: CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"178\", Nonce=\"k4+7poeHhvC5INUIIwONFg==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"GHPIGC+YPrTI4+8GsmknMg==\"\r\n", - "http.content_length_header": "1248 ", - "http.content_length_header_tree": { - "http.content_length": "1248" - }, - "http.request.line": "Content-Length: 1248 \r\n", - "http.content_type": "application\/CB-Encrypted; cipher=AES", - "http.request.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", - "http.connection": "close", - "http.request.line": "Connection: close\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/dcp.cpp.philips.com:80\/DcpRequestHandler\/index.ashx", - "http.request": "1", - "http.request_number": "1", - "http.file_data": "[\u00ef\u00bf\u00bdl\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd(\u000bb\/\u001b1Y\u001f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdu\u0003rq>\u00ef\u00bf\u00bd}\u001f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdT\\\u00ef\u00bf\u00bd\u0018\u0011\u00ef\u00bf\u00bd\b\u00ef\u00bf\u00bd=Uv\u0016c\u00ef\u00bf\u00bdA|\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0013\u001c\u00ef\u00bf\u00bd\u0015\u00ef\u00bf\u00bdA\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdx\u00ef\u00bf\u00bd\u0003\u000b\\\u00ef\u00bf\u00bd\u000e\u00ef\u00bf\u00bdj\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0014\u000fI\u00ef\u00bf\u00bdn5\u0017K\u0007\u00ef\u00bf\u00bdZ#\u001d\u00ef\u00bf\u00bd6\u00ef\u00bf\u00bd]=\u00ef\u00bf\u00bdMX\u00ef\u00bf\u00bd\u0018\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0014\u001b\u00ef\u00bf\u00bd\u001d(\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd3\u00ef\u00bf\u00bd\u0015h\u00ef\u00bf\u00bdj\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd+\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdZ\u000fF\u00ef\u00bf\u00bdBL\u000bG]\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd#\u00ef\u00bf\u00bdv\u00ef\u00bf\u00bd\t\u00ef\u00bf\u00bd\/\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd$@?%\u00ef\u00bf\u00bdc\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\rLo>1=\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdtR\u00ef\u00bf\u00bd&\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0001\u00ef\u00bf\u00bd\/f\u00ef\u00bf\u00bdk\r\u00ef\u00bf\u00bd-\u00ef\u00bf\u00bd6J\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdRq\u001cC\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd>\u00ef\u00bf\u00bd.G;j\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdBDj\u00ef\u00bf\u00bd\u000b\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd<\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd?Z\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdaxj;\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0003 \u00ef\u00bf\u00bd\/\u00ef\u00bf\u00bdi\u0016\u0011\u00ef\u00bf\u00bd\r\r\u00ef\u00bf\u00bd\u0001\u00ef\u00bf\u00bd\u0007\u00ef\u00bf\u00bd!u\u0003`0R6\u0005\u0015)6}\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdt\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd?0}{yx~}\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdP\t}\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdO)\u00ef\u00bf\u00bd,\"\u00ef\u00bf\u00bdy\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bda\u00ef\u00bf\u00bd\u0006]~\u00ef\u00bf\u00bd[\u00ef\u00bf\u00bd'\u00ef\u00bf\u00bd\u0004\u00ef\u00bf\u00bd(\u00ef\u00bf\u00bd+o\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001d M\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0001\u00ef\u00bf\u00bd'\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u007f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdK\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\"\ngMa\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0016\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0011\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0005_#gTB\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd+\r%\u00ef\u00bf\u00bdA \u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdS\u00ef\u00bf\u00bdH%ewdl\u00ef\u00bf\u00bd:\u001e-Q\u00ef\u00bf\u00bd<O\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0003\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdc\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0018\u00ef\u00bf\u00bd_\u00ef\u00bf\u00bd\u000b{wT\u00ef\u00bf\u00bd$\u00ef\u00bf\u00bd\u001a\u00ef\u00bf\u00bdR\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001e\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdc\u00ef\u00bf\u00bd~\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001e\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0015\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdc\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\bK" - }, - "media": { - "media.type": "5b:d9:6c:c9:bc:95:28:0b:62:2f:1b:31:59:1f:cc:ad:a3:d1:95:75:03:72:71:3e:a1:7d:1f:8d:ad:54:5c:9f:18:11:b0:08:94:3d:55:76:16:63:ad:41:7c:e8:96:13:1c:f2:15:b4:41:94:ad:78:88:03:0b:5c:95:0e:b5:6a:c6:85:14:0f:49:b2:6e:35:17:4b:07:c2:5a:23:1d:cc:36:e9:5d:3d:ce:4d:58:88:18:d8:fa:14:1b:f3:1d:28:a3:d3:99:33:b7:15:68:a8:6a:c3:fe:2b:86:94:5a:0f:46:d6:42:4c:0b:47:5d:e4:f8:23:c8:76:ee:09:90:2f:88:c5:24:40:3f:25:df:63:f3:8c:88:0d:4c:6f:3e:31:3d:9b:cc:96:a7:a7:74:52:b3:26:93:ce:b9:a6:01:d4:2f:66:fd:6b:0d:f7:2d:ec:36:4a:c9:ab:52:71:1c:43:c5:d6:e1:3e:c4:2e:47:3b:6a:fc:ba:9b:82:42:44:6a:e0:0b:ec:a7:3c:d8:aa:ae:cc:91:3f:5a:d8:8a:a2:e1:c3:61:78:6a:3b:e4:f1:f7:03:20:b7:2f:f6:69:16:11:95:0d:0d:8a:01:8b:07:d3:21:75:03:60:30:52:36:05:15:29:36:7d:bd:fb:b3:f0:dd:e0:c0:9e:74:b2:a3:cd:3f:30:7d:7b:79:78:7e:7d:d3:f8:50:09:7d:dc:85:4f:29:8a:2c:22:83:79:8a:b8:87:61:f0:06:5d:7e:ef:5b:b5:27:e2:04:87:28:b0:2b:6f:ef:e0:f9:a3:b3:d1:1d:20:4d:bb:cb:01:8c:27:b5:ed:c2:bf:a6:ca:d8:7f:ca:f6:4b:cc:9e:22:0a:67:4d:61:de:bb:b9:be:a0:d7:16:fb:9c:ef:11:b2:e5:05:5f:23:67:54:42:81:e6:2b:0d:25:d9:41:20:c7:81:94:53:84:48:25:65:77:64:6c:d8:3a:1e:2d:51:e7:3c:4f:86:ef:96:03:84:dc:63:a4:a3:e5:18:c1:5f:f0:0b:7b:77:54:c2:24:df:1a:ee:52:ae:cb:1e:8b:fd:63:8f:7e:df:f3:f3:1e:d9:8b:84:82:15:a0:cf:63:ec:98:a8:ea:90:08:4b:00:3a:e7:32:3c:32:11:f4:30:61:c9:65:c0:a2:4f:e7:b0:e7:1f:f5:04:a3:b4:7d:9c:ea:21:66:59:07:6d:67:37:60:9a:a0:a7:22:e2:44:8d:7c:cd:25:aa:8a:6a:e3:fa:b0:37:e8:75:1c:01:4c:9c:7f:12:e7:c2:4d:55:5b:03:23:cc:15:d8:c4:50:a5:d3:2a:32:70:c7:1a:93:7b:be:7b:65:c9:9a:27:52:d0:8c:5c:70:84:2b:2a:78:c5:be:f4:07:15:69:26:fa:8b:52:e3:09:d7:8c:1c:07:e3:29:2f:f2:55:cc:98:37:cc:7b:9e:2b:bc:b8:60:84:59:09:c2:f2:ed:9a:81:82:b0:be:e2:22:24:fc:8f:97:8d:28:4e:81:ef:68:28:2b:6f:5c:93:64:36:86:0a:16:8c:81:35:0a:4c:26:44:4d:57:47:6e:0e:bd:cd:e9:3e:e6:48:bc:01:b8:26:45:d2:76:11:b4:67:74:c8:a7:9d:1c:27:79:d3:eb:43:81:03:85:88:f6:39:92:e1:6b:a2:9f:89:78:da:b4:1d:35:86:d9:33:36:06:18:0d:f7:4b:1f:f9:44:14:78:08:81:6b:33:e3:75:5a:fd:68:ca:17:5d:2d:5d:bf:f3:68:71:de:a0:dd:17:1e:b3:ee:b0:15:da:c1:21:41:8f:65:5e:61:24:27:86:61:5c:ec:30:18:a5:b2:7b:3d:0f:08:9b:0f:a4:33:48:9e:76:11:5f:3f:36:d9:32:90:3a:e9:89:64:ff:b7:7c:5c:bf:85:c7:fe:7a:58:fd:67:f7:40:48:83:25:c1:88:5e:da:12:2f:10:66:de:83:3a:8f:9d:32:60:47:15:6d:4a:fb:3a:d3:80:ed:9f:fb:16:27:43:ad:c3:fb:41:33:c3:ad:6e:64:82:a7:40:d4:20:1f:c2:68:62:44:df:34:f3:a7:07:32:92:46:d6:2f:13:76:bc:bb:13:6d:d6:3e:68:8d:e1:48:b4:a3:61:77:3b:63:f4:1e:ff:b2:ba:0b:6a:ff:53:44:5e:d9:8a:ed:57:a0:86:3f:0c:08:6c:c5:a4:22:b8:c8:45:70:c7:de:2b:c3:1a:2f:82:26:d4:f2:c3:3f:f3:97:2f:f1:d8:00:08:cb:b7:00:0c:5f:7c:e6:6c:de:67:a1:53:3d:0a:3a:b0:bb:fb:81:fb:27:ea:18:51:db:f7:f8:1f:d2:dd:55:b1:f8:e1:ea:3b:3c:9d:bc:25:72:a8:19:9a:34:c6:c2:b5:cc:d1:fd:15:00:2a:89:cc:d4:66:d5:fb:d8:50:0c:ef:47:80:82:5a:ea:e2:41:d5:48:83:15:5b:03:1e:0d:13:a9:d0:b7:b3:ae:72:24:9c:d2:d7:85:93:17:d9:77:b6:0c:42:0c:25:fa:dd:80:2b:19:a1:ad:0a:c5:a9:fd:26:ba:43:f8:9c:1d:ef:e5:e0:68:1c:cd:14:5e:9a:7f:19:0a:6d:b3:4b:26:08:b0:29:f0:24:ce:a1:88:62:aa:27:5c:4a:8f:32:a7:6e:e0:fe:2f:8a:78:8b:25:18:76:9d:28:f1:0d:ff:6c:ce:a1:32:7a:28:d3:75:72:c1:cc:9c:73:04:05:9f:32:a8:40:58:06:5d:ab:16:36:04:82:0c:4e:ba:c6:9f:dc:a5:5b:94:18:be:85:3d:c0:43:6b:51:98:82:2e:55:0c:f9:f2:7f:74:d3:32:48:c8:37:39:83:9d:17:72:d3:e9:10:0e:90:7b:96:3b:8a:bd:4a:b2:3f:11:cd:cf:69:33:8e:fc:a6:6a:d8:21:28:08:1a:80:a5:37:1f:cd:df:9d:c1:0b:1e:36:87:53:43:7f:65:31:bd:59:5b:aa:10:8f:6b:86:e4:85:33:ab:00:02:e9:6d:e4:ab:b6:ef:e7:df:90:d5:92:60:39:2a:07:4d:ac:91:a0:1f:28:05:4f:59:69:3f:15:6b:d4:f3:1d:ee:a1:1f:a0:f6:b5:56:ba:02:a9:32:82:2f:2f:58:be:bb:b5:ab:2e:6c:00:90:a7:27:90:51:fe:21:f1:7c:e7:14:54:78:2e:7e:3a:e8:2c:55:84:27:5f:af:d7:b5:d0:42:0e:8a:84:a5:54:76:d7:62:af:15:54:35:62:1f:84:19:0f:da:2e:97:05:25" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:03.078116000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493743.078116000", - "frame.time_delta": "0.136849000", - "frame.time_delta_displayed": "0.136849000", - "frame.time_relative": "151.617430000", - "frame.number": "338", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000098f4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x0000f1e6", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35288", - "tcp.port": "80", - "tcp.port": "35288", - "tcp.stream": "12", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1849", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00009217", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "337", - "tcp.analysis.ack_rtt": "0.136849000", - "tcp.analysis.initial_rtt": "0.137564000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:04.481110000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493744.481110000", - "frame.time_delta": "1.402994000", - "frame.time_delta_displayed": "1.402994000", - "frame.time_relative": "153.020424000", - "frame.number": "339", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000057d4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a6bd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "41", - "tcp.ack": "37", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00000673", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive": "", - "_ws.expert.message": "TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:04.625509000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493744.625509000", - "frame.time_delta": "0.144399000", - "frame.time_delta_displayed": "0.144399000", - "frame.time_relative": "153.164823000", - "frame.number": "340", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000fc6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fdcb", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "37", - "tcp.ack": "42", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000010e8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive_ack": "", - "_ws.expert.message": "ACK to a TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:05.057094000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493745.057094000", - "frame.time_delta": "0.431585000", - "frame.time_delta_displayed": "0.431585000", - "frame.time_relative": "153.596408000", - "frame.number": "341", - "frame.len": "925", - "frame.cap_len": "925", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:media" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "911", - "ip.id": "0x0000befa", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x0000c879", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35288", - "tcp.port": "80", - "tcp.port": "35288", - "tcp.stream": "12", - "tcp.len": "871", - "tcp.seq": "1", - "tcp.nxtseq": "872", - "tcp.ack": "1849", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x000097d2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.137564000", - "tcp.analysis.bytes_in_flight": "871", - "tcp.analysis.push_bytes_sent": "871" - } - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.cache_control": "private", - "http.response.line": "Cache-Control: private\r\n", - "http.content_length_header": "560", - "http.content_length_header_tree": { - "http.content_length": "560" - }, - "http.response.line": "Content-Length: 560\r\n", - "http.content_type": "application\/CB-Encrypted; cipher=AES", - "http.response.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", - "http.server": "Microsoft-IIS\/7.5", - "http.response.line": "Server: Microsoft-IIS\/7.5\r\n", - "http.www_authenticate": "CBAuth Nonce=\"dfcGJLweJfe5INUI204GgQ==\"", - "http.response.line": "WWW-Authenticate: CBAuth Nonce=\"dfcGJLweJfe5INUI204GgQ==\"\r\n", - "http.response.line": "X-AspNet-Version: 4.0.30319\r\n", - "http.response.line": "X-Powered-By: ASP.NET\r\n", - "http.date": "Tue, 31 Oct 2017 23:49:04 GMT", - "http.response.line": "Date: Tue, 31 Oct 2017 23:49:04 GMT\r\n", - "http.connection": "close", - "http.response.line": "Connection: close\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "2.115827000", - "http.request_in": "337", - "http.file_data": "[\u00ef\u00bf\u00bdl\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd(\u000bb\/\u001b1Y\u001f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdu\u0003rq>\u00ef\u00bf\u00bd}\u001f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdT\\\u00ef\u00bf\u00bd;Mrro\u00ef\u00bf\u00bd>\u000b)%\u0006\"\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdw\\\u00ef\u00bf\u00bd{\u0007\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd#J\u00ef\u00bf\u00bd\u0001\u00ef\u00bf\u00bdUv\u00ef\u00bf\u00bdK\u0013_\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdkO\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd8\u00ef\u00bf\u00bd'\u00ef\u00bf\u00bd%\u00ef\u00bf\u00bd\u001a\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdm\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001c\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd 2\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdy\t\u00ef\u00bf\u00bd\u0011\u00ef\u00bf\u00bdC\u00ef\u00bf\u00bd?s\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdx\tu\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\t\u00ef\u00bf\u00bdR\u000bI\u00ef\u00bf\u00bd\u0011\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdi\u0010\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd.K\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0003\"\u00ef\u00bf\u00bd@t\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdI\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd.hW\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd" - }, - "media": { - "media.type": "5b:d9:6c:c9:bc:95:28:0b:62:2f:1b:31:59:1f:cc:ad:a3:d1:95:75:03:72:71:3e:a1:7d:1f:8d:ad:54:5c:9f:3b:4d:72:72:6f:ad:3e:0b:29:25:06:22:c9:de:77:5c:df:7b:07:ba:c1:e9:23:4a:9b:01:89:55:76:e1:4b:13:5f:f5:95:6b:4f:f1:fd:38:ae:27:83:25:ce:1a:b2:ec:93:6d:d0:d9:a2:ce:e8:83:8d:1c:b1:be:20:32:b7:df:79:09:a6:11:87:43:ff:3f:73:83:e8:dc:f6:78:09:75:90:c7:a2:09:e0:52:0b:49:98:11:ab:9f:69:10:b7:8e:f2:2e:4b:97:85:8b:bf:03:22:e1:40:74:8c:90:ea:d5:83:c9:c0:49:ad:f5:98:2e:68:57:b8:dc:82:da:84:00:0b:4a:51:ca:28:4d:2e:9a:92:11:f1:bc:87:ab:72:13:a2:00:ab:38:cc:8b:84:0d:a5:ea:1b:9f:7f:4a:0c:8e:34:e1:ef:b9:83:3c:70:0b:52:e8:72:3d:9d:0b:50:66:f5:27:90:f4:a6:55:c1:78:d2:13:25:4f:e9:ab:52:34:3b:e5:b3:69:58:0a:28:d3:05:73:c3:a4:21:b7:46:ba:a8:fc:91:ce:1e:84:bf:2b:cd:d0:ea:3b:ad:e0:44:02:f0:e6:4b:d7:7b:02:b4:44:69:24:56:5a:c0:b7:69:c3:a0:6c:c2:17:ce:bc:7a:d5:10:6a:a0:15:b1:a1:a7:b1:c3:8f:d0:42:bc:a0:51:48:a7:35:da:6d:5d:89:b4:68:ac:c4:b8:6d:29:8b:ff:58:98:a9:48:36:06:3b:dd:d9:ea:2c:40:ee:86:4d:37:63:85:4e:18:ce:ce:01:6b:df:b4:50:e0:18:4f:a2:83:b7:88:d3:c6:27:a7:28:70:43:7a:40:5f:74:74:68:cb:af:4a:24:90:35:8d:13:76:53:79:d3:fb:af:8e:83:76:74:7e:ab:c4:c6:fe:e2:6a:0c:57:4f:5c:e1:97:1d:70:c5:7c:21:d7:a5:63:bd:ca:5d:fd:f3:89:37:87:86:80:88:c7:2d:32:13:f2:e5:55:4a:34:1c:00:3b:aa:7b:de:36:16:8d:ba:29:df:9b:4b:9c:8c:b0:15:38:e6:a5:31:59:c7:0a:c2:91:b4:10:0c:ac:91:44:59:af:87:b7:3a:e4:62:3c:90:e7:1e:da:f5:2b:55:04:83:41:7e:4d:0b:e4:47:af:8e:df:14:08:db:78:f8:fc:fe:e0:78:57:b5:4d:24:6c:e3:2c:bf:6c:bc:88:3f:cb:96:e3:3e:7b:c4:da:5a:c8:4e:30:3e:c1:66:64:d3:d8:7d:24:a3:21:63:51:f3:f7:e8:8d:19:3f:9e:bf:23:fb:27:d8:53:1d:c5:72:f6:11:60:fe:40:8e:0f:b2:81:4a:83:26:83:ce:70:3a:5c:a2:12:de:a4:42:cb:d0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:05.057187000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493745.057187000", - "frame.time_delta": "0.000093000", - "frame.time_delta_displayed": "0.000093000", - "frame.time_relative": "153.596501000", - "frame.number": "342", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000befc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x0000cbde", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35288", - "tcp.port": "80", - "tcp.port": "35288", - "tcp.stream": "12", - "tcp.len": "0", - "tcp.seq": "872", - "tcp.ack": "1849", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00008eaf", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:05.057686000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493745.057686000", - "frame.time_delta": "0.000499000", - "frame.time_delta_displayed": "0.000499000", - "frame.time_relative": "153.597000000", - "frame.number": "343", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000aa3b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008ba0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35288", - "tcp.dstport": "80", - "tcp.port": "35288", - "tcp.port": "80", - "tcp.stream": "12", - "tcp.len": "0", - "tcp.seq": "1849", - "tcp.ack": "872", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "30485", - "tcp.window_size": "30485", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00002eff", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "341", - "tcp.analysis.ack_rtt": "0.000592000", - "tcp.analysis.initial_rtt": "0.137564000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:05.058398000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493745.058398000", - "frame.time_delta": "0.000712000", - "frame.time_delta_displayed": "0.000712000", - "frame.time_relative": "153.597712000", - "frame.number": "344", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000aa3c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008b9f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35288", - "tcp.dstport": "80", - "tcp.port": "35288", - "tcp.port": "80", - "tcp.stream": "12", - "tcp.len": "0", - "tcp.seq": "1849", - "tcp.ack": "873", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "30485", - "tcp.window_size": "30485", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00002efd", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "342", - "tcp.analysis.ack_rtt": "0.001211000", - "tcp.analysis.initial_rtt": "0.137564000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:05.194900000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493745.194900000", - "frame.time_delta": "0.136502000", - "frame.time_delta_displayed": "0.136502000", - "frame.time_relative": "153.734214000", - "frame.number": "345", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000fed5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x00008c05", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35288", - "tcp.port": "80", - "tcp.port": "35288", - "tcp.stream": "12", - "tcp.len": "0", - "tcp.seq": "873", - "tcp.ack": "1850", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00008eae", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "344", - "tcp.analysis.ack_rtt": "0.136502000", - "tcp.analysis.initial_rtt": "0.137564000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:05.554846000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493745.554846000", - "frame.time_delta": "0.359946000", - "frame.time_delta_displayed": "0.359946000", - "frame.time_relative": "154.094160000", - "frame.number": "346", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001ce6", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000bb0a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00000ca7", - "udp.checksum.status": "2", - "udp.stream": "16" - }, - "mdns": { - "dns.id": "0x0000025d", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=605", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:05.555405000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493745.555405000", - "frame.time_delta": "0.000559000", - "frame.time_delta_displayed": "0.000559000", - "frame.time_relative": "154.094719000", - "frame.number": "347", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001ce7", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009c05", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000eda2", - "udp.checksum.status": "2", - "udp.stream": "17" - }, - "mdns": { - "dns.id": "0x0000025d", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=605", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:05.555988000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493745.555988000", - "frame.time_delta": "0.000583000", - "frame.time_delta_displayed": "0.000583000", - "frame.time_relative": "154.095302000", - "frame.number": "348", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1319", - "udp.dstport": "5353", - "udp.port": "1319", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00007b68", - "udp.checksum.status": "2", - "udp.stream": "18" - }, - "mdns": { - "dns.id": "0x0000025d", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=605", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:06.087982000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493746.087982000", - "frame.time_delta": "0.531994000", - "frame.time_delta_displayed": "0.531994000", - "frame.time_relative": "154.627296000", - "frame.number": "349", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005af5", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x00005cf4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:07.670411000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493747.670411000", - "frame.time_delta": "1.582429000", - "frame.time_delta_displayed": "1.582429000", - "frame.time_relative": "156.209725000", - "frame.number": "350", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.160" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:07.670862000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493747.670862000", - "frame.time_delta": "0.000451000", - "frame.time_delta_displayed": "0.000451000", - "frame.time_relative": "156.210176000", - "frame.number": "351", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "00:17:88:69:ee:e4", - "arp.src.proto_ipv4": "192.168.0.160", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:10.556945000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493750.556945000", - "frame.time_delta": "2.886083000", - "frame.time_delta_displayed": "2.886083000", - "frame.time_relative": "159.096259000", - "frame.number": "352", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001ce8", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000bb08", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00000ca7", - "udp.checksum.status": "2", - "udp.stream": "16" - }, - "mdns": { - "dns.id": "0x0000025d", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=605", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:10.557369000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493750.557369000", - "frame.time_delta": "0.000424000", - "frame.time_delta_displayed": "0.000424000", - "frame.time_relative": "159.096683000", - "frame.number": "353", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001ce9", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009c03", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000eda2", - "udp.checksum.status": "2", - "udp.stream": "17" - }, - "mdns": { - "dns.id": "0x0000025d", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=605", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:10.558011000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493750.558011000", - "frame.time_delta": "0.000642000", - "frame.time_delta_displayed": "0.000642000", - "frame.time_relative": "159.097325000", - "frame.number": "354", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1319", - "udp.dstport": "5353", - "udp.port": "1319", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00007b68", - "udp.checksum.status": "2", - "udp.stream": "18" - }, - "mdns": { - "dns.id": "0x0000025d", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=605", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:15.555416000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493755.555416000", - "frame.time_delta": "4.997405000", - "frame.time_delta_displayed": "4.997405000", - "frame.time_relative": "164.094730000", - "frame.number": "355", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001cea", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000bb06", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00000ca7", - "udp.checksum.status": "2", - "udp.stream": "16" - }, - "mdns": { - "dns.id": "0x0000025d", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=605", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:15.555974000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493755.555974000", - "frame.time_delta": "0.000558000", - "frame.time_delta_displayed": "0.000558000", - "frame.time_relative": "164.095288000", - "frame.number": "356", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001ceb", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009c01", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000eda2", - "udp.checksum.status": "2", - "udp.stream": "17" - }, - "mdns": { - "dns.id": "0x0000025d", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=605", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:15.556550000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493755.556550000", - "frame.time_delta": "0.000576000", - "frame.time_delta_displayed": "0.000576000", - "frame.time_relative": "164.095864000", - "frame.number": "357", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1319", - "udp.dstport": "5353", - "udp.port": "1319", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00007b68", - "udp.checksum.status": "2", - "udp.stream": "18" - }, - "mdns": { - "dns.id": "0x0000025d", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=605", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:21.601345000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493761.601345000", - "frame.time_delta": "6.044795000", - "frame.time_delta_displayed": "6.044795000", - "frame.time_relative": "170.140659000", - "frame.number": "358", - "frame.len": "115", - "frame.cap_len": "115", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "101", - "ip.id": "0x000094fb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007853", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "49", - "tcp.seq": "3776", - "tcp.nxtseq": "3825", - "tcp.ack": "505", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00002fb8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:24:f3:61:a7:9b:83:2e", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2421601, TSecr 2811986734": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2421601", - "tcp.options.timestamp.tsecr": "2811986734" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "49", - "tcp.analysis.push_bytes_sent": "49" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "44", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:9e:01:f6:ab:8a:52:e1:31:95:2b:53:c2:84:6f:55:57:d6:57:22:c9:c4:78:11:29:c8:43:9c:1f:cc:c7:8f:51:f3:6c:87:b6:21" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:21.675740000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493761.675740000", - "frame.time_delta": "0.074395000", - "frame.time_delta_displayed": "0.074395000", - "frame.time_relative": "170.215054000", - "frame.number": "359", - "frame.len": "121", - "frame.cap_len": "121", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "107", - "ip.id": "0x00002bf8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003950", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "55", - "tcp.seq": "505", - "tcp.nxtseq": "560", - "tcp.ack": "3825", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000068cc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9b:a1:8f:00:24:f3:61", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2811994511, TSecr 2421601": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2811994511", - "tcp.options.timestamp.tsecr": "2421601" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "358", - "tcp.analysis.ack_rtt": "0.074395000", - "tcp.analysis.bytes_in_flight": "55", - "tcp.analysis.push_bytes_sent": "55" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "50", - "ssl.app_data": "34:cd:34:17:47:48:0e:34:06:ec:b4:a6:82:03:e6:14:7d:bc:dc:1a:21:e0:ad:e8:36:31:b0:aa:27:1b:ea:93:c8:25:17:60:6a:5d:3b:8e:ff:a0:28:78:91:11:a3:b5:c1:c4" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:21.676248000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493761.676248000", - "frame.time_delta": "0.000508000", - "frame.time_delta_displayed": "0.000508000", - "frame.time_relative": "170.215562000", - "frame.number": "360", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x000094fc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007883", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "3825", - "tcp.ack": "560", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00000189", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:24:f3:69:a7:9b:a1:8f", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2421609, TSecr 2811994511": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2421609", - "tcp.options.timestamp.tsecr": "2811994511" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "359", - "tcp.analysis.ack_rtt": "0.000508000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:25.555980000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493765.555980000", - "frame.time_delta": "3.879732000", - "frame.time_delta_displayed": "3.879732000", - "frame.time_relative": "174.095294000", - "frame.number": "361", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001cf1", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000baff", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00000ba6", - "udp.checksum.status": "2", - "udp.stream": "16" - }, - "mdns": { - "dns.id": "0x0000025e", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=606", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:25.557025000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493765.557025000", - "frame.time_delta": "0.001045000", - "frame.time_delta_displayed": "0.001045000", - "frame.time_relative": "174.096339000", - "frame.number": "362", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001cf2", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009bfa", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000eca1", - "udp.checksum.status": "2", - "udp.stream": "17" - }, - "mdns": { - "dns.id": "0x0000025e", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=606", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:25.557488000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493765.557488000", - "frame.time_delta": "0.000463000", - "frame.time_delta_displayed": "0.000463000", - "frame.time_relative": "174.096802000", - "frame.number": "363", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1319", - "udp.dstport": "5353", - "udp.port": "1319", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00007a67", - "udp.checksum.status": "2", - "udp.stream": "18" - }, - "mdns": { - "dns.id": "0x0000025e", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=606", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:26.680222000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493766.680222000", - "frame.time_delta": "1.122734000", - "frame.time_delta_displayed": "1.122734000", - "frame.time_relative": "175.219536000", - "frame.number": "364", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.242" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:26.680654000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493766.680654000", - "frame.time_delta": "0.000432000", - "frame.time_delta_displayed": "0.000432000", - "frame.time_relative": "175.219968000", - "frame.number": "365", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "d0:52:a8:a3:60:0f", - "arp.src.proto_ipv4": "192.168.0.242", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:28.853459000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493768.853459000", - "frame.time_delta": "2.172805000", - "frame.time_delta_displayed": "2.172805000", - "frame.time_relative": "177.392773000", - "frame.number": "366", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "3c:ef:8c:6f:79:5a", - "eth.src_tree": { - "eth.src_resolved": "Zhejiang_6f:79:5a", - "eth.addr": "3c:ef:8c:6f:79:5a", - "eth.addr_resolved": "Zhejiang_6f:79:5a", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.isgratuitous": "1", - "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", - "arp.src.proto_ipv4": "192.168.0.71", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.71" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:29.562799000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493769.562799000", - "frame.time_delta": "0.709340000", - "frame.time_delta_displayed": "0.709340000", - "frame.time_relative": "178.102113000", - "frame.number": "367", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "3c:ef:8c:6f:79:5a", - "eth.src_tree": { - "eth.src_resolved": "Zhejiang_6f:79:5a", - "eth.addr": "3c:ef:8c:6f:79:5a", - "eth.addr_resolved": "Zhejiang_6f:79:5a", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.isgratuitous": "1", - "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", - "arp.src.proto_ipv4": "192.168.0.71", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.71" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:30.413952000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493770.413952000", - "frame.time_delta": "0.851153000", - "frame.time_delta_displayed": "0.851153000", - "frame.time_relative": "178.953266000", - "frame.number": "368", - "frame.len": "418", - "frame.cap_len": "418", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "404", - "ip.id": "0x000094fd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007722", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "352", - "tcp.seq": "3825", - "tcp.nxtseq": "4177", - "tcp.ack": "560", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000113c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:24:f6:d3:a7:9b:a1:8f", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2422483, TSecr 2811994511": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2422483", - "tcp.options.timestamp.tsecr": "2811994511" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "352", - "tcp.analysis.push_bytes_sent": "352" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "347", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:9f:60:73:5c:63:40:b5:88:75:52:82:bc:b1:aa:5a:0b:cc:8b:d3:2a:52:f4:b2:42:c0:2c:c0:fc:8a:38:4b:e6:9d:e4:5b:c1:76:16:05:33:8c:ae:c5:d4:ae:9d:90:c8:05:51:ba:91:f5:26:d2:fc:da:9d:34:31:5d:39:17:90:45:14:73:ab:48:c6:9e:67:02:9f:38:95:b0:f0:bd:fa:90:d7:9e:12:09:24:c1:87:09:21:9c:01:cf:72:54:e7:d9:3f:ac:70:eb:28:fd:a3:df:51:85:e4:65:10:a6:eb:8c:21:45:0a:18:8f:12:c8:b7:73:6e:ea:0b:d3:74:d7:cc:e2:32:e7:1f:90:8f:b3:67:b1:0e:75:4a:af:9b:1a:ce:fc:24:40:07:70:0a:93:47:d3:9b:c4:fe:07:8f:95:44:29:31:77:8c:fc:de:3c:32:8f:16:c2:e5:81:33:84:8b:52:bb:1d:6d:45:5d:d6:c2:dd:16:60:d3:7e:d3:94:87:8b:15:9f:bb:f2:12:fc:87:e6:ba:29:b3:32:37:02:4f:7a:2c:31:84:e4:f0:9a:ab:20:56:c8:44:13:47:cc:78:90:c1:21:f0:dd:b8:5c:20:66:61:c6:65:3d:e7:60:50:50:6c:2c:90:21:bc:01:87:2c:31:22:d6:6e:ba:2e:94:98:05:31:33:06:4a:1a:2b:a1:d4:35:29:80:10:45:2b:44:c0:80:13:c1:73:15:0d:97:d6:df:af:a6:cb:84:48:0f:5c:f1:f5:18:2d:6b:58:41:d3:b9:c4:6d:43:c5:7c:56:b0:d0:9c:a5:84:f3:eb:23:dc:e6:57:8a:50:e7:85:59:04:67:d0:80:76:f2:06:e9:ed:7e:31:fc:03:d2:86:40:1b:8f" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:30.445098000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493770.445098000", - "frame.time_delta": "0.031146000", - "frame.time_delta_displayed": "0.031146000", - "frame.time_relative": "178.984412000", - "frame.number": "369", - "frame.len": "168", - "frame.cap_len": "168", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "154", - "ip.id": "0x000020d3", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e771", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "52117", - "udp.dstport": "1900", - "udp.port": "52117", - "udp.port": "1900", - "udp.length": "134", - "udp.checksum": "0x00004d48", - "udp.checksum.status": "2", - "udp.stream": "10" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "2", - "http.prev_request_in": "65" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:30.504716000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493770.504716000", - "frame.time_delta": "0.059618000", - "frame.time_delta_displayed": "0.059618000", - "frame.time_relative": "179.044030000", - "frame.number": "370", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002bf9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003957", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "560", - "tcp.nxtseq": "607", - "tcp.ack": "4177", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000239e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9b:aa:2e:00:24:f6:d3", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2811996718, TSecr 2422483": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2811996718", - "tcp.options.timestamp.tsecr": "2422483" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "368", - "tcp.analysis.ack_rtt": "0.090764000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:35:a2:e2:27:9f:72:2b:de:c7:85:93:50:0b:c4:cd:d4:fd:a9:4a:fa:c1:3c:9f:8d:30:ca:f0:78:5a:0d:bd:75:89:b8:dd" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:30.505206000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493770.505206000", - "frame.time_delta": "0.000490000", - "frame.time_delta_displayed": "0.000490000", - "frame.time_relative": "179.044520000", - "frame.number": "371", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x000094fe", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007881", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "4177", - "tcp.ack": "607", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f3e7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:24:f6:dc:a7:9b:aa:2e", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2422492, TSecr 2811996718": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2422492", - "tcp.options.timestamp.tsecr": "2811996718" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "370", - "tcp.analysis.ack_rtt": "0.000490000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:30.556239000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493770.556239000", - "frame.time_delta": "0.051033000", - "frame.time_delta_displayed": "0.051033000", - "frame.time_relative": "179.095553000", - "frame.number": "372", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001cf3", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000bafd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00000ba6", - "udp.checksum.status": "2", - "udp.stream": "16" - }, - "mdns": { - "dns.id": "0x0000025e", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=606", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:30.556797000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493770.556797000", - "frame.time_delta": "0.000558000", - "frame.time_delta_displayed": "0.000558000", - "frame.time_relative": "179.096111000", - "frame.number": "373", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001cf4", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009bf8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000eca1", - "udp.checksum.status": "2", - "udp.stream": "17" - }, - "mdns": { - "dns.id": "0x0000025e", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=606", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:30.557392000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493770.557392000", - "frame.time_delta": "0.000595000", - "frame.time_delta_displayed": "0.000595000", - "frame.time_relative": "179.096706000", - "frame.number": "374", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1319", - "udp.dstport": "5353", - "udp.port": "1319", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00007a67", - "udp.checksum.status": "2", - "udp.stream": "18" - }, - "mdns": { - "dns.id": "0x0000025e", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=606", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:30.914407000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493770.914407000", - "frame.time_delta": "0.357015000", - "frame.time_delta_displayed": "0.357015000", - "frame.time_relative": "179.453721000", - "frame.number": "375", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000ffc7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000b783", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "305", - "udp.checksum": "0x0000f985", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "7", - "http.prev_response_in": "123" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:30.917678000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493770.917678000", - "frame.time_delta": "0.003271000", - "frame.time_delta_displayed": "0.003271000", - "frame.time_relative": "179.456992000", - "frame.number": "376", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000188c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005fdb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54507", - "tcp.dstport": "80", - "tcp.port": "54507", - "tcp.port": "80", - "tcp.stream": "13", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x0000e530", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:30.918216000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493770.918216000", - "frame.time_delta": "0.000538000", - "frame.time_delta_displayed": "0.000538000", - "frame.time_relative": "179.457530000", - "frame.number": "377", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54507", - "tcp.port": "80", - "tcp.port": "54507", - "tcp.stream": "13", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00008a7f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "376", - "tcp.analysis.ack_rtt": "0.000538000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:30.920459000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493770.920459000", - "frame.time_delta": "0.002243000", - "frame.time_delta_displayed": "0.002243000", - "frame.time_relative": "179.459773000", - "frame.number": "378", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000188d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005fe6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54507", - "tcp.dstport": "80", - "tcp.port": "54507", - "tcp.port": "80", - "tcp.stream": "13", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00003c5e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "377", - "tcp.analysis.ack_rtt": "0.002243000", - "tcp.analysis.initial_rtt": "0.002781000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:30.921146000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493770.921146000", - "frame.time_delta": "0.000687000", - "frame.time_delta_displayed": "0.000687000", - "frame.time_relative": "179.460460000", - "frame.number": "379", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x0000188e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f3e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54507", - "tcp.dstport": "80", - "tcp.port": "54507", - "tcp.port": "80", - "tcp.stream": "13", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000051d7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002781000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:30.921644000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493770.921644000", - "frame.time_delta": "0.000498000", - "frame.time_delta_displayed": "0.000498000", - "frame.time_relative": "179.460958000", - "frame.number": "380", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d48d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e3e5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54507", - "tcp.port": "80", - "tcp.port": "54507", - "tcp.stream": "13", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00002def", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "379", - "tcp.analysis.ack_rtt": "0.000498000", - "tcp.analysis.initial_rtt": "0.002781000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:30.922219000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493770.922219000", - "frame.time_delta": "0.000575000", - "frame.time_delta_displayed": "0.000575000", - "frame.time_relative": "179.461533000", - "frame.number": "381", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000d48e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e3d3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54507", - "tcp.port": "80", - "tcp.port": "54507", - "tcp.stream": "13", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00006e10", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002781000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:30.922581000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493770.922581000", - "frame.time_delta": "0.000362000", - "frame.time_delta_displayed": "0.000362000", - "frame.time_relative": "179.461895000", - "frame.number": "382", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000d48f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e000", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54507", - "tcp.port": "80", - "tcp.port": "54507", - "tcp.stream": "13", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000c079", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002781000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "381", - "tcp.segment": "382", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001435000", - "http.request_in": "379", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:30.925692000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493770.925692000", - "frame.time_delta": "0.003111000", - "frame.time_delta_displayed": "0.003111000", - "frame.time_relative": "179.465006000", - "frame.number": "383", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000188f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005fe4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54507", - "tcp.dstport": "80", - "tcp.port": "54507", - "tcp.port": "80", - "tcp.stream": "13", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000037c6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "382", - "tcp.analysis.ack_rtt": "0.003111000", - "tcp.analysis.initial_rtt": "0.002781000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:30.926934000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493770.926934000", - "frame.time_delta": "0.001242000", - "frame.time_delta_displayed": "0.001242000", - "frame.time_relative": "179.466248000", - "frame.number": "384", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001890", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005fe3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54507", - "tcp.dstport": "80", - "tcp.port": "54507", - "tcp.port": "80", - "tcp.stream": "13", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000037c5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:30.927390000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493770.927390000", - "frame.time_delta": "0.000456000", - "frame.time_delta_displayed": "0.000456000", - "frame.time_relative": "179.466704000", - "frame.number": "385", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000cad5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ed9d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54507", - "tcp.port": "80", - "tcp.port": "54507", - "tcp.stream": "13", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000029f9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "384", - "tcp.analysis.ack_rtt": "0.000456000", - "tcp.analysis.initial_rtt": "0.002781000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:30.967256000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493770.967256000", - "frame.time_delta": "0.039866000", - "frame.time_delta_displayed": "0.039866000", - "frame.time_relative": "179.506570000", - "frame.number": "386", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000ffc8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000b779", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "314", - "udp.checksum": "0x00000771", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "8", - "http.prev_response_in": "375" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:30.971207000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493770.971207000", - "frame.time_delta": "0.003951000", - "frame.time_delta_displayed": "0.003951000", - "frame.time_relative": "179.510521000", - "frame.number": "387", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001891", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005fd6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54508", - "tcp.dstport": "80", - "tcp.port": "54508", - "tcp.port": "80", - "tcp.stream": "14", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x000000db", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:30.971749000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493770.971749000", - "frame.time_delta": "0.000542000", - "frame.time_delta_displayed": "0.000542000", - "frame.time_relative": "179.511063000", - "frame.number": "388", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54508", - "tcp.port": "80", - "tcp.port": "54508", - "tcp.stream": "14", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000e8cb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "387", - "tcp.analysis.ack_rtt": "0.000542000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:30.974505000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493770.974505000", - "frame.time_delta": "0.002756000", - "frame.time_delta_displayed": "0.002756000", - "frame.time_relative": "179.513819000", - "frame.number": "389", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001892", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005fe1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54508", - "tcp.dstport": "80", - "tcp.port": "54508", - "tcp.port": "80", - "tcp.stream": "14", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00009aaa", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "388", - "tcp.analysis.ack_rtt": "0.002756000", - "tcp.analysis.initial_rtt": "0.003298000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:30.975070000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493770.975070000", - "frame.time_delta": "0.000565000", - "frame.time_delta_displayed": "0.000565000", - "frame.time_relative": "179.514384000", - "frame.number": "390", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001893", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f39", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54508", - "tcp.dstport": "80", - "tcp.port": "54508", - "tcp.port": "80", - "tcp.stream": "14", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000b023", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003298000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:30.975540000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493770.975540000", - "frame.time_delta": "0.000470000", - "frame.time_delta_displayed": "0.000470000", - "frame.time_relative": "179.514854000", - "frame.number": "391", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000067f7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000507c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54508", - "tcp.port": "80", - "tcp.port": "54508", - "tcp.stream": "14", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00008c3b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "390", - "tcp.analysis.ack_rtt": "0.000470000", - "tcp.analysis.initial_rtt": "0.003298000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:30.976188000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493770.976188000", - "frame.time_delta": "0.000648000", - "frame.time_delta_displayed": "0.000648000", - "frame.time_relative": "179.515502000", - "frame.number": "392", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x000067f8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000506a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54508", - "tcp.port": "80", - "tcp.port": "54508", - "tcp.stream": "14", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000cc5c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003298000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:30.976648000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493770.976648000", - "frame.time_delta": "0.000460000", - "frame.time_delta_displayed": "0.000460000", - "frame.time_relative": "179.515962000", - "frame.number": "393", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x000067f9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004c97", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54508", - "tcp.port": "80", - "tcp.port": "54508", - "tcp.stream": "14", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00001ec6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003298000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "392", - "tcp.segment": "393", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001578000", - "http.request_in": "390", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:30.980731000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493770.980731000", - "frame.time_delta": "0.004083000", - "frame.time_delta_displayed": "0.004083000", - "frame.time_relative": "179.520045000", - "frame.number": "394", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001894", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005fdf", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54508", - "tcp.dstport": "80", - "tcp.port": "54508", - "tcp.port": "80", - "tcp.stream": "14", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00009612", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "393", - "tcp.analysis.ack_rtt": "0.004083000", - "tcp.analysis.initial_rtt": "0.003298000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:30.981178000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493770.981178000", - "frame.time_delta": "0.000447000", - "frame.time_delta_displayed": "0.000447000", - "frame.time_relative": "179.520492000", - "frame.number": "395", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x000067fa", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004c96", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54508", - "tcp.port": "80", - "tcp.port": "54508", - "tcp.stream": "14", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00001ec6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003298000", - "tcp.analysis.bytes_in_flight": "996", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.spurious_retransmission": "", - "_ws.expert.message": "This frame is a (suspected) spurious retransmission", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - }, - "_ws.expert": { - "tcp.analysis.retransmission": "", - "_ws.expert.message": "This frame is a (suspected) retransmission", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - }, - "_ws.malformed": { - "_ws.expert": { - "_ws.malformed.reassembly": "", - "_ws.expert.message": "New fragment overlaps old data (retransmission?)", - "_ws.expert.severity": "8388608", - "_ws.expert.group": "117440512" - }, - "_ws.malformed": "Malformed Packet" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:30.981397000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493770.981397000", - "frame.time_delta": "0.000219000", - "frame.time_delta_displayed": "0.000219000", - "frame.time_relative": "179.520711000", - "frame.number": "396", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001895", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005fde", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54508", - "tcp.dstport": "80", - "tcp.port": "54508", - "tcp.port": "80", - "tcp.stream": "14", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00009611", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "395", - "tcp.analysis.ack_rtt": "0.000219000", - "tcp.analysis.initial_rtt": "0.003298000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:30.981808000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493770.981808000", - "frame.time_delta": "0.000411000", - "frame.time_delta_displayed": "0.000411000", - "frame.time_relative": "179.521122000", - "frame.number": "397", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000cad9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ed99", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54508", - "tcp.port": "80", - "tcp.port": "54508", - "tcp.stream": "14", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00008845", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "396", - "tcp.analysis.ack_rtt": "0.000411000", - "tcp.analysis.initial_rtt": "0.003298000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:30.984260000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493770.984260000", - "frame.time_delta": "0.002452000", - "frame.time_delta_displayed": "0.002452000", - "frame.time_relative": "179.523574000", - "frame.number": "398", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001896", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005fd1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54508", - "tcp.dstport": "80", - "tcp.port": "54508", - "tcp.port": "80", - "tcp.stream": "14", - "tcp.len": "0", - "tcp.seq": "169", - "tcp.ack": "1014", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00001a2c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:05:0a:c1:ab:df:49:c1:ab:e3:2c", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "SACK: 18-1013": { - "tcp.option_kind": "5", - "tcp.option_len": "10", - "tcp.options.sack": "1", - "tcp.options.sack_le": "18", - "tcp.options.sack_re": "1013", - "tcp.options.sack.count": "1" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003298000", - "tcp.analysis.flags": { - "tcp.analysis.duplicate_ack": "" - }, - "tcp.analysis.duplicate_ack_num": "1", - "tcp.analysis.duplicate_ack_frame": "394", - "tcp.analysis.duplicate_ack_frame_tree": { - "_ws.expert": { - "tcp.analysis.duplicate_ack": "", - "_ws.expert.message": "Duplicate ACK (#1)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:31.020212000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493771.020212000", - "frame.time_delta": "0.035952000", - "frame.time_delta_displayed": "0.035952000", - "frame.time_relative": "179.559526000", - "frame.number": "399", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000ffcb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000b77c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "308", - "udp.checksum": "0x00002afb", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "9", - "http.prev_response_in": "386" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:31.032595000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493771.032595000", - "frame.time_delta": "0.012383000", - "frame.time_delta_displayed": "0.012383000", - "frame.time_relative": "179.571909000", - "frame.number": "400", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001897", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005fd0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54509", - "tcp.dstport": "80", - "tcp.port": "54509", - "tcp.port": "80", - "tcp.stream": "15", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x0000cf72", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:31.033156000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493771.033156000", - "frame.time_delta": "0.000561000", - "frame.time_delta_displayed": "0.000561000", - "frame.time_relative": "179.572470000", - "frame.number": "401", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54509", - "tcp.port": "80", - "tcp.port": "54509", - "tcp.stream": "15", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00002d5e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "400", - "tcp.analysis.ack_rtt": "0.000561000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:31.038332000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493771.038332000", - "frame.time_delta": "0.005176000", - "frame.time_delta_displayed": "0.005176000", - "frame.time_relative": "179.577646000", - "frame.number": "402", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001898", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005fdb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54509", - "tcp.dstport": "80", - "tcp.port": "54509", - "tcp.port": "80", - "tcp.stream": "15", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000df3c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "401", - "tcp.analysis.ack_rtt": "0.005176000", - "tcp.analysis.initial_rtt": "0.005737000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:31.039604000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493771.039604000", - "frame.time_delta": "0.001272000", - "frame.time_delta_displayed": "0.001272000", - "frame.time_relative": "179.578918000", - "frame.number": "403", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001899", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f33", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54509", - "tcp.dstport": "80", - "tcp.port": "54509", - "tcp.port": "80", - "tcp.stream": "15", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000f4b5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005737000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:31.040166000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493771.040166000", - "frame.time_delta": "0.000562000", - "frame.time_delta_displayed": "0.000562000", - "frame.time_relative": "179.579480000", - "frame.number": "404", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000b8c2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ffb0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54509", - "tcp.port": "80", - "tcp.port": "54509", - "tcp.stream": "15", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000d0cd", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "403", - "tcp.analysis.ack_rtt": "0.000562000", - "tcp.analysis.initial_rtt": "0.005737000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:31.040671000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493771.040671000", - "frame.time_delta": "0.000505000", - "frame.time_delta_displayed": "0.000505000", - "frame.time_relative": "179.579985000", - "frame.number": "405", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000b8c3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ff9e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54509", - "tcp.port": "80", - "tcp.port": "54509", - "tcp.stream": "15", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000010ef", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005737000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:31.041022000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493771.041022000", - "frame.time_delta": "0.000351000", - "frame.time_delta_displayed": "0.000351000", - "frame.time_relative": "179.580336000", - "frame.number": "406", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000b8c4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000fbcb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54509", - "tcp.port": "80", - "tcp.port": "54509", - "tcp.stream": "15", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00006358", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005737000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "405", - "tcp.segment": "406", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001418000", - "http.request_in": "403", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:31.041033000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493771.041033000", - "frame.time_delta": "0.000011000", - "frame.time_delta_displayed": "0.000011000", - "frame.time_relative": "179.580347000", - "frame.number": "407", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000b8c5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000fbca", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54509", - "tcp.port": "80", - "tcp.port": "54509", - "tcp.stream": "15", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00006358", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005737000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.out_of_order": "", - "_ws.expert.message": "This frame is a (suspected) out-of-order segment", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - } - } - }, - "_ws.malformed": { - "_ws.expert": { - "_ws.malformed.reassembly": "", - "_ws.expert.message": "New fragment overlaps old data (retransmission?)", - "_ws.expert.severity": "8388608", - "_ws.expert.group": "117440512" - }, - "_ws.malformed": "Malformed Packet" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:31.045879000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493771.045879000", - "frame.time_delta": "0.004846000", - "frame.time_delta_displayed": "0.004846000", - "frame.time_relative": "179.585193000", - "frame.number": "408", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000189a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005fcd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54509", - "tcp.dstport": "80", - "tcp.port": "54509", - "tcp.port": "80", - "tcp.stream": "15", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00004ab4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:05:0a:2a:d3:00:28:2a:d3:04:0b", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "SACK: 18-1013": { - "tcp.option_kind": "5", - "tcp.option_len": "10", - "tcp.options.sack": "1", - "tcp.options.sack_le": "18", - "tcp.options.sack_re": "1013", - "tcp.options.sack.count": "1" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "406", - "tcp.analysis.ack_rtt": "0.004857000", - "tcp.analysis.initial_rtt": "0.005737000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:31.046468000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493771.046468000", - "frame.time_delta": "0.000589000", - "frame.time_delta_displayed": "0.000589000", - "frame.time_relative": "179.585782000", - "frame.number": "409", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000189b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005fd8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54509", - "tcp.dstport": "80", - "tcp.port": "54509", - "tcp.port": "80", - "tcp.stream": "15", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000daa3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:31.046917000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493771.046917000", - "frame.time_delta": "0.000449000", - "frame.time_delta_displayed": "0.000449000", - "frame.time_relative": "179.586231000", - "frame.number": "410", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000cadb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ed97", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54509", - "tcp.port": "80", - "tcp.port": "54509", - "tcp.stream": "15", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000ccd7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "409", - "tcp.analysis.ack_rtt": "0.000449000", - "tcp.analysis.initial_rtt": "0.005737000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:31.967526000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493771.967526000", - "frame.time_delta": "0.920609000", - "frame.time_delta_displayed": "0.920609000", - "frame.time_relative": "180.506840000", - "frame.number": "411", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000ffec", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000b75e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "305", - "udp.checksum": "0x0000f985", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "10", - "http.prev_response_in": "399" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:31.971736000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493771.971736000", - "frame.time_delta": "0.004210000", - "frame.time_delta_displayed": "0.004210000", - "frame.time_relative": "180.511050000", - "frame.number": "412", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000189c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005fcb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54510", - "tcp.dstport": "80", - "tcp.port": "54510", - "tcp.port": "80", - "tcp.stream": "16", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x0000bab9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:31.972272000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493771.972272000", - "frame.time_delta": "0.000536000", - "frame.time_delta_displayed": "0.000536000", - "frame.time_relative": "180.511586000", - "frame.number": "413", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54510", - "tcp.port": "80", - "tcp.port": "54510", - "tcp.stream": "16", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000159d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "412", - "tcp.analysis.ack_rtt": "0.000536000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:31.974482000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493771.974482000", - "frame.time_delta": "0.002210000", - "frame.time_delta_displayed": "0.002210000", - "frame.time_relative": "180.513796000", - "frame.number": "414", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000189d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005fd6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54510", - "tcp.dstport": "80", - "tcp.port": "54510", - "tcp.port": "80", - "tcp.stream": "16", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000c77b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "413", - "tcp.analysis.ack_rtt": "0.002210000", - "tcp.analysis.initial_rtt": "0.002746000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:31.975370000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493771.975370000", - "frame.time_delta": "0.000888000", - "frame.time_delta_displayed": "0.000888000", - "frame.time_relative": "180.514684000", - "frame.number": "415", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x0000189e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f2e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54510", - "tcp.dstport": "80", - "tcp.port": "54510", - "tcp.port": "80", - "tcp.stream": "16", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000dcf4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002746000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:31.975855000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493771.975855000", - "frame.time_delta": "0.000485000", - "frame.time_delta_displayed": "0.000485000", - "frame.time_relative": "180.515169000", - "frame.number": "416", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00008f79", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000028fa", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54510", - "tcp.port": "80", - "tcp.port": "54510", - "tcp.stream": "16", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000b90c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "415", - "tcp.analysis.ack_rtt": "0.000485000", - "tcp.analysis.initial_rtt": "0.002746000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:31.976429000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493771.976429000", - "frame.time_delta": "0.000574000", - "frame.time_delta_displayed": "0.000574000", - "frame.time_relative": "180.515743000", - "frame.number": "417", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00008f7a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000028e8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54510", - "tcp.port": "80", - "tcp.port": "54510", - "tcp.stream": "16", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000f92d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002746000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:31.976782000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493771.976782000", - "frame.time_delta": "0.000353000", - "frame.time_delta_displayed": "0.000353000", - "frame.time_relative": "180.516096000", - "frame.number": "418", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00008f7b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00002515", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54510", - "tcp.port": "80", - "tcp.port": "54510", - "tcp.stream": "16", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00004b97", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002746000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "417", - "tcp.segment": "418", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001412000", - "http.request_in": "415", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:31.979768000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493771.979768000", - "frame.time_delta": "0.002986000", - "frame.time_delta_displayed": "0.002986000", - "frame.time_relative": "180.519082000", - "frame.number": "419", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000189f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005fd4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54510", - "tcp.dstport": "80", - "tcp.port": "54510", - "tcp.port": "80", - "tcp.stream": "16", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000c2e3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "418", - "tcp.analysis.ack_rtt": "0.002986000", - "tcp.analysis.initial_rtt": "0.002746000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:31.980445000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493771.980445000", - "frame.time_delta": "0.000677000", - "frame.time_delta_displayed": "0.000677000", - "frame.time_relative": "180.519759000", - "frame.number": "420", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000018a0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005fd3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54510", - "tcp.dstport": "80", - "tcp.port": "54510", - "tcp.port": "80", - "tcp.stream": "16", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000c2e2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:31.980880000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493771.980880000", - "frame.time_delta": "0.000435000", - "frame.time_delta_displayed": "0.000435000", - "frame.time_relative": "180.520194000", - "frame.number": "421", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000caeb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ed87", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54510", - "tcp.port": "80", - "tcp.port": "54510", - "tcp.stream": "16", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000b516", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "420", - "tcp.analysis.ack_rtt": "0.000435000", - "tcp.analysis.initial_rtt": "0.002746000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:32.020436000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493772.020436000", - "frame.time_delta": "0.039556000", - "frame.time_delta_displayed": "0.039556000", - "frame.time_relative": "180.559750000", - "frame.number": "422", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000fff0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000b751", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "314", - "udp.checksum": "0x00000771", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "11", - "http.prev_response_in": "411" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:32.034813000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493772.034813000", - "frame.time_delta": "0.014377000", - "frame.time_delta_displayed": "0.014377000", - "frame.time_relative": "180.574127000", - "frame.number": "423", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x000018a1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005fc6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54511", - "tcp.dstport": "80", - "tcp.port": "54511", - "tcp.port": "80", - "tcp.stream": "17", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x0000f430", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:32.035364000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493772.035364000", - "frame.time_delta": "0.000551000", - "frame.time_delta_displayed": "0.000551000", - "frame.time_relative": "180.574678000", - "frame.number": "424", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54511", - "tcp.port": "80", - "tcp.port": "54511", - "tcp.stream": "17", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00003422", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "423", - "tcp.analysis.ack_rtt": "0.000551000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:32.037976000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493772.037976000", - "frame.time_delta": "0.002612000", - "frame.time_delta_displayed": "0.002612000", - "frame.time_relative": "180.577290000", - "frame.number": "425", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000018a2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005fd1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54511", - "tcp.dstport": "80", - "tcp.port": "54511", - "tcp.port": "80", - "tcp.stream": "17", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000e600", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "424", - "tcp.analysis.ack_rtt": "0.002612000", - "tcp.analysis.initial_rtt": "0.003163000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:32.038654000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493772.038654000", - "frame.time_delta": "0.000678000", - "frame.time_delta_displayed": "0.000678000", - "frame.time_relative": "180.577968000", - "frame.number": "426", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x000018a3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f29", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54511", - "tcp.dstport": "80", - "tcp.port": "54511", - "tcp.port": "80", - "tcp.stream": "17", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000fb79", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003163000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:32.039145000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493772.039145000", - "frame.time_delta": "0.000491000", - "frame.time_delta_displayed": "0.000491000", - "frame.time_relative": "180.578459000", - "frame.number": "427", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000abc0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000cb3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54511", - "tcp.port": "80", - "tcp.port": "54511", - "tcp.stream": "17", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000d791", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "426", - "tcp.analysis.ack_rtt": "0.000491000", - "tcp.analysis.initial_rtt": "0.003163000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:32.039714000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493772.039714000", - "frame.time_delta": "0.000569000", - "frame.time_delta_displayed": "0.000569000", - "frame.time_relative": "180.579028000", - "frame.number": "428", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000abc1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000ca1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54511", - "tcp.port": "80", - "tcp.port": "54511", - "tcp.stream": "17", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000017b3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003163000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:32.040174000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493772.040174000", - "frame.time_delta": "0.000460000", - "frame.time_delta_displayed": "0.000460000", - "frame.time_relative": "180.579488000", - "frame.number": "429", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000abc2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000008ce", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54511", - "tcp.port": "80", - "tcp.port": "54511", - "tcp.stream": "17", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00006a1c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003163000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "428", - "tcp.segment": "429", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001520000", - "http.request_in": "426", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:32.041157000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493772.041157000", - "frame.time_delta": "0.000983000", - "frame.time_delta_displayed": "0.000983000", - "frame.time_relative": "180.580471000", - "frame.number": "430", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000abc3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000008cd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54511", - "tcp.port": "80", - "tcp.port": "54511", - "tcp.stream": "17", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00006a1c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003163000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.out_of_order": "", - "_ws.expert.message": "This frame is a (suspected) out-of-order segment", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - } - } - }, - "_ws.malformed": { - "_ws.expert": { - "_ws.malformed.reassembly": "", - "_ws.expert.message": "New fragment overlaps old data (retransmission?)", - "_ws.expert.severity": "8388608", - "_ws.expert.group": "117440512" - }, - "_ws.malformed": "Malformed Packet" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:32.043569000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493772.043569000", - "frame.time_delta": "0.002412000", - "frame.time_delta_displayed": "0.002412000", - "frame.time_relative": "180.582883000", - "frame.number": "431", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000018a4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005fcf", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54511", - "tcp.dstport": "80", - "tcp.port": "54511", - "tcp.port": "80", - "tcp.stream": "17", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000e168", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "429", - "tcp.analysis.ack_rtt": "0.003395000", - "tcp.analysis.initial_rtt": "0.003163000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:32.044241000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493772.044241000", - "frame.time_delta": "0.000672000", - "frame.time_delta_displayed": "0.000672000", - "frame.time_relative": "180.583555000", - "frame.number": "432", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000018a5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005fce", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54511", - "tcp.dstport": "80", - "tcp.port": "54511", - "tcp.port": "80", - "tcp.stream": "17", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000e167", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:32.044677000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493772.044677000", - "frame.time_delta": "0.000436000", - "frame.time_delta_displayed": "0.000436000", - "frame.time_relative": "180.583991000", - "frame.number": "433", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000caf0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ed82", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54511", - "tcp.port": "80", - "tcp.port": "54511", - "tcp.stream": "17", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000d39b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "432", - "tcp.analysis.ack_rtt": "0.000436000", - "tcp.analysis.initial_rtt": "0.003163000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:32.044918000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493772.044918000", - "frame.time_delta": "0.000241000", - "frame.time_delta_displayed": "0.000241000", - "frame.time_relative": "180.584232000", - "frame.number": "434", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x000018a6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005fc1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54511", - "tcp.dstport": "80", - "tcp.port": "54511", - "tcp.port": "80", - "tcp.stream": "17", - "tcp.len": "0", - "tcp.seq": "169", - "tcp.ack": "1014", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00001583", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:05:0a:35:eb:13:0a:35:eb:16:ed", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "SACK: 18-1013": { - "tcp.option_kind": "5", - "tcp.option_len": "10", - "tcp.options.sack": "1", - "tcp.options.sack_le": "18", - "tcp.options.sack_re": "1013", - "tcp.options.sack.count": "1" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003163000", - "tcp.analysis.flags": { - "tcp.analysis.duplicate_ack": "" - }, - "tcp.analysis.duplicate_ack_num": "1", - "tcp.analysis.duplicate_ack_frame": "431", - "tcp.analysis.duplicate_ack_frame_tree": { - "_ws.expert": { - "tcp.analysis.duplicate_ack": "", - "_ws.expert.message": "Duplicate ACK (#1)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:32.073404000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493772.073404000", - "frame.time_delta": "0.028486000", - "frame.time_delta_displayed": "0.028486000", - "frame.time_relative": "180.612718000", - "frame.number": "435", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000fff3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000b754", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "308", - "udp.checksum": "0x00002afb", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "12", - "http.prev_response_in": "422" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:32.079234000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493772.079234000", - "frame.time_delta": "0.005830000", - "frame.time_delta_displayed": "0.005830000", - "frame.time_relative": "180.618548000", - "frame.number": "436", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x000018a7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005fc0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54512", - "tcp.dstport": "80", - "tcp.port": "54512", - "tcp.port": "80", - "tcp.stream": "18", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x00005610", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:32.079774000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493772.079774000", - "frame.time_delta": "0.000540000", - "frame.time_delta_displayed": "0.000540000", - "frame.time_relative": "180.619088000", - "frame.number": "437", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54512", - "tcp.port": "80", - "tcp.port": "54512", - "tcp.stream": "18", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000b729", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "436", - "tcp.analysis.ack_rtt": "0.000540000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:32.082888000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493772.082888000", - "frame.time_delta": "0.003114000", - "frame.time_delta_displayed": "0.003114000", - "frame.time_relative": "180.622202000", - "frame.number": "438", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000018a8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005fcb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54512", - "tcp.dstport": "80", - "tcp.port": "54512", - "tcp.port": "80", - "tcp.stream": "18", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00006908", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "437", - "tcp.analysis.ack_rtt": "0.003114000", - "tcp.analysis.initial_rtt": "0.003654000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:32.083493000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493772.083493000", - "frame.time_delta": "0.000605000", - "frame.time_delta_displayed": "0.000605000", - "frame.time_relative": "180.622807000", - "frame.number": "439", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x000018a9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f23", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54512", - "tcp.dstport": "80", - "tcp.port": "54512", - "tcp.port": "80", - "tcp.stream": "18", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00007e81", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003654000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:32.084248000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493772.084248000", - "frame.time_delta": "0.000755000", - "frame.time_delta_displayed": "0.000755000", - "frame.time_relative": "180.623562000", - "frame.number": "440", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005ffb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005878", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54512", - "tcp.port": "80", - "tcp.port": "54512", - "tcp.stream": "18", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00005a99", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "439", - "tcp.analysis.ack_rtt": "0.000755000", - "tcp.analysis.initial_rtt": "0.003654000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:32.084818000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493772.084818000", - "frame.time_delta": "0.000570000", - "frame.time_delta_displayed": "0.000570000", - "frame.time_relative": "180.624132000", - "frame.number": "441", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00005ffc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005866", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54512", - "tcp.port": "80", - "tcp.port": "54512", - "tcp.stream": "18", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00009aba", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003654000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:32.085168000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493772.085168000", - "frame.time_delta": "0.000350000", - "frame.time_delta_displayed": "0.000350000", - "frame.time_relative": "180.624482000", - "frame.number": "442", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00005ffd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005493", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54512", - "tcp.port": "80", - "tcp.port": "54512", - "tcp.stream": "18", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000ed23", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003654000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "441", - "tcp.segment": "442", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001675000", - "http.request_in": "439", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:32.087332000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493772.087332000", - "frame.time_delta": "0.002164000", - "frame.time_delta_displayed": "0.002164000", - "frame.time_relative": "180.626646000", - "frame.number": "443", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000018aa", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005fc9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54512", - "tcp.dstport": "80", - "tcp.port": "54512", - "tcp.port": "80", - "tcp.stream": "18", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00006470", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "442", - "tcp.analysis.ack_rtt": "0.002164000", - "tcp.analysis.initial_rtt": "0.003654000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:32.088336000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493772.088336000", - "frame.time_delta": "0.001004000", - "frame.time_delta_displayed": "0.001004000", - "frame.time_relative": "180.627650000", - "frame.number": "444", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000018ab", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005fc8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54512", - "tcp.dstport": "80", - "tcp.port": "54512", - "tcp.port": "80", - "tcp.stream": "18", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000646f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:32.088769000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493772.088769000", - "frame.time_delta": "0.000433000", - "frame.time_delta_displayed": "0.000433000", - "frame.time_relative": "180.628083000", - "frame.number": "445", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000caf3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ed7f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54512", - "tcp.port": "80", - "tcp.port": "54512", - "tcp.stream": "18", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000056a3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "444", - "tcp.analysis.ack_rtt": "0.000433000", - "tcp.analysis.initial_rtt": "0.003654000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:32.343033000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493772.343033000", - "frame.time_delta": "0.254264000", - "frame.time_delta_displayed": "0.254264000", - "frame.time_relative": "180.882347000", - "frame.number": "446", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "60:f1:89:96:45:f6", - "arp.src.proto_ipv4": "192.168.0.86", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:34.621085000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493774.621085000", - "frame.time_delta": "2.278052000", - "frame.time_delta_displayed": "2.278052000", - "frame.time_relative": "183.160399000", - "frame.number": "447", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000057d5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a6bc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "41", - "tcp.ack": "37", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00000673", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive": "", - "_ws.expert.message": "TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:34.764961000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493774.764961000", - "frame.time_delta": "0.143876000", - "frame.time_delta_displayed": "0.143876000", - "frame.time_relative": "183.304275000", - "frame.number": "448", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000fc7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fdca", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "37", - "tcp.ack": "42", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000010e8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive_ack": "", - "_ws.expert.message": "ACK to a TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:35.556540000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493775.556540000", - "frame.time_delta": "0.791579000", - "frame.time_delta_displayed": "0.791579000", - "frame.time_relative": "184.095854000", - "frame.number": "449", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001cf5", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000bafb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00000ba6", - "udp.checksum.status": "2", - "udp.stream": "16" - }, - "mdns": { - "dns.id": "0x0000025e", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=606", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:35.557106000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493775.557106000", - "frame.time_delta": "0.000566000", - "frame.time_delta_displayed": "0.000566000", - "frame.time_relative": "184.096420000", - "frame.number": "450", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001cf6", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009bf6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000eca1", - "udp.checksum.status": "2", - "udp.stream": "17" - }, - "mdns": { - "dns.id": "0x0000025e", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=606", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:35.557675000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493775.557675000", - "frame.time_delta": "0.000569000", - "frame.time_delta_displayed": "0.000569000", - "frame.time_relative": "184.096989000", - "frame.number": "451", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1319", - "udp.dstport": "5353", - "udp.port": "1319", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00007a67", - "udp.checksum.status": "2", - "udp.stream": "18" - }, - "mdns": { - "dns.id": "0x0000025e", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=606", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:36.089770000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493776.089770000", - "frame.time_delta": "0.532095000", - "frame.time_delta_displayed": "0.532095000", - "frame.time_relative": "184.629084000", - "frame.number": "452", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005b1c", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x00005ccd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:36.688110000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493776.688110000", - "frame.time_delta": "0.598340000", - "frame.time_delta_displayed": "0.598340000", - "frame.time_relative": "185.227424000", - "frame.number": "453", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x000020d4", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e740", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "49589", - "udp.dstport": "1900", - "udp.port": "49589", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x000088a8", - "udp.checksum.status": "2", - "udp.stream": "25" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:37.345467000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493777.345467000", - "frame.time_delta": "0.657357000", - "frame.time_delta_displayed": "0.657357000", - "frame.time_relative": "185.884781000", - "frame.number": "454", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x000000b7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000b694", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "49589", - "udp.port": "1900", - "udp.port": "49589", - "udp.length": "305", - "udp.checksum": "0x00000366", - "udp.checksum.status": "2", - "udp.stream": "26" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:37.398228000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493777.398228000", - "frame.time_delta": "0.052761000", - "frame.time_delta_displayed": "0.052761000", - "frame.time_relative": "185.937542000", - "frame.number": "455", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x000000ba", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000b688", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "49589", - "udp.port": "1900", - "udp.port": "49589", - "udp.length": "314", - "udp.checksum": "0x00001151", - "udp.checksum.status": "2", - "udp.stream": "26" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "2", - "http.prev_response_in": "454" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:37.451104000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493777.451104000", - "frame.time_delta": "0.052876000", - "frame.time_delta_displayed": "0.052876000", - "frame.time_relative": "185.990418000", - "frame.number": "456", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x000000bb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000b68d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "49589", - "udp.port": "1900", - "udp.port": "49589", - "udp.length": "308", - "udp.checksum": "0x000034db", - "udp.checksum.status": "2", - "udp.stream": "26" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "3", - "http.prev_response_in": "455" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:37.688408000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493777.688408000", - "frame.time_delta": "0.237304000", - "frame.time_delta_displayed": "0.237304000", - "frame.time_relative": "186.227722000", - "frame.number": "457", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x000020d5", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e73f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "49589", - "udp.dstport": "1900", - "udp.port": "49589", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x000088a8", - "udp.checksum.status": "2", - "udp.stream": "25" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "2", - "http.prev_request_in": "453" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:38.397805000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493778.397805000", - "frame.time_delta": "0.709397000", - "frame.time_delta_displayed": "0.709397000", - "frame.time_relative": "186.937119000", - "frame.number": "458", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x000000cd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000b67e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "49589", - "udp.port": "1900", - "udp.port": "49589", - "udp.length": "305", - "udp.checksum": "0x00000366", - "udp.checksum.status": "2", - "udp.stream": "26" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "4", - "http.prev_response_in": "456" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:38.450817000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493778.450817000", - "frame.time_delta": "0.053012000", - "frame.time_delta_displayed": "0.053012000", - "frame.time_relative": "186.990131000", - "frame.number": "459", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x000000d0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000b672", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "49589", - "udp.port": "1900", - "udp.port": "49589", - "udp.length": "314", - "udp.checksum": "0x00001151", - "udp.checksum.status": "2", - "udp.stream": "26" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "5", - "http.prev_response_in": "458" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:38.503622000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493778.503622000", - "frame.time_delta": "0.052805000", - "frame.time_delta_displayed": "0.052805000", - "frame.time_relative": "187.042936000", - "frame.number": "460", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x000000d1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000b677", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "49589", - "udp.port": "1900", - "udp.port": "49589", - "udp.length": "308", - "udp.checksum": "0x000034db", - "udp.checksum.status": "2", - "udp.stream": "26" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "6", - "http.prev_response_in": "459" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:38.689768000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493778.689768000", - "frame.time_delta": "0.186146000", - "frame.time_delta_displayed": "0.186146000", - "frame.time_relative": "187.229082000", - "frame.number": "461", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x000020d6", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e73e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "49589", - "udp.dstport": "1900", - "udp.port": "49589", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x000088a8", - "udp.checksum.status": "2", - "udp.stream": "25" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "3", - "http.prev_request_in": "457" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:39.029338000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493779.029338000", - "frame.time_delta": "0.339570000", - "frame.time_delta_displayed": "0.339570000", - "frame.time_relative": "187.568652000", - "frame.number": "462", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x000000ed", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000b65e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "49589", - "udp.port": "1900", - "udp.port": "49589", - "udp.length": "305", - "udp.checksum": "0x00000366", - "udp.checksum.status": "2", - "udp.stream": "26" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "7", - "http.prev_response_in": "460" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:39.082095000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493779.082095000", - "frame.time_delta": "0.052757000", - "frame.time_delta_displayed": "0.052757000", - "frame.time_relative": "187.621409000", - "frame.number": "463", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x000000ee", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000b654", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "49589", - "udp.port": "1900", - "udp.port": "49589", - "udp.length": "314", - "udp.checksum": "0x00001151", - "udp.checksum.status": "2", - "udp.stream": "26" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "8", - "http.prev_response_in": "462" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:39.134816000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493779.134816000", - "frame.time_delta": "0.052721000", - "frame.time_delta_displayed": "0.052721000", - "frame.time_relative": "187.674130000", - "frame.number": "464", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x000000f3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000b655", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "49589", - "udp.port": "1900", - "udp.port": "49589", - "udp.length": "308", - "udp.checksum": "0x000034db", - "udp.checksum.status": "2", - "udp.stream": "26" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "9", - "http.prev_response_in": "463" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:39.630992000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493779.630992000", - "frame.time_delta": "0.496176000", - "frame.time_delta_displayed": "0.496176000", - "frame.time_relative": "188.170306000", - "frame.number": "465", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "00:17:88:69:ee:e4", - "arp.src.proto_ipv4": "192.168.0.160", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:39.631156000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493779.631156000", - "frame.time_delta": "0.000164000", - "frame.time_delta_displayed": "0.000164000", - "frame.time_relative": "188.170470000", - "frame.number": "466", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:17:88:69:ee:e4", - "arp.dst.proto_ipv4": "192.168.0.160" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:39.690358000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493779.690358000", - "frame.time_delta": "0.059202000", - "frame.time_delta_displayed": "0.059202000", - "frame.time_relative": "188.229672000", - "frame.number": "467", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x000020d7", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e73d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "49589", - "udp.dstport": "1900", - "udp.port": "49589", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x000088a8", - "udp.checksum.status": "2", - "udp.stream": "25" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "4", - "http.prev_request_in": "461" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:40.081841000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493780.081841000", - "frame.time_delta": "0.391483000", - "frame.time_delta_displayed": "0.391483000", - "frame.time_relative": "188.621155000", - "frame.number": "468", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00000102", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000b649", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "49589", - "udp.port": "1900", - "udp.port": "49589", - "udp.length": "305", - "udp.checksum": "0x00000366", - "udp.checksum.status": "2", - "udp.stream": "26" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "10", - "http.prev_response_in": "464" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:40.134613000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493780.134613000", - "frame.time_delta": "0.052772000", - "frame.time_delta_displayed": "0.052772000", - "frame.time_relative": "188.673927000", - "frame.number": "469", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00000105", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000b63d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "49589", - "udp.port": "1900", - "udp.port": "49589", - "udp.length": "314", - "udp.checksum": "0x00001151", - "udp.checksum.status": "2", - "udp.stream": "26" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "11", - "http.prev_response_in": "468" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:40.187388000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493780.187388000", - "frame.time_delta": "0.052775000", - "frame.time_delta_displayed": "0.052775000", - "frame.time_relative": "188.726702000", - "frame.number": "470", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00000106", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000b642", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "49589", - "udp.port": "1900", - "udp.port": "49589", - "udp.length": "308", - "udp.checksum": "0x000034db", - "udp.checksum.status": "2", - "udp.stream": "26" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "12", - "http.prev_response_in": "469" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:40.216252000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493780.216252000", - "frame.time_delta": "0.028864000", - "frame.time_delta_displayed": "0.028864000", - "frame.time_relative": "188.755566000", - "frame.number": "471", - "frame.len": "82", - "frame.cap_len": "82", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "68", - "ip.id": "0x00000a8c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ee34", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "48", - "udp.checksum": "0x0000764f", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "28:00:00:54:42:52:4b:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:00:c4:12:8c:3e:98:cc:f2:14:96:01:00:00:54:0b:00:00", - "data.len": "40" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:40.398037000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493780.398037000", - "frame.time_delta": "0.181785000", - "frame.time_delta_displayed": "0.181785000", - "frame.time_relative": "188.937351000", - "frame.number": "472", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00000111", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000b63a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "49589", - "udp.port": "1900", - "udp.port": "49589", - "udp.length": "305", - "udp.checksum": "0x00000366", - "udp.checksum.status": "2", - "udp.stream": "26" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "13", - "http.prev_response_in": "470" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:40.450772000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493780.450772000", - "frame.time_delta": "0.052735000", - "frame.time_delta_displayed": "0.052735000", - "frame.time_relative": "188.990086000", - "frame.number": "473", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00000114", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000b62e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "49589", - "udp.port": "1900", - "udp.port": "49589", - "udp.length": "314", - "udp.checksum": "0x00001151", - "udp.checksum.status": "2", - "udp.stream": "26" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "14", - "http.prev_response_in": "472" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:40.503650000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493780.503650000", - "frame.time_delta": "0.052878000", - "frame.time_delta_displayed": "0.052878000", - "frame.time_relative": "189.042964000", - "frame.number": "474", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00000117", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000b631", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "49589", - "udp.port": "1900", - "udp.port": "49589", - "udp.length": "308", - "udp.checksum": "0x000034db", - "udp.checksum.status": "2", - "udp.stream": "26" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "15", - "http.prev_response_in": "473" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:40.602573000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493780.602573000", - "frame.time_delta": "0.098923000", - "frame.time_delta_displayed": "0.098923000", - "frame.time_relative": "189.141887000", - "frame.number": "475", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x0000acbc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00000ba5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53598", - "udp.dstport": "53", - "udp.port": "53598", - "udp.port": "53", - "udp.length": "52", - "udp.checksum": "0x00006694", - "udp.checksum.status": "2", - "udp.stream": "27" - }, - "dns": { - "dns.id": "0x0000dea8", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "fw-update2.smartthings.com: type A, class IN": { - "dns.qry.name": "fw-update2.smartthings.com", - "dns.qry.name.len": "26", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:40.602590000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493780.602590000", - "frame.time_delta": "0.000017000", - "frame.time_delta_displayed": "0.000017000", - "frame.time_relative": "189.141904000", - "frame.number": "476", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x0000acbd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00000ba4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53598", - "udp.dstport": "53", - "udp.port": "53598", - "udp.port": "53", - "udp.length": "52", - "udp.checksum": "0x0000a474", - "udp.checksum.status": "2", - "udp.stream": "27" - }, - "dns": { - "dns.id": "0x0000a0ad", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "fw-update2.smartthings.com: type AAAA, class IN": { - "dns.qry.name": "fw-update2.smartthings.com", - "dns.qry.name.len": "26", - "dns.count.labels": "3", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:40.606134000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493780.606134000", - "frame.time_delta": "0.003544000", - "frame.time_delta_displayed": "0.003544000", - "frame.time_relative": "189.145448000", - "frame.number": "477", - "frame.len": "447", - "frame.cap_len": "447", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "433", - "ip.id": "0x00008324", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000033d4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "53598", - "udp.port": "53", - "udp.port": "53598", - "udp.length": "413", - "udp.checksum": "0x000083f2", - "udp.checksum.status": "2", - "udp.stream": "27" - }, - "dns": { - "dns.response_to": "475", - "dns.time": "0.003561000", - "dns.id": "0x0000dea8", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "3", - "dns.count.auth_rr": "4", - "dns.count.add_rr": "8", - "Queries": { - "fw-update2.smartthings.com: type A, class IN": { - "dns.qry.name": "fw-update2.smartthings.com", - "dns.qry.name.len": "26", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "fw-update2.smartthings.com: type A, class IN, addr 52.70.238.171": { - "dns.resp.name": "fw-update2.smartthings.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "40", - "dns.resp.len": "4", - "dns.a": "52.70.238.171" - }, - "fw-update2.smartthings.com: type A, class IN, addr 52.4.156.100": { - "dns.resp.name": "fw-update2.smartthings.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "40", - "dns.resp.len": "4", - "dns.a": "52.4.156.100" - }, - "fw-update2.smartthings.com: type A, class IN, addr 34.231.50.247": { - "dns.resp.name": "fw-update2.smartthings.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "40", - "dns.resp.len": "4", - "dns.a": "34.231.50.247" - } - }, - "Authoritative nameservers": { - "smartthings.com: type NS, class IN, ns ns-1275.awsdns-31.org": { - "dns.resp.name": "smartthings.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "64949", - "dns.resp.len": "23", - "dns.ns": "ns-1275.awsdns-31.org" - }, - "smartthings.com: type NS, class IN, ns ns-779.awsdns-33.net": { - "dns.resp.name": "smartthings.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "64949", - "dns.resp.len": "22", - "dns.ns": "ns-779.awsdns-33.net" - }, - "smartthings.com: type NS, class IN, ns ns-1610.awsdns-09.co.uk": { - "dns.resp.name": "smartthings.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "64949", - "dns.resp.len": "25", - "dns.ns": "ns-1610.awsdns-09.co.uk" - }, - "smartthings.com: type NS, class IN, ns ns-442.awsdns-55.com": { - "dns.resp.name": "smartthings.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "64949", - "dns.resp.len": "19", - "dns.ns": "ns-442.awsdns-55.com" - } - }, - "Additional records": { - "ns-442.awsdns-55.com: type A, class IN, addr 205.251.193.186": { - "dns.resp.name": "ns-442.awsdns-55.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "151773", - "dns.resp.len": "4", - "dns.a": "205.251.193.186" - }, - "ns-779.awsdns-33.net: type A, class IN, addr 205.251.195.11": { - "dns.resp.name": "ns-779.awsdns-33.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "60810", - "dns.resp.len": "4", - "dns.a": "205.251.195.11" - }, - "ns-1275.awsdns-31.org: type A, class IN, addr 205.251.196.251": { - "dns.resp.name": "ns-1275.awsdns-31.org", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "59049", - "dns.resp.len": "4", - "dns.a": "205.251.196.251" - }, - "ns-1610.awsdns-09.co.uk: type A, class IN, addr 205.251.198.74": { - "dns.resp.name": "ns-1610.awsdns-09.co.uk", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "59151", - "dns.resp.len": "4", - "dns.a": "205.251.198.74" - }, - "ns-442.awsdns-55.com: type AAAA, class IN, addr 2600:9000:5301:ba00::1": { - "dns.resp.name": "ns-442.awsdns-55.com", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "102706", - "dns.resp.len": "16", - "dns.aaaa": "2600:9000:5301:ba00::1" - }, - "ns-779.awsdns-33.net: type AAAA, class IN, addr 2600:9000:5303:b00::1": { - "dns.resp.name": "ns-779.awsdns-33.net", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "60810", - "dns.resp.len": "16", - "dns.aaaa": "2600:9000:5303:b00::1" - }, - "ns-1275.awsdns-31.org: type AAAA, class IN, addr 2600:9000:5304:fb00::1": { - "dns.resp.name": "ns-1275.awsdns-31.org", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "59049", - "dns.resp.len": "16", - "dns.aaaa": "2600:9000:5304:fb00::1" - }, - "ns-1610.awsdns-09.co.uk: type AAAA, class IN, addr 2600:9000:5306:4a00::1": { - "dns.resp.name": "ns-1610.awsdns-09.co.uk", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "59151", - "dns.resp.len": "16", - "dns.aaaa": "2600:9000:5306:4a00::1" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:40.629950000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493780.629950000", - "frame.time_delta": "0.023816000", - "frame.time_delta_displayed": "0.023816000", - "frame.time_relative": "189.169264000", - "frame.number": "478", - "frame.len": "168", - "frame.cap_len": "168", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "154", - "ip.id": "0x00008326", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000034e9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "53598", - "udp.port": "53", - "udp.port": "53598", - "udp.length": "134", - "udp.checksum": "0x000082db", - "udp.checksum.status": "2", - "udp.stream": "27" - }, - "dns": { - "dns.response_to": "476", - "dns.time": "0.027360000", - "dns.id": "0x0000a0ad", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "1", - "dns.count.add_rr": "0", - "Queries": { - "fw-update2.smartthings.com: type AAAA, class IN": { - "dns.qry.name": "fw-update2.smartthings.com", - "dns.qry.name.len": "26", - "dns.count.labels": "3", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - }, - "Authoritative nameservers": { - "smartthings.com: type SOA, class IN, mname ns-1275.awsdns-31.org": { - "dns.resp.name": "smartthings.com", - "dns.resp.type": "6", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "900", - "dns.resp.len": "70", - "dns.soa.mname": "ns-1275.awsdns-31.org", - "dns.soa.rname": "awsdns-hostmaster.amazon.com", - "dns.soa.serial_number": "1", - "dns.soa.refresh_interval": "7200", - "dns.soa.retry_interval": "900", - "dns.soa.expire_limit": "1209600", - "dns.soa.mininum_ttl": "86400" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:40.630729000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493780.630729000", - "frame.time_delta": "0.000779000", - "frame.time_delta_displayed": "0.000779000", - "frame.time_relative": "189.170043000", - "frame.number": "479", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x0000c60c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009023", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "52.70.238.171", - "ip.addr": "52.70.238.171", - "ip.dst_host": "52.70.238.171", - "ip.host": "52.70.238.171", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.dst_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.dst_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.dst_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - } - }, - "tcp": { - "tcp.srcport": "34221", - "tcp.dstport": "443", - "tcp.port": "34221", - "tcp.port": "443", - "tcp.stream": "19", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 443", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "14600", - "tcp.window_size": "14600", - "tcp.checksum": "0x00002281", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:24:fa:d0:00:00:00:00:01:03:03:06", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 2423504, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2423504", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 6 (multiply by 64)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "6", - "tcp.options.wscale.multiplier": "64" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:40.708371000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493780.708371000", - "frame.time_delta": "0.077642000", - "frame.time_delta_displayed": "0.077642000", - "frame.time_relative": "189.247685000", - "frame.number": "480", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "231", - "ip.proto": "6", - "ip.checksum": "0x0000af2f", - "ip.checksum.status": "2", - "ip.src": "52.70.238.171", - "ip.addr": "52.70.238.171", - "ip.src_host": "52.70.238.171", - "ip.host": "52.70.238.171", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.src_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.src_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.src_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "34221", - "tcp.port": "443", - "tcp.port": "34221", - "tcp.stream": "19", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 443", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "26847", - "tcp.window_size": "26847", - "tcp.checksum": "0x0000bb98", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:4b:43:01:f8:00:24:fa:d0:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 1262682616, TSecr 2423504": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "1262682616", - "tcp.options.timestamp.tsecr": "2423504" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "479", - "tcp.analysis.ack_rtt": "0.077642000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:40.708892000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493780.708892000", - "frame.time_delta": "0.000521000", - "frame.time_delta_displayed": "0.000521000", - "frame.time_relative": "189.248206000", - "frame.number": "481", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000c60d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000902a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "52.70.238.171", - "ip.addr": "52.70.238.171", - "ip.dst_host": "52.70.238.171", - "ip.host": "52.70.238.171", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.dst_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.dst_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.dst_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - } - }, - "tcp": { - "tcp.srcport": "34221", - "tcp.dstport": "443", - "tcp.port": "34221", - "tcp.port": "443", - "tcp.stream": "19", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "229", - "tcp.window_size": "14656", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x00005258", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:24:fa:d8:4b:43:01:f8", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2423512, TSecr 1262682616": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2423512", - "tcp.options.timestamp.tsecr": "1262682616" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "480", - "tcp.analysis.ack_rtt": "0.000521000", - "tcp.analysis.initial_rtt": "0.078163000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:40.711059000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493780.711059000", - "frame.time_delta": "0.002167000", - "frame.time_delta_displayed": "0.002167000", - "frame.time_relative": "189.250373000", - "frame.number": "482", - "frame.len": "373", - "frame.cap_len": "373", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "359", - "ip.id": "0x0000c60e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008ef6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "52.70.238.171", - "ip.addr": "52.70.238.171", - "ip.dst_host": "52.70.238.171", - "ip.host": "52.70.238.171", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.dst_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.dst_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.dst_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - } - }, - "tcp": { - "tcp.srcport": "34221", - "tcp.dstport": "443", - "tcp.port": "34221", - "tcp.port": "443", - "tcp.stream": "19", - "tcp.len": "307", - "tcp.seq": "1", - "tcp.nxtseq": "308", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "229", - "tcp.window_size": "14656", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x000028fd", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:24:fa:d8:4b:43:01:f8", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2423512, TSecr 1262682616": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2423512", - "tcp.options.timestamp.tsecr": "1262682616" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.078163000", - "tcp.analysis.bytes_in_flight": "307", - "tcp.analysis.push_bytes_sent": "307" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "22", - "ssl.record.version": "0x00000301", - "ssl.record.length": "302", - "ssl.handshake": { - "ssl.handshake.type": "1", - "ssl.handshake.length": "298", - "ssl.handshake.version": "0x00000303", - "Random": { - "ssl.handshake.random_time": "Jan 29, 1989 11:51:07.000000000 PST", - "ssl.handshake.random": "68:bf:a6:0c:d1:f1:98:2c:7b:63:7f:e8:6d:5c:f4:75:e4:a4:a9:ec:86:49:1f:da:9c:d3:54:c0" - }, - "ssl.handshake.session_id_length": "0", - "ssl.handshake.cipher_suites_length": "148", - "ssl.handshake.ciphersuites": { - "ssl.handshake.ciphersuite": "49200", - "ssl.handshake.ciphersuite": "49196", - "ssl.handshake.ciphersuite": "49192", - "ssl.handshake.ciphersuite": "49188", - "ssl.handshake.ciphersuite": "49172", - "ssl.handshake.ciphersuite": "49162", - "ssl.handshake.ciphersuite": "163", - "ssl.handshake.ciphersuite": "159", - "ssl.handshake.ciphersuite": "107", - "ssl.handshake.ciphersuite": "106", - "ssl.handshake.ciphersuite": "57", - "ssl.handshake.ciphersuite": "56", - "ssl.handshake.ciphersuite": "136", - "ssl.handshake.ciphersuite": "135", - "ssl.handshake.ciphersuite": "49202", - "ssl.handshake.ciphersuite": "49198", - "ssl.handshake.ciphersuite": "49194", - "ssl.handshake.ciphersuite": "49190", - "ssl.handshake.ciphersuite": "49167", - "ssl.handshake.ciphersuite": "49157", - "ssl.handshake.ciphersuite": "157", - "ssl.handshake.ciphersuite": "61", - "ssl.handshake.ciphersuite": "53", - "ssl.handshake.ciphersuite": "132", - "ssl.handshake.ciphersuite": "49199", - "ssl.handshake.ciphersuite": "49195", - "ssl.handshake.ciphersuite": "49191", - "ssl.handshake.ciphersuite": "49187", - "ssl.handshake.ciphersuite": "49171", - "ssl.handshake.ciphersuite": "49161", - "ssl.handshake.ciphersuite": "162", - "ssl.handshake.ciphersuite": "158", - "ssl.handshake.ciphersuite": "103", - "ssl.handshake.ciphersuite": "64", - "ssl.handshake.ciphersuite": "51", - "ssl.handshake.ciphersuite": "50", - "ssl.handshake.ciphersuite": "154", - "ssl.handshake.ciphersuite": "153", - "ssl.handshake.ciphersuite": "69", - "ssl.handshake.ciphersuite": "68", - "ssl.handshake.ciphersuite": "49201", - "ssl.handshake.ciphersuite": "49197", - "ssl.handshake.ciphersuite": "49193", - "ssl.handshake.ciphersuite": "49189", - "ssl.handshake.ciphersuite": "49166", - "ssl.handshake.ciphersuite": "49156", - "ssl.handshake.ciphersuite": "156", - "ssl.handshake.ciphersuite": "60", - "ssl.handshake.ciphersuite": "47", - "ssl.handshake.ciphersuite": "150", - "ssl.handshake.ciphersuite": "65", - "ssl.handshake.ciphersuite": "7", - "ssl.handshake.ciphersuite": "49169", - "ssl.handshake.ciphersuite": "49159", - "ssl.handshake.ciphersuite": "49164", - "ssl.handshake.ciphersuite": "49154", - "ssl.handshake.ciphersuite": "5", - "ssl.handshake.ciphersuite": "4", - "ssl.handshake.ciphersuite": "49170", - "ssl.handshake.ciphersuite": "49160", - "ssl.handshake.ciphersuite": "22", - "ssl.handshake.ciphersuite": "19", - "ssl.handshake.ciphersuite": "49165", - "ssl.handshake.ciphersuite": "49155", - "ssl.handshake.ciphersuite": "10", - "ssl.handshake.ciphersuite": "21", - "ssl.handshake.ciphersuite": "18", - "ssl.handshake.ciphersuite": "9", - "ssl.handshake.ciphersuite": "20", - "ssl.handshake.ciphersuite": "17", - "ssl.handshake.ciphersuite": "8", - "ssl.handshake.ciphersuite": "6", - "ssl.handshake.ciphersuite": "3", - "ssl.handshake.ciphersuite": "255" - }, - "ssl.handshake.comp_methods_length": "1", - "ssl.handshake.comp_methods": { - "ssl.handshake.comp_method": "0" - }, - "ssl.handshake.extensions_length": "109", - "Extension: ec_point_formats": { - "ssl.handshake.extension.type": "0x0000000b", - "ssl.handshake.extension.len": "4", - "ssl.handshake.extensions_ec_point_formats_length": "3", - "ssl.handshake.extensions_elliptic_curves": { - "ssl.handshake.extensions_ec_point_format": "0", - "ssl.handshake.extensions_ec_point_format": "1", - "ssl.handshake.extensions_ec_point_format": "2" - } - }, - "Extension: elliptic_curves": { - "ssl.handshake.extension.type": "0x0000000a", - "ssl.handshake.extension.len": "52", - "ssl.handshake.extensions_elliptic_curves_length": "50", - "ssl.handshake.extensions_elliptic_curves": { - "ssl.handshake.extensions_elliptic_curve": "0x0000000e", - "ssl.handshake.extensions_elliptic_curve": "0x0000000d", - "ssl.handshake.extensions_elliptic_curve": "0x00000019", - "ssl.handshake.extensions_elliptic_curve": "0x0000000b", - "ssl.handshake.extensions_elliptic_curve": "0x0000000c", - "ssl.handshake.extensions_elliptic_curve": "0x00000018", - "ssl.handshake.extensions_elliptic_curve": "0x00000009", - "ssl.handshake.extensions_elliptic_curve": "0x0000000a", - "ssl.handshake.extensions_elliptic_curve": "0x00000016", - "ssl.handshake.extensions_elliptic_curve": "0x00000017", - "ssl.handshake.extensions_elliptic_curve": "0x00000008", - "ssl.handshake.extensions_elliptic_curve": "0x00000006", - "ssl.handshake.extensions_elliptic_curve": "0x00000007", - "ssl.handshake.extensions_elliptic_curve": "0x00000014", - "ssl.handshake.extensions_elliptic_curve": "0x00000015", - "ssl.handshake.extensions_elliptic_curve": "0x00000004", - "ssl.handshake.extensions_elliptic_curve": "0x00000005", - "ssl.handshake.extensions_elliptic_curve": "0x00000012", - "ssl.handshake.extensions_elliptic_curve": "0x00000013", - "ssl.handshake.extensions_elliptic_curve": "0x00000001", - "ssl.handshake.extensions_elliptic_curve": "0x00000002", - "ssl.handshake.extensions_elliptic_curve": "0x00000003", - "ssl.handshake.extensions_elliptic_curve": "0x0000000f", - "ssl.handshake.extensions_elliptic_curve": "0x00000010", - "ssl.handshake.extensions_elliptic_curve": "0x00000011" - } - }, - "Extension: SessionTicket TLS": { - "ssl.handshake.extension.type": "0x00000023", - "ssl.handshake.extension.len": "0", - "ssl.handshake.extension.data": "" - }, - "Extension: signature_algorithms": { - "ssl.handshake.extension.type": "0x0000000d", - "ssl.handshake.extension.len": "32", - "ssl.handshake.sig_hash_alg_len": "30", - "ssl.handshake.sig_hash_algs": { - "ssl.handshake.sig_hash_alg": "0x00000601", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "6", - "ssl.handshake.sig_hash_sig": "1" - }, - "ssl.handshake.sig_hash_alg": "0x00000602", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "6", - "ssl.handshake.sig_hash_sig": "2" - }, - "ssl.handshake.sig_hash_alg": "0x00000603", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "6", - "ssl.handshake.sig_hash_sig": "3" - }, - "ssl.handshake.sig_hash_alg": "0x00000501", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "5", - "ssl.handshake.sig_hash_sig": "1" - }, - "ssl.handshake.sig_hash_alg": "0x00000502", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "5", - "ssl.handshake.sig_hash_sig": "2" - }, - "ssl.handshake.sig_hash_alg": "0x00000503", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "5", - "ssl.handshake.sig_hash_sig": "3" - }, - "ssl.handshake.sig_hash_alg": "0x00000401", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "4", - "ssl.handshake.sig_hash_sig": "1" - }, - "ssl.handshake.sig_hash_alg": "0x00000402", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "4", - "ssl.handshake.sig_hash_sig": "2" - }, - "ssl.handshake.sig_hash_alg": "0x00000403", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "4", - "ssl.handshake.sig_hash_sig": "3" - }, - "ssl.handshake.sig_hash_alg": "0x00000301", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "3", - "ssl.handshake.sig_hash_sig": "1" - }, - "ssl.handshake.sig_hash_alg": "0x00000302", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "3", - "ssl.handshake.sig_hash_sig": "2" - }, - "ssl.handshake.sig_hash_alg": "0x00000303", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "3", - "ssl.handshake.sig_hash_sig": "3" - }, - "ssl.handshake.sig_hash_alg": "0x00000201", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "2", - "ssl.handshake.sig_hash_sig": "1" - }, - "ssl.handshake.sig_hash_alg": "0x00000202", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "2", - "ssl.handshake.sig_hash_sig": "2" - }, - "ssl.handshake.sig_hash_alg": "0x00000203", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "2", - "ssl.handshake.sig_hash_sig": "3" - } - } - }, - "Extension: Heartbeat": { - "ssl.handshake.extension.type": "0x0000000f", - "ssl.handshake.extension.len": "1", - "ssl.handshake.extension.heartbeat.mode": "1" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:40.788846000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493780.788846000", - "frame.time_delta": "0.077787000", - "frame.time_delta_displayed": "0.077787000", - "frame.time_relative": "189.328160000", - "frame.number": "483", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000d67", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "231", - "ip.proto": "6", - "ip.checksum": "0x0000a1d0", - "ip.checksum.status": "2", - "ip.src": "52.70.238.171", - "ip.addr": "52.70.238.171", - "ip.src_host": "52.70.238.171", - "ip.host": "52.70.238.171", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.src_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.src_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.src_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "34221", - "tcp.port": "443", - "tcp.port": "34221", - "tcp.stream": "19", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "308", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "110", - "tcp.window_size": "28160", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00005187", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:4b:43:02:0d:00:24:fa:d8", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 1262682637, TSecr 2423512": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "1262682637", - "tcp.options.timestamp.tsecr": "2423512" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "482", - "tcp.analysis.ack_rtt": "0.077787000", - "tcp.analysis.initial_rtt": "0.078163000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:40.790137000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493780.790137000", - "frame.time_delta": "0.001291000", - "frame.time_delta_displayed": "0.001291000", - "frame.time_relative": "189.329451000", - "frame.number": "484", - "frame.len": "1514", - "frame.cap_len": "1514", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1500", - "ip.id": "0x00000d68", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "231", - "ip.proto": "6", - "ip.checksum": "0x00009c27", - "ip.checksum.status": "2", - "ip.src": "52.70.238.171", - "ip.addr": "52.70.238.171", - "ip.src_host": "52.70.238.171", - "ip.host": "52.70.238.171", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.src_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.src_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.src_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "34221", - "tcp.port": "443", - "tcp.port": "34221", - "tcp.stream": "19", - "tcp.len": "1448", - "tcp.seq": "1", - "tcp.nxtseq": "1449", - "tcp.ack": "308", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "110", - "tcp.window_size": "28160", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000ea5a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:4b:43:02:0d:00:24:fa:d8", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 1262682637, TSecr 2423512": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "1262682637", - "tcp.options.timestamp.tsecr": "2423512" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.078163000", - "tcp.analysis.bytes_in_flight": "1448", - "tcp.analysis.push_bytes_sent": "1448" - }, - "tcp.segment_data": "16:03:03:05:49:0b:00:05:45:00:05:42:00:03:09:30:82:03:05:30:82:02:6e:a0:03:02:01:02:02:01:00:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:34:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:34:34:5a:30:5f:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:10:30:0e:06:03:55:04:03:13:07:53:54:46:57:53:52:56:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:c9:56:e8:6d:ec:56:0a:e8:a6:09:dc:50:d1:72:66:6d:16:64:1c:fa:f4:df:ab:ee:e5:89:6f:90:1c:78:63:3a:cd:18:c9:a0:0a:c2:c9:09:99:15:ce:93:87:44:31:dc:56:53:c4:1d:bd:6a:6a:96:2d:97:e8:16:59:4c:b6:13:6d:a7:e6:e1:1e:51:8f:7a:40:d9:eb:47:f6:88:3f:04:7a:a2:3a:49:ae:c4:fb:fe:f3:b6:72:59:38:60:5e:cf:12:0d:db:15:fe:f5:c9:0c:89:b1:91:59:69:d0:4a:1c:0a:86:4d:6f:66:19:22:eb:57:e3:c8:8f:b7:f6:4d:8b:02:03:01:00:01:a3:81:d3:30:81:d0:30:09:06:03:55:1d:13:04:02:30:00:30:2c:06:09:60:86:48:01:86:f8:42:01:0d:04:1f:16:1d:4f:70:65:6e:53:53:4c:20:47:65:6e:65:72:61:74:65:64:20:43:65:72:74:69:66:69:63:61:74:65:30:1d:06:03:55:1d:0e:04:16:04:14:01:07:04:ee:a6:17:33:cc:2d:e5:e1:56:cd:43:0f:b2:71:42:05:02:30:76:06:03:55:1d:23:04:6f:30:6d:a1:60:a4:5e:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:82:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:0f:26:11:8e:c5:ab:4b:39:27:63:dc:70:73:ad:5b:c3:b1:83:2e:2d:8d:93:d4:2a:6e:70:9a:38:75:cc:0c:c4:0d:13:ae:b5:72:2f:15:bf:44:17:4a:3d:c2:8b:15:3d:87:ce:90:01:e6:20:b4:55:04:15:30:3f:ac:1b:78:f8:ff:c0:64:74:c2:29:96:f3:5f:be:a1:59:6e:24:e4:0f:4b:08:71:22:83:e6:9a:ce:7f:64:11:05:4c:33:40:04:42:a4:bf:b0:e8:e5:50:2b:0f:7b:20:ec:53:4e:da:b4:e5:8f:3c:d1:bb:ab:95:e6:16:7a:9a:72:e5:e6:53:79:00:02:33:30:82:02:2f:30:82:01:98:02:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:33:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:33:34:5a:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:eb:7c:8a:c0:0c:30:96:1b:ea:91:46:ea:ed:6b:41:f5:f0:f6:0a:16:a7:f3:cd:25:e9:4a:2c:9b:b4:66:58:54:22:a2:ad:5a:31:51:fe:85:9a:52:f5:e0:b8:45:2e:05:75:5e:fd:39:35:35:11:62:26:19:f8:7b:7d:8d:aa:73:b4:24:ab:c3:b1:08:c5:81:f1:1f:a8:3a:e6:13:ce:42:d4:67:59:3c:50:1d:6b:a2:f9:87:11:24:b5:ca:e0:cc:23:54:af:1a:9d:60:21:8e:41:4c:f9:00:4f:8e:2e:48:be:60:61:25:8a:bb:e5:16:ac:c0:01:fe:bf:6c:ee:7f:02:03:01:00:01:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:48:44:84:f7:d5:c5:67:7f:cb:ea:65:30:ba:64:5c:53:a1:6d:22:f4:de:32:75:b0:cc:53:3d:29:00:14:5a:78:1c:40:a5:2d:4e:7e:fa:c8:d6:22:c3:3e:56:3f:33:22:0b:7a:23:02:e5:75:49:94:70:27:b4:a4:a4:48:5f:77:a2:09:78:90:0e:0d:41:6d:26:a7:9f:9b:e0:16:4f:9c:16:98:14:5e:99:67:f1:cb:ff:5d:b2:7e:bf:b3:fd:c3:b3:d5:fb:3a:fe:78:2d:df:5a:6f:db:e3:3a:b0:93:6f:ed:c8:ee:58:a4:f6:95:5e:43:48:37:1e" - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "22", - "ssl.record.version": "0x00000303", - "ssl.record.length": "89", - "ssl.handshake": { - "ssl.handshake.type": "2", - "ssl.handshake.length": "85", - "ssl.handshake.version": "0x00000303", - "Random": { - "ssl.handshake.random_time": "Sep 24, 2053 02:32:48.000000000 PDT", - "ssl.handshake.random": "80:d0:b2:21:d7:fa:8f:5a:ee:21:e8:7e:8e:2c:f8:71:79:49:58:18:8e:b8:76:37:a3:7f:6b:17" - }, - "ssl.handshake.session_id_length": "32", - "ssl.handshake.session_id": "a2:dc:69:9e:55:03:c8:78:31:03:68:4f:05:ab:2f:b9:46:65:54:ca:d7:57:58:19:54:79:8e:f6:d2:a3:8f:e2", - "ssl.handshake.ciphersuite": "49199", - "ssl.handshake.comp_method": "0", - "ssl.handshake.extensions_length": "13", - "Extension: renegotiation_info": { - "ssl.handshake.extension.type": "0x0000ff01", - "ssl.handshake.extension.len": "1", - "Renegotiation Info extension": { - "ssl.handshake.extensions_reneg_info_len": "0" - } - }, - "Extension: ec_point_formats": { - "ssl.handshake.extension.type": "0x0000000b", - "ssl.handshake.extension.len": "4", - "ssl.handshake.extensions_ec_point_formats_length": "3", - "ssl.handshake.extensions_elliptic_curves": { - "ssl.handshake.extensions_ec_point_format": "0", - "ssl.handshake.extensions_ec_point_format": "1", - "ssl.handshake.extensions_ec_point_format": "2" - } - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:40.790164000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493780.790164000", - "frame.time_delta": "0.000027000", - "frame.time_delta_displayed": "0.000027000", - "frame.time_relative": "189.329478000", - "frame.number": "485", - "frame.len": "289", - "frame.cap_len": "289", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl:pkcs-1:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:pkcs-1:x509ce:ns_cert_exts:x509ce:x509ce:x509sat:x509sat:x509sat:x509sat:x509sat:pkcs-1:pkcs-1:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:pkcs-1:pkcs-1:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "275", - "ip.id": "0x00000d69", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "231", - "ip.proto": "6", - "ip.checksum": "0x0000a0ef", - "ip.checksum.status": "2", - "ip.src": "52.70.238.171", - "ip.addr": "52.70.238.171", - "ip.src_host": "52.70.238.171", - "ip.host": "52.70.238.171", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.src_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.src_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.src_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "34221", - "tcp.port": "443", - "tcp.port": "34221", - "tcp.stream": "19", - "tcp.len": "223", - "tcp.seq": "1449", - "tcp.nxtseq": "1672", - "tcp.ack": "308", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "110", - "tcp.window_size": "28160", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000e591", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:4b:43:02:0d:00:24:fa:d8", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 1262682637, TSecr 2423512": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "1262682637", - "tcp.options.timestamp.tsecr": "2423512" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.078163000", - "tcp.analysis.bytes_in_flight": "1671", - "tcp.analysis.push_bytes_sent": "1671" - }, - "tcp.segment_data": "3a:cd:63:9f" - }, - "tcp.segments": { - "tcp.segment": "484", - "tcp.segment": "485", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1358", - "tcp.reassembled.data": "16:03:03:05:49:0b:00:05:45:00:05:42:00:03:09:30:82:03:05:30:82:02:6e:a0:03:02:01:02:02:01:00:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:34:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:34:34:5a:30:5f:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:10:30:0e:06:03:55:04:03:13:07:53:54:46:57:53:52:56:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:c9:56:e8:6d:ec:56:0a:e8:a6:09:dc:50:d1:72:66:6d:16:64:1c:fa:f4:df:ab:ee:e5:89:6f:90:1c:78:63:3a:cd:18:c9:a0:0a:c2:c9:09:99:15:ce:93:87:44:31:dc:56:53:c4:1d:bd:6a:6a:96:2d:97:e8:16:59:4c:b6:13:6d:a7:e6:e1:1e:51:8f:7a:40:d9:eb:47:f6:88:3f:04:7a:a2:3a:49:ae:c4:fb:fe:f3:b6:72:59:38:60:5e:cf:12:0d:db:15:fe:f5:c9:0c:89:b1:91:59:69:d0:4a:1c:0a:86:4d:6f:66:19:22:eb:57:e3:c8:8f:b7:f6:4d:8b:02:03:01:00:01:a3:81:d3:30:81:d0:30:09:06:03:55:1d:13:04:02:30:00:30:2c:06:09:60:86:48:01:86:f8:42:01:0d:04:1f:16:1d:4f:70:65:6e:53:53:4c:20:47:65:6e:65:72:61:74:65:64:20:43:65:72:74:69:66:69:63:61:74:65:30:1d:06:03:55:1d:0e:04:16:04:14:01:07:04:ee:a6:17:33:cc:2d:e5:e1:56:cd:43:0f:b2:71:42:05:02:30:76:06:03:55:1d:23:04:6f:30:6d:a1:60:a4:5e:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:82:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:0f:26:11:8e:c5:ab:4b:39:27:63:dc:70:73:ad:5b:c3:b1:83:2e:2d:8d:93:d4:2a:6e:70:9a:38:75:cc:0c:c4:0d:13:ae:b5:72:2f:15:bf:44:17:4a:3d:c2:8b:15:3d:87:ce:90:01:e6:20:b4:55:04:15:30:3f:ac:1b:78:f8:ff:c0:64:74:c2:29:96:f3:5f:be:a1:59:6e:24:e4:0f:4b:08:71:22:83:e6:9a:ce:7f:64:11:05:4c:33:40:04:42:a4:bf:b0:e8:e5:50:2b:0f:7b:20:ec:53:4e:da:b4:e5:8f:3c:d1:bb:ab:95:e6:16:7a:9a:72:e5:e6:53:79:00:02:33:30:82:02:2f:30:82:01:98:02:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:33:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:33:34:5a:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:eb:7c:8a:c0:0c:30:96:1b:ea:91:46:ea:ed:6b:41:f5:f0:f6:0a:16:a7:f3:cd:25:e9:4a:2c:9b:b4:66:58:54:22:a2:ad:5a:31:51:fe:85:9a:52:f5:e0:b8:45:2e:05:75:5e:fd:39:35:35:11:62:26:19:f8:7b:7d:8d:aa:73:b4:24:ab:c3:b1:08:c5:81:f1:1f:a8:3a:e6:13:ce:42:d4:67:59:3c:50:1d:6b:a2:f9:87:11:24:b5:ca:e0:cc:23:54:af:1a:9d:60:21:8e:41:4c:f9:00:4f:8e:2e:48:be:60:61:25:8a:bb:e5:16:ac:c0:01:fe:bf:6c:ee:7f:02:03:01:00:01:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:48:44:84:f7:d5:c5:67:7f:cb:ea:65:30:ba:64:5c:53:a1:6d:22:f4:de:32:75:b0:cc:53:3d:29:00:14:5a:78:1c:40:a5:2d:4e:7e:fa:c8:d6:22:c3:3e:56:3f:33:22:0b:7a:23:02:e5:75:49:94:70:27:b4:a4:a4:48:5f:77:a2:09:78:90:0e:0d:41:6d:26:a7:9f:9b:e0:16:4f:9c:16:98:14:5e:99:67:f1:cb:ff:5d:b2:7e:bf:b3:fd:c3:b3:d5:fb:3a:fe:78:2d:df:5a:6f:db:e3:3a:b0:93:6f:ed:c8:ee:58:a4:f6:95:5e:43:48:37:1e:3a:cd:63:9f" - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "22", - "ssl.record.version": "0x00000303", - "ssl.record.length": "1353", - "ssl.handshake": { - "ssl.handshake.type": "11", - "ssl.handshake.length": "1349", - "ssl.handshake.certificates_length": "1346", - "ssl.handshake.certificates": { - "ssl.handshake.certificate_length": "777", - "ssl.handshake.certificate": "30:82:03:05:30:82:02:6e:a0:03:02:01:02:02:01:00:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:34:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:34:34:5a:30:5f:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:10:30:0e:06:03:55:04:03:13:07:53:54:46:57:53:52:56:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:c9:56:e8:6d:ec:56:0a:e8:a6:09:dc:50:d1:72:66:6d:16:64:1c:fa:f4:df:ab:ee:e5:89:6f:90:1c:78:63:3a:cd:18:c9:a0:0a:c2:c9:09:99:15:ce:93:87:44:31:dc:56:53:c4:1d:bd:6a:6a:96:2d:97:e8:16:59:4c:b6:13:6d:a7:e6:e1:1e:51:8f:7a:40:d9:eb:47:f6:88:3f:04:7a:a2:3a:49:ae:c4:fb:fe:f3:b6:72:59:38:60:5e:cf:12:0d:db:15:fe:f5:c9:0c:89:b1:91:59:69:d0:4a:1c:0a:86:4d:6f:66:19:22:eb:57:e3:c8:8f:b7:f6:4d:8b:02:03:01:00:01:a3:81:d3:30:81:d0:30:09:06:03:55:1d:13:04:02:30:00:30:2c:06:09:60:86:48:01:86:f8:42:01:0d:04:1f:16:1d:4f:70:65:6e:53:53:4c:20:47:65:6e:65:72:61:74:65:64:20:43:65:72:74:69:66:69:63:61:74:65:30:1d:06:03:55:1d:0e:04:16:04:14:01:07:04:ee:a6:17:33:cc:2d:e5:e1:56:cd:43:0f:b2:71:42:05:02:30:76:06:03:55:1d:23:04:6f:30:6d:a1:60:a4:5e:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:82:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:0f:26:11:8e:c5:ab:4b:39:27:63:dc:70:73:ad:5b:c3:b1:83:2e:2d:8d:93:d4:2a:6e:70:9a:38:75:cc:0c:c4:0d:13:ae:b5:72:2f:15:bf:44:17:4a:3d:c2:8b:15:3d:87:ce:90:01:e6:20:b4:55:04:15:30:3f:ac:1b:78:f8:ff:c0:64:74:c2:29:96:f3:5f:be:a1:59:6e:24:e4:0f:4b:08:71:22:83:e6:9a:ce:7f:64:11:05:4c:33:40:04:42:a4:bf:b0:e8:e5:50:2b:0f:7b:20:ec:53:4e:da:b4:e5:8f:3c:d1:bb:ab:95:e6:16:7a:9a:72:e5:e6:53:79", - "ssl.handshake.certificate_tree": { - "x509af.signedCertificate_element": { - "x509af.version": "2", - "x509af.serialNumber": "0", - "x509af.signature_element": { - "x509af.algorithm.id": "1.2.840.113549.1.1.5" - }, - "x509af.issuer": "0", - "x509af.issuer_tree": { - "x509if.rdnSequence": "5", - "x509if.rdnSequence_tree": { - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.6", - "x509sat.CountryName": "US" - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.8", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "Minnesota" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.10", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "SmartThings" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.11", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "SmartThings" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.3", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "STCA" - } - } - } - } - }, - "x509af.validity_element": { - "x509af.notBefore": "0", - "x509af.notBefore_tree": { - "x509af.utcTime": "15-03-05 21:25:44 (UTC)" - }, - "x509af.notAfter": "0", - "x509af.notAfter_tree": { - "x509af.utcTime": "25-03-02 21:25:44 (UTC)" - } - }, - "x509af.subject": "0", - "x509af.subject_tree": { - "x509af.rdnSequence": "5", - "x509af.rdnSequence_tree": { - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.6", - "x509sat.CountryName": "US" - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.8", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "Minnesota" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.10", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "SmartThings" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.11", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "SmartThings" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.3", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "STFWSRV" - } - } - } - } - }, - "x509af.subjectPublicKeyInfo_element": { - "x509af.algorithm_element": { - "x509af.algorithm.id": "1.2.840.113549.1.1.1" - }, - "x509af.subjectPublicKey": "30:81:89:02:81:81:00:c9:56:e8:6d:ec:56:0a:e8:a6:09:dc:50:d1:72:66:6d:16:64:1c:fa:f4:df:ab:ee:e5:89:6f:90:1c:78:63:3a:cd:18:c9:a0:0a:c2:c9:09:99:15:ce:93:87:44:31:dc:56:53:c4:1d:bd:6a:6a:96:2d:97:e8:16:59:4c:b6:13:6d:a7:e6:e1:1e:51:8f:7a:40:d9:eb:47:f6:88:3f:04:7a:a2:3a:49:ae:c4:fb:fe:f3:b6:72:59:38:60:5e:cf:12:0d:db:15:fe:f5:c9:0c:89:b1:91:59:69:d0:4a:1c:0a:86:4d:6f:66:19:22:eb:57:e3:c8:8f:b7:f6:4d:8b:02:03:01:00:01", - "x509af.subjectPublicKey_tree": { - "pkcs1.modulus": "00:c9:56:e8:6d:ec:56:0a:e8:a6:09:dc:50:d1:72:66:6d:16:64:1c:fa:f4:df:ab:ee:e5:89:6f:90:1c:78:63:3a:cd:18:c9:a0:0a:c2:c9:09:99:15:ce:93:87:44:31:dc:56:53:c4:1d:bd:6a:6a:96:2d:97:e8:16:59:4c:b6:13:6d:a7:e6:e1:1e:51:8f:7a:40:d9:eb:47:f6:88:3f:04:7a:a2:3a:49:ae:c4:fb:fe:f3:b6:72:59:38:60:5e:cf:12:0d:db:15:fe:f5:c9:0c:89:b1:91:59:69:d0:4a:1c:0a:86:4d:6f:66:19:22:eb:57:e3:c8:8f:b7:f6:4d:8b", - "pkcs1.publicExponent": "65537" - } - }, - "x509af.extensions": "4", - "x509af.extensions_tree": { - "x509af.Extension_element": { - "x509af.extension.id": "2.5.29.19", - "x509ce.BasicConstraintsSyntax_element": "" - }, - "x509af.Extension_element": { - "x509af.extension.id": "2.16.840.1.113730.1.13", - "ns_cert_exts.Comment": "OpenSSL Generated Certificate" - }, - "x509af.Extension_element": { - "x509af.extension.id": "2.5.29.14", - "x509ce.SubjectKeyIdentifier": "01:07:04:ee:a6:17:33:cc:2d:e5:e1:56:cd:43:0f:b2:71:42:05:02" - }, - "x509af.Extension_element": { - "x509af.extension.id": "2.5.29.35", - "x509ce.AuthorityKeyIdentifier_element": { - "x509ce.authorityCertIssuer": "1", - "x509ce.authorityCertIssuer_tree": { - "x509ce.GeneralName": "4", - "x509ce.GeneralName_tree": { - "x509ce.directoryName": "0", - "x509ce.directoryName_tree": { - "x509if.rdnSequence": "5", - "x509if.rdnSequence_tree": { - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.6", - "x509sat.CountryName": "US" - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.8", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "Minnesota" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.10", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "SmartThings" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.11", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "SmartThings" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.3", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "STCA" - } - } - } - } - } - } - }, - "x509ce.authorityCertSerialNumber": "-2877719464742176835" - } - } - } - }, - "x509af.algorithmIdentifier_element": { - "x509af.algorithm.id": "1.2.840.113549.1.1.5" - }, - "ber.bitstring.padding": "0", - "x509af.encrypted": "0f:26:11:8e:c5:ab:4b:39:27:63:dc:70:73:ad:5b:c3:b1:83:2e:2d:8d:93:d4:2a:6e:70:9a:38:75:cc:0c:c4:0d:13:ae:b5:72:2f:15:bf:44:17:4a:3d:c2:8b:15:3d:87:ce:90:01:e6:20:b4:55:04:15:30:3f:ac:1b:78:f8:ff:c0:64:74:c2:29:96:f3:5f:be:a1:59:6e:24:e4:0f:4b:08:71:22:83:e6:9a:ce:7f:64:11:05:4c:33:40:04:42:a4:bf:b0:e8:e5:50:2b:0f:7b:20:ec:53:4e:da:b4:e5:8f:3c:d1:bb:ab:95:e6:16:7a:9a:72:e5:e6:53:79" - }, - "ssl.handshake.certificate_length": "563", - "ssl.handshake.certificate": "30:82:02:2f:30:82:01:98:02:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:33:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:33:34:5a:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:eb:7c:8a:c0:0c:30:96:1b:ea:91:46:ea:ed:6b:41:f5:f0:f6:0a:16:a7:f3:cd:25:e9:4a:2c:9b:b4:66:58:54:22:a2:ad:5a:31:51:fe:85:9a:52:f5:e0:b8:45:2e:05:75:5e:fd:39:35:35:11:62:26:19:f8:7b:7d:8d:aa:73:b4:24:ab:c3:b1:08:c5:81:f1:1f:a8:3a:e6:13:ce:42:d4:67:59:3c:50:1d:6b:a2:f9:87:11:24:b5:ca:e0:cc:23:54:af:1a:9d:60:21:8e:41:4c:f9:00:4f:8e:2e:48:be:60:61:25:8a:bb:e5:16:ac:c0:01:fe:bf:6c:ee:7f:02:03:01:00:01:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:48:44:84:f7:d5:c5:67:7f:cb:ea:65:30:ba:64:5c:53:a1:6d:22:f4:de:32:75:b0:cc:53:3d:29:00:14:5a:78:1c:40:a5:2d:4e:7e:fa:c8:d6:22:c3:3e:56:3f:33:22:0b:7a:23:02:e5:75:49:94:70:27:b4:a4:a4:48:5f:77:a2:09:78:90:0e:0d:41:6d:26:a7:9f:9b:e0:16:4f:9c:16:98:14:5e:99:67:f1:cb:ff:5d:b2:7e:bf:b3:fd:c3:b3:d5:fb:3a:fe:78:2d:df:5a:6f:db:e3:3a:b0:93:6f:ed:c8:ee:58:a4:f6:95:5e:43:48:37:1e:3a:cd:63:9f", - "ssl.handshake.certificate_tree": { - "x509af.signedCertificate_element": { - "x509af.serialNumber": "-2877719464742176835", - "x509af.signature_element": { - "x509af.algorithm.id": "1.2.840.113549.1.1.5" - }, - "x509af.issuer": "0", - "x509af.issuer_tree": { - "x509if.rdnSequence": "5", - "x509if.rdnSequence_tree": { - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.6", - "x509sat.CountryName": "US" - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.8", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "Minnesota" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.10", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "SmartThings" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.11", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "SmartThings" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.3", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "STCA" - } - } - } - } - }, - "x509af.validity_element": { - "x509af.notBefore": "0", - "x509af.notBefore_tree": { - "x509af.utcTime": "15-03-05 21:25:34 (UTC)" - }, - "x509af.notAfter": "0", - "x509af.notAfter_tree": { - "x509af.utcTime": "25-03-02 21:25:34 (UTC)" - } - }, - "x509af.subject": "0", - "x509af.subject_tree": { - "x509af.rdnSequence": "5", - "x509af.rdnSequence_tree": { - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.6", - "x509sat.CountryName": "US" - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.8", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "Minnesota" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.10", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "SmartThings" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.11", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "SmartThings" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.3", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "STCA" - } - } - } - } - }, - "x509af.subjectPublicKeyInfo_element": { - "x509af.algorithm_element": { - "x509af.algorithm.id": "1.2.840.113549.1.1.1" - }, - "x509af.subjectPublicKey": "30:81:89:02:81:81:00:eb:7c:8a:c0:0c:30:96:1b:ea:91:46:ea:ed:6b:41:f5:f0:f6:0a:16:a7:f3:cd:25:e9:4a:2c:9b:b4:66:58:54:22:a2:ad:5a:31:51:fe:85:9a:52:f5:e0:b8:45:2e:05:75:5e:fd:39:35:35:11:62:26:19:f8:7b:7d:8d:aa:73:b4:24:ab:c3:b1:08:c5:81:f1:1f:a8:3a:e6:13:ce:42:d4:67:59:3c:50:1d:6b:a2:f9:87:11:24:b5:ca:e0:cc:23:54:af:1a:9d:60:21:8e:41:4c:f9:00:4f:8e:2e:48:be:60:61:25:8a:bb:e5:16:ac:c0:01:fe:bf:6c:ee:7f:02:03:01:00:01", - "x509af.subjectPublicKey_tree": { - "pkcs1.modulus": "00:eb:7c:8a:c0:0c:30:96:1b:ea:91:46:ea:ed:6b:41:f5:f0:f6:0a:16:a7:f3:cd:25:e9:4a:2c:9b:b4:66:58:54:22:a2:ad:5a:31:51:fe:85:9a:52:f5:e0:b8:45:2e:05:75:5e:fd:39:35:35:11:62:26:19:f8:7b:7d:8d:aa:73:b4:24:ab:c3:b1:08:c5:81:f1:1f:a8:3a:e6:13:ce:42:d4:67:59:3c:50:1d:6b:a2:f9:87:11:24:b5:ca:e0:cc:23:54:af:1a:9d:60:21:8e:41:4c:f9:00:4f:8e:2e:48:be:60:61:25:8a:bb:e5:16:ac:c0:01:fe:bf:6c:ee:7f", - "pkcs1.publicExponent": "65537" - } - } - }, - "x509af.algorithmIdentifier_element": { - "x509af.algorithm.id": "1.2.840.113549.1.1.5" - }, - "ber.bitstring.padding": "0", - "x509af.encrypted": "48:44:84:f7:d5:c5:67:7f:cb:ea:65:30:ba:64:5c:53:a1:6d:22:f4:de:32:75:b0:cc:53:3d:29:00:14:5a:78:1c:40:a5:2d:4e:7e:fa:c8:d6:22:c3:3e:56:3f:33:22:0b:7a:23:02:e5:75:49:94:70:27:b4:a4:a4:48:5f:77:a2:09:78:90:0e:0d:41:6d:26:a7:9f:9b:e0:16:4f:9c:16:98:14:5e:99:67:f1:cb:ff:5d:b2:7e:bf:b3:fd:c3:b3:d5:fb:3a:fe:78:2d:df:5a:6f:db:e3:3a:b0:93:6f:ed:c8:ee:58:a4:f6:95:5e:43:48:37:1e:3a:cd:63:9f" - } - } - } - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "22", - "ssl.record.version": "0x00000303", - "ssl.record.length": "205", - "ssl.handshake": { - "ssl.handshake.type": "12", - "ssl.handshake.length": "201", - "EC Diffie-Hellman Server Params": { - "ssl.handshake.server_curve_type": "0x00000003", - "ssl.handshake.server_named_curve": "0x00000017", - "ssl.handshake.server_point_len": "65", - "ssl.handshake.server_point": "04:67:c9:b5:ed:59:3c:ae:f2:ca:3c:a6:0c:6d:e2:48:0b:52:cc:fd:44:9c:51:12:57:09:52:46:24:31:44:50:05:3a:f8:94:92:43:5e:f6:63:ce:78:bb:2f:4a:fd:be:16:8f:c3:5e:57:00:de:3c:c4:cc:82:18:a4:d2:f0:40:c0", - "ssl.handshake.sig_hash_alg": "0x00000601", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "6", - "ssl.handshake.sig_hash_sig": "1" - }, - "ssl.handshake.sig_len": "128", - "ssl.handshake.sig": "b6:d6:e0:0c:95:90:90:5d:ea:72:8d:06:7d:56:45:b4:ef:ac:e7:83:42:2d:1d:8a:b2:5c:10:d0:82:16:1a:5a:73:5a:39:d3:14:f5:e3:27:de:5b:eb:b4:6b:88:cf:de:9f:0f:36:7c:3f:f5:ea:67:3d:e4:91:66:29:73:3b:79:6e:13:21:e2:d0:ba:4d:a9:1f:3e:7c:ac:19:55:92:a7:8b:08:2c:9c:42:84:e6:cd:51:d5:cf:b2:e9:07:2d:79:d6:fd:db:ef:85:a1:7e:c4:0b:ca:f4:46:b4:1b:6d:a8:fd:02:74:a6:88:2b:e1:d7:e4:6b:74:2e:3f:49:d0:0e" - } - } - }, - "ssl.record": { - "ssl.record.content_type": "22", - "ssl.record.version": "0x00000303", - "ssl.record.length": "4", - "ssl.handshake": { - "ssl.handshake.type": "14", - "ssl.handshake.length": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:40.790819000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493780.790819000", - "frame.time_delta": "0.000655000", - "frame.time_delta_displayed": "0.000655000", - "frame.time_relative": "189.330133000", - "frame.number": "486", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000c60f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009028", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "52.70.238.171", - "ip.addr": "52.70.238.171", - "ip.dst_host": "52.70.238.171", - "ip.host": "52.70.238.171", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.dst_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.dst_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.dst_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - } - }, - "tcp": { - "tcp.srcport": "34221", - "tcp.dstport": "443", - "tcp.port": "34221", - "tcp.port": "443", - "tcp.stream": "19", - "tcp.len": "0", - "tcp.seq": "308", - "tcp.ack": "1672", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "281", - "tcp.window_size": "17984", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x00004a4d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:24:fa:e0:4b:43:02:0d", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2423520, TSecr 1262682637": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2423520", - "tcp.options.timestamp.tsecr": "1262682637" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "485", - "tcp.analysis.ack_rtt": "0.000655000", - "tcp.analysis.initial_rtt": "0.078163000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:40.819310000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493780.819310000", - "frame.time_delta": "0.028491000", - "frame.time_delta_displayed": "0.028491000", - "frame.time_relative": "189.358624000", - "frame.number": "487", - "frame.len": "192", - "frame.cap_len": "192", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "178", - "ip.id": "0x0000c610", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008fa9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "52.70.238.171", - "ip.addr": "52.70.238.171", - "ip.dst_host": "52.70.238.171", - "ip.host": "52.70.238.171", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.dst_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.dst_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.dst_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - } - }, - "tcp": { - "tcp.srcport": "34221", - "tcp.dstport": "443", - "tcp.port": "34221", - "tcp.port": "443", - "tcp.stream": "19", - "tcp.len": "126", - "tcp.seq": "308", - "tcp.nxtseq": "434", - "tcp.ack": "1672", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "281", - "tcp.window_size": "17984", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x000056b5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:24:fa:e3:4b:43:02:0d", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2423523, TSecr 1262682637": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2423523", - "tcp.options.timestamp.tsecr": "1262682637" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.078163000", - "tcp.analysis.bytes_in_flight": "126", - "tcp.analysis.push_bytes_sent": "126" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "22", - "ssl.record.version": "0x00000303", - "ssl.record.length": "70", - "ssl.handshake": { - "ssl.handshake.type": "16", - "ssl.handshake.length": "66", - "EC Diffie-Hellman Client Params": { - "ssl.handshake.client_point_len": "65", - "ssl.handshake.client_point": "04:91:f4:14:c8:36:9a:15:71:de:15:aa:42:78:63:3c:09:0b:50:23:dd:d7:e4:96:43:ea:d3:d6:ce:fb:23:88:d5:95:25:2c:76:57:74:7a:f7:7a:6d:a7:ae:c6:ae:cb:2a:4f:0b:e4:87:58:c7:23:e6:55:bf:19:50:c3:6a:4f:c4" - } - } - }, - "ssl.record": { - "ssl.record.content_type": "20", - "ssl.record.version": "0x00000303", - "ssl.record.length": "1", - "ssl.change_cipher_spec": "" - }, - "ssl.record": { - "ssl.record.content_type": "22", - "ssl.record.version": "0x00000303", - "ssl.record.length": "40", - "ssl.handshake": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:40.897361000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493780.897361000", - "frame.time_delta": "0.078051000", - "frame.time_delta_displayed": "0.078051000", - "frame.time_relative": "189.436675000", - "frame.number": "488", - "frame.len": "117", - "frame.cap_len": "117", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "103", - "ip.id": "0x00000d6a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "231", - "ip.proto": "6", - "ip.checksum": "0x0000a19a", - "ip.checksum.status": "2", - "ip.src": "52.70.238.171", - "ip.addr": "52.70.238.171", - "ip.src_host": "52.70.238.171", - "ip.host": "52.70.238.171", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.src_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.src_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.src_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "34221", - "tcp.port": "443", - "tcp.port": "34221", - "tcp.stream": "19", - "tcp.len": "51", - "tcp.seq": "1672", - "tcp.nxtseq": "1723", - "tcp.ack": "434", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "110", - "tcp.window_size": "28160", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000077eb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:4b:43:02:28:00:24:fa:e3", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 1262682664, TSecr 2423523": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "1262682664", - "tcp.options.timestamp.tsecr": "2423523" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "487", - "tcp.analysis.ack_rtt": "0.078051000", - "tcp.analysis.initial_rtt": "0.078163000", - "tcp.analysis.bytes_in_flight": "51", - "tcp.analysis.push_bytes_sent": "51" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "20", - "ssl.record.version": "0x00000303", - "ssl.record.length": "1", - "ssl.change_cipher_spec": "" - }, - "ssl.record": { - "ssl.record.content_type": "22", - "ssl.record.version": "0x00000303", - "ssl.record.length": "40", - "ssl.handshake": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:40.898414000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493780.898414000", - "frame.time_delta": "0.001053000", - "frame.time_delta_displayed": "0.001053000", - "frame.time_relative": "189.437728000", - "frame.number": "489", - "frame.len": "135", - "frame.cap_len": "135", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "121", - "ip.id": "0x0000c611", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008fe1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "52.70.238.171", - "ip.addr": "52.70.238.171", - "ip.dst_host": "52.70.238.171", - "ip.host": "52.70.238.171", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.dst_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.dst_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.dst_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - } - }, - "tcp": { - "tcp.srcport": "34221", - "tcp.dstport": "443", - "tcp.port": "34221", - "tcp.port": "443", - "tcp.stream": "19", - "tcp.len": "69", - "tcp.seq": "434", - "tcp.nxtseq": "503", - "tcp.ack": "1723", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "281", - "tcp.window_size": "17984", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000922c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:24:fa:eb:4b:43:02:28", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2423531, TSecr 1262682664": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2423531", - "tcp.options.timestamp.tsecr": "1262682664" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "488", - "tcp.analysis.ack_rtt": "0.001053000", - "tcp.analysis.initial_rtt": "0.078163000", - "tcp.analysis.bytes_in_flight": "69", - "tcp.analysis.push_bytes_sent": "69" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "64", - "ssl.app_data": "74:21:9b:30:9a:b6:bf:5d:41:8a:f8:9f:3b:7d:d3:82:b9:de:44:f3:2b:27:9f:6c:4f:74:5d:93:ef:6d:28:8e:73:59:3a:4e:38:8e:6f:b6:1a:e5:65:32:5e:84:a9:a3:25:ce:8f:58:c1:41:ed:b4:77:41:78:8d:df:a0:a6:a9" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:40.977202000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493780.977202000", - "frame.time_delta": "0.078788000", - "frame.time_delta_displayed": "0.078788000", - "frame.time_relative": "189.516516000", - "frame.number": "490", - "frame.len": "135", - "frame.cap_len": "135", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "121", - "ip.id": "0x00000d6b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "231", - "ip.proto": "6", - "ip.checksum": "0x0000a187", - "ip.checksum.status": "2", - "ip.src": "52.70.238.171", - "ip.addr": "52.70.238.171", - "ip.src_host": "52.70.238.171", - "ip.host": "52.70.238.171", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.src_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.src_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.src_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "34221", - "tcp.port": "443", - "tcp.port": "34221", - "tcp.stream": "19", - "tcp.len": "69", - "tcp.seq": "1723", - "tcp.nxtseq": "1792", - "tcp.ack": "503", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "110", - "tcp.window_size": "28160", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000ae99", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:4b:43:02:3c:00:24:fa:eb", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 1262682684, TSecr 2423531": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "1262682684", - "tcp.options.timestamp.tsecr": "2423531" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "489", - "tcp.analysis.ack_rtt": "0.078788000", - "tcp.analysis.initial_rtt": "0.078163000", - "tcp.analysis.bytes_in_flight": "69", - "tcp.analysis.push_bytes_sent": "69" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "64", - "ssl.app_data": "60:5a:b5:67:5e:12:f7:ac:08:cf:00:01:31:78:73:89:53:49:e8:de:f1:77:40:ff:05:b5:55:0b:d7:74:9c:5b:7e:22:01:a5:6a:1d:40:65:da:d0:3d:e2:e4:b4:d5:05:a8:3c:8e:00:fd:e9:be:fd:ee:9f:ac:58:b2:65:4a:82" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:40.978137000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493780.978137000", - "frame.time_delta": "0.000935000", - "frame.time_delta_displayed": "0.000935000", - "frame.time_relative": "189.517451000", - "frame.number": "491", - "frame.len": "555", - "frame.cap_len": "555", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "541", - "ip.id": "0x0000c612", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008e3c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "52.70.238.171", - "ip.addr": "52.70.238.171", - "ip.dst_host": "52.70.238.171", - "ip.host": "52.70.238.171", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.dst_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.dst_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.dst_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - } - }, - "tcp": { - "tcp.srcport": "34221", - "tcp.dstport": "443", - "tcp.port": "34221", - "tcp.port": "443", - "tcp.stream": "19", - "tcp.len": "489", - "tcp.seq": "503", - "tcp.nxtseq": "992", - "tcp.ack": "1792", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "281", - "tcp.window_size": "17984", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000d7d1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:24:fa:f3:4b:43:02:3c", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2423539, TSecr 1262682684": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2423539", - "tcp.options.timestamp.tsecr": "1262682684" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "490", - "tcp.analysis.ack_rtt": "0.000935000", - "tcp.analysis.initial_rtt": "0.078163000", - "tcp.analysis.bytes_in_flight": "489", - "tcp.analysis.push_bytes_sent": "489" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "484", - "ssl.app_data": "74:21:9b:30:9a:b6:bf:5e:8d:9e:2a:b7:99:31:b2:d8:67:e8:14:f4:bd:36:8c:97:77:6b:a5:1d:85:09:1c:ac:fd:dd:66:ae:eb:14:f2:62:89:3f:af:41:e4:22:ea:9d:84:fe:7c:2e:7a:bd:1c:23:13:e4:5e:05:e8:6d:6a:9f:df:ce:6d:e9:28:d3:26:0c:81:f2:b5:92:09:30:98:db:30:9b:f2:7a:9a:6b:ea:68:8d:dc:dc:03:11:83:f7:00:6b:2b:31:fd:81:63:37:cc:f7:72:e4:13:94:e1:d0:bd:ad:be:1a:73:11:87:fa:4f:b3:88:db:4e:c3:cf:ee:3c:7a:5c:e4:a7:6b:6f:36:f5:fc:cf:dd:d4:bb:6c:ed:5a:04:09:26:20:84:5f:28:c0:e4:71:23:ef:84:07:0c:40:95:6d:74:fa:3c:6b:77:bf:42:d8:31:ea:23:72:42:fd:79:63:df:51:a4:65:21:9f:b7:92:97:70:eb:2e:2a:e5:b9:75:fe:d4:cc:ae:ba:84:89:f0:6a:b5:d7:73:f8:59:3c:3a:17:c9:e1:bb:67:66:44:af:a2:ee:29:69:20:ed:23:7a:3e:71:2e:a9:10:8b:2b:f7:60:a3:9d:e5:9d:d9:82:6f:2f:fe:86:46:8c:95:7f:15:68:f2:d4:37:2e:2c:98:8b:44:da:c5:ea:b1:9c:91:9e:10:fb:0e:da:fd:46:e2:96:e2:4f:eb:cc:81:a8:c5:70:c9:26:f8:f8:3b:7b:ae:69:51:c5:20:04:3e:93:7b:43:7d:60:32:df:52:41:f5:fc:bf:51:fd:8c:c4:a2:48:d7:2f:ee:65:8b:fe:49:dd:53:24:3d:74:e1:d4:7a:9a:8a:fc:20:c5:13:4c:4b:8f:00:65:c0:db:65:a7:f1:9e:5f:2d:70:38:5f:f3:6a:07:1f:42:21:f9:d1:67:4a:82:85:3e:a8:8e:40:59:5c:1b:ea:aa:52:82:33:0d:34:9e:d6:1d:19:9f:4d:9f:83:66:bb:41:99:f8:7e:1a:ab:61:8b:77:c3:c2:36:2b:a5:98:bf:20:62:9a:73:1d:00:44:a2:e7:b3:45:3c:6b:16:7a:82:8e:64:87:90:d0:01:16:70:fd:85:ca:50:99:0e:49:03:d9:ee:aa:c3:5d:66:2d:5d:2d:c7:18:8f:e4:49:63:40:45:f7:b2:87:2f:f3:07:54:2b:3d:35:9c:58:94:15:2f:99:fa:02:1e:d6:5c:65:d6:26:eb:67:ff:42:70:82:1e:4b:d6" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:41.057143000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493781.057143000", - "frame.time_delta": "0.079006000", - "frame.time_delta_displayed": "0.079006000", - "frame.time_relative": "189.596457000", - "frame.number": "492", - "frame.len": "141", - "frame.cap_len": "141", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "127", - "ip.id": "0x00000d6c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "231", - "ip.proto": "6", - "ip.checksum": "0x0000a180", - "ip.checksum.status": "2", - "ip.src": "52.70.238.171", - "ip.addr": "52.70.238.171", - "ip.src_host": "52.70.238.171", - "ip.host": "52.70.238.171", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.src_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.src_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.src_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "34221", - "tcp.port": "443", - "tcp.port": "34221", - "tcp.stream": "19", - "tcp.len": "75", - "tcp.seq": "1792", - "tcp.nxtseq": "1867", - "tcp.ack": "992", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "114", - "tcp.window_size": "29184", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00002409", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:4b:43:02:50:00:24:fa:f3", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 1262682704, TSecr 2423539": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "1262682704", - "tcp.options.timestamp.tsecr": "2423539" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "491", - "tcp.analysis.ack_rtt": "0.079006000", - "tcp.analysis.initial_rtt": "0.078163000", - "tcp.analysis.bytes_in_flight": "75", - "tcp.analysis.push_bytes_sent": "75" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "70", - "ssl.app_data": "60:5a:b5:67:5e:12:f7:ad:c5:c4:d1:06:3c:8b:35:ea:41:db:3b:5b:63:35:f8:74:8f:08:67:f2:2e:71:63:02:8f:8b:a0:7b:73:da:c9:4f:20:df:3c:df:48:84:b3:cc:2a:c8:e7:84:f5:1a:40:d6:c0:f4:f4:69:56:58:36:69:ad:43:69:08:dc:c4" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:41.057883000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493781.057883000", - "frame.time_delta": "0.000740000", - "frame.time_delta_displayed": "0.000740000", - "frame.time_relative": "189.597197000", - "frame.number": "493", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000c613", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009024", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "52.70.238.171", - "ip.addr": "52.70.238.171", - "ip.dst_host": "52.70.238.171", - "ip.host": "52.70.238.171", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.dst_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.dst_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.dst_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - } - }, - "tcp": { - "tcp.srcport": "34221", - "tcp.dstport": "443", - "tcp.port": "34221", - "tcp.port": "443", - "tcp.stream": "19", - "tcp.len": "0", - "tcp.seq": "992", - "tcp.ack": "1867", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "281", - "tcp.window_size": "17984", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000467f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:24:fa:fb:4b:43:02:50", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2423547, TSecr 1262682704": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2423547", - "tcp.options.timestamp.tsecr": "1262682704" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "492", - "tcp.analysis.ack_rtt": "0.000740000", - "tcp.analysis.initial_rtt": "0.078163000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:41.135628000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493781.135628000", - "frame.time_delta": "0.077745000", - "frame.time_delta_displayed": "0.077745000", - "frame.time_relative": "189.674942000", - "frame.number": "494", - "frame.len": "97", - "frame.cap_len": "97", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "83", - "ip.id": "0x00000d6d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "231", - "ip.proto": "6", - "ip.checksum": "0x0000a1ab", - "ip.checksum.status": "2", - "ip.src": "52.70.238.171", - "ip.addr": "52.70.238.171", - "ip.src_host": "52.70.238.171", - "ip.host": "52.70.238.171", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.src_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.src_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.src_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "34221", - "tcp.port": "443", - "tcp.port": "34221", - "tcp.stream": "19", - "tcp.len": "31", - "tcp.seq": "1867", - "tcp.nxtseq": "1898", - "tcp.ack": "993", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "114", - "tcp.window_size": "29184", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00007fe1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:4b:43:02:63:00:24:fa:fb", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 1262682723, TSecr 2423547": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "1262682723", - "tcp.options.timestamp.tsecr": "2423547" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "493", - "tcp.analysis.ack_rtt": "0.077745000", - "tcp.analysis.initial_rtt": "0.078163000", - "tcp.analysis.bytes_in_flight": "31", - "tcp.analysis.push_bytes_sent": "31" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "21", - "ssl.record.version": "0x00000303", - "ssl.record.length": "26", - "ssl.alert_message": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:41.135712000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493781.135712000", - "frame.time_delta": "0.000084000", - "frame.time_delta_displayed": "0.000084000", - "frame.time_relative": "189.675026000", - "frame.number": "495", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000d6e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "231", - "ip.proto": "6", - "ip.checksum": "0x0000a1c9", - "ip.checksum.status": "2", - "ip.src": "52.70.238.171", - "ip.addr": "52.70.238.171", - "ip.src_host": "52.70.238.171", - "ip.host": "52.70.238.171", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.src_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.src_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.src_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "34221", - "tcp.port": "443", - "tcp.port": "34221", - "tcp.stream": "19", - "tcp.len": "0", - "tcp.seq": "1898", - "tcp.ack": "993", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "114", - "tcp.window_size": "29184", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000046f3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:4b:43:02:63:00:24:fa:fb", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 1262682723, TSecr 2423547": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "1262682723", - "tcp.options.timestamp.tsecr": "2423547" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:41.136136000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493781.136136000", - "frame.time_delta": "0.000424000", - "frame.time_delta_displayed": "0.000424000", - "frame.time_relative": "189.675450000", - "frame.number": "496", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000251d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003127", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "52.70.238.171", - "ip.addr": "52.70.238.171", - "ip.dst_host": "52.70.238.171", - "ip.host": "52.70.238.171", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.dst_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.dst_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.dst_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - } - }, - "tcp": { - "tcp.srcport": "34221", - "tcp.dstport": "443", - "tcp.port": "34221", - "tcp.port": "443", - "tcp.stream": "19", - "tcp.len": "0", - "tcp.seq": "993", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000ba7c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:41.136148000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493781.136148000", - "frame.time_delta": "0.000012000", - "frame.time_delta_displayed": "0.000012000", - "frame.time_relative": "189.675462000", - "frame.number": "497", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000251e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003126", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "52.70.238.171", - "ip.addr": "52.70.238.171", - "ip.dst_host": "52.70.238.171", - "ip.host": "52.70.238.171", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.dst_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.dst_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.dst_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - } - }, - "tcp": { - "tcp.srcport": "34221", - "tcp.dstport": "443", - "tcp.port": "34221", - "tcp.port": "443", - "tcp.stream": "19", - "tcp.len": "0", - "tcp.seq": "993", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000ba7c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:41.450057000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493781.450057000", - "frame.time_delta": "0.313909000", - "frame.time_delta_displayed": "0.313909000", - "frame.time_relative": "189.989371000", - "frame.number": "498", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000016f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000b5dc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "49589", - "udp.port": "1900", - "udp.port": "49589", - "udp.length": "305", - "udp.checksum": "0x00000366", - "udp.checksum.status": "2", - "udp.stream": "26" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "16", - "http.prev_response_in": "474" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:41.502783000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493781.502783000", - "frame.time_delta": "0.052726000", - "frame.time_delta_displayed": "0.052726000", - "frame.time_relative": "190.042097000", - "frame.number": "499", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00000174", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000b5ce", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "49589", - "udp.port": "1900", - "udp.port": "49589", - "udp.length": "314", - "udp.checksum": "0x00001151", - "udp.checksum.status": "2", - "udp.stream": "26" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "17", - "http.prev_response_in": "498" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:41.558559000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493781.558559000", - "frame.time_delta": "0.055776000", - "frame.time_delta_displayed": "0.055776000", - "frame.time_relative": "190.097873000", - "frame.number": "500", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00000176", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000b5d2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "49589", - "udp.port": "1900", - "udp.port": "49589", - "udp.length": "308", - "udp.checksum": "0x000034db", - "udp.checksum.status": "2", - "udp.stream": "26" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "18", - "http.prev_response_in": "499" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:42.134269000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493782.134269000", - "frame.time_delta": "0.575710000", - "frame.time_delta_displayed": "0.575710000", - "frame.time_relative": "190.673583000", - "frame.number": "501", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00000183", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000b5c8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "49589", - "udp.port": "1900", - "udp.port": "49589", - "udp.length": "305", - "udp.checksum": "0x00000366", - "udp.checksum.status": "2", - "udp.stream": "26" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "19", - "http.prev_response_in": "500" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:42.187061000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493782.187061000", - "frame.time_delta": "0.052792000", - "frame.time_delta_displayed": "0.052792000", - "frame.time_relative": "190.726375000", - "frame.number": "502", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00000187", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000b5bb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "49589", - "udp.port": "1900", - "udp.port": "49589", - "udp.length": "314", - "udp.checksum": "0x00001151", - "udp.checksum.status": "2", - "udp.stream": "26" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "20", - "http.prev_response_in": "501" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:42.239966000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493782.239966000", - "frame.time_delta": "0.052905000", - "frame.time_delta_displayed": "0.052905000", - "frame.time_relative": "190.779280000", - "frame.number": "503", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000018c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000b5bc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "49589", - "udp.port": "1900", - "udp.port": "49589", - "udp.length": "308", - "udp.checksum": "0x000034db", - "udp.checksum.status": "2", - "udp.stream": "26" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "21", - "http.prev_response_in": "502" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:43.139097000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493783.139097000", - "frame.time_delta": "0.899131000", - "frame.time_delta_displayed": "0.899131000", - "frame.time_relative": "191.678411000", - "frame.number": "504", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x000001da", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000b571", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "49589", - "udp.port": "1900", - "udp.port": "49589", - "udp.length": "305", - "udp.checksum": "0x00000366", - "udp.checksum.status": "2", - "udp.stream": "26" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "22", - "http.prev_response_in": "503" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:43.191907000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493783.191907000", - "frame.time_delta": "0.052810000", - "frame.time_delta_displayed": "0.052810000", - "frame.time_relative": "191.731221000", - "frame.number": "505", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x000001df", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000b563", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "49589", - "udp.port": "1900", - "udp.port": "49589", - "udp.length": "314", - "udp.checksum": "0x00001151", - "udp.checksum.status": "2", - "udp.stream": "26" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "23", - "http.prev_response_in": "504" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:43.244744000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493783.244744000", - "frame.time_delta": "0.052837000", - "frame.time_delta_displayed": "0.052837000", - "frame.time_relative": "191.784058000", - "frame.number": "506", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x000001e2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000b566", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "49589", - "udp.port": "1900", - "udp.port": "49589", - "udp.length": "308", - "udp.checksum": "0x000034db", - "udp.checksum.status": "2", - "udp.stream": "26" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "24", - "http.prev_response_in": "505" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:45.559961000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493785.559961000", - "frame.time_delta": "2.315217000", - "frame.time_delta_displayed": "2.315217000", - "frame.time_relative": "194.099275000", - "frame.number": "507", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001cf7", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000baf9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00000aa5", - "udp.checksum.status": "2", - "udp.stream": "16" - }, - "mdns": { - "dns.id": "0x0000025f", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=607", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:45.562432000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493785.562432000", - "frame.time_delta": "0.002471000", - "frame.time_delta_displayed": "0.002471000", - "frame.time_relative": "194.101746000", - "frame.number": "508", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001cf8", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009bf4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000eba0", - "udp.checksum.status": "2", - "udp.stream": "17" - }, - "mdns": { - "dns.id": "0x0000025f", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=607", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:45.562920000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493785.562920000", - "frame.time_delta": "0.000488000", - "frame.time_delta_displayed": "0.000488000", - "frame.time_relative": "194.102234000", - "frame.number": "509", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1319", - "udp.dstport": "5353", - "udp.port": "1319", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00007966", - "udp.checksum.status": "2", - "udp.stream": "18" - }, - "mdns": { - "dns.id": "0x0000025f", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=607", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:45.992123000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493785.992123000", - "frame.time_delta": "0.429203000", - "frame.time_delta_displayed": "0.429203000", - "frame.time_relative": "194.531437000", - "frame.number": "510", - "frame.len": "92", - "frame.cap_len": "92", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:nbns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "78", - "ip.id": "0x00005b1f", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x00005cc4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "137", - "udp.dstport": "137", - "udp.port": "137", - "udp.port": "137", - "udp.length": "58", - "udp.checksum": "0x0000a430", - "udp.checksum.status": "2", - "udp.stream": "28" - }, - "nbns": { - "nbns.id": "0x0000960d", - "nbns.flags": "0x00000110", - "nbns.flags_tree": { - "nbns.flags.response": "0", - "nbns.flags.opcode": "0", - "nbns.flags.truncated": "0", - "nbns.flags.recdesired": "1", - "nbns.flags.broadcast": "1" - }, - "nbns.count.queries": "1", - "nbns.count.answers": "0", - "nbns.count.auth_rr": "0", - "nbns.count.add_rr": "0", - "Queries": { - "WPAD<00>: type NB, class IN": { - "nbns.name": "WPAD<00>", - "nbns.type": "32", - "nbns.class": "1" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:45.992791000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493785.992791000", - "frame.time_delta": "0.000668000", - "frame.time_delta_displayed": "0.000668000", - "frame.time_relative": "194.532105000", - "frame.number": "511", - "frame.len": "84", - "frame.cap_len": "84", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:llmnr" - }, - "eth": { - "eth.dst": "33:33:00:01:00:03", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:03", - "eth.addr": "33:33:00:01:00:03", - "eth.addr_resolved": "IPv6mcast_01:00:03", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x0002d4a8", - "ipv6.plen": "30", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::790f:988f:49cf:68ba", - "ipv6.addr": "fe80::790f:988f:49cf:68ba", - "ipv6.src_host": "fe80::790f:988f:49cf:68ba", - "ipv6.host": "fe80::790f:988f:49cf:68ba", - "ipv6.dst": "ff02::1:3", - "ipv6.addr": "ff02::1:3", - "ipv6.dst_host": "ff02::1:3", - "ipv6.host": "ff02::1:3", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "51449", - "udp.dstport": "5355", - "udp.port": "51449", - "udp.port": "5355", - "udp.length": "30", - "udp.checksum": "0x000038cf", - "udp.checksum.status": "2", - "udp.stream": "29" - }, - "llmnr": { - "dns.id": "0x00004e72", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.conflict": "0", - "dns.flags.truncated": "0", - "dns.flags.tentative": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "wpad: type A, class IN": { - "dns.qry.name": "wpad", - "dns.qry.name.len": "4", - "dns.count.labels": "1", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:45.993344000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493785.993344000", - "frame.time_delta": "0.000553000", - "frame.time_delta_displayed": "0.000553000", - "frame.time_relative": "194.532658000", - "frame.number": "512", - "frame.len": "64", - "frame.cap_len": "64", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:llmnr" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fc", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fc", - "eth.addr": "01:00:5e:00:00:fc", - "eth.addr_resolved": "IPv4mcast_fc", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "50", - "ip.id": "0x00000572", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x00001239", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "224.0.0.252", - "ip.addr": "224.0.0.252", - "ip.dst_host": "224.0.0.252", - "ip.host": "224.0.0.252", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "51449", - "udp.dstport": "5355", - "udp.port": "51449", - "udp.port": "5355", - "udp.length": "30", - "udp.checksum": "0x0000586e", - "udp.checksum.status": "2", - "udp.stream": "30" - }, - "llmnr": { - "dns.id": "0x00004e72", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.conflict": "0", - "dns.flags.truncated": "0", - "dns.flags.tentative": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "wpad: type A, class IN": { - "dns.qry.name": "wpad", - "dns.qry.name.len": "4", - "dns.count.labels": "1", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:45.993972000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493785.993972000", - "frame.time_delta": "0.000628000", - "frame.time_delta_displayed": "0.000628000", - "frame.time_relative": "194.533286000", - "frame.number": "513", - "frame.len": "84", - "frame.cap_len": "84", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:llmnr" - }, - "eth": { - "eth.dst": "33:33:00:01:00:03", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:03", - "eth.addr": "33:33:00:01:00:03", - "eth.addr_resolved": "IPv6mcast_01:00:03", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x000598d0", - "ipv6.plen": "30", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::790f:988f:49cf:68ba", - "ipv6.addr": "fe80::790f:988f:49cf:68ba", - "ipv6.src_host": "fe80::790f:988f:49cf:68ba", - "ipv6.host": "fe80::790f:988f:49cf:68ba", - "ipv6.dst": "ff02::1:3", - "ipv6.addr": "ff02::1:3", - "ipv6.dst_host": "ff02::1:3", - "ipv6.host": "ff02::1:3", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "61999", - "udp.dstport": "5355", - "udp.port": "61999", - "udp.port": "5355", - "udp.length": "30", - "udp.checksum": "0x00005e40", - "udp.checksum.status": "2", - "udp.stream": "31" - }, - "llmnr": { - "dns.id": "0x0000ffaf", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.conflict": "0", - "dns.flags.truncated": "0", - "dns.flags.tentative": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "wpad: type AAAA, class IN": { - "dns.qry.name": "wpad", - "dns.qry.name.len": "4", - "dns.count.labels": "1", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:45.994561000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493785.994561000", - "frame.time_delta": "0.000589000", - "frame.time_delta_displayed": "0.000589000", - "frame.time_relative": "194.533875000", - "frame.number": "514", - "frame.len": "64", - "frame.cap_len": "64", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:llmnr" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fc", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fc", - "eth.addr": "01:00:5e:00:00:fc", - "eth.addr_resolved": "IPv4mcast_fc", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "50", - "ip.id": "0x00000573", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x00001238", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "224.0.0.252", - "ip.addr": "224.0.0.252", - "ip.dst_host": "224.0.0.252", - "ip.host": "224.0.0.252", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "61999", - "udp.dstport": "5355", - "udp.port": "61999", - "udp.port": "5355", - "udp.length": "30", - "udp.checksum": "0x00007ddf", - "udp.checksum.status": "2", - "udp.stream": "32" - }, - "llmnr": { - "dns.id": "0x0000ffaf", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.conflict": "0", - "dns.flags.truncated": "0", - "dns.flags.tentative": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "wpad: type AAAA, class IN": { - "dns.qry.name": "wpad", - "dns.qry.name.len": "4", - "dns.count.labels": "1", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:46.404092000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493786.404092000", - "frame.time_delta": "0.409531000", - "frame.time_delta_displayed": "0.409531000", - "frame.time_relative": "194.943406000", - "frame.number": "515", - "frame.len": "84", - "frame.cap_len": "84", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:llmnr" - }, - "eth": { - "eth.dst": "33:33:00:01:00:03", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:03", - "eth.addr": "33:33:00:01:00:03", - "eth.addr_resolved": "IPv6mcast_01:00:03", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x0002d4a8", - "ipv6.plen": "30", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::790f:988f:49cf:68ba", - "ipv6.addr": "fe80::790f:988f:49cf:68ba", - "ipv6.src_host": "fe80::790f:988f:49cf:68ba", - "ipv6.host": "fe80::790f:988f:49cf:68ba", - "ipv6.dst": "ff02::1:3", - "ipv6.addr": "ff02::1:3", - "ipv6.dst_host": "ff02::1:3", - "ipv6.host": "ff02::1:3", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "51449", - "udp.dstport": "5355", - "udp.port": "51449", - "udp.port": "5355", - "udp.length": "30", - "udp.checksum": "0x000038cf", - "udp.checksum.status": "2", - "udp.stream": "29" - }, - "llmnr": { - "dns.id": "0x00004e72", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.conflict": "0", - "dns.flags.truncated": "0", - "dns.flags.tentative": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "wpad: type A, class IN": { - "dns.qry.name": "wpad", - "dns.qry.name.len": "4", - "dns.count.labels": "1", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:46.404663000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493786.404663000", - "frame.time_delta": "0.000571000", - "frame.time_delta_displayed": "0.000571000", - "frame.time_relative": "194.943977000", - "frame.number": "516", - "frame.len": "64", - "frame.cap_len": "64", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:llmnr" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fc", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fc", - "eth.addr": "01:00:5e:00:00:fc", - "eth.addr_resolved": "IPv4mcast_fc", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "50", - "ip.id": "0x00000574", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x00001237", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "224.0.0.252", - "ip.addr": "224.0.0.252", - "ip.dst_host": "224.0.0.252", - "ip.host": "224.0.0.252", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "51449", - "udp.dstport": "5355", - "udp.port": "51449", - "udp.port": "5355", - "udp.length": "30", - "udp.checksum": "0x0000586e", - "udp.checksum.status": "2", - "udp.stream": "30" - }, - "llmnr": { - "dns.id": "0x00004e72", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.conflict": "0", - "dns.flags.truncated": "0", - "dns.flags.tentative": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "wpad: type A, class IN": { - "dns.qry.name": "wpad", - "dns.qry.name.len": "4", - "dns.count.labels": "1", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:46.405259000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493786.405259000", - "frame.time_delta": "0.000596000", - "frame.time_delta_displayed": "0.000596000", - "frame.time_relative": "194.944573000", - "frame.number": "517", - "frame.len": "64", - "frame.cap_len": "64", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:llmnr" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fc", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fc", - "eth.addr": "01:00:5e:00:00:fc", - "eth.addr_resolved": "IPv4mcast_fc", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "50", - "ip.id": "0x00000575", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x00001236", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "224.0.0.252", - "ip.addr": "224.0.0.252", - "ip.dst_host": "224.0.0.252", - "ip.host": "224.0.0.252", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "61999", - "udp.dstport": "5355", - "udp.port": "61999", - "udp.port": "5355", - "udp.length": "30", - "udp.checksum": "0x00007ddf", - "udp.checksum.status": "2", - "udp.stream": "32" - }, - "llmnr": { - "dns.id": "0x0000ffaf", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.conflict": "0", - "dns.flags.truncated": "0", - "dns.flags.tentative": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "wpad: type AAAA, class IN": { - "dns.qry.name": "wpad", - "dns.qry.name.len": "4", - "dns.count.labels": "1", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:46.405977000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493786.405977000", - "frame.time_delta": "0.000718000", - "frame.time_delta_displayed": "0.000718000", - "frame.time_relative": "194.945291000", - "frame.number": "518", - "frame.len": "84", - "frame.cap_len": "84", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:llmnr" - }, - "eth": { - "eth.dst": "33:33:00:01:00:03", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:03", - "eth.addr": "33:33:00:01:00:03", - "eth.addr_resolved": "IPv6mcast_01:00:03", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x000598d0", - "ipv6.plen": "30", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::790f:988f:49cf:68ba", - "ipv6.addr": "fe80::790f:988f:49cf:68ba", - "ipv6.src_host": "fe80::790f:988f:49cf:68ba", - "ipv6.host": "fe80::790f:988f:49cf:68ba", - "ipv6.dst": "ff02::1:3", - "ipv6.addr": "ff02::1:3", - "ipv6.dst_host": "ff02::1:3", - "ipv6.host": "ff02::1:3", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "61999", - "udp.dstport": "5355", - "udp.port": "61999", - "udp.port": "5355", - "udp.length": "30", - "udp.checksum": "0x00005e40", - "udp.checksum.status": "2", - "udp.stream": "31" - }, - "llmnr": { - "dns.id": "0x0000ffaf", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.conflict": "0", - "dns.flags.truncated": "0", - "dns.flags.tentative": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "wpad: type AAAA, class IN": { - "dns.qry.name": "wpad", - "dns.qry.name.len": "4", - "dns.count.labels": "1", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:46.744253000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493786.744253000", - "frame.time_delta": "0.338276000", - "frame.time_delta_displayed": "0.338276000", - "frame.time_relative": "195.283567000", - "frame.number": "519", - "frame.len": "92", - "frame.cap_len": "92", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:nbns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "78", - "ip.id": "0x00005b20", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x00005cc3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "137", - "udp.dstport": "137", - "udp.port": "137", - "udp.port": "137", - "udp.length": "58", - "udp.checksum": "0x0000a430", - "udp.checksum.status": "2", - "udp.stream": "28" - }, - "nbns": { - "nbns.id": "0x0000960d", - "nbns.flags": "0x00000110", - "nbns.flags_tree": { - "nbns.flags.response": "0", - "nbns.flags.opcode": "0", - "nbns.flags.truncated": "0", - "nbns.flags.recdesired": "1", - "nbns.flags.broadcast": "1" - }, - "nbns.count.queries": "1", - "nbns.count.answers": "0", - "nbns.count.auth_rr": "0", - "nbns.count.add_rr": "0", - "Queries": { - "WPAD<00>: type NB, class IN": { - "nbns.name": "WPAD<00>", - "nbns.type": "32", - "nbns.class": "1" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:47.495121000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493787.495121000", - "frame.time_delta": "0.750868000", - "frame.time_delta_displayed": "0.750868000", - "frame.time_relative": "196.034435000", - "frame.number": "520", - "frame.len": "92", - "frame.cap_len": "92", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:nbns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "78", - "ip.id": "0x00005b21", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x00005cc2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "137", - "udp.dstport": "137", - "udp.port": "137", - "udp.port": "137", - "udp.length": "58", - "udp.checksum": "0x0000a430", - "udp.checksum.status": "2", - "udp.stream": "28" - }, - "nbns": { - "nbns.id": "0x0000960d", - "nbns.flags": "0x00000110", - "nbns.flags_tree": { - "nbns.flags.response": "0", - "nbns.flags.opcode": "0", - "nbns.flags.truncated": "0", - "nbns.flags.recdesired": "1", - "nbns.flags.broadcast": "1" - }, - "nbns.count.queries": "1", - "nbns.count.answers": "0", - "nbns.count.auth_rr": "0", - "nbns.count.add_rr": "0", - "Queries": { - "WPAD<00>: type NB, class IN": { - "nbns.name": "WPAD<00>", - "nbns.type": "32", - "nbns.class": "1" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:50.557387000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493790.557387000", - "frame.time_delta": "3.062266000", - "frame.time_delta_displayed": "3.062266000", - "frame.time_relative": "199.096701000", - "frame.number": "521", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001cf9", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000baf7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00000aa5", - "udp.checksum.status": "2", - "udp.stream": "16" - }, - "mdns": { - "dns.id": "0x0000025f", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=607", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:50.557936000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493790.557936000", - "frame.time_delta": "0.000549000", - "frame.time_delta_displayed": "0.000549000", - "frame.time_relative": "199.097250000", - "frame.number": "522", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001cfa", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009bf2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000eba0", - "udp.checksum.status": "2", - "udp.stream": "17" - }, - "mdns": { - "dns.id": "0x0000025f", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=607", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:50.558732000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493790.558732000", - "frame.time_delta": "0.000796000", - "frame.time_delta_displayed": "0.000796000", - "frame.time_relative": "199.098046000", - "frame.number": "523", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1319", - "udp.dstport": "5353", - "udp.port": "1319", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00007966", - "udp.checksum.status": "2", - "udp.stream": "18" - }, - "mdns": { - "dns.id": "0x0000025f", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=607", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:55.560123000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493795.560123000", - "frame.time_delta": "5.001391000", - "frame.time_delta_displayed": "5.001391000", - "frame.time_relative": "204.099437000", - "frame.number": "524", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001cfb", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000baf5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00000aa5", - "udp.checksum.status": "2", - "udp.stream": "16" - }, - "mdns": { - "dns.id": "0x0000025f", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=607", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:55.560618000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493795.560618000", - "frame.time_delta": "0.000495000", - "frame.time_delta_displayed": "0.000495000", - "frame.time_relative": "204.099932000", - "frame.number": "525", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001cfc", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009bf0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000eba0", - "udp.checksum.status": "2", - "udp.stream": "17" - }, - "mdns": { - "dns.id": "0x0000025f", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=607", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:49:55.560875000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493795.560875000", - "frame.time_delta": "0.000257000", - "frame.time_delta_displayed": "0.000257000", - "frame.time_relative": "204.100189000", - "frame.number": "526", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1319", - "udp.dstport": "5353", - "udp.port": "1319", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00007966", - "udp.checksum.status": "2", - "udp.stream": "18" - }, - "mdns": { - "dns.id": "0x0000025f", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=607", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:50:01.304374000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493801.304374000", - "frame.time_delta": "5.743499000", - "frame.time_delta_displayed": "5.743499000", - "frame.time_relative": "209.843688000", - "frame.number": "527", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x00005a95", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00006ec2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:50:01.329843000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493801.329843000", - "frame.time_delta": "0.025469000", - "frame.time_delta_displayed": "0.025469000", - "frame.time_relative": "209.869157000", - "frame.number": "528", - "frame.len": "213", - "frame.cap_len": "213", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "199", - "ip.id": "0x000094ff", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000077ed", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "147", - "tcp.seq": "4177", - "tcp.nxtseq": "4324", - "tcp.ack": "607", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000041c1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:02:e6:a7:9b:aa:2e", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2425574, TSecr 2811996718": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2425574", - "tcp.options.timestamp.tsecr": "2811996718" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "147", - "tcp.analysis.push_bytes_sent": "147" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "142", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:a0:e5:ce:5a:0e:b5:f0:fa:31:72:06:11:5d:12:82:c4:53:cc:7d:08:95:41:d4:d3:30:d9:7c:b4:ed:7a:6a:2d:82:a4:f6:41:cd:ca:ba:53:89:64:38:d5:d8:14:8f:1b:0f:35:1f:91:6c:0f:38:aa:32:93:47:f4:01:9a:a7:e1:b6:2d:70:6b:9c:77:9b:d4:84:f9:48:f0:d5:aa:09:ed:92:48:3f:0f:ee:aa:5b:5e:b2:e1:6b:7b:d3:f2:80:ac:06:11:10:dc:e0:7c:08:be:6f:0f:0a:bc:c9:57:8b:47:d9:45:6c:59:66:4d:88:09:b5:62:73:d9:b0:a0:a6:17:99:b7:19:40:cf:ca:b9" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:50:01.357194000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493801.357194000", - "frame.time_delta": "0.027351000", - "frame.time_delta_displayed": "0.027351000", - "frame.time_relative": "209.896508000", - "frame.number": "529", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x00005a97", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00006ec0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:50:01.410074000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493801.410074000", - "frame.time_delta": "0.052880000", - "frame.time_delta_displayed": "0.052880000", - "frame.time_relative": "209.949388000", - "frame.number": "530", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x00005a9b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00006eb3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:50:01.426192000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493801.426192000", - "frame.time_delta": "0.016118000", - "frame.time_delta_displayed": "0.016118000", - "frame.time_relative": "209.965506000", - "frame.number": "531", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002bfa", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003985", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "607", - "tcp.ack": "4324", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000ca06", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9b:c8:61:00:25:02:e6", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812004449, TSecr 2425574": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812004449", - "tcp.options.timestamp.tsecr": "2425574" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "528", - "tcp.analysis.ack_rtt": "0.096349000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:50:01.442618000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493801.442618000", - "frame.time_delta": "0.016426000", - "frame.time_delta_displayed": "0.016426000", - "frame.time_relative": "209.981932000", - "frame.number": "532", - "frame.len": "196", - "frame.cap_len": "196", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "182", - "ip.id": "0x00009500", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000077fd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "130", - "tcp.seq": "4324", - "tcp.nxtseq": "4454", - "tcp.ack": "607", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00001bb2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:02:f2:a7:9b:c8:61", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2425586, TSecr 2812004449": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2425586", - "tcp.options.timestamp.tsecr": "2812004449" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "130", - "tcp.analysis.push_bytes_sent": "130" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "125", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:a1:25:8b:13:f0:99:a7:bc:d3:99:b3:29:2c:1c:25:6f:a9:86:0f:bf:2f:99:5b:4b:f0:4d:d7:56:49:b9:3e:49:36:7e:e9:a1:bf:c1:0f:34:bd:76:57:4c:67:fc:79:e2:a7:17:c0:ca:fd:7a:ad:fd:e5:a3:f6:97:aa:8c:a5:45:51:22:52:ee:db:fb:29:09:f3:4d:11:20:80:bb:b0:9f:61:63:5a:69:ba:a1:17:f6:a6:c3:18:03:4b:9f:7e:46:ed:c2:99:ab:e3:d8:a6:5c:a4:5f:a9:5b:ad:53:9c:f6:9c:2e:8b:12:3d:04" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:50:01.462995000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493801.462995000", - "frame.time_delta": "0.020377000", - "frame.time_delta_displayed": "0.020377000", - "frame.time_relative": "210.002309000", - "frame.number": "533", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x00005aa0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00006eae", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:50:01.502803000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493801.502803000", - "frame.time_delta": "0.039808000", - "frame.time_delta_displayed": "0.039808000", - "frame.time_relative": "210.042117000", - "frame.number": "534", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002bfb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003984", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "607", - "tcp.ack": "4454", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000c965", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9b:c8:74:00:25:02:f2", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812004468, TSecr 2425586": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812004468", - "tcp.options.timestamp.tsecr": "2425586" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "532", - "tcp.analysis.ack_rtt": "0.060185000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:50:01.515229000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493801.515229000", - "frame.time_delta": "0.012426000", - "frame.time_delta_displayed": "0.012426000", - "frame.time_relative": "210.054543000", - "frame.number": "535", - "frame.len": "115", - "frame.cap_len": "115", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "101", - "ip.id": "0x00009501", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000784d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "49", - "tcp.seq": "4454", - "tcp.nxtseq": "4503", - "tcp.ack": "607", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00005b96", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:02:f9:a7:9b:c8:74", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2425593, TSecr 2812004468": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2425593", - "tcp.options.timestamp.tsecr": "2812004468" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "49", - "tcp.analysis.push_bytes_sent": "49" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "44", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:a2:99:56:88:bd:78:ee:d3:e0:78:1f:84:36:d4:f9:30:eb:8b:7d:3e:d0:21:37:d3:be:8d:25:5e:12:a5:e6:59:54:50:aa:15:49" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:50:01.515866000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493801.515866000", - "frame.time_delta": "0.000637000", - "frame.time_delta_displayed": "0.000637000", - "frame.time_relative": "210.055180000", - "frame.number": "536", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x00005aa1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00006eb3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:50:01.568701000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493801.568701000", - "frame.time_delta": "0.052835000", - "frame.time_delta_displayed": "0.052835000", - "frame.time_relative": "210.108015000", - "frame.number": "537", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x00005aa5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00006eaf", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:50:01.575364000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493801.575364000", - "frame.time_delta": "0.006663000", - "frame.time_delta_displayed": "0.006663000", - "frame.time_relative": "210.114678000", - "frame.number": "538", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002bfc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003983", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "607", - "tcp.ack": "4503", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000c91b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9b:c8:86:00:25:02:f9", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812004486, TSecr 2425593": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812004486", - "tcp.options.timestamp.tsecr": "2425593" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "535", - "tcp.analysis.ack_rtt": "0.060135000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:50:01.575839000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493801.575839000", - "frame.time_delta": "0.000475000", - "frame.time_delta_displayed": "0.000475000", - "frame.time_relative": "210.115153000", - "frame.number": "539", - "frame.len": "121", - "frame.cap_len": "121", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "107", - "ip.id": "0x00002bfd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000394b", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "55", - "tcp.seq": "607", - "tcp.nxtseq": "662", - "tcp.ack": "4503", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000cf62", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9b:c8:86:00:25:02:f9", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812004486, TSecr 2425593": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812004486", - "tcp.options.timestamp.tsecr": "2425593" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "55", - "tcp.analysis.push_bytes_sent": "55" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "50", - "ssl.app_data": "34:cd:34:17:47:48:0e:36:84:e6:dd:6c:59:32:98:1d:97:c3:5e:97:54:4f:0a:e1:a6:1d:96:09:f8:33:86:8e:82:0b:fd:ab:fc:6e:c5:0f:09:92:d8:19:ae:30:e6:f8:9c:26" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:50:01.576331000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493801.576331000", - "frame.time_delta": "0.000492000", - "frame.time_delta_displayed": "0.000492000", - "frame.time_relative": "210.115645000", - "frame.number": "540", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00009502", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000787d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "4503", - "tcp.ack": "662", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000c7ef", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:02:ff:a7:9b:c8:86", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2425599, TSecr 2812004486": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2425599", - "tcp.options.timestamp.tsecr": "2812004486" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "539", - "tcp.analysis.ack_rtt": "0.000492000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:50:04.474499000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493804.474499000", - "frame.time_delta": "2.898168000", - "frame.time_delta_displayed": "2.898168000", - "frame.time_relative": "213.013813000", - "frame.number": "541", - "frame.len": "94", - "frame.cap_len": "94", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "80", - "ip.id": "0x000057d6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a693", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "40", - "tcp.seq": "42", - "tcp.nxtseq": "82", - "tcp.ack": "37", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000083c5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "40", - "tcp.analysis.push_bytes_sent": "40" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "35", - "ssl.app_data": "c1:4c:bc:6e:d4:4e:36:dd:ca:6b:b9:13:cc:e0:4e:eb:a9:a7:cb:a4:73:66:2a:c7:31:a0:fa:64:cd:17:3a:92:3d:e8:cc" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:50:04.617587000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493804.617587000", - "frame.time_delta": "0.143088000", - "frame.time_delta_displayed": "0.143088000", - "frame.time_relative": "213.156901000", - "frame.number": "542", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000fc8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fdc9", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "37", - "tcp.ack": "82", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000010c0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "541", - "tcp.analysis.ack_rtt": "0.143088000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:50:04.695063000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493804.695063000", - "frame.time_delta": "0.077476000", - "frame.time_delta_displayed": "0.077476000", - "frame.time_relative": "213.234377000", - "frame.number": "543", - "frame.len": "90", - "frame.cap_len": "90", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "76", - "ip.id": "0x00000fc9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fda4", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "36", - "tcp.seq": "37", - "tcp.nxtseq": "73", - "tcp.ack": "82", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00002752", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "36", - "tcp.analysis.push_bytes_sent": "36" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "31", - "ssl.app_data": "54:26:79:5a:1e:3d:fa:63:fa:b4:1b:a9:a9:65:db:a3:6f:c0:7e:1b:5a:e9:30:14:f9:f2:2d:cd:15:8d:07" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:50:04.695557000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493804.695557000", - "frame.time_delta": "0.000494000", - "frame.time_delta_displayed": "0.000494000", - "frame.time_relative": "213.234871000", - "frame.number": "544", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000057d7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a6ba", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "82", - "tcp.ack": "73", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00000626", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "543", - "tcp.analysis.ack_rtt": "0.000494000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:50:05.558225000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493805.558225000", - "frame.time_delta": "0.862668000", - "frame.time_delta_displayed": "0.862668000", - "frame.time_relative": "214.097539000", - "frame.number": "545", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d00", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000baf0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x000009a4", - "udp.checksum.status": "2", - "udp.stream": "16" - }, - "mdns": { - "dns.id": "0x00000260", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=608", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:50:05.558796000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493805.558796000", - "frame.time_delta": "0.000571000", - "frame.time_delta_displayed": "0.000571000", - "frame.time_relative": "214.098110000", - "frame.number": "546", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d01", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009beb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000ea9f", - "udp.checksum.status": "2", - "udp.stream": "17" - }, - "mdns": { - "dns.id": "0x00000260", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=608", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:50:05.559354000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493805.559354000", - "frame.time_delta": "0.000558000", - "frame.time_delta_displayed": "0.000558000", - "frame.time_relative": "214.098668000", - "frame.number": "547", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1319", - "udp.dstport": "5353", - "udp.port": "1319", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00007865", - "udp.checksum.status": "2", - "udp.stream": "18" - }, - "mdns": { - "dns.id": "0x00000260", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=608", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:50:06.092211000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493806.092211000", - "frame.time_delta": "0.532857000", - "frame.time_delta_displayed": "0.532857000", - "frame.time_relative": "214.631525000", - "frame.number": "548", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005b26", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x00005cc3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:50:06.430432000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493806.430432000", - "frame.time_delta": "0.338221000", - "frame.time_delta_displayed": "0.338221000", - "frame.time_relative": "214.969746000", - "frame.number": "549", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.242" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:50:06.430874000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493806.430874000", - "frame.time_delta": "0.000442000", - "frame.time_delta_displayed": "0.000442000", - "frame.time_relative": "214.970188000", - "frame.number": "550", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "d0:52:a8:a3:60:0f", - "arp.src.proto_ipv4": "192.168.0.242", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:50:09.360347000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493809.360347000", - "frame.time_delta": "2.929473000", - "frame.time_delta_displayed": "2.929473000", - "frame.time_relative": "217.899661000", - "frame.number": "551", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "50:c7:bf:59:d5:84", - "eth.src_tree": { - "eth.src_resolved": "Tp-LinkT_59:d5:84", - "eth.addr": "50:c7:bf:59:d5:84", - "eth.addr_resolved": "Tp-LinkT_59:d5:84", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "50:c7:bf:59:d5:84", - "arp.src.proto_ipv4": "192.168.0.221", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:50:09.630173000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493809.630173000", - "frame.time_delta": "0.269826000", - "frame.time_delta_displayed": "0.269826000", - "frame.time_relative": "218.169487000", - "frame.number": "552", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.160" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:50:09.630672000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493809.630672000", - "frame.time_delta": "0.000499000", - "frame.time_delta_displayed": "0.000499000", - "frame.time_relative": "218.169986000", - "frame.number": "553", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "00:17:88:69:ee:e4", - "arp.src.proto_ipv4": "192.168.0.160", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:50:10.558500000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493810.558500000", - "frame.time_delta": "0.927828000", - "frame.time_delta_displayed": "0.927828000", - "frame.time_relative": "219.097814000", - "frame.number": "554", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d02", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000baee", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x000009a4", - "udp.checksum.status": "2", - "udp.stream": "16" - }, - "mdns": { - "dns.id": "0x00000260", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=608", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:50:10.559061000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493810.559061000", - "frame.time_delta": "0.000561000", - "frame.time_delta_displayed": "0.000561000", - "frame.time_relative": "219.098375000", - "frame.number": "555", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d03", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009be9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000ea9f", - "udp.checksum.status": "2", - "udp.stream": "17" - }, - "mdns": { - "dns.id": "0x00000260", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=608", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:50:10.559631000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493810.559631000", - "frame.time_delta": "0.000570000", - "frame.time_delta_displayed": "0.000570000", - "frame.time_relative": "219.098945000", - "frame.number": "556", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1319", - "udp.dstport": "5353", - "udp.port": "1319", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00007865", - "udp.checksum.status": "2", - "udp.stream": "18" - }, - "mdns": { - "dns.id": "0x00000260", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=608", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:50:15.558793000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493815.558793000", - "frame.time_delta": "4.999162000", - "frame.time_delta_displayed": "4.999162000", - "frame.time_relative": "224.098107000", - "frame.number": "557", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d04", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000baec", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x000009a4", - "udp.checksum.status": "2", - "udp.stream": "16" - }, - "mdns": { - "dns.id": "0x00000260", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=608", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:50:15.559345000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493815.559345000", - "frame.time_delta": "0.000552000", - "frame.time_delta_displayed": "0.000552000", - "frame.time_relative": "224.098659000", - "frame.number": "558", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d05", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009be7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000ea9f", - "udp.checksum.status": "2", - "udp.stream": "17" - }, - "mdns": { - "dns.id": "0x00000260", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=608", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:50:15.559982000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493815.559982000", - "frame.time_delta": "0.000637000", - "frame.time_delta_displayed": "0.000637000", - "frame.time_relative": "224.099296000", - "frame.number": "559", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1319", - "udp.dstport": "5353", - "udp.port": "1319", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00007865", - "udp.checksum.status": "2", - "udp.stream": "18" - }, - "mdns": { - "dns.id": "0x00000260", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=608", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:50:19.830441000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493819.830441000", - "frame.time_delta": "4.270459000", - "frame.time_delta_displayed": "4.270459000", - "frame.time_relative": "228.369755000", - "frame.number": "560", - "frame.len": "20", - "frame.cap_len": "20", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:llc" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.len": "6" - }, - "llc": { - "llc.dsap": "0x00000000", - "llc.dsap_tree": { - "llc.dsap.sap": "0", - "llc.dsap.ig": "0" - }, - "llc.ssap": "0x00000001", - "llc.ssap_tree": { - "llc.ssap.sap": "0", - "llc.ssap.cr": "1" - }, - "llc.control": "0x000000af", - "llc.control_tree": { - "llc.control.u_modifier_resp": "0x0000002b", - "llc.control.ftype": "0x00000003" - } - }, - "basicxid": { - "basicxid.llc.xid.format": "0x00000081", - "basicxid.llc.xid.types": "0x00000001", - "basicxid.llc.xid.wsize": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:50:20.095018000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493820.095018000", - "frame.time_delta": "0.264577000", - "frame.time_delta_displayed": "0.264577000", - "frame.time_relative": "228.634332000", - "frame.number": "561", - "frame.len": "350", - "frame.cap_len": "350", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:bootp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "336", - "ip.id": "0x00000000", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ba9d", - "ip.checksum.status": "2", - "ip.src": "0.0.0.0", - "ip.addr": "0.0.0.0", - "ip.src_host": "0.0.0.0", - "ip.host": "0.0.0.0", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "68", - "udp.dstport": "67", - "udp.port": "68", - "udp.port": "67", - "udp.length": "316", - "udp.checksum": "0x00004f9e", - "udp.checksum.status": "2", - "udp.stream": "3" - }, - "bootp": { - "bootp.type": "1", - "bootp.hw.type": "0x00000001", - "bootp.hw.len": "6", - "bootp.hops": "0", - "bootp.id": "0xabcd0001", - "bootp.secs": "0", - "bootp.flags": "0x00000000", - "bootp.flags_tree": { - "bootp.flags.bc": "0", - "bootp.flags.reserved": "0x00000000" - }, - "bootp.ip.client": "0.0.0.0", - "bootp.ip.your": "0.0.0.0", - "bootp.ip.server": "0.0.0.0", - "bootp.ip.relay": "0.0.0.0", - "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", - "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", - "bootp.server": "", - "bootp.file": "", - "bootp.dhcp": "1", - "bootp.cookie": "99.130.83.99", - "bootp.option.type": "53", - "bootp.option.type_tree": { - "bootp.option.length": "1", - "bootp.option.value": "01", - "bootp.option.dhcp": "1" - }, - "bootp.option.type": "12", - "bootp.option.type_tree": { - "bootp.option.length": "14", - "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", - "bootp.option.hostname": "USR-WIFI232-G2" - }, - "bootp.option.type": "57", - "bootp.option.type_tree": { - "bootp.option.length": "2", - "bootp.option.value": "05:dc", - "bootp.option.dhcp_max_message_size": "1500" - }, - "bootp.option.type": "55", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "01:03:1c:06", - "bootp.option.request_list_item": "1", - "bootp.option.request_list_item": "3", - "bootp.option.request_list_item": "28", - "bootp.option.request_list_item": "6" - }, - "bootp.option.type": "0", - "bootp.option.type_tree": { - "bootp.option.end": "255" - }, - "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:50:20.130180000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493820.130180000", - "frame.time_delta": "0.035162000", - "frame.time_delta_displayed": "0.035162000", - "frame.time_relative": "228.669494000", - "frame.number": "562", - "frame.len": "350", - "frame.cap_len": "350", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:bootp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "336", - "ip.id": "0x00000001", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ba9c", - "ip.checksum.status": "2", - "ip.src": "0.0.0.0", - "ip.addr": "0.0.0.0", - "ip.src_host": "0.0.0.0", - "ip.host": "0.0.0.0", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "68", - "udp.dstport": "67", - "udp.port": "68", - "udp.port": "67", - "udp.length": "316", - "udp.checksum": "0x000080b3", - "udp.checksum.status": "2", - "udp.stream": "3" - }, - "bootp": { - "bootp.type": "1", - "bootp.hw.type": "0x00000001", - "bootp.hw.len": "6", - "bootp.hops": "0", - "bootp.id": "0xabcd0002", - "bootp.secs": "0", - "bootp.flags": "0x00000000", - "bootp.flags_tree": { - "bootp.flags.bc": "0", - "bootp.flags.reserved": "0x00000000" - }, - "bootp.ip.client": "0.0.0.0", - "bootp.ip.your": "0.0.0.0", - "bootp.ip.server": "0.0.0.0", - "bootp.ip.relay": "0.0.0.0", - "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", - "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", - "bootp.server": "", - "bootp.file": "", - "bootp.dhcp": "1", - "bootp.cookie": "99.130.83.99", - "bootp.option.type": "53", - "bootp.option.type_tree": { - "bootp.option.length": "1", - "bootp.option.value": "03", - "bootp.option.dhcp": "3" - }, - "bootp.option.type": "12", - "bootp.option.type_tree": { - "bootp.option.length": "14", - "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", - "bootp.option.hostname": "USR-WIFI232-G2" - }, - "bootp.option.type": "57", - "bootp.option.type_tree": { - "bootp.option.length": "2", - "bootp.option.value": "05:dc", - "bootp.option.dhcp_max_message_size": "1500" - }, - "bootp.option.type": "50", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "c0:a8:00:72", - "bootp.option.requested_ip_address": "192.168.0.114" - }, - "bootp.option.type": "54", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "c0:a8:00:01", - "bootp.option.dhcp_server_id": "192.168.0.1" - }, - "bootp.option.type": "55", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "01:03:1c:06", - "bootp.option.request_list_item": "1", - "bootp.option.request_list_item": "3", - "bootp.option.request_list_item": "28", - "bootp.option.request_list_item": "6" - }, - "bootp.option.type": "0", - "bootp.option.type_tree": { - "bootp.option.end": "255" - }, - "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:50:20.183514000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493820.183514000", - "frame.time_delta": "0.053334000", - "frame.time_delta_displayed": "0.053334000", - "frame.time_relative": "228.722828000", - "frame.number": "563", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", - "arp.src.proto_ipv4": "0.0.0.0", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.114" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:50:20.498099000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493820.498099000", - "frame.time_delta": "0.314585000", - "frame.time_delta_displayed": "0.314585000", - "frame.time_relative": "229.037413000", - "frame.number": "564", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", - "arp.src.proto_ipv4": "0.0.0.0", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.114" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:50:25.214445000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493825.214445000", - "frame.time_delta": "4.716346000", - "frame.time_delta_displayed": "4.716346000", - "frame.time_relative": "233.753759000", - "frame.number": "565", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", - "arp.src.proto_ipv4": "192.168.0.114", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:50:25.559331000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493825.559331000", - "frame.time_delta": "0.344886000", - "frame.time_delta_displayed": "0.344886000", - "frame.time_relative": "234.098645000", - "frame.number": "566", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d08", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000bae8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x000008a3", - "udp.checksum.status": "2", - "udp.stream": "16" - }, - "mdns": { - "dns.id": "0x00000261", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=609", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:50:25.559891000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493825.559891000", - "frame.time_delta": "0.000560000", - "frame.time_delta_displayed": "0.000560000", - "frame.time_relative": "234.099205000", - "frame.number": "567", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d09", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009be3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000e99e", - "udp.checksum.status": "2", - "udp.stream": "17" - }, - "mdns": { - "dns.id": "0x00000261", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=609", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:50:25.560467000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493825.560467000", - "frame.time_delta": "0.000576000", - "frame.time_delta_displayed": "0.000576000", - "frame.time_relative": "234.099781000", - "frame.number": "568", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1319", - "udp.dstport": "5353", - "udp.port": "1319", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00007764", - "udp.checksum.status": "2", - "udp.stream": "18" - }, - "mdns": { - "dns.id": "0x00000261", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=609", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:50:28.758226000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493828.758226000", - "frame.time_delta": "3.197759000", - "frame.time_delta_displayed": "3.197759000", - "frame.time_relative": "237.297540000", - "frame.number": "569", - "frame.len": "142", - "frame.cap_len": "142", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:adwin_config" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "128", - "ip.id": "0x00000a8f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000edf5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "108", - "udp.checksum": "0x00007b2a", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "adwin_config": { - "adwin_config.command": "1409286244", - "adwin_config.version": "1380667970", - "adwin_config.mac": "d0:73:d5:02:41:da", - "adwin_config.unused": "", - "adwin_config.server_ip": "88.70.73.76", - "adwin_config.unused": "", - "adwin_config.netmask": "139.208.244.4", - "adwin_config.unused": "", - "adwin_config.gateway": "0.0.0.59", - "adwin_config.unused": "", - "adwin_config.dhcp": "1", - "adwin_config.port": "351456418", - "adwin_config.password": "", - "adwin_config.bootloader": "0", - "adwin_config.unused": "", - "adwin_config.description": "", - "adwin_config.date": "", - "adwin_config.revision": "", - "adwin_config.processor_type_raw": "", - "adwin_config.processor_type": "Unknown", - "adwin_config.system_type_raw": "", - "adwin_config.system_type": "Unknown" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:50:28.853430000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493828.853430000", - "frame.time_delta": "0.095204000", - "frame.time_delta_displayed": "0.095204000", - "frame.time_relative": "237.392744000", - "frame.number": "570", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "3c:ef:8c:6f:79:5a", - "eth.src_tree": { - "eth.src_resolved": "Zhejiang_6f:79:5a", - "eth.addr": "3c:ef:8c:6f:79:5a", - "eth.addr_resolved": "Zhejiang_6f:79:5a", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.isgratuitous": "1", - "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", - "arp.src.proto_ipv4": "192.168.0.71", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.71" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:50:30.559641000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493830.559641000", - "frame.time_delta": "1.706211000", - "frame.time_delta_displayed": "1.706211000", - "frame.time_relative": "239.098955000", - "frame.number": "571", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d0a", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000bae6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x000008a3", - "udp.checksum.status": "2", - "udp.stream": "16" - }, - "mdns": { - "dns.id": "0x00000261", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=609", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:50:30.560204000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493830.560204000", - "frame.time_delta": "0.000563000", - "frame.time_delta_displayed": "0.000563000", - "frame.time_relative": "239.099518000", - "frame.number": "572", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d0b", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009be1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000e99e", - "udp.checksum.status": "2", - "udp.stream": "17" - }, - "mdns": { - "dns.id": "0x00000261", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=609", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:50:30.560765000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493830.560765000", - "frame.time_delta": "0.000561000", - "frame.time_delta_displayed": "0.000561000", - "frame.time_relative": "239.100079000", - "frame.number": "573", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1319", - "udp.dstport": "5353", - "udp.port": "1319", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00007764", - "udp.checksum.status": "2", - "udp.stream": "18" - }, - "mdns": { - "dns.id": "0x00000261", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=609", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:50:32.591021000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493832.591021000", - "frame.time_delta": "2.030256000", - "frame.time_delta_displayed": "2.030256000", - "frame.time_relative": "241.130335000", - "frame.number": "574", - "frame.len": "115", - "frame.cap_len": "115", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "101", - "ip.id": "0x00009503", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000784b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "49", - "tcp.seq": "4503", - "tcp.nxtseq": "4552", - "tcp.ack": "662", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00008a14", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:0f:1d:a7:9b:c8:86", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2428701, TSecr 2812004486": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2428701", - "tcp.options.timestamp.tsecr": "2812004486" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "49", - "tcp.analysis.push_bytes_sent": "49" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "44", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:a3:ac:89:27:45:98:c2:b3:10:98:7f:49:d2:4b:cb:99:e8:96:5c:a9:30:96:81:94:05:c9:0b:0c:b1:bc:3d:9c:44:6c:ce:77:c2" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:50:32.651741000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493832.651741000", - "frame.time_delta": "0.060720000", - "frame.time_delta_displayed": "0.060720000", - "frame.time_relative": "241.191055000", - "frame.number": "575", - "frame.len": "121", - "frame.cap_len": "121", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "107", - "ip.id": "0x00002bfe", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000394a", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "55", - "tcp.seq": "662", - "tcp.nxtseq": "717", - "tcp.ack": "4552", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000126f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9b:e6:df:00:25:0f:1d", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812012255, TSecr 2428701": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812012255", - "tcp.options.timestamp.tsecr": "2428701" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "574", - "tcp.analysis.ack_rtt": "0.060720000", - "tcp.analysis.bytes_in_flight": "55", - "tcp.analysis.push_bytes_sent": "55" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "50", - "ssl.app_data": "34:cd:34:17:47:48:0e:37:e3:28:0f:e5:f7:96:4a:f4:6a:c7:ef:5a:73:bf:a7:46:d7:f5:2d:c7:66:85:4f:a2:42:36:76:ef:c5:00:cf:d2:db:00:19:04:40:85:cb:33:12:7e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:50:32.652241000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493832.652241000", - "frame.time_delta": "0.000500000", - "frame.time_delta_displayed": "0.000500000", - "frame.time_relative": "241.191555000", - "frame.number": "576", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00009504", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000787b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "4552", - "tcp.ack": "717", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00009d0a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:0f:23:a7:9b:e6:df", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2428707, TSecr 2812012255": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2428707", - "tcp.options.timestamp.tsecr": "2812012255" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "575", - "tcp.analysis.ack_rtt": "0.000500000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:50:34.691002000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493834.691002000", - "frame.time_delta": "2.038761000", - "frame.time_delta_displayed": "2.038761000", - "frame.time_relative": "243.230316000", - "frame.number": "577", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000057d8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a6b9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "81", - "tcp.ack": "73", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00000627", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive": "", - "_ws.expert.message": "TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:50:34.834148000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493834.834148000", - "frame.time_delta": "0.143146000", - "frame.time_delta_displayed": "0.143146000", - "frame.time_relative": "243.373462000", - "frame.number": "578", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000fca", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fdc7", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "73", - "tcp.ack": "82", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000109c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive_ack": "", - "_ws.expert.message": "ACK to a TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:50:35.559897000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493835.559897000", - "frame.time_delta": "0.725749000", - "frame.time_delta_displayed": "0.725749000", - "frame.time_relative": "244.099211000", - "frame.number": "579", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d0c", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000bae4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x000008a3", - "udp.checksum.status": "2", - "udp.stream": "16" - }, - "mdns": { - "dns.id": "0x00000261", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=609", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:50:35.560458000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493835.560458000", - "frame.time_delta": "0.000561000", - "frame.time_delta_displayed": "0.000561000", - "frame.time_relative": "244.099772000", - "frame.number": "580", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d0d", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009bdf", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000e99e", - "udp.checksum.status": "2", - "udp.stream": "17" - }, - "mdns": { - "dns.id": "0x00000261", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=609", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:50:35.561047000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493835.561047000", - "frame.time_delta": "0.000589000", - "frame.time_delta_displayed": "0.000589000", - "frame.time_relative": "244.100361000", - "frame.number": "581", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1319", - "udp.dstport": "5353", - "udp.port": "1319", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00007764", - "udp.checksum.status": "2", - "udp.stream": "18" - }, - "mdns": { - "dns.id": "0x00000261", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=609", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:50:36.093897000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493836.093897000", - "frame.time_delta": "0.532850000", - "frame.time_delta_displayed": "0.532850000", - "frame.time_relative": "244.633211000", - "frame.number": "582", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005b2d", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x00005cbc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:50:37.660409000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493837.660409000", - "frame.time_delta": "1.566512000", - "frame.time_delta_displayed": "1.566512000", - "frame.time_relative": "246.199723000", - "frame.number": "583", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.242" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:50:37.660831000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493837.660831000", - "frame.time_delta": "0.000422000", - "frame.time_delta_displayed": "0.000422000", - "frame.time_relative": "246.200145000", - "frame.number": "584", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "d0:52:a8:a3:60:0f", - "arp.src.proto_ipv4": "192.168.0.242", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:50:38.766089000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493838.766089000", - "frame.time_delta": "1.105258000", - "frame.time_delta_displayed": "1.105258000", - "frame.time_relative": "247.305403000", - "frame.number": "585", - "frame.len": "418", - "frame.cap_len": "418", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "404", - "ip.id": "0x00009505", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000771a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "352", - "tcp.seq": "4552", - "tcp.nxtseq": "4904", - "tcp.ack": "717", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000950f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:11:86:a7:9b:e6:df", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2429318, TSecr 2812012255": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2429318", - "tcp.options.timestamp.tsecr": "2812012255" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "352", - "tcp.analysis.push_bytes_sent": "352" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "347", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:a4:9f:ba:73:58:d2:92:77:40:06:d9:54:3d:f8:9e:53:97:0f:3c:fa:a6:d1:92:94:af:28:f6:95:37:db:8b:32:25:f6:b6:6e:c3:13:53:08:1b:30:3b:55:9a:48:a3:49:a3:21:84:b4:e2:52:df:e0:03:89:66:42:84:ef:03:de:e2:77:2e:ad:81:68:be:39:d2:94:89:36:c8:f1:d2:c3:33:c3:2d:6d:db:74:26:38:0f:0b:a3:59:bd:aa:7d:7e:7b:c0:51:d7:a3:80:5e:d7:41:95:96:f1:cf:ef:08:0e:b5:66:8a:2f:ac:3c:bc:67:4f:33:2c:b1:6c:f8:13:72:bd:9a:20:9d:12:24:50:8f:98:6d:3b:24:b6:e6:27:8e:39:f5:87:03:4f:e5:94:17:5f:db:9a:19:6d:98:22:3b:97:e1:44:34:96:3f:9c:02:30:5f:52:b9:aa:e0:85:f2:64:35:0d:46:4e:a4:ea:c4:8c:bd:b6:0d:6b:a4:ba:bd:8d:92:38:df:bd:56:4f:c4:aa:ed:be:5b:4a:b2:b4:8f:b3:03:42:db:cc:f9:48:dc:24:7b:54:9c:1e:ad:2c:07:08:b6:bc:94:71:8e:04:41:d0:de:90:65:18:1a:af:37:f7:83:c4:a9:a8:02:4b:76:c4:ac:f7:38:ea:5d:38:91:68:5b:03:5d:00:12:45:01:53:b8:0e:ef:e5:6f:ff:b2:cb:69:dd:e4:40:d8:ea:5b:a6:ce:2a:f2:45:0f:01:fe:4b:4f:57:2b:14:f6:8a:f9:35:90:1f:d3:45:0c:f7:b2:95:67:25:e0:e3:c1:5b:06:60:95:7b:d2:8b:24:11:e6:56:a7:80:e4:22:75:57:77:11:82:72:c1:a2:75:f5:9d:37:fb:32:56" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:50:38.827248000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493838.827248000", - "frame.time_delta": "0.061159000", - "frame.time_delta_displayed": "0.061159000", - "frame.time_relative": "247.366562000", - "frame.number": "586", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002bff", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003951", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "717", - "tcp.nxtseq": "764", - "tcp.ack": "4904", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00007898", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9b:ec:e7:00:25:11:86", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812013799, TSecr 2429318": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812013799", - "tcp.options.timestamp.tsecr": "2429318" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "585", - "tcp.analysis.ack_rtt": "0.061159000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:38:18:66:b1:ff:7a:f5:20:71:ea:c6:8f:69:47:92:85:09:22:47:db:93:89:e3:0d:89:93:ba:7f:54:0b:4d:25:1b:18:1b" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:50:38.827686000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493838.827686000", - "frame.time_delta": "0.000438000", - "frame.time_delta_displayed": "0.000438000", - "frame.time_relative": "247.367000000", - "frame.number": "587", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00009506", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007879", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "4904", - "tcp.ack": "764", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000930a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:11:8c:a7:9b:ec:e7", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2429324, TSecr 2812013799": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2429324", - "tcp.options.timestamp.tsecr": "2812013799" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "586", - "tcp.analysis.ack_rtt": "0.000438000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:50:39.700924000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493839.700924000", - "frame.time_delta": "0.873238000", - "frame.time_delta_displayed": "0.873238000", - "frame.time_relative": "248.240238000", - "frame.number": "588", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "00:17:88:69:ee:e4", - "arp.src.proto_ipv4": "192.168.0.160", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:50:39.701107000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493839.701107000", - "frame.time_delta": "0.000183000", - "frame.time_delta_displayed": "0.000183000", - "frame.time_relative": "248.240421000", - "frame.number": "589", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:17:88:69:ee:e4", - "arp.dst.proto_ipv4": "192.168.0.160" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:50:45.560506000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493845.560506000", - "frame.time_delta": "5.859399000", - "frame.time_delta_displayed": "5.859399000", - "frame.time_relative": "254.099820000", - "frame.number": "590", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d0e", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000bae2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x000011a1", - "udp.checksum.status": "2", - "udp.stream": "16" - }, - "mdns": { - "dns.id": "0x00000262", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=610", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:50:45.561049000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493845.561049000", - "frame.time_delta": "0.000543000", - "frame.time_delta_displayed": "0.000543000", - "frame.time_relative": "254.100363000", - "frame.number": "591", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d0f", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009bdd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f29c", - "udp.checksum.status": "2", - "udp.stream": "17" - }, - "mdns": { - "dns.id": "0x00000262", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=610", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:50:45.561610000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493845.561610000", - "frame.time_delta": "0.000561000", - "frame.time_delta_displayed": "0.000561000", - "frame.time_relative": "254.100924000", - "frame.number": "592", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1319", - "udp.dstport": "5353", - "udp.port": "1319", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00008062", - "udp.checksum.status": "2", - "udp.stream": "18" - }, - "mdns": { - "dns.id": "0x00000262", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=610", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:50:50.560732000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493850.560732000", - "frame.time_delta": "4.999122000", - "frame.time_delta_displayed": "4.999122000", - "frame.time_relative": "259.100046000", - "frame.number": "593", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d13", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000badd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x000011a1", - "udp.checksum.status": "2", - "udp.stream": "16" - }, - "mdns": { - "dns.id": "0x00000262", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=610", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:50:50.561298000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493850.561298000", - "frame.time_delta": "0.000566000", - "frame.time_delta_displayed": "0.000566000", - "frame.time_relative": "259.100612000", - "frame.number": "594", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d14", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009bd8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f29c", - "udp.checksum.status": "2", - "udp.stream": "17" - }, - "mdns": { - "dns.id": "0x00000262", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=610", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:50:50.561869000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493850.561869000", - "frame.time_delta": "0.000571000", - "frame.time_delta_displayed": "0.000571000", - "frame.time_relative": "259.101183000", - "frame.number": "595", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1319", - "udp.dstport": "5353", - "udp.port": "1319", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00008062", - "udp.checksum.status": "2", - "udp.stream": "18" - }, - "mdns": { - "dns.id": "0x00000262", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=610", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:50:54.369662000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493854.369662000", - "frame.time_delta": "3.807793000", - "frame.time_delta_displayed": "3.807793000", - "frame.time_relative": "262.908976000", - "frame.number": "596", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x00006482", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000064d5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:50:54.422563000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493854.422563000", - "frame.time_delta": "0.052901000", - "frame.time_delta_displayed": "0.052901000", - "frame.time_relative": "262.961877000", - "frame.number": "597", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x00006484", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000064d3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:50:54.475463000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493854.475463000", - "frame.time_delta": "0.052900000", - "frame.time_delta_displayed": "0.052900000", - "frame.time_relative": "263.014777000", - "frame.number": "598", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x00006485", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000064c9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:50:54.528304000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493854.528304000", - "frame.time_delta": "0.052841000", - "frame.time_delta_displayed": "0.052841000", - "frame.time_relative": "263.067618000", - "frame.number": "599", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x00006486", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000064c8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:50:54.581211000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493854.581211000", - "frame.time_delta": "0.052907000", - "frame.time_delta_displayed": "0.052907000", - "frame.time_relative": "263.120525000", - "frame.number": "600", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x00006489", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000064cb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:50:54.634042000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493854.634042000", - "frame.time_delta": "0.052831000", - "frame.time_delta_displayed": "0.052831000", - "frame.time_relative": "263.173356000", - "frame.number": "601", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x0000648e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000064c6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:50:55.561032000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493855.561032000", - "frame.time_delta": "0.926990000", - "frame.time_delta_displayed": "0.926990000", - "frame.time_relative": "264.100346000", - "frame.number": "602", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d15", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000badb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x000011a1", - "udp.checksum.status": "2", - "udp.stream": "16" - }, - "mdns": { - "dns.id": "0x00000262", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=610", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:50:55.561584000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493855.561584000", - "frame.time_delta": "0.000552000", - "frame.time_delta_displayed": "0.000552000", - "frame.time_relative": "264.100898000", - "frame.number": "603", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d16", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009bd6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f29c", - "udp.checksum.status": "2", - "udp.stream": "17" - }, - "mdns": { - "dns.id": "0x00000262", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=610", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:50:55.562516000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493855.562516000", - "frame.time_delta": "0.000932000", - "frame.time_delta_displayed": "0.000932000", - "frame.time_relative": "264.101830000", - "frame.number": "604", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1319", - "udp.dstport": "5353", - "udp.port": "1319", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00008062", - "udp.checksum.status": "2", - "udp.stream": "18" - }, - "mdns": { - "dns.id": "0x00000262", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=610", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:04.830945000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493864.830945000", - "frame.time_delta": "9.268429000", - "frame.time_delta_displayed": "9.268429000", - "frame.time_relative": "273.370259000", - "frame.number": "605", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000057d9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a6b8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "81", - "tcp.ack": "73", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00000627", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive": "", - "_ws.expert.message": "TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:04.974176000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493864.974176000", - "frame.time_delta": "0.143231000", - "frame.time_delta_displayed": "0.143231000", - "frame.time_relative": "273.513490000", - "frame.number": "606", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000fcb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fdc6", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "73", - "tcp.ack": "82", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000109c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive_ack": "", - "_ws.expert.message": "ACK to a TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:05.561584000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493865.561584000", - "frame.time_delta": "0.587408000", - "frame.time_delta_displayed": "0.587408000", - "frame.time_relative": "274.100898000", - "frame.number": "607", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d17", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000bad9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x000010a0", - "udp.checksum.status": "2", - "udp.stream": "16" - }, - "mdns": { - "dns.id": "0x00000263", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=611", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:05.562148000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493865.562148000", - "frame.time_delta": "0.000564000", - "frame.time_delta_displayed": "0.000564000", - "frame.time_relative": "274.101462000", - "frame.number": "608", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d18", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009bd4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f19b", - "udp.checksum.status": "2", - "udp.stream": "17" - }, - "mdns": { - "dns.id": "0x00000263", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=611", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:05.562714000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493865.562714000", - "frame.time_delta": "0.000566000", - "frame.time_delta_displayed": "0.000566000", - "frame.time_relative": "274.102028000", - "frame.number": "609", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1319", - "udp.dstport": "5353", - "udp.port": "1319", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00007f61", - "udp.checksum.status": "2", - "udp.stream": "18" - }, - "mdns": { - "dns.id": "0x00000263", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=611", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:06.096828000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493866.096828000", - "frame.time_delta": "0.534114000", - "frame.time_delta_displayed": "0.534114000", - "frame.time_relative": "274.636142000", - "frame.number": "610", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005b34", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x00005cb5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:09.840882000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493869.840882000", - "frame.time_delta": "3.744054000", - "frame.time_delta_displayed": "3.744054000", - "frame.time_relative": "278.380196000", - "frame.number": "611", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "00:17:88:69:ee:e4", - "arp.src.proto_ipv4": "192.168.0.160", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:09.841057000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493869.841057000", - "frame.time_delta": "0.000175000", - "frame.time_delta_displayed": "0.000175000", - "frame.time_relative": "278.380371000", - "frame.number": "612", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:17:88:69:ee:e4", - "arp.dst.proto_ipv4": "192.168.0.160" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:09.848518000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493869.848518000", - "frame.time_delta": "0.007461000", - "frame.time_delta_displayed": "0.007461000", - "frame.time_relative": "278.387832000", - "frame.number": "613", - "frame.len": "115", - "frame.cap_len": "115", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "101", - "ip.id": "0x00009507", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007847", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "49", - "tcp.seq": "4904", - "tcp.nxtseq": "4953", - "tcp.ack": "764", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000c0ac", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:1d:ab:a7:9b:ec:e7", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2432427, TSecr 2812013799": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2432427", - "tcp.options.timestamp.tsecr": "2812013799" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "49", - "tcp.analysis.push_bytes_sent": "49" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "44", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:a5:8e:7f:ea:00:23:35:85:fe:f1:06:ea:49:13:c1:78:25:a4:0e:30:63:d1:b3:df:9b:2d:c4:43:28:14:7a:59:91:83:3d:75:3c" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:09.909242000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493869.909242000", - "frame.time_delta": "0.060724000", - "frame.time_delta_displayed": "0.060724000", - "frame.time_relative": "278.448556000", - "frame.number": "614", - "frame.len": "121", - "frame.cap_len": "121", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "107", - "ip.id": "0x00002c00", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003948", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "55", - "tcp.seq": "764", - "tcp.nxtseq": "819", - "tcp.ack": "4953", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000091fa", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9c:0b:41:00:25:1d:ab", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812021569, TSecr 2432427": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812021569", - "tcp.options.timestamp.tsecr": "2432427" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "613", - "tcp.analysis.ack_rtt": "0.060724000", - "tcp.analysis.bytes_in_flight": "55", - "tcp.analysis.push_bytes_sent": "55" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "50", - "ssl.app_data": "34:cd:34:17:47:48:0e:39:dd:e1:c4:7c:c3:0e:b0:da:83:eb:48:6a:73:e0:7f:49:24:1b:83:80:bb:4e:a2:d4:30:13:1e:f9:52:5c:bd:d5:5b:b0:60:87:da:4c:45:75:3d:66" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:09.909761000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493869.909761000", - "frame.time_delta": "0.000519000", - "frame.time_delta_displayed": "0.000519000", - "frame.time_relative": "278.449075000", - "frame.number": "615", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00009508", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007877", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "4953", - "tcp.ack": "819", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00006823", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:1d:b1:a7:9c:0b:41", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2432433, TSecr 2812021569": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2432433", - "tcp.options.timestamp.tsecr": "2812021569" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "614", - "tcp.analysis.ack_rtt": "0.000519000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:10.215661000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493870.215661000", - "frame.time_delta": "0.305900000", - "frame.time_delta_displayed": "0.305900000", - "frame.time_relative": "278.754975000", - "frame.number": "616", - "frame.len": "134", - "frame.cap_len": "134", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:adwin_config" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "120", - "ip.id": "0x00000a92", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000edfa", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "100", - "udp.checksum": "0x0000cba7", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "adwin_config": { - "adwin_config.pattern": "0x5c000054", - "adwin_config.version": "1112689490", - "adwin_config.scan_id": "0xd073d502", - "adwin_config.status": "0x41da0000", - "adwin_config.timeout": "1279870552", - "adwin_config.filename": "V2", - "adwin_config.mac": "02:d3:af:c3:9f:42", - "adwin_config.unused": "" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:10.561848000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493870.561848000", - "frame.time_delta": "0.346187000", - "frame.time_delta_displayed": "0.346187000", - "frame.time_relative": "279.101162000", - "frame.number": "617", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d19", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000bad7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x000010a0", - "udp.checksum.status": "2", - "udp.stream": "16" - }, - "mdns": { - "dns.id": "0x00000263", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=611", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:10.562417000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493870.562417000", - "frame.time_delta": "0.000569000", - "frame.time_delta_displayed": "0.000569000", - "frame.time_relative": "279.101731000", - "frame.number": "618", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d1a", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009bd2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f19b", - "udp.checksum.status": "2", - "udp.stream": "17" - }, - "mdns": { - "dns.id": "0x00000263", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=611", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:10.562982000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493870.562982000", - "frame.time_delta": "0.000565000", - "frame.time_delta_displayed": "0.000565000", - "frame.time_relative": "279.102296000", - "frame.number": "619", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1319", - "udp.dstport": "5353", - "udp.port": "1319", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00007f61", - "udp.checksum.status": "2", - "udp.stream": "18" - }, - "mdns": { - "dns.id": "0x00000263", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=611", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:14.910252000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493874.910252000", - "frame.time_delta": "4.347270000", - "frame.time_delta_displayed": "4.347270000", - "frame.time_relative": "283.449566000", - "frame.number": "620", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.242" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:14.910729000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493874.910729000", - "frame.time_delta": "0.000477000", - "frame.time_delta_displayed": "0.000477000", - "frame.time_relative": "283.450043000", - "frame.number": "621", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "d0:52:a8:a3:60:0f", - "arp.src.proto_ipv4": "192.168.0.242", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:15.563795000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493875.563795000", - "frame.time_delta": "0.653066000", - "frame.time_delta_displayed": "0.653066000", - "frame.time_relative": "284.103109000", - "frame.number": "622", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d1b", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000bad5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x000010a0", - "udp.checksum.status": "2", - "udp.stream": "16" - }, - "mdns": { - "dns.id": "0x00000263", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=611", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:15.564201000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493875.564201000", - "frame.time_delta": "0.000406000", - "frame.time_delta_displayed": "0.000406000", - "frame.time_relative": "284.103515000", - "frame.number": "623", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d1c", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009bd0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f19b", - "udp.checksum.status": "2", - "udp.stream": "17" - }, - "mdns": { - "dns.id": "0x00000263", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=611", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:15.564546000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493875.564546000", - "frame.time_delta": "0.000345000", - "frame.time_delta_displayed": "0.000345000", - "frame.time_relative": "284.103860000", - "frame.number": "624", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1319", - "udp.dstport": "5353", - "udp.port": "1319", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00007f61", - "udp.checksum.status": "2", - "udp.stream": "18" - }, - "mdns": { - "dns.id": "0x00000263", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=611", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:25.598929000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493885.598929000", - "frame.time_delta": "10.034383000", - "frame.time_delta_displayed": "10.034383000", - "frame.time_relative": "294.138243000", - "frame.number": "625", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d1f", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000bad1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00000f9f", - "udp.checksum.status": "2", - "udp.stream": "16" - }, - "mdns": { - "dns.id": "0x00000264", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=612", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:25.598992000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493885.598992000", - "frame.time_delta": "0.000063000", - "frame.time_delta_displayed": "0.000063000", - "frame.time_relative": "294.138306000", - "frame.number": "626", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d20", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009bcc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f09a", - "udp.checksum.status": "2", - "udp.stream": "17" - }, - "mdns": { - "dns.id": "0x00000264", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=612", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:25.599093000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493885.599093000", - "frame.time_delta": "0.000101000", - "frame.time_delta_displayed": "0.000101000", - "frame.time_relative": "294.138407000", - "frame.number": "627", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1319", - "udp.dstport": "5353", - "udp.port": "1319", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00007e60", - "udp.checksum.status": "2", - "udp.stream": "18" - }, - "mdns": { - "dns.id": "0x00000264", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=612", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:28.854409000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493888.854409000", - "frame.time_delta": "3.255316000", - "frame.time_delta_displayed": "3.255316000", - "frame.time_relative": "297.393723000", - "frame.number": "628", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "3c:ef:8c:6f:79:5a", - "eth.src_tree": { - "eth.src_resolved": "Zhejiang_6f:79:5a", - "eth.addr": "3c:ef:8c:6f:79:5a", - "eth.addr_resolved": "Zhejiang_6f:79:5a", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.isgratuitous": "1", - "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", - "arp.src.proto_ipv4": "192.168.0.71", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.71" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:30.444727000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493890.444727000", - "frame.time_delta": "1.590318000", - "frame.time_delta_displayed": "1.590318000", - "frame.time_relative": "298.984041000", - "frame.number": "629", - "frame.len": "168", - "frame.cap_len": "168", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "154", - "ip.id": "0x000020d8", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e76c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "52117", - "udp.dstport": "1900", - "udp.port": "52117", - "udp.port": "1900", - "udp.length": "134", - "udp.checksum": "0x00004d48", - "udp.checksum.status": "2", - "udp.stream": "10" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "3", - "http.prev_request_in": "369" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:30.562960000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493890.562960000", - "frame.time_delta": "0.118233000", - "frame.time_delta_displayed": "0.118233000", - "frame.time_relative": "299.102274000", - "frame.number": "630", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d21", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000bacf", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00000f9f", - "udp.checksum.status": "2", - "udp.stream": "16" - }, - "mdns": { - "dns.id": "0x00000264", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=612", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:30.563555000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493890.563555000", - "frame.time_delta": "0.000595000", - "frame.time_delta_displayed": "0.000595000", - "frame.time_relative": "299.102869000", - "frame.number": "631", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d22", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009bca", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f09a", - "udp.checksum.status": "2", - "udp.stream": "17" - }, - "mdns": { - "dns.id": "0x00000264", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=612", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:30.564140000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493890.564140000", - "frame.time_delta": "0.000585000", - "frame.time_delta_displayed": "0.000585000", - "frame.time_relative": "299.103454000", - "frame.number": "632", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1319", - "udp.dstport": "5353", - "udp.port": "1319", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00007e60", - "udp.checksum.status": "2", - "udp.stream": "18" - }, - "mdns": { - "dns.id": "0x00000264", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=612", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:30.911222000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493890.911222000", - "frame.time_delta": "0.347082000", - "frame.time_delta_displayed": "0.347082000", - "frame.time_relative": "299.450536000", - "frame.number": "633", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000261c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000912f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "305", - "udp.checksum": "0x0000f985", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "13", - "http.prev_response_in": "435" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:30.914315000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493890.914315000", - "frame.time_delta": "0.003093000", - "frame.time_delta_displayed": "0.003093000", - "frame.time_relative": "299.453629000", - "frame.number": "634", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x000018cb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f9c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54514", - "tcp.dstport": "80", - "tcp.port": "54514", - "tcp.port": "80", - "tcp.stream": "20", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x00000ce2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:30.914878000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493890.914878000", - "frame.time_delta": "0.000563000", - "frame.time_delta_displayed": "0.000563000", - "frame.time_relative": "299.454192000", - "frame.number": "635", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54514", - "tcp.port": "80", - "tcp.port": "54514", - "tcp.stream": "20", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00008f9a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "634", - "tcp.analysis.ack_rtt": "0.000563000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:30.917756000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493890.917756000", - "frame.time_delta": "0.002878000", - "frame.time_delta_displayed": "0.002878000", - "frame.time_relative": "299.457070000", - "frame.number": "636", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000018cc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005fa7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54514", - "tcp.dstport": "80", - "tcp.port": "54514", - "tcp.port": "80", - "tcp.stream": "20", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00004179", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "635", - "tcp.analysis.ack_rtt": "0.002878000", - "tcp.analysis.initial_rtt": "0.003441000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:30.918451000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493890.918451000", - "frame.time_delta": "0.000695000", - "frame.time_delta_displayed": "0.000695000", - "frame.time_relative": "299.457765000", - "frame.number": "637", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x000018cd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005eff", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54514", - "tcp.dstport": "80", - "tcp.port": "54514", - "tcp.port": "80", - "tcp.stream": "20", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000056f2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003441000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:30.918935000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493890.918935000", - "frame.time_delta": "0.000484000", - "frame.time_delta_displayed": "0.000484000", - "frame.time_relative": "299.458249000", - "frame.number": "638", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000093bd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000024b6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54514", - "tcp.port": "80", - "tcp.port": "54514", - "tcp.stream": "20", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000330a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "637", - "tcp.analysis.ack_rtt": "0.000484000", - "tcp.analysis.initial_rtt": "0.003441000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:30.919521000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493890.919521000", - "frame.time_delta": "0.000586000", - "frame.time_delta_displayed": "0.000586000", - "frame.time_relative": "299.458835000", - "frame.number": "639", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x000093be", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000024a4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54514", - "tcp.port": "80", - "tcp.port": "54514", - "tcp.stream": "20", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000732b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003441000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:30.919874000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493890.919874000", - "frame.time_delta": "0.000353000", - "frame.time_delta_displayed": "0.000353000", - "frame.time_relative": "299.459188000", - "frame.number": "640", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x000093bf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000020d1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54514", - "tcp.port": "80", - "tcp.port": "54514", - "tcp.stream": "20", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000c594", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003441000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "639", - "tcp.segment": "640", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001423000", - "http.request_in": "637", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:30.921000000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493890.921000000", - "frame.time_delta": "0.001126000", - "frame.time_delta_displayed": "0.001126000", - "frame.time_relative": "299.460314000", - "frame.number": "641", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x000093c0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000020d0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54514", - "tcp.port": "80", - "tcp.port": "54514", - "tcp.stream": "20", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000c594", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003441000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.out_of_order": "", - "_ws.expert.message": "This frame is a (suspected) out-of-order segment", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - } - } - }, - "_ws.malformed": { - "_ws.expert": { - "_ws.malformed.reassembly": "", - "_ws.expert.message": "New fragment overlaps old data (retransmission?)", - "_ws.expert.severity": "8388608", - "_ws.expert.group": "117440512" - }, - "_ws.malformed": "Malformed Packet" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:30.923928000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493890.923928000", - "frame.time_delta": "0.002928000", - "frame.time_delta_displayed": "0.002928000", - "frame.time_relative": "299.463242000", - "frame.number": "642", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x000018ce", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f99", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54514", - "tcp.dstport": "80", - "tcp.port": "54514", - "tcp.port": "80", - "tcp.stream": "20", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000f68a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:05:0a:92:08:74:25:92:08:78:08", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "SACK: 18-1013": { - "tcp.option_kind": "5", - "tcp.option_len": "10", - "tcp.options.sack": "1", - "tcp.options.sack_le": "18", - "tcp.options.sack_re": "1013", - "tcp.options.sack.count": "1" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "640", - "tcp.analysis.ack_rtt": "0.004054000", - "tcp.analysis.initial_rtt": "0.003441000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:30.924496000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493890.924496000", - "frame.time_delta": "0.000568000", - "frame.time_delta_displayed": "0.000568000", - "frame.time_relative": "299.463810000", - "frame.number": "643", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000018cf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005fa4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54514", - "tcp.dstport": "80", - "tcp.port": "54514", - "tcp.port": "80", - "tcp.stream": "20", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00003ce0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:30.924933000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493890.924933000", - "frame.time_delta": "0.000437000", - "frame.time_delta_displayed": "0.000437000", - "frame.time_relative": "299.464247000", - "frame.number": "644", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e9f3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ce7f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54514", - "tcp.port": "80", - "tcp.port": "54514", - "tcp.stream": "20", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00002f14", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "643", - "tcp.analysis.ack_rtt": "0.000437000", - "tcp.analysis.initial_rtt": "0.003441000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:30.964185000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493890.964185000", - "frame.time_delta": "0.039252000", - "frame.time_delta_displayed": "0.039252000", - "frame.time_relative": "299.503499000", - "frame.number": "645", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000261f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009123", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "314", - "udp.checksum": "0x00000771", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "14", - "http.prev_response_in": "633" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:30.967507000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493890.967507000", - "frame.time_delta": "0.003322000", - "frame.time_delta_displayed": "0.003322000", - "frame.time_relative": "299.506821000", - "frame.number": "646", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x000018d0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f97", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54515", - "tcp.dstport": "80", - "tcp.port": "54515", - "tcp.port": "80", - "tcp.stream": "21", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x0000e292", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:30.968037000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493890.968037000", - "frame.time_delta": "0.000530000", - "frame.time_delta_displayed": "0.000530000", - "frame.time_relative": "299.507351000", - "frame.number": "647", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54515", - "tcp.port": "80", - "tcp.port": "54515", - "tcp.stream": "21", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00006d88", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "646", - "tcp.analysis.ack_rtt": "0.000530000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:30.970805000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493890.970805000", - "frame.time_delta": "0.002768000", - "frame.time_delta_displayed": "0.002768000", - "frame.time_relative": "299.510119000", - "frame.number": "648", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000018d1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005fa2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54515", - "tcp.dstport": "80", - "tcp.port": "54515", - "tcp.port": "80", - "tcp.stream": "21", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00001f67", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "647", - "tcp.analysis.ack_rtt": "0.002768000", - "tcp.analysis.initial_rtt": "0.003298000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:30.971392000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493890.971392000", - "frame.time_delta": "0.000587000", - "frame.time_delta_displayed": "0.000587000", - "frame.time_relative": "299.510706000", - "frame.number": "649", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x000018d2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005efa", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54515", - "tcp.dstport": "80", - "tcp.port": "54515", - "tcp.port": "80", - "tcp.stream": "21", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000034e0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003298000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:30.971889000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493890.971889000", - "frame.time_delta": "0.000497000", - "frame.time_delta_displayed": "0.000497000", - "frame.time_relative": "299.511203000", - "frame.number": "650", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001a0f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009e64", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54515", - "tcp.port": "80", - "tcp.port": "54515", - "tcp.stream": "21", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000010f8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "649", - "tcp.analysis.ack_rtt": "0.000497000", - "tcp.analysis.initial_rtt": "0.003298000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:30.972466000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493890.972466000", - "frame.time_delta": "0.000577000", - "frame.time_delta_displayed": "0.000577000", - "frame.time_relative": "299.511780000", - "frame.number": "651", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00001a10", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009e52", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54515", - "tcp.port": "80", - "tcp.port": "54515", - "tcp.stream": "21", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00005119", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003298000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:30.972815000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493890.972815000", - "frame.time_delta": "0.000349000", - "frame.time_delta_displayed": "0.000349000", - "frame.time_relative": "299.512129000", - "frame.number": "652", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00001a11", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009a7f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54515", - "tcp.port": "80", - "tcp.port": "54515", - "tcp.stream": "21", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000a382", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003298000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "651", - "tcp.segment": "652", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001423000", - "http.request_in": "649", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:30.974964000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493890.974964000", - "frame.time_delta": "0.002149000", - "frame.time_delta_displayed": "0.002149000", - "frame.time_relative": "299.514278000", - "frame.number": "653", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000018d3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005fa0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54515", - "tcp.dstport": "80", - "tcp.port": "54515", - "tcp.port": "80", - "tcp.stream": "21", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00001acf", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "652", - "tcp.analysis.ack_rtt": "0.002149000", - "tcp.analysis.initial_rtt": "0.003298000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:30.975636000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493890.975636000", - "frame.time_delta": "0.000672000", - "frame.time_delta_displayed": "0.000672000", - "frame.time_relative": "299.514950000", - "frame.number": "654", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000018d4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f9f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54515", - "tcp.dstport": "80", - "tcp.port": "54515", - "tcp.port": "80", - "tcp.stream": "21", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00001ace", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:30.976083000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493890.976083000", - "frame.time_delta": "0.000447000", - "frame.time_delta_displayed": "0.000447000", - "frame.time_relative": "299.515397000", - "frame.number": "655", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e9f6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ce7c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54515", - "tcp.port": "80", - "tcp.port": "54515", - "tcp.stream": "21", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00000d02", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "654", - "tcp.analysis.ack_rtt": "0.000447000", - "tcp.analysis.initial_rtt": "0.003298000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:31.017034000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493891.017034000", - "frame.time_delta": "0.040951000", - "frame.time_delta_displayed": "0.040951000", - "frame.time_relative": "299.556348000", - "frame.number": "656", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00002623", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009125", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "308", - "udp.checksum": "0x00002afb", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "15", - "http.prev_response_in": "645" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:31.026364000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493891.026364000", - "frame.time_delta": "0.009330000", - "frame.time_delta_displayed": "0.009330000", - "frame.time_relative": "299.565678000", - "frame.number": "657", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x000018d5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f92", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54516", - "tcp.dstport": "80", - "tcp.port": "54516", - "tcp.port": "80", - "tcp.stream": "22", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x0000dcb3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:31.026906000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493891.026906000", - "frame.time_delta": "0.000542000", - "frame.time_delta_displayed": "0.000542000", - "frame.time_relative": "299.566220000", - "frame.number": "658", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54516", - "tcp.port": "80", - "tcp.port": "54516", - "tcp.stream": "22", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000e80f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "657", - "tcp.analysis.ack_rtt": "0.000542000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:31.030539000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493891.030539000", - "frame.time_delta": "0.003633000", - "frame.time_delta_displayed": "0.003633000", - "frame.time_relative": "299.569853000", - "frame.number": "659", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000018d6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f9d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54516", - "tcp.dstport": "80", - "tcp.port": "54516", - "tcp.port": "80", - "tcp.stream": "22", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000099ee", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "658", - "tcp.analysis.ack_rtt": "0.003633000", - "tcp.analysis.initial_rtt": "0.004175000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:31.031218000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493891.031218000", - "frame.time_delta": "0.000679000", - "frame.time_delta_displayed": "0.000679000", - "frame.time_relative": "299.570532000", - "frame.number": "660", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x000018d7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005ef5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54516", - "tcp.dstport": "80", - "tcp.port": "54516", - "tcp.port": "80", - "tcp.stream": "22", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000af67", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004175000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:31.031715000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493891.031715000", - "frame.time_delta": "0.000497000", - "frame.time_delta_displayed": "0.000497000", - "frame.time_relative": "299.571029000", - "frame.number": "661", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d956", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000df1c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54516", - "tcp.port": "80", - "tcp.port": "54516", - "tcp.stream": "22", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00008b7f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "660", - "tcp.analysis.ack_rtt": "0.000497000", - "tcp.analysis.initial_rtt": "0.004175000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:31.032283000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493891.032283000", - "frame.time_delta": "0.000568000", - "frame.time_delta_displayed": "0.000568000", - "frame.time_relative": "299.571597000", - "frame.number": "662", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000d957", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000df0a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54516", - "tcp.port": "80", - "tcp.port": "54516", - "tcp.stream": "22", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000cba0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004175000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:31.032718000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493891.032718000", - "frame.time_delta": "0.000435000", - "frame.time_delta_displayed": "0.000435000", - "frame.time_relative": "299.572032000", - "frame.number": "663", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000d958", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000db37", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54516", - "tcp.port": "80", - "tcp.port": "54516", - "tcp.stream": "22", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00001e0a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004175000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "662", - "tcp.segment": "663", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001500000", - "http.request_in": "660", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:31.034938000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493891.034938000", - "frame.time_delta": "0.002220000", - "frame.time_delta_displayed": "0.002220000", - "frame.time_relative": "299.574252000", - "frame.number": "664", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000018d8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f9b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54516", - "tcp.dstport": "80", - "tcp.port": "54516", - "tcp.port": "80", - "tcp.stream": "22", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00009556", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "663", - "tcp.analysis.ack_rtt": "0.002220000", - "tcp.analysis.initial_rtt": "0.004175000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:31.036138000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493891.036138000", - "frame.time_delta": "0.001200000", - "frame.time_delta_displayed": "0.001200000", - "frame.time_relative": "299.575452000", - "frame.number": "665", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000018d9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f9a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54516", - "tcp.dstport": "80", - "tcp.port": "54516", - "tcp.port": "80", - "tcp.stream": "22", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00009555", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:31.036570000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493891.036570000", - "frame.time_delta": "0.000432000", - "frame.time_delta_displayed": "0.000432000", - "frame.time_relative": "299.575884000", - "frame.number": "666", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e9fa", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ce78", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54516", - "tcp.port": "80", - "tcp.port": "54516", - "tcp.stream": "22", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00008789", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "665", - "tcp.analysis.ack_rtt": "0.000432000", - "tcp.analysis.initial_rtt": "0.004175000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:31.964076000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493891.964076000", - "frame.time_delta": "0.927506000", - "frame.time_delta_displayed": "0.927506000", - "frame.time_relative": "300.503390000", - "frame.number": "667", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00002670", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000090db", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "305", - "udp.checksum": "0x0000f985", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "16", - "http.prev_response_in": "656" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:31.967371000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493891.967371000", - "frame.time_delta": "0.003295000", - "frame.time_delta_displayed": "0.003295000", - "frame.time_relative": "300.506685000", - "frame.number": "668", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x000018da", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f8d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54517", - "tcp.dstport": "80", - "tcp.port": "54517", - "tcp.port": "80", - "tcp.stream": "23", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x00000f82", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:31.967911000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493891.967911000", - "frame.time_delta": "0.000540000", - "frame.time_delta_displayed": "0.000540000", - "frame.time_relative": "300.507225000", - "frame.number": "669", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54517", - "tcp.port": "80", - "tcp.port": "54517", - "tcp.stream": "23", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00000a43", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "668", - "tcp.analysis.ack_rtt": "0.000540000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:31.973019000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493891.973019000", - "frame.time_delta": "0.005108000", - "frame.time_delta_displayed": "0.005108000", - "frame.time_relative": "300.512333000", - "frame.number": "670", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000018db", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f98", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54517", - "tcp.dstport": "80", - "tcp.port": "54517", - "tcp.port": "80", - "tcp.stream": "23", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000bc21", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "669", - "tcp.analysis.ack_rtt": "0.005108000", - "tcp.analysis.initial_rtt": "0.005648000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:31.973985000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493891.973985000", - "frame.time_delta": "0.000966000", - "frame.time_delta_displayed": "0.000966000", - "frame.time_relative": "300.513299000", - "frame.number": "671", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x000018dc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005ef0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54517", - "tcp.dstport": "80", - "tcp.port": "54517", - "tcp.port": "80", - "tcp.stream": "23", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000d19a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005648000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:31.974489000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493891.974489000", - "frame.time_delta": "0.000504000", - "frame.time_delta_displayed": "0.000504000", - "frame.time_relative": "300.513803000", - "frame.number": "672", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00007614", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000425f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54517", - "tcp.port": "80", - "tcp.port": "54517", - "tcp.stream": "23", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000adb2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "671", - "tcp.analysis.ack_rtt": "0.000504000", - "tcp.analysis.initial_rtt": "0.005648000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:31.975086000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493891.975086000", - "frame.time_delta": "0.000597000", - "frame.time_delta_displayed": "0.000597000", - "frame.time_relative": "300.514400000", - "frame.number": "673", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00007615", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000424d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54517", - "tcp.port": "80", - "tcp.port": "54517", - "tcp.stream": "23", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000edd3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005648000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:31.975440000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493891.975440000", - "frame.time_delta": "0.000354000", - "frame.time_delta_displayed": "0.000354000", - "frame.time_relative": "300.514754000", - "frame.number": "674", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00007616", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003e7a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54517", - "tcp.port": "80", - "tcp.port": "54517", - "tcp.stream": "23", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000403d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005648000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "673", - "tcp.segment": "674", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001455000", - "http.request_in": "671", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:31.982700000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493891.982700000", - "frame.time_delta": "0.007260000", - "frame.time_delta_displayed": "0.007260000", - "frame.time_relative": "300.522014000", - "frame.number": "675", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000018dd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f96", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54517", - "tcp.dstport": "80", - "tcp.port": "54517", - "tcp.port": "80", - "tcp.stream": "23", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000b789", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "674", - "tcp.analysis.ack_rtt": "0.007260000", - "tcp.analysis.initial_rtt": "0.005648000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:31.983322000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493891.983322000", - "frame.time_delta": "0.000622000", - "frame.time_delta_displayed": "0.000622000", - "frame.time_relative": "300.522636000", - "frame.number": "676", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000018de", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f95", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54517", - "tcp.dstport": "80", - "tcp.port": "54517", - "tcp.port": "80", - "tcp.stream": "23", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000b788", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:31.983758000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493891.983758000", - "frame.time_delta": "0.000436000", - "frame.time_delta_displayed": "0.000436000", - "frame.time_relative": "300.523072000", - "frame.number": "677", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000ea47", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ce2b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54517", - "tcp.port": "80", - "tcp.port": "54517", - "tcp.stream": "23", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000a9bc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "676", - "tcp.analysis.ack_rtt": "0.000436000", - "tcp.analysis.initial_rtt": "0.005648000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:32.017940000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493892.017940000", - "frame.time_delta": "0.034182000", - "frame.time_delta_displayed": "0.034182000", - "frame.time_relative": "300.557254000", - "frame.number": "678", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00002675", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000090cd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "314", - "udp.checksum": "0x00000771", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "17", - "http.prev_response_in": "667" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:32.034212000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493892.034212000", - "frame.time_delta": "0.016272000", - "frame.time_delta_displayed": "0.016272000", - "frame.time_relative": "300.573526000", - "frame.number": "679", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x000018df", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f88", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54518", - "tcp.dstport": "80", - "tcp.port": "54518", - "tcp.port": "80", - "tcp.stream": "24", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x00005bf1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:32.034758000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493892.034758000", - "frame.time_delta": "0.000546000", - "frame.time_delta_displayed": "0.000546000", - "frame.time_relative": "300.574072000", - "frame.number": "680", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54518", - "tcp.port": "80", - "tcp.port": "54518", - "tcp.stream": "24", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000a01f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "679", - "tcp.analysis.ack_rtt": "0.000546000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:32.037381000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493892.037381000", - "frame.time_delta": "0.002623000", - "frame.time_delta_displayed": "0.002623000", - "frame.time_relative": "300.576695000", - "frame.number": "681", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000018e0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f93", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54518", - "tcp.dstport": "80", - "tcp.port": "54518", - "tcp.port": "80", - "tcp.stream": "24", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000051fe", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "680", - "tcp.analysis.ack_rtt": "0.002623000", - "tcp.analysis.initial_rtt": "0.003169000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:32.038080000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493892.038080000", - "frame.time_delta": "0.000699000", - "frame.time_delta_displayed": "0.000699000", - "frame.time_relative": "300.577394000", - "frame.number": "682", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x000018e1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005eeb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54518", - "tcp.dstport": "80", - "tcp.port": "54518", - "tcp.port": "80", - "tcp.stream": "24", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00006777", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003169000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:32.038556000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493892.038556000", - "frame.time_delta": "0.000476000", - "frame.time_delta_displayed": "0.000476000", - "frame.time_relative": "300.577870000", - "frame.number": "683", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000068eb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004f88", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54518", - "tcp.port": "80", - "tcp.port": "54518", - "tcp.stream": "24", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000438f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "682", - "tcp.analysis.ack_rtt": "0.000476000", - "tcp.analysis.initial_rtt": "0.003169000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:32.039145000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493892.039145000", - "frame.time_delta": "0.000589000", - "frame.time_delta_displayed": "0.000589000", - "frame.time_relative": "300.578459000", - "frame.number": "684", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x000068ec", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004f76", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54518", - "tcp.port": "80", - "tcp.port": "54518", - "tcp.stream": "24", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000083b0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003169000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:32.039596000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493892.039596000", - "frame.time_delta": "0.000451000", - "frame.time_delta_displayed": "0.000451000", - "frame.time_relative": "300.578910000", - "frame.number": "685", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x000068ed", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004ba3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54518", - "tcp.port": "80", - "tcp.port": "54518", - "tcp.stream": "24", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000d619", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003169000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "684", - "tcp.segment": "685", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001516000", - "http.request_in": "682", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:32.041008000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493892.041008000", - "frame.time_delta": "0.001412000", - "frame.time_delta_displayed": "0.001412000", - "frame.time_relative": "300.580322000", - "frame.number": "686", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x000068ee", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004ba2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54518", - "tcp.port": "80", - "tcp.port": "54518", - "tcp.stream": "24", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000d619", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003169000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.out_of_order": "", - "_ws.expert.message": "This frame is a (suspected) out-of-order segment", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - } - } - }, - "_ws.malformed": { - "_ws.expert": { - "_ws.malformed.reassembly": "", - "_ws.expert.message": "New fragment overlaps old data (retransmission?)", - "_ws.expert.severity": "8388608", - "_ws.expert.group": "117440512" - }, - "_ws.malformed": "Malformed Packet" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:32.043335000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493892.043335000", - "frame.time_delta": "0.002327000", - "frame.time_delta_displayed": "0.002327000", - "frame.time_relative": "300.582649000", - "frame.number": "687", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000018e2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f91", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54518", - "tcp.dstport": "80", - "tcp.port": "54518", - "tcp.port": "80", - "tcp.stream": "24", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00004d66", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "685", - "tcp.analysis.ack_rtt": "0.003739000", - "tcp.analysis.initial_rtt": "0.003169000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:32.043930000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493892.043930000", - "frame.time_delta": "0.000595000", - "frame.time_delta_displayed": "0.000595000", - "frame.time_relative": "300.583244000", - "frame.number": "688", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000018e3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f90", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54518", - "tcp.dstport": "80", - "tcp.port": "54518", - "tcp.port": "80", - "tcp.stream": "24", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00004d65", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:32.044364000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493892.044364000", - "frame.time_delta": "0.000434000", - "frame.time_delta_displayed": "0.000434000", - "frame.time_relative": "300.583678000", - "frame.number": "689", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000ea4d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ce25", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54518", - "tcp.port": "80", - "tcp.port": "54518", - "tcp.stream": "24", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00003f99", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "688", - "tcp.analysis.ack_rtt": "0.000434000", - "tcp.analysis.initial_rtt": "0.003169000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:32.044645000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493892.044645000", - "frame.time_delta": "0.000281000", - "frame.time_delta_displayed": "0.000281000", - "frame.time_relative": "300.583959000", - "frame.number": "690", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x000018e4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f83", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54518", - "tcp.dstport": "80", - "tcp.port": "54518", - "tcp.port": "80", - "tcp.stream": "24", - "tcp.len": "0", - "tcp.seq": "169", - "tcp.ack": "1014", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000089fa", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:05:0a:c3:b4:81:03:c3:b4:84:e6", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "SACK: 18-1013": { - "tcp.option_kind": "5", - "tcp.option_len": "10", - "tcp.options.sack": "1", - "tcp.options.sack_le": "18", - "tcp.options.sack_re": "1013", - "tcp.options.sack.count": "1" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003169000", - "tcp.analysis.flags": { - "tcp.analysis.duplicate_ack": "" - }, - "tcp.analysis.duplicate_ack_num": "1", - "tcp.analysis.duplicate_ack_frame": "687", - "tcp.analysis.duplicate_ack_frame_tree": { - "_ws.expert": { - "tcp.analysis.duplicate_ack": "", - "_ws.expert.message": "Duplicate ACK (#1)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:32.071576000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493892.071576000", - "frame.time_delta": "0.026931000", - "frame.time_delta_displayed": "0.026931000", - "frame.time_relative": "300.610890000", - "frame.number": "691", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00002679", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000090cf", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "308", - "udp.checksum": "0x00002afb", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "18", - "http.prev_response_in": "678" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:32.075961000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493892.075961000", - "frame.time_delta": "0.004385000", - "frame.time_delta_displayed": "0.004385000", - "frame.time_relative": "300.615275000", - "frame.number": "692", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x000018e5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f82", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54519", - "tcp.dstport": "80", - "tcp.port": "54519", - "tcp.port": "80", - "tcp.stream": "25", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x00007cfb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:32.076519000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493892.076519000", - "frame.time_delta": "0.000558000", - "frame.time_delta_displayed": "0.000558000", - "frame.time_relative": "300.615833000", - "frame.number": "693", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54519", - "tcp.port": "80", - "tcp.port": "54519", - "tcp.stream": "25", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000bd8c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "692", - "tcp.analysis.ack_rtt": "0.000558000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:32.079110000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493892.079110000", - "frame.time_delta": "0.002591000", - "frame.time_delta_displayed": "0.002591000", - "frame.time_relative": "300.618424000", - "frame.number": "694", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000018e6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f8d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54519", - "tcp.dstport": "80", - "tcp.port": "54519", - "tcp.port": "80", - "tcp.stream": "25", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00006f6b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "693", - "tcp.analysis.ack_rtt": "0.002591000", - "tcp.analysis.initial_rtt": "0.003149000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:32.079807000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493892.079807000", - "frame.time_delta": "0.000697000", - "frame.time_delta_displayed": "0.000697000", - "frame.time_relative": "300.619121000", - "frame.number": "695", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x000018e7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005ee5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54519", - "tcp.dstport": "80", - "tcp.port": "54519", - "tcp.port": "80", - "tcp.stream": "25", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000084e4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003149000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:32.080300000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493892.080300000", - "frame.time_delta": "0.000493000", - "frame.time_delta_displayed": "0.000493000", - "frame.time_relative": "300.619614000", - "frame.number": "696", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000065d9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000529a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54519", - "tcp.port": "80", - "tcp.port": "54519", - "tcp.stream": "25", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000060fc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "695", - "tcp.analysis.ack_rtt": "0.000493000", - "tcp.analysis.initial_rtt": "0.003149000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:32.080915000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493892.080915000", - "frame.time_delta": "0.000615000", - "frame.time_delta_displayed": "0.000615000", - "frame.time_relative": "300.620229000", - "frame.number": "697", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x000065da", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005288", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54519", - "tcp.port": "80", - "tcp.port": "54519", - "tcp.stream": "25", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000a11d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003149000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:32.081275000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493892.081275000", - "frame.time_delta": "0.000360000", - "frame.time_delta_displayed": "0.000360000", - "frame.time_relative": "300.620589000", - "frame.number": "698", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x000065db", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004eb5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54519", - "tcp.port": "80", - "tcp.port": "54519", - "tcp.stream": "25", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000f386", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003149000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "697", - "tcp.segment": "698", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001468000", - "http.request_in": "695", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:32.085265000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493892.085265000", - "frame.time_delta": "0.003990000", - "frame.time_delta_displayed": "0.003990000", - "frame.time_relative": "300.624579000", - "frame.number": "699", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000018e8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f8b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54519", - "tcp.dstport": "80", - "tcp.port": "54519", - "tcp.port": "80", - "tcp.stream": "25", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00006ad3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "698", - "tcp.analysis.ack_rtt": "0.003990000", - "tcp.analysis.initial_rtt": "0.003149000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:32.086278000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493892.086278000", - "frame.time_delta": "0.001013000", - "frame.time_delta_displayed": "0.001013000", - "frame.time_relative": "300.625592000", - "frame.number": "700", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000018e9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f8a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54519", - "tcp.dstport": "80", - "tcp.port": "54519", - "tcp.port": "80", - "tcp.stream": "25", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00006ad2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:32.086739000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493892.086739000", - "frame.time_delta": "0.000461000", - "frame.time_delta_displayed": "0.000461000", - "frame.time_relative": "300.626053000", - "frame.number": "701", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000ea4f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ce23", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54519", - "tcp.port": "80", - "tcp.port": "54519", - "tcp.stream": "25", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00005d06", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "700", - "tcp.analysis.ack_rtt": "0.000461000", - "tcp.analysis.initial_rtt": "0.003149000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:34.970926000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493894.970926000", - "frame.time_delta": "2.884187000", - "frame.time_delta_displayed": "2.884187000", - "frame.time_relative": "303.510240000", - "frame.number": "702", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000057da", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a6b7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "81", - "tcp.ack": "73", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00000627", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive": "", - "_ws.expert.message": "TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:35.114367000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493895.114367000", - "frame.time_delta": "0.143441000", - "frame.time_delta_displayed": "0.143441000", - "frame.time_relative": "303.653681000", - "frame.number": "703", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000fcc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fdc5", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "73", - "tcp.ack": "82", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000109c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive_ack": "", - "_ws.expert.message": "ACK to a TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:35.565958000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493895.565958000", - "frame.time_delta": "0.451591000", - "frame.time_delta_displayed": "0.451591000", - "frame.time_relative": "304.105272000", - "frame.number": "704", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d26", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000baca", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00000f9f", - "udp.checksum.status": "2", - "udp.stream": "16" - }, - "mdns": { - "dns.id": "0x00000264", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=612", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:35.566401000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493895.566401000", - "frame.time_delta": "0.000443000", - "frame.time_delta_displayed": "0.000443000", - "frame.time_relative": "304.105715000", - "frame.number": "705", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d27", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009bc5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f09a", - "udp.checksum.status": "2", - "udp.stream": "17" - }, - "mdns": { - "dns.id": "0x00000264", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=612", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:35.566835000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493895.566835000", - "frame.time_delta": "0.000434000", - "frame.time_delta_displayed": "0.000434000", - "frame.time_relative": "304.106149000", - "frame.number": "706", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1319", - "udp.dstport": "5353", - "udp.port": "1319", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00007e60", - "udp.checksum.status": "2", - "udp.stream": "18" - }, - "mdns": { - "dns.id": "0x00000264", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=612", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:36.115936000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493896.115936000", - "frame.time_delta": "0.549101000", - "frame.time_delta_displayed": "0.549101000", - "frame.time_relative": "304.655250000", - "frame.number": "707", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005b5a", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x00005c8f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:36.687335000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493896.687335000", - "frame.time_delta": "0.571399000", - "frame.time_delta_displayed": "0.571399000", - "frame.time_relative": "305.226649000", - "frame.number": "708", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x000020d9", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e73b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "54789", - "udp.dstport": "1900", - "udp.port": "54789", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x00007458", - "udp.checksum.status": "2", - "udp.stream": "33" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:37.342115000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493897.342115000", - "frame.time_delta": "0.654780000", - "frame.time_delta_displayed": "0.654780000", - "frame.time_relative": "305.881429000", - "frame.number": "709", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000286c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008edf", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "54789", - "udp.port": "1900", - "udp.port": "54789", - "udp.length": "305", - "udp.checksum": "0x0000ef15", - "udp.checksum.status": "2", - "udp.stream": "34" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:37.394910000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493897.394910000", - "frame.time_delta": "0.052795000", - "frame.time_delta_displayed": "0.052795000", - "frame.time_relative": "305.934224000", - "frame.number": "710", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000286f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008ed3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "54789", - "udp.port": "1900", - "udp.port": "54789", - "udp.length": "314", - "udp.checksum": "0x0000fd00", - "udp.checksum.status": "2", - "udp.stream": "34" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "2", - "http.prev_response_in": "709" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:37.447768000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493897.447768000", - "frame.time_delta": "0.052858000", - "frame.time_delta_displayed": "0.052858000", - "frame.time_relative": "305.987082000", - "frame.number": "711", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00002871", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008ed7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "54789", - "udp.port": "1900", - "udp.port": "54789", - "udp.length": "308", - "udp.checksum": "0x0000208b", - "udp.checksum.status": "2", - "udp.stream": "34" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "3", - "http.prev_response_in": "710" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:37.688439000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493897.688439000", - "frame.time_delta": "0.240671000", - "frame.time_delta_displayed": "0.240671000", - "frame.time_relative": "306.227753000", - "frame.number": "712", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x000020da", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e73a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "54789", - "udp.dstport": "1900", - "udp.port": "54789", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x00007458", - "udp.checksum.status": "2", - "udp.stream": "33" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "2", - "http.prev_request_in": "708" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:38.395194000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493898.395194000", - "frame.time_delta": "0.706755000", - "frame.time_delta_displayed": "0.706755000", - "frame.time_relative": "306.934508000", - "frame.number": "713", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000288d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008ebe", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "54789", - "udp.port": "1900", - "udp.port": "54789", - "udp.length": "305", - "udp.checksum": "0x0000ef15", - "udp.checksum.status": "2", - "udp.stream": "34" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "4", - "http.prev_response_in": "711" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:38.447948000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493898.447948000", - "frame.time_delta": "0.052754000", - "frame.time_delta_displayed": "0.052754000", - "frame.time_relative": "306.987262000", - "frame.number": "714", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00002890", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008eb2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "54789", - "udp.port": "1900", - "udp.port": "54789", - "udp.length": "314", - "udp.checksum": "0x0000fd00", - "udp.checksum.status": "2", - "udp.stream": "34" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "5", - "http.prev_response_in": "713" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:38.500795000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493898.500795000", - "frame.time_delta": "0.052847000", - "frame.time_delta_displayed": "0.052847000", - "frame.time_relative": "307.040109000", - "frame.number": "715", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00002895", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008eb3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "54789", - "udp.port": "1900", - "udp.port": "54789", - "udp.length": "308", - "udp.checksum": "0x0000208b", - "udp.checksum.status": "2", - "udp.stream": "34" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "6", - "http.prev_response_in": "714" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:38.689932000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493898.689932000", - "frame.time_delta": "0.189137000", - "frame.time_delta_displayed": "0.189137000", - "frame.time_relative": "307.229246000", - "frame.number": "716", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x000020db", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e739", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "54789", - "udp.dstport": "1900", - "udp.port": "54789", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x00007458", - "udp.checksum.status": "2", - "udp.stream": "33" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "3", - "http.prev_request_in": "712" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:39.026907000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493899.026907000", - "frame.time_delta": "0.336975000", - "frame.time_delta_displayed": "0.336975000", - "frame.time_relative": "307.566221000", - "frame.number": "717", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x000028a2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008ea9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "54789", - "udp.port": "1900", - "udp.port": "54789", - "udp.length": "305", - "udp.checksum": "0x0000ef15", - "udp.checksum.status": "2", - "udp.stream": "34" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "7", - "http.prev_response_in": "715" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:39.079745000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493899.079745000", - "frame.time_delta": "0.052838000", - "frame.time_delta_displayed": "0.052838000", - "frame.time_relative": "307.619059000", - "frame.number": "718", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x000028a6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008e9c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "54789", - "udp.port": "1900", - "udp.port": "54789", - "udp.length": "314", - "udp.checksum": "0x0000fd00", - "udp.checksum.status": "2", - "udp.stream": "34" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "8", - "http.prev_response_in": "717" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:39.132606000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493899.132606000", - "frame.time_delta": "0.052861000", - "frame.time_delta_displayed": "0.052861000", - "frame.time_relative": "307.671920000", - "frame.number": "719", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x000028ac", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008e9c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "54789", - "udp.port": "1900", - "udp.port": "54789", - "udp.length": "308", - "udp.checksum": "0x0000208b", - "udp.checksum.status": "2", - "udp.stream": "34" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "9", - "http.prev_response_in": "718" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:39.690580000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493899.690580000", - "frame.time_delta": "0.557974000", - "frame.time_delta_displayed": "0.557974000", - "frame.time_relative": "308.229894000", - "frame.number": "720", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x000020dc", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e738", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "54789", - "udp.dstport": "1900", - "udp.port": "54789", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x00007458", - "udp.checksum.status": "2", - "udp.stream": "33" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "4", - "http.prev_request_in": "716" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:39.980841000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493899.980841000", - "frame.time_delta": "0.290261000", - "frame.time_delta_displayed": "0.290261000", - "frame.time_relative": "308.520155000", - "frame.number": "721", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "00:17:88:69:ee:e4", - "arp.src.proto_ipv4": "192.168.0.160", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:39.981023000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493899.981023000", - "frame.time_delta": "0.000182000", - "frame.time_delta_displayed": "0.000182000", - "frame.time_relative": "308.520337000", - "frame.number": "722", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:17:88:69:ee:e4", - "arp.dst.proto_ipv4": "192.168.0.160" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:40.079272000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493900.079272000", - "frame.time_delta": "0.098249000", - "frame.time_delta_displayed": "0.098249000", - "frame.time_relative": "308.618586000", - "frame.number": "723", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x000028fc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008e4f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "54789", - "udp.port": "1900", - "udp.port": "54789", - "udp.length": "305", - "udp.checksum": "0x0000ef15", - "udp.checksum.status": "2", - "udp.stream": "34" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "10", - "http.prev_response_in": "719" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:40.132076000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493900.132076000", - "frame.time_delta": "0.052804000", - "frame.time_delta_displayed": "0.052804000", - "frame.time_relative": "308.671390000", - "frame.number": "724", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00002900", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008e42", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "54789", - "udp.port": "1900", - "udp.port": "54789", - "udp.length": "314", - "udp.checksum": "0x0000fd00", - "udp.checksum.status": "2", - "udp.stream": "34" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "11", - "http.prev_response_in": "723" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:40.184822000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493900.184822000", - "frame.time_delta": "0.052746000", - "frame.time_delta_displayed": "0.052746000", - "frame.time_relative": "308.724136000", - "frame.number": "725", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00002903", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008e45", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "54789", - "udp.port": "1900", - "udp.port": "54789", - "udp.length": "308", - "udp.checksum": "0x0000208b", - "udp.checksum.status": "2", - "udp.stream": "34" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "12", - "http.prev_response_in": "724" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:40.395807000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493900.395807000", - "frame.time_delta": "0.210985000", - "frame.time_delta_displayed": "0.210985000", - "frame.time_relative": "308.935121000", - "frame.number": "726", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00002914", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008e37", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "54789", - "udp.port": "1900", - "udp.port": "54789", - "udp.length": "305", - "udp.checksum": "0x0000ef15", - "udp.checksum.status": "2", - "udp.stream": "34" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "13", - "http.prev_response_in": "725" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:40.448586000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493900.448586000", - "frame.time_delta": "0.052779000", - "frame.time_delta_displayed": "0.052779000", - "frame.time_relative": "308.987900000", - "frame.number": "727", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00002916", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008e2c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "54789", - "udp.port": "1900", - "udp.port": "54789", - "udp.length": "314", - "udp.checksum": "0x0000fd00", - "udp.checksum.status": "2", - "udp.stream": "34" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "14", - "http.prev_response_in": "726" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:40.501448000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493900.501448000", - "frame.time_delta": "0.052862000", - "frame.time_delta_displayed": "0.052862000", - "frame.time_relative": "309.040762000", - "frame.number": "728", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00002919", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008e2f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "54789", - "udp.port": "1900", - "udp.port": "54789", - "udp.length": "308", - "udp.checksum": "0x0000208b", - "udp.checksum.status": "2", - "udp.stream": "34" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "15", - "http.prev_response_in": "727" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:40.926995000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493900.926995000", - "frame.time_delta": "0.425547000", - "frame.time_delta_displayed": "0.425547000", - "frame.time_relative": "309.466309000", - "frame.number": "729", - "frame.len": "115", - "frame.cap_len": "115", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "101", - "ip.id": "0x00009509", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007845", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "49", - "tcp.seq": "4953", - "tcp.nxtseq": "5002", - "tcp.ack": "819", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000af17", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:29:cf:a7:9c:0b:41", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2435535, TSecr 2812021569": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2435535", - "tcp.options.timestamp.tsecr": "2812021569" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "49", - "tcp.analysis.push_bytes_sent": "49" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "44", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:a6:88:aa:e5:33:f2:3a:cf:8d:c7:89:63:3e:49:39:4c:2c:49:c3:ae:13:20:a4:3f:60:f1:3d:4d:18:7e:5f:8c:f5:51:a5:b2:03" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:40.987654000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493900.987654000", - "frame.time_delta": "0.060659000", - "frame.time_delta_displayed": "0.060659000", - "frame.time_relative": "309.526968000", - "frame.number": "730", - "frame.len": "121", - "frame.cap_len": "121", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "107", - "ip.id": "0x00002c01", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003947", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "55", - "tcp.seq": "819", - "tcp.nxtseq": "874", - "tcp.ack": "5002", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00000772", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9c:29:9b:00:25:29:cf", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812029339, TSecr 2435535": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812029339", - "tcp.options.timestamp.tsecr": "2435535" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "729", - "tcp.analysis.ack_rtt": "0.060659000", - "tcp.analysis.bytes_in_flight": "55", - "tcp.analysis.push_bytes_sent": "55" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "50", - "ssl.app_data": "34:cd:34:17:47:48:0e:3a:df:6c:32:3e:9b:e5:b2:70:cd:fe:62:57:42:20:99:4a:39:76:cf:89:15:dc:4a:f5:d3:d8:ab:ba:15:62:70:c0:65:f2:50:de:23:82:e7:50:59:96" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:40.988146000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493900.988146000", - "frame.time_delta": "0.000492000", - "frame.time_delta_displayed": "0.000492000", - "frame.time_relative": "309.527460000", - "frame.number": "731", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000950a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007875", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "5002", - "tcp.ack": "874", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00003d3d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:29:d5:a7:9c:29:9b", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2435541, TSecr 2812029339": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2435541", - "tcp.options.timestamp.tsecr": "2812029339" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "730", - "tcp.analysis.ack_rtt": "0.000492000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:41.447435000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493901.447435000", - "frame.time_delta": "0.459289000", - "frame.time_delta_displayed": "0.459289000", - "frame.time_relative": "309.986749000", - "frame.number": "732", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00002948", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008e03", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "54789", - "udp.port": "1900", - "udp.port": "54789", - "udp.length": "305", - "udp.checksum": "0x0000ef15", - "udp.checksum.status": "2", - "udp.stream": "34" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "16", - "http.prev_response_in": "728" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:41.500440000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493901.500440000", - "frame.time_delta": "0.053005000", - "frame.time_delta_displayed": "0.053005000", - "frame.time_relative": "310.039754000", - "frame.number": "733", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000294b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008df7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "54789", - "udp.port": "1900", - "udp.port": "54789", - "udp.length": "314", - "udp.checksum": "0x0000fd00", - "udp.checksum.status": "2", - "udp.stream": "34" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "17", - "http.prev_response_in": "732" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:41.553333000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493901.553333000", - "frame.time_delta": "0.052893000", - "frame.time_delta_displayed": "0.052893000", - "frame.time_relative": "310.092647000", - "frame.number": "734", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000294c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008dfc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "54789", - "udp.port": "1900", - "udp.port": "54789", - "udp.length": "308", - "udp.checksum": "0x0000208b", - "udp.checksum.status": "2", - "udp.stream": "34" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "18", - "http.prev_response_in": "733" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:42.132032000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493902.132032000", - "frame.time_delta": "0.578699000", - "frame.time_delta_displayed": "0.578699000", - "frame.time_relative": "310.671346000", - "frame.number": "735", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00002952", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008df9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "54789", - "udp.port": "1900", - "udp.port": "54789", - "udp.length": "305", - "udp.checksum": "0x0000ef15", - "udp.checksum.status": "2", - "udp.stream": "34" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "19", - "http.prev_response_in": "734" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:42.238498000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493902.238498000", - "frame.time_delta": "0.106466000", - "frame.time_delta_displayed": "0.106466000", - "frame.time_relative": "310.777812000", - "frame.number": "736", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00002955", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008ded", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "54789", - "udp.port": "1900", - "udp.port": "54789", - "udp.length": "314", - "udp.checksum": "0x0000fd00", - "udp.checksum.status": "2", - "udp.stream": "34" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "20", - "http.prev_response_in": "735" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:42.238513000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493902.238513000", - "frame.time_delta": "0.000015000", - "frame.time_delta_displayed": "0.000015000", - "frame.time_relative": "310.777827000", - "frame.number": "737", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00002958", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008df0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "54789", - "udp.port": "1900", - "udp.port": "54789", - "udp.length": "308", - "udp.checksum": "0x0000208b", - "udp.checksum.status": "2", - "udp.stream": "34" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "21", - "http.prev_response_in": "736" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:43.136813000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493903.136813000", - "frame.time_delta": "0.898300000", - "frame.time_delta_displayed": "0.898300000", - "frame.time_relative": "311.676127000", - "frame.number": "738", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00002987", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008dc4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "54789", - "udp.port": "1900", - "udp.port": "54789", - "udp.length": "305", - "udp.checksum": "0x0000ef15", - "udp.checksum.status": "2", - "udp.stream": "34" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "22", - "http.prev_response_in": "737" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:43.189603000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493903.189603000", - "frame.time_delta": "0.052790000", - "frame.time_delta_displayed": "0.052790000", - "frame.time_relative": "311.728917000", - "frame.number": "739", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000298c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008db6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "54789", - "udp.port": "1900", - "udp.port": "54789", - "udp.length": "314", - "udp.checksum": "0x0000fd00", - "udp.checksum.status": "2", - "udp.stream": "34" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "23", - "http.prev_response_in": "738" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:43.242411000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493903.242411000", - "frame.time_delta": "0.052808000", - "frame.time_delta_displayed": "0.052808000", - "frame.time_relative": "311.781725000", - "frame.number": "740", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00002992", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008db6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "54789", - "udp.port": "1900", - "udp.port": "54789", - "udp.length": "308", - "udp.checksum": "0x0000208b", - "udp.checksum.status": "2", - "udp.stream": "34" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "24", - "http.prev_response_in": "739" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:45.563826000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493905.563826000", - "frame.time_delta": "2.321415000", - "frame.time_delta_displayed": "2.321415000", - "frame.time_relative": "314.103140000", - "frame.number": "741", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d28", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000bac8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00000e9e", - "udp.checksum.status": "2", - "udp.stream": "16" - }, - "mdns": { - "dns.id": "0x00000265", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=613", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:45.564384000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493905.564384000", - "frame.time_delta": "0.000558000", - "frame.time_delta_displayed": "0.000558000", - "frame.time_relative": "314.103698000", - "frame.number": "742", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d29", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009bc3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000ef99", - "udp.checksum.status": "2", - "udp.stream": "17" - }, - "mdns": { - "dns.id": "0x00000265", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=613", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:45.564977000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493905.564977000", - "frame.time_delta": "0.000593000", - "frame.time_delta_displayed": "0.000593000", - "frame.time_relative": "314.104291000", - "frame.number": "743", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1319", - "udp.dstport": "5353", - "udp.port": "1319", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00007d5f", - "udp.checksum.status": "2", - "udp.stream": "18" - }, - "mdns": { - "dns.id": "0x00000265", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=613", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:45.990162000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493905.990162000", - "frame.time_delta": "0.425185000", - "frame.time_delta_displayed": "0.425185000", - "frame.time_relative": "314.529476000", - "frame.number": "744", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.242" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:45.990598000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493905.990598000", - "frame.time_delta": "0.000436000", - "frame.time_delta_displayed": "0.000436000", - "frame.time_relative": "314.529912000", - "frame.number": "745", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "d0:52:a8:a3:60:0f", - "arp.src.proto_ipv4": "192.168.0.242", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:50.564586000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493910.564586000", - "frame.time_delta": "4.573988000", - "frame.time_delta_displayed": "4.573988000", - "frame.time_relative": "319.103900000", - "frame.number": "746", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d2a", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000bac6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00000e9e", - "udp.checksum.status": "2", - "udp.stream": "16" - }, - "mdns": { - "dns.id": "0x00000265", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=613", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:50.565633000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493910.565633000", - "frame.time_delta": "0.001047000", - "frame.time_delta_displayed": "0.001047000", - "frame.time_relative": "319.104947000", - "frame.number": "747", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d2b", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009bc1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000ef99", - "udp.checksum.status": "2", - "udp.stream": "17" - }, - "mdns": { - "dns.id": "0x00000265", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=613", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:50.566034000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493910.566034000", - "frame.time_delta": "0.000401000", - "frame.time_delta_displayed": "0.000401000", - "frame.time_relative": "319.105348000", - "frame.number": "748", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1319", - "udp.dstport": "5353", - "udp.port": "1319", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00007d5f", - "udp.checksum.status": "2", - "udp.stream": "18" - }, - "mdns": { - "dns.id": "0x00000265", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=613", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:55.365061000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493915.365061000", - "frame.time_delta": "4.799027000", - "frame.time_delta_displayed": "4.799027000", - "frame.time_relative": "323.904375000", - "frame.number": "749", - "frame.len": "134", - "frame.cap_len": "134", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:adwin_config" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "120", - "ip.id": "0x00000a95", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000edf7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "100", - "udp.checksum": "0x00000d4b", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "adwin_config": { - "adwin_config.pattern": "0x5c000054", - "adwin_config.version": "1112689490", - "adwin_config.scan_id": "0xd073d502", - "adwin_config.status": "0x41da0000", - "adwin_config.timeout": "1279870552", - "adwin_config.filename": "V2", - "adwin_config.mac": "fc:de:8e:3a:f3:96", - "adwin_config.unused": "" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:55.418469000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493915.418469000", - "frame.time_delta": "0.053408000", - "frame.time_delta_displayed": "0.053408000", - "frame.time_relative": "323.957783000", - "frame.number": "750", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x000077a1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000051b6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:55.471570000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493915.471570000", - "frame.time_delta": "0.053101000", - "frame.time_delta_displayed": "0.053101000", - "frame.time_relative": "324.010884000", - "frame.number": "751", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x000077a4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000051b3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:55.524487000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493915.524487000", - "frame.time_delta": "0.052917000", - "frame.time_delta_displayed": "0.052917000", - "frame.time_relative": "324.063801000", - "frame.number": "752", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x000077a9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000051a5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:55.564365000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493915.564365000", - "frame.time_delta": "0.039878000", - "frame.time_delta_displayed": "0.039878000", - "frame.time_relative": "324.103679000", - "frame.number": "753", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d2c", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000bac4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00000e9e", - "udp.checksum.status": "2", - "udp.stream": "16" - }, - "mdns": { - "dns.id": "0x00000265", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=613", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:55.564926000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493915.564926000", - "frame.time_delta": "0.000561000", - "frame.time_delta_displayed": "0.000561000", - "frame.time_relative": "324.104240000", - "frame.number": "754", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d2d", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009bbf", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000ef99", - "udp.checksum.status": "2", - "udp.stream": "17" - }, - "mdns": { - "dns.id": "0x00000265", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=613", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:55.565514000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493915.565514000", - "frame.time_delta": "0.000588000", - "frame.time_delta_displayed": "0.000588000", - "frame.time_relative": "324.104828000", - "frame.number": "755", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1319", - "udp.dstport": "5353", - "udp.port": "1319", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00007d5f", - "udp.checksum.status": "2", - "udp.stream": "18" - }, - "mdns": { - "dns.id": "0x00000265", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=613", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:55.577408000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493915.577408000", - "frame.time_delta": "0.011894000", - "frame.time_delta_displayed": "0.011894000", - "frame.time_relative": "324.116722000", - "frame.number": "756", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x000077ae", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000051a0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:55.630339000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493915.630339000", - "frame.time_delta": "0.052931000", - "frame.time_delta_displayed": "0.052931000", - "frame.time_relative": "324.169653000", - "frame.number": "757", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x000077b3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000051a1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:51:55.683240000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493915.683240000", - "frame.time_delta": "0.052901000", - "frame.time_delta_displayed": "0.052901000", - "frame.time_relative": "324.222554000", - "frame.number": "758", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x000077b7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000519d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:01.841719000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493921.841719000", - "frame.time_delta": "6.158479000", - "frame.time_delta_displayed": "6.158479000", - "frame.time_relative": "330.381033000", - "frame.number": "759", - "frame.len": "20", - "frame.cap_len": "20", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:llc" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.len": "6" - }, - "llc": { - "llc.dsap": "0x00000000", - "llc.dsap_tree": { - "llc.dsap.sap": "0", - "llc.dsap.ig": "0" - }, - "llc.ssap": "0x00000001", - "llc.ssap_tree": { - "llc.ssap.sap": "0", - "llc.ssap.cr": "1" - }, - "llc.control": "0x000000af", - "llc.control_tree": { - "llc.control.u_modifier_resp": "0x0000002b", - "llc.control.ftype": "0x00000003" - } - }, - "basicxid": { - "basicxid.llc.xid.format": "0x00000081", - "basicxid.llc.xid.types": "0x00000001", - "basicxid.llc.xid.wsize": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:02.101543000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493922.101543000", - "frame.time_delta": "0.259824000", - "frame.time_delta_displayed": "0.259824000", - "frame.time_relative": "330.640857000", - "frame.number": "760", - "frame.len": "350", - "frame.cap_len": "350", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:bootp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "336", - "ip.id": "0x00000000", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ba9d", - "ip.checksum.status": "2", - "ip.src": "0.0.0.0", - "ip.addr": "0.0.0.0", - "ip.src_host": "0.0.0.0", - "ip.host": "0.0.0.0", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "68", - "udp.dstport": "67", - "udp.port": "68", - "udp.port": "67", - "udp.length": "316", - "udp.checksum": "0x00004f9e", - "udp.checksum.status": "2", - "udp.stream": "3" - }, - "bootp": { - "bootp.type": "1", - "bootp.hw.type": "0x00000001", - "bootp.hw.len": "6", - "bootp.hops": "0", - "bootp.id": "0xabcd0001", - "bootp.secs": "0", - "bootp.flags": "0x00000000", - "bootp.flags_tree": { - "bootp.flags.bc": "0", - "bootp.flags.reserved": "0x00000000" - }, - "bootp.ip.client": "0.0.0.0", - "bootp.ip.your": "0.0.0.0", - "bootp.ip.server": "0.0.0.0", - "bootp.ip.relay": "0.0.0.0", - "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", - "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", - "bootp.server": "", - "bootp.file": "", - "bootp.dhcp": "1", - "bootp.cookie": "99.130.83.99", - "bootp.option.type": "53", - "bootp.option.type_tree": { - "bootp.option.length": "1", - "bootp.option.value": "01", - "bootp.option.dhcp": "1" - }, - "bootp.option.type": "12", - "bootp.option.type_tree": { - "bootp.option.length": "14", - "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", - "bootp.option.hostname": "USR-WIFI232-G2" - }, - "bootp.option.type": "57", - "bootp.option.type_tree": { - "bootp.option.length": "2", - "bootp.option.value": "05:dc", - "bootp.option.dhcp_max_message_size": "1500" - }, - "bootp.option.type": "55", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "01:03:1c:06", - "bootp.option.request_list_item": "1", - "bootp.option.request_list_item": "3", - "bootp.option.request_list_item": "28", - "bootp.option.request_list_item": "6" - }, - "bootp.option.type": "0", - "bootp.option.type_tree": { - "bootp.option.end": "255" - }, - "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:02.125766000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493922.125766000", - "frame.time_delta": "0.024223000", - "frame.time_delta_displayed": "0.024223000", - "frame.time_relative": "330.665080000", - "frame.number": "761", - "frame.len": "350", - "frame.cap_len": "350", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:bootp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "336", - "ip.id": "0x00000001", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ba9c", - "ip.checksum.status": "2", - "ip.src": "0.0.0.0", - "ip.addr": "0.0.0.0", - "ip.src_host": "0.0.0.0", - "ip.host": "0.0.0.0", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "68", - "udp.dstport": "67", - "udp.port": "68", - "udp.port": "67", - "udp.length": "316", - "udp.checksum": "0x000080b3", - "udp.checksum.status": "2", - "udp.stream": "3" - }, - "bootp": { - "bootp.type": "1", - "bootp.hw.type": "0x00000001", - "bootp.hw.len": "6", - "bootp.hops": "0", - "bootp.id": "0xabcd0002", - "bootp.secs": "0", - "bootp.flags": "0x00000000", - "bootp.flags_tree": { - "bootp.flags.bc": "0", - "bootp.flags.reserved": "0x00000000" - }, - "bootp.ip.client": "0.0.0.0", - "bootp.ip.your": "0.0.0.0", - "bootp.ip.server": "0.0.0.0", - "bootp.ip.relay": "0.0.0.0", - "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", - "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", - "bootp.server": "", - "bootp.file": "", - "bootp.dhcp": "1", - "bootp.cookie": "99.130.83.99", - "bootp.option.type": "53", - "bootp.option.type_tree": { - "bootp.option.length": "1", - "bootp.option.value": "03", - "bootp.option.dhcp": "3" - }, - "bootp.option.type": "12", - "bootp.option.type_tree": { - "bootp.option.length": "14", - "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", - "bootp.option.hostname": "USR-WIFI232-G2" - }, - "bootp.option.type": "57", - "bootp.option.type_tree": { - "bootp.option.length": "2", - "bootp.option.value": "05:dc", - "bootp.option.dhcp_max_message_size": "1500" - }, - "bootp.option.type": "50", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "c0:a8:00:72", - "bootp.option.requested_ip_address": "192.168.0.114" - }, - "bootp.option.type": "54", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "c0:a8:00:01", - "bootp.option.dhcp_server_id": "192.168.0.1" - }, - "bootp.option.type": "55", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "01:03:1c:06", - "bootp.option.request_list_item": "1", - "bootp.option.request_list_item": "3", - "bootp.option.request_list_item": "28", - "bootp.option.request_list_item": "6" - }, - "bootp.option.type": "0", - "bootp.option.type_tree": { - "bootp.option.end": "255" - }, - "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:02.140397000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493922.140397000", - "frame.time_delta": "0.014631000", - "frame.time_delta_displayed": "0.014631000", - "frame.time_relative": "330.679711000", - "frame.number": "762", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", - "arp.src.proto_ipv4": "0.0.0.0", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.114" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:02.516280000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493922.516280000", - "frame.time_delta": "0.375883000", - "frame.time_delta_displayed": "0.375883000", - "frame.time_relative": "331.055594000", - "frame.number": "763", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", - "arp.src.proto_ipv4": "0.0.0.0", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.114" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:04.402484000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493924.402484000", - "frame.time_delta": "1.886204000", - "frame.time_delta_displayed": "1.886204000", - "frame.time_relative": "332.941798000", - "frame.number": "764", - "frame.len": "94", - "frame.cap_len": "94", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "80", - "ip.id": "0x000057db", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a68e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "40", - "tcp.seq": "82", - "tcp.nxtseq": "122", - "tcp.ack": "73", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000c935", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "40", - "tcp.analysis.push_bytes_sent": "40" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "35", - "ssl.app_data": "c1:4c:bc:6e:d4:4e:36:de:04:f5:9a:5f:5c:73:72:4d:36:4e:bd:d8:5f:57:47:31:94:1d:db:88:04:08:a4:1f:69:83:aa" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:04.545768000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493924.545768000", - "frame.time_delta": "0.143284000", - "frame.time_delta_displayed": "0.143284000", - "frame.time_relative": "333.085082000", - "frame.number": "765", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000fcd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fdc4", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "73", - "tcp.ack": "122", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00001074", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "764", - "tcp.analysis.ack_rtt": "0.143284000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:04.545855000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493924.545855000", - "frame.time_delta": "0.000087000", - "frame.time_delta_displayed": "0.000087000", - "frame.time_relative": "333.085169000", - "frame.number": "766", - "frame.len": "90", - "frame.cap_len": "90", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "76", - "ip.id": "0x00000fce", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fd9f", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "36", - "tcp.seq": "73", - "tcp.nxtseq": "109", - "tcp.ack": "122", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00009007", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "36", - "tcp.analysis.push_bytes_sent": "36" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "31", - "ssl.app_data": "54:26:79:5a:1e:3d:fa:64:a3:a5:2e:1f:a0:dd:48:a6:ae:f9:d7:1f:c2:d6:f7:8e:c6:4e:17:11:a3:fb:da" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:04.546293000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493924.546293000", - "frame.time_delta": "0.000438000", - "frame.time_delta_displayed": "0.000438000", - "frame.time_relative": "333.085607000", - "frame.number": "767", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000057dc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a6b5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "122", - "tcp.ack": "109", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000005da", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "766", - "tcp.analysis.ack_rtt": "0.000438000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:06.164504000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493926.164504000", - "frame.time_delta": "1.618211000", - "frame.time_delta_displayed": "1.618211000", - "frame.time_relative": "334.703818000", - "frame.number": "768", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005b61", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x00005c88", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:07.225698000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493927.225698000", - "frame.time_delta": "1.061194000", - "frame.time_delta_displayed": "1.061194000", - "frame.time_relative": "335.765012000", - "frame.number": "769", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", - "arp.src.proto_ipv4": "192.168.0.114", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:07.565780000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493927.565780000", - "frame.time_delta": "0.340082000", - "frame.time_delta_displayed": "0.340082000", - "frame.time_relative": "336.105094000", - "frame.number": "770", - "frame.len": "130", - "frame.cap_len": "130", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "116", - "ip.id": "0x00000a97", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000edf9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "96", - "udp.checksum": "0x0000e941", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:2a:84:dd:1c:8d:ba:cc:f2:14:6b:00:00:00:52:a0:21:21:33:33:34:21:00:00:00:00:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", - "data.len": "88" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:09.550183000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493929.550183000", - "frame.time_delta": "1.984403000", - "frame.time_delta_displayed": "1.984403000", - "frame.time_relative": "338.089497000", - "frame.number": "771", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.160" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:09.550580000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493929.550580000", - "frame.time_delta": "0.000397000", - "frame.time_delta_displayed": "0.000397000", - "frame.time_relative": "338.089894000", - "frame.number": "772", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "00:17:88:69:ee:e4", - "arp.src.proto_ipv4": "192.168.0.160", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:10.565242000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493930.565242000", - "frame.time_delta": "1.014662000", - "frame.time_delta_displayed": "1.014662000", - "frame.time_relative": "339.104556000", - "frame.number": "773", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d31", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000babf", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00000d9d", - "udp.checksum.status": "2", - "udp.stream": "16" - }, - "mdns": { - "dns.id": "0x00000266", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=614", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:10.565777000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493930.565777000", - "frame.time_delta": "0.000535000", - "frame.time_delta_displayed": "0.000535000", - "frame.time_relative": "339.105091000", - "frame.number": "774", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d32", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009bba", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000ee98", - "udp.checksum.status": "2", - "udp.stream": "17" - }, - "mdns": { - "dns.id": "0x00000266", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=614", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:10.566348000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493930.566348000", - "frame.time_delta": "0.000571000", - "frame.time_delta_displayed": "0.000571000", - "frame.time_relative": "339.105662000", - "frame.number": "775", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1319", - "udp.dstport": "5353", - "udp.port": "1319", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00007c5e", - "udp.checksum.status": "2", - "udp.stream": "18" - }, - "mdns": { - "dns.id": "0x00000266", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=614", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:12.006213000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493932.006213000", - "frame.time_delta": "1.439865000", - "frame.time_delta_displayed": "1.439865000", - "frame.time_relative": "340.545527000", - "frame.number": "776", - "frame.len": "115", - "frame.cap_len": "115", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "101", - "ip.id": "0x0000950b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007843", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "49", - "tcp.seq": "5002", - "tcp.nxtseq": "5051", - "tcp.ack": "874", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00008d2f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:35:f3:a7:9c:29:9b", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2438643, TSecr 2812029339": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2438643", - "tcp.options.timestamp.tsecr": "2812029339" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "49", - "tcp.analysis.push_bytes_sent": "49" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "44", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:a7:23:7f:07:7f:c2:15:c9:40:4c:fb:22:7c:ac:ed:0c:39:73:1d:3f:d6:24:09:41:9d:57:6e:77:da:d4:bd:b4:c0:0a:4f:3c:57" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:12.067179000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493932.067179000", - "frame.time_delta": "0.060966000", - "frame.time_delta_displayed": "0.060966000", - "frame.time_relative": "340.606493000", - "frame.number": "777", - "frame.len": "121", - "frame.cap_len": "121", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "107", - "ip.id": "0x00002c02", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003946", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "55", - "tcp.seq": "874", - "tcp.nxtseq": "929", - "tcp.ack": "5051", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000d7be", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9c:47:f5:00:25:35:f3", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812037109, TSecr 2438643": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812037109", - "tcp.options.timestamp.tsecr": "2438643" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "776", - "tcp.analysis.ack_rtt": "0.060966000", - "tcp.analysis.bytes_in_flight": "55", - "tcp.analysis.push_bytes_sent": "55" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "50", - "ssl.app_data": "34:cd:34:17:47:48:0e:3b:6e:66:99:d5:69:cd:de:94:d9:5c:be:85:cf:97:6d:5e:4c:81:e3:d4:a9:dc:f6:17:d3:50:99:4b:f4:82:b4:8d:6e:9c:8f:29:4a:bc:28:4d:47:49" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:12.067671000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493932.067671000", - "frame.time_delta": "0.000492000", - "frame.time_delta_displayed": "0.000492000", - "frame.time_relative": "340.606985000", - "frame.number": "778", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000950c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007873", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "5051", - "tcp.ack": "929", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00001257", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:35:f9:a7:9c:47:f5", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2438649, TSecr 2812037109": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2438649", - "tcp.options.timestamp.tsecr": "2812037109" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "777", - "tcp.analysis.ack_rtt": "0.000492000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:15.565325000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493935.565325000", - "frame.time_delta": "3.497654000", - "frame.time_delta_displayed": "3.497654000", - "frame.time_relative": "344.104639000", - "frame.number": "779", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d33", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000babd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00000d9d", - "udp.checksum.status": "2", - "udp.stream": "16" - }, - "mdns": { - "dns.id": "0x00000266", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=614", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:15.565943000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493935.565943000", - "frame.time_delta": "0.000618000", - "frame.time_delta_displayed": "0.000618000", - "frame.time_relative": "344.105257000", - "frame.number": "780", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d34", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009bb8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000ee98", - "udp.checksum.status": "2", - "udp.stream": "17" - }, - "mdns": { - "dns.id": "0x00000266", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=614", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:15.566475000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493935.566475000", - "frame.time_delta": "0.000532000", - "frame.time_delta_displayed": "0.000532000", - "frame.time_relative": "344.105789000", - "frame.number": "781", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1319", - "udp.dstport": "5353", - "udp.port": "1319", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00007c5e", - "udp.checksum.status": "2", - "udp.stream": "18" - }, - "mdns": { - "dns.id": "0x00000266", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=614", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:17.070218000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493937.070218000", - "frame.time_delta": "1.503743000", - "frame.time_delta_displayed": "1.503743000", - "frame.time_relative": "345.609532000", - "frame.number": "782", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.242" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:17.070650000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493937.070650000", - "frame.time_delta": "0.000432000", - "frame.time_delta_displayed": "0.000432000", - "frame.time_relative": "345.609964000", - "frame.number": "783", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "d0:52:a8:a3:60:0f", - "arp.src.proto_ipv4": "192.168.0.242", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:20.565803000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493940.565803000", - "frame.time_delta": "3.495153000", - "frame.time_delta_displayed": "3.495153000", - "frame.time_relative": "349.105117000", - "frame.number": "784", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d3a", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000bab6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00000d9d", - "udp.checksum.status": "2", - "udp.stream": "16" - }, - "mdns": { - "dns.id": "0x00000266", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=614", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:20.566358000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493940.566358000", - "frame.time_delta": "0.000555000", - "frame.time_delta_displayed": "0.000555000", - "frame.time_relative": "349.105672000", - "frame.number": "785", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d3b", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009bb1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000ee98", - "udp.checksum.status": "2", - "udp.stream": "17" - }, - "mdns": { - "dns.id": "0x00000266", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=614", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:20.566929000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493940.566929000", - "frame.time_delta": "0.000571000", - "frame.time_delta_displayed": "0.000571000", - "frame.time_relative": "349.106243000", - "frame.number": "786", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1319", - "udp.dstport": "5353", - "udp.port": "1319", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00007c5e", - "udp.checksum.status": "2", - "udp.stream": "18" - }, - "mdns": { - "dns.id": "0x00000266", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=614", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:21.534055000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493941.534055000", - "frame.time_delta": "0.967126000", - "frame.time_delta_displayed": "0.967126000", - "frame.time_relative": "350.073369000", - "frame.number": "787", - "frame.len": "318", - "frame.cap_len": "318", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:data-text-lines" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "304", - "ip.id": "0x00005471", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "47", - "ip.proto": "6", - "ip.checksum": "0x00003e59", - "ip.checksum.status": "2", - "ip.src": "54.241.191.236", - "ip.addr": "54.241.191.236", - "ip.src_host": "54.241.191.236", - "ip.host": "54.241.191.236", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.src_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.src_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.src_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49766", - "tcp.port": "80", - "tcp.port": "49766", - "tcp.stream": "9", - "tcp.len": "264", - "tcp.seq": "1", - "tcp.nxtseq": "265", - "tcp.ack": "258", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "30016", - "tcp.window_size": "30016", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00009722", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.016845000", - "tcp.analysis.bytes_in_flight": "264", - "tcp.analysis.push_bytes_sent": "264" - } - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.date": "Tue, 31 Oct 2017 23:52:21 GMT", - "http.response.line": "Date: Tue, 31 Oct 2017 23:52:21 GMT\r\n", - "http.content_type": "text\/javascript; charset=\"UTF-8\"", - "http.response.line": "Content-Type: text\/javascript; charset=\"UTF-8\"\r\n", - "http.content_length_header": "24", - "http.content_length_header_tree": { - "http.content_length": "24" - }, - "http.response.line": "Content-Length: 24\r\n", - "http.connection": "keep-alive", - "http.response.line": "Connection: keep-alive\r\n", - "http.cache_control": "no-cache", - "http.response.line": "Cache-Control: no-cache\r\n", - "http.response.line": "Access-Control-Allow-Origin: *\r\n", - "http.response.line": "Access-Control-Allow-Methods: GET\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "280.020846000", - "http.request_in": "173", - "http.file_data": "[[],\"15094933571306917\"]" - }, - "data-text-lines": { - "[[],\"15094933571306917\"]": "" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:21.567706000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493941.567706000", - "frame.time_delta": "0.033651000", - "frame.time_delta_displayed": "0.033651000", - "frame.time_relative": "350.107020000", - "frame.number": "788", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001012", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x0000f3bf", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.241.191.236", - "ip.addr": "54.241.191.236", - "ip.dst_host": "54.241.191.236", - "ip.host": "54.241.191.236", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49766", - "tcp.dstport": "80", - "tcp.port": "49766", - "tcp.port": "80", - "tcp.stream": "9", - "tcp.len": "0", - "tcp.seq": "258", - "tcp.ack": "265", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "5336", - "tcp.window_size": "5336", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000ee94", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "787", - "tcp.analysis.ack_rtt": "0.033651000", - "tcp.analysis.initial_rtt": "0.016845000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:21.579031000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493941.579031000", - "frame.time_delta": "0.011325000", - "frame.time_delta_displayed": "0.011325000", - "frame.time_relative": "350.118345000", - "frame.number": "789", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005472", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "47", - "ip.proto": "6", - "ip.checksum": "0x00003f60", - "ip.checksum.status": "2", - "ip.src": "54.241.191.236", - "ip.addr": "54.241.191.236", - "ip.src_host": "54.241.191.236", - "ip.host": "54.241.191.236", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.src_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.src_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.src_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49766", - "tcp.port": "80", - "tcp.port": "49766", - "tcp.stream": "9", - "tcp.len": "0", - "tcp.seq": "265", - "tcp.ack": "259", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "30016", - "tcp.window_size": "30016", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00008e2b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "788", - "tcp.analysis.ack_rtt": "0.011325000", - "tcp.analysis.initial_rtt": "0.016845000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:21.584793000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493941.584793000", - "frame.time_delta": "0.005762000", - "frame.time_delta_displayed": "0.005762000", - "frame.time_relative": "350.124107000", - "frame.number": "790", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001013", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x0000f3be", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.241.191.236", - "ip.addr": "54.241.191.236", - "ip.dst_host": "54.241.191.236", - "ip.host": "54.241.191.236", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49766", - "tcp.dstport": "80", - "tcp.port": "49766", - "tcp.port": "80", - "tcp.stream": "9", - "tcp.len": "0", - "tcp.seq": "259", - "tcp.ack": "266", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5335", - "tcp.window_size": "5335", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000ee94", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "789", - "tcp.analysis.ack_rtt": "0.005762000", - "tcp.analysis.initial_rtt": "0.016845000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:22.574109000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493942.574109000", - "frame.time_delta": "0.989316000", - "frame.time_delta_displayed": "0.989316000", - "frame.time_relative": "351.113423000", - "frame.number": "791", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "44", - "ip.id": "0x00001014", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x0000f3b9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.241.191.236", - "ip.addr": "54.241.191.236", - "ip.dst_host": "54.241.191.236", - "ip.host": "54.241.191.236", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49767", - "tcp.dstport": "80", - "tcp.port": "49767", - "tcp.port": "80", - "tcp.stream": "26", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "24", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "5600", - "tcp.window_size": "5600", - "tcp.checksum": "0x0000e10a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:78", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1400" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:22.587036000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493942.587036000", - "frame.time_delta": "0.012927000", - "frame.time_delta_displayed": "0.012927000", - "frame.time_relative": "351.126350000", - "frame.number": "792", - "frame.len": "58", - "frame.cap_len": "58", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "44", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "46", - "ip.proto": "6", - "ip.checksum": "0x000094ce", - "ip.checksum.status": "2", - "ip.src": "54.241.191.236", - "ip.addr": "54.241.191.236", - "ip.src_host": "54.241.191.236", - "ip.host": "54.241.191.236", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.src_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.src_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.src_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49767", - "tcp.port": "80", - "tcp.port": "49767", - "tcp.stream": "26", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "24", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000147e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "791", - "tcp.analysis.ack_rtt": "0.012927000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:22.592122000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493942.592122000", - "frame.time_delta": "0.005086000", - "frame.time_delta_displayed": "0.005086000", - "frame.time_relative": "351.131436000", - "frame.number": "793", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001015", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x0000f3bc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.241.191.236", - "ip.addr": "54.241.191.236", - "ip.dst_host": "54.241.191.236", - "ip.host": "54.241.191.236", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49767", - "tcp.dstport": "80", - "tcp.port": "49767", - "tcp.port": "80", - "tcp.stream": "26", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5600", - "tcp.window_size": "5600", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000886b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "792", - "tcp.analysis.ack_rtt": "0.005086000", - "tcp.analysis.initial_rtt": "0.018013000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:22.611405000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493942.611405000", - "frame.time_delta": "0.019283000", - "frame.time_delta_displayed": "0.019283000", - "frame.time_relative": "351.150719000", - "frame.number": "794", - "frame.len": "69", - "frame.cap_len": "69", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "55", - "ip.id": "0x00001016", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x0000f3ac", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.241.191.236", - "ip.addr": "54.241.191.236", - "ip.dst_host": "54.241.191.236", - "ip.host": "54.241.191.236", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49767", - "tcp.dstport": "80", - "tcp.port": "49767", - "tcp.port": "80", - "tcp.stream": "26", - "tcp.len": "15", - "tcp.seq": "1", - "tcp.nxtseq": "16", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5600", - "tcp.window_size": "5600", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000d0e6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.018013000", - "tcp.analysis.bytes_in_flight": "15", - "tcp.analysis.push_bytes_sent": "15" - }, - "tcp.segment_data": "47:45:54:20:2f:73:75:62:73:63:72:69:62:65:2f" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:22.623765000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493942.623765000", - "frame.time_delta": "0.012360000", - "frame.time_delta_displayed": "0.012360000", - "frame.time_relative": "351.163079000", - "frame.number": "795", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00008a05", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "46", - "ip.proto": "6", - "ip.checksum": "0x00000acd", - "ip.checksum.status": "2", - "ip.src": "54.241.191.236", - "ip.addr": "54.241.191.236", - "ip.src_host": "54.241.191.236", - "ip.host": "54.241.191.236", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.src_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.src_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.src_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49767", - "tcp.port": "80", - "tcp.port": "49767", - "tcp.stream": "26", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "16", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00002c2c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "794", - "tcp.analysis.ack_rtt": "0.012360000", - "tcp.analysis.initial_rtt": "0.018013000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:22.628942000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493942.628942000", - "frame.time_delta": "0.005177000", - "frame.time_delta_displayed": "0.005177000", - "frame.time_relative": "351.168256000", - "frame.number": "796", - "frame.len": "296", - "frame.cap_len": "296", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "282", - "ip.id": "0x00001017", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x0000f2c8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.241.191.236", - "ip.addr": "54.241.191.236", - "ip.dst_host": "54.241.191.236", - "ip.host": "54.241.191.236", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49767", - "tcp.dstport": "80", - "tcp.port": "49767", - "tcp.port": "80", - "tcp.stream": "26", - "tcp.len": "242", - "tcp.seq": "16", - "tcp.nxtseq": "258", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5600", - "tcp.window_size": "5600", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00001679", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.018013000", - "tcp.analysis.bytes_in_flight": "242", - "tcp.analysis.push_bytes_sent": "242" - }, - "tcp.segment_data": "73:75:62:2d:63:2d:62:35:62:35:65:61:61:65:2d:38:63:64:39:2d:31:31:65:33:2d:61:35:36:62:2d:30:32:65:65:32:64:64:61:62:37:66:65:2f:63:68:61:6e:6e:65:6c:5f:39:62:63:34:31:61:63:34:2d:37:39:61:36:2d:34:35:65:31:2d:39:37:64:32:2d:34:62:30:65:31:64:62:65:35:39:32:33:2f:30:2f:31:35:30:39:34:39:33:33:35:37:31:33:30:36:39:31:37:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:70:75:62:73:75:62:2e:70:75:62:6e:75:62:2e:63:6f:6d:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:6c:77:73:6f:63:6b:65:74:73:2f:30:2e:31:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:6b:65:65:70:2d:61:6c:69:76:65:0d:0a:43:61:63:68:65:2d:43:6f:6e:74:72:6f:6c:3a:20:6e:6f:2d:63:61:63:68:65:2c:20:6e:6f:2d:73:74:6f:72:65:2c:20:6d:61:78:2d:61:67:65:3d:30:0d:0a:0d:0a" - }, - "tcp.segments": { - "tcp.segment": "794", - "tcp.segment": "796", - "tcp.segment.count": "2", - "tcp.reassembled.length": "257", - "tcp.reassembled.data": "47:45:54:20:2f:73:75:62:73:63:72:69:62:65:2f:73:75:62:2d:63:2d:62:35:62:35:65:61:61:65:2d:38:63:64:39:2d:31:31:65:33:2d:61:35:36:62:2d:30:32:65:65:32:64:64:61:62:37:66:65:2f:63:68:61:6e:6e:65:6c:5f:39:62:63:34:31:61:63:34:2d:37:39:61:36:2d:34:35:65:31:2d:39:37:64:32:2d:34:62:30:65:31:64:62:65:35:39:32:33:2f:30:2f:31:35:30:39:34:39:33:33:35:37:31:33:30:36:39:31:37:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:70:75:62:73:75:62:2e:70:75:62:6e:75:62:2e:63:6f:6d:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:6c:77:73:6f:63:6b:65:74:73:2f:30:2e:31:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:6b:65:65:70:2d:61:6c:69:76:65:0d:0a:43:61:63:68:65:2d:43:6f:6e:74:72:6f:6c:3a:20:6e:6f:2d:63:61:63:68:65:2c:20:6e:6f:2d:73:74:6f:72:65:2c:20:6d:61:78:2d:61:67:65:3d:30:0d:0a:0d:0a" - }, - "http": { - "GET \/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094933571306917 HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094933571306917 HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094933571306917", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "pubsub.pubnub.com", - "http.request.line": "Host: pubsub.pubnub.com\r\n", - "http.user_agent": "lwsockets\/0.1", - "http.request.line": "User-Agent: lwsockets\/0.1\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.cache_control": "no-cache, no-store, max-age=0", - "http.request.line": "Cache-Control: no-cache, no-store, max-age=0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/pubsub.pubnub.com\/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094933571306917", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:22.643142000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493942.643142000", - "frame.time_delta": "0.014200000", - "frame.time_delta_displayed": "0.014200000", - "frame.time_relative": "351.182456000", - "frame.number": "797", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00008a06", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "46", - "ip.proto": "6", - "ip.checksum": "0x00000acc", - "ip.checksum.status": "2", - "ip.src": "54.241.191.236", - "ip.addr": "54.241.191.236", - "ip.src_host": "54.241.191.236", - "ip.host": "54.241.191.236", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.src_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.src_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.src_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49767", - "tcp.port": "80", - "tcp.port": "49767", - "tcp.stream": "26", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "258", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "30016", - "tcp.window_size": "30016", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000280a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "796", - "tcp.analysis.ack_rtt": "0.014200000", - "tcp.analysis.initial_rtt": "0.018013000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:26.091797000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493946.091797000", - "frame.time_delta": "3.448655000", - "frame.time_delta_displayed": "3.448655000", - "frame.time_relative": "354.631111000", - "frame.number": "798", - "frame.len": "264", - "frame.cap_len": "264", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "250", - "ip.id": "0x00002c03", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038b6", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "198", - "tcp.seq": "929", - "tcp.nxtseq": "1127", - "tcp.ack": "5051", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000575b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9c:55:a7:00:25:35:f9", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812040615, TSecr 2438649": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812040615", - "tcp.options.timestamp.tsecr": "2438649" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "198", - "tcp.analysis.push_bytes_sent": "198" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "193", - "ssl.app_data": "34:cd:34:17:47:48:0e:3c:ae:f9:fe:b9:80:08:84:d1:55:2c:4e:a1:c5:27:f3:26:ce:8a:36:77:20:83:4a:fc:f6:a0:e4:8f:b2:ee:5d:8d:b5:57:2f:f0:aa:ca:33:e7:50:18:ff:37:c9:f6:03:c7:91:b5:6e:64:ec:e3:e2:e2:a5:40:f6:ee:90:9d:6c:bc:c7:c3:3b:8e:0b:dc:c2:08:cc:b8:5c:ba:61:d7:a9:0b:59:de:64:8c:7f:89:3a:60:2d:22:63:70:72:15:24:46:1e:4c:9f:27:fb:39:99:07:d3:45:b7:06:5a:1e:89:41:de:4f:61:00:4e:cc:dd:59:da:29:ff:bd:6d:40:7b:a7:15:80:7f:a0:b1:fb:ba:e2:78:6d:a8:fc:41:41:c7:d0:a4:42:35:28:a6:56:2c:a6:d1:8a:85:1f:d8:71:f0:f5:10:36:78:29:54:90:f3:06:37:59:dc:d4:7c:30:cc:83:72:f7:f8:41:91:7f:82:1f:bc" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:26.092292000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493946.092292000", - "frame.time_delta": "0.000495000", - "frame.time_delta_displayed": "0.000495000", - "frame.time_relative": "354.631606000", - "frame.number": "799", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000950d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007872", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "5051", - "tcp.ack": "1127", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000fe64", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:3b:73:a7:9c:55:a7", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2440051, TSecr 2812040615": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2440051", - "tcp.options.timestamp.tsecr": "2812040615" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "798", - "tcp.analysis.ack_rtt": "0.000495000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:26.100063000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493946.100063000", - "frame.time_delta": "0.007771000", - "frame.time_delta_displayed": "0.007771000", - "frame.time_relative": "354.639377000", - "frame.number": "800", - "frame.len": "119", - "frame.cap_len": "119", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "105", - "ip.id": "0x0000950e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000783c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "53", - "tcp.seq": "5051", - "tcp.nxtseq": "5104", - "tcp.ack": "1127", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000562e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:3b:74:a7:9c:55:a7", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2440052, TSecr 2812040615": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2440052", - "tcp.options.timestamp.tsecr": "2812040615" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "53", - "tcp.analysis.push_bytes_sent": "53" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "48", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:a8:86:80:00:18:f4:1f:fd:4e:9d:81:9d:24:9d:16:62:0b:dc:fc:47:40:63:05:6e:68:ed:97:44:7d:c9:eb:8d:79:35:64:c8:4a:05:52:a5:03" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:26.198301000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493946.198301000", - "frame.time_delta": "0.098238000", - "frame.time_delta_displayed": "0.098238000", - "frame.time_relative": "354.737615000", - "frame.number": "801", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c04", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000397b", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "1127", - "tcp.ack": "5104", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000ff02", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9c:55:c2:00:25:3b:74", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812040642, TSecr 2440052": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812040642", - "tcp.options.timestamp.tsecr": "2440052" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "800", - "tcp.analysis.ack_rtt": "0.098238000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:26.198922000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493946.198922000", - "frame.time_delta": "0.000621000", - "frame.time_delta_displayed": "0.000621000", - "frame.time_relative": "354.738236000", - "frame.number": "802", - "frame.len": "1442", - "frame.cap_len": "1442", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1428", - "ip.id": "0x0000950f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007310", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "1376", - "tcp.seq": "5104", - "tcp.nxtseq": "6480", - "tcp.ack": "1127", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000023bd", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:3b:7e:a7:9c:55:c2", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2440062, TSecr 2812040642": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2440062", - "tcp.options.timestamp.tsecr": "2812040642" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "1376", - "tcp.analysis.push_bytes_sent": "1376" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:a9:3e:fb:e9:c1:bf:d0:df:49:38:73:38:46:34:99:d5:8f:ed:05:e9:e6:31:2c:31:4b:a5:a7:6b:8d:13:56:5a:cd:20:5d:5d:7c:f7:12:97:7a:61" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "96", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:aa:c2:6a:79:6a:64:d5:a4:e6:09:fc:21:11:61:b0:e5:7e:42:d3:f7:79:c1:50:96:58:23:6b:4e:7e:c3:35:37:56:f2:fe:9b:d4:76:72:82:1e:b9:ca:82:72:62:1c:a0:64:7e:72:2b:df:8e:79:10:5b:d3:74:d4:ce:2c:70:36:af:a0:0c:24:b5:bd:96:df:13:9d:70:18:2c:fa:1b:be:04:4b:83:6a:7a:8a:90:c1:de" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "1078", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:ab:50:3f:bf:ed:cb:4d:04:e9:dd:ea:9a:f8:7c:e9:82:63:ad:b5:c0:5d:05:2d:fe:c5:31:a4:14:7f:61:18:39:7d:36:79:b3:2d:27:c6:7f:70:be:44:32:ca:d8:31:83:90:a2:b1:a6:f6:b6:6d:2a:a2:31:9a:d4:ec:b2:79:89:f9:50:d6:ba:d2:cd:1c:d8:de:05:4b:2c:b6:f5:17:7e:fc:70:87:cd:7b:bc:12:8e:91:f8:05:87:0e:30:e1:cd:dd:12:2c:66:9c:3d:e7:2b:b7:21:88:c6:26:96:19:40:eb:d8:a3:1c:f6:ef:21:42:4f:9f:36:db:71:48:c0:5e:ef:93:38:91:09:87:13:b5:8e:00:14:6c:7f:8a:32:ec:92:3b:fd:d0:15:86:d1:73:2d:1c:a4:40:87:b9:ff:33:e4:cf:55:ef:f0:a6:6f:a1:96:13:aa:99:22:12:17:fa:59:f4:30:29:29:2e:87:b5:c2:c6:af:2e:87:2c:16:7b:e7:e3:91:5d:d5:a0:95:fc:ed:bc:ca:16:66:7a:c7:78:61:c4:cd:2c:68:d0:26:22:43:8e:d2:98:04:83:4a:78:08:3f:e5:8e:5c:38:e2:d9:fc:df:99:78:82:eb:68:b7:5e:63:94:81:95:23:17:d3:0e:7e:51:1f:44:cf:73:26:ba:3e:c9:7e:73:81:6c:88:b9:3c:4d:f3:c5:30:3f:54:bb:d1:8a:e8:f0:93:01:b5:ab:e7:25:9a:6f:c3:93:92:4e:6a:7e:29:f8:57:07:b8:08:64:30:f9:36:85:69:81:75:89:6f:21:31:0b:ff:4c:3f:41:b8:31:bb:13:cd:46:c1:c8:78:2d:4c:60:d1:a9:8c:da:f5:86:ae:88:74:c9:5e:1c:02:31:93:5d:f9:4d:4b:15:54:90:a0:7b:51:a5:f8:c3:63:e3:83:44:12:35:01:a2:a3:ef:39:38:c9:d1:15:fe:cc:32:a2:b2:7c:68:86:1b:d8:fa:e3:cd:75:25:3f:69:1c:4c:cd:3f:87:59:f8:c1:e2:9e:bc:41:90:76:2e:80:2c:e2:cd:02:ed:b0:40:0c:06:92:c4:34:bd:23:6e:fb:a5:2e:30:87:f4:f5:fe:57:8c:6c:e4:46:7b:cc:95:15:59:f8:f5:51:4b:23:b2:73:b6:2d:ec:6a:2d:60:31:4a:9f:80:4c:e8:f9:6d:06:5d:4b:be:16:68:4c:78:8a:59:2a:63:26:e7:59:c2:9b:b7:08:83:ed:b7:e6:9d:5e:b1:7b:76:1d:a8:54:62:1b:bc:43:3f:70:bd:5c:e4:96:b0:bc:03:14:d5:a6:69:35:7b:32:1c:a5:8f:d9:b4:5f:d3:35:4b:dc:25:95:c3:0f:62:bc:a5:ef:b4:19:35:4e:bc:ff:df:10:e1:18:2c:06:e4:36:10:b1:2c:34:9f:d9:1f:3b:3b:57:c3:b1:47:08:42:e2:fc:5a:77:0e:12:c6:14:8d:f8:e0:49:6d:39:a2:8b:30:88:1f:16:11:04:6a:3d:d5:f5:eb:95:73:74:38:30:89:2f:0d:61:5a:26:7f:53:18:45:e2:4f:8e:d8:fe:3b:c0:46:8c:97:ca:41:42:32:3b:fd:cc:c6:ca:e7:c2:fa:55:96:e1:0e:77:0c:45:22:5e:b2:cb:45:cc:2c:7d:04:d2:fc:7f:e4:dc:7e:2e:65:b9:17:53:e0:db:6a:16:5c:27:39:91:3d:45:84:27:b9:fe:67:cc:33:e0:03:41:3e:c7:9b:b9:41:87:67:a2:64:a5:25:ee:76:d2:16:7f:d3:c7:52:12:b5:76:2e:17:4c:74:0a:1f:7c:f9:4a:b3:c3:99:28:81:a8:77:20:4f:07:59:49:3e:09:ad:ff:18:fe:c1:cc:ca:8e:2c:4f:93:f4:b1:ca:bc:d0:9b:8a:80:07:7c:12:09:45:11:9a:eb:51:5e:ba:0b:94:ec:c2:64:e4:ae:2e:35:27:6f:5d:07:99:89:2f:8c:4d:e7:7a:91:47:5b:89:4a:49:29:e4:43:d6:48:31:92:35:cc:e8:6f:e7:3a:08:59:7a:55:55:45:59:04:00:79:34:da:6f:8a:09:9f:a5:fd:ad:2d:22:c4:37:12:58:30:7c:72:cb:fd:b7:9b:e7:a6:dc:df:73:b8:2d:6f:c1:df:19:4e:34:9d:e4:8e:45:8f:8b:41:eb:58:bd:15:eb:e1:3e:09:ad:f5:f9:56:34:43:8f:fc:4a:ce:7a:ae:03:55:97:a0:af:35:48:8f:16:82:6f:64:b7:20:43:b2:18:ef:1e:1d:f0:fe:75:f1:68:09:6d:2a:fb:38:f6:39:74:3c:b8:9d:25:a1:37:6c:25:7e:1f:89:a5:f2:fe:cf:f4:c0:d8:00:a6:72:7a:f1:f7:10:50:ed:6c:fc:d8:1f:7b:06:b9:a2:80:d2:10:21:fb:69:ba:36:c4:72:8a:37:27:8f:e0:6c:90:49:6f:48:ff:25:19:fb:66:f6:6c:73:71:5c:f4:97:f4:4d:d4:43:6c:37:c0:0f:30:9b:96:0b:4f:de:6f:8d:6c:3d:2e:d1:ac:05:8f:26:55:c6:aa:01:79:85:e1:40:68:16:93:04:9c:ac:ae:23:92:ba:97:65:4d:b7:d2:35:4d:59:a4:3e:17:d0:33:d9:ad:05:93:4c:92:25:3b:61:3e:e6:26:8d:65:35:92:b0:23:d6:df:dd:6b:f7:8f:aa:e3:b6:bd:26:40:1b:b5:26:54:ab:35:61:98:c8:42:dd:c2:bc:09:1b:86:3f:35:bf:93:aa:04:d6:74:76:07:87:dd:7e:90:6f:ad:c1:93:f7" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "133", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:ac:b0:0c:f9:f6:b8:c2:63:89:00:71:6a:3e:3e:d1:63:0e:8e:5a:af:c5:62:c8:10:60:49:9f:f2:41:18:90:da:d3:7f:79:15:2b:21:f7:d6:d3:de:93:8f:86:fc:a1:fb:7d:26:78:b2:a5:5f:53:62:f0:f0:e4:f3:12:71:a6:0f:07:9c:c3:61:22:7e:a4:96:dd:9f:68:4f:53:1d:e5:c0:dc:cb:73:b8:86:0d:29:83:e6:c6:79:19:bd:d5:12:a1:49:fd:20:f7:b5:31:fa:ce:2c:c1:bd:a2:b0:93:20:1f:48:8f:f1:1a:11:de:73:b8:e6:d8:87:e1:be:07" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:26.259105000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493946.259105000", - "frame.time_delta": "0.060183000", - "frame.time_delta_displayed": "0.060183000", - "frame.time_relative": "354.798419000", - "frame.number": "803", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c05", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000397a", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "1127", - "tcp.ack": "6480", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f989", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9c:55:d1:00:25:3b:7e", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812040657, TSecr 2440062": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812040657", - "tcp.options.timestamp.tsecr": "2440062" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "802", - "tcp.analysis.ack_rtt": "0.060183000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:26.514695000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493946.514695000", - "frame.time_delta": "0.255590000", - "frame.time_delta_displayed": "0.255590000", - "frame.time_relative": "355.054009000", - "frame.number": "804", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "106", - "ip.id": "0x00009510", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007839", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "54", - "tcp.seq": "6480", - "tcp.nxtseq": "6534", - "tcp.ack": "1127", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00001b89", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:3b:9e:a7:9c:55:d1", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2440094, TSecr 2812040657": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2440094", - "tcp.options.timestamp.tsecr": "2812040657" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "54", - "tcp.analysis.push_bytes_sent": "54" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:ad:fc:85:23:72:ef:8f:d0:c9:8b:de:d2:64:fd:92:52:65:39:d7:68:17:4b:fe:59:c6:6d:1e:c7:78:70:8e:2c:e2:9a:1f:3d:68:1a:4f:4a:08:b0" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:26.540911000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493946.540911000", - "frame.time_delta": "0.026216000", - "frame.time_delta_displayed": "0.026216000", - "frame.time_relative": "355.080225000", - "frame.number": "805", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.120" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:26.546881000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493946.546881000", - "frame.time_delta": "0.005970000", - "frame.time_delta_displayed": "0.005970000", - "frame.time_relative": "355.086195000", - "frame.number": "806", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "e4:95:6e:b0:20:39", - "arp.src.proto_ipv4": "192.168.0.120", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:26.574878000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493946.574878000", - "frame.time_delta": "0.027997000", - "frame.time_delta_displayed": "0.027997000", - "frame.time_relative": "355.114192000", - "frame.number": "807", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c06", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003979", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "1127", - "tcp.ack": "6534", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f8e4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9c:56:20:00:25:3b:9e", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812040736, TSecr 2440094": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812040736", - "tcp.options.timestamp.tsecr": "2440094" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "804", - "tcp.analysis.ack_rtt": "0.060183000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:28.854733000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493948.854733000", - "frame.time_delta": "2.279855000", - "frame.time_delta_displayed": "2.279855000", - "frame.time_relative": "357.394047000", - "frame.number": "808", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "3c:ef:8c:6f:79:5a", - "eth.src_tree": { - "eth.src_resolved": "Zhejiang_6f:79:5a", - "eth.addr": "3c:ef:8c:6f:79:5a", - "eth.addr_resolved": "Zhejiang_6f:79:5a", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.isgratuitous": "1", - "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", - "arp.src.proto_ipv4": "192.168.0.71", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.71" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:30.286774000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493950.286774000", - "frame.time_delta": "1.432041000", - "frame.time_delta_displayed": "1.432041000", - "frame.time_relative": "358.826088000", - "frame.number": "809", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "60:57:18:8e:aa:94", - "arp.src.proto_ipv4": "192.168.0.108", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:34.580847000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493954.580847000", - "frame.time_delta": "4.294073000", - "frame.time_delta_displayed": "4.294073000", - "frame.time_relative": "363.120161000", - "frame.number": "810", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000057dd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a6b4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "121", - "tcp.ack": "109", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000005db", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive": "", - "_ws.expert.message": "TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:34.723944000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493954.723944000", - "frame.time_delta": "0.143097000", - "frame.time_delta_displayed": "0.143097000", - "frame.time_relative": "363.263258000", - "frame.number": "811", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000fcf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fdc2", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "109", - "tcp.ack": "122", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00001050", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive_ack": "", - "_ws.expert.message": "ACK to a TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:35.824404000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493955.824404000", - "frame.time_delta": "1.100460000", - "frame.time_delta_displayed": "1.100460000", - "frame.time_relative": "364.363718000", - "frame.number": "812", - "frame.len": "412", - "frame.cap_len": "412", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "398", - "ip.id": "0x00009511", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007714", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "346", - "tcp.seq": "6534", - "tcp.nxtseq": "6880", - "tcp.ack": "1127", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00009feb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:3f:41:a7:9c:56:20", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2441025, TSecr 2812040736": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2441025", - "tcp.options.timestamp.tsecr": "2812040736" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "346", - "tcp.analysis.push_bytes_sent": "346" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "341", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:ae:d4:2b:32:d4:ac:2e:d4:9a:b1:8e:74:06:5f:65:48:d1:03:0e:51:aa:16:05:04:34:a4:63:d9:21:b0:70:b0:96:45:8a:6b:c7:70:a0:28:b8:21:a8:3f:99:0c:e4:1b:da:d5:2f:2d:c2:90:75:dc:ef:22:b4:38:63:73:72:95:86:0e:54:a6:ad:e4:06:85:ca:7c:f4:d4:1f:af:f9:90:1a:ff:dc:fe:4d:e1:8f:21:f5:77:b7:d5:31:68:5d:2a:85:ff:2c:4c:3b:ec:d5:ba:8d:1f:e1:6e:ce:d9:f6:1f:5b:44:9e:be:e2:fb:c7:01:11:2d:06:9f:01:25:a3:66:88:c4:69:7c:98:9b:89:d6:a4:5d:d7:a8:11:ca:57:1b:6f:5c:21:6c:e8:5a:35:2d:2b:d3:c7:fc:40:ca:e3:88:80:c7:6b:2b:7e:8b:98:aa:c6:0b:ce:5a:f3:05:e8:53:88:04:14:f6:2e:9c:c3:36:01:5c:42:94:82:f2:68:67:a9:7f:68:08:3e:bb:93:04:d6:76:2e:e8:59:8c:f6:e6:46:9f:23:39:b1:f0:5b:a4:bb:6d:fb:2c:30:2f:43:85:6b:ac:13:0a:68:ab:f1:3c:93:46:b3:23:3c:79:3e:88:74:0e:06:23:a3:60:79:6b:f3:f4:45:b5:da:cc:5a:9b:d6:1b:d5:f4:85:45:e9:83:fd:32:89:c4:d3:85:70:9b:89:16:6d:85:dd:3d:81:6a:2e:01:e6:8c:d6:a5:3f:b3:f2:c7:3f:4d:84:93:8d:6c:c1:78:2c:09:0f:19:0a:4c:e7:3a:1f:87:cb:6d:7e:e2:7b:e5:8e:e5:4d:7b:34:c4:d9:93:be:5e:d1:ec:2c:2a:f4:85:0d:ce:76:99" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:35.884637000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493955.884637000", - "frame.time_delta": "0.060233000", - "frame.time_delta_displayed": "0.060233000", - "frame.time_relative": "364.423951000", - "frame.number": "813", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c07", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003978", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "1127", - "tcp.ack": "6880", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000ead0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9c:5f:37:00:25:3f:41", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812043063, TSecr 2441025": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812043063", - "tcp.options.timestamp.tsecr": "2441025" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "812", - "tcp.analysis.ack_rtt": "0.060233000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:35.885594000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493955.885594000", - "frame.time_delta": "0.000957000", - "frame.time_delta_displayed": "0.000957000", - "frame.time_relative": "364.424908000", - "frame.number": "814", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002c08", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003948", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "1127", - "tcp.nxtseq": "1174", - "tcp.ack": "6880", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000bdd2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9c:5f:37:00:25:3f:41", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812043063, TSecr 2441025": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812043063", - "tcp.options.timestamp.tsecr": "2441025" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:3d:53:55:5a:34:0b:fb:01:cd:0d:6b:87:d9:fc:7e:99:7f:80:21:04:00:43:9d:67:71:d0:08:4c:6d:39:7f:01:bf:98:05" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:35.924070000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493955.924070000", - "frame.time_delta": "0.038476000", - "frame.time_delta_displayed": "0.038476000", - "frame.time_relative": "364.463384000", - "frame.number": "815", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00009512", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000786d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "6880", - "tcp.ack": "1174", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000e9a8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:3f:4b:a7:9c:5f:37", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2441035, TSecr 2812043063": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2441035", - "tcp.options.timestamp.tsecr": "2812043063" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "814", - "tcp.analysis.ack_rtt": "0.038476000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:36.167164000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493956.167164000", - "frame.time_delta": "0.243094000", - "frame.time_delta_displayed": "0.243094000", - "frame.time_relative": "364.706478000", - "frame.number": "816", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005b68", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x00005c81", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:39.590889000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493959.590889000", - "frame.time_delta": "3.423725000", - "frame.time_delta_displayed": "3.423725000", - "frame.time_relative": "368.130203000", - "frame.number": "817", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "00:17:88:69:ee:e4", - "arp.src.proto_ipv4": "192.168.0.160", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:39.591073000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493959.591073000", - "frame.time_delta": "0.000184000", - "frame.time_delta_displayed": "0.000184000", - "frame.time_relative": "368.130387000", - "frame.number": "818", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:17:88:69:ee:e4", - "arp.dst.proto_ipv4": "192.168.0.160" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:40.214797000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493960.214797000", - "frame.time_delta": "0.623724000", - "frame.time_delta_displayed": "0.623724000", - "frame.time_relative": "368.754111000", - "frame.number": "819", - "frame.len": "134", - "frame.cap_len": "134", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:adwin_config" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "120", - "ip.id": "0x00000a9a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000edf2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "100", - "udp.checksum": "0x00000814", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "adwin_config": { - "adwin_config.pattern": "0x5c000054", - "adwin_config.version": "1112689490", - "adwin_config.scan_id": "0xd073d502", - "adwin_config.status": "0x41da0000", - "adwin_config.timeout": "1279870552", - "adwin_config.filename": "V2", - "adwin_config.mac": "9f:36:19:4e:7a:42", - "adwin_config.unused": "" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:40.891183000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493960.891183000", - "frame.time_delta": "0.676386000", - "frame.time_delta_displayed": "0.676386000", - "frame.time_relative": "369.430497000", - "frame.number": "820", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.242" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:40.891614000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493960.891614000", - "frame.time_delta": "0.000431000", - "frame.time_delta_displayed": "0.000431000", - "frame.time_relative": "369.430928000", - "frame.number": "821", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "d0:52:a8:a3:60:0f", - "arp.src.proto_ipv4": "192.168.0.242", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:45.567172000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493965.567172000", - "frame.time_delta": "4.675558000", - "frame.time_delta_displayed": "4.675558000", - "frame.time_relative": "374.106486000", - "frame.number": "822", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d3c", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000bab4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00000c9c", - "udp.checksum.status": "2", - "udp.stream": "16" - }, - "mdns": { - "dns.id": "0x00000267", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=615", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:45.567738000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493965.567738000", - "frame.time_delta": "0.000566000", - "frame.time_delta_displayed": "0.000566000", - "frame.time_relative": "374.107052000", - "frame.number": "823", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d3d", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009baf", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000ed97", - "udp.checksum.status": "2", - "udp.stream": "17" - }, - "mdns": { - "dns.id": "0x00000267", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=615", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:45.568312000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493965.568312000", - "frame.time_delta": "0.000574000", - "frame.time_delta_displayed": "0.000574000", - "frame.time_relative": "374.107626000", - "frame.number": "824", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1319", - "udp.dstport": "5353", - "udp.port": "1319", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00007b5d", - "udp.checksum.status": "2", - "udp.stream": "18" - }, - "mdns": { - "dns.id": "0x00000267", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=615", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:48.614140000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493968.614140000", - "frame.time_delta": "3.045828000", - "frame.time_delta_displayed": "3.045828000", - "frame.time_relative": "377.153454000", - "frame.number": "825", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x0000796d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00004fea", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:48.667016000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493968.667016000", - "frame.time_delta": "0.052876000", - "frame.time_delta_displayed": "0.052876000", - "frame.time_relative": "377.206330000", - "frame.number": "826", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x00007970", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00004fe7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:48.719949000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493968.719949000", - "frame.time_delta": "0.052933000", - "frame.time_delta_displayed": "0.052933000", - "frame.time_relative": "377.259263000", - "frame.number": "827", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x00007973", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00004fdb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:48.818763000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493968.818763000", - "frame.time_delta": "0.098814000", - "frame.time_delta_displayed": "0.098814000", - "frame.time_relative": "377.358077000", - "frame.number": "828", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x00007975", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00004fd9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:48.825582000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493968.825582000", - "frame.time_delta": "0.006819000", - "frame.time_delta_displayed": "0.006819000", - "frame.time_relative": "377.364896000", - "frame.number": "829", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x00007979", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00004fdb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:48.878482000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493968.878482000", - "frame.time_delta": "0.052900000", - "frame.time_delta_displayed": "0.052900000", - "frame.time_relative": "377.417796000", - "frame.number": "830", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x0000797d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00004fd7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:50.458405000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493970.458405000", - "frame.time_delta": "1.579923000", - "frame.time_delta_displayed": "1.579923000", - "frame.time_relative": "378.997719000", - "frame.number": "831", - "frame.len": "419", - "frame.cap_len": "419", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "405", - "ip.id": "0x00009513", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000770b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "353", - "tcp.seq": "6880", - "tcp.nxtseq": "7233", - "tcp.ack": "1174", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00000cf9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:44:f8:a7:9c:5f:37", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2442488, TSecr 2812043063": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2442488", - "tcp.options.timestamp.tsecr": "2812043063" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "353", - "tcp.analysis.push_bytes_sent": "353" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "348", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:af:5c:a6:1b:72:08:c1:4c:33:93:33:30:7f:e4:ba:90:db:0a:2f:88:34:50:eb:e1:35:4b:62:d3:17:c9:d0:5d:95:fe:f7:e9:97:83:f8:ac:34:ad:03:40:fe:aa:89:26:9a:8c:d3:5b:66:d9:1e:fb:f1:1b:1b:3e:e7:ab:a7:cf:95:a1:bb:5c:e8:6c:b4:23:b9:59:4c:53:ca:40:07:c3:9b:85:85:cc:0f:74:22:b2:79:4a:41:3e:52:ce:c9:b1:65:da:04:f5:dc:25:8d:d5:74:f2:aa:9b:85:a4:4d:59:c6:25:8e:54:d7:20:c6:78:98:94:c3:4b:87:7e:78:fb:a1:ba:fb:79:7e:6f:e2:26:86:77:aa:9c:f5:11:e8:4e:e8:90:e8:68:ca:50:79:28:fd:a4:74:d9:ed:54:6e:67:f1:56:19:38:d9:62:07:03:9b:63:72:85:8f:04:a0:90:59:00:0d:82:18:5a:d2:58:fe:85:f9:52:00:7e:0a:d3:93:d0:5d:c7:da:a7:4d:8b:81:4b:45:73:cb:73:96:43:d4:6e:c6:cc:fd:a8:68:eb:60:8c:e8:eb:f8:49:46:6f:2c:c6:70:5a:3f:8d:1b:63:c4:12:96:50:8a:e6:00:d7:ed:ab:0f:02:f0:82:ff:2e:3d:d8:f0:5a:18:47:6d:24:e5:2e:27:23:d5:4b:b0:c5:2b:65:18:52:c8:c9:02:82:ac:cb:25:02:ea:0d:3d:ca:a2:2c:7f:00:d6:1d:31:85:54:cc:7a:c9:d0:68:be:b4:43:87:b7:33:2b:7c:b5:3d:99:d2:1f:3c:5c:11:25:db:c8:85:18:7f:c7:82:75:55:2a:bd:76:5c:20:86:81:4b:64:e8:21:03:32:5f:92:21:5c:bc:66:52:fe" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:50.519173000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493970.519173000", - "frame.time_delta": "0.060768000", - "frame.time_delta_displayed": "0.060768000", - "frame.time_relative": "379.058487000", - "frame.number": "832", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002c09", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003947", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "1174", - "tcp.nxtseq": "1221", - "tcp.ack": "7233", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000d83b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9c:6d:82:00:25:44:f8", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812046722, TSecr 2442488": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812046722", - "tcp.options.timestamp.tsecr": "2442488" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "831", - "tcp.analysis.ack_rtt": "0.060768000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:3e:72:98:5e:17:69:74:d8:5a:4c:18:44:2c:2e:1f:b0:26:cc:ad:8e:b4:5f:3c:00:29:1b:fe:df:0f:1f:83:49:0a:6a:e1" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:50.519599000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493970.519599000", - "frame.time_delta": "0.000426000", - "frame.time_delta_displayed": "0.000426000", - "frame.time_relative": "379.058913000", - "frame.number": "833", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00009514", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000786b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "7233", - "tcp.ack": "1221", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000d41a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:44:fe:a7:9c:6d:82", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2442494, TSecr 2812046722": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2442494", - "tcp.options.timestamp.tsecr": "2812046722" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "832", - "tcp.analysis.ack_rtt": "0.000426000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:50.567480000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493970.567480000", - "frame.time_delta": "0.047881000", - "frame.time_delta_displayed": "0.047881000", - "frame.time_relative": "379.106794000", - "frame.number": "834", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d3e", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000bab2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00000c9c", - "udp.checksum.status": "2", - "udp.stream": "16" - }, - "mdns": { - "dns.id": "0x00000267", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=615", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:50.568036000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493970.568036000", - "frame.time_delta": "0.000556000", - "frame.time_delta_displayed": "0.000556000", - "frame.time_relative": "379.107350000", - "frame.number": "835", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d3f", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009bad", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000ed97", - "udp.checksum.status": "2", - "udp.stream": "17" - }, - "mdns": { - "dns.id": "0x00000267", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=615", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:50.568615000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493970.568615000", - "frame.time_delta": "0.000579000", - "frame.time_delta_displayed": "0.000579000", - "frame.time_relative": "379.107929000", - "frame.number": "836", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1319", - "udp.dstport": "5353", - "udp.port": "1319", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00007b5d", - "udp.checksum.status": "2", - "udp.stream": "18" - }, - "mdns": { - "dns.id": "0x00000267", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=615", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:55.568215000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493975.568215000", - "frame.time_delta": "4.999600000", - "frame.time_delta_displayed": "4.999600000", - "frame.time_relative": "384.107529000", - "frame.number": "837", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d40", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000bab0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00000c9c", - "udp.checksum.status": "2", - "udp.stream": "16" - }, - "mdns": { - "dns.id": "0x00000267", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=615", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:55.568616000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493975.568616000", - "frame.time_delta": "0.000401000", - "frame.time_delta_displayed": "0.000401000", - "frame.time_relative": "384.107930000", - "frame.number": "838", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d41", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009bab", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000ed97", - "udp.checksum.status": "2", - "udp.stream": "17" - }, - "mdns": { - "dns.id": "0x00000267", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=615", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:55.569023000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493975.569023000", - "frame.time_delta": "0.000407000", - "frame.time_delta_displayed": "0.000407000", - "frame.time_relative": "384.108337000", - "frame.number": "839", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1319", - "udp.dstport": "5353", - "udp.port": "1319", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00007b5d", - "udp.checksum.status": "2", - "udp.stream": "18" - }, - "mdns": { - "dns.id": "0x00000267", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=615", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:56.549414000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493976.549414000", - "frame.time_delta": "0.980391000", - "frame.time_delta_displayed": "0.980391000", - "frame.time_relative": "385.088728000", - "frame.number": "840", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "60:57:18:8e:aa:94", - "arp.src.proto_ipv4": "192.168.0.108", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:58.503572000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493978.503572000", - "frame.time_delta": "1.954158000", - "frame.time_delta_displayed": "1.954158000", - "frame.time_relative": "387.042886000", - "frame.number": "841", - "frame.len": "1325", - "frame.cap_len": "1325", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1311", - "ip.id": "0x00009515", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000737f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "1259", - "tcp.seq": "7233", - "tcp.nxtseq": "8492", - "tcp.ack": "1221", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00007125", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:48:1d:a7:9c:6d:82", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2443293, TSecr 2812046722": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2443293", - "tcp.options.timestamp.tsecr": "2812046722" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "1259", - "tcp.analysis.push_bytes_sent": "1259" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "1254", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:b0:e7:77:12:bf:71:32:81:38:4d:18:e6:c6:9f:52:7d:06:91:d5:48:40:0b:cf:7d:4b:69:30:7b:8e:28:f0:e2:9b:f4:18:a9:1b:6f:90:f7:7b:64:93:78:ff:a2:06:21:31:d8:18:23:86:28:b7:04:69:60:86:d1:f8:82:34:0f:0c:46:25:1f:2f:c5:a0:0e:11:24:1e:4f:24:18:f9:1c:96:c7:97:65:4f:2c:be:aa:4b:f3:26:60:71:9c:4f:19:76:67:c4:6e:2c:a7:ef:16:98:f8:54:e6:57:e2:ff:31:5c:29:c7:ee:bb:be:a1:70:5e:87:79:bb:3e:fb:ea:f0:4e:61:5c:30:7a:91:d9:81:9b:a4:4d:7f:ab:f3:8b:f3:71:cf:4b:d0:74:9e:cf:b2:a1:e8:ac:f0:50:63:6a:e5:3a:19:49:14:7f:f9:45:6f:b8:4e:9c:b6:ac:a6:e5:2f:df:8f:d6:90:38:89:3d:67:1f:45:ee:c7:50:47:6c:af:25:92:d7:60:ae:46:8d:53:16:f5:b5:4b:ba:57:b0:f6:7e:c0:11:87:20:b7:02:dd:ab:58:ce:85:5a:c1:8a:25:9b:22:cc:6d:b9:b7:97:ad:db:da:c5:cc:59:79:4a:02:f1:d4:27:0b:c5:c0:2a:1c:de:83:a8:5c:d4:55:93:9b:ff:69:80:48:c1:56:46:8a:6b:6b:b3:3c:b6:36:7b:ee:fa:1a:9e:b2:8b:9c:2b:91:95:d7:ab:15:d5:9f:2b:0e:c2:55:2d:bb:67:45:0a:41:56:11:28:c2:e5:34:5d:d2:31:8b:f4:72:a5:ba:84:21:ac:0b:44:15:78:f9:18:f4:c2:0e:93:ff:2e:cd:8d:5a:51:7b:03:0f:d6:45:9f:be:d2:23:1c:8d:8d:cf:50:73:19:95:8c:14:45:6d:91:21:7b:82:94:3e:54:8e:f3:64:7d:42:d2:bf:4e:f8:8d:95:29:96:f6:55:43:49:6d:c8:27:37:91:c3:6b:a4:ed:57:50:f7:4e:09:82:2f:91:8e:b1:72:de:b4:13:48:3d:d7:f5:32:9e:fc:74:ef:40:6d:fc:92:9e:58:31:b8:d0:0e:ef:bf:06:fc:b7:22:d7:c1:45:5c:26:de:9c:b5:99:8d:32:fc:96:88:ed:d1:e8:ac:7b:e9:b4:5b:67:ad:a7:7e:5e:85:31:0c:68:d2:a5:f0:ba:9a:6d:79:74:79:2a:ac:b8:53:46:d7:a3:ef:8f:3e:81:bc:d5:de:d6:3d:19:05:c6:9b:44:ad:6e:f8:2c:e1:f5:13:ea:d0:89:6d:c1:e2:ed:28:17:bf:7b:0d:1c:91:28:e7:67:3e:8b:1f:2a:7a:04:85:a4:57:42:bc:8e:8e:e7:58:6f:9e:9c:5a:a4:ef:ec:28:ed:1b:5a:25:f2:06:e1:fa:1e:4c:42:66:96:5a:72:ca:84:83:4d:a2:99:fe:ec:3a:be:c9:3d:ae:53:a2:0b:d8:6e:75:7c:b0:62:14:f2:b2:34:8d:09:62:77:4e:76:4c:2c:2e:fe:f6:3c:f8:e1:5e:3a:c8:e0:2f:67:dd:35:8d:a7:33:1e:6a:44:ef:85:8a:d3:b4:01:80:ff:dd:d0:e7:98:ad:b5:bd:72:dd:9d:10:55:f4:71:a6:78:a9:be:2f:ae:8c:9a:b9:c6:96:cf:b2:9c:46:9d:0a:1a:4a:84:da:ad:97:62:0b:ad:24:17:f7:be:25:6d:e5:94:01:eb:46:62:27:16:1e:a0:29:6e:d4:21:27:56:ff:ff:6f:2d:47:b2:a9:54:0d:e2:0c:a5:83:48:ba:19:37:1a:ab:cc:02:29:6d:ea:02:81:e0:b6:ab:78:98:58:c7:dc:53:bb:28:e9:6d:a0:2f:1a:81:21:ee:7e:9d:47:ab:00:1d:80:ae:ed:0d:71:d2:b2:72:4f:6d:d2:3d:b1:44:ad:8e:ae:18:bd:99:80:17:38:97:50:70:82:b3:91:9f:6c:f5:38:f6:2a:1f:7d:3b:c4:66:38:85:9c:8c:e4:8c:dc:9c:5f:ec:4e:d6:f3:03:bf:16:6b:c6:06:2c:c5:e1:69:98:37:c2:1e:a3:89:05:11:de:f7:7b:f1:80:6f:7f:f3:23:54:a3:4d:cb:77:fd:56:86:f9:23:e3:1d:19:39:ec:eb:2a:4d:1f:2e:c1:4f:24:34:d9:09:e8:cb:d0:cd:e3:d1:6f:e8:cb:6d:28:c9:05:b8:9f:c0:ef:71:9a:6c:95:22:59:94:84:74:4e:58:c4:ad:8d:d1:a3:c5:d9:84:e8:c1:a5:41:b2:0b:69:dc:cf:1a:4a:23:61:f7:84:a1:a1:9b:e2:8b:dc:ff:8d:11:17:24:bf:40:de:39:06:88:18:3c:21:8e:d5:9b:45:7c:6f:77:5f:29:3d:ec:a2:f9:8a:db:cd:53:89:39:e2:81:bf:b5:bd:a0:2a:e7:f7:71:48:51:4e:ff:59:5b:31:67:7a:de:da:62:6f:09:dd:ec:6a:c7:37:fd:c9:e6:a4:a3:c0:00:e8:87:95:ee:9b:44:f0:d7:8b:5a:69:81:1d:32:db:96:35:26:11:f8:ee:84:41:47:14:40:4b:db:b0:c5:94:97:34:92:da:4c:3c:bb:95:51:b4:f1:a8:55:59:93:88:6a:75:cc:17:89:96:29:f2:56:44:4e:68:93:13:2d:4f:d8:de:9f:5b:a7:9d:91:ec:a8:eb:87:1b:9b:e6:b9:51:53:38:f5:22:92:cf:21:c0:0e:48:42:6e:7d:5c:fd:14:ed:f6:dc:fa:c5:e4:cd:64:77:5f:87:5f:dd:82:49:bf:fb:7b:ea:97:9f:58:f3:e4:0e:3d:49:34:60:a6:df:87:0e:47:e8:c4:d9:a3:94:74:47:0b:73:3c:ea:c7:3b:3d:e3:a2:d8:65:9e:31:d6:50:69:1a:c5:29:72:a2:ed:7c:d7:73:9e:01:72:20:49:08:77:c8:dd:65:20:90:d4:b1:46:49:1f:43:52:df:38:34:61:5c:ac:7b:fe:51:3d:5c:0f:57:c7:36:8b:e8:c7:fa:c9:54:c4:d8:eb:8a:0b:c4:10:11:0e:c1:2f:ec:2e:99:52:8e:8e:fd:1f:89:39:60:78:54:f9:6d:ba:70:1c:6a:1e:39:02:50:c3:df:c8:ef:35:bc:ec:74:7b:46:f4:4f:5e:18:ee:c4:37:7f:cf:9b:be:66:1d:7b:f9:f6:ba:e0:fd:81:1e:c2:20:73:3c:cb:9d:af:5b:7a:be:dd:da:cf:0a:91:62:c8:18:a2:f6:89:48:90:a8:c0:50:07:f8:37" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:52:58.602223000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493978.602223000", - "frame.time_delta": "0.098651000", - "frame.time_delta_displayed": "0.098651000", - "frame.time_relative": "387.141537000", - "frame.number": "842", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c0a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003975", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "1221", - "tcp.ack": "8492", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000c51a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9c:75:67:00:25:48:1d", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812048743, TSecr 2443293": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812048743", - "tcp.options.timestamp.tsecr": "2443293" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "841", - "tcp.analysis.ack_rtt": "0.098651000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:03.610697000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493983.610697000", - "frame.time_delta": "5.008474000", - "frame.time_delta_displayed": "5.008474000", - "frame.time_relative": "392.150011000", - "frame.number": "843", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.242" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:03.611135000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493983.611135000", - "frame.time_delta": "0.000438000", - "frame.time_delta_displayed": "0.000438000", - "frame.time_relative": "392.150449000", - "frame.number": "844", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "d0:52:a8:a3:60:0f", - "arp.src.proto_ipv4": "192.168.0.242", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:04.720817000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493984.720817000", - "frame.time_delta": "1.109682000", - "frame.time_delta_displayed": "1.109682000", - "frame.time_relative": "393.260131000", - "frame.number": "845", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000057de", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a6b3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "121", - "tcp.ack": "109", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000005db", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive": "", - "_ws.expert.message": "TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:04.864007000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493984.864007000", - "frame.time_delta": "0.143190000", - "frame.time_delta_displayed": "0.143190000", - "frame.time_relative": "393.403321000", - "frame.number": "846", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000fd0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fdc1", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "109", - "tcp.ack": "122", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00001050", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive_ack": "", - "_ws.expert.message": "ACK to a TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:06.169911000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493986.169911000", - "frame.time_delta": "1.305904000", - "frame.time_delta_displayed": "1.305904000", - "frame.time_relative": "394.709225000", - "frame.number": "847", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005b70", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x00005c79", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:09.730697000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493989.730697000", - "frame.time_delta": "3.560786000", - "frame.time_delta_displayed": "3.560786000", - "frame.time_relative": "398.270011000", - "frame.number": "848", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "00:17:88:69:ee:e4", - "arp.src.proto_ipv4": "192.168.0.160", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:09.730823000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493989.730823000", - "frame.time_delta": "0.000126000", - "frame.time_delta_displayed": "0.000126000", - "frame.time_relative": "398.270137000", - "frame.number": "849", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:17:88:69:ee:e4", - "arp.dst.proto_ipv4": "192.168.0.160" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:11.475641000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509493991.475641000", - "frame.time_delta": "1.744818000", - "frame.time_delta_displayed": "1.744818000", - "frame.time_relative": "400.014955000", - "frame.number": "850", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "60:f1:89:96:45:f6", - "arp.src.proto_ipv4": "192.168.0.86", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:21.535807000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494001.535807000", - "frame.time_delta": "10.060166000", - "frame.time_delta_displayed": "10.060166000", - "frame.time_relative": "410.075121000", - "frame.number": "851", - "frame.len": "115", - "frame.cap_len": "115", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "101", - "ip.id": "0x00009516", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007838", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "49", - "tcp.seq": "8492", - "tcp.nxtseq": "8541", - "tcp.ack": "1221", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000bc48", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:51:1c:a7:9c:75:67", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2445596, TSecr 2812048743": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2445596", - "tcp.options.timestamp.tsecr": "2812048743" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "49", - "tcp.analysis.push_bytes_sent": "49" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "44", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:b1:12:de:30:63:a1:37:cd:a0:c4:0e:88:5a:41:cc:99:16:ea:ee:e2:33:8a:a3:7d:5e:99:22:7a:01:21:d6:db:9a:82:57:49:d4" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:21.595961000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494001.595961000", - "frame.time_delta": "0.060154000", - "frame.time_delta_displayed": "0.060154000", - "frame.time_relative": "410.135275000", - "frame.number": "852", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c0b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003974", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "1221", - "tcp.ack": "8541", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000a576", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9c:8b:db:00:25:51:1c", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812054491, TSecr 2445596": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812054491", - "tcp.options.timestamp.tsecr": "2445596" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "851", - "tcp.analysis.ack_rtt": "0.060154000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:21.596493000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494001.596493000", - "frame.time_delta": "0.000532000", - "frame.time_delta_displayed": "0.000532000", - "frame.time_relative": "410.135807000", - "frame.number": "853", - "frame.len": "121", - "frame.cap_len": "121", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "107", - "ip.id": "0x00002c0c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000393c", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "55", - "tcp.seq": "1221", - "tcp.nxtseq": "1276", - "tcp.ack": "8541", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000e7a3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9c:8b:db:00:25:51:1c", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812054491, TSecr 2445596": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812054491", - "tcp.options.timestamp.tsecr": "2445596" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "55", - "tcp.analysis.push_bytes_sent": "55" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "50", - "ssl.app_data": "34:cd:34:17:47:48:0e:3f:35:c1:31:a6:6e:37:42:29:d6:6c:77:74:2a:80:e5:b3:03:4d:c6:7d:14:14:dd:7b:d0:25:2d:3f:8e:8d:f6:14:3f:a1:5c:c1:50:ee:d6:ff:5a:75" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:21.596926000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494001.596926000", - "frame.time_delta": "0.000433000", - "frame.time_delta_displayed": "0.000433000", - "frame.time_relative": "410.136240000", - "frame.number": "854", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00009517", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007868", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "8541", - "tcp.ack": "1276", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000a44a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:51:22:a7:9c:8b:db", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2445602, TSecr 2812054491": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2445602", - "tcp.options.timestamp.tsecr": "2812054491" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "853", - "tcp.analysis.ack_rtt": "0.000433000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:24.955768000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494004.955768000", - "frame.time_delta": "3.358842000", - "frame.time_delta_displayed": "3.358842000", - "frame.time_relative": "413.495082000", - "frame.number": "855", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "50:c7:bf:59:d5:84", - "eth.src_tree": { - "eth.src_resolved": "Tp-LinkT_59:d5:84", - "eth.addr": "50:c7:bf:59:d5:84", - "eth.addr_resolved": "Tp-LinkT_59:d5:84", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "50:c7:bf:59:d5:84", - "arp.src.proto_ipv4": "192.168.0.221", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:25.363856000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494005.363856000", - "frame.time_delta": "0.408088000", - "frame.time_delta_displayed": "0.408088000", - "frame.time_relative": "413.903170000", - "frame.number": "856", - "frame.len": "98", - "frame.cap_len": "98", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "84", - "ip.id": "0x00000a9c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ee14", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "64", - "udp.checksum": "0x00006129", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "38:00:00:54:42:52:4b:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:00:44:65:4b:aa:cc:cc:f2:14:0f:00:00:00:00:a6:d4:73:1a:21:e0:13:ff:c9:9a:3b:00:00:00:00:01:00:02:00", - "data.len": "56" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:28.843965000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494008.843965000", - "frame.time_delta": "3.480109000", - "frame.time_delta_displayed": "3.480109000", - "frame.time_relative": "417.383279000", - "frame.number": "857", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "3c:ef:8c:6f:79:5a", - "eth.src_tree": { - "eth.src_resolved": "Zhejiang_6f:79:5a", - "eth.addr": "3c:ef:8c:6f:79:5a", - "eth.addr_resolved": "Zhejiang_6f:79:5a", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.isgratuitous": "1", - "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", - "arp.src.proto_ipv4": "192.168.0.71", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.71" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:30.442147000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494010.442147000", - "frame.time_delta": "1.598182000", - "frame.time_delta_displayed": "1.598182000", - "frame.time_relative": "418.981461000", - "frame.number": "858", - "frame.len": "168", - "frame.cap_len": "168", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "154", - "ip.id": "0x000020dd", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e767", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "52117", - "udp.dstport": "1900", - "udp.port": "52117", - "udp.port": "1900", - "udp.length": "134", - "udp.checksum": "0x00004d48", - "udp.checksum.status": "2", - "udp.stream": "10" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "4", - "http.prev_request_in": "629" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:30.837840000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494010.837840000", - "frame.time_delta": "0.395693000", - "frame.time_delta_displayed": "0.395693000", - "frame.time_relative": "419.377154000", - "frame.number": "859", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x000038b0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00007e9b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "305", - "udp.checksum": "0x0000f985", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "19", - "http.prev_response_in": "691" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:30.841505000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494010.841505000", - "frame.time_delta": "0.003665000", - "frame.time_delta_displayed": "0.003665000", - "frame.time_relative": "419.380819000", - "frame.number": "860", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001907", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f60", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54535", - "tcp.dstport": "80", - "tcp.port": "54535", - "tcp.port": "80", - "tcp.stream": "27", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x000068e0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:30.842056000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494010.842056000", - "frame.time_delta": "0.000551000", - "frame.time_delta_displayed": "0.000551000", - "frame.time_relative": "419.381370000", - "frame.number": "861", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54535", - "tcp.port": "80", - "tcp.port": "54535", - "tcp.stream": "27", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00004169", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "860", - "tcp.analysis.ack_rtt": "0.000551000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:30.845068000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494010.845068000", - "frame.time_delta": "0.003012000", - "frame.time_delta_displayed": "0.003012000", - "frame.time_relative": "419.384382000", - "frame.number": "862", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001908", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f6b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54535", - "tcp.dstport": "80", - "tcp.port": "54535", - "tcp.port": "80", - "tcp.stream": "27", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000f347", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "861", - "tcp.analysis.ack_rtt": "0.003012000", - "tcp.analysis.initial_rtt": "0.003563000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:30.845941000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494010.845941000", - "frame.time_delta": "0.000873000", - "frame.time_delta_displayed": "0.000873000", - "frame.time_relative": "419.385255000", - "frame.number": "863", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001909", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005ec3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54535", - "tcp.dstport": "80", - "tcp.port": "54535", - "tcp.port": "80", - "tcp.stream": "27", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000008c1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003563000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:30.846423000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494010.846423000", - "frame.time_delta": "0.000482000", - "frame.time_delta_displayed": "0.000482000", - "frame.time_relative": "419.385737000", - "frame.number": "864", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e597", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d2db", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54535", - "tcp.port": "80", - "tcp.port": "54535", - "tcp.stream": "27", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000e4d8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "863", - "tcp.analysis.ack_rtt": "0.000482000", - "tcp.analysis.initial_rtt": "0.003563000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:30.846991000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494010.846991000", - "frame.time_delta": "0.000568000", - "frame.time_delta_displayed": "0.000568000", - "frame.time_relative": "419.386305000", - "frame.number": "865", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000e598", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d2c9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54535", - "tcp.port": "80", - "tcp.port": "54535", - "tcp.stream": "27", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000024fa", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003563000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:30.847339000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494010.847339000", - "frame.time_delta": "0.000348000", - "frame.time_delta_displayed": "0.000348000", - "frame.time_relative": "419.386653000", - "frame.number": "866", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000e599", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000cef6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54535", - "tcp.port": "80", - "tcp.port": "54535", - "tcp.stream": "27", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00007763", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003563000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "865", - "tcp.segment": "866", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001398000", - "http.request_in": "863", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:30.850949000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494010.850949000", - "frame.time_delta": "0.003610000", - "frame.time_delta_displayed": "0.003610000", - "frame.time_relative": "419.390263000", - "frame.number": "867", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000e59a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000cef5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54535", - "tcp.port": "80", - "tcp.port": "54535", - "tcp.stream": "27", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00007763", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003563000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.retransmission": "", - "_ws.expert.message": "This frame is a (suspected) retransmission", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - }, - "tcp.analysis.rto": "0.003610000", - "tcp.analysis.rto_frame": "866" - } - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:30.851237000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494010.851237000", - "frame.time_delta": "0.000288000", - "frame.time_delta_displayed": "0.000288000", - "frame.time_relative": "419.390551000", - "frame.number": "868", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000190a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f69", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54535", - "tcp.dstport": "80", - "tcp.port": "54535", - "tcp.port": "80", - "tcp.stream": "27", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000eeaf", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "866", - "tcp.analysis.ack_rtt": "0.003898000", - "tcp.analysis.initial_rtt": "0.003563000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:30.851700000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494010.851700000", - "frame.time_delta": "0.000463000", - "frame.time_delta_displayed": "0.000463000", - "frame.time_relative": "419.391014000", - "frame.number": "869", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000190b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f68", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54535", - "tcp.dstport": "80", - "tcp.port": "54535", - "tcp.port": "80", - "tcp.stream": "27", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000eeae", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:30.852117000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494010.852117000", - "frame.time_delta": "0.000417000", - "frame.time_delta_displayed": "0.000417000", - "frame.time_relative": "419.391431000", - "frame.number": "870", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000ec41", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000cc31", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54535", - "tcp.port": "80", - "tcp.port": "54535", - "tcp.stream": "27", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000e0e2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "869", - "tcp.analysis.ack_rtt": "0.000417000", - "tcp.analysis.initial_rtt": "0.003563000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:30.853417000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494010.853417000", - "frame.time_delta": "0.001300000", - "frame.time_delta_displayed": "0.001300000", - "frame.time_relative": "419.392731000", - "frame.number": "871", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000190c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f5b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54535", - "tcp.dstport": "80", - "tcp.port": "54535", - "tcp.port": "80", - "tcp.stream": "27", - "tcp.len": "0", - "tcp.seq": "169", - "tcp.ack": "1014", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000053f9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:05:0a:bd:36:f3:26:bd:36:f7:09", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "SACK: 18-1013": { - "tcp.option_kind": "5", - "tcp.option_len": "10", - "tcp.options.sack": "1", - "tcp.options.sack_le": "18", - "tcp.options.sack_re": "1013", - "tcp.options.sack.count": "1" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003563000", - "tcp.analysis.flags": { - "tcp.analysis.duplicate_ack": "" - }, - "tcp.analysis.duplicate_ack_num": "1", - "tcp.analysis.duplicate_ack_frame": "868", - "tcp.analysis.duplicate_ack_frame_tree": { - "_ws.expert": { - "tcp.analysis.duplicate_ack": "", - "_ws.expert.message": "Duplicate ACK (#1)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:30.890791000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494010.890791000", - "frame.time_delta": "0.037374000", - "frame.time_delta_displayed": "0.037374000", - "frame.time_relative": "419.430105000", - "frame.number": "872", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x000038b3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00007e8f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "314", - "udp.checksum": "0x00000771", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "20", - "http.prev_response_in": "859" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:30.894680000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494010.894680000", - "frame.time_delta": "0.003889000", - "frame.time_delta_displayed": "0.003889000", - "frame.time_relative": "419.433994000", - "frame.number": "873", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000190d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f5a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54536", - "tcp.dstport": "80", - "tcp.port": "54536", - "tcp.port": "80", - "tcp.stream": "28", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x000047ce", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:30.895214000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494010.895214000", - "frame.time_delta": "0.000534000", - "frame.time_delta_displayed": "0.000534000", - "frame.time_relative": "419.434528000", - "frame.number": "874", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54536", - "tcp.port": "80", - "tcp.port": "54536", - "tcp.stream": "28", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000fe60", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "873", - "tcp.analysis.ack_rtt": "0.000534000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:30.900168000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494010.900168000", - "frame.time_delta": "0.004954000", - "frame.time_delta_displayed": "0.004954000", - "frame.time_relative": "419.439482000", - "frame.number": "875", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000190e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f65", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54536", - "tcp.dstport": "80", - "tcp.port": "54536", - "tcp.port": "80", - "tcp.stream": "28", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000b03f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "874", - "tcp.analysis.ack_rtt": "0.004954000", - "tcp.analysis.initial_rtt": "0.005488000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:30.901243000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494010.901243000", - "frame.time_delta": "0.001075000", - "frame.time_delta_displayed": "0.001075000", - "frame.time_relative": "419.440557000", - "frame.number": "876", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x0000190f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005ebd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54536", - "tcp.dstport": "80", - "tcp.port": "54536", - "tcp.port": "80", - "tcp.stream": "28", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000c5b8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005488000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:30.901747000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494010.901747000", - "frame.time_delta": "0.000504000", - "frame.time_delta_displayed": "0.000504000", - "frame.time_relative": "419.441061000", - "frame.number": "877", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00009b46", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001d2d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54536", - "tcp.port": "80", - "tcp.port": "54536", - "tcp.stream": "28", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000a1d0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "876", - "tcp.analysis.ack_rtt": "0.000504000", - "tcp.analysis.initial_rtt": "0.005488000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:30.902323000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494010.902323000", - "frame.time_delta": "0.000576000", - "frame.time_delta_displayed": "0.000576000", - "frame.time_relative": "419.441637000", - "frame.number": "878", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00009b47", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001d1b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54536", - "tcp.port": "80", - "tcp.port": "54536", - "tcp.stream": "28", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000e1f1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005488000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:30.902672000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494010.902672000", - "frame.time_delta": "0.000349000", - "frame.time_delta_displayed": "0.000349000", - "frame.time_relative": "419.441986000", - "frame.number": "879", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00009b48", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001948", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54536", - "tcp.port": "80", - "tcp.port": "54536", - "tcp.stream": "28", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000345b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005488000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "878", - "tcp.segment": "879", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001429000", - "http.request_in": "876", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:30.905356000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494010.905356000", - "frame.time_delta": "0.002684000", - "frame.time_delta_displayed": "0.002684000", - "frame.time_relative": "419.444670000", - "frame.number": "880", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001910", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f63", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54536", - "tcp.dstport": "80", - "tcp.port": "54536", - "tcp.port": "80", - "tcp.stream": "28", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000aba7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "879", - "tcp.analysis.ack_rtt": "0.002684000", - "tcp.analysis.initial_rtt": "0.005488000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:30.905982000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494010.905982000", - "frame.time_delta": "0.000626000", - "frame.time_delta_displayed": "0.000626000", - "frame.time_relative": "419.445296000", - "frame.number": "881", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001911", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f62", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54536", - "tcp.dstport": "80", - "tcp.port": "54536", - "tcp.port": "80", - "tcp.stream": "28", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000aba6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:30.906410000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494010.906410000", - "frame.time_delta": "0.000428000", - "frame.time_delta_displayed": "0.000428000", - "frame.time_relative": "419.445724000", - "frame.number": "882", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000ec44", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000cc2e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54536", - "tcp.port": "80", - "tcp.port": "54536", - "tcp.stream": "28", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00009dda", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "881", - "tcp.analysis.ack_rtt": "0.000428000", - "tcp.analysis.initial_rtt": "0.005488000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:30.943735000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494010.943735000", - "frame.time_delta": "0.037325000", - "frame.time_delta_displayed": "0.037325000", - "frame.time_relative": "419.483049000", - "frame.number": "883", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x000038b7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00007e91", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "308", - "udp.checksum": "0x00002afb", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "21", - "http.prev_response_in": "872" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:30.957093000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494010.957093000", - "frame.time_delta": "0.013358000", - "frame.time_delta_displayed": "0.013358000", - "frame.time_relative": "419.496407000", - "frame.number": "884", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001912", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f55", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54537", - "tcp.dstport": "80", - "tcp.port": "54537", - "tcp.port": "80", - "tcp.stream": "29", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x00003778", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:30.957644000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494010.957644000", - "frame.time_delta": "0.000551000", - "frame.time_delta_displayed": "0.000551000", - "frame.time_relative": "419.496958000", - "frame.number": "885", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54537", - "tcp.port": "80", - "tcp.port": "54537", - "tcp.stream": "29", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000be32", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "884", - "tcp.analysis.ack_rtt": "0.000551000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:30.961949000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494010.961949000", - "frame.time_delta": "0.004305000", - "frame.time_delta_displayed": "0.004305000", - "frame.time_relative": "419.501263000", - "frame.number": "886", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001913", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f60", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54537", - "tcp.dstport": "80", - "tcp.port": "54537", - "tcp.port": "80", - "tcp.stream": "29", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00007011", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "885", - "tcp.analysis.ack_rtt": "0.004305000", - "tcp.analysis.initial_rtt": "0.004856000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:30.962526000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494010.962526000", - "frame.time_delta": "0.000577000", - "frame.time_delta_displayed": "0.000577000", - "frame.time_relative": "419.501840000", - "frame.number": "887", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001914", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005eb8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54537", - "tcp.dstport": "80", - "tcp.port": "54537", - "tcp.port": "80", - "tcp.stream": "29", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000858a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004856000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:30.962999000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494010.962999000", - "frame.time_delta": "0.000473000", - "frame.time_delta_displayed": "0.000473000", - "frame.time_relative": "419.502313000", - "frame.number": "888", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00009ad8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001d9b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54537", - "tcp.port": "80", - "tcp.port": "54537", - "tcp.stream": "29", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000061a2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "887", - "tcp.analysis.ack_rtt": "0.000473000", - "tcp.analysis.initial_rtt": "0.004856000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:30.963562000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494010.963562000", - "frame.time_delta": "0.000563000", - "frame.time_delta_displayed": "0.000563000", - "frame.time_relative": "419.502876000", - "frame.number": "889", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00009ad9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001d89", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54537", - "tcp.port": "80", - "tcp.port": "54537", - "tcp.stream": "29", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000a1c3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004856000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:30.963910000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494010.963910000", - "frame.time_delta": "0.000348000", - "frame.time_delta_displayed": "0.000348000", - "frame.time_relative": "419.503224000", - "frame.number": "890", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00009ada", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000019b6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54537", - "tcp.port": "80", - "tcp.port": "54537", - "tcp.stream": "29", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000f42c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004856000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "889", - "tcp.segment": "890", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001384000", - "http.request_in": "887", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:30.966196000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494010.966196000", - "frame.time_delta": "0.002286000", - "frame.time_delta_displayed": "0.002286000", - "frame.time_relative": "419.505510000", - "frame.number": "891", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001915", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f5e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54537", - "tcp.dstport": "80", - "tcp.port": "54537", - "tcp.port": "80", - "tcp.stream": "29", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00006b79", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "890", - "tcp.analysis.ack_rtt": "0.002286000", - "tcp.analysis.initial_rtt": "0.004856000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:30.966817000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494010.966817000", - "frame.time_delta": "0.000621000", - "frame.time_delta_displayed": "0.000621000", - "frame.time_relative": "419.506131000", - "frame.number": "892", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001916", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f5d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54537", - "tcp.dstport": "80", - "tcp.port": "54537", - "tcp.port": "80", - "tcp.stream": "29", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00006b78", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:30.967240000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494010.967240000", - "frame.time_delta": "0.000423000", - "frame.time_delta_displayed": "0.000423000", - "frame.time_relative": "419.506554000", - "frame.number": "893", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000ec46", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000cc2c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54537", - "tcp.port": "80", - "tcp.port": "54537", - "tcp.stream": "29", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00005dac", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "892", - "tcp.analysis.ack_rtt": "0.000423000", - "tcp.analysis.initial_rtt": "0.004856000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:31.843286000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494011.843286000", - "frame.time_delta": "0.876046000", - "frame.time_delta_displayed": "0.876046000", - "frame.time_relative": "420.382600000", - "frame.number": "894", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x000038fa", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00007e51", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "305", - "udp.checksum": "0x0000f985", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "22", - "http.prev_response_in": "883" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:31.846448000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494011.846448000", - "frame.time_delta": "0.003162000", - "frame.time_delta_displayed": "0.003162000", - "frame.time_relative": "420.385762000", - "frame.number": "895", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001917", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f50", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54538", - "tcp.dstport": "80", - "tcp.port": "54538", - "tcp.port": "80", - "tcp.stream": "30", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x0000d3a7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:31.846987000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494011.846987000", - "frame.time_delta": "0.000539000", - "frame.time_delta_displayed": "0.000539000", - "frame.time_relative": "420.386301000", - "frame.number": "896", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54538", - "tcp.port": "80", - "tcp.port": "54538", - "tcp.stream": "30", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000b8fa", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "895", - "tcp.analysis.ack_rtt": "0.000539000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:31.849728000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494011.849728000", - "frame.time_delta": "0.002741000", - "frame.time_delta_displayed": "0.002741000", - "frame.time_relative": "420.389042000", - "frame.number": "897", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001918", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f5b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54538", - "tcp.dstport": "80", - "tcp.port": "54538", - "tcp.port": "80", - "tcp.stream": "30", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00006ad9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "896", - "tcp.analysis.ack_rtt": "0.002741000", - "tcp.analysis.initial_rtt": "0.003280000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:31.850343000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494011.850343000", - "frame.time_delta": "0.000615000", - "frame.time_delta_displayed": "0.000615000", - "frame.time_relative": "420.389657000", - "frame.number": "898", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001919", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005eb3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54538", - "tcp.dstport": "80", - "tcp.port": "54538", - "tcp.port": "80", - "tcp.stream": "30", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00008052", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003280000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:31.850836000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494011.850836000", - "frame.time_delta": "0.000493000", - "frame.time_delta_displayed": "0.000493000", - "frame.time_relative": "420.390150000", - "frame.number": "899", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000662c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005247", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54538", - "tcp.port": "80", - "tcp.port": "54538", - "tcp.stream": "30", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00005c6a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "898", - "tcp.analysis.ack_rtt": "0.000493000", - "tcp.analysis.initial_rtt": "0.003280000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:31.851482000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494011.851482000", - "frame.time_delta": "0.000646000", - "frame.time_delta_displayed": "0.000646000", - "frame.time_relative": "420.390796000", - "frame.number": "900", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000662d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005235", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54538", - "tcp.port": "80", - "tcp.port": "54538", - "tcp.stream": "30", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00009c8b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003280000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:31.851839000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494011.851839000", - "frame.time_delta": "0.000357000", - "frame.time_delta_displayed": "0.000357000", - "frame.time_relative": "420.391153000", - "frame.number": "901", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000662e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004e62", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54538", - "tcp.port": "80", - "tcp.port": "54538", - "tcp.stream": "30", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000eef4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003280000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "900", - "tcp.segment": "901", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001496000", - "http.request_in": "898", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:31.853893000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494011.853893000", - "frame.time_delta": "0.002054000", - "frame.time_delta_displayed": "0.002054000", - "frame.time_relative": "420.393207000", - "frame.number": "902", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000191a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f59", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54538", - "tcp.dstport": "80", - "tcp.port": "54538", - "tcp.port": "80", - "tcp.stream": "30", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00006641", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "901", - "tcp.analysis.ack_rtt": "0.002054000", - "tcp.analysis.initial_rtt": "0.003280000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:31.854575000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494011.854575000", - "frame.time_delta": "0.000682000", - "frame.time_delta_displayed": "0.000682000", - "frame.time_relative": "420.393889000", - "frame.number": "903", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000191b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f58", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54538", - "tcp.dstport": "80", - "tcp.port": "54538", - "tcp.port": "80", - "tcp.stream": "30", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00006640", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:31.855010000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494011.855010000", - "frame.time_delta": "0.000435000", - "frame.time_delta_displayed": "0.000435000", - "frame.time_relative": "420.394324000", - "frame.number": "904", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000ec5c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000cc16", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54538", - "tcp.port": "80", - "tcp.port": "54538", - "tcp.stream": "30", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00005874", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "903", - "tcp.analysis.ack_rtt": "0.000435000", - "tcp.analysis.initial_rtt": "0.003280000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:31.896114000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494011.896114000", - "frame.time_delta": "0.041104000", - "frame.time_delta_displayed": "0.041104000", - "frame.time_relative": "420.435428000", - "frame.number": "905", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x000038fc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00007e46", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "314", - "udp.checksum": "0x00000771", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "23", - "http.prev_response_in": "894" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:31.899695000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494011.899695000", - "frame.time_delta": "0.003581000", - "frame.time_delta_displayed": "0.003581000", - "frame.time_relative": "420.439009000", - "frame.number": "906", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000191c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f4b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54539", - "tcp.dstport": "80", - "tcp.port": "54539", - "tcp.port": "80", - "tcp.stream": "31", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x000009b5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:31.900287000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494011.900287000", - "frame.time_delta": "0.000592000", - "frame.time_delta_displayed": "0.000592000", - "frame.time_relative": "420.439601000", - "frame.number": "907", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54539", - "tcp.port": "80", - "tcp.port": "54539", - "tcp.stream": "31", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000968b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "906", - "tcp.analysis.ack_rtt": "0.000592000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:31.903066000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494011.903066000", - "frame.time_delta": "0.002779000", - "frame.time_delta_displayed": "0.002779000", - "frame.time_relative": "420.442380000", - "frame.number": "908", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000191d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f56", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54539", - "tcp.dstport": "80", - "tcp.port": "54539", - "tcp.port": "80", - "tcp.stream": "31", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000486a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "907", - "tcp.analysis.ack_rtt": "0.002779000", - "tcp.analysis.initial_rtt": "0.003371000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:31.903672000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494011.903672000", - "frame.time_delta": "0.000606000", - "frame.time_delta_displayed": "0.000606000", - "frame.time_relative": "420.442986000", - "frame.number": "909", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x0000191e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005eae", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54539", - "tcp.dstport": "80", - "tcp.port": "54539", - "tcp.port": "80", - "tcp.stream": "31", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00005de3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003371000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:31.904160000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494011.904160000", - "frame.time_delta": "0.000488000", - "frame.time_delta_displayed": "0.000488000", - "frame.time_relative": "420.443474000", - "frame.number": "910", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000437a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000074f9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54539", - "tcp.port": "80", - "tcp.port": "54539", - "tcp.stream": "31", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000039fb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "909", - "tcp.analysis.ack_rtt": "0.000488000", - "tcp.analysis.initial_rtt": "0.003371000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:31.904734000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494011.904734000", - "frame.time_delta": "0.000574000", - "frame.time_delta_displayed": "0.000574000", - "frame.time_relative": "420.444048000", - "frame.number": "911", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000437b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000074e7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54539", - "tcp.port": "80", - "tcp.port": "54539", - "tcp.stream": "31", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00007a1c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003371000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:31.905083000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494011.905083000", - "frame.time_delta": "0.000349000", - "frame.time_delta_displayed": "0.000349000", - "frame.time_relative": "420.444397000", - "frame.number": "912", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000437c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007114", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54539", - "tcp.port": "80", - "tcp.port": "54539", - "tcp.stream": "31", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000cc85", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003371000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "911", - "tcp.segment": "912", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001411000", - "http.request_in": "909", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:31.907333000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494011.907333000", - "frame.time_delta": "0.002250000", - "frame.time_delta_displayed": "0.002250000", - "frame.time_relative": "420.446647000", - "frame.number": "913", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000191f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f54", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54539", - "tcp.dstport": "80", - "tcp.port": "54539", - "tcp.port": "80", - "tcp.stream": "31", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000043d2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "912", - "tcp.analysis.ack_rtt": "0.002250000", - "tcp.analysis.initial_rtt": "0.003371000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:31.908005000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494011.908005000", - "frame.time_delta": "0.000672000", - "frame.time_delta_displayed": "0.000672000", - "frame.time_relative": "420.447319000", - "frame.number": "914", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001920", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f53", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54539", - "tcp.dstport": "80", - "tcp.port": "54539", - "tcp.port": "80", - "tcp.stream": "31", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000043d1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:31.908452000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494011.908452000", - "frame.time_delta": "0.000447000", - "frame.time_delta_displayed": "0.000447000", - "frame.time_relative": "420.447766000", - "frame.number": "915", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000ec5f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000cc13", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54539", - "tcp.port": "80", - "tcp.port": "54539", - "tcp.stream": "31", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00003605", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "914", - "tcp.analysis.ack_rtt": "0.000447000", - "tcp.analysis.initial_rtt": "0.003371000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:31.948991000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494011.948991000", - "frame.time_delta": "0.040539000", - "frame.time_delta_displayed": "0.040539000", - "frame.time_relative": "420.488305000", - "frame.number": "916", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00003901", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00007e47", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "308", - "udp.checksum": "0x00002afb", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "24", - "http.prev_response_in": "905" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:31.958611000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494011.958611000", - "frame.time_delta": "0.009620000", - "frame.time_delta_displayed": "0.009620000", - "frame.time_relative": "420.497925000", - "frame.number": "917", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001921", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f46", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54540", - "tcp.dstport": "80", - "tcp.port": "54540", - "tcp.port": "80", - "tcp.stream": "32", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x0000510a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:31.959156000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494011.959156000", - "frame.time_delta": "0.000545000", - "frame.time_delta_displayed": "0.000545000", - "frame.time_relative": "420.498470000", - "frame.number": "918", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54540", - "tcp.port": "80", - "tcp.port": "54540", - "tcp.stream": "32", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x000025e7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "917", - "tcp.analysis.ack_rtt": "0.000545000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:31.961262000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494011.961262000", - "frame.time_delta": "0.002106000", - "frame.time_delta_displayed": "0.002106000", - "frame.time_relative": "420.500576000", - "frame.number": "919", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001922", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f51", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54540", - "tcp.dstport": "80", - "tcp.port": "54540", - "tcp.port": "80", - "tcp.stream": "32", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000d7c5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "918", - "tcp.analysis.ack_rtt": "0.002106000", - "tcp.analysis.initial_rtt": "0.002651000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:31.961909000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494011.961909000", - "frame.time_delta": "0.000647000", - "frame.time_delta_displayed": "0.000647000", - "frame.time_relative": "420.501223000", - "frame.number": "920", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001923", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005ea9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54540", - "tcp.dstport": "80", - "tcp.port": "54540", - "tcp.port": "80", - "tcp.stream": "32", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000ed3e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002651000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:31.962389000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494011.962389000", - "frame.time_delta": "0.000480000", - "frame.time_delta_displayed": "0.000480000", - "frame.time_relative": "420.501703000", - "frame.number": "921", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005db0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005ac3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54540", - "tcp.port": "80", - "tcp.port": "54540", - "tcp.stream": "32", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000c956", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "920", - "tcp.analysis.ack_rtt": "0.000480000", - "tcp.analysis.initial_rtt": "0.002651000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:31.963038000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494011.963038000", - "frame.time_delta": "0.000649000", - "frame.time_delta_displayed": "0.000649000", - "frame.time_relative": "420.502352000", - "frame.number": "922", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00005db1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005ab1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54540", - "tcp.port": "80", - "tcp.port": "54540", - "tcp.stream": "32", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00000978", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002651000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:31.963467000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494011.963467000", - "frame.time_delta": "0.000429000", - "frame.time_delta_displayed": "0.000429000", - "frame.time_relative": "420.502781000", - "frame.number": "923", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00005db2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000056de", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54540", - "tcp.port": "80", - "tcp.port": "54540", - "tcp.stream": "32", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00005be1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002651000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "922", - "tcp.segment": "923", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001558000", - "http.request_in": "920", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:31.967223000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494011.967223000", - "frame.time_delta": "0.003756000", - "frame.time_delta_displayed": "0.003756000", - "frame.time_relative": "420.506537000", - "frame.number": "924", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001924", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f4f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54540", - "tcp.dstport": "80", - "tcp.port": "54540", - "tcp.port": "80", - "tcp.stream": "32", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000d32d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "923", - "tcp.analysis.ack_rtt": "0.003756000", - "tcp.analysis.initial_rtt": "0.002651000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:31.967808000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494011.967808000", - "frame.time_delta": "0.000585000", - "frame.time_delta_displayed": "0.000585000", - "frame.time_relative": "420.507122000", - "frame.number": "925", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001925", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f4e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54540", - "tcp.dstport": "80", - "tcp.port": "54540", - "tcp.port": "80", - "tcp.stream": "32", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000d32c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:31.968236000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494011.968236000", - "frame.time_delta": "0.000428000", - "frame.time_delta_displayed": "0.000428000", - "frame.time_relative": "420.507550000", - "frame.number": "926", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000ec62", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000cc10", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54540", - "tcp.port": "80", - "tcp.port": "54540", - "tcp.stream": "32", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000c560", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "925", - "tcp.analysis.ack_rtt": "0.000428000", - "tcp.analysis.initial_rtt": "0.002651000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:34.860759000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494014.860759000", - "frame.time_delta": "2.892523000", - "frame.time_delta_displayed": "2.892523000", - "frame.time_relative": "423.400073000", - "frame.number": "927", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000057df", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a6b2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "121", - "tcp.ack": "109", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000005db", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive": "", - "_ws.expert.message": "TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:35.004702000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494015.004702000", - "frame.time_delta": "0.143943000", - "frame.time_delta_displayed": "0.143943000", - "frame.time_relative": "423.544016000", - "frame.number": "928", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000fd1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fdc0", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "109", - "tcp.ack": "122", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00001050", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive_ack": "", - "_ws.expert.message": "ACK to a TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:36.171616000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494016.171616000", - "frame.time_delta": "1.166914000", - "frame.time_delta_displayed": "1.166914000", - "frame.time_relative": "424.710930000", - "frame.number": "929", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005b96", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x00005c53", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:36.685843000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494016.685843000", - "frame.time_delta": "0.514227000", - "frame.time_delta_displayed": "0.514227000", - "frame.time_relative": "425.225157000", - "frame.number": "930", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x000020de", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e736", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "64497", - "udp.dstport": "1900", - "udp.port": "64497", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x00004e6c", - "udp.checksum.status": "2", - "udp.stream": "35" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:37.272418000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494017.272418000", - "frame.time_delta": "0.586575000", - "frame.time_delta_displayed": "0.586575000", - "frame.time_relative": "425.811732000", - "frame.number": "931", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00003a0b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00007d40", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "64497", - "udp.port": "1900", - "udp.port": "64497", - "udp.length": "305", - "udp.checksum": "0x0000c929", - "udp.checksum.status": "2", - "udp.stream": "36" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:37.325208000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494017.325208000", - "frame.time_delta": "0.052790000", - "frame.time_delta_displayed": "0.052790000", - "frame.time_relative": "425.864522000", - "frame.number": "932", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00003a0c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00007d36", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "64497", - "udp.port": "1900", - "udp.port": "64497", - "udp.length": "314", - "udp.checksum": "0x0000d714", - "udp.checksum.status": "2", - "udp.stream": "36" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "2", - "http.prev_response_in": "931" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:37.377955000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494017.377955000", - "frame.time_delta": "0.052747000", - "frame.time_delta_displayed": "0.052747000", - "frame.time_relative": "425.917269000", - "frame.number": "933", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00003a0f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00007d39", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "64497", - "udp.port": "1900", - "udp.port": "64497", - "udp.length": "308", - "udp.checksum": "0x0000fa9e", - "udp.checksum.status": "2", - "udp.stream": "36" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "3", - "http.prev_response_in": "932" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:37.687013000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494017.687013000", - "frame.time_delta": "0.309058000", - "frame.time_delta_displayed": "0.309058000", - "frame.time_relative": "426.226327000", - "frame.number": "934", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x000020df", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e735", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "64497", - "udp.dstport": "1900", - "udp.port": "64497", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x00004e6c", - "udp.checksum.status": "2", - "udp.stream": "35" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "2", - "http.prev_request_in": "930" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:38.325267000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494018.325267000", - "frame.time_delta": "0.638254000", - "frame.time_delta_displayed": "0.638254000", - "frame.time_relative": "426.864581000", - "frame.number": "935", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00003a40", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00007d0b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "64497", - "udp.port": "1900", - "udp.port": "64497", - "udp.length": "305", - "udp.checksum": "0x0000c929", - "udp.checksum.status": "2", - "udp.stream": "36" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "4", - "http.prev_response_in": "933" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:38.378039000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494018.378039000", - "frame.time_delta": "0.052772000", - "frame.time_delta_displayed": "0.052772000", - "frame.time_relative": "426.917353000", - "frame.number": "936", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00003a45", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00007cfd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "64497", - "udp.port": "1900", - "udp.port": "64497", - "udp.length": "314", - "udp.checksum": "0x0000d714", - "udp.checksum.status": "2", - "udp.stream": "36" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "5", - "http.prev_response_in": "935" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:38.430815000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494018.430815000", - "frame.time_delta": "0.052776000", - "frame.time_delta_displayed": "0.052776000", - "frame.time_relative": "426.970129000", - "frame.number": "937", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00003a48", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00007d00", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "64497", - "udp.port": "1900", - "udp.port": "64497", - "udp.length": "308", - "udp.checksum": "0x0000fa9e", - "udp.checksum.status": "2", - "udp.stream": "36" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "6", - "http.prev_response_in": "936" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:38.687738000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494018.687738000", - "frame.time_delta": "0.256923000", - "frame.time_delta_displayed": "0.256923000", - "frame.time_relative": "427.227052000", - "frame.number": "938", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x000020e0", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e734", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "64497", - "udp.dstport": "1900", - "udp.port": "64497", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x00004e6c", - "udp.checksum.status": "2", - "udp.stream": "35" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "3", - "http.prev_request_in": "934" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:38.904813000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494018.904813000", - "frame.time_delta": "0.217075000", - "frame.time_delta_displayed": "0.217075000", - "frame.time_relative": "427.444127000", - "frame.number": "939", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00003a4f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00007cfc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "64497", - "udp.port": "1900", - "udp.port": "64497", - "udp.length": "305", - "udp.checksum": "0x0000c929", - "udp.checksum.status": "2", - "udp.stream": "36" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "7", - "http.prev_response_in": "937" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:38.957621000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494018.957621000", - "frame.time_delta": "0.052808000", - "frame.time_delta_displayed": "0.052808000", - "frame.time_relative": "427.496935000", - "frame.number": "940", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00003a51", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00007cf1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "64497", - "udp.port": "1900", - "udp.port": "64497", - "udp.length": "314", - "udp.checksum": "0x0000d714", - "udp.checksum.status": "2", - "udp.stream": "36" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "8", - "http.prev_response_in": "939" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:39.010454000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494019.010454000", - "frame.time_delta": "0.052833000", - "frame.time_delta_displayed": "0.052833000", - "frame.time_relative": "427.549768000", - "frame.number": "941", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00003a56", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00007cf2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "64497", - "udp.port": "1900", - "udp.port": "64497", - "udp.length": "308", - "udp.checksum": "0x0000fa9e", - "udp.checksum.status": "2", - "udp.stream": "36" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "9", - "http.prev_response_in": "940" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:39.688810000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494019.688810000", - "frame.time_delta": "0.678356000", - "frame.time_delta_displayed": "0.678356000", - "frame.time_relative": "428.228124000", - "frame.number": "942", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x000020e1", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e733", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "64497", - "udp.dstport": "1900", - "udp.port": "64497", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x00004e6c", - "udp.checksum.status": "2", - "udp.stream": "35" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "4", - "http.prev_request_in": "938" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:39.797646000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494019.797646000", - "frame.time_delta": "0.108836000", - "frame.time_delta_displayed": "0.108836000", - "frame.time_relative": "428.336960000", - "frame.number": "943", - "frame.len": "174", - "frame.cap_len": "174", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:01", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01", - "eth.addr": "33:33:00:00:00:01", - "eth.addr_resolved": "IPv6mcast_01", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00016898", - "ipv6.plen": "120", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "fe80::b2b9:8aff:fe73:698e", - "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.dst": "ff02::1", - "ipv6.addr": "ff02::1", - "ipv6.dst_host": "ff02::1", - "ipv6.host": "ff02::1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "134", - "icmpv6.code": "0", - "icmpv6.checksum": "0x00006442", - "icmpv6.checksum.status": "1", - "icmpv6.nd.ra.cur_hop_limit": "64", - "icmpv6.nd.ra.flag": "0x000000c0", - "icmpv6.nd.ra.flag_tree": { - "icmpv6.nd.ra.flag.m": "1", - "icmpv6.nd.ra.flag.o": "1", - "icmpv6.nd.ra.flag.h": "0", - "icmpv6.nd.ra.flag.prf": "0", - "icmpv6.nd.ra.flag.p": "0", - "icmpv6.nd.ra.flag.rsv": "0" - }, - "icmpv6.nd.ra.router_lifetime": "0", - "icmpv6.nd.ra.reachable_time": "0", - "icmpv6.nd.ra.retrans_timer": "0", - "icmpv6.opt": { - "icmpv6.opt.type": "1", - "icmpv6.opt.length": "1", - "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", - "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "5", - "icmpv6.opt.length": "1", - "icmpv6.opt.reserved": "", - "icmpv6.opt.mtu": "1500" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "3", - "icmpv6.opt.length": "4", - "icmpv6.opt.prefix.length": "64", - "icmpv6.opt.prefix.flag": "0x000000c0", - "icmpv6.opt.prefix.flag_tree": { - "icmpv6.opt.prefix.flag.l": "1", - "icmpv6.opt.prefix.flag.a": "1", - "icmpv6.opt.prefix.flag.r": "0", - "icmpv6.opt.prefix.flag.reserved": "0" - }, - "icmpv6.opt.prefix.valid_lifetime": "4294967295", - "icmpv6.opt.prefix.preferred_lifetime": "4294967295", - "icmpv6.opt.reserved": "", - "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "24", - "icmpv6.opt.length": "3", - "icmpv6.opt.prefix.length": "48", - "icmpv6.opt.route_info.flag": "0x00000000", - "icmpv6.opt.route_info.flag_tree": { - "icmpv6.opt.route_info.flag.route_preference": "0", - "icmpv6.opt.route_info.flag.reserved": "0" - }, - "icmpv6.opt.route_lifetime": "4294967295", - "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "25", - "icmpv6.opt.length": "3", - "icmpv6.opt.reserved": "", - "icmpv6.opt.rdnss.lifetime": "6000", - "icmpv6.opt.rdnss": "fd1e:4e89:3b7b::1" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "7", - "icmpv6.opt.length": "1", - "icmpv6.opt.reserved": "", - "icmpv6.opt.advertisement_interval": "600000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:39.870677000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494019.870677000", - "frame.time_delta": "0.073031000", - "frame.time_delta_displayed": "0.073031000", - "frame.time_relative": "428.409991000", - "frame.number": "944", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "00:17:88:69:ee:e4", - "arp.src.proto_ipv4": "192.168.0.160", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:39.870850000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494019.870850000", - "frame.time_delta": "0.000173000", - "frame.time_delta_displayed": "0.000173000", - "frame.time_relative": "428.410164000", - "frame.number": "945", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:17:88:69:ee:e4", - "arp.dst.proto_ipv4": "192.168.0.160" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:39.956768000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494019.956768000", - "frame.time_delta": "0.085918000", - "frame.time_delta_displayed": "0.085918000", - "frame.time_relative": "428.496082000", - "frame.number": "946", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00003a9f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00007cac", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "64497", - "udp.port": "1900", - "udp.port": "64497", - "udp.length": "305", - "udp.checksum": "0x0000c929", - "udp.checksum.status": "2", - "udp.stream": "36" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "10", - "http.prev_response_in": "941" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:40.009577000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494020.009577000", - "frame.time_delta": "0.052809000", - "frame.time_delta_displayed": "0.052809000", - "frame.time_relative": "428.548891000", - "frame.number": "947", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00003aa2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00007ca0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "64497", - "udp.port": "1900", - "udp.port": "64497", - "udp.length": "314", - "udp.checksum": "0x0000d714", - "udp.checksum.status": "2", - "udp.stream": "36" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "11", - "http.prev_response_in": "946" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:40.062411000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494020.062411000", - "frame.time_delta": "0.052834000", - "frame.time_delta_displayed": "0.052834000", - "frame.time_relative": "428.601725000", - "frame.number": "948", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00003aa5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00007ca3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "64497", - "udp.port": "1900", - "udp.port": "64497", - "udp.length": "308", - "udp.checksum": "0x0000fa9e", - "udp.checksum.status": "2", - "udp.stream": "36" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "12", - "http.prev_response_in": "947" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:40.570328000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494020.570328000", - "frame.time_delta": "0.507917000", - "frame.time_delta_displayed": "0.507917000", - "frame.time_relative": "429.109642000", - "frame.number": "949", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d47", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000baa9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00000b9b", - "udp.checksum.status": "2", - "udp.stream": "16" - }, - "mdns": { - "dns.id": "0x00000268", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=616", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:40.570817000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494020.570817000", - "frame.time_delta": "0.000489000", - "frame.time_delta_displayed": "0.000489000", - "frame.time_relative": "429.110131000", - "frame.number": "950", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d48", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009ba4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000ec96", - "udp.checksum.status": "2", - "udp.stream": "17" - }, - "mdns": { - "dns.id": "0x00000268", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=616", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:40.571405000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494020.571405000", - "frame.time_delta": "0.000588000", - "frame.time_delta_displayed": "0.000588000", - "frame.time_relative": "429.110719000", - "frame.number": "951", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1319", - "udp.dstport": "5353", - "udp.port": "1319", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00007a5c", - "udp.checksum.status": "2", - "udp.stream": "18" - }, - "mdns": { - "dns.id": "0x00000268", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=616", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:41.172349000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494021.172349000", - "frame.time_delta": "0.600944000", - "frame.time_delta_displayed": "0.600944000", - "frame.time_relative": "429.711663000", - "frame.number": "952", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00003b13", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00007c38", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "64497", - "udp.port": "1900", - "udp.port": "64497", - "udp.length": "305", - "udp.checksum": "0x0000c929", - "udp.checksum.status": "2", - "udp.stream": "36" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "13", - "http.prev_response_in": "948" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:41.225245000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494021.225245000", - "frame.time_delta": "0.052896000", - "frame.time_delta_displayed": "0.052896000", - "frame.time_relative": "429.764559000", - "frame.number": "953", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00003b15", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00007c2d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "64497", - "udp.port": "1900", - "udp.port": "64497", - "udp.length": "314", - "udp.checksum": "0x0000d714", - "udp.checksum.status": "2", - "udp.stream": "36" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "14", - "http.prev_response_in": "952" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:41.278025000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494021.278025000", - "frame.time_delta": "0.052780000", - "frame.time_delta_displayed": "0.052780000", - "frame.time_relative": "429.817339000", - "frame.number": "954", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00003b18", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00007c30", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "64497", - "udp.port": "1900", - "udp.port": "64497", - "udp.length": "308", - "udp.checksum": "0x0000fa9e", - "udp.checksum.status": "2", - "udp.stream": "36" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "15", - "http.prev_response_in": "953" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:42.225320000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494022.225320000", - "frame.time_delta": "0.947295000", - "frame.time_delta_displayed": "0.947295000", - "frame.time_relative": "430.764634000", - "frame.number": "955", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00003b33", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00007c18", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "64497", - "udp.port": "1900", - "udp.port": "64497", - "udp.length": "305", - "udp.checksum": "0x0000c929", - "udp.checksum.status": "2", - "udp.stream": "36" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "16", - "http.prev_response_in": "954" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:42.278199000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494022.278199000", - "frame.time_delta": "0.052879000", - "frame.time_delta_displayed": "0.052879000", - "frame.time_relative": "430.817513000", - "frame.number": "956", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00003b36", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00007c0c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "64497", - "udp.port": "1900", - "udp.port": "64497", - "udp.length": "314", - "udp.checksum": "0x0000d714", - "udp.checksum.status": "2", - "udp.stream": "36" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "17", - "http.prev_response_in": "955" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:42.330991000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494022.330991000", - "frame.time_delta": "0.052792000", - "frame.time_delta_displayed": "0.052792000", - "frame.time_relative": "430.870305000", - "frame.number": "957", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00003b38", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00007c10", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "64497", - "udp.port": "1900", - "udp.port": "64497", - "udp.length": "308", - "udp.checksum": "0x0000fa9e", - "udp.checksum.status": "2", - "udp.stream": "36" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "18", - "http.prev_response_in": "956" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:42.699580000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494022.699580000", - "frame.time_delta": "0.368589000", - "frame.time_delta_displayed": "0.368589000", - "frame.time_relative": "431.238894000", - "frame.number": "958", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00003b48", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00007c03", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "64497", - "udp.port": "1900", - "udp.port": "64497", - "udp.length": "305", - "udp.checksum": "0x0000c929", - "udp.checksum.status": "2", - "udp.stream": "36" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "19", - "http.prev_response_in": "957" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:42.752402000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494022.752402000", - "frame.time_delta": "0.052822000", - "frame.time_delta_displayed": "0.052822000", - "frame.time_relative": "431.291716000", - "frame.number": "959", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00003b49", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00007bf9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "64497", - "udp.port": "1900", - "udp.port": "64497", - "udp.length": "314", - "udp.checksum": "0x0000d714", - "udp.checksum.status": "2", - "udp.stream": "36" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "20", - "http.prev_response_in": "958" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:42.805191000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494022.805191000", - "frame.time_delta": "0.052789000", - "frame.time_delta_displayed": "0.052789000", - "frame.time_relative": "431.344505000", - "frame.number": "960", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00003b4b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00007bfd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "64497", - "udp.port": "1900", - "udp.port": "64497", - "udp.length": "308", - "udp.checksum": "0x0000fa9e", - "udp.checksum.status": "2", - "udp.stream": "36" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "21", - "http.prev_response_in": "959" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:43.693495000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494023.693495000", - "frame.time_delta": "0.888304000", - "frame.time_delta_displayed": "0.888304000", - "frame.time_relative": "432.232809000", - "frame.number": "961", - "frame.len": "20", - "frame.cap_len": "20", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:llc" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.len": "6" - }, - "llc": { - "llc.dsap": "0x00000000", - "llc.dsap_tree": { - "llc.dsap.sap": "0", - "llc.dsap.ig": "0" - }, - "llc.ssap": "0x00000001", - "llc.ssap_tree": { - "llc.ssap.sap": "0", - "llc.ssap.cr": "1" - }, - "llc.control": "0x000000af", - "llc.control_tree": { - "llc.control.u_modifier_resp": "0x0000002b", - "llc.control.ftype": "0x00000003" - } - }, - "basicxid": { - "basicxid.llc.xid.format": "0x00000081", - "basicxid.llc.xid.types": "0x00000001", - "basicxid.llc.xid.wsize": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:43.751167000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494023.751167000", - "frame.time_delta": "0.057672000", - "frame.time_delta_displayed": "0.057672000", - "frame.time_relative": "432.290481000", - "frame.number": "962", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00003b78", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00007bd3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "64497", - "udp.port": "1900", - "udp.port": "64497", - "udp.length": "305", - "udp.checksum": "0x0000c929", - "udp.checksum.status": "2", - "udp.stream": "36" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "22", - "http.prev_response_in": "960" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:43.803903000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494023.803903000", - "frame.time_delta": "0.052736000", - "frame.time_delta_displayed": "0.052736000", - "frame.time_relative": "432.343217000", - "frame.number": "963", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00003b7d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00007bc5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "64497", - "udp.port": "1900", - "udp.port": "64497", - "udp.length": "314", - "udp.checksum": "0x0000d714", - "udp.checksum.status": "2", - "udp.stream": "36" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "23", - "http.prev_response_in": "962" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:43.856966000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494023.856966000", - "frame.time_delta": "0.053063000", - "frame.time_delta_displayed": "0.053063000", - "frame.time_relative": "432.396280000", - "frame.number": "964", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00003b7f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00007bc9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "64497", - "udp.port": "1900", - "udp.port": "64497", - "udp.length": "308", - "udp.checksum": "0x0000fa9e", - "udp.checksum.status": "2", - "udp.stream": "36" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "24", - "http.prev_response_in": "963" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:43.953577000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494023.953577000", - "frame.time_delta": "0.096611000", - "frame.time_delta_displayed": "0.096611000", - "frame.time_relative": "432.492891000", - "frame.number": "965", - "frame.len": "350", - "frame.cap_len": "350", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:bootp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "336", - "ip.id": "0x00000000", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ba9d", - "ip.checksum.status": "2", - "ip.src": "0.0.0.0", - "ip.addr": "0.0.0.0", - "ip.src_host": "0.0.0.0", - "ip.host": "0.0.0.0", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "68", - "udp.dstport": "67", - "udp.port": "68", - "udp.port": "67", - "udp.length": "316", - "udp.checksum": "0x00004f9e", - "udp.checksum.status": "2", - "udp.stream": "3" - }, - "bootp": { - "bootp.type": "1", - "bootp.hw.type": "0x00000001", - "bootp.hw.len": "6", - "bootp.hops": "0", - "bootp.id": "0xabcd0001", - "bootp.secs": "0", - "bootp.flags": "0x00000000", - "bootp.flags_tree": { - "bootp.flags.bc": "0", - "bootp.flags.reserved": "0x00000000" - }, - "bootp.ip.client": "0.0.0.0", - "bootp.ip.your": "0.0.0.0", - "bootp.ip.server": "0.0.0.0", - "bootp.ip.relay": "0.0.0.0", - "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", - "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", - "bootp.server": "", - "bootp.file": "", - "bootp.dhcp": "1", - "bootp.cookie": "99.130.83.99", - "bootp.option.type": "53", - "bootp.option.type_tree": { - "bootp.option.length": "1", - "bootp.option.value": "01", - "bootp.option.dhcp": "1" - }, - "bootp.option.type": "12", - "bootp.option.type_tree": { - "bootp.option.length": "14", - "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", - "bootp.option.hostname": "USR-WIFI232-G2" - }, - "bootp.option.type": "57", - "bootp.option.type_tree": { - "bootp.option.length": "2", - "bootp.option.value": "05:dc", - "bootp.option.dhcp_max_message_size": "1500" - }, - "bootp.option.type": "55", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "01:03:1c:06", - "bootp.option.request_list_item": "1", - "bootp.option.request_list_item": "3", - "bootp.option.request_list_item": "28", - "bootp.option.request_list_item": "6" - }, - "bootp.option.type": "0", - "bootp.option.type_tree": { - "bootp.option.end": "255" - }, - "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:44.000746000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494024.000746000", - "frame.time_delta": "0.047169000", - "frame.time_delta_displayed": "0.047169000", - "frame.time_relative": "432.540060000", - "frame.number": "966", - "frame.len": "350", - "frame.cap_len": "350", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:bootp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "336", - "ip.id": "0x00000001", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ba9c", - "ip.checksum.status": "2", - "ip.src": "0.0.0.0", - "ip.addr": "0.0.0.0", - "ip.src_host": "0.0.0.0", - "ip.host": "0.0.0.0", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "68", - "udp.dstport": "67", - "udp.port": "68", - "udp.port": "67", - "udp.length": "316", - "udp.checksum": "0x000080b3", - "udp.checksum.status": "2", - "udp.stream": "3" - }, - "bootp": { - "bootp.type": "1", - "bootp.hw.type": "0x00000001", - "bootp.hw.len": "6", - "bootp.hops": "0", - "bootp.id": "0xabcd0002", - "bootp.secs": "0", - "bootp.flags": "0x00000000", - "bootp.flags_tree": { - "bootp.flags.bc": "0", - "bootp.flags.reserved": "0x00000000" - }, - "bootp.ip.client": "0.0.0.0", - "bootp.ip.your": "0.0.0.0", - "bootp.ip.server": "0.0.0.0", - "bootp.ip.relay": "0.0.0.0", - "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", - "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", - "bootp.server": "", - "bootp.file": "", - "bootp.dhcp": "1", - "bootp.cookie": "99.130.83.99", - "bootp.option.type": "53", - "bootp.option.type_tree": { - "bootp.option.length": "1", - "bootp.option.value": "03", - "bootp.option.dhcp": "3" - }, - "bootp.option.type": "12", - "bootp.option.type_tree": { - "bootp.option.length": "14", - "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", - "bootp.option.hostname": "USR-WIFI232-G2" - }, - "bootp.option.type": "57", - "bootp.option.type_tree": { - "bootp.option.length": "2", - "bootp.option.value": "05:dc", - "bootp.option.dhcp_max_message_size": "1500" - }, - "bootp.option.type": "50", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "c0:a8:00:72", - "bootp.option.requested_ip_address": "192.168.0.114" - }, - "bootp.option.type": "54", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "c0:a8:00:01", - "bootp.option.dhcp_server_id": "192.168.0.1" - }, - "bootp.option.type": "55", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "01:03:1c:06", - "bootp.option.request_list_item": "1", - "bootp.option.request_list_item": "3", - "bootp.option.request_list_item": "28", - "bootp.option.request_list_item": "6" - }, - "bootp.option.type": "0", - "bootp.option.type_tree": { - "bootp.option.end": "255" - }, - "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:44.009446000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494024.009446000", - "frame.time_delta": "0.008700000", - "frame.time_delta_displayed": "0.008700000", - "frame.time_relative": "432.548760000", - "frame.number": "967", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", - "arp.src.proto_ipv4": "0.0.0.0", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.114" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:44.091448000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494024.091448000", - "frame.time_delta": "0.082002000", - "frame.time_delta_displayed": "0.082002000", - "frame.time_relative": "432.630762000", - "frame.number": "968", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", - "arp.src.proto_ipv4": "0.0.0.0", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.114" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:45.570553000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494025.570553000", - "frame.time_delta": "1.479105000", - "frame.time_delta_displayed": "1.479105000", - "frame.time_relative": "434.109867000", - "frame.number": "969", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d49", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000baa7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00000b9b", - "udp.checksum.status": "2", - "udp.stream": "16" - }, - "mdns": { - "dns.id": "0x00000268", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=616", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:45.571107000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494025.571107000", - "frame.time_delta": "0.000554000", - "frame.time_delta_displayed": "0.000554000", - "frame.time_relative": "434.110421000", - "frame.number": "970", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d4a", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009ba2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000ec96", - "udp.checksum.status": "2", - "udp.stream": "17" - }, - "mdns": { - "dns.id": "0x00000268", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=616", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:45.571699000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494025.571699000", - "frame.time_delta": "0.000592000", - "frame.time_delta_displayed": "0.000592000", - "frame.time_relative": "434.111013000", - "frame.number": "971", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1319", - "udp.dstport": "5353", - "udp.port": "1319", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00007a5c", - "udp.checksum.status": "2", - "udp.stream": "18" - }, - "mdns": { - "dns.id": "0x00000268", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=616", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:49.208385000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494029.208385000", - "frame.time_delta": "3.636686000", - "frame.time_delta_displayed": "3.636686000", - "frame.time_relative": "437.747699000", - "frame.number": "972", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", - "arp.src.proto_ipv4": "192.168.0.114", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:50.184427000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494030.184427000", - "frame.time_delta": "0.976042000", - "frame.time_delta_displayed": "0.976042000", - "frame.time_relative": "438.723741000", - "frame.number": "973", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x00007adf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00004e78", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:50.237669000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494030.237669000", - "frame.time_delta": "0.053242000", - "frame.time_delta_displayed": "0.053242000", - "frame.time_relative": "438.776983000", - "frame.number": "974", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x00007ae0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00004e77", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:50.290517000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494030.290517000", - "frame.time_delta": "0.052848000", - "frame.time_delta_displayed": "0.052848000", - "frame.time_relative": "438.829831000", - "frame.number": "975", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x00007ae5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00004e69", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:50.343583000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494030.343583000", - "frame.time_delta": "0.053066000", - "frame.time_delta_displayed": "0.053066000", - "frame.time_relative": "438.882897000", - "frame.number": "976", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x00007ae9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00004e65", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:50.396429000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494030.396429000", - "frame.time_delta": "0.052846000", - "frame.time_delta_displayed": "0.052846000", - "frame.time_relative": "438.935743000", - "frame.number": "977", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x00007aee", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00004e66", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:50.449451000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494030.449451000", - "frame.time_delta": "0.053022000", - "frame.time_delta_displayed": "0.053022000", - "frame.time_relative": "438.988765000", - "frame.number": "978", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x00007aef", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00004e65", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:50.570804000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494030.570804000", - "frame.time_delta": "0.121353000", - "frame.time_delta_displayed": "0.121353000", - "frame.time_relative": "439.110118000", - "frame.number": "979", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d4e", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000baa2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00000b9b", - "udp.checksum.status": "2", - "udp.stream": "16" - }, - "mdns": { - "dns.id": "0x00000268", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=616", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:50.571364000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494030.571364000", - "frame.time_delta": "0.000560000", - "frame.time_delta_displayed": "0.000560000", - "frame.time_relative": "439.110678000", - "frame.number": "980", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d4f", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009b9d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000ec96", - "udp.checksum.status": "2", - "udp.stream": "17" - }, - "mdns": { - "dns.id": "0x00000268", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=616", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:50.571950000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494030.571950000", - "frame.time_delta": "0.000586000", - "frame.time_delta_displayed": "0.000586000", - "frame.time_relative": "439.111264000", - "frame.number": "981", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1319", - "udp.dstport": "5353", - "udp.port": "1319", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00007a5c", - "udp.checksum.status": "2", - "udp.stream": "18" - }, - "mdns": { - "dns.id": "0x00000268", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=616", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:52.617012000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494032.617012000", - "frame.time_delta": "2.045062000", - "frame.time_delta_displayed": "2.045062000", - "frame.time_relative": "441.156326000", - "frame.number": "982", - "frame.len": "115", - "frame.cap_len": "115", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "101", - "ip.id": "0x00009518", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007836", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "49", - "tcp.seq": "8541", - "tcp.nxtseq": "8590", - "tcp.ack": "1276", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00009056", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:5d:40:a7:9c:8b:db", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2448704, TSecr 2812054491": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2448704", - "tcp.options.timestamp.tsecr": "2812054491" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "49", - "tcp.analysis.push_bytes_sent": "49" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "44", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:b2:03:8a:2f:25:d0:ea:c0:6c:7b:23:45:41:a5:a7:ad:b9:be:bb:84:8d:fd:e8:df:db:83:9a:8f:5e:1a:ff:22:25:b0:47:84:13" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:52.677983000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494032.677983000", - "frame.time_delta": "0.060971000", - "frame.time_delta_displayed": "0.060971000", - "frame.time_relative": "441.217297000", - "frame.number": "983", - "frame.len": "121", - "frame.cap_len": "121", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "107", - "ip.id": "0x00002c0d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000393b", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "55", - "tcp.seq": "1276", - "tcp.nxtseq": "1331", - "tcp.ack": "8590", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000e6d2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9c:aa:35:00:25:5d:40", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812062261, TSecr 2448704": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812062261", - "tcp.options.timestamp.tsecr": "2448704" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "982", - "tcp.analysis.ack_rtt": "0.060971000", - "tcp.analysis.bytes_in_flight": "55", - "tcp.analysis.push_bytes_sent": "55" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "50", - "ssl.app_data": "34:cd:34:17:47:48:0e:40:1e:9a:30:20:13:2f:49:1c:3e:fe:04:fc:52:38:76:e8:1a:0d:e8:d4:c8:37:2d:c2:14:3d:ea:8c:1e:ba:a6:3f:e3:14:7c:7b:04:f8:57:51:8c:40" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:52.678494000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494032.678494000", - "frame.time_delta": "0.000511000", - "frame.time_delta_displayed": "0.000511000", - "frame.time_relative": "441.217808000", - "frame.number": "984", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00009519", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007866", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "8590", - "tcp.ack": "1331", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00007964", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:5d:46:a7:9c:aa:35", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2448710, TSecr 2812062261": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2448710", - "tcp.options.timestamp.tsecr": "2812062261" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "983", - "tcp.analysis.ack_rtt": "0.000511000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:52.892805000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494032.892805000", - "frame.time_delta": "0.214311000", - "frame.time_delta_displayed": "0.214311000", - "frame.time_relative": "441.432119000", - "frame.number": "985", - "frame.len": "171", - "frame.cap_len": "171", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "157", - "ip.id": "0x000062e5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x00006572", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "3942", - "udp.dstport": "1900", - "udp.port": "3942", - "udp.port": "1900", - "udp.length": "137", - "udp.checksum": "0x00007fb2", - "udp.checksum.status": "2", - "udp.stream": "37" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.request.line": "ST: urn:schemas-upnp-org:device:MediaRenderer:1\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:52.893543000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494032.893543000", - "frame.time_delta": "0.000738000", - "frame.time_delta_displayed": "0.000738000", - "frame.time_relative": "441.432857000", - "frame.number": "986", - "frame.len": "171", - "frame.cap_len": "171", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "157", - "ip.id": "0x000062e6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x00006571", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "3942", - "udp.dstport": "1900", - "udp.port": "3942", - "udp.port": "1900", - "udp.length": "137", - "udp.checksum": "0x00007fb2", - "udp.checksum.status": "2", - "udp.stream": "37" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.request.line": "ST: urn:schemas-upnp-org:device:MediaRenderer:1\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "2", - "http.prev_request_in": "985" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:52.893693000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494032.893693000", - "frame.time_delta": "0.000150000", - "frame.time_delta_displayed": "0.000150000", - "frame.time_relative": "441.433007000", - "frame.number": "987", - "frame.len": "171", - "frame.cap_len": "171", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "157", - "ip.id": "0x000062e7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x00006570", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "3942", - "udp.dstport": "1900", - "udp.port": "3942", - "udp.port": "1900", - "udp.length": "137", - "udp.checksum": "0x00007fb2", - "udp.checksum.status": "2", - "udp.stream": "37" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.request.line": "ST: urn:schemas-upnp-org:device:MediaRenderer:1\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "3", - "http.prev_request_in": "986" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:52.894185000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494032.894185000", - "frame.time_delta": "0.000492000", - "frame.time_delta_displayed": "0.000492000", - "frame.time_relative": "441.433499000", - "frame.number": "988", - "frame.len": "171", - "frame.cap_len": "171", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "157", - "ip.id": "0x000062e8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000656f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "3942", - "udp.dstport": "1900", - "udp.port": "3942", - "udp.port": "1900", - "udp.length": "137", - "udp.checksum": "0x00007fb2", - "udp.checksum.status": "2", - "udp.stream": "37" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.request.line": "ST: urn:schemas-upnp-org:device:MediaRenderer:1\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "4", - "http.prev_request_in": "987" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:52.894328000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494032.894328000", - "frame.time_delta": "0.000143000", - "frame.time_delta_displayed": "0.000143000", - "frame.time_relative": "441.433642000", - "frame.number": "989", - "frame.len": "171", - "frame.cap_len": "171", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "157", - "ip.id": "0x000062e9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000656e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "3942", - "udp.dstport": "1900", - "udp.port": "3942", - "udp.port": "1900", - "udp.length": "137", - "udp.checksum": "0x00007fb2", - "udp.checksum.status": "2", - "udp.stream": "37" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.request.line": "ST: urn:schemas-upnp-org:device:MediaRenderer:1\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "5", - "http.prev_request_in": "988" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:52.895513000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494032.895513000", - "frame.time_delta": "0.001185000", - "frame.time_delta_displayed": "0.001185000", - "frame.time_relative": "441.434827000", - "frame.number": "990", - "frame.len": "169", - "frame.cap_len": "169", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "155", - "ip.id": "0x000062ea", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000656f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "3942", - "udp.dstport": "1900", - "udp.port": "3942", - "udp.port": "1900", - "udp.length": "135", - "udp.checksum": "0x0000e016", - "udp.checksum.status": "2", - "udp.stream": "37" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.request.line": "ST: urn:schemas-upnp-org:device:MediaServer:1\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "6", - "http.prev_request_in": "989" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:52.895664000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494032.895664000", - "frame.time_delta": "0.000151000", - "frame.time_delta_displayed": "0.000151000", - "frame.time_relative": "441.434978000", - "frame.number": "991", - "frame.len": "169", - "frame.cap_len": "169", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "155", - "ip.id": "0x000062eb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000656e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "3942", - "udp.dstport": "1900", - "udp.port": "3942", - "udp.port": "1900", - "udp.length": "135", - "udp.checksum": "0x0000e016", - "udp.checksum.status": "2", - "udp.stream": "37" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.request.line": "ST: urn:schemas-upnp-org:device:MediaServer:1\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "7", - "http.prev_request_in": "990" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:52.897265000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494032.897265000", - "frame.time_delta": "0.001601000", - "frame.time_delta_displayed": "0.001601000", - "frame.time_relative": "441.436579000", - "frame.number": "992", - "frame.len": "169", - "frame.cap_len": "169", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "155", - "ip.id": "0x000062ec", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000656d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "3942", - "udp.dstport": "1900", - "udp.port": "3942", - "udp.port": "1900", - "udp.length": "135", - "udp.checksum": "0x0000e016", - "udp.checksum.status": "2", - "udp.stream": "37" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.request.line": "ST: urn:schemas-upnp-org:device:MediaServer:1\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "8", - "http.prev_request_in": "991" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:52.897408000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494032.897408000", - "frame.time_delta": "0.000143000", - "frame.time_delta_displayed": "0.000143000", - "frame.time_relative": "441.436722000", - "frame.number": "993", - "frame.len": "169", - "frame.cap_len": "169", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "155", - "ip.id": "0x000062ed", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000656c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "3942", - "udp.dstport": "1900", - "udp.port": "3942", - "udp.port": "1900", - "udp.length": "135", - "udp.checksum": "0x0000e016", - "udp.checksum.status": "2", - "udp.stream": "37" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.request.line": "ST: urn:schemas-upnp-org:device:MediaServer:1\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "9", - "http.prev_request_in": "992" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:52.898062000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494032.898062000", - "frame.time_delta": "0.000654000", - "frame.time_delta_displayed": "0.000654000", - "frame.time_relative": "441.437376000", - "frame.number": "994", - "frame.len": "169", - "frame.cap_len": "169", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "155", - "ip.id": "0x000062ee", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000656b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "3942", - "udp.dstport": "1900", - "udp.port": "3942", - "udp.port": "1900", - "udp.length": "135", - "udp.checksum": "0x0000e016", - "udp.checksum.status": "2", - "udp.stream": "37" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.request.line": "ST: urn:schemas-upnp-org:device:MediaServer:1\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "10", - "http.prev_request_in": "993" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:52.898210000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494032.898210000", - "frame.time_delta": "0.000148000", - "frame.time_delta_displayed": "0.000148000", - "frame.time_relative": "441.437524000", - "frame.number": "995", - "frame.len": "166", - "frame.cap_len": "166", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "152", - "ip.id": "0x000062ef", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000656d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "3942", - "udp.dstport": "1900", - "udp.port": "3942", - "udp.port": "1900", - "udp.length": "132", - "udp.checksum": "0x00005fa7", - "udp.checksum.status": "2", - "udp.stream": "37" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.request.line": "ST: urn:samsung.com:device:ScreenSharing:1\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "11", - "http.prev_request_in": "994" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:52.898354000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494032.898354000", - "frame.time_delta": "0.000144000", - "frame.time_delta_displayed": "0.000144000", - "frame.time_relative": "441.437668000", - "frame.number": "996", - "frame.len": "166", - "frame.cap_len": "166", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "152", - "ip.id": "0x000062f0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000656c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "3942", - "udp.dstport": "1900", - "udp.port": "3942", - "udp.port": "1900", - "udp.length": "132", - "udp.checksum": "0x00005fa7", - "udp.checksum.status": "2", - "udp.stream": "37" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.request.line": "ST: urn:samsung.com:device:ScreenSharing:1\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "12", - "http.prev_request_in": "995" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:52.898989000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494032.898989000", - "frame.time_delta": "0.000635000", - "frame.time_delta_displayed": "0.000635000", - "frame.time_relative": "441.438303000", - "frame.number": "997", - "frame.len": "166", - "frame.cap_len": "166", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "152", - "ip.id": "0x000062f1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000656b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "3942", - "udp.dstport": "1900", - "udp.port": "3942", - "udp.port": "1900", - "udp.length": "132", - "udp.checksum": "0x00005fa7", - "udp.checksum.status": "2", - "udp.stream": "37" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.request.line": "ST: urn:samsung.com:device:ScreenSharing:1\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "13", - "http.prev_request_in": "996" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:52.899148000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494032.899148000", - "frame.time_delta": "0.000159000", - "frame.time_delta_displayed": "0.000159000", - "frame.time_relative": "441.438462000", - "frame.number": "998", - "frame.len": "166", - "frame.cap_len": "166", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "152", - "ip.id": "0x000062f2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000656a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "3942", - "udp.dstport": "1900", - "udp.port": "3942", - "udp.port": "1900", - "udp.length": "132", - "udp.checksum": "0x00005fa7", - "udp.checksum.status": "2", - "udp.stream": "37" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.request.line": "ST: urn:samsung.com:device:ScreenSharing:1\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "14", - "http.prev_request_in": "997" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:52.899722000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494032.899722000", - "frame.time_delta": "0.000574000", - "frame.time_delta_displayed": "0.000574000", - "frame.time_relative": "441.439036000", - "frame.number": "999", - "frame.len": "166", - "frame.cap_len": "166", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "152", - "ip.id": "0x000062f3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x00006569", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "3942", - "udp.dstport": "1900", - "udp.port": "3942", - "udp.port": "1900", - "udp.length": "132", - "udp.checksum": "0x00005fa7", - "udp.checksum.status": "2", - "udp.stream": "37" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.request.line": "ST: urn:samsung.com:device:ScreenSharing:1\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "15", - "http.prev_request_in": "998" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:52.902777000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494032.902777000", - "frame.time_delta": "0.003055000", - "frame.time_delta_displayed": "0.003055000", - "frame.time_relative": "441.442091000", - "frame.number": "1000", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:igmp:igmp" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_16", - "eth.addr": "01:00:5e:00:00:16", - "eth.addr_resolved": "IPv4mcast_16", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "24", - "ip.dsfield": "0x000000c0", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "48", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "2", - "ip.checksum": "0x000042fb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "224.0.0.22", - "ip.addr": "224.0.0.22", - "ip.dst_host": "224.0.0.22", - "ip.host": "224.0.0.22", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "Options: (4 bytes), Router Alert": { - "Router Alert (4 bytes): Router shall examine packet (0)": { - "ip.opt.type": "148", - "ip.opt.type_tree": { - "ip.opt.type.copy": "1", - "ip.opt.type.class": "0", - "ip.opt.type.number": "20" - }, - "ip.opt.len": "4", - "ip.opt.ra": "0" - } - } - }, - "igmp": { - "igmp.version": "3", - "igmp.type": "0x00000022", - "igmp.reserved": "00", - "igmp.checksum": "0x0000ea03", - "igmp.checksum.status": "1", - "igmp.reserved": "00:00", - "igmp.num_grp_recs": "1", - "Group Record : 239.255.255.250 Change To Exclude Mode": { - "igmp.record_type": "4", - "igmp.aux_data_len": "0", - "igmp.num_src": "0", - "igmp.maddr": "239.255.255.250" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:52.962325000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494032.962325000", - "frame.time_delta": "0.059548000", - "frame.time_delta_displayed": "0.059548000", - "frame.time_relative": "441.501639000", - "frame.number": "1001", - "frame.len": "62", - "frame.cap_len": "62", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:igmp:igmp" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_16", - "eth.addr": "01:00:5e:00:00:16", - "eth.addr_resolved": "IPv4mcast_16", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "24", - "ip.dsfield": "0x000000c0", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "48", - "ip.dsfield.ecn": "0" - }, - "ip.len": "48", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "2", - "ip.checksum": "0x000042f3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "224.0.0.22", - "ip.addr": "224.0.0.22", - "ip.dst_host": "224.0.0.22", - "ip.host": "224.0.0.22", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "Options: (4 bytes), Router Alert": { - "Router Alert (4 bytes): Router shall examine packet (0)": { - "ip.opt.type": "148", - "ip.opt.type_tree": { - "ip.opt.type.copy": "1", - "ip.opt.type.class": "0", - "ip.opt.type.number": "20" - }, - "ip.opt.len": "4", - "ip.opt.ra": "0" - } - } - }, - "igmp": { - "igmp.version": "3", - "igmp.type": "0x00000022", - "igmp.reserved": "00", - "igmp.checksum": "0x00000507", - "igmp.checksum.status": "1", - "igmp.reserved": "00:00", - "igmp.num_grp_recs": "2", - "Group Record : 224.0.0.251 Change To Exclude Mode": { - "igmp.record_type": "4", - "igmp.aux_data_len": "0", - "igmp.num_src": "0", - "igmp.maddr": "224.0.0.251" - }, - "Group Record : 239.255.255.250 Change To Exclude Mode": { - "igmp.record_type": "4", - "igmp.aux_data_len": "0", - "igmp.num_src": "0", - "igmp.maddr": "239.255.255.250" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:52.966673000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494032.966673000", - "frame.time_delta": "0.004348000", - "frame.time_delta_displayed": "0.004348000", - "frame.time_relative": "441.505987000", - "frame.number": "1002", - "frame.len": "103", - "frame.cap_len": "103", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "89", - "ip.id": "0x0000fec6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000dad2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "69", - "udp.checksum": "0x00000e5b", - "udp.checksum.status": "2", - "udp.stream": "38" - }, - "mdns": { - "dns.id": "0x00000001", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_FFACD959._sub._googlecast._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_FFACD959._sub._googlecast._tcp.local", - "dns.qry.name.len": "37", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:53.198839000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494033.198839000", - "frame.time_delta": "0.232166000", - "frame.time_delta_displayed": "0.232166000", - "frame.time_relative": "441.738153000", - "frame.number": "1003", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:igmp:igmp" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_16", - "eth.addr": "01:00:5e:00:00:16", - "eth.addr_resolved": "IPv4mcast_16", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "24", - "ip.dsfield": "0x000000c0", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "48", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "2", - "ip.checksum": "0x000042fb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "224.0.0.22", - "ip.addr": "224.0.0.22", - "ip.dst_host": "224.0.0.22", - "ip.host": "224.0.0.22", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "Options: (4 bytes), Router Alert": { - "Router Alert (4 bytes): Router shall examine packet (0)": { - "ip.opt.type": "148", - "ip.opt.type_tree": { - "ip.opt.type.copy": "1", - "ip.opt.type.class": "0", - "ip.opt.type.number": "20" - }, - "ip.opt.len": "4", - "ip.opt.ra": "0" - } - } - }, - "igmp": { - "igmp.version": "3", - "igmp.type": "0x00000022", - "igmp.reserved": "00", - "igmp.checksum": "0x0000f902", - "igmp.checksum.status": "1", - "igmp.reserved": "00:00", - "igmp.num_grp_recs": "1", - "Group Record : 224.0.0.251 Change To Exclude Mode": { - "igmp.record_type": "4", - "igmp.aux_data_len": "0", - "igmp.num_src": "0", - "igmp.maddr": "224.0.0.251" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:53.768173000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494033.768173000", - "frame.time_delta": "0.569334000", - "frame.time_delta_displayed": "0.569334000", - "frame.time_relative": "442.307487000", - "frame.number": "1004", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00009175", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000025ec", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:53.796616000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494033.796616000", - "frame.time_delta": "0.028443000", - "frame.time_delta_displayed": "0.028443000", - "frame.time_relative": "442.335930000", - "frame.number": "1005", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x00001eda", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000999b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47388", - "tcp.dstport": "80", - "tcp.port": "47388", - "tcp.port": "80", - "tcp.stream": "33", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x00000d31", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:00:3c:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 917564, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "917564", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:53.797172000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494033.797172000", - "frame.time_delta": "0.000556000", - "frame.time_delta_displayed": "0.000556000", - "frame.time_relative": "442.336486000", - "frame.number": "1006", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47388", - "tcp.port": "80", - "tcp.port": "47388", - "tcp.stream": "33", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000b446", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "1005", - "tcp.analysis.ack_rtt": "0.000556000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:53.800868000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494033.800868000", - "frame.time_delta": "0.003696000", - "frame.time_delta_displayed": "0.003696000", - "frame.time_relative": "442.340182000", - "frame.number": "1007", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001edb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000099ae", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47388", - "tcp.dstport": "80", - "tcp.port": "47388", - "tcp.port": "80", - "tcp.stream": "33", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000065ce", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1006", - "tcp.analysis.ack_rtt": "0.003696000", - "tcp.analysis.initial_rtt": "0.004252000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:53.801594000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494033.801594000", - "frame.time_delta": "0.000726000", - "frame.time_delta_displayed": "0.000726000", - "frame.time_relative": "442.340908000", - "frame.number": "1008", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x00001edc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000098ed", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47388", - "tcp.dstport": "80", - "tcp.port": "47388", - "tcp.port": "80", - "tcp.stream": "33", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000c548", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004252000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:53.802079000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494033.802079000", - "frame.time_delta": "0.000485000", - "frame.time_delta_displayed": "0.000485000", - "frame.time_relative": "442.341393000", - "frame.number": "1009", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000b750", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000139", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47388", - "tcp.port": "80", - "tcp.port": "47388", - "tcp.stream": "33", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000579d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1008", - "tcp.analysis.ack_rtt": "0.000485000", - "tcp.analysis.initial_rtt": "0.004252000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:53.802806000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494033.802806000", - "frame.time_delta": "0.000727000", - "frame.time_delta_displayed": "0.000727000", - "frame.time_relative": "442.342120000", - "frame.number": "1010", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000b751", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000127", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47388", - "tcp.port": "80", - "tcp.port": "47388", - "tcp.stream": "33", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000097be", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004252000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:53.803165000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494033.803165000", - "frame.time_delta": "0.000359000", - "frame.time_delta_displayed": "0.000359000", - "frame.time_relative": "442.342479000", - "frame.number": "1011", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000b752", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000fd53", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47388", - "tcp.port": "80", - "tcp.port": "47388", - "tcp.stream": "33", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000ea27", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004252000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "1010", - "tcp.segment": "1011", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001571000", - "http.request_in": "1008", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:53.810566000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494033.810566000", - "frame.time_delta": "0.007401000", - "frame.time_delta_displayed": "0.007401000", - "frame.time_relative": "442.349880000", - "frame.number": "1012", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001edd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000099ac", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47388", - "tcp.dstport": "80", - "tcp.port": "47388", - "tcp.port": "80", - "tcp.stream": "33", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000064fd", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1010", - "tcp.analysis.ack_rtt": "0.007760000", - "tcp.analysis.initial_rtt": "0.004252000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:53.810670000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494033.810670000", - "frame.time_delta": "0.000104000", - "frame.time_delta_displayed": "0.000104000", - "frame.time_relative": "442.349984000", - "frame.number": "1013", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001ede", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000099ab", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47388", - "tcp.dstport": "80", - "tcp.port": "47388", - "tcp.port": "80", - "tcp.stream": "33", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00006112", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1011", - "tcp.analysis.ack_rtt": "0.007505000", - "tcp.analysis.initial_rtt": "0.004252000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:53.812905000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494033.812905000", - "frame.time_delta": "0.002235000", - "frame.time_delta_displayed": "0.002235000", - "frame.time_relative": "442.352219000", - "frame.number": "1014", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001edf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000099aa", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47388", - "tcp.dstport": "80", - "tcp.port": "47388", - "tcp.port": "80", - "tcp.stream": "33", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00006111", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:53.813438000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494033.813438000", - "frame.time_delta": "0.000533000", - "frame.time_delta_displayed": "0.000533000", - "frame.time_relative": "442.352752000", - "frame.number": "1015", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d520", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e368", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47388", - "tcp.port": "80", - "tcp.port": "47388", - "tcp.stream": "33", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000053a7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1014", - "tcp.analysis.ack_rtt": "0.000533000", - "tcp.analysis.initial_rtt": "0.004252000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:53.817329000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494033.817329000", - "frame.time_delta": "0.003891000", - "frame.time_delta_displayed": "0.003891000", - "frame.time_relative": "442.356643000", - "frame.number": "1016", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e679", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d20f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47388", - "tcp.dstport": "80", - "tcp.port": "47388", - "tcp.port": "80", - "tcp.stream": "33", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000749a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:53.820971000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494033.820971000", - "frame.time_delta": "0.003642000", - "frame.time_delta_displayed": "0.003642000", - "frame.time_relative": "442.360285000", - "frame.number": "1017", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00009179", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000025df", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "2", - "http.prev_response_in": "1004" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:53.831121000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494033.831121000", - "frame.time_delta": "0.010150000", - "frame.time_delta_displayed": "0.010150000", - "frame.time_relative": "442.370435000", - "frame.number": "1018", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x0000115c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a719", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47389", - "tcp.dstport": "80", - "tcp.port": "47389", - "tcp.port": "80", - "tcp.stream": "34", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x0000d6b7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:00:3f:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 917567, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "917567", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:53.831677000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494033.831677000", - "frame.time_delta": "0.000556000", - "frame.time_delta_displayed": "0.000556000", - "frame.time_relative": "442.370991000", - "frame.number": "1019", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47389", - "tcp.port": "80", - "tcp.port": "47389", - "tcp.stream": "34", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000653b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "1018", - "tcp.analysis.ack_rtt": "0.000556000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:53.835874000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494033.835874000", - "frame.time_delta": "0.004197000", - "frame.time_delta_displayed": "0.004197000", - "frame.time_relative": "442.375188000", - "frame.number": "1020", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000115d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a72c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47389", - "tcp.dstport": "80", - "tcp.port": "47389", - "tcp.port": "80", - "tcp.stream": "34", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000016c3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1019", - "tcp.analysis.ack_rtt": "0.004197000", - "tcp.analysis.initial_rtt": "0.004753000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:53.836348000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494033.836348000", - "frame.time_delta": "0.000474000", - "frame.time_delta_displayed": "0.000474000", - "frame.time_relative": "442.375662000", - "frame.number": "1021", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x0000115e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a66b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47389", - "tcp.dstport": "80", - "tcp.port": "47389", - "tcp.port": "80", - "tcp.stream": "34", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000763d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004753000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:53.836827000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494033.836827000", - "frame.time_delta": "0.000479000", - "frame.time_delta_displayed": "0.000479000", - "frame.time_relative": "442.376141000", - "frame.number": "1022", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000057b1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000060d8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47389", - "tcp.port": "80", - "tcp.port": "47389", - "tcp.stream": "34", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00000892", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1021", - "tcp.analysis.ack_rtt": "0.000479000", - "tcp.analysis.initial_rtt": "0.004753000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:53.837548000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494033.837548000", - "frame.time_delta": "0.000721000", - "frame.time_delta_displayed": "0.000721000", - "frame.time_relative": "442.376862000", - "frame.number": "1023", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x000057b2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000060c6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47389", - "tcp.port": "80", - "tcp.port": "47389", - "tcp.stream": "34", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000048b3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004753000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:53.837911000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494033.837911000", - "frame.time_delta": "0.000363000", - "frame.time_delta_displayed": "0.000363000", - "frame.time_relative": "442.377225000", - "frame.number": "1024", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x000057b3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005cf3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47389", - "tcp.port": "80", - "tcp.port": "47389", - "tcp.stream": "34", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00009b1c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004753000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "1023", - "tcp.segment": "1024", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001563000", - "http.request_in": "1021", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:53.840797000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494033.840797000", - "frame.time_delta": "0.002886000", - "frame.time_delta_displayed": "0.002886000", - "frame.time_relative": "442.380111000", - "frame.number": "1025", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x000057b4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005cf2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47389", - "tcp.port": "80", - "tcp.port": "47389", - "tcp.stream": "34", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00009b1c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004753000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.out_of_order": "", - "_ws.expert.message": "This frame is a (suspected) out-of-order segment", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - } - } - }, - "_ws.malformed": { - "_ws.expert": { - "_ws.malformed.reassembly": "", - "_ws.expert.message": "New fragment overlaps old data (retransmission?)", - "_ws.expert.severity": "8388608", - "_ws.expert.group": "117440512" - }, - "_ws.malformed": "Malformed Packet" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:53.843358000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494033.843358000", - "frame.time_delta": "0.002561000", - "frame.time_delta_displayed": "0.002561000", - "frame.time_relative": "442.382672000", - "frame.number": "1026", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000115f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a72a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47389", - "tcp.dstport": "80", - "tcp.port": "47389", - "tcp.port": "80", - "tcp.stream": "34", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000015f2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1023", - "tcp.analysis.ack_rtt": "0.005810000", - "tcp.analysis.initial_rtt": "0.004753000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:53.854065000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494033.854065000", - "frame.time_delta": "0.010707000", - "frame.time_delta_displayed": "0.010707000", - "frame.time_relative": "442.393379000", - "frame.number": "1027", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001160", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a729", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47389", - "tcp.dstport": "80", - "tcp.port": "47389", - "tcp.port": "80", - "tcp.stream": "34", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00001207", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1024", - "tcp.analysis.ack_rtt": "0.016154000", - "tcp.analysis.initial_rtt": "0.004753000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:53.854115000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494033.854115000", - "frame.time_delta": "0.000050000", - "frame.time_delta_displayed": "0.000050000", - "frame.time_relative": "442.393429000", - "frame.number": "1028", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001161", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a728", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47389", - "tcp.dstport": "80", - "tcp.port": "47389", - "tcp.port": "80", - "tcp.stream": "34", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00001206", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:53.854692000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494033.854692000", - "frame.time_delta": "0.000577000", - "frame.time_delta_displayed": "0.000577000", - "frame.time_relative": "442.394006000", - "frame.number": "1029", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e67c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d20c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47389", - "tcp.dstport": "80", - "tcp.port": "47389", - "tcp.port": "80", - "tcp.stream": "34", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00003e25", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:53.854687000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494033.854687000", - "frame.time_delta": "-0.000005000", - "frame.time_delta_displayed": "-0.000005000", - "frame.time_relative": "442.394001000", - "frame.number": "1030", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d522", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e366", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47389", - "tcp.port": "80", - "tcp.port": "47389", - "tcp.stream": "34", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000049c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1028", - "tcp.analysis.ack_rtt": "0.000572000", - "tcp.analysis.initial_rtt": "0.004753000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:53.859410000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494033.859410000", - "frame.time_delta": "0.004723000", - "frame.time_delta_displayed": "0.004723000", - "frame.time_relative": "442.398724000", - "frame.number": "1031", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e67d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d20b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47389", - "tcp.dstport": "80", - "tcp.port": "47389", - "tcp.port": "80", - "tcp.stream": "34", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00003e24", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:53.875098000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494033.875098000", - "frame.time_delta": "0.015688000", - "frame.time_delta_displayed": "0.015688000", - "frame.time_relative": "442.414412000", - "frame.number": "1032", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000917d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000025e1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "3", - "http.prev_response_in": "1017" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:53.970374000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494033.970374000", - "frame.time_delta": "0.095276000", - "frame.time_delta_displayed": "0.095276000", - "frame.time_relative": "442.509688000", - "frame.number": "1033", - "frame.len": "103", - "frame.cap_len": "103", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "89", - "ip.id": "0x0000ff1d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000da7b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "69", - "udp.checksum": "0x00000f5a", - "udp.checksum.status": "2", - "udp.stream": "38" - }, - "mdns": { - "dns.id": "0x00000002", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_FFACD959._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_FFACD959._sub._googlecast._tcp.local", - "dns.qry.name.len": "37", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:53.986564000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494033.986564000", - "frame.time_delta": "0.016190000", - "frame.time_delta_displayed": "0.016190000", - "frame.time_relative": "442.525878000", - "frame.number": "1034", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x0000560f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006266", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47390", - "tcp.dstport": "80", - "tcp.port": "47390", - "tcp.port": "80", - "tcp.stream": "35", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x0000a029", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:00:4f:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 917583, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "917583", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:53.987132000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494033.987132000", - "frame.time_delta": "0.000568000", - "frame.time_delta_displayed": "0.000568000", - "frame.time_relative": "442.526446000", - "frame.number": "1035", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47390", - "tcp.port": "80", - "tcp.port": "47390", - "tcp.stream": "35", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000e0c4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "1034", - "tcp.analysis.ack_rtt": "0.000568000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:53.995523000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494033.995523000", - "frame.time_delta": "0.008391000", - "frame.time_delta_displayed": "0.008391000", - "frame.time_relative": "442.534837000", - "frame.number": "1036", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005610", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006279", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47390", - "tcp.dstport": "80", - "tcp.port": "47390", - "tcp.port": "80", - "tcp.stream": "35", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000924c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1035", - "tcp.analysis.ack_rtt": "0.008391000", - "tcp.analysis.initial_rtt": "0.008959000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:53.996067000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494033.996067000", - "frame.time_delta": "0.000544000", - "frame.time_delta_displayed": "0.000544000", - "frame.time_relative": "442.535381000", - "frame.number": "1037", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x00005611", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000061b8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47390", - "tcp.dstport": "80", - "tcp.port": "47390", - "tcp.port": "80", - "tcp.stream": "35", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000f1c6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.008959000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:53.996560000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494033.996560000", - "frame.time_delta": "0.000493000", - "frame.time_delta_displayed": "0.000493000", - "frame.time_relative": "442.535874000", - "frame.number": "1038", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000f079", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000c80f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47390", - "tcp.port": "80", - "tcp.port": "47390", - "tcp.stream": "35", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000841b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1037", - "tcp.analysis.ack_rtt": "0.000493000", - "tcp.analysis.initial_rtt": "0.008959000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:53.997206000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494033.997206000", - "frame.time_delta": "0.000646000", - "frame.time_delta_displayed": "0.000646000", - "frame.time_relative": "442.536520000", - "frame.number": "1039", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000f07a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000c7fd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47390", - "tcp.port": "80", - "tcp.port": "47390", - "tcp.stream": "35", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000c43c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.008959000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:53.997560000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494033.997560000", - "frame.time_delta": "0.000354000", - "frame.time_delta_displayed": "0.000354000", - "frame.time_relative": "442.536874000", - "frame.number": "1040", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000f07b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000c42a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47390", - "tcp.port": "80", - "tcp.port": "47390", - "tcp.stream": "35", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000016a6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.008959000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "1039", - "tcp.segment": "1040", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001493000", - "http.request_in": "1037", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:54.003671000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494034.003671000", - "frame.time_delta": "0.006111000", - "frame.time_delta_displayed": "0.006111000", - "frame.time_relative": "442.542985000", - "frame.number": "1041", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005612", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006277", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47390", - "tcp.dstport": "80", - "tcp.port": "47390", - "tcp.port": "80", - "tcp.stream": "35", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000917b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1039", - "tcp.analysis.ack_rtt": "0.006465000", - "tcp.analysis.initial_rtt": "0.008959000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:54.003790000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494034.003790000", - "frame.time_delta": "0.000119000", - "frame.time_delta_displayed": "0.000119000", - "frame.time_relative": "442.543104000", - "frame.number": "1042", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005613", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006276", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47390", - "tcp.dstport": "80", - "tcp.port": "47390", - "tcp.port": "80", - "tcp.stream": "35", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00008d90", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1040", - "tcp.analysis.ack_rtt": "0.006230000", - "tcp.analysis.initial_rtt": "0.008959000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:54.005414000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494034.005414000", - "frame.time_delta": "0.001624000", - "frame.time_delta_displayed": "0.001624000", - "frame.time_relative": "442.544728000", - "frame.number": "1043", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005614", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006275", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47390", - "tcp.dstport": "80", - "tcp.port": "47390", - "tcp.port": "80", - "tcp.stream": "35", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00008d8f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:54.005898000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494034.005898000", - "frame.time_delta": "0.000484000", - "frame.time_delta_displayed": "0.000484000", - "frame.time_relative": "442.545212000", - "frame.number": "1044", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d52e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e35a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47390", - "tcp.port": "80", - "tcp.port": "47390", - "tcp.stream": "35", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00008025", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1043", - "tcp.analysis.ack_rtt": "0.000484000", - "tcp.analysis.initial_rtt": "0.008959000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:54.013132000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494034.013132000", - "frame.time_delta": "0.007234000", - "frame.time_delta_displayed": "0.007234000", - "frame.time_relative": "442.552446000", - "frame.number": "1045", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e686", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d202", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47390", - "tcp.dstport": "80", - "tcp.port": "47390", - "tcp.port": "80", - "tcp.stream": "35", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000007a6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:54.822514000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494034.822514000", - "frame.time_delta": "0.809382000", - "frame.time_delta_displayed": "0.809382000", - "frame.time_relative": "443.361828000", - "frame.number": "1046", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x000091d4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000258d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "4", - "http.prev_response_in": "1032" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:54.875298000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494034.875298000", - "frame.time_delta": "0.052784000", - "frame.time_delta_displayed": "0.052784000", - "frame.time_relative": "443.414612000", - "frame.number": "1047", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x000091d7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00002581", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "5", - "http.prev_response_in": "1046" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:54.904945000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494034.904945000", - "frame.time_delta": "0.029647000", - "frame.time_delta_displayed": "0.029647000", - "frame.time_relative": "443.444259000", - "frame.number": "1048", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x00004a9c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006dd9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47391", - "tcp.dstport": "80", - "tcp.port": "47391", - "tcp.port": "80", - "tcp.stream": "36", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x0000f33d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:00:ab:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 917675, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "917675", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:54.905500000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494034.905500000", - "frame.time_delta": "0.000555000", - "frame.time_delta_displayed": "0.000555000", - "frame.time_relative": "443.444814000", - "frame.number": "1049", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47391", - "tcp.port": "80", - "tcp.port": "47391", - "tcp.stream": "36", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000b5bb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "1048", - "tcp.analysis.ack_rtt": "0.000555000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:54.908873000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494034.908873000", - "frame.time_delta": "0.003373000", - "frame.time_delta_displayed": "0.003373000", - "frame.time_relative": "443.448187000", - "frame.number": "1050", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00004a9d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006dec", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47391", - "tcp.dstport": "80", - "tcp.port": "47391", - "tcp.port": "80", - "tcp.stream": "36", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00006743", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1049", - "tcp.analysis.ack_rtt": "0.003373000", - "tcp.analysis.initial_rtt": "0.003928000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:54.909774000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494034.909774000", - "frame.time_delta": "0.000901000", - "frame.time_delta_displayed": "0.000901000", - "frame.time_relative": "443.449088000", - "frame.number": "1051", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x00004a9e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006d2b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47391", - "tcp.dstport": "80", - "tcp.port": "47391", - "tcp.port": "80", - "tcp.stream": "36", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000c6bd", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003928000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:54.910248000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494034.910248000", - "frame.time_delta": "0.000474000", - "frame.time_delta_displayed": "0.000474000", - "frame.time_relative": "443.449562000", - "frame.number": "1052", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002c4a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008c3f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47391", - "tcp.port": "80", - "tcp.port": "47391", - "tcp.stream": "36", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00005912", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1051", - "tcp.analysis.ack_rtt": "0.000474000", - "tcp.analysis.initial_rtt": "0.003928000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:54.910955000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494034.910955000", - "frame.time_delta": "0.000707000", - "frame.time_delta_displayed": "0.000707000", - "frame.time_relative": "443.450269000", - "frame.number": "1053", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00002c4b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008c2d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47391", - "tcp.port": "80", - "tcp.port": "47391", - "tcp.stream": "36", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00009933", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003928000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:54.911398000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494034.911398000", - "frame.time_delta": "0.000443000", - "frame.time_delta_displayed": "0.000443000", - "frame.time_relative": "443.450712000", - "frame.number": "1054", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00002c4c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000885a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47391", - "tcp.port": "80", - "tcp.port": "47391", - "tcp.stream": "36", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000eb9c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003928000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "1053", - "tcp.segment": "1054", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001624000", - "http.request_in": "1051", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:54.915225000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494034.915225000", - "frame.time_delta": "0.003827000", - "frame.time_delta_displayed": "0.003827000", - "frame.time_relative": "443.454539000", - "frame.number": "1055", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00004a9f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006dea", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47391", - "tcp.dstport": "80", - "tcp.port": "47391", - "tcp.port": "80", - "tcp.stream": "36", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00006672", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1053", - "tcp.analysis.ack_rtt": "0.004270000", - "tcp.analysis.initial_rtt": "0.003928000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:54.916286000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494034.916286000", - "frame.time_delta": "0.001061000", - "frame.time_delta_displayed": "0.001061000", - "frame.time_relative": "443.455600000", - "frame.number": "1056", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00004aa0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006de9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47391", - "tcp.dstport": "80", - "tcp.port": "47391", - "tcp.port": "80", - "tcp.stream": "36", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00006287", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1054", - "tcp.analysis.ack_rtt": "0.004888000", - "tcp.analysis.initial_rtt": "0.003928000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:54.917178000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494034.917178000", - "frame.time_delta": "0.000892000", - "frame.time_delta_displayed": "0.000892000", - "frame.time_relative": "443.456492000", - "frame.number": "1057", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00004aa1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006de8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47391", - "tcp.dstport": "80", - "tcp.port": "47391", - "tcp.port": "80", - "tcp.stream": "36", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00006286", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:54.917633000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494034.917633000", - "frame.time_delta": "0.000455000", - "frame.time_delta_displayed": "0.000455000", - "frame.time_relative": "443.456947000", - "frame.number": "1058", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d568", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e320", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47391", - "tcp.port": "80", - "tcp.port": "47391", - "tcp.stream": "36", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000551c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1057", - "tcp.analysis.ack_rtt": "0.000455000", - "tcp.analysis.initial_rtt": "0.003928000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:54.928385000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494034.928385000", - "frame.time_delta": "0.010752000", - "frame.time_delta_displayed": "0.010752000", - "frame.time_relative": "443.467699000", - "frame.number": "1059", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x000091da", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00002584", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "6", - "http.prev_response_in": "1047" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:54.929610000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494034.929610000", - "frame.time_delta": "0.001225000", - "frame.time_delta_displayed": "0.001225000", - "frame.time_relative": "443.468924000", - "frame.number": "1060", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e6ba", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d1ce", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47391", - "tcp.dstport": "80", - "tcp.port": "47391", - "tcp.port": "80", - "tcp.stream": "36", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00005b16", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:55.079236000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494035.079236000", - "frame.time_delta": "0.149626000", - "frame.time_delta_displayed": "0.149626000", - "frame.time_relative": "443.618550000", - "frame.number": "1061", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x000028c2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008fb3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47392", - "tcp.dstport": "80", - "tcp.port": "47392", - "tcp.port": "80", - "tcp.stream": "37", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x00006a59", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:00:ae:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 917678, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "917678", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:55.079355000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494035.079355000", - "frame.time_delta": "0.000119000", - "frame.time_delta_displayed": "0.000119000", - "frame.time_relative": "443.618669000", - "frame.number": "1062", - "frame.len": "103", - "frame.cap_len": "103", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "89", - "ip.id": "0x0000ff4b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000da4d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "69", - "udp.checksum": "0x00000f59", - "udp.checksum.status": "2", - "udp.stream": "38" - }, - "mdns": { - "dns.id": "0x00000003", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_FFACD959._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_FFACD959._sub._googlecast._tcp.local", - "dns.qry.name.len": "37", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:55.079807000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494035.079807000", - "frame.time_delta": "0.000452000", - "frame.time_delta_displayed": "0.000452000", - "frame.time_relative": "443.619121000", - "frame.number": "1063", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47392", - "tcp.port": "80", - "tcp.port": "47392", - "tcp.stream": "37", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000269d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "1061", - "tcp.analysis.ack_rtt": "0.000571000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:55.096780000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494035.096780000", - "frame.time_delta": "0.016973000", - "frame.time_delta_displayed": "0.016973000", - "frame.time_relative": "443.636094000", - "frame.number": "1064", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000028c3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008fc6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47392", - "tcp.dstport": "80", - "tcp.port": "47392", - "tcp.port": "80", - "tcp.stream": "37", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000d824", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1063", - "tcp.analysis.ack_rtt": "0.016973000", - "tcp.analysis.initial_rtt": "0.017544000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:55.097544000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494035.097544000", - "frame.time_delta": "0.000764000", - "frame.time_delta_displayed": "0.000764000", - "frame.time_relative": "443.636858000", - "frame.number": "1065", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x000028c4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008f05", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47392", - "tcp.dstport": "80", - "tcp.port": "47392", - "tcp.port": "80", - "tcp.stream": "37", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000379f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.017544000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:55.098035000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494035.098035000", - "frame.time_delta": "0.000491000", - "frame.time_delta_displayed": "0.000491000", - "frame.time_relative": "443.637349000", - "frame.number": "1066", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000096f7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00002192", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47392", - "tcp.port": "80", - "tcp.port": "47392", - "tcp.stream": "37", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000c9f3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1065", - "tcp.analysis.ack_rtt": "0.000491000", - "tcp.analysis.initial_rtt": "0.017544000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:55.098685000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494035.098685000", - "frame.time_delta": "0.000650000", - "frame.time_delta_displayed": "0.000650000", - "frame.time_relative": "443.637999000", - "frame.number": "1067", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x000096f8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00002180", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47392", - "tcp.port": "80", - "tcp.port": "47392", - "tcp.stream": "37", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00000a15", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.017544000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:55.099033000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494035.099033000", - "frame.time_delta": "0.000348000", - "frame.time_delta_displayed": "0.000348000", - "frame.time_relative": "443.638347000", - "frame.number": "1068", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x000096f9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001dad", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47392", - "tcp.port": "80", - "tcp.port": "47392", - "tcp.stream": "37", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00005c7e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.017544000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "1067", - "tcp.segment": "1068", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001489000", - "http.request_in": "1065", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:55.103421000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494035.103421000", - "frame.time_delta": "0.004388000", - "frame.time_delta_displayed": "0.004388000", - "frame.time_relative": "443.642735000", - "frame.number": "1069", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000028c5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008fc4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47392", - "tcp.dstport": "80", - "tcp.port": "47392", - "tcp.port": "80", - "tcp.stream": "37", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000d753", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1067", - "tcp.analysis.ack_rtt": "0.004736000", - "tcp.analysis.initial_rtt": "0.017544000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:55.103530000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494035.103530000", - "frame.time_delta": "0.000109000", - "frame.time_delta_displayed": "0.000109000", - "frame.time_relative": "443.642844000", - "frame.number": "1070", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000028c6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008fc3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47392", - "tcp.dstport": "80", - "tcp.port": "47392", - "tcp.port": "80", - "tcp.stream": "37", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000d368", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1068", - "tcp.analysis.ack_rtt": "0.004497000", - "tcp.analysis.initial_rtt": "0.017544000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:55.105976000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494035.105976000", - "frame.time_delta": "0.002446000", - "frame.time_delta_displayed": "0.002446000", - "frame.time_relative": "443.645290000", - "frame.number": "1071", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000028c7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008fc2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47392", - "tcp.dstport": "80", - "tcp.port": "47392", - "tcp.port": "80", - "tcp.stream": "37", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000d367", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:55.106434000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494035.106434000", - "frame.time_delta": "0.000458000", - "frame.time_delta_displayed": "0.000458000", - "frame.time_relative": "443.645748000", - "frame.number": "1072", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d579", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e30f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47392", - "tcp.port": "80", - "tcp.port": "47392", - "tcp.stream": "37", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000c5fd", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1071", - "tcp.analysis.ack_rtt": "0.000458000", - "tcp.analysis.initial_rtt": "0.017544000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:55.111731000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494035.111731000", - "frame.time_delta": "0.005297000", - "frame.time_delta_displayed": "0.005297000", - "frame.time_relative": "443.651045000", - "frame.number": "1073", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e6bc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d1cc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47392", - "tcp.dstport": "80", - "tcp.port": "47392", - "tcp.port": "80", - "tcp.stream": "37", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000d234", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:55.875048000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494035.875048000", - "frame.time_delta": "0.763317000", - "frame.time_delta_displayed": "0.763317000", - "frame.time_relative": "444.414362000", - "frame.number": "1074", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x000091f6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000256b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "7", - "http.prev_response_in": "1059" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:55.880637000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494035.880637000", - "frame.time_delta": "0.005589000", - "frame.time_delta_displayed": "0.005589000", - "frame.time_relative": "444.419951000", - "frame.number": "1075", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x0000ccf1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000eb83", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47393", - "tcp.dstport": "80", - "tcp.port": "47393", - "tcp.port": "80", - "tcp.stream": "38", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x0000afe9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:01:0c:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 917772, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "917772", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:55.881178000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494035.881178000", - "frame.time_delta": "0.000541000", - "frame.time_delta_displayed": "0.000541000", - "frame.time_relative": "444.420492000", - "frame.number": "1076", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47393", - "tcp.port": "80", - "tcp.port": "47393", - "tcp.stream": "38", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000fcba", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "1075", - "tcp.analysis.ack_rtt": "0.000541000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:55.885085000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494035.885085000", - "frame.time_delta": "0.003907000", - "frame.time_delta_displayed": "0.003907000", - "frame.time_relative": "444.424399000", - "frame.number": "1077", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000ccf2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000eb96", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47393", - "tcp.dstport": "80", - "tcp.port": "47393", - "tcp.port": "80", - "tcp.stream": "38", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000ae42", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1076", - "tcp.analysis.ack_rtt": "0.003907000", - "tcp.analysis.initial_rtt": "0.004448000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:55.885748000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494035.885748000", - "frame.time_delta": "0.000663000", - "frame.time_delta_displayed": "0.000663000", - "frame.time_relative": "444.425062000", - "frame.number": "1078", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x0000ccf3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ead5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47393", - "tcp.dstport": "80", - "tcp.port": "47393", - "tcp.port": "80", - "tcp.stream": "38", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00000dbd", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004448000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:55.886238000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494035.886238000", - "frame.time_delta": "0.000490000", - "frame.time_delta_displayed": "0.000490000", - "frame.time_relative": "444.425552000", - "frame.number": "1079", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00006e3d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004a4c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47393", - "tcp.port": "80", - "tcp.port": "47393", - "tcp.stream": "38", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000a011", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1078", - "tcp.analysis.ack_rtt": "0.000490000", - "tcp.analysis.initial_rtt": "0.004448000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:55.886889000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494035.886889000", - "frame.time_delta": "0.000651000", - "frame.time_delta_displayed": "0.000651000", - "frame.time_relative": "444.426203000", - "frame.number": "1080", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00006e3e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004a3a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47393", - "tcp.port": "80", - "tcp.port": "47393", - "tcp.stream": "38", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000e032", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004448000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:55.887328000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494035.887328000", - "frame.time_delta": "0.000439000", - "frame.time_delta_displayed": "0.000439000", - "frame.time_relative": "444.426642000", - "frame.number": "1081", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00006e3f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004667", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47393", - "tcp.port": "80", - "tcp.port": "47393", - "tcp.stream": "38", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000329c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004448000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "1080", - "tcp.segment": "1081", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001580000", - "http.request_in": "1078", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:55.890798000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494035.890798000", - "frame.time_delta": "0.003470000", - "frame.time_delta_displayed": "0.003470000", - "frame.time_relative": "444.430112000", - "frame.number": "1082", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00006e40", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004666", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47393", - "tcp.port": "80", - "tcp.port": "47393", - "tcp.stream": "38", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000329c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004448000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.out_of_order": "", - "_ws.expert.message": "This frame is a (suspected) out-of-order segment", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - } - } - }, - "_ws.malformed": { - "_ws.expert": { - "_ws.malformed.reassembly": "", - "_ws.expert.message": "New fragment overlaps old data (retransmission?)", - "_ws.expert.severity": "8388608", - "_ws.expert.group": "117440512" - }, - "_ws.malformed": "Malformed Packet" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:55.928065000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494035.928065000", - "frame.time_delta": "0.037267000", - "frame.time_delta_displayed": "0.037267000", - "frame.time_relative": "444.467379000", - "frame.number": "1083", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x000091f9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000255f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "8", - "http.prev_response_in": "1074" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:55.980945000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494035.980945000", - "frame.time_delta": "0.052880000", - "frame.time_delta_displayed": "0.052880000", - "frame.time_relative": "444.520259000", - "frame.number": "1084", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x000091fe", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00002560", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "9", - "http.prev_response_in": "1083" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:56.034499000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494036.034499000", - "frame.time_delta": "0.053554000", - "frame.time_delta_displayed": "0.053554000", - "frame.time_relative": "444.573813000", - "frame.number": "1085", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000ccf4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000eb94", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47393", - "tcp.dstport": "80", - "tcp.port": "47393", - "tcp.port": "80", - "tcp.stream": "38", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000ad71", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1080", - "tcp.analysis.ack_rtt": "0.147610000", - "tcp.analysis.initial_rtt": "0.004448000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:56.036122000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494036.036122000", - "frame.time_delta": "0.001623000", - "frame.time_delta_displayed": "0.001623000", - "frame.time_relative": "444.575436000", - "frame.number": "1086", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000ccf5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000eb93", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47393", - "tcp.dstport": "80", - "tcp.port": "47393", - "tcp.port": "80", - "tcp.stream": "38", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000a986", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1081", - "tcp.analysis.ack_rtt": "0.148794000", - "tcp.analysis.initial_rtt": "0.004448000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:56.036166000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494036.036166000", - "frame.time_delta": "0.000044000", - "frame.time_delta_displayed": "0.000044000", - "frame.time_relative": "444.575480000", - "frame.number": "1087", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000ccf6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000eb86", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47393", - "tcp.dstport": "80", - "tcp.port": "47393", - "tcp.port": "80", - "tcp.stream": "38", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00009cec", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:05:0a:1a:c7:4e:88:1a:c7:52:6c", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "SACK: 18-1014": { - "tcp.option_kind": "5", - "tcp.option_len": "10", - "tcp.options.sack": "1", - "tcp.options.sack_le": "18", - "tcp.options.sack_re": "1014", - "tcp.options.sack.count": "1" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004448000", - "tcp.analysis.flags": { - "tcp.analysis.duplicate_ack": "" - }, - "tcp.analysis.duplicate_ack_num": "1", - "tcp.analysis.duplicate_ack_frame": "1086", - "tcp.analysis.duplicate_ack_frame_tree": { - "_ws.expert": { - "tcp.analysis.duplicate_ack": "", - "_ws.expert.message": "Duplicate ACK (#1)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:56.036743000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494036.036743000", - "frame.time_delta": "0.000577000", - "frame.time_delta_displayed": "0.000577000", - "frame.time_relative": "444.576057000", - "frame.number": "1088", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000ccf7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000eb91", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47393", - "tcp.dstport": "80", - "tcp.port": "47393", - "tcp.port": "80", - "tcp.stream": "38", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000a985", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:56.037191000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494036.037191000", - "frame.time_delta": "0.000448000", - "frame.time_delta_displayed": "0.000448000", - "frame.time_relative": "444.576505000", - "frame.number": "1089", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d5d3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e2b5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47393", - "tcp.port": "80", - "tcp.port": "47393", - "tcp.stream": "38", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00009c1b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1088", - "tcp.analysis.ack_rtt": "0.000448000", - "tcp.analysis.initial_rtt": "0.004448000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:56.042618000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494036.042618000", - "frame.time_delta": "0.005427000", - "frame.time_delta_displayed": "0.005427000", - "frame.time_relative": "444.581932000", - "frame.number": "1090", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e6e7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d1a1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47393", - "tcp.dstport": "80", - "tcp.port": "47393", - "tcp.port": "80", - "tcp.stream": "38", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00001823", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:56.045262000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494036.045262000", - "frame.time_delta": "0.002644000", - "frame.time_delta_displayed": "0.002644000", - "frame.time_relative": "444.584576000", - "frame.number": "1091", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x00004b15", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006d60", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47394", - "tcp.dstport": "80", - "tcp.port": "47394", - "tcp.port": "80", - "tcp.stream": "39", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x00006fb7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:01:1d:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 917789, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "917789", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:56.045788000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494036.045788000", - "frame.time_delta": "0.000526000", - "frame.time_delta_displayed": "0.000526000", - "frame.time_relative": "444.585102000", - "frame.number": "1092", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47394", - "tcp.port": "80", - "tcp.port": "47394", - "tcp.stream": "39", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00009384", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "1091", - "tcp.analysis.ack_rtt": "0.000526000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:56.050571000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494036.050571000", - "frame.time_delta": "0.004783000", - "frame.time_delta_displayed": "0.004783000", - "frame.time_relative": "444.589885000", - "frame.number": "1093", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00004b16", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006d73", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47394", - "tcp.dstport": "80", - "tcp.port": "47394", - "tcp.port": "80", - "tcp.stream": "39", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000450c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1092", - "tcp.analysis.ack_rtt": "0.004783000", - "tcp.analysis.initial_rtt": "0.005309000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:56.051430000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494036.051430000", - "frame.time_delta": "0.000859000", - "frame.time_delta_displayed": "0.000859000", - "frame.time_relative": "444.590744000", - "frame.number": "1094", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x00004b17", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006cb2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47394", - "tcp.dstport": "80", - "tcp.port": "47394", - "tcp.port": "80", - "tcp.stream": "39", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000a486", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005309000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:56.051934000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494036.051934000", - "frame.time_delta": "0.000504000", - "frame.time_delta_displayed": "0.000504000", - "frame.time_relative": "444.591248000", - "frame.number": "1095", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000621d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000566c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47394", - "tcp.port": "80", - "tcp.port": "47394", - "tcp.stream": "39", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000036db", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1094", - "tcp.analysis.ack_rtt": "0.000504000", - "tcp.analysis.initial_rtt": "0.005309000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:56.052640000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494036.052640000", - "frame.time_delta": "0.000706000", - "frame.time_delta_displayed": "0.000706000", - "frame.time_relative": "444.591954000", - "frame.number": "1096", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000621e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000565a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47394", - "tcp.port": "80", - "tcp.port": "47394", - "tcp.stream": "39", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000076fc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005309000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:56.052997000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494036.052997000", - "frame.time_delta": "0.000357000", - "frame.time_delta_displayed": "0.000357000", - "frame.time_relative": "444.592311000", - "frame.number": "1097", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000621f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005287", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47394", - "tcp.port": "80", - "tcp.port": "47394", - "tcp.stream": "39", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000c965", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005309000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "1096", - "tcp.segment": "1097", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001567000", - "http.request_in": "1094", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:56.056797000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494036.056797000", - "frame.time_delta": "0.003800000", - "frame.time_delta_displayed": "0.003800000", - "frame.time_relative": "444.596111000", - "frame.number": "1098", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00004b18", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006d71", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47394", - "tcp.dstport": "80", - "tcp.port": "47394", - "tcp.port": "80", - "tcp.stream": "39", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000443b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1096", - "tcp.analysis.ack_rtt": "0.004157000", - "tcp.analysis.initial_rtt": "0.005309000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:56.056841000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494036.056841000", - "frame.time_delta": "0.000044000", - "frame.time_delta_displayed": "0.000044000", - "frame.time_relative": "444.596155000", - "frame.number": "1099", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00004b19", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006d70", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47394", - "tcp.dstport": "80", - "tcp.port": "47394", - "tcp.port": "80", - "tcp.stream": "39", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00004050", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1097", - "tcp.analysis.ack_rtt": "0.003844000", - "tcp.analysis.initial_rtt": "0.005309000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:56.057433000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494036.057433000", - "frame.time_delta": "0.000592000", - "frame.time_delta_displayed": "0.000592000", - "frame.time_relative": "444.596747000", - "frame.number": "1100", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00004b1a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006d6f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47394", - "tcp.dstport": "80", - "tcp.port": "47394", - "tcp.port": "80", - "tcp.stream": "39", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000404f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:56.057882000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494036.057882000", - "frame.time_delta": "0.000449000", - "frame.time_delta_displayed": "0.000449000", - "frame.time_relative": "444.597196000", - "frame.number": "1101", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d5d5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e2b3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47394", - "tcp.port": "80", - "tcp.port": "47394", - "tcp.stream": "39", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000032e5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1100", - "tcp.analysis.ack_rtt": "0.000449000", - "tcp.analysis.initial_rtt": "0.005309000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:56.061766000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494036.061766000", - "frame.time_delta": "0.003884000", - "frame.time_delta_displayed": "0.003884000", - "frame.time_relative": "444.601080000", - "frame.number": "1102", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e6e8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d1a0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47394", - "tcp.dstport": "80", - "tcp.port": "47394", - "tcp.port": "80", - "tcp.stream": "39", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000d801", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:56.881151000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494036.881151000", - "frame.time_delta": "0.819385000", - "frame.time_delta_displayed": "0.819385000", - "frame.time_relative": "445.420465000", - "frame.number": "1103", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000921f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00002542", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "10", - "http.prev_response_in": "1084" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:56.933929000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494036.933929000", - "frame.time_delta": "0.052778000", - "frame.time_delta_displayed": "0.052778000", - "frame.time_relative": "445.473243000", - "frame.number": "1104", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00009220", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00002538", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "11", - "http.prev_response_in": "1103" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:56.986691000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494036.986691000", - "frame.time_delta": "0.052762000", - "frame.time_delta_displayed": "0.052762000", - "frame.time_relative": "445.526005000", - "frame.number": "1105", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00009221", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000253d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "12", - "http.prev_response_in": "1104" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:56.997967000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494036.997967000", - "frame.time_delta": "0.011276000", - "frame.time_delta_displayed": "0.011276000", - "frame.time_relative": "445.537281000", - "frame.number": "1106", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x0000c7e4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f090", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47397", - "tcp.dstport": "80", - "tcp.port": "47397", - "tcp.port": "80", - "tcp.stream": "40", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x0000305e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:01:7c:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 917884, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "917884", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:56.998528000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494036.998528000", - "frame.time_delta": "0.000561000", - "frame.time_delta_displayed": "0.000561000", - "frame.time_relative": "445.537842000", - "frame.number": "1107", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47397", - "tcp.port": "80", - "tcp.port": "47397", - "tcp.stream": "40", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000d4f7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "1106", - "tcp.analysis.ack_rtt": "0.000561000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:57.001665000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494037.001665000", - "frame.time_delta": "0.003137000", - "frame.time_delta_displayed": "0.003137000", - "frame.time_relative": "445.540979000", - "frame.number": "1108", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000c7e5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f0a3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47397", - "tcp.dstport": "80", - "tcp.port": "47397", - "tcp.port": "80", - "tcp.stream": "40", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000867f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1107", - "tcp.analysis.ack_rtt": "0.003137000", - "tcp.analysis.initial_rtt": "0.003698000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:57.001797000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494037.001797000", - "frame.time_delta": "0.000132000", - "frame.time_delta_displayed": "0.000132000", - "frame.time_relative": "445.541111000", - "frame.number": "1109", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x0000c7e6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000efe2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47397", - "tcp.dstport": "80", - "tcp.port": "47397", - "tcp.port": "80", - "tcp.stream": "40", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000e5f9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003698000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:57.002236000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494037.002236000", - "frame.time_delta": "0.000439000", - "frame.time_delta_displayed": "0.000439000", - "frame.time_relative": "445.541550000", - "frame.number": "1110", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d530", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e358", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47397", - "tcp.port": "80", - "tcp.port": "47397", - "tcp.stream": "40", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000784e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1109", - "tcp.analysis.ack_rtt": "0.000439000", - "tcp.analysis.initial_rtt": "0.003698000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:57.003009000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494037.003009000", - "frame.time_delta": "0.000773000", - "frame.time_delta_displayed": "0.000773000", - "frame.time_relative": "445.542323000", - "frame.number": "1111", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000d531", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e346", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47397", - "tcp.port": "80", - "tcp.port": "47397", - "tcp.stream": "40", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000b86f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003698000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:57.003364000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494037.003364000", - "frame.time_delta": "0.000355000", - "frame.time_delta_displayed": "0.000355000", - "frame.time_relative": "445.542678000", - "frame.number": "1112", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000d532", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000df73", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47397", - "tcp.port": "80", - "tcp.port": "47397", - "tcp.stream": "40", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00000ad9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003698000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "1111", - "tcp.segment": "1112", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001567000", - "http.request_in": "1109", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:57.006207000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494037.006207000", - "frame.time_delta": "0.002843000", - "frame.time_delta_displayed": "0.002843000", - "frame.time_relative": "445.545521000", - "frame.number": "1113", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000c7e7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f0a1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47397", - "tcp.dstport": "80", - "tcp.port": "47397", - "tcp.port": "80", - "tcp.stream": "40", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000085ae", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1111", - "tcp.analysis.ack_rtt": "0.003198000", - "tcp.analysis.initial_rtt": "0.003698000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:57.006253000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494037.006253000", - "frame.time_delta": "0.000046000", - "frame.time_delta_displayed": "0.000046000", - "frame.time_relative": "445.545567000", - "frame.number": "1114", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000c7e8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f0a0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47397", - "tcp.dstport": "80", - "tcp.port": "47397", - "tcp.port": "80", - "tcp.stream": "40", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000081c3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1112", - "tcp.analysis.ack_rtt": "0.002889000", - "tcp.analysis.initial_rtt": "0.003698000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:57.011742000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494037.011742000", - "frame.time_delta": "0.005489000", - "frame.time_delta_displayed": "0.005489000", - "frame.time_relative": "445.551056000", - "frame.number": "1115", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000c7e9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f09f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47397", - "tcp.dstport": "80", - "tcp.port": "47397", - "tcp.port": "80", - "tcp.stream": "40", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000081c2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:57.012221000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494037.012221000", - "frame.time_delta": "0.000479000", - "frame.time_delta_displayed": "0.000479000", - "frame.time_relative": "445.551535000", - "frame.number": "1116", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d629", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e25f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47397", - "tcp.port": "80", - "tcp.port": "47397", - "tcp.stream": "40", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00007458", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1115", - "tcp.analysis.ack_rtt": "0.000479000", - "tcp.analysis.initial_rtt": "0.003698000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:57.014017000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494037.014017000", - "frame.time_delta": "0.001796000", - "frame.time_delta_displayed": "0.001796000", - "frame.time_relative": "445.553331000", - "frame.number": "1117", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x00009262", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00002613", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47398", - "tcp.dstport": "80", - "tcp.port": "47398", - "tcp.port": "80", - "tcp.stream": "41", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x0000d92b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:01:7e:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 917886, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "917886", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:57.014568000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494037.014568000", - "frame.time_delta": "0.000551000", - "frame.time_delta_displayed": "0.000551000", - "frame.time_relative": "445.553882000", - "frame.number": "1118", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47398", - "tcp.port": "80", - "tcp.port": "47398", - "tcp.stream": "41", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000bb26", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "1117", - "tcp.analysis.ack_rtt": "0.000551000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:57.014805000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494037.014805000", - "frame.time_delta": "0.000237000", - "frame.time_delta_displayed": "0.000237000", - "frame.time_relative": "445.554119000", - "frame.number": "1119", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e717", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d171", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47397", - "tcp.dstport": "80", - "tcp.port": "47397", - "tcp.port": "80", - "tcp.stream": "40", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00009907", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:57.017687000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494037.017687000", - "frame.time_delta": "0.002882000", - "frame.time_delta_displayed": "0.002882000", - "frame.time_relative": "445.557001000", - "frame.number": "1120", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00009263", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00002626", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47398", - "tcp.dstport": "80", - "tcp.port": "47398", - "tcp.port": "80", - "tcp.stream": "41", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00006cae", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1118", - "tcp.analysis.ack_rtt": "0.003119000", - "tcp.analysis.initial_rtt": "0.003670000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:57.020528000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494037.020528000", - "frame.time_delta": "0.002841000", - "frame.time_delta_displayed": "0.002841000", - "frame.time_relative": "445.559842000", - "frame.number": "1121", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x00009264", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00002565", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47398", - "tcp.dstport": "80", - "tcp.port": "47398", - "tcp.port": "80", - "tcp.stream": "41", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000cc28", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003670000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:57.021057000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494037.021057000", - "frame.time_delta": "0.000529000", - "frame.time_delta_displayed": "0.000529000", - "frame.time_relative": "445.560371000", - "frame.number": "1122", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000065ee", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000529b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47398", - "tcp.port": "80", - "tcp.port": "47398", - "tcp.stream": "41", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00005e7d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1121", - "tcp.analysis.ack_rtt": "0.000529000", - "tcp.analysis.initial_rtt": "0.003670000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:57.021758000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494037.021758000", - "frame.time_delta": "0.000701000", - "frame.time_delta_displayed": "0.000701000", - "frame.time_relative": "445.561072000", - "frame.number": "1123", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x000065ef", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005289", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47398", - "tcp.port": "80", - "tcp.port": "47398", - "tcp.stream": "41", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00009e9e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003670000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:57.022112000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494037.022112000", - "frame.time_delta": "0.000354000", - "frame.time_delta_displayed": "0.000354000", - "frame.time_relative": "445.561426000", - "frame.number": "1124", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x000065f0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004eb6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47398", - "tcp.port": "80", - "tcp.port": "47398", - "tcp.stream": "41", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000f107", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003670000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "1123", - "tcp.segment": "1124", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001584000", - "http.request_in": "1121", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:57.026383000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494037.026383000", - "frame.time_delta": "0.004271000", - "frame.time_delta_displayed": "0.004271000", - "frame.time_relative": "445.565697000", - "frame.number": "1125", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00009265", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00002624", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47398", - "tcp.dstport": "80", - "tcp.port": "47398", - "tcp.port": "80", - "tcp.stream": "41", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00006bdd", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1123", - "tcp.analysis.ack_rtt": "0.004625000", - "tcp.analysis.initial_rtt": "0.003670000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:57.026428000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494037.026428000", - "frame.time_delta": "0.000045000", - "frame.time_delta_displayed": "0.000045000", - "frame.time_relative": "445.565742000", - "frame.number": "1126", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00009266", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00002623", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47398", - "tcp.dstport": "80", - "tcp.port": "47398", - "tcp.port": "80", - "tcp.stream": "41", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000067f2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1124", - "tcp.analysis.ack_rtt": "0.004316000", - "tcp.analysis.initial_rtt": "0.003670000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:57.029851000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494037.029851000", - "frame.time_delta": "0.003423000", - "frame.time_delta_displayed": "0.003423000", - "frame.time_relative": "445.569165000", - "frame.number": "1127", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00009267", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00002622", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47398", - "tcp.dstport": "80", - "tcp.port": "47398", - "tcp.port": "80", - "tcp.stream": "41", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000067f1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:57.030319000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494037.030319000", - "frame.time_delta": "0.000468000", - "frame.time_delta_displayed": "0.000468000", - "frame.time_relative": "445.569633000", - "frame.number": "1128", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d62a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e25e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47398", - "tcp.port": "80", - "tcp.port": "47398", - "tcp.stream": "41", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00005a87", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1127", - "tcp.analysis.ack_rtt": "0.000468000", - "tcp.analysis.initial_rtt": "0.003670000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:57.180255000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494037.180255000", - "frame.time_delta": "0.149936000", - "frame.time_delta_displayed": "0.149936000", - "frame.time_relative": "445.719569000", - "frame.number": "1129", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e719", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d16f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47398", - "tcp.dstport": "80", - "tcp.port": "47398", - "tcp.port": "80", - "tcp.stream": "41", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000041d7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:57.680237000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494037.680237000", - "frame.time_delta": "0.499982000", - "frame.time_delta_displayed": "0.499982000", - "frame.time_relative": "446.219551000", - "frame.number": "1130", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.242" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:57.682612000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494037.682612000", - "frame.time_delta": "0.002375000", - "frame.time_delta_displayed": "0.002375000", - "frame.time_relative": "446.221926000", - "frame.number": "1131", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "d0:52:a8:a3:60:0f", - "arp.src.proto_ipv4": "192.168.0.242", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:57.984170000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494037.984170000", - "frame.time_delta": "0.301558000", - "frame.time_delta_displayed": "0.301558000", - "frame.time_relative": "446.523484000", - "frame.number": "1132", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000926c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000024f5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "13", - "http.prev_response_in": "1105" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:58.036945000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494038.036945000", - "frame.time_delta": "0.052775000", - "frame.time_delta_displayed": "0.052775000", - "frame.time_relative": "446.576259000", - "frame.number": "1133", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00009270", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000024e8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "14", - "http.prev_response_in": "1132" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:58.089844000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494038.089844000", - "frame.time_delta": "0.052899000", - "frame.time_delta_displayed": "0.052899000", - "frame.time_relative": "446.629158000", - "frame.number": "1134", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00009274", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000024ea", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "15", - "http.prev_response_in": "1133" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:58.372692000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494038.372692000", - "frame.time_delta": "0.282848000", - "frame.time_delta_displayed": "0.282848000", - "frame.time_relative": "446.912006000", - "frame.number": "1135", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x000015c8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a2ad", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47401", - "tcp.dstport": "80", - "tcp.port": "47401", - "tcp.port": "80", - "tcp.stream": "42", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x0000c994", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:02:06:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 918022, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "918022", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:58.373266000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494038.373266000", - "frame.time_delta": "0.000574000", - "frame.time_delta_displayed": "0.000574000", - "frame.time_relative": "446.912580000", - "frame.number": "1136", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47401", - "tcp.port": "80", - "tcp.port": "47401", - "tcp.stream": "42", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x000029e8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "1135", - "tcp.analysis.ack_rtt": "0.000574000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:58.376745000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494038.376745000", - "frame.time_delta": "0.003479000", - "frame.time_delta_displayed": "0.003479000", - "frame.time_relative": "446.916059000", - "frame.number": "1137", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000015c9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a2c0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47401", - "tcp.dstport": "80", - "tcp.port": "47401", - "tcp.port": "80", - "tcp.stream": "42", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000db6f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1136", - "tcp.analysis.ack_rtt": "0.003479000", - "tcp.analysis.initial_rtt": "0.004053000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:58.377921000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494038.377921000", - "frame.time_delta": "0.001176000", - "frame.time_delta_displayed": "0.001176000", - "frame.time_relative": "446.917235000", - "frame.number": "1138", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x000015ca", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a1ff", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47401", - "tcp.dstport": "80", - "tcp.port": "47401", - "tcp.port": "80", - "tcp.stream": "42", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00003aea", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004053000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:58.378408000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494038.378408000", - "frame.time_delta": "0.000487000", - "frame.time_delta_displayed": "0.000487000", - "frame.time_relative": "446.917722000", - "frame.number": "1139", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00003cc6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007bc3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47401", - "tcp.port": "80", - "tcp.port": "47401", - "tcp.stream": "42", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000cd3e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1138", - "tcp.analysis.ack_rtt": "0.000487000", - "tcp.analysis.initial_rtt": "0.004053000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:58.379083000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494038.379083000", - "frame.time_delta": "0.000675000", - "frame.time_delta_displayed": "0.000675000", - "frame.time_relative": "446.918397000", - "frame.number": "1140", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00003cc7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007bb1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47401", - "tcp.port": "80", - "tcp.port": "47401", - "tcp.stream": "42", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00000d60", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004053000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:58.379440000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494038.379440000", - "frame.time_delta": "0.000357000", - "frame.time_delta_displayed": "0.000357000", - "frame.time_relative": "446.918754000", - "frame.number": "1141", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00003cc8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000077de", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47401", - "tcp.port": "80", - "tcp.port": "47401", - "tcp.stream": "42", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00005fc9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004053000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "1140", - "tcp.segment": "1141", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001519000", - "http.request_in": "1138", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:58.380805000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494038.380805000", - "frame.time_delta": "0.001365000", - "frame.time_delta_displayed": "0.001365000", - "frame.time_relative": "446.920119000", - "frame.number": "1142", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00003cc9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000077dd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47401", - "tcp.port": "80", - "tcp.port": "47401", - "tcp.stream": "42", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00005fc9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004053000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.out_of_order": "", - "_ws.expert.message": "This frame is a (suspected) out-of-order segment", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - } - } - }, - "_ws.malformed": { - "_ws.expert": { - "_ws.malformed.reassembly": "", - "_ws.expert.message": "New fragment overlaps old data (retransmission?)", - "_ws.expert.severity": "8388608", - "_ws.expert.group": "117440512" - }, - "_ws.malformed": "Malformed Packet" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:58.381954000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494038.381954000", - "frame.time_delta": "0.001149000", - "frame.time_delta_displayed": "0.001149000", - "frame.time_relative": "446.921268000", - "frame.number": "1143", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000015cb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a2be", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47401", - "tcp.dstport": "80", - "tcp.port": "47401", - "tcp.port": "80", - "tcp.stream": "42", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000da9e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1140", - "tcp.analysis.ack_rtt": "0.002871000", - "tcp.analysis.initial_rtt": "0.004053000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:58.382951000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494038.382951000", - "frame.time_delta": "0.000997000", - "frame.time_delta_displayed": "0.000997000", - "frame.time_relative": "446.922265000", - "frame.number": "1144", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000015cc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a2bd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47401", - "tcp.dstport": "80", - "tcp.port": "47401", - "tcp.port": "80", - "tcp.stream": "42", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000d6b3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1141", - "tcp.analysis.ack_rtt": "0.003511000", - "tcp.analysis.initial_rtt": "0.004053000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:58.383898000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494038.383898000", - "frame.time_delta": "0.000947000", - "frame.time_delta_displayed": "0.000947000", - "frame.time_relative": "446.923212000", - "frame.number": "1145", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x000015cd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a2b0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47401", - "tcp.dstport": "80", - "tcp.port": "47401", - "tcp.port": "80", - "tcp.stream": "42", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000ef29", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:05:0a:39:31:1d:96:39:31:21:7a", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "SACK: 18-1014": { - "tcp.option_kind": "5", - "tcp.option_len": "10", - "tcp.options.sack": "1", - "tcp.options.sack_le": "18", - "tcp.options.sack_re": "1014", - "tcp.options.sack.count": "1" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004053000", - "tcp.analysis.flags": { - "tcp.analysis.duplicate_ack": "" - }, - "tcp.analysis.duplicate_ack_num": "1", - "tcp.analysis.duplicate_ack_frame": "1144", - "tcp.analysis.duplicate_ack_frame_tree": { - "_ws.expert": { - "tcp.analysis.duplicate_ack": "", - "_ws.expert.message": "Duplicate ACK (#1)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:58.391700000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494038.391700000", - "frame.time_delta": "0.007802000", - "frame.time_delta_displayed": "0.007802000", - "frame.time_relative": "446.931014000", - "frame.number": "1146", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000015ce", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a2bb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47401", - "tcp.dstport": "80", - "tcp.port": "47401", - "tcp.port": "80", - "tcp.stream": "42", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000d6b2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:58.392194000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494038.392194000", - "frame.time_delta": "0.000494000", - "frame.time_delta_displayed": "0.000494000", - "frame.time_relative": "446.931508000", - "frame.number": "1147", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d63e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e24a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47401", - "tcp.port": "80", - "tcp.port": "47401", - "tcp.stream": "42", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000c948", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1146", - "tcp.analysis.ack_rtt": "0.000494000", - "tcp.analysis.initial_rtt": "0.004053000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:58.396578000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494038.396578000", - "frame.time_delta": "0.004384000", - "frame.time_delta_displayed": "0.004384000", - "frame.time_relative": "446.935892000", - "frame.number": "1148", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e724", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d164", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47401", - "tcp.dstport": "80", - "tcp.port": "47401", - "tcp.port": "80", - "tcp.stream": "42", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000032c8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:59.037661000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494039.037661000", - "frame.time_delta": "0.641083000", - "frame.time_delta_displayed": "0.641083000", - "frame.time_relative": "447.576975000", - "frame.number": "1149", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00009289", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000024d8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "16", - "http.prev_response_in": "1134" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:59.090447000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494039.090447000", - "frame.time_delta": "0.052786000", - "frame.time_delta_displayed": "0.052786000", - "frame.time_relative": "447.629761000", - "frame.number": "1150", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000928d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000024cb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "17", - "http.prev_response_in": "1149" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:59.142842000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494039.142842000", - "frame.time_delta": "0.052395000", - "frame.time_delta_displayed": "0.052395000", - "frame.time_relative": "447.682156000", - "frame.number": "1151", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00009291", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000024cd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "18", - "http.prev_response_in": "1150" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:59.300823000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494039.300823000", - "frame.time_delta": "0.157981000", - "frame.time_delta_displayed": "0.157981000", - "frame.time_relative": "447.840137000", - "frame.number": "1152", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00009298", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000024c9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "19", - "http.prev_response_in": "1151" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:59.353601000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494039.353601000", - "frame.time_delta": "0.052778000", - "frame.time_delta_displayed": "0.052778000", - "frame.time_relative": "447.892915000", - "frame.number": "1153", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000929c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000024bc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "20", - "http.prev_response_in": "1152" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:59.406349000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494039.406349000", - "frame.time_delta": "0.052748000", - "frame.time_delta_displayed": "0.052748000", - "frame.time_relative": "447.945663000", - "frame.number": "1154", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000929e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000024c0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "21", - "http.prev_response_in": "1153" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:59.559398000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494039.559398000", - "frame.time_delta": "0.153049000", - "frame.time_delta_displayed": "0.153049000", - "frame.time_relative": "448.098712000", - "frame.number": "1155", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x0000bd7c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000faf8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47403", - "tcp.dstport": "80", - "tcp.port": "47403", - "tcp.port": "80", - "tcp.stream": "43", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x00000765", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:02:78:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 918136, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "918136", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:59.559938000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494039.559938000", - "frame.time_delta": "0.000540000", - "frame.time_delta_displayed": "0.000540000", - "frame.time_relative": "448.099252000", - "frame.number": "1156", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47403", - "tcp.port": "80", - "tcp.port": "47403", - "tcp.stream": "43", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000d9a4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "1155", - "tcp.analysis.ack_rtt": "0.000540000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:59.563014000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494039.563014000", - "frame.time_delta": "0.003076000", - "frame.time_delta_displayed": "0.003076000", - "frame.time_relative": "448.102328000", - "frame.number": "1157", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000bd7d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000fb0b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47403", - "tcp.dstport": "80", - "tcp.port": "47403", - "tcp.port": "80", - "tcp.stream": "43", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00008b2c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1156", - "tcp.analysis.ack_rtt": "0.003076000", - "tcp.analysis.initial_rtt": "0.003616000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:59.563052000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494039.563052000", - "frame.time_delta": "0.000038000", - "frame.time_delta_displayed": "0.000038000", - "frame.time_relative": "448.102366000", - "frame.number": "1158", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x0000bd7e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000fa4a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47403", - "tcp.dstport": "80", - "tcp.port": "47403", - "tcp.port": "80", - "tcp.stream": "43", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000eaa6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003616000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:59.563536000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494039.563536000", - "frame.time_delta": "0.000484000", - "frame.time_delta_displayed": "0.000484000", - "frame.time_relative": "448.102850000", - "frame.number": "1159", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000aa3f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000e4a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47403", - "tcp.port": "80", - "tcp.port": "47403", - "tcp.stream": "43", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00007cfb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1158", - "tcp.analysis.ack_rtt": "0.000484000", - "tcp.analysis.initial_rtt": "0.003616000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:59.564267000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494039.564267000", - "frame.time_delta": "0.000731000", - "frame.time_delta_displayed": "0.000731000", - "frame.time_relative": "448.103581000", - "frame.number": "1160", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000aa40", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000e38", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47403", - "tcp.port": "80", - "tcp.port": "47403", - "tcp.stream": "43", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000bd1c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003616000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:59.564653000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494039.564653000", - "frame.time_delta": "0.000386000", - "frame.time_delta_displayed": "0.000386000", - "frame.time_relative": "448.103967000", - "frame.number": "1161", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000aa41", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000a65", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47403", - "tcp.port": "80", - "tcp.port": "47403", - "tcp.stream": "43", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00000f86", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003616000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "1160", - "tcp.segment": "1161", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001601000", - "http.request_in": "1158", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:59.566981000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494039.566981000", - "frame.time_delta": "0.002328000", - "frame.time_delta_displayed": "0.002328000", - "frame.time_relative": "448.106295000", - "frame.number": "1162", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000bd7f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000fb09", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47403", - "tcp.dstport": "80", - "tcp.port": "47403", - "tcp.port": "80", - "tcp.stream": "43", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00008a5b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1160", - "tcp.analysis.ack_rtt": "0.002714000", - "tcp.analysis.initial_rtt": "0.003616000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:59.770805000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494039.770805000", - "frame.time_delta": "0.203824000", - "frame.time_delta_displayed": "0.203824000", - "frame.time_relative": "448.310119000", - "frame.number": "1163", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000aa42", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000a64", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47403", - "tcp.port": "80", - "tcp.port": "47403", - "tcp.stream": "43", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00000f86", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003616000", - "tcp.analysis.bytes_in_flight": "996", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.retransmission": "", - "_ws.expert.message": "This frame is a (suspected) retransmission", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - }, - "tcp.analysis.rto": "0.206152000", - "tcp.analysis.rto_frame": "1161" - } - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:59.774254000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494039.774254000", - "frame.time_delta": "0.003449000", - "frame.time_delta_displayed": "0.003449000", - "frame.time_relative": "448.313568000", - "frame.number": "1164", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000bd80", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000fb08", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47403", - "tcp.dstport": "80", - "tcp.port": "47403", - "tcp.port": "80", - "tcp.stream": "43", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00008670", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1161", - "tcp.analysis.ack_rtt": "0.209601000", - "tcp.analysis.initial_rtt": "0.003616000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:59.774305000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494039.774305000", - "frame.time_delta": "0.000051000", - "frame.time_delta_displayed": "0.000051000", - "frame.time_relative": "448.313619000", - "frame.number": "1165", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000bd81", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000fafb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47403", - "tcp.dstport": "80", - "tcp.port": "47403", - "tcp.port": "80", - "tcp.stream": "43", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000081db", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:05:0a:59:b6:8b:96:59:b6:8f:7a", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "SACK: 18-1014": { - "tcp.option_kind": "5", - "tcp.option_len": "10", - "tcp.options.sack": "1", - "tcp.options.sack_le": "18", - "tcp.options.sack_re": "1014", - "tcp.options.sack.count": "1" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003616000", - "tcp.analysis.flags": { - "tcp.analysis.duplicate_ack": "" - }, - "tcp.analysis.duplicate_ack_num": "1", - "tcp.analysis.duplicate_ack_frame": "1164", - "tcp.analysis.duplicate_ack_frame_tree": { - "_ws.expert": { - "tcp.analysis.duplicate_ack": "", - "_ws.expert.message": "Duplicate ACK (#1)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:59.774921000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494039.774921000", - "frame.time_delta": "0.000616000", - "frame.time_delta_displayed": "0.000616000", - "frame.time_relative": "448.314235000", - "frame.number": "1166", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000bd82", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000fb06", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47403", - "tcp.dstport": "80", - "tcp.port": "47403", - "tcp.port": "80", - "tcp.stream": "43", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000866f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:59.775344000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494039.775344000", - "frame.time_delta": "0.000423000", - "frame.time_delta_displayed": "0.000423000", - "frame.time_relative": "448.314658000", - "frame.number": "1167", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d694", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e1f4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47403", - "tcp.port": "80", - "tcp.port": "47403", - "tcp.stream": "43", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00007905", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1166", - "tcp.analysis.ack_rtt": "0.000423000", - "tcp.analysis.initial_rtt": "0.003616000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:53:59.778734000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494039.778734000", - "frame.time_delta": "0.003390000", - "frame.time_delta_displayed": "0.003390000", - "frame.time_relative": "448.318048000", - "frame.number": "1168", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e794", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d0f4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47403", - "tcp.dstport": "80", - "tcp.port": "47403", - "tcp.port": "80", - "tcp.stream": "43", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000710a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:00.325267000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494040.325267000", - "frame.time_delta": "0.546533000", - "frame.time_delta_displayed": "0.546533000", - "frame.time_relative": "448.864581000", - "frame.number": "1169", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x000092a8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000024b9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "22", - "http.prev_response_in": "1154" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:00.330975000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494040.330975000", - "frame.time_delta": "0.005708000", - "frame.time_delta_displayed": "0.005708000", - "frame.time_relative": "448.870289000", - "frame.number": "1170", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x000094ea", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000238b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47405", - "tcp.dstport": "80", - "tcp.port": "47405", - "tcp.port": "80", - "tcp.stream": "44", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x000081d2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:02:c9:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 918217, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "918217", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:00.331530000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494040.331530000", - "frame.time_delta": "0.000555000", - "frame.time_delta_displayed": "0.000555000", - "frame.time_relative": "448.870844000", - "frame.number": "1171", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47405", - "tcp.port": "80", - "tcp.port": "47405", - "tcp.stream": "44", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x000088db", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "1170", - "tcp.analysis.ack_rtt": "0.000555000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:00.334826000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494040.334826000", - "frame.time_delta": "0.003296000", - "frame.time_delta_displayed": "0.003296000", - "frame.time_relative": "448.874140000", - "frame.number": "1172", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000094eb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000239e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47405", - "tcp.dstport": "80", - "tcp.port": "47405", - "tcp.port": "80", - "tcp.stream": "44", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00003a63", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1171", - "tcp.analysis.ack_rtt": "0.003296000", - "tcp.analysis.initial_rtt": "0.003851000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:00.335685000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494040.335685000", - "frame.time_delta": "0.000859000", - "frame.time_delta_displayed": "0.000859000", - "frame.time_relative": "448.874999000", - "frame.number": "1173", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x000094ec", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000022dd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47405", - "tcp.dstport": "80", - "tcp.port": "47405", - "tcp.port": "80", - "tcp.stream": "44", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000099dd", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003851000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:00.336179000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494040.336179000", - "frame.time_delta": "0.000494000", - "frame.time_delta_displayed": "0.000494000", - "frame.time_relative": "448.875493000", - "frame.number": "1174", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000aae7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000da2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47405", - "tcp.port": "80", - "tcp.port": "47405", - "tcp.stream": "44", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00002c32", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1173", - "tcp.analysis.ack_rtt": "0.000494000", - "tcp.analysis.initial_rtt": "0.003851000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:00.336825000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494040.336825000", - "frame.time_delta": "0.000646000", - "frame.time_delta_displayed": "0.000646000", - "frame.time_relative": "448.876139000", - "frame.number": "1175", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000aae8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000d90", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47405", - "tcp.port": "80", - "tcp.port": "47405", - "tcp.stream": "44", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00006c53", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003851000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:00.337176000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494040.337176000", - "frame.time_delta": "0.000351000", - "frame.time_delta_displayed": "0.000351000", - "frame.time_relative": "448.876490000", - "frame.number": "1176", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000aae9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000009bd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47405", - "tcp.port": "80", - "tcp.port": "47405", - "tcp.stream": "44", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000bebc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003851000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "1175", - "tcp.segment": "1176", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001491000", - "http.request_in": "1173", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:00.340793000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494040.340793000", - "frame.time_delta": "0.003617000", - "frame.time_delta_displayed": "0.003617000", - "frame.time_relative": "448.880107000", - "frame.number": "1177", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000aaea", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000009bc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47405", - "tcp.port": "80", - "tcp.port": "47405", - "tcp.stream": "44", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000bebc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003851000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.out_of_order": "", - "_ws.expert.message": "This frame is a (suspected) out-of-order segment", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - } - } - }, - "_ws.malformed": { - "_ws.expert": { - "_ws.malformed.reassembly": "", - "_ws.expert.message": "New fragment overlaps old data (retransmission?)", - "_ws.expert.severity": "8388608", - "_ws.expert.group": "117440512" - }, - "_ws.malformed": "Malformed Packet" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:00.341373000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494040.341373000", - "frame.time_delta": "0.000580000", - "frame.time_delta_displayed": "0.000580000", - "frame.time_relative": "448.880687000", - "frame.number": "1178", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000094ed", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000239c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47405", - "tcp.dstport": "80", - "tcp.port": "47405", - "tcp.port": "80", - "tcp.stream": "44", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00003992", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1175", - "tcp.analysis.ack_rtt": "0.004548000", - "tcp.analysis.initial_rtt": "0.003851000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:00.344646000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494040.344646000", - "frame.time_delta": "0.003273000", - "frame.time_delta_displayed": "0.003273000", - "frame.time_relative": "448.883960000", - "frame.number": "1179", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000094ee", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000239b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47405", - "tcp.dstport": "80", - "tcp.port": "47405", - "tcp.port": "80", - "tcp.stream": "44", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000035a7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1176", - "tcp.analysis.ack_rtt": "0.007470000", - "tcp.analysis.initial_rtt": "0.003851000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:00.344688000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494040.344688000", - "frame.time_delta": "0.000042000", - "frame.time_delta_displayed": "0.000042000", - "frame.time_relative": "448.884002000", - "frame.number": "1180", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x000094ef", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000238e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47405", - "tcp.dstport": "80", - "tcp.port": "47405", - "tcp.port": "80", - "tcp.stream": "44", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00009a02", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:05:0a:27:e3:88:f1:27:e3:8c:d5", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "SACK: 18-1014": { - "tcp.option_kind": "5", - "tcp.option_len": "10", - "tcp.options.sack": "1", - "tcp.options.sack_le": "18", - "tcp.options.sack_re": "1014", - "tcp.options.sack.count": "1" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003851000", - "tcp.analysis.flags": { - "tcp.analysis.duplicate_ack": "" - }, - "tcp.analysis.duplicate_ack_num": "1", - "tcp.analysis.duplicate_ack_frame": "1179", - "tcp.analysis.duplicate_ack_frame_tree": { - "_ws.expert": { - "tcp.analysis.duplicate_ack": "", - "_ws.expert.message": "Duplicate ACK (#1)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:00.345358000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494040.345358000", - "frame.time_delta": "0.000670000", - "frame.time_delta_displayed": "0.000670000", - "frame.time_relative": "448.884672000", - "frame.number": "1181", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000094f0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00002399", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47405", - "tcp.dstport": "80", - "tcp.port": "47405", - "tcp.port": "80", - "tcp.stream": "44", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000035a6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:00.345800000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494040.345800000", - "frame.time_delta": "0.000442000", - "frame.time_delta_displayed": "0.000442000", - "frame.time_relative": "448.885114000", - "frame.number": "1182", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d6ba", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e1ce", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47405", - "tcp.port": "80", - "tcp.port": "47405", - "tcp.stream": "44", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000283c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1181", - "tcp.analysis.ack_rtt": "0.000442000", - "tcp.analysis.initial_rtt": "0.003851000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:00.349824000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494040.349824000", - "frame.time_delta": "0.004024000", - "frame.time_delta_displayed": "0.004024000", - "frame.time_relative": "448.889138000", - "frame.number": "1183", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e7be", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d0ca", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47405", - "tcp.dstport": "80", - "tcp.port": "47405", - "tcp.port": "80", - "tcp.stream": "44", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000ebc8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:00.378138000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494040.378138000", - "frame.time_delta": "0.028314000", - "frame.time_delta_displayed": "0.028314000", - "frame.time_relative": "448.917452000", - "frame.number": "1184", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x000092ac", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000024ac", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "23", - "http.prev_response_in": "1169" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:00.383936000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494040.383936000", - "frame.time_delta": "0.005798000", - "frame.time_delta_displayed": "0.005798000", - "frame.time_relative": "448.923250000", - "frame.number": "1185", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x0000e847", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d02d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47406", - "tcp.dstport": "80", - "tcp.port": "47406", - "tcp.port": "80", - "tcp.stream": "45", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x00004411", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:02:cf:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 918223, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "918223", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:00.384468000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494040.384468000", - "frame.time_delta": "0.000532000", - "frame.time_delta_displayed": "0.000532000", - "frame.time_relative": "448.923782000", - "frame.number": "1186", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47406", - "tcp.port": "80", - "tcp.port": "47406", - "tcp.stream": "45", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000d637", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "1185", - "tcp.analysis.ack_rtt": "0.000532000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:00.387824000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494040.387824000", - "frame.time_delta": "0.003356000", - "frame.time_delta_displayed": "0.003356000", - "frame.time_relative": "448.927138000", - "frame.number": "1187", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e848", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d040", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47406", - "tcp.dstport": "80", - "tcp.port": "47406", - "tcp.port": "80", - "tcp.stream": "45", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000087bf", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1186", - "tcp.analysis.ack_rtt": "0.003356000", - "tcp.analysis.initial_rtt": "0.003888000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:00.387950000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494040.387950000", - "frame.time_delta": "0.000126000", - "frame.time_delta_displayed": "0.000126000", - "frame.time_relative": "448.927264000", - "frame.number": "1188", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x0000e849", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000cf7f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47406", - "tcp.dstport": "80", - "tcp.port": "47406", - "tcp.port": "80", - "tcp.stream": "45", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000e739", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003888000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:00.388389000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494040.388389000", - "frame.time_delta": "0.000439000", - "frame.time_delta_displayed": "0.000439000", - "frame.time_relative": "448.927703000", - "frame.number": "1189", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001ac3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009dc6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47406", - "tcp.port": "80", - "tcp.port": "47406", - "tcp.stream": "45", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000798e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1188", - "tcp.analysis.ack_rtt": "0.000439000", - "tcp.analysis.initial_rtt": "0.003888000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:00.389107000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494040.389107000", - "frame.time_delta": "0.000718000", - "frame.time_delta_displayed": "0.000718000", - "frame.time_relative": "448.928421000", - "frame.number": "1190", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00001ac4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009db4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47406", - "tcp.port": "80", - "tcp.port": "47406", - "tcp.stream": "45", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000b9af", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003888000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:00.389466000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494040.389466000", - "frame.time_delta": "0.000359000", - "frame.time_delta_displayed": "0.000359000", - "frame.time_relative": "448.928780000", - "frame.number": "1191", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00001ac5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000099e1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47406", - "tcp.port": "80", - "tcp.port": "47406", - "tcp.stream": "45", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00000c19", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003888000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "1190", - "tcp.segment": "1191", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001516000", - "http.request_in": "1188", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:00.390816000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494040.390816000", - "frame.time_delta": "0.001350000", - "frame.time_delta_displayed": "0.001350000", - "frame.time_relative": "448.930130000", - "frame.number": "1192", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00001ac6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000099e0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47406", - "tcp.port": "80", - "tcp.port": "47406", - "tcp.stream": "45", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00000c19", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003888000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.out_of_order": "", - "_ws.expert.message": "This frame is a (suspected) out-of-order segment", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - } - } - }, - "_ws.malformed": { - "_ws.expert": { - "_ws.malformed.reassembly": "", - "_ws.expert.message": "New fragment overlaps old data (retransmission?)", - "_ws.expert.severity": "8388608", - "_ws.expert.group": "117440512" - }, - "_ws.malformed": "Malformed Packet" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:00.392596000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494040.392596000", - "frame.time_delta": "0.001780000", - "frame.time_delta_displayed": "0.001780000", - "frame.time_relative": "448.931910000", - "frame.number": "1193", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e84a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d03e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47406", - "tcp.dstport": "80", - "tcp.port": "47406", - "tcp.port": "80", - "tcp.stream": "45", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000086ee", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1190", - "tcp.analysis.ack_rtt": "0.003489000", - "tcp.analysis.initial_rtt": "0.003888000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:00.392644000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494040.392644000", - "frame.time_delta": "0.000048000", - "frame.time_delta_displayed": "0.000048000", - "frame.time_relative": "448.931958000", - "frame.number": "1194", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e84b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d03d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47406", - "tcp.dstport": "80", - "tcp.port": "47406", - "tcp.port": "80", - "tcp.stream": "45", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00008303", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1191", - "tcp.analysis.ack_rtt": "0.003178000", - "tcp.analysis.initial_rtt": "0.003888000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:00.393372000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494040.393372000", - "frame.time_delta": "0.000728000", - "frame.time_delta_displayed": "0.000728000", - "frame.time_relative": "448.932686000", - "frame.number": "1195", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e84c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d03c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47406", - "tcp.dstport": "80", - "tcp.port": "47406", - "tcp.port": "80", - "tcp.stream": "45", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00008302", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:00.393493000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494040.393493000", - "frame.time_delta": "0.000121000", - "frame.time_delta_displayed": "0.000121000", - "frame.time_relative": "448.932807000", - "frame.number": "1196", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e7c3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d0c5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47406", - "tcp.dstport": "80", - "tcp.port": "47406", - "tcp.port": "80", - "tcp.stream": "45", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000ae0e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:00.393806000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494040.393806000", - "frame.time_delta": "0.000313000", - "frame.time_delta_displayed": "0.000313000", - "frame.time_relative": "448.933120000", - "frame.number": "1197", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d6be", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e1ca", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47406", - "tcp.port": "80", - "tcp.port": "47406", - "tcp.stream": "45", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00007598", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1195", - "tcp.analysis.ack_rtt": "0.000434000", - "tcp.analysis.initial_rtt": "0.003888000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:00.397082000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494040.397082000", - "frame.time_delta": "0.003276000", - "frame.time_delta_displayed": "0.003276000", - "frame.time_relative": "448.936396000", - "frame.number": "1198", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e7c4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d0c4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47406", - "tcp.dstport": "80", - "tcp.port": "47406", - "tcp.port": "80", - "tcp.stream": "45", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000ae0d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:00.431995000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494040.431995000", - "frame.time_delta": "0.034913000", - "frame.time_delta_displayed": "0.034913000", - "frame.time_relative": "448.971309000", - "frame.number": "1199", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x000092ad", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000024b1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "24", - "http.prev_response_in": "1184" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:00.439775000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494040.439775000", - "frame.time_delta": "0.007780000", - "frame.time_delta_displayed": "0.007780000", - "frame.time_relative": "448.979089000", - "frame.number": "1200", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x00004eab", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000069ca", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47407", - "tcp.dstport": "80", - "tcp.port": "47407", - "tcp.port": "80", - "tcp.stream": "46", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x0000e0c5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:02:d4:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 918228, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "918228", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:00.440308000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494040.440308000", - "frame.time_delta": "0.000533000", - "frame.time_delta_displayed": "0.000533000", - "frame.time_relative": "448.979622000", - "frame.number": "1201", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47407", - "tcp.port": "80", - "tcp.port": "47407", - "tcp.stream": "46", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000ce53", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "1200", - "tcp.analysis.ack_rtt": "0.000533000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:00.444927000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494040.444927000", - "frame.time_delta": "0.004619000", - "frame.time_delta_displayed": "0.004619000", - "frame.time_relative": "448.984241000", - "frame.number": "1202", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00004eac", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000069dd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47407", - "tcp.dstport": "80", - "tcp.port": "47407", - "tcp.port": "80", - "tcp.stream": "46", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00007fdb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1201", - "tcp.analysis.ack_rtt": "0.004619000", - "tcp.analysis.initial_rtt": "0.005152000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:00.445414000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494040.445414000", - "frame.time_delta": "0.000487000", - "frame.time_delta_displayed": "0.000487000", - "frame.time_relative": "448.984728000", - "frame.number": "1203", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x00004ead", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000691c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47407", - "tcp.dstport": "80", - "tcp.port": "47407", - "tcp.port": "80", - "tcp.stream": "46", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000df55", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005152000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:00.445888000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494040.445888000", - "frame.time_delta": "0.000474000", - "frame.time_delta_displayed": "0.000474000", - "frame.time_relative": "448.985202000", - "frame.number": "1204", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000a357", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001532", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47407", - "tcp.port": "80", - "tcp.port": "47407", - "tcp.stream": "46", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000071aa", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1203", - "tcp.analysis.ack_rtt": "0.000474000", - "tcp.analysis.initial_rtt": "0.005152000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:00.446558000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494040.446558000", - "frame.time_delta": "0.000670000", - "frame.time_delta_displayed": "0.000670000", - "frame.time_relative": "448.985872000", - "frame.number": "1205", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000a358", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001520", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47407", - "tcp.port": "80", - "tcp.port": "47407", - "tcp.stream": "46", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000b1cb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005152000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:00.446903000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494040.446903000", - "frame.time_delta": "0.000345000", - "frame.time_delta_displayed": "0.000345000", - "frame.time_relative": "448.986217000", - "frame.number": "1206", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000a359", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000114d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47407", - "tcp.port": "80", - "tcp.port": "47407", - "tcp.stream": "46", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00000435", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005152000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "1205", - "tcp.segment": "1206", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001489000", - "http.request_in": "1203", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:00.451845000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494040.451845000", - "frame.time_delta": "0.004942000", - "frame.time_delta_displayed": "0.004942000", - "frame.time_relative": "448.991159000", - "frame.number": "1207", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00004eae", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000069db", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47407", - "tcp.dstport": "80", - "tcp.port": "47407", - "tcp.port": "80", - "tcp.stream": "46", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00007f0a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1205", - "tcp.analysis.ack_rtt": "0.005287000", - "tcp.analysis.initial_rtt": "0.005152000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:00.451896000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494040.451896000", - "frame.time_delta": "0.000051000", - "frame.time_delta_displayed": "0.000051000", - "frame.time_relative": "448.991210000", - "frame.number": "1208", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00004eaf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000069da", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47407", - "tcp.dstport": "80", - "tcp.port": "47407", - "tcp.port": "80", - "tcp.stream": "46", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00007b1f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1206", - "tcp.analysis.ack_rtt": "0.004993000", - "tcp.analysis.initial_rtt": "0.005152000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:00.452518000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494040.452518000", - "frame.time_delta": "0.000622000", - "frame.time_delta_displayed": "0.000622000", - "frame.time_relative": "448.991832000", - "frame.number": "1209", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00004eb0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000069d9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47407", - "tcp.dstport": "80", - "tcp.port": "47407", - "tcp.port": "80", - "tcp.stream": "46", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00007b1e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:00.453108000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494040.453108000", - "frame.time_delta": "0.000590000", - "frame.time_delta_displayed": "0.000590000", - "frame.time_relative": "448.992422000", - "frame.number": "1210", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d6c3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e1c5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47407", - "tcp.port": "80", - "tcp.port": "47407", - "tcp.stream": "46", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00006db4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1209", - "tcp.analysis.ack_rtt": "0.000590000", - "tcp.analysis.initial_rtt": "0.005152000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:00.457505000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494040.457505000", - "frame.time_delta": "0.004397000", - "frame.time_delta_displayed": "0.004397000", - "frame.time_relative": "448.996819000", - "frame.number": "1211", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e7c7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d0c1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47407", - "tcp.dstport": "80", - "tcp.port": "47407", - "tcp.port": "80", - "tcp.stream": "46", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00004ac7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:00.905717000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494040.905717000", - "frame.time_delta": "0.448212000", - "frame.time_delta_displayed": "0.448212000", - "frame.time_relative": "449.445031000", - "frame.number": "1212", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x000092be", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000024a3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "25", - "http.prev_response_in": "1199" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:00.935933000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494040.935933000", - "frame.time_delta": "0.030216000", - "frame.time_delta_displayed": "0.030216000", - "frame.time_relative": "449.475247000", - "frame.number": "1213", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x000007ad", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b0c8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47408", - "tcp.dstport": "80", - "tcp.port": "47408", - "tcp.port": "80", - "tcp.stream": "47", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x00001c5e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:03:06:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 918278, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "918278", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:00.936481000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494040.936481000", - "frame.time_delta": "0.000548000", - "frame.time_delta_displayed": "0.000548000", - "frame.time_relative": "449.475795000", - "frame.number": "1214", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47408", - "tcp.port": "80", - "tcp.port": "47408", - "tcp.stream": "47", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000f486", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "1213", - "tcp.analysis.ack_rtt": "0.000548000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:00.941139000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494040.941139000", - "frame.time_delta": "0.004658000", - "frame.time_delta_displayed": "0.004658000", - "frame.time_relative": "449.480453000", - "frame.number": "1215", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000007ae", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b0db", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47408", - "tcp.dstport": "80", - "tcp.port": "47408", - "tcp.port": "80", - "tcp.stream": "47", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000a60e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1214", - "tcp.analysis.ack_rtt": "0.004658000", - "tcp.analysis.initial_rtt": "0.005206000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:00.941269000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494040.941269000", - "frame.time_delta": "0.000130000", - "frame.time_delta_displayed": "0.000130000", - "frame.time_relative": "449.480583000", - "frame.number": "1216", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x000007af", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b01a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47408", - "tcp.dstport": "80", - "tcp.port": "47408", - "tcp.port": "80", - "tcp.stream": "47", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00000589", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005206000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:00.941723000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494040.941723000", - "frame.time_delta": "0.000454000", - "frame.time_delta_displayed": "0.000454000", - "frame.time_relative": "449.481037000", - "frame.number": "1217", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000df41", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d947", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47408", - "tcp.port": "80", - "tcp.port": "47408", - "tcp.stream": "47", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000097dd", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1216", - "tcp.analysis.ack_rtt": "0.000454000", - "tcp.analysis.initial_rtt": "0.005206000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:00.942413000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494040.942413000", - "frame.time_delta": "0.000690000", - "frame.time_delta_displayed": "0.000690000", - "frame.time_relative": "449.481727000", - "frame.number": "1218", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000df42", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d935", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47408", - "tcp.port": "80", - "tcp.port": "47408", - "tcp.stream": "47", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000d7fe", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005206000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:00.942804000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494040.942804000", - "frame.time_delta": "0.000391000", - "frame.time_delta_displayed": "0.000391000", - "frame.time_relative": "449.482118000", - "frame.number": "1219", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000df43", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d562", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47408", - "tcp.port": "80", - "tcp.port": "47408", - "tcp.stream": "47", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00002a68", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005206000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "1218", - "tcp.segment": "1219", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001535000", - "http.request_in": "1216", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:00.945663000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494040.945663000", - "frame.time_delta": "0.002859000", - "frame.time_delta_displayed": "0.002859000", - "frame.time_relative": "449.484977000", - "frame.number": "1220", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000007b0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b0d9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47408", - "tcp.dstport": "80", - "tcp.port": "47408", - "tcp.port": "80", - "tcp.stream": "47", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000a53d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1218", - "tcp.analysis.ack_rtt": "0.003250000", - "tcp.analysis.initial_rtt": "0.005206000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:00.947219000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494040.947219000", - "frame.time_delta": "0.001556000", - "frame.time_delta_displayed": "0.001556000", - "frame.time_relative": "449.486533000", - "frame.number": "1221", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000007b1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b0d8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47408", - "tcp.dstport": "80", - "tcp.port": "47408", - "tcp.port": "80", - "tcp.stream": "47", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000a152", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1219", - "tcp.analysis.ack_rtt": "0.004415000", - "tcp.analysis.initial_rtt": "0.005206000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:00.948171000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494040.948171000", - "frame.time_delta": "0.000952000", - "frame.time_delta_displayed": "0.000952000", - "frame.time_relative": "449.487485000", - "frame.number": "1222", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000007b2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b0d7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47408", - "tcp.dstport": "80", - "tcp.port": "47408", - "tcp.port": "80", - "tcp.stream": "47", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000a151", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:00.948620000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494040.948620000", - "frame.time_delta": "0.000449000", - "frame.time_delta_displayed": "0.000449000", - "frame.time_relative": "449.487934000", - "frame.number": "1223", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d6e0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e1a8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47408", - "tcp.port": "80", - "tcp.port": "47408", - "tcp.stream": "47", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000093e7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1222", - "tcp.analysis.ack_rtt": "0.000449000", - "tcp.analysis.initial_rtt": "0.005206000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:00.951833000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494040.951833000", - "frame.time_delta": "0.003213000", - "frame.time_delta_displayed": "0.003213000", - "frame.time_relative": "449.491147000", - "frame.number": "1224", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e7c8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d0c0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47408", - "tcp.dstport": "80", - "tcp.port": "47408", - "tcp.port": "80", - "tcp.stream": "47", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00008691", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:00.958996000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494040.958996000", - "frame.time_delta": "0.007163000", - "frame.time_delta_displayed": "0.007163000", - "frame.time_relative": "449.498310000", - "frame.number": "1225", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x000092c2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00002496", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "26", - "http.prev_response_in": "1212" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:00.966066000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494040.966066000", - "frame.time_delta": "0.007070000", - "frame.time_delta_displayed": "0.007070000", - "frame.time_relative": "449.505380000", - "frame.number": "1226", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x0000c86a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f00a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47409", - "tcp.dstport": "80", - "tcp.port": "47409", - "tcp.port": "80", - "tcp.stream": "48", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x000045fb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:03:09:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 918281, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "918281", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:00.966602000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494040.966602000", - "frame.time_delta": "0.000536000", - "frame.time_delta_displayed": "0.000536000", - "frame.time_relative": "449.505916000", - "frame.number": "1227", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47409", - "tcp.port": "80", - "tcp.port": "47409", - "tcp.stream": "48", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00005d6e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "1226", - "tcp.analysis.ack_rtt": "0.000536000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:00.969674000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494040.969674000", - "frame.time_delta": "0.003072000", - "frame.time_delta_displayed": "0.003072000", - "frame.time_relative": "449.508988000", - "frame.number": "1228", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000c86b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f01d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47409", - "tcp.dstport": "80", - "tcp.port": "47409", - "tcp.port": "80", - "tcp.stream": "48", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00000ef6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1227", - "tcp.analysis.ack_rtt": "0.003072000", - "tcp.analysis.initial_rtt": "0.003608000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:00.969818000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494040.969818000", - "frame.time_delta": "0.000144000", - "frame.time_delta_displayed": "0.000144000", - "frame.time_relative": "449.509132000", - "frame.number": "1229", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x0000c86c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ef5c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47409", - "tcp.dstport": "80", - "tcp.port": "47409", - "tcp.port": "80", - "tcp.stream": "48", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00006e70", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003608000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:00.970241000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494040.970241000", - "frame.time_delta": "0.000423000", - "frame.time_delta_displayed": "0.000423000", - "frame.time_relative": "449.509555000", - "frame.number": "1230", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000f47e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000c40a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47409", - "tcp.port": "80", - "tcp.port": "47409", - "tcp.stream": "48", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000000c5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1229", - "tcp.analysis.ack_rtt": "0.000423000", - "tcp.analysis.initial_rtt": "0.003608000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:00.971014000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494040.971014000", - "frame.time_delta": "0.000773000", - "frame.time_delta_displayed": "0.000773000", - "frame.time_relative": "449.510328000", - "frame.number": "1231", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000f47f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000c3f8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47409", - "tcp.port": "80", - "tcp.port": "47409", - "tcp.stream": "48", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000040e6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003608000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:00.971428000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494040.971428000", - "frame.time_delta": "0.000414000", - "frame.time_delta_displayed": "0.000414000", - "frame.time_relative": "449.510742000", - "frame.number": "1232", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000f480", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000c025", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47409", - "tcp.port": "80", - "tcp.port": "47409", - "tcp.stream": "48", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000934f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003608000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "1231", - "tcp.segment": "1232", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001610000", - "http.request_in": "1229", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:00.979141000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494040.979141000", - "frame.time_delta": "0.007713000", - "frame.time_delta_displayed": "0.007713000", - "frame.time_relative": "449.518455000", - "frame.number": "1233", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000c86d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f01b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47409", - "tcp.dstport": "80", - "tcp.port": "47409", - "tcp.port": "80", - "tcp.stream": "48", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00000e25", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1231", - "tcp.analysis.ack_rtt": "0.008127000", - "tcp.analysis.initial_rtt": "0.003608000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:00.979275000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494040.979275000", - "frame.time_delta": "0.000134000", - "frame.time_delta_displayed": "0.000134000", - "frame.time_relative": "449.518589000", - "frame.number": "1234", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000c86e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f01a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47409", - "tcp.dstport": "80", - "tcp.port": "47409", - "tcp.port": "80", - "tcp.stream": "48", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00000a3a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1232", - "tcp.analysis.ack_rtt": "0.007847000", - "tcp.analysis.initial_rtt": "0.003608000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:00.980419000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494040.980419000", - "frame.time_delta": "0.001144000", - "frame.time_delta_displayed": "0.001144000", - "frame.time_relative": "449.519733000", - "frame.number": "1235", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000c86f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f019", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47409", - "tcp.dstport": "80", - "tcp.port": "47409", - "tcp.port": "80", - "tcp.stream": "48", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00000a39", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:00.980897000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494040.980897000", - "frame.time_delta": "0.000478000", - "frame.time_delta_displayed": "0.000478000", - "frame.time_relative": "449.520211000", - "frame.number": "1236", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d6e1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e1a7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47409", - "tcp.port": "80", - "tcp.port": "47409", - "tcp.stream": "48", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000fcce", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1235", - "tcp.analysis.ack_rtt": "0.000478000", - "tcp.analysis.initial_rtt": "0.003608000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:00.985250000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494040.985250000", - "frame.time_delta": "0.004353000", - "frame.time_delta_displayed": "0.004353000", - "frame.time_relative": "449.524564000", - "frame.number": "1237", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e7c9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d0bf", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47409", - "tcp.dstport": "80", - "tcp.port": "47409", - "tcp.port": "80", - "tcp.stream": "48", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000b031", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:01.011966000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494041.011966000", - "frame.time_delta": "0.026716000", - "frame.time_delta_displayed": "0.026716000", - "frame.time_relative": "449.551280000", - "frame.number": "1238", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x000092c3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000249b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "27", - "http.prev_response_in": "1225" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:01.020925000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494041.020925000", - "frame.time_delta": "0.008959000", - "frame.time_delta_displayed": "0.008959000", - "frame.time_relative": "449.560239000", - "frame.number": "1239", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x0000353a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000833b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47410", - "tcp.dstport": "80", - "tcp.port": "47410", - "tcp.port": "80", - "tcp.stream": "49", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x00003e26", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:03:0e:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 918286, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "918286", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:01.021459000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494041.021459000", - "frame.time_delta": "0.000534000", - "frame.time_delta_displayed": "0.000534000", - "frame.time_relative": "449.560773000", - "frame.number": "1240", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47410", - "tcp.port": "80", - "tcp.port": "47410", - "tcp.stream": "49", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000e622", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "1239", - "tcp.analysis.ack_rtt": "0.000534000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:01.025409000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494041.025409000", - "frame.time_delta": "0.003950000", - "frame.time_delta_displayed": "0.003950000", - "frame.time_relative": "449.564723000", - "frame.number": "1241", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000353b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000834e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47410", - "tcp.dstport": "80", - "tcp.port": "47410", - "tcp.port": "80", - "tcp.stream": "49", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000097aa", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1240", - "tcp.analysis.ack_rtt": "0.003950000", - "tcp.analysis.initial_rtt": "0.004484000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:01.025528000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494041.025528000", - "frame.time_delta": "0.000119000", - "frame.time_delta_displayed": "0.000119000", - "frame.time_relative": "449.564842000", - "frame.number": "1242", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x0000353c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000828d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47410", - "tcp.dstport": "80", - "tcp.port": "47410", - "tcp.port": "80", - "tcp.stream": "49", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000f724", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004484000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:01.025969000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494041.025969000", - "frame.time_delta": "0.000441000", - "frame.time_delta_displayed": "0.000441000", - "frame.time_relative": "449.565283000", - "frame.number": "1243", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000df71", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d917", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47410", - "tcp.port": "80", - "tcp.port": "47410", - "tcp.stream": "49", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00008979", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1242", - "tcp.analysis.ack_rtt": "0.000441000", - "tcp.analysis.initial_rtt": "0.004484000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:01.026650000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494041.026650000", - "frame.time_delta": "0.000681000", - "frame.time_delta_displayed": "0.000681000", - "frame.time_relative": "449.565964000", - "frame.number": "1244", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000df72", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d905", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47410", - "tcp.port": "80", - "tcp.port": "47410", - "tcp.stream": "49", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000c99a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004484000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:01.027093000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494041.027093000", - "frame.time_delta": "0.000443000", - "frame.time_delta_displayed": "0.000443000", - "frame.time_relative": "449.566407000", - "frame.number": "1245", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000df73", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d532", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47410", - "tcp.port": "80", - "tcp.port": "47410", - "tcp.stream": "49", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00001c04", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004484000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "1244", - "tcp.segment": "1245", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001565000", - "http.request_in": "1242", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:01.030791000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494041.030791000", - "frame.time_delta": "0.003698000", - "frame.time_delta_displayed": "0.003698000", - "frame.time_relative": "449.570105000", - "frame.number": "1246", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000df74", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d531", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47410", - "tcp.port": "80", - "tcp.port": "47410", - "tcp.stream": "49", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00001c04", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004484000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.out_of_order": "", - "_ws.expert.message": "This frame is a (suspected) out-of-order segment", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - } - } - }, - "_ws.malformed": { - "_ws.expert": { - "_ws.malformed.reassembly": "", - "_ws.expert.message": "New fragment overlaps old data (retransmission?)", - "_ws.expert.severity": "8388608", - "_ws.expert.group": "117440512" - }, - "_ws.malformed": "Malformed Packet" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:01.031323000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494041.031323000", - "frame.time_delta": "0.000532000", - "frame.time_delta_displayed": "0.000532000", - "frame.time_relative": "449.570637000", - "frame.number": "1247", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000353d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000834c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47410", - "tcp.dstport": "80", - "tcp.port": "47410", - "tcp.port": "80", - "tcp.stream": "49", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000096d9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1244", - "tcp.analysis.ack_rtt": "0.004673000", - "tcp.analysis.initial_rtt": "0.004484000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:01.031370000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494041.031370000", - "frame.time_delta": "0.000047000", - "frame.time_delta_displayed": "0.000047000", - "frame.time_relative": "449.570684000", - "frame.number": "1248", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000353e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000834b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47410", - "tcp.dstport": "80", - "tcp.port": "47410", - "tcp.port": "80", - "tcp.stream": "49", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000092ee", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1245", - "tcp.analysis.ack_rtt": "0.004277000", - "tcp.analysis.initial_rtt": "0.004484000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:01.032062000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494041.032062000", - "frame.time_delta": "0.000692000", - "frame.time_delta_displayed": "0.000692000", - "frame.time_relative": "449.571376000", - "frame.number": "1249", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000353f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000834a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47410", - "tcp.dstport": "80", - "tcp.port": "47410", - "tcp.port": "80", - "tcp.stream": "49", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000092ed", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:01.032484000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494041.032484000", - "frame.time_delta": "0.000422000", - "frame.time_delta_displayed": "0.000422000", - "frame.time_relative": "449.571798000", - "frame.number": "1250", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d6e3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e1a5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47410", - "tcp.port": "80", - "tcp.port": "47410", - "tcp.stream": "49", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00008583", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1249", - "tcp.analysis.ack_rtt": "0.000422000", - "tcp.analysis.initial_rtt": "0.004484000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:01.034656000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494041.034656000", - "frame.time_delta": "0.002172000", - "frame.time_delta_displayed": "0.002172000", - "frame.time_relative": "449.573970000", - "frame.number": "1251", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e7cd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d0bb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47410", - "tcp.dstport": "80", - "tcp.port": "47410", - "tcp.port": "80", - "tcp.stream": "49", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000a862", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:01.035172000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494041.035172000", - "frame.time_delta": "0.000516000", - "frame.time_delta_displayed": "0.000516000", - "frame.time_relative": "449.574486000", - "frame.number": "1252", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e7ce", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d0ba", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47410", - "tcp.dstport": "80", - "tcp.port": "47410", - "tcp.port": "80", - "tcp.stream": "49", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000a861", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:01.959964000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494041.959964000", - "frame.time_delta": "0.924792000", - "frame.time_delta_displayed": "0.924792000", - "frame.time_relative": "450.499278000", - "frame.number": "1253", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x000092fa", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00002467", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "28", - "http.prev_response_in": "1238" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:01.999113000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494041.999113000", - "frame.time_delta": "0.039149000", - "frame.time_delta_displayed": "0.039149000", - "frame.time_relative": "450.538427000", - "frame.number": "1254", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x00002ea7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000089ce", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47411", - "tcp.dstport": "80", - "tcp.port": "47411", - "tcp.port": "80", - "tcp.stream": "50", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x00004b8d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:03:70:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 918384, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "918384", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:01.999682000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494041.999682000", - "frame.time_delta": "0.000569000", - "frame.time_delta_displayed": "0.000569000", - "frame.time_relative": "450.538996000", - "frame.number": "1255", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47411", - "tcp.port": "80", - "tcp.port": "47411", - "tcp.stream": "50", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00006764", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "1254", - "tcp.analysis.ack_rtt": "0.000569000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:02.003599000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494042.003599000", - "frame.time_delta": "0.003917000", - "frame.time_delta_displayed": "0.003917000", - "frame.time_relative": "450.542913000", - "frame.number": "1256", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002ea8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000089e1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47411", - "tcp.dstport": "80", - "tcp.port": "47411", - "tcp.port": "80", - "tcp.stream": "50", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000018ec", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1255", - "tcp.analysis.ack_rtt": "0.003917000", - "tcp.analysis.initial_rtt": "0.004486000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:02.004072000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494042.004072000", - "frame.time_delta": "0.000473000", - "frame.time_delta_displayed": "0.000473000", - "frame.time_relative": "450.543386000", - "frame.number": "1257", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x00002ea9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008920", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47411", - "tcp.dstport": "80", - "tcp.port": "47411", - "tcp.port": "80", - "tcp.stream": "50", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00007866", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004486000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:02.004559000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494042.004559000", - "frame.time_delta": "0.000487000", - "frame.time_delta_displayed": "0.000487000", - "frame.time_relative": "450.543873000", - "frame.number": "1258", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000ba62", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000fe26", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47411", - "tcp.port": "80", - "tcp.port": "47411", - "tcp.stream": "50", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00000abb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1257", - "tcp.analysis.ack_rtt": "0.000487000", - "tcp.analysis.initial_rtt": "0.004486000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:02.005204000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494042.005204000", - "frame.time_delta": "0.000645000", - "frame.time_delta_displayed": "0.000645000", - "frame.time_relative": "450.544518000", - "frame.number": "1259", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000ba63", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000fe14", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47411", - "tcp.port": "80", - "tcp.port": "47411", - "tcp.stream": "50", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00004adc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004486000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:02.005631000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494042.005631000", - "frame.time_delta": "0.000427000", - "frame.time_delta_displayed": "0.000427000", - "frame.time_relative": "450.544945000", - "frame.number": "1260", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000ba64", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000fa41", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47411", - "tcp.port": "80", - "tcp.port": "47411", - "tcp.stream": "50", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00009d45", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004486000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "1259", - "tcp.segment": "1260", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001559000", - "http.request_in": "1257", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:02.009025000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494042.009025000", - "frame.time_delta": "0.003394000", - "frame.time_delta_displayed": "0.003394000", - "frame.time_relative": "450.548339000", - "frame.number": "1261", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002eaa", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000089df", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47411", - "tcp.dstport": "80", - "tcp.port": "47411", - "tcp.port": "80", - "tcp.stream": "50", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000181b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1259", - "tcp.analysis.ack_rtt": "0.003821000", - "tcp.analysis.initial_rtt": "0.004486000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:02.009143000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494042.009143000", - "frame.time_delta": "0.000118000", - "frame.time_delta_displayed": "0.000118000", - "frame.time_relative": "450.548457000", - "frame.number": "1262", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002eab", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000089de", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47411", - "tcp.dstport": "80", - "tcp.port": "47411", - "tcp.port": "80", - "tcp.stream": "50", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00001430", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1260", - "tcp.analysis.ack_rtt": "0.003512000", - "tcp.analysis.initial_rtt": "0.004486000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:02.012290000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494042.012290000", - "frame.time_delta": "0.003147000", - "frame.time_delta_displayed": "0.003147000", - "frame.time_relative": "450.551604000", - "frame.number": "1263", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002eac", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000089dd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47411", - "tcp.dstport": "80", - "tcp.port": "47411", - "tcp.port": "80", - "tcp.stream": "50", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000142f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:02.012759000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494042.012759000", - "frame.time_delta": "0.000469000", - "frame.time_delta_displayed": "0.000469000", - "frame.time_relative": "450.552073000", - "frame.number": "1264", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d72e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e15a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47411", - "tcp.port": "80", - "tcp.port": "47411", - "tcp.stream": "50", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000006c5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1263", - "tcp.analysis.ack_rtt": "0.000469000", - "tcp.analysis.initial_rtt": "0.004486000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:02.012770000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494042.012770000", - "frame.time_delta": "0.000011000", - "frame.time_delta_displayed": "0.000011000", - "frame.time_relative": "450.552084000", - "frame.number": "1265", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x000092fd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000245b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "29", - "http.prev_response_in": "1253" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:02.016098000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494042.016098000", - "frame.time_delta": "0.003328000", - "frame.time_delta_displayed": "0.003328000", - "frame.time_relative": "450.555412000", - "frame.number": "1266", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e80e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d07a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47411", - "tcp.dstport": "80", - "tcp.port": "47411", - "tcp.port": "80", - "tcp.stream": "50", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000b62a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:02.020004000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494042.020004000", - "frame.time_delta": "0.003906000", - "frame.time_delta_displayed": "0.003906000", - "frame.time_relative": "450.559318000", - "frame.number": "1267", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x0000b6ef", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000186", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47412", - "tcp.dstport": "80", - "tcp.port": "47412", - "tcp.port": "80", - "tcp.stream": "51", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x00009ac7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:03:72:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 918386, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "918386", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:02.020519000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494042.020519000", - "frame.time_delta": "0.000515000", - "frame.time_delta_displayed": "0.000515000", - "frame.time_relative": "450.559833000", - "frame.number": "1268", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47412", - "tcp.port": "80", - "tcp.port": "47412", - "tcp.stream": "51", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000567b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "1267", - "tcp.analysis.ack_rtt": "0.000515000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:02.025565000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494042.025565000", - "frame.time_delta": "0.005046000", - "frame.time_delta_displayed": "0.005046000", - "frame.time_relative": "450.564879000", - "frame.number": "1269", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000b6f0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000199", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47412", - "tcp.dstport": "80", - "tcp.port": "47412", - "tcp.port": "80", - "tcp.stream": "51", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00000803", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1268", - "tcp.analysis.ack_rtt": "0.005046000", - "tcp.analysis.initial_rtt": "0.005561000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:02.026138000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494042.026138000", - "frame.time_delta": "0.000573000", - "frame.time_delta_displayed": "0.000573000", - "frame.time_relative": "450.565452000", - "frame.number": "1270", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x0000b6f1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000000d8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47412", - "tcp.dstport": "80", - "tcp.port": "47412", - "tcp.port": "80", - "tcp.stream": "51", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000677d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005561000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:02.026630000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494042.026630000", - "frame.time_delta": "0.000492000", - "frame.time_delta_displayed": "0.000492000", - "frame.time_relative": "450.565944000", - "frame.number": "1271", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000078f3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003f96", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47412", - "tcp.port": "80", - "tcp.port": "47412", - "tcp.stream": "51", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000f9d1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1270", - "tcp.analysis.ack_rtt": "0.000492000", - "tcp.analysis.initial_rtt": "0.005561000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:02.027337000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494042.027337000", - "frame.time_delta": "0.000707000", - "frame.time_delta_displayed": "0.000707000", - "frame.time_relative": "450.566651000", - "frame.number": "1272", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x000078f4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003f84", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47412", - "tcp.port": "80", - "tcp.port": "47412", - "tcp.stream": "51", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000039f3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005561000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:02.027698000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494042.027698000", - "frame.time_delta": "0.000361000", - "frame.time_delta_displayed": "0.000361000", - "frame.time_relative": "450.567012000", - "frame.number": "1273", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x000078f5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003bb1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47412", - "tcp.port": "80", - "tcp.port": "47412", - "tcp.stream": "51", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00008c5c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005561000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "1272", - "tcp.segment": "1273", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001560000", - "http.request_in": "1270", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:02.038001000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494042.038001000", - "frame.time_delta": "0.010303000", - "frame.time_delta_displayed": "0.010303000", - "frame.time_relative": "450.577315000", - "frame.number": "1274", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000b6f2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000197", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47412", - "tcp.dstport": "80", - "tcp.port": "47412", - "tcp.port": "80", - "tcp.stream": "51", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00000732", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1272", - "tcp.analysis.ack_rtt": "0.010664000", - "tcp.analysis.initial_rtt": "0.005561000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:02.042509000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494042.042509000", - "frame.time_delta": "0.004508000", - "frame.time_delta_displayed": "0.004508000", - "frame.time_relative": "450.581823000", - "frame.number": "1275", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000b6f3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000196", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47412", - "tcp.dstport": "80", - "tcp.port": "47412", - "tcp.port": "80", - "tcp.stream": "51", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00000347", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1273", - "tcp.analysis.ack_rtt": "0.014811000", - "tcp.analysis.initial_rtt": "0.005561000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:02.042620000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494042.042620000", - "frame.time_delta": "0.000111000", - "frame.time_delta_displayed": "0.000111000", - "frame.time_relative": "450.581934000", - "frame.number": "1276", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000b6f4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000195", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47412", - "tcp.dstport": "80", - "tcp.port": "47412", - "tcp.port": "80", - "tcp.stream": "51", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00000346", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:02.043069000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494042.043069000", - "frame.time_delta": "0.000449000", - "frame.time_delta_displayed": "0.000449000", - "frame.time_relative": "450.582383000", - "frame.number": "1277", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d72f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e159", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47412", - "tcp.port": "80", - "tcp.port": "47412", - "tcp.stream": "51", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000f5db", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1276", - "tcp.analysis.ack_rtt": "0.000449000", - "tcp.analysis.initial_rtt": "0.005561000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:02.047730000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494042.047730000", - "frame.time_delta": "0.004661000", - "frame.time_delta_displayed": "0.004661000", - "frame.time_relative": "450.587044000", - "frame.number": "1278", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e810", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d078", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47412", - "tcp.dstport": "80", - "tcp.port": "47412", - "tcp.port": "80", - "tcp.stream": "51", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00000567", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:02.065799000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494042.065799000", - "frame.time_delta": "0.018069000", - "frame.time_delta_displayed": "0.018069000", - "frame.time_relative": "450.605113000", - "frame.number": "1279", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00009301", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000245d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "30", - "http.prev_response_in": "1265" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:02.073974000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494042.073974000", - "frame.time_delta": "0.008175000", - "frame.time_delta_displayed": "0.008175000", - "frame.time_relative": "450.613288000", - "frame.number": "1280", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x00003b18", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007d5d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47413", - "tcp.dstport": "80", - "tcp.port": "47413", - "tcp.port": "80", - "tcp.stream": "52", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x0000d0e9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:03:78:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 918392, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "918392", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:02.074506000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494042.074506000", - "frame.time_delta": "0.000532000", - "frame.time_delta_displayed": "0.000532000", - "frame.time_relative": "450.613820000", - "frame.number": "1281", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47413", - "tcp.port": "80", - "tcp.port": "47413", - "tcp.stream": "52", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00009fb3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "1280", - "tcp.analysis.ack_rtt": "0.000532000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:02.078276000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494042.078276000", - "frame.time_delta": "0.003770000", - "frame.time_delta_displayed": "0.003770000", - "frame.time_relative": "450.617590000", - "frame.number": "1282", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00003b19", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007d70", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47413", - "tcp.dstport": "80", - "tcp.port": "47413", - "tcp.port": "80", - "tcp.stream": "52", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000513b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1281", - "tcp.analysis.ack_rtt": "0.003770000", - "tcp.analysis.initial_rtt": "0.004302000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:02.078687000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494042.078687000", - "frame.time_delta": "0.000411000", - "frame.time_delta_displayed": "0.000411000", - "frame.time_relative": "450.618001000", - "frame.number": "1283", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x00003b1a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007caf", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47413", - "tcp.dstport": "80", - "tcp.port": "47413", - "tcp.port": "80", - "tcp.stream": "52", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000b0b5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004302000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:02.079168000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494042.079168000", - "frame.time_delta": "0.000481000", - "frame.time_delta_displayed": "0.000481000", - "frame.time_relative": "450.618482000", - "frame.number": "1284", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000f2a5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000c5e3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47413", - "tcp.port": "80", - "tcp.port": "47413", - "tcp.stream": "52", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000430a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1283", - "tcp.analysis.ack_rtt": "0.000481000", - "tcp.analysis.initial_rtt": "0.004302000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:02.079886000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494042.079886000", - "frame.time_delta": "0.000718000", - "frame.time_delta_displayed": "0.000718000", - "frame.time_relative": "450.619200000", - "frame.number": "1285", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000f2a6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000c5d1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47413", - "tcp.port": "80", - "tcp.port": "47413", - "tcp.stream": "52", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000832b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004302000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:02.080247000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494042.080247000", - "frame.time_delta": "0.000361000", - "frame.time_delta_displayed": "0.000361000", - "frame.time_relative": "450.619561000", - "frame.number": "1286", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000f2a7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000c1fe", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47413", - "tcp.port": "80", - "tcp.port": "47413", - "tcp.stream": "52", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000d594", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004302000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "1285", - "tcp.segment": "1286", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001560000", - "http.request_in": "1283", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:02.080857000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494042.080857000", - "frame.time_delta": "0.000610000", - "frame.time_delta_displayed": "0.000610000", - "frame.time_relative": "450.620171000", - "frame.number": "1287", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000f2a8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000c1fd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47413", - "tcp.port": "80", - "tcp.port": "47413", - "tcp.stream": "52", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000d594", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004302000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.out_of_order": "", - "_ws.expert.message": "This frame is a (suspected) out-of-order segment", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - } - } - }, - "_ws.malformed": { - "_ws.expert": { - "_ws.malformed.reassembly": "", - "_ws.expert.message": "New fragment overlaps old data (retransmission?)", - "_ws.expert.severity": "8388608", - "_ws.expert.group": "117440512" - }, - "_ws.malformed": "Malformed Packet" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:02.087340000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494042.087340000", - "frame.time_delta": "0.006483000", - "frame.time_delta_displayed": "0.006483000", - "frame.time_relative": "450.626654000", - "frame.number": "1288", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00003b1b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007d6e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47413", - "tcp.dstport": "80", - "tcp.port": "47413", - "tcp.port": "80", - "tcp.stream": "52", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000506a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1285", - "tcp.analysis.ack_rtt": "0.007454000", - "tcp.analysis.initial_rtt": "0.004302000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:02.087455000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494042.087455000", - "frame.time_delta": "0.000115000", - "frame.time_delta_displayed": "0.000115000", - "frame.time_relative": "450.626769000", - "frame.number": "1289", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00003b1c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007d6d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47413", - "tcp.dstport": "80", - "tcp.port": "47413", - "tcp.port": "80", - "tcp.stream": "52", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00004c7f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1286", - "tcp.analysis.ack_rtt": "0.007208000", - "tcp.analysis.initial_rtt": "0.004302000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:02.087981000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494042.087981000", - "frame.time_delta": "0.000526000", - "frame.time_delta_displayed": "0.000526000", - "frame.time_relative": "450.627295000", - "frame.number": "1290", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00003b1d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007d60", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47413", - "tcp.dstport": "80", - "tcp.port": "47413", - "tcp.port": "80", - "tcp.stream": "52", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00003efe", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:05:0a:19:a1:d0:21:19:a1:d4:05", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "SACK: 18-1014": { - "tcp.option_kind": "5", - "tcp.option_len": "10", - "tcp.options.sack": "1", - "tcp.options.sack_le": "18", - "tcp.options.sack_re": "1014", - "tcp.options.sack.count": "1" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004302000", - "tcp.analysis.flags": { - "tcp.analysis.duplicate_ack": "" - }, - "tcp.analysis.duplicate_ack_num": "1", - "tcp.analysis.duplicate_ack_frame": "1289", - "tcp.analysis.duplicate_ack_frame_tree": { - "_ws.expert": { - "tcp.analysis.duplicate_ack": "", - "_ws.expert.message": "Duplicate ACK (#1)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:02.090314000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494042.090314000", - "frame.time_delta": "0.002333000", - "frame.time_delta_displayed": "0.002333000", - "frame.time_relative": "450.629628000", - "frame.number": "1291", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00003b1e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007d6b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47413", - "tcp.dstport": "80", - "tcp.port": "47413", - "tcp.port": "80", - "tcp.stream": "52", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00004c7e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:02.090819000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494042.090819000", - "frame.time_delta": "0.000505000", - "frame.time_delta_displayed": "0.000505000", - "frame.time_relative": "450.630133000", - "frame.number": "1292", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d733", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e155", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47413", - "tcp.port": "80", - "tcp.port": "47413", - "tcp.stream": "52", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00003f14", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1291", - "tcp.analysis.ack_rtt": "0.000505000", - "tcp.analysis.initial_rtt": "0.004302000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:02.094289000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494042.094289000", - "frame.time_delta": "0.003470000", - "frame.time_delta_displayed": "0.003470000", - "frame.time_relative": "450.633603000", - "frame.number": "1293", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e813", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d075", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47413", - "tcp.dstport": "80", - "tcp.port": "47413", - "tcp.port": "80", - "tcp.stream": "52", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00003b8f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:03.170121000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494043.170121000", - "frame.time_delta": "1.075832000", - "frame.time_delta_displayed": "1.075832000", - "frame.time_relative": "451.709435000", - "frame.number": "1294", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000930e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00002453", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "31", - "http.prev_response_in": "1279" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:03.222893000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494043.222893000", - "frame.time_delta": "0.052772000", - "frame.time_delta_displayed": "0.052772000", - "frame.time_relative": "451.762207000", - "frame.number": "1295", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00009312", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00002446", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "32", - "http.prev_response_in": "1294" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:03.229216000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494043.229216000", - "frame.time_delta": "0.006323000", - "frame.time_delta_displayed": "0.006323000", - "frame.time_relative": "451.768530000", - "frame.number": "1296", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x0000dac2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ddb2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47414", - "tcp.dstport": "80", - "tcp.port": "47414", - "tcp.port": "80", - "tcp.stream": "53", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x00003ece", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:03:eb:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 918507, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "918507", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:03.229763000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494043.229763000", - "frame.time_delta": "0.000547000", - "frame.time_delta_displayed": "0.000547000", - "frame.time_relative": "451.769077000", - "frame.number": "1297", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47414", - "tcp.port": "80", - "tcp.port": "47414", - "tcp.stream": "53", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000c2a7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "1296", - "tcp.analysis.ack_rtt": "0.000547000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:03.233214000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494043.233214000", - "frame.time_delta": "0.003451000", - "frame.time_delta_displayed": "0.003451000", - "frame.time_relative": "451.772528000", - "frame.number": "1298", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000dac3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ddc5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47414", - "tcp.dstport": "80", - "tcp.port": "47414", - "tcp.port": "80", - "tcp.stream": "53", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000742f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1297", - "tcp.analysis.ack_rtt": "0.003451000", - "tcp.analysis.initial_rtt": "0.003998000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:03.233348000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494043.233348000", - "frame.time_delta": "0.000134000", - "frame.time_delta_displayed": "0.000134000", - "frame.time_relative": "451.772662000", - "frame.number": "1299", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x0000dac4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000dd04", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47414", - "tcp.dstport": "80", - "tcp.port": "47414", - "tcp.port": "80", - "tcp.stream": "53", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000d3a9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003998000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:03.233789000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494043.233789000", - "frame.time_delta": "0.000441000", - "frame.time_delta_displayed": "0.000441000", - "frame.time_relative": "451.773103000", - "frame.number": "1300", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000aa04", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000e85", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47414", - "tcp.port": "80", - "tcp.port": "47414", - "tcp.stream": "53", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000065fe", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1299", - "tcp.analysis.ack_rtt": "0.000441000", - "tcp.analysis.initial_rtt": "0.003998000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:03.234609000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494043.234609000", - "frame.time_delta": "0.000820000", - "frame.time_delta_displayed": "0.000820000", - "frame.time_relative": "451.773923000", - "frame.number": "1301", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000aa05", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000e73", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47414", - "tcp.port": "80", - "tcp.port": "47414", - "tcp.stream": "53", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000a61f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003998000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:03.234964000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494043.234964000", - "frame.time_delta": "0.000355000", - "frame.time_delta_displayed": "0.000355000", - "frame.time_relative": "451.774278000", - "frame.number": "1302", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000aa06", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000aa0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47414", - "tcp.port": "80", - "tcp.port": "47414", - "tcp.stream": "53", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000f888", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003998000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "1301", - "tcp.segment": "1302", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001616000", - "http.request_in": "1299", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:03.238435000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494043.238435000", - "frame.time_delta": "0.003471000", - "frame.time_delta_displayed": "0.003471000", - "frame.time_relative": "451.777749000", - "frame.number": "1303", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000dac5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ddc3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47414", - "tcp.dstport": "80", - "tcp.port": "47414", - "tcp.port": "80", - "tcp.stream": "53", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000735e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1301", - "tcp.analysis.ack_rtt": "0.003826000", - "tcp.analysis.initial_rtt": "0.003998000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:03.238563000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494043.238563000", - "frame.time_delta": "0.000128000", - "frame.time_delta_displayed": "0.000128000", - "frame.time_relative": "451.777877000", - "frame.number": "1304", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000dac6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ddc2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47414", - "tcp.dstport": "80", - "tcp.port": "47414", - "tcp.port": "80", - "tcp.stream": "53", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00006f73", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1302", - "tcp.analysis.ack_rtt": "0.003599000", - "tcp.analysis.initial_rtt": "0.003998000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:03.239678000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494043.239678000", - "frame.time_delta": "0.001115000", - "frame.time_delta_displayed": "0.001115000", - "frame.time_relative": "451.778992000", - "frame.number": "1305", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000dac7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ddc1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47414", - "tcp.dstport": "80", - "tcp.port": "47414", - "tcp.port": "80", - "tcp.stream": "53", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00006f72", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:03.240276000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494043.240276000", - "frame.time_delta": "0.000598000", - "frame.time_delta_displayed": "0.000598000", - "frame.time_relative": "451.779590000", - "frame.number": "1306", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d76f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e119", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47414", - "tcp.port": "80", - "tcp.port": "47414", - "tcp.stream": "53", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00006208", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1305", - "tcp.analysis.ack_rtt": "0.000598000", - "tcp.analysis.initial_rtt": "0.003998000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:03.243546000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494043.243546000", - "frame.time_delta": "0.003270000", - "frame.time_delta_displayed": "0.003270000", - "frame.time_relative": "451.782860000", - "frame.number": "1307", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e842", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d046", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47414", - "tcp.dstport": "80", - "tcp.port": "47414", - "tcp.port": "80", - "tcp.stream": "53", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000a9e6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:03.272036000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494043.272036000", - "frame.time_delta": "0.028490000", - "frame.time_delta_displayed": "0.028490000", - "frame.time_relative": "451.811350000", - "frame.number": "1308", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00009317", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00002447", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "33", - "http.prev_response_in": "1295" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:03.278420000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494043.278420000", - "frame.time_delta": "0.006384000", - "frame.time_delta_displayed": "0.006384000", - "frame.time_relative": "451.817734000", - "frame.number": "1309", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x0000113b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a73a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47415", - "tcp.dstport": "80", - "tcp.port": "47415", - "tcp.port": "80", - "tcp.stream": "54", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x0000055b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:03:f0:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 918512, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "918512", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:03.278976000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494043.278976000", - "frame.time_delta": "0.000556000", - "frame.time_delta_displayed": "0.000556000", - "frame.time_relative": "451.818290000", - "frame.number": "1310", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47415", - "tcp.port": "80", - "tcp.port": "47415", - "tcp.stream": "54", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000c2cc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "1309", - "tcp.analysis.ack_rtt": "0.000556000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:03.282470000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494043.282470000", - "frame.time_delta": "0.003494000", - "frame.time_delta_displayed": "0.003494000", - "frame.time_relative": "451.821784000", - "frame.number": "1311", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000113c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a74d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47415", - "tcp.dstport": "80", - "tcp.port": "47415", - "tcp.port": "80", - "tcp.stream": "54", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00007454", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1310", - "tcp.analysis.ack_rtt": "0.003494000", - "tcp.analysis.initial_rtt": "0.004050000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:03.282601000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494043.282601000", - "frame.time_delta": "0.000131000", - "frame.time_delta_displayed": "0.000131000", - "frame.time_relative": "451.821915000", - "frame.number": "1312", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x0000113d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a68c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47415", - "tcp.dstport": "80", - "tcp.port": "47415", - "tcp.port": "80", - "tcp.stream": "54", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000d3ce", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004050000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:03.283037000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494043.283037000", - "frame.time_delta": "0.000436000", - "frame.time_delta_displayed": "0.000436000", - "frame.time_relative": "451.822351000", - "frame.number": "1313", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00008d88", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00002b01", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47415", - "tcp.port": "80", - "tcp.port": "47415", - "tcp.stream": "54", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00006623", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1312", - "tcp.analysis.ack_rtt": "0.000436000", - "tcp.analysis.initial_rtt": "0.004050000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:03.283812000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494043.283812000", - "frame.time_delta": "0.000775000", - "frame.time_delta_displayed": "0.000775000", - "frame.time_relative": "451.823126000", - "frame.number": "1314", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00008d89", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00002aef", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47415", - "tcp.port": "80", - "tcp.port": "47415", - "tcp.stream": "54", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000a644", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004050000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:03.284150000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494043.284150000", - "frame.time_delta": "0.000338000", - "frame.time_delta_displayed": "0.000338000", - "frame.time_relative": "451.823464000", - "frame.number": "1315", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00008d8a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000271c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47415", - "tcp.port": "80", - "tcp.port": "47415", - "tcp.stream": "54", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000f8ad", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004050000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "1314", - "tcp.segment": "1315", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001549000", - "http.request_in": "1312", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:03.286499000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494043.286499000", - "frame.time_delta": "0.002349000", - "frame.time_delta_displayed": "0.002349000", - "frame.time_relative": "451.825813000", - "frame.number": "1316", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000113e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a74b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47415", - "tcp.dstport": "80", - "tcp.port": "47415", - "tcp.port": "80", - "tcp.stream": "54", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00007383", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1314", - "tcp.analysis.ack_rtt": "0.002687000", - "tcp.analysis.initial_rtt": "0.004050000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:03.286540000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494043.286540000", - "frame.time_delta": "0.000041000", - "frame.time_delta_displayed": "0.000041000", - "frame.time_relative": "451.825854000", - "frame.number": "1317", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000113f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a74a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47415", - "tcp.dstport": "80", - "tcp.port": "47415", - "tcp.port": "80", - "tcp.stream": "54", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00006f98", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1315", - "tcp.analysis.ack_rtt": "0.002390000", - "tcp.analysis.initial_rtt": "0.004050000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:03.287476000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494043.287476000", - "frame.time_delta": "0.000936000", - "frame.time_delta_displayed": "0.000936000", - "frame.time_relative": "451.826790000", - "frame.number": "1318", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001140", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a749", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47415", - "tcp.dstport": "80", - "tcp.port": "47415", - "tcp.port": "80", - "tcp.stream": "54", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00006f97", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:03.287933000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494043.287933000", - "frame.time_delta": "0.000457000", - "frame.time_delta_displayed": "0.000457000", - "frame.time_relative": "451.827247000", - "frame.number": "1319", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d770", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e118", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47415", - "tcp.port": "80", - "tcp.port": "47415", - "tcp.stream": "54", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000622d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1318", - "tcp.analysis.ack_rtt": "0.000457000", - "tcp.analysis.initial_rtt": "0.004050000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:03.291384000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494043.291384000", - "frame.time_delta": "0.003451000", - "frame.time_delta_displayed": "0.003451000", - "frame.time_relative": "451.830698000", - "frame.number": "1320", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e845", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d043", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47415", - "tcp.dstport": "80", - "tcp.port": "47415", - "tcp.port": "80", - "tcp.stream": "54", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00007078", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:04.220177000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494044.220177000", - "frame.time_delta": "0.928793000", - "frame.time_delta_displayed": "0.928793000", - "frame.time_relative": "452.759491000", - "frame.number": "1321", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00009354", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000240d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "34", - "http.prev_response_in": "1308" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:04.237042000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494044.237042000", - "frame.time_delta": "0.016865000", - "frame.time_delta_displayed": "0.016865000", - "frame.time_relative": "452.776356000", - "frame.number": "1322", - "frame.len": "94", - "frame.cap_len": "94", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "80", - "ip.id": "0x000057e0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a689", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "40", - "tcp.seq": "122", - "tcp.nxtseq": "162", - "tcp.ack": "109", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000957c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "40", - "tcp.analysis.push_bytes_sent": "40" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "35", - "ssl.app_data": "c1:4c:bc:6e:d4:4e:36:df:c7:19:3f:1c:fa:df:8a:24:76:85:59:f1:9c:91:62:dc:e0:10:17:1d:bf:59:78:77:d2:2a:45" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:04.254395000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494044.254395000", - "frame.time_delta": "0.017353000", - "frame.time_delta_displayed": "0.017353000", - "frame.time_relative": "452.793709000", - "frame.number": "1323", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x00009d31", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001b44", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47416", - "tcp.dstport": "80", - "tcp.port": "47416", - "tcp.port": "80", - "tcp.stream": "55", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x0000bc1b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:04:52:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 918610, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "918610", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:04.254948000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494044.254948000", - "frame.time_delta": "0.000553000", - "frame.time_delta_displayed": "0.000553000", - "frame.time_relative": "452.794262000", - "frame.number": "1324", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47416", - "tcp.port": "80", - "tcp.port": "47416", - "tcp.stream": "55", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x000078ac", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "1323", - "tcp.analysis.ack_rtt": "0.000553000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:04.258425000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494044.258425000", - "frame.time_delta": "0.003477000", - "frame.time_delta_displayed": "0.003477000", - "frame.time_relative": "452.797739000", - "frame.number": "1325", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00009d32", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001b57", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47416", - "tcp.dstport": "80", - "tcp.port": "47416", - "tcp.port": "80", - "tcp.stream": "55", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00002a34", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1324", - "tcp.analysis.ack_rtt": "0.003477000", - "tcp.analysis.initial_rtt": "0.004030000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:04.259387000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494044.259387000", - "frame.time_delta": "0.000962000", - "frame.time_delta_displayed": "0.000962000", - "frame.time_relative": "452.798701000", - "frame.number": "1326", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x00009d33", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001a96", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47416", - "tcp.dstport": "80", - "tcp.port": "47416", - "tcp.port": "80", - "tcp.stream": "55", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000089ae", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004030000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:04.259890000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494044.259890000", - "frame.time_delta": "0.000503000", - "frame.time_delta_displayed": "0.000503000", - "frame.time_relative": "452.799204000", - "frame.number": "1327", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000977a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000210f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47416", - "tcp.port": "80", - "tcp.port": "47416", - "tcp.stream": "55", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00001c03", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1326", - "tcp.analysis.ack_rtt": "0.000503000", - "tcp.analysis.initial_rtt": "0.004030000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:04.260638000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494044.260638000", - "frame.time_delta": "0.000748000", - "frame.time_delta_displayed": "0.000748000", - "frame.time_relative": "452.799952000", - "frame.number": "1328", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000977b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000020fd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47416", - "tcp.port": "80", - "tcp.port": "47416", - "tcp.stream": "55", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00005c24", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004030000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:04.261020000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494044.261020000", - "frame.time_delta": "0.000382000", - "frame.time_delta_displayed": "0.000382000", - "frame.time_relative": "452.800334000", - "frame.number": "1329", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000977c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001d2a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47416", - "tcp.port": "80", - "tcp.port": "47416", - "tcp.stream": "55", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000ae8d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004030000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "1328", - "tcp.segment": "1329", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001633000", - "http.request_in": "1326", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:04.264358000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494044.264358000", - "frame.time_delta": "0.003338000", - "frame.time_delta_displayed": "0.003338000", - "frame.time_relative": "452.803672000", - "frame.number": "1330", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00009d34", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001b55", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47416", - "tcp.dstport": "80", - "tcp.port": "47416", - "tcp.port": "80", - "tcp.stream": "55", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00002963", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1328", - "tcp.analysis.ack_rtt": "0.003720000", - "tcp.analysis.initial_rtt": "0.004030000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:04.264404000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494044.264404000", - "frame.time_delta": "0.000046000", - "frame.time_delta_displayed": "0.000046000", - "frame.time_relative": "452.803718000", - "frame.number": "1331", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00009d35", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001b54", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47416", - "tcp.dstport": "80", - "tcp.port": "47416", - "tcp.port": "80", - "tcp.stream": "55", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00002578", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1329", - "tcp.analysis.ack_rtt": "0.003384000", - "tcp.analysis.initial_rtt": "0.004030000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:04.265035000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494044.265035000", - "frame.time_delta": "0.000631000", - "frame.time_delta_displayed": "0.000631000", - "frame.time_relative": "452.804349000", - "frame.number": "1332", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00009d36", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001b53", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47416", - "tcp.dstport": "80", - "tcp.port": "47416", - "tcp.port": "80", - "tcp.stream": "55", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00002577", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:04.265484000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494044.265484000", - "frame.time_delta": "0.000449000", - "frame.time_delta_displayed": "0.000449000", - "frame.time_relative": "452.804798000", - "frame.number": "1333", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d780", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e108", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47416", - "tcp.port": "80", - "tcp.port": "47416", - "tcp.stream": "55", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000180d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1332", - "tcp.analysis.ack_rtt": "0.000449000", - "tcp.analysis.initial_rtt": "0.004030000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:04.268686000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494044.268686000", - "frame.time_delta": "0.003202000", - "frame.time_delta_displayed": "0.003202000", - "frame.time_relative": "452.808000000", - "frame.number": "1334", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e847", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d041", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47416", - "tcp.dstport": "80", - "tcp.port": "47416", - "tcp.port": "80", - "tcp.stream": "55", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000279b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:04.272975000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494044.272975000", - "frame.time_delta": "0.004289000", - "frame.time_delta_displayed": "0.004289000", - "frame.time_relative": "452.812289000", - "frame.number": "1335", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000935a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000023fe", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "35", - "http.prev_response_in": "1321" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:04.280629000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494044.280629000", - "frame.time_delta": "0.007654000", - "frame.time_delta_displayed": "0.007654000", - "frame.time_relative": "452.819943000", - "frame.number": "1336", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x00008d8f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00002ae6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47417", - "tcp.dstport": "80", - "tcp.port": "47417", - "tcp.port": "80", - "tcp.stream": "56", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x00008a6a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:04:54:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 918612, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "918612", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:04.281172000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494044.281172000", - "frame.time_delta": "0.000543000", - "frame.time_delta_displayed": "0.000543000", - "frame.time_relative": "452.820486000", - "frame.number": "1337", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47417", - "tcp.port": "80", - "tcp.port": "47417", - "tcp.stream": "56", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00009479", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "1336", - "tcp.analysis.ack_rtt": "0.000543000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:04.284516000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494044.284516000", - "frame.time_delta": "0.003344000", - "frame.time_delta_displayed": "0.003344000", - "frame.time_relative": "452.823830000", - "frame.number": "1338", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00008d90", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00002af9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47417", - "tcp.dstport": "80", - "tcp.port": "47417", - "tcp.port": "80", - "tcp.stream": "56", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00004601", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1337", - "tcp.analysis.ack_rtt": "0.003344000", - "tcp.analysis.initial_rtt": "0.003887000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:04.284647000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494044.284647000", - "frame.time_delta": "0.000131000", - "frame.time_delta_displayed": "0.000131000", - "frame.time_relative": "452.823961000", - "frame.number": "1339", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x00008d91", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00002a38", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47417", - "tcp.dstport": "80", - "tcp.port": "47417", - "tcp.port": "80", - "tcp.stream": "56", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000a57b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003887000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:04.285090000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494044.285090000", - "frame.time_delta": "0.000443000", - "frame.time_delta_displayed": "0.000443000", - "frame.time_relative": "452.824404000", - "frame.number": "1340", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002238", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009651", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47417", - "tcp.port": "80", - "tcp.port": "47417", - "tcp.stream": "56", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000037d0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1339", - "tcp.analysis.ack_rtt": "0.000443000", - "tcp.analysis.initial_rtt": "0.003887000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:04.285785000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494044.285785000", - "frame.time_delta": "0.000695000", - "frame.time_delta_displayed": "0.000695000", - "frame.time_relative": "452.825099000", - "frame.number": "1341", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00002239", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000963f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47417", - "tcp.port": "80", - "tcp.port": "47417", - "tcp.stream": "56", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000077f1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003887000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:04.286216000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494044.286216000", - "frame.time_delta": "0.000431000", - "frame.time_delta_displayed": "0.000431000", - "frame.time_relative": "452.825530000", - "frame.number": "1342", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000223a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000926c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47417", - "tcp.port": "80", - "tcp.port": "47417", - "tcp.stream": "56", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000ca5a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003887000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "1341", - "tcp.segment": "1342", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001569000", - "http.request_in": "1339", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:04.288485000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494044.288485000", - "frame.time_delta": "0.002269000", - "frame.time_delta_displayed": "0.002269000", - "frame.time_relative": "452.827799000", - "frame.number": "1343", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00008d92", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00002af7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47417", - "tcp.dstport": "80", - "tcp.port": "47417", - "tcp.port": "80", - "tcp.stream": "56", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00004530", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1341", - "tcp.analysis.ack_rtt": "0.002700000", - "tcp.analysis.initial_rtt": "0.003887000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:04.290387000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494044.290387000", - "frame.time_delta": "0.001902000", - "frame.time_delta_displayed": "0.001902000", - "frame.time_relative": "452.829701000", - "frame.number": "1344", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00008d93", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00002af6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47417", - "tcp.dstport": "80", - "tcp.port": "47417", - "tcp.port": "80", - "tcp.stream": "56", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00004145", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1342", - "tcp.analysis.ack_rtt": "0.004171000", - "tcp.analysis.initial_rtt": "0.003887000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:04.291419000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494044.291419000", - "frame.time_delta": "0.001032000", - "frame.time_delta_displayed": "0.001032000", - "frame.time_relative": "452.830733000", - "frame.number": "1345", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00008d94", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00002af5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47417", - "tcp.dstport": "80", - "tcp.port": "47417", - "tcp.port": "80", - "tcp.stream": "56", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00004144", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:04.291858000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494044.291858000", - "frame.time_delta": "0.000439000", - "frame.time_delta_displayed": "0.000439000", - "frame.time_relative": "452.831172000", - "frame.number": "1346", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d782", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e106", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47417", - "tcp.port": "80", - "tcp.port": "47417", - "tcp.stream": "56", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000033da", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1345", - "tcp.analysis.ack_rtt": "0.000439000", - "tcp.analysis.initial_rtt": "0.003887000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:04.294981000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494044.294981000", - "frame.time_delta": "0.003123000", - "frame.time_delta_displayed": "0.003123000", - "frame.time_relative": "452.834295000", - "frame.number": "1347", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e84a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d03e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47417", - "tcp.dstport": "80", - "tcp.port": "47417", - "tcp.port": "80", - "tcp.stream": "56", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000f5eb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:04.325922000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494044.325922000", - "frame.time_delta": "0.030941000", - "frame.time_delta_displayed": "0.030941000", - "frame.time_relative": "452.865236000", - "frame.number": "1348", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000935f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000023ff", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "36", - "http.prev_response_in": "1335" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:04.333027000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494044.333027000", - "frame.time_delta": "0.007105000", - "frame.time_delta_displayed": "0.007105000", - "frame.time_relative": "452.872341000", - "frame.number": "1349", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x00008172", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003703", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47418", - "tcp.dstport": "80", - "tcp.port": "47418", - "tcp.port": "80", - "tcp.stream": "57", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x0000a03c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:04:5a:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 918618, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "918618", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:04.333567000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494044.333567000", - "frame.time_delta": "0.000540000", - "frame.time_delta_displayed": "0.000540000", - "frame.time_relative": "452.872881000", - "frame.number": "1350", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47418", - "tcp.port": "80", - "tcp.port": "47418", - "tcp.stream": "57", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00001d54", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "1349", - "tcp.analysis.ack_rtt": "0.000540000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:04.343641000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494044.343641000", - "frame.time_delta": "0.010074000", - "frame.time_delta_displayed": "0.010074000", - "frame.time_relative": "452.882955000", - "frame.number": "1351", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00008173", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003716", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47418", - "tcp.dstport": "80", - "tcp.port": "47418", - "tcp.port": "80", - "tcp.stream": "57", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000cedb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1350", - "tcp.analysis.ack_rtt": "0.010074000", - "tcp.analysis.initial_rtt": "0.010614000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:04.343704000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494044.343704000", - "frame.time_delta": "0.000063000", - "frame.time_delta_displayed": "0.000063000", - "frame.time_relative": "452.883018000", - "frame.number": "1352", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x00008174", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003655", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47418", - "tcp.dstport": "80", - "tcp.port": "47418", - "tcp.port": "80", - "tcp.stream": "57", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00002e56", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.010614000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:04.344191000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494044.344191000", - "frame.time_delta": "0.000487000", - "frame.time_delta_displayed": "0.000487000", - "frame.time_relative": "452.883505000", - "frame.number": "1353", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005dbb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005ace", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47418", - "tcp.port": "80", - "tcp.port": "47418", - "tcp.stream": "57", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000c0aa", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1352", - "tcp.analysis.ack_rtt": "0.000487000", - "tcp.analysis.initial_rtt": "0.010614000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:04.344993000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494044.344993000", - "frame.time_delta": "0.000802000", - "frame.time_delta_displayed": "0.000802000", - "frame.time_relative": "452.884307000", - "frame.number": "1354", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00005dbc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005abc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47418", - "tcp.port": "80", - "tcp.port": "47418", - "tcp.stream": "57", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000000cc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.010614000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:04.345331000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494044.345331000", - "frame.time_delta": "0.000338000", - "frame.time_delta_displayed": "0.000338000", - "frame.time_relative": "452.884645000", - "frame.number": "1355", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00005dbd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000056e9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47418", - "tcp.port": "80", - "tcp.port": "47418", - "tcp.stream": "57", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00005335", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.010614000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "1354", - "tcp.segment": "1355", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001627000", - "http.request_in": "1352", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:04.350375000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494044.350375000", - "frame.time_delta": "0.005044000", - "frame.time_delta_displayed": "0.005044000", - "frame.time_relative": "452.889689000", - "frame.number": "1356", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00008175", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003714", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47418", - "tcp.dstport": "80", - "tcp.port": "47418", - "tcp.port": "80", - "tcp.stream": "57", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000ce0a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1354", - "tcp.analysis.ack_rtt": "0.005382000", - "tcp.analysis.initial_rtt": "0.010614000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:04.350425000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494044.350425000", - "frame.time_delta": "0.000050000", - "frame.time_delta_displayed": "0.000050000", - "frame.time_relative": "452.889739000", - "frame.number": "1357", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00008176", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003713", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47418", - "tcp.dstport": "80", - "tcp.port": "47418", - "tcp.port": "80", - "tcp.stream": "57", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000ca1f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1355", - "tcp.analysis.ack_rtt": "0.005094000", - "tcp.analysis.initial_rtt": "0.010614000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:04.351062000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494044.351062000", - "frame.time_delta": "0.000637000", - "frame.time_delta_displayed": "0.000637000", - "frame.time_relative": "452.890376000", - "frame.number": "1358", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00008177", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003712", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47418", - "tcp.dstport": "80", - "tcp.port": "47418", - "tcp.port": "80", - "tcp.stream": "57", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000ca1e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:04.351516000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494044.351516000", - "frame.time_delta": "0.000454000", - "frame.time_delta_displayed": "0.000454000", - "frame.time_relative": "452.890830000", - "frame.number": "1359", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d785", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e103", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47418", - "tcp.port": "80", - "tcp.port": "47418", - "tcp.stream": "57", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000bcb4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1358", - "tcp.analysis.ack_rtt": "0.000454000", - "tcp.analysis.initial_rtt": "0.010614000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:04.353960000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494044.353960000", - "frame.time_delta": "0.002444000", - "frame.time_delta_displayed": "0.002444000", - "frame.time_relative": "452.893274000", - "frame.number": "1360", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e850", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d038", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47418", - "tcp.dstport": "80", - "tcp.port": "47418", - "tcp.port": "80", - "tcp.stream": "57", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00000bc4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:04.380395000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494044.380395000", - "frame.time_delta": "0.026435000", - "frame.time_delta_displayed": "0.026435000", - "frame.time_relative": "452.919709000", - "frame.number": "1361", - "frame.len": "90", - "frame.cap_len": "90", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "76", - "ip.id": "0x00000fd2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fd9b", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "36", - "tcp.seq": "109", - "tcp.nxtseq": "145", - "tcp.ack": "162", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00005909", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1322", - "tcp.analysis.ack_rtt": "0.143353000", - "tcp.analysis.bytes_in_flight": "36", - "tcp.analysis.push_bytes_sent": "36" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "31", - "ssl.app_data": "54:26:79:5a:1e:3d:fa:65:cd:53:15:d9:1a:b6:e0:d2:87:fe:25:ef:7c:b6:49:44:2f:e2:da:72:c4:65:e8" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:04.380909000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494044.380909000", - "frame.time_delta": "0.000514000", - "frame.time_delta_displayed": "0.000514000", - "frame.time_relative": "452.920223000", - "frame.number": "1362", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000057e1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a6b0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "162", - "tcp.ack": "145", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000058e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1361", - "tcp.analysis.ack_rtt": "0.000514000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:04.694333000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494044.694333000", - "frame.time_delta": "0.313424000", - "frame.time_delta_displayed": "0.313424000", - "frame.time_relative": "453.233647000", - "frame.number": "1363", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000937c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000023e5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "37", - "http.prev_response_in": "1348" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:04.747181000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494044.747181000", - "frame.time_delta": "0.052848000", - "frame.time_delta_displayed": "0.052848000", - "frame.time_relative": "453.286495000", - "frame.number": "1364", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000937e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000023da", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "38", - "http.prev_response_in": "1363" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:04.763936000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494044.763936000", - "frame.time_delta": "0.016755000", - "frame.time_delta_displayed": "0.016755000", - "frame.time_relative": "453.303250000", - "frame.number": "1365", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x000065cd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000052a8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47419", - "tcp.dstport": "80", - "tcp.port": "47419", - "tcp.port": "80", - "tcp.stream": "58", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x00004d39", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:04:85:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 918661, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "918661", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:04.764487000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494044.764487000", - "frame.time_delta": "0.000551000", - "frame.time_delta_displayed": "0.000551000", - "frame.time_relative": "453.303801000", - "frame.number": "1366", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47419", - "tcp.port": "80", - "tcp.port": "47419", - "tcp.stream": "58", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00008d24", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "1365", - "tcp.analysis.ack_rtt": "0.000551000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:04.768272000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494044.768272000", - "frame.time_delta": "0.003785000", - "frame.time_delta_displayed": "0.003785000", - "frame.time_relative": "453.307586000", - "frame.number": "1367", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000065ce", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000052bb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47419", - "tcp.dstport": "80", - "tcp.port": "47419", - "tcp.port": "80", - "tcp.stream": "58", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00003eac", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1366", - "tcp.analysis.ack_rtt": "0.003785000", - "tcp.analysis.initial_rtt": "0.004336000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:04.768399000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494044.768399000", - "frame.time_delta": "0.000127000", - "frame.time_delta_displayed": "0.000127000", - "frame.time_relative": "453.307713000", - "frame.number": "1368", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x000065cf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000051fa", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47419", - "tcp.dstport": "80", - "tcp.port": "47419", - "tcp.port": "80", - "tcp.stream": "58", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00009e26", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004336000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:04.768834000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494044.768834000", - "frame.time_delta": "0.000435000", - "frame.time_delta_displayed": "0.000435000", - "frame.time_relative": "453.308148000", - "frame.number": "1369", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000019a5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009ee4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47419", - "tcp.port": "80", - "tcp.port": "47419", - "tcp.stream": "58", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000307b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1368", - "tcp.analysis.ack_rtt": "0.000435000", - "tcp.analysis.initial_rtt": "0.004336000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:04.769568000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494044.769568000", - "frame.time_delta": "0.000734000", - "frame.time_delta_displayed": "0.000734000", - "frame.time_relative": "453.308882000", - "frame.number": "1370", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x000019a6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009ed2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47419", - "tcp.port": "80", - "tcp.port": "47419", - "tcp.stream": "58", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000709c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004336000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:04.769928000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494044.769928000", - "frame.time_delta": "0.000360000", - "frame.time_delta_displayed": "0.000360000", - "frame.time_relative": "453.309242000", - "frame.number": "1371", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x000019a7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009aff", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47419", - "tcp.port": "80", - "tcp.port": "47419", - "tcp.stream": "58", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000c305", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004336000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "1370", - "tcp.segment": "1371", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001529000", - "http.request_in": "1368", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:04.770781000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494044.770781000", - "frame.time_delta": "0.000853000", - "frame.time_delta_displayed": "0.000853000", - "frame.time_relative": "453.310095000", - "frame.number": "1372", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x000019a8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009afe", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47419", - "tcp.port": "80", - "tcp.port": "47419", - "tcp.stream": "58", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000c305", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004336000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.out_of_order": "", - "_ws.expert.message": "This frame is a (suspected) out-of-order segment", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - } - } - }, - "_ws.malformed": { - "_ws.expert": { - "_ws.malformed.reassembly": "", - "_ws.expert.message": "New fragment overlaps old data (retransmission?)", - "_ws.expert.severity": "8388608", - "_ws.expert.group": "117440512" - }, - "_ws.malformed": "Malformed Packet" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:04.775363000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494044.775363000", - "frame.time_delta": "0.004582000", - "frame.time_delta_displayed": "0.004582000", - "frame.time_relative": "453.314677000", - "frame.number": "1373", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000065d0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000052b9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47419", - "tcp.dstport": "80", - "tcp.port": "47419", - "tcp.port": "80", - "tcp.stream": "58", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00003ddb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1370", - "tcp.analysis.ack_rtt": "0.005795000", - "tcp.analysis.initial_rtt": "0.004336000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:04.775498000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494044.775498000", - "frame.time_delta": "0.000135000", - "frame.time_delta_displayed": "0.000135000", - "frame.time_relative": "453.314812000", - "frame.number": "1374", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000065d1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000052b8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47419", - "tcp.dstport": "80", - "tcp.port": "47419", - "tcp.port": "80", - "tcp.stream": "58", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000039f0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1371", - "tcp.analysis.ack_rtt": "0.005570000", - "tcp.analysis.initial_rtt": "0.004336000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:04.775991000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494044.775991000", - "frame.time_delta": "0.000493000", - "frame.time_delta_displayed": "0.000493000", - "frame.time_relative": "453.315305000", - "frame.number": "1375", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x000065d2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000052ab", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47419", - "tcp.dstport": "80", - "tcp.port": "47419", - "tcp.port": "80", - "tcp.stream": "58", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00000c98", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:05:0a:3f:36:3a:78:3f:36:3e:5c", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "SACK: 18-1014": { - "tcp.option_kind": "5", - "tcp.option_len": "10", - "tcp.options.sack": "1", - "tcp.options.sack_le": "18", - "tcp.options.sack_re": "1014", - "tcp.options.sack.count": "1" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004336000", - "tcp.analysis.flags": { - "tcp.analysis.duplicate_ack": "" - }, - "tcp.analysis.duplicate_ack_num": "1", - "tcp.analysis.duplicate_ack_frame": "1374", - "tcp.analysis.duplicate_ack_frame_tree": { - "_ws.expert": { - "tcp.analysis.duplicate_ack": "", - "_ws.expert.message": "Duplicate ACK (#1)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:04.776113000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494044.776113000", - "frame.time_delta": "0.000122000", - "frame.time_delta_displayed": "0.000122000", - "frame.time_relative": "453.315427000", - "frame.number": "1376", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000065d3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000052b6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47419", - "tcp.dstport": "80", - "tcp.port": "47419", - "tcp.port": "80", - "tcp.stream": "58", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000039ef", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:04.776519000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494044.776519000", - "frame.time_delta": "0.000406000", - "frame.time_delta_displayed": "0.000406000", - "frame.time_relative": "453.315833000", - "frame.number": "1377", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d797", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e0f1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47419", - "tcp.port": "80", - "tcp.port": "47419", - "tcp.stream": "58", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00002c85", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1376", - "tcp.analysis.ack_rtt": "0.000406000", - "tcp.analysis.initial_rtt": "0.004336000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:04.779325000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494044.779325000", - "frame.time_delta": "0.002806000", - "frame.time_delta_displayed": "0.002806000", - "frame.time_relative": "453.318639000", - "frame.number": "1378", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e852", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d036", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47419", - "tcp.dstport": "80", - "tcp.port": "47419", - "tcp.port": "80", - "tcp.stream": "58", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000b8eb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:04.800038000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494044.800038000", - "frame.time_delta": "0.020713000", - "frame.time_delta_displayed": "0.020713000", - "frame.time_relative": "453.339352000", - "frame.number": "1379", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00009383", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000023db", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "39", - "http.prev_response_in": "1364" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:04.807794000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494044.807794000", - "frame.time_delta": "0.007756000", - "frame.time_delta_displayed": "0.007756000", - "frame.time_relative": "453.347108000", - "frame.number": "1380", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x0000a5a1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000012d4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47420", - "tcp.dstport": "80", - "tcp.port": "47420", - "tcp.port": "80", - "tcp.stream": "59", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x0000ba8e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:04:89:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 918665, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "918665", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:04.808336000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494044.808336000", - "frame.time_delta": "0.000542000", - "frame.time_delta_displayed": "0.000542000", - "frame.time_relative": "453.347650000", - "frame.number": "1381", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47420", - "tcp.port": "80", - "tcp.port": "47420", - "tcp.stream": "59", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000be0a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "1380", - "tcp.analysis.ack_rtt": "0.000542000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:04.811587000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494044.811587000", - "frame.time_delta": "0.003251000", - "frame.time_delta_displayed": "0.003251000", - "frame.time_relative": "453.350901000", - "frame.number": "1382", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000a5a2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000012e7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47420", - "tcp.dstport": "80", - "tcp.port": "47420", - "tcp.port": "80", - "tcp.stream": "59", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00006f92", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1381", - "tcp.analysis.ack_rtt": "0.003251000", - "tcp.analysis.initial_rtt": "0.003793000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:04.811758000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494044.811758000", - "frame.time_delta": "0.000171000", - "frame.time_delta_displayed": "0.000171000", - "frame.time_relative": "453.351072000", - "frame.number": "1383", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x0000a5a3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001226", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47420", - "tcp.dstport": "80", - "tcp.port": "47420", - "tcp.port": "80", - "tcp.stream": "59", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000cf0c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003793000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:04.812220000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494044.812220000", - "frame.time_delta": "0.000462000", - "frame.time_delta_displayed": "0.000462000", - "frame.time_relative": "453.351534000", - "frame.number": "1384", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000b9e1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000fea7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47420", - "tcp.port": "80", - "tcp.port": "47420", - "tcp.stream": "59", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00006161", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1383", - "tcp.analysis.ack_rtt": "0.000462000", - "tcp.analysis.initial_rtt": "0.003793000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:04.812873000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494044.812873000", - "frame.time_delta": "0.000653000", - "frame.time_delta_displayed": "0.000653000", - "frame.time_relative": "453.352187000", - "frame.number": "1385", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000b9e2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000fe95", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47420", - "tcp.port": "80", - "tcp.port": "47420", - "tcp.stream": "59", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000a182", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003793000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:04.813226000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494044.813226000", - "frame.time_delta": "0.000353000", - "frame.time_delta_displayed": "0.000353000", - "frame.time_relative": "453.352540000", - "frame.number": "1386", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000b9e3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000fac2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47420", - "tcp.port": "80", - "tcp.port": "47420", - "tcp.stream": "59", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000f3eb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003793000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "1385", - "tcp.segment": "1386", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001468000", - "http.request_in": "1383", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:04.815734000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494044.815734000", - "frame.time_delta": "0.002508000", - "frame.time_delta_displayed": "0.002508000", - "frame.time_relative": "453.355048000", - "frame.number": "1387", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000a5a4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000012e5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47420", - "tcp.dstport": "80", - "tcp.port": "47420", - "tcp.port": "80", - "tcp.stream": "59", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00006ec1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1385", - "tcp.analysis.ack_rtt": "0.002861000", - "tcp.analysis.initial_rtt": "0.003793000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:04.816594000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494044.816594000", - "frame.time_delta": "0.000860000", - "frame.time_delta_displayed": "0.000860000", - "frame.time_relative": "453.355908000", - "frame.number": "1388", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000a5a5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000012e4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47420", - "tcp.dstport": "80", - "tcp.port": "47420", - "tcp.port": "80", - "tcp.stream": "59", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00006ad6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1386", - "tcp.analysis.ack_rtt": "0.003368000", - "tcp.analysis.initial_rtt": "0.003793000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:04.817430000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494044.817430000", - "frame.time_delta": "0.000836000", - "frame.time_delta_displayed": "0.000836000", - "frame.time_relative": "453.356744000", - "frame.number": "1389", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000a5a6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000012e3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47420", - "tcp.dstport": "80", - "tcp.port": "47420", - "tcp.port": "80", - "tcp.stream": "59", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00006ad5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:04.817888000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494044.817888000", - "frame.time_delta": "0.000458000", - "frame.time_delta_displayed": "0.000458000", - "frame.time_relative": "453.357202000", - "frame.number": "1390", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d799", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e0ef", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47420", - "tcp.port": "80", - "tcp.port": "47420", - "tcp.stream": "59", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00005d6b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1389", - "tcp.analysis.ack_rtt": "0.000458000", - "tcp.analysis.initial_rtt": "0.003793000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:04.821133000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494044.821133000", - "frame.time_delta": "0.003245000", - "frame.time_delta_displayed": "0.003245000", - "frame.time_relative": "453.360447000", - "frame.number": "1391", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e853", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d035", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47420", - "tcp.dstport": "80", - "tcp.port": "47420", - "tcp.port": "80", - "tcp.stream": "59", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00002645", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:05.798775000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494045.798775000", - "frame.time_delta": "0.977642000", - "frame.time_delta_displayed": "0.977642000", - "frame.time_relative": "454.338089000", - "frame.number": "1392", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x000093dd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00002384", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "40", - "http.prev_response_in": "1379" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:05.799364000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494045.799364000", - "frame.time_delta": "0.000589000", - "frame.time_delta_displayed": "0.000589000", - "frame.time_relative": "454.338678000", - "frame.number": "1393", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x000093e1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00002377", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "41", - "http.prev_response_in": "1392" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:05.852199000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494045.852199000", - "frame.time_delta": "0.052835000", - "frame.time_delta_displayed": "0.052835000", - "frame.time_relative": "454.391513000", - "frame.number": "1394", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x000093e5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00002379", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "42", - "http.prev_response_in": "1393" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:05.885697000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494045.885697000", - "frame.time_delta": "0.033498000", - "frame.time_delta_displayed": "0.033498000", - "frame.time_relative": "454.425011000", - "frame.number": "1395", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x0000391b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007f5a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47421", - "tcp.dstport": "80", - "tcp.port": "47421", - "tcp.port": "80", - "tcp.stream": "60", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x0000548d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:04:f5:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 918773, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "918773", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:05.886251000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494045.886251000", - "frame.time_delta": "0.000554000", - "frame.time_delta_displayed": "0.000554000", - "frame.time_relative": "454.425565000", - "frame.number": "1396", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47421", - "tcp.port": "80", - "tcp.port": "47421", - "tcp.stream": "60", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00008325", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "1395", - "tcp.analysis.ack_rtt": "0.000554000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:05.891458000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494045.891458000", - "frame.time_delta": "0.005207000", - "frame.time_delta_displayed": "0.005207000", - "frame.time_relative": "454.430772000", - "frame.number": "1397", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000391c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007f6d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47421", - "tcp.dstport": "80", - "tcp.port": "47421", - "tcp.port": "80", - "tcp.stream": "60", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000034ad", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1396", - "tcp.analysis.ack_rtt": "0.005207000", - "tcp.analysis.initial_rtt": "0.005761000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:05.891577000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494045.891577000", - "frame.time_delta": "0.000119000", - "frame.time_delta_displayed": "0.000119000", - "frame.time_relative": "454.430891000", - "frame.number": "1398", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x0000391d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007eac", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47421", - "tcp.dstport": "80", - "tcp.port": "47421", - "tcp.port": "80", - "tcp.stream": "60", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00009427", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005761000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:05.892034000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494045.892034000", - "frame.time_delta": "0.000457000", - "frame.time_delta_displayed": "0.000457000", - "frame.time_relative": "454.431348000", - "frame.number": "1399", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e3df", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d4a9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47421", - "tcp.port": "80", - "tcp.port": "47421", - "tcp.stream": "60", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000267c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1398", - "tcp.analysis.ack_rtt": "0.000457000", - "tcp.analysis.initial_rtt": "0.005761000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:05.892716000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494045.892716000", - "frame.time_delta": "0.000682000", - "frame.time_delta_displayed": "0.000682000", - "frame.time_relative": "454.432030000", - "frame.number": "1400", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000e3e0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d497", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47421", - "tcp.port": "80", - "tcp.port": "47421", - "tcp.stream": "60", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000669d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005761000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:05.893067000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494045.893067000", - "frame.time_delta": "0.000351000", - "frame.time_delta_displayed": "0.000351000", - "frame.time_relative": "454.432381000", - "frame.number": "1401", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000e3e1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d0c4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47421", - "tcp.port": "80", - "tcp.port": "47421", - "tcp.stream": "60", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000b906", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005761000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "1400", - "tcp.segment": "1401", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001490000", - "http.request_in": "1398", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:05.895528000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494045.895528000", - "frame.time_delta": "0.002461000", - "frame.time_delta_displayed": "0.002461000", - "frame.time_relative": "454.434842000", - "frame.number": "1402", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000391e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007f6b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47421", - "tcp.dstport": "80", - "tcp.port": "47421", - "tcp.port": "80", - "tcp.stream": "60", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000033dc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1400", - "tcp.analysis.ack_rtt": "0.002812000", - "tcp.analysis.initial_rtt": "0.005761000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:05.896485000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494045.896485000", - "frame.time_delta": "0.000957000", - "frame.time_delta_displayed": "0.000957000", - "frame.time_relative": "454.435799000", - "frame.number": "1403", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000391f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007f6a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47421", - "tcp.dstport": "80", - "tcp.port": "47421", - "tcp.port": "80", - "tcp.stream": "60", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00002ff1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1401", - "tcp.analysis.ack_rtt": "0.003418000", - "tcp.analysis.initial_rtt": "0.005761000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:05.896913000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494045.896913000", - "frame.time_delta": "0.000428000", - "frame.time_delta_displayed": "0.000428000", - "frame.time_relative": "454.436227000", - "frame.number": "1404", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00003920", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007f69", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47421", - "tcp.dstport": "80", - "tcp.port": "47421", - "tcp.port": "80", - "tcp.stream": "60", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00002ff0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:05.897357000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494045.897357000", - "frame.time_delta": "0.000444000", - "frame.time_delta_displayed": "0.000444000", - "frame.time_relative": "454.436671000", - "frame.number": "1405", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d7e3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e0a5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47421", - "tcp.port": "80", - "tcp.port": "47421", - "tcp.stream": "60", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00002286", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1404", - "tcp.analysis.ack_rtt": "0.000444000", - "tcp.analysis.initial_rtt": "0.005761000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:05.899824000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494045.899824000", - "frame.time_delta": "0.002467000", - "frame.time_delta_displayed": "0.002467000", - "frame.time_relative": "454.439138000", - "frame.number": "1406", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e858", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d030", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47421", - "tcp.dstport": "80", - "tcp.port": "47421", - "tcp.port": "80", - "tcp.stream": "60", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000c0af", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:06.173070000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494046.173070000", - "frame.time_delta": "0.273246000", - "frame.time_delta_displayed": "0.273246000", - "frame.time_relative": "454.712384000", - "frame.number": "1407", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005b9d", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x00005c4c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:06.746943000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494046.746943000", - "frame.time_delta": "0.573873000", - "frame.time_delta_displayed": "0.573873000", - "frame.time_relative": "455.286257000", - "frame.number": "1408", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000943b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00002326", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "43", - "http.prev_response_in": "1394" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:06.762356000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494046.762356000", - "frame.time_delta": "0.015413000", - "frame.time_delta_displayed": "0.015413000", - "frame.time_relative": "455.301670000", - "frame.number": "1409", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x00001dc9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009aac", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47422", - "tcp.dstport": "80", - "tcp.port": "47422", - "tcp.port": "80", - "tcp.stream": "61", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x00005ecf", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:05:4d:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 918861, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "918861", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:06.762907000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494046.762907000", - "frame.time_delta": "0.000551000", - "frame.time_delta_displayed": "0.000551000", - "frame.time_relative": "455.302221000", - "frame.number": "1410", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47422", - "tcp.port": "80", - "tcp.port": "47422", - "tcp.stream": "61", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000e69d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "1409", - "tcp.analysis.ack_rtt": "0.000551000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:06.766125000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494046.766125000", - "frame.time_delta": "0.003218000", - "frame.time_delta_displayed": "0.003218000", - "frame.time_relative": "455.305439000", - "frame.number": "1411", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001dca", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009abf", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47422", - "tcp.dstport": "80", - "tcp.port": "47422", - "tcp.port": "80", - "tcp.stream": "61", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00009825", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1410", - "tcp.analysis.ack_rtt": "0.003218000", - "tcp.analysis.initial_rtt": "0.003769000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:06.768355000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494046.768355000", - "frame.time_delta": "0.002230000", - "frame.time_delta_displayed": "0.002230000", - "frame.time_relative": "455.307669000", - "frame.number": "1412", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x00001dcb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000099fe", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47422", - "tcp.dstport": "80", - "tcp.port": "47422", - "tcp.port": "80", - "tcp.stream": "61", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000f79f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003769000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:06.768850000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494046.768850000", - "frame.time_delta": "0.000495000", - "frame.time_delta_displayed": "0.000495000", - "frame.time_relative": "455.308164000", - "frame.number": "1413", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000045aa", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000072df", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47422", - "tcp.port": "80", - "tcp.port": "47422", - "tcp.stream": "61", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000089f4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1412", - "tcp.analysis.ack_rtt": "0.000495000", - "tcp.analysis.initial_rtt": "0.003769000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:06.769501000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494046.769501000", - "frame.time_delta": "0.000651000", - "frame.time_delta_displayed": "0.000651000", - "frame.time_relative": "455.308815000", - "frame.number": "1414", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x000045ab", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000072cd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47422", - "tcp.port": "80", - "tcp.port": "47422", - "tcp.stream": "61", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000ca15", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003769000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:06.769850000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494046.769850000", - "frame.time_delta": "0.000349000", - "frame.time_delta_displayed": "0.000349000", - "frame.time_relative": "455.309164000", - "frame.number": "1415", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x000045ac", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006efa", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47422", - "tcp.port": "80", - "tcp.port": "47422", - "tcp.stream": "61", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00001c7f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003769000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "1414", - "tcp.segment": "1415", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001495000", - "http.request_in": "1412", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:06.770787000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494046.770787000", - "frame.time_delta": "0.000937000", - "frame.time_delta_displayed": "0.000937000", - "frame.time_relative": "455.310101000", - "frame.number": "1416", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x000045ad", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006ef9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47422", - "tcp.port": "80", - "tcp.port": "47422", - "tcp.stream": "61", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00001c7f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003769000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.out_of_order": "", - "_ws.expert.message": "This frame is a (suspected) out-of-order segment", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - } - } - }, - "_ws.malformed": { - "_ws.expert": { - "_ws.malformed.reassembly": "", - "_ws.expert.message": "New fragment overlaps old data (retransmission?)", - "_ws.expert.severity": "8388608", - "_ws.expert.group": "117440512" - }, - "_ws.malformed": "Malformed Packet" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:06.772211000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494046.772211000", - "frame.time_delta": "0.001424000", - "frame.time_delta_displayed": "0.001424000", - "frame.time_relative": "455.311525000", - "frame.number": "1417", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001dcc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009abd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47422", - "tcp.dstport": "80", - "tcp.port": "47422", - "tcp.port": "80", - "tcp.stream": "61", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00009754", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1414", - "tcp.analysis.ack_rtt": "0.002710000", - "tcp.analysis.initial_rtt": "0.003769000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:06.774171000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494046.774171000", - "frame.time_delta": "0.001960000", - "frame.time_delta_displayed": "0.001960000", - "frame.time_relative": "455.313485000", - "frame.number": "1418", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001dcd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009abc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47422", - "tcp.dstport": "80", - "tcp.port": "47422", - "tcp.port": "80", - "tcp.stream": "61", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00009369", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1415", - "tcp.analysis.ack_rtt": "0.004321000", - "tcp.analysis.initial_rtt": "0.003769000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:06.774216000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494046.774216000", - "frame.time_delta": "0.000045000", - "frame.time_delta_displayed": "0.000045000", - "frame.time_relative": "455.313530000", - "frame.number": "1419", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001dce", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009aaf", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47422", - "tcp.dstport": "80", - "tcp.port": "47422", - "tcp.port": "80", - "tcp.stream": "61", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000f447", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:05:0a:d1:61:61:31:d1:61:65:15", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "SACK: 18-1014": { - "tcp.option_kind": "5", - "tcp.option_len": "10", - "tcp.options.sack": "1", - "tcp.options.sack_le": "18", - "tcp.options.sack_re": "1014", - "tcp.options.sack.count": "1" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003769000", - "tcp.analysis.flags": { - "tcp.analysis.duplicate_ack": "" - }, - "tcp.analysis.duplicate_ack_num": "1", - "tcp.analysis.duplicate_ack_frame": "1418", - "tcp.analysis.duplicate_ack_frame_tree": { - "_ws.expert": { - "tcp.analysis.duplicate_ack": "", - "_ws.expert.message": "Duplicate ACK (#1)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:06.774859000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494046.774859000", - "frame.time_delta": "0.000643000", - "frame.time_delta_displayed": "0.000643000", - "frame.time_relative": "455.314173000", - "frame.number": "1420", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001dcf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009aba", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47422", - "tcp.dstport": "80", - "tcp.port": "47422", - "tcp.port": "80", - "tcp.stream": "61", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00009368", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:06.775310000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494046.775310000", - "frame.time_delta": "0.000451000", - "frame.time_delta_displayed": "0.000451000", - "frame.time_relative": "455.314624000", - "frame.number": "1421", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d804", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e084", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47422", - "tcp.port": "80", - "tcp.port": "47422", - "tcp.stream": "61", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000085fe", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1420", - "tcp.analysis.ack_rtt": "0.000451000", - "tcp.analysis.initial_rtt": "0.003769000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:06.778613000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494046.778613000", - "frame.time_delta": "0.003303000", - "frame.time_delta_displayed": "0.003303000", - "frame.time_relative": "455.317927000", - "frame.number": "1422", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e885", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d003", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47422", - "tcp.dstport": "80", - "tcp.port": "47422", - "tcp.port": "80", - "tcp.stream": "61", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000cb49", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:06.800025000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494046.800025000", - "frame.time_delta": "0.021412000", - "frame.time_delta_displayed": "0.021412000", - "frame.time_relative": "455.339339000", - "frame.number": "1423", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000943c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000231c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "44", - "http.prev_response_in": "1408" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:06.805424000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494046.805424000", - "frame.time_delta": "0.005399000", - "frame.time_delta_displayed": "0.005399000", - "frame.time_relative": "455.344738000", - "frame.number": "1424", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x00004799", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000070dc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47423", - "tcp.dstport": "80", - "tcp.port": "47423", - "tcp.port": "80", - "tcp.stream": "62", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x00009513", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:05:51:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 918865, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "918865", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:06.805968000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494046.805968000", - "frame.time_delta": "0.000544000", - "frame.time_delta_displayed": "0.000544000", - "frame.time_relative": "455.345282000", - "frame.number": "1425", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47423", - "tcp.port": "80", - "tcp.port": "47423", - "tcp.stream": "62", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x000018ce", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "1424", - "tcp.analysis.ack_rtt": "0.000544000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:06.808644000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494046.808644000", - "frame.time_delta": "0.002676000", - "frame.time_delta_displayed": "0.002676000", - "frame.time_relative": "455.347958000", - "frame.number": "1426", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000479a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000070ef", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47423", - "tcp.dstport": "80", - "tcp.port": "47423", - "tcp.port": "80", - "tcp.stream": "62", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000ca55", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1425", - "tcp.analysis.ack_rtt": "0.002676000", - "tcp.analysis.initial_rtt": "0.003220000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:06.808794000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494046.808794000", - "frame.time_delta": "0.000150000", - "frame.time_delta_displayed": "0.000150000", - "frame.time_relative": "455.348108000", - "frame.number": "1427", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x0000479b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000702e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47423", - "tcp.dstport": "80", - "tcp.port": "47423", - "tcp.port": "80", - "tcp.stream": "62", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000029d0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003220000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:06.809242000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494046.809242000", - "frame.time_delta": "0.000448000", - "frame.time_delta_displayed": "0.000448000", - "frame.time_relative": "455.348556000", - "frame.number": "1428", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000cd41", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000eb47", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47423", - "tcp.port": "80", - "tcp.port": "47423", - "tcp.stream": "62", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000bc24", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1427", - "tcp.analysis.ack_rtt": "0.000448000", - "tcp.analysis.initial_rtt": "0.003220000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:06.809982000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494046.809982000", - "frame.time_delta": "0.000740000", - "frame.time_delta_displayed": "0.000740000", - "frame.time_relative": "455.349296000", - "frame.number": "1429", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000cd42", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000eb35", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47423", - "tcp.port": "80", - "tcp.port": "47423", - "tcp.stream": "62", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000fc45", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003220000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:06.810344000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494046.810344000", - "frame.time_delta": "0.000362000", - "frame.time_delta_displayed": "0.000362000", - "frame.time_relative": "455.349658000", - "frame.number": "1430", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000cd43", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e762", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47423", - "tcp.port": "80", - "tcp.port": "47423", - "tcp.stream": "62", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00004eaf", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003220000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "1429", - "tcp.segment": "1430", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001550000", - "http.request_in": "1427", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:06.810773000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494046.810773000", - "frame.time_delta": "0.000429000", - "frame.time_delta_displayed": "0.000429000", - "frame.time_relative": "455.350087000", - "frame.number": "1431", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000cd44", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e761", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47423", - "tcp.port": "80", - "tcp.port": "47423", - "tcp.stream": "62", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00004eaf", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003220000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.out_of_order": "", - "_ws.expert.message": "This frame is a (suspected) out-of-order segment", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - } - } - }, - "_ws.malformed": { - "_ws.expert": { - "_ws.malformed.reassembly": "", - "_ws.expert.message": "New fragment overlaps old data (retransmission?)", - "_ws.expert.severity": "8388608", - "_ws.expert.group": "117440512" - }, - "_ws.malformed": "Malformed Packet" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:06.814231000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494046.814231000", - "frame.time_delta": "0.003458000", - "frame.time_delta_displayed": "0.003458000", - "frame.time_relative": "455.353545000", - "frame.number": "1432", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000479c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000070ed", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47423", - "tcp.dstport": "80", - "tcp.port": "47423", - "tcp.port": "80", - "tcp.stream": "62", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000c984", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1429", - "tcp.analysis.ack_rtt": "0.004249000", - "tcp.analysis.initial_rtt": "0.003220000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:06.814281000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494046.814281000", - "frame.time_delta": "0.000050000", - "frame.time_delta_displayed": "0.000050000", - "frame.time_relative": "455.353595000", - "frame.number": "1433", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000479d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000070ec", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47423", - "tcp.dstport": "80", - "tcp.port": "47423", - "tcp.port": "80", - "tcp.stream": "62", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000c599", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1430", - "tcp.analysis.ack_rtt": "0.003937000", - "tcp.analysis.initial_rtt": "0.003220000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:06.814965000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494046.814965000", - "frame.time_delta": "0.000684000", - "frame.time_delta_displayed": "0.000684000", - "frame.time_relative": "455.354279000", - "frame.number": "1434", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000479e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000070df", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47423", - "tcp.dstport": "80", - "tcp.port": "47423", - "tcp.port": "80", - "tcp.stream": "62", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00001e48", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:05:0a:4c:ca:e9:e0:4c:ca:ed:c4", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "SACK: 18-1014": { - "tcp.option_kind": "5", - "tcp.option_len": "10", - "tcp.options.sack": "1", - "tcp.options.sack_le": "18", - "tcp.options.sack_re": "1014", - "tcp.options.sack.count": "1" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003220000", - "tcp.analysis.flags": { - "tcp.analysis.duplicate_ack": "" - }, - "tcp.analysis.duplicate_ack_num": "1", - "tcp.analysis.duplicate_ack_frame": "1433", - "tcp.analysis.duplicate_ack_frame_tree": { - "_ws.expert": { - "tcp.analysis.duplicate_ack": "", - "_ws.expert.message": "Duplicate ACK (#1)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:06.815008000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494046.815008000", - "frame.time_delta": "0.000043000", - "frame.time_delta_displayed": "0.000043000", - "frame.time_relative": "455.354322000", - "frame.number": "1435", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000479f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000070ea", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47423", - "tcp.dstport": "80", - "tcp.port": "47423", - "tcp.port": "80", - "tcp.stream": "62", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000c598", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:06.815417000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494046.815417000", - "frame.time_delta": "0.000409000", - "frame.time_delta_displayed": "0.000409000", - "frame.time_relative": "455.354731000", - "frame.number": "1436", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d807", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e081", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47423", - "tcp.port": "80", - "tcp.port": "47423", - "tcp.stream": "62", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000b82e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1435", - "tcp.analysis.ack_rtt": "0.000409000", - "tcp.analysis.initial_rtt": "0.003220000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:06.818810000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494046.818810000", - "frame.time_delta": "0.003393000", - "frame.time_delta_displayed": "0.003393000", - "frame.time_relative": "455.358124000", - "frame.number": "1437", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e889", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000cfff", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47423", - "tcp.dstport": "80", - "tcp.port": "47423", - "tcp.port": "80", - "tcp.stream": "62", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00000192", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:06.853068000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494046.853068000", - "frame.time_delta": "0.034258000", - "frame.time_delta_displayed": "0.034258000", - "frame.time_relative": "455.392382000", - "frame.number": "1438", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00009441", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000231d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "45", - "http.prev_response_in": "1423" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:06.863066000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494046.863066000", - "frame.time_delta": "0.009998000", - "frame.time_delta_displayed": "0.009998000", - "frame.time_relative": "455.402380000", - "frame.number": "1439", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x0000a6bd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000011b8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47424", - "tcp.dstport": "80", - "tcp.port": "47424", - "tcp.port": "80", - "tcp.stream": "63", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x00008b41", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:05:57:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 918871, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "918871", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:06.863624000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494046.863624000", - "frame.time_delta": "0.000558000", - "frame.time_delta_displayed": "0.000558000", - "frame.time_relative": "455.402938000", - "frame.number": "1440", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47424", - "tcp.port": "80", - "tcp.port": "47424", - "tcp.stream": "63", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00004407", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "1439", - "tcp.analysis.ack_rtt": "0.000558000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:06.867004000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494046.867004000", - "frame.time_delta": "0.003380000", - "frame.time_delta_displayed": "0.003380000", - "frame.time_relative": "455.406318000", - "frame.number": "1441", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000a6be", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000011cb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47424", - "tcp.dstport": "80", - "tcp.port": "47424", - "tcp.port": "80", - "tcp.stream": "63", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000f58e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1440", - "tcp.analysis.ack_rtt": "0.003380000", - "tcp.analysis.initial_rtt": "0.003938000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:06.867130000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494046.867130000", - "frame.time_delta": "0.000126000", - "frame.time_delta_displayed": "0.000126000", - "frame.time_relative": "455.406444000", - "frame.number": "1442", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x0000a6bf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000110a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47424", - "tcp.dstport": "80", - "tcp.port": "47424", - "tcp.port": "80", - "tcp.stream": "63", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00005509", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003938000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:06.867567000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494046.867567000", - "frame.time_delta": "0.000437000", - "frame.time_delta_displayed": "0.000437000", - "frame.time_relative": "455.406881000", - "frame.number": "1443", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00003fcd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000078bc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47424", - "tcp.port": "80", - "tcp.port": "47424", - "tcp.stream": "63", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000e75d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1442", - "tcp.analysis.ack_rtt": "0.000437000", - "tcp.analysis.initial_rtt": "0.003938000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:06.868287000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494046.868287000", - "frame.time_delta": "0.000720000", - "frame.time_delta_displayed": "0.000720000", - "frame.time_relative": "455.407601000", - "frame.number": "1444", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00003fce", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000078aa", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47424", - "tcp.port": "80", - "tcp.port": "47424", - "tcp.stream": "63", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000277f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003938000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:06.868735000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494046.868735000", - "frame.time_delta": "0.000448000", - "frame.time_delta_displayed": "0.000448000", - "frame.time_relative": "455.408049000", - "frame.number": "1445", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00003fcf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000074d7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47424", - "tcp.port": "80", - "tcp.port": "47424", - "tcp.stream": "63", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000079e8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003938000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "1444", - "tcp.segment": "1445", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001605000", - "http.request_in": "1442", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:06.870777000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494046.870777000", - "frame.time_delta": "0.002042000", - "frame.time_delta_displayed": "0.002042000", - "frame.time_relative": "455.410091000", - "frame.number": "1446", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00003fd0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000074d6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47424", - "tcp.port": "80", - "tcp.port": "47424", - "tcp.stream": "63", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000079e8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003938000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.out_of_order": "", - "_ws.expert.message": "This frame is a (suspected) out-of-order segment", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - } - } - }, - "_ws.malformed": { - "_ws.expert": { - "_ws.malformed.reassembly": "", - "_ws.expert.message": "New fragment overlaps old data (retransmission?)", - "_ws.expert.severity": "8388608", - "_ws.expert.group": "117440512" - }, - "_ws.malformed": "Malformed Packet" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:06.871430000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494046.871430000", - "frame.time_delta": "0.000653000", - "frame.time_delta_displayed": "0.000653000", - "frame.time_relative": "455.410744000", - "frame.number": "1447", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000a6c0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000011c9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47424", - "tcp.dstport": "80", - "tcp.port": "47424", - "tcp.port": "80", - "tcp.stream": "63", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000f4bd", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1444", - "tcp.analysis.ack_rtt": "0.003143000", - "tcp.analysis.initial_rtt": "0.003938000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:06.871480000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494046.871480000", - "frame.time_delta": "0.000050000", - "frame.time_delta_displayed": "0.000050000", - "frame.time_relative": "455.410794000", - "frame.number": "1448", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000a6c1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000011c8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47424", - "tcp.dstport": "80", - "tcp.port": "47424", - "tcp.port": "80", - "tcp.stream": "63", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000f0d2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1445", - "tcp.analysis.ack_rtt": "0.002745000", - "tcp.analysis.initial_rtt": "0.003938000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:06.876227000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494046.876227000", - "frame.time_delta": "0.004747000", - "frame.time_delta_displayed": "0.004747000", - "frame.time_relative": "455.415541000", - "frame.number": "1449", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000a6c2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000011bb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47424", - "tcp.dstport": "80", - "tcp.port": "47424", - "tcp.port": "80", - "tcp.stream": "63", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000b38b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:05:0a:e6:3b:1b:6a:e6:3b:1f:4e", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "SACK: 18-1014": { - "tcp.option_kind": "5", - "tcp.option_len": "10", - "tcp.options.sack": "1", - "tcp.options.sack_le": "18", - "tcp.options.sack_re": "1014", - "tcp.options.sack.count": "1" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003938000", - "tcp.analysis.flags": { - "tcp.analysis.duplicate_ack": "" - }, - "tcp.analysis.duplicate_ack_num": "1", - "tcp.analysis.duplicate_ack_frame": "1448", - "tcp.analysis.duplicate_ack_frame_tree": { - "_ws.expert": { - "tcp.analysis.duplicate_ack": "", - "_ws.expert.message": "Duplicate ACK (#1)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:06.876639000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494046.876639000", - "frame.time_delta": "0.000412000", - "frame.time_delta_displayed": "0.000412000", - "frame.time_relative": "455.415953000", - "frame.number": "1450", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000a6c3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000011c6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47424", - "tcp.dstport": "80", - "tcp.port": "47424", - "tcp.port": "80", - "tcp.stream": "63", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000f0d1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:06.877051000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494046.877051000", - "frame.time_delta": "0.000412000", - "frame.time_delta_displayed": "0.000412000", - "frame.time_relative": "455.416365000", - "frame.number": "1451", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d80b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e07d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47424", - "tcp.port": "80", - "tcp.port": "47424", - "tcp.stream": "63", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000e367", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1450", - "tcp.analysis.ack_rtt": "0.000412000", - "tcp.analysis.initial_rtt": "0.003938000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:06.880378000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494046.880378000", - "frame.time_delta": "0.003327000", - "frame.time_delta_displayed": "0.003327000", - "frame.time_relative": "455.419692000", - "frame.number": "1452", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e88e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000cffa", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47424", - "tcp.dstport": "80", - "tcp.port": "47424", - "tcp.port": "80", - "tcp.stream": "63", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000f7c5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:07.799485000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494047.799485000", - "frame.time_delta": "0.919107000", - "frame.time_delta_displayed": "0.919107000", - "frame.time_relative": "456.338799000", - "frame.number": "1453", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00009458", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00002309", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "46", - "http.prev_response_in": "1438" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:07.836035000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494047.836035000", - "frame.time_delta": "0.036550000", - "frame.time_delta_displayed": "0.036550000", - "frame.time_relative": "456.375349000", - "frame.number": "1454", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x000038b0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007fc5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47425", - "tcp.dstport": "80", - "tcp.port": "47425", - "tcp.port": "80", - "tcp.stream": "64", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x00004c53", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:05:b8:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 918968, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "918968", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:07.879638000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494047.879638000", - "frame.time_delta": "0.043603000", - "frame.time_delta_displayed": "0.043603000", - "frame.time_relative": "456.418952000", - "frame.number": "1455", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47425", - "tcp.port": "80", - "tcp.port": "47425", - "tcp.stream": "64", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00005132", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "1454", - "tcp.analysis.ack_rtt": "0.043603000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:07.879650000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494047.879650000", - "frame.time_delta": "0.000012000", - "frame.time_delta_displayed": "0.000012000", - "frame.time_relative": "456.418964000", - "frame.number": "1456", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000945c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000022fc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "47", - "http.prev_response_in": "1453" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:07.884022000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494047.884022000", - "frame.time_delta": "0.004372000", - "frame.time_delta_displayed": "0.004372000", - "frame.time_relative": "456.423336000", - "frame.number": "1457", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000038b1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007fd8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47425", - "tcp.dstport": "80", - "tcp.port": "47425", - "tcp.port": "80", - "tcp.stream": "64", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000002ba", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1455", - "tcp.analysis.ack_rtt": "0.004384000", - "tcp.analysis.initial_rtt": "0.047987000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:07.884400000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494047.884400000", - "frame.time_delta": "0.000378000", - "frame.time_delta_displayed": "0.000378000", - "frame.time_relative": "456.423714000", - "frame.number": "1458", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x000038b2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007f17", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47425", - "tcp.dstport": "80", - "tcp.port": "47425", - "tcp.port": "80", - "tcp.stream": "64", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00006234", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.047987000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:07.884861000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494047.884861000", - "frame.time_delta": "0.000461000", - "frame.time_delta_displayed": "0.000461000", - "frame.time_relative": "456.424175000", - "frame.number": "1459", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002059", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009830", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47425", - "tcp.port": "80", - "tcp.port": "47425", - "tcp.stream": "64", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000f488", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1458", - "tcp.analysis.ack_rtt": "0.000461000", - "tcp.analysis.initial_rtt": "0.047987000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:07.885589000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494047.885589000", - "frame.time_delta": "0.000728000", - "frame.time_delta_displayed": "0.000728000", - "frame.time_relative": "456.424903000", - "frame.number": "1460", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000205a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000981e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47425", - "tcp.port": "80", - "tcp.port": "47425", - "tcp.stream": "64", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000034aa", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.047987000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:07.885947000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494047.885947000", - "frame.time_delta": "0.000358000", - "frame.time_delta_displayed": "0.000358000", - "frame.time_relative": "456.425261000", - "frame.number": "1461", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000205b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000944b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47425", - "tcp.port": "80", - "tcp.port": "47425", - "tcp.stream": "64", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00008713", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.047987000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "1460", - "tcp.segment": "1461", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001547000", - "http.request_in": "1458", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:07.889384000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494047.889384000", - "frame.time_delta": "0.003437000", - "frame.time_delta_displayed": "0.003437000", - "frame.time_relative": "456.428698000", - "frame.number": "1462", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000038b3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007fd6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47425", - "tcp.dstport": "80", - "tcp.port": "47425", - "tcp.port": "80", - "tcp.stream": "64", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000001e9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1460", - "tcp.analysis.ack_rtt": "0.003795000", - "tcp.analysis.initial_rtt": "0.047987000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:07.889503000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494047.889503000", - "frame.time_delta": "0.000119000", - "frame.time_delta_displayed": "0.000119000", - "frame.time_relative": "456.428817000", - "frame.number": "1463", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000038b4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007fd5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47425", - "tcp.dstport": "80", - "tcp.port": "47425", - "tcp.port": "80", - "tcp.stream": "64", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000fdfd", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1461", - "tcp.analysis.ack_rtt": "0.003556000", - "tcp.analysis.initial_rtt": "0.047987000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:07.890062000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494047.890062000", - "frame.time_delta": "0.000559000", - "frame.time_delta_displayed": "0.000559000", - "frame.time_relative": "456.429376000", - "frame.number": "1464", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000038b5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007fd4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47425", - "tcp.dstport": "80", - "tcp.port": "47425", - "tcp.port": "80", - "tcp.stream": "64", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000fdfc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:07.890508000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494047.890508000", - "frame.time_delta": "0.000446000", - "frame.time_delta_displayed": "0.000446000", - "frame.time_relative": "456.429822000", - "frame.number": "1465", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d84f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e039", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47425", - "tcp.port": "80", - "tcp.port": "47425", - "tcp.stream": "64", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000f092", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1464", - "tcp.analysis.ack_rtt": "0.000446000", - "tcp.analysis.initial_rtt": "0.047987000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:07.893758000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494047.893758000", - "frame.time_delta": "0.003250000", - "frame.time_delta_displayed": "0.003250000", - "frame.time_relative": "456.433072000", - "frame.number": "1466", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e8da", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000cfae", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47425", - "tcp.dstport": "80", - "tcp.port": "47425", - "tcp.port": "80", - "tcp.stream": "64", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000b938", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:07.906059000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494047.906059000", - "frame.time_delta": "0.012301000", - "frame.time_delta_displayed": "0.012301000", - "frame.time_relative": "456.445373000", - "frame.number": "1467", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000945f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000022ff", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "48", - "http.prev_response_in": "1456" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:07.913004000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494047.913004000", - "frame.time_delta": "0.006945000", - "frame.time_delta_displayed": "0.006945000", - "frame.time_relative": "456.452318000", - "frame.number": "1468", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x0000c0e6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f78e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47426", - "tcp.dstport": "80", - "tcp.port": "47426", - "tcp.port": "80", - "tcp.stream": "65", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x0000a2ce", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:05:c0:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 918976, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "918976", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:07.913519000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494047.913519000", - "frame.time_delta": "0.000515000", - "frame.time_delta_displayed": "0.000515000", - "frame.time_relative": "456.452833000", - "frame.number": "1469", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47426", - "tcp.port": "80", - "tcp.port": "47426", - "tcp.stream": "65", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x000069b0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "1468", - "tcp.analysis.ack_rtt": "0.000515000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:07.916562000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494047.916562000", - "frame.time_delta": "0.003043000", - "frame.time_delta_displayed": "0.003043000", - "frame.time_relative": "456.455876000", - "frame.number": "1470", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000c0e7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f7a1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47426", - "tcp.dstport": "80", - "tcp.port": "47426", - "tcp.port": "80", - "tcp.stream": "65", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00001b38", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1469", - "tcp.analysis.ack_rtt": "0.003043000", - "tcp.analysis.initial_rtt": "0.003558000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:07.917250000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494047.917250000", - "frame.time_delta": "0.000688000", - "frame.time_delta_displayed": "0.000688000", - "frame.time_relative": "456.456564000", - "frame.number": "1471", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x0000c0e8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f6e0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47426", - "tcp.dstport": "80", - "tcp.port": "47426", - "tcp.port": "80", - "tcp.stream": "65", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00007ab2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003558000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:07.917695000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494047.917695000", - "frame.time_delta": "0.000445000", - "frame.time_delta_displayed": "0.000445000", - "frame.time_relative": "456.457009000", - "frame.number": "1472", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000c46b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f41d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47426", - "tcp.port": "80", - "tcp.port": "47426", - "tcp.stream": "65", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00000d07", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1471", - "tcp.analysis.ack_rtt": "0.000445000", - "tcp.analysis.initial_rtt": "0.003558000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:07.918445000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494047.918445000", - "frame.time_delta": "0.000750000", - "frame.time_delta_displayed": "0.000750000", - "frame.time_relative": "456.457759000", - "frame.number": "1473", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000c46c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f40b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47426", - "tcp.port": "80", - "tcp.port": "47426", - "tcp.stream": "65", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00004d28", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003558000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:07.918771000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494047.918771000", - "frame.time_delta": "0.000326000", - "frame.time_delta_displayed": "0.000326000", - "frame.time_relative": "456.458085000", - "frame.number": "1474", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000c46d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f038", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47426", - "tcp.port": "80", - "tcp.port": "47426", - "tcp.stream": "65", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00009f91", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003558000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "1473", - "tcp.segment": "1474", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001521000", - "http.request_in": "1471", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:07.920766000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494047.920766000", - "frame.time_delta": "0.001995000", - "frame.time_delta_displayed": "0.001995000", - "frame.time_relative": "456.460080000", - "frame.number": "1475", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000c46e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f037", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47426", - "tcp.port": "80", - "tcp.port": "47426", - "tcp.stream": "65", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00009f91", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003558000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.out_of_order": "", - "_ws.expert.message": "This frame is a (suspected) out-of-order segment", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - } - } - }, - "_ws.malformed": { - "_ws.expert": { - "_ws.malformed.reassembly": "", - "_ws.expert.message": "New fragment overlaps old data (retransmission?)", - "_ws.expert.severity": "8388608", - "_ws.expert.group": "117440512" - }, - "_ws.malformed": "Malformed Packet" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:07.927038000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494047.927038000", - "frame.time_delta": "0.006272000", - "frame.time_delta_displayed": "0.006272000", - "frame.time_relative": "456.466352000", - "frame.number": "1476", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000c0e9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f79f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47426", - "tcp.dstport": "80", - "tcp.port": "47426", - "tcp.port": "80", - "tcp.stream": "65", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00001a67", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1473", - "tcp.analysis.ack_rtt": "0.008593000", - "tcp.analysis.initial_rtt": "0.003558000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:07.927071000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494047.927071000", - "frame.time_delta": "0.000033000", - "frame.time_delta_displayed": "0.000033000", - "frame.time_relative": "456.466385000", - "frame.number": "1477", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000c0ea", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f79e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47426", - "tcp.dstport": "80", - "tcp.port": "47426", - "tcp.port": "80", - "tcp.stream": "65", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000167c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1474", - "tcp.analysis.ack_rtt": "0.008300000", - "tcp.analysis.initial_rtt": "0.003558000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:07.927105000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494047.927105000", - "frame.time_delta": "0.000034000", - "frame.time_delta_displayed": "0.000034000", - "frame.time_relative": "456.466419000", - "frame.number": "1478", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000c0eb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f791", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47426", - "tcp.dstport": "80", - "tcp.port": "47426", - "tcp.port": "80", - "tcp.stream": "65", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000f49a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:05:0a:13:4b:e0:a7:13:4b:e4:8b", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "SACK: 18-1014": { - "tcp.option_kind": "5", - "tcp.option_len": "10", - "tcp.options.sack": "1", - "tcp.options.sack_le": "18", - "tcp.options.sack_re": "1014", - "tcp.options.sack.count": "1" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003558000", - "tcp.analysis.flags": { - "tcp.analysis.duplicate_ack": "" - }, - "tcp.analysis.duplicate_ack_num": "1", - "tcp.analysis.duplicate_ack_frame": "1477", - "tcp.analysis.duplicate_ack_frame_tree": { - "_ws.expert": { - "tcp.analysis.duplicate_ack": "", - "_ws.expert.message": "Duplicate ACK (#1)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:07.927624000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494047.927624000", - "frame.time_delta": "0.000519000", - "frame.time_delta_displayed": "0.000519000", - "frame.time_relative": "456.466938000", - "frame.number": "1479", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000c0ec", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f79c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47426", - "tcp.dstport": "80", - "tcp.port": "47426", - "tcp.port": "80", - "tcp.stream": "65", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000167b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:07.927999000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494047.927999000", - "frame.time_delta": "0.000375000", - "frame.time_delta_displayed": "0.000375000", - "frame.time_relative": "456.467313000", - "frame.number": "1480", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d853", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e035", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47426", - "tcp.port": "80", - "tcp.port": "47426", - "tcp.stream": "65", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00000911", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1479", - "tcp.analysis.ack_rtt": "0.000375000", - "tcp.analysis.initial_rtt": "0.003558000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:07.930776000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494047.930776000", - "frame.time_delta": "0.002777000", - "frame.time_delta_displayed": "0.002777000", - "frame.time_relative": "456.470090000", - "frame.number": "1481", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e8db", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000cfad", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47426", - "tcp.dstport": "80", - "tcp.port": "47426", - "tcp.port": "80", - "tcp.stream": "65", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00000fbc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:08.853182000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494048.853182000", - "frame.time_delta": "0.922406000", - "frame.time_delta_displayed": "0.922406000", - "frame.time_relative": "457.392496000", - "frame.number": "1482", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00009480", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000022e1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "49", - "http.prev_response_in": "1467" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:08.906005000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494048.906005000", - "frame.time_delta": "0.052823000", - "frame.time_delta_displayed": "0.052823000", - "frame.time_relative": "457.445319000", - "frame.number": "1483", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00009481", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000022d7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "50", - "http.prev_response_in": "1482" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:08.958795000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494048.958795000", - "frame.time_delta": "0.052790000", - "frame.time_delta_displayed": "0.052790000", - "frame.time_relative": "457.498109000", - "frame.number": "1484", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00009484", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000022da", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "51", - "http.prev_response_in": "1483" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:08.962504000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494048.962504000", - "frame.time_delta": "0.003709000", - "frame.time_delta_displayed": "0.003709000", - "frame.time_relative": "457.501818000", - "frame.number": "1485", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x000013bd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a4b8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47427", - "tcp.dstport": "80", - "tcp.port": "47427", - "tcp.port": "80", - "tcp.stream": "66", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x00009131", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:06:28:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 919080, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "919080", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:08.963041000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494048.963041000", - "frame.time_delta": "0.000537000", - "frame.time_delta_displayed": "0.000537000", - "frame.time_relative": "457.502355000", - "frame.number": "1486", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47427", - "tcp.port": "80", - "tcp.port": "47427", - "tcp.stream": "66", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000428c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "1485", - "tcp.analysis.ack_rtt": "0.000537000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:08.966782000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494048.966782000", - "frame.time_delta": "0.003741000", - "frame.time_delta_displayed": "0.003741000", - "frame.time_relative": "457.506096000", - "frame.number": "1487", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000013be", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a4cb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47427", - "tcp.dstport": "80", - "tcp.port": "47427", - "tcp.port": "80", - "tcp.stream": "66", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000f413", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1486", - "tcp.analysis.ack_rtt": "0.003741000", - "tcp.analysis.initial_rtt": "0.004278000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:08.966889000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494048.966889000", - "frame.time_delta": "0.000107000", - "frame.time_delta_displayed": "0.000107000", - "frame.time_relative": "457.506203000", - "frame.number": "1488", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x000013bf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a40a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47427", - "tcp.dstport": "80", - "tcp.port": "47427", - "tcp.port": "80", - "tcp.stream": "66", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000538e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004278000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:08.967329000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494048.967329000", - "frame.time_delta": "0.000440000", - "frame.time_delta_displayed": "0.000440000", - "frame.time_relative": "457.506643000", - "frame.number": "1489", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005a57", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005e32", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47427", - "tcp.port": "80", - "tcp.port": "47427", - "tcp.stream": "66", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000e5e2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1488", - "tcp.analysis.ack_rtt": "0.000440000", - "tcp.analysis.initial_rtt": "0.004278000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:08.968010000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494048.968010000", - "frame.time_delta": "0.000681000", - "frame.time_delta_displayed": "0.000681000", - "frame.time_relative": "457.507324000", - "frame.number": "1490", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00005a58", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005e20", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47427", - "tcp.port": "80", - "tcp.port": "47427", - "tcp.stream": "66", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00002604", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004278000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:08.968367000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494048.968367000", - "frame.time_delta": "0.000357000", - "frame.time_delta_displayed": "0.000357000", - "frame.time_relative": "457.507681000", - "frame.number": "1491", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00005a59", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005a4d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47427", - "tcp.port": "80", - "tcp.port": "47427", - "tcp.stream": "66", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000786d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004278000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "1490", - "tcp.segment": "1491", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001478000", - "http.request_in": "1488", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:08.970777000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494048.970777000", - "frame.time_delta": "0.002410000", - "frame.time_delta_displayed": "0.002410000", - "frame.time_relative": "457.510091000", - "frame.number": "1492", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00005a5a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005a4c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47427", - "tcp.port": "80", - "tcp.port": "47427", - "tcp.stream": "66", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000786d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004278000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.out_of_order": "", - "_ws.expert.message": "This frame is a (suspected) out-of-order segment", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - } - } - }, - "_ws.malformed": { - "_ws.expert": { - "_ws.malformed.reassembly": "", - "_ws.expert.message": "New fragment overlaps old data (retransmission?)", - "_ws.expert.severity": "8388608", - "_ws.expert.group": "117440512" - }, - "_ws.malformed": "Malformed Packet" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:08.972082000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494048.972082000", - "frame.time_delta": "0.001305000", - "frame.time_delta_displayed": "0.001305000", - "frame.time_relative": "457.511396000", - "frame.number": "1493", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000013c0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a4c9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47427", - "tcp.dstport": "80", - "tcp.port": "47427", - "tcp.port": "80", - "tcp.stream": "66", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000f342", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1490", - "tcp.analysis.ack_rtt": "0.004072000", - "tcp.analysis.initial_rtt": "0.004278000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:08.972193000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494048.972193000", - "frame.time_delta": "0.000111000", - "frame.time_delta_displayed": "0.000111000", - "frame.time_relative": "457.511507000", - "frame.number": "1494", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000013c1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a4c8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47427", - "tcp.dstport": "80", - "tcp.port": "47427", - "tcp.port": "80", - "tcp.stream": "66", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000ef57", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1491", - "tcp.analysis.ack_rtt": "0.003826000", - "tcp.analysis.initial_rtt": "0.004278000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:08.975072000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494048.975072000", - "frame.time_delta": "0.002879000", - "frame.time_delta_displayed": "0.002879000", - "frame.time_relative": "457.514386000", - "frame.number": "1495", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x000013c2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a4bb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47427", - "tcp.dstport": "80", - "tcp.port": "47427", - "tcp.port": "80", - "tcp.stream": "66", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000a198", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:05:0a:8a:9f:7f:42:8a:9f:83:26", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "SACK: 18-1014": { - "tcp.option_kind": "5", - "tcp.option_len": "10", - "tcp.options.sack": "1", - "tcp.options.sack_le": "18", - "tcp.options.sack_re": "1014", - "tcp.options.sack.count": "1" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004278000", - "tcp.analysis.flags": { - "tcp.analysis.duplicate_ack": "" - }, - "tcp.analysis.duplicate_ack_num": "1", - "tcp.analysis.duplicate_ack_frame": "1494", - "tcp.analysis.duplicate_ack_frame_tree": { - "_ws.expert": { - "tcp.analysis.duplicate_ack": "", - "_ws.expert.message": "Duplicate ACK (#1)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:08.975822000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494048.975822000", - "frame.time_delta": "0.000750000", - "frame.time_delta_displayed": "0.000750000", - "frame.time_relative": "457.515136000", - "frame.number": "1496", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000013c3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a4c6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47427", - "tcp.dstport": "80", - "tcp.port": "47427", - "tcp.port": "80", - "tcp.stream": "66", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000ef56", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:08.976242000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494048.976242000", - "frame.time_delta": "0.000420000", - "frame.time_delta_displayed": "0.000420000", - "frame.time_relative": "457.515556000", - "frame.number": "1497", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d864", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e024", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47427", - "tcp.port": "80", - "tcp.port": "47427", - "tcp.stream": "66", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000e1ec", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1496", - "tcp.analysis.ack_rtt": "0.000420000", - "tcp.analysis.initial_rtt": "0.004278000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:08.979843000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494048.979843000", - "frame.time_delta": "0.003601000", - "frame.time_delta_displayed": "0.003601000", - "frame.time_relative": "457.519157000", - "frame.number": "1498", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e925", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000cf63", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47427", - "tcp.dstport": "80", - "tcp.port": "47427", - "tcp.port": "80", - "tcp.stream": "66", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000fe86", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:09.390205000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494049.390205000", - "frame.time_delta": "0.410362000", - "frame.time_delta_displayed": "0.410362000", - "frame.time_relative": "457.929519000", - "frame.number": "1499", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.160" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:09.390627000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494049.390627000", - "frame.time_delta": "0.000422000", - "frame.time_delta_displayed": "0.000422000", - "frame.time_relative": "457.929941000", - "frame.number": "1500", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "00:17:88:69:ee:e4", - "arp.src.proto_ipv4": "192.168.0.160", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:09.904943000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494049.904943000", - "frame.time_delta": "0.514316000", - "frame.time_delta_displayed": "0.514316000", - "frame.time_relative": "458.444257000", - "frame.number": "1501", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x000094aa", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000022b7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "52", - "http.prev_response_in": "1484" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:09.958553000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494049.958553000", - "frame.time_delta": "0.053610000", - "frame.time_delta_displayed": "0.053610000", - "frame.time_relative": "458.497867000", - "frame.number": "1502", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x000094ad", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000022ab", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "53", - "http.prev_response_in": "1501" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:09.984525000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494049.984525000", - "frame.time_delta": "0.025972000", - "frame.time_delta_displayed": "0.025972000", - "frame.time_relative": "458.523839000", - "frame.number": "1503", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x0000dbe4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000dc90", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47428", - "tcp.dstport": "80", - "tcp.port": "47428", - "tcp.port": "80", - "tcp.stream": "67", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x0000c12d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:06:8f:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 919183, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "919183", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:09.985049000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494049.985049000", - "frame.time_delta": "0.000524000", - "frame.time_delta_displayed": "0.000524000", - "frame.time_relative": "458.524363000", - "frame.number": "1504", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47428", - "tcp.port": "80", - "tcp.port": "47428", - "tcp.stream": "67", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00000e84", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "1503", - "tcp.analysis.ack_rtt": "0.000524000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:09.988148000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494049.988148000", - "frame.time_delta": "0.003099000", - "frame.time_delta_displayed": "0.003099000", - "frame.time_relative": "458.527462000", - "frame.number": "1505", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000dbe5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000dca3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47428", - "tcp.dstport": "80", - "tcp.port": "47428", - "tcp.port": "80", - "tcp.stream": "67", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000c00b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1504", - "tcp.analysis.ack_rtt": "0.003099000", - "tcp.analysis.initial_rtt": "0.003623000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:09.988277000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494049.988277000", - "frame.time_delta": "0.000129000", - "frame.time_delta_displayed": "0.000129000", - "frame.time_relative": "458.527591000", - "frame.number": "1506", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x0000dbe6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000dbe2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47428", - "tcp.dstport": "80", - "tcp.port": "47428", - "tcp.port": "80", - "tcp.stream": "67", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00001f86", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003623000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:09.988690000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494049.988690000", - "frame.time_delta": "0.000413000", - "frame.time_delta_displayed": "0.000413000", - "frame.time_relative": "458.528004000", - "frame.number": "1507", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00003cca", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007bbf", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47428", - "tcp.port": "80", - "tcp.port": "47428", - "tcp.stream": "67", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000b1da", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1506", - "tcp.analysis.ack_rtt": "0.000413000", - "tcp.analysis.initial_rtt": "0.003623000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:09.989456000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494049.989456000", - "frame.time_delta": "0.000766000", - "frame.time_delta_displayed": "0.000766000", - "frame.time_relative": "458.528770000", - "frame.number": "1508", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00003ccb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007bad", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47428", - "tcp.port": "80", - "tcp.port": "47428", - "tcp.stream": "67", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000f1fb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003623000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:09.989809000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494049.989809000", - "frame.time_delta": "0.000353000", - "frame.time_delta_displayed": "0.000353000", - "frame.time_relative": "458.529123000", - "frame.number": "1509", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00003ccc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000077da", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47428", - "tcp.port": "80", - "tcp.port": "47428", - "tcp.stream": "67", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00004465", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003623000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "1508", - "tcp.segment": "1509", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001532000", - "http.request_in": "1506", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:09.990764000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494049.990764000", - "frame.time_delta": "0.000955000", - "frame.time_delta_displayed": "0.000955000", - "frame.time_relative": "458.530078000", - "frame.number": "1510", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00003ccd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000077d9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47428", - "tcp.port": "80", - "tcp.port": "47428", - "tcp.stream": "67", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00004465", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003623000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.out_of_order": "", - "_ws.expert.message": "This frame is a (suspected) out-of-order segment", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - } - } - }, - "_ws.malformed": { - "_ws.expert": { - "_ws.malformed.reassembly": "", - "_ws.expert.message": "New fragment overlaps old data (retransmission?)", - "_ws.expert.severity": "8388608", - "_ws.expert.group": "117440512" - }, - "_ws.malformed": "Malformed Packet" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:09.992664000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494049.992664000", - "frame.time_delta": "0.001900000", - "frame.time_delta_displayed": "0.001900000", - "frame.time_relative": "458.531978000", - "frame.number": "1511", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000dbe7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000dca1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47428", - "tcp.dstport": "80", - "tcp.port": "47428", - "tcp.port": "80", - "tcp.stream": "67", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000bf3a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1508", - "tcp.analysis.ack_rtt": "0.003208000", - "tcp.analysis.initial_rtt": "0.003623000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:09.992780000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494049.992780000", - "frame.time_delta": "0.000116000", - "frame.time_delta_displayed": "0.000116000", - "frame.time_relative": "458.532094000", - "frame.number": "1512", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000dbe8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000dca0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47428", - "tcp.dstport": "80", - "tcp.port": "47428", - "tcp.port": "80", - "tcp.stream": "67", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000bb4f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1509", - "tcp.analysis.ack_rtt": "0.002971000", - "tcp.analysis.initial_rtt": "0.003623000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:09.993567000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494049.993567000", - "frame.time_delta": "0.000787000", - "frame.time_delta_displayed": "0.000787000", - "frame.time_relative": "458.532881000", - "frame.number": "1513", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000dbe9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000dc9f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47428", - "tcp.dstport": "80", - "tcp.port": "47428", - "tcp.port": "80", - "tcp.stream": "67", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000bb4e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:09.993687000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494049.993687000", - "frame.time_delta": "0.000120000", - "frame.time_delta_displayed": "0.000120000", - "frame.time_relative": "458.533001000", - "frame.number": "1514", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e935", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000cf53", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47428", - "tcp.dstport": "80", - "tcp.port": "47428", - "tcp.port": "80", - "tcp.stream": "67", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00002eeb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:09.993961000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494049.993961000", - "frame.time_delta": "0.000274000", - "frame.time_delta_displayed": "0.000274000", - "frame.time_relative": "458.533275000", - "frame.number": "1515", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d89a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000dfee", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47428", - "tcp.port": "80", - "tcp.port": "47428", - "tcp.stream": "67", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000ade4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1513", - "tcp.analysis.ack_rtt": "0.000394000", - "tcp.analysis.initial_rtt": "0.003623000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:09.997934000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494049.997934000", - "frame.time_delta": "0.003973000", - "frame.time_delta_displayed": "0.003973000", - "frame.time_relative": "458.537248000", - "frame.number": "1516", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e936", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000cf52", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47428", - "tcp.dstport": "80", - "tcp.port": "47428", - "tcp.port": "80", - "tcp.stream": "67", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00002eea", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:10.011238000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494050.011238000", - "frame.time_delta": "0.013304000", - "frame.time_delta_displayed": "0.013304000", - "frame.time_relative": "458.550552000", - "frame.number": "1517", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x000094ae", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000022b0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "54", - "http.prev_response_in": "1502" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:10.020486000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494050.020486000", - "frame.time_delta": "0.009248000", - "frame.time_delta_displayed": "0.009248000", - "frame.time_relative": "458.559800000", - "frame.number": "1518", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x0000c089", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f7eb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47429", - "tcp.dstport": "80", - "tcp.port": "47429", - "tcp.port": "80", - "tcp.stream": "68", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x00003e53", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:06:92:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 919186, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "919186", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:10.021014000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494050.021014000", - "frame.time_delta": "0.000528000", - "frame.time_delta_displayed": "0.000528000", - "frame.time_relative": "458.560328000", - "frame.number": "1519", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47429", - "tcp.port": "80", - "tcp.port": "47429", - "tcp.stream": "68", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000a962", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "1518", - "tcp.analysis.ack_rtt": "0.000528000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:10.024085000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494050.024085000", - "frame.time_delta": "0.003071000", - "frame.time_delta_displayed": "0.003071000", - "frame.time_relative": "458.563399000", - "frame.number": "1520", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000c08a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f7fe", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47429", - "tcp.dstport": "80", - "tcp.port": "47429", - "tcp.port": "80", - "tcp.stream": "68", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00005aea", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1519", - "tcp.analysis.ack_rtt": "0.003071000", - "tcp.analysis.initial_rtt": "0.003599000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:10.024213000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494050.024213000", - "frame.time_delta": "0.000128000", - "frame.time_delta_displayed": "0.000128000", - "frame.time_relative": "458.563527000", - "frame.number": "1521", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x0000c08b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f73d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47429", - "tcp.dstport": "80", - "tcp.port": "47429", - "tcp.port": "80", - "tcp.stream": "68", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000ba64", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003599000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:10.024622000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494050.024622000", - "frame.time_delta": "0.000409000", - "frame.time_delta_displayed": "0.000409000", - "frame.time_relative": "458.563936000", - "frame.number": "1522", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e158", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d730", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47429", - "tcp.port": "80", - "tcp.port": "47429", - "tcp.stream": "68", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00004cb9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1521", - "tcp.analysis.ack_rtt": "0.000409000", - "tcp.analysis.initial_rtt": "0.003599000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:10.025316000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494050.025316000", - "frame.time_delta": "0.000694000", - "frame.time_delta_displayed": "0.000694000", - "frame.time_relative": "458.564630000", - "frame.number": "1523", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000e159", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d71e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47429", - "tcp.port": "80", - "tcp.port": "47429", - "tcp.stream": "68", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00008cda", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003599000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:10.025755000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494050.025755000", - "frame.time_delta": "0.000439000", - "frame.time_delta_displayed": "0.000439000", - "frame.time_relative": "458.565069000", - "frame.number": "1524", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000e15a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d34b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47429", - "tcp.port": "80", - "tcp.port": "47429", - "tcp.stream": "68", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000df43", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003599000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "1523", - "tcp.segment": "1524", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001542000", - "http.request_in": "1521", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:10.028000000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494050.028000000", - "frame.time_delta": "0.002245000", - "frame.time_delta_displayed": "0.002245000", - "frame.time_relative": "458.567314000", - "frame.number": "1525", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000c08c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f7fc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47429", - "tcp.dstport": "80", - "tcp.port": "47429", - "tcp.port": "80", - "tcp.stream": "68", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00005a19", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1523", - "tcp.analysis.ack_rtt": "0.002684000", - "tcp.analysis.initial_rtt": "0.003599000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:10.029152000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494050.029152000", - "frame.time_delta": "0.001152000", - "frame.time_delta_displayed": "0.001152000", - "frame.time_relative": "458.568466000", - "frame.number": "1526", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000c08d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f7fb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47429", - "tcp.dstport": "80", - "tcp.port": "47429", - "tcp.port": "80", - "tcp.stream": "68", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000562e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1524", - "tcp.analysis.ack_rtt": "0.003397000", - "tcp.analysis.initial_rtt": "0.003599000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:10.029842000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494050.029842000", - "frame.time_delta": "0.000690000", - "frame.time_delta_displayed": "0.000690000", - "frame.time_relative": "458.569156000", - "frame.number": "1527", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000c08e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f7fa", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47429", - "tcp.dstport": "80", - "tcp.port": "47429", - "tcp.port": "80", - "tcp.stream": "68", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000562d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:10.030288000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494050.030288000", - "frame.time_delta": "0.000446000", - "frame.time_delta_displayed": "0.000446000", - "frame.time_relative": "458.569602000", - "frame.number": "1528", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d89c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000dfec", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47429", - "tcp.port": "80", - "tcp.port": "47429", - "tcp.stream": "68", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000048c3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1527", - "tcp.analysis.ack_rtt": "0.000446000", - "tcp.analysis.initial_rtt": "0.003599000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:10.033579000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494050.033579000", - "frame.time_delta": "0.003291000", - "frame.time_delta_displayed": "0.003291000", - "frame.time_relative": "458.572893000", - "frame.number": "1529", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e938", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000cf50", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47429", - "tcp.dstport": "80", - "tcp.port": "47429", - "tcp.port": "80", - "tcp.stream": "68", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000ac12", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:10.212922000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494050.212922000", - "frame.time_delta": "0.179343000", - "frame.time_delta_displayed": "0.179343000", - "frame.time_relative": "458.752236000", - "frame.number": "1530", - "frame.len": "98", - "frame.cap_len": "98", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "84", - "ip.id": "0x00000aa2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ee0e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "64", - "udp.checksum": "0x0000ab7f", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "38:00:00:54:42:52:4b:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:00:44:b5:65:1c:d7:cc:f2:14:13:00:00:00:00:70:a6:c7:74:f0:da:13:00:00:00:00:00:00:00:00:01:00:02:00", - "data.len": "56" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:11.063513000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494051.063513000", - "frame.time_delta": "0.850591000", - "frame.time_delta_displayed": "0.850591000", - "frame.time_relative": "459.602827000", - "frame.number": "1531", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00009506", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000225b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "55", - "http.prev_response_in": "1517" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:11.116348000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494051.116348000", - "frame.time_delta": "0.052835000", - "frame.time_delta_displayed": "0.052835000", - "frame.time_relative": "459.655662000", - "frame.number": "1532", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00009508", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00002250", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "56", - "http.prev_response_in": "1531" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:11.117545000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494051.117545000", - "frame.time_delta": "0.001197000", - "frame.time_delta_displayed": "0.001197000", - "frame.time_relative": "459.656859000", - "frame.number": "1533", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x0000c8f0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ef84", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47430", - "tcp.dstport": "80", - "tcp.port": "47430", - "tcp.port": "80", - "tcp.stream": "69", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x0000cff4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:07:00:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 919296, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "919296", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:11.118069000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494051.118069000", - "frame.time_delta": "0.000524000", - "frame.time_delta_displayed": "0.000524000", - "frame.time_relative": "459.657383000", - "frame.number": "1534", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47430", - "tcp.port": "80", - "tcp.port": "47430", - "tcp.stream": "69", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x000011fe", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "1533", - "tcp.analysis.ack_rtt": "0.000524000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:11.121667000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494051.121667000", - "frame.time_delta": "0.003598000", - "frame.time_delta_displayed": "0.003598000", - "frame.time_relative": "459.660981000", - "frame.number": "1535", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000c8f1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ef97", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47430", - "tcp.dstport": "80", - "tcp.port": "47430", - "tcp.port": "80", - "tcp.stream": "69", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000c385", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1534", - "tcp.analysis.ack_rtt": "0.003598000", - "tcp.analysis.initial_rtt": "0.004122000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:11.122481000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494051.122481000", - "frame.time_delta": "0.000814000", - "frame.time_delta_displayed": "0.000814000", - "frame.time_relative": "459.661795000", - "frame.number": "1536", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x0000c8f2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000eed6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47430", - "tcp.dstport": "80", - "tcp.port": "47430", - "tcp.port": "80", - "tcp.stream": "69", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00002300", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004122000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:11.122956000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494051.122956000", - "frame.time_delta": "0.000475000", - "frame.time_delta_displayed": "0.000475000", - "frame.time_relative": "459.662270000", - "frame.number": "1537", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d72f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e159", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47430", - "tcp.port": "80", - "tcp.port": "47430", - "tcp.stream": "69", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000b554", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1536", - "tcp.analysis.ack_rtt": "0.000475000", - "tcp.analysis.initial_rtt": "0.004122000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:11.123681000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494051.123681000", - "frame.time_delta": "0.000725000", - "frame.time_delta_displayed": "0.000725000", - "frame.time_relative": "459.662995000", - "frame.number": "1538", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000d730", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e147", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47430", - "tcp.port": "80", - "tcp.port": "47430", - "tcp.stream": "69", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000f575", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004122000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:11.124034000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494051.124034000", - "frame.time_delta": "0.000353000", - "frame.time_delta_displayed": "0.000353000", - "frame.time_relative": "459.663348000", - "frame.number": "1539", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000d731", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000dd74", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47430", - "tcp.port": "80", - "tcp.port": "47430", - "tcp.stream": "69", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000047df", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004122000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "1538", - "tcp.segment": "1539", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001553000", - "http.request_in": "1536", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:11.128164000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494051.128164000", - "frame.time_delta": "0.004130000", - "frame.time_delta_displayed": "0.004130000", - "frame.time_relative": "459.667478000", - "frame.number": "1540", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000c8f3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ef95", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47430", - "tcp.dstport": "80", - "tcp.port": "47430", - "tcp.port": "80", - "tcp.stream": "69", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000c2b4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1538", - "tcp.analysis.ack_rtt": "0.004483000", - "tcp.analysis.initial_rtt": "0.004122000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:11.129291000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494051.129291000", - "frame.time_delta": "0.001127000", - "frame.time_delta_displayed": "0.001127000", - "frame.time_relative": "459.668605000", - "frame.number": "1541", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000c8f4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ef94", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47430", - "tcp.dstport": "80", - "tcp.port": "47430", - "tcp.port": "80", - "tcp.stream": "69", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000bec9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1539", - "tcp.analysis.ack_rtt": "0.005257000", - "tcp.analysis.initial_rtt": "0.004122000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:11.130923000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494051.130923000", - "frame.time_delta": "0.001632000", - "frame.time_delta_displayed": "0.001632000", - "frame.time_relative": "459.670237000", - "frame.number": "1542", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000c8f5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ef93", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47430", - "tcp.dstport": "80", - "tcp.port": "47430", - "tcp.port": "80", - "tcp.stream": "69", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000bec8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:11.131378000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494051.131378000", - "frame.time_delta": "0.000455000", - "frame.time_delta_displayed": "0.000455000", - "frame.time_relative": "459.670692000", - "frame.number": "1543", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d8fe", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000df8a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47430", - "tcp.port": "80", - "tcp.port": "47430", - "tcp.stream": "69", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000b15e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1542", - "tcp.analysis.ack_rtt": "0.000455000", - "tcp.analysis.initial_rtt": "0.004122000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:11.135954000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494051.135954000", - "frame.time_delta": "0.004576000", - "frame.time_delta_displayed": "0.004576000", - "frame.time_relative": "459.675268000", - "frame.number": "1544", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e947", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000cf41", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47430", - "tcp.dstport": "80", - "tcp.port": "47430", - "tcp.port": "80", - "tcp.stream": "69", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00003e22", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:11.169018000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494051.169018000", - "frame.time_delta": "0.033064000", - "frame.time_delta_displayed": "0.033064000", - "frame.time_relative": "459.708332000", - "frame.number": "1545", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00009509", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00002255", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "57", - "http.prev_response_in": "1532" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:11.185085000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494051.185085000", - "frame.time_delta": "0.016067000", - "frame.time_delta_displayed": "0.016067000", - "frame.time_relative": "459.724399000", - "frame.number": "1546", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x0000360b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000826a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47431", - "tcp.dstport": "80", - "tcp.port": "47431", - "tcp.port": "80", - "tcp.stream": "70", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x0000af7f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:07:07:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 919303, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "919303", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:11.185643000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494051.185643000", - "frame.time_delta": "0.000558000", - "frame.time_delta_displayed": "0.000558000", - "frame.time_relative": "459.724957000", - "frame.number": "1547", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47431", - "tcp.port": "80", - "tcp.port": "47431", - "tcp.stream": "70", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00007360", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "1546", - "tcp.analysis.ack_rtt": "0.000558000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:11.190196000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494051.190196000", - "frame.time_delta": "0.004553000", - "frame.time_delta_displayed": "0.004553000", - "frame.time_relative": "459.729510000", - "frame.number": "1548", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000360c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000827d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47431", - "tcp.dstport": "80", - "tcp.port": "47431", - "tcp.port": "80", - "tcp.stream": "70", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000024e8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1547", - "tcp.analysis.ack_rtt": "0.004553000", - "tcp.analysis.initial_rtt": "0.005111000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:11.190776000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494051.190776000", - "frame.time_delta": "0.000580000", - "frame.time_delta_displayed": "0.000580000", - "frame.time_relative": "459.730090000", - "frame.number": "1549", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x0000360d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000081bc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47431", - "tcp.dstport": "80", - "tcp.port": "47431", - "tcp.port": "80", - "tcp.stream": "70", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00008462", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005111000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:11.191273000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494051.191273000", - "frame.time_delta": "0.000497000", - "frame.time_delta_displayed": "0.000497000", - "frame.time_relative": "459.730587000", - "frame.number": "1550", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000dee0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d9a8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47431", - "tcp.port": "80", - "tcp.port": "47431", - "tcp.stream": "70", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000016b7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1549", - "tcp.analysis.ack_rtt": "0.000497000", - "tcp.analysis.initial_rtt": "0.005111000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:11.191923000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494051.191923000", - "frame.time_delta": "0.000650000", - "frame.time_delta_displayed": "0.000650000", - "frame.time_relative": "459.731237000", - "frame.number": "1551", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000dee1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d996", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47431", - "tcp.port": "80", - "tcp.port": "47431", - "tcp.stream": "70", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000056d8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005111000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:11.192291000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494051.192291000", - "frame.time_delta": "0.000368000", - "frame.time_delta_displayed": "0.000368000", - "frame.time_relative": "459.731605000", - "frame.number": "1552", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000dee2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d5c3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47431", - "tcp.port": "80", - "tcp.port": "47431", - "tcp.stream": "70", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000a941", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005111000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "1551", - "tcp.segment": "1552", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001515000", - "http.request_in": "1549", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:11.197954000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494051.197954000", - "frame.time_delta": "0.005663000", - "frame.time_delta_displayed": "0.005663000", - "frame.time_relative": "459.737268000", - "frame.number": "1553", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000360e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000827b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47431", - "tcp.dstport": "80", - "tcp.port": "47431", - "tcp.port": "80", - "tcp.stream": "70", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00002417", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1551", - "tcp.analysis.ack_rtt": "0.006031000", - "tcp.analysis.initial_rtt": "0.005111000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:11.198446000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494051.198446000", - "frame.time_delta": "0.000492000", - "frame.time_delta_displayed": "0.000492000", - "frame.time_relative": "459.737760000", - "frame.number": "1554", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000360f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000827a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47431", - "tcp.dstport": "80", - "tcp.port": "47431", - "tcp.port": "80", - "tcp.stream": "70", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000202c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1552", - "tcp.analysis.ack_rtt": "0.006155000", - "tcp.analysis.initial_rtt": "0.005111000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:11.199922000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494051.199922000", - "frame.time_delta": "0.001476000", - "frame.time_delta_displayed": "0.001476000", - "frame.time_relative": "459.739236000", - "frame.number": "1555", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00003610", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008279", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47431", - "tcp.dstport": "80", - "tcp.port": "47431", - "tcp.port": "80", - "tcp.stream": "70", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000202b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:11.200381000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494051.200381000", - "frame.time_delta": "0.000459000", - "frame.time_delta_displayed": "0.000459000", - "frame.time_relative": "459.739695000", - "frame.number": "1556", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d8ff", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000df89", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47431", - "tcp.port": "80", - "tcp.port": "47431", - "tcp.stream": "70", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000012c1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1555", - "tcp.analysis.ack_rtt": "0.000459000", - "tcp.analysis.initial_rtt": "0.005111000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:11.205455000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494051.205455000", - "frame.time_delta": "0.005074000", - "frame.time_delta_displayed": "0.005074000", - "frame.time_relative": "459.744769000", - "frame.number": "1557", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e948", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000cf40", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47431", - "tcp.dstport": "80", - "tcp.port": "47431", - "tcp.port": "80", - "tcp.stream": "70", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00001db4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:11.283622000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494051.283622000", - "frame.time_delta": "0.078167000", - "frame.time_delta_displayed": "0.078167000", - "frame.time_relative": "459.822936000", - "frame.number": "1558", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "60:f1:89:96:45:f6", - "arp.src.proto_ipv4": "192.168.0.86", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:12.115322000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494052.115322000", - "frame.time_delta": "0.831700000", - "frame.time_delta_displayed": "0.831700000", - "frame.time_relative": "460.654636000", - "frame.number": "1559", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00009541", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00002220", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "58", - "http.prev_response_in": "1545" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:12.132119000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494052.132119000", - "frame.time_delta": "0.016797000", - "frame.time_delta_displayed": "0.016797000", - "frame.time_relative": "460.671433000", - "frame.number": "1560", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x00002b2a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008d4b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47432", - "tcp.dstport": "80", - "tcp.port": "47432", - "tcp.port": "80", - "tcp.stream": "71", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x00005c40", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:07:65:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 919397, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "919397", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:12.132627000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494052.132627000", - "frame.time_delta": "0.000508000", - "frame.time_delta_displayed": "0.000508000", - "frame.time_relative": "460.671941000", - "frame.number": "1561", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47432", - "tcp.port": "80", - "tcp.port": "47432", - "tcp.stream": "71", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000c04e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "1560", - "tcp.analysis.ack_rtt": "0.000508000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:12.135762000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494052.135762000", - "frame.time_delta": "0.003135000", - "frame.time_delta_displayed": "0.003135000", - "frame.time_relative": "460.675076000", - "frame.number": "1562", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002b2b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008d5e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47432", - "tcp.dstport": "80", - "tcp.port": "47432", - "tcp.port": "80", - "tcp.stream": "71", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000071d6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1561", - "tcp.analysis.ack_rtt": "0.003135000", - "tcp.analysis.initial_rtt": "0.003643000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:12.135893000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494052.135893000", - "frame.time_delta": "0.000131000", - "frame.time_delta_displayed": "0.000131000", - "frame.time_relative": "460.675207000", - "frame.number": "1563", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x00002b2c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008c9d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47432", - "tcp.dstport": "80", - "tcp.port": "47432", - "tcp.port": "80", - "tcp.stream": "71", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000d150", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003643000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:12.136318000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494052.136318000", - "frame.time_delta": "0.000425000", - "frame.time_delta_displayed": "0.000425000", - "frame.time_relative": "460.675632000", - "frame.number": "1564", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000a3a5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000014e4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47432", - "tcp.port": "80", - "tcp.port": "47432", - "tcp.stream": "71", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000063a5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1563", - "tcp.analysis.ack_rtt": "0.000425000", - "tcp.analysis.initial_rtt": "0.003643000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:12.137064000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494052.137064000", - "frame.time_delta": "0.000746000", - "frame.time_delta_displayed": "0.000746000", - "frame.time_relative": "460.676378000", - "frame.number": "1565", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000a3a6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000014d2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47432", - "tcp.port": "80", - "tcp.port": "47432", - "tcp.stream": "71", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000a3c6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003643000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:12.137420000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494052.137420000", - "frame.time_delta": "0.000356000", - "frame.time_delta_displayed": "0.000356000", - "frame.time_relative": "460.676734000", - "frame.number": "1566", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000a3a7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000010ff", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47432", - "tcp.port": "80", - "tcp.port": "47432", - "tcp.stream": "71", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000f62f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003643000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "1565", - "tcp.segment": "1566", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001527000", - "http.request_in": "1563", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:12.140784000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494052.140784000", - "frame.time_delta": "0.003364000", - "frame.time_delta_displayed": "0.003364000", - "frame.time_relative": "460.680098000", - "frame.number": "1567", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000a3a8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000010fe", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47432", - "tcp.port": "80", - "tcp.port": "47432", - "tcp.stream": "71", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000f62f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003643000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.out_of_order": "", - "_ws.expert.message": "This frame is a (suspected) out-of-order segment", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - } - } - }, - "_ws.malformed": { - "_ws.expert": { - "_ws.malformed.reassembly": "", - "_ws.expert.message": "New fragment overlaps old data (retransmission?)", - "_ws.expert.severity": "8388608", - "_ws.expert.group": "117440512" - }, - "_ws.malformed": "Malformed Packet" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:12.141035000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494052.141035000", - "frame.time_delta": "0.000251000", - "frame.time_delta_displayed": "0.000251000", - "frame.time_relative": "460.680349000", - "frame.number": "1568", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002b2d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008d5c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47432", - "tcp.dstport": "80", - "tcp.port": "47432", - "tcp.port": "80", - "tcp.stream": "71", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00007105", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1565", - "tcp.analysis.ack_rtt": "0.003971000", - "tcp.analysis.initial_rtt": "0.003643000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:12.143877000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494052.143877000", - "frame.time_delta": "0.002842000", - "frame.time_delta_displayed": "0.002842000", - "frame.time_relative": "460.683191000", - "frame.number": "1569", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002b2e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008d5b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47432", - "tcp.dstport": "80", - "tcp.port": "47432", - "tcp.port": "80", - "tcp.stream": "71", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00006d1a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1566", - "tcp.analysis.ack_rtt": "0.006457000", - "tcp.analysis.initial_rtt": "0.003643000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:12.143920000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494052.143920000", - "frame.time_delta": "0.000043000", - "frame.time_delta_displayed": "0.000043000", - "frame.time_relative": "460.683234000", - "frame.number": "1570", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002b2f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008d4e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47432", - "tcp.dstport": "80", - "tcp.port": "47432", - "tcp.port": "80", - "tcp.stream": "71", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00008248", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:05:0a:d3:53:85:17:d3:53:88:fb", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "SACK: 18-1014": { - "tcp.option_kind": "5", - "tcp.option_len": "10", - "tcp.options.sack": "1", - "tcp.options.sack_le": "18", - "tcp.options.sack_re": "1014", - "tcp.options.sack.count": "1" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003643000", - "tcp.analysis.flags": { - "tcp.analysis.duplicate_ack": "" - }, - "tcp.analysis.duplicate_ack_num": "1", - "tcp.analysis.duplicate_ack_frame": "1569", - "tcp.analysis.duplicate_ack_frame_tree": { - "_ws.expert": { - "tcp.analysis.duplicate_ack": "", - "_ws.expert.message": "Duplicate ACK (#1)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:12.144576000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494052.144576000", - "frame.time_delta": "0.000656000", - "frame.time_delta_displayed": "0.000656000", - "frame.time_relative": "460.683890000", - "frame.number": "1571", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002b30", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008d59", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47432", - "tcp.dstport": "80", - "tcp.port": "47432", - "tcp.port": "80", - "tcp.stream": "71", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00006d19", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:12.145006000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494052.145006000", - "frame.time_delta": "0.000430000", - "frame.time_delta_displayed": "0.000430000", - "frame.time_relative": "460.684320000", - "frame.number": "1572", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d945", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000df43", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47432", - "tcp.port": "80", - "tcp.port": "47432", - "tcp.stream": "71", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00005faf", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1571", - "tcp.analysis.ack_rtt": "0.000430000", - "tcp.analysis.initial_rtt": "0.003643000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:12.147969000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494052.147969000", - "frame.time_delta": "0.002963000", - "frame.time_delta_displayed": "0.002963000", - "frame.time_relative": "460.687283000", - "frame.number": "1573", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e98d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000cefb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47432", - "tcp.dstport": "80", - "tcp.port": "47432", - "tcp.port": "80", - "tcp.stream": "71", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000cad2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:12.169330000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494052.169330000", - "frame.time_delta": "0.021361000", - "frame.time_delta_displayed": "0.021361000", - "frame.time_relative": "460.708644000", - "frame.number": "1574", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00009546", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00002212", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "59", - "http.prev_response_in": "1559" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:12.174575000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494052.174575000", - "frame.time_delta": "0.005245000", - "frame.time_delta_displayed": "0.005245000", - "frame.time_relative": "460.713889000", - "frame.number": "1575", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x0000b88a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ffea", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47433", - "tcp.dstport": "80", - "tcp.port": "47433", - "tcp.port": "80", - "tcp.stream": "72", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x00006233", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:07:6a:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 919402, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "919402", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:12.175148000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494052.175148000", - "frame.time_delta": "0.000573000", - "frame.time_delta_displayed": "0.000573000", - "frame.time_relative": "460.714462000", - "frame.number": "1576", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47433", - "tcp.port": "80", - "tcp.port": "47433", - "tcp.stream": "72", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000db9f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "1575", - "tcp.analysis.ack_rtt": "0.000573000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:12.177856000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494052.177856000", - "frame.time_delta": "0.002708000", - "frame.time_delta_displayed": "0.002708000", - "frame.time_relative": "460.717170000", - "frame.number": "1577", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000b88b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000fffd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47433", - "tcp.dstport": "80", - "tcp.port": "47433", - "tcp.port": "80", - "tcp.stream": "72", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00008d27", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1576", - "tcp.analysis.ack_rtt": "0.002708000", - "tcp.analysis.initial_rtt": "0.003281000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:12.177901000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494052.177901000", - "frame.time_delta": "0.000045000", - "frame.time_delta_displayed": "0.000045000", - "frame.time_relative": "460.717215000", - "frame.number": "1578", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x0000b88c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ff3c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47433", - "tcp.dstport": "80", - "tcp.port": "47433", - "tcp.port": "80", - "tcp.stream": "72", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000eca1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003281000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:12.178387000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494052.178387000", - "frame.time_delta": "0.000486000", - "frame.time_delta_displayed": "0.000486000", - "frame.time_relative": "460.717701000", - "frame.number": "1579", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002e41", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008a48", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47433", - "tcp.port": "80", - "tcp.port": "47433", - "tcp.stream": "72", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00007ef6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1578", - "tcp.analysis.ack_rtt": "0.000486000", - "tcp.analysis.initial_rtt": "0.003281000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:12.179075000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494052.179075000", - "frame.time_delta": "0.000688000", - "frame.time_delta_displayed": "0.000688000", - "frame.time_relative": "460.718389000", - "frame.number": "1580", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00002e42", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008a36", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47433", - "tcp.port": "80", - "tcp.port": "47433", - "tcp.stream": "72", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000bf17", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003281000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:12.179517000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494052.179517000", - "frame.time_delta": "0.000442000", - "frame.time_delta_displayed": "0.000442000", - "frame.time_relative": "460.718831000", - "frame.number": "1581", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00002e43", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008663", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47433", - "tcp.port": "80", - "tcp.port": "47433", - "tcp.stream": "72", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00001181", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003281000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "1580", - "tcp.segment": "1581", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001616000", - "http.request_in": "1578", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:12.180773000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494052.180773000", - "frame.time_delta": "0.001256000", - "frame.time_delta_displayed": "0.001256000", - "frame.time_relative": "460.720087000", - "frame.number": "1582", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00002e44", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008662", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47433", - "tcp.port": "80", - "tcp.port": "47433", - "tcp.stream": "72", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00001181", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003281000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.out_of_order": "", - "_ws.expert.message": "This frame is a (suspected) out-of-order segment", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - } - } - }, - "_ws.malformed": { - "_ws.expert": { - "_ws.malformed.reassembly": "", - "_ws.expert.message": "New fragment overlaps old data (retransmission?)", - "_ws.expert.severity": "8388608", - "_ws.expert.group": "117440512" - }, - "_ws.malformed": "Malformed Packet" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:12.181623000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494052.181623000", - "frame.time_delta": "0.000850000", - "frame.time_delta_displayed": "0.000850000", - "frame.time_relative": "460.720937000", - "frame.number": "1583", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000b88d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000fffb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47433", - "tcp.dstport": "80", - "tcp.port": "47433", - "tcp.port": "80", - "tcp.stream": "72", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00008c56", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1580", - "tcp.analysis.ack_rtt": "0.002548000", - "tcp.analysis.initial_rtt": "0.003281000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:12.181760000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494052.181760000", - "frame.time_delta": "0.000137000", - "frame.time_delta_displayed": "0.000137000", - "frame.time_relative": "460.721074000", - "frame.number": "1584", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000b88e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000fffa", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47433", - "tcp.dstport": "80", - "tcp.port": "47433", - "tcp.port": "80", - "tcp.stream": "72", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000886b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1581", - "tcp.analysis.ack_rtt": "0.002243000", - "tcp.analysis.initial_rtt": "0.003281000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:12.182241000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494052.182241000", - "frame.time_delta": "0.000481000", - "frame.time_delta_displayed": "0.000481000", - "frame.time_relative": "460.721555000", - "frame.number": "1585", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000b88f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000fff9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47433", - "tcp.dstport": "80", - "tcp.port": "47433", - "tcp.port": "80", - "tcp.stream": "72", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000886a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:12.182671000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494052.182671000", - "frame.time_delta": "0.000430000", - "frame.time_delta_displayed": "0.000430000", - "frame.time_relative": "460.721985000", - "frame.number": "1586", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d949", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000df3f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47433", - "tcp.port": "80", - "tcp.port": "47433", - "tcp.stream": "72", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00007b00", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1585", - "tcp.analysis.ack_rtt": "0.000430000", - "tcp.analysis.initial_rtt": "0.003281000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:12.184468000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494052.184468000", - "frame.time_delta": "0.001797000", - "frame.time_delta_displayed": "0.001797000", - "frame.time_relative": "460.723782000", - "frame.number": "1587", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e98f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000cef9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47433", - "tcp.dstport": "80", - "tcp.port": "47433", - "tcp.port": "80", - "tcp.stream": "72", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000d0cb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:12.184593000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494052.184593000", - "frame.time_delta": "0.000125000", - "frame.time_delta_displayed": "0.000125000", - "frame.time_relative": "460.723907000", - "frame.number": "1588", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e990", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000cef8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47433", - "tcp.dstport": "80", - "tcp.port": "47433", - "tcp.port": "80", - "tcp.stream": "72", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000d0ca", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:12.222223000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494052.222223000", - "frame.time_delta": "0.037630000", - "frame.time_delta_displayed": "0.037630000", - "frame.time_relative": "460.761537000", - "frame.number": "1589", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000954b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00002213", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "60", - "http.prev_response_in": "1574" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:12.229612000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494052.229612000", - "frame.time_delta": "0.007389000", - "frame.time_delta_displayed": "0.007389000", - "frame.time_relative": "460.768926000", - "frame.number": "1590", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x000022ab", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000095ca", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47434", - "tcp.dstport": "80", - "tcp.port": "47434", - "tcp.port": "80", - "tcp.stream": "73", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x00000edb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:07:6f:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 919407, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "919407", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:12.230263000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494052.230263000", - "frame.time_delta": "0.000651000", - "frame.time_delta_displayed": "0.000651000", - "frame.time_relative": "460.769577000", - "frame.number": "1591", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47434", - "tcp.port": "80", - "tcp.port": "47434", - "tcp.stream": "73", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00006107", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "1590", - "tcp.analysis.ack_rtt": "0.000651000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:12.234576000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494052.234576000", - "frame.time_delta": "0.004313000", - "frame.time_delta_displayed": "0.004313000", - "frame.time_relative": "460.773890000", - "frame.number": "1592", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000022ac", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000095dd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47434", - "tcp.dstport": "80", - "tcp.port": "47434", - "tcp.port": "80", - "tcp.stream": "73", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000128f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1591", - "tcp.analysis.ack_rtt": "0.004313000", - "tcp.analysis.initial_rtt": "0.004964000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:12.235278000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494052.235278000", - "frame.time_delta": "0.000702000", - "frame.time_delta_displayed": "0.000702000", - "frame.time_relative": "460.774592000", - "frame.number": "1593", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x000022ad", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000951c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47434", - "tcp.dstport": "80", - "tcp.port": "47434", - "tcp.port": "80", - "tcp.stream": "73", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00007209", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004964000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:12.235750000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494052.235750000", - "frame.time_delta": "0.000472000", - "frame.time_delta_displayed": "0.000472000", - "frame.time_relative": "460.775064000", - "frame.number": "1594", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00004189", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007700", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47434", - "tcp.port": "80", - "tcp.port": "47434", - "tcp.stream": "73", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000045e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1593", - "tcp.analysis.ack_rtt": "0.000472000", - "tcp.analysis.initial_rtt": "0.004964000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:12.236473000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494052.236473000", - "frame.time_delta": "0.000723000", - "frame.time_delta_displayed": "0.000723000", - "frame.time_relative": "460.775787000", - "frame.number": "1595", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000418a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000076ee", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47434", - "tcp.port": "80", - "tcp.port": "47434", - "tcp.stream": "73", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000447f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004964000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:12.236827000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494052.236827000", - "frame.time_delta": "0.000354000", - "frame.time_delta_displayed": "0.000354000", - "frame.time_relative": "460.776141000", - "frame.number": "1596", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000418b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000731b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47434", - "tcp.port": "80", - "tcp.port": "47434", - "tcp.stream": "73", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000096e8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004964000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "1595", - "tcp.segment": "1596", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001549000", - "http.request_in": "1593", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:12.240381000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494052.240381000", - "frame.time_delta": "0.003554000", - "frame.time_delta_displayed": "0.003554000", - "frame.time_relative": "460.779695000", - "frame.number": "1597", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000022ae", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000095db", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47434", - "tcp.dstport": "80", - "tcp.port": "47434", - "tcp.port": "80", - "tcp.stream": "73", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000011be", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1595", - "tcp.analysis.ack_rtt": "0.003908000", - "tcp.analysis.initial_rtt": "0.004964000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:12.240442000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494052.240442000", - "frame.time_delta": "0.000061000", - "frame.time_delta_displayed": "0.000061000", - "frame.time_relative": "460.779756000", - "frame.number": "1598", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000022af", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000095da", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47434", - "tcp.dstport": "80", - "tcp.port": "47434", - "tcp.port": "80", - "tcp.stream": "73", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00000dd3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1596", - "tcp.analysis.ack_rtt": "0.003615000", - "tcp.analysis.initial_rtt": "0.004964000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:12.241073000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494052.241073000", - "frame.time_delta": "0.000631000", - "frame.time_delta_displayed": "0.000631000", - "frame.time_relative": "460.780387000", - "frame.number": "1599", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000022b0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000095d9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47434", - "tcp.dstport": "80", - "tcp.port": "47434", - "tcp.port": "80", - "tcp.stream": "73", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00000dd2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:12.241496000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494052.241496000", - "frame.time_delta": "0.000423000", - "frame.time_delta_displayed": "0.000423000", - "frame.time_relative": "460.780810000", - "frame.number": "1600", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d94a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000df3e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47434", - "tcp.port": "80", - "tcp.port": "47434", - "tcp.stream": "73", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00000068", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1599", - "tcp.analysis.ack_rtt": "0.000423000", - "tcp.analysis.initial_rtt": "0.004964000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:12.245235000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494052.245235000", - "frame.time_delta": "0.003739000", - "frame.time_delta_displayed": "0.003739000", - "frame.time_relative": "460.784549000", - "frame.number": "1601", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e995", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000cef3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47434", - "tcp.dstport": "80", - "tcp.port": "47434", - "tcp.port": "80", - "tcp.stream": "73", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00007d77", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:12.485366000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494052.485366000", - "frame.time_delta": "0.240131000", - "frame.time_delta_displayed": "0.240131000", - "frame.time_relative": "461.024680000", - "frame.number": "1602", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00009559", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00002208", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "61", - "http.prev_response_in": "1589" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:12.538208000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494052.538208000", - "frame.time_delta": "0.052842000", - "frame.time_delta_displayed": "0.052842000", - "frame.time_relative": "461.077522000", - "frame.number": "1603", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000955d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000021fb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "62", - "http.prev_response_in": "1602" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:12.546732000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494052.546732000", - "frame.time_delta": "0.008524000", - "frame.time_delta_displayed": "0.008524000", - "frame.time_relative": "461.086046000", - "frame.number": "1604", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x00000675", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b200", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47435", - "tcp.dstport": "80", - "tcp.port": "47435", - "tcp.port": "80", - "tcp.stream": "74", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x000026aa", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:07:8f:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 919439, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "919439", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:12.547278000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494052.547278000", - "frame.time_delta": "0.000546000", - "frame.time_delta_displayed": "0.000546000", - "frame.time_relative": "461.086592000", - "frame.number": "1605", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47435", - "tcp.port": "80", - "tcp.port": "47435", - "tcp.stream": "74", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00000a95", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "1604", - "tcp.analysis.ack_rtt": "0.000546000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:12.550583000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494052.550583000", - "frame.time_delta": "0.003305000", - "frame.time_delta_displayed": "0.003305000", - "frame.time_relative": "461.089897000", - "frame.number": "1606", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000676", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b213", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47435", - "tcp.dstport": "80", - "tcp.port": "47435", - "tcp.port": "80", - "tcp.stream": "74", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000bc1c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1605", - "tcp.analysis.ack_rtt": "0.003305000", - "tcp.analysis.initial_rtt": "0.003851000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:12.560914000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494052.560914000", - "frame.time_delta": "0.010331000", - "frame.time_delta_displayed": "0.010331000", - "frame.time_relative": "461.100228000", - "frame.number": "1607", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x00000677", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b152", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47435", - "tcp.dstport": "80", - "tcp.port": "47435", - "tcp.port": "80", - "tcp.stream": "74", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00001b97", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003851000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:12.561426000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494052.561426000", - "frame.time_delta": "0.000512000", - "frame.time_delta_displayed": "0.000512000", - "frame.time_relative": "461.100740000", - "frame.number": "1608", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002cf3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008b96", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47435", - "tcp.port": "80", - "tcp.port": "47435", - "tcp.stream": "74", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000adeb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1607", - "tcp.analysis.ack_rtt": "0.000512000", - "tcp.analysis.initial_rtt": "0.003851000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:12.562084000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494052.562084000", - "frame.time_delta": "0.000658000", - "frame.time_delta_displayed": "0.000658000", - "frame.time_relative": "461.101398000", - "frame.number": "1609", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00002cf4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008b84", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47435", - "tcp.port": "80", - "tcp.port": "47435", - "tcp.stream": "74", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000ee0c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003851000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:12.562434000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494052.562434000", - "frame.time_delta": "0.000350000", - "frame.time_delta_displayed": "0.000350000", - "frame.time_relative": "461.101748000", - "frame.number": "1610", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00002cf5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000087b1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47435", - "tcp.port": "80", - "tcp.port": "47435", - "tcp.stream": "74", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00004076", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003851000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "1609", - "tcp.segment": "1610", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001520000", - "http.request_in": "1607", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:12.564627000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494052.564627000", - "frame.time_delta": "0.002193000", - "frame.time_delta_displayed": "0.002193000", - "frame.time_relative": "461.103941000", - "frame.number": "1611", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000678", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b211", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47435", - "tcp.dstport": "80", - "tcp.port": "47435", - "tcp.port": "80", - "tcp.stream": "74", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000bb4b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1609", - "tcp.analysis.ack_rtt": "0.002543000", - "tcp.analysis.initial_rtt": "0.003851000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:12.567172000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494052.567172000", - "frame.time_delta": "0.002545000", - "frame.time_delta_displayed": "0.002545000", - "frame.time_relative": "461.106486000", - "frame.number": "1612", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000679", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b210", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47435", - "tcp.dstport": "80", - "tcp.port": "47435", - "tcp.port": "80", - "tcp.stream": "74", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000b760", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1610", - "tcp.analysis.ack_rtt": "0.004738000", - "tcp.analysis.initial_rtt": "0.003851000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:12.568354000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494052.568354000", - "frame.time_delta": "0.001182000", - "frame.time_delta_displayed": "0.001182000", - "frame.time_relative": "461.107668000", - "frame.number": "1613", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000067a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b20f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47435", - "tcp.dstport": "80", - "tcp.port": "47435", - "tcp.port": "80", - "tcp.stream": "74", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000b75f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:12.568792000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494052.568792000", - "frame.time_delta": "0.000438000", - "frame.time_delta_displayed": "0.000438000", - "frame.time_relative": "461.108106000", - "frame.number": "1614", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d952", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000df36", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47435", - "tcp.port": "80", - "tcp.port": "47435", - "tcp.stream": "74", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000a9f5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1613", - "tcp.analysis.ack_rtt": "0.000438000", - "tcp.analysis.initial_rtt": "0.003851000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:12.572948000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494052.572948000", - "frame.time_delta": "0.004156000", - "frame.time_delta_displayed": "0.004156000", - "frame.time_relative": "461.112262000", - "frame.number": "1615", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e9aa", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000cede", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47435", - "tcp.dstport": "80", - "tcp.port": "47435", - "tcp.port": "80", - "tcp.stream": "74", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00009566", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:12.591225000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494052.591225000", - "frame.time_delta": "0.018277000", - "frame.time_delta_displayed": "0.018277000", - "frame.time_relative": "461.130539000", - "frame.number": "1616", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000955e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00002200", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "63", - "http.prev_response_in": "1603" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:12.598262000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494052.598262000", - "frame.time_delta": "0.007037000", - "frame.time_delta_displayed": "0.007037000", - "frame.time_relative": "461.137576000", - "frame.number": "1617", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x0000fad5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000bd9f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47436", - "tcp.dstport": "80", - "tcp.port": "47436", - "tcp.port": "80", - "tcp.stream": "75", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x0000a6b9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:07:94:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 919444, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "919444", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:12.598823000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494052.598823000", - "frame.time_delta": "0.000561000", - "frame.time_delta_displayed": "0.000561000", - "frame.time_relative": "461.138137000", - "frame.number": "1618", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47436", - "tcp.port": "80", - "tcp.port": "47436", - "tcp.stream": "75", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00006beb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "1617", - "tcp.analysis.ack_rtt": "0.000561000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:12.602462000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494052.602462000", - "frame.time_delta": "0.003639000", - "frame.time_delta_displayed": "0.003639000", - "frame.time_relative": "461.141776000", - "frame.number": "1619", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000fad6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000bdb2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47436", - "tcp.dstport": "80", - "tcp.port": "47436", - "tcp.port": "80", - "tcp.stream": "75", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00001d73", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1618", - "tcp.analysis.ack_rtt": "0.003639000", - "tcp.analysis.initial_rtt": "0.004200000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:12.602595000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494052.602595000", - "frame.time_delta": "0.000133000", - "frame.time_delta_displayed": "0.000133000", - "frame.time_relative": "461.141909000", - "frame.number": "1620", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x0000fad7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000bcf1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47436", - "tcp.dstport": "80", - "tcp.port": "47436", - "tcp.port": "80", - "tcp.stream": "75", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00007ced", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004200000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:12.603048000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494052.603048000", - "frame.time_delta": "0.000453000", - "frame.time_delta_displayed": "0.000453000", - "frame.time_relative": "461.142362000", - "frame.number": "1621", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d3e6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e4a2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47436", - "tcp.port": "80", - "tcp.port": "47436", - "tcp.stream": "75", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00000f42", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1620", - "tcp.analysis.ack_rtt": "0.000453000", - "tcp.analysis.initial_rtt": "0.004200000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:12.603842000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494052.603842000", - "frame.time_delta": "0.000794000", - "frame.time_delta_displayed": "0.000794000", - "frame.time_relative": "461.143156000", - "frame.number": "1622", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000d3e7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e490", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47436", - "tcp.port": "80", - "tcp.port": "47436", - "tcp.stream": "75", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00004f63", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004200000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:12.604199000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494052.604199000", - "frame.time_delta": "0.000357000", - "frame.time_delta_displayed": "0.000357000", - "frame.time_relative": "461.143513000", - "frame.number": "1623", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000d3e8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e0bd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47436", - "tcp.port": "80", - "tcp.port": "47436", - "tcp.stream": "75", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000a1cc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004200000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "1622", - "tcp.segment": "1623", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001604000", - "http.request_in": "1620", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:12.608573000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494052.608573000", - "frame.time_delta": "0.004374000", - "frame.time_delta_displayed": "0.004374000", - "frame.time_relative": "461.147887000", - "frame.number": "1624", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000fad8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000bdb0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47436", - "tcp.dstport": "80", - "tcp.port": "47436", - "tcp.port": "80", - "tcp.stream": "75", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00001ca2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1622", - "tcp.analysis.ack_rtt": "0.004731000", - "tcp.analysis.initial_rtt": "0.004200000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:12.608616000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494052.608616000", - "frame.time_delta": "0.000043000", - "frame.time_delta_displayed": "0.000043000", - "frame.time_relative": "461.147930000", - "frame.number": "1625", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000fad9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000bdaf", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47436", - "tcp.dstport": "80", - "tcp.port": "47436", - "tcp.port": "80", - "tcp.stream": "75", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000018b7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1623", - "tcp.analysis.ack_rtt": "0.004417000", - "tcp.analysis.initial_rtt": "0.004200000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:12.610068000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494052.610068000", - "frame.time_delta": "0.001452000", - "frame.time_delta_displayed": "0.001452000", - "frame.time_relative": "461.149382000", - "frame.number": "1626", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000fada", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000bdae", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47436", - "tcp.dstport": "80", - "tcp.port": "47436", - "tcp.port": "80", - "tcp.stream": "75", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000018b6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:12.610596000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494052.610596000", - "frame.time_delta": "0.000528000", - "frame.time_delta_displayed": "0.000528000", - "frame.time_relative": "461.149910000", - "frame.number": "1627", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d953", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000df35", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47436", - "tcp.port": "80", - "tcp.port": "47436", - "tcp.stream": "75", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00000b4c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1626", - "tcp.analysis.ack_rtt": "0.000528000", - "tcp.analysis.initial_rtt": "0.004200000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:12.613744000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494052.613744000", - "frame.time_delta": "0.003148000", - "frame.time_delta_displayed": "0.003148000", - "frame.time_relative": "461.153058000", - "frame.number": "1628", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e9ad", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000cedb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47436", - "tcp.dstport": "80", - "tcp.port": "47436", - "tcp.port": "80", - "tcp.stream": "75", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000157b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:13.537640000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494053.537640000", - "frame.time_delta": "0.923896000", - "frame.time_delta_displayed": "0.923896000", - "frame.time_relative": "462.076954000", - "frame.number": "1629", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x000095a1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000021c0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "64", - "http.prev_response_in": "1616" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:13.573746000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494053.573746000", - "frame.time_delta": "0.036106000", - "frame.time_delta_displayed": "0.036106000", - "frame.time_relative": "462.113060000", - "frame.number": "1630", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x00009477", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000023fe", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47437", - "tcp.dstport": "80", - "tcp.port": "47437", - "tcp.port": "80", - "tcp.stream": "76", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x0000b424", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:07:f6:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 919542, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "919542", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:13.574304000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494053.574304000", - "frame.time_delta": "0.000558000", - "frame.time_delta_displayed": "0.000558000", - "frame.time_relative": "462.113618000", - "frame.number": "1631", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47437", - "tcp.port": "80", - "tcp.port": "47437", - "tcp.stream": "76", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000daea", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "1630", - "tcp.analysis.ack_rtt": "0.000558000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:13.579219000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494053.579219000", - "frame.time_delta": "0.004915000", - "frame.time_delta_displayed": "0.004915000", - "frame.time_relative": "462.118533000", - "frame.number": "1632", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00009478", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00002411", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47437", - "tcp.dstport": "80", - "tcp.port": "47437", - "tcp.port": "80", - "tcp.stream": "76", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00008c72", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1631", - "tcp.analysis.ack_rtt": "0.004915000", - "tcp.analysis.initial_rtt": "0.005473000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:13.580000000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494053.580000000", - "frame.time_delta": "0.000781000", - "frame.time_delta_displayed": "0.000781000", - "frame.time_relative": "462.119314000", - "frame.number": "1633", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x00009479", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00002350", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47437", - "tcp.dstport": "80", - "tcp.port": "47437", - "tcp.port": "80", - "tcp.stream": "76", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000ebec", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005473000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:13.580501000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494053.580501000", - "frame.time_delta": "0.000501000", - "frame.time_delta_displayed": "0.000501000", - "frame.time_relative": "462.119815000", - "frame.number": "1634", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00003a58", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007e31", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47437", - "tcp.port": "80", - "tcp.port": "47437", - "tcp.stream": "76", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00007e41", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1633", - "tcp.analysis.ack_rtt": "0.000501000", - "tcp.analysis.initial_rtt": "0.005473000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:13.581207000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494053.581207000", - "frame.time_delta": "0.000706000", - "frame.time_delta_displayed": "0.000706000", - "frame.time_relative": "462.120521000", - "frame.number": "1635", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00003a59", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007e1f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47437", - "tcp.port": "80", - "tcp.port": "47437", - "tcp.stream": "76", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000be62", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005473000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:13.581563000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494053.581563000", - "frame.time_delta": "0.000356000", - "frame.time_delta_displayed": "0.000356000", - "frame.time_relative": "462.120877000", - "frame.number": "1636", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00003a5a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007a4c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47437", - "tcp.port": "80", - "tcp.port": "47437", - "tcp.stream": "76", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000010cc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005473000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "1635", - "tcp.segment": "1636", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001563000", - "http.request_in": "1633", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:13.585161000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494053.585161000", - "frame.time_delta": "0.003598000", - "frame.time_delta_displayed": "0.003598000", - "frame.time_relative": "462.124475000", - "frame.number": "1637", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000947a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000240f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47437", - "tcp.dstport": "80", - "tcp.port": "47437", - "tcp.port": "80", - "tcp.stream": "76", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00008ba1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1635", - "tcp.analysis.ack_rtt": "0.003954000", - "tcp.analysis.initial_rtt": "0.005473000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:13.585290000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494053.585290000", - "frame.time_delta": "0.000129000", - "frame.time_delta_displayed": "0.000129000", - "frame.time_relative": "462.124604000", - "frame.number": "1638", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000947b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000240e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47437", - "tcp.dstport": "80", - "tcp.port": "47437", - "tcp.port": "80", - "tcp.stream": "76", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000087b6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1636", - "tcp.analysis.ack_rtt": "0.003727000", - "tcp.analysis.initial_rtt": "0.005473000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:13.587536000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494053.587536000", - "frame.time_delta": "0.002246000", - "frame.time_delta_displayed": "0.002246000", - "frame.time_relative": "462.126850000", - "frame.number": "1639", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000947c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000240d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47437", - "tcp.dstport": "80", - "tcp.port": "47437", - "tcp.port": "80", - "tcp.stream": "76", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000087b5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:13.588009000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494053.588009000", - "frame.time_delta": "0.000473000", - "frame.time_delta_displayed": "0.000473000", - "frame.time_relative": "462.127323000", - "frame.number": "1640", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d99a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000deee", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47437", - "tcp.port": "80", - "tcp.port": "47437", - "tcp.stream": "76", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00007a4b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1639", - "tcp.analysis.ack_rtt": "0.000473000", - "tcp.analysis.initial_rtt": "0.005473000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:13.590668000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494053.590668000", - "frame.time_delta": "0.002659000", - "frame.time_delta_displayed": "0.002659000", - "frame.time_relative": "462.129982000", - "frame.number": "1641", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x000095a5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000021b3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "65", - "http.prev_response_in": "1629" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:13.592635000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494053.592635000", - "frame.time_delta": "0.001967000", - "frame.time_delta_displayed": "0.001967000", - "frame.time_relative": "462.131949000", - "frame.number": "1642", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e9bc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000cecc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47437", - "tcp.dstport": "80", - "tcp.port": "47437", - "tcp.port": "80", - "tcp.stream": "76", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00002348", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:13.602244000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494053.602244000", - "frame.time_delta": "0.009609000", - "frame.time_delta_displayed": "0.009609000", - "frame.time_relative": "462.141558000", - "frame.number": "1643", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x0000cb14", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ed60", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47438", - "tcp.dstport": "80", - "tcp.port": "47438", - "tcp.port": "80", - "tcp.stream": "77", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x000086a0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:07:f8:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 919544, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "919544", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:13.602783000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494053.602783000", - "frame.time_delta": "0.000539000", - "frame.time_delta_displayed": "0.000539000", - "frame.time_relative": "462.142097000", - "frame.number": "1644", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47438", - "tcp.port": "80", - "tcp.port": "47438", - "tcp.stream": "77", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00008911", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "1643", - "tcp.analysis.ack_rtt": "0.000539000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:13.608145000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494053.608145000", - "frame.time_delta": "0.005362000", - "frame.time_delta_displayed": "0.005362000", - "frame.time_relative": "462.147459000", - "frame.number": "1645", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000cb15", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ed73", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47438", - "tcp.dstport": "80", - "tcp.port": "47438", - "tcp.port": "80", - "tcp.stream": "77", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00003a99", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1644", - "tcp.analysis.ack_rtt": "0.005362000", - "tcp.analysis.initial_rtt": "0.005901000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:13.608562000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494053.608562000", - "frame.time_delta": "0.000417000", - "frame.time_delta_displayed": "0.000417000", - "frame.time_relative": "462.147876000", - "frame.number": "1646", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x0000cb16", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ecb2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47438", - "tcp.dstport": "80", - "tcp.port": "47438", - "tcp.port": "80", - "tcp.stream": "77", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00009a13", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005901000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:13.609036000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494053.609036000", - "frame.time_delta": "0.000474000", - "frame.time_delta_displayed": "0.000474000", - "frame.time_relative": "462.148350000", - "frame.number": "1647", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00009bb6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001cd3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47438", - "tcp.port": "80", - "tcp.port": "47438", - "tcp.stream": "77", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00002c68", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1646", - "tcp.analysis.ack_rtt": "0.000474000", - "tcp.analysis.initial_rtt": "0.005901000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:13.609678000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494053.609678000", - "frame.time_delta": "0.000642000", - "frame.time_delta_displayed": "0.000642000", - "frame.time_relative": "462.148992000", - "frame.number": "1648", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00009bb7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001cc1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47438", - "tcp.port": "80", - "tcp.port": "47438", - "tcp.stream": "77", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00006c89", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005901000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:13.610054000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494053.610054000", - "frame.time_delta": "0.000376000", - "frame.time_delta_displayed": "0.000376000", - "frame.time_relative": "462.149368000", - "frame.number": "1649", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00009bb8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000018ee", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47438", - "tcp.port": "80", - "tcp.port": "47438", - "tcp.stream": "77", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000bef2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005901000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "1648", - "tcp.segment": "1649", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001492000", - "http.request_in": "1646", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:13.610769000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494053.610769000", - "frame.time_delta": "0.000715000", - "frame.time_delta_displayed": "0.000715000", - "frame.time_relative": "462.150083000", - "frame.number": "1650", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00009bb9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000018ed", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47438", - "tcp.port": "80", - "tcp.port": "47438", - "tcp.stream": "77", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000bef2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005901000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.out_of_order": "", - "_ws.expert.message": "This frame is a (suspected) out-of-order segment", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - } - } - }, - "_ws.malformed": { - "_ws.expert": { - "_ws.malformed.reassembly": "", - "_ws.expert.message": "New fragment overlaps old data (retransmission?)", - "_ws.expert.severity": "8388608", - "_ws.expert.group": "117440512" - }, - "_ws.malformed": "Malformed Packet" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:13.615083000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494053.615083000", - "frame.time_delta": "0.004314000", - "frame.time_delta_displayed": "0.004314000", - "frame.time_relative": "462.154397000", - "frame.number": "1651", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000cb17", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ed71", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47438", - "tcp.dstport": "80", - "tcp.port": "47438", - "tcp.port": "80", - "tcp.stream": "77", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000039c8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1648", - "tcp.analysis.ack_rtt": "0.005405000", - "tcp.analysis.initial_rtt": "0.005901000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:13.615194000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494053.615194000", - "frame.time_delta": "0.000111000", - "frame.time_delta_displayed": "0.000111000", - "frame.time_relative": "462.154508000", - "frame.number": "1652", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000cb18", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ed70", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47438", - "tcp.dstport": "80", - "tcp.port": "47438", - "tcp.port": "80", - "tcp.stream": "77", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000035dd", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1649", - "tcp.analysis.ack_rtt": "0.005140000", - "tcp.analysis.initial_rtt": "0.005901000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:13.615726000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494053.615726000", - "frame.time_delta": "0.000532000", - "frame.time_delta_displayed": "0.000532000", - "frame.time_relative": "462.155040000", - "frame.number": "1653", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000cb19", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ed63", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47438", - "tcp.dstport": "80", - "tcp.port": "47438", - "tcp.port": "80", - "tcp.stream": "77", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000086aa", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:05:0a:fe:09:bc:91:fe:09:c0:75", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "SACK: 18-1014": { - "tcp.option_kind": "5", - "tcp.option_len": "10", - "tcp.options.sack": "1", - "tcp.options.sack_le": "18", - "tcp.options.sack_re": "1014", - "tcp.options.sack.count": "1" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005901000", - "tcp.analysis.flags": { - "tcp.analysis.duplicate_ack": "" - }, - "tcp.analysis.duplicate_ack_num": "1", - "tcp.analysis.duplicate_ack_frame": "1652", - "tcp.analysis.duplicate_ack_frame_tree": { - "_ws.expert": { - "tcp.analysis.duplicate_ack": "", - "_ws.expert.message": "Duplicate ACK (#1)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:13.617662000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494053.617662000", - "frame.time_delta": "0.001936000", - "frame.time_delta_displayed": "0.001936000", - "frame.time_relative": "462.156976000", - "frame.number": "1654", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000cb1a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ed6e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47438", - "tcp.dstport": "80", - "tcp.port": "47438", - "tcp.port": "80", - "tcp.stream": "77", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000035dc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:13.618091000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494053.618091000", - "frame.time_delta": "0.000429000", - "frame.time_delta_displayed": "0.000429000", - "frame.time_relative": "462.157405000", - "frame.number": "1655", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d99d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000deeb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47438", - "tcp.port": "80", - "tcp.port": "47438", - "tcp.stream": "77", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00002872", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1654", - "tcp.analysis.ack_rtt": "0.000429000", - "tcp.analysis.initial_rtt": "0.005901000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:13.623116000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494053.623116000", - "frame.time_delta": "0.005025000", - "frame.time_delta_displayed": "0.005025000", - "frame.time_relative": "462.162430000", - "frame.number": "1656", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e9bd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000cecb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47438", - "tcp.dstport": "80", - "tcp.port": "47438", - "tcp.port": "80", - "tcp.stream": "77", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000f5c5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:13.643556000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494053.643556000", - "frame.time_delta": "0.020440000", - "frame.time_delta_displayed": "0.020440000", - "frame.time_relative": "462.182870000", - "frame.number": "1657", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x000095a6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000021b8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "66", - "http.prev_response_in": "1641" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:13.663477000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494053.663477000", - "frame.time_delta": "0.019921000", - "frame.time_delta_displayed": "0.019921000", - "frame.time_relative": "462.202791000", - "frame.number": "1658", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x00009eed", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001988", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47439", - "tcp.dstport": "80", - "tcp.port": "47439", - "tcp.port": "80", - "tcp.stream": "78", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x0000aa6b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:07:ff:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 919551, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "919551", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:13.664023000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494053.664023000", - "frame.time_delta": "0.000546000", - "frame.time_delta_displayed": "0.000546000", - "frame.time_relative": "462.203337000", - "frame.number": "1659", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47439", - "tcp.port": "80", - "tcp.port": "47439", - "tcp.stream": "78", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00000fd7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "1658", - "tcp.analysis.ack_rtt": "0.000546000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:13.668516000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494053.668516000", - "frame.time_delta": "0.004493000", - "frame.time_delta_displayed": "0.004493000", - "frame.time_relative": "462.207830000", - "frame.number": "1660", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00009eee", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000199b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47439", - "tcp.dstport": "80", - "tcp.port": "47439", - "tcp.port": "80", - "tcp.stream": "78", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000c15e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1659", - "tcp.analysis.ack_rtt": "0.004493000", - "tcp.analysis.initial_rtt": "0.005039000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:13.669258000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494053.669258000", - "frame.time_delta": "0.000742000", - "frame.time_delta_displayed": "0.000742000", - "frame.time_relative": "462.208572000", - "frame.number": "1661", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x00009eef", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000018da", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47439", - "tcp.dstport": "80", - "tcp.port": "47439", - "tcp.port": "80", - "tcp.stream": "78", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000020d9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005039000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:13.669741000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494053.669741000", - "frame.time_delta": "0.000483000", - "frame.time_delta_displayed": "0.000483000", - "frame.time_relative": "462.209055000", - "frame.number": "1662", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000005a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b82f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47439", - "tcp.port": "80", - "tcp.port": "47439", - "tcp.stream": "78", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000b32d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1661", - "tcp.analysis.ack_rtt": "0.000483000", - "tcp.analysis.initial_rtt": "0.005039000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:13.670414000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494053.670414000", - "frame.time_delta": "0.000673000", - "frame.time_delta_displayed": "0.000673000", - "frame.time_relative": "462.209728000", - "frame.number": "1663", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000005b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b81d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47439", - "tcp.port": "80", - "tcp.port": "47439", - "tcp.stream": "78", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000f34e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005039000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:13.670810000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494053.670810000", - "frame.time_delta": "0.000396000", - "frame.time_delta_displayed": "0.000396000", - "frame.time_relative": "462.210124000", - "frame.number": "1664", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000005c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b44a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47439", - "tcp.port": "80", - "tcp.port": "47439", - "tcp.stream": "78", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000045b8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005039000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "1663", - "tcp.segment": "1664", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001552000", - "http.request_in": "1661", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:13.676777000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494053.676777000", - "frame.time_delta": "0.005967000", - "frame.time_delta_displayed": "0.005967000", - "frame.time_relative": "462.216091000", - "frame.number": "1665", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00009ef0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001999", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47439", - "tcp.dstport": "80", - "tcp.port": "47439", - "tcp.port": "80", - "tcp.stream": "78", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000c08d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1663", - "tcp.analysis.ack_rtt": "0.006363000", - "tcp.analysis.initial_rtt": "0.005039000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:13.676885000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494053.676885000", - "frame.time_delta": "0.000108000", - "frame.time_delta_displayed": "0.000108000", - "frame.time_relative": "462.216199000", - "frame.number": "1666", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00009ef1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001998", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47439", - "tcp.dstport": "80", - "tcp.port": "47439", - "tcp.port": "80", - "tcp.stream": "78", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000bca2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1664", - "tcp.analysis.ack_rtt": "0.006075000", - "tcp.analysis.initial_rtt": "0.005039000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:13.678075000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494053.678075000", - "frame.time_delta": "0.001190000", - "frame.time_delta_displayed": "0.001190000", - "frame.time_relative": "462.217389000", - "frame.number": "1667", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00009ef2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001997", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47439", - "tcp.dstport": "80", - "tcp.port": "47439", - "tcp.port": "80", - "tcp.stream": "78", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000bca1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:13.678521000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494053.678521000", - "frame.time_delta": "0.000446000", - "frame.time_delta_displayed": "0.000446000", - "frame.time_relative": "462.217835000", - "frame.number": "1668", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d99e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000deea", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47439", - "tcp.port": "80", - "tcp.port": "47439", - "tcp.stream": "78", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000af37", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1667", - "tcp.analysis.ack_rtt": "0.000446000", - "tcp.analysis.initial_rtt": "0.005039000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:13.683664000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494053.683664000", - "frame.time_delta": "0.005143000", - "frame.time_delta_displayed": "0.005143000", - "frame.time_relative": "462.222978000", - "frame.number": "1669", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e9c0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000cec8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47439", - "tcp.dstport": "80", - "tcp.port": "47439", - "tcp.port": "80", - "tcp.stream": "78", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00001998", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:14.328989000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494054.328989000", - "frame.time_delta": "0.645325000", - "frame.time_delta_displayed": "0.645325000", - "frame.time_relative": "462.868303000", - "frame.number": "1670", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x000095bd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000021a4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "67", - "http.prev_response_in": "1657" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:14.381778000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494054.381778000", - "frame.time_delta": "0.052789000", - "frame.time_delta_displayed": "0.052789000", - "frame.time_relative": "462.921092000", - "frame.number": "1671", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x000095bf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00002199", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "68", - "http.prev_response_in": "1670" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:14.396058000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494054.396058000", - "frame.time_delta": "0.014280000", - "frame.time_delta_displayed": "0.014280000", - "frame.time_relative": "462.935372000", - "frame.number": "1672", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x00001334", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a541", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47440", - "tcp.dstport": "80", - "tcp.port": "47440", - "tcp.port": "80", - "tcp.stream": "79", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x00000b0f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:08:48:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 919624, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "919624", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:14.396585000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494054.396585000", - "frame.time_delta": "0.000527000", - "frame.time_delta_displayed": "0.000527000", - "frame.time_relative": "462.935899000", - "frame.number": "1673", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47440", - "tcp.port": "80", - "tcp.port": "47440", - "tcp.stream": "79", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x000035de", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "1672", - "tcp.analysis.ack_rtt": "0.000527000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:14.402477000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494054.402477000", - "frame.time_delta": "0.005892000", - "frame.time_delta_displayed": "0.005892000", - "frame.time_relative": "462.941791000", - "frame.number": "1674", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001335", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a554", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47440", - "tcp.dstport": "80", - "tcp.port": "47440", - "tcp.port": "80", - "tcp.stream": "79", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000e765", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1673", - "tcp.analysis.ack_rtt": "0.005892000", - "tcp.analysis.initial_rtt": "0.006419000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:14.403234000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494054.403234000", - "frame.time_delta": "0.000757000", - "frame.time_delta_displayed": "0.000757000", - "frame.time_relative": "462.942548000", - "frame.number": "1675", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x00001336", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a493", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47440", - "tcp.dstport": "80", - "tcp.port": "47440", - "tcp.port": "80", - "tcp.stream": "79", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000046e0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.006419000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:14.403704000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494054.403704000", - "frame.time_delta": "0.000470000", - "frame.time_delta_displayed": "0.000470000", - "frame.time_relative": "462.943018000", - "frame.number": "1676", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d43c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e44c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47440", - "tcp.port": "80", - "tcp.port": "47440", - "tcp.stream": "79", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000d934", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1675", - "tcp.analysis.ack_rtt": "0.000470000", - "tcp.analysis.initial_rtt": "0.006419000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:14.404351000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494054.404351000", - "frame.time_delta": "0.000647000", - "frame.time_delta_displayed": "0.000647000", - "frame.time_relative": "462.943665000", - "frame.number": "1677", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000d43d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e43a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47440", - "tcp.port": "80", - "tcp.port": "47440", - "tcp.stream": "79", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00001956", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.006419000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:14.404700000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494054.404700000", - "frame.time_delta": "0.000349000", - "frame.time_delta_displayed": "0.000349000", - "frame.time_relative": "462.944014000", - "frame.number": "1678", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000d43e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e067", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47440", - "tcp.port": "80", - "tcp.port": "47440", - "tcp.stream": "79", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00006bbf", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.006419000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "1677", - "tcp.segment": "1678", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001466000", - "http.request_in": "1675", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:14.408851000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494054.408851000", - "frame.time_delta": "0.004151000", - "frame.time_delta_displayed": "0.004151000", - "frame.time_relative": "462.948165000", - "frame.number": "1679", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001337", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a552", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47440", - "tcp.dstport": "80", - "tcp.port": "47440", - "tcp.port": "80", - "tcp.stream": "79", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000e694", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1677", - "tcp.analysis.ack_rtt": "0.004500000", - "tcp.analysis.initial_rtt": "0.006419000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:14.434832000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494054.434832000", - "frame.time_delta": "0.025981000", - "frame.time_delta_displayed": "0.025981000", - "frame.time_relative": "462.974146000", - "frame.number": "1680", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x000095c0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000219e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "69", - "http.prev_response_in": "1671" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:14.442080000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494054.442080000", - "frame.time_delta": "0.007248000", - "frame.time_delta_displayed": "0.007248000", - "frame.time_relative": "462.981394000", - "frame.number": "1681", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001338", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a551", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47440", - "tcp.dstport": "80", - "tcp.port": "47440", - "tcp.port": "80", - "tcp.stream": "79", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000e2a9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1678", - "tcp.analysis.ack_rtt": "0.037380000", - "tcp.analysis.initial_rtt": "0.006419000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:14.443910000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494054.443910000", - "frame.time_delta": "0.001830000", - "frame.time_delta_displayed": "0.001830000", - "frame.time_relative": "462.983224000", - "frame.number": "1682", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001339", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a550", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47440", - "tcp.dstport": "80", - "tcp.port": "47440", - "tcp.port": "80", - "tcp.stream": "79", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000e2a8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:14.444360000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494054.444360000", - "frame.time_delta": "0.000450000", - "frame.time_delta_displayed": "0.000450000", - "frame.time_relative": "462.983674000", - "frame.number": "1683", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d9dc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000deac", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47440", - "tcp.port": "80", - "tcp.port": "47440", - "tcp.stream": "79", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000d53e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1682", - "tcp.analysis.ack_rtt": "0.000450000", - "tcp.analysis.initial_rtt": "0.006419000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:14.447453000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494054.447453000", - "frame.time_delta": "0.003093000", - "frame.time_delta_displayed": "0.003093000", - "frame.time_relative": "462.986767000", - "frame.number": "1684", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e9d1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ceb7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47440", - "tcp.dstport": "80", - "tcp.port": "47440", - "tcp.port": "80", - "tcp.stream": "79", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00007a84", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:14.451031000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494054.451031000", - "frame.time_delta": "0.003578000", - "frame.time_delta_displayed": "0.003578000", - "frame.time_relative": "462.990345000", - "frame.number": "1685", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x00007670", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004205", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47441", - "tcp.dstport": "80", - "tcp.port": "47441", - "tcp.port": "80", - "tcp.stream": "80", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x00007cb3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:08:4d:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 919629, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "919629", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:14.451556000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494054.451556000", - "frame.time_delta": "0.000525000", - "frame.time_delta_displayed": "0.000525000", - "frame.time_relative": "462.990870000", - "frame.number": "1686", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47441", - "tcp.port": "80", - "tcp.port": "47441", - "tcp.stream": "80", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000e844", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "1685", - "tcp.analysis.ack_rtt": "0.000525000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:14.456318000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494054.456318000", - "frame.time_delta": "0.004762000", - "frame.time_delta_displayed": "0.004762000", - "frame.time_relative": "462.995632000", - "frame.number": "1687", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00007671", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004218", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47441", - "tcp.dstport": "80", - "tcp.port": "47441", - "tcp.port": "80", - "tcp.stream": "80", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000099cc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1686", - "tcp.analysis.ack_rtt": "0.004762000", - "tcp.analysis.initial_rtt": "0.005287000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:14.457184000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494054.457184000", - "frame.time_delta": "0.000866000", - "frame.time_delta_displayed": "0.000866000", - "frame.time_relative": "462.996498000", - "frame.number": "1688", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x00007672", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004157", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47441", - "tcp.dstport": "80", - "tcp.port": "47441", - "tcp.port": "80", - "tcp.stream": "80", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000f946", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005287000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:14.457654000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494054.457654000", - "frame.time_delta": "0.000470000", - "frame.time_delta_displayed": "0.000470000", - "frame.time_relative": "462.996968000", - "frame.number": "1689", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00008b64", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00002d25", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47441", - "tcp.port": "80", - "tcp.port": "47441", - "tcp.stream": "80", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00008b9b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1688", - "tcp.analysis.ack_rtt": "0.000470000", - "tcp.analysis.initial_rtt": "0.005287000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:14.458415000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494054.458415000", - "frame.time_delta": "0.000761000", - "frame.time_delta_displayed": "0.000761000", - "frame.time_relative": "462.997729000", - "frame.number": "1690", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00008b65", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00002d13", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47441", - "tcp.port": "80", - "tcp.port": "47441", - "tcp.stream": "80", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000cbbc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005287000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:14.458775000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494054.458775000", - "frame.time_delta": "0.000360000", - "frame.time_delta_displayed": "0.000360000", - "frame.time_relative": "462.998089000", - "frame.number": "1691", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00008b66", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00002940", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47441", - "tcp.port": "80", - "tcp.port": "47441", - "tcp.stream": "80", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00001e26", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005287000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "1690", - "tcp.segment": "1691", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001591000", - "http.request_in": "1688", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:14.460782000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494054.460782000", - "frame.time_delta": "0.002007000", - "frame.time_delta_displayed": "0.002007000", - "frame.time_relative": "463.000096000", - "frame.number": "1692", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00008b67", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000293f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47441", - "tcp.port": "80", - "tcp.port": "47441", - "tcp.stream": "80", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00001e26", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005287000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.out_of_order": "", - "_ws.expert.message": "This frame is a (suspected) out-of-order segment", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - } - } - }, - "_ws.malformed": { - "_ws.expert": { - "_ws.malformed.reassembly": "", - "_ws.expert.message": "New fragment overlaps old data (retransmission?)", - "_ws.expert.severity": "8388608", - "_ws.expert.group": "117440512" - }, - "_ws.malformed": "Malformed Packet" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:14.463906000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494054.463906000", - "frame.time_delta": "0.003124000", - "frame.time_delta_displayed": "0.003124000", - "frame.time_relative": "463.003220000", - "frame.number": "1693", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00007673", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004216", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47441", - "tcp.dstport": "80", - "tcp.port": "47441", - "tcp.port": "80", - "tcp.stream": "80", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000098fb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1690", - "tcp.analysis.ack_rtt": "0.005491000", - "tcp.analysis.initial_rtt": "0.005287000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:14.464066000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494054.464066000", - "frame.time_delta": "0.000160000", - "frame.time_delta_displayed": "0.000160000", - "frame.time_relative": "463.003380000", - "frame.number": "1694", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00007674", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004215", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47441", - "tcp.dstport": "80", - "tcp.port": "47441", - "tcp.port": "80", - "tcp.stream": "80", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00009510", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1691", - "tcp.analysis.ack_rtt": "0.005291000", - "tcp.analysis.initial_rtt": "0.005287000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:14.464990000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494054.464990000", - "frame.time_delta": "0.000924000", - "frame.time_delta_displayed": "0.000924000", - "frame.time_relative": "463.004304000", - "frame.number": "1695", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00007675", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004208", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47441", - "tcp.dstport": "80", - "tcp.port": "47441", - "tcp.port": "80", - "tcp.stream": "80", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000b774", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:05:0a:a4:cf:ad:00:a4:cf:b0:e4", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "SACK: 18-1014": { - "tcp.option_kind": "5", - "tcp.option_len": "10", - "tcp.options.sack": "1", - "tcp.options.sack_le": "18", - "tcp.options.sack_re": "1014", - "tcp.options.sack.count": "1" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005287000", - "tcp.analysis.flags": { - "tcp.analysis.duplicate_ack": "" - }, - "tcp.analysis.duplicate_ack_num": "1", - "tcp.analysis.duplicate_ack_frame": "1694", - "tcp.analysis.duplicate_ack_frame_tree": { - "_ws.expert": { - "tcp.analysis.duplicate_ack": "", - "_ws.expert.message": "Duplicate ACK (#1)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:14.465118000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494054.465118000", - "frame.time_delta": "0.000128000", - "frame.time_delta_displayed": "0.000128000", - "frame.time_relative": "463.004432000", - "frame.number": "1696", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00007676", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004213", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47441", - "tcp.dstport": "80", - "tcp.port": "47441", - "tcp.port": "80", - "tcp.stream": "80", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000950f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:14.465526000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494054.465526000", - "frame.time_delta": "0.000408000", - "frame.time_delta_displayed": "0.000408000", - "frame.time_relative": "463.004840000", - "frame.number": "1697", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d9dd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000deab", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47441", - "tcp.port": "80", - "tcp.port": "47441", - "tcp.stream": "80", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000087a5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1696", - "tcp.analysis.ack_rtt": "0.000408000", - "tcp.analysis.initial_rtt": "0.005287000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:14.469458000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494054.469458000", - "frame.time_delta": "0.003932000", - "frame.time_delta_displayed": "0.003932000", - "frame.time_relative": "463.008772000", - "frame.number": "1698", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e9d3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ceb5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47441", - "tcp.dstport": "80", - "tcp.port": "47441", - "tcp.port": "80", - "tcp.stream": "80", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000ec2d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:14.980228000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494054.980228000", - "frame.time_delta": "0.510770000", - "frame.time_delta_displayed": "0.510770000", - "frame.time_relative": "463.519542000", - "frame.number": "1699", - "frame.len": "103", - "frame.cap_len": "103", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "89", - "ip.id": "0x0000ff88", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000da10", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "69", - "udp.checksum": "0x00000f59", - "udp.checksum.status": "2", - "udp.stream": "38" - }, - "mdns": { - "dns.id": "0x00000003", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_FFACD959._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_FFACD959._sub._googlecast._tcp.local", - "dns.qry.name.len": "37", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:15.381698000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494055.381698000", - "frame.time_delta": "0.401470000", - "frame.time_delta_displayed": "0.401470000", - "frame.time_relative": "463.921012000", - "frame.number": "1700", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000961a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00002147", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "70", - "http.prev_response_in": "1680" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:15.416258000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494055.416258000", - "frame.time_delta": "0.034560000", - "frame.time_delta_displayed": "0.034560000", - "frame.time_relative": "463.955572000", - "frame.number": "1701", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x00002bbc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008cb9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47442", - "tcp.dstport": "80", - "tcp.port": "47442", - "tcp.port": "80", - "tcp.stream": "81", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x0000c5b6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:08:ae:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 919726, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "919726", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:15.416826000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494055.416826000", - "frame.time_delta": "0.000568000", - "frame.time_delta_displayed": "0.000568000", - "frame.time_relative": "463.956140000", - "frame.number": "1702", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47442", - "tcp.port": "80", - "tcp.port": "47442", - "tcp.stream": "81", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000f69d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "1701", - "tcp.analysis.ack_rtt": "0.000568000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:15.421794000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494055.421794000", - "frame.time_delta": "0.004968000", - "frame.time_delta_displayed": "0.004968000", - "frame.time_relative": "463.961108000", - "frame.number": "1703", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002bbd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008ccc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47442", - "tcp.dstport": "80", - "tcp.port": "47442", - "tcp.port": "80", - "tcp.stream": "81", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000a825", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1702", - "tcp.analysis.ack_rtt": "0.004968000", - "tcp.analysis.initial_rtt": "0.005536000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:15.422794000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494055.422794000", - "frame.time_delta": "0.001000000", - "frame.time_delta_displayed": "0.001000000", - "frame.time_relative": "463.962108000", - "frame.number": "1704", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x00002bbe", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008c0b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47442", - "tcp.dstport": "80", - "tcp.port": "47442", - "tcp.port": "80", - "tcp.stream": "81", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000007a0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005536000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:15.423273000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494055.423273000", - "frame.time_delta": "0.000479000", - "frame.time_delta_displayed": "0.000479000", - "frame.time_relative": "463.962587000", - "frame.number": "1705", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000a206", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001683", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47442", - "tcp.port": "80", - "tcp.port": "47442", - "tcp.stream": "81", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000099f4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1704", - "tcp.analysis.ack_rtt": "0.000479000", - "tcp.analysis.initial_rtt": "0.005536000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:15.423959000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494055.423959000", - "frame.time_delta": "0.000686000", - "frame.time_delta_displayed": "0.000686000", - "frame.time_relative": "463.963273000", - "frame.number": "1706", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000a207", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001671", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47442", - "tcp.port": "80", - "tcp.port": "47442", - "tcp.stream": "81", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000da15", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005536000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:15.424389000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494055.424389000", - "frame.time_delta": "0.000430000", - "frame.time_delta_displayed": "0.000430000", - "frame.time_relative": "463.963703000", - "frame.number": "1707", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000a208", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000129e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47442", - "tcp.port": "80", - "tcp.port": "47442", - "tcp.stream": "81", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00002c7f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005536000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "1706", - "tcp.segment": "1707", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001595000", - "http.request_in": "1704", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:15.428887000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494055.428887000", - "frame.time_delta": "0.004498000", - "frame.time_delta_displayed": "0.004498000", - "frame.time_relative": "463.968201000", - "frame.number": "1708", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002bbf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008cca", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47442", - "tcp.dstport": "80", - "tcp.port": "47442", - "tcp.port": "80", - "tcp.stream": "81", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000a754", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1706", - "tcp.analysis.ack_rtt": "0.004928000", - "tcp.analysis.initial_rtt": "0.005536000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:15.429379000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494055.429379000", - "frame.time_delta": "0.000492000", - "frame.time_delta_displayed": "0.000492000", - "frame.time_relative": "463.968693000", - "frame.number": "1709", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002bc0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008cc9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47442", - "tcp.dstport": "80", - "tcp.port": "47442", - "tcp.port": "80", - "tcp.stream": "81", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000a369", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1707", - "tcp.analysis.ack_rtt": "0.004990000", - "tcp.analysis.initial_rtt": "0.005536000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:15.431538000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494055.431538000", - "frame.time_delta": "0.002159000", - "frame.time_delta_displayed": "0.002159000", - "frame.time_relative": "463.970852000", - "frame.number": "1710", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002bc1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008cc8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47442", - "tcp.dstport": "80", - "tcp.port": "47442", - "tcp.port": "80", - "tcp.stream": "81", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000a368", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:15.432016000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494055.432016000", - "frame.time_delta": "0.000478000", - "frame.time_delta_displayed": "0.000478000", - "frame.time_relative": "463.971330000", - "frame.number": "1711", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000da0c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000de7c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47442", - "tcp.port": "80", - "tcp.port": "47442", - "tcp.stream": "81", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000095fe", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1710", - "tcp.analysis.ack_rtt": "0.000478000", - "tcp.analysis.initial_rtt": "0.005536000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:15.435349000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494055.435349000", - "frame.time_delta": "0.003333000", - "frame.time_delta_displayed": "0.003333000", - "frame.time_relative": "463.974663000", - "frame.number": "1712", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000961b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000213d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "71", - "http.prev_response_in": "1700" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:15.436045000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494055.436045000", - "frame.time_delta": "0.000696000", - "frame.time_delta_displayed": "0.000696000", - "frame.time_relative": "463.975359000", - "frame.number": "1713", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000ea2d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ce5b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47442", - "tcp.dstport": "80", - "tcp.port": "47442", - "tcp.port": "80", - "tcp.stream": "81", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00003592", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:15.447638000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494055.447638000", - "frame.time_delta": "0.011593000", - "frame.time_delta_displayed": "0.011593000", - "frame.time_relative": "463.986952000", - "frame.number": "1714", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x0000ccf6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000eb7e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47443", - "tcp.dstport": "80", - "tcp.port": "47443", - "tcp.port": "80", - "tcp.stream": "82", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x0000f330", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:08:b1:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 919729, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "919729", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:15.448161000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494055.448161000", - "frame.time_delta": "0.000523000", - "frame.time_delta_displayed": "0.000523000", - "frame.time_relative": "463.987475000", - "frame.number": "1715", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47443", - "tcp.port": "80", - "tcp.port": "47443", - "tcp.stream": "82", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x000052ad", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "1714", - "tcp.analysis.ack_rtt": "0.000523000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:15.451612000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494055.451612000", - "frame.time_delta": "0.003451000", - "frame.time_delta_displayed": "0.003451000", - "frame.time_relative": "463.990926000", - "frame.number": "1716", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000ccf7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000eb91", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47443", - "tcp.dstport": "80", - "tcp.port": "47443", - "tcp.port": "80", - "tcp.stream": "82", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00000435", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1715", - "tcp.analysis.ack_rtt": "0.003451000", - "tcp.analysis.initial_rtt": "0.003974000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:15.452313000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494055.452313000", - "frame.time_delta": "0.000701000", - "frame.time_delta_displayed": "0.000701000", - "frame.time_relative": "463.991627000", - "frame.number": "1717", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x0000ccf8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ead0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47443", - "tcp.dstport": "80", - "tcp.port": "47443", - "tcp.port": "80", - "tcp.stream": "82", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000063af", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003974000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:15.452802000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494055.452802000", - "frame.time_delta": "0.000489000", - "frame.time_delta_displayed": "0.000489000", - "frame.time_relative": "463.992116000", - "frame.number": "1718", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000060d0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000057b9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47443", - "tcp.port": "80", - "tcp.port": "47443", - "tcp.stream": "82", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000f603", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1717", - "tcp.analysis.ack_rtt": "0.000489000", - "tcp.analysis.initial_rtt": "0.003974000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:15.453455000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494055.453455000", - "frame.time_delta": "0.000653000", - "frame.time_delta_displayed": "0.000653000", - "frame.time_relative": "463.992769000", - "frame.number": "1719", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x000060d1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000057a7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47443", - "tcp.port": "80", - "tcp.port": "47443", - "tcp.stream": "82", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00003625", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003974000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:15.453805000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494055.453805000", - "frame.time_delta": "0.000350000", - "frame.time_delta_displayed": "0.000350000", - "frame.time_relative": "463.993119000", - "frame.number": "1720", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x000060d2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000053d4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47443", - "tcp.port": "80", - "tcp.port": "47443", - "tcp.stream": "82", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000888e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003974000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "1719", - "tcp.segment": "1720", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001492000", - "http.request_in": "1717", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:15.456529000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494055.456529000", - "frame.time_delta": "0.002724000", - "frame.time_delta_displayed": "0.002724000", - "frame.time_relative": "463.995843000", - "frame.number": "1721", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000ccf9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000eb8f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47443", - "tcp.dstport": "80", - "tcp.port": "47443", - "tcp.port": "80", - "tcp.stream": "82", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00000364", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1719", - "tcp.analysis.ack_rtt": "0.003074000", - "tcp.analysis.initial_rtt": "0.003974000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:15.458362000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494055.458362000", - "frame.time_delta": "0.001833000", - "frame.time_delta_displayed": "0.001833000", - "frame.time_relative": "463.997676000", - "frame.number": "1722", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000ccfa", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000eb8e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47443", - "tcp.dstport": "80", - "tcp.port": "47443", - "tcp.port": "80", - "tcp.stream": "82", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000ff78", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1720", - "tcp.analysis.ack_rtt": "0.004557000", - "tcp.analysis.initial_rtt": "0.003974000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:15.459833000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494055.459833000", - "frame.time_delta": "0.001471000", - "frame.time_delta_displayed": "0.001471000", - "frame.time_relative": "463.999147000", - "frame.number": "1723", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000ccfb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000eb8d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47443", - "tcp.dstport": "80", - "tcp.port": "47443", - "tcp.port": "80", - "tcp.stream": "82", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000ff77", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:15.460266000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494055.460266000", - "frame.time_delta": "0.000433000", - "frame.time_delta_displayed": "0.000433000", - "frame.time_relative": "463.999580000", - "frame.number": "1724", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000da0e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000de7a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47443", - "tcp.port": "80", - "tcp.port": "47443", - "tcp.stream": "82", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000f20d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1723", - "tcp.analysis.ack_rtt": "0.000433000", - "tcp.analysis.initial_rtt": "0.003974000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:15.467677000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494055.467677000", - "frame.time_delta": "0.007411000", - "frame.time_delta_displayed": "0.007411000", - "frame.time_relative": "464.006991000", - "frame.number": "1725", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000ea2f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ce59", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47443", - "tcp.dstport": "80", - "tcp.port": "47443", - "tcp.port": "80", - "tcp.stream": "82", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000630f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:15.488168000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494055.488168000", - "frame.time_delta": "0.020491000", - "frame.time_delta_displayed": "0.020491000", - "frame.time_relative": "464.027482000", - "frame.number": "1726", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000961c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00002142", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "72", - "http.prev_response_in": "1712" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:15.498325000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494055.498325000", - "frame.time_delta": "0.010157000", - "frame.time_delta_displayed": "0.010157000", - "frame.time_relative": "464.037639000", - "frame.number": "1727", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x00003087", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000087ee", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47444", - "tcp.dstport": "80", - "tcp.port": "47444", - "tcp.port": "80", - "tcp.stream": "83", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x0000f529", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:08:b6:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 919734, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "919734", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:15.498877000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494055.498877000", - "frame.time_delta": "0.000552000", - "frame.time_delta_displayed": "0.000552000", - "frame.time_relative": "464.038191000", - "frame.number": "1728", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47444", - "tcp.port": "80", - "tcp.port": "47444", - "tcp.stream": "83", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000d8c7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "1727", - "tcp.analysis.ack_rtt": "0.000552000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:15.502533000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494055.502533000", - "frame.time_delta": "0.003656000", - "frame.time_delta_displayed": "0.003656000", - "frame.time_relative": "464.041847000", - "frame.number": "1729", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00003088", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008801", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47444", - "tcp.dstport": "80", - "tcp.port": "47444", - "tcp.port": "80", - "tcp.stream": "83", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00008a4f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1728", - "tcp.analysis.ack_rtt": "0.003656000", - "tcp.analysis.initial_rtt": "0.004208000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:15.504843000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494055.504843000", - "frame.time_delta": "0.002310000", - "frame.time_delta_displayed": "0.002310000", - "frame.time_relative": "464.044157000", - "frame.number": "1730", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x00003089", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008740", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47444", - "tcp.dstport": "80", - "tcp.port": "47444", - "tcp.port": "80", - "tcp.stream": "83", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000e9c9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004208000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:15.505339000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494055.505339000", - "frame.time_delta": "0.000496000", - "frame.time_delta_displayed": "0.000496000", - "frame.time_relative": "464.044653000", - "frame.number": "1731", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000b99c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000feec", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47444", - "tcp.port": "80", - "tcp.port": "47444", - "tcp.stream": "83", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00007c1e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1730", - "tcp.analysis.ack_rtt": "0.000496000", - "tcp.analysis.initial_rtt": "0.004208000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:15.506035000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494055.506035000", - "frame.time_delta": "0.000696000", - "frame.time_delta_displayed": "0.000696000", - "frame.time_relative": "464.045349000", - "frame.number": "1732", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000b99d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000feda", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47444", - "tcp.port": "80", - "tcp.port": "47444", - "tcp.stream": "83", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000bc3f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004208000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:15.506415000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494055.506415000", - "frame.time_delta": "0.000380000", - "frame.time_delta_displayed": "0.000380000", - "frame.time_relative": "464.045729000", - "frame.number": "1733", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000b99e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000fb07", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47444", - "tcp.port": "80", - "tcp.port": "47444", - "tcp.stream": "83", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00000ea9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004208000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "1732", - "tcp.segment": "1733", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001572000", - "http.request_in": "1730", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:15.509692000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494055.509692000", - "frame.time_delta": "0.003277000", - "frame.time_delta_displayed": "0.003277000", - "frame.time_relative": "464.049006000", - "frame.number": "1734", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000308a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000087ff", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47444", - "tcp.dstport": "80", - "tcp.port": "47444", - "tcp.port": "80", - "tcp.stream": "83", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000897e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1732", - "tcp.analysis.ack_rtt": "0.003657000", - "tcp.analysis.initial_rtt": "0.004208000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:15.509734000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494055.509734000", - "frame.time_delta": "0.000042000", - "frame.time_delta_displayed": "0.000042000", - "frame.time_relative": "464.049048000", - "frame.number": "1735", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000308b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000087fe", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47444", - "tcp.dstport": "80", - "tcp.port": "47444", - "tcp.port": "80", - "tcp.stream": "83", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00008593", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1733", - "tcp.analysis.ack_rtt": "0.003319000", - "tcp.analysis.initial_rtt": "0.004208000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:15.510452000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494055.510452000", - "frame.time_delta": "0.000718000", - "frame.time_delta_displayed": "0.000718000", - "frame.time_relative": "464.049766000", - "frame.number": "1736", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000308c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000087fd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47444", - "tcp.dstport": "80", - "tcp.port": "47444", - "tcp.port": "80", - "tcp.stream": "83", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00008592", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:15.510927000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494055.510927000", - "frame.time_delta": "0.000475000", - "frame.time_delta_displayed": "0.000475000", - "frame.time_relative": "464.050241000", - "frame.number": "1737", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000da14", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000de74", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47444", - "tcp.port": "80", - "tcp.port": "47444", - "tcp.stream": "83", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00007828", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1736", - "tcp.analysis.ack_rtt": "0.000475000", - "tcp.analysis.initial_rtt": "0.004208000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:15.515805000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494055.515805000", - "frame.time_delta": "0.004878000", - "frame.time_delta_displayed": "0.004878000", - "frame.time_relative": "464.055119000", - "frame.number": "1738", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000ea32", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ce56", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47444", - "tcp.dstport": "80", - "tcp.port": "47444", - "tcp.port": "80", - "tcp.stream": "83", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000650d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:16.014627000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494056.014627000", - "frame.time_delta": "0.498822000", - "frame.time_delta_displayed": "0.498822000", - "frame.time_relative": "464.553941000", - "frame.number": "1739", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00009645", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000211c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "73", - "http.prev_response_in": "1726" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:16.067433000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494056.067433000", - "frame.time_delta": "0.052806000", - "frame.time_delta_displayed": "0.052806000", - "frame.time_relative": "464.606747000", - "frame.number": "1740", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00009647", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00002111", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "74", - "http.prev_response_in": "1739" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:16.120285000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494056.120285000", - "frame.time_delta": "0.052852000", - "frame.time_delta_displayed": "0.052852000", - "frame.time_relative": "464.659599000", - "frame.number": "1741", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000964a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00002114", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "75", - "http.prev_response_in": "1740" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:16.238527000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494056.238527000", - "frame.time_delta": "0.118242000", - "frame.time_delta_displayed": "0.118242000", - "frame.time_relative": "464.777841000", - "frame.number": "1742", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x00009b3e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001d37", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47445", - "tcp.dstport": "80", - "tcp.port": "47445", - "tcp.port": "80", - "tcp.stream": "84", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x00007190", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:09:00:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 919808, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "919808", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:16.239100000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494056.239100000", - "frame.time_delta": "0.000573000", - "frame.time_delta_displayed": "0.000573000", - "frame.time_relative": "464.778414000", - "frame.number": "1743", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47445", - "tcp.port": "80", - "tcp.port": "47445", - "tcp.stream": "84", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00006b99", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "1742", - "tcp.analysis.ack_rtt": "0.000573000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:16.242991000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494056.242991000", - "frame.time_delta": "0.003891000", - "frame.time_delta_displayed": "0.003891000", - "frame.time_relative": "464.782305000", - "frame.number": "1744", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00009b3f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001d4a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47445", - "tcp.dstport": "80", - "tcp.port": "47445", - "tcp.port": "80", - "tcp.stream": "84", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00001d21", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1743", - "tcp.analysis.ack_rtt": "0.003891000", - "tcp.analysis.initial_rtt": "0.004464000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:16.243835000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494056.243835000", - "frame.time_delta": "0.000844000", - "frame.time_delta_displayed": "0.000844000", - "frame.time_relative": "464.783149000", - "frame.number": "1745", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x00009b40", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001c89", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47445", - "tcp.dstport": "80", - "tcp.port": "47445", - "tcp.port": "80", - "tcp.stream": "84", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00007c9b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004464000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:16.244311000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494056.244311000", - "frame.time_delta": "0.000476000", - "frame.time_delta_displayed": "0.000476000", - "frame.time_relative": "464.783625000", - "frame.number": "1746", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000078ce", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003fbb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47445", - "tcp.port": "80", - "tcp.port": "47445", - "tcp.stream": "84", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00000ef0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1745", - "tcp.analysis.ack_rtt": "0.000476000", - "tcp.analysis.initial_rtt": "0.004464000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:16.244954000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494056.244954000", - "frame.time_delta": "0.000643000", - "frame.time_delta_displayed": "0.000643000", - "frame.time_relative": "464.784268000", - "frame.number": "1747", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x000078cf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003fa9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47445", - "tcp.port": "80", - "tcp.port": "47445", - "tcp.stream": "84", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00004f11", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004464000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:16.245329000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494056.245329000", - "frame.time_delta": "0.000375000", - "frame.time_delta_displayed": "0.000375000", - "frame.time_relative": "464.784643000", - "frame.number": "1748", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x000078d0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003bd6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47445", - "tcp.port": "80", - "tcp.port": "47445", - "tcp.stream": "84", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000a17a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004464000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "1747", - "tcp.segment": "1748", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001494000", - "http.request_in": "1745", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:16.248992000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494056.248992000", - "frame.time_delta": "0.003663000", - "frame.time_delta_displayed": "0.003663000", - "frame.time_relative": "464.788306000", - "frame.number": "1749", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00009b41", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001d48", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47445", - "tcp.dstport": "80", - "tcp.port": "47445", - "tcp.port": "80", - "tcp.stream": "84", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00001c50", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1747", - "tcp.analysis.ack_rtt": "0.004038000", - "tcp.analysis.initial_rtt": "0.004464000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:16.249416000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494056.249416000", - "frame.time_delta": "0.000424000", - "frame.time_delta_displayed": "0.000424000", - "frame.time_relative": "464.788730000", - "frame.number": "1750", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00009b42", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001d47", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47445", - "tcp.dstport": "80", - "tcp.port": "47445", - "tcp.port": "80", - "tcp.stream": "84", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00001865", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1748", - "tcp.analysis.ack_rtt": "0.004087000", - "tcp.analysis.initial_rtt": "0.004464000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:16.250893000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494056.250893000", - "frame.time_delta": "0.001477000", - "frame.time_delta_displayed": "0.001477000", - "frame.time_relative": "464.790207000", - "frame.number": "1751", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00009b43", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001d46", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47445", - "tcp.dstport": "80", - "tcp.port": "47445", - "tcp.port": "80", - "tcp.stream": "84", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00001864", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:16.251359000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494056.251359000", - "frame.time_delta": "0.000466000", - "frame.time_delta_displayed": "0.000466000", - "frame.time_relative": "464.790673000", - "frame.number": "1752", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000da25", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000de63", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47445", - "tcp.port": "80", - "tcp.port": "47445", - "tcp.stream": "84", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00000afa", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1751", - "tcp.analysis.ack_rtt": "0.000466000", - "tcp.analysis.initial_rtt": "0.004464000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:16.256409000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494056.256409000", - "frame.time_delta": "0.005050000", - "frame.time_delta_displayed": "0.005050000", - "frame.time_relative": "464.795723000", - "frame.number": "1753", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000ea64", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ce24", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47445", - "tcp.dstport": "80", - "tcp.port": "47445", - "tcp.port": "80", - "tcp.stream": "84", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000e1bd", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:17.067431000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494057.067431000", - "frame.time_delta": "0.811022000", - "frame.time_delta_displayed": "0.811022000", - "frame.time_relative": "465.606745000", - "frame.number": "1754", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x000096a3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000020be", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "76", - "http.prev_response_in": "1741" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:17.120193000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494057.120193000", - "frame.time_delta": "0.052762000", - "frame.time_delta_displayed": "0.052762000", - "frame.time_relative": "465.659507000", - "frame.number": "1755", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x000096a7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000020b1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "77", - "http.prev_response_in": "1754" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:17.155173000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494057.155173000", - "frame.time_delta": "0.034980000", - "frame.time_delta_displayed": "0.034980000", - "frame.time_relative": "465.694487000", - "frame.number": "1756", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x0000de2f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000da45", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47446", - "tcp.dstport": "80", - "tcp.port": "47446", - "tcp.port": "80", - "tcp.stream": "85", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x0000e672", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:09:5c:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 919900, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "919900", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:17.155726000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494057.155726000", - "frame.time_delta": "0.000553000", - "frame.time_delta_displayed": "0.000553000", - "frame.time_relative": "465.695040000", - "frame.number": "1757", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47446", - "tcp.port": "80", - "tcp.port": "47446", - "tcp.stream": "85", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000a11e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "1756", - "tcp.analysis.ack_rtt": "0.000553000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:17.159547000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494057.159547000", - "frame.time_delta": "0.003821000", - "frame.time_delta_displayed": "0.003821000", - "frame.time_relative": "465.698861000", - "frame.number": "1758", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000de30", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000da58", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47446", - "tcp.dstport": "80", - "tcp.port": "47446", - "tcp.port": "80", - "tcp.stream": "85", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000052a6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1757", - "tcp.analysis.ack_rtt": "0.003821000", - "tcp.analysis.initial_rtt": "0.004374000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:17.160034000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494057.160034000", - "frame.time_delta": "0.000487000", - "frame.time_delta_displayed": "0.000487000", - "frame.time_relative": "465.699348000", - "frame.number": "1759", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x0000de31", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d997", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47446", - "tcp.dstport": "80", - "tcp.port": "47446", - "tcp.port": "80", - "tcp.stream": "85", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000b220", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004374000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:17.160517000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494057.160517000", - "frame.time_delta": "0.000483000", - "frame.time_delta_displayed": "0.000483000", - "frame.time_relative": "465.699831000", - "frame.number": "1760", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000026a5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000091e4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47446", - "tcp.port": "80", - "tcp.port": "47446", - "tcp.stream": "85", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00004475", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1759", - "tcp.analysis.ack_rtt": "0.000483000", - "tcp.analysis.initial_rtt": "0.004374000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:17.161265000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494057.161265000", - "frame.time_delta": "0.000748000", - "frame.time_delta_displayed": "0.000748000", - "frame.time_relative": "465.700579000", - "frame.number": "1761", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x000026a6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000091d2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47446", - "tcp.port": "80", - "tcp.port": "47446", - "tcp.stream": "85", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00008496", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004374000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:17.161616000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494057.161616000", - "frame.time_delta": "0.000351000", - "frame.time_delta_displayed": "0.000351000", - "frame.time_relative": "465.700930000", - "frame.number": "1762", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x000026a7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008dff", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47446", - "tcp.port": "80", - "tcp.port": "47446", - "tcp.stream": "85", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000d6ff", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004374000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "1761", - "tcp.segment": "1762", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001582000", - "http.request_in": "1759", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:17.164444000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494057.164444000", - "frame.time_delta": "0.002828000", - "frame.time_delta_displayed": "0.002828000", - "frame.time_relative": "465.703758000", - "frame.number": "1763", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000de32", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000da56", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47446", - "tcp.dstport": "80", - "tcp.port": "47446", - "tcp.port": "80", - "tcp.stream": "85", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000051d5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1761", - "tcp.analysis.ack_rtt": "0.003179000", - "tcp.analysis.initial_rtt": "0.004374000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:17.164578000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494057.164578000", - "frame.time_delta": "0.000134000", - "frame.time_delta_displayed": "0.000134000", - "frame.time_relative": "465.703892000", - "frame.number": "1764", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000de33", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000da55", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47446", - "tcp.dstport": "80", - "tcp.port": "47446", - "tcp.port": "80", - "tcp.stream": "85", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00004dea", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1762", - "tcp.analysis.ack_rtt": "0.002962000", - "tcp.analysis.initial_rtt": "0.004374000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:17.165498000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494057.165498000", - "frame.time_delta": "0.000920000", - "frame.time_delta_displayed": "0.000920000", - "frame.time_relative": "465.704812000", - "frame.number": "1765", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000de34", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000da54", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47446", - "tcp.dstport": "80", - "tcp.port": "47446", - "tcp.port": "80", - "tcp.stream": "85", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00004de9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:17.165977000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494057.165977000", - "frame.time_delta": "0.000479000", - "frame.time_delta_displayed": "0.000479000", - "frame.time_relative": "465.705291000", - "frame.number": "1766", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000da2e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000de5a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47446", - "tcp.port": "80", - "tcp.port": "47446", - "tcp.stream": "85", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000407f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1765", - "tcp.analysis.ack_rtt": "0.000479000", - "tcp.analysis.initial_rtt": "0.004374000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:17.169488000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494057.169488000", - "frame.time_delta": "0.003511000", - "frame.time_delta_displayed": "0.003511000", - "frame.time_relative": "465.708802000", - "frame.number": "1767", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000ea87", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ce01", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47446", - "tcp.dstport": "80", - "tcp.port": "47446", - "tcp.port": "80", - "tcp.stream": "85", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000056fc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:17.172714000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494057.172714000", - "frame.time_delta": "0.003226000", - "frame.time_delta_displayed": "0.003226000", - "frame.time_relative": "465.712028000", - "frame.number": "1768", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x000096a9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000020b5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "78", - "http.prev_response_in": "1755" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:17.178819000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494057.178819000", - "frame.time_delta": "0.006105000", - "frame.time_delta_displayed": "0.006105000", - "frame.time_relative": "465.718133000", - "frame.number": "1769", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x00002c9f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008bd6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47447", - "tcp.dstport": "80", - "tcp.port": "47447", - "tcp.port": "80", - "tcp.stream": "86", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x00001968", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:09:5e:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 919902, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "919902", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:17.179363000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494057.179363000", - "frame.time_delta": "0.000544000", - "frame.time_delta_displayed": "0.000544000", - "frame.time_relative": "465.718677000", - "frame.number": "1770", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47447", - "tcp.port": "80", - "tcp.port": "47447", - "tcp.stream": "86", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x000014d3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "1769", - "tcp.analysis.ack_rtt": "0.000544000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:17.183040000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494057.183040000", - "frame.time_delta": "0.003677000", - "frame.time_delta_displayed": "0.003677000", - "frame.time_relative": "465.722354000", - "frame.number": "1771", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002ca0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008be9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47447", - "tcp.dstport": "80", - "tcp.port": "47447", - "tcp.port": "80", - "tcp.stream": "86", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000c65a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1770", - "tcp.analysis.ack_rtt": "0.003677000", - "tcp.analysis.initial_rtt": "0.004221000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:17.183227000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494057.183227000", - "frame.time_delta": "0.000187000", - "frame.time_delta_displayed": "0.000187000", - "frame.time_relative": "465.722541000", - "frame.number": "1772", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x00002ca1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008b28", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47447", - "tcp.dstport": "80", - "tcp.port": "47447", - "tcp.port": "80", - "tcp.stream": "86", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000025d5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004221000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:17.183679000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494057.183679000", - "frame.time_delta": "0.000452000", - "frame.time_delta_displayed": "0.000452000", - "frame.time_relative": "465.722993000", - "frame.number": "1773", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d317", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e571", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47447", - "tcp.port": "80", - "tcp.port": "47447", - "tcp.stream": "86", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000b829", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1772", - "tcp.analysis.ack_rtt": "0.000452000", - "tcp.analysis.initial_rtt": "0.004221000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:17.184439000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494057.184439000", - "frame.time_delta": "0.000760000", - "frame.time_delta_displayed": "0.000760000", - "frame.time_relative": "465.723753000", - "frame.number": "1774", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000d318", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e55f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47447", - "tcp.port": "80", - "tcp.port": "47447", - "tcp.stream": "86", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000f84a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004221000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:17.184794000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494057.184794000", - "frame.time_delta": "0.000355000", - "frame.time_delta_displayed": "0.000355000", - "frame.time_relative": "465.724108000", - "frame.number": "1775", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000d319", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e18c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47447", - "tcp.port": "80", - "tcp.port": "47447", - "tcp.stream": "86", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00004ab4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004221000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "1774", - "tcp.segment": "1775", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001567000", - "http.request_in": "1772", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:17.187326000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494057.187326000", - "frame.time_delta": "0.002532000", - "frame.time_delta_displayed": "0.002532000", - "frame.time_relative": "465.726640000", - "frame.number": "1776", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002ca2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008be7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47447", - "tcp.dstport": "80", - "tcp.port": "47447", - "tcp.port": "80", - "tcp.stream": "86", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000c589", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1774", - "tcp.analysis.ack_rtt": "0.002887000", - "tcp.analysis.initial_rtt": "0.004221000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:17.187456000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494057.187456000", - "frame.time_delta": "0.000130000", - "frame.time_delta_displayed": "0.000130000", - "frame.time_relative": "465.726770000", - "frame.number": "1777", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002ca3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008be6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47447", - "tcp.dstport": "80", - "tcp.port": "47447", - "tcp.port": "80", - "tcp.stream": "86", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000c19e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1775", - "tcp.analysis.ack_rtt": "0.002662000", - "tcp.analysis.initial_rtt": "0.004221000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:17.188001000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494057.188001000", - "frame.time_delta": "0.000545000", - "frame.time_delta_displayed": "0.000545000", - "frame.time_relative": "465.727315000", - "frame.number": "1778", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002ca4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008be5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47447", - "tcp.dstport": "80", - "tcp.port": "47447", - "tcp.port": "80", - "tcp.stream": "86", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000c19d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:17.188445000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494057.188445000", - "frame.time_delta": "0.000444000", - "frame.time_delta_displayed": "0.000444000", - "frame.time_relative": "465.727759000", - "frame.number": "1779", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000da2f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000de59", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47447", - "tcp.port": "80", - "tcp.port": "47447", - "tcp.stream": "86", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000b433", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1778", - "tcp.analysis.ack_rtt": "0.000444000", - "tcp.analysis.initial_rtt": "0.004221000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:17.192183000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494057.192183000", - "frame.time_delta": "0.003738000", - "frame.time_delta_displayed": "0.003738000", - "frame.time_relative": "465.731497000", - "frame.number": "1780", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000ea88", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ce00", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47447", - "tcp.dstport": "80", - "tcp.port": "47447", - "tcp.port": "80", - "tcp.stream": "86", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000089f3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:17.383514000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494057.383514000", - "frame.time_delta": "0.191331000", - "frame.time_delta_displayed": "0.191331000", - "frame.time_relative": "465.922828000", - "frame.number": "1781", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x000096b0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000020b1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "79", - "http.prev_response_in": "1768" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:17.393732000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494057.393732000", - "frame.time_delta": "0.010218000", - "frame.time_delta_displayed": "0.010218000", - "frame.time_relative": "465.933046000", - "frame.number": "1782", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x00004cc4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006bb1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47448", - "tcp.dstport": "80", - "tcp.port": "47448", - "tcp.port": "80", - "tcp.stream": "87", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x000017f4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:09:74:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 919924, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "919924", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:17.394289000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494057.394289000", - "frame.time_delta": "0.000557000", - "frame.time_delta_displayed": "0.000557000", - "frame.time_relative": "465.933603000", - "frame.number": "1783", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47448", - "tcp.port": "80", - "tcp.port": "47448", - "tcp.stream": "87", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00008563", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "1782", - "tcp.analysis.ack_rtt": "0.000557000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:17.397850000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494057.397850000", - "frame.time_delta": "0.003561000", - "frame.time_delta_displayed": "0.003561000", - "frame.time_relative": "465.937164000", - "frame.number": "1784", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00004cc5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006bc4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47448", - "tcp.dstport": "80", - "tcp.port": "47448", - "tcp.port": "80", - "tcp.stream": "87", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000036eb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1783", - "tcp.analysis.ack_rtt": "0.003561000", - "tcp.analysis.initial_rtt": "0.004118000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:17.397987000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494057.397987000", - "frame.time_delta": "0.000137000", - "frame.time_delta_displayed": "0.000137000", - "frame.time_relative": "465.937301000", - "frame.number": "1785", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x00004cc6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006b03", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47448", - "tcp.dstport": "80", - "tcp.port": "47448", - "tcp.port": "80", - "tcp.stream": "87", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00009665", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004118000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:17.398429000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494057.398429000", - "frame.time_delta": "0.000442000", - "frame.time_delta_displayed": "0.000442000", - "frame.time_relative": "465.937743000", - "frame.number": "1786", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000056ea", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000619f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47448", - "tcp.port": "80", - "tcp.port": "47448", - "tcp.stream": "87", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000028ba", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1785", - "tcp.analysis.ack_rtt": "0.000442000", - "tcp.analysis.initial_rtt": "0.004118000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:17.399170000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494057.399170000", - "frame.time_delta": "0.000741000", - "frame.time_delta_displayed": "0.000741000", - "frame.time_relative": "465.938484000", - "frame.number": "1787", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x000056eb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000618d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47448", - "tcp.port": "80", - "tcp.port": "47448", - "tcp.stream": "87", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000068db", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004118000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:17.399525000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494057.399525000", - "frame.time_delta": "0.000355000", - "frame.time_delta_displayed": "0.000355000", - "frame.time_relative": "465.938839000", - "frame.number": "1788", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x000056ec", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005dba", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47448", - "tcp.port": "80", - "tcp.port": "47448", - "tcp.stream": "87", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000bb44", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004118000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "1787", - "tcp.segment": "1788", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001538000", - "http.request_in": "1785", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:17.400785000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494057.400785000", - "frame.time_delta": "0.001260000", - "frame.time_delta_displayed": "0.001260000", - "frame.time_relative": "465.940099000", - "frame.number": "1789", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x000056ed", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005db9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47448", - "tcp.port": "80", - "tcp.port": "47448", - "tcp.stream": "87", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000bb44", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004118000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.out_of_order": "", - "_ws.expert.message": "This frame is a (suspected) out-of-order segment", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - } - } - }, - "_ws.malformed": { - "_ws.expert": { - "_ws.malformed.reassembly": "", - "_ws.expert.message": "New fragment overlaps old data (retransmission?)", - "_ws.expert.severity": "8388608", - "_ws.expert.group": "117440512" - }, - "_ws.malformed": "Malformed Packet" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:17.402426000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494057.402426000", - "frame.time_delta": "0.001641000", - "frame.time_delta_displayed": "0.001641000", - "frame.time_relative": "465.941740000", - "frame.number": "1790", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00004cc7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006bc2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47448", - "tcp.dstport": "80", - "tcp.port": "47448", - "tcp.port": "80", - "tcp.stream": "87", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000361a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1787", - "tcp.analysis.ack_rtt": "0.003256000", - "tcp.analysis.initial_rtt": "0.004118000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:17.402474000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494057.402474000", - "frame.time_delta": "0.000048000", - "frame.time_delta_displayed": "0.000048000", - "frame.time_relative": "465.941788000", - "frame.number": "1791", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00004cc8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006bc1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47448", - "tcp.dstport": "80", - "tcp.port": "47448", - "tcp.port": "80", - "tcp.stream": "87", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000322f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1788", - "tcp.analysis.ack_rtt": "0.002949000", - "tcp.analysis.initial_rtt": "0.004118000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:17.403354000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494057.403354000", - "frame.time_delta": "0.000880000", - "frame.time_delta_displayed": "0.000880000", - "frame.time_relative": "465.942668000", - "frame.number": "1792", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00004cc9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006bc0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47448", - "tcp.dstport": "80", - "tcp.port": "47448", - "tcp.port": "80", - "tcp.stream": "87", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000322e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:17.403796000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494057.403796000", - "frame.time_delta": "0.000442000", - "frame.time_delta_displayed": "0.000442000", - "frame.time_relative": "465.943110000", - "frame.number": "1793", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000da32", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000de56", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47448", - "tcp.port": "80", - "tcp.port": "47448", - "tcp.stream": "87", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000024c4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1792", - "tcp.analysis.ack_rtt": "0.000442000", - "tcp.analysis.initial_rtt": "0.004118000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:17.405300000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494057.405300000", - "frame.time_delta": "0.001504000", - "frame.time_delta_displayed": "0.001504000", - "frame.time_relative": "465.944614000", - "frame.number": "1794", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000ea8f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000cdf9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47448", - "tcp.dstport": "80", - "tcp.port": "47448", - "tcp.port": "80", - "tcp.stream": "87", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00008896", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:17.408081000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494057.408081000", - "frame.time_delta": "0.002781000", - "frame.time_delta_displayed": "0.002781000", - "frame.time_relative": "465.947395000", - "frame.number": "1795", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000ea90", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000cdf8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47448", - "tcp.dstport": "80", - "tcp.port": "47448", - "tcp.port": "80", - "tcp.stream": "87", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00008895", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:17.436801000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494057.436801000", - "frame.time_delta": "0.028720000", - "frame.time_delta_displayed": "0.028720000", - "frame.time_relative": "465.976115000", - "frame.number": "1796", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x000096b5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000020a3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "80", - "http.prev_response_in": "1781" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:17.444112000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494057.444112000", - "frame.time_delta": "0.007311000", - "frame.time_delta_displayed": "0.007311000", - "frame.time_relative": "465.983426000", - "frame.number": "1797", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x00003fbd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000078b8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47449", - "tcp.dstport": "80", - "tcp.port": "47449", - "tcp.port": "80", - "tcp.stream": "88", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x0000e9f0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:09:79:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 919929, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "919929", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:17.444654000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494057.444654000", - "frame.time_delta": "0.000542000", - "frame.time_delta_displayed": "0.000542000", - "frame.time_relative": "465.983968000", - "frame.number": "1798", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47449", - "tcp.port": "80", - "tcp.port": "47449", - "tcp.stream": "88", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x000085e1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "1797", - "tcp.analysis.ack_rtt": "0.000542000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:17.447849000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494057.447849000", - "frame.time_delta": "0.003195000", - "frame.time_delta_displayed": "0.003195000", - "frame.time_relative": "465.987163000", - "frame.number": "1799", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00003fbe", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000078cb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47449", - "tcp.dstport": "80", - "tcp.port": "47449", - "tcp.port": "80", - "tcp.stream": "88", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00003769", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1798", - "tcp.analysis.ack_rtt": "0.003195000", - "tcp.analysis.initial_rtt": "0.003737000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:17.447978000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494057.447978000", - "frame.time_delta": "0.000129000", - "frame.time_delta_displayed": "0.000129000", - "frame.time_relative": "465.987292000", - "frame.number": "1800", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x00003fbf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000780a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47449", - "tcp.dstport": "80", - "tcp.port": "47449", - "tcp.port": "80", - "tcp.stream": "88", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000096e3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003737000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:17.448415000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494057.448415000", - "frame.time_delta": "0.000437000", - "frame.time_delta_displayed": "0.000437000", - "frame.time_relative": "465.987729000", - "frame.number": "1801", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000123e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a64b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47449", - "tcp.port": "80", - "tcp.port": "47449", - "tcp.stream": "88", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00002938", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1800", - "tcp.analysis.ack_rtt": "0.000437000", - "tcp.analysis.initial_rtt": "0.003737000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:17.449102000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494057.449102000", - "frame.time_delta": "0.000687000", - "frame.time_delta_displayed": "0.000687000", - "frame.time_relative": "465.988416000", - "frame.number": "1802", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000123f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a639", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47449", - "tcp.port": "80", - "tcp.port": "47449", - "tcp.stream": "88", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00006959", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003737000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:17.449455000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494057.449455000", - "frame.time_delta": "0.000353000", - "frame.time_delta_displayed": "0.000353000", - "frame.time_relative": "465.988769000", - "frame.number": "1803", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00001240", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a266", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47449", - "tcp.port": "80", - "tcp.port": "47449", - "tcp.stream": "88", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000bbc2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003737000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "1802", - "tcp.segment": "1803", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001477000", - "http.request_in": "1800", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:17.450767000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494057.450767000", - "frame.time_delta": "0.001312000", - "frame.time_delta_displayed": "0.001312000", - "frame.time_relative": "465.990081000", - "frame.number": "1804", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00001241", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a265", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47449", - "tcp.port": "80", - "tcp.port": "47449", - "tcp.stream": "88", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000bbc2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003737000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.out_of_order": "", - "_ws.expert.message": "This frame is a (suspected) out-of-order segment", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - } - } - }, - "_ws.malformed": { - "_ws.expert": { - "_ws.malformed.reassembly": "", - "_ws.expert.message": "New fragment overlaps old data (retransmission?)", - "_ws.expert.severity": "8388608", - "_ws.expert.group": "117440512" - }, - "_ws.malformed": "Malformed Packet" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:17.455803000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494057.455803000", - "frame.time_delta": "0.005036000", - "frame.time_delta_displayed": "0.005036000", - "frame.time_relative": "465.995117000", - "frame.number": "1805", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00003fc0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000078c9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47449", - "tcp.dstport": "80", - "tcp.port": "47449", - "tcp.port": "80", - "tcp.stream": "88", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00003698", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1802", - "tcp.analysis.ack_rtt": "0.006701000", - "tcp.analysis.initial_rtt": "0.003737000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:17.455935000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494057.455935000", - "frame.time_delta": "0.000132000", - "frame.time_delta_displayed": "0.000132000", - "frame.time_relative": "465.995249000", - "frame.number": "1806", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00003fc1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000078c8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47449", - "tcp.dstport": "80", - "tcp.port": "47449", - "tcp.port": "80", - "tcp.stream": "88", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000032ad", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1803", - "tcp.analysis.ack_rtt": "0.006480000", - "tcp.analysis.initial_rtt": "0.003737000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:17.456442000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494057.456442000", - "frame.time_delta": "0.000507000", - "frame.time_delta_displayed": "0.000507000", - "frame.time_relative": "465.995756000", - "frame.number": "1807", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00003fc2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000078bb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47449", - "tcp.dstport": "80", - "tcp.port": "47449", - "tcp.port": "80", - "tcp.stream": "88", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000b377", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:05:0a:e8:03:3a:99:e8:03:3e:7d", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "SACK: 18-1014": { - "tcp.option_kind": "5", - "tcp.option_len": "10", - "tcp.options.sack": "1", - "tcp.options.sack_le": "18", - "tcp.options.sack_re": "1014", - "tcp.options.sack.count": "1" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003737000", - "tcp.analysis.flags": { - "tcp.analysis.duplicate_ack": "" - }, - "tcp.analysis.duplicate_ack_num": "1", - "tcp.analysis.duplicate_ack_frame": "1806", - "tcp.analysis.duplicate_ack_frame_tree": { - "_ws.expert": { - "tcp.analysis.duplicate_ack": "", - "_ws.expert.message": "Duplicate ACK (#1)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:17.456901000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494057.456901000", - "frame.time_delta": "0.000459000", - "frame.time_delta_displayed": "0.000459000", - "frame.time_relative": "465.996215000", - "frame.number": "1808", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00003fc3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000078c6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47449", - "tcp.dstport": "80", - "tcp.port": "47449", - "tcp.port": "80", - "tcp.stream": "88", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000032ac", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:17.457316000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494057.457316000", - "frame.time_delta": "0.000415000", - "frame.time_delta_displayed": "0.000415000", - "frame.time_relative": "465.996630000", - "frame.number": "1809", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000da35", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000de53", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47449", - "tcp.port": "80", - "tcp.port": "47449", - "tcp.stream": "88", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00002542", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1808", - "tcp.analysis.ack_rtt": "0.000415000", - "tcp.analysis.initial_rtt": "0.003737000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:17.464119000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494057.464119000", - "frame.time_delta": "0.006803000", - "frame.time_delta_displayed": "0.006803000", - "frame.time_relative": "466.003433000", - "frame.number": "1810", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000ea94", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000cdf4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47449", - "tcp.dstport": "80", - "tcp.port": "47449", - "tcp.port": "80", - "tcp.stream": "88", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00005a97", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:17.489643000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494057.489643000", - "frame.time_delta": "0.025524000", - "frame.time_delta_displayed": "0.025524000", - "frame.time_relative": "466.028957000", - "frame.number": "1811", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x000096b7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000020a7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "81", - "http.prev_response_in": "1796" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:17.496732000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494057.496732000", - "frame.time_delta": "0.007089000", - "frame.time_delta_displayed": "0.007089000", - "frame.time_relative": "466.036046000", - "frame.number": "1812", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x0000302d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008848", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47450", - "tcp.dstport": "80", - "tcp.port": "47450", - "tcp.port": "80", - "tcp.stream": "89", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x00009d32", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:09:7e:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 919934, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "919934", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:17.497269000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494057.497269000", - "frame.time_delta": "0.000537000", - "frame.time_delta_displayed": "0.000537000", - "frame.time_relative": "466.036583000", - "frame.number": "1813", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47450", - "tcp.port": "80", - "tcp.port": "47450", - "tcp.stream": "89", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000b810", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "1812", - "tcp.analysis.ack_rtt": "0.000537000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:17.500670000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494057.500670000", - "frame.time_delta": "0.003401000", - "frame.time_delta_displayed": "0.003401000", - "frame.time_relative": "466.039984000", - "frame.number": "1814", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000302e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000885b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47450", - "tcp.dstport": "80", - "tcp.port": "47450", - "tcp.port": "80", - "tcp.stream": "89", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00006998", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1813", - "tcp.analysis.ack_rtt": "0.003401000", - "tcp.analysis.initial_rtt": "0.003938000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:17.500842000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494057.500842000", - "frame.time_delta": "0.000172000", - "frame.time_delta_displayed": "0.000172000", - "frame.time_relative": "466.040156000", - "frame.number": "1815", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x0000302f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000879a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47450", - "tcp.dstport": "80", - "tcp.port": "47450", - "tcp.port": "80", - "tcp.stream": "89", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000c912", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003938000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:17.501309000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494057.501309000", - "frame.time_delta": "0.000467000", - "frame.time_delta_displayed": "0.000467000", - "frame.time_relative": "466.040623000", - "frame.number": "1816", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000b3c4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000004c5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47450", - "tcp.port": "80", - "tcp.port": "47450", - "tcp.stream": "89", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00005b67", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1815", - "tcp.analysis.ack_rtt": "0.000467000", - "tcp.analysis.initial_rtt": "0.003938000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:17.501949000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494057.501949000", - "frame.time_delta": "0.000640000", - "frame.time_delta_displayed": "0.000640000", - "frame.time_relative": "466.041263000", - "frame.number": "1817", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000b3c5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000004b3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47450", - "tcp.port": "80", - "tcp.port": "47450", - "tcp.stream": "89", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00009b88", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003938000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:17.502304000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494057.502304000", - "frame.time_delta": "0.000355000", - "frame.time_delta_displayed": "0.000355000", - "frame.time_relative": "466.041618000", - "frame.number": "1818", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000b3c6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000000e0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47450", - "tcp.port": "80", - "tcp.port": "47450", - "tcp.stream": "89", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000edf1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003938000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "1817", - "tcp.segment": "1818", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001462000", - "http.request_in": "1815", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:17.505732000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494057.505732000", - "frame.time_delta": "0.003428000", - "frame.time_delta_displayed": "0.003428000", - "frame.time_relative": "466.045046000", - "frame.number": "1819", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00003030", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008859", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47450", - "tcp.dstport": "80", - "tcp.port": "47450", - "tcp.port": "80", - "tcp.stream": "89", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000068c7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1817", - "tcp.analysis.ack_rtt": "0.003783000", - "tcp.analysis.initial_rtt": "0.003938000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:17.506226000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494057.506226000", - "frame.time_delta": "0.000494000", - "frame.time_delta_displayed": "0.000494000", - "frame.time_relative": "466.045540000", - "frame.number": "1820", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00003031", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008858", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47450", - "tcp.dstport": "80", - "tcp.port": "47450", - "tcp.port": "80", - "tcp.stream": "89", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000064dc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1818", - "tcp.analysis.ack_rtt": "0.003922000", - "tcp.analysis.initial_rtt": "0.003938000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:17.506842000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494057.506842000", - "frame.time_delta": "0.000616000", - "frame.time_delta_displayed": "0.000616000", - "frame.time_relative": "466.046156000", - "frame.number": "1821", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00003032", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008857", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47450", - "tcp.dstport": "80", - "tcp.port": "47450", - "tcp.port": "80", - "tcp.stream": "89", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000064db", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:17.507288000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494057.507288000", - "frame.time_delta": "0.000446000", - "frame.time_delta_displayed": "0.000446000", - "frame.time_relative": "466.046602000", - "frame.number": "1822", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000da3a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000de4e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47450", - "tcp.port": "80", - "tcp.port": "47450", - "tcp.stream": "89", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00005771", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1821", - "tcp.analysis.ack_rtt": "0.000446000", - "tcp.analysis.initial_rtt": "0.003938000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:17.511224000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494057.511224000", - "frame.time_delta": "0.003936000", - "frame.time_delta_displayed": "0.003936000", - "frame.time_relative": "466.050538000", - "frame.number": "1823", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000ea96", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000cdf2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47450", - "tcp.dstport": "80", - "tcp.port": "47450", - "tcp.port": "80", - "tcp.stream": "89", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00000dde", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:18.436549000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494058.436549000", - "frame.time_delta": "0.925325000", - "frame.time_delta_displayed": "0.925325000", - "frame.time_relative": "466.975863000", - "frame.number": "1824", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000970d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00002054", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "82", - "http.prev_response_in": "1811" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:18.489324000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494058.489324000", - "frame.time_delta": "0.052775000", - "frame.time_delta_displayed": "0.052775000", - "frame.time_relative": "467.028638000", - "frame.number": "1825", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000970e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000204a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "83", - "http.prev_response_in": "1824" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:18.490655000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494058.490655000", - "frame.time_delta": "0.001331000", - "frame.time_delta_displayed": "0.001331000", - "frame.time_relative": "467.029969000", - "frame.number": "1826", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x0000cb7c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ecf8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47451", - "tcp.dstport": "80", - "tcp.port": "47451", - "tcp.port": "80", - "tcp.stream": "90", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x0000e2f3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:09:e1:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 920033, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "920033", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:18.491203000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494058.491203000", - "frame.time_delta": "0.000548000", - "frame.time_delta_displayed": "0.000548000", - "frame.time_relative": "467.030517000", - "frame.number": "1827", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47451", - "tcp.port": "80", - "tcp.port": "47451", - "tcp.stream": "90", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00009d87", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "1826", - "tcp.analysis.ack_rtt": "0.000548000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:18.495019000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494058.495019000", - "frame.time_delta": "0.003816000", - "frame.time_delta_displayed": "0.003816000", - "frame.time_relative": "467.034333000", - "frame.number": "1828", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000cb7d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ed0b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47451", - "tcp.dstport": "80", - "tcp.port": "47451", - "tcp.port": "80", - "tcp.stream": "90", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00004f0f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1827", - "tcp.analysis.ack_rtt": "0.003816000", - "tcp.analysis.initial_rtt": "0.004364000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:18.495718000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494058.495718000", - "frame.time_delta": "0.000699000", - "frame.time_delta_displayed": "0.000699000", - "frame.time_relative": "467.035032000", - "frame.number": "1829", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x0000cb7e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ec4a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47451", - "tcp.dstport": "80", - "tcp.port": "47451", - "tcp.port": "80", - "tcp.stream": "90", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000ae89", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004364000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:18.496205000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494058.496205000", - "frame.time_delta": "0.000487000", - "frame.time_delta_displayed": "0.000487000", - "frame.time_relative": "467.035519000", - "frame.number": "1830", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000daaf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ddd9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47451", - "tcp.port": "80", - "tcp.port": "47451", - "tcp.stream": "90", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000040de", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1829", - "tcp.analysis.ack_rtt": "0.000487000", - "tcp.analysis.initial_rtt": "0.004364000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:18.496857000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494058.496857000", - "frame.time_delta": "0.000652000", - "frame.time_delta_displayed": "0.000652000", - "frame.time_relative": "467.036171000", - "frame.number": "1831", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000dab0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ddc7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47451", - "tcp.port": "80", - "tcp.port": "47451", - "tcp.stream": "90", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000080ff", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004364000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:18.497236000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494058.497236000", - "frame.time_delta": "0.000379000", - "frame.time_delta_displayed": "0.000379000", - "frame.time_relative": "467.036550000", - "frame.number": "1832", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000dab1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d9f4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47451", - "tcp.port": "80", - "tcp.port": "47451", - "tcp.stream": "90", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000d368", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004364000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "1831", - "tcp.segment": "1832", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001518000", - "http.request_in": "1829", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:18.500768000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494058.500768000", - "frame.time_delta": "0.003532000", - "frame.time_delta_displayed": "0.003532000", - "frame.time_relative": "467.040082000", - "frame.number": "1833", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000dab2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d9f3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47451", - "tcp.port": "80", - "tcp.port": "47451", - "tcp.stream": "90", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000d368", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004364000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.out_of_order": "", - "_ws.expert.message": "This frame is a (suspected) out-of-order segment", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - } - } - }, - "_ws.malformed": { - "_ws.expert": { - "_ws.malformed.reassembly": "", - "_ws.expert.message": "New fragment overlaps old data (retransmission?)", - "_ws.expert.severity": "8388608", - "_ws.expert.group": "117440512" - }, - "_ws.malformed": "Malformed Packet" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:18.501131000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494058.501131000", - "frame.time_delta": "0.000363000", - "frame.time_delta_displayed": "0.000363000", - "frame.time_relative": "467.040445000", - "frame.number": "1834", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000cb7f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ed09", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47451", - "tcp.dstport": "80", - "tcp.port": "47451", - "tcp.port": "80", - "tcp.stream": "90", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00004e3e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1831", - "tcp.analysis.ack_rtt": "0.004274000", - "tcp.analysis.initial_rtt": "0.004364000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:18.502142000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494058.502142000", - "frame.time_delta": "0.001011000", - "frame.time_delta_displayed": "0.001011000", - "frame.time_relative": "467.041456000", - "frame.number": "1835", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000cb80", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ed08", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47451", - "tcp.dstport": "80", - "tcp.port": "47451", - "tcp.port": "80", - "tcp.stream": "90", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00004a53", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1832", - "tcp.analysis.ack_rtt": "0.004906000", - "tcp.analysis.initial_rtt": "0.004364000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:18.505084000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494058.505084000", - "frame.time_delta": "0.002942000", - "frame.time_delta_displayed": "0.002942000", - "frame.time_relative": "467.044398000", - "frame.number": "1836", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000cb81", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ecfb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47451", - "tcp.dstport": "80", - "tcp.port": "47451", - "tcp.port": "80", - "tcp.stream": "90", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00000794", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:05:0a:10:a0:f3:c1:10:a0:f7:a5", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "SACK: 18-1014": { - "tcp.option_kind": "5", - "tcp.option_len": "10", - "tcp.options.sack": "1", - "tcp.options.sack_le": "18", - "tcp.options.sack_re": "1014", - "tcp.options.sack.count": "1" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004364000", - "tcp.analysis.flags": { - "tcp.analysis.duplicate_ack": "" - }, - "tcp.analysis.duplicate_ack_num": "1", - "tcp.analysis.duplicate_ack_frame": "1835", - "tcp.analysis.duplicate_ack_frame_tree": { - "_ws.expert": { - "tcp.analysis.duplicate_ack": "", - "_ws.expert.message": "Duplicate ACK (#1)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:18.507016000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494058.507016000", - "frame.time_delta": "0.001932000", - "frame.time_delta_displayed": "0.001932000", - "frame.time_relative": "467.046330000", - "frame.number": "1837", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000cb82", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ed06", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47451", - "tcp.dstport": "80", - "tcp.port": "47451", - "tcp.port": "80", - "tcp.stream": "90", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00004a52", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:18.507470000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494058.507470000", - "frame.time_delta": "0.000454000", - "frame.time_delta_displayed": "0.000454000", - "frame.time_relative": "467.046784000", - "frame.number": "1838", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000da82", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000de06", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47451", - "tcp.port": "80", - "tcp.port": "47451", - "tcp.stream": "90", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00003ce8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1837", - "tcp.analysis.ack_rtt": "0.000454000", - "tcp.analysis.initial_rtt": "0.004364000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:18.513988000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494058.513988000", - "frame.time_delta": "0.006518000", - "frame.time_delta_displayed": "0.006518000", - "frame.time_relative": "467.053302000", - "frame.number": "1839", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000eaa0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000cde8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47451", - "tcp.dstport": "80", - "tcp.port": "47451", - "tcp.port": "80", - "tcp.stream": "90", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00005402", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:18.542194000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494058.542194000", - "frame.time_delta": "0.028206000", - "frame.time_delta_displayed": "0.028206000", - "frame.time_relative": "467.081508000", - "frame.number": "1840", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00009714", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000204a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "84", - "http.prev_response_in": "1825" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:18.556219000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494058.556219000", - "frame.time_delta": "0.014025000", - "frame.time_delta_displayed": "0.014025000", - "frame.time_relative": "467.095533000", - "frame.number": "1841", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x00000242", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b633", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47452", - "tcp.dstport": "80", - "tcp.port": "47452", - "tcp.port": "80", - "tcp.stream": "91", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x00006fe1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:09:e8:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 920040, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "920040", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:18.556759000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494058.556759000", - "frame.time_delta": "0.000540000", - "frame.time_delta_displayed": "0.000540000", - "frame.time_relative": "467.096073000", - "frame.number": "1842", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47452", - "tcp.port": "80", - "tcp.port": "47452", - "tcp.stream": "91", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x000016da", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "1841", - "tcp.analysis.ack_rtt": "0.000540000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:18.561037000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494058.561037000", - "frame.time_delta": "0.004278000", - "frame.time_delta_displayed": "0.004278000", - "frame.time_relative": "467.100351000", - "frame.number": "1843", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000243", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b646", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47452", - "tcp.dstport": "80", - "tcp.port": "47452", - "tcp.port": "80", - "tcp.stream": "91", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000c861", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1842", - "tcp.analysis.ack_rtt": "0.004278000", - "tcp.analysis.initial_rtt": "0.004818000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:18.562611000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494058.562611000", - "frame.time_delta": "0.001574000", - "frame.time_delta_displayed": "0.001574000", - "frame.time_relative": "467.101925000", - "frame.number": "1844", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x00000244", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b585", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47452", - "tcp.dstport": "80", - "tcp.port": "47452", - "tcp.port": "80", - "tcp.stream": "91", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000027dc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004818000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:18.563100000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494058.563100000", - "frame.time_delta": "0.000489000", - "frame.time_delta_displayed": "0.000489000", - "frame.time_relative": "467.102414000", - "frame.number": "1845", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000aace", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000dbb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47452", - "tcp.port": "80", - "tcp.port": "47452", - "tcp.stream": "91", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000ba30", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1844", - "tcp.analysis.ack_rtt": "0.000489000", - "tcp.analysis.initial_rtt": "0.004818000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:18.563769000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494058.563769000", - "frame.time_delta": "0.000669000", - "frame.time_delta_displayed": "0.000669000", - "frame.time_relative": "467.103083000", - "frame.number": "1846", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000aacf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000da9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47452", - "tcp.port": "80", - "tcp.port": "47452", - "tcp.stream": "91", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000fa51", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004818000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:18.564122000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494058.564122000", - "frame.time_delta": "0.000353000", - "frame.time_delta_displayed": "0.000353000", - "frame.time_relative": "467.103436000", - "frame.number": "1847", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000aad0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000009d6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47452", - "tcp.port": "80", - "tcp.port": "47452", - "tcp.stream": "91", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00004cbb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004818000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "1846", - "tcp.segment": "1847", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001511000", - "http.request_in": "1844", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:18.568003000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494058.568003000", - "frame.time_delta": "0.003881000", - "frame.time_delta_displayed": "0.003881000", - "frame.time_relative": "467.107317000", - "frame.number": "1848", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000245", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b644", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47452", - "tcp.dstport": "80", - "tcp.port": "47452", - "tcp.port": "80", - "tcp.stream": "91", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000c790", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1846", - "tcp.analysis.ack_rtt": "0.004234000", - "tcp.analysis.initial_rtt": "0.004818000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:18.568463000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494058.568463000", - "frame.time_delta": "0.000460000", - "frame.time_delta_displayed": "0.000460000", - "frame.time_relative": "467.107777000", - "frame.number": "1849", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000246", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b643", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47452", - "tcp.dstport": "80", - "tcp.port": "47452", - "tcp.port": "80", - "tcp.stream": "91", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000c3a5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1847", - "tcp.analysis.ack_rtt": "0.004341000", - "tcp.analysis.initial_rtt": "0.004818000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:18.571294000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494058.571294000", - "frame.time_delta": "0.002831000", - "frame.time_delta_displayed": "0.002831000", - "frame.time_relative": "467.110608000", - "frame.number": "1850", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000247", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b642", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47452", - "tcp.dstport": "80", - "tcp.port": "47452", - "tcp.port": "80", - "tcp.stream": "91", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000c3a4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:18.571768000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494058.571768000", - "frame.time_delta": "0.000474000", - "frame.time_delta_displayed": "0.000474000", - "frame.time_relative": "467.111082000", - "frame.number": "1851", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000da86", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000de02", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47452", - "tcp.port": "80", - "tcp.port": "47452", - "tcp.stream": "91", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000b63a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1850", - "tcp.analysis.ack_rtt": "0.000474000", - "tcp.analysis.initial_rtt": "0.004818000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:18.577017000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494058.577017000", - "frame.time_delta": "0.005249000", - "frame.time_delta_displayed": "0.005249000", - "frame.time_relative": "467.116331000", - "frame.number": "1852", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000eaa5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000cde3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47452", - "tcp.dstport": "80", - "tcp.port": "47452", - "tcp.port": "80", - "tcp.stream": "91", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000e0f6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:19.122537000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494059.122537000", - "frame.time_delta": "0.545520000", - "frame.time_delta_displayed": "0.545520000", - "frame.time_relative": "467.661851000", - "frame.number": "1853", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00009722", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000203f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "85", - "http.prev_response_in": "1840" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:19.174901000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494059.174901000", - "frame.time_delta": "0.052364000", - "frame.time_delta_displayed": "0.052364000", - "frame.time_relative": "467.714215000", - "frame.number": "1854", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00009725", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00002033", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "86", - "http.prev_response_in": "1853" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:19.206584000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494059.206584000", - "frame.time_delta": "0.031683000", - "frame.time_delta_displayed": "0.031683000", - "frame.time_relative": "467.745898000", - "frame.number": "1855", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x000001b7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b6be", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47453", - "tcp.dstport": "80", - "tcp.port": "47453", - "tcp.port": "80", - "tcp.stream": "92", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x0000ec4d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:0a:29:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 920105, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "920105", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:19.207150000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494059.207150000", - "frame.time_delta": "0.000566000", - "frame.time_delta_displayed": "0.000566000", - "frame.time_relative": "467.746464000", - "frame.number": "1856", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47453", - "tcp.port": "80", - "tcp.port": "47453", - "tcp.stream": "92", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00009e32", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "1855", - "tcp.analysis.ack_rtt": "0.000566000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:19.211697000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494059.211697000", - "frame.time_delta": "0.004547000", - "frame.time_delta_displayed": "0.004547000", - "frame.time_relative": "467.751011000", - "frame.number": "1857", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000001b8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b6d1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47453", - "tcp.dstport": "80", - "tcp.port": "47453", - "tcp.port": "80", - "tcp.stream": "92", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00004fba", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1856", - "tcp.analysis.ack_rtt": "0.004547000", - "tcp.analysis.initial_rtt": "0.005113000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:19.212842000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494059.212842000", - "frame.time_delta": "0.001145000", - "frame.time_delta_displayed": "0.001145000", - "frame.time_relative": "467.752156000", - "frame.number": "1858", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x000001b9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b610", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47453", - "tcp.dstport": "80", - "tcp.port": "47453", - "tcp.port": "80", - "tcp.stream": "92", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000af34", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005113000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:19.213328000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494059.213328000", - "frame.time_delta": "0.000486000", - "frame.time_delta_displayed": "0.000486000", - "frame.time_relative": "467.752642000", - "frame.number": "1859", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000035a2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000082e7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47453", - "tcp.port": "80", - "tcp.port": "47453", - "tcp.stream": "92", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00004189", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1858", - "tcp.analysis.ack_rtt": "0.000486000", - "tcp.analysis.initial_rtt": "0.005113000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:19.213972000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494059.213972000", - "frame.time_delta": "0.000644000", - "frame.time_delta_displayed": "0.000644000", - "frame.time_relative": "467.753286000", - "frame.number": "1860", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x000035a3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000082d5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47453", - "tcp.port": "80", - "tcp.port": "47453", - "tcp.stream": "92", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000081aa", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005113000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:19.214364000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494059.214364000", - "frame.time_delta": "0.000392000", - "frame.time_delta_displayed": "0.000392000", - "frame.time_relative": "467.753678000", - "frame.number": "1861", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x000035a4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007f02", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47453", - "tcp.port": "80", - "tcp.port": "47453", - "tcp.stream": "92", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000d413", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005113000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "1860", - "tcp.segment": "1861", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001522000", - "http.request_in": "1858", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:19.219150000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494059.219150000", - "frame.time_delta": "0.004786000", - "frame.time_delta_displayed": "0.004786000", - "frame.time_relative": "467.758464000", - "frame.number": "1862", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000001ba", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b6cf", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47453", - "tcp.dstport": "80", - "tcp.port": "47453", - "tcp.port": "80", - "tcp.stream": "92", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00004ee9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1860", - "tcp.analysis.ack_rtt": "0.005178000", - "tcp.analysis.initial_rtt": "0.005113000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:19.219582000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494059.219582000", - "frame.time_delta": "0.000432000", - "frame.time_delta_displayed": "0.000432000", - "frame.time_relative": "467.758896000", - "frame.number": "1863", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000001bb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b6ce", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47453", - "tcp.dstport": "80", - "tcp.port": "47453", - "tcp.port": "80", - "tcp.stream": "92", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00004afe", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1861", - "tcp.analysis.ack_rtt": "0.005218000", - "tcp.analysis.initial_rtt": "0.005113000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:19.223070000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494059.223070000", - "frame.time_delta": "0.003488000", - "frame.time_delta_displayed": "0.003488000", - "frame.time_relative": "467.762384000", - "frame.number": "1864", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000001bc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b6cd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47453", - "tcp.dstport": "80", - "tcp.port": "47453", - "tcp.port": "80", - "tcp.stream": "92", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00004afd", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:19.223539000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494059.223539000", - "frame.time_delta": "0.000469000", - "frame.time_delta_displayed": "0.000469000", - "frame.time_relative": "467.762853000", - "frame.number": "1865", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000daa6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000dde2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47453", - "tcp.port": "80", - "tcp.port": "47453", - "tcp.stream": "92", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00003d93", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1864", - "tcp.analysis.ack_rtt": "0.000469000", - "tcp.analysis.initial_rtt": "0.005113000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:19.227727000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494059.227727000", - "frame.time_delta": "0.004188000", - "frame.time_delta_displayed": "0.004188000", - "frame.time_relative": "467.767041000", - "frame.number": "1866", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00009728", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00002036", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "87", - "http.prev_response_in": "1854" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:19.228055000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494059.228055000", - "frame.time_delta": "0.000328000", - "frame.time_delta_displayed": "0.000328000", - "frame.time_relative": "467.767369000", - "frame.number": "1867", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000eaa7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000cde1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47453", - "tcp.dstport": "80", - "tcp.port": "47453", - "tcp.port": "80", - "tcp.stream": "92", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00005da4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:19.239648000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494059.239648000", - "frame.time_delta": "0.011593000", - "frame.time_delta_displayed": "0.011593000", - "frame.time_relative": "467.778962000", - "frame.number": "1868", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x000069ba", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004ebb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47454", - "tcp.dstport": "80", - "tcp.port": "47454", - "tcp.port": "80", - "tcp.stream": "93", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x0000f39a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:0a:2c:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 920108, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "920108", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:19.240284000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494059.240284000", - "frame.time_delta": "0.000636000", - "frame.time_delta_displayed": "0.000636000", - "frame.time_relative": "467.779598000", - "frame.number": "1869", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47454", - "tcp.port": "80", - "tcp.port": "47454", - "tcp.stream": "93", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000d717", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "1868", - "tcp.analysis.ack_rtt": "0.000636000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:19.244649000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494059.244649000", - "frame.time_delta": "0.004365000", - "frame.time_delta_displayed": "0.004365000", - "frame.time_relative": "467.783963000", - "frame.number": "1870", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000069bb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004ece", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47454", - "tcp.dstport": "80", - "tcp.port": "47454", - "tcp.port": "80", - "tcp.stream": "93", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000889f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1869", - "tcp.analysis.ack_rtt": "0.004365000", - "tcp.analysis.initial_rtt": "0.005001000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:19.245523000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494059.245523000", - "frame.time_delta": "0.000874000", - "frame.time_delta_displayed": "0.000874000", - "frame.time_relative": "467.784837000", - "frame.number": "1871", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x000069bc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004e0d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47454", - "tcp.dstport": "80", - "tcp.port": "47454", - "tcp.port": "80", - "tcp.stream": "93", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000e819", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005001000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:19.245995000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494059.245995000", - "frame.time_delta": "0.000472000", - "frame.time_delta_displayed": "0.000472000", - "frame.time_relative": "467.785309000", - "frame.number": "1872", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000b109", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000780", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47454", - "tcp.port": "80", - "tcp.port": "47454", - "tcp.stream": "93", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00007a6e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1871", - "tcp.analysis.ack_rtt": "0.000472000", - "tcp.analysis.initial_rtt": "0.005001000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:19.246637000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494059.246637000", - "frame.time_delta": "0.000642000", - "frame.time_delta_displayed": "0.000642000", - "frame.time_relative": "467.785951000", - "frame.number": "1873", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000b10a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000076e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47454", - "tcp.port": "80", - "tcp.port": "47454", - "tcp.stream": "93", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000ba8f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005001000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:19.246985000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494059.246985000", - "frame.time_delta": "0.000348000", - "frame.time_delta_displayed": "0.000348000", - "frame.time_relative": "467.786299000", - "frame.number": "1874", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000b10b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000039b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47454", - "tcp.port": "80", - "tcp.port": "47454", - "tcp.stream": "93", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00000cf9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005001000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "1873", - "tcp.segment": "1874", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001462000", - "http.request_in": "1871", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:19.251768000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494059.251768000", - "frame.time_delta": "0.004783000", - "frame.time_delta_displayed": "0.004783000", - "frame.time_relative": "467.791082000", - "frame.number": "1875", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000069bd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004ecc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47454", - "tcp.dstport": "80", - "tcp.port": "47454", - "tcp.port": "80", - "tcp.stream": "93", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000087ce", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1873", - "tcp.analysis.ack_rtt": "0.005131000", - "tcp.analysis.initial_rtt": "0.005001000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:19.460794000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494059.460794000", - "frame.time_delta": "0.209026000", - "frame.time_delta_displayed": "0.209026000", - "frame.time_relative": "468.000108000", - "frame.number": "1876", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000b10c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000039a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47454", - "tcp.port": "80", - "tcp.port": "47454", - "tcp.stream": "93", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00000cf9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005001000", - "tcp.analysis.bytes_in_flight": "996", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.retransmission": "", - "_ws.expert.message": "This frame is a (suspected) retransmission", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - }, - "tcp.analysis.rto": "0.213809000", - "tcp.analysis.rto_frame": "1874" - } - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:19.611669000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494059.611669000", - "frame.time_delta": "0.150875000", - "frame.time_delta_displayed": "0.150875000", - "frame.time_relative": "468.150983000", - "frame.number": "1877", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000069be", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004ecb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47454", - "tcp.dstport": "80", - "tcp.port": "47454", - "tcp.port": "80", - "tcp.stream": "93", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000083e3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1874", - "tcp.analysis.ack_rtt": "0.364684000", - "tcp.analysis.initial_rtt": "0.005001000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:19.611721000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494059.611721000", - "frame.time_delta": "0.000052000", - "frame.time_delta_displayed": "0.000052000", - "frame.time_relative": "468.151035000", - "frame.number": "1878", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x000069bf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004ebe", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47454", - "tcp.dstport": "80", - "tcp.port": "47454", - "tcp.port": "80", - "tcp.stream": "93", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00009260", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:05:0a:43:4f:98:74:43:4f:9c:58", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "SACK: 18-1014": { - "tcp.option_kind": "5", - "tcp.option_len": "10", - "tcp.options.sack": "1", - "tcp.options.sack_le": "18", - "tcp.options.sack_re": "1014", - "tcp.options.sack.count": "1" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005001000", - "tcp.analysis.flags": { - "tcp.analysis.duplicate_ack": "" - }, - "tcp.analysis.duplicate_ack_num": "1", - "tcp.analysis.duplicate_ack_frame": "1877", - "tcp.analysis.duplicate_ack_frame_tree": { - "_ws.expert": { - "tcp.analysis.duplicate_ack": "", - "_ws.expert.message": "Duplicate ACK (#1)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:19.612961000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494059.612961000", - "frame.time_delta": "0.001240000", - "frame.time_delta_displayed": "0.001240000", - "frame.time_relative": "468.152275000", - "frame.number": "1879", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000069c0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004ec9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47454", - "tcp.dstport": "80", - "tcp.port": "47454", - "tcp.port": "80", - "tcp.stream": "93", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000083e2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:19.613394000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494059.613394000", - "frame.time_delta": "0.000433000", - "frame.time_delta_displayed": "0.000433000", - "frame.time_relative": "468.152708000", - "frame.number": "1880", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000dacb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ddbd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47454", - "tcp.port": "80", - "tcp.port": "47454", - "tcp.stream": "93", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00007678", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1879", - "tcp.analysis.ack_rtt": "0.000433000", - "tcp.analysis.initial_rtt": "0.005001000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:19.617894000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494059.617894000", - "frame.time_delta": "0.004500000", - "frame.time_delta_displayed": "0.004500000", - "frame.time_relative": "468.157208000", - "frame.number": "1881", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000eacb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000cdbd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47454", - "tcp.dstport": "80", - "tcp.port": "47454", - "tcp.port": "80", - "tcp.stream": "93", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000064f4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:20.174241000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494060.174241000", - "frame.time_delta": "0.556347000", - "frame.time_delta_displayed": "0.556347000", - "frame.time_relative": "468.713555000", - "frame.number": "1882", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000973f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00002022", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "88", - "http.prev_response_in": "1866" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:20.227244000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494060.227244000", - "frame.time_delta": "0.053003000", - "frame.time_delta_displayed": "0.053003000", - "frame.time_relative": "468.766558000", - "frame.number": "1883", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00009744", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00002014", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "89", - "http.prev_response_in": "1882" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:20.280139000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494060.280139000", - "frame.time_delta": "0.052895000", - "frame.time_delta_displayed": "0.052895000", - "frame.time_relative": "468.819453000", - "frame.number": "1884", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00009746", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00002018", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "90", - "http.prev_response_in": "1883" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:20.368495000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494060.368495000", - "frame.time_delta": "0.088356000", - "frame.time_delta_displayed": "0.088356000", - "frame.time_relative": "468.907809000", - "frame.number": "1885", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x000045c5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000072b0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47455", - "tcp.dstport": "80", - "tcp.port": "47455", - "tcp.port": "80", - "tcp.stream": "94", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x0000b2e9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:0a:9a:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 920218, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "920218", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:20.369041000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494060.369041000", - "frame.time_delta": "0.000546000", - "frame.time_delta_displayed": "0.000546000", - "frame.time_relative": "468.908355000", - "frame.number": "1886", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47455", - "tcp.port": "80", - "tcp.port": "47455", - "tcp.stream": "94", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000554c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "1885", - "tcp.analysis.ack_rtt": "0.000546000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:20.373377000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494060.373377000", - "frame.time_delta": "0.004336000", - "frame.time_delta_displayed": "0.004336000", - "frame.time_relative": "468.912691000", - "frame.number": "1887", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000045c6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000072c3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47455", - "tcp.dstport": "80", - "tcp.port": "47455", - "tcp.port": "80", - "tcp.stream": "94", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000006d4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1886", - "tcp.analysis.ack_rtt": "0.004336000", - "tcp.analysis.initial_rtt": "0.004882000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:20.373508000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494060.373508000", - "frame.time_delta": "0.000131000", - "frame.time_delta_displayed": "0.000131000", - "frame.time_relative": "468.912822000", - "frame.number": "1888", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x000045c7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007202", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47455", - "tcp.dstport": "80", - "tcp.port": "47455", - "tcp.port": "80", - "tcp.stream": "94", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000664e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004882000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:20.373915000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494060.373915000", - "frame.time_delta": "0.000407000", - "frame.time_delta_displayed": "0.000407000", - "frame.time_relative": "468.913229000", - "frame.number": "1889", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000abbd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000ccc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47455", - "tcp.port": "80", - "tcp.port": "47455", - "tcp.stream": "94", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000f8a2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1888", - "tcp.analysis.ack_rtt": "0.000407000", - "tcp.analysis.initial_rtt": "0.004882000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:20.374712000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494060.374712000", - "frame.time_delta": "0.000797000", - "frame.time_delta_displayed": "0.000797000", - "frame.time_relative": "468.914026000", - "frame.number": "1890", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000abbe", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000cba", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47455", - "tcp.port": "80", - "tcp.port": "47455", - "tcp.stream": "94", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000038c4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004882000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:20.375066000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494060.375066000", - "frame.time_delta": "0.000354000", - "frame.time_delta_displayed": "0.000354000", - "frame.time_relative": "468.914380000", - "frame.number": "1891", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000abbf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000008e7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47455", - "tcp.port": "80", - "tcp.port": "47455", - "tcp.stream": "94", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00008b2d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004882000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "1890", - "tcp.segment": "1891", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001558000", - "http.request_in": "1888", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:20.378342000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494060.378342000", - "frame.time_delta": "0.003276000", - "frame.time_delta_displayed": "0.003276000", - "frame.time_relative": "468.917656000", - "frame.number": "1892", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000045c8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000072c1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47455", - "tcp.dstport": "80", - "tcp.port": "47455", - "tcp.port": "80", - "tcp.stream": "94", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00000603", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1890", - "tcp.analysis.ack_rtt": "0.003630000", - "tcp.analysis.initial_rtt": "0.004882000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:20.379645000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494060.379645000", - "frame.time_delta": "0.001303000", - "frame.time_delta_displayed": "0.001303000", - "frame.time_relative": "468.918959000", - "frame.number": "1893", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000045c9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000072c0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47455", - "tcp.dstport": "80", - "tcp.port": "47455", - "tcp.port": "80", - "tcp.stream": "94", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00000218", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1891", - "tcp.analysis.ack_rtt": "0.004579000", - "tcp.analysis.initial_rtt": "0.004882000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:20.383999000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494060.383999000", - "frame.time_delta": "0.004354000", - "frame.time_delta_displayed": "0.004354000", - "frame.time_relative": "468.923313000", - "frame.number": "1894", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000045ca", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000072bf", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47455", - "tcp.dstport": "80", - "tcp.port": "47455", - "tcp.port": "80", - "tcp.stream": "94", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00000217", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:20.384426000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494060.384426000", - "frame.time_delta": "0.000427000", - "frame.time_delta_displayed": "0.000427000", - "frame.time_relative": "468.923740000", - "frame.number": "1895", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000daf0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000dd98", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47455", - "tcp.port": "80", - "tcp.port": "47455", - "tcp.stream": "94", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000f4ac", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1894", - "tcp.analysis.ack_rtt": "0.000427000", - "tcp.analysis.initial_rtt": "0.004882000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:20.387964000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494060.387964000", - "frame.time_delta": "0.003538000", - "frame.time_delta_displayed": "0.003538000", - "frame.time_relative": "468.927278000", - "frame.number": "1896", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000eafb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000cd8d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47455", - "tcp.dstport": "80", - "tcp.port": "47455", - "tcp.port": "80", - "tcp.stream": "94", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000024b1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:23.708322000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494063.708322000", - "frame.time_delta": "3.320358000", - "frame.time_delta_displayed": "3.320358000", - "frame.time_relative": "472.247636000", - "frame.number": "1897", - "frame.len": "115", - "frame.cap_len": "115", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "101", - "ip.id": "0x0000951a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007834", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "49", - "tcp.seq": "8590", - "tcp.nxtseq": "8639", - "tcp.ack": "1331", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00002b4d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:69:65:a7:9c:aa:35", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2451813, TSecr 2812062261": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2451813", - "tcp.options.timestamp.tsecr": "2812062261" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "49", - "tcp.analysis.push_bytes_sent": "49" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "44", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:b3:10:88:5c:74:5d:93:87:81:db:4e:86:a8:3d:a4:75:57:6e:80:db:16:00:cc:f5:37:ba:a4:b8:e5:ac:35:4d:34:9f:8a:ec:6d" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:23.769079000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494063.769079000", - "frame.time_delta": "0.060757000", - "frame.time_delta_displayed": "0.060757000", - "frame.time_relative": "472.308393000", - "frame.number": "1898", - "frame.len": "121", - "frame.cap_len": "121", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "107", - "ip.id": "0x00002c0e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000393a", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "55", - "tcp.seq": "1331", - "tcp.nxtseq": "1386", - "tcp.ack": "8639", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000014e9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9c:c8:92:00:25:69:65", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812070034, TSecr 2451813": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812070034", - "tcp.options.timestamp.tsecr": "2451813" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "1897", - "tcp.analysis.ack_rtt": "0.060757000", - "tcp.analysis.bytes_in_flight": "55", - "tcp.analysis.push_bytes_sent": "55" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "50", - "ssl.app_data": "34:cd:34:17:47:48:0e:41:63:39:6b:ad:f9:0b:7f:29:ca:1e:5d:66:e4:dd:89:f4:cc:fd:6b:0f:42:b0:d4:32:6c:48:f0:f6:2e:3f:b5:0f:95:8c:42:08:71:ce:a8:de:5d:4c" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:23.769517000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494063.769517000", - "frame.time_delta": "0.000438000", - "frame.time_delta_displayed": "0.000438000", - "frame.time_relative": "472.308831000", - "frame.number": "1899", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000951b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007864", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "8639", - "tcp.ack": "1386", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00004e7a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:69:6b:a7:9c:c8:92", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2451819, TSecr 2812070034": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2451819", - "tcp.options.timestamp.tsecr": "2812070034" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "1898", - "tcp.analysis.ack_rtt": "0.000438000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:28.852524000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494068.852524000", - "frame.time_delta": "5.083007000", - "frame.time_delta_displayed": "5.083007000", - "frame.time_relative": "477.391838000", - "frame.number": "1900", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "3c:ef:8c:6f:79:5a", - "eth.src_tree": { - "eth.src_resolved": "Zhejiang_6f:79:5a", - "eth.addr": "3c:ef:8c:6f:79:5a", - "eth.addr_resolved": "Zhejiang_6f:79:5a", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.isgratuitous": "1", - "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", - "arp.src.proto_ipv4": "192.168.0.71", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.71" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:29.562019000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494069.562019000", - "frame.time_delta": "0.709495000", - "frame.time_delta_displayed": "0.709495000", - "frame.time_relative": "478.101333000", - "frame.number": "1901", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "3c:ef:8c:6f:79:5a", - "eth.src_tree": { - "eth.src_resolved": "Zhejiang_6f:79:5a", - "eth.addr": "3c:ef:8c:6f:79:5a", - "eth.addr_resolved": "Zhejiang_6f:79:5a", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.isgratuitous": "1", - "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", - "arp.src.proto_ipv4": "192.168.0.71", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.71" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:30.805566000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494070.805566000", - "frame.time_delta": "1.243547000", - "frame.time_delta_displayed": "1.243547000", - "frame.time_relative": "479.344880000", - "frame.number": "1902", - "frame.len": "418", - "frame.cap_len": "418", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "404", - "ip.id": "0x0000951c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007703", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "352", - "tcp.seq": "8639", - "tcp.nxtseq": "8991", - "tcp.ack": "1386", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000087da", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:6c:2b:a7:9c:c8:92", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2452523, TSecr 2812070034": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2452523", - "tcp.options.timestamp.tsecr": "2812070034" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "352", - "tcp.analysis.push_bytes_sent": "352" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "347", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:b4:1a:27:9e:f1:dc:4d:f3:1f:19:39:15:cf:be:64:a1:86:29:b1:9f:6f:f0:46:03:92:03:33:33:18:cb:7f:2a:7b:5d:ce:cd:79:43:03:2e:43:a2:79:59:9a:15:58:9c:44:9d:4c:fc:43:94:4a:c4:63:99:70:2f:67:36:1a:49:8f:77:0e:13:59:fd:30:b5:3c:d7:57:cd:7d:e1:0d:b8:18:40:72:c4:2e:c1:d9:df:6a:8e:71:ef:98:b3:ae:d9:cf:ba:0b:48:61:1d:67:ec:a9:36:ac:f8:52:4b:a9:d6:c6:1e:31:5e:b3:c6:34:d9:a7:37:72:58:f1:46:57:26:4d:37:75:a6:57:97:96:41:ef:56:b2:ab:95:74:2f:c5:e5:8d:c3:6e:2a:7f:c1:e4:48:65:39:ba:3e:aa:43:0c:1b:67:f8:7e:b6:bf:73:f3:10:0a:d0:81:6f:6c:0f:e6:be:b4:a6:8a:9c:1e:3d:a1:41:52:44:89:6c:57:79:5c:8e:ec:7d:01:b0:19:28:1f:be:e2:eb:06:ef:90:6b:58:cd:f1:dc:0a:26:f4:3a:e7:3e:d7:e4:ce:93:bb:cc:91:f7:cf:83:63:ff:f0:47:3a:9d:c2:d3:0e:5d:bd:59:f3:2e:b9:dd:29:b2:86:e5:b6:8f:3b:89:8d:6c:fb:26:b3:a7:24:6f:35:2f:49:1e:a5:d9:1c:11:c8:49:75:bc:0c:32:ee:2f:cc:25:3e:39:b0:39:60:a9:9c:5d:33:7f:31:d1:4c:20:60:73:b5:20:f4:14:b7:83:76:44:6d:31:a3:74:7b:52:89:ee:2e:c8:d3:a3:1a:5f:a9:a8:e2:3d:55:40:4b:89:a8:5f:17:94:80:d2:72:f1:d6:4d:4c:4f:72:4f:2e:8c:aa" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:30.866667000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494070.866667000", - "frame.time_delta": "0.061101000", - "frame.time_delta_displayed": "0.061101000", - "frame.time_relative": "479.405981000", - "frame.number": "1903", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002c0f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003941", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "1386", - "tcp.nxtseq": "1433", - "tcp.ack": "8991", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000d8fe", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9c:cf:81:00:25:6c:2b", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812071809, TSecr 2452523": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812071809", - "tcp.options.timestamp.tsecr": "2452523" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "1902", - "tcp.analysis.ack_rtt": "0.061101000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:42:a8:3c:d2:a6:96:35:20:59:9d:e0:55:ea:ae:17:1c:49:6b:21:13:25:6d:d1:7e:59:fd:78:19:ac:fb:3d:cf:f5:26:50" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:30.867104000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494070.867104000", - "frame.time_delta": "0.000437000", - "frame.time_delta_displayed": "0.000437000", - "frame.time_relative": "479.406418000", - "frame.number": "1904", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000951d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007862", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "8991", - "tcp.ack": "1433", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00004336", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:6c:31:a7:9c:cf:81", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2452529, TSecr 2812071809": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2452529", - "tcp.options.timestamp.tsecr": "2812071809" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "1903", - "tcp.analysis.ack_rtt": "0.000437000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:34.420661000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494074.420661000", - "frame.time_delta": "3.553557000", - "frame.time_delta_displayed": "3.553557000", - "frame.time_relative": "482.959975000", - "frame.number": "1905", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000057e2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a6af", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "161", - "tcp.ack": "145", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000058f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive": "", - "_ws.expert.message": "TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:34.563675000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494074.563675000", - "frame.time_delta": "0.143014000", - "frame.time_delta_displayed": "0.143014000", - "frame.time_relative": "483.102989000", - "frame.number": "1906", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000fd3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fdbe", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "145", - "tcp.ack": "162", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00001004", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive_ack": "", - "_ws.expert.message": "ACK to a TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:34.972746000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494074.972746000", - "frame.time_delta": "0.409071000", - "frame.time_delta_displayed": "0.409071000", - "frame.time_relative": "483.512060000", - "frame.number": "1907", - "frame.len": "103", - "frame.cap_len": "103", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "89", - "ip.id": "0x000006f2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000d2a7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "69", - "udp.checksum": "0x00000f59", - "udp.checksum.status": "2", - "udp.stream": "38" - }, - "mdns": { - "dns.id": "0x00000003", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_FFACD959._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_FFACD959._sub._googlecast._tcp.local", - "dns.qry.name.len": "37", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:35.573331000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494075.573331000", - "frame.time_delta": "0.600585000", - "frame.time_delta_displayed": "0.600585000", - "frame.time_relative": "484.112645000", - "frame.number": "1908", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d55", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000ba9b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00000a9a", - "udp.checksum.status": "2", - "udp.stream": "16" - }, - "mdns": { - "dns.id": "0x00000269", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=617", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:35.576023000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494075.576023000", - "frame.time_delta": "0.002692000", - "frame.time_delta_displayed": "0.002692000", - "frame.time_relative": "484.115337000", - "frame.number": "1909", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d56", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009b96", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000eb95", - "udp.checksum.status": "2", - "udp.stream": "17" - }, - "mdns": { - "dns.id": "0x00000269", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=617", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:35.576478000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494075.576478000", - "frame.time_delta": "0.000455000", - "frame.time_delta_displayed": "0.000455000", - "frame.time_relative": "484.115792000", - "frame.number": "1910", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1319", - "udp.dstport": "5353", - "udp.port": "1319", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000795b", - "udp.checksum.status": "2", - "udp.stream": "18" - }, - "mdns": { - "dns.id": "0x00000269", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=617", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:36.174789000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494076.174789000", - "frame.time_delta": "0.598311000", - "frame.time_delta_displayed": "0.598311000", - "frame.time_relative": "484.714103000", - "frame.number": "1911", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005ba4", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x00005c45", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:40.574155000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494080.574155000", - "frame.time_delta": "4.399366000", - "frame.time_delta_displayed": "4.399366000", - "frame.time_relative": "489.113469000", - "frame.number": "1912", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d57", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000ba99", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00000a9a", - "udp.checksum.status": "2", - "udp.stream": "16" - }, - "mdns": { - "dns.id": "0x00000269", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=617", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:40.574673000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494080.574673000", - "frame.time_delta": "0.000518000", - "frame.time_delta_displayed": "0.000518000", - "frame.time_relative": "489.113987000", - "frame.number": "1913", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d58", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009b94", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000eb95", - "udp.checksum.status": "2", - "udp.stream": "17" - }, - "mdns": { - "dns.id": "0x00000269", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=617", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:40.574967000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494080.574967000", - "frame.time_delta": "0.000294000", - "frame.time_delta_displayed": "0.000294000", - "frame.time_relative": "489.114281000", - "frame.number": "1914", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1319", - "udp.dstport": "5353", - "udp.port": "1319", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000795b", - "udp.checksum.status": "2", - "udp.stream": "18" - }, - "mdns": { - "dns.id": "0x00000269", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=617", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:41.430208000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494081.430208000", - "frame.time_delta": "0.855241000", - "frame.time_delta_displayed": "0.855241000", - "frame.time_relative": "489.969522000", - "frame.number": "1915", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "60:f1:89:96:45:f6", - "arp.src.proto_ipv4": "192.168.0.86", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:41.454567000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494081.454567000", - "frame.time_delta": "0.024359000", - "frame.time_delta_displayed": "0.024359000", - "frame.time_relative": "489.993881000", - "frame.number": "1916", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "60:f1:89:96:45:f6", - "arp.src.proto_ipv4": "192.168.0.86", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:45.574652000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494085.574652000", - "frame.time_delta": "4.120085000", - "frame.time_delta_displayed": "4.120085000", - "frame.time_relative": "494.113966000", - "frame.number": "1917", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d59", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000ba97", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00000a9a", - "udp.checksum.status": "2", - "udp.stream": "16" - }, - "mdns": { - "dns.id": "0x00000269", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=617", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:45.575411000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494085.575411000", - "frame.time_delta": "0.000759000", - "frame.time_delta_displayed": "0.000759000", - "frame.time_relative": "494.114725000", - "frame.number": "1918", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d5a", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009b92", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000eb95", - "udp.checksum.status": "2", - "udp.stream": "17" - }, - "mdns": { - "dns.id": "0x00000269", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=617", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:45.575795000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494085.575795000", - "frame.time_delta": "0.000384000", - "frame.time_delta_displayed": "0.000384000", - "frame.time_relative": "494.115109000", - "frame.number": "1919", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1319", - "udp.dstport": "5353", - "udp.port": "1319", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000795b", - "udp.checksum.status": "2", - "udp.stream": "18" - }, - "mdns": { - "dns.id": "0x00000269", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=617", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:52.307571000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494092.307571000", - "frame.time_delta": "6.731776000", - "frame.time_delta_displayed": "6.731776000", - "frame.time_relative": "500.846885000", - "frame.number": "1920", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "60:57:18:8e:aa:94", - "arp.src.proto_ipv4": "192.168.0.108", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:54.088494000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494094.088494000", - "frame.time_delta": "1.780923000", - "frame.time_delta_displayed": "1.780923000", - "frame.time_relative": "502.627808000", - "frame.number": "1921", - "frame.len": "145", - "frame.cap_len": "145", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "131", - "ip.id": "0x0000951e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007812", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "79", - "tcp.seq": "8991", - "tcp.nxtseq": "9070", - "tcp.ack": "1433", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00006dbd", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:75:44:a7:9c:cf:81", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2454852, TSecr 2812071809": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2454852", - "tcp.options.timestamp.tsecr": "2812071809" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "79", - "tcp.analysis.push_bytes_sent": "79" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "74", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:b5:8e:33:62:a0:f3:ad:b0:1c:f5:d9:63:a1:47:c5:5b:2a:95:18:5d:ea:33:d9:9b:cc:e5:64:7d:17:fa:50:c6:68:96:31:a5:5f:db:46:ef:50:f3:a9:cb:b0:73:3d:f1:45:4c:0a:85:be:a7:c7:9f:98:e5:7e:88:f4:f8:f9:4a:74:82:fc" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:54.149521000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494094.149521000", - "frame.time_delta": "0.061027000", - "frame.time_delta_displayed": "0.061027000", - "frame.time_relative": "502.688835000", - "frame.number": "1922", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002c10", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003940", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "1433", - "tcp.nxtseq": "1480", - "tcp.ack": "9070", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00004f48", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9c:e6:3d:00:25:75:44", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812077629, TSecr 2454852": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812077629", - "tcp.options.timestamp.tsecr": "2454852" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "1921", - "tcp.analysis.ack_rtt": "0.061027000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:43:d0:b8:05:8c:ac:28:26:7c:41:b3:1e:8b:4d:73:6f:c3:73:2a:9b:4f:dc:c3:d1:60:36:6f:b3:32:26:22:47:ac:eb:b2" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:54.150016000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494094.150016000", - "frame.time_delta": "0.000495000", - "frame.time_delta_displayed": "0.000495000", - "frame.time_relative": "502.689330000", - "frame.number": "1923", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000951f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007860", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "9070", - "tcp.ack": "1480", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000022e3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:75:4a:a7:9c:e6:3d", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2454858, TSecr 2812077629": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2454858", - "tcp.options.timestamp.tsecr": "2812077629" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "1922", - "tcp.analysis.ack_rtt": "0.000495000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:54.986002000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494094.986002000", - "frame.time_delta": "0.835986000", - "frame.time_delta_displayed": "0.835986000", - "frame.time_relative": "503.525316000", - "frame.number": "1924", - "frame.len": "103", - "frame.cap_len": "103", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "89", - "ip.id": "0x00000a07", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000cf92", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "69", - "udp.checksum": "0x00000f59", - "udp.checksum.status": "2", - "udp.stream": "38" - }, - "mdns": { - "dns.id": "0x00000003", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_FFACD959._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_FFACD959._sub._googlecast._tcp.local", - "dns.qry.name.len": "37", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:55.213103000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494095.213103000", - "frame.time_delta": "0.227101000", - "frame.time_delta_displayed": "0.227101000", - "frame.time_relative": "503.752417000", - "frame.number": "1925", - "frame.len": "90", - "frame.cap_len": "90", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "76", - "ip.id": "0x00000aa5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ee13", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "56", - "udp.checksum": "0x0000a611", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "30:00:00:54:42:52:4b:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:00:04:f5:8b:96:e1:cc:f2:14:21:00:00:00:01:00:00:00:01:00:00:00:06:00:00:00", - "data.len": "48" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:59.150232000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494099.150232000", - "frame.time_delta": "3.937129000", - "frame.time_delta_displayed": "3.937129000", - "frame.time_relative": "507.689546000", - "frame.number": "1926", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.242" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:54:59.150664000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494099.150664000", - "frame.time_delta": "0.000432000", - "frame.time_delta_displayed": "0.000432000", - "frame.time_relative": "507.689978000", - "frame.number": "1927", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "d0:52:a8:a3:60:0f", - "arp.src.proto_ipv4": "192.168.0.242", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:04.560628000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494104.560628000", - "frame.time_delta": "5.409964000", - "frame.time_delta_displayed": "5.409964000", - "frame.time_relative": "513.099942000", - "frame.number": "1928", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000057e3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a6ae", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "161", - "tcp.ack": "145", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000058f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive": "", - "_ws.expert.message": "TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:04.703654000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494104.703654000", - "frame.time_delta": "0.143026000", - "frame.time_delta_displayed": "0.143026000", - "frame.time_relative": "513.242968000", - "frame.number": "1929", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000fd4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fdbd", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "145", - "tcp.ack": "162", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00001004", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive_ack": "", - "_ws.expert.message": "ACK to a TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:06.176984000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494106.176984000", - "frame.time_delta": "1.473330000", - "frame.time_delta_displayed": "1.473330000", - "frame.time_relative": "514.716298000", - "frame.number": "1930", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005bab", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x00005c3e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:09.570563000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494109.570563000", - "frame.time_delta": "3.393579000", - "frame.time_delta_displayed": "3.393579000", - "frame.time_relative": "518.109877000", - "frame.number": "1931", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "00:17:88:69:ee:e4", - "arp.src.proto_ipv4": "192.168.0.160", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:09.570745000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494109.570745000", - "frame.time_delta": "0.000182000", - "frame.time_delta_displayed": "0.000182000", - "frame.time_relative": "518.110059000", - "frame.number": "1932", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:17:88:69:ee:e4", - "arp.dst.proto_ipv4": "192.168.0.160" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:09.870662000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494109.870662000", - "frame.time_delta": "0.299917000", - "frame.time_delta_displayed": "0.299917000", - "frame.time_relative": "518.409976000", - "frame.number": "1933", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x00007f7a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000049dd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:09.891649000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494109.891649000", - "frame.time_delta": "0.020987000", - "frame.time_delta_displayed": "0.020987000", - "frame.time_relative": "518.430963000", - "frame.number": "1934", - "frame.len": "213", - "frame.cap_len": "213", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "199", - "ip.id": "0x00009520", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000077cc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "147", - "tcp.seq": "9070", - "tcp.nxtseq": "9217", - "tcp.ack": "1480", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000cd8b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:7b:70:a7:9c:e6:3d", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2456432, TSecr 2812077629": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2456432", - "tcp.options.timestamp.tsecr": "2812077629" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "147", - "tcp.analysis.push_bytes_sent": "147" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "142", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:b6:86:b2:3d:9f:50:cf:29:b9:fd:37:87:89:cc:f6:10:d4:2c:94:e1:06:c6:97:81:34:83:2b:a7:f1:40:2c:46:72:ba:ca:3a:75:ac:a6:cc:c1:a7:ff:7d:cd:4a:47:e6:54:4b:aa:3f:c5:0a:57:7d:d6:9e:ff:0d:8c:83:76:f0:c9:e0:11:ab:03:37:27:79:bb:20:6a:0e:23:48:2d:70:bc:6a:9f:49:a6:23:4e:b0:7a:2f:22:0d:08:29:04:79:1b:e4:18:dd:8d:38:e6:43:39:70:9b:b6:8a:41:4f:7f:2e:18:2c:24:34:f6:ea:48:f6:c0:50:bc:83:68:86:23:b7:da:6b:d9:29:ec:14" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:09.899927000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494109.899927000", - "frame.time_delta": "0.008278000", - "frame.time_delta_displayed": "0.008278000", - "frame.time_relative": "518.439241000", - "frame.number": "1935", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x0000b098", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000007dd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47459", - "tcp.dstport": "80", - "tcp.port": "47459", - "tcp.port": "80", - "tcp.stream": "95", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x000075a0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:1d:f6:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 925174, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "925174", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:09.900476000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494109.900476000", - "frame.time_delta": "0.000549000", - "frame.time_delta_displayed": "0.000549000", - "frame.time_relative": "518.439790000", - "frame.number": "1936", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47459", - "tcp.port": "80", - "tcp.port": "47459", - "tcp.stream": "95", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00002a47", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "1935", - "tcp.analysis.ack_rtt": "0.000549000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:09.905435000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494109.905435000", - "frame.time_delta": "0.004959000", - "frame.time_delta_displayed": "0.004959000", - "frame.time_relative": "518.444749000", - "frame.number": "1937", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000b099", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000007f0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47459", - "tcp.dstport": "80", - "tcp.port": "47459", - "tcp.port": "80", - "tcp.stream": "95", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000dbce", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1936", - "tcp.analysis.ack_rtt": "0.004959000", - "tcp.analysis.initial_rtt": "0.005508000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:09.906178000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494109.906178000", - "frame.time_delta": "0.000743000", - "frame.time_delta_displayed": "0.000743000", - "frame.time_relative": "518.445492000", - "frame.number": "1938", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x0000b09a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000072f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47459", - "tcp.dstport": "80", - "tcp.port": "47459", - "tcp.port": "80", - "tcp.stream": "95", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00003b49", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005508000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:09.906656000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494109.906656000", - "frame.time_delta": "0.000478000", - "frame.time_delta_displayed": "0.000478000", - "frame.time_relative": "518.445970000", - "frame.number": "1939", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000093ab", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000024de", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47459", - "tcp.port": "80", - "tcp.port": "47459", - "tcp.stream": "95", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000cd9d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1938", - "tcp.analysis.ack_rtt": "0.000478000", - "tcp.analysis.initial_rtt": "0.005508000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:09.907300000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494109.907300000", - "frame.time_delta": "0.000644000", - "frame.time_delta_displayed": "0.000644000", - "frame.time_relative": "518.446614000", - "frame.number": "1940", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x000093ac", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000024cc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47459", - "tcp.port": "80", - "tcp.port": "47459", - "tcp.stream": "95", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00000dbf", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005508000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:09.907705000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494109.907705000", - "frame.time_delta": "0.000405000", - "frame.time_delta_displayed": "0.000405000", - "frame.time_relative": "518.447019000", - "frame.number": "1941", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x000093ad", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000020f9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47459", - "tcp.port": "80", - "tcp.port": "47459", - "tcp.stream": "95", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00006028", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005508000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "1940", - "tcp.segment": "1941", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001527000", - "http.request_in": "1938", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:09.913508000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494109.913508000", - "frame.time_delta": "0.005803000", - "frame.time_delta_displayed": "0.005803000", - "frame.time_relative": "518.452822000", - "frame.number": "1942", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000b09b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000007ee", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47459", - "tcp.dstport": "80", - "tcp.port": "47459", - "tcp.port": "80", - "tcp.stream": "95", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000dafd", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1940", - "tcp.analysis.ack_rtt": "0.006208000", - "tcp.analysis.initial_rtt": "0.005508000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:09.923956000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494109.923956000", - "frame.time_delta": "0.010448000", - "frame.time_delta_displayed": "0.010448000", - "frame.time_relative": "518.463270000", - "frame.number": "1943", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x00007f7e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000049d9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:09.976896000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494109.976896000", - "frame.time_delta": "0.052940000", - "frame.time_delta_displayed": "0.052940000", - "frame.time_relative": "518.516210000", - "frame.number": "1944", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x00007f80", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000049ce", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:09.990271000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494109.990271000", - "frame.time_delta": "0.013375000", - "frame.time_delta_displayed": "0.013375000", - "frame.time_relative": "518.529585000", - "frame.number": "1945", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c11", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000396e", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "1480", - "tcp.ack": "9217", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00000da0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9c:f5:b6:00:25:7b:70", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812081590, TSecr 2456432": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812081590", - "tcp.options.timestamp.tsecr": "2456432" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "1934", - "tcp.analysis.ack_rtt": "0.098622000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:10.000565000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494110.000565000", - "frame.time_delta": "0.010294000", - "frame.time_delta_displayed": "0.010294000", - "frame.time_relative": "518.539879000", - "frame.number": "1946", - "frame.len": "196", - "frame.cap_len": "196", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "182", - "ip.id": "0x00009521", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000077dc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "130", - "tcp.seq": "9217", - "tcp.nxtseq": "9347", - "tcp.ack": "1480", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f095", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:7b:7b:a7:9c:f5:b6", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2456443, TSecr 2812081590": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2456443", - "tcp.options.timestamp.tsecr": "2812081590" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "130", - "tcp.analysis.push_bytes_sent": "130" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "125", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:b7:51:20:c9:f4:cf:a2:ec:9a:ca:ce:f3:ea:e7:30:e5:b8:c3:74:5c:3a:94:1b:f0:e2:7a:eb:a0:79:d5:84:7f:b2:25:d4:27:6f:17:87:eb:41:21:01:78:3e:f0:9c:1b:34:49:cf:06:f3:3b:0e:92:14:29:cc:a3:7b:fc:48:6c:e1:8a:72:17:13:e5:a4:98:b2:20:19:ec:17:08:1c:29:b0:32:75:49:31:57:1e:70:ea:7d:c6:26:26:38:8c:ac:27:59:d2:d4:54:dc:02:6c:df:9a:8d:ff:77:37:31:7c:72:95:37:b8:47:68" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:10.029745000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494110.029745000", - "frame.time_delta": "0.029180000", - "frame.time_delta_displayed": "0.029180000", - "frame.time_relative": "518.569059000", - "frame.number": "1947", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x00007f83", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000049cb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:10.060789000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494110.060789000", - "frame.time_delta": "0.031044000", - "frame.time_delta_displayed": "0.031044000", - "frame.time_relative": "518.600103000", - "frame.number": "1948", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c12", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000396d", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "1480", - "tcp.ack": "9347", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00000d02", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9c:f5:c7:00:25:7b:7b", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812081607, TSecr 2456443": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812081607", - "tcp.options.timestamp.tsecr": "2456443" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "1946", - "tcp.analysis.ack_rtt": "0.060224000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:10.082579000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494110.082579000", - "frame.time_delta": "0.021790000", - "frame.time_delta_displayed": "0.021790000", - "frame.time_relative": "518.621893000", - "frame.number": "1949", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x00007f88", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000049cc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:10.100474000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494110.100474000", - "frame.time_delta": "0.017895000", - "frame.time_delta_displayed": "0.017895000", - "frame.time_relative": "518.639788000", - "frame.number": "1950", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000b09c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000007ed", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47459", - "tcp.dstport": "80", - "tcp.port": "47459", - "tcp.port": "80", - "tcp.stream": "95", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000d712", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1941", - "tcp.analysis.ack_rtt": "0.192769000", - "tcp.analysis.initial_rtt": "0.005508000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:10.100526000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494110.100526000", - "frame.time_delta": "0.000052000", - "frame.time_delta_displayed": "0.000052000", - "frame.time_relative": "518.639840000", - "frame.number": "1951", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000b09d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000007ec", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47459", - "tcp.dstport": "80", - "tcp.port": "47459", - "tcp.port": "80", - "tcp.stream": "95", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000d711", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:10.101063000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494110.101063000", - "frame.time_delta": "0.000537000", - "frame.time_delta_displayed": "0.000537000", - "frame.time_relative": "518.640377000", - "frame.number": "1952", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e0b5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d7d3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47459", - "tcp.port": "80", - "tcp.port": "47459", - "tcp.stream": "95", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000c9a7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1951", - "tcp.analysis.ack_rtt": "0.000537000", - "tcp.analysis.initial_rtt": "0.005508000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:10.101278000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494110.101278000", - "frame.time_delta": "0.000215000", - "frame.time_delta_displayed": "0.000215000", - "frame.time_relative": "518.640592000", - "frame.number": "1953", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x000011e8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a68d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47460", - "tcp.dstport": "80", - "tcp.port": "47460", - "tcp.port": "80", - "tcp.stream": "96", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x00001a18", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:1e:0a:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 925194, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "925194", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:10.101745000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494110.101745000", - "frame.time_delta": "0.000467000", - "frame.time_delta_displayed": "0.000467000", - "frame.time_relative": "518.641059000", - "frame.number": "1954", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47460", - "tcp.port": "80", - "tcp.port": "47460", - "tcp.stream": "96", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000803d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "1953", - "tcp.analysis.ack_rtt": "0.000467000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:10.106948000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494110.106948000", - "frame.time_delta": "0.005203000", - "frame.time_delta_displayed": "0.005203000", - "frame.time_relative": "518.646262000", - "frame.number": "1955", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000f019", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000c86f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47459", - "tcp.dstport": "80", - "tcp.port": "47459", - "tcp.port": "80", - "tcp.stream": "95", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000fac3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:10.107457000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494110.107457000", - "frame.time_delta": "0.000509000", - "frame.time_delta_displayed": "0.000509000", - "frame.time_relative": "518.646771000", - "frame.number": "1956", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000011e9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a6a0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47460", - "tcp.dstport": "80", - "tcp.port": "47460", - "tcp.port": "80", - "tcp.stream": "96", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000031c5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1954", - "tcp.analysis.ack_rtt": "0.005712000", - "tcp.analysis.initial_rtt": "0.006179000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:10.108493000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494110.108493000", - "frame.time_delta": "0.001036000", - "frame.time_delta_displayed": "0.001036000", - "frame.time_relative": "518.647807000", - "frame.number": "1957", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x000011ea", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a5df", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47460", - "tcp.dstport": "80", - "tcp.port": "47460", - "tcp.port": "80", - "tcp.stream": "96", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000913f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.006179000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:10.109207000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494110.109207000", - "frame.time_delta": "0.000714000", - "frame.time_delta_displayed": "0.000714000", - "frame.time_relative": "518.648521000", - "frame.number": "1958", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000023d2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000094b7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47460", - "tcp.port": "80", - "tcp.port": "47460", - "tcp.stream": "96", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00002394", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1957", - "tcp.analysis.ack_rtt": "0.000714000", - "tcp.analysis.initial_rtt": "0.006179000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:10.109853000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494110.109853000", - "frame.time_delta": "0.000646000", - "frame.time_delta_displayed": "0.000646000", - "frame.time_relative": "518.649167000", - "frame.number": "1959", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x000023d3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000094a5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47460", - "tcp.port": "80", - "tcp.port": "47460", - "tcp.stream": "96", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000063b5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.006179000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:10.110264000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494110.110264000", - "frame.time_delta": "0.000411000", - "frame.time_delta_displayed": "0.000411000", - "frame.time_relative": "518.649578000", - "frame.number": "1960", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x000023d4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000090d2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47460", - "tcp.port": "80", - "tcp.port": "47460", - "tcp.stream": "96", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000b61e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.006179000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "1959", - "tcp.segment": "1960", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001771000", - "http.request_in": "1957", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:10.110705000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494110.110705000", - "frame.time_delta": "0.000441000", - "frame.time_delta_displayed": "0.000441000", - "frame.time_relative": "518.650019000", - "frame.number": "1961", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x000023d5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000090d1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47460", - "tcp.port": "80", - "tcp.port": "47460", - "tcp.stream": "96", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000b61e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.006179000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.out_of_order": "", - "_ws.expert.message": "This frame is a (suspected) out-of-order segment", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - } - } - }, - "_ws.malformed": { - "_ws.expert": { - "_ws.malformed.reassembly": "", - "_ws.expert.message": "New fragment overlaps old data (retransmission?)", - "_ws.expert.severity": "8388608", - "_ws.expert.group": "117440512" - }, - "_ws.malformed": "Malformed Packet" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:10.113521000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494110.113521000", - "frame.time_delta": "0.002816000", - "frame.time_delta_displayed": "0.002816000", - "frame.time_relative": "518.652835000", - "frame.number": "1962", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000011eb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a69e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47460", - "tcp.dstport": "80", - "tcp.port": "47460", - "tcp.port": "80", - "tcp.stream": "96", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000030f4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1959", - "tcp.analysis.ack_rtt": "0.003668000", - "tcp.analysis.initial_rtt": "0.006179000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:10.116814000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494110.116814000", - "frame.time_delta": "0.003293000", - "frame.time_delta_displayed": "0.003293000", - "frame.time_relative": "518.656128000", - "frame.number": "1963", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000011ec", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a69d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47460", - "tcp.dstport": "80", - "tcp.port": "47460", - "tcp.port": "80", - "tcp.stream": "96", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00002d09", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1960", - "tcp.analysis.ack_rtt": "0.006550000", - "tcp.analysis.initial_rtt": "0.006179000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:10.118392000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494110.118392000", - "frame.time_delta": "0.001578000", - "frame.time_delta_displayed": "0.001578000", - "frame.time_relative": "518.657706000", - "frame.number": "1964", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x000011ed", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a690", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47460", - "tcp.dstport": "80", - "tcp.port": "47460", - "tcp.port": "80", - "tcp.stream": "96", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000191b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:05:0a:4e:4e:1e:ab:4e:4e:22:8f", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "SACK: 18-1014": { - "tcp.option_kind": "5", - "tcp.option_len": "10", - "tcp.options.sack": "1", - "tcp.options.sack_le": "18", - "tcp.options.sack_re": "1014", - "tcp.options.sack.count": "1" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.006179000", - "tcp.analysis.flags": { - "tcp.analysis.duplicate_ack": "" - }, - "tcp.analysis.duplicate_ack_num": "1", - "tcp.analysis.duplicate_ack_frame": "1963", - "tcp.analysis.duplicate_ack_frame_tree": { - "_ws.expert": { - "tcp.analysis.duplicate_ack": "", - "_ws.expert.message": "Duplicate ACK (#1)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:10.118509000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494110.118509000", - "frame.time_delta": "0.000117000", - "frame.time_delta_displayed": "0.000117000", - "frame.time_relative": "518.657823000", - "frame.number": "1965", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000011ee", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a69b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47460", - "tcp.dstport": "80", - "tcp.port": "47460", - "tcp.port": "80", - "tcp.stream": "96", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00002d08", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:10.118940000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494110.118940000", - "frame.time_delta": "0.000431000", - "frame.time_delta_displayed": "0.000431000", - "frame.time_relative": "518.658254000", - "frame.number": "1966", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e0b6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d7d2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47460", - "tcp.port": "80", - "tcp.port": "47460", - "tcp.stream": "96", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00001f9e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1965", - "tcp.analysis.ack_rtt": "0.000431000", - "tcp.analysis.initial_rtt": "0.006179000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:10.123684000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494110.123684000", - "frame.time_delta": "0.004744000", - "frame.time_delta_displayed": "0.004744000", - "frame.time_relative": "518.662998000", - "frame.number": "1967", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000f01a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000c86e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47460", - "tcp.dstport": "80", - "tcp.port": "47460", - "tcp.port": "80", - "tcp.stream": "96", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00009f4f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:10.136728000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494110.136728000", - "frame.time_delta": "0.013044000", - "frame.time_delta_displayed": "0.013044000", - "frame.time_relative": "518.676042000", - "frame.number": "1968", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x00007f8c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000049c8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:10.305425000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494110.305425000", - "frame.time_delta": "0.168697000", - "frame.time_delta_displayed": "0.168697000", - "frame.time_relative": "518.844739000", - "frame.number": "1969", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x000073f8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000447d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47461", - "tcp.dstport": "80", - "tcp.port": "47461", - "tcp.port": "80", - "tcp.stream": "97", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x000065b0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:1e:1f:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 925215, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "925215", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:10.305963000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494110.305963000", - "frame.time_delta": "0.000538000", - "frame.time_delta_displayed": "0.000538000", - "frame.time_relative": "518.845277000", - "frame.number": "1970", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47461", - "tcp.port": "80", - "tcp.port": "47461", - "tcp.stream": "97", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000d337", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "1969", - "tcp.analysis.ack_rtt": "0.000538000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:10.310912000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494110.310912000", - "frame.time_delta": "0.004949000", - "frame.time_delta_displayed": "0.004949000", - "frame.time_relative": "518.850226000", - "frame.number": "1971", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000073f9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004490", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47461", - "tcp.dstport": "80", - "tcp.port": "47461", - "tcp.port": "80", - "tcp.stream": "97", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000084bf", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1970", - "tcp.analysis.ack_rtt": "0.004949000", - "tcp.analysis.initial_rtt": "0.005487000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:10.311367000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494110.311367000", - "frame.time_delta": "0.000455000", - "frame.time_delta_displayed": "0.000455000", - "frame.time_relative": "518.850681000", - "frame.number": "1972", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x000073fa", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000043cf", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47461", - "tcp.dstport": "80", - "tcp.port": "47461", - "tcp.port": "80", - "tcp.stream": "97", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000e439", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005487000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:10.311831000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494110.311831000", - "frame.time_delta": "0.000464000", - "frame.time_delta_displayed": "0.000464000", - "frame.time_relative": "518.851145000", - "frame.number": "1973", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000639f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000054ea", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47461", - "tcp.port": "80", - "tcp.port": "47461", - "tcp.stream": "97", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000768e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1972", - "tcp.analysis.ack_rtt": "0.000464000", - "tcp.analysis.initial_rtt": "0.005487000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:10.312505000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494110.312505000", - "frame.time_delta": "0.000674000", - "frame.time_delta_displayed": "0.000674000", - "frame.time_relative": "518.851819000", - "frame.number": "1974", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x000063a0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000054d8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47461", - "tcp.port": "80", - "tcp.port": "47461", - "tcp.stream": "97", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000b6af", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005487000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:10.312859000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494110.312859000", - "frame.time_delta": "0.000354000", - "frame.time_delta_displayed": "0.000354000", - "frame.time_relative": "518.852173000", - "frame.number": "1975", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x000063a1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005105", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47461", - "tcp.port": "80", - "tcp.port": "47461", - "tcp.stream": "97", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00000919", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005487000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "1974", - "tcp.segment": "1975", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001492000", - "http.request_in": "1972", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:10.316612000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494110.316612000", - "frame.time_delta": "0.003753000", - "frame.time_delta_displayed": "0.003753000", - "frame.time_relative": "518.855926000", - "frame.number": "1976", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000073fb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000448e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47461", - "tcp.dstport": "80", - "tcp.port": "47461", - "tcp.port": "80", - "tcp.stream": "97", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000083ee", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1974", - "tcp.analysis.ack_rtt": "0.004107000", - "tcp.analysis.initial_rtt": "0.005487000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:10.320246000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494110.320246000", - "frame.time_delta": "0.003634000", - "frame.time_delta_displayed": "0.003634000", - "frame.time_relative": "518.859560000", - "frame.number": "1977", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000073fc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000448d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47461", - "tcp.dstport": "80", - "tcp.port": "47461", - "tcp.port": "80", - "tcp.stream": "97", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00008003", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1975", - "tcp.analysis.ack_rtt": "0.007387000", - "tcp.analysis.initial_rtt": "0.005487000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:10.323420000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494110.323420000", - "frame.time_delta": "0.003174000", - "frame.time_delta_displayed": "0.003174000", - "frame.time_relative": "518.862734000", - "frame.number": "1978", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000073fd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000448c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47461", - "tcp.dstport": "80", - "tcp.port": "47461", - "tcp.port": "80", - "tcp.stream": "97", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00008002", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:10.323888000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494110.323888000", - "frame.time_delta": "0.000468000", - "frame.time_delta_displayed": "0.000468000", - "frame.time_relative": "518.863202000", - "frame.number": "1979", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e0c0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d7c8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47461", - "tcp.port": "80", - "tcp.port": "47461", - "tcp.stream": "97", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00007298", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1978", - "tcp.analysis.ack_rtt": "0.000468000", - "tcp.analysis.initial_rtt": "0.005487000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:10.328373000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494110.328373000", - "frame.time_delta": "0.004485000", - "frame.time_delta_displayed": "0.004485000", - "frame.time_relative": "518.867687000", - "frame.number": "1980", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000f01d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000c86b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47461", - "tcp.dstport": "80", - "tcp.port": "47461", - "tcp.port": "80", - "tcp.stream": "97", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000eafc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:11.501924000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494111.501924000", - "frame.time_delta": "1.173551000", - "frame.time_delta_displayed": "1.173551000", - "frame.time_relative": "520.041238000", - "frame.number": "1981", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "60:f1:89:96:45:f6", - "arp.src.proto_ipv4": "192.168.0.86", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:14.986178000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494114.986178000", - "frame.time_delta": "3.484254000", - "frame.time_delta_displayed": "3.484254000", - "frame.time_relative": "523.525492000", - "frame.number": "1982", - "frame.len": "103", - "frame.cap_len": "103", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "89", - "ip.id": "0x00000ae1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ceb8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "69", - "udp.checksum": "0x00000f59", - "udp.checksum.status": "2", - "udp.stream": "38" - }, - "mdns": { - "dns.id": "0x00000003", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_FFACD959._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_FFACD959._sub._googlecast._tcp.local", - "dns.qry.name.len": "37", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:25.169710000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494125.169710000", - "frame.time_delta": "10.183532000", - "frame.time_delta_displayed": "10.183532000", - "frame.time_relative": "533.709024000", - "frame.number": "1983", - "frame.len": "115", - "frame.cap_len": "115", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "101", - "ip.id": "0x00009522", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000782c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "49", - "tcp.seq": "9347", - "tcp.nxtseq": "9396", - "tcp.ack": "1480", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000bba0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:81:68:a7:9c:f5:c7", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2457960, TSecr 2812081607": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2457960", - "tcp.options.timestamp.tsecr": "2812081607" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "49", - "tcp.analysis.push_bytes_sent": "49" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "44", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:b8:d4:03:22:24:9e:e1:8e:e6:69:58:16:4a:97:0a:25:63:d1:30:d0:31:e9:f3:cc:ac:a5:7c:d8:36:ac:59:f0:04:2c:09:2e:71" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:25.230141000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494125.230141000", - "frame.time_delta": "0.060431000", - "frame.time_delta_displayed": "0.060431000", - "frame.time_relative": "533.769455000", - "frame.number": "1984", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c13", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000396c", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "1480", - "tcp.ack": "9396", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f813", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9d:04:97:00:25:81:68", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812085399, TSecr 2457960": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812085399", - "tcp.options.timestamp.tsecr": "2457960" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "1983", - "tcp.analysis.ack_rtt": "0.060431000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:25.230609000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494125.230609000", - "frame.time_delta": "0.000468000", - "frame.time_delta_displayed": "0.000468000", - "frame.time_relative": "533.769923000", - "frame.number": "1985", - "frame.len": "121", - "frame.cap_len": "121", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "107", - "ip.id": "0x00002c14", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003934", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "55", - "tcp.seq": "1480", - "tcp.nxtseq": "1535", - "tcp.ack": "9396", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00005ecc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9d:04:98:00:25:81:68", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812085400, TSecr 2457960": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812085400", - "tcp.options.timestamp.tsecr": "2457960" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "55", - "tcp.analysis.push_bytes_sent": "55" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "50", - "ssl.app_data": "34:cd:34:17:47:48:0e:44:5c:6d:13:12:c7:4f:db:de:9a:ff:34:2d:cf:a2:4f:d2:aa:10:c8:18:06:74:01:af:56:5e:0d:5c:62:e7:3e:de:5c:99:e2:8d:66:e8:1c:7b:02:35" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:25.231000000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494125.231000000", - "frame.time_delta": "0.000391000", - "frame.time_delta_displayed": "0.000391000", - "frame.time_relative": "533.770314000", - "frame.number": "1986", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00009523", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000785c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "9396", - "tcp.ack": "1535", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f6e6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:81:6e:a7:9d:04:98", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2457966, TSecr 2812085400": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2457966", - "tcp.options.timestamp.tsecr": "2812085400" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "1985", - "tcp.analysis.ack_rtt": "0.000391000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:25.731944000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494125.731944000", - "frame.time_delta": "0.500944000", - "frame.time_delta_displayed": "0.500944000", - "frame.time_relative": "534.271258000", - "frame.number": "1987", - "frame.len": "20", - "frame.cap_len": "20", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:llc" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.len": "6" - }, - "llc": { - "llc.dsap": "0x00000000", - "llc.dsap_tree": { - "llc.dsap.sap": "0", - "llc.dsap.ig": "0" - }, - "llc.ssap": "0x00000001", - "llc.ssap_tree": { - "llc.ssap.sap": "0", - "llc.ssap.cr": "1" - }, - "llc.control": "0x000000af", - "llc.control_tree": { - "llc.control.u_modifier_resp": "0x0000002b", - "llc.control.ftype": "0x00000003" - } - }, - "basicxid": { - "basicxid.llc.xid.format": "0x00000081", - "basicxid.llc.xid.types": "0x00000001", - "basicxid.llc.xid.wsize": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:25.984144000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494125.984144000", - "frame.time_delta": "0.252200000", - "frame.time_delta_displayed": "0.252200000", - "frame.time_relative": "534.523458000", - "frame.number": "1988", - "frame.len": "350", - "frame.cap_len": "350", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:bootp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "336", - "ip.id": "0x00000000", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ba9d", - "ip.checksum.status": "2", - "ip.src": "0.0.0.0", - "ip.addr": "0.0.0.0", - "ip.src_host": "0.0.0.0", - "ip.host": "0.0.0.0", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "68", - "udp.dstport": "67", - "udp.port": "68", - "udp.port": "67", - "udp.length": "316", - "udp.checksum": "0x00004f9e", - "udp.checksum.status": "2", - "udp.stream": "3" - }, - "bootp": { - "bootp.type": "1", - "bootp.hw.type": "0x00000001", - "bootp.hw.len": "6", - "bootp.hops": "0", - "bootp.id": "0xabcd0001", - "bootp.secs": "0", - "bootp.flags": "0x00000000", - "bootp.flags_tree": { - "bootp.flags.bc": "0", - "bootp.flags.reserved": "0x00000000" - }, - "bootp.ip.client": "0.0.0.0", - "bootp.ip.your": "0.0.0.0", - "bootp.ip.server": "0.0.0.0", - "bootp.ip.relay": "0.0.0.0", - "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", - "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", - "bootp.server": "", - "bootp.file": "", - "bootp.dhcp": "1", - "bootp.cookie": "99.130.83.99", - "bootp.option.type": "53", - "bootp.option.type_tree": { - "bootp.option.length": "1", - "bootp.option.value": "01", - "bootp.option.dhcp": "1" - }, - "bootp.option.type": "12", - "bootp.option.type_tree": { - "bootp.option.length": "14", - "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", - "bootp.option.hostname": "USR-WIFI232-G2" - }, - "bootp.option.type": "57", - "bootp.option.type_tree": { - "bootp.option.length": "2", - "bootp.option.value": "05:dc", - "bootp.option.dhcp_max_message_size": "1500" - }, - "bootp.option.type": "55", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "01:03:1c:06", - "bootp.option.request_list_item": "1", - "bootp.option.request_list_item": "3", - "bootp.option.request_list_item": "28", - "bootp.option.request_list_item": "6" - }, - "bootp.option.type": "0", - "bootp.option.type_tree": { - "bootp.option.end": "255" - }, - "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:26.008264000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494126.008264000", - "frame.time_delta": "0.024120000", - "frame.time_delta_displayed": "0.024120000", - "frame.time_relative": "534.547578000", - "frame.number": "1989", - "frame.len": "350", - "frame.cap_len": "350", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:bootp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "336", - "ip.id": "0x00000001", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ba9c", - "ip.checksum.status": "2", - "ip.src": "0.0.0.0", - "ip.addr": "0.0.0.0", - "ip.src_host": "0.0.0.0", - "ip.host": "0.0.0.0", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "68", - "udp.dstport": "67", - "udp.port": "68", - "udp.port": "67", - "udp.length": "316", - "udp.checksum": "0x000080b3", - "udp.checksum.status": "2", - "udp.stream": "3" - }, - "bootp": { - "bootp.type": "1", - "bootp.hw.type": "0x00000001", - "bootp.hw.len": "6", - "bootp.hops": "0", - "bootp.id": "0xabcd0002", - "bootp.secs": "0", - "bootp.flags": "0x00000000", - "bootp.flags_tree": { - "bootp.flags.bc": "0", - "bootp.flags.reserved": "0x00000000" - }, - "bootp.ip.client": "0.0.0.0", - "bootp.ip.your": "0.0.0.0", - "bootp.ip.server": "0.0.0.0", - "bootp.ip.relay": "0.0.0.0", - "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", - "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", - "bootp.server": "", - "bootp.file": "", - "bootp.dhcp": "1", - "bootp.cookie": "99.130.83.99", - "bootp.option.type": "53", - "bootp.option.type_tree": { - "bootp.option.length": "1", - "bootp.option.value": "03", - "bootp.option.dhcp": "3" - }, - "bootp.option.type": "12", - "bootp.option.type_tree": { - "bootp.option.length": "14", - "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", - "bootp.option.hostname": "USR-WIFI232-G2" - }, - "bootp.option.type": "57", - "bootp.option.type_tree": { - "bootp.option.length": "2", - "bootp.option.value": "05:dc", - "bootp.option.dhcp_max_message_size": "1500" - }, - "bootp.option.type": "50", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "c0:a8:00:72", - "bootp.option.requested_ip_address": "192.168.0.114" - }, - "bootp.option.type": "54", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "c0:a8:00:01", - "bootp.option.dhcp_server_id": "192.168.0.1" - }, - "bootp.option.type": "55", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "01:03:1c:06", - "bootp.option.request_list_item": "1", - "bootp.option.request_list_item": "3", - "bootp.option.request_list_item": "28", - "bootp.option.request_list_item": "6" - }, - "bootp.option.type": "0", - "bootp.option.type_tree": { - "bootp.option.end": "255" - }, - "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:26.065095000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494126.065095000", - "frame.time_delta": "0.056831000", - "frame.time_delta_displayed": "0.056831000", - "frame.time_relative": "534.604409000", - "frame.number": "1990", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", - "arp.src.proto_ipv4": "0.0.0.0", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.114" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:26.098865000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494126.098865000", - "frame.time_delta": "0.033770000", - "frame.time_delta_displayed": "0.033770000", - "frame.time_relative": "534.638179000", - "frame.number": "1991", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", - "arp.src.proto_ipv4": "0.0.0.0", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.114" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:28.851840000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494128.851840000", - "frame.time_delta": "2.752975000", - "frame.time_delta_displayed": "2.752975000", - "frame.time_relative": "537.391154000", - "frame.number": "1992", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "3c:ef:8c:6f:79:5a", - "eth.src_tree": { - "eth.src_resolved": "Zhejiang_6f:79:5a", - "eth.addr": "3c:ef:8c:6f:79:5a", - "eth.addr_resolved": "Zhejiang_6f:79:5a", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.isgratuitous": "1", - "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", - "arp.src.proto_ipv4": "192.168.0.71", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.71" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:30.441539000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494130.441539000", - "frame.time_delta": "1.589699000", - "frame.time_delta_displayed": "1.589699000", - "frame.time_relative": "538.980853000", - "frame.number": "1993", - "frame.len": "168", - "frame.cap_len": "168", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "154", - "ip.id": "0x000020e2", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e762", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "52117", - "udp.dstport": "1900", - "udp.port": "52117", - "udp.port": "1900", - "udp.length": "134", - "udp.checksum": "0x00004d48", - "udp.checksum.status": "2", - "udp.stream": "10" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "5", - "http.prev_request_in": "858" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:30.576925000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494130.576925000", - "frame.time_delta": "0.135386000", - "frame.time_delta_displayed": "0.135386000", - "frame.time_relative": "539.116239000", - "frame.number": "1994", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d60", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000ba90", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00000999", - "udp.checksum.status": "2", - "udp.stream": "16" - }, - "mdns": { - "dns.id": "0x0000026a", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=618", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:30.577328000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494130.577328000", - "frame.time_delta": "0.000403000", - "frame.time_delta_displayed": "0.000403000", - "frame.time_relative": "539.116642000", - "frame.number": "1995", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d61", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009b8b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000ea94", - "udp.checksum.status": "2", - "udp.stream": "17" - }, - "mdns": { - "dns.id": "0x0000026a", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=618", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:30.577713000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494130.577713000", - "frame.time_delta": "0.000385000", - "frame.time_delta_displayed": "0.000385000", - "frame.time_relative": "539.117027000", - "frame.number": "1996", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1319", - "udp.dstport": "5353", - "udp.port": "1319", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000785a", - "udp.checksum.status": "2", - "udp.stream": "18" - }, - "mdns": { - "dns.id": "0x0000026a", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=618", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:30.901986000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494130.901986000", - "frame.time_delta": "0.324273000", - "frame.time_delta_displayed": "0.324273000", - "frame.time_relative": "539.441300000", - "frame.number": "1997", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00005c06", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00005b45", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "305", - "udp.checksum": "0x0000f985", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "25", - "http.prev_response_in": "916" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:30.905199000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494130.905199000", - "frame.time_delta": "0.003213000", - "frame.time_delta_displayed": "0.003213000", - "frame.time_relative": "539.444513000", - "frame.number": "1998", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001941", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f26", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54541", - "tcp.dstport": "80", - "tcp.port": "54541", - "tcp.port": "80", - "tcp.stream": "98", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x00008d9f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:30.905721000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494130.905721000", - "frame.time_delta": "0.000522000", - "frame.time_delta_displayed": "0.000522000", - "frame.time_relative": "539.445035000", - "frame.number": "1999", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54541", - "tcp.port": "80", - "tcp.port": "54541", - "tcp.stream": "98", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000a145", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "1998", - "tcp.analysis.ack_rtt": "0.000522000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:30.908574000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494130.908574000", - "frame.time_delta": "0.002853000", - "frame.time_delta_displayed": "0.002853000", - "frame.time_relative": "539.447888000", - "frame.number": "2000", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001942", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f31", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54541", - "tcp.dstport": "80", - "tcp.port": "54541", - "tcp.port": "80", - "tcp.stream": "98", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00005324", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "1999", - "tcp.analysis.ack_rtt": "0.002853000", - "tcp.analysis.initial_rtt": "0.003375000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:30.909228000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494130.909228000", - "frame.time_delta": "0.000654000", - "frame.time_delta_displayed": "0.000654000", - "frame.time_relative": "539.448542000", - "frame.number": "2001", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001943", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005e89", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54541", - "tcp.dstport": "80", - "tcp.port": "54541", - "tcp.port": "80", - "tcp.stream": "98", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000689d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003375000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:30.909795000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494130.909795000", - "frame.time_delta": "0.000567000", - "frame.time_delta_displayed": "0.000567000", - "frame.time_relative": "539.449109000", - "frame.number": "2002", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00006d7c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004af7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54541", - "tcp.port": "80", - "tcp.port": "54541", - "tcp.stream": "98", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000044b5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2001", - "tcp.analysis.ack_rtt": "0.000567000", - "tcp.analysis.initial_rtt": "0.003375000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:30.910363000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494130.910363000", - "frame.time_delta": "0.000568000", - "frame.time_delta_displayed": "0.000568000", - "frame.time_relative": "539.449677000", - "frame.number": "2003", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00006d7d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004ae5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54541", - "tcp.port": "80", - "tcp.port": "54541", - "tcp.stream": "98", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000084d6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003375000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:30.910850000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494130.910850000", - "frame.time_delta": "0.000487000", - "frame.time_delta_displayed": "0.000487000", - "frame.time_relative": "539.450164000", - "frame.number": "2004", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00006d7e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004712", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54541", - "tcp.port": "80", - "tcp.port": "54541", - "tcp.stream": "98", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000d73f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003375000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "2003", - "tcp.segment": "2004", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001622000", - "http.request_in": "2001", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:30.912958000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494130.912958000", - "frame.time_delta": "0.002108000", - "frame.time_delta_displayed": "0.002108000", - "frame.time_relative": "539.452272000", - "frame.number": "2005", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001944", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f2f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54541", - "tcp.dstport": "80", - "tcp.port": "54541", - "tcp.port": "80", - "tcp.stream": "98", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00004e8c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2004", - "tcp.analysis.ack_rtt": "0.002108000", - "tcp.analysis.initial_rtt": "0.003375000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:30.914174000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494130.914174000", - "frame.time_delta": "0.001216000", - "frame.time_delta_displayed": "0.001216000", - "frame.time_relative": "539.453488000", - "frame.number": "2006", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001946", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f2d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54541", - "tcp.dstport": "80", - "tcp.port": "54541", - "tcp.port": "80", - "tcp.stream": "98", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00004e8b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:30.914625000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494130.914625000", - "frame.time_delta": "0.000451000", - "frame.time_delta_displayed": "0.000451000", - "frame.time_relative": "539.453939000", - "frame.number": "2007", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000f3d3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000c49f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54541", - "tcp.port": "80", - "tcp.port": "54541", - "tcp.stream": "98", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000040bf", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2006", - "tcp.analysis.ack_rtt": "0.000451000", - "tcp.analysis.initial_rtt": "0.003375000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:30.954893000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494130.954893000", - "frame.time_delta": "0.040268000", - "frame.time_delta_displayed": "0.040268000", - "frame.time_relative": "539.494207000", - "frame.number": "2008", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00005c0a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00005b38", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "314", - "udp.checksum": "0x00000771", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "26", - "http.prev_response_in": "1997" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:30.964239000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494130.964239000", - "frame.time_delta": "0.009346000", - "frame.time_delta_displayed": "0.009346000", - "frame.time_relative": "539.503553000", - "frame.number": "2009", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001947", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f20", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54542", - "tcp.dstport": "80", - "tcp.port": "54542", - "tcp.port": "80", - "tcp.stream": "99", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x00003b77", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:30.964780000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494130.964780000", - "frame.time_delta": "0.000541000", - "frame.time_delta_displayed": "0.000541000", - "frame.time_relative": "539.504094000", - "frame.number": "2010", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54542", - "tcp.port": "80", - "tcp.port": "54542", - "tcp.stream": "99", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00007f32", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2009", - "tcp.analysis.ack_rtt": "0.000541000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:30.967426000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494130.967426000", - "frame.time_delta": "0.002646000", - "frame.time_delta_displayed": "0.002646000", - "frame.time_relative": "539.506740000", - "frame.number": "2011", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001948", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f2b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54542", - "tcp.dstport": "80", - "tcp.port": "54542", - "tcp.port": "80", - "tcp.stream": "99", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00003111", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2010", - "tcp.analysis.ack_rtt": "0.002646000", - "tcp.analysis.initial_rtt": "0.003187000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:30.968018000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494130.968018000", - "frame.time_delta": "0.000592000", - "frame.time_delta_displayed": "0.000592000", - "frame.time_relative": "539.507332000", - "frame.number": "2012", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001949", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005e83", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54542", - "tcp.dstport": "80", - "tcp.port": "54542", - "tcp.port": "80", - "tcp.stream": "99", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000468a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003187000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:30.968490000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494130.968490000", - "frame.time_delta": "0.000472000", - "frame.time_delta_displayed": "0.000472000", - "frame.time_relative": "539.507804000", - "frame.number": "2013", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005b15", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005d5e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54542", - "tcp.port": "80", - "tcp.port": "54542", - "tcp.stream": "99", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000022a2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2012", - "tcp.analysis.ack_rtt": "0.000472000", - "tcp.analysis.initial_rtt": "0.003187000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:30.969127000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494130.969127000", - "frame.time_delta": "0.000637000", - "frame.time_delta_displayed": "0.000637000", - "frame.time_relative": "539.508441000", - "frame.number": "2014", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00005b16", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005d4c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54542", - "tcp.port": "80", - "tcp.port": "54542", - "tcp.stream": "99", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000062c3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003187000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:30.969488000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494130.969488000", - "frame.time_delta": "0.000361000", - "frame.time_delta_displayed": "0.000361000", - "frame.time_relative": "539.508802000", - "frame.number": "2015", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00005b17", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005979", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54542", - "tcp.port": "80", - "tcp.port": "54542", - "tcp.stream": "99", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000b52c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003187000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "2014", - "tcp.segment": "2015", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001470000", - "http.request_in": "2012", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:30.970696000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494130.970696000", - "frame.time_delta": "0.001208000", - "frame.time_delta_displayed": "0.001208000", - "frame.time_relative": "539.510010000", - "frame.number": "2016", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00005b18", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005978", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54542", - "tcp.port": "80", - "tcp.port": "54542", - "tcp.stream": "99", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000b52c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003187000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.out_of_order": "", - "_ws.expert.message": "This frame is a (suspected) out-of-order segment", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - } - } - }, - "_ws.malformed": { - "_ws.expert": { - "_ws.malformed.reassembly": "", - "_ws.expert.message": "New fragment overlaps old data (retransmission?)", - "_ws.expert.severity": "8388608", - "_ws.expert.group": "117440512" - }, - "_ws.malformed": "Malformed Packet" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:30.971585000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494130.971585000", - "frame.time_delta": "0.000889000", - "frame.time_delta_displayed": "0.000889000", - "frame.time_relative": "539.510899000", - "frame.number": "2017", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000194a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f29", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54542", - "tcp.dstport": "80", - "tcp.port": "54542", - "tcp.port": "80", - "tcp.stream": "99", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00002c79", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2015", - "tcp.analysis.ack_rtt": "0.002097000", - "tcp.analysis.initial_rtt": "0.003187000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:30.973989000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494130.973989000", - "frame.time_delta": "0.002404000", - "frame.time_delta_displayed": "0.002404000", - "frame.time_relative": "539.513303000", - "frame.number": "2018", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000194b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f28", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54542", - "tcp.dstport": "80", - "tcp.port": "54542", - "tcp.port": "80", - "tcp.stream": "99", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00002c78", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:30.974430000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494130.974430000", - "frame.time_delta": "0.000441000", - "frame.time_delta_displayed": "0.000441000", - "frame.time_relative": "539.513744000", - "frame.number": "2019", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000f3d6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000c49c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54542", - "tcp.port": "80", - "tcp.port": "54542", - "tcp.stream": "99", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00001eac", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2018", - "tcp.analysis.ack_rtt": "0.000441000", - "tcp.analysis.initial_rtt": "0.003187000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:30.975824000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494130.975824000", - "frame.time_delta": "0.001394000", - "frame.time_delta_displayed": "0.001394000", - "frame.time_relative": "539.515138000", - "frame.number": "2020", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000194c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f1b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54542", - "tcp.dstport": "80", - "tcp.port": "54542", - "tcp.port": "80", - "tcp.stream": "99", - "tcp.len": "0", - "tcp.seq": "169", - "tcp.ack": "1014", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00006827", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:05:0a:26:9f:1e:8c:26:9f:22:6f", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "SACK: 18-1013": { - "tcp.option_kind": "5", - "tcp.option_len": "10", - "tcp.options.sack": "1", - "tcp.options.sack_le": "18", - "tcp.options.sack_re": "1013", - "tcp.options.sack.count": "1" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003187000", - "tcp.analysis.flags": { - "tcp.analysis.duplicate_ack": "" - }, - "tcp.analysis.duplicate_ack_num": "1", - "tcp.analysis.duplicate_ack_frame": "2017", - "tcp.analysis.duplicate_ack_frame_tree": { - "_ws.expert": { - "tcp.analysis.duplicate_ack": "", - "_ws.expert.message": "Duplicate ACK (#1)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:31.007901000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494131.007901000", - "frame.time_delta": "0.032077000", - "frame.time_delta_displayed": "0.032077000", - "frame.time_relative": "539.547215000", - "frame.number": "2021", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00005c0e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00005b3a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "308", - "udp.checksum": "0x00002afb", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "27", - "http.prev_response_in": "2008" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:31.093016000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494131.093016000", - "frame.time_delta": "0.085115000", - "frame.time_delta_displayed": "0.085115000", - "frame.time_relative": "539.632330000", - "frame.number": "2022", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000194d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f1a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54543", - "tcp.dstport": "80", - "tcp.port": "54543", - "tcp.port": "80", - "tcp.stream": "100", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x00006365", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:31.093561000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494131.093561000", - "frame.time_delta": "0.000545000", - "frame.time_delta_displayed": "0.000545000", - "frame.time_relative": "539.632875000", - "frame.number": "2023", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54543", - "tcp.port": "80", - "tcp.port": "54543", - "tcp.stream": "100", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x000044e2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2022", - "tcp.analysis.ack_rtt": "0.000545000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:31.096389000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494131.096389000", - "frame.time_delta": "0.002828000", - "frame.time_delta_displayed": "0.002828000", - "frame.time_relative": "539.635703000", - "frame.number": "2024", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000194e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f25", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54543", - "tcp.dstport": "80", - "tcp.port": "54543", - "tcp.port": "80", - "tcp.stream": "100", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000f6c0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2023", - "tcp.analysis.ack_rtt": "0.002828000", - "tcp.analysis.initial_rtt": "0.003373000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:31.096979000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494131.096979000", - "frame.time_delta": "0.000590000", - "frame.time_delta_displayed": "0.000590000", - "frame.time_relative": "539.636293000", - "frame.number": "2025", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x0000194f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005e7d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54543", - "tcp.dstport": "80", - "tcp.port": "54543", - "tcp.port": "80", - "tcp.stream": "100", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00000c3a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003373000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:31.097453000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494131.097453000", - "frame.time_delta": "0.000474000", - "frame.time_delta_displayed": "0.000474000", - "frame.time_relative": "539.636767000", - "frame.number": "2026", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000b783", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000000f0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54543", - "tcp.port": "80", - "tcp.port": "54543", - "tcp.stream": "100", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000e851", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2025", - "tcp.analysis.ack_rtt": "0.000474000", - "tcp.analysis.initial_rtt": "0.003373000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:31.098050000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494131.098050000", - "frame.time_delta": "0.000597000", - "frame.time_delta_displayed": "0.000597000", - "frame.time_relative": "539.637364000", - "frame.number": "2027", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000b784", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000000de", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54543", - "tcp.port": "80", - "tcp.port": "54543", - "tcp.stream": "100", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00002873", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003373000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:31.098423000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494131.098423000", - "frame.time_delta": "0.000373000", - "frame.time_delta_displayed": "0.000373000", - "frame.time_relative": "539.637737000", - "frame.number": "2028", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000b785", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000fd0a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54543", - "tcp.port": "80", - "tcp.port": "54543", - "tcp.stream": "100", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00007adc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003373000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "2027", - "tcp.segment": "2028", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001444000", - "http.request_in": "2025", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:31.100500000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494131.100500000", - "frame.time_delta": "0.002077000", - "frame.time_delta_displayed": "0.002077000", - "frame.time_relative": "539.639814000", - "frame.number": "2029", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001950", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f23", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54543", - "tcp.dstport": "80", - "tcp.port": "54543", - "tcp.port": "80", - "tcp.stream": "100", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000f228", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2028", - "tcp.analysis.ack_rtt": "0.002077000", - "tcp.analysis.initial_rtt": "0.003373000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:31.100652000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494131.100652000", - "frame.time_delta": "0.000152000", - "frame.time_delta_displayed": "0.000152000", - "frame.time_relative": "539.639966000", - "frame.number": "2030", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000b786", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000fd09", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54543", - "tcp.port": "80", - "tcp.port": "54543", - "tcp.stream": "100", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00007adc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003373000", - "tcp.analysis.bytes_in_flight": "996", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.out_of_order": "", - "_ws.expert.message": "This frame is a (suspected) out-of-order segment", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - } - } - }, - "_ws.malformed": { - "_ws.expert": { - "_ws.malformed.reassembly": "", - "_ws.expert.message": "New fragment overlaps old data (retransmission?)", - "_ws.expert.severity": "8388608", - "_ws.expert.group": "117440512" - }, - "_ws.malformed": "Malformed Packet" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:31.101069000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494131.101069000", - "frame.time_delta": "0.000417000", - "frame.time_delta_displayed": "0.000417000", - "frame.time_relative": "539.640383000", - "frame.number": "2031", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001951", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f22", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54543", - "tcp.dstport": "80", - "tcp.port": "54543", - "tcp.port": "80", - "tcp.stream": "100", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000f227", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2030", - "tcp.analysis.ack_rtt": "0.000417000", - "tcp.analysis.initial_rtt": "0.003373000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:31.101487000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494131.101487000", - "frame.time_delta": "0.000418000", - "frame.time_delta_displayed": "0.000418000", - "frame.time_relative": "539.640801000", - "frame.number": "2032", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000f3e1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000c491", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54543", - "tcp.port": "80", - "tcp.port": "54543", - "tcp.stream": "100", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000e45b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2031", - "tcp.analysis.ack_rtt": "0.000418000", - "tcp.analysis.initial_rtt": "0.003373000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:31.103419000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494131.103419000", - "frame.time_delta": "0.001932000", - "frame.time_delta_displayed": "0.001932000", - "frame.time_relative": "539.642733000", - "frame.number": "2033", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001952", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f15", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54543", - "tcp.dstport": "80", - "tcp.port": "54543", - "tcp.port": "80", - "tcp.stream": "100", - "tcp.len": "0", - "tcp.seq": "169", - "tcp.ack": "1014", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000695a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:05:0a:b4:5f:f3:09:b4:5f:f6:ec", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "SACK: 18-1013": { - "tcp.option_kind": "5", - "tcp.option_len": "10", - "tcp.options.sack": "1", - "tcp.options.sack_le": "18", - "tcp.options.sack_re": "1013", - "tcp.options.sack.count": "1" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003373000", - "tcp.analysis.flags": { - "tcp.analysis.duplicate_ack": "" - }, - "tcp.analysis.duplicate_ack_num": "1", - "tcp.analysis.duplicate_ack_frame": "2029", - "tcp.analysis.duplicate_ack_frame_tree": { - "_ws.expert": { - "tcp.analysis.duplicate_ack": "", - "_ws.expert.message": "Duplicate ACK (#1)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:31.197622000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494131.197622000", - "frame.time_delta": "0.094203000", - "frame.time_delta_displayed": "0.094203000", - "frame.time_relative": "539.736936000", - "frame.number": "2034", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", - "arp.src.proto_ipv4": "192.168.0.114", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:31.955441000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494131.955441000", - "frame.time_delta": "0.757819000", - "frame.time_delta_displayed": "0.757819000", - "frame.time_relative": "540.494755000", - "frame.number": "2035", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00005c64", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00005ae7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "305", - "udp.checksum": "0x0000f985", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "28", - "http.prev_response_in": "2021" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:31.959611000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494131.959611000", - "frame.time_delta": "0.004170000", - "frame.time_delta_displayed": "0.004170000", - "frame.time_relative": "540.498925000", - "frame.number": "2036", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001953", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f14", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54544", - "tcp.dstport": "80", - "tcp.port": "54544", - "tcp.port": "80", - "tcp.stream": "101", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x0000b902", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:31.960144000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494131.960144000", - "frame.time_delta": "0.000533000", - "frame.time_delta_displayed": "0.000533000", - "frame.time_relative": "540.499458000", - "frame.number": "2037", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54544", - "tcp.port": "80", - "tcp.port": "54544", - "tcp.stream": "101", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00001fe9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2036", - "tcp.analysis.ack_rtt": "0.000533000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:31.963043000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494131.963043000", - "frame.time_delta": "0.002899000", - "frame.time_delta_displayed": "0.002899000", - "frame.time_relative": "540.502357000", - "frame.number": "2038", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001954", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f1f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54544", - "tcp.dstport": "80", - "tcp.port": "54544", - "tcp.port": "80", - "tcp.stream": "101", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000d1c7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2037", - "tcp.analysis.ack_rtt": "0.002899000", - "tcp.analysis.initial_rtt": "0.003432000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:31.963674000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494131.963674000", - "frame.time_delta": "0.000631000", - "frame.time_delta_displayed": "0.000631000", - "frame.time_relative": "540.502988000", - "frame.number": "2039", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001955", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005e77", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54544", - "tcp.dstport": "80", - "tcp.port": "54544", - "tcp.port": "80", - "tcp.stream": "101", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000e740", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003432000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:31.964162000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494131.964162000", - "frame.time_delta": "0.000488000", - "frame.time_delta_displayed": "0.000488000", - "frame.time_relative": "540.503476000", - "frame.number": "2040", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000427c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000075f7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54544", - "tcp.port": "80", - "tcp.port": "54544", - "tcp.stream": "101", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000c358", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2039", - "tcp.analysis.ack_rtt": "0.000488000", - "tcp.analysis.initial_rtt": "0.003432000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:31.964738000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494131.964738000", - "frame.time_delta": "0.000576000", - "frame.time_delta_displayed": "0.000576000", - "frame.time_relative": "540.504052000", - "frame.number": "2041", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000427d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000075e5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54544", - "tcp.port": "80", - "tcp.port": "54544", - "tcp.stream": "101", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000037a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003432000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:31.965083000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494131.965083000", - "frame.time_delta": "0.000345000", - "frame.time_delta_displayed": "0.000345000", - "frame.time_relative": "540.504397000", - "frame.number": "2042", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000427e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007212", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54544", - "tcp.port": "80", - "tcp.port": "54544", - "tcp.stream": "101", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000055e3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003432000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "2041", - "tcp.segment": "2042", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001409000", - "http.request_in": "2039", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:31.967130000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494131.967130000", - "frame.time_delta": "0.002047000", - "frame.time_delta_displayed": "0.002047000", - "frame.time_relative": "540.506444000", - "frame.number": "2043", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001956", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f1d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54544", - "tcp.dstport": "80", - "tcp.port": "54544", - "tcp.port": "80", - "tcp.stream": "101", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000cd2f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2042", - "tcp.analysis.ack_rtt": "0.002047000", - "tcp.analysis.initial_rtt": "0.003432000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:31.967712000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494131.967712000", - "frame.time_delta": "0.000582000", - "frame.time_delta_displayed": "0.000582000", - "frame.time_relative": "540.507026000", - "frame.number": "2044", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001957", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f1c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54544", - "tcp.dstport": "80", - "tcp.port": "54544", - "tcp.port": "80", - "tcp.stream": "101", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000cd2e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:31.968155000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494131.968155000", - "frame.time_delta": "0.000443000", - "frame.time_delta_displayed": "0.000443000", - "frame.time_relative": "540.507469000", - "frame.number": "2045", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000f3ff", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000c473", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54544", - "tcp.port": "80", - "tcp.port": "54544", - "tcp.stream": "101", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000bf62", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2044", - "tcp.analysis.ack_rtt": "0.000443000", - "tcp.analysis.initial_rtt": "0.003432000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:32.008279000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494132.008279000", - "frame.time_delta": "0.040124000", - "frame.time_delta_displayed": "0.040124000", - "frame.time_relative": "540.547593000", - "frame.number": "2046", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00005c66", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00005adc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "314", - "udp.checksum": "0x00000771", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "29", - "http.prev_response_in": "2035" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:32.018861000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494132.018861000", - "frame.time_delta": "0.010582000", - "frame.time_delta_displayed": "0.010582000", - "frame.time_relative": "540.558175000", - "frame.number": "2047", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001958", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f0f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54545", - "tcp.dstport": "80", - "tcp.port": "54545", - "tcp.port": "80", - "tcp.stream": "102", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x000058c8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:32.019409000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494132.019409000", - "frame.time_delta": "0.000548000", - "frame.time_delta_displayed": "0.000548000", - "frame.time_relative": "540.558723000", - "frame.number": "2048", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54545", - "tcp.port": "80", - "tcp.port": "54545", - "tcp.stream": "102", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00004618", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2047", - "tcp.analysis.ack_rtt": "0.000548000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:32.027365000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494132.027365000", - "frame.time_delta": "0.007956000", - "frame.time_delta_displayed": "0.007956000", - "frame.time_relative": "540.566679000", - "frame.number": "2049", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001959", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f1a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54545", - "tcp.dstport": "80", - "tcp.port": "54545", - "tcp.port": "80", - "tcp.stream": "102", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000f7f6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2048", - "tcp.analysis.ack_rtt": "0.007956000", - "tcp.analysis.initial_rtt": "0.008504000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:32.028760000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494132.028760000", - "frame.time_delta": "0.001395000", - "frame.time_delta_displayed": "0.001395000", - "frame.time_relative": "540.568074000", - "frame.number": "2050", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x0000195a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005e72", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54545", - "tcp.dstport": "80", - "tcp.port": "54545", - "tcp.port": "80", - "tcp.stream": "102", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00000d70", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.008504000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:32.029300000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494132.029300000", - "frame.time_delta": "0.000540000", - "frame.time_delta_displayed": "0.000540000", - "frame.time_relative": "540.568614000", - "frame.number": "2051", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000fc9d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000bbd5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54545", - "tcp.port": "80", - "tcp.port": "54545", - "tcp.stream": "102", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000e987", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2050", - "tcp.analysis.ack_rtt": "0.000540000", - "tcp.analysis.initial_rtt": "0.008504000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:32.029885000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494132.029885000", - "frame.time_delta": "0.000585000", - "frame.time_delta_displayed": "0.000585000", - "frame.time_relative": "540.569199000", - "frame.number": "2052", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000fc9e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000bbc3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54545", - "tcp.port": "80", - "tcp.port": "54545", - "tcp.stream": "102", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000029a9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.008504000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:32.030309000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494132.030309000", - "frame.time_delta": "0.000424000", - "frame.time_delta_displayed": "0.000424000", - "frame.time_relative": "540.569623000", - "frame.number": "2053", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000fc9f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b7f0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54545", - "tcp.port": "80", - "tcp.port": "54545", - "tcp.stream": "102", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00007c12", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.008504000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "2052", - "tcp.segment": "2053", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001549000", - "http.request_in": "2050", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:32.033432000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494132.033432000", - "frame.time_delta": "0.003123000", - "frame.time_delta_displayed": "0.003123000", - "frame.time_relative": "540.572746000", - "frame.number": "2054", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000195b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f18", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54545", - "tcp.dstport": "80", - "tcp.port": "54545", - "tcp.port": "80", - "tcp.stream": "102", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000f35e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2053", - "tcp.analysis.ack_rtt": "0.003123000", - "tcp.analysis.initial_rtt": "0.008504000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:32.033824000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494132.033824000", - "frame.time_delta": "0.000392000", - "frame.time_delta_displayed": "0.000392000", - "frame.time_relative": "540.573138000", - "frame.number": "2055", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000195c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f17", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54545", - "tcp.dstport": "80", - "tcp.port": "54545", - "tcp.port": "80", - "tcp.stream": "102", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000f35d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:32.034275000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494132.034275000", - "frame.time_delta": "0.000451000", - "frame.time_delta_displayed": "0.000451000", - "frame.time_relative": "540.573589000", - "frame.number": "2056", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000f406", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000c46c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54545", - "tcp.port": "80", - "tcp.port": "54545", - "tcp.stream": "102", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000e591", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2055", - "tcp.analysis.ack_rtt": "0.000451000", - "tcp.analysis.initial_rtt": "0.008504000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:32.062203000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494132.062203000", - "frame.time_delta": "0.027928000", - "frame.time_delta_displayed": "0.027928000", - "frame.time_relative": "540.601517000", - "frame.number": "2057", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00005c67", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00005ae1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "308", - "udp.checksum": "0x00002afb", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "30", - "http.prev_response_in": "2046" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:32.065842000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494132.065842000", - "frame.time_delta": "0.003639000", - "frame.time_delta_displayed": "0.003639000", - "frame.time_relative": "540.605156000", - "frame.number": "2058", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000195d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f0a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54546", - "tcp.dstport": "80", - "tcp.port": "54546", - "tcp.port": "80", - "tcp.stream": "103", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x000050b0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:32.066377000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494132.066377000", - "frame.time_delta": "0.000535000", - "frame.time_delta_displayed": "0.000535000", - "frame.time_relative": "540.605691000", - "frame.number": "2059", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54546", - "tcp.port": "80", - "tcp.port": "54546", - "tcp.stream": "103", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000588b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2058", - "tcp.analysis.ack_rtt": "0.000535000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:32.071253000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494132.071253000", - "frame.time_delta": "0.004876000", - "frame.time_delta_displayed": "0.004876000", - "frame.time_relative": "540.610567000", - "frame.number": "2060", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000195e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f15", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54546", - "tcp.dstport": "80", - "tcp.port": "54546", - "tcp.port": "80", - "tcp.stream": "103", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00000a6a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2059", - "tcp.analysis.ack_rtt": "0.004876000", - "tcp.analysis.initial_rtt": "0.005411000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:32.071903000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494132.071903000", - "frame.time_delta": "0.000650000", - "frame.time_delta_displayed": "0.000650000", - "frame.time_relative": "540.611217000", - "frame.number": "2061", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x0000195f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005e6d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54546", - "tcp.dstport": "80", - "tcp.port": "54546", - "tcp.port": "80", - "tcp.stream": "103", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00001fe3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005411000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:32.072391000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494132.072391000", - "frame.time_delta": "0.000488000", - "frame.time_delta_displayed": "0.000488000", - "frame.time_relative": "540.611705000", - "frame.number": "2062", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000c079", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f7f9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54546", - "tcp.port": "80", - "tcp.port": "54546", - "tcp.stream": "103", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000fbfa", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2061", - "tcp.analysis.ack_rtt": "0.000488000", - "tcp.analysis.initial_rtt": "0.005411000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:32.072984000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494132.072984000", - "frame.time_delta": "0.000593000", - "frame.time_delta_displayed": "0.000593000", - "frame.time_relative": "540.612298000", - "frame.number": "2063", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000c07a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f7e7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54546", - "tcp.port": "80", - "tcp.port": "54546", - "tcp.stream": "103", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00003c1c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005411000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:32.073334000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494132.073334000", - "frame.time_delta": "0.000350000", - "frame.time_delta_displayed": "0.000350000", - "frame.time_relative": "540.612648000", - "frame.number": "2064", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000c07b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f414", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54546", - "tcp.port": "80", - "tcp.port": "54546", - "tcp.stream": "103", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00008e85", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005411000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "2063", - "tcp.segment": "2064", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001431000", - "http.request_in": "2061", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:32.076283000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494132.076283000", - "frame.time_delta": "0.002949000", - "frame.time_delta_displayed": "0.002949000", - "frame.time_relative": "540.615597000", - "frame.number": "2065", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001960", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f13", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54546", - "tcp.dstport": "80", - "tcp.port": "54546", - "tcp.port": "80", - "tcp.stream": "103", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000005d2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2064", - "tcp.analysis.ack_rtt": "0.002949000", - "tcp.analysis.initial_rtt": "0.005411000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:32.076973000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494132.076973000", - "frame.time_delta": "0.000690000", - "frame.time_delta_displayed": "0.000690000", - "frame.time_relative": "540.616287000", - "frame.number": "2066", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001961", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005f12", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54546", - "tcp.dstport": "80", - "tcp.port": "54546", - "tcp.port": "80", - "tcp.stream": "103", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000005d1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:32.077405000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494132.077405000", - "frame.time_delta": "0.000432000", - "frame.time_delta_displayed": "0.000432000", - "frame.time_relative": "540.616719000", - "frame.number": "2067", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000f407", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000c46b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54546", - "tcp.port": "80", - "tcp.port": "54546", - "tcp.stream": "103", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000f804", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2066", - "tcp.analysis.ack_rtt": "0.000432000", - "tcp.analysis.initial_rtt": "0.005411000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:34.044628000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494134.044628000", - "frame.time_delta": "1.967223000", - "frame.time_delta_displayed": "1.967223000", - "frame.time_relative": "542.583942000", - "frame.number": "2068", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x0000b5d7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000028a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "50848", - "udp.dstport": "53", - "udp.port": "50848", - "udp.port": "53", - "udp.length": "52", - "udp.checksum": "0x0000ec36", - "udp.checksum.status": "2", - "udp.stream": "40" - }, - "dns": { - "dns.id": "0x000063c4", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "fw-update2.smartthings.com: type A, class IN": { - "dns.qry.name": "fw-update2.smartthings.com", - "dns.qry.name.len": "26", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:34.044643000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494134.044643000", - "frame.time_delta": "0.000015000", - "frame.time_delta_displayed": "0.000015000", - "frame.time_relative": "542.583957000", - "frame.number": "2069", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x0000b5d8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00000289", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "50848", - "udp.dstport": "53", - "udp.port": "50848", - "udp.port": "53", - "udp.length": "52", - "udp.checksum": "0x00001f05", - "udp.checksum.status": "2", - "udp.stream": "40" - }, - "dns": { - "dns.id": "0x000030db", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "fw-update2.smartthings.com: type AAAA, class IN": { - "dns.qry.name": "fw-update2.smartthings.com", - "dns.qry.name.len": "26", - "dns.count.labels": "3", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:34.045820000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494134.045820000", - "frame.time_delta": "0.001177000", - "frame.time_delta_displayed": "0.001177000", - "frame.time_relative": "542.585134000", - "frame.number": "2070", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x0000e86c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000cff4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "50848", - "udp.port": "53", - "udp.port": "50848", - "udp.length": "52", - "udp.checksum": "0x00008289", - "udp.checksum.status": "2", - "udp.stream": "40" - }, - "dns": { - "dns.response_to": "2069", - "dns.time": "0.001177000", - "dns.id": "0x000030db", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "fw-update2.smartthings.com: type AAAA, class IN": { - "dns.qry.name": "fw-update2.smartthings.com", - "dns.qry.name.len": "26", - "dns.count.labels": "3", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:34.046623000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494134.046623000", - "frame.time_delta": "0.000803000", - "frame.time_delta_displayed": "0.000803000", - "frame.time_relative": "542.585937000", - "frame.number": "2071", - "frame.len": "447", - "frame.cap_len": "447", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "433", - "ip.id": "0x0000e86d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000ce8a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "50848", - "udp.port": "53", - "udp.port": "50848", - "udp.length": "413", - "udp.checksum": "0x000083f2", - "udp.checksum.status": "2", - "udp.stream": "40" - }, - "dns": { - "dns.response_to": "2068", - "dns.time": "0.001995000", - "dns.id": "0x000063c4", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "3", - "dns.count.auth_rr": "4", - "dns.count.add_rr": "8", - "Queries": { - "fw-update2.smartthings.com: type A, class IN": { - "dns.qry.name": "fw-update2.smartthings.com", - "dns.qry.name.len": "26", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "fw-update2.smartthings.com: type A, class IN, addr 34.231.50.247": { - "dns.resp.name": "fw-update2.smartthings.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "34", - "dns.resp.len": "4", - "dns.a": "34.231.50.247" - }, - "fw-update2.smartthings.com: type A, class IN, addr 52.70.238.171": { - "dns.resp.name": "fw-update2.smartthings.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "34", - "dns.resp.len": "4", - "dns.a": "52.70.238.171" - }, - "fw-update2.smartthings.com: type A, class IN, addr 52.4.156.100": { - "dns.resp.name": "fw-update2.smartthings.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "34", - "dns.resp.len": "4", - "dns.a": "52.4.156.100" - } - }, - "Authoritative nameservers": { - "smartthings.com: type NS, class IN, ns ns-1275.awsdns-31.org": { - "dns.resp.name": "smartthings.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "64595", - "dns.resp.len": "23", - "dns.ns": "ns-1275.awsdns-31.org" - }, - "smartthings.com: type NS, class IN, ns ns-442.awsdns-55.com": { - "dns.resp.name": "smartthings.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "64595", - "dns.resp.len": "19", - "dns.ns": "ns-442.awsdns-55.com" - }, - "smartthings.com: type NS, class IN, ns ns-779.awsdns-33.net": { - "dns.resp.name": "smartthings.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "64595", - "dns.resp.len": "22", - "dns.ns": "ns-779.awsdns-33.net" - }, - "smartthings.com: type NS, class IN, ns ns-1610.awsdns-09.co.uk": { - "dns.resp.name": "smartthings.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "64595", - "dns.resp.len": "25", - "dns.ns": "ns-1610.awsdns-09.co.uk" - } - }, - "Additional records": { - "ns-442.awsdns-55.com: type A, class IN, addr 205.251.193.186": { - "dns.resp.name": "ns-442.awsdns-55.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "151419", - "dns.resp.len": "4", - "dns.a": "205.251.193.186" - }, - "ns-779.awsdns-33.net: type A, class IN, addr 205.251.195.11": { - "dns.resp.name": "ns-779.awsdns-33.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "60456", - "dns.resp.len": "4", - "dns.a": "205.251.195.11" - }, - "ns-1275.awsdns-31.org: type A, class IN, addr 205.251.196.251": { - "dns.resp.name": "ns-1275.awsdns-31.org", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "58695", - "dns.resp.len": "4", - "dns.a": "205.251.196.251" - }, - "ns-1610.awsdns-09.co.uk: type A, class IN, addr 205.251.198.74": { - "dns.resp.name": "ns-1610.awsdns-09.co.uk", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "58797", - "dns.resp.len": "4", - "dns.a": "205.251.198.74" - }, - "ns-442.awsdns-55.com: type AAAA, class IN, addr 2600:9000:5301:ba00::1": { - "dns.resp.name": "ns-442.awsdns-55.com", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "102352", - "dns.resp.len": "16", - "dns.aaaa": "2600:9000:5301:ba00::1" - }, - "ns-779.awsdns-33.net: type AAAA, class IN, addr 2600:9000:5303:b00::1": { - "dns.resp.name": "ns-779.awsdns-33.net", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "60456", - "dns.resp.len": "16", - "dns.aaaa": "2600:9000:5303:b00::1" - }, - "ns-1275.awsdns-31.org: type AAAA, class IN, addr 2600:9000:5304:fb00::1": { - "dns.resp.name": "ns-1275.awsdns-31.org", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "58695", - "dns.resp.len": "16", - "dns.aaaa": "2600:9000:5304:fb00::1" - }, - "ns-1610.awsdns-09.co.uk: type AAAA, class IN, addr 2600:9000:5306:4a00::1": { - "dns.resp.name": "ns-1610.awsdns-09.co.uk", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "58797", - "dns.resp.len": "16", - "dns.aaaa": "2600:9000:5306:4a00::1" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:34.047684000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494134.047684000", - "frame.time_delta": "0.001061000", - "frame.time_delta_displayed": "0.001061000", - "frame.time_relative": "542.586998000", - "frame.number": "2072", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x0000a79a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007ba9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "34.231.50.247", - "ip.addr": "34.231.50.247", - "ip.dst_host": "34.231.50.247", - "ip.host": "34.231.50.247", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Houston, TX, 29.699699, -95.585899": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Houston, TX", - "ip.geoip.city": "Houston, TX", - "ip.geoip.dst_lat": "29.699699", - "ip.geoip.lat": "29.699699", - "ip.geoip.dst_lon": "-95.585899", - "ip.geoip.lon": "-95.585899" - } - }, - "tcp": { - "tcp.srcport": "54359", - "tcp.dstport": "443", - "tcp.port": "54359", - "tcp.port": "443", - "tcp.stream": "104", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 443", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "14600", - "tcp.window_size": "14600", - "tcp.checksum": "0x00006990", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:25:84:e0:00:00:00:00:01:03:03:06", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 2458848, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2458848", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 6 (multiply by 64)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "6", - "tcp.options.wscale.multiplier": "64" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:34.121794000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494134.121794000", - "frame.time_delta": "0.074110000", - "frame.time_delta_displayed": "0.074110000", - "frame.time_relative": "542.661108000", - "frame.number": "2073", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "229", - "ip.proto": "6", - "ip.checksum": "0x00007e43", - "ip.checksum.status": "2", - "ip.src": "34.231.50.247", - "ip.addr": "34.231.50.247", - "ip.src_host": "34.231.50.247", - "ip.host": "34.231.50.247", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Houston, TX, 29.699699, -95.585899": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Houston, TX", - "ip.geoip.city": "Houston, TX", - "ip.geoip.src_lat": "29.699699", - "ip.geoip.lat": "29.699699", - "ip.geoip.src_lon": "-95.585899", - "ip.geoip.lon": "-95.585899" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "54359", - "tcp.port": "443", - "tcp.port": "54359", - "tcp.stream": "104", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 443", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "26847", - "tcp.window_size": "26847", - "tcp.checksum": "0x00004caf", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:4b:44:4c:63:00:25:84:e0:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 1262767203, TSecr 2458848": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "1262767203", - "tcp.options.timestamp.tsecr": "2458848" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2072", - "tcp.analysis.ack_rtt": "0.074110000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:34.122294000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494134.122294000", - "frame.time_delta": "0.000500000", - "frame.time_delta_displayed": "0.000500000", - "frame.time_relative": "542.661608000", - "frame.number": "2074", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000a79b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007bb0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "34.231.50.247", - "ip.addr": "34.231.50.247", - "ip.dst_host": "34.231.50.247", - "ip.host": "34.231.50.247", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Houston, TX, 29.699699, -95.585899": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Houston, TX", - "ip.geoip.city": "Houston, TX", - "ip.geoip.dst_lat": "29.699699", - "ip.geoip.lat": "29.699699", - "ip.geoip.dst_lon": "-95.585899", - "ip.geoip.lon": "-95.585899" - } - }, - "tcp": { - "tcp.srcport": "54359", - "tcp.dstport": "443", - "tcp.port": "54359", - "tcp.port": "443", - "tcp.stream": "104", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "229", - "tcp.window_size": "14656", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000e36f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:84:e7:4b:44:4c:63", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2458855, TSecr 1262767203": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2458855", - "tcp.options.timestamp.tsecr": "1262767203" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2073", - "tcp.analysis.ack_rtt": "0.000500000", - "tcp.analysis.initial_rtt": "0.074610000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:34.124420000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494134.124420000", - "frame.time_delta": "0.002126000", - "frame.time_delta_displayed": "0.002126000", - "frame.time_relative": "542.663734000", - "frame.number": "2075", - "frame.len": "373", - "frame.cap_len": "373", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "359", - "ip.id": "0x0000a79c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007a7c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "34.231.50.247", - "ip.addr": "34.231.50.247", - "ip.dst_host": "34.231.50.247", - "ip.host": "34.231.50.247", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Houston, TX, 29.699699, -95.585899": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Houston, TX", - "ip.geoip.city": "Houston, TX", - "ip.geoip.dst_lat": "29.699699", - "ip.geoip.lat": "29.699699", - "ip.geoip.dst_lon": "-95.585899", - "ip.geoip.lon": "-95.585899" - } - }, - "tcp": { - "tcp.srcport": "54359", - "tcp.dstport": "443", - "tcp.port": "54359", - "tcp.port": "443", - "tcp.stream": "104", - "tcp.len": "307", - "tcp.seq": "1", - "tcp.nxtseq": "308", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "229", - "tcp.window_size": "14656", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x000076a7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:84:e7:4b:44:4c:63", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2458855, TSecr 1262767203": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2458855", - "tcp.options.timestamp.tsecr": "1262767203" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.074610000", - "tcp.analysis.bytes_in_flight": "307", - "tcp.analysis.push_bytes_sent": "307" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "22", - "ssl.record.version": "0x00000301", - "ssl.record.length": "302", - "ssl.handshake": { - "ssl.handshake.type": "1", - "ssl.handshake.length": "298", - "ssl.handshake.version": "0x00000303", - "Random": { - "ssl.handshake.random_time": "Jun 25, 2043 04:08:39.000000000 PDT", - "ssl.handshake.random": "5c:db:c1:a4:f9:25:4b:76:fe:a0:76:93:60:73:7e:ab:9b:bf:a6:14:0c:9a:14:13:d5:b3:c1:10" - }, - "ssl.handshake.session_id_length": "0", - "ssl.handshake.cipher_suites_length": "148", - "ssl.handshake.ciphersuites": { - "ssl.handshake.ciphersuite": "49200", - "ssl.handshake.ciphersuite": "49196", - "ssl.handshake.ciphersuite": "49192", - "ssl.handshake.ciphersuite": "49188", - "ssl.handshake.ciphersuite": "49172", - "ssl.handshake.ciphersuite": "49162", - "ssl.handshake.ciphersuite": "163", - "ssl.handshake.ciphersuite": "159", - "ssl.handshake.ciphersuite": "107", - "ssl.handshake.ciphersuite": "106", - "ssl.handshake.ciphersuite": "57", - "ssl.handshake.ciphersuite": "56", - "ssl.handshake.ciphersuite": "136", - "ssl.handshake.ciphersuite": "135", - "ssl.handshake.ciphersuite": "49202", - "ssl.handshake.ciphersuite": "49198", - "ssl.handshake.ciphersuite": "49194", - "ssl.handshake.ciphersuite": "49190", - "ssl.handshake.ciphersuite": "49167", - "ssl.handshake.ciphersuite": "49157", - "ssl.handshake.ciphersuite": "157", - "ssl.handshake.ciphersuite": "61", - "ssl.handshake.ciphersuite": "53", - "ssl.handshake.ciphersuite": "132", - "ssl.handshake.ciphersuite": "49199", - "ssl.handshake.ciphersuite": "49195", - "ssl.handshake.ciphersuite": "49191", - "ssl.handshake.ciphersuite": "49187", - "ssl.handshake.ciphersuite": "49171", - "ssl.handshake.ciphersuite": "49161", - "ssl.handshake.ciphersuite": "162", - "ssl.handshake.ciphersuite": "158", - "ssl.handshake.ciphersuite": "103", - "ssl.handshake.ciphersuite": "64", - "ssl.handshake.ciphersuite": "51", - "ssl.handshake.ciphersuite": "50", - "ssl.handshake.ciphersuite": "154", - "ssl.handshake.ciphersuite": "153", - "ssl.handshake.ciphersuite": "69", - "ssl.handshake.ciphersuite": "68", - "ssl.handshake.ciphersuite": "49201", - "ssl.handshake.ciphersuite": "49197", - "ssl.handshake.ciphersuite": "49193", - "ssl.handshake.ciphersuite": "49189", - "ssl.handshake.ciphersuite": "49166", - "ssl.handshake.ciphersuite": "49156", - "ssl.handshake.ciphersuite": "156", - "ssl.handshake.ciphersuite": "60", - "ssl.handshake.ciphersuite": "47", - "ssl.handshake.ciphersuite": "150", - "ssl.handshake.ciphersuite": "65", - "ssl.handshake.ciphersuite": "7", - "ssl.handshake.ciphersuite": "49169", - "ssl.handshake.ciphersuite": "49159", - "ssl.handshake.ciphersuite": "49164", - "ssl.handshake.ciphersuite": "49154", - "ssl.handshake.ciphersuite": "5", - "ssl.handshake.ciphersuite": "4", - "ssl.handshake.ciphersuite": "49170", - "ssl.handshake.ciphersuite": "49160", - "ssl.handshake.ciphersuite": "22", - "ssl.handshake.ciphersuite": "19", - "ssl.handshake.ciphersuite": "49165", - "ssl.handshake.ciphersuite": "49155", - "ssl.handshake.ciphersuite": "10", - "ssl.handshake.ciphersuite": "21", - "ssl.handshake.ciphersuite": "18", - "ssl.handshake.ciphersuite": "9", - "ssl.handshake.ciphersuite": "20", - "ssl.handshake.ciphersuite": "17", - "ssl.handshake.ciphersuite": "8", - "ssl.handshake.ciphersuite": "6", - "ssl.handshake.ciphersuite": "3", - "ssl.handshake.ciphersuite": "255" - }, - "ssl.handshake.comp_methods_length": "1", - "ssl.handshake.comp_methods": { - "ssl.handshake.comp_method": "0" - }, - "ssl.handshake.extensions_length": "109", - "Extension: ec_point_formats": { - "ssl.handshake.extension.type": "0x0000000b", - "ssl.handshake.extension.len": "4", - "ssl.handshake.extensions_ec_point_formats_length": "3", - "ssl.handshake.extensions_elliptic_curves": { - "ssl.handshake.extensions_ec_point_format": "0", - "ssl.handshake.extensions_ec_point_format": "1", - "ssl.handshake.extensions_ec_point_format": "2" - } - }, - "Extension: elliptic_curves": { - "ssl.handshake.extension.type": "0x0000000a", - "ssl.handshake.extension.len": "52", - "ssl.handshake.extensions_elliptic_curves_length": "50", - "ssl.handshake.extensions_elliptic_curves": { - "ssl.handshake.extensions_elliptic_curve": "0x0000000e", - "ssl.handshake.extensions_elliptic_curve": "0x0000000d", - "ssl.handshake.extensions_elliptic_curve": "0x00000019", - "ssl.handshake.extensions_elliptic_curve": "0x0000000b", - "ssl.handshake.extensions_elliptic_curve": "0x0000000c", - "ssl.handshake.extensions_elliptic_curve": "0x00000018", - "ssl.handshake.extensions_elliptic_curve": "0x00000009", - "ssl.handshake.extensions_elliptic_curve": "0x0000000a", - "ssl.handshake.extensions_elliptic_curve": "0x00000016", - "ssl.handshake.extensions_elliptic_curve": "0x00000017", - "ssl.handshake.extensions_elliptic_curve": "0x00000008", - "ssl.handshake.extensions_elliptic_curve": "0x00000006", - "ssl.handshake.extensions_elliptic_curve": "0x00000007", - "ssl.handshake.extensions_elliptic_curve": "0x00000014", - "ssl.handshake.extensions_elliptic_curve": "0x00000015", - "ssl.handshake.extensions_elliptic_curve": "0x00000004", - "ssl.handshake.extensions_elliptic_curve": "0x00000005", - "ssl.handshake.extensions_elliptic_curve": "0x00000012", - "ssl.handshake.extensions_elliptic_curve": "0x00000013", - "ssl.handshake.extensions_elliptic_curve": "0x00000001", - "ssl.handshake.extensions_elliptic_curve": "0x00000002", - "ssl.handshake.extensions_elliptic_curve": "0x00000003", - "ssl.handshake.extensions_elliptic_curve": "0x0000000f", - "ssl.handshake.extensions_elliptic_curve": "0x00000010", - "ssl.handshake.extensions_elliptic_curve": "0x00000011" - } - }, - "Extension: SessionTicket TLS": { - "ssl.handshake.extension.type": "0x00000023", - "ssl.handshake.extension.len": "0", - "ssl.handshake.extension.data": "" - }, - "Extension: signature_algorithms": { - "ssl.handshake.extension.type": "0x0000000d", - "ssl.handshake.extension.len": "32", - "ssl.handshake.sig_hash_alg_len": "30", - "ssl.handshake.sig_hash_algs": { - "ssl.handshake.sig_hash_alg": "0x00000601", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "6", - "ssl.handshake.sig_hash_sig": "1" - }, - "ssl.handshake.sig_hash_alg": "0x00000602", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "6", - "ssl.handshake.sig_hash_sig": "2" - }, - "ssl.handshake.sig_hash_alg": "0x00000603", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "6", - "ssl.handshake.sig_hash_sig": "3" - }, - "ssl.handshake.sig_hash_alg": "0x00000501", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "5", - "ssl.handshake.sig_hash_sig": "1" - }, - "ssl.handshake.sig_hash_alg": "0x00000502", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "5", - "ssl.handshake.sig_hash_sig": "2" - }, - "ssl.handshake.sig_hash_alg": "0x00000503", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "5", - "ssl.handshake.sig_hash_sig": "3" - }, - "ssl.handshake.sig_hash_alg": "0x00000401", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "4", - "ssl.handshake.sig_hash_sig": "1" - }, - "ssl.handshake.sig_hash_alg": "0x00000402", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "4", - "ssl.handshake.sig_hash_sig": "2" - }, - "ssl.handshake.sig_hash_alg": "0x00000403", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "4", - "ssl.handshake.sig_hash_sig": "3" - }, - "ssl.handshake.sig_hash_alg": "0x00000301", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "3", - "ssl.handshake.sig_hash_sig": "1" - }, - "ssl.handshake.sig_hash_alg": "0x00000302", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "3", - "ssl.handshake.sig_hash_sig": "2" - }, - "ssl.handshake.sig_hash_alg": "0x00000303", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "3", - "ssl.handshake.sig_hash_sig": "3" - }, - "ssl.handshake.sig_hash_alg": "0x00000201", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "2", - "ssl.handshake.sig_hash_sig": "1" - }, - "ssl.handshake.sig_hash_alg": "0x00000202", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "2", - "ssl.handshake.sig_hash_sig": "2" - }, - "ssl.handshake.sig_hash_alg": "0x00000203", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "2", - "ssl.handshake.sig_hash_sig": "3" - } - } - }, - "Extension: Heartbeat": { - "ssl.handshake.extension.type": "0x0000000f", - "ssl.handshake.extension.len": "1", - "ssl.handshake.extension.heartbeat.mode": "1" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:34.198483000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494134.198483000", - "frame.time_delta": "0.074063000", - "frame.time_delta_displayed": "0.074063000", - "frame.time_relative": "542.737797000", - "frame.number": "2076", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000674e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "229", - "ip.proto": "6", - "ip.checksum": "0x000016fd", - "ip.checksum.status": "2", - "ip.src": "34.231.50.247", - "ip.addr": "34.231.50.247", - "ip.src_host": "34.231.50.247", - "ip.host": "34.231.50.247", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Houston, TX, 29.699699, -95.585899": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Houston, TX", - "ip.geoip.city": "Houston, TX", - "ip.geoip.src_lat": "29.699699", - "ip.geoip.lat": "29.699699", - "ip.geoip.src_lon": "-95.585899", - "ip.geoip.lon": "-95.585899" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "54359", - "tcp.port": "443", - "tcp.port": "54359", - "tcp.stream": "104", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "308", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "110", - "tcp.window_size": "28160", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000e2a0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:4b:44:4c:76:00:25:84:e7", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 1262767222, TSecr 2458855": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "1262767222", - "tcp.options.timestamp.tsecr": "2458855" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2075", - "tcp.analysis.ack_rtt": "0.074063000", - "tcp.analysis.initial_rtt": "0.074610000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:34.199789000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494134.199789000", - "frame.time_delta": "0.001306000", - "frame.time_delta_displayed": "0.001306000", - "frame.time_relative": "542.739103000", - "frame.number": "2077", - "frame.len": "1514", - "frame.cap_len": "1514", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1500", - "ip.id": "0x0000674f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "229", - "ip.proto": "6", - "ip.checksum": "0x00001154", - "ip.checksum.status": "2", - "ip.src": "34.231.50.247", - "ip.addr": "34.231.50.247", - "ip.src_host": "34.231.50.247", - "ip.host": "34.231.50.247", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Houston, TX, 29.699699, -95.585899": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Houston, TX", - "ip.geoip.city": "Houston, TX", - "ip.geoip.src_lat": "29.699699", - "ip.geoip.lat": "29.699699", - "ip.geoip.src_lon": "-95.585899", - "ip.geoip.lon": "-95.585899" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "54359", - "tcp.port": "443", - "tcp.port": "54359", - "tcp.stream": "104", - "tcp.len": "1448", - "tcp.seq": "1", - "tcp.nxtseq": "1449", - "tcp.ack": "308", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "110", - "tcp.window_size": "28160", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00001d47", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:4b:44:4c:76:00:25:84:e7", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 1262767222, TSecr 2458855": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "1262767222", - "tcp.options.timestamp.tsecr": "2458855" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.074610000", - "tcp.analysis.bytes_in_flight": "1448", - "tcp.analysis.push_bytes_sent": "1448" - }, - "tcp.segment_data": "16:03:03:05:49:0b:00:05:45:00:05:42:00:03:09:30:82:03:05:30:82:02:6e:a0:03:02:01:02:02:01:00:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:34:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:34:34:5a:30:5f:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:10:30:0e:06:03:55:04:03:13:07:53:54:46:57:53:52:56:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:c9:56:e8:6d:ec:56:0a:e8:a6:09:dc:50:d1:72:66:6d:16:64:1c:fa:f4:df:ab:ee:e5:89:6f:90:1c:78:63:3a:cd:18:c9:a0:0a:c2:c9:09:99:15:ce:93:87:44:31:dc:56:53:c4:1d:bd:6a:6a:96:2d:97:e8:16:59:4c:b6:13:6d:a7:e6:e1:1e:51:8f:7a:40:d9:eb:47:f6:88:3f:04:7a:a2:3a:49:ae:c4:fb:fe:f3:b6:72:59:38:60:5e:cf:12:0d:db:15:fe:f5:c9:0c:89:b1:91:59:69:d0:4a:1c:0a:86:4d:6f:66:19:22:eb:57:e3:c8:8f:b7:f6:4d:8b:02:03:01:00:01:a3:81:d3:30:81:d0:30:09:06:03:55:1d:13:04:02:30:00:30:2c:06:09:60:86:48:01:86:f8:42:01:0d:04:1f:16:1d:4f:70:65:6e:53:53:4c:20:47:65:6e:65:72:61:74:65:64:20:43:65:72:74:69:66:69:63:61:74:65:30:1d:06:03:55:1d:0e:04:16:04:14:01:07:04:ee:a6:17:33:cc:2d:e5:e1:56:cd:43:0f:b2:71:42:05:02:30:76:06:03:55:1d:23:04:6f:30:6d:a1:60:a4:5e:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:82:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:0f:26:11:8e:c5:ab:4b:39:27:63:dc:70:73:ad:5b:c3:b1:83:2e:2d:8d:93:d4:2a:6e:70:9a:38:75:cc:0c:c4:0d:13:ae:b5:72:2f:15:bf:44:17:4a:3d:c2:8b:15:3d:87:ce:90:01:e6:20:b4:55:04:15:30:3f:ac:1b:78:f8:ff:c0:64:74:c2:29:96:f3:5f:be:a1:59:6e:24:e4:0f:4b:08:71:22:83:e6:9a:ce:7f:64:11:05:4c:33:40:04:42:a4:bf:b0:e8:e5:50:2b:0f:7b:20:ec:53:4e:da:b4:e5:8f:3c:d1:bb:ab:95:e6:16:7a:9a:72:e5:e6:53:79:00:02:33:30:82:02:2f:30:82:01:98:02:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:33:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:33:34:5a:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:eb:7c:8a:c0:0c:30:96:1b:ea:91:46:ea:ed:6b:41:f5:f0:f6:0a:16:a7:f3:cd:25:e9:4a:2c:9b:b4:66:58:54:22:a2:ad:5a:31:51:fe:85:9a:52:f5:e0:b8:45:2e:05:75:5e:fd:39:35:35:11:62:26:19:f8:7b:7d:8d:aa:73:b4:24:ab:c3:b1:08:c5:81:f1:1f:a8:3a:e6:13:ce:42:d4:67:59:3c:50:1d:6b:a2:f9:87:11:24:b5:ca:e0:cc:23:54:af:1a:9d:60:21:8e:41:4c:f9:00:4f:8e:2e:48:be:60:61:25:8a:bb:e5:16:ac:c0:01:fe:bf:6c:ee:7f:02:03:01:00:01:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:48:44:84:f7:d5:c5:67:7f:cb:ea:65:30:ba:64:5c:53:a1:6d:22:f4:de:32:75:b0:cc:53:3d:29:00:14:5a:78:1c:40:a5:2d:4e:7e:fa:c8:d6:22:c3:3e:56:3f:33:22:0b:7a:23:02:e5:75:49:94:70:27:b4:a4:a4:48:5f:77:a2:09:78:90:0e:0d:41:6d:26:a7:9f:9b:e0:16:4f:9c:16:98:14:5e:99:67:f1:cb:ff:5d:b2:7e:bf:b3:fd:c3:b3:d5:fb:3a:fe:78:2d:df:5a:6f:db:e3:3a:b0:93:6f:ed:c8:ee:58:a4:f6:95:5e:43:48:37:1e" - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "22", - "ssl.record.version": "0x00000303", - "ssl.record.length": "89", - "ssl.handshake": { - "ssl.handshake.type": "2", - "ssl.handshake.length": "85", - "ssl.handshake.version": "0x00000303", - "Random": { - "ssl.handshake.random_time": "May 10, 1985 05:24:55.000000000 PDT", - "ssl.handshake.random": "8b:34:53:cd:cc:72:6d:2d:53:23:f2:57:30:4d:e1:d4:3c:55:72:20:a9:59:0c:a2:81:66:14:15" - }, - "ssl.handshake.session_id_length": "32", - "ssl.handshake.session_id": "a3:f7:4e:02:d2:1f:bf:80:dc:b6:1f:59:29:4d:4b:e3:89:ce:6d:39:1b:16:ab:4f:87:0e:3a:e2:f1:a3:2d:73", - "ssl.handshake.ciphersuite": "49199", - "ssl.handshake.comp_method": "0", - "ssl.handshake.extensions_length": "13", - "Extension: renegotiation_info": { - "ssl.handshake.extension.type": "0x0000ff01", - "ssl.handshake.extension.len": "1", - "Renegotiation Info extension": { - "ssl.handshake.extensions_reneg_info_len": "0" - } - }, - "Extension: ec_point_formats": { - "ssl.handshake.extension.type": "0x0000000b", - "ssl.handshake.extension.len": "4", - "ssl.handshake.extensions_ec_point_formats_length": "3", - "ssl.handshake.extensions_elliptic_curves": { - "ssl.handshake.extensions_ec_point_format": "0", - "ssl.handshake.extensions_ec_point_format": "1", - "ssl.handshake.extensions_ec_point_format": "2" - } - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:34.199812000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494134.199812000", - "frame.time_delta": "0.000023000", - "frame.time_delta_displayed": "0.000023000", - "frame.time_relative": "542.739126000", - "frame.number": "2078", - "frame.len": "289", - "frame.cap_len": "289", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl:pkcs-1:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:pkcs-1:x509ce:ns_cert_exts:x509ce:x509ce:x509sat:x509sat:x509sat:x509sat:x509sat:pkcs-1:pkcs-1:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:pkcs-1:pkcs-1:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "275", - "ip.id": "0x00006750", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "229", - "ip.proto": "6", - "ip.checksum": "0x0000161c", - "ip.checksum.status": "2", - "ip.src": "34.231.50.247", - "ip.addr": "34.231.50.247", - "ip.src_host": "34.231.50.247", - "ip.host": "34.231.50.247", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Houston, TX, 29.699699, -95.585899": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Houston, TX", - "ip.geoip.city": "Houston, TX", - "ip.geoip.src_lat": "29.699699", - "ip.geoip.lat": "29.699699", - "ip.geoip.src_lon": "-95.585899", - "ip.geoip.lon": "-95.585899" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "54359", - "tcp.port": "443", - "tcp.port": "54359", - "tcp.stream": "104", - "tcp.len": "223", - "tcp.seq": "1449", - "tcp.nxtseq": "1672", - "tcp.ack": "308", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "110", - "tcp.window_size": "28160", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000187e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:4b:44:4c:76:00:25:84:e7", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 1262767222, TSecr 2458855": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "1262767222", - "tcp.options.timestamp.tsecr": "2458855" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.074610000", - "tcp.analysis.bytes_in_flight": "1671", - "tcp.analysis.push_bytes_sent": "1671" - }, - "tcp.segment_data": "3a:cd:63:9f" - }, - "tcp.segments": { - "tcp.segment": "2077", - "tcp.segment": "2078", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1358", - "tcp.reassembled.data": "16:03:03:05:49:0b:00:05:45:00:05:42:00:03:09:30:82:03:05:30:82:02:6e:a0:03:02:01:02:02:01:00:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:34:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:34:34:5a:30:5f:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:10:30:0e:06:03:55:04:03:13:07:53:54:46:57:53:52:56:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:c9:56:e8:6d:ec:56:0a:e8:a6:09:dc:50:d1:72:66:6d:16:64:1c:fa:f4:df:ab:ee:e5:89:6f:90:1c:78:63:3a:cd:18:c9:a0:0a:c2:c9:09:99:15:ce:93:87:44:31:dc:56:53:c4:1d:bd:6a:6a:96:2d:97:e8:16:59:4c:b6:13:6d:a7:e6:e1:1e:51:8f:7a:40:d9:eb:47:f6:88:3f:04:7a:a2:3a:49:ae:c4:fb:fe:f3:b6:72:59:38:60:5e:cf:12:0d:db:15:fe:f5:c9:0c:89:b1:91:59:69:d0:4a:1c:0a:86:4d:6f:66:19:22:eb:57:e3:c8:8f:b7:f6:4d:8b:02:03:01:00:01:a3:81:d3:30:81:d0:30:09:06:03:55:1d:13:04:02:30:00:30:2c:06:09:60:86:48:01:86:f8:42:01:0d:04:1f:16:1d:4f:70:65:6e:53:53:4c:20:47:65:6e:65:72:61:74:65:64:20:43:65:72:74:69:66:69:63:61:74:65:30:1d:06:03:55:1d:0e:04:16:04:14:01:07:04:ee:a6:17:33:cc:2d:e5:e1:56:cd:43:0f:b2:71:42:05:02:30:76:06:03:55:1d:23:04:6f:30:6d:a1:60:a4:5e:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:82:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:0f:26:11:8e:c5:ab:4b:39:27:63:dc:70:73:ad:5b:c3:b1:83:2e:2d:8d:93:d4:2a:6e:70:9a:38:75:cc:0c:c4:0d:13:ae:b5:72:2f:15:bf:44:17:4a:3d:c2:8b:15:3d:87:ce:90:01:e6:20:b4:55:04:15:30:3f:ac:1b:78:f8:ff:c0:64:74:c2:29:96:f3:5f:be:a1:59:6e:24:e4:0f:4b:08:71:22:83:e6:9a:ce:7f:64:11:05:4c:33:40:04:42:a4:bf:b0:e8:e5:50:2b:0f:7b:20:ec:53:4e:da:b4:e5:8f:3c:d1:bb:ab:95:e6:16:7a:9a:72:e5:e6:53:79:00:02:33:30:82:02:2f:30:82:01:98:02:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:33:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:33:34:5a:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:eb:7c:8a:c0:0c:30:96:1b:ea:91:46:ea:ed:6b:41:f5:f0:f6:0a:16:a7:f3:cd:25:e9:4a:2c:9b:b4:66:58:54:22:a2:ad:5a:31:51:fe:85:9a:52:f5:e0:b8:45:2e:05:75:5e:fd:39:35:35:11:62:26:19:f8:7b:7d:8d:aa:73:b4:24:ab:c3:b1:08:c5:81:f1:1f:a8:3a:e6:13:ce:42:d4:67:59:3c:50:1d:6b:a2:f9:87:11:24:b5:ca:e0:cc:23:54:af:1a:9d:60:21:8e:41:4c:f9:00:4f:8e:2e:48:be:60:61:25:8a:bb:e5:16:ac:c0:01:fe:bf:6c:ee:7f:02:03:01:00:01:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:48:44:84:f7:d5:c5:67:7f:cb:ea:65:30:ba:64:5c:53:a1:6d:22:f4:de:32:75:b0:cc:53:3d:29:00:14:5a:78:1c:40:a5:2d:4e:7e:fa:c8:d6:22:c3:3e:56:3f:33:22:0b:7a:23:02:e5:75:49:94:70:27:b4:a4:a4:48:5f:77:a2:09:78:90:0e:0d:41:6d:26:a7:9f:9b:e0:16:4f:9c:16:98:14:5e:99:67:f1:cb:ff:5d:b2:7e:bf:b3:fd:c3:b3:d5:fb:3a:fe:78:2d:df:5a:6f:db:e3:3a:b0:93:6f:ed:c8:ee:58:a4:f6:95:5e:43:48:37:1e:3a:cd:63:9f" - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "22", - "ssl.record.version": "0x00000303", - "ssl.record.length": "1353", - "ssl.handshake": { - "ssl.handshake.type": "11", - "ssl.handshake.length": "1349", - "ssl.handshake.certificates_length": "1346", - "ssl.handshake.certificates": { - "ssl.handshake.certificate_length": "777", - "ssl.handshake.certificate": "30:82:03:05:30:82:02:6e:a0:03:02:01:02:02:01:00:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:34:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:34:34:5a:30:5f:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:10:30:0e:06:03:55:04:03:13:07:53:54:46:57:53:52:56:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:c9:56:e8:6d:ec:56:0a:e8:a6:09:dc:50:d1:72:66:6d:16:64:1c:fa:f4:df:ab:ee:e5:89:6f:90:1c:78:63:3a:cd:18:c9:a0:0a:c2:c9:09:99:15:ce:93:87:44:31:dc:56:53:c4:1d:bd:6a:6a:96:2d:97:e8:16:59:4c:b6:13:6d:a7:e6:e1:1e:51:8f:7a:40:d9:eb:47:f6:88:3f:04:7a:a2:3a:49:ae:c4:fb:fe:f3:b6:72:59:38:60:5e:cf:12:0d:db:15:fe:f5:c9:0c:89:b1:91:59:69:d0:4a:1c:0a:86:4d:6f:66:19:22:eb:57:e3:c8:8f:b7:f6:4d:8b:02:03:01:00:01:a3:81:d3:30:81:d0:30:09:06:03:55:1d:13:04:02:30:00:30:2c:06:09:60:86:48:01:86:f8:42:01:0d:04:1f:16:1d:4f:70:65:6e:53:53:4c:20:47:65:6e:65:72:61:74:65:64:20:43:65:72:74:69:66:69:63:61:74:65:30:1d:06:03:55:1d:0e:04:16:04:14:01:07:04:ee:a6:17:33:cc:2d:e5:e1:56:cd:43:0f:b2:71:42:05:02:30:76:06:03:55:1d:23:04:6f:30:6d:a1:60:a4:5e:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:82:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:0f:26:11:8e:c5:ab:4b:39:27:63:dc:70:73:ad:5b:c3:b1:83:2e:2d:8d:93:d4:2a:6e:70:9a:38:75:cc:0c:c4:0d:13:ae:b5:72:2f:15:bf:44:17:4a:3d:c2:8b:15:3d:87:ce:90:01:e6:20:b4:55:04:15:30:3f:ac:1b:78:f8:ff:c0:64:74:c2:29:96:f3:5f:be:a1:59:6e:24:e4:0f:4b:08:71:22:83:e6:9a:ce:7f:64:11:05:4c:33:40:04:42:a4:bf:b0:e8:e5:50:2b:0f:7b:20:ec:53:4e:da:b4:e5:8f:3c:d1:bb:ab:95:e6:16:7a:9a:72:e5:e6:53:79", - "ssl.handshake.certificate_tree": { - "x509af.signedCertificate_element": { - "x509af.version": "2", - "x509af.serialNumber": "0", - "x509af.signature_element": { - "x509af.algorithm.id": "1.2.840.113549.1.1.5" - }, - "x509af.issuer": "0", - "x509af.issuer_tree": { - "x509if.rdnSequence": "5", - "x509if.rdnSequence_tree": { - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.6", - "x509sat.CountryName": "US" - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.8", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "Minnesota" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.10", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "SmartThings" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.11", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "SmartThings" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.3", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "STCA" - } - } - } - } - }, - "x509af.validity_element": { - "x509af.notBefore": "0", - "x509af.notBefore_tree": { - "x509af.utcTime": "15-03-05 21:25:44 (UTC)" - }, - "x509af.notAfter": "0", - "x509af.notAfter_tree": { - "x509af.utcTime": "25-03-02 21:25:44 (UTC)" - } - }, - "x509af.subject": "0", - "x509af.subject_tree": { - "x509af.rdnSequence": "5", - "x509af.rdnSequence_tree": { - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.6", - "x509sat.CountryName": "US" - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.8", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "Minnesota" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.10", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "SmartThings" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.11", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "SmartThings" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.3", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "STFWSRV" - } - } - } - } - }, - "x509af.subjectPublicKeyInfo_element": { - "x509af.algorithm_element": { - "x509af.algorithm.id": "1.2.840.113549.1.1.1" - }, - "x509af.subjectPublicKey": "30:81:89:02:81:81:00:c9:56:e8:6d:ec:56:0a:e8:a6:09:dc:50:d1:72:66:6d:16:64:1c:fa:f4:df:ab:ee:e5:89:6f:90:1c:78:63:3a:cd:18:c9:a0:0a:c2:c9:09:99:15:ce:93:87:44:31:dc:56:53:c4:1d:bd:6a:6a:96:2d:97:e8:16:59:4c:b6:13:6d:a7:e6:e1:1e:51:8f:7a:40:d9:eb:47:f6:88:3f:04:7a:a2:3a:49:ae:c4:fb:fe:f3:b6:72:59:38:60:5e:cf:12:0d:db:15:fe:f5:c9:0c:89:b1:91:59:69:d0:4a:1c:0a:86:4d:6f:66:19:22:eb:57:e3:c8:8f:b7:f6:4d:8b:02:03:01:00:01", - "x509af.subjectPublicKey_tree": { - "pkcs1.modulus": "00:c9:56:e8:6d:ec:56:0a:e8:a6:09:dc:50:d1:72:66:6d:16:64:1c:fa:f4:df:ab:ee:e5:89:6f:90:1c:78:63:3a:cd:18:c9:a0:0a:c2:c9:09:99:15:ce:93:87:44:31:dc:56:53:c4:1d:bd:6a:6a:96:2d:97:e8:16:59:4c:b6:13:6d:a7:e6:e1:1e:51:8f:7a:40:d9:eb:47:f6:88:3f:04:7a:a2:3a:49:ae:c4:fb:fe:f3:b6:72:59:38:60:5e:cf:12:0d:db:15:fe:f5:c9:0c:89:b1:91:59:69:d0:4a:1c:0a:86:4d:6f:66:19:22:eb:57:e3:c8:8f:b7:f6:4d:8b", - "pkcs1.publicExponent": "65537" - } - }, - "x509af.extensions": "4", - "x509af.extensions_tree": { - "x509af.Extension_element": { - "x509af.extension.id": "2.5.29.19", - "x509ce.BasicConstraintsSyntax_element": "" - }, - "x509af.Extension_element": { - "x509af.extension.id": "2.16.840.1.113730.1.13", - "ns_cert_exts.Comment": "OpenSSL Generated Certificate" - }, - "x509af.Extension_element": { - "x509af.extension.id": "2.5.29.14", - "x509ce.SubjectKeyIdentifier": "01:07:04:ee:a6:17:33:cc:2d:e5:e1:56:cd:43:0f:b2:71:42:05:02" - }, - "x509af.Extension_element": { - "x509af.extension.id": "2.5.29.35", - "x509ce.AuthorityKeyIdentifier_element": { - "x509ce.authorityCertIssuer": "1", - "x509ce.authorityCertIssuer_tree": { - "x509ce.GeneralName": "4", - "x509ce.GeneralName_tree": { - "x509ce.directoryName": "0", - "x509ce.directoryName_tree": { - "x509if.rdnSequence": "5", - "x509if.rdnSequence_tree": { - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.6", - "x509sat.CountryName": "US" - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.8", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "Minnesota" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.10", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "SmartThings" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.11", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "SmartThings" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.3", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "STCA" - } - } - } - } - } - } - }, - "x509ce.authorityCertSerialNumber": "-2877719464742176835" - } - } - } - }, - "x509af.algorithmIdentifier_element": { - "x509af.algorithm.id": "1.2.840.113549.1.1.5" - }, - "ber.bitstring.padding": "0", - "x509af.encrypted": "0f:26:11:8e:c5:ab:4b:39:27:63:dc:70:73:ad:5b:c3:b1:83:2e:2d:8d:93:d4:2a:6e:70:9a:38:75:cc:0c:c4:0d:13:ae:b5:72:2f:15:bf:44:17:4a:3d:c2:8b:15:3d:87:ce:90:01:e6:20:b4:55:04:15:30:3f:ac:1b:78:f8:ff:c0:64:74:c2:29:96:f3:5f:be:a1:59:6e:24:e4:0f:4b:08:71:22:83:e6:9a:ce:7f:64:11:05:4c:33:40:04:42:a4:bf:b0:e8:e5:50:2b:0f:7b:20:ec:53:4e:da:b4:e5:8f:3c:d1:bb:ab:95:e6:16:7a:9a:72:e5:e6:53:79" - }, - "ssl.handshake.certificate_length": "563", - "ssl.handshake.certificate": "30:82:02:2f:30:82:01:98:02:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:33:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:33:34:5a:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:eb:7c:8a:c0:0c:30:96:1b:ea:91:46:ea:ed:6b:41:f5:f0:f6:0a:16:a7:f3:cd:25:e9:4a:2c:9b:b4:66:58:54:22:a2:ad:5a:31:51:fe:85:9a:52:f5:e0:b8:45:2e:05:75:5e:fd:39:35:35:11:62:26:19:f8:7b:7d:8d:aa:73:b4:24:ab:c3:b1:08:c5:81:f1:1f:a8:3a:e6:13:ce:42:d4:67:59:3c:50:1d:6b:a2:f9:87:11:24:b5:ca:e0:cc:23:54:af:1a:9d:60:21:8e:41:4c:f9:00:4f:8e:2e:48:be:60:61:25:8a:bb:e5:16:ac:c0:01:fe:bf:6c:ee:7f:02:03:01:00:01:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:48:44:84:f7:d5:c5:67:7f:cb:ea:65:30:ba:64:5c:53:a1:6d:22:f4:de:32:75:b0:cc:53:3d:29:00:14:5a:78:1c:40:a5:2d:4e:7e:fa:c8:d6:22:c3:3e:56:3f:33:22:0b:7a:23:02:e5:75:49:94:70:27:b4:a4:a4:48:5f:77:a2:09:78:90:0e:0d:41:6d:26:a7:9f:9b:e0:16:4f:9c:16:98:14:5e:99:67:f1:cb:ff:5d:b2:7e:bf:b3:fd:c3:b3:d5:fb:3a:fe:78:2d:df:5a:6f:db:e3:3a:b0:93:6f:ed:c8:ee:58:a4:f6:95:5e:43:48:37:1e:3a:cd:63:9f", - "ssl.handshake.certificate_tree": { - "x509af.signedCertificate_element": { - "x509af.serialNumber": "-2877719464742176835", - "x509af.signature_element": { - "x509af.algorithm.id": "1.2.840.113549.1.1.5" - }, - "x509af.issuer": "0", - "x509af.issuer_tree": { - "x509if.rdnSequence": "5", - "x509if.rdnSequence_tree": { - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.6", - "x509sat.CountryName": "US" - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.8", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "Minnesota" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.10", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "SmartThings" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.11", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "SmartThings" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.3", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "STCA" - } - } - } - } - }, - "x509af.validity_element": { - "x509af.notBefore": "0", - "x509af.notBefore_tree": { - "x509af.utcTime": "15-03-05 21:25:34 (UTC)" - }, - "x509af.notAfter": "0", - "x509af.notAfter_tree": { - "x509af.utcTime": "25-03-02 21:25:34 (UTC)" - } - }, - "x509af.subject": "0", - "x509af.subject_tree": { - "x509af.rdnSequence": "5", - "x509af.rdnSequence_tree": { - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.6", - "x509sat.CountryName": "US" - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.8", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "Minnesota" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.10", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "SmartThings" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.11", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "SmartThings" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.3", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "STCA" - } - } - } - } - }, - "x509af.subjectPublicKeyInfo_element": { - "x509af.algorithm_element": { - "x509af.algorithm.id": "1.2.840.113549.1.1.1" - }, - "x509af.subjectPublicKey": "30:81:89:02:81:81:00:eb:7c:8a:c0:0c:30:96:1b:ea:91:46:ea:ed:6b:41:f5:f0:f6:0a:16:a7:f3:cd:25:e9:4a:2c:9b:b4:66:58:54:22:a2:ad:5a:31:51:fe:85:9a:52:f5:e0:b8:45:2e:05:75:5e:fd:39:35:35:11:62:26:19:f8:7b:7d:8d:aa:73:b4:24:ab:c3:b1:08:c5:81:f1:1f:a8:3a:e6:13:ce:42:d4:67:59:3c:50:1d:6b:a2:f9:87:11:24:b5:ca:e0:cc:23:54:af:1a:9d:60:21:8e:41:4c:f9:00:4f:8e:2e:48:be:60:61:25:8a:bb:e5:16:ac:c0:01:fe:bf:6c:ee:7f:02:03:01:00:01", - "x509af.subjectPublicKey_tree": { - "pkcs1.modulus": "00:eb:7c:8a:c0:0c:30:96:1b:ea:91:46:ea:ed:6b:41:f5:f0:f6:0a:16:a7:f3:cd:25:e9:4a:2c:9b:b4:66:58:54:22:a2:ad:5a:31:51:fe:85:9a:52:f5:e0:b8:45:2e:05:75:5e:fd:39:35:35:11:62:26:19:f8:7b:7d:8d:aa:73:b4:24:ab:c3:b1:08:c5:81:f1:1f:a8:3a:e6:13:ce:42:d4:67:59:3c:50:1d:6b:a2:f9:87:11:24:b5:ca:e0:cc:23:54:af:1a:9d:60:21:8e:41:4c:f9:00:4f:8e:2e:48:be:60:61:25:8a:bb:e5:16:ac:c0:01:fe:bf:6c:ee:7f", - "pkcs1.publicExponent": "65537" - } - } - }, - "x509af.algorithmIdentifier_element": { - "x509af.algorithm.id": "1.2.840.113549.1.1.5" - }, - "ber.bitstring.padding": "0", - "x509af.encrypted": "48:44:84:f7:d5:c5:67:7f:cb:ea:65:30:ba:64:5c:53:a1:6d:22:f4:de:32:75:b0:cc:53:3d:29:00:14:5a:78:1c:40:a5:2d:4e:7e:fa:c8:d6:22:c3:3e:56:3f:33:22:0b:7a:23:02:e5:75:49:94:70:27:b4:a4:a4:48:5f:77:a2:09:78:90:0e:0d:41:6d:26:a7:9f:9b:e0:16:4f:9c:16:98:14:5e:99:67:f1:cb:ff:5d:b2:7e:bf:b3:fd:c3:b3:d5:fb:3a:fe:78:2d:df:5a:6f:db:e3:3a:b0:93:6f:ed:c8:ee:58:a4:f6:95:5e:43:48:37:1e:3a:cd:63:9f" - } - } - } - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "22", - "ssl.record.version": "0x00000303", - "ssl.record.length": "205", - "ssl.handshake": { - "ssl.handshake.type": "12", - "ssl.handshake.length": "201", - "EC Diffie-Hellman Server Params": { - "ssl.handshake.server_curve_type": "0x00000003", - "ssl.handshake.server_named_curve": "0x00000017", - "ssl.handshake.server_point_len": "65", - "ssl.handshake.server_point": "04:2c:9e:64:dd:a9:e7:df:55:48:2b:3e:dd:0e:1e:55:42:d4:b0:26:b3:96:8c:b2:c8:a1:db:96:2a:7c:d6:b4:e3:d6:2d:91:0b:62:7c:a6:c7:03:b2:71:3a:59:61:a3:72:e5:a6:09:b5:91:24:f0:fb:c3:b5:1e:3d:9f:60:48:d4", - "ssl.handshake.sig_hash_alg": "0x00000601", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "6", - "ssl.handshake.sig_hash_sig": "1" - }, - "ssl.handshake.sig_len": "128", - "ssl.handshake.sig": "96:df:03:d6:28:b0:77:9a:02:a2:bf:9f:0c:3b:6d:4c:be:99:59:cc:ce:0c:4b:d3:05:d3:5e:fa:5c:9f:0f:d9:87:29:90:49:bc:21:40:d0:b7:ce:8a:07:c8:14:32:42:c0:92:76:96:51:87:e0:95:31:8f:d9:59:fc:7f:b3:49:eb:6b:d4:d1:e0:49:94:55:47:a0:2b:78:b7:45:ba:b3:cf:45:d8:c0:ae:7b:f1:c1:11:4e:11:b1:e0:bf:24:1a:97:a6:14:b3:7f:57:be:d6:85:5a:14:5a:19:07:4b:65:d6:20:59:5f:26:ee:01:19:41:28:c3:8a:11:10:17:bb" - } - } - }, - "ssl.record": { - "ssl.record.content_type": "22", - "ssl.record.version": "0x00000303", - "ssl.record.length": "4", - "ssl.handshake": { - "ssl.handshake.type": "14", - "ssl.handshake.length": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:34.200480000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494134.200480000", - "frame.time_delta": "0.000668000", - "frame.time_delta_displayed": "0.000668000", - "frame.time_relative": "542.739794000", - "frame.number": "2079", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000a79d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007bae", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "34.231.50.247", - "ip.addr": "34.231.50.247", - "ip.dst_host": "34.231.50.247", - "ip.host": "34.231.50.247", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Houston, TX, 29.699699, -95.585899": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Houston, TX", - "ip.geoip.city": "Houston, TX", - "ip.geoip.dst_lat": "29.699699", - "ip.geoip.lat": "29.699699", - "ip.geoip.dst_lon": "-95.585899", - "ip.geoip.lon": "-95.585899" - } - }, - "tcp": { - "tcp.srcport": "54359", - "tcp.dstport": "443", - "tcp.port": "54359", - "tcp.port": "443", - "tcp.stream": "104", - "tcp.len": "0", - "tcp.seq": "308", - "tcp.ack": "1672", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "281", - "tcp.window_size": "17984", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000db66", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:84:ef:4b:44:4c:76", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2458863, TSecr 1262767222": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2458863", - "tcp.options.timestamp.tsecr": "1262767222" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2078", - "tcp.analysis.ack_rtt": "0.000668000", - "tcp.analysis.initial_rtt": "0.074610000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:34.230924000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494134.230924000", - "frame.time_delta": "0.030444000", - "frame.time_delta_displayed": "0.030444000", - "frame.time_relative": "542.770238000", - "frame.number": "2080", - "frame.len": "192", - "frame.cap_len": "192", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "178", - "ip.id": "0x0000a79e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007b2f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "34.231.50.247", - "ip.addr": "34.231.50.247", - "ip.dst_host": "34.231.50.247", - "ip.host": "34.231.50.247", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Houston, TX, 29.699699, -95.585899": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Houston, TX", - "ip.geoip.city": "Houston, TX", - "ip.geoip.dst_lat": "29.699699", - "ip.geoip.lat": "29.699699", - "ip.geoip.dst_lon": "-95.585899", - "ip.geoip.lon": "-95.585899" - } - }, - "tcp": { - "tcp.srcport": "54359", - "tcp.dstport": "443", - "tcp.port": "54359", - "tcp.port": "443", - "tcp.stream": "104", - "tcp.len": "126", - "tcp.seq": "308", - "tcp.nxtseq": "434", - "tcp.ack": "1672", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "281", - "tcp.window_size": "17984", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000ee10", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:84:f2:4b:44:4c:76", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2458866, TSecr 1262767222": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2458866", - "tcp.options.timestamp.tsecr": "1262767222" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.074610000", - "tcp.analysis.bytes_in_flight": "126", - "tcp.analysis.push_bytes_sent": "126" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "22", - "ssl.record.version": "0x00000303", - "ssl.record.length": "70", - "ssl.handshake": { - "ssl.handshake.type": "16", - "ssl.handshake.length": "66", - "EC Diffie-Hellman Client Params": { - "ssl.handshake.client_point_len": "65", - "ssl.handshake.client_point": "04:36:03:d7:07:15:3d:76:0c:89:fc:50:cc:65:67:a8:77:65:11:b5:26:64:be:0e:21:1f:cf:f3:92:7b:ce:3d:86:4b:a9:9e:61:50:f0:88:4a:39:66:fa:86:dd:02:73:e5:ec:d4:24:f4:7d:27:b6:64:44:64:0b:68:be:c2:f6:58" - } - } - }, - "ssl.record": { - "ssl.record.content_type": "20", - "ssl.record.version": "0x00000303", - "ssl.record.length": "1", - "ssl.change_cipher_spec": "" - }, - "ssl.record": { - "ssl.record.content_type": "22", - "ssl.record.version": "0x00000303", - "ssl.record.length": "40", - "ssl.handshake": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:34.305463000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494134.305463000", - "frame.time_delta": "0.074539000", - "frame.time_delta_displayed": "0.074539000", - "frame.time_relative": "542.844777000", - "frame.number": "2081", - "frame.len": "117", - "frame.cap_len": "117", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "103", - "ip.id": "0x00006751", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "229", - "ip.proto": "6", - "ip.checksum": "0x000016c7", - "ip.checksum.status": "2", - "ip.src": "34.231.50.247", - "ip.addr": "34.231.50.247", - "ip.src_host": "34.231.50.247", - "ip.host": "34.231.50.247", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Houston, TX, 29.699699, -95.585899": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Houston, TX", - "ip.geoip.city": "Houston, TX", - "ip.geoip.src_lat": "29.699699", - "ip.geoip.lat": "29.699699", - "ip.geoip.src_lon": "-95.585899", - "ip.geoip.lon": "-95.585899" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "54359", - "tcp.port": "443", - "tcp.port": "54359", - "tcp.stream": "104", - "tcp.len": "51", - "tcp.seq": "1672", - "tcp.nxtseq": "1723", - "tcp.ack": "434", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "110", - "tcp.window_size": "28160", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00003a11", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:4b:44:4c:91:00:25:84:f2", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 1262767249, TSecr 2458866": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "1262767249", - "tcp.options.timestamp.tsecr": "2458866" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2080", - "tcp.analysis.ack_rtt": "0.074539000", - "tcp.analysis.initial_rtt": "0.074610000", - "tcp.analysis.bytes_in_flight": "51", - "tcp.analysis.push_bytes_sent": "51" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "20", - "ssl.record.version": "0x00000303", - "ssl.record.length": "1", - "ssl.change_cipher_spec": "" - }, - "ssl.record": { - "ssl.record.content_type": "22", - "ssl.record.version": "0x00000303", - "ssl.record.length": "40", - "ssl.handshake": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:34.306606000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494134.306606000", - "frame.time_delta": "0.001143000", - "frame.time_delta_displayed": "0.001143000", - "frame.time_relative": "542.845920000", - "frame.number": "2082", - "frame.len": "135", - "frame.cap_len": "135", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "121", - "ip.id": "0x0000a79f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007b67", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "34.231.50.247", - "ip.addr": "34.231.50.247", - "ip.dst_host": "34.231.50.247", - "ip.host": "34.231.50.247", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Houston, TX, 29.699699, -95.585899": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Houston, TX", - "ip.geoip.city": "Houston, TX", - "ip.geoip.dst_lat": "29.699699", - "ip.geoip.lat": "29.699699", - "ip.geoip.dst_lon": "-95.585899", - "ip.geoip.lon": "-95.585899" - } - }, - "tcp": { - "tcp.srcport": "54359", - "tcp.dstport": "443", - "tcp.port": "54359", - "tcp.port": "443", - "tcp.stream": "104", - "tcp.len": "69", - "tcp.seq": "434", - "tcp.nxtseq": "503", - "tcp.ack": "1723", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "281", - "tcp.window_size": "17984", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000eb68", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:84:fa:4b:44:4c:91", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2458874, TSecr 1262767249": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2458874", - "tcp.options.timestamp.tsecr": "1262767249" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2081", - "tcp.analysis.ack_rtt": "0.001143000", - "tcp.analysis.initial_rtt": "0.074610000", - "tcp.analysis.bytes_in_flight": "69", - "tcp.analysis.push_bytes_sent": "69" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "64", - "ssl.app_data": "5c:41:61:9e:0a:f7:28:87:40:26:de:e3:76:79:ea:f9:cb:62:c2:6c:d7:cd:bf:b1:0c:b9:43:74:ed:1c:c6:e1:9f:09:43:25:0b:72:13:de:12:ca:40:0c:7c:89:34:be:ce:8a:d1:f0:be:ee:a9:3e:b1:49:34:f9:e4:dc:61:d8" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:34.381001000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494134.381001000", - "frame.time_delta": "0.074395000", - "frame.time_delta_displayed": "0.074395000", - "frame.time_relative": "542.920315000", - "frame.number": "2083", - "frame.len": "135", - "frame.cap_len": "135", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "121", - "ip.id": "0x00006752", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "229", - "ip.proto": "6", - "ip.checksum": "0x000016b4", - "ip.checksum.status": "2", - "ip.src": "34.231.50.247", - "ip.addr": "34.231.50.247", - "ip.src_host": "34.231.50.247", - "ip.host": "34.231.50.247", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Houston, TX, 29.699699, -95.585899": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Houston, TX", - "ip.geoip.city": "Houston, TX", - "ip.geoip.src_lat": "29.699699", - "ip.geoip.lat": "29.699699", - "ip.geoip.src_lon": "-95.585899", - "ip.geoip.lon": "-95.585899" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "54359", - "tcp.port": "443", - "tcp.port": "54359", - "tcp.stream": "104", - "tcp.len": "69", - "tcp.seq": "1723", - "tcp.nxtseq": "1792", - "tcp.ack": "503", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "110", - "tcp.window_size": "28160", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000593d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:4b:44:4c:a4:00:25:84:fa", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 1262767268, TSecr 2458874": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "1262767268", - "tcp.options.timestamp.tsecr": "2458874" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2082", - "tcp.analysis.ack_rtt": "0.074395000", - "tcp.analysis.initial_rtt": "0.074610000", - "tcp.analysis.bytes_in_flight": "69", - "tcp.analysis.push_bytes_sent": "69" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "64", - "ssl.app_data": "1a:86:c0:5d:71:8a:81:db:6b:55:6e:c3:2a:16:53:af:76:f9:98:0e:da:46:07:c5:3a:6a:f4:0f:67:82:2c:21:e3:88:49:99:47:88:a4:6d:c5:7c:92:d6:54:de:1c:db:82:bd:37:f2:a1:57:5e:4c:a3:80:52:19:4a:1a:9e:a0" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:34.381940000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494134.381940000", - "frame.time_delta": "0.000939000", - "frame.time_delta_displayed": "0.000939000", - "frame.time_relative": "542.921254000", - "frame.number": "2084", - "frame.len": "555", - "frame.cap_len": "555", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "541", - "ip.id": "0x0000a7a0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000079c2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "34.231.50.247", - "ip.addr": "34.231.50.247", - "ip.dst_host": "34.231.50.247", - "ip.host": "34.231.50.247", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Houston, TX, 29.699699, -95.585899": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Houston, TX", - "ip.geoip.city": "Houston, TX", - "ip.geoip.dst_lat": "29.699699", - "ip.geoip.lat": "29.699699", - "ip.geoip.dst_lon": "-95.585899", - "ip.geoip.lon": "-95.585899" - } - }, - "tcp": { - "tcp.srcport": "54359", - "tcp.dstport": "443", - "tcp.port": "54359", - "tcp.port": "443", - "tcp.stream": "104", - "tcp.len": "489", - "tcp.seq": "503", - "tcp.nxtseq": "992", - "tcp.ack": "1792", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "281", - "tcp.window_size": "17984", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000afac", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:85:01:4b:44:4c:a4", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2458881, TSecr 1262767268": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2458881", - "tcp.options.timestamp.tsecr": "1262767268" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2083", - "tcp.analysis.ack_rtt": "0.000939000", - "tcp.analysis.initial_rtt": "0.074610000", - "tcp.analysis.bytes_in_flight": "489", - "tcp.analysis.push_bytes_sent": "489" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "484", - "ssl.app_data": "5c:41:61:9e:0a:f7:28:88:77:74:14:19:fe:1d:8d:27:6c:b1:78:5b:48:0d:fd:ae:4f:38:f3:76:1e:5b:cf:f0:ab:e0:f4:a1:f0:3a:65:34:b2:37:60:d6:b5:d2:16:98:23:35:ba:c1:e2:d0:99:93:69:f1:eb:c4:14:3d:77:2d:9c:e7:87:4c:0b:41:b5:f8:62:24:be:74:ca:1f:1a:24:66:95:ab:30:f5:03:8d:81:7c:89:b7:b4:92:06:43:11:b6:46:7a:3e:c4:fd:34:9a:50:e1:ff:c6:c8:ad:e1:08:d7:0f:0b:43:7c:b3:3e:cb:e2:20:80:d9:61:b0:de:85:c0:3e:8f:7d:05:6d:f2:24:39:4c:35:fb:b9:7f:02:ef:62:4c:a2:9b:5f:7c:0f:3f:cd:7f:54:bb:58:21:ad:3b:df:82:96:5c:cb:9d:74:ac:03:6d:64:be:bd:1c:c5:7c:5e:d7:47:d8:72:de:7a:7d:72:92:23:41:16:e9:3e:b7:9b:16:01:78:3c:38:d5:72:61:27:85:5e:ec:12:46:d3:27:f2:b8:8e:ab:56:a9:6f:ea:99:0d:05:91:f0:44:0a:e0:78:6c:f9:f4:6d:3f:62:3f:41:c8:21:d1:f2:ec:14:81:75:dd:3a:c9:c2:ab:90:51:bd:68:a3:96:99:75:30:f8:14:a4:4c:ec:8f:45:bb:5b:c4:00:1b:3b:ab:38:41:f4:11:04:7b:84:dd:35:76:97:45:3c:ce:09:34:d2:09:ec:12:a6:ed:01:56:7a:70:03:04:4c:2e:86:7c:4a:ed:dc:eb:52:66:80:38:35:03:91:62:e1:da:91:60:d9:61:39:82:8a:63:97:7a:54:6a:b4:77:59:bd:3b:49:71:0c:58:38:29:30:c1:ce:22:ff:ed:55:d2:34:3a:a6:3a:06:0b:a6:3f:0f:26:84:81:51:98:8a:8e:bb:be:0b:38:c2:9c:fd:61:ba:93:48:bc:ae:ff:3e:c8:a0:92:95:48:87:2b:be:ad:5e:02:d4:e9:e3:53:71:43:12:b6:fb:b9:11:df:e6:95:48:e8:42:08:e1:3f:63:69:34:af:99:bd:da:f6:d0:22:a9:1f:be:2c:fd:80:a0:53:b7:3e:59:47:db:86:cd:7e:93:5e:0a:6c:67:34:4c:a2:0d:49:09:be:6a:48:a5:86:35:c7:3f:f8:a0:94:09:75:cc:10:e9:ed:8d:b6:f1:a1:cb:0e:16:7b:ee:41:c8:94:01:66:fd:ac:60:6d:3d:8b:cf" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:34.456667000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494134.456667000", - "frame.time_delta": "0.074727000", - "frame.time_delta_displayed": "0.074727000", - "frame.time_relative": "542.995981000", - "frame.number": "2085", - "frame.len": "141", - "frame.cap_len": "141", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "127", - "ip.id": "0x00006753", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "229", - "ip.proto": "6", - "ip.checksum": "0x000016ad", - "ip.checksum.status": "2", - "ip.src": "34.231.50.247", - "ip.addr": "34.231.50.247", - "ip.src_host": "34.231.50.247", - "ip.host": "34.231.50.247", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Houston, TX, 29.699699, -95.585899": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Houston, TX", - "ip.geoip.city": "Houston, TX", - "ip.geoip.src_lat": "29.699699", - "ip.geoip.lat": "29.699699", - "ip.geoip.src_lon": "-95.585899", - "ip.geoip.lon": "-95.585899" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "54359", - "tcp.port": "443", - "tcp.port": "54359", - "tcp.stream": "104", - "tcp.len": "75", - "tcp.seq": "1792", - "tcp.nxtseq": "1867", - "tcp.ack": "992", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "114", - "tcp.window_size": "29184", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000025da", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:4b:44:4c:b6:00:25:85:01", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 1262767286, TSecr 2458881": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "1262767286", - "tcp.options.timestamp.tsecr": "2458881" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2084", - "tcp.analysis.ack_rtt": "0.074727000", - "tcp.analysis.initial_rtt": "0.074610000", - "tcp.analysis.bytes_in_flight": "75", - "tcp.analysis.push_bytes_sent": "75" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "70", - "ssl.app_data": "1a:86:c0:5d:71:8a:81:dc:06:2e:d6:e1:85:1f:56:3d:26:07:e3:3d:4b:70:39:e1:b7:a6:6a:10:35:1b:32:9f:05:7c:36:5d:f5:db:63:34:70:3d:6e:81:07:d9:ac:1c:78:f0:36:ae:a0:d2:da:00:a3:e0:e1:77:e1:a2:b8:7d:73:98:e9:6d:fa:02" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:34.457250000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494134.457250000", - "frame.time_delta": "0.000583000", - "frame.time_delta_displayed": "0.000583000", - "frame.time_relative": "542.996564000", - "frame.number": "2086", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000a7a1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007baa", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "34.231.50.247", - "ip.addr": "34.231.50.247", - "ip.dst_host": "34.231.50.247", - "ip.host": "34.231.50.247", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Houston, TX, 29.699699, -95.585899": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Houston, TX", - "ip.geoip.city": "Houston, TX", - "ip.geoip.dst_lat": "29.699699", - "ip.geoip.lat": "29.699699", - "ip.geoip.dst_lon": "-95.585899", - "ip.geoip.lon": "-95.585899" - } - }, - "tcp": { - "tcp.srcport": "54359", - "tcp.dstport": "443", - "tcp.port": "54359", - "tcp.port": "443", - "tcp.stream": "104", - "tcp.len": "0", - "tcp.seq": "992", - "tcp.ack": "1867", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "281", - "tcp.window_size": "17984", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000d79c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:85:09:4b:44:4c:b6", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2458889, TSecr 1262767286": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2458889", - "tcp.options.timestamp.tsecr": "1262767286" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2085", - "tcp.analysis.ack_rtt": "0.000583000", - "tcp.analysis.initial_rtt": "0.074610000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:34.531043000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494134.531043000", - "frame.time_delta": "0.073793000", - "frame.time_delta_displayed": "0.073793000", - "frame.time_relative": "543.070357000", - "frame.number": "2087", - "frame.len": "97", - "frame.cap_len": "97", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "83", - "ip.id": "0x00006754", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "229", - "ip.proto": "6", - "ip.checksum": "0x000016d8", - "ip.checksum.status": "2", - "ip.src": "34.231.50.247", - "ip.addr": "34.231.50.247", - "ip.src_host": "34.231.50.247", - "ip.host": "34.231.50.247", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Houston, TX, 29.699699, -95.585899": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Houston, TX", - "ip.geoip.city": "Houston, TX", - "ip.geoip.src_lat": "29.699699", - "ip.geoip.lat": "29.699699", - "ip.geoip.src_lon": "-95.585899", - "ip.geoip.lon": "-95.585899" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "54359", - "tcp.port": "443", - "tcp.port": "54359", - "tcp.stream": "104", - "tcp.len": "31", - "tcp.seq": "1867", - "tcp.nxtseq": "1898", - "tcp.ack": "993", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "114", - "tcp.window_size": "29184", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000ae03", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:4b:44:4c:c9:00:25:85:09", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 1262767305, TSecr 2458889": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "1262767305", - "tcp.options.timestamp.tsecr": "2458889" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2086", - "tcp.analysis.ack_rtt": "0.073793000", - "tcp.analysis.initial_rtt": "0.074610000", - "tcp.analysis.bytes_in_flight": "31", - "tcp.analysis.push_bytes_sent": "31" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "21", - "ssl.record.version": "0x00000303", - "ssl.record.length": "26", - "ssl.alert_message": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:34.531129000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494134.531129000", - "frame.time_delta": "0.000086000", - "frame.time_delta_displayed": "0.000086000", - "frame.time_relative": "543.070443000", - "frame.number": "2088", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00006755", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "229", - "ip.proto": "6", - "ip.checksum": "0x000016f6", - "ip.checksum.status": "2", - "ip.src": "34.231.50.247", - "ip.addr": "34.231.50.247", - "ip.src_host": "34.231.50.247", - "ip.host": "34.231.50.247", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Houston, TX, 29.699699, -95.585899": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Houston, TX", - "ip.geoip.city": "Houston, TX", - "ip.geoip.src_lat": "29.699699", - "ip.geoip.lat": "29.699699", - "ip.geoip.src_lon": "-95.585899", - "ip.geoip.lon": "-95.585899" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "54359", - "tcp.port": "443", - "tcp.port": "54359", - "tcp.stream": "104", - "tcp.len": "0", - "tcp.seq": "1898", - "tcp.ack": "993", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "114", - "tcp.window_size": "29184", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000d810", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:4b:44:4c:c9:00:25:85:09", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 1262767305, TSecr 2458889": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "1262767305", - "tcp.options.timestamp.tsecr": "2458889" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:34.531556000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494134.531556000", - "frame.time_delta": "0.000427000", - "frame.time_delta_displayed": "0.000427000", - "frame.time_relative": "543.070870000", - "frame.number": "2089", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000bf91", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000063c6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "34.231.50.247", - "ip.addr": "34.231.50.247", - "ip.dst_host": "34.231.50.247", - "ip.host": "34.231.50.247", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Houston, TX, 29.699699, -95.585899": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Houston, TX", - "ip.geoip.city": "Houston, TX", - "ip.geoip.dst_lat": "29.699699", - "ip.geoip.lat": "29.699699", - "ip.geoip.dst_lon": "-95.585899", - "ip.geoip.lon": "-95.585899" - } - }, - "tcp": { - "tcp.srcport": "54359", - "tcp.dstport": "443", - "tcp.port": "54359", - "tcp.port": "443", - "tcp.stream": "104", - "tcp.len": "0", - "tcp.seq": "993", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x00008b9c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:34.531568000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494134.531568000", - "frame.time_delta": "0.000012000", - "frame.time_delta_displayed": "0.000012000", - "frame.time_relative": "543.070882000", - "frame.number": "2090", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000bf92", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000063c5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "34.231.50.247", - "ip.addr": "34.231.50.247", - "ip.dst_host": "34.231.50.247", - "ip.host": "34.231.50.247", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Houston, TX, 29.699699, -95.585899": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Houston, TX", - "ip.geoip.city": "Houston, TX", - "ip.geoip.dst_lat": "29.699699", - "ip.geoip.lat": "29.699699", - "ip.geoip.dst_lon": "-95.585899", - "ip.geoip.lon": "-95.585899" - } - }, - "tcp": { - "tcp.srcport": "54359", - "tcp.dstport": "443", - "tcp.port": "54359", - "tcp.port": "443", - "tcp.stream": "104", - "tcp.len": "0", - "tcp.seq": "993", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x00008b9c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:34.700586000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494134.700586000", - "frame.time_delta": "0.169018000", - "frame.time_delta_displayed": "0.169018000", - "frame.time_relative": "543.239900000", - "frame.number": "2091", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000057e4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a6ad", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "161", - "tcp.ack": "145", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000058f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive": "", - "_ws.expert.message": "TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:34.843903000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494134.843903000", - "frame.time_delta": "0.143317000", - "frame.time_delta_displayed": "0.143317000", - "frame.time_relative": "543.383217000", - "frame.number": "2092", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000fd5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fdbc", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "145", - "tcp.ack": "162", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00001004", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive_ack": "", - "_ws.expert.message": "ACK to a TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:34.994667000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494134.994667000", - "frame.time_delta": "0.150764000", - "frame.time_delta_displayed": "0.150764000", - "frame.time_relative": "543.533981000", - "frame.number": "2093", - "frame.len": "103", - "frame.cap_len": "103", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "89", - "ip.id": "0x00000d04", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000cc95", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "69", - "udp.checksum": "0x00000f59", - "udp.checksum.status": "2", - "udp.stream": "38" - }, - "mdns": { - "dns.id": "0x00000003", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_FFACD959._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_FFACD959._sub._googlecast._tcp.local", - "dns.qry.name.len": "37", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:35.576695000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494135.576695000", - "frame.time_delta": "0.582028000", - "frame.time_delta_displayed": "0.582028000", - "frame.time_relative": "544.116009000", - "frame.number": "2094", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d62", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000ba8e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00000999", - "udp.checksum.status": "2", - "udp.stream": "16" - }, - "mdns": { - "dns.id": "0x0000026a", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=618", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:35.577387000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494135.577387000", - "frame.time_delta": "0.000692000", - "frame.time_delta_displayed": "0.000692000", - "frame.time_relative": "544.116701000", - "frame.number": "2095", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d63", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009b89", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000ea94", - "udp.checksum.status": "2", - "udp.stream": "17" - }, - "mdns": { - "dns.id": "0x0000026a", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=618", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:35.577897000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494135.577897000", - "frame.time_delta": "0.000510000", - "frame.time_delta_displayed": "0.000510000", - "frame.time_relative": "544.117211000", - "frame.number": "2096", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1319", - "udp.dstport": "5353", - "udp.port": "1319", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000785a", - "udp.checksum.status": "2", - "udp.stream": "18" - }, - "mdns": { - "dns.id": "0x0000026a", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=618", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:36.226177000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494136.226177000", - "frame.time_delta": "0.648280000", - "frame.time_delta_displayed": "0.648280000", - "frame.time_relative": "544.765491000", - "frame.number": "2097", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005bd2", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x00005c17", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:36.685616000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494136.685616000", - "frame.time_delta": "0.459439000", - "frame.time_delta_displayed": "0.459439000", - "frame.time_relative": "545.224930000", - "frame.number": "2098", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x000020e3", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e731", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "60446", - "udp.dstport": "1900", - "udp.port": "60446", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x00005e3f", - "udp.checksum.status": "2", - "udp.stream": "41" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:37.333030000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494137.333030000", - "frame.time_delta": "0.647414000", - "frame.time_delta_displayed": "0.647414000", - "frame.time_relative": "545.872344000", - "frame.number": "2099", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00005cf7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00005a54", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "60446", - "udp.port": "1900", - "udp.port": "60446", - "udp.length": "305", - "udp.checksum": "0x0000d8fc", - "udp.checksum.status": "2", - "udp.stream": "42" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:37.385744000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494137.385744000", - "frame.time_delta": "0.052714000", - "frame.time_delta_displayed": "0.052714000", - "frame.time_relative": "545.925058000", - "frame.number": "2100", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00005cfb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00005a47", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "60446", - "udp.port": "1900", - "udp.port": "60446", - "udp.length": "314", - "udp.checksum": "0x0000e6e7", - "udp.checksum.status": "2", - "udp.stream": "42" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "2", - "http.prev_response_in": "2099" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:37.438788000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494137.438788000", - "frame.time_delta": "0.053044000", - "frame.time_delta_displayed": "0.053044000", - "frame.time_relative": "545.978102000", - "frame.number": "2101", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00005cff", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00005a49", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "60446", - "udp.port": "1900", - "udp.port": "60446", - "udp.length": "308", - "udp.checksum": "0x00000a72", - "udp.checksum.status": "2", - "udp.stream": "42" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "3", - "http.prev_response_in": "2100" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:37.686526000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494137.686526000", - "frame.time_delta": "0.247738000", - "frame.time_delta_displayed": "0.247738000", - "frame.time_relative": "546.225840000", - "frame.number": "2102", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x000020e4", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e730", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "60446", - "udp.dstport": "1900", - "udp.port": "60446", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x00005e3f", - "udp.checksum.status": "2", - "udp.stream": "41" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "2", - "http.prev_request_in": "2098" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:38.385694000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494138.385694000", - "frame.time_delta": "0.699168000", - "frame.time_delta_displayed": "0.699168000", - "frame.time_relative": "546.925008000", - "frame.number": "2103", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00005d3b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00005a10", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "60446", - "udp.port": "1900", - "udp.port": "60446", - "udp.length": "305", - "udp.checksum": "0x0000d8fc", - "udp.checksum.status": "2", - "udp.stream": "42" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "4", - "http.prev_response_in": "2101" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:38.438460000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494138.438460000", - "frame.time_delta": "0.052766000", - "frame.time_delta_displayed": "0.052766000", - "frame.time_relative": "546.977774000", - "frame.number": "2104", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00005d3d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00005a05", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "60446", - "udp.port": "1900", - "udp.port": "60446", - "udp.length": "314", - "udp.checksum": "0x0000e6e7", - "udp.checksum.status": "2", - "udp.stream": "42" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "5", - "http.prev_response_in": "2103" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:38.491238000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494138.491238000", - "frame.time_delta": "0.052778000", - "frame.time_delta_displayed": "0.052778000", - "frame.time_relative": "547.030552000", - "frame.number": "2105", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00005d3f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00005a09", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "60446", - "udp.port": "1900", - "udp.port": "60446", - "udp.length": "308", - "udp.checksum": "0x00000a72", - "udp.checksum.status": "2", - "udp.stream": "42" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "6", - "http.prev_response_in": "2104" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:38.687299000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494138.687299000", - "frame.time_delta": "0.196061000", - "frame.time_delta_displayed": "0.196061000", - "frame.time_relative": "547.226613000", - "frame.number": "2106", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x000020e5", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e72f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "60446", - "udp.dstport": "1900", - "udp.port": "60446", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x00005e3f", - "udp.checksum.status": "2", - "udp.stream": "41" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "3", - "http.prev_request_in": "2102" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:39.018082000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494139.018082000", - "frame.time_delta": "0.330783000", - "frame.time_delta_displayed": "0.330783000", - "frame.time_relative": "547.557396000", - "frame.number": "2107", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00005d67", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000059e4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "60446", - "udp.port": "1900", - "udp.port": "60446", - "udp.length": "305", - "udp.checksum": "0x0000d8fc", - "udp.checksum.status": "2", - "udp.stream": "42" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "7", - "http.prev_response_in": "2105" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:39.060198000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494139.060198000", - "frame.time_delta": "0.042116000", - "frame.time_delta_displayed": "0.042116000", - "frame.time_relative": "547.599512000", - "frame.number": "2108", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.242" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:39.060640000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494139.060640000", - "frame.time_delta": "0.000442000", - "frame.time_delta_displayed": "0.000442000", - "frame.time_relative": "547.599954000", - "frame.number": "2109", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "d0:52:a8:a3:60:0f", - "arp.src.proto_ipv4": "192.168.0.242", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:39.070867000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494139.070867000", - "frame.time_delta": "0.010227000", - "frame.time_delta_displayed": "0.010227000", - "frame.time_relative": "547.610181000", - "frame.number": "2110", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00005d69", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000059d9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "60446", - "udp.port": "1900", - "udp.port": "60446", - "udp.length": "314", - "udp.checksum": "0x0000e6e7", - "udp.checksum.status": "2", - "udp.stream": "42" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "8", - "http.prev_response_in": "2107" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:39.123700000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494139.123700000", - "frame.time_delta": "0.052833000", - "frame.time_delta_displayed": "0.052833000", - "frame.time_relative": "547.663014000", - "frame.number": "2111", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00005d6a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000059de", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "60446", - "udp.port": "1900", - "udp.port": "60446", - "udp.length": "308", - "udp.checksum": "0x00000a72", - "udp.checksum.status": "2", - "udp.stream": "42" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "9", - "http.prev_response_in": "2110" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:39.687522000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494139.687522000", - "frame.time_delta": "0.563822000", - "frame.time_delta_displayed": "0.563822000", - "frame.time_relative": "548.226836000", - "frame.number": "2112", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x000020e6", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e72e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "60446", - "udp.dstport": "1900", - "udp.port": "60446", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x00005e3f", - "udp.checksum.status": "2", - "udp.stream": "41" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "4", - "http.prev_request_in": "2106" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:39.850205000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494139.850205000", - "frame.time_delta": "0.162683000", - "frame.time_delta_displayed": "0.162683000", - "frame.time_relative": "548.389519000", - "frame.number": "2113", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.160" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:39.850595000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494139.850595000", - "frame.time_delta": "0.000390000", - "frame.time_delta_displayed": "0.000390000", - "frame.time_relative": "548.389909000", - "frame.number": "2114", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "00:17:88:69:ee:e4", - "arp.src.proto_ipv4": "192.168.0.160", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:40.070162000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494140.070162000", - "frame.time_delta": "0.219567000", - "frame.time_delta_displayed": "0.219567000", - "frame.time_relative": "548.609476000", - "frame.number": "2115", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00005dbf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000598c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "60446", - "udp.port": "1900", - "udp.port": "60446", - "udp.length": "305", - "udp.checksum": "0x0000d8fc", - "udp.checksum.status": "2", - "udp.stream": "42" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "10", - "http.prev_response_in": "2111" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:40.122952000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494140.122952000", - "frame.time_delta": "0.052790000", - "frame.time_delta_displayed": "0.052790000", - "frame.time_relative": "548.662266000", - "frame.number": "2116", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00005dc4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000597e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "60446", - "udp.port": "1900", - "udp.port": "60446", - "udp.length": "314", - "udp.checksum": "0x0000e6e7", - "udp.checksum.status": "2", - "udp.stream": "42" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "11", - "http.prev_response_in": "2115" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:40.175675000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494140.175675000", - "frame.time_delta": "0.052723000", - "frame.time_delta_displayed": "0.052723000", - "frame.time_relative": "548.714989000", - "frame.number": "2117", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00005dc5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00005983", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "60446", - "udp.port": "1900", - "udp.port": "60446", - "udp.length": "308", - "udp.checksum": "0x00000a72", - "udp.checksum.status": "2", - "udp.stream": "42" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "12", - "http.prev_response_in": "2116" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:40.386374000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494140.386374000", - "frame.time_delta": "0.210699000", - "frame.time_delta_displayed": "0.210699000", - "frame.time_relative": "548.925688000", - "frame.number": "2118", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00005dd2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00005979", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "60446", - "udp.port": "1900", - "udp.port": "60446", - "udp.length": "305", - "udp.checksum": "0x0000d8fc", - "udp.checksum.status": "2", - "udp.stream": "42" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "13", - "http.prev_response_in": "2117" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:40.439163000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494140.439163000", - "frame.time_delta": "0.052789000", - "frame.time_delta_displayed": "0.052789000", - "frame.time_relative": "548.978477000", - "frame.number": "2119", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00005dd6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000596c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "60446", - "udp.port": "1900", - "udp.port": "60446", - "udp.length": "314", - "udp.checksum": "0x0000e6e7", - "udp.checksum.status": "2", - "udp.stream": "42" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "14", - "http.prev_response_in": "2118" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:40.491980000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494140.491980000", - "frame.time_delta": "0.052817000", - "frame.time_delta_displayed": "0.052817000", - "frame.time_relative": "549.031294000", - "frame.number": "2120", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00005ddc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000596c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "60446", - "udp.port": "1900", - "udp.port": "60446", - "udp.length": "308", - "udp.checksum": "0x00000a72", - "udp.checksum.status": "2", - "udp.stream": "42" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "15", - "http.prev_response_in": "2119" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:40.576960000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494140.576960000", - "frame.time_delta": "0.084980000", - "frame.time_delta_displayed": "0.084980000", - "frame.time_relative": "549.116274000", - "frame.number": "2121", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d64", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000ba8c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00000999", - "udp.checksum.status": "2", - "udp.stream": "16" - }, - "mdns": { - "dns.id": "0x0000026a", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=618", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:40.577532000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494140.577532000", - "frame.time_delta": "0.000572000", - "frame.time_delta_displayed": "0.000572000", - "frame.time_relative": "549.116846000", - "frame.number": "2122", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d65", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009b87", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000ea94", - "udp.checksum.status": "2", - "udp.stream": "17" - }, - "mdns": { - "dns.id": "0x0000026a", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=618", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:40.578134000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494140.578134000", - "frame.time_delta": "0.000602000", - "frame.time_delta_displayed": "0.000602000", - "frame.time_relative": "549.117448000", - "frame.number": "2123", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1319", - "udp.dstport": "5353", - "udp.port": "1319", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000785a", - "udp.checksum.status": "2", - "udp.stream": "18" - }, - "mdns": { - "dns.id": "0x0000026a", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=618", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:41.438507000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494141.438507000", - "frame.time_delta": "0.860373000", - "frame.time_delta_displayed": "0.860373000", - "frame.time_relative": "549.977821000", - "frame.number": "2124", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00005e0e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000593d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "60446", - "udp.port": "1900", - "udp.port": "60446", - "udp.length": "305", - "udp.checksum": "0x0000d8fc", - "udp.checksum.status": "2", - "udp.stream": "42" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "16", - "http.prev_response_in": "2120" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:41.491328000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494141.491328000", - "frame.time_delta": "0.052821000", - "frame.time_delta_displayed": "0.052821000", - "frame.time_relative": "550.030642000", - "frame.number": "2125", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00005e14", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000592e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "60446", - "udp.port": "1900", - "udp.port": "60446", - "udp.length": "314", - "udp.checksum": "0x0000e6e7", - "udp.checksum.status": "2", - "udp.stream": "42" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "17", - "http.prev_response_in": "2124" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:41.544127000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494141.544127000", - "frame.time_delta": "0.052799000", - "frame.time_delta_displayed": "0.052799000", - "frame.time_relative": "550.083441000", - "frame.number": "2126", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00005e17", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00005931", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "60446", - "udp.port": "1900", - "udp.port": "60446", - "udp.length": "308", - "udp.checksum": "0x00000a72", - "udp.checksum.status": "2", - "udp.stream": "42" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "18", - "http.prev_response_in": "2125" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:41.549028000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494141.549028000", - "frame.time_delta": "0.004901000", - "frame.time_delta_displayed": "0.004901000", - "frame.time_relative": "550.088342000", - "frame.number": "2127", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "60:f1:89:96:45:f6", - "arp.src.proto_ipv4": "192.168.0.86", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:42.122948000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494142.122948000", - "frame.time_delta": "0.573920000", - "frame.time_delta_displayed": "0.573920000", - "frame.time_relative": "550.662262000", - "frame.number": "2128", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00005e4c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000058ff", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "60446", - "udp.port": "1900", - "udp.port": "60446", - "udp.length": "305", - "udp.checksum": "0x0000d8fc", - "udp.checksum.status": "2", - "udp.stream": "42" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "19", - "http.prev_response_in": "2126" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:42.175689000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494142.175689000", - "frame.time_delta": "0.052741000", - "frame.time_delta_displayed": "0.052741000", - "frame.time_relative": "550.715003000", - "frame.number": "2129", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00005e51", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000058f1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "60446", - "udp.port": "1900", - "udp.port": "60446", - "udp.length": "314", - "udp.checksum": "0x0000e6e7", - "udp.checksum.status": "2", - "udp.stream": "42" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "20", - "http.prev_response_in": "2128" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:42.228396000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494142.228396000", - "frame.time_delta": "0.052707000", - "frame.time_delta_displayed": "0.052707000", - "frame.time_relative": "550.767710000", - "frame.number": "2130", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00005e56", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000058f2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "60446", - "udp.port": "1900", - "udp.port": "60446", - "udp.length": "308", - "udp.checksum": "0x00000a72", - "udp.checksum.status": "2", - "udp.stream": "42" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "21", - "http.prev_response_in": "2129" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:42.349435000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494142.349435000", - "frame.time_delta": "0.121039000", - "frame.time_delta_displayed": "0.121039000", - "frame.time_relative": "550.888749000", - "frame.number": "2131", - "frame.len": "418", - "frame.cap_len": "418", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "404", - "ip.id": "0x00009524", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000076fb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "352", - "tcp.seq": "9396", - "tcp.nxtseq": "9748", - "tcp.ack": "1535", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000c700", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:88:1e:a7:9d:04:98", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2459678, TSecr 2812085400": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2459678", - "tcp.options.timestamp.tsecr": "2812085400" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "352", - "tcp.analysis.push_bytes_sent": "352" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "347", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:b9:e1:50:5a:de:34:98:f8:60:56:fa:d9:c9:43:91:64:2b:83:6f:e6:61:85:8f:4e:62:77:c1:c8:1a:ac:8f:43:4a:c9:8b:e0:f6:9d:93:3a:50:29:10:98:3f:04:b6:4a:8b:17:1e:ab:b3:05:3c:a7:2e:8a:24:8d:5f:6e:db:38:c7:c8:4c:47:65:9a:12:40:b3:4c:c4:67:4c:78:f1:d1:04:92:9d:a8:6c:41:47:d4:93:82:bf:c4:7c:e3:a5:02:4c:65:08:f9:24:0f:53:88:a0:17:69:6a:41:86:1d:19:07:c4:31:a8:f1:21:f8:c7:60:d8:e0:a0:50:d3:c4:67:09:8b:12:a8:14:1c:59:76:44:53:1c:86:4b:13:f8:c3:5f:eb:a4:df:1c:5e:84:85:ec:61:28:a6:5f:f9:c2:af:ff:00:c5:32:9d:36:53:3a:a6:e8:96:a2:25:10:cb:3b:2c:3d:ec:21:d1:3d:d1:28:23:ab:25:c3:8c:2d:05:d3:a0:13:72:ee:cb:40:52:65:80:b4:fe:62:d4:82:e2:7f:0c:c9:5e:d6:cb:61:6f:5b:35:e3:f3:6c:63:05:e8:c0:81:db:e2:51:f2:b5:80:5b:14:72:3a:5f:05:8c:30:3b:e7:c0:1f:1a:27:83:15:12:28:ba:81:88:39:bc:5e:dd:8e:53:63:5a:c9:a2:5b:e6:eb:38:ba:36:21:ee:a8:c7:8d:f5:e8:85:1a:47:e2:f7:5b:13:bb:77:67:ec:5e:07:52:2e:64:2f:df:ac:89:aa:c1:37:36:81:75:57:ae:a7:ac:8d:8f:63:54:91:6c:69:bd:64:d5:b5:26:59:1a:aa:af:c1:5c:c6:56:86:29:f2:92:d1:6e:80:a7:c8:60:11:6f:b8:f7:e2" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:42.410389000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494142.410389000", - "frame.time_delta": "0.060954000", - "frame.time_delta_displayed": "0.060954000", - "frame.time_relative": "550.949703000", - "frame.number": "2132", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002c15", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000393b", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "1535", - "tcp.nxtseq": "1582", - "tcp.ack": "9748", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00002c49", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9d:15:5f:00:25:88:1e", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812089695, TSecr 2459678": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812089695", - "tcp.options.timestamp.tsecr": "2459678" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2131", - "tcp.analysis.ack_rtt": "0.060954000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:45:d3:59:c5:ee:a1:59:d8:ac:d2:a0:04:03:fa:cc:f2:4f:71:8c:4f:0a:67:57:23:42:22:5b:41:80:de:65:a2:2b:b6:4f" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:42.410828000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494142.410828000", - "frame.time_delta": "0.000439000", - "frame.time_delta_displayed": "0.000439000", - "frame.time_relative": "550.950142000", - "frame.number": "2133", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00009525", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000785a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "9748", - "tcp.ack": "1582", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000ddda", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:88:24:a7:9d:15:5f", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2459684, TSecr 2812089695": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2459684", - "tcp.options.timestamp.tsecr": "2812089695" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2132", - "tcp.analysis.ack_rtt": "0.000439000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:43.175613000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494143.175613000", - "frame.time_delta": "0.764785000", - "frame.time_delta_displayed": "0.764785000", - "frame.time_relative": "551.714927000", - "frame.number": "2134", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00005e61", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000058ea", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "60446", - "udp.port": "1900", - "udp.port": "60446", - "udp.length": "305", - "udp.checksum": "0x0000d8fc", - "udp.checksum.status": "2", - "udp.stream": "42" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "22", - "http.prev_response_in": "2130" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:43.228378000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494143.228378000", - "frame.time_delta": "0.052765000", - "frame.time_delta_displayed": "0.052765000", - "frame.time_relative": "551.767692000", - "frame.number": "2135", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00005e66", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000058dc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "60446", - "udp.port": "1900", - "udp.port": "60446", - "udp.length": "314", - "udp.checksum": "0x0000e6e7", - "udp.checksum.status": "2", - "udp.stream": "42" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "23", - "http.prev_response_in": "2134" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:43.280716000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494143.280716000", - "frame.time_delta": "0.052338000", - "frame.time_delta_displayed": "0.052338000", - "frame.time_relative": "551.820030000", - "frame.number": "2136", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00005e69", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000058df", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "60446", - "udp.port": "1900", - "udp.port": "60446", - "udp.length": "308", - "udp.checksum": "0x00000a72", - "udp.checksum.status": "2", - "udp.stream": "42" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "24", - "http.prev_response_in": "2135" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:55:54.996715000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494154.996715000", - "frame.time_delta": "11.715999000", - "frame.time_delta_displayed": "11.715999000", - "frame.time_relative": "563.536029000", - "frame.number": "2137", - "frame.len": "103", - "frame.cap_len": "103", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "89", - "ip.id": "0x00000d54", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000cc45", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "69", - "udp.checksum": "0x00000f59", - "udp.checksum.status": "2", - "udp.stream": "38" - }, - "mdns": { - "dns.id": "0x00000003", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_FFACD959._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_FFACD959._sub._googlecast._tcp.local", - "dns.qry.name.len": "37", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:56:04.076970000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494164.076970000", - "frame.time_delta": "9.080255000", - "frame.time_delta_displayed": "9.080255000", - "frame.time_relative": "572.616284000", - "frame.number": "2138", - "frame.len": "94", - "frame.cap_len": "94", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "80", - "ip.id": "0x000057e5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a684", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "40", - "tcp.seq": "162", - "tcp.nxtseq": "202", - "tcp.ack": "145", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000a652", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "40", - "tcp.analysis.push_bytes_sent": "40" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "35", - "ssl.app_data": "c1:4c:bc:6e:d4:4e:36:e0:56:1a:bf:86:a1:ef:6c:86:9b:f6:69:41:6d:9d:05:cf:34:09:4b:d3:b7:11:07:d0:f6:bc:ad" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:56:04.220660000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494164.220660000", - "frame.time_delta": "0.143690000", - "frame.time_delta_displayed": "0.143690000", - "frame.time_relative": "572.759974000", - "frame.number": "2139", - "frame.len": "90", - "frame.cap_len": "90", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "76", - "ip.id": "0x00000fd6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fd97", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "36", - "tcp.seq": "145", - "tcp.nxtseq": "181", - "tcp.ack": "202", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00006035", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2138", - "tcp.analysis.ack_rtt": "0.143690000", - "tcp.analysis.bytes_in_flight": "36", - "tcp.analysis.push_bytes_sent": "36" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "31", - "ssl.app_data": "54:26:79:5a:1e:3d:fa:66:c4:4c:ec:35:34:3a:02:fc:28:0b:d5:36:c3:65:5f:eb:6a:7f:9e:e5:85:9f:fa" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:56:04.221175000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494164.221175000", - "frame.time_delta": "0.000515000", - "frame.time_delta_displayed": "0.000515000", - "frame.time_relative": "572.760489000", - "frame.number": "2140", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000057e6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a6ab", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "202", - "tcp.ack": "181", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00000542", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2139", - "tcp.analysis.ack_rtt": "0.000515000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:56:06.274791000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494166.274791000", - "frame.time_delta": "2.053616000", - "frame.time_delta_displayed": "2.053616000", - "frame.time_relative": "574.814105000", - "frame.number": "2141", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005bd9", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x00005c10", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:56:11.009481000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494171.009481000", - "frame.time_delta": "4.734690000", - "frame.time_delta_displayed": "4.734690000", - "frame.time_relative": "579.548795000", - "frame.number": "2142", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x00008450", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00004507", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:56:11.062424000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494171.062424000", - "frame.time_delta": "0.052943000", - "frame.time_delta_displayed": "0.052943000", - "frame.time_relative": "579.601738000", - "frame.number": "2143", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x00008455", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00004502", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:56:11.115233000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494171.115233000", - "frame.time_delta": "0.052809000", - "frame.time_delta_displayed": "0.052809000", - "frame.time_relative": "579.654547000", - "frame.number": "2144", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x0000845a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000044f4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:56:11.129200000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494171.129200000", - "frame.time_delta": "0.013967000", - "frame.time_delta_displayed": "0.013967000", - "frame.time_relative": "579.668514000", - "frame.number": "2145", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x00009207", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000266e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47470", - "tcp.dstport": "80", - "tcp.port": "47470", - "tcp.port": "80", - "tcp.stream": "105", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x0000cbf3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:35:e1:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 931297, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "931297", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:56:11.129749000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494171.129749000", - "frame.time_delta": "0.000549000", - "frame.time_delta_displayed": "0.000549000", - "frame.time_relative": "579.669063000", - "frame.number": "2146", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47470", - "tcp.port": "80", - "tcp.port": "47470", - "tcp.stream": "105", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00008f17", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2145", - "tcp.analysis.ack_rtt": "0.000549000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:56:11.132960000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494171.132960000", - "frame.time_delta": "0.003211000", - "frame.time_delta_displayed": "0.003211000", - "frame.time_relative": "579.672274000", - "frame.number": "2147", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00009208", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00002681", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47470", - "tcp.dstport": "80", - "tcp.port": "47470", - "tcp.port": "80", - "tcp.stream": "105", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000409f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2146", - "tcp.analysis.ack_rtt": "0.003211000", - "tcp.analysis.initial_rtt": "0.003760000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:56:11.134092000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494171.134092000", - "frame.time_delta": "0.001132000", - "frame.time_delta_displayed": "0.001132000", - "frame.time_relative": "579.673406000", - "frame.number": "2148", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x00009209", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000025c0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47470", - "tcp.dstport": "80", - "tcp.port": "47470", - "tcp.port": "80", - "tcp.stream": "105", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000a019", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003760000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:56:11.134566000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494171.134566000", - "frame.time_delta": "0.000474000", - "frame.time_delta_displayed": "0.000474000", - "frame.time_relative": "579.673880000", - "frame.number": "2149", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00007db1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003ad8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47470", - "tcp.port": "80", - "tcp.port": "47470", - "tcp.stream": "105", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000326e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2148", - "tcp.analysis.ack_rtt": "0.000474000", - "tcp.analysis.initial_rtt": "0.003760000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:56:11.135237000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494171.135237000", - "frame.time_delta": "0.000671000", - "frame.time_delta_displayed": "0.000671000", - "frame.time_relative": "579.674551000", - "frame.number": "2150", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00007db2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003ac6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47470", - "tcp.port": "80", - "tcp.port": "47470", - "tcp.stream": "105", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000728f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003760000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:56:11.135662000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494171.135662000", - "frame.time_delta": "0.000425000", - "frame.time_delta_displayed": "0.000425000", - "frame.time_relative": "579.674976000", - "frame.number": "2151", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00007db3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000036f3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47470", - "tcp.port": "80", - "tcp.port": "47470", - "tcp.stream": "105", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000c4f8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003760000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "2150", - "tcp.segment": "2151", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001570000", - "http.request_in": "2148", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:56:11.139038000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494171.139038000", - "frame.time_delta": "0.003376000", - "frame.time_delta_displayed": "0.003376000", - "frame.time_relative": "579.678352000", - "frame.number": "2152", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000920a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000267f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47470", - "tcp.dstport": "80", - "tcp.port": "47470", - "tcp.port": "80", - "tcp.stream": "105", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00003fce", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2150", - "tcp.analysis.ack_rtt": "0.003801000", - "tcp.analysis.initial_rtt": "0.003760000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:56:11.139079000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494171.139079000", - "frame.time_delta": "0.000041000", - "frame.time_delta_displayed": "0.000041000", - "frame.time_relative": "579.678393000", - "frame.number": "2153", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000920b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000267e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47470", - "tcp.dstport": "80", - "tcp.port": "47470", - "tcp.port": "80", - "tcp.stream": "105", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00003be3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2151", - "tcp.analysis.ack_rtt": "0.003417000", - "tcp.analysis.initial_rtt": "0.003760000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:56:11.139576000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494171.139576000", - "frame.time_delta": "0.000497000", - "frame.time_delta_displayed": "0.000497000", - "frame.time_relative": "579.678890000", - "frame.number": "2154", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000920c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000267d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47470", - "tcp.dstport": "80", - "tcp.port": "47470", - "tcp.port": "80", - "tcp.stream": "105", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00003be2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:56:11.140016000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494171.140016000", - "frame.time_delta": "0.000440000", - "frame.time_delta_displayed": "0.000440000", - "frame.time_relative": "579.679330000", - "frame.number": "2155", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000f28d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000c5fb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47470", - "tcp.port": "80", - "tcp.port": "47470", - "tcp.stream": "105", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00002e78", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2154", - "tcp.analysis.ack_rtt": "0.000440000", - "tcp.analysis.initial_rtt": "0.003760000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:56:11.143100000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494171.143100000", - "frame.time_delta": "0.003084000", - "frame.time_delta_displayed": "0.003084000", - "frame.time_relative": "579.682414000", - "frame.number": "2156", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000059d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b2ec", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47470", - "tcp.dstport": "80", - "tcp.port": "47470", - "tcp.port": "80", - "tcp.stream": "105", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00006902", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:56:11.168341000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494171.168341000", - "frame.time_delta": "0.025241000", - "frame.time_delta_displayed": "0.025241000", - "frame.time_relative": "579.707655000", - "frame.number": "2157", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x0000845f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000044ef", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:56:11.221414000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494171.221414000", - "frame.time_delta": "0.053073000", - "frame.time_delta_displayed": "0.053073000", - "frame.time_relative": "579.760728000", - "frame.number": "2158", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x00008464", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000044f0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:56:11.274352000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494171.274352000", - "frame.time_delta": "0.052938000", - "frame.time_delta_displayed": "0.052938000", - "frame.time_relative": "579.813666000", - "frame.number": "2159", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x00008469", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000044eb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:56:11.337510000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494171.337510000", - "frame.time_delta": "0.063158000", - "frame.time_delta_displayed": "0.063158000", - "frame.time_relative": "579.876824000", - "frame.number": "2160", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x0000ba66", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000fe0e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47471", - "tcp.dstport": "80", - "tcp.port": "47471", - "tcp.port": "80", - "tcp.stream": "106", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x0000f263", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:35:f5:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 931317, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "931317", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:56:11.338081000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494171.338081000", - "frame.time_delta": "0.000571000", - "frame.time_delta_displayed": "0.000571000", - "frame.time_relative": "579.877395000", - "frame.number": "2161", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47471", - "tcp.port": "80", - "tcp.port": "47471", - "tcp.stream": "106", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000c30b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2160", - "tcp.analysis.ack_rtt": "0.000571000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:56:11.340623000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494171.340623000", - "frame.time_delta": "0.002542000", - "frame.time_delta_displayed": "0.002542000", - "frame.time_relative": "579.879937000", - "frame.number": "2162", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000ba67", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000fe21", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47471", - "tcp.dstport": "80", - "tcp.port": "47471", - "tcp.port": "80", - "tcp.stream": "106", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00007493", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2161", - "tcp.analysis.ack_rtt": "0.002542000", - "tcp.analysis.initial_rtt": "0.003113000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:56:11.340757000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494171.340757000", - "frame.time_delta": "0.000134000", - "frame.time_delta_displayed": "0.000134000", - "frame.time_relative": "579.880071000", - "frame.number": "2163", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x0000ba68", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000fd60", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47471", - "tcp.dstport": "80", - "tcp.port": "47471", - "tcp.port": "80", - "tcp.stream": "106", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000d40d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003113000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:56:11.341194000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494171.341194000", - "frame.time_delta": "0.000437000", - "frame.time_delta_displayed": "0.000437000", - "frame.time_relative": "579.880508000", - "frame.number": "2164", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00009e3d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001a4c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47471", - "tcp.port": "80", - "tcp.port": "47471", - "tcp.stream": "106", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00006662", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2163", - "tcp.analysis.ack_rtt": "0.000437000", - "tcp.analysis.initial_rtt": "0.003113000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:56:11.341922000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494171.341922000", - "frame.time_delta": "0.000728000", - "frame.time_delta_displayed": "0.000728000", - "frame.time_relative": "579.881236000", - "frame.number": "2165", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00009e3e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001a3a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47471", - "tcp.port": "80", - "tcp.port": "47471", - "tcp.stream": "106", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000a683", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003113000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:56:11.342279000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494171.342279000", - "frame.time_delta": "0.000357000", - "frame.time_delta_displayed": "0.000357000", - "frame.time_relative": "579.881593000", - "frame.number": "2166", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00009e3f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001667", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47471", - "tcp.port": "80", - "tcp.port": "47471", - "tcp.stream": "106", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000f8ec", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003113000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "2165", - "tcp.segment": "2166", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001522000", - "http.request_in": "2163", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:56:11.344501000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494171.344501000", - "frame.time_delta": "0.002222000", - "frame.time_delta_displayed": "0.002222000", - "frame.time_relative": "579.883815000", - "frame.number": "2167", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000ba69", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000fe1f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47471", - "tcp.dstport": "80", - "tcp.port": "47471", - "tcp.port": "80", - "tcp.stream": "106", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000073c2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2165", - "tcp.analysis.ack_rtt": "0.002579000", - "tcp.analysis.initial_rtt": "0.003113000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:56:11.345620000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494171.345620000", - "frame.time_delta": "0.001119000", - "frame.time_delta_displayed": "0.001119000", - "frame.time_relative": "579.884934000", - "frame.number": "2168", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000ba6a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000fe1e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47471", - "tcp.dstport": "80", - "tcp.port": "47471", - "tcp.port": "80", - "tcp.stream": "106", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00006fd7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2166", - "tcp.analysis.ack_rtt": "0.003341000", - "tcp.analysis.initial_rtt": "0.003113000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:56:11.346015000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494171.346015000", - "frame.time_delta": "0.000395000", - "frame.time_delta_displayed": "0.000395000", - "frame.time_relative": "579.885329000", - "frame.number": "2169", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000ba6b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000fe1d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47471", - "tcp.dstport": "80", - "tcp.port": "47471", - "tcp.port": "80", - "tcp.stream": "106", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00006fd6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:56:11.346455000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494171.346455000", - "frame.time_delta": "0.000440000", - "frame.time_delta_displayed": "0.000440000", - "frame.time_relative": "579.885769000", - "frame.number": "2170", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000f295", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000c5f3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47471", - "tcp.port": "80", - "tcp.port": "47471", - "tcp.stream": "106", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000626c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2169", - "tcp.analysis.ack_rtt": "0.000440000", - "tcp.analysis.initial_rtt": "0.003113000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:56:11.348811000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494171.348811000", - "frame.time_delta": "0.002356000", - "frame.time_delta_displayed": "0.002356000", - "frame.time_relative": "579.888125000", - "frame.number": "2171", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000005b1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b2d8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47471", - "tcp.dstport": "80", - "tcp.port": "47471", - "tcp.port": "80", - "tcp.stream": "106", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00008f86", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:56:11.644703000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494171.644703000", - "frame.time_delta": "0.295892000", - "frame.time_delta_displayed": "0.295892000", - "frame.time_relative": "580.184017000", - "frame.number": "2172", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "60:f1:89:96:45:f6", - "arp.src.proto_ipv4": "192.168.0.86", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:56:13.412904000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494173.412904000", - "frame.time_delta": "1.768201000", - "frame.time_delta_displayed": "1.768201000", - "frame.time_relative": "581.952218000", - "frame.number": "2173", - "frame.len": "115", - "frame.cap_len": "115", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "101", - "ip.id": "0x00009526", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007828", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "49", - "tcp.seq": "9748", - "tcp.nxtseq": "9797", - "tcp.ack": "1582", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000e760", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:94:40:a7:9d:15:5f", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2462784, TSecr 2812089695": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2462784", - "tcp.options.timestamp.tsecr": "2812089695" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "49", - "tcp.analysis.push_bytes_sent": "49" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "44", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:ba:7d:4e:f1:3c:48:af:ab:61:e8:8b:90:80:5b:c6:9a:34:8d:67:38:8e:20:a9:a2:fa:56:96:53:88:37:d6:86:2c:36:12:0b:bd" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:56:13.474866000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494173.474866000", - "frame.time_delta": "0.061962000", - "frame.time_delta_displayed": "0.061962000", - "frame.time_relative": "582.014180000", - "frame.number": "2174", - "frame.len": "121", - "frame.cap_len": "121", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "107", - "ip.id": "0x00002c16", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003932", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "55", - "tcp.seq": "1582", - "tcp.nxtseq": "1637", - "tcp.ack": "9797", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000e849", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9d:33:b5:00:25:94:40", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812097461, TSecr 2462784": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812097461", - "tcp.options.timestamp.tsecr": "2462784" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2173", - "tcp.analysis.ack_rtt": "0.061962000", - "tcp.analysis.bytes_in_flight": "55", - "tcp.analysis.push_bytes_sent": "55" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "50", - "ssl.app_data": "34:cd:34:17:47:48:0e:46:ed:8f:d0:ec:83:53:69:88:fc:81:0f:97:87:61:b1:ff:4a:f1:1e:9b:82:51:54:ce:c9:03:a8:34:ef:1b:a1:26:62:c5:cd:cf:6d:1d:73:d1:97:8e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:56:13.475360000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494173.475360000", - "frame.time_delta": "0.000494000", - "frame.time_delta_displayed": "0.000494000", - "frame.time_relative": "582.014674000", - "frame.number": "2175", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00009527", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007858", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "9797", - "tcp.ack": "1637", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000b2f9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:94:47:a7:9d:33:b5", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2462791, TSecr 2812097461": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2462791", - "tcp.options.timestamp.tsecr": "2812097461" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2174", - "tcp.analysis.ack_rtt": "0.000494000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:56:14.247508000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494174.247508000", - "frame.time_delta": "0.772148000", - "frame.time_delta_displayed": "0.772148000", - "frame.time_relative": "582.786822000", - "frame.number": "2176", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:igmp:igmp" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_16", - "eth.addr": "01:00:5e:00:00:16", - "eth.addr_resolved": "IPv4mcast_16", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "24", - "ip.dsfield": "0x000000c0", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "48", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "2", - "ip.checksum": "0x000042fb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "224.0.0.22", - "ip.addr": "224.0.0.22", - "ip.dst_host": "224.0.0.22", - "ip.host": "224.0.0.22", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "Options: (4 bytes), Router Alert": { - "Router Alert (4 bytes): Router shall examine packet (0)": { - "ip.opt.type": "148", - "ip.opt.type_tree": { - "ip.opt.type.copy": "1", - "ip.opt.type.class": "0", - "ip.opt.type.number": "20" - }, - "ip.opt.len": "4", - "ip.opt.ra": "0" - } - } - }, - "igmp": { - "igmp.version": "3", - "igmp.type": "0x00000022", - "igmp.reserved": "00", - "igmp.checksum": "0x0000fa02", - "igmp.checksum.status": "1", - "igmp.reserved": "00:00", - "igmp.num_grp_recs": "1", - "Group Record : 224.0.0.251 Change To Include Mode": { - "igmp.record_type": "3", - "igmp.aux_data_len": "0", - "igmp.num_src": "0", - "igmp.maddr": "224.0.0.251" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:56:14.262482000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494174.262482000", - "frame.time_delta": "0.014974000", - "frame.time_delta_displayed": "0.014974000", - "frame.time_relative": "582.801796000", - "frame.number": "2177", - "frame.len": "62", - "frame.cap_len": "62", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:igmp:igmp" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_16", - "eth.addr": "01:00:5e:00:00:16", - "eth.addr_resolved": "IPv4mcast_16", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "24", - "ip.dsfield": "0x000000c0", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "48", - "ip.dsfield.ecn": "0" - }, - "ip.len": "48", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "2", - "ip.checksum": "0x000042f3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "224.0.0.22", - "ip.addr": "224.0.0.22", - "ip.dst_host": "224.0.0.22", - "ip.host": "224.0.0.22", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "Options: (4 bytes), Router Alert": { - "Router Alert (4 bytes): Router shall examine packet (0)": { - "ip.opt.type": "148", - "ip.opt.type_tree": { - "ip.opt.type.copy": "1", - "ip.opt.type.class": "0", - "ip.opt.type.number": "20" - }, - "ip.opt.len": "4", - "ip.opt.ra": "0" - } - } - }, - "igmp": { - "igmp.version": "3", - "igmp.type": "0x00000022", - "igmp.reserved": "00", - "igmp.checksum": "0x00000707", - "igmp.checksum.status": "1", - "igmp.reserved": "00:00", - "igmp.num_grp_recs": "2", - "Group Record : 239.255.255.250 Change To Include Mode": { - "igmp.record_type": "3", - "igmp.aux_data_len": "0", - "igmp.num_src": "0", - "igmp.maddr": "239.255.255.250" - }, - "Group Record : 224.0.0.251 Change To Include Mode": { - "igmp.record_type": "3", - "igmp.aux_data_len": "0", - "igmp.num_src": "0", - "igmp.maddr": "224.0.0.251" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:56:14.577121000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494174.577121000", - "frame.time_delta": "0.314639000", - "frame.time_delta_displayed": "0.314639000", - "frame.time_relative": "583.116435000", - "frame.number": "2178", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:igmp:igmp" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_16", - "eth.addr": "01:00:5e:00:00:16", - "eth.addr_resolved": "IPv4mcast_16", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "24", - "ip.dsfield": "0x000000c0", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "48", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "2", - "ip.checksum": "0x000042fb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "224.0.0.22", - "ip.addr": "224.0.0.22", - "ip.dst_host": "224.0.0.22", - "ip.host": "224.0.0.22", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "Options: (4 bytes), Router Alert": { - "Router Alert (4 bytes): Router shall examine packet (0)": { - "ip.opt.type": "148", - "ip.opt.type_tree": { - "ip.opt.type.copy": "1", - "ip.opt.type.class": "0", - "ip.opt.type.number": "20" - }, - "ip.opt.len": "4", - "ip.opt.ra": "0" - } - } - }, - "igmp": { - "igmp.version": "3", - "igmp.type": "0x00000022", - "igmp.reserved": "00", - "igmp.checksum": "0x0000eb03", - "igmp.checksum.status": "1", - "igmp.reserved": "00:00", - "igmp.num_grp_recs": "1", - "Group Record : 239.255.255.250 Change To Include Mode": { - "igmp.record_type": "3", - "igmp.aux_data_len": "0", - "igmp.num_src": "0", - "igmp.maddr": "239.255.255.250" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:56:18.490172000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494178.490172000", - "frame.time_delta": "3.913051000", - "frame.time_delta_displayed": "3.913051000", - "frame.time_relative": "587.029486000", - "frame.number": "2179", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.242" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:56:18.490615000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494178.490615000", - "frame.time_delta": "0.000443000", - "frame.time_delta_displayed": "0.000443000", - "frame.time_relative": "587.029929000", - "frame.number": "2180", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "d0:52:a8:a3:60:0f", - "arp.src.proto_ipv4": "192.168.0.242", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:56:25.137521000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494185.137521000", - "frame.time_delta": "6.646906000", - "frame.time_delta_displayed": "6.646906000", - "frame.time_relative": "593.676835000", - "frame.number": "2181", - "frame.len": "412", - "frame.cap_len": "412", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "398", - "ip.id": "0x00009528", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000076fd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "346", - "tcp.seq": "9797", - "tcp.nxtseq": "10143", - "tcp.ack": "1637", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00002104", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:98:d5:a7:9d:33:b5", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2463957, TSecr 2812097461": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2463957", - "tcp.options.timestamp.tsecr": "2812097461" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "346", - "tcp.analysis.push_bytes_sent": "346" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "341", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:bb:c3:b7:95:b7:81:6d:c1:4e:e2:84:45:61:60:4c:97:9d:68:4f:d0:f5:c1:a0:3e:a3:00:e6:4c:d5:ea:6f:ee:83:f4:e5:33:7d:54:b3:34:f7:1b:5b:db:0c:2d:13:92:8e:09:fe:fd:0b:5a:93:3e:07:32:8e:56:95:30:7f:54:14:10:91:95:aa:dd:b4:4d:b7:8d:72:7c:25:75:c8:06:cc:50:31:df:90:55:e9:08:85:42:55:6f:4a:3b:28:a9:02:12:77:cf:39:e3:d7:22:11:44:af:c9:c7:e4:8e:8b:d0:39:8d:d8:88:36:fa:c8:7f:3d:77:b5:3b:98:4b:61:93:4f:2d:f3:bb:12:c0:67:d5:70:ae:99:8c:79:f3:38:11:ad:ef:e3:f5:54:0c:60:43:06:8c:42:1d:bf:6d:29:93:97:11:9c:63:6d:2c:4a:59:32:6c:54:0c:e9:b6:54:b6:69:61:45:16:00:5d:98:8c:20:81:57:21:8c:71:2d:c1:d9:c8:0a:94:d7:a6:ff:6e:72:6a:a8:b9:af:b8:4f:8a:69:ac:03:99:15:9b:ee:23:5d:38:4a:52:11:7c:f2:64:38:80:51:e0:9a:1f:69:37:f9:1a:85:47:b6:fb:2c:8d:e2:88:da:5c:a8:08:08:31:d7:e9:ad:34:68:b5:2d:4a:e0:4a:d1:0a:fa:df:10:1a:d0:82:23:ed:d1:74:99:fa:5c:a3:bd:7a:8f:6b:b9:ed:15:72:2e:eb:b3:52:4b:4e:a0:b3:cf:0b:d2:90:2c:87:05:f6:5b:62:0e:30:2c:ca:6e:d0:1b:03:41:7f:b6:71:87:0f:c8:6b:c8:fb:6d:4b:48:2e:68:e5:39:ee:43:d8:a9:03:0d:89:93" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:56:25.198452000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494185.198452000", - "frame.time_delta": "0.060931000", - "frame.time_delta_displayed": "0.060931000", - "frame.time_relative": "593.737766000", - "frame.number": "2182", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002c17", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003939", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "1637", - "tcp.nxtseq": "1684", - "tcp.ack": "10143", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00008a65", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9d:3f:28:00:25:98:d5", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812100392, TSecr 2463957": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812100392", - "tcp.options.timestamp.tsecr": "2463957" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2181", - "tcp.analysis.ack_rtt": "0.060931000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:47:b3:b1:b2:f8:78:32:e4:8b:87:4e:dd:d5:68:46:cb:83:36:92:eb:ac:09:fc:3f:df:67:59:03:f0:4c:b3:98:d6:16:1b" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:56:25.198843000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494185.198843000", - "frame.time_delta": "0.000391000", - "frame.time_delta_displayed": "0.000391000", - "frame.time_relative": "593.738157000", - "frame.number": "2183", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00009529", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007856", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "10143", - "tcp.ack": "1684", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000a169", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:98:db:a7:9d:3f:28", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2463963, TSecr 2812100392": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2463963", - "tcp.options.timestamp.tsecr": "2812100392" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2182", - "tcp.analysis.ack_rtt": "0.000391000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:56:25.363133000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494185.363133000", - "frame.time_delta": "0.164290000", - "frame.time_delta_displayed": "0.164290000", - "frame.time_relative": "593.902447000", - "frame.number": "2184", - "frame.len": "130", - "frame.cap_len": "130", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "116", - "ip.id": "0x00000aa9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ede7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "96", - "udp.checksum": "0x000096f2", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "58:00:00:54:42:52:4b:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:00:04:46:c9:93:f6:cc:f2:14:6b:00:00:00:52:a0:21:21:33:33:34:21:00:00:00:00:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", - "data.len": "88" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:56:25.579468000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494185.579468000", - "frame.time_delta": "0.216335000", - "frame.time_delta_displayed": "0.216335000", - "frame.time_relative": "594.118782000", - "frame.number": "2185", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d6b", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000ba85", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00000898", - "udp.checksum.status": "2", - "udp.stream": "16" - }, - "mdns": { - "dns.id": "0x0000026b", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=619", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:56:25.580128000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494185.580128000", - "frame.time_delta": "0.000660000", - "frame.time_delta_displayed": "0.000660000", - "frame.time_relative": "594.119442000", - "frame.number": "2186", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d6c", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009b80", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000e993", - "udp.checksum.status": "2", - "udp.stream": "17" - }, - "mdns": { - "dns.id": "0x0000026b", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=619", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:56:25.580637000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494185.580637000", - "frame.time_delta": "0.000509000", - "frame.time_delta_displayed": "0.000509000", - "frame.time_relative": "594.119951000", - "frame.number": "2187", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1319", - "udp.dstport": "5353", - "udp.port": "1319", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00007759", - "udp.checksum.status": "2", - "udp.stream": "18" - }, - "mdns": { - "dns.id": "0x0000026b", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=619", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:56:28.851619000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494188.851619000", - "frame.time_delta": "3.270982000", - "frame.time_delta_displayed": "3.270982000", - "frame.time_relative": "597.390933000", - "frame.number": "2188", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "3c:ef:8c:6f:79:5a", - "eth.src_tree": { - "eth.src_resolved": "Zhejiang_6f:79:5a", - "eth.addr": "3c:ef:8c:6f:79:5a", - "eth.addr_resolved": "Zhejiang_6f:79:5a", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.isgratuitous": "1", - "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", - "arp.src.proto_ipv4": "192.168.0.71", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.71" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:56:30.584227000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494190.584227000", - "frame.time_delta": "1.732608000", - "frame.time_delta_displayed": "1.732608000", - "frame.time_relative": "599.123541000", - "frame.number": "2189", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d6d", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000ba83", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00000898", - "udp.checksum.status": "2", - "udp.stream": "16" - }, - "mdns": { - "dns.id": "0x0000026b", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=619", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:56:30.584745000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494190.584745000", - "frame.time_delta": "0.000518000", - "frame.time_delta_displayed": "0.000518000", - "frame.time_relative": "599.124059000", - "frame.number": "2190", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d6e", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009b7e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000e993", - "udp.checksum.status": "2", - "udp.stream": "17" - }, - "mdns": { - "dns.id": "0x0000026b", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=619", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:56:30.585167000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494190.585167000", - "frame.time_delta": "0.000422000", - "frame.time_delta_displayed": "0.000422000", - "frame.time_relative": "599.124481000", - "frame.number": "2191", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1319", - "udp.dstport": "5353", - "udp.port": "1319", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00007759", - "udp.checksum.status": "2", - "udp.stream": "18" - }, - "mdns": { - "dns.id": "0x0000026b", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=619", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:56:34.260491000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494194.260491000", - "frame.time_delta": "3.675324000", - "frame.time_delta_displayed": "3.675324000", - "frame.time_relative": "602.799805000", - "frame.number": "2192", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000057e7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a6aa", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "201", - "tcp.ack": "181", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00000543", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive": "", - "_ws.expert.message": "TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:56:34.403685000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494194.403685000", - "frame.time_delta": "0.143194000", - "frame.time_delta_displayed": "0.143194000", - "frame.time_relative": "602.942999000", - "frame.number": "2193", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000fd7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fdba", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "181", - "tcp.ack": "202", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00000fb8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive_ack": "", - "_ws.expert.message": "ACK to a TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:56:35.579865000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494195.579865000", - "frame.time_delta": "1.176180000", - "frame.time_delta_displayed": "1.176180000", - "frame.time_relative": "604.119179000", - "frame.number": "2194", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d6f", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000ba81", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00000898", - "udp.checksum.status": "2", - "udp.stream": "16" - }, - "mdns": { - "dns.id": "0x0000026b", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=619", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:56:35.580486000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494195.580486000", - "frame.time_delta": "0.000621000", - "frame.time_delta_displayed": "0.000621000", - "frame.time_relative": "604.119800000", - "frame.number": "2195", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d70", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009b7c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000e993", - "udp.checksum.status": "2", - "udp.stream": "17" - }, - "mdns": { - "dns.id": "0x0000026b", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=619", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:56:35.581006000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494195.581006000", - "frame.time_delta": "0.000520000", - "frame.time_delta_displayed": "0.000520000", - "frame.time_relative": "604.120320000", - "frame.number": "2196", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1319", - "udp.dstport": "5353", - "udp.port": "1319", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00007759", - "udp.checksum.status": "2", - "udp.stream": "18" - }, - "mdns": { - "dns.id": "0x0000026b", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=619", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:56:36.278023000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494196.278023000", - "frame.time_delta": "0.697017000", - "frame.time_delta_displayed": "0.697017000", - "frame.time_relative": "604.817337000", - "frame.number": "2197", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005be0", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x00005c09", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:56:39.410234000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494199.410234000", - "frame.time_delta": "3.132211000", - "frame.time_delta_displayed": "3.132211000", - "frame.time_relative": "607.949548000", - "frame.number": "2198", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.160" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:56:39.410727000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494199.410727000", - "frame.time_delta": "0.000493000", - "frame.time_delta_displayed": "0.000493000", - "frame.time_relative": "607.950041000", - "frame.number": "2199", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "00:17:88:69:ee:e4", - "arp.src.proto_ipv4": "192.168.0.160", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:56:40.620026000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494200.620026000", - "frame.time_delta": "1.209299000", - "frame.time_delta_displayed": "1.209299000", - "frame.time_relative": "609.159340000", - "frame.number": "2200", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "50:c7:bf:59:d5:84", - "eth.src_tree": { - "eth.src_resolved": "Tp-LinkT_59:d5:84", - "eth.addr": "50:c7:bf:59:d5:84", - "eth.addr_resolved": "Tp-LinkT_59:d5:84", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "50:c7:bf:59:d5:84", - "arp.src.proto_ipv4": "192.168.0.221", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:56:56.207506000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494216.207506000", - "frame.time_delta": "15.587480000", - "frame.time_delta_displayed": "15.587480000", - "frame.time_relative": "624.746820000", - "frame.number": "2201", - "frame.len": "115", - "frame.cap_len": "115", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "101", - "ip.id": "0x0000952a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007824", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "49", - "tcp.seq": "10143", - "tcp.nxtseq": "10192", - "tcp.ack": "1684", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000d2b1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:a4:f8:a7:9d:3f:28", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2467064, TSecr 2812100392": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2467064", - "tcp.options.timestamp.tsecr": "2812100392" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "49", - "tcp.analysis.push_bytes_sent": "49" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "44", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:bc:38:79:a6:56:58:96:80:68:c3:dc:e5:c3:ee:7c:ec:20:e5:65:6c:65:cd:32:61:8a:95:ee:6b:f5:74:5a:a3:90:cd:1d:9e:81" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:56:56.268855000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494216.268855000", - "frame.time_delta": "0.061349000", - "frame.time_delta_displayed": "0.061349000", - "frame.time_relative": "624.808169000", - "frame.number": "2202", - "frame.len": "121", - "frame.cap_len": "121", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "107", - "ip.id": "0x00002c18", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003930", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "55", - "tcp.seq": "1684", - "tcp.nxtseq": "1739", - "tcp.ack": "10192", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00006a3a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9d:5d:7f:00:25:a4:f8", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812108159, TSecr 2467064": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812108159", - "tcp.options.timestamp.tsecr": "2467064" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2201", - "tcp.analysis.ack_rtt": "0.061349000", - "tcp.analysis.bytes_in_flight": "55", - "tcp.analysis.push_bytes_sent": "55" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "50", - "ssl.app_data": "34:cd:34:17:47:48:0e:48:8d:cc:44:93:ca:e4:c4:8b:96:83:a2:12:a9:b8:e8:8f:20:9b:85:93:08:47:1c:06:9c:52:05:6f:2b:60:b2:4a:ed:c9:8a:07:e9:e1:5d:71:42:90" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:56:56.269352000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494216.269352000", - "frame.time_delta": "0.000497000", - "frame.time_delta_displayed": "0.000497000", - "frame.time_relative": "624.808666000", - "frame.number": "2203", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000952b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007854", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "10192", - "tcp.ack": "1739", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00007687", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:a4:fe:a7:9d:5d:7f", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2467070, TSecr 2812108159": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2467070", - "tcp.options.timestamp.tsecr": "2812108159" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2202", - "tcp.analysis.ack_rtt": "0.000497000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:01.270178000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494221.270178000", - "frame.time_delta": "5.000826000", - "frame.time_delta_displayed": "5.000826000", - "frame.time_relative": "629.809492000", - "frame.number": "2204", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.242" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:01.270611000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494221.270611000", - "frame.time_delta": "0.000433000", - "frame.time_delta_displayed": "0.000433000", - "frame.time_relative": "629.809925000", - "frame.number": "2205", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "d0:52:a8:a3:60:0f", - "arp.src.proto_ipv4": "192.168.0.242", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:02.645738000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494222.645738000", - "frame.time_delta": "1.375127000", - "frame.time_delta_displayed": "1.375127000", - "frame.time_relative": "631.185052000", - "frame.number": "2206", - "frame.len": "318", - "frame.cap_len": "318", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:data-text-lines" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "304", - "ip.id": "0x00008a07", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "46", - "ip.proto": "6", - "ip.checksum": "0x000009c3", - "ip.checksum.status": "2", - "ip.src": "54.241.191.236", - "ip.addr": "54.241.191.236", - "ip.src_host": "54.241.191.236", - "ip.host": "54.241.191.236", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.src_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.src_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.src_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49767", - "tcp.port": "80", - "tcp.port": "49767", - "tcp.stream": "26", - "tcp.len": "264", - "tcp.seq": "1", - "tcp.nxtseq": "265", - "tcp.ack": "258", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "30016", - "tcp.window_size": "30016", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00002cf6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.018013000", - "tcp.analysis.bytes_in_flight": "264", - "tcp.analysis.push_bytes_sent": "264" - } - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.date": "Tue, 31 Oct 2017 23:57:02 GMT", - "http.response.line": "Date: Tue, 31 Oct 2017 23:57:02 GMT\r\n", - "http.content_type": "text\/javascript; charset=\"UTF-8\"", - "http.response.line": "Content-Type: text\/javascript; charset=\"UTF-8\"\r\n", - "http.content_length_header": "24", - "http.content_length_header_tree": { - "http.content_length": "24" - }, - "http.response.line": "Content-Length: 24\r\n", - "http.connection": "keep-alive", - "http.response.line": "Connection: keep-alive\r\n", - "http.cache_control": "no-cache", - "http.response.line": "Cache-Control: no-cache\r\n", - "http.response.line": "Access-Control-Allow-Origin: *\r\n", - "http.response.line": "Access-Control-Allow-Methods: GET\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "280.016796000", - "http.request_in": "796", - "http.file_data": "[[],\"15094933571306917\"]" - }, - "data-text-lines": { - "[[],\"15094933571306917\"]": "" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:02.679983000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494222.679983000", - "frame.time_delta": "0.034245000", - "frame.time_delta_displayed": "0.034245000", - "frame.time_relative": "631.219297000", - "frame.number": "2207", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001018", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x0000f3b9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.241.191.236", - "ip.addr": "54.241.191.236", - "ip.dst_host": "54.241.191.236", - "ip.host": "54.241.191.236", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49767", - "tcp.dstport": "80", - "tcp.port": "49767", - "tcp.port": "80", - "tcp.stream": "26", - "tcp.len": "0", - "tcp.seq": "258", - "tcp.ack": "265", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "5336", - "tcp.window_size": "5336", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00008769", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2206", - "tcp.analysis.ack_rtt": "0.034245000", - "tcp.analysis.initial_rtt": "0.018013000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:02.692117000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494222.692117000", - "frame.time_delta": "0.012134000", - "frame.time_delta_displayed": "0.012134000", - "frame.time_relative": "631.231431000", - "frame.number": "2208", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00008a08", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "46", - "ip.proto": "6", - "ip.checksum": "0x00000aca", - "ip.checksum.status": "2", - "ip.src": "54.241.191.236", - "ip.addr": "54.241.191.236", - "ip.src_host": "54.241.191.236", - "ip.host": "54.241.191.236", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.src_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.src_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.src_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49767", - "tcp.port": "80", - "tcp.port": "49767", - "tcp.stream": "26", - "tcp.len": "0", - "tcp.seq": "265", - "tcp.ack": "259", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "30016", - "tcp.window_size": "30016", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00002700", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2207", - "tcp.analysis.ack_rtt": "0.012134000", - "tcp.analysis.initial_rtt": "0.018013000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:02.697952000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494222.697952000", - "frame.time_delta": "0.005835000", - "frame.time_delta_displayed": "0.005835000", - "frame.time_relative": "631.237266000", - "frame.number": "2209", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001019", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x0000f3b8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.241.191.236", - "ip.addr": "54.241.191.236", - "ip.dst_host": "54.241.191.236", - "ip.host": "54.241.191.236", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49767", - "tcp.dstport": "80", - "tcp.port": "49767", - "tcp.port": "80", - "tcp.stream": "26", - "tcp.len": "0", - "tcp.seq": "259", - "tcp.ack": "266", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5335", - "tcp.window_size": "5335", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00008769", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2208", - "tcp.analysis.ack_rtt": "0.005835000", - "tcp.analysis.initial_rtt": "0.018013000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:03.686894000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494223.686894000", - "frame.time_delta": "0.988942000", - "frame.time_delta_displayed": "0.988942000", - "frame.time_relative": "632.226208000", - "frame.number": "2210", - "frame.len": "77", - "frame.cap_len": "77", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "63", - "ip.id": "0x0000101a", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000029ca", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "49153", - "udp.dstport": "53", - "udp.port": "49153", - "udp.port": "53", - "udp.length": "43", - "udp.checksum": "0x0000ae31", - "udp.checksum.status": "2", - "udp.stream": "14" - }, - "dns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "pubsub.pubnub.com: type A, class IN": { - "dns.qry.name": "pubsub.pubnub.com", - "dns.qry.name.len": "17", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:03.702132000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494223.702132000", - "frame.time_delta": "0.015238000", - "frame.time_delta_displayed": "0.015238000", - "frame.time_relative": "632.241446000", - "frame.number": "2211", - "frame.len": "540", - "frame.cap_len": "540", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "526", - "ip.id": "0x00006660", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000050b5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "49153", - "udp.port": "53", - "udp.port": "49153", - "udp.length": "506", - "udp.checksum": "0x000083d5", - "udp.checksum.status": "2", - "udp.stream": "14" - }, - "dns": { - "dns.response_to": "2210", - "dns.time": "0.015238000", - "dns.id": "0x00000000", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "2", - "dns.count.auth_rr": "8", - "dns.count.add_rr": "11", - "Queries": { - "pubsub.pubnub.com: type A, class IN": { - "dns.qry.name": "pubsub.pubnub.com", - "dns.qry.name.len": "17", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "pubsub.pubnub.com: type A, class IN, addr 52.9.63.129": { - "dns.resp.name": "pubsub.pubnub.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "27", - "dns.resp.len": "4", - "dns.a": "52.9.63.129" - }, - "pubsub.pubnub.com: type A, class IN, addr 54.241.191.242": { - "dns.resp.name": "pubsub.pubnub.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "27", - "dns.resp.len": "4", - "dns.a": "54.241.191.242" - } - }, - "Authoritative nameservers": { - "pubnub.com: type NS, class IN, ns ns1.p19.dynect.net": { - "dns.resp.name": "pubnub.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "53336", - "dns.resp.len": "20", - "dns.ns": "ns1.p19.dynect.net" - }, - "pubnub.com: type NS, class IN, ns ns3.p19.dynect.net": { - "dns.resp.name": "pubnub.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "53336", - "dns.resp.len": "6", - "dns.ns": "ns3.p19.dynect.net" - }, - "pubnub.com: type NS, class IN, ns ns-22.awsdns-02.com": { - "dns.resp.name": "pubnub.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "53336", - "dns.resp.len": "18", - "dns.ns": "ns-22.awsdns-02.com" - }, - "pubnub.com: type NS, class IN, ns ns-907.awsdns-49.net": { - "dns.resp.name": "pubnub.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "53336", - "dns.resp.len": "19", - "dns.ns": "ns-907.awsdns-49.net" - }, - "pubnub.com: type NS, class IN, ns ns-1127.awsdns-12.org": { - "dns.resp.name": "pubnub.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "53336", - "dns.resp.len": "23", - "dns.ns": "ns-1127.awsdns-12.org" - }, - "pubnub.com: type NS, class IN, ns ns-1979.awsdns-55.co.uk": { - "dns.resp.name": "pubnub.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "53336", - "dns.resp.len": "25", - "dns.ns": "ns-1979.awsdns-55.co.uk" - }, - "pubnub.com: type NS, class IN, ns ns2.p19.dynect.net": { - "dns.resp.name": "pubnub.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "53336", - "dns.resp.len": "6", - "dns.ns": "ns2.p19.dynect.net" - }, - "pubnub.com: type NS, class IN, ns ns4.p19.dynect.net": { - "dns.resp.name": "pubnub.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "53336", - "dns.resp.len": "6", - "dns.ns": "ns4.p19.dynect.net" - } - }, - "Additional records": { - "ns1.p19.dynect.net: type A, class IN, addr 208.78.70.19": { - "dns.resp.name": "ns1.p19.dynect.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "5627", - "dns.resp.len": "4", - "dns.a": "208.78.70.19" - }, - "ns2.p19.dynect.net: type A, class IN, addr 204.13.250.19": { - "dns.resp.name": "ns2.p19.dynect.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "57587", - "dns.resp.len": "4", - "dns.a": "204.13.250.19" - }, - "ns3.p19.dynect.net: type A, class IN, addr 208.78.71.19": { - "dns.resp.name": "ns3.p19.dynect.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3897", - "dns.resp.len": "4", - "dns.a": "208.78.71.19" - }, - "ns4.p19.dynect.net: type A, class IN, addr 204.13.251.19": { - "dns.resp.name": "ns4.p19.dynect.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "57588", - "dns.resp.len": "4", - "dns.a": "204.13.251.19" - }, - "ns-22.awsdns-02.com: type A, class IN, addr 205.251.192.22": { - "dns.resp.name": "ns-22.awsdns-02.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "58329", - "dns.resp.len": "4", - "dns.a": "205.251.192.22" - }, - "ns-907.awsdns-49.net: type A, class IN, addr 205.251.195.139": { - "dns.resp.name": "ns-907.awsdns-49.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "58437", - "dns.resp.len": "4", - "dns.a": "205.251.195.139" - }, - "ns-1127.awsdns-12.org: type A, class IN, addr 205.251.196.103": { - "dns.resp.name": "ns-1127.awsdns-12.org", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "57979", - "dns.resp.len": "4", - "dns.a": "205.251.196.103" - }, - "ns-1979.awsdns-55.co.uk: type A, class IN, addr 205.251.199.187": { - "dns.resp.name": "ns-1979.awsdns-55.co.uk", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "57780", - "dns.resp.len": "4", - "dns.a": "205.251.199.187" - }, - "ns-22.awsdns-02.com: type AAAA, class IN, addr 2600:9000:5300:1600::1": { - "dns.resp.name": "ns-22.awsdns-02.com", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "58329", - "dns.resp.len": "16", - "dns.aaaa": "2600:9000:5300:1600::1" - }, - "ns-907.awsdns-49.net: type AAAA, class IN, addr 2600:9000:5303:8b00::1": { - "dns.resp.name": "ns-907.awsdns-49.net", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "58437", - "dns.resp.len": "16", - "dns.aaaa": "2600:9000:5303:8b00::1" - }, - "ns-1127.awsdns-12.org: type AAAA, class IN, addr 2600:9000:5304:6700::1": { - "dns.resp.name": "ns-1127.awsdns-12.org", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "57979", - "dns.resp.len": "16", - "dns.aaaa": "2600:9000:5304:6700::1" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:03.708670000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494223.708670000", - "frame.time_delta": "0.006538000", - "frame.time_delta_displayed": "0.006538000", - "frame.time_relative": "632.247984000", - "frame.number": "2212", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "44", - "ip.id": "0x0000101b", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x00007706", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "52.9.63.129", - "ip.addr": "52.9.63.129", - "ip.dst_host": "52.9.63.129", - "ip.host": "52.9.63.129", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49768", - "tcp.dstport": "80", - "tcp.port": "49768", - "tcp.port": "80", - "tcp.stream": "107", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "24", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "5600", - "tcp.window_size": "5600", - "tcp.checksum": "0x00000afc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:78", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1400" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:03.721404000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494223.721404000", - "frame.time_delta": "0.012734000", - "frame.time_delta_displayed": "0.012734000", - "frame.time_relative": "632.260718000", - "frame.number": "2213", - "frame.len": "58", - "frame.cap_len": "58", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "44", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "46", - "ip.proto": "6", - "ip.checksum": "0x00001822", - "ip.checksum.status": "2", - "ip.src": "52.9.63.129", - "ip.addr": "52.9.63.129", - "ip.src_host": "52.9.63.129", - "ip.host": "52.9.63.129", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.src_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.src_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.src_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49768", - "tcp.port": "80", - "tcp.port": "49768", - "tcp.stream": "107", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "24", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "14600", - "tcp.window_size": "14600", - "tcp.checksum": "0x00004874", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2212", - "tcp.analysis.ack_rtt": "0.012734000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:03.726670000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494223.726670000", - "frame.time_delta": "0.005266000", - "frame.time_delta_displayed": "0.005266000", - "frame.time_relative": "632.265984000", - "frame.number": "2214", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000101c", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x00007709", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "52.9.63.129", - "ip.addr": "52.9.63.129", - "ip.dst_host": "52.9.63.129", - "ip.host": "52.9.63.129", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49768", - "tcp.dstport": "80", - "tcp.port": "49768", - "tcp.port": "80", - "tcp.stream": "107", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5600", - "tcp.window_size": "5600", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00008359", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2213", - "tcp.analysis.ack_rtt": "0.005266000", - "tcp.analysis.initial_rtt": "0.018000000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:03.745782000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494223.745782000", - "frame.time_delta": "0.019112000", - "frame.time_delta_displayed": "0.019112000", - "frame.time_relative": "632.285096000", - "frame.number": "2215", - "frame.len": "69", - "frame.cap_len": "69", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "55", - "ip.id": "0x0000101d", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x000076f9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "52.9.63.129", - "ip.addr": "52.9.63.129", - "ip.dst_host": "52.9.63.129", - "ip.host": "52.9.63.129", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49768", - "tcp.dstport": "80", - "tcp.port": "49768", - "tcp.port": "80", - "tcp.stream": "107", - "tcp.len": "15", - "tcp.seq": "1", - "tcp.nxtseq": "16", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5600", - "tcp.window_size": "5600", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000cbd4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.018000000", - "tcp.analysis.bytes_in_flight": "15", - "tcp.analysis.push_bytes_sent": "15" - }, - "tcp.segment_data": "47:45:54:20:2f:73:75:62:73:63:72:69:62:65:2f" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:03.758378000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494223.758378000", - "frame.time_delta": "0.012596000", - "frame.time_delta_displayed": "0.012596000", - "frame.time_relative": "632.297692000", - "frame.number": "2216", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000916d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "46", - "ip.proto": "6", - "ip.checksum": "0x000086b8", - "ip.checksum.status": "2", - "ip.src": "52.9.63.129", - "ip.addr": "52.9.63.129", - "ip.src_host": "52.9.63.129", - "ip.host": "52.9.63.129", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.src_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.src_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.src_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49768", - "tcp.port": "80", - "tcp.port": "49768", - "tcp.stream": "107", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "16", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "14600", - "tcp.window_size": "14600", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00006022", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2215", - "tcp.analysis.ack_rtt": "0.012596000", - "tcp.analysis.initial_rtt": "0.018000000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:03.763495000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494223.763495000", - "frame.time_delta": "0.005117000", - "frame.time_delta_displayed": "0.005117000", - "frame.time_relative": "632.302809000", - "frame.number": "2217", - "frame.len": "296", - "frame.cap_len": "296", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "282", - "ip.id": "0x0000101e", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x00007615", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "52.9.63.129", - "ip.addr": "52.9.63.129", - "ip.dst_host": "52.9.63.129", - "ip.host": "52.9.63.129", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49768", - "tcp.dstport": "80", - "tcp.port": "49768", - "tcp.port": "80", - "tcp.stream": "107", - "tcp.len": "242", - "tcp.seq": "16", - "tcp.nxtseq": "258", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5600", - "tcp.window_size": "5600", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00001167", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.018000000", - "tcp.analysis.bytes_in_flight": "242", - "tcp.analysis.push_bytes_sent": "242" - }, - "tcp.segment_data": "73:75:62:2d:63:2d:62:35:62:35:65:61:61:65:2d:38:63:64:39:2d:31:31:65:33:2d:61:35:36:62:2d:30:32:65:65:32:64:64:61:62:37:66:65:2f:63:68:61:6e:6e:65:6c:5f:39:62:63:34:31:61:63:34:2d:37:39:61:36:2d:34:35:65:31:2d:39:37:64:32:2d:34:62:30:65:31:64:62:65:35:39:32:33:2f:30:2f:31:35:30:39:34:39:33:33:35:37:31:33:30:36:39:31:37:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:70:75:62:73:75:62:2e:70:75:62:6e:75:62:2e:63:6f:6d:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:6c:77:73:6f:63:6b:65:74:73:2f:30:2e:31:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:6b:65:65:70:2d:61:6c:69:76:65:0d:0a:43:61:63:68:65:2d:43:6f:6e:74:72:6f:6c:3a:20:6e:6f:2d:63:61:63:68:65:2c:20:6e:6f:2d:73:74:6f:72:65:2c:20:6d:61:78:2d:61:67:65:3d:30:0d:0a:0d:0a" - }, - "tcp.segments": { - "tcp.segment": "2215", - "tcp.segment": "2217", - "tcp.segment.count": "2", - "tcp.reassembled.length": "257", - "tcp.reassembled.data": "47:45:54:20:2f:73:75:62:73:63:72:69:62:65:2f:73:75:62:2d:63:2d:62:35:62:35:65:61:61:65:2d:38:63:64:39:2d:31:31:65:33:2d:61:35:36:62:2d:30:32:65:65:32:64:64:61:62:37:66:65:2f:63:68:61:6e:6e:65:6c:5f:39:62:63:34:31:61:63:34:2d:37:39:61:36:2d:34:35:65:31:2d:39:37:64:32:2d:34:62:30:65:31:64:62:65:35:39:32:33:2f:30:2f:31:35:30:39:34:39:33:33:35:37:31:33:30:36:39:31:37:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:70:75:62:73:75:62:2e:70:75:62:6e:75:62:2e:63:6f:6d:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:6c:77:73:6f:63:6b:65:74:73:2f:30:2e:31:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:6b:65:65:70:2d:61:6c:69:76:65:0d:0a:43:61:63:68:65:2d:43:6f:6e:74:72:6f:6c:3a:20:6e:6f:2d:63:61:63:68:65:2c:20:6e:6f:2d:73:74:6f:72:65:2c:20:6d:61:78:2d:61:67:65:3d:30:0d:0a:0d:0a" - }, - "http": { - "GET \/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094933571306917 HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094933571306917 HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094933571306917", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "pubsub.pubnub.com", - "http.request.line": "Host: pubsub.pubnub.com\r\n", - "http.user_agent": "lwsockets\/0.1", - "http.request.line": "User-Agent: lwsockets\/0.1\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.cache_control": "no-cache, no-store, max-age=0", - "http.request.line": "Cache-Control: no-cache, no-store, max-age=0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/pubsub.pubnub.com\/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094933571306917", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:03.776776000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494223.776776000", - "frame.time_delta": "0.013281000", - "frame.time_delta_displayed": "0.013281000", - "frame.time_relative": "632.316090000", - "frame.number": "2218", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000916e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "46", - "ip.proto": "6", - "ip.checksum": "0x000086b7", - "ip.checksum.status": "2", - "ip.src": "52.9.63.129", - "ip.addr": "52.9.63.129", - "ip.src_host": "52.9.63.129", - "ip.host": "52.9.63.129", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.src_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.src_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.src_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49768", - "tcp.port": "80", - "tcp.port": "49768", - "tcp.stream": "107", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "258", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "15544", - "tcp.window_size": "15544", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00005b80", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2217", - "tcp.analysis.ack_rtt": "0.013281000", - "tcp.analysis.initial_rtt": "0.018000000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:04.104406000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494224.104406000", - "frame.time_delta": "0.327630000", - "frame.time_delta_displayed": "0.327630000", - "frame.time_relative": "632.643720000", - "frame.number": "2219", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x00008cfd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00003c5a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:04.157211000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494224.157211000", - "frame.time_delta": "0.052805000", - "frame.time_delta_displayed": "0.052805000", - "frame.time_relative": "632.696525000", - "frame.number": "2220", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x00008d00", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00003c57", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:04.210257000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494224.210257000", - "frame.time_delta": "0.053046000", - "frame.time_delta_displayed": "0.053046000", - "frame.time_relative": "632.749571000", - "frame.number": "2221", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x00008d02", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00003c4c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:04.263177000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494224.263177000", - "frame.time_delta": "0.052920000", - "frame.time_delta_displayed": "0.052920000", - "frame.time_relative": "632.802491000", - "frame.number": "2222", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x00008d06", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00003c48", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:04.316053000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494224.316053000", - "frame.time_delta": "0.052876000", - "frame.time_delta_displayed": "0.052876000", - "frame.time_relative": "632.855367000", - "frame.number": "2223", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x00008d09", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00003c4b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:04.368902000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494224.368902000", - "frame.time_delta": "0.052849000", - "frame.time_delta_displayed": "0.052849000", - "frame.time_relative": "632.908216000", - "frame.number": "2224", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x00008d0e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00003c46", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:04.400457000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494224.400457000", - "frame.time_delta": "0.031555000", - "frame.time_delta_displayed": "0.031555000", - "frame.time_relative": "632.939771000", - "frame.number": "2225", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000057e8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a6a9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "201", - "tcp.ack": "181", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00000543", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive": "", - "_ws.expert.message": "TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:04.543549000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494224.543549000", - "frame.time_delta": "0.143092000", - "frame.time_delta_displayed": "0.143092000", - "frame.time_relative": "633.082863000", - "frame.number": "2226", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000fd8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fdb9", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "181", - "tcp.ack": "202", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00000fb8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive_ack": "", - "_ws.expert.message": "ACK to a TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:06.280367000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494226.280367000", - "frame.time_delta": "1.736818000", - "frame.time_delta_displayed": "1.736818000", - "frame.time_relative": "634.819681000", - "frame.number": "2227", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005be8", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x00005c01", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:07.361773000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494227.361773000", - "frame.time_delta": "1.081406000", - "frame.time_delta_displayed": "1.081406000", - "frame.time_relative": "635.901087000", - "frame.number": "2228", - "frame.len": "130", - "frame.cap_len": "130", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "116", - "ip.id": "0x00000aac", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ede4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "96", - "udp.checksum": "0x0000612a", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:29:c4:27:1f:5b:00:cd:f2:14:6b:00:00:00:52:a0:21:21:33:33:34:21:00:00:00:00:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", - "data.len": "88" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:07.650256000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494227.650256000", - "frame.time_delta": "0.288483000", - "frame.time_delta_displayed": "0.288483000", - "frame.time_relative": "636.189570000", - "frame.number": "2229", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.120" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:07.656205000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494227.656205000", - "frame.time_delta": "0.005949000", - "frame.time_delta_displayed": "0.005949000", - "frame.time_relative": "636.195519000", - "frame.number": "2230", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "e4:95:6e:b0:20:39", - "arp.src.proto_ipv4": "192.168.0.120", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:07.739912000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494227.739912000", - "frame.time_delta": "0.083707000", - "frame.time_delta_displayed": "0.083707000", - "frame.time_relative": "636.279226000", - "frame.number": "2231", - "frame.len": "20", - "frame.cap_len": "20", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:llc" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.len": "6" - }, - "llc": { - "llc.dsap": "0x00000000", - "llc.dsap_tree": { - "llc.dsap.sap": "0", - "llc.dsap.ig": "0" - }, - "llc.ssap": "0x00000001", - "llc.ssap_tree": { - "llc.ssap.sap": "0", - "llc.ssap.cr": "1" - }, - "llc.control": "0x000000af", - "llc.control_tree": { - "llc.control.u_modifier_resp": "0x0000002b", - "llc.control.ftype": "0x00000003" - } - }, - "basicxid": { - "basicxid.llc.xid.format": "0x00000081", - "basicxid.llc.xid.types": "0x00000001", - "basicxid.llc.xid.wsize": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:07.992182000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494227.992182000", - "frame.time_delta": "0.252270000", - "frame.time_delta_displayed": "0.252270000", - "frame.time_relative": "636.531496000", - "frame.number": "2232", - "frame.len": "350", - "frame.cap_len": "350", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:bootp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "336", - "ip.id": "0x00000000", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ba9d", - "ip.checksum.status": "2", - "ip.src": "0.0.0.0", - "ip.addr": "0.0.0.0", - "ip.src_host": "0.0.0.0", - "ip.host": "0.0.0.0", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "68", - "udp.dstport": "67", - "udp.port": "68", - "udp.port": "67", - "udp.length": "316", - "udp.checksum": "0x00004f9e", - "udp.checksum.status": "2", - "udp.stream": "3" - }, - "bootp": { - "bootp.type": "1", - "bootp.hw.type": "0x00000001", - "bootp.hw.len": "6", - "bootp.hops": "0", - "bootp.id": "0xabcd0001", - "bootp.secs": "0", - "bootp.flags": "0x00000000", - "bootp.flags_tree": { - "bootp.flags.bc": "0", - "bootp.flags.reserved": "0x00000000" - }, - "bootp.ip.client": "0.0.0.0", - "bootp.ip.your": "0.0.0.0", - "bootp.ip.server": "0.0.0.0", - "bootp.ip.relay": "0.0.0.0", - "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", - "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", - "bootp.server": "", - "bootp.file": "", - "bootp.dhcp": "1", - "bootp.cookie": "99.130.83.99", - "bootp.option.type": "53", - "bootp.option.type_tree": { - "bootp.option.length": "1", - "bootp.option.value": "01", - "bootp.option.dhcp": "1" - }, - "bootp.option.type": "12", - "bootp.option.type_tree": { - "bootp.option.length": "14", - "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", - "bootp.option.hostname": "USR-WIFI232-G2" - }, - "bootp.option.type": "57", - "bootp.option.type_tree": { - "bootp.option.length": "2", - "bootp.option.value": "05:dc", - "bootp.option.dhcp_max_message_size": "1500" - }, - "bootp.option.type": "55", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "01:03:1c:06", - "bootp.option.request_list_item": "1", - "bootp.option.request_list_item": "3", - "bootp.option.request_list_item": "28", - "bootp.option.request_list_item": "6" - }, - "bootp.option.type": "0", - "bootp.option.type_tree": { - "bootp.option.end": "255" - }, - "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:08.008592000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494228.008592000", - "frame.time_delta": "0.016410000", - "frame.time_delta_displayed": "0.016410000", - "frame.time_relative": "636.547906000", - "frame.number": "2233", - "frame.len": "350", - "frame.cap_len": "350", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:bootp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "336", - "ip.id": "0x00000001", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ba9c", - "ip.checksum.status": "2", - "ip.src": "0.0.0.0", - "ip.addr": "0.0.0.0", - "ip.src_host": "0.0.0.0", - "ip.host": "0.0.0.0", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "68", - "udp.dstport": "67", - "udp.port": "68", - "udp.port": "67", - "udp.length": "316", - "udp.checksum": "0x000080b3", - "udp.checksum.status": "2", - "udp.stream": "3" - }, - "bootp": { - "bootp.type": "1", - "bootp.hw.type": "0x00000001", - "bootp.hw.len": "6", - "bootp.hops": "0", - "bootp.id": "0xabcd0002", - "bootp.secs": "0", - "bootp.flags": "0x00000000", - "bootp.flags_tree": { - "bootp.flags.bc": "0", - "bootp.flags.reserved": "0x00000000" - }, - "bootp.ip.client": "0.0.0.0", - "bootp.ip.your": "0.0.0.0", - "bootp.ip.server": "0.0.0.0", - "bootp.ip.relay": "0.0.0.0", - "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", - "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", - "bootp.server": "", - "bootp.file": "", - "bootp.dhcp": "1", - "bootp.cookie": "99.130.83.99", - "bootp.option.type": "53", - "bootp.option.type_tree": { - "bootp.option.length": "1", - "bootp.option.value": "03", - "bootp.option.dhcp": "3" - }, - "bootp.option.type": "12", - "bootp.option.type_tree": { - "bootp.option.length": "14", - "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", - "bootp.option.hostname": "USR-WIFI232-G2" - }, - "bootp.option.type": "57", - "bootp.option.type_tree": { - "bootp.option.length": "2", - "bootp.option.value": "05:dc", - "bootp.option.dhcp_max_message_size": "1500" - }, - "bootp.option.type": "50", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "c0:a8:00:72", - "bootp.option.requested_ip_address": "192.168.0.114" - }, - "bootp.option.type": "54", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "c0:a8:00:01", - "bootp.option.dhcp_server_id": "192.168.0.1" - }, - "bootp.option.type": "55", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "01:03:1c:06", - "bootp.option.request_list_item": "1", - "bootp.option.request_list_item": "3", - "bootp.option.request_list_item": "28", - "bootp.option.request_list_item": "6" - }, - "bootp.option.type": "0", - "bootp.option.type_tree": { - "bootp.option.end": "255" - }, - "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:08.038728000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494228.038728000", - "frame.time_delta": "0.030136000", - "frame.time_delta_displayed": "0.030136000", - "frame.time_relative": "636.578042000", - "frame.number": "2234", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", - "arp.src.proto_ipv4": "0.0.0.0", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.114" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:08.115216000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494228.115216000", - "frame.time_delta": "0.076488000", - "frame.time_delta_displayed": "0.076488000", - "frame.time_relative": "636.654530000", - "frame.number": "2235", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", - "arp.src.proto_ipv4": "0.0.0.0", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.114" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:09.410375000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494229.410375000", - "frame.time_delta": "1.295159000", - "frame.time_delta_displayed": "1.295159000", - "frame.time_relative": "637.949689000", - "frame.number": "2236", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "00:17:88:69:ee:e4", - "arp.src.proto_ipv4": "192.168.0.160", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:09.410499000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494229.410499000", - "frame.time_delta": "0.000124000", - "frame.time_delta_displayed": "0.000124000", - "frame.time_relative": "637.949813000", - "frame.number": "2237", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:17:88:69:ee:e4", - "arp.dst.proto_ipv4": "192.168.0.160" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:10.213739000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494230.213739000", - "frame.time_delta": "0.803240000", - "frame.time_delta_displayed": "0.803240000", - "frame.time_relative": "638.753053000", - "frame.number": "2238", - "frame.len": "80", - "frame.cap_len": "80", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "66", - "ip.id": "0x00000aae", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ee14", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "46", - "udp.checksum": "0x0000e8eb", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "26:00:00:54:42:52:4b:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:00:44:b4:fe:04:01:cd:f2:14:6f:00:00:00:af:0b", - "data.len": "38" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:13.203781000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494233.203781000", - "frame.time_delta": "2.990042000", - "frame.time_delta_displayed": "2.990042000", - "frame.time_relative": "641.743095000", - "frame.number": "2239", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", - "arp.src.proto_ipv4": "192.168.0.114", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:20.582571000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494240.582571000", - "frame.time_delta": "7.378790000", - "frame.time_delta_displayed": "7.378790000", - "frame.time_relative": "649.121885000", - "frame.number": "2240", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d79", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000ba77", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00001196", - "udp.checksum.status": "2", - "udp.stream": "16" - }, - "mdns": { - "dns.id": "0x0000026c", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=620", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:20.583133000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494240.583133000", - "frame.time_delta": "0.000562000", - "frame.time_delta_displayed": "0.000562000", - "frame.time_relative": "649.122447000", - "frame.number": "2241", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d7a", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009b72", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f291", - "udp.checksum.status": "2", - "udp.stream": "17" - }, - "mdns": { - "dns.id": "0x0000026c", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=620", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:20.583691000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494240.583691000", - "frame.time_delta": "0.000558000", - "frame.time_delta_displayed": "0.000558000", - "frame.time_relative": "649.123005000", - "frame.number": "2242", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1319", - "udp.dstport": "5353", - "udp.port": "1319", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00008057", - "udp.checksum.status": "2", - "udp.stream": "18" - }, - "mdns": { - "dns.id": "0x0000026c", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=620", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:25.582843000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494245.582843000", - "frame.time_delta": "4.999152000", - "frame.time_delta_displayed": "4.999152000", - "frame.time_relative": "654.122157000", - "frame.number": "2243", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d7b", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000ba75", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00001196", - "udp.checksum.status": "2", - "udp.stream": "16" - }, - "mdns": { - "dns.id": "0x0000026c", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=620", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:25.583410000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494245.583410000", - "frame.time_delta": "0.000567000", - "frame.time_delta_displayed": "0.000567000", - "frame.time_relative": "654.122724000", - "frame.number": "2244", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d7c", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009b70", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f291", - "udp.checksum.status": "2", - "udp.stream": "17" - }, - "mdns": { - "dns.id": "0x0000026c", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=620", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:25.583981000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494245.583981000", - "frame.time_delta": "0.000571000", - "frame.time_delta_displayed": "0.000571000", - "frame.time_relative": "654.123295000", - "frame.number": "2245", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1319", - "udp.dstport": "5353", - "udp.port": "1319", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00008057", - "udp.checksum.status": "2", - "udp.stream": "18" - }, - "mdns": { - "dns.id": "0x0000026c", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=620", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:26.087384000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494246.087384000", - "frame.time_delta": "0.503403000", - "frame.time_delta_displayed": "0.503403000", - "frame.time_relative": "654.626698000", - "frame.number": "2246", - "frame.len": "264", - "frame.cap_len": "264", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "250", - "ip.id": "0x00002c19", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038a0", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "198", - "tcp.seq": "1739", - "tcp.nxtseq": "1937", - "tcp.ack": "10192", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000fced", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9d:7a:9e:00:25:a4:fe", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812115614, TSecr 2467070": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812115614", - "tcp.options.timestamp.tsecr": "2467070" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "198", - "tcp.analysis.push_bytes_sent": "198" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "193", - "ssl.app_data": "34:cd:34:17:47:48:0e:49:bf:1a:db:bc:03:a7:77:09:8e:d5:38:bc:43:4e:5c:da:54:e2:1d:17:a2:20:40:ee:d9:22:29:06:21:3e:55:c5:10:59:66:a9:fc:b7:6b:2d:23:6b:c6:9b:3b:ff:a1:f8:1e:14:05:3e:e8:59:fd:63:7e:33:8f:1e:86:3e:05:a9:3d:8d:b6:c4:af:ad:88:d6:cd:84:b3:89:19:e1:a9:1d:1b:78:21:a1:e5:34:5e:1a:45:b4:21:03:cf:eb:ad:07:de:ea:12:40:ac:b2:04:a3:98:a4:f6:a4:c7:09:15:28:a4:e3:30:42:3a:86:f8:c4:c1:08:e6:c4:14:39:86:bf:a1:94:32:0f:cd:1f:61:70:70:40:5e:6f:1e:9d:7d:e9:d5:d9:74:e8:3d:44:2d:eb:9b:d4:d4:27:10:cc:09:9f:b6:fb:a1:d3:2d:07:4b:2b:4f:b6:d2:7e:84:e6:f6:2e:81:bd:0f:69:44:9c:20:67:04" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:26.087891000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494246.087891000", - "frame.time_delta": "0.000507000", - "frame.time_delta_displayed": "0.000507000", - "frame.time_relative": "654.627205000", - "frame.number": "2247", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000952c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007853", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "10192", - "tcp.ack": "1937", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00004cfc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:b0:a4:a7:9d:7a:9e", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2470052, TSecr 2812115614": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2470052", - "tcp.options.timestamp.tsecr": "2812115614" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2246", - "tcp.analysis.ack_rtt": "0.000507000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:26.094415000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494246.094415000", - "frame.time_delta": "0.006524000", - "frame.time_delta_displayed": "0.006524000", - "frame.time_relative": "654.633729000", - "frame.number": "2248", - "frame.len": "119", - "frame.cap_len": "119", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "105", - "ip.id": "0x0000952d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000781d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "53", - "tcp.seq": "10192", - "tcp.nxtseq": "10245", - "tcp.ack": "1937", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00008fb1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:b0:a5:a7:9d:7a:9e", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2470053, TSecr 2812115614": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2470053", - "tcp.options.timestamp.tsecr": "2812115614" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "53", - "tcp.analysis.push_bytes_sent": "53" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "48", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:bd:d0:07:ec:85:0f:c3:a8:23:8a:32:a6:a7:04:d7:54:da:9d:46:43:ee:f7:fd:ba:c5:1e:c3:36:07:96:2e:17:68:e7:69:34:7a:e4:d8:56:e3" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:26.194342000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494246.194342000", - "frame.time_delta": "0.099927000", - "frame.time_delta_displayed": "0.099927000", - "frame.time_relative": "654.733656000", - "frame.number": "2249", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c1a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003965", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "1937", - "tcp.ack": "10245", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00004d9a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9d:7a:b9:00:25:b0:a5", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812115641, TSecr 2470053": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812115641", - "tcp.options.timestamp.tsecr": "2470053" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2248", - "tcp.analysis.ack_rtt": "0.099927000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:26.194968000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494246.194968000", - "frame.time_delta": "0.000626000", - "frame.time_delta_displayed": "0.000626000", - "frame.time_relative": "654.734282000", - "frame.number": "2250", - "frame.len": "1442", - "frame.cap_len": "1442", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1428", - "ip.id": "0x0000952e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000072f1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "1376", - "tcp.seq": "10245", - "tcp.nxtseq": "11621", - "tcp.ack": "1937", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00007bd5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:b0:af:a7:9d:7a:b9", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2470063, TSecr 2812115641": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2470063", - "tcp.options.timestamp.tsecr": "2812115641" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "1376", - "tcp.analysis.push_bytes_sent": "1376" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:be:2c:32:6a:f7:3c:b7:28:cb:b9:37:ea:54:ab:46:24:99:20:a7:ed:f6:60:71:e8:eb:21:77:21:e1:57:94:28:f9:b7:42:1f:4f:e4:f1:9f:2f:06" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "96", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:bf:9d:0f:32:a7:c1:8b:2e:99:c0:f4:9c:87:3e:63:01:d2:f8:e7:16:27:71:6f:82:92:d8:ad:70:0f:86:ab:fc:9c:57:64:46:c4:21:b8:65:b4:d3:9f:f8:c2:92:40:fd:ac:1c:b2:b6:ef:20:d8:c9:d2:b1:81:58:3f:f9:99:be:a9:b9:68:01:06:26:5f:45:6a:d2:d6:38:8d:0c:5b:b4:85:1c:70:05:e5:d8:de:66:8b" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "1078", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:c0:0a:39:3a:53:2b:55:d5:19:5b:b8:0f:73:ea:b9:1f:d1:8c:d0:20:65:46:68:88:b4:c0:df:98:c4:7e:65:a7:5c:d5:d5:e3:5b:27:47:dc:f9:af:3f:58:d3:65:fe:c2:46:97:db:25:e6:ae:c2:13:5b:d6:21:df:d2:53:42:20:a9:83:84:90:78:4f:9b:3a:10:07:1d:69:dc:e4:12:63:ba:2f:c6:67:c3:5d:dc:e4:8a:48:c3:2f:29:a3:5f:b9:8d:cd:ed:89:20:54:7c:20:c5:b0:63:f2:27:24:23:fc:1e:b6:d1:3f:91:2e:9f:af:0b:a8:2e:96:14:ce:19:2d:bd:25:21:83:cf:80:4a:0e:a3:93:c6:12:6d:9e:c8:79:52:f4:dc:34:d1:81:66:24:37:fe:80:18:4a:44:6c:e6:4b:9f:83:30:da:a6:03:54:99:fa:8e:d5:59:3a:df:e2:d2:88:c2:7f:90:fe:82:88:53:02:d6:4b:b4:8e:9d:9c:06:34:a0:c4:e3:0a:ff:e5:bb:e0:82:f5:2c:2f:c7:7a:e4:2c:18:c2:bf:79:9e:2a:33:95:a3:6a:05:3b:05:a9:88:06:54:c8:7f:96:62:5d:ea:27:88:67:5b:ed:8c:53:b9:30:64:c4:84:7e:2f:93:9e:93:77:a7:27:0a:36:60:ab:4e:c9:db:03:48:a5:96:67:eb:e8:4c:a5:64:7d:0f:78:c7:8a:77:49:b0:cf:c3:45:6b:1a:e7:f5:f9:a1:0f:30:30:77:9c:11:6e:13:bb:63:8c:e6:eb:93:22:11:14:9c:0e:11:fe:ef:d9:58:39:80:36:ee:65:a1:a2:d7:78:d2:d4:98:03:4a:0e:43:d6:6f:0c:67:ef:99:fd:28:1d:3a:ce:0c:a3:fb:48:8a:fe:d9:f8:c4:17:f0:92:85:80:09:64:54:f3:c7:f5:29:d5:9a:7a:bd:5f:c4:5b:dd:98:ed:72:6d:98:0f:f4:4d:71:32:db:f3:52:fb:43:bc:17:fc:c5:a3:bf:0c:f9:d0:bf:68:cb:5e:a1:2f:83:8d:c5:5a:c1:d9:f4:c4:c6:0b:52:3b:ed:00:ed:be:7c:0e:e8:5b:c5:30:12:11:0e:f9:1d:85:a9:fe:43:d7:00:58:22:cf:db:58:ba:4b:d9:fa:68:d2:c6:a5:bd:e0:68:38:cb:f9:fd:69:48:3f:c0:39:77:94:85:50:a5:f2:7f:1d:88:ca:37:fc:15:9d:45:0d:f9:45:78:52:ad:4a:66:a1:ed:69:ca:3c:97:a6:76:70:82:bb:7d:f5:bf:13:cf:7b:bd:4f:6e:7d:59:41:13:23:0c:d0:6b:34:ce:f4:f9:34:d0:ce:85:de:1c:7e:5a:ad:4d:22:a3:10:96:00:1f:54:33:1f:4e:e8:b5:e5:ff:b5:1b:89:bc:21:03:37:96:0d:6e:88:13:92:ce:6f:3b:90:e8:9c:1b:2c:88:71:08:03:6f:98:36:47:34:86:a4:5e:2d:82:92:2b:4e:2d:af:10:96:b9:3e:45:83:6e:69:55:3b:d5:3b:01:e1:52:97:eb:c0:37:2c:34:e8:2b:d2:51:c4:8e:ff:89:47:8d:8a:ce:ff:55:cd:c6:e2:22:c7:53:c9:33:f5:a6:29:df:ee:c9:dc:90:a1:c1:fa:80:e3:aa:34:9e:ed:d9:d8:8f:b4:a5:34:f2:6f:40:3c:d2:bf:fb:cc:8e:f8:26:b3:3e:f5:38:08:89:2f:a3:e2:94:42:7b:a3:08:58:fa:54:fe:da:6a:86:18:cb:a7:0a:0c:f2:d9:67:9c:51:48:7a:bb:73:b4:c6:ab:c3:eb:96:ef:50:2c:cb:00:3a:00:f5:75:51:de:45:b1:21:79:34:c0:cb:50:73:e5:92:5c:f8:a3:84:6b:03:b0:40:5c:68:a0:a0:15:d2:94:91:2b:bf:fe:b7:d1:2f:ae:ac:39:1c:4c:ef:65:a2:66:de:ee:9f:6c:d1:7d:8b:ff:a5:65:e3:4d:87:55:ec:cf:57:93:8e:0c:ce:ee:03:6f:81:79:31:f9:47:4c:21:e5:c1:c1:eb:e0:83:a1:8a:13:aa:ed:c9:df:15:74:12:ae:1d:67:8a:6e:02:45:44:d4:7d:72:b7:a6:4d:88:52:6f:9b:67:05:fe:14:aa:49:3a:cc:2f:56:04:c7:14:d2:2c:26:68:e7:d4:f7:5c:50:0b:71:83:4a:e9:b3:93:ec:26:15:45:58:f8:19:b2:cf:10:c9:01:ee:38:df:dd:e0:a9:b2:ba:91:f4:d3:cf:b7:fc:47:4b:95:b6:8b:e7:e9:30:af:00:c9:75:ae:01:5d:27:d4:3a:46:f8:11:03:19:fd:28:e9:de:d2:d5:a6:fb:79:a0:06:51:49:8e:9e:9c:e6:05:25:a8:6d:74:c7:12:b4:40:9b:a8:31:b9:82:19:44:07:ad:3e:83:0a:5d:61:db:49:b3:80:a8:ee:bb:5d:cc:ad:b3:57:80:e5:8f:a4:6d:8f:a2:ba:60:cb:15:aa:d2:9c:52:93:6f:57:0f:8b:0b:bc:11:02:b7:ca:d3:84:0c:2e:51:e2:f9:e7:e8:d2:7e:bb:26:7a:91:cb:d0:07:87:48:34:5c:2d:43:a8:c5:7d:d0:ba:3b:94:ed:6f:a9:02:cb:c5:55:26:f3:95:b1:8f:2c:09:66:ab:b6:f9:78:07:bd:64:b6:7b:b7:ee:1a:0a:a4:e6:26:3f:8d:89:eb:5e:a1:ac:5b:bd:72:22:34:23:78:7a:98:44:33:44:b3:f2:d4:97:a7:c6:74:e7:ef:1c:bc:32:95:37:07:6c:c3:30:b2:36:96:46:33:9e" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "133", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:c1:eb:74:d3:0e:f4:5d:9b:21:5f:32:80:15:b0:6e:a3:a1:b4:2c:71:9a:3e:22:c7:fd:04:f8:ef:90:9f:ae:8f:09:8c:12:d8:65:94:36:97:a7:4e:62:8f:c9:ba:9c:df:cb:02:25:4d:7e:30:18:20:e4:b8:5f:19:dc:a2:39:60:ee:a9:2b:67:15:5e:6f:46:b4:8f:fc:f5:34:8b:ec:23:a8:ac:70:45:cb:27:eb:ea:57:d6:b7:39:07:8e:25:17:af:0d:c1:47:83:ab:38:bf:b1:5d:f9:a4:71:21:a6:5c:3c:67:38:ca:e3:5d:fa:98:e8:4c:7a:b2:0d:fc" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:26.255126000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494246.255126000", - "frame.time_delta": "0.060158000", - "frame.time_delta_displayed": "0.060158000", - "frame.time_relative": "654.794440000", - "frame.number": "2251", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c1b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003964", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "1937", - "tcp.ack": "11621", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00004821", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9d:7a:c8:00:25:b0:af", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812115656, TSecr 2470063": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812115656", - "tcp.options.timestamp.tsecr": "2470063" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2250", - "tcp.analysis.ack_rtt": "0.060158000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:26.511699000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494246.511699000", - "frame.time_delta": "0.256573000", - "frame.time_delta_displayed": "0.256573000", - "frame.time_relative": "655.051013000", - "frame.number": "2252", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "106", - "ip.id": "0x0000952f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000781a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "54", - "tcp.seq": "11621", - "tcp.nxtseq": "11675", - "tcp.ack": "1937", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000c63b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:b0:ce:a7:9d:7a:c8", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2470094, TSecr 2812115656": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2470094", - "tcp.options.timestamp.tsecr": "2812115656" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "54", - "tcp.analysis.push_bytes_sent": "54" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:c2:c6:54:eb:45:7b:46:4f:d6:e5:3b:8e:50:8a:6a:98:10:2e:84:8b:e6:24:34:af:f5:bb:f5:87:10:e0:3e:00:dc:c6:bb:3d:8b:83:29:90:d1:9c" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:26.571835000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494246.571835000", - "frame.time_delta": "0.060136000", - "frame.time_delta_displayed": "0.060136000", - "frame.time_relative": "655.111149000", - "frame.number": "2253", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c1c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003963", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "1937", - "tcp.ack": "11675", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000477d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9d:7b:17:00:25:b0:ce", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812115735, TSecr 2470094": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812115735", - "tcp.options.timestamp.tsecr": "2470094" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2252", - "tcp.analysis.ack_rtt": "0.060136000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:28.854768000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494248.854768000", - "frame.time_delta": "2.282933000", - "frame.time_delta_displayed": "2.282933000", - "frame.time_relative": "657.394082000", - "frame.number": "2254", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "3c:ef:8c:6f:79:5a", - "eth.src_tree": { - "eth.src_resolved": "Zhejiang_6f:79:5a", - "eth.addr": "3c:ef:8c:6f:79:5a", - "eth.addr_resolved": "Zhejiang_6f:79:5a", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.isgratuitous": "1", - "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", - "arp.src.proto_ipv4": "192.168.0.71", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.71" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:30.440778000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494250.440778000", - "frame.time_delta": "1.586010000", - "frame.time_delta_displayed": "1.586010000", - "frame.time_relative": "658.980092000", - "frame.number": "2255", - "frame.len": "168", - "frame.cap_len": "168", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "154", - "ip.id": "0x000020e7", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e75d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "52117", - "udp.dstport": "1900", - "udp.port": "52117", - "udp.port": "1900", - "udp.length": "134", - "udp.checksum": "0x00004d48", - "udp.checksum.status": "2", - "udp.stream": "10" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "6", - "http.prev_request_in": "1993" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:30.583098000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494250.583098000", - "frame.time_delta": "0.142320000", - "frame.time_delta_displayed": "0.142320000", - "frame.time_relative": "659.122412000", - "frame.number": "2256", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d7d", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000ba73", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00001196", - "udp.checksum.status": "2", - "udp.stream": "16" - }, - "mdns": { - "dns.id": "0x0000026c", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=620", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:30.583667000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494250.583667000", - "frame.time_delta": "0.000569000", - "frame.time_delta_displayed": "0.000569000", - "frame.time_relative": "659.122981000", - "frame.number": "2257", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d7e", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009b6e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f291", - "udp.checksum.status": "2", - "udp.stream": "17" - }, - "mdns": { - "dns.id": "0x0000026c", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=620", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:30.584265000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494250.584265000", - "frame.time_delta": "0.000598000", - "frame.time_delta_displayed": "0.000598000", - "frame.time_relative": "659.123579000", - "frame.number": "2258", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1319", - "udp.dstport": "5353", - "udp.port": "1319", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00008057", - "udp.checksum.status": "2", - "udp.stream": "18" - }, - "mdns": { - "dns.id": "0x0000026c", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=620", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:30.834217000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494250.834217000", - "frame.time_delta": "0.249952000", - "frame.time_delta_displayed": "0.249952000", - "frame.time_relative": "659.373531000", - "frame.number": "2259", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00005f95", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000057b6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "305", - "udp.checksum": "0x0000f985", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "31", - "http.prev_response_in": "2057" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:30.837453000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494250.837453000", - "frame.time_delta": "0.003236000", - "frame.time_delta_displayed": "0.003236000", - "frame.time_relative": "659.376767000", - "frame.number": "2260", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000197e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005ee9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54569", - "tcp.dstport": "80", - "tcp.port": "54569", - "tcp.port": "80", - "tcp.stream": "108", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x000067d4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:30.837991000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494250.837991000", - "frame.time_delta": "0.000538000", - "frame.time_delta_displayed": "0.000538000", - "frame.time_relative": "659.377305000", - "frame.number": "2261", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54569", - "tcp.port": "80", - "tcp.port": "54569", - "tcp.stream": "108", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00005d4b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2260", - "tcp.analysis.ack_rtt": "0.000538000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:30.841239000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494250.841239000", - "frame.time_delta": "0.003248000", - "frame.time_delta_displayed": "0.003248000", - "frame.time_relative": "659.380553000", - "frame.number": "2262", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000197f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005ef4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54569", - "tcp.dstport": "80", - "tcp.port": "54569", - "tcp.port": "80", - "tcp.stream": "108", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00000f2a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2261", - "tcp.analysis.ack_rtt": "0.003248000", - "tcp.analysis.initial_rtt": "0.003786000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:30.841924000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494250.841924000", - "frame.time_delta": "0.000685000", - "frame.time_delta_displayed": "0.000685000", - "frame.time_relative": "659.381238000", - "frame.number": "2263", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001980", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005e4c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54569", - "tcp.dstport": "80", - "tcp.port": "54569", - "tcp.port": "80", - "tcp.stream": "108", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000024a3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003786000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:30.842408000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494250.842408000", - "frame.time_delta": "0.000484000", - "frame.time_delta_displayed": "0.000484000", - "frame.time_relative": "659.381722000", - "frame.number": "2264", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d97d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000def5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54569", - "tcp.port": "80", - "tcp.port": "54569", - "tcp.stream": "108", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000000bb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2263", - "tcp.analysis.ack_rtt": "0.000484000", - "tcp.analysis.initial_rtt": "0.003786000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:30.842980000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494250.842980000", - "frame.time_delta": "0.000572000", - "frame.time_delta_displayed": "0.000572000", - "frame.time_relative": "659.382294000", - "frame.number": "2265", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000d97e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000dee3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54569", - "tcp.port": "80", - "tcp.port": "54569", - "tcp.stream": "108", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000040dc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003786000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:30.843335000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494250.843335000", - "frame.time_delta": "0.000355000", - "frame.time_delta_displayed": "0.000355000", - "frame.time_relative": "659.382649000", - "frame.number": "2266", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000d97f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000db10", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54569", - "tcp.port": "80", - "tcp.port": "54569", - "tcp.stream": "108", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00009345", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003786000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "2265", - "tcp.segment": "2266", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001411000", - "http.request_in": "2263", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:30.845584000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494250.845584000", - "frame.time_delta": "0.002249000", - "frame.time_delta_displayed": "0.002249000", - "frame.time_relative": "659.384898000", - "frame.number": "2267", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001981", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005ef2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54569", - "tcp.dstport": "80", - "tcp.port": "54569", - "tcp.port": "80", - "tcp.stream": "108", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00000a92", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2266", - "tcp.analysis.ack_rtt": "0.002249000", - "tcp.analysis.initial_rtt": "0.003786000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:30.846237000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494250.846237000", - "frame.time_delta": "0.000653000", - "frame.time_delta_displayed": "0.000653000", - "frame.time_relative": "659.385551000", - "frame.number": "2268", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001982", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005ef1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54569", - "tcp.dstport": "80", - "tcp.port": "54569", - "tcp.port": "80", - "tcp.stream": "108", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00000a91", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:30.846666000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494250.846666000", - "frame.time_delta": "0.000429000", - "frame.time_delta_displayed": "0.000429000", - "frame.time_relative": "659.385980000", - "frame.number": "2269", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000010b4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a7bf", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54569", - "tcp.port": "80", - "tcp.port": "54569", - "tcp.stream": "108", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000fcc4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2268", - "tcp.analysis.ack_rtt": "0.000429000", - "tcp.analysis.initial_rtt": "0.003786000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:30.887115000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494250.887115000", - "frame.time_delta": "0.040449000", - "frame.time_delta_displayed": "0.040449000", - "frame.time_relative": "659.426429000", - "frame.number": "2270", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00005f98", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000057aa", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "314", - "udp.checksum": "0x00000771", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "32", - "http.prev_response_in": "2259" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:30.896970000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494250.896970000", - "frame.time_delta": "0.009855000", - "frame.time_delta_displayed": "0.009855000", - "frame.time_relative": "659.436284000", - "frame.number": "2271", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001983", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005ee4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54570", - "tcp.dstport": "80", - "tcp.port": "54570", - "tcp.port": "80", - "tcp.stream": "109", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x0000a947", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:30.897532000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494250.897532000", - "frame.time_delta": "0.000562000", - "frame.time_delta_displayed": "0.000562000", - "frame.time_relative": "659.436846000", - "frame.number": "2272", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54570", - "tcp.port": "80", - "tcp.port": "54570", - "tcp.stream": "109", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000c3d1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2271", - "tcp.analysis.ack_rtt": "0.000562000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:30.900872000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494250.900872000", - "frame.time_delta": "0.003340000", - "frame.time_delta_displayed": "0.003340000", - "frame.time_relative": "659.440186000", - "frame.number": "2273", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001984", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005eef", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54570", - "tcp.dstport": "80", - "tcp.port": "54570", - "tcp.port": "80", - "tcp.stream": "109", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000075b0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2272", - "tcp.analysis.ack_rtt": "0.003340000", - "tcp.analysis.initial_rtt": "0.003902000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:30.901541000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494250.901541000", - "frame.time_delta": "0.000669000", - "frame.time_delta_displayed": "0.000669000", - "frame.time_relative": "659.440855000", - "frame.number": "2274", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001985", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005e47", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54570", - "tcp.dstport": "80", - "tcp.port": "54570", - "tcp.port": "80", - "tcp.stream": "109", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00008b29", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003902000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:30.902018000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494250.902018000", - "frame.time_delta": "0.000477000", - "frame.time_delta_displayed": "0.000477000", - "frame.time_relative": "659.441332000", - "frame.number": "2275", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001344", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a52f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54570", - "tcp.port": "80", - "tcp.port": "54570", - "tcp.stream": "109", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00006741", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2274", - "tcp.analysis.ack_rtt": "0.000477000", - "tcp.analysis.initial_rtt": "0.003902000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:30.902676000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494250.902676000", - "frame.time_delta": "0.000658000", - "frame.time_delta_displayed": "0.000658000", - "frame.time_relative": "659.441990000", - "frame.number": "2276", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00001345", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a51d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54570", - "tcp.port": "80", - "tcp.port": "54570", - "tcp.stream": "109", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000a762", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003902000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:30.903054000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494250.903054000", - "frame.time_delta": "0.000378000", - "frame.time_delta_displayed": "0.000378000", - "frame.time_relative": "659.442368000", - "frame.number": "2277", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00001346", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a14a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54570", - "tcp.port": "80", - "tcp.port": "54570", - "tcp.stream": "109", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000f9cb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003902000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "2276", - "tcp.segment": "2277", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001513000", - "http.request_in": "2274", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:30.906208000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494250.906208000", - "frame.time_delta": "0.003154000", - "frame.time_delta_displayed": "0.003154000", - "frame.time_relative": "659.445522000", - "frame.number": "2278", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001986", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005eed", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54570", - "tcp.dstport": "80", - "tcp.port": "54570", - "tcp.port": "80", - "tcp.stream": "109", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00007118", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2277", - "tcp.analysis.ack_rtt": "0.003154000", - "tcp.analysis.initial_rtt": "0.003902000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:30.906817000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494250.906817000", - "frame.time_delta": "0.000609000", - "frame.time_delta_displayed": "0.000609000", - "frame.time_relative": "659.446131000", - "frame.number": "2279", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001987", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005eec", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54570", - "tcp.dstport": "80", - "tcp.port": "54570", - "tcp.port": "80", - "tcp.stream": "109", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00007117", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:30.907246000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494250.907246000", - "frame.time_delta": "0.000429000", - "frame.time_delta_displayed": "0.000429000", - "frame.time_relative": "659.446560000", - "frame.number": "2280", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000010b5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a7be", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54570", - "tcp.port": "80", - "tcp.port": "54570", - "tcp.stream": "109", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000634b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2279", - "tcp.analysis.ack_rtt": "0.000429000", - "tcp.analysis.initial_rtt": "0.003902000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:30.940240000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494250.940240000", - "frame.time_delta": "0.032994000", - "frame.time_delta_displayed": "0.032994000", - "frame.time_relative": "659.479554000", - "frame.number": "2281", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00005f9c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000057ac", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "308", - "udp.checksum": "0x00002afb", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "33", - "http.prev_response_in": "2270" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:30.943871000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494250.943871000", - "frame.time_delta": "0.003631000", - "frame.time_delta_displayed": "0.003631000", - "frame.time_relative": "659.483185000", - "frame.number": "2282", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001988", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005edf", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54571", - "tcp.dstport": "80", - "tcp.port": "54571", - "tcp.port": "80", - "tcp.stream": "110", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x0000c705", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:30.944406000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494250.944406000", - "frame.time_delta": "0.000535000", - "frame.time_delta_displayed": "0.000535000", - "frame.time_relative": "659.483720000", - "frame.number": "2283", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54571", - "tcp.port": "80", - "tcp.port": "54571", - "tcp.stream": "110", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000f3ce", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2282", - "tcp.analysis.ack_rtt": "0.000535000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:30.947350000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494250.947350000", - "frame.time_delta": "0.002944000", - "frame.time_delta_displayed": "0.002944000", - "frame.time_relative": "659.486664000", - "frame.number": "2284", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001989", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005eea", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54571", - "tcp.dstport": "80", - "tcp.port": "54571", - "tcp.port": "80", - "tcp.stream": "110", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000a5ad", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2283", - "tcp.analysis.ack_rtt": "0.002944000", - "tcp.analysis.initial_rtt": "0.003479000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:30.948041000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494250.948041000", - "frame.time_delta": "0.000691000", - "frame.time_delta_displayed": "0.000691000", - "frame.time_relative": "659.487355000", - "frame.number": "2285", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x0000198a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005e42", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54571", - "tcp.dstport": "80", - "tcp.port": "54571", - "tcp.port": "80", - "tcp.stream": "110", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000bb26", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003479000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:30.948529000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494250.948529000", - "frame.time_delta": "0.000488000", - "frame.time_delta_displayed": "0.000488000", - "frame.time_relative": "659.487843000", - "frame.number": "2286", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00008aed", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00002d86", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54571", - "tcp.port": "80", - "tcp.port": "54571", - "tcp.stream": "110", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000973e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2285", - "tcp.analysis.ack_rtt": "0.000488000", - "tcp.analysis.initial_rtt": "0.003479000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:30.949120000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494250.949120000", - "frame.time_delta": "0.000591000", - "frame.time_delta_displayed": "0.000591000", - "frame.time_relative": "659.488434000", - "frame.number": "2287", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00008aee", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00002d74", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54571", - "tcp.port": "80", - "tcp.port": "54571", - "tcp.stream": "110", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000d75f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003479000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:30.949549000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494250.949549000", - "frame.time_delta": "0.000429000", - "frame.time_delta_displayed": "0.000429000", - "frame.time_relative": "659.488863000", - "frame.number": "2288", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00008aef", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000029a1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54571", - "tcp.port": "80", - "tcp.port": "54571", - "tcp.stream": "110", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000029c9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003479000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "2287", - "tcp.segment": "2288", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001508000", - "http.request_in": "2285", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:30.950486000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494250.950486000", - "frame.time_delta": "0.000937000", - "frame.time_delta_displayed": "0.000937000", - "frame.time_relative": "659.489800000", - "frame.number": "2289", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00008af0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000029a0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54571", - "tcp.port": "80", - "tcp.port": "54571", - "tcp.stream": "110", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000029c9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003479000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.out_of_order": "", - "_ws.expert.message": "This frame is a (suspected) out-of-order segment", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - } - } - }, - "_ws.malformed": { - "_ws.expert": { - "_ws.malformed.reassembly": "", - "_ws.expert.message": "New fragment overlaps old data (retransmission?)", - "_ws.expert.severity": "8388608", - "_ws.expert.group": "117440512" - }, - "_ws.malformed": "Malformed Packet" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:30.956188000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494250.956188000", - "frame.time_delta": "0.005702000", - "frame.time_delta_displayed": "0.005702000", - "frame.time_relative": "659.495502000", - "frame.number": "2290", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000198b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005edc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54571", - "tcp.dstport": "80", - "tcp.port": "54571", - "tcp.port": "80", - "tcp.stream": "110", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000aee0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:05:0a:5d:6a:fe:b2:5d:6b:02:95", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "SACK: 18-1013": { - "tcp.option_kind": "5", - "tcp.option_len": "10", - "tcp.options.sack": "1", - "tcp.options.sack_le": "18", - "tcp.options.sack_re": "1013", - "tcp.options.sack.count": "1" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2288", - "tcp.analysis.ack_rtt": "0.006639000", - "tcp.analysis.initial_rtt": "0.003479000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:30.956772000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494250.956772000", - "frame.time_delta": "0.000584000", - "frame.time_delta_displayed": "0.000584000", - "frame.time_relative": "659.496086000", - "frame.number": "2291", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000198c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005ee7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54571", - "tcp.dstport": "80", - "tcp.port": "54571", - "tcp.port": "80", - "tcp.stream": "110", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000a114", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:30.957203000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494250.957203000", - "frame.time_delta": "0.000431000", - "frame.time_delta_displayed": "0.000431000", - "frame.time_relative": "659.496517000", - "frame.number": "2292", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000010b8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a7bb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54571", - "tcp.port": "80", - "tcp.port": "54571", - "tcp.stream": "110", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00009348", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2291", - "tcp.analysis.ack_rtt": "0.000431000", - "tcp.analysis.initial_rtt": "0.003479000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:31.886896000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494251.886896000", - "frame.time_delta": "0.929693000", - "frame.time_delta_displayed": "0.929693000", - "frame.time_relative": "660.426210000", - "frame.number": "2293", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00005ff0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000575b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "305", - "udp.checksum": "0x0000f985", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "34", - "http.prev_response_in": "2281" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:31.890183000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494251.890183000", - "frame.time_delta": "0.003287000", - "frame.time_delta_displayed": "0.003287000", - "frame.time_relative": "660.429497000", - "frame.number": "2294", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000198e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005ed9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54572", - "tcp.dstport": "80", - "tcp.port": "54572", - "tcp.port": "80", - "tcp.stream": "111", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x00000753", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:31.890729000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494251.890729000", - "frame.time_delta": "0.000546000", - "frame.time_delta_displayed": "0.000546000", - "frame.time_relative": "660.430043000", - "frame.number": "2295", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54572", - "tcp.port": "80", - "tcp.port": "54572", - "tcp.stream": "111", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00008be5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2294", - "tcp.analysis.ack_rtt": "0.000546000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:31.893841000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494251.893841000", - "frame.time_delta": "0.003112000", - "frame.time_delta_displayed": "0.003112000", - "frame.time_relative": "660.433155000", - "frame.number": "2296", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000198f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005ee4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54572", - "tcp.dstport": "80", - "tcp.port": "54572", - "tcp.port": "80", - "tcp.stream": "111", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00003dc4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2295", - "tcp.analysis.ack_rtt": "0.003112000", - "tcp.analysis.initial_rtt": "0.003658000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:31.894523000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494251.894523000", - "frame.time_delta": "0.000682000", - "frame.time_delta_displayed": "0.000682000", - "frame.time_relative": "660.433837000", - "frame.number": "2297", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001990", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005e3c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54572", - "tcp.dstport": "80", - "tcp.port": "54572", - "tcp.port": "80", - "tcp.stream": "111", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000533d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003658000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:31.895047000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494251.895047000", - "frame.time_delta": "0.000524000", - "frame.time_delta_displayed": "0.000524000", - "frame.time_relative": "660.434361000", - "frame.number": "2298", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000b5d5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000029e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54572", - "tcp.port": "80", - "tcp.port": "54572", - "tcp.stream": "111", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00002f55", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2297", - "tcp.analysis.ack_rtt": "0.000524000", - "tcp.analysis.initial_rtt": "0.003658000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:31.895618000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494251.895618000", - "frame.time_delta": "0.000571000", - "frame.time_delta_displayed": "0.000571000", - "frame.time_relative": "660.434932000", - "frame.number": "2299", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000b5d6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000028c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54572", - "tcp.port": "80", - "tcp.port": "54572", - "tcp.stream": "111", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00006f76", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003658000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:31.895968000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494251.895968000", - "frame.time_delta": "0.000350000", - "frame.time_delta_displayed": "0.000350000", - "frame.time_relative": "660.435282000", - "frame.number": "2300", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000b5d7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000feb8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54572", - "tcp.port": "80", - "tcp.port": "54572", - "tcp.stream": "111", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000c1df", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003658000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "2299", - "tcp.segment": "2300", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001445000", - "http.request_in": "2297", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:31.899014000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494251.899014000", - "frame.time_delta": "0.003046000", - "frame.time_delta_displayed": "0.003046000", - "frame.time_relative": "660.438328000", - "frame.number": "2301", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001991", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005ee2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54572", - "tcp.dstport": "80", - "tcp.port": "54572", - "tcp.port": "80", - "tcp.stream": "111", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000392c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2300", - "tcp.analysis.ack_rtt": "0.003046000", - "tcp.analysis.initial_rtt": "0.003658000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:31.899683000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494251.899683000", - "frame.time_delta": "0.000669000", - "frame.time_delta_displayed": "0.000669000", - "frame.time_relative": "660.438997000", - "frame.number": "2302", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001992", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005ee1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54572", - "tcp.dstport": "80", - "tcp.port": "54572", - "tcp.port": "80", - "tcp.stream": "111", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000392b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:31.900217000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494251.900217000", - "frame.time_delta": "0.000534000", - "frame.time_delta_displayed": "0.000534000", - "frame.time_relative": "660.439531000", - "frame.number": "2303", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000010ff", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a774", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54572", - "tcp.port": "80", - "tcp.port": "54572", - "tcp.stream": "111", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00002b5f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2302", - "tcp.analysis.ack_rtt": "0.000534000", - "tcp.analysis.initial_rtt": "0.003658000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:31.939752000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494251.939752000", - "frame.time_delta": "0.039535000", - "frame.time_delta_displayed": "0.039535000", - "frame.time_relative": "660.479066000", - "frame.number": "2304", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00005ff5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000574d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "314", - "udp.checksum": "0x00000771", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "35", - "http.prev_response_in": "2293" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:31.951067000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494251.951067000", - "frame.time_delta": "0.011315000", - "frame.time_delta_displayed": "0.011315000", - "frame.time_relative": "660.490381000", - "frame.number": "2305", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001993", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005ed4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54573", - "tcp.dstport": "80", - "tcp.port": "54573", - "tcp.port": "80", - "tcp.stream": "112", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x0000f5f1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:31.951618000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494251.951618000", - "frame.time_delta": "0.000551000", - "frame.time_delta_displayed": "0.000551000", - "frame.time_relative": "660.490932000", - "frame.number": "2306", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54573", - "tcp.port": "80", - "tcp.port": "54573", - "tcp.stream": "112", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00006e1f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2305", - "tcp.analysis.ack_rtt": "0.000551000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:31.955238000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494251.955238000", - "frame.time_delta": "0.003620000", - "frame.time_delta_displayed": "0.003620000", - "frame.time_relative": "660.494552000", - "frame.number": "2307", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001994", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005edf", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54573", - "tcp.dstport": "80", - "tcp.port": "54573", - "tcp.port": "80", - "tcp.stream": "112", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00001ffe", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2306", - "tcp.analysis.ack_rtt": "0.003620000", - "tcp.analysis.initial_rtt": "0.004171000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:31.956391000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494251.956391000", - "frame.time_delta": "0.001153000", - "frame.time_delta_displayed": "0.001153000", - "frame.time_relative": "660.495705000", - "frame.number": "2308", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001995", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005e37", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54573", - "tcp.dstport": "80", - "tcp.port": "54573", - "tcp.port": "80", - "tcp.stream": "112", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00003577", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004171000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:31.956883000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494251.956883000", - "frame.time_delta": "0.000492000", - "frame.time_delta_displayed": "0.000492000", - "frame.time_relative": "660.496197000", - "frame.number": "2309", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d5a2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e2d0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54573", - "tcp.port": "80", - "tcp.port": "54573", - "tcp.stream": "112", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000118f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2308", - "tcp.analysis.ack_rtt": "0.000492000", - "tcp.analysis.initial_rtt": "0.004171000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:31.957452000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494251.957452000", - "frame.time_delta": "0.000569000", - "frame.time_delta_displayed": "0.000569000", - "frame.time_relative": "660.496766000", - "frame.number": "2310", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000d5a3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e2be", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54573", - "tcp.port": "80", - "tcp.port": "54573", - "tcp.stream": "112", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000051b0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004171000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:31.957948000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494251.957948000", - "frame.time_delta": "0.000496000", - "frame.time_delta_displayed": "0.000496000", - "frame.time_relative": "660.497262000", - "frame.number": "2311", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000d5a4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000deeb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54573", - "tcp.port": "80", - "tcp.port": "54573", - "tcp.stream": "112", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000a419", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004171000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "2310", - "tcp.segment": "2311", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001557000", - "http.request_in": "2308", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:31.960508000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494251.960508000", - "frame.time_delta": "0.002560000", - "frame.time_delta_displayed": "0.002560000", - "frame.time_relative": "660.499822000", - "frame.number": "2312", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000d5a5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000deea", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54573", - "tcp.port": "80", - "tcp.port": "54573", - "tcp.stream": "112", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000a419", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004171000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.out_of_order": "", - "_ws.expert.message": "This frame is a (suspected) out-of-order segment", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - } - } - }, - "_ws.malformed": { - "_ws.expert": { - "_ws.malformed.reassembly": "", - "_ws.expert.message": "New fragment overlaps old data (retransmission?)", - "_ws.expert.severity": "8388608", - "_ws.expert.group": "117440512" - }, - "_ws.malformed": "Malformed Packet" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:31.963460000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494251.963460000", - "frame.time_delta": "0.002952000", - "frame.time_delta_displayed": "0.002952000", - "frame.time_relative": "660.502774000", - "frame.number": "2313", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001996", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005edd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54573", - "tcp.dstport": "80", - "tcp.port": "54573", - "tcp.port": "80", - "tcp.stream": "112", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00001b66", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2311", - "tcp.analysis.ack_rtt": "0.005512000", - "tcp.analysis.initial_rtt": "0.004171000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:31.964024000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494251.964024000", - "frame.time_delta": "0.000564000", - "frame.time_delta_displayed": "0.000564000", - "frame.time_relative": "660.503338000", - "frame.number": "2314", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001997", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005edc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54573", - "tcp.dstport": "80", - "tcp.port": "54573", - "tcp.port": "80", - "tcp.stream": "112", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00001b65", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:31.964522000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494251.964522000", - "frame.time_delta": "0.000498000", - "frame.time_delta_displayed": "0.000498000", - "frame.time_relative": "660.503836000", - "frame.number": "2315", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001100", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a773", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54573", - "tcp.port": "80", - "tcp.port": "54573", - "tcp.stream": "112", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00000d99", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2314", - "tcp.analysis.ack_rtt": "0.000498000", - "tcp.analysis.initial_rtt": "0.004171000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:31.965086000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494251.965086000", - "frame.time_delta": "0.000564000", - "frame.time_delta_displayed": "0.000564000", - "frame.time_relative": "660.504400000", - "frame.number": "2316", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001998", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005ecf", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54573", - "tcp.dstport": "80", - "tcp.port": "54573", - "tcp.port": "80", - "tcp.stream": "112", - "tcp.len": "0", - "tcp.seq": "169", - "tcp.ack": "1014", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000bff8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:05:0a:6f:94:a1:24:6f:94:a5:07", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "SACK: 18-1013": { - "tcp.option_kind": "5", - "tcp.option_len": "10", - "tcp.options.sack": "1", - "tcp.options.sack_le": "18", - "tcp.options.sack_re": "1013", - "tcp.options.sack.count": "1" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004171000", - "tcp.analysis.flags": { - "tcp.analysis.duplicate_ack": "" - }, - "tcp.analysis.duplicate_ack_num": "1", - "tcp.analysis.duplicate_ack_frame": "2313", - "tcp.analysis.duplicate_ack_frame_tree": { - "_ws.expert": { - "tcp.analysis.duplicate_ack": "", - "_ws.expert.message": "Duplicate ACK (#1)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:31.992806000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494251.992806000", - "frame.time_delta": "0.027720000", - "frame.time_delta_displayed": "0.027720000", - "frame.time_relative": "660.532120000", - "frame.number": "2317", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00005ffa", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000574e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "308", - "udp.checksum": "0x00002afb", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "36", - "http.prev_response_in": "2304" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:32.020264000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494252.020264000", - "frame.time_delta": "0.027458000", - "frame.time_delta_displayed": "0.027458000", - "frame.time_relative": "660.559578000", - "frame.number": "2318", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001999", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005ece", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54574", - "tcp.dstport": "80", - "tcp.port": "54574", - "tcp.port": "80", - "tcp.stream": "113", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x0000dff1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:32.020796000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494252.020796000", - "frame.time_delta": "0.000532000", - "frame.time_delta_displayed": "0.000532000", - "frame.time_relative": "660.560110000", - "frame.number": "2319", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54574", - "tcp.port": "80", - "tcp.port": "54574", - "tcp.stream": "113", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000470e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2318", - "tcp.analysis.ack_rtt": "0.000532000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:32.026815000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494252.026815000", - "frame.time_delta": "0.006019000", - "frame.time_delta_displayed": "0.006019000", - "frame.time_relative": "660.566129000", - "frame.number": "2320", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000199a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005ed9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54574", - "tcp.dstport": "80", - "tcp.port": "54574", - "tcp.port": "80", - "tcp.stream": "113", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000f8ec", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2319", - "tcp.analysis.ack_rtt": "0.006019000", - "tcp.analysis.initial_rtt": "0.006551000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:32.027390000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494252.027390000", - "frame.time_delta": "0.000575000", - "frame.time_delta_displayed": "0.000575000", - "frame.time_relative": "660.566704000", - "frame.number": "2321", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x0000199b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005e31", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54574", - "tcp.dstport": "80", - "tcp.port": "54574", - "tcp.port": "80", - "tcp.stream": "113", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00000e66", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.006551000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:32.027866000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494252.027866000", - "frame.time_delta": "0.000476000", - "frame.time_delta_displayed": "0.000476000", - "frame.time_relative": "660.567180000", - "frame.number": "2322", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002178", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000096fb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54574", - "tcp.port": "80", - "tcp.port": "54574", - "tcp.stream": "113", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000ea7d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2321", - "tcp.analysis.ack_rtt": "0.000476000", - "tcp.analysis.initial_rtt": "0.006551000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:32.028432000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494252.028432000", - "frame.time_delta": "0.000566000", - "frame.time_delta_displayed": "0.000566000", - "frame.time_relative": "660.567746000", - "frame.number": "2323", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00002179", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000096e9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54574", - "tcp.port": "80", - "tcp.port": "54574", - "tcp.stream": "113", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00002a9f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.006551000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:32.028782000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494252.028782000", - "frame.time_delta": "0.000350000", - "frame.time_delta_displayed": "0.000350000", - "frame.time_relative": "660.568096000", - "frame.number": "2324", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000217a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009316", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54574", - "tcp.port": "80", - "tcp.port": "54574", - "tcp.stream": "113", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00007d08", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.006551000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "2323", - "tcp.segment": "2324", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001392000", - "http.request_in": "2321", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:32.030501000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494252.030501000", - "frame.time_delta": "0.001719000", - "frame.time_delta_displayed": "0.001719000", - "frame.time_relative": "660.569815000", - "frame.number": "2325", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000217b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009315", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54574", - "tcp.port": "80", - "tcp.port": "54574", - "tcp.stream": "113", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00007d08", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.006551000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.out_of_order": "", - "_ws.expert.message": "This frame is a (suspected) out-of-order segment", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - } - } - }, - "_ws.malformed": { - "_ws.expert": { - "_ws.malformed.reassembly": "", - "_ws.expert.message": "New fragment overlaps old data (retransmission?)", - "_ws.expert.severity": "8388608", - "_ws.expert.group": "117440512" - }, - "_ws.malformed": "Malformed Packet" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:32.031232000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494252.031232000", - "frame.time_delta": "0.000731000", - "frame.time_delta_displayed": "0.000731000", - "frame.time_relative": "660.570546000", - "frame.number": "2326", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000199c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005ed7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54574", - "tcp.dstport": "80", - "tcp.port": "54574", - "tcp.port": "80", - "tcp.stream": "113", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000f454", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2324", - "tcp.analysis.ack_rtt": "0.002450000", - "tcp.analysis.initial_rtt": "0.006551000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:32.031902000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494252.031902000", - "frame.time_delta": "0.000670000", - "frame.time_delta_displayed": "0.000670000", - "frame.time_relative": "660.571216000", - "frame.number": "2327", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000199d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005ed6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54574", - "tcp.dstport": "80", - "tcp.port": "54574", - "tcp.port": "80", - "tcp.stream": "113", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000f453", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:32.032326000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494252.032326000", - "frame.time_delta": "0.000424000", - "frame.time_delta_displayed": "0.000424000", - "frame.time_relative": "660.571640000", - "frame.number": "2328", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001101", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a772", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54574", - "tcp.port": "80", - "tcp.port": "54574", - "tcp.stream": "113", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000e687", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2327", - "tcp.analysis.ack_rtt": "0.000424000", - "tcp.analysis.initial_rtt": "0.006551000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:32.033781000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494252.033781000", - "frame.time_delta": "0.001455000", - "frame.time_delta_displayed": "0.001455000", - "frame.time_relative": "660.573095000", - "frame.number": "2329", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000199e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005ec9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54574", - "tcp.dstport": "80", - "tcp.port": "54574", - "tcp.port": "80", - "tcp.stream": "113", - "tcp.len": "0", - "tcp.seq": "169", - "tcp.ack": "1014", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000076c5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:05:0a:cb:f8:55:d1:cb:f8:59:b4", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "SACK: 18-1013": { - "tcp.option_kind": "5", - "tcp.option_len": "10", - "tcp.options.sack": "1", - "tcp.options.sack_le": "18", - "tcp.options.sack_re": "1013", - "tcp.options.sack.count": "1" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.006551000", - "tcp.analysis.flags": { - "tcp.analysis.duplicate_ack": "" - }, - "tcp.analysis.duplicate_ack_num": "1", - "tcp.analysis.duplicate_ack_frame": "2326", - "tcp.analysis.duplicate_ack_frame_tree": { - "_ws.expert": { - "tcp.analysis.duplicate_ack": "", - "_ws.expert.message": "Duplicate ACK (#1)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:34.540411000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494254.540411000", - "frame.time_delta": "2.506630000", - "frame.time_delta_displayed": "2.506630000", - "frame.time_relative": "663.079725000", - "frame.number": "2330", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000057e9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a6a8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "201", - "tcp.ack": "181", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00000543", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive": "", - "_ws.expert.message": "TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:34.683808000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494254.683808000", - "frame.time_delta": "0.143397000", - "frame.time_delta_displayed": "0.143397000", - "frame.time_relative": "663.223122000", - "frame.number": "2331", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000fd9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fdb8", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "181", - "tcp.ack": "202", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00000fb8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive_ack": "", - "_ws.expert.message": "ACK to a TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:36.326434000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494256.326434000", - "frame.time_delta": "1.642626000", - "frame.time_delta_displayed": "1.642626000", - "frame.time_relative": "664.865748000", - "frame.number": "2332", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005c0f", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x00005bda", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:36.684516000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494256.684516000", - "frame.time_delta": "0.358082000", - "frame.time_delta_displayed": "0.358082000", - "frame.time_relative": "665.223830000", - "frame.number": "2333", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x000020e8", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e72c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "60111", - "udp.dstport": "1900", - "udp.port": "60111", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x00005f8e", - "udp.checksum.status": "2", - "udp.stream": "43" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:36.783337000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494256.783337000", - "frame.time_delta": "0.098821000", - "frame.time_delta_displayed": "0.098821000", - "frame.time_relative": "665.322651000", - "frame.number": "2334", - "frame.len": "411", - "frame.cap_len": "411", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "397", - "ip.id": "0x00009530", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000076f6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "345", - "tcp.seq": "11675", - "tcp.nxtseq": "12020", - "tcp.ack": "1937", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00008f80", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:b4:d2:a7:9d:7b:17", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2471122, TSecr 2812115735": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2471122", - "tcp.options.timestamp.tsecr": "2812115735" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "345", - "tcp.analysis.push_bytes_sent": "345" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "340", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:c3:f8:87:6d:46:82:a2:9d:19:5b:26:67:6d:5e:a1:5c:fd:41:c3:46:d6:f3:5b:98:b1:db:70:31:97:4f:96:3c:55:a4:09:97:8f:2b:c5:72:1c:07:b0:9b:5b:0e:db:f6:7a:ab:fc:14:59:02:ea:b2:fd:95:0c:55:92:5e:e6:39:7f:d7:61:1c:3a:34:5d:be:ec:c7:1e:48:f2:5e:76:c8:e2:c0:0c:2b:97:bc:ed:4d:6d:a3:b8:e7:2c:1d:ca:b9:8a:df:e7:63:49:f0:2a:99:bd:b5:46:c8:f3:74:a8:aa:8b:ca:b1:41:67:10:0c:fa:85:e0:ba:1b:73:28:2e:0c:63:40:1f:0a:17:cd:8f:fe:29:64:fa:ec:f8:1f:b1:29:59:bc:8c:29:91:34:ff:7e:1c:b0:23:59:b9:a4:bc:64:cc:b9:b3:53:b5:26:88:bb:16:5e:17:bd:c4:18:58:8e:62:5a:8d:2c:69:6c:b7:93:32:9d:04:4e:77:45:0c:b1:a8:a9:5a:86:2b:1c:0c:f8:b0:ed:61:14:0f:82:99:d5:d4:f0:72:e2:5c:66:45:d2:41:64:09:e2:ce:5c:46:92:83:8a:65:98:f2:c4:a8:5c:25:66:ba:34:7d:6f:3d:12:df:1c:a4:a4:32:1a:d2:8e:49:40:75:e7:d4:d9:9e:17:53:bb:71:54:8c:51:c4:2e:c1:24:9c:da:d4:bc:e7:89:41:bf:f3:c4:57:bd:7c:1a:5e:51:64:77:cd:85:c9:1a:ee:90:ca:01:15:da:3e:4a:04:6c:dd:06:9e:d0:f9:a4:38:1f:2c:56:8b:f8:02:48:8e:c8:3e:21:d1:90:57:bb:fe:02:29:1f:10:bb:e2:c0:f3:ef:a2:41:70" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:36.843439000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494256.843439000", - "frame.time_delta": "0.060102000", - "frame.time_delta_displayed": "0.060102000", - "frame.time_relative": "665.382753000", - "frame.number": "2335", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c1d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003962", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "1937", - "tcp.ack": "12020", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00003818", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9d:85:1f:00:25:b4:d2", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812118303, TSecr 2471122": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812118303", - "tcp.options.timestamp.tsecr": "2471122" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2334", - "tcp.analysis.ack_rtt": "0.060102000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:36.852569000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494256.852569000", - "frame.time_delta": "0.009130000", - "frame.time_delta_displayed": "0.009130000", - "frame.time_relative": "665.391883000", - "frame.number": "2336", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002c1e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003932", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "1937", - "tcp.nxtseq": "1984", - "tcp.ack": "12020", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00000027", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9d:85:21:00:25:b4:d2", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812118305, TSecr 2471122": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812118305", - "tcp.options.timestamp.tsecr": "2471122" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:4a:ff:a2:28:4c:54:ba:2e:00:aa:57:90:17:70:51:ed:51:c4:35:22:d5:08:df:df:a0:f5:44:7d:09:66:77:4f:48:bc:27" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:36.891422000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494256.891422000", - "frame.time_delta": "0.038853000", - "frame.time_delta_displayed": "0.038853000", - "frame.time_relative": "665.430736000", - "frame.number": "2337", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00009531", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000784e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "12020", - "tcp.ack": "1984", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000036ed", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:b4:dd:a7:9d:85:21", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2471133, TSecr 2812118305": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2471133", - "tcp.options.timestamp.tsecr": "2812118305" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2336", - "tcp.analysis.ack_rtt": "0.038853000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:37.367145000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494257.367145000", - "frame.time_delta": "0.475723000", - "frame.time_delta_displayed": "0.475723000", - "frame.time_relative": "665.906459000", - "frame.number": "2338", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x000060be", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000568d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "60111", - "udp.port": "1900", - "udp.port": "60111", - "udp.length": "305", - "udp.checksum": "0x0000da4b", - "udp.checksum.status": "2", - "udp.stream": "44" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:37.420178000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494257.420178000", - "frame.time_delta": "0.053033000", - "frame.time_delta_displayed": "0.053033000", - "frame.time_relative": "665.959492000", - "frame.number": "2339", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x000060c2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00005680", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "60111", - "udp.port": "1900", - "udp.port": "60111", - "udp.length": "314", - "udp.checksum": "0x0000e836", - "udp.checksum.status": "2", - "udp.stream": "44" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "2", - "http.prev_response_in": "2338" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:37.477830000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494257.477830000", - "frame.time_delta": "0.057652000", - "frame.time_delta_displayed": "0.057652000", - "frame.time_relative": "666.017144000", - "frame.number": "2340", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x000060c4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00005684", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "60111", - "udp.port": "1900", - "udp.port": "60111", - "udp.length": "308", - "udp.checksum": "0x00000bc1", - "udp.checksum.status": "2", - "udp.stream": "44" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "3", - "http.prev_response_in": "2339" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:37.685754000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494257.685754000", - "frame.time_delta": "0.207924000", - "frame.time_delta_displayed": "0.207924000", - "frame.time_relative": "666.225068000", - "frame.number": "2341", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x000020e9", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e72b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "60111", - "udp.dstport": "1900", - "udp.port": "60111", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x00005f8e", - "udp.checksum.status": "2", - "udp.stream": "43" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "2", - "http.prev_request_in": "2333" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:38.424412000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494258.424412000", - "frame.time_delta": "0.738658000", - "frame.time_delta_displayed": "0.738658000", - "frame.time_relative": "666.963726000", - "frame.number": "2342", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x000060ec", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000565f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "60111", - "udp.port": "1900", - "udp.port": "60111", - "udp.length": "305", - "udp.checksum": "0x0000da4b", - "udp.checksum.status": "2", - "udp.stream": "44" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "4", - "http.prev_response_in": "2340" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:38.477162000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494258.477162000", - "frame.time_delta": "0.052750000", - "frame.time_delta_displayed": "0.052750000", - "frame.time_relative": "667.016476000", - "frame.number": "2343", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x000060ee", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00005654", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "60111", - "udp.port": "1900", - "udp.port": "60111", - "udp.length": "314", - "udp.checksum": "0x0000e836", - "udp.checksum.status": "2", - "udp.stream": "44" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "5", - "http.prev_response_in": "2342" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:38.529959000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494258.529959000", - "frame.time_delta": "0.052797000", - "frame.time_delta_displayed": "0.052797000", - "frame.time_relative": "667.069273000", - "frame.number": "2344", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x000060f0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00005658", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "60111", - "udp.port": "1900", - "udp.port": "60111", - "udp.length": "308", - "udp.checksum": "0x00000bc1", - "udp.checksum.status": "2", - "udp.stream": "44" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "6", - "http.prev_response_in": "2343" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:38.686382000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494258.686382000", - "frame.time_delta": "0.156423000", - "frame.time_delta_displayed": "0.156423000", - "frame.time_relative": "667.225696000", - "frame.number": "2345", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x000020ea", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e72a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "60111", - "udp.dstport": "1900", - "udp.port": "60111", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x00005f8e", - "udp.checksum.status": "2", - "udp.stream": "43" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "3", - "http.prev_request_in": "2341" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:39.109162000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494259.109162000", - "frame.time_delta": "0.422780000", - "frame.time_delta_displayed": "0.422780000", - "frame.time_relative": "667.648476000", - "frame.number": "2346", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x000060f5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00005656", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "60111", - "udp.port": "1900", - "udp.port": "60111", - "udp.length": "305", - "udp.checksum": "0x0000da4b", - "udp.checksum.status": "2", - "udp.stream": "44" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "7", - "http.prev_response_in": "2344" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:39.161983000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494259.161983000", - "frame.time_delta": "0.052821000", - "frame.time_delta_displayed": "0.052821000", - "frame.time_relative": "667.701297000", - "frame.number": "2347", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x000060fb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00005647", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "60111", - "udp.port": "1900", - "udp.port": "60111", - "udp.length": "314", - "udp.checksum": "0x0000e836", - "udp.checksum.status": "2", - "udp.stream": "44" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "8", - "http.prev_response_in": "2346" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:39.214755000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494259.214755000", - "frame.time_delta": "0.052772000", - "frame.time_delta_displayed": "0.052772000", - "frame.time_relative": "667.754069000", - "frame.number": "2348", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00006100", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00005648", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "60111", - "udp.port": "1900", - "udp.port": "60111", - "udp.length": "308", - "udp.checksum": "0x00000bc1", - "udp.checksum.status": "2", - "udp.stream": "44" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "9", - "http.prev_response_in": "2347" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:39.686570000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494259.686570000", - "frame.time_delta": "0.471815000", - "frame.time_delta_displayed": "0.471815000", - "frame.time_relative": "668.225884000", - "frame.number": "2349", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x000020eb", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e729", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "60111", - "udp.dstport": "1900", - "udp.port": "60111", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x00005f8e", - "udp.checksum.status": "2", - "udp.stream": "43" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "4", - "http.prev_request_in": "2345" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:39.690056000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494259.690056000", - "frame.time_delta": "0.003486000", - "frame.time_delta_displayed": "0.003486000", - "frame.time_relative": "668.229370000", - "frame.number": "2350", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.160" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:39.690452000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494259.690452000", - "frame.time_delta": "0.000396000", - "frame.time_delta_displayed": "0.000396000", - "frame.time_relative": "668.229766000", - "frame.number": "2351", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "00:17:88:69:ee:e4", - "arp.src.proto_ipv4": "192.168.0.160", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:40.161235000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494260.161235000", - "frame.time_delta": "0.470783000", - "frame.time_delta_displayed": "0.470783000", - "frame.time_relative": "668.700549000", - "frame.number": "2352", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00006145", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00005606", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "60111", - "udp.port": "1900", - "udp.port": "60111", - "udp.length": "305", - "udp.checksum": "0x0000da4b", - "udp.checksum.status": "2", - "udp.stream": "44" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "10", - "http.prev_response_in": "2348" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:40.214042000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494260.214042000", - "frame.time_delta": "0.052807000", - "frame.time_delta_displayed": "0.052807000", - "frame.time_relative": "668.753356000", - "frame.number": "2353", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00006147", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000055fb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "60111", - "udp.port": "1900", - "udp.port": "60111", - "udp.length": "314", - "udp.checksum": "0x0000e836", - "udp.checksum.status": "2", - "udp.stream": "44" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "11", - "http.prev_response_in": "2352" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:40.266869000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494260.266869000", - "frame.time_delta": "0.052827000", - "frame.time_delta_displayed": "0.052827000", - "frame.time_relative": "668.806183000", - "frame.number": "2354", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000614b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000055fd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "60111", - "udp.port": "1900", - "udp.port": "60111", - "udp.length": "308", - "udp.checksum": "0x00000bc1", - "udp.checksum.status": "2", - "udp.stream": "44" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "12", - "http.prev_response_in": "2353" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:40.529914000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494260.529914000", - "frame.time_delta": "0.263045000", - "frame.time_delta_displayed": "0.263045000", - "frame.time_relative": "669.069228000", - "frame.number": "2355", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000615c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000055ef", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "60111", - "udp.port": "1900", - "udp.port": "60111", - "udp.length": "305", - "udp.checksum": "0x0000da4b", - "udp.checksum.status": "2", - "udp.stream": "44" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "13", - "http.prev_response_in": "2354" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:40.582782000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494260.582782000", - "frame.time_delta": "0.052868000", - "frame.time_delta_displayed": "0.052868000", - "frame.time_relative": "669.122096000", - "frame.number": "2356", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000615f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000055e3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "60111", - "udp.port": "1900", - "udp.port": "60111", - "udp.length": "314", - "udp.checksum": "0x0000e836", - "udp.checksum.status": "2", - "udp.stream": "44" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "14", - "http.prev_response_in": "2355" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:40.635511000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494260.635511000", - "frame.time_delta": "0.052729000", - "frame.time_delta_displayed": "0.052729000", - "frame.time_relative": "669.174825000", - "frame.number": "2357", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00006160", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000055e8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "60111", - "udp.port": "1900", - "udp.port": "60111", - "udp.length": "308", - "udp.checksum": "0x00000bc1", - "udp.checksum.status": "2", - "udp.stream": "44" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "15", - "http.prev_response_in": "2356" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:41.587183000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494261.587183000", - "frame.time_delta": "0.951672000", - "frame.time_delta_displayed": "0.951672000", - "frame.time_relative": "670.126497000", - "frame.number": "2358", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00006176", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000055d5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "60111", - "udp.port": "1900", - "udp.port": "60111", - "udp.length": "305", - "udp.checksum": "0x0000da4b", - "udp.checksum.status": "2", - "udp.stream": "44" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "16", - "http.prev_response_in": "2357" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:41.639942000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494261.639942000", - "frame.time_delta": "0.052759000", - "frame.time_delta_displayed": "0.052759000", - "frame.time_relative": "670.179256000", - "frame.number": "2359", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00006179", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000055c9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "60111", - "udp.port": "1900", - "udp.port": "60111", - "udp.length": "314", - "udp.checksum": "0x0000e836", - "udp.checksum.status": "2", - "udp.stream": "44" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "17", - "http.prev_response_in": "2358" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:41.692776000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494261.692776000", - "frame.time_delta": "0.052834000", - "frame.time_delta_displayed": "0.052834000", - "frame.time_relative": "670.232090000", - "frame.number": "2360", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000617f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000055c9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "60111", - "udp.port": "1900", - "udp.port": "60111", - "udp.length": "308", - "udp.checksum": "0x00000bc1", - "udp.checksum.status": "2", - "udp.stream": "44" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "18", - "http.prev_response_in": "2359" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:41.850227000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494261.850227000", - "frame.time_delta": "0.157451000", - "frame.time_delta_displayed": "0.157451000", - "frame.time_relative": "670.389541000", - "frame.number": "2361", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.242" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:41.850665000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494261.850665000", - "frame.time_delta": "0.000438000", - "frame.time_delta_displayed": "0.000438000", - "frame.time_relative": "670.389979000", - "frame.number": "2362", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "d0:52:a8:a3:60:0f", - "arp.src.proto_ipv4": "192.168.0.242", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:42.429221000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494262.429221000", - "frame.time_delta": "0.578556000", - "frame.time_delta_displayed": "0.578556000", - "frame.time_relative": "670.968535000", - "frame.number": "2363", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x000061bd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000558e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "60111", - "udp.port": "1900", - "udp.port": "60111", - "udp.length": "305", - "udp.checksum": "0x0000da4b", - "udp.checksum.status": "2", - "udp.stream": "44" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "19", - "http.prev_response_in": "2360" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:42.481990000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494262.481990000", - "frame.time_delta": "0.052769000", - "frame.time_delta_displayed": "0.052769000", - "frame.time_relative": "671.021304000", - "frame.number": "2364", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x000061c1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00005581", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "60111", - "udp.port": "1900", - "udp.port": "60111", - "udp.length": "314", - "udp.checksum": "0x0000e836", - "udp.checksum.status": "2", - "udp.stream": "44" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "20", - "http.prev_response_in": "2363" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:42.534908000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494262.534908000", - "frame.time_delta": "0.052918000", - "frame.time_delta_displayed": "0.052918000", - "frame.time_relative": "671.074222000", - "frame.number": "2365", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x000061c5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00005583", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "60111", - "udp.port": "1900", - "udp.port": "60111", - "udp.length": "308", - "udp.checksum": "0x00000bc1", - "udp.checksum.status": "2", - "udp.stream": "44" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "21", - "http.prev_response_in": "2364" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:43.486403000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494263.486403000", - "frame.time_delta": "0.951495000", - "frame.time_delta_displayed": "0.951495000", - "frame.time_relative": "672.025717000", - "frame.number": "2366", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00006221", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000552a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "60111", - "udp.port": "1900", - "udp.port": "60111", - "udp.length": "305", - "udp.checksum": "0x0000da4b", - "udp.checksum.status": "2", - "udp.stream": "44" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "22", - "http.prev_response_in": "2365" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:43.539242000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494263.539242000", - "frame.time_delta": "0.052839000", - "frame.time_delta_displayed": "0.052839000", - "frame.time_relative": "672.078556000", - "frame.number": "2367", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00006224", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000551e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "60111", - "udp.port": "1900", - "udp.port": "60111", - "udp.length": "314", - "udp.checksum": "0x0000e836", - "udp.checksum.status": "2", - "udp.stream": "44" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "23", - "http.prev_response_in": "2366" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:43.592070000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494263.592070000", - "frame.time_delta": "0.052828000", - "frame.time_delta_displayed": "0.052828000", - "frame.time_relative": "672.131384000", - "frame.number": "2368", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000622a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000551e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "60111", - "udp.port": "1900", - "udp.port": "60111", - "udp.length": "308", - "udp.checksum": "0x00000bc1", - "udp.checksum.status": "2", - "udp.stream": "44" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "24", - "http.prev_response_in": "2367" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:46.861759000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494266.861759000", - "frame.time_delta": "3.269689000", - "frame.time_delta_displayed": "3.269689000", - "frame.time_relative": "675.401073000", - "frame.number": "2369", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:igmp:igmp" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_16", - "eth.addr": "01:00:5e:00:00:16", - "eth.addr_resolved": "IPv4mcast_16", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "24", - "ip.dsfield": "0x000000c0", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "48", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "2", - "ip.checksum": "0x000042dc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.22", - "ip.addr": "224.0.0.22", - "ip.dst_host": "224.0.0.22", - "ip.host": "224.0.0.22", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "Options: (4 bytes), Router Alert": { - "Router Alert (4 bytes): Router shall examine packet (0)": { - "ip.opt.type": "148", - "ip.opt.type_tree": { - "ip.opt.type.copy": "1", - "ip.opt.type.class": "0", - "ip.opt.type.number": "20" - }, - "ip.opt.len": "4", - "ip.opt.ra": "0" - } - } - }, - "igmp": { - "igmp.version": "3", - "igmp.type": "0x00000022", - "igmp.reserved": "00", - "igmp.checksum": "0x0000f902", - "igmp.checksum.status": "1", - "igmp.reserved": "00:00", - "igmp.num_grp_recs": "1", - "Group Record : 224.0.0.251 Change To Exclude Mode": { - "igmp.record_type": "4", - "igmp.aux_data_len": "0", - "igmp.num_src": "0", - "igmp.maddr": "224.0.0.251" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:46.866935000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494266.866935000", - "frame.time_delta": "0.005176000", - "frame.time_delta_displayed": "0.005176000", - "frame.time_relative": "675.406249000", - "frame.number": "2370", - "frame.len": "136", - "frame.cap_len": "136", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "122", - "ip.id": "0x00001768", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000c1f1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "102", - "udp.checksum": "0x0000302b", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000001", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", - "dns.qry.name.len": "70", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:46.880488000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494266.880488000", - "frame.time_delta": "0.013553000", - "frame.time_delta_displayed": "0.013553000", - "frame.time_relative": "675.419802000", - "frame.number": "2371", - "frame.len": "136", - "frame.cap_len": "136", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "122", - "ip.id": "0x00001769", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000c1f0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "102", - "udp.checksum": "0x0000302b", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000001", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", - "dns.qry.name.len": "70", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:46.946945000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494266.946945000", - "frame.time_delta": "0.066457000", - "frame.time_delta_displayed": "0.066457000", - "frame.time_relative": "675.486259000", - "frame.number": "2372", - "frame.len": "62", - "frame.cap_len": "62", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_02", - "eth.addr": "33:33:00:00:00:02", - "eth.addr_resolved": "IPv6mcast_02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "8", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "::", - "ipv6.addr": "::", - "ipv6.src_host": "::", - "ipv6.host": "::", - "ipv6.dst": "ff02::2", - "ipv6.addr": "ff02::2", - "ipv6.dst_host": "ff02::2", - "ipv6.host": "ff02::2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "133", - "icmpv6.code": "0", - "icmpv6.checksum": "0x00007bb8", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:46.949657000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494266.949657000", - "frame.time_delta": "0.002712000", - "frame.time_delta_displayed": "0.002712000", - "frame.time_relative": "675.488971000", - "frame.number": "2373", - "frame.len": "174", - "frame.cap_len": "174", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:01", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01", - "eth.addr": "33:33:00:00:00:01", - "eth.addr_resolved": "IPv6mcast_01", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00016898", - "ipv6.plen": "120", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "fe80::b2b9:8aff:fe73:698e", - "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.dst": "ff02::1", - "ipv6.addr": "ff02::1", - "ipv6.dst_host": "ff02::1", - "ipv6.host": "ff02::1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "134", - "icmpv6.code": "0", - "icmpv6.checksum": "0x00006442", - "icmpv6.checksum.status": "1", - "icmpv6.nd.ra.cur_hop_limit": "64", - "icmpv6.nd.ra.flag": "0x000000c0", - "icmpv6.nd.ra.flag_tree": { - "icmpv6.nd.ra.flag.m": "1", - "icmpv6.nd.ra.flag.o": "1", - "icmpv6.nd.ra.flag.h": "0", - "icmpv6.nd.ra.flag.prf": "0", - "icmpv6.nd.ra.flag.p": "0", - "icmpv6.nd.ra.flag.rsv": "0" - }, - "icmpv6.nd.ra.router_lifetime": "0", - "icmpv6.nd.ra.reachable_time": "0", - "icmpv6.nd.ra.retrans_timer": "0", - "icmpv6.opt": { - "icmpv6.opt.type": "1", - "icmpv6.opt.length": "1", - "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", - "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "5", - "icmpv6.opt.length": "1", - "icmpv6.opt.reserved": "", - "icmpv6.opt.mtu": "1500" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "3", - "icmpv6.opt.length": "4", - "icmpv6.opt.prefix.length": "64", - "icmpv6.opt.prefix.flag": "0x000000c0", - "icmpv6.opt.prefix.flag_tree": { - "icmpv6.opt.prefix.flag.l": "1", - "icmpv6.opt.prefix.flag.a": "1", - "icmpv6.opt.prefix.flag.r": "0", - "icmpv6.opt.prefix.flag.reserved": "0" - }, - "icmpv6.opt.prefix.valid_lifetime": "4294967295", - "icmpv6.opt.prefix.preferred_lifetime": "4294967295", - "icmpv6.opt.reserved": "", - "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "24", - "icmpv6.opt.length": "3", - "icmpv6.opt.prefix.length": "48", - "icmpv6.opt.route_info.flag": "0x00000000", - "icmpv6.opt.route_info.flag_tree": { - "icmpv6.opt.route_info.flag.route_preference": "0", - "icmpv6.opt.route_info.flag.reserved": "0" - }, - "icmpv6.opt.route_lifetime": "4294967295", - "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "25", - "icmpv6.opt.length": "3", - "icmpv6.opt.reserved": "", - "icmpv6.opt.rdnss.lifetime": "6000", - "icmpv6.opt.rdnss": "fd1e:4e89:3b7b::1" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "7", - "icmpv6.opt.length": "1", - "icmpv6.opt.reserved": "", - "icmpv6.opt.advertisement_interval": "600000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:46.979510000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494266.979510000", - "frame.time_delta": "0.029853000", - "frame.time_delta_displayed": "0.029853000", - "frame.time_relative": "675.518824000", - "frame.number": "2374", - "frame.len": "150", - "frame.cap_len": "150", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "96", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000b490", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "4", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::fb" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:47.092543000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494267.092543000", - "frame.time_delta": "0.113033000", - "frame.time_delta_displayed": "0.113033000", - "frame.time_relative": "675.631857000", - "frame.number": "2375", - "frame.len": "83", - "frame.cap_len": "83", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "69", - "ip.id": "0x00001786", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000c208", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "49", - "udp.checksum": "0x0000edf6", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_smartthings._tcp.local", - "dns.qry.name.len": "23", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:47.092704000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494267.092704000", - "frame.time_delta": "0.000161000", - "frame.time_delta_displayed": "0.000161000", - "frame.time_relative": "675.632018000", - "frame.number": "2376", - "frame.len": "88", - "frame.cap_len": "88", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "74", - "ip.id": "0x00001787", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000c202", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "54", - "udp.checksum": "0x0000fd7d", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_services._dns-sd._udp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_services._dns-sd._udp.local", - "dns.qry.name.len": "28", - "dns.count.labels": "4", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:47.092863000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494267.092863000", - "frame.time_delta": "0.000159000", - "frame.time_delta_displayed": "0.000159000", - "frame.time_relative": "675.632177000", - "frame.number": "2377", - "frame.len": "83", - "frame.cap_len": "83", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "69", - "ip.id": "0x00001788", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000c206", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "49", - "udp.checksum": "0x0000edf6", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_smartthings._tcp.local", - "dns.qry.name.len": "23", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:47.099473000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494267.099473000", - "frame.time_delta": "0.006610000", - "frame.time_delta_displayed": "0.006610000", - "frame.time_relative": "675.638787000", - "frame.number": "2378", - "frame.len": "211", - "frame.cap_len": "211", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "197", - "ip.id": "0x00000323", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000d56e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "177", - "udp.checksum": "0x00009320", - "udp.checksum.status": "2", - "udp.stream": "45" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00008400", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "1", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.recavail": "0", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "0", - "dns.count.answers": "4", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Answers": { - "_smartthings._tcp.local: type PTR, class IN, D052A8A1D7EE0001._smartthings._tcp.local": { - "dns.resp.name": "_smartthings._tcp.local", - "dns.resp.type": "12", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "4500", - "dns.resp.len": "19", - "dns.ptr.domain_name": "D052A8A1D7EE0001._smartthings._tcp.local" - }, - "D052A8A1D7EE0001._smartthings._tcp.local: type TXT, class IN, cache flush": { - "dns.resp.name": "D052A8A1D7EE0001._smartthings._tcp.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "1", - "dns.resp.ttl": "4500", - "dns.resp.len": "38", - "dns.txt.length": "6", - "dns.txt": "path=\/", - "dns.txt.length": "19", - "dns.txt": "id=D052A8A1D7EE0001", - "dns.txt.length": "10", - "dns.txt": "type=hubv2" - }, - "D052A8A1D7EE0001._smartthings._tcp.local: type SRV, class IN, cache flush, priority 0, weight 0, port 8081, target D052A8A1D7EE0001.local": { - "dns.srv.service": "D052A8A1D7EE0001", - "dns.srv.proto": "_smartthings", - "dns.srv.name": "_tcp.local", - "dns.resp.type": "33", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "1", - "dns.resp.ttl": "120", - "dns.resp.len": "25", - "dns.srv.priority": "0", - "dns.srv.weight": "0", - "dns.srv.port": "8081", - "dns.srv.target": "D052A8A1D7EE0001.local" - }, - "D052A8A1D7EE0001.local: type A, class IN, cache flush, addr 192.168.0.242": { - "dns.resp.name": "D052A8A1D7EE0001.local", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "1", - "dns.resp.ttl": "120", - "dns.resp.len": "4", - "dns.a": "192.168.0.242" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:47.173755000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494267.173755000", - "frame.time_delta": "0.074282000", - "frame.time_delta_displayed": "0.074282000", - "frame.time_relative": "675.713069000", - "frame.number": "2379", - "frame.len": "107", - "frame.cap_len": "107", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "3c:ef:8c:6f:79:5a", - "eth.src_tree": { - "eth.src_resolved": "Zhejiang_6f:79:5a", - "eth.addr": "3c:ef:8c:6f:79:5a", - "eth.addr_resolved": "Zhejiang_6f:79:5a", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "93", - "ip.id": "0x0000f5ec", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000e3b7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.71", - "ip.addr": "192.168.0.71", - "ip.src_host": "192.168.0.71", - "ip.host": "192.168.0.71", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "73", - "udp.checksum": "0x0000791d", - "udp.checksum.status": "2", - "udp.stream": "46" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00008400", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "1", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.recavail": "0", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "0", - "dns.count.answers": "1", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Answers": { - "_services._dns-sd._udp.local: type PTR, class IN, _http._tcp.local": { - "dns.resp.name": "_services._dns-sd._udp.local", - "dns.resp.type": "12", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "4500", - "dns.resp.len": "13", - "dns.ptr.domain_name": "_http._tcp.local" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:47.194958000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494267.194958000", - "frame.time_delta": "0.021203000", - "frame.time_delta_displayed": "0.021203000", - "frame.time_relative": "675.734272000", - "frame.number": "2380", - "frame.len": "114", - "frame.cap_len": "114", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "74:da:38:0d:05:55", - "eth.src_tree": { - "eth.src_resolved": "EdimaxTe_0d:05:55", - "eth.addr": "74:da:38:0d:05:55", - "eth.addr_resolved": "EdimaxTe_0d:05:55", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "100", - "ip.id": "0x00001af3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000be7a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.119", - "ip.addr": "192.168.0.119", - "ip.src_host": "192.168.0.119", - "ip.host": "192.168.0.119", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "80", - "udp.checksum": "0x00004200", - "udp.checksum.status": "2", - "udp.stream": "47" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00008400", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "1", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.recavail": "0", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "0", - "dns.count.answers": "1", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Answers": { - "_services._dns-sd._udp.local: type PTR, class IN, _workstation._tcp.local": { - "dns.resp.name": "_services._dns-sd._udp.local", - "dns.resp.type": "12", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "4500", - "dns.resp.len": "20", - "dns.ptr.domain_name": "_workstation._tcp.local" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:47.216232000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494267.216232000", - "frame.time_delta": "0.021274000", - "frame.time_delta_displayed": "0.021274000", - "frame.time_relative": "675.755546000", - "frame.number": "2381", - "frame.len": "108", - "frame.cap_len": "108", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "c4:12:f5:e3:dc:17", - "eth.src_tree": { - "eth.src_resolved": "D-LinkIn_e3:dc:17", - "eth.addr": "c4:12:f5:e3:dc:17", - "eth.addr_resolved": "D-LinkIn_e3:dc:17", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "94", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000d963", - "ip.checksum.status": "2", - "ip.src": "192.168.0.135", - "ip.addr": "192.168.0.135", - "ip.src_host": "192.168.0.135", - "ip.host": "192.168.0.135", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "74", - "udp.checksum": "0x00009b6b", - "udp.checksum.status": "2", - "udp.stream": "48" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00008400", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "1", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.recavail": "0", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "0", - "dns.count.answers": "1", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Answers": { - "_services._dns-sd._udp.local: type PTR, class IN, _dhnap._tcp.local": { - "dns.resp.name": "_services._dns-sd._udp.local", - "dns.resp.type": "12", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "4500", - "dns.resp.len": "14", - "dns.ptr.domain_name": "_dhnap._tcp.local" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:47.228261000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494267.228261000", - "frame.time_delta": "0.012029000", - "frame.time_delta_displayed": "0.012029000", - "frame.time_relative": "675.767575000", - "frame.number": "2382", - "frame.len": "108", - "frame.cap_len": "108", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "90:8d:78:e3:81:0c", - "eth.src_tree": { - "eth.src_resolved": "D-LinkIn_e3:81:0c", - "eth.addr": "90:8d:78:e3:81:0c", - "eth.addr_resolved": "D-LinkIn_e3:81:0c", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "94", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000d8fa", - "ip.checksum.status": "2", - "ip.src": "192.168.0.240", - "ip.addr": "192.168.0.240", - "ip.src_host": "192.168.0.240", - "ip.host": "192.168.0.240", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "74", - "udp.checksum": "0x00009b02", - "udp.checksum.status": "2", - "udp.stream": "49" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00008400", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "1", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.recavail": "0", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "0", - "dns.count.answers": "1", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Answers": { - "_services._dns-sd._udp.local: type PTR, class IN, _dhnap._tcp.local": { - "dns.resp.name": "_services._dns-sd._udp.local", - "dns.resp.type": "12", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "4500", - "dns.resp.len": "14", - "dns.ptr.domain_name": "_dhnap._tcp.local" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:47.261398000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494267.261398000", - "frame.time_delta": "0.033137000", - "frame.time_delta_displayed": "0.033137000", - "frame.time_relative": "675.800712000", - "frame.number": "2383", - "frame.len": "108", - "frame.cap_len": "108", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "c4:12:f5:de:38:20", - "eth.src_tree": { - "eth.src_resolved": "D-LinkIn_de:38:20", - "eth.addr": "c4:12:f5:de:38:20", - "eth.addr_resolved": "D-LinkIn_de:38:20", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "94", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000d995", - "ip.checksum.status": "2", - "ip.src": "192.168.0.85", - "ip.addr": "192.168.0.85", - "ip.src_host": "192.168.0.85", - "ip.host": "192.168.0.85", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "74", - "udp.checksum": "0x00009b9d", - "udp.checksum.status": "2", - "udp.stream": "50" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00008400", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "1", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.recavail": "0", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "0", - "dns.count.answers": "1", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Answers": { - "_services._dns-sd._udp.local: type PTR, class IN, _dhnap._tcp.local": { - "dns.resp.name": "_services._dns-sd._udp.local", - "dns.resp.type": "12", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "4500", - "dns.resp.len": "14", - "dns.ptr.domain_name": "_dhnap._tcp.local" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:47.322919000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494267.322919000", - "frame.time_delta": "0.061521000", - "frame.time_delta_displayed": "0.061521000", - "frame.time_relative": "675.862233000", - "frame.number": "2384", - "frame.len": "83", - "frame.cap_len": "83", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "69", - "ip.id": "0x000017a6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000c1e8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "49", - "udp.checksum": "0x0000edf6", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_smartthings._tcp.local", - "dns.qry.name.len": "23", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:47.323079000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494267.323079000", - "frame.time_delta": "0.000160000", - "frame.time_delta_displayed": "0.000160000", - "frame.time_relative": "675.862393000", - "frame.number": "2385", - "frame.len": "88", - "frame.cap_len": "88", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "74", - "ip.id": "0x000017a7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000c1e2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "54", - "udp.checksum": "0x0000fd7d", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_services._dns-sd._udp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_services._dns-sd._udp.local", - "dns.qry.name.len": "28", - "dns.count.labels": "4", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:47.323227000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494267.323227000", - "frame.time_delta": "0.000148000", - "frame.time_delta_displayed": "0.000148000", - "frame.time_relative": "675.862541000", - "frame.number": "2386", - "frame.len": "83", - "frame.cap_len": "83", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "69", - "ip.id": "0x000017a8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000c1e6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "49", - "udp.checksum": "0x0000edf6", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_smartthings._tcp.local", - "dns.qry.name.len": "23", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:47.570307000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494267.570307000", - "frame.time_delta": "0.247080000", - "frame.time_delta_displayed": "0.247080000", - "frame.time_relative": "676.109621000", - "frame.number": "2387", - "frame.len": "83", - "frame.cap_len": "83", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "69", - "ip.id": "0x000017c9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000c1c5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "49", - "udp.checksum": "0x0000edf6", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_smartthings._tcp.local", - "dns.qry.name.len": "23", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:47.570471000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494267.570471000", - "frame.time_delta": "0.000164000", - "frame.time_delta_displayed": "0.000164000", - "frame.time_relative": "676.109785000", - "frame.number": "2388", - "frame.len": "88", - "frame.cap_len": "88", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "74", - "ip.id": "0x000017ca", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000c1bf", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "54", - "udp.checksum": "0x0000fd7d", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_services._dns-sd._udp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_services._dns-sd._udp.local", - "dns.qry.name.len": "28", - "dns.count.labels": "4", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:47.570617000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494267.570617000", - "frame.time_delta": "0.000146000", - "frame.time_delta_displayed": "0.000146000", - "frame.time_relative": "676.109931000", - "frame.number": "2389", - "frame.len": "83", - "frame.cap_len": "83", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "69", - "ip.id": "0x000017cb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000c1c3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "49", - "udp.checksum": "0x0000edf6", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_smartthings._tcp.local", - "dns.qry.name.len": "23", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:47.810542000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494267.810542000", - "frame.time_delta": "0.239925000", - "frame.time_delta_displayed": "0.239925000", - "frame.time_relative": "676.349856000", - "frame.number": "2390", - "frame.len": "114", - "frame.cap_len": "114", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "74:da:38:0d:05:55", - "eth.src_tree": { - "eth.src_resolved": "EdimaxTe_0d:05:55", - "eth.addr": "74:da:38:0d:05:55", - "eth.addr_resolved": "EdimaxTe_0d:05:55", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "100", - "ip.id": "0x00001b15", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000be58", - "ip.checksum.status": "2", - "ip.src": "192.168.0.119", - "ip.addr": "192.168.0.119", - "ip.src_host": "192.168.0.119", - "ip.host": "192.168.0.119", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "80", - "udp.checksum": "0x00004200", - "udp.checksum.status": "2", - "udp.stream": "47" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00008400", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "1", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.recavail": "0", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "0", - "dns.count.answers": "1", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Answers": { - "_services._dns-sd._udp.local: type PTR, class IN, _workstation._tcp.local": { - "dns.resp.name": "_services._dns-sd._udp.local", - "dns.resp.type": "12", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "4500", - "dns.resp.len": "20", - "dns.ptr.domain_name": "_workstation._tcp.local" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:47.868780000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494267.868780000", - "frame.time_delta": "0.058238000", - "frame.time_delta_displayed": "0.058238000", - "frame.time_relative": "676.408094000", - "frame.number": "2391", - "frame.len": "95", - "frame.cap_len": "95", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "81", - "ip.id": "0x000017f9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000c189", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "61", - "udp.checksum": "0x0000e755", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "1", - "dns.count.add_rr": "0", - "Queries": { - "192-168-0-117.local: type ANY, class IN, \"QM\" question": { - "dns.qry.name": "192-168-0-117.local", - "dns.qry.name.len": "19", - "dns.count.labels": "2", - "dns.qry.type": "255", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - }, - "Authoritative nameservers": { - "192-168-0-117.local: type A, class IN, addr 192.168.0.117": { - "dns.resp.name": "192-168-0-117.local", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "3600", - "dns.resp.len": "4", - "dns.a": "192.168.0.117" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:47.883544000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494267.883544000", - "frame.time_delta": "0.014764000", - "frame.time_delta_displayed": "0.014764000", - "frame.time_relative": "676.422858000", - "frame.number": "2392", - "frame.len": "136", - "frame.cap_len": "136", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "122", - "ip.id": "0x000017fe", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000c15b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "102", - "udp.checksum": "0x0000302b", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000002", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", - "dns.qry.name.len": "70", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:47.970116000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494267.970116000", - "frame.time_delta": "0.086572000", - "frame.time_delta_displayed": "0.086572000", - "frame.time_relative": "676.509430000", - "frame.number": "2393", - "frame.len": "62", - "frame.cap_len": "62", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_02", - "eth.addr": "33:33:00:00:00:02", - "eth.addr_resolved": "IPv6mcast_02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "8", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "::", - "ipv6.addr": "::", - "ipv6.src_host": "::", - "ipv6.host": "::", - "ipv6.dst": "ff02::2", - "ipv6.addr": "ff02::2", - "ipv6.dst_host": "ff02::2", - "ipv6.host": "ff02::2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "133", - "icmpv6.code": "0", - "icmpv6.checksum": "0x00007bb8", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:47.972831000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494267.972831000", - "frame.time_delta": "0.002715000", - "frame.time_delta_displayed": "0.002715000", - "frame.time_relative": "676.512145000", - "frame.number": "2394", - "frame.len": "174", - "frame.cap_len": "174", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:01", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01", - "eth.addr": "33:33:00:00:00:01", - "eth.addr_resolved": "IPv6mcast_01", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00016898", - "ipv6.plen": "120", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "fe80::b2b9:8aff:fe73:698e", - "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.dst": "ff02::1", - "ipv6.addr": "ff02::1", - "ipv6.dst_host": "ff02::1", - "ipv6.host": "ff02::1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "134", - "icmpv6.code": "0", - "icmpv6.checksum": "0x00006442", - "icmpv6.checksum.status": "1", - "icmpv6.nd.ra.cur_hop_limit": "64", - "icmpv6.nd.ra.flag": "0x000000c0", - "icmpv6.nd.ra.flag_tree": { - "icmpv6.nd.ra.flag.m": "1", - "icmpv6.nd.ra.flag.o": "1", - "icmpv6.nd.ra.flag.h": "0", - "icmpv6.nd.ra.flag.prf": "0", - "icmpv6.nd.ra.flag.p": "0", - "icmpv6.nd.ra.flag.rsv": "0" - }, - "icmpv6.nd.ra.router_lifetime": "0", - "icmpv6.nd.ra.reachable_time": "0", - "icmpv6.nd.ra.retrans_timer": "0", - "icmpv6.opt": { - "icmpv6.opt.type": "1", - "icmpv6.opt.length": "1", - "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", - "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "5", - "icmpv6.opt.length": "1", - "icmpv6.opt.reserved": "", - "icmpv6.opt.mtu": "1500" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "3", - "icmpv6.opt.length": "4", - "icmpv6.opt.prefix.length": "64", - "icmpv6.opt.prefix.flag": "0x000000c0", - "icmpv6.opt.prefix.flag_tree": { - "icmpv6.opt.prefix.flag.l": "1", - "icmpv6.opt.prefix.flag.a": "1", - "icmpv6.opt.prefix.flag.r": "0", - "icmpv6.opt.prefix.flag.reserved": "0" - }, - "icmpv6.opt.prefix.valid_lifetime": "4294967295", - "icmpv6.opt.prefix.preferred_lifetime": "4294967295", - "icmpv6.opt.reserved": "", - "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "24", - "icmpv6.opt.length": "3", - "icmpv6.opt.prefix.length": "48", - "icmpv6.opt.route_info.flag": "0x00000000", - "icmpv6.opt.route_info.flag_tree": { - "icmpv6.opt.route_info.flag.route_preference": "0", - "icmpv6.opt.route_info.flag.reserved": "0" - }, - "icmpv6.opt.route_lifetime": "4294967295", - "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "25", - "icmpv6.opt.length": "3", - "icmpv6.opt.reserved": "", - "icmpv6.opt.rdnss.lifetime": "6000", - "icmpv6.opt.rdnss": "fd1e:4e89:3b7b::1" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "7", - "icmpv6.opt.length": "1", - "icmpv6.opt.reserved": "", - "icmpv6.opt.advertisement_interval": "600000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:48.007171000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494268.007171000", - "frame.time_delta": "0.034340000", - "frame.time_delta_displayed": "0.034340000", - "frame.time_relative": "676.546485000", - "frame.number": "2395", - "frame.len": "150", - "frame.cap_len": "150", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "96", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000b590", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "4", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::fb" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:48.616221000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494268.616221000", - "frame.time_delta": "0.609050000", - "frame.time_delta_displayed": "0.609050000", - "frame.time_relative": "677.155535000", - "frame.number": "2396", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" - }, - "eth": { - "eth.dst": "33:33:00:01:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:02", - "eth.addr": "33:33:00:01:00:02", - "eth.addr_resolved": "IPv6mcast_01:00:02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "66", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::1:2", - "ipv6.addr": "ff02::1:2", - "ipv6.dst_host": "ff02::1:2", - "ipv6.host": "ff02::1:2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "546", - "udp.dstport": "547", - "udp.port": "546", - "udp.port": "547", - "udp.length": "66", - "udp.checksum": "0x0000cbf5", - "udp.checksum.status": "2", - "udp.stream": "15" - }, - "dhcpv6": { - "dhcpv6.msgtype": "1", - "dhcpv6.xid": "0x0068507f", - "Elapsed time": { - "dhcpv6.option.type": "8", - "dhcpv6.option.length": "2", - "dhcpv6.option.value": "00:00", - "dhcpv6.elapsed_time": "0" - }, - "Rapid Commit": { - "dhcpv6.option.type": "14", - "dhcpv6.option.length": "0" - }, - "Client Identifier": { - "dhcpv6.option.type": "1", - "dhcpv6.option.length": "14", - "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.type": "1", - "dhcpv6.duidllt.hwtype": "1", - "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", - "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" - }, - "Identity Association for Non-temporary Address": { - "dhcpv6.option.type": "3", - "dhcpv6.option.length": "12", - "dhcpv6.option.value": "30:bf:34:7e:00:00:00:00:00:00:00:00", - "dhcpv6.iaid": "30bf347e", - "dhcpv6.iaid.t1": "0", - "dhcpv6.iaid.t2": "0" - }, - "Option Request": { - "dhcpv6.option.type": "6", - "dhcpv6.option.length": "6", - "dhcpv6.option.value": "00:17:00:18:00:1f", - "dhcpv6.requested_option_code": "23", - "dhcpv6.requested_option_code": "24", - "dhcpv6.requested_option_code": "31" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:48.617880000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494268.617880000", - "frame.time_delta": "0.001659000", - "frame.time_delta_displayed": "0.001659000", - "frame.time_relative": "677.157194000", - "frame.number": "2397", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:ff:bf:34:7e", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_ff:bf:34:7e", - "eth.addr": "33:33:ff:bf:34:7e", - "eth.addr_resolved": "IPv6mcast_ff:bf:34:7e", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "32", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "fe80::b2b9:8aff:fe73:698e", - "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.dst": "ff02::1:ffbf:347e", - "ipv6.addr": "ff02::1:ffbf:347e", - "ipv6.dst_host": "ff02::1:ffbf:347e", - "ipv6.host": "ff02::1:ffbf:347e", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "135", - "icmpv6.code": "0", - "icmpv6.checksum": "0x00007df7", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00:00:00", - "icmpv6.nd.ns.target_address": "fe80::1ab4:30ff:febf:347e", - "icmpv6.opt": { - "icmpv6.opt.type": "1", - "icmpv6.opt.length": "1", - "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", - "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:48.872679000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494268.872679000", - "frame.time_delta": "0.254799000", - "frame.time_delta_displayed": "0.254799000", - "frame.time_relative": "677.411993000", - "frame.number": "2398", - "frame.len": "95", - "frame.cap_len": "95", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "81", - "ip.id": "0x00001818", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000c16a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "61", - "udp.checksum": "0x0000e755", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "1", - "dns.count.add_rr": "0", - "Queries": { - "192-168-0-117.local: type ANY, class IN, \"QM\" question": { - "dns.qry.name": "192-168-0-117.local", - "dns.qry.name.len": "19", - "dns.count.labels": "2", - "dns.qry.type": "255", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - }, - "Authoritative nameservers": { - "192-168-0-117.local: type A, class IN, addr 192.168.0.117": { - "dns.resp.name": "192-168-0-117.local", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "3600", - "dns.resp.len": "4", - "dns.a": "192.168.0.117" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:48.947559000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494268.947559000", - "frame.time_delta": "0.074880000", - "frame.time_delta_displayed": "0.074880000", - "frame.time_relative": "677.486873000", - "frame.number": "2399", - "frame.len": "158", - "frame.cap_len": "158", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" - }, - "eth": { - "eth.dst": "33:33:00:01:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:02", - "eth.addr": "33:33:00:01:00:02", - "eth.addr_resolved": "IPv6mcast_01:00:02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "104", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::1:2", - "ipv6.addr": "ff02::1:2", - "ipv6.dst_host": "ff02::1:2", - "ipv6.host": "ff02::1:2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "546", - "udp.dstport": "547", - "udp.port": "546", - "udp.port": "547", - "udp.length": "104", - "udp.checksum": "0x00001c05", - "udp.checksum.status": "2", - "udp.stream": "15" - }, - "dhcpv6": { - "dhcpv6.msgtype": "3", - "dhcpv6.xid": "0x00aaf565", - "Elapsed time": { - "dhcpv6.option.type": "8", - "dhcpv6.option.length": "2", - "dhcpv6.option.value": "00:00", - "dhcpv6.elapsed_time": "0" - }, - "Server Identifier": { - "dhcpv6.option.type": "2", - "dhcpv6.option.length": "10", - "dhcpv6.option.value": "00:03:00:01:b0:b9:8a:73:69:8e", - "dhcpv6.duid.bytes": "00:03:00:01:b0:b9:8a:73:69:8e", - "dhcpv6.duid.type": "3", - "dhcpv6.duidll.hwtype": "1", - "dhcpv6.duidll.link_layer_addr": "b0:b9:8a:73:69:8e" - }, - "Client Identifier": { - "dhcpv6.option.type": "1", - "dhcpv6.option.length": "14", - "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.type": "1", - "dhcpv6.duidllt.hwtype": "1", - "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", - "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" - }, - "Identity Association for Non-temporary Address": { - "dhcpv6.option.type": "3", - "dhcpv6.option.length": "40", - "dhcpv6.option.value": "30:bf:34:7e:00:00:54:60:00:00:87:00:00:05:00:18:fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", - "dhcpv6.iaid": "30bf347e", - "dhcpv6.iaid.t1": "21600", - "dhcpv6.iaid.t2": "34560", - "IA Address": { - "dhcpv6.option.type": "5", - "dhcpv6.option.length": "24", - "dhcpv6.option.value": "fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", - "dhcpv6.iaaddr.ip": "fd1e:4e89:3b7b::101", - "dhcpv6.iaaddr.pref_lifetime": "0", - "dhcpv6.iaaddr.valid_lifetime": "0" - } - }, - "Option Request": { - "dhcpv6.option.type": "6", - "dhcpv6.option.length": "6", - "dhcpv6.option.value": "00:17:00:18:00:1f", - "dhcpv6.requested_option_code": "23", - "dhcpv6.requested_option_code": "24", - "dhcpv6.requested_option_code": "31" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:48.977349000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494268.977349000", - "frame.time_delta": "0.029790000", - "frame.time_delta_displayed": "0.029790000", - "frame.time_relative": "677.516663000", - "frame.number": "2400", - "frame.len": "78", - "frame.cap_len": "78", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:ff:00:01:01", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_ff:00:01:01", - "eth.addr": "33:33:ff:00:01:01", - "eth.addr_resolved": "IPv6mcast_ff:00:01:01", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "24", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "::", - "ipv6.addr": "::", - "ipv6.src_host": "::", - "ipv6.host": "::", - "ipv6.dst": "ff02::1:ff00:101", - "ipv6.addr": "ff02::1:ff00:101", - "ipv6.dst_host": "ff02::1:ff00:101", - "ipv6.host": "ff02::1:ff00:101", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "135", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000f182", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00:00:00", - "icmpv6.nd.ns.target_address": "fd1e:4e89:3b7b::101" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:48.986158000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494268.986158000", - "frame.time_delta": "0.008809000", - "frame.time_delta_displayed": "0.008809000", - "frame.time_relative": "677.525472000", - "frame.number": "2401", - "frame.len": "110", - "frame.cap_len": "110", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "56", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000effa", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "2", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:48.993588000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494268.993588000", - "frame.time_delta": "0.007430000", - "frame.time_delta_displayed": "0.007430000", - "frame.time_relative": "677.532902000", - "frame.number": "2402", - "frame.len": "136", - "frame.cap_len": "136", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "122", - "ip.id": "0x0000181d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000c13c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "102", - "udp.checksum": "0x0000302a", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000003", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", - "dns.qry.name.len": "70", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:49.923888000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494269.923888000", - "frame.time_delta": "0.930300000", - "frame.time_delta_displayed": "0.930300000", - "frame.time_relative": "678.463202000", - "frame.number": "2403", - "frame.len": "95", - "frame.cap_len": "95", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "81", - "ip.id": "0x0000182f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000c153", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "61", - "udp.checksum": "0x0000e855", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "1", - "dns.count.add_rr": "0", - "Queries": { - "192-168-0-117.local: type ANY, class IN, \"QM\" question": { - "dns.qry.name": "192-168-0-117.local", - "dns.qry.name.len": "19", - "dns.count.labels": "2", - "dns.qry.type": "255", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - }, - "Authoritative nameservers": { - "192-168-0-117.local: type A, class IN, addr 192.168.0.117": { - "dns.resp.name": "192-168-0-117.local", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "3599", - "dns.resp.len": "4", - "dns.a": "192.168.0.117" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:49.997189000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494269.997189000", - "frame.time_delta": "0.073301000", - "frame.time_delta_displayed": "0.073301000", - "frame.time_relative": "678.536503000", - "frame.number": "2404", - "frame.len": "62", - "frame.cap_len": "62", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_02", - "eth.addr": "33:33:00:00:00:02", - "eth.addr_resolved": "IPv6mcast_02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "8", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "::", - "ipv6.addr": "::", - "ipv6.src_host": "::", - "ipv6.host": "::", - "ipv6.dst": "ff02::2", - "ipv6.addr": "ff02::2", - "ipv6.dst_host": "ff02::2", - "ipv6.host": "ff02::2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "133", - "icmpv6.code": "0", - "icmpv6.checksum": "0x00007bb8", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:50.000002000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494270.000002000", - "frame.time_delta": "0.002813000", - "frame.time_delta_displayed": "0.002813000", - "frame.time_relative": "678.539316000", - "frame.number": "2405", - "frame.len": "174", - "frame.cap_len": "174", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:01", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01", - "eth.addr": "33:33:00:00:00:01", - "eth.addr_resolved": "IPv6mcast_01", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00016898", - "ipv6.plen": "120", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "fe80::b2b9:8aff:fe73:698e", - "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.dst": "ff02::1", - "ipv6.addr": "ff02::1", - "ipv6.dst_host": "ff02::1", - "ipv6.host": "ff02::1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "134", - "icmpv6.code": "0", - "icmpv6.checksum": "0x00006442", - "icmpv6.checksum.status": "1", - "icmpv6.nd.ra.cur_hop_limit": "64", - "icmpv6.nd.ra.flag": "0x000000c0", - "icmpv6.nd.ra.flag_tree": { - "icmpv6.nd.ra.flag.m": "1", - "icmpv6.nd.ra.flag.o": "1", - "icmpv6.nd.ra.flag.h": "0", - "icmpv6.nd.ra.flag.prf": "0", - "icmpv6.nd.ra.flag.p": "0", - "icmpv6.nd.ra.flag.rsv": "0" - }, - "icmpv6.nd.ra.router_lifetime": "0", - "icmpv6.nd.ra.reachable_time": "0", - "icmpv6.nd.ra.retrans_timer": "0", - "icmpv6.opt": { - "icmpv6.opt.type": "1", - "icmpv6.opt.length": "1", - "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", - "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "5", - "icmpv6.opt.length": "1", - "icmpv6.opt.reserved": "", - "icmpv6.opt.mtu": "1500" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "3", - "icmpv6.opt.length": "4", - "icmpv6.opt.prefix.length": "64", - "icmpv6.opt.prefix.flag": "0x000000c0", - "icmpv6.opt.prefix.flag_tree": { - "icmpv6.opt.prefix.flag.l": "1", - "icmpv6.opt.prefix.flag.a": "1", - "icmpv6.opt.prefix.flag.r": "0", - "icmpv6.opt.prefix.flag.reserved": "0" - }, - "icmpv6.opt.prefix.valid_lifetime": "4294967295", - "icmpv6.opt.prefix.preferred_lifetime": "4294967295", - "icmpv6.opt.reserved": "", - "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "24", - "icmpv6.opt.length": "3", - "icmpv6.opt.prefix.length": "48", - "icmpv6.opt.route_info.flag": "0x00000000", - "icmpv6.opt.route_info.flag_tree": { - "icmpv6.opt.route_info.flag.route_preference": "0", - "icmpv6.opt.route_info.flag.reserved": "0" - }, - "icmpv6.opt.route_lifetime": "4294967295", - "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "25", - "icmpv6.opt.length": "3", - "icmpv6.opt.reserved": "", - "icmpv6.opt.rdnss.lifetime": "6000", - "icmpv6.opt.rdnss": "fd1e:4e89:3b7b::1" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "7", - "icmpv6.opt.length": "1", - "icmpv6.opt.reserved": "", - "icmpv6.opt.advertisement_interval": "600000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:50.008380000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494270.008380000", - "frame.time_delta": "0.008378000", - "frame.time_delta_displayed": "0.008378000", - "frame.time_relative": "678.547694000", - "frame.number": "2406", - "frame.len": "150", - "frame.cap_len": "150", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "96", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000b490", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "4", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::fb" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:50.058023000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494270.058023000", - "frame.time_delta": "0.049643000", - "frame.time_delta_displayed": "0.049643000", - "frame.time_relative": "678.597337000", - "frame.number": "2407", - "frame.len": "150", - "frame.cap_len": "150", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "96", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000b590", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "4", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::fb" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:50.553292000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494270.553292000", - "frame.time_delta": "0.495269000", - "frame.time_delta_displayed": "0.495269000", - "frame.time_relative": "679.092606000", - "frame.number": "2408", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" - }, - "eth": { - "eth.dst": "33:33:00:01:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:02", - "eth.addr": "33:33:00:01:00:02", - "eth.addr_resolved": "IPv6mcast_01:00:02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "66", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::1:2", - "ipv6.addr": "ff02::1:2", - "ipv6.dst_host": "ff02::1:2", - "ipv6.host": "ff02::1:2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "546", - "udp.dstport": "547", - "udp.port": "546", - "udp.port": "547", - "udp.length": "66", - "udp.checksum": "0x00005d86", - "udp.checksum.status": "2", - "udp.stream": "15" - }, - "dhcpv6": { - "dhcpv6.msgtype": "1", - "dhcpv6.xid": "0x0074bee2", - "Elapsed time": { - "dhcpv6.option.type": "8", - "dhcpv6.option.length": "2", - "dhcpv6.option.value": "00:00", - "dhcpv6.elapsed_time": "0" - }, - "Rapid Commit": { - "dhcpv6.option.type": "14", - "dhcpv6.option.length": "0" - }, - "Client Identifier": { - "dhcpv6.option.type": "1", - "dhcpv6.option.length": "14", - "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.type": "1", - "dhcpv6.duidllt.hwtype": "1", - "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", - "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" - }, - "Identity Association for Non-temporary Address": { - "dhcpv6.option.type": "3", - "dhcpv6.option.length": "12", - "dhcpv6.option.value": "30:bf:34:7e:00:00:00:00:00:00:00:00", - "dhcpv6.iaid": "30bf347e", - "dhcpv6.iaid.t1": "0", - "dhcpv6.iaid.t2": "0" - }, - "Option Request": { - "dhcpv6.option.type": "6", - "dhcpv6.option.length": "6", - "dhcpv6.option.value": "00:17:00:18:00:1f", - "dhcpv6.requested_option_code": "23", - "dhcpv6.requested_option_code": "24", - "dhcpv6.requested_option_code": "31" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:50.562965000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494270.562965000", - "frame.time_delta": "0.009673000", - "frame.time_delta_displayed": "0.009673000", - "frame.time_relative": "679.102279000", - "frame.number": "2409", - "frame.len": "158", - "frame.cap_len": "158", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" - }, - "eth": { - "eth.dst": "33:33:00:01:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:02", - "eth.addr": "33:33:00:01:00:02", - "eth.addr_resolved": "IPv6mcast_01:00:02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "104", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::1:2", - "ipv6.addr": "ff02::1:2", - "ipv6.dst_host": "ff02::1:2", - "ipv6.host": "ff02::1:2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "546", - "udp.dstport": "547", - "udp.port": "546", - "udp.port": "547", - "udp.length": "104", - "udp.checksum": "0x00002ce7", - "udp.checksum.status": "2", - "udp.stream": "15" - }, - "dhcpv6": { - "dhcpv6.msgtype": "3", - "dhcpv6.xid": "0x00b6e477", - "Elapsed time": { - "dhcpv6.option.type": "8", - "dhcpv6.option.length": "2", - "dhcpv6.option.value": "00:00", - "dhcpv6.elapsed_time": "0" - }, - "Server Identifier": { - "dhcpv6.option.type": "2", - "dhcpv6.option.length": "10", - "dhcpv6.option.value": "00:03:00:01:b0:b9:8a:73:69:8e", - "dhcpv6.duid.bytes": "00:03:00:01:b0:b9:8a:73:69:8e", - "dhcpv6.duid.type": "3", - "dhcpv6.duidll.hwtype": "1", - "dhcpv6.duidll.link_layer_addr": "b0:b9:8a:73:69:8e" - }, - "Client Identifier": { - "dhcpv6.option.type": "1", - "dhcpv6.option.length": "14", - "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.type": "1", - "dhcpv6.duidllt.hwtype": "1", - "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", - "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" - }, - "Identity Association for Non-temporary Address": { - "dhcpv6.option.type": "3", - "dhcpv6.option.length": "40", - "dhcpv6.option.value": "30:bf:34:7e:00:00:54:60:00:00:87:00:00:05:00:18:fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", - "dhcpv6.iaid": "30bf347e", - "dhcpv6.iaid.t1": "21600", - "dhcpv6.iaid.t2": "34560", - "IA Address": { - "dhcpv6.option.type": "5", - "dhcpv6.option.length": "24", - "dhcpv6.option.value": "fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", - "dhcpv6.iaaddr.ip": "fd1e:4e89:3b7b::101", - "dhcpv6.iaaddr.pref_lifetime": "0", - "dhcpv6.iaaddr.valid_lifetime": "0" - } - }, - "Option Request": { - "dhcpv6.option.type": "6", - "dhcpv6.option.length": "6", - "dhcpv6.option.value": "00:17:00:18:00:1f", - "dhcpv6.requested_option_code": "23", - "dhcpv6.requested_option_code": "24", - "dhcpv6.requested_option_code": "31" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:50.572124000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494270.572124000", - "frame.time_delta": "0.009159000", - "frame.time_delta_displayed": "0.009159000", - "frame.time_relative": "679.111438000", - "frame.number": "2410", - "frame.len": "78", - "frame.cap_len": "78", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:ff:00:01:01", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_ff:00:01:01", - "eth.addr": "33:33:ff:00:01:01", - "eth.addr_resolved": "IPv6mcast_ff:00:01:01", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "24", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "::", - "ipv6.addr": "::", - "ipv6.src_host": "::", - "ipv6.host": "::", - "ipv6.dst": "ff02::1:ff00:101", - "ipv6.addr": "ff02::1:ff00:101", - "ipv6.dst_host": "ff02::1:ff00:101", - "ipv6.host": "ff02::1:ff00:101", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "135", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000f182", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00:00:00", - "icmpv6.nd.ns.target_address": "fd1e:4e89:3b7b::101" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:50.586904000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494270.586904000", - "frame.time_delta": "0.014780000", - "frame.time_delta_displayed": "0.014780000", - "frame.time_relative": "679.126218000", - "frame.number": "2411", - "frame.len": "110", - "frame.cap_len": "110", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "56", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000effa", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "2", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:50.885307000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494270.885307000", - "frame.time_delta": "0.298403000", - "frame.time_delta_displayed": "0.298403000", - "frame.time_relative": "679.424621000", - "frame.number": "2412", - "frame.len": "89", - "frame.cap_len": "89", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "75", - "ip.id": "0x00001950", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000c038", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "55", - "udp.checksum": "0x00006fa3", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.response_to": "2403", - "dns.time": "0.961419000", - "dns.id": "0x00000000", - "dns.flags": "0x00008400", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "1", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.recavail": "0", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "0", - "dns.count.answers": "1", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Answers": { - "192-168-0-117.local: type A, class IN, cache flush, addr 192.168.0.117": { - "dns.resp.name": "192-168-0-117.local", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "1", - "dns.resp.ttl": "3600", - "dns.resp.len": "4", - "dns.a": "192.168.0.117" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:51.125061000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494271.125061000", - "frame.time_delta": "0.239754000", - "frame.time_delta_displayed": "0.239754000", - "frame.time_relative": "679.664375000", - "frame.number": "2413", - "frame.len": "240", - "frame.cap_len": "240", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" - }, - "eth": { - "eth.dst": "33:33:00:01:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:02", - "eth.addr": "33:33:00:01:00:02", - "eth.addr_resolved": "IPv6mcast_01:00:02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "74:da:38:0d:05:55", - "eth.src_tree": { - "eth.src_resolved": "EdimaxTe_0d:05:55", - "eth.addr": "74:da:38:0d:05:55", - "eth.addr_resolved": "EdimaxTe_0d:05:55", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x0004043b", - "ipv6.plen": "186", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::b7ce:468a:843f:9e05", - "ipv6.addr": "fe80::b7ce:468a:843f:9e05", - "ipv6.src_host": "fe80::b7ce:468a:843f:9e05", - "ipv6.host": "fe80::b7ce:468a:843f:9e05", - "ipv6.dst": "ff02::1:2", - "ipv6.addr": "ff02::1:2", - "ipv6.dst_host": "ff02::1:2", - "ipv6.host": "ff02::1:2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "546", - "udp.dstport": "547", - "udp.port": "546", - "udp.port": "547", - "udp.length": "186", - "udp.checksum": "0x00003a7f", - "udp.checksum.status": "2", - "udp.stream": "51" - }, - "dhcpv6": { - "dhcpv6.msgtype": "5", - "dhcpv6.xid": "0x0083051f", - "Client Identifier": { - "dhcpv6.option.type": "1", - "dhcpv6.option.length": "14", - "dhcpv6.option.value": "00:01:00:01:20:4c:55:45:b8:27:eb:2b:b7:45", - "dhcpv6.duid.bytes": "00:01:00:01:20:4c:55:45:b8:27:eb:2b:b7:45", - "dhcpv6.duid.type": "1", - "dhcpv6.duidllt.hwtype": "1", - "dhcpv6.duidllt.time": "Mar 3, 2017 08:24:37.000000000 PST", - "dhcpv6.duidllt.link_layer_addr": "b8:27:eb:2b:b7:45" - }, - "Server Identifier": { - "dhcpv6.option.type": "2", - "dhcpv6.option.length": "10", - "dhcpv6.option.value": "00:03:00:01:b0:b9:8a:73:69:8e", - "dhcpv6.duid.bytes": "00:03:00:01:b0:b9:8a:73:69:8e", - "dhcpv6.duid.type": "3", - "dhcpv6.duidll.hwtype": "1", - "dhcpv6.duidll.link_layer_addr": "b0:b9:8a:73:69:8e" - }, - "Elapsed time": { - "dhcpv6.option.type": "8", - "dhcpv6.option.length": "2", - "dhcpv6.option.value": "00:00", - "dhcpv6.elapsed_time": "0" - }, - "Vendor Class": { - "dhcpv6.option.type": "16", - "dhcpv6.option.length": "50", - "dhcpv6.option.value": "00:00:9f:08:00:2c:64:68:63:70:63:64:2d:36:2e:37:2e:31:3a:4c:69:6e:75:78:2d:34:2e:39:2e:31:37:2d:76:37:2b:3a:61:72:6d:76:37:6c:3a:42:43:4d:32:38:33:35", - "dhcpv6.vendorclass.enterprise": "40712", - "dhcpv6.vendorclass.data": "dhcpcd-6.7.1:Linux-4.9.17-v7+:armv7l:BCM2835" - }, - "Identity Association for Non-temporary Address": { - "dhcpv6.option.type": "3", - "dhcpv6.option.length": "40", - "dhcpv6.option.value": "38:0d:05:55:00:00:00:00:00:00:00:00:00:05:00:18:fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:04:2e:ff:ff:ff:ff:ff:ff:ff:ff", - "dhcpv6.iaid": "380d0555", - "dhcpv6.iaid.t1": "0", - "dhcpv6.iaid.t2": "0", - "IA Address": { - "dhcpv6.option.type": "5", - "dhcpv6.option.length": "24", - "dhcpv6.option.value": "fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:04:2e:ff:ff:ff:ff:ff:ff:ff:ff", - "dhcpv6.iaaddr.ip": "fd1e:4e89:3b7b::42e", - "dhcpv6.iaaddr.pref_lifetime": "4294967295", - "dhcpv6.iaaddr.valid_lifetime": "4294967295" - } - }, - "Fully Qualified Domain Name": { - "dhcpv6.option.type": "39", - "dhcpv6.option.length": "14", - "dhcpv6.option.value": "01:0c:72:61:73:70:62:65:72:72:79:70:69:32", - "dhcpv6.clientfqdn.reserved": "0x00000000", - "dhcpv6.clientfqdn.n": "0", - "dhcpv6.clientfqdn.o": "0", - "dhcpv6.clientfqdn.s": "1", - "dhcpv6.client_fqdn": "raspberrypi2" - }, - "Reconfigure Accept": { - "dhcpv6.option.type": "20", - "dhcpv6.option.length": "0" - }, - "Option Request": { - "dhcpv6.option.type": "6", - "dhcpv6.option.length": "12", - "dhcpv6.option.value": "00:17:00:18:00:1f:00:27:00:52:00:53", - "dhcpv6.requested_option_code": "23", - "dhcpv6.requested_option_code": "24", - "dhcpv6.requested_option_code": "31", - "dhcpv6.requested_option_code": "39", - "dhcpv6.requested_option_code": "82", - "dhcpv6.requested_option_code": "83" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:51.592032000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494271.592032000", - "frame.time_delta": "0.466971000", - "frame.time_delta_displayed": "0.466971000", - "frame.time_relative": "680.131346000", - "frame.number": "2414", - "frame.len": "62", - "frame.cap_len": "62", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_02", - "eth.addr": "33:33:00:00:00:02", - "eth.addr_resolved": "IPv6mcast_02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "8", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "::", - "ipv6.addr": "::", - "ipv6.src_host": "::", - "ipv6.host": "::", - "ipv6.dst": "ff02::2", - "ipv6.addr": "ff02::2", - "ipv6.dst_host": "ff02::2", - "ipv6.host": "ff02::2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "133", - "icmpv6.code": "0", - "icmpv6.checksum": "0x00007bb8", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:51.594663000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494271.594663000", - "frame.time_delta": "0.002631000", - "frame.time_delta_displayed": "0.002631000", - "frame.time_relative": "680.133977000", - "frame.number": "2415", - "frame.len": "174", - "frame.cap_len": "174", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:01", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01", - "eth.addr": "33:33:00:00:00:01", - "eth.addr_resolved": "IPv6mcast_01", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00016898", - "ipv6.plen": "120", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "fe80::b2b9:8aff:fe73:698e", - "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.dst": "ff02::1", - "ipv6.addr": "ff02::1", - "ipv6.dst_host": "ff02::1", - "ipv6.host": "ff02::1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "134", - "icmpv6.code": "0", - "icmpv6.checksum": "0x00006442", - "icmpv6.checksum.status": "1", - "icmpv6.nd.ra.cur_hop_limit": "64", - "icmpv6.nd.ra.flag": "0x000000c0", - "icmpv6.nd.ra.flag_tree": { - "icmpv6.nd.ra.flag.m": "1", - "icmpv6.nd.ra.flag.o": "1", - "icmpv6.nd.ra.flag.h": "0", - "icmpv6.nd.ra.flag.prf": "0", - "icmpv6.nd.ra.flag.p": "0", - "icmpv6.nd.ra.flag.rsv": "0" - }, - "icmpv6.nd.ra.router_lifetime": "0", - "icmpv6.nd.ra.reachable_time": "0", - "icmpv6.nd.ra.retrans_timer": "0", - "icmpv6.opt": { - "icmpv6.opt.type": "1", - "icmpv6.opt.length": "1", - "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", - "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "5", - "icmpv6.opt.length": "1", - "icmpv6.opt.reserved": "", - "icmpv6.opt.mtu": "1500" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "3", - "icmpv6.opt.length": "4", - "icmpv6.opt.prefix.length": "64", - "icmpv6.opt.prefix.flag": "0x000000c0", - "icmpv6.opt.prefix.flag_tree": { - "icmpv6.opt.prefix.flag.l": "1", - "icmpv6.opt.prefix.flag.a": "1", - "icmpv6.opt.prefix.flag.r": "0", - "icmpv6.opt.prefix.flag.reserved": "0" - }, - "icmpv6.opt.prefix.valid_lifetime": "4294967295", - "icmpv6.opt.prefix.preferred_lifetime": "4294967295", - "icmpv6.opt.reserved": "", - "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "24", - "icmpv6.opt.length": "3", - "icmpv6.opt.prefix.length": "48", - "icmpv6.opt.route_info.flag": "0x00000000", - "icmpv6.opt.route_info.flag_tree": { - "icmpv6.opt.route_info.flag.route_preference": "0", - "icmpv6.opt.route_info.flag.reserved": "0" - }, - "icmpv6.opt.route_lifetime": "4294967295", - "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "25", - "icmpv6.opt.length": "3", - "icmpv6.opt.reserved": "", - "icmpv6.opt.rdnss.lifetime": "6000", - "icmpv6.opt.rdnss": "fd1e:4e89:3b7b::1" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "7", - "icmpv6.opt.length": "1", - "icmpv6.opt.reserved": "", - "icmpv6.opt.advertisement_interval": "600000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:51.607462000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494271.607462000", - "frame.time_delta": "0.012799000", - "frame.time_delta_displayed": "0.012799000", - "frame.time_relative": "680.146776000", - "frame.number": "2416", - "frame.len": "150", - "frame.cap_len": "150", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "96", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000b490", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "4", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::fb" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:51.696994000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494271.696994000", - "frame.time_delta": "0.089532000", - "frame.time_delta_displayed": "0.089532000", - "frame.time_relative": "680.236308000", - "frame.number": "2417", - "frame.len": "150", - "frame.cap_len": "150", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "96", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000b590", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "4", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::fb" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:51.801376000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494271.801376000", - "frame.time_delta": "0.104382000", - "frame.time_delta_displayed": "0.104382000", - "frame.time_relative": "680.340690000", - "frame.number": "2418", - "frame.len": "90", - "frame.cap_len": "90", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "36", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000f315", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "1", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:51.878978000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494271.878978000", - "frame.time_delta": "0.077602000", - "frame.time_delta_displayed": "0.077602000", - "frame.time_relative": "680.418292000", - "frame.number": "2419", - "frame.len": "89", - "frame.cap_len": "89", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "75", - "ip.id": "0x00001a0a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000bf7e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "55", - "udp.checksum": "0x00006fa3", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.response_to": "2403", - "dns.time": "1.955090000", - "dns.id": "0x00000000", - "dns.flags": "0x00008400", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "1", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.recavail": "0", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "0", - "dns.count.answers": "1", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Answers": { - "192-168-0-117.local: type A, class IN, cache flush, addr 192.168.0.117": { - "dns.resp.name": "192-168-0-117.local", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "1", - "dns.resp.ttl": "3600", - "dns.resp.len": "4", - "dns.a": "192.168.0.117" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:51.987282000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494271.987282000", - "frame.time_delta": "0.108304000", - "frame.time_delta_displayed": "0.108304000", - "frame.time_relative": "680.526596000", - "frame.number": "2420", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" - }, - "eth": { - "eth.dst": "33:33:00:01:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:02", - "eth.addr": "33:33:00:01:00:02", - "eth.addr_resolved": "IPv6mcast_01:00:02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "66", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::1:2", - "ipv6.addr": "ff02::1:2", - "ipv6.dst_host": "ff02::1:2", - "ipv6.host": "ff02::1:2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "546", - "udp.dstport": "547", - "udp.port": "546", - "udp.port": "547", - "udp.length": "66", - "udp.checksum": "0x000081c7", - "udp.checksum.status": "2", - "udp.stream": "15" - }, - "dhcpv6": { - "dhcpv6.msgtype": "1", - "dhcpv6.xid": "0x00d89a3d", - "Elapsed time": { - "dhcpv6.option.type": "8", - "dhcpv6.option.length": "2", - "dhcpv6.option.value": "00:00", - "dhcpv6.elapsed_time": "0" - }, - "Rapid Commit": { - "dhcpv6.option.type": "14", - "dhcpv6.option.length": "0" - }, - "Client Identifier": { - "dhcpv6.option.type": "1", - "dhcpv6.option.length": "14", - "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.type": "1", - "dhcpv6.duidllt.hwtype": "1", - "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", - "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" - }, - "Identity Association for Non-temporary Address": { - "dhcpv6.option.type": "3", - "dhcpv6.option.length": "12", - "dhcpv6.option.value": "30:bf:34:7e:00:00:00:00:00:00:00:00", - "dhcpv6.iaid": "30bf347e", - "dhcpv6.iaid.t1": "0", - "dhcpv6.iaid.t2": "0" - }, - "Option Request": { - "dhcpv6.option.type": "6", - "dhcpv6.option.length": "6", - "dhcpv6.option.value": "00:17:00:18:00:1f", - "dhcpv6.requested_option_code": "23", - "dhcpv6.requested_option_code": "24", - "dhcpv6.requested_option_code": "31" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:52.009971000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494272.009971000", - "frame.time_delta": "0.022689000", - "frame.time_delta_displayed": "0.022689000", - "frame.time_relative": "680.549285000", - "frame.number": "2421", - "frame.len": "158", - "frame.cap_len": "158", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" - }, - "eth": { - "eth.dst": "33:33:00:01:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:02", - "eth.addr": "33:33:00:01:00:02", - "eth.addr_resolved": "IPv6mcast_01:00:02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "104", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::1:2", - "ipv6.addr": "ff02::1:2", - "ipv6.dst_host": "ff02::1:2", - "ipv6.host": "ff02::1:2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "546", - "udp.dstport": "547", - "udp.port": "546", - "udp.port": "547", - "udp.length": "104", - "udp.checksum": "0x0000fefc", - "udp.checksum.status": "2", - "udp.stream": "15" - }, - "dhcpv6": { - "dhcpv6.msgtype": "3", - "dhcpv6.xid": "0x00881290", - "Elapsed time": { - "dhcpv6.option.type": "8", - "dhcpv6.option.length": "2", - "dhcpv6.option.value": "00:00", - "dhcpv6.elapsed_time": "0" - }, - "Server Identifier": { - "dhcpv6.option.type": "2", - "dhcpv6.option.length": "10", - "dhcpv6.option.value": "00:03:00:01:b0:b9:8a:73:69:8e", - "dhcpv6.duid.bytes": "00:03:00:01:b0:b9:8a:73:69:8e", - "dhcpv6.duid.type": "3", - "dhcpv6.duidll.hwtype": "1", - "dhcpv6.duidll.link_layer_addr": "b0:b9:8a:73:69:8e" - }, - "Client Identifier": { - "dhcpv6.option.type": "1", - "dhcpv6.option.length": "14", - "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.type": "1", - "dhcpv6.duidllt.hwtype": "1", - "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", - "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" - }, - "Identity Association for Non-temporary Address": { - "dhcpv6.option.type": "3", - "dhcpv6.option.length": "40", - "dhcpv6.option.value": "30:bf:34:7e:00:00:54:60:00:00:87:00:00:05:00:18:fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", - "dhcpv6.iaid": "30bf347e", - "dhcpv6.iaid.t1": "21600", - "dhcpv6.iaid.t2": "34560", - "IA Address": { - "dhcpv6.option.type": "5", - "dhcpv6.option.length": "24", - "dhcpv6.option.value": "fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", - "dhcpv6.iaaddr.ip": "fd1e:4e89:3b7b::101", - "dhcpv6.iaaddr.pref_lifetime": "0", - "dhcpv6.iaaddr.valid_lifetime": "0" - } - }, - "Option Request": { - "dhcpv6.option.type": "6", - "dhcpv6.option.length": "6", - "dhcpv6.option.value": "00:17:00:18:00:1f", - "dhcpv6.requested_option_code": "23", - "dhcpv6.requested_option_code": "24", - "dhcpv6.requested_option_code": "31" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:52.024639000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494272.024639000", - "frame.time_delta": "0.014668000", - "frame.time_delta_displayed": "0.014668000", - "frame.time_relative": "680.563953000", - "frame.number": "2422", - "frame.len": "78", - "frame.cap_len": "78", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:ff:00:01:01", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_ff:00:01:01", - "eth.addr": "33:33:ff:00:01:01", - "eth.addr_resolved": "IPv6mcast_ff:00:01:01", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "24", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "::", - "ipv6.addr": "::", - "ipv6.src_host": "::", - "ipv6.host": "::", - "ipv6.dst": "ff02::1:ff00:101", - "ipv6.addr": "ff02::1:ff00:101", - "ipv6.dst_host": "ff02::1:ff00:101", - "ipv6.host": "ff02::1:ff00:101", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "135", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000f182", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00:00:00", - "icmpv6.nd.ns.target_address": "fd1e:4e89:3b7b::101" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:52.036091000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494272.036091000", - "frame.time_delta": "0.011452000", - "frame.time_delta_displayed": "0.011452000", - "frame.time_relative": "680.575405000", - "frame.number": "2423", - "frame.len": "90", - "frame.cap_len": "90", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "36", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000f116", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "1", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:52.462337000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494272.462337000", - "frame.time_delta": "0.426246000", - "frame.time_delta_displayed": "0.426246000", - "frame.time_relative": "681.001651000", - "frame.number": "2424", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:igmp:igmp" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_16", - "eth.addr": "01:00:5e:00:00:16", - "eth.addr_resolved": "IPv4mcast_16", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "24", - "ip.dsfield": "0x000000c0", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "48", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "2", - "ip.checksum": "0x000042dc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.22", - "ip.addr": "224.0.0.22", - "ip.dst_host": "224.0.0.22", - "ip.host": "224.0.0.22", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "Options: (4 bytes), Router Alert": { - "Router Alert (4 bytes): Router shall examine packet (0)": { - "ip.opt.type": "148", - "ip.opt.type_tree": { - "ip.opt.type.copy": "1", - "ip.opt.type.class": "0", - "ip.opt.type.number": "20" - }, - "ip.opt.len": "4", - "ip.opt.ra": "0" - } - } - }, - "igmp": { - "igmp.version": "3", - "igmp.type": "0x00000022", - "igmp.reserved": "00", - "igmp.checksum": "0x0000f902", - "igmp.checksum.status": "1", - "igmp.reserved": "00:00", - "igmp.num_grp_recs": "1", - "Group Record : 224.0.0.251 Change To Exclude Mode": { - "igmp.record_type": "4", - "igmp.aux_data_len": "0", - "igmp.num_src": "0", - "igmp.maddr": "224.0.0.251" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:52.599917000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494272.599917000", - "frame.time_delta": "0.137580000", - "frame.time_delta_displayed": "0.137580000", - "frame.time_relative": "681.139231000", - "frame.number": "2425", - "frame.len": "418", - "frame.cap_len": "418", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "404", - "ip.id": "0x00009532", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000076ed", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "352", - "tcp.seq": "12020", - "tcp.nxtseq": "12372", - "tcp.ack": "1984", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00008942", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:ba:ff:a7:9d:85:21", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2472703, TSecr 2812118305": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2472703", - "tcp.options.timestamp.tsecr": "2812118305" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "352", - "tcp.analysis.push_bytes_sent": "352" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "347", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:c4:f3:87:d4:97:c5:d3:27:79:52:51:56:a6:d9:15:c2:5a:2e:c3:76:df:84:3c:fc:32:53:fa:09:07:09:d6:7e:52:67:0f:26:16:78:7b:fa:6c:2a:db:21:ee:29:f7:32:86:36:2d:ae:da:6a:cf:46:34:5c:bd:a8:c2:3c:e1:9d:24:c4:b4:78:d5:1f:60:1e:7a:18:88:ae:2d:b7:73:75:10:1c:2b:8c:cc:a1:51:fa:52:c1:db:15:df:3e:f0:c2:5f:57:ee:f1:08:74:2e:7d:10:c3:c5:4f:9e:03:73:12:70:b5:6d:b8:76:41:9f:65:a8:34:bb:ac:83:fe:4b:d5:5e:38:1b:b3:e8:5a:f9:db:be:55:a5:9e:54:85:f6:fd:51:95:54:c9:8c:f3:00:63:27:a3:2d:9d:ca:7b:19:f6:fd:83:16:8c:74:9f:52:4a:23:19:73:ea:91:26:78:a7:a7:6c:0b:08:6f:6c:df:b5:02:7b:25:ba:c4:9b:fa:cd:ae:24:0e:45:d8:7e:b6:68:eb:c7:55:d4:fc:7e:37:a8:58:3d:ba:90:ce:1d:28:d2:93:6d:19:20:27:39:81:eb:5e:75:73:ec:b3:60:f4:2b:24:4a:b7:6d:19:4d:6d:ac:ac:fa:2d:97:dd:dd:72:80:2e:c1:cb:f4:05:06:84:a3:8a:19:35:98:5c:96:6c:34:24:9d:7f:6a:4f:3b:ba:45:e9:5f:4b:d5:f2:d6:2e:c0:84:f5:89:ea:a1:69:6d:39:58:1c:0a:f0:8b:62:a4:3d:d5:03:bd:d8:bb:27:ee:c3:0d:7a:e0:5d:c8:93:73:cc:84:d3:a5:eb:6c:0e:60:08:ae:9f:ea:9c:8f:ce:a6:03:4e:c3:40:c6:8a:f3:44:ed:78:34:73:25" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:52.890877000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494272.890877000", - "frame.time_delta": "0.290960000", - "frame.time_delta_displayed": "0.290960000", - "frame.time_relative": "681.430191000", - "frame.number": "2426", - "frame.len": "1325", - "frame.cap_len": "1325", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1311", - "ip.id": "0x00009533", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007361", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "1259", - "tcp.seq": "12372", - "tcp.nxtseq": "13631", - "tcp.ack": "1984", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000d604", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:bb:1d:a7:9d:85:21", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2472733, TSecr 2812118305": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2472733", - "tcp.options.timestamp.tsecr": "2812118305" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "1611", - "tcp.analysis.push_bytes_sent": "1259" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "1254", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:c5:0e:25:fa:1a:d6:54:bd:0a:8c:9e:92:42:1c:a6:5b:5b:12:8d:42:4c:f9:40:84:55:47:d2:8a:62:6c:0b:e9:da:c4:a8:b3:90:be:bc:a4:16:63:06:91:c2:34:00:c3:8d:8d:41:b9:8c:fb:ec:b5:f3:68:08:1f:d0:2b:b3:b5:02:f3:70:a1:9f:ab:f3:d0:37:fe:7a:67:b1:bb:c7:7c:b3:89:89:27:14:48:df:62:f9:05:cd:88:bc:c8:f0:1c:9a:a9:f5:c5:51:ba:e8:62:be:b6:d1:3c:be:7a:7e:47:40:3b:3e:8c:c0:16:f1:da:47:95:0d:1c:6f:82:00:c5:4f:50:21:17:94:24:70:6e:0a:c5:ba:f5:95:44:86:63:93:f2:61:5a:fd:bc:cc:75:a7:aa:46:db:7f:f5:2d:38:df:2d:59:d6:48:9e:1d:18:46:6a:15:19:aa:aa:91:69:da:c8:60:73:5e:88:4f:38:01:38:b6:15:0e:53:67:39:e4:90:4f:09:5c:46:e4:e9:f3:3c:01:87:ec:35:9a:88:e6:29:b0:a9:86:c2:1b:8e:b7:34:b8:e7:d7:16:81:95:58:db:fc:75:3c:f7:d6:57:06:f6:20:7c:4e:3b:68:35:bf:5c:9f:3e:89:41:ac:2b:21:ef:06:50:65:f4:5d:89:6f:45:38:10:e9:b8:66:ad:11:f5:ec:c0:ad:4b:1f:26:75:fb:ed:53:e2:df:ec:d9:cb:8e:61:79:36:2b:c6:c6:ed:da:3a:13:ec:0c:05:13:8c:36:44:d2:ea:5c:e8:21:05:88:76:37:00:5f:d5:c6:ce:0e:de:3a:18:2f:27:df:21:39:04:2c:7a:9e:18:f1:2d:a7:90:14:f6:8a:b1:a1:00:85:5f:d3:45:79:f5:ad:2b:86:70:74:24:9b:d0:de:11:2a:32:bf:61:46:32:6d:da:4e:e0:14:cb:e1:fd:3d:6c:76:ab:02:64:53:ae:a1:78:ec:20:5b:12:48:a8:e9:7f:44:49:1c:4b:da:79:f0:0e:9a:40:3c:9f:15:0b:a1:0a:4c:fc:e4:09:41:f1:c4:53:db:2d:3a:0f:fc:60:8a:66:c2:ae:12:b1:ed:c1:79:d5:10:bb:8c:0b:66:af:d5:b8:08:d7:ce:42:8d:37:1f:d1:3e:c4:09:08:39:6f:40:48:98:0c:ec:77:db:e4:3a:80:43:b5:f8:89:6c:e4:28:20:c8:eb:5e:a2:63:44:29:d3:6b:97:95:28:86:8d:9f:e5:cf:50:04:3a:df:cd:cc:e0:24:1a:31:e9:43:8f:12:56:39:b0:59:f4:a0:ca:b7:74:44:52:65:23:73:38:6c:82:a1:0a:dc:37:28:68:4f:dd:80:cd:85:0e:6d:4e:84:51:d8:a7:03:e6:25:5c:30:6b:69:e5:ea:ad:60:b7:ef:43:cc:98:9d:e6:89:39:16:91:3b:45:19:0a:74:8e:49:48:ac:f4:0a:9a:b4:df:0c:41:f1:d5:42:24:c7:e2:0f:fa:d5:05:f1:d3:ef:7a:0b:16:ea:3c:cd:e0:f1:5f:2f:30:d6:e9:93:56:22:b2:dc:fa:04:33:15:61:bf:f7:d1:82:24:22:12:be:a7:6d:9a:9d:d8:ec:c7:89:ad:3d:13:fe:39:99:29:63:29:42:bb:53:57:e6:91:4b:48:17:5e:d1:99:e9:53:5f:b3:20:33:24:4e:a1:80:5f:f5:0c:bb:bd:c4:78:94:45:21:d7:45:86:f5:f6:85:a4:76:81:f5:8f:55:5d:c5:01:bc:65:c0:74:7b:9d:db:59:5f:0c:1f:30:df:ba:11:36:45:3d:2f:c5:4a:df:45:cf:0c:8e:e5:bf:e3:bf:3d:80:0a:31:3c:80:a0:1d:04:90:2d:34:00:73:96:fd:55:19:57:20:bd:ed:02:7a:0b:5e:ac:f0:ab:f6:db:65:a9:a4:a8:dc:c6:76:b7:95:46:fb:6b:38:05:5b:d1:a1:06:c7:56:2b:fe:37:e1:f5:56:82:46:ea:30:81:9a:bd:8f:b6:e6:eb:e3:a1:fa:80:af:93:be:28:3f:5e:a8:d7:17:2d:ef:2f:8b:98:c7:b3:b6:de:b3:10:a8:79:19:63:45:22:c8:79:14:cc:2c:1d:00:e2:a9:8e:04:46:a7:1b:f5:95:0e:b2:b4:b3:4d:d1:91:74:22:28:3b:b2:6c:d6:9c:b4:5f:7f:08:9a:70:32:bb:b9:e2:de:c9:06:16:e5:aa:64:8d:30:10:17:81:62:e6:f2:11:68:ec:83:da:57:f8:47:0e:bc:8d:d5:dd:a6:27:f8:91:0e:c6:d5:32:dd:04:0d:e2:e1:35:9b:5e:bb:8f:0e:1f:5f:21:e5:bb:ed:99:95:39:2c:ac:17:a8:c9:f5:5c:b2:d4:b9:a5:7d:74:44:46:fc:55:96:6d:88:67:6e:24:4e:11:d8:97:85:10:54:c3:ef:32:c9:2d:dd:fb:be:d0:57:72:90:52:dd:a8:19:7e:5d:4c:f7:e7:c0:2c:9c:20:44:67:de:f7:4f:d7:89:f0:fb:45:64:d0:5b:3c:5d:9e:4d:09:18:eb:89:73:fa:bf:72:15:19:a0:12:e2:42:32:9b:b1:ed:fe:aa:5e:fc:02:66:bb:3e:a9:3d:0e:09:99:6e:9a:7c:6e:6e:65:c6:c8:b8:88:a9:06:b2:eb:c2:99:f4:00:c4:35:ba:b7:bc:bc:99:48:f0:c1:bc:ba:29:3f:8f:a3:d8:04:01:06:aa:3d:57:14:35:dc:87:9d:b1:00:56:1e:6f:f9:3e:e6:55:a8:1f:c1:68:eb:96:f0:ab:e4:e1:5d:f3:7d:e6:3b:48:44:00:1c:be:18:25:ec:d0:30:f4:4d:df:da:de:45:27:4c:25:e2:50:b2:ea:ed:4c:16:75:68:07:da:58:f5:54:de:bd:29:9e:25:d9:52:54:fd:cc:63:89:22:b2:f4:54:a0:69:e3:27:d1:34:f3:5d:f3:48:4d:c0:9f:0c:a0:61:f3:4f:7f:63:c8:04:d4:05:f6:ef:39:69:8e:01:83:6e:dd:ac:34:ff:9f:6b:a4:9a:5f:58:a5:3f:f7:ec:4a:38:f0:ca:d4:db:cf:4d:29:61:97:03:85:f2:44:5e:fc:77:13:af:be:91:56:e7:51:d3:a3:cd:ff:67:f9:88:49:88:6c:c3:51:be:83:9b:5d:4f:1b:87:4b:93:c0:b1:09:88:a0:e8:f0:82:2e:1e:fa:39:7e:01:75:47:9d:a3:d5:20:ba:1a:ad:09:85:93:20:59:a9:19:98" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:53.043544000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494273.043544000", - "frame.time_delta": "0.152667000", - "frame.time_delta_displayed": "0.152667000", - "frame.time_relative": "681.582858000", - "frame.number": "2427", - "frame.len": "62", - "frame.cap_len": "62", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_02", - "eth.addr": "33:33:00:00:00:02", - "eth.addr_resolved": "IPv6mcast_02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "8", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "::", - "ipv6.addr": "::", - "ipv6.src_host": "::", - "ipv6.host": "::", - "ipv6.dst": "ff02::2", - "ipv6.addr": "ff02::2", - "ipv6.dst_host": "ff02::2", - "ipv6.host": "ff02::2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "133", - "icmpv6.code": "0", - "icmpv6.checksum": "0x00007bb8", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:53.046072000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494273.046072000", - "frame.time_delta": "0.002528000", - "frame.time_delta_displayed": "0.002528000", - "frame.time_relative": "681.585386000", - "frame.number": "2428", - "frame.len": "174", - "frame.cap_len": "174", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:01", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01", - "eth.addr": "33:33:00:00:00:01", - "eth.addr_resolved": "IPv6mcast_01", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00016898", - "ipv6.plen": "120", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "fe80::b2b9:8aff:fe73:698e", - "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.dst": "ff02::1", - "ipv6.addr": "ff02::1", - "ipv6.dst_host": "ff02::1", - "ipv6.host": "ff02::1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "134", - "icmpv6.code": "0", - "icmpv6.checksum": "0x00006442", - "icmpv6.checksum.status": "1", - "icmpv6.nd.ra.cur_hop_limit": "64", - "icmpv6.nd.ra.flag": "0x000000c0", - "icmpv6.nd.ra.flag_tree": { - "icmpv6.nd.ra.flag.m": "1", - "icmpv6.nd.ra.flag.o": "1", - "icmpv6.nd.ra.flag.h": "0", - "icmpv6.nd.ra.flag.prf": "0", - "icmpv6.nd.ra.flag.p": "0", - "icmpv6.nd.ra.flag.rsv": "0" - }, - "icmpv6.nd.ra.router_lifetime": "0", - "icmpv6.nd.ra.reachable_time": "0", - "icmpv6.nd.ra.retrans_timer": "0", - "icmpv6.opt": { - "icmpv6.opt.type": "1", - "icmpv6.opt.length": "1", - "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", - "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "5", - "icmpv6.opt.length": "1", - "icmpv6.opt.reserved": "", - "icmpv6.opt.mtu": "1500" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "3", - "icmpv6.opt.length": "4", - "icmpv6.opt.prefix.length": "64", - "icmpv6.opt.prefix.flag": "0x000000c0", - "icmpv6.opt.prefix.flag_tree": { - "icmpv6.opt.prefix.flag.l": "1", - "icmpv6.opt.prefix.flag.a": "1", - "icmpv6.opt.prefix.flag.r": "0", - "icmpv6.opt.prefix.flag.reserved": "0" - }, - "icmpv6.opt.prefix.valid_lifetime": "4294967295", - "icmpv6.opt.prefix.preferred_lifetime": "4294967295", - "icmpv6.opt.reserved": "", - "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "24", - "icmpv6.opt.length": "3", - "icmpv6.opt.prefix.length": "48", - "icmpv6.opt.route_info.flag": "0x00000000", - "icmpv6.opt.route_info.flag_tree": { - "icmpv6.opt.route_info.flag.route_preference": "0", - "icmpv6.opt.route_info.flag.reserved": "0" - }, - "icmpv6.opt.route_lifetime": "4294967295", - "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "25", - "icmpv6.opt.length": "3", - "icmpv6.opt.reserved": "", - "icmpv6.opt.rdnss.lifetime": "6000", - "icmpv6.opt.rdnss": "fd1e:4e89:3b7b::1" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "7", - "icmpv6.opt.length": "1", - "icmpv6.opt.reserved": "", - "icmpv6.opt.advertisement_interval": "600000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:53.046350000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494273.046350000", - "frame.time_delta": "0.000278000", - "frame.time_delta_displayed": "0.000278000", - "frame.time_relative": "681.585664000", - "frame.number": "2429", - "frame.len": "150", - "frame.cap_len": "150", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "96", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000b490", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "4", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::fb" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:53.127175000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494273.127175000", - "frame.time_delta": "0.080825000", - "frame.time_delta_displayed": "0.080825000", - "frame.time_relative": "681.666489000", - "frame.number": "2430", - "frame.len": "150", - "frame.cap_len": "150", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "96", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000b590", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "4", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::fb" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:53.190781000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494273.190781000", - "frame.time_delta": "0.063606000", - "frame.time_delta_displayed": "0.063606000", - "frame.time_relative": "681.730095000", - "frame.number": "2431", - "frame.len": "418", - "frame.cap_len": "418", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "404", - "ip.id": "0x00009534", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000076eb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "352", - "tcp.seq": "12020", - "tcp.nxtseq": "12372", - "tcp.ack": "1984", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00008906", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:bb:3b:a7:9d:85:21", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2472763, TSecr 2812118305": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2472763", - "tcp.options.timestamp.tsecr": "2812118305" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "1611", - "tcp.analysis.push_bytes_sent": "352", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.retransmission": "", - "_ws.expert.message": "This frame is a (suspected) retransmission", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - }, - "tcp.analysis.rto": "0.299904000", - "tcp.analysis.rto_frame": "2426" - } - }, - "tcp.segment_data": "17:03:03:01:5b:13:6b:24:d2:9f:7e:44:c4:f3:87:d4:97:c5:d3:27:79:52:51:56:a6:d9:15:c2:5a:2e:c3:76:df:84:3c:fc:32:53:fa:09:07:09:d6:7e:52:67:0f:26:16:78:7b:fa:6c:2a:db:21:ee:29:f7:32:86:36:2d:ae:da:6a:cf:46:34:5c:bd:a8:c2:3c:e1:9d:24:c4:b4:78:d5:1f:60:1e:7a:18:88:ae:2d:b7:73:75:10:1c:2b:8c:cc:a1:51:fa:52:c1:db:15:df:3e:f0:c2:5f:57:ee:f1:08:74:2e:7d:10:c3:c5:4f:9e:03:73:12:70:b5:6d:b8:76:41:9f:65:a8:34:bb:ac:83:fe:4b:d5:5e:38:1b:b3:e8:5a:f9:db:be:55:a5:9e:54:85:f6:fd:51:95:54:c9:8c:f3:00:63:27:a3:2d:9d:ca:7b:19:f6:fd:83:16:8c:74:9f:52:4a:23:19:73:ea:91:26:78:a7:a7:6c:0b:08:6f:6c:df:b5:02:7b:25:ba:c4:9b:fa:cd:ae:24:0e:45:d8:7e:b6:68:eb:c7:55:d4:fc:7e:37:a8:58:3d:ba:90:ce:1d:28:d2:93:6d:19:20:27:39:81:eb:5e:75:73:ec:b3:60:f4:2b:24:4a:b7:6d:19:4d:6d:ac:ac:fa:2d:97:dd:dd:72:80:2e:c1:cb:f4:05:06:84:a3:8a:19:35:98:5c:96:6c:34:24:9d:7f:6a:4f:3b:ba:45:e9:5f:4b:d5:f2:d6:2e:c0:84:f5:89:ea:a1:69:6d:39:58:1c:0a:f0:8b:62:a4:3d:d5:03:bd:d8:bb:27:ee:c3:0d:7a:e0:5d:c8:93:73:cc:84:d3:a5:eb:6c:0e:60:08:ae:9f:ea:9c:8f:ce:a6:03:4e:c3:40:c6:8a:f3:44:ed:78:34:73:25" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:53.582720000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494273.582720000", - "frame.time_delta": "0.391939000", - "frame.time_delta_displayed": "0.391939000", - "frame.time_relative": "682.122034000", - "frame.number": "2432", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" - }, - "eth": { - "eth.dst": "33:33:00:01:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:02", - "eth.addr": "33:33:00:01:00:02", - "eth.addr_resolved": "IPv6mcast_01:00:02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "66", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::1:2", - "ipv6.addr": "ff02::1:2", - "ipv6.dst_host": "ff02::1:2", - "ipv6.host": "ff02::1:2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "546", - "udp.dstport": "547", - "udp.port": "546", - "udp.port": "547", - "udp.length": "66", - "udp.checksum": "0x00007644", - "udp.checksum.status": "2", - "udp.stream": "15" - }, - "dhcpv6": { - "dhcpv6.msgtype": "1", - "dhcpv6.xid": "0x0065a633", - "Elapsed time": { - "dhcpv6.option.type": "8", - "dhcpv6.option.length": "2", - "dhcpv6.option.value": "00:00", - "dhcpv6.elapsed_time": "0" - }, - "Rapid Commit": { - "dhcpv6.option.type": "14", - "dhcpv6.option.length": "0" - }, - "Client Identifier": { - "dhcpv6.option.type": "1", - "dhcpv6.option.length": "14", - "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.type": "1", - "dhcpv6.duidllt.hwtype": "1", - "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", - "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" - }, - "Identity Association for Non-temporary Address": { - "dhcpv6.option.type": "3", - "dhcpv6.option.length": "12", - "dhcpv6.option.value": "30:bf:34:7e:00:00:00:00:00:00:00:00", - "dhcpv6.iaid": "30bf347e", - "dhcpv6.iaid.t1": "0", - "dhcpv6.iaid.t2": "0" - }, - "Option Request": { - "dhcpv6.option.type": "6", - "dhcpv6.option.length": "6", - "dhcpv6.option.value": "00:17:00:18:00:1f", - "dhcpv6.requested_option_code": "23", - "dhcpv6.requested_option_code": "24", - "dhcpv6.requested_option_code": "31" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:53.589774000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494273.589774000", - "frame.time_delta": "0.007054000", - "frame.time_delta_displayed": "0.007054000", - "frame.time_relative": "682.129088000", - "frame.number": "2433", - "frame.len": "158", - "frame.cap_len": "158", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" - }, - "eth": { - "eth.dst": "33:33:00:01:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:02", - "eth.addr": "33:33:00:01:00:02", - "eth.addr_resolved": "IPv6mcast_01:00:02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "104", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::1:2", - "ipv6.addr": "ff02::1:2", - "ipv6.dst_host": "ff02::1:2", - "ipv6.host": "ff02::1:2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "546", - "udp.dstport": "547", - "udp.port": "546", - "udp.port": "547", - "udp.length": "104", - "udp.checksum": "0x0000fd37", - "udp.checksum.status": "2", - "udp.stream": "15" - }, - "dhcpv6": { - "dhcpv6.msgtype": "3", - "dhcpv6.xid": "0x00a71436", - "Elapsed time": { - "dhcpv6.option.type": "8", - "dhcpv6.option.length": "2", - "dhcpv6.option.value": "00:00", - "dhcpv6.elapsed_time": "0" - }, - "Server Identifier": { - "dhcpv6.option.type": "2", - "dhcpv6.option.length": "10", - "dhcpv6.option.value": "00:03:00:01:b0:b9:8a:73:69:8e", - "dhcpv6.duid.bytes": "00:03:00:01:b0:b9:8a:73:69:8e", - "dhcpv6.duid.type": "3", - "dhcpv6.duidll.hwtype": "1", - "dhcpv6.duidll.link_layer_addr": "b0:b9:8a:73:69:8e" - }, - "Client Identifier": { - "dhcpv6.option.type": "1", - "dhcpv6.option.length": "14", - "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.type": "1", - "dhcpv6.duidllt.hwtype": "1", - "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", - "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" - }, - "Identity Association for Non-temporary Address": { - "dhcpv6.option.type": "3", - "dhcpv6.option.length": "40", - "dhcpv6.option.value": "30:bf:34:7e:00:00:54:60:00:00:87:00:00:05:00:18:fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", - "dhcpv6.iaid": "30bf347e", - "dhcpv6.iaid.t1": "21600", - "dhcpv6.iaid.t2": "34560", - "IA Address": { - "dhcpv6.option.type": "5", - "dhcpv6.option.length": "24", - "dhcpv6.option.value": "fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", - "dhcpv6.iaaddr.ip": "fd1e:4e89:3b7b::101", - "dhcpv6.iaaddr.pref_lifetime": "0", - "dhcpv6.iaaddr.valid_lifetime": "0" - } - }, - "Option Request": { - "dhcpv6.option.type": "6", - "dhcpv6.option.length": "6", - "dhcpv6.option.value": "00:17:00:18:00:1f", - "dhcpv6.requested_option_code": "23", - "dhcpv6.requested_option_code": "24", - "dhcpv6.requested_option_code": "31" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:53.598730000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494273.598730000", - "frame.time_delta": "0.008956000", - "frame.time_delta_displayed": "0.008956000", - "frame.time_relative": "682.138044000", - "frame.number": "2434", - "frame.len": "78", - "frame.cap_len": "78", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:ff:00:01:01", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_ff:00:01:01", - "eth.addr": "33:33:ff:00:01:01", - "eth.addr_resolved": "IPv6mcast_ff:00:01:01", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "24", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "::", - "ipv6.addr": "::", - "ipv6.src_host": "::", - "ipv6.host": "::", - "ipv6.dst": "ff02::1:ff00:101", - "ipv6.addr": "ff02::1:ff00:101", - "ipv6.dst_host": "ff02::1:ff00:101", - "ipv6.host": "ff02::1:ff00:101", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "135", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000f182", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00:00:00", - "icmpv6.nd.ns.target_address": "fd1e:4e89:3b7b::101" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:53.608523000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494273.608523000", - "frame.time_delta": "0.009793000", - "frame.time_delta_displayed": "0.009793000", - "frame.time_relative": "682.147837000", - "frame.number": "2435", - "frame.len": "110", - "frame.cap_len": "110", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "56", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000effa", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "2", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:53.790754000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494273.790754000", - "frame.time_delta": "0.182231000", - "frame.time_delta_displayed": "0.182231000", - "frame.time_relative": "682.330068000", - "frame.number": "2436", - "frame.len": "418", - "frame.cap_len": "418", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "404", - "ip.id": "0x00009535", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000076ea", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "352", - "tcp.seq": "12020", - "tcp.nxtseq": "12372", - "tcp.ack": "1984", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000088ca", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:bb:77:a7:9d:85:21", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2472823, TSecr 2812118305": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2472823", - "tcp.options.timestamp.tsecr": "2812118305" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "1611", - "tcp.analysis.push_bytes_sent": "352", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.retransmission": "", - "_ws.expert.message": "This frame is a (suspected) retransmission", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - }, - "tcp.analysis.rto": "0.899877000", - "tcp.analysis.rto_frame": "2426" - } - }, - "tcp.segment_data": "17:03:03:01:5b:13:6b:24:d2:9f:7e:44:c4:f3:87:d4:97:c5:d3:27:79:52:51:56:a6:d9:15:c2:5a:2e:c3:76:df:84:3c:fc:32:53:fa:09:07:09:d6:7e:52:67:0f:26:16:78:7b:fa:6c:2a:db:21:ee:29:f7:32:86:36:2d:ae:da:6a:cf:46:34:5c:bd:a8:c2:3c:e1:9d:24:c4:b4:78:d5:1f:60:1e:7a:18:88:ae:2d:b7:73:75:10:1c:2b:8c:cc:a1:51:fa:52:c1:db:15:df:3e:f0:c2:5f:57:ee:f1:08:74:2e:7d:10:c3:c5:4f:9e:03:73:12:70:b5:6d:b8:76:41:9f:65:a8:34:bb:ac:83:fe:4b:d5:5e:38:1b:b3:e8:5a:f9:db:be:55:a5:9e:54:85:f6:fd:51:95:54:c9:8c:f3:00:63:27:a3:2d:9d:ca:7b:19:f6:fd:83:16:8c:74:9f:52:4a:23:19:73:ea:91:26:78:a7:a7:6c:0b:08:6f:6c:df:b5:02:7b:25:ba:c4:9b:fa:cd:ae:24:0e:45:d8:7e:b6:68:eb:c7:55:d4:fc:7e:37:a8:58:3d:ba:90:ce:1d:28:d2:93:6d:19:20:27:39:81:eb:5e:75:73:ec:b3:60:f4:2b:24:4a:b7:6d:19:4d:6d:ac:ac:fa:2d:97:dd:dd:72:80:2e:c1:cb:f4:05:06:84:a3:8a:19:35:98:5c:96:6c:34:24:9d:7f:6a:4f:3b:ba:45:e9:5f:4b:d5:f2:d6:2e:c0:84:f5:89:ea:a1:69:6d:39:58:1c:0a:f0:8b:62:a4:3d:d5:03:bd:d8:bb:27:ee:c3:0d:7a:e0:5d:c8:93:73:cc:84:d3:a5:eb:6c:0e:60:08:ae:9f:ea:9c:8f:ce:a6:03:4e:c3:40:c6:8a:f3:44:ed:78:34:73:25" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:53.852066000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494273.852066000", - "frame.time_delta": "0.061312000", - "frame.time_delta_displayed": "0.061312000", - "frame.time_relative": "682.391380000", - "frame.number": "2437", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002c1f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003931", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "1984", - "tcp.nxtseq": "2031", - "tcp.ack": "12372", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00003c0b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9d:95:bb:00:25:bb:77", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812122555, TSecr 2472823": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812122555", - "tcp.options.timestamp.tsecr": "2472823" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2425", - "tcp.analysis.ack_rtt": "1.252149000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:4b:10:19:7c:83:7a:fc:97:60:5d:74:cb:90:29:a5:b4:03:fd:7b:25:65:66:91:3b:f0:76:2d:03:77:43:db:02:99:19:04" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:53.852670000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494273.852670000", - "frame.time_delta": "0.000604000", - "frame.time_delta_displayed": "0.000604000", - "frame.time_relative": "682.391984000", - "frame.number": "2438", - "frame.len": "1325", - "frame.cap_len": "1325", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1311", - "ip.id": "0x00009536", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000735e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "1259", - "tcp.seq": "12372", - "tcp.nxtseq": "13631", - "tcp.ack": "2031", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000c4db", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:bb:7d:a7:9d:95:bb", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2472829, TSecr 2812122555": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2472829", - "tcp.options.timestamp.tsecr": "2812122555" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2437", - "tcp.analysis.ack_rtt": "0.000604000", - "tcp.analysis.bytes_in_flight": "1259", - "tcp.analysis.push_bytes_sent": "1259", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.retransmission": "", - "_ws.expert.message": "This frame is a (suspected) retransmission", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - }, - "tcp.analysis.rto": "0.961793000", - "tcp.analysis.rto_frame": "2426" - } - }, - "tcp.segment_data": "17:03:03:04:e6:13:6b:24:d2:9f:7e:44:c5:0e:25:fa:1a:d6:54:bd:0a:8c:9e:92:42:1c:a6:5b:5b:12:8d:42:4c:f9:40:84:55:47:d2:8a:62:6c:0b:e9:da:c4:a8:b3:90:be:bc:a4:16:63:06:91:c2:34:00:c3:8d:8d:41:b9:8c:fb:ec:b5:f3:68:08:1f:d0:2b:b3:b5:02:f3:70:a1:9f:ab:f3:d0:37:fe:7a:67:b1:bb:c7:7c:b3:89:89:27:14:48:df:62:f9:05:cd:88:bc:c8:f0:1c:9a:a9:f5:c5:51:ba:e8:62:be:b6:d1:3c:be:7a:7e:47:40:3b:3e:8c:c0:16:f1:da:47:95:0d:1c:6f:82:00:c5:4f:50:21:17:94:24:70:6e:0a:c5:ba:f5:95:44:86:63:93:f2:61:5a:fd:bc:cc:75:a7:aa:46:db:7f:f5:2d:38:df:2d:59:d6:48:9e:1d:18:46:6a:15:19:aa:aa:91:69:da:c8:60:73:5e:88:4f:38:01:38:b6:15:0e:53:67:39:e4:90:4f:09:5c:46:e4:e9:f3:3c:01:87:ec:35:9a:88:e6:29:b0:a9:86:c2:1b:8e:b7:34:b8:e7:d7:16:81:95:58:db:fc:75:3c:f7:d6:57:06:f6:20:7c:4e:3b:68:35:bf:5c:9f:3e:89:41:ac:2b:21:ef:06:50:65:f4:5d:89:6f:45:38:10:e9:b8:66:ad:11:f5:ec:c0:ad:4b:1f:26:75:fb:ed:53:e2:df:ec:d9:cb:8e:61:79:36:2b:c6:c6:ed:da:3a:13:ec:0c:05:13:8c:36:44:d2:ea:5c:e8:21:05:88:76:37:00:5f:d5:c6:ce:0e:de:3a:18:2f:27:df:21:39:04:2c:7a:9e:18:f1:2d:a7:90:14:f6:8a:b1:a1:00:85:5f:d3:45:79:f5:ad:2b:86:70:74:24:9b:d0:de:11:2a:32:bf:61:46:32:6d:da:4e:e0:14:cb:e1:fd:3d:6c:76:ab:02:64:53:ae:a1:78:ec:20:5b:12:48:a8:e9:7f:44:49:1c:4b:da:79:f0:0e:9a:40:3c:9f:15:0b:a1:0a:4c:fc:e4:09:41:f1:c4:53:db:2d:3a:0f:fc:60:8a:66:c2:ae:12:b1:ed:c1:79:d5:10:bb:8c:0b:66:af:d5:b8:08:d7:ce:42:8d:37:1f:d1:3e:c4:09:08:39:6f:40:48:98:0c:ec:77:db:e4:3a:80:43:b5:f8:89:6c:e4:28:20:c8:eb:5e:a2:63:44:29:d3:6b:97:95:28:86:8d:9f:e5:cf:50:04:3a:df:cd:cc:e0:24:1a:31:e9:43:8f:12:56:39:b0:59:f4:a0:ca:b7:74:44:52:65:23:73:38:6c:82:a1:0a:dc:37:28:68:4f:dd:80:cd:85:0e:6d:4e:84:51:d8:a7:03:e6:25:5c:30:6b:69:e5:ea:ad:60:b7:ef:43:cc:98:9d:e6:89:39:16:91:3b:45:19:0a:74:8e:49:48:ac:f4:0a:9a:b4:df:0c:41:f1:d5:42:24:c7:e2:0f:fa:d5:05:f1:d3:ef:7a:0b:16:ea:3c:cd:e0:f1:5f:2f:30:d6:e9:93:56:22:b2:dc:fa:04:33:15:61:bf:f7:d1:82:24:22:12:be:a7:6d:9a:9d:d8:ec:c7:89:ad:3d:13:fe:39:99:29:63:29:42:bb:53:57:e6:91:4b:48:17:5e:d1:99:e9:53:5f:b3:20:33:24:4e:a1:80:5f:f5:0c:bb:bd:c4:78:94:45:21:d7:45:86:f5:f6:85:a4:76:81:f5:8f:55:5d:c5:01:bc:65:c0:74:7b:9d:db:59:5f:0c:1f:30:df:ba:11:36:45:3d:2f:c5:4a:df:45:cf:0c:8e:e5:bf:e3:bf:3d:80:0a:31:3c:80:a0:1d:04:90:2d:34:00:73:96:fd:55:19:57:20:bd:ed:02:7a:0b:5e:ac:f0:ab:f6:db:65:a9:a4:a8:dc:c6:76:b7:95:46:fb:6b:38:05:5b:d1:a1:06:c7:56:2b:fe:37:e1:f5:56:82:46:ea:30:81:9a:bd:8f:b6:e6:eb:e3:a1:fa:80:af:93:be:28:3f:5e:a8:d7:17:2d:ef:2f:8b:98:c7:b3:b6:de:b3:10:a8:79:19:63:45:22:c8:79:14:cc:2c:1d:00:e2:a9:8e:04:46:a7:1b:f5:95:0e:b2:b4:b3:4d:d1:91:74:22:28:3b:b2:6c:d6:9c:b4:5f:7f:08:9a:70:32:bb:b9:e2:de:c9:06:16:e5:aa:64:8d:30:10:17:81:62:e6:f2:11:68:ec:83:da:57:f8:47:0e:bc:8d:d5:dd:a6:27:f8:91:0e:c6:d5:32:dd:04:0d:e2:e1:35:9b:5e:bb:8f:0e:1f:5f:21:e5:bb:ed:99:95:39:2c:ac:17:a8:c9:f5:5c:b2:d4:b9:a5:7d:74:44:46:fc:55:96:6d:88:67:6e:24:4e:11:d8:97:85:10:54:c3:ef:32:c9:2d:dd:fb:be:d0:57:72:90:52:dd:a8:19:7e:5d:4c:f7:e7:c0:2c:9c:20:44:67:de:f7:4f:d7:89:f0:fb:45:64:d0:5b:3c:5d:9e:4d:09:18:eb:89:73:fa:bf:72:15:19:a0:12:e2:42:32:9b:b1:ed:fe:aa:5e:fc:02:66:bb:3e:a9:3d:0e:09:99:6e:9a:7c:6e:6e:65:c6:c8:b8:88:a9:06:b2:eb:c2:99:f4:00:c4:35:ba:b7:bc:bc:99:48:f0:c1:bc:ba:29:3f:8f:a3:d8:04:01:06:aa:3d:57:14:35:dc:87:9d:b1:00:56:1e:6f:f9:3e:e6:55:a8:1f:c1:68:eb:96:f0:ab:e4:e1:5d:f3:7d:e6:3b:48:44:00:1c:be:18:25:ec:d0:30:f4:4d:df:da:de:45:27:4c:25:e2:50:b2:ea:ed:4c:16:75:68:07:da:58:f5:54:de:bd:29:9e:25:d9:52:54:fd:cc:63:89:22:b2:f4:54:a0:69:e3:27:d1:34:f3:5d:f3:48:4d:c0:9f:0c:a0:61:f3:4f:7f:63:c8:04:d4:05:f6:ef:39:69:8e:01:83:6e:dd:ac:34:ff:9f:6b:a4:9a:5f:58:a5:3f:f7:ec:4a:38:f0:ca:d4:db:cf:4d:29:61:97:03:85:f2:44:5e:fc:77:13:af:be:91:56:e7:51:d3:a3:cd:ff:67:f9:88:49:88:6c:c3:51:be:83:9b:5d:4f:1b:87:4b:93:c0:b1:09:88:a0:e8:f0:82:2e:1e:fa:39:7e:01:75:47:9d:a3:d5:20:ba:1a:ad:09:85:93:20:59:a9:19:98" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:53.950357000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494273.950357000", - "frame.time_delta": "0.097687000", - "frame.time_delta_displayed": "0.097687000", - "frame.time_relative": "682.489671000", - "frame.number": "2439", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c20", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000395f", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "2031", - "tcp.ack": "13631", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00001a0f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9d:95:d4:00:25:bb:7d", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812122580, TSecr 2472829": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812122580", - "tcp.options.timestamp.tsecr": "2472829" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2426", - "tcp.analysis.ack_rtt": "1.059480000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:55.015991000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494275.015991000", - "frame.time_delta": "1.065634000", - "frame.time_delta_displayed": "1.065634000", - "frame.time_relative": "683.555305000", - "frame.number": "2440", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "74:da:38:0d:05:55", - "eth.src_tree": { - "eth.src_resolved": "EdimaxTe_0d:05:55", - "eth.addr": "74:da:38:0d:05:55", - "eth.addr_resolved": "EdimaxTe_0d:05:55", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.isgratuitous": "1", - "arp.src.hw_mac": "74:da:38:0d:05:55", - "arp.src.proto_ipv4": "192.168.0.119", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.119" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:55.361168000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494275.361168000", - "frame.time_delta": "0.345177000", - "frame.time_delta_displayed": "0.345177000", - "frame.time_relative": "683.900482000", - "frame.number": "2441", - "frame.len": "92", - "frame.cap_len": "92", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "78", - "ip.id": "0x00000ab1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ee05", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "58", - "udp.checksum": "0x0000303a", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "32:00:00:54:42:52:4b:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:00:84:c5:15:88:0b:cd:f2:14:0d:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:5c:11", - "data.len": "50" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:57:57.018379000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494277.018379000", - "frame.time_delta": "1.657211000", - "frame.time_delta_displayed": "1.657211000", - "frame.time_relative": "685.557693000", - "frame.number": "2442", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "74:da:38:0d:05:55", - "eth.src_tree": { - "eth.src_resolved": "EdimaxTe_0d:05:55", - "eth.addr": "74:da:38:0d:05:55", - "eth.addr_resolved": "EdimaxTe_0d:05:55", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.isgratuitous": "1", - "arp.src.hw_mac": "74:da:38:0d:05:55", - "arp.src.proto_ipv4": "192.168.0.119", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.119" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:04.398913000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494284.398913000", - "frame.time_delta": "7.380534000", - "frame.time_delta_displayed": "7.380534000", - "frame.time_relative": "692.938227000", - "frame.number": "2443", - "frame.len": "94", - "frame.cap_len": "94", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "80", - "ip.id": "0x000057ea", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a67f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "40", - "tcp.seq": "202", - "tcp.nxtseq": "242", - "tcp.ack": "181", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00006fc8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "40", - "tcp.analysis.push_bytes_sent": "40" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "35", - "ssl.app_data": "c1:4c:bc:6e:d4:4e:36:e1:0a:f5:4d:7e:6a:bf:df:89:3d:3c:1f:0c:5e:f8:6b:6a:0a:45:68:c1:50:d8:00:a4:bd:81:72" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:04.542754000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494284.542754000", - "frame.time_delta": "0.143841000", - "frame.time_delta_displayed": "0.143841000", - "frame.time_relative": "693.082068000", - "frame.number": "2444", - "frame.len": "90", - "frame.cap_len": "90", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "76", - "ip.id": "0x00000fda", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fd93", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "36", - "tcp.seq": "181", - "tcp.nxtseq": "217", - "tcp.ack": "242", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00007515", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2443", - "tcp.analysis.ack_rtt": "0.143841000", - "tcp.analysis.bytes_in_flight": "36", - "tcp.analysis.push_bytes_sent": "36" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "31", - "ssl.app_data": "54:26:79:5a:1e:3d:fa:67:88:4b:7e:fb:9d:a2:ee:65:29:9c:84:74:7e:8e:30:06:03:70:95:0b:2e:ca:ae" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:04.543278000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494284.543278000", - "frame.time_delta": "0.000524000", - "frame.time_delta_displayed": "0.000524000", - "frame.time_relative": "693.082592000", - "frame.number": "2445", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000057eb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a6a6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "242", - "tcp.ack": "217", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000004f6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2444", - "tcp.analysis.ack_rtt": "0.000524000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:05.419552000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494285.419552000", - "frame.time_delta": "0.876274000", - "frame.time_delta_displayed": "0.876274000", - "frame.time_relative": "693.958866000", - "frame.number": "2446", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x00008ff4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00003963", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:05.472412000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494285.472412000", - "frame.time_delta": "0.052860000", - "frame.time_delta_displayed": "0.052860000", - "frame.time_relative": "694.011726000", - "frame.number": "2447", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x00008ffa", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000395d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:05.524808000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494285.524808000", - "frame.time_delta": "0.052396000", - "frame.time_delta_displayed": "0.052396000", - "frame.time_relative": "694.064122000", - "frame.number": "2448", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x00008ffd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00003951", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:05.577779000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494285.577779000", - "frame.time_delta": "0.052971000", - "frame.time_delta_displayed": "0.052971000", - "frame.time_relative": "694.117093000", - "frame.number": "2449", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x00009001", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000394d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:05.630658000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494285.630658000", - "frame.time_delta": "0.052879000", - "frame.time_delta_displayed": "0.052879000", - "frame.time_relative": "694.169972000", - "frame.number": "2450", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x00009002", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00003952", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:05.683501000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494285.683501000", - "frame.time_delta": "0.052843000", - "frame.time_delta_displayed": "0.052843000", - "frame.time_relative": "694.222815000", - "frame.number": "2451", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x00009005", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000394f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:06.359246000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494286.359246000", - "frame.time_delta": "0.675745000", - "frame.time_delta_displayed": "0.675745000", - "frame.time_relative": "694.898560000", - "frame.number": "2452", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005c15", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x00005bd4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:08.994324000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494288.994324000", - "frame.time_delta": "2.635078000", - "frame.time_delta_displayed": "2.635078000", - "frame.time_relative": "697.533638000", - "frame.number": "2453", - "frame.len": "136", - "frame.cap_len": "136", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "122", - "ip.id": "0x00002d61", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000abf8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "102", - "udp.checksum": "0x0000302a", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000003", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", - "dns.qry.name.len": "70", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:10.999044000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494290.999044000", - "frame.time_delta": "2.004720000", - "frame.time_delta_displayed": "2.004720000", - "frame.time_relative": "699.538358000", - "frame.number": "2454", - "frame.len": "343", - "frame.cap_len": "343", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:bootp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "329", - "ip.id": "0x0000d4de", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000e281", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "68", - "udp.dstport": "67", - "udp.port": "68", - "udp.port": "67", - "udp.length": "309", - "udp.checksum": "0x0000a516", - "udp.checksum.status": "2", - "udp.stream": "52" - }, - "bootp": { - "bootp.type": "1", - "bootp.hw.type": "0x00000001", - "bootp.hw.len": "6", - "bootp.hops": "0", - "bootp.id": "0x12a5ad49", - "bootp.secs": "0", - "bootp.flags": "0x00000000", - "bootp.flags_tree": { - "bootp.flags.bc": "0", - "bootp.flags.reserved": "0x00000000" - }, - "bootp.ip.client": "192.168.0.242", - "bootp.ip.your": "0.0.0.0", - "bootp.ip.server": "0.0.0.0", - "bootp.ip.relay": "0.0.0.0", - "bootp.hw.mac_addr": "d0:52:a8:a3:60:0f", - "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", - "bootp.server": "", - "bootp.file": "", - "bootp.dhcp": "1", - "bootp.cookie": "99.130.83.99", - "bootp.option.type": "53", - "bootp.option.type_tree": { - "bootp.option.length": "1", - "bootp.option.value": "03", - "bootp.option.dhcp": "3" - }, - "bootp.option.type": "61", - "bootp.option.type_tree": { - "bootp.option.length": "7", - "bootp.option.value": "01:d0:52:a8:a3:60:0f", - "bootp.hw.type": "0x00000001", - "bootp.hw.mac_addr": "d0:52:a8:a3:60:0f" - }, - "bootp.option.type": "57", - "bootp.option.type_tree": { - "bootp.option.length": "2", - "bootp.option.value": "02:40", - "bootp.option.dhcp_max_message_size": "576" - }, - "bootp.option.type": "55", - "bootp.option.type_tree": { - "bootp.option.length": "7", - "bootp.option.value": "01:03:06:0c:0f:1c:2a", - "bootp.option.request_list_item": "1", - "bootp.option.request_list_item": "3", - "bootp.option.request_list_item": "6", - "bootp.option.request_list_item": "12", - "bootp.option.request_list_item": "15", - "bootp.option.request_list_item": "28", - "bootp.option.request_list_item": "42" - }, - "bootp.option.type": "60", - "bootp.option.type_tree": { - "bootp.option.length": "12", - "bootp.option.value": "75:64:68:63:70:20:31:2e:32:32:2e:31", - "bootp.option.vendor_class_id": "udhcp 1.22.1" - }, - "bootp.option.type": "12", - "bootp.option.type_tree": { - "bootp.option.length": "19", - "bootp.option.value": "73:74:2d:44:30:35:32:41:38:41:31:44:37:45:45:30:30:30:31", - "bootp.option.hostname": "st-D052A8A1D7EE0001" - }, - "bootp.option.type": "0", - "bootp.option.type_tree": { - "bootp.option.end": "255" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:11.003037000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494291.003037000", - "frame.time_delta": "0.003993000", - "frame.time_delta_displayed": "0.003993000", - "frame.time_relative": "699.542351000", - "frame.number": "2455", - "frame.len": "360", - "frame.cap_len": "360", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:bootp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x000000c0", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "48", - "ip.dsfield.ecn": "0" - }, - "ip.len": "346", - "ip.id": "0x000005ac", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000f0e3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "67", - "udp.dstport": "68", - "udp.port": "67", - "udp.port": "68", - "udp.length": "326", - "udp.checksum": "0x0000839b", - "udp.checksum.status": "2", - "udp.stream": "52" - }, - "bootp": { - "bootp.type": "2", - "bootp.hw.type": "0x00000001", - "bootp.hw.len": "6", - "bootp.hops": "0", - "bootp.id": "0x12a5ad49", - "bootp.secs": "0", - "bootp.flags": "0x00000000", - "bootp.flags_tree": { - "bootp.flags.bc": "0", - "bootp.flags.reserved": "0x00000000" - }, - "bootp.ip.client": "192.168.0.242", - "bootp.ip.your": "192.168.0.242", - "bootp.ip.server": "192.168.0.1", - "bootp.ip.relay": "0.0.0.0", - "bootp.hw.mac_addr": "d0:52:a8:a3:60:0f", - "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", - "bootp.server": "", - "bootp.file": "", - "bootp.dhcp": "1", - "bootp.cookie": "99.130.83.99", - "bootp.option.type": "53", - "bootp.option.type_tree": { - "bootp.option.length": "1", - "bootp.option.value": "05", - "bootp.option.dhcp": "5" - }, - "bootp.option.type": "54", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "c0:a8:00:01", - "bootp.option.dhcp_server_id": "192.168.0.1" - }, - "bootp.option.type": "51", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "00:00:a8:c0", - "bootp.option.ip_address_lease_time": "43200" - }, - "bootp.option.type": "58", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "00:00:4a:ed", - "bootp.option.renewal_time_value": "19181" - }, - "bootp.option.type": "59", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "00:00:8a:35", - "bootp.option.rebinding_time_value": "35381" - }, - "bootp.option.type": "1", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "ff:ff:ff:00", - "bootp.option.subnet_mask": "255.255.255.0" - }, - "bootp.option.type": "28", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "c0:a8:00:ff", - "bootp.option.broadcast_address": "192.168.0.255" - }, - "bootp.option.type": "3", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "c0:a8:00:01", - "bootp.option.router": "192.168.0.1" - }, - "bootp.option.type": "6", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "c0:a8:00:01", - "bootp.option.domain_name_server": "192.168.0.1" - }, - "bootp.option.type": "15", - "bootp.option.type_tree": { - "bootp.option.length": "3", - "bootp.option.value": "6c:61:6e", - "bootp.option.domain_name": "lan" - }, - "bootp.option.type": "12", - "bootp.option.type_tree": { - "bootp.option.length": "19", - "bootp.option.value": "73:74:2d:44:30:35:32:41:38:41:31:44:37:45:45:30:30:30:31", - "bootp.option.hostname": "st-D052A8A1D7EE0001" - }, - "bootp.option.type": "0", - "bootp.option.type_tree": { - "bootp.option.end": "255" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:11.933238000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494291.933238000", - "frame.time_delta": "0.930201000", - "frame.time_delta_displayed": "0.930201000", - "frame.time_relative": "700.472552000", - "frame.number": "2456", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:bootp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000e4bc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000d2f6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "68", - "udp.dstport": "67", - "udp.port": "68", - "udp.port": "67", - "udp.length": "308", - "udp.checksum": "0x0000317c", - "udp.checksum.status": "2", - "udp.stream": "53" - }, - "bootp": { - "bootp.type": "1", - "bootp.hw.type": "0x00000001", - "bootp.hw.len": "6", - "bootp.hops": "0", - "bootp.id": "0x371ce2b1", - "bootp.secs": "0", - "bootp.flags": "0x00000000", - "bootp.flags_tree": { - "bootp.flags.bc": "0", - "bootp.flags.reserved": "0x00000000" - }, - "bootp.ip.client": "192.168.0.160", - "bootp.ip.your": "0.0.0.0", - "bootp.ip.server": "0.0.0.0", - "bootp.ip.relay": "0.0.0.0", - "bootp.hw.mac_addr": "00:17:88:69:ee:e4", - "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", - "bootp.server": "", - "bootp.file": "", - "bootp.dhcp": "1", - "bootp.cookie": "99.130.83.99", - "bootp.option.type": "53", - "bootp.option.type_tree": { - "bootp.option.length": "1", - "bootp.option.value": "03", - "bootp.option.dhcp": "3" - }, - "bootp.option.type": "57", - "bootp.option.type_tree": { - "bootp.option.length": "2", - "bootp.option.value": "02:40", - "bootp.option.dhcp_max_message_size": "576" - }, - "bootp.option.type": "55", - "bootp.option.type_tree": { - "bootp.option.length": "7", - "bootp.option.value": "01:03:06:0c:0f:1c:2a", - "bootp.option.request_list_item": "1", - "bootp.option.request_list_item": "3", - "bootp.option.request_list_item": "6", - "bootp.option.request_list_item": "12", - "bootp.option.request_list_item": "15", - "bootp.option.request_list_item": "28", - "bootp.option.request_list_item": "42" - }, - "bootp.option.type": "60", - "bootp.option.type_tree": { - "bootp.option.length": "12", - "bootp.option.value": "75:64:68:63:70:20:31:2e:32:33:2e:32", - "bootp.option.vendor_class_id": "udhcp 1.23.2" - }, - "bootp.option.type": "12", - "bootp.option.type_tree": { - "bootp.option.length": "11", - "bootp.option.value": "50:68:69:6c:69:70:73:2d:68:75:65", - "bootp.option.hostname": "Philips-hue" - }, - "bootp.option.type": "0", - "bootp.option.type_tree": { - "bootp.option.end": "255" - }, - "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:11.937030000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494291.937030000", - "frame.time_delta": "0.003792000", - "frame.time_delta_displayed": "0.003792000", - "frame.time_relative": "700.476344000", - "frame.number": "2457", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:bootp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x000000c0", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "48", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x0000228f", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000d45a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "67", - "udp.dstport": "68", - "udp.port": "67", - "udp.port": "68", - "udp.length": "318", - "udp.checksum": "0x00008341", - "udp.checksum.status": "2", - "udp.stream": "53" - }, - "bootp": { - "bootp.type": "2", - "bootp.hw.type": "0x00000001", - "bootp.hw.len": "6", - "bootp.hops": "0", - "bootp.id": "0x371ce2b1", - "bootp.secs": "0", - "bootp.flags": "0x00000000", - "bootp.flags_tree": { - "bootp.flags.bc": "0", - "bootp.flags.reserved": "0x00000000" - }, - "bootp.ip.client": "192.168.0.160", - "bootp.ip.your": "192.168.0.160", - "bootp.ip.server": "192.168.0.1", - "bootp.ip.relay": "0.0.0.0", - "bootp.hw.mac_addr": "00:17:88:69:ee:e4", - "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", - "bootp.server": "", - "bootp.file": "", - "bootp.dhcp": "1", - "bootp.cookie": "99.130.83.99", - "bootp.option.type": "53", - "bootp.option.type_tree": { - "bootp.option.length": "1", - "bootp.option.value": "05", - "bootp.option.dhcp": "5" - }, - "bootp.option.type": "54", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "c0:a8:00:01", - "bootp.option.dhcp_server_id": "192.168.0.1" - }, - "bootp.option.type": "51", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "00:00:a8:c0", - "bootp.option.ip_address_lease_time": "43200" - }, - "bootp.option.type": "58", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "00:00:4c:ed", - "bootp.option.renewal_time_value": "19693" - }, - "bootp.option.type": "59", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "00:00:8c:35", - "bootp.option.rebinding_time_value": "35893" - }, - "bootp.option.type": "1", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "ff:ff:ff:00", - "bootp.option.subnet_mask": "255.255.255.0" - }, - "bootp.option.type": "28", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "c0:a8:00:ff", - "bootp.option.broadcast_address": "192.168.0.255" - }, - "bootp.option.type": "3", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "c0:a8:00:01", - "bootp.option.router": "192.168.0.1" - }, - "bootp.option.type": "6", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "c0:a8:00:01", - "bootp.option.domain_name_server": "192.168.0.1" - }, - "bootp.option.type": "15", - "bootp.option.type_tree": { - "bootp.option.length": "3", - "bootp.option.value": "6c:61:6e", - "bootp.option.domain_name": "lan" - }, - "bootp.option.type": "12", - "bootp.option.type_tree": { - "bootp.option.length": "11", - "bootp.option.value": "50:68:69:6c:69:70:73:2d:68:75:65", - "bootp.option.hostname": "Philips-hue" - }, - "bootp.option.type": "0", - "bootp.option.type_tree": { - "bootp.option.end": "255" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:12.078731000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494292.078731000", - "frame.time_delta": "0.141701000", - "frame.time_delta_displayed": "0.141701000", - "frame.time_relative": "700.618045000", - "frame.number": "2458", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "50:c7:bf:59:d5:84", - "eth.src_tree": { - "eth.src_resolved": "Tp-LinkT_59:d5:84", - "eth.addr": "50:c7:bf:59:d5:84", - "eth.addr_resolved": "Tp-LinkT_59:d5:84", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "50:c7:bf:59:d5:84", - "arp.src.proto_ipv4": "192.168.0.221", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:15.242511000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494295.242511000", - "frame.time_delta": "3.163780000", - "frame.time_delta_displayed": "3.163780000", - "frame.time_relative": "703.781825000", - "frame.number": "2459", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "60:f1:89:96:45:f6", - "arp.src.proto_ipv4": "192.168.0.86", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:15.585631000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494295.585631000", - "frame.time_delta": "0.343120000", - "frame.time_delta_displayed": "0.343120000", - "frame.time_relative": "704.124945000", - "frame.number": "2460", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d82", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000ba6e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00001095", - "udp.checksum.status": "2", - "udp.stream": "16" - }, - "mdns": { - "dns.id": "0x0000026d", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=621", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:15.586301000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494295.586301000", - "frame.time_delta": "0.000670000", - "frame.time_delta_displayed": "0.000670000", - "frame.time_relative": "704.125615000", - "frame.number": "2461", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d83", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009b69", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f190", - "udp.checksum.status": "2", - "udp.stream": "17" - }, - "mdns": { - "dns.id": "0x0000026d", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=621", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:15.586770000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494295.586770000", - "frame.time_delta": "0.000469000", - "frame.time_delta_displayed": "0.000469000", - "frame.time_relative": "704.126084000", - "frame.number": "2462", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1319", - "udp.dstport": "5353", - "udp.port": "1319", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00007f56", - "udp.checksum.status": "2", - "udp.stream": "18" - }, - "mdns": { - "dns.id": "0x0000026d", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=621", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:15.999758000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494295.999758000", - "frame.time_delta": "0.412988000", - "frame.time_delta_displayed": "0.412988000", - "frame.time_relative": "704.539072000", - "frame.number": "2463", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "d0:52:a8:a3:60:0f", - "arp.src.proto_ipv4": "192.168.0.242", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:15.999889000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494295.999889000", - "frame.time_delta": "0.000131000", - "frame.time_delta_displayed": "0.000131000", - "frame.time_relative": "704.539203000", - "frame.number": "2464", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "d0:52:a8:a3:60:0f", - "arp.dst.proto_ipv4": "192.168.0.242" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:19.064370000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494299.064370000", - "frame.time_delta": "3.064481000", - "frame.time_delta_displayed": "3.064481000", - "frame.time_relative": "707.603684000", - "frame.number": "2465", - "frame.len": "76", - "frame.cap_len": "76", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "62", - "ip.id": "0x0000e654", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000d268", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "34348", - "udp.dstport": "53", - "udp.port": "34348", - "udp.port": "53", - "udp.length": "42", - "udp.checksum": "0x0000c87d", - "udp.checksum.status": "2", - "udp.stream": "54" - }, - "dns": { - "dns.id": "0x00000f0e", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:19.252032000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494299.252032000", - "frame.time_delta": "0.187662000", - "frame.time_delta_displayed": "0.187662000", - "frame.time_relative": "707.791346000", - "frame.number": "2466", - "frame.len": "513", - "frame.cap_len": "513", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "499", - "ip.id": "0x00002414", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000092f4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "34348", - "udp.port": "53", - "udp.port": "34348", - "udp.length": "479", - "udp.checksum": "0x000083e2", - "udp.checksum.status": "2", - "udp.stream": "54" - }, - "dns": { - "dns.response_to": "2465", - "dns.time": "0.187662000", - "dns.id": "0x00000f0e", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "4", - "dns.count.auth_rr": "9", - "dns.count.add_rr": "9", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { - "dns.resp.name": "www2.meethue.com", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "300", - "dns.resp.len": "41", - "dns.cname": "brands.lighting.philips.com.edgekey.net" - }, - "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { - "dns.resp.name": "brands.lighting.philips.com.edgekey.net", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "17581", - "dns.resp.len": "22", - "dns.cname": "e15361.b.akamaiedge.net" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.73": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "173.223.52.73" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.2": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "173.223.52.2" - } - }, - "Authoritative nameservers": { - "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2929", - "dns.resp.len": "6", - "dns.ns": "n3b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2929", - "dns.resp.len": "6", - "dns.ns": "a0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2929", - "dns.resp.len": "6", - "dns.ns": "n7b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2929", - "dns.resp.len": "6", - "dns.ns": "n2b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2929", - "dns.resp.len": "6", - "dns.ns": "n6b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2929", - "dns.resp.len": "6", - "dns.ns": "n1b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2929", - "dns.resp.len": "6", - "dns.ns": "n0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2929", - "dns.resp.len": "6", - "dns.ns": "n5b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2929", - "dns.resp.len": "6", - "dns.ns": "n4b.akamaiedge.net" - } - }, - "Additional records": { - "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { - "dns.resp.name": "n0b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "465", - "dns.resp.len": "4", - "dns.a": "88.221.81.192" - }, - "n1b.akamaiedge.net: type A, class IN, addr 165.254.134.238": { - "dns.resp.name": "n1b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "6763", - "dns.resp.len": "4", - "dns.a": "165.254.134.238" - }, - "n2b.akamaiedge.net: type A, class IN, addr 165.254.134.238": { - "dns.resp.name": "n2b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "7157", - "dns.resp.len": "4", - "dns.a": "165.254.134.238" - }, - "n3b.akamaiedge.net: type A, class IN, addr 165.254.134.245": { - "dns.resp.name": "n3b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3894", - "dns.resp.len": "4", - "dns.a": "165.254.134.245" - }, - "n4b.akamaiedge.net: type A, class IN, addr 165.254.134.242": { - "dns.resp.name": "n4b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "4485", - "dns.resp.len": "4", - "dns.a": "165.254.134.242" - }, - "n5b.akamaiedge.net: type A, class IN, addr 204.1.137.35": { - "dns.resp.name": "n5b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "118", - "dns.resp.len": "4", - "dns.a": "204.1.137.35" - }, - "n6b.akamaiedge.net: type A, class IN, addr 204.2.166.224": { - "dns.resp.name": "n6b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "451", - "dns.resp.len": "4", - "dns.a": "204.2.166.224" - }, - "n7b.akamaiedge.net: type A, class IN, addr 165.254.137.93": { - "dns.resp.name": "n7b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "57", - "dns.resp.len": "4", - "dns.a": "165.254.137.93" - }, - "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { - "dns.resp.name": "a0b.akamaiedge.net", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3284", - "dns.resp.len": "16", - "dns.aaaa": "2600:1480:e800::c0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:19.252872000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494299.252872000", - "frame.time_delta": "0.000840000", - "frame.time_delta_displayed": "0.000840000", - "frame.time_relative": "707.792186000", - "frame.number": "2467", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000a811", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ef41", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "173.223.52.73", - "ip.addr": "173.223.52.73", - "ip.dst_host": "173.223.52.73", - "ip.host": "173.223.52.73", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS20940 Akamai International B.V., Cambridge, MA, 42.362598, -71.084297": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS20940 Akamai International B.V.", - "ip.geoip.asnum": "AS20940 Akamai International B.V.", - "ip.geoip.dst_city": "Cambridge, MA", - "ip.geoip.city": "Cambridge, MA", - "ip.geoip.dst_lat": "42.362598", - "ip.geoip.lat": "42.362598", - "ip.geoip.dst_lon": "-71.084297", - "ip.geoip.lon": "-71.084297" - } - }, - "tcp": { - "tcp.srcport": "54142", - "tcp.dstport": "443", - "tcp.port": "54142", - "tcp.port": "443", - "tcp.stream": "114", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 443", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x000033c7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:19.255988000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494299.255988000", - "frame.time_delta": "0.003116000", - "frame.time_delta_displayed": "0.003116000", - "frame.time_relative": "707.795302000", - "frame.number": "2468", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "56", - "ip.proto": "6", - "ip.checksum": "0x00009f53", - "ip.checksum.status": "2", - "ip.src": "173.223.52.73", - "ip.addr": "173.223.52.73", - "ip.src_host": "173.223.52.73", - "ip.host": "173.223.52.73", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS20940 Akamai International B.V., Cambridge, MA, 42.362598, -71.084297": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS20940 Akamai International B.V.", - "ip.geoip.asnum": "AS20940 Akamai International B.V.", - "ip.geoip.src_city": "Cambridge, MA", - "ip.geoip.city": "Cambridge, MA", - "ip.geoip.src_lat": "42.362598", - "ip.geoip.lat": "42.362598", - "ip.geoip.src_lon": "-71.084297", - "ip.geoip.lon": "-71.084297" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "54142", - "tcp.port": "443", - "tcp.port": "54142", - "tcp.stream": "114", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 443", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000ad99", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:05", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 5 (multiply by 32)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "5", - "tcp.options.wscale.multiplier": "32" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2467", - "tcp.analysis.ack_rtt": "0.003116000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:19.256482000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494299.256482000", - "frame.time_delta": "0.000494000", - "frame.time_delta_displayed": "0.000494000", - "frame.time_relative": "707.795796000", - "frame.number": "2469", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000a812", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ef4c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "173.223.52.73", - "ip.addr": "173.223.52.73", - "ip.dst_host": "173.223.52.73", - "ip.host": "173.223.52.73", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS20940 Akamai International B.V., Cambridge, MA, 42.362598, -71.084297": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS20940 Akamai International B.V.", - "ip.geoip.asnum": "AS20940 Akamai International B.V.", - "ip.geoip.dst_city": "Cambridge, MA", - "ip.geoip.city": "Cambridge, MA", - "ip.geoip.dst_lat": "42.362598", - "ip.geoip.lat": "42.362598", - "ip.geoip.dst_lon": "-71.084297", - "ip.geoip.lon": "-71.084297" - } - }, - "tcp": { - "tcp.srcport": "54142", - "tcp.dstport": "443", - "tcp.port": "54142", - "tcp.port": "443", - "tcp.stream": "114", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3650", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00005238", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2468", - "tcp.analysis.ack_rtt": "0.000494000", - "tcp.analysis.initial_rtt": "0.003610000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:19.256494000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494299.256494000", - "frame.time_delta": "0.000012000", - "frame.time_delta_displayed": "0.000012000", - "frame.time_relative": "707.795808000", - "frame.number": "2470", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000a813", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ef4b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "173.223.52.73", - "ip.addr": "173.223.52.73", - "ip.dst_host": "173.223.52.73", - "ip.host": "173.223.52.73", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS20940 Akamai International B.V., Cambridge, MA, 42.362598, -71.084297": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS20940 Akamai International B.V.", - "ip.geoip.asnum": "AS20940 Akamai International B.V.", - "ip.geoip.dst_city": "Cambridge, MA", - "ip.geoip.city": "Cambridge, MA", - "ip.geoip.dst_lat": "42.362598", - "ip.geoip.lat": "42.362598", - "ip.geoip.dst_lon": "-71.084297", - "ip.geoip.lon": "-71.084297" - } - }, - "tcp": { - "tcp.srcport": "54142", - "tcp.dstport": "443", - "tcp.port": "54142", - "tcp.port": "443", - "tcp.stream": "114", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3650", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00005237", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:19.259566000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494299.259566000", - "frame.time_delta": "0.003072000", - "frame.time_delta_displayed": "0.003072000", - "frame.time_relative": "707.798880000", - "frame.number": "2471", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000084e4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "56", - "ip.proto": "6", - "ip.checksum": "0x00001a7b", - "ip.checksum.status": "2", - "ip.src": "173.223.52.73", - "ip.addr": "173.223.52.73", - "ip.src_host": "173.223.52.73", - "ip.host": "173.223.52.73", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS20940 Akamai International B.V., Cambridge, MA, 42.362598, -71.084297": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS20940 Akamai International B.V.", - "ip.geoip.asnum": "AS20940 Akamai International B.V.", - "ip.geoip.src_city": "Cambridge, MA", - "ip.geoip.city": "Cambridge, MA", - "ip.geoip.src_lat": "42.362598", - "ip.geoip.lat": "42.362598", - "ip.geoip.src_lon": "-71.084297", - "ip.geoip.lon": "-71.084297" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "54142", - "tcp.port": "443", - "tcp.port": "54142", - "tcp.stream": "114", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "2", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "913", - "tcp.window_size": "29216", - "tcp.window_size_scalefactor": "32", - "tcp.checksum": "0x00005ce7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2470", - "tcp.analysis.ack_rtt": "0.003072000", - "tcp.analysis.initial_rtt": "0.003610000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:19.260040000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494299.260040000", - "frame.time_delta": "0.000474000", - "frame.time_delta_displayed": "0.000474000", - "frame.time_relative": "707.799354000", - "frame.number": "2472", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000a814", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ef4a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "173.223.52.73", - "ip.addr": "173.223.52.73", - "ip.dst_host": "173.223.52.73", - "ip.host": "173.223.52.73", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS20940 Akamai International B.V., Cambridge, MA, 42.362598, -71.084297": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS20940 Akamai International B.V.", - "ip.geoip.asnum": "AS20940 Akamai International B.V.", - "ip.geoip.dst_city": "Cambridge, MA", - "ip.geoip.city": "Cambridge, MA", - "ip.geoip.dst_lat": "42.362598", - "ip.geoip.lat": "42.362598", - "ip.geoip.dst_lon": "-71.084297", - "ip.geoip.lon": "-71.084297" - } - }, - "tcp": { - "tcp.srcport": "54142", - "tcp.dstport": "443", - "tcp.port": "54142", - "tcp.port": "443", - "tcp.stream": "114", - "tcp.len": "0", - "tcp.seq": "2", - "tcp.ack": "2", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3650", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00005236", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2471", - "tcp.analysis.ack_rtt": "0.000474000", - "tcp.analysis.initial_rtt": "0.003610000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:20.585897000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494300.585897000", - "frame.time_delta": "1.325857000", - "frame.time_delta_displayed": "1.325857000", - "frame.time_relative": "709.125211000", - "frame.number": "2473", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d89", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000ba67", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00001095", - "udp.checksum.status": "2", - "udp.stream": "16" - }, - "mdns": { - "dns.id": "0x0000026d", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=621", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:20.586480000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494300.586480000", - "frame.time_delta": "0.000583000", - "frame.time_delta_displayed": "0.000583000", - "frame.time_relative": "709.125794000", - "frame.number": "2474", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d8a", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009b62", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f190", - "udp.checksum.status": "2", - "udp.stream": "17" - }, - "mdns": { - "dns.id": "0x0000026d", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=621", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:20.587048000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494300.587048000", - "frame.time_delta": "0.000568000", - "frame.time_delta_displayed": "0.000568000", - "frame.time_relative": "709.126362000", - "frame.number": "2475", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1319", - "udp.dstport": "5353", - "udp.port": "1319", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00007f56", - "udp.checksum.status": "2", - "udp.stream": "18" - }, - "mdns": { - "dns.id": "0x0000026d", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=621", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:21.882324000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494301.882324000", - "frame.time_delta": "1.295276000", - "frame.time_delta_displayed": "1.295276000", - "frame.time_relative": "710.421638000", - "frame.number": "2476", - "frame.len": "344", - "frame.cap_len": "344", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "330", - "ip.id": "0x00002c21", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003848", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "278", - "tcp.seq": "2031", - "tcp.nxtseq": "2309", - "tcp.ack": "13631", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00005ee2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9d:b1:1a:00:25:bb:7d", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812129562, TSecr 2472829": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812129562", - "tcp.options.timestamp.tsecr": "2472829" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "278", - "tcp.analysis.push_bytes_sent": "278" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "273", - "ssl.app_data": "34:cd:34:17:47:48:0e:4c:ea:da:97:0d:52:24:3b:57:a4:0b:55:0d:f9:04:db:01:1d:e9:ca:f7:4e:10:80:41:09:8f:7d:81:b7:5f:ff:16:63:64:aa:28:56:d5:96:42:06:f1:f8:1e:78:66:cf:28:f0:6f:04:fb:6e:f4:a3:9e:10:a4:96:fa:94:3e:2a:41:4b:1f:59:b9:99:78:e5:0a:77:91:31:d2:64:13:e9:7b:3a:a1:c9:f8:dd:ca:c0:8a:6f:97:0c:79:cf:06:d0:c0:26:dc:a9:2c:c3:4b:0f:75:0e:64:36:dd:a6:7f:b0:26:7c:64:5a:10:01:84:f2:23:0b:c5:ec:4e:94:e1:7f:27:ce:e8:e3:45:bd:4f:57:27:82:13:9d:89:62:6a:f2:d2:d5:34:c8:a9:09:f8:60:1b:55:e7:3f:27:df:8e:36:8e:fd:4c:fa:db:84:8b:a5:ce:5b:04:91:ec:28:ea:fa:26:36:e1:e5:e3:97:f5:23:ff:f6:50:e5:bf:c2:03:63:e4:19:8f:7f:6e:f2:4e:a1:4f:b5:bb:39:1c:9d:66:ee:a0:43:45:ab:fd:49:6a:68:65:31:cc:7d:41:e7:af:c2:2e:bd:1b:32:fe:1f:38:75:cb:ea:7f:d6:7b:bf:f3:b4:95:6a:ef:d3:98:d4:25:51:bf:dd:70:c8:bd:dd:0f:b5:c1:bb:c2:f1:88:48:1e:8e:8f:1e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:21.888948000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494301.888948000", - "frame.time_delta": "0.006624000", - "frame.time_delta_displayed": "0.006624000", - "frame.time_relative": "710.428262000", - "frame.number": "2477", - "frame.len": "119", - "frame.cap_len": "119", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "105", - "ip.id": "0x00009537", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007813", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "53", - "tcp.seq": "13631", - "tcp.nxtseq": "13684", - "tcp.ack": "2309", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000019f9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:c6:70:a7:9d:b1:1a", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2475632, TSecr 2812129562": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2475632", - "tcp.options.timestamp.tsecr": "2812129562" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2476", - "tcp.analysis.ack_rtt": "0.006624000", - "tcp.analysis.bytes_in_flight": "53", - "tcp.analysis.push_bytes_sent": "53" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "48", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:c6:3c:53:21:84:41:27:9c:51:a1:ed:5c:ab:13:d0:f7:4d:bd:89:b9:48:8c:12:b0:d3:79:80:f3:d5:e2:4d:ef:b9:f8:30:92:ff:c2:1a:f5:a1" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:21.949098000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494301.949098000", - "frame.time_delta": "0.060150000", - "frame.time_delta_displayed": "0.060150000", - "frame.time_relative": "710.488412000", - "frame.number": "2478", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c22", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000395d", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "2309", - "tcp.ack": "13684", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f279", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9d:b1:2b:00:25:c6:70", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812129579, TSecr 2475632": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812129579", - "tcp.options.timestamp.tsecr": "2475632" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2477", - "tcp.analysis.ack_rtt": "0.060150000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:21.949693000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494301.949693000", - "frame.time_delta": "0.000595000", - "frame.time_delta_displayed": "0.000595000", - "frame.time_relative": "710.489007000", - "frame.number": "2479", - "frame.len": "725", - "frame.cap_len": "725", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "711", - "ip.id": "0x00009538", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000075b4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "659", - "tcp.seq": "13684", - "tcp.nxtseq": "14343", - "tcp.ack": "2309", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000003d5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:c6:77:a7:9d:b1:2b", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2475639, TSecr 2812129579": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2475639", - "tcp.options.timestamp.tsecr": "2812129579" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "659", - "tcp.analysis.push_bytes_sent": "659" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:c7:67:11:12:b8:a4:24:da:55:fd:44:5e:a9:8d:6e:e0:51:c7:e3:49:dd:5d:f6:5f:52:69:4f:9a:99:6a:5b:c1:ed:ca:67:1b:77:dc:8b:bd:4e:a7" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "96", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:c8:95:c3:39:b9:b4:ad:50:a2:36:c2:77:79:a6:49:33:4a:15:f5:c3:f2:92:88:67:16:97:87:ef:ea:2a:89:2d:a5:ad:5d:3c:e3:2a:19:3f:76:f6:d1:e7:97:16:4f:5e:97:2e:0e:09:27:75:07:c7:52:34:23:8c:ea:c1:34:8c:b4:58:39:87:5f:cd:04:db:56:f4:64:21:54:2a:f2:98:ad:84:e0:09:ce:ae:07:1c:51" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "499", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:c9:72:5e:f3:49:20:29:ca:d9:1a:31:ea:7f:07:45:ad:ee:41:43:e3:f9:12:cb:05:5e:17:19:b7:18:48:bb:14:cb:3b:9c:0b:5f:92:4e:c6:70:50:b1:ce:5c:01:68:ba:ad:aa:f2:32:b7:bf:80:0f:cf:d1:a7:e4:34:fc:91:74:1d:c9:e5:f3:fc:f2:15:3c:61:87:83:6c:51:a7:bc:b1:d8:cb:c7:dd:92:b6:a7:6e:d2:43:13:be:ea:25:4c:ac:b6:90:4f:f0:3c:45:24:33:f1:57:d0:29:d6:58:12:82:b4:31:e2:a3:e8:3b:0d:67:59:c4:d7:a0:44:f6:7c:54:5d:b4:8a:32:3d:a6:ef:67:c6:70:a5:75:3c:17:9f:ac:56:57:8f:07:5a:68:b1:67:a9:83:92:d5:88:ac:19:33:4d:7a:ef:83:29:48:de:1a:69:38:a8:c0:25:2f:7f:23:41:90:1d:bb:d2:a0:e6:e2:ba:e1:bf:81:be:9a:6b:8c:ac:f4:2b:07:0f:14:7c:28:33:93:64:87:fd:7b:9e:ba:48:d4:aa:f9:de:80:e9:46:b4:63:5f:d0:ab:a5:0e:b7:8d:2c:59:01:99:2f:ab:ec:6b:67:56:47:db:47:e3:a2:57:6f:12:ed:de:53:c6:d9:55:04:44:01:21:db:b0:21:f7:ce:01:5d:60:a4:51:26:59:b7:11:b9:05:38:c6:0c:9d:ab:bd:e3:25:75:20:14:06:eb:b6:c8:56:d0:9d:e2:7c:0c:70:cc:c0:d4:c6:92:2d:b0:09:f2:e0:61:69:52:25:dc:18:85:d1:de:3f:e2:22:d7:75:34:d3:8f:ab:05:98:d3:09:af:27:af:59:25:5d:be:1e:f1:69:34:aa:84:c2:ff:6d:d3:45:8f:9e:58:f6:f9:3a:97:76:c4:85:57:2a:6d:1c:ee:13:7e:59:a1:b4:85:15:e2:60:d4:73:ac:a4:35:f4:0d:43:95:b6:38:f7:27:8a:6a:4f:aa:a7:aa:f3:3c:30:91:fc:6e:f6:b5:b5:a3:4e:1a:9b:f5:91:36:b9:71:62:b2:26:de:6b:77:74:da:d4:8a:ca:c1:ee:16:b9:b7:3a:24:fb:10:06:b1:ca:b9:ad:a7:d2:14:8f:9d:66:e9:aa:96:4c:ce:21:c2:9e:0b:1b:ca:82:a0:e9:e8:2d:a2:84:7b:5d:9a:ed:a9:35:69:5e:a4:a0:cc:32:f9:6d:61:8f:a6:e9:ce:c4:b9:b5:02:f1:a6:2c:bd:da:81:7b:d4:e7:78:79:49:45:c1:83:08:fa:39" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:22.010754000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494302.010754000", - "frame.time_delta": "0.061061000", - "frame.time_delta_displayed": "0.061061000", - "frame.time_relative": "710.550068000", - "frame.number": "2480", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c23", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000395c", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "2309", - "tcp.ack": "14343", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000efd0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9d:b1:3a:00:25:c6:77", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812129594, TSecr 2475639": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812129594", - "tcp.options.timestamp.tsecr": "2475639" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2479", - "tcp.analysis.ack_rtt": "0.061061000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:22.283526000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494302.283526000", - "frame.time_delta": "0.272772000", - "frame.time_delta_displayed": "0.272772000", - "frame.time_relative": "710.822840000", - "frame.number": "2481", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "106", - "ip.id": "0x00009539", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007810", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "54", - "tcp.seq": "14343", - "tcp.nxtseq": "14397", - "tcp.ack": "2309", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00006356", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:c6:98:a7:9d:b1:3a", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2475672, TSecr 2812129594": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2475672", - "tcp.options.timestamp.tsecr": "2812129594" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "54", - "tcp.analysis.push_bytes_sent": "54" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:ca:3c:c9:e5:cc:fb:0e:6c:c4:9c:be:3f:a8:ec:23:00:47:15:e7:9b:4c:05:c0:2a:b7:ce:25:b6:13:28:f3:37:6e:0f:d6:5f:e8:bb:30:f4:48:d4" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:22.343675000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494302.343675000", - "frame.time_delta": "0.060149000", - "frame.time_delta_displayed": "0.060149000", - "frame.time_relative": "710.882989000", - "frame.number": "2482", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c24", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000395b", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "2309", - "tcp.ack": "14397", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000ef25", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9d:b1:8e:00:25:c6:98", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812129678, TSecr 2475672": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812129678", - "tcp.options.timestamp.tsecr": "2475672" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2481", - "tcp.analysis.ack_rtt": "0.060149000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:25.586177000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494305.586177000", - "frame.time_delta": "3.242502000", - "frame.time_delta_displayed": "3.242502000", - "frame.time_relative": "714.125491000", - "frame.number": "2483", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d8b", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000ba65", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00001095", - "udp.checksum.status": "2", - "udp.stream": "16" - }, - "mdns": { - "dns.id": "0x0000026d", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=621", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:25.586740000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494305.586740000", - "frame.time_delta": "0.000563000", - "frame.time_delta_displayed": "0.000563000", - "frame.time_relative": "714.126054000", - "frame.number": "2484", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d8c", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009b60", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f190", - "udp.checksum.status": "2", - "udp.stream": "17" - }, - "mdns": { - "dns.id": "0x0000026d", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=621", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:25.587317000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494305.587317000", - "frame.time_delta": "0.000577000", - "frame.time_delta_displayed": "0.000577000", - "frame.time_relative": "714.126631000", - "frame.number": "2485", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1319", - "udp.dstport": "5353", - "udp.port": "1319", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00007f56", - "udp.checksum.status": "2", - "udp.stream": "18" - }, - "mdns": { - "dns.id": "0x0000026d", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=621", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:27.564431000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494307.564431000", - "frame.time_delta": "1.977114000", - "frame.time_delta_displayed": "1.977114000", - "frame.time_relative": "716.103745000", - "frame.number": "2486", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x0000e791", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000d128", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "50415", - "udp.dstport": "53", - "udp.port": "50415", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x0000f13e", - "udp.checksum.status": "2", - "udp.stream": "55" - }, - "dns": { - "dns.id": "0x00000f0f", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:27.565078000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494307.565078000", - "frame.time_delta": "0.000647000", - "frame.time_delta_displayed": "0.000647000", - "frame.time_relative": "716.104392000", - "frame.number": "2487", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x00002726", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009194", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "50415", - "udp.port": "53", - "udp.port": "50415", - "udp.length": "45", - "udp.checksum": "0x00008230", - "udp.checksum.status": "2", - "udp.stream": "55" - }, - "dns": { - "dns.response_to": "2486", - "dns.time": "0.000647000", - "dns.id": "0x00000f0f", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:27.565965000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494307.565965000", - "frame.time_delta": "0.000887000", - "frame.time_delta_displayed": "0.000887000", - "frame.time_relative": "716.105279000", - "frame.number": "2488", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x0000e792", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000d127", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57721", - "udp.dstport": "53", - "udp.port": "57721", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x0000efb3", - "udp.checksum.status": "2", - "udp.stream": "56" - }, - "dns": { - "dns.id": "0x00000f10", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:27.567770000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494307.567770000", - "frame.time_delta": "0.001805000", - "frame.time_delta_displayed": "0.001805000", - "frame.time_relative": "716.107084000", - "frame.number": "2489", - "frame.len": "285", - "frame.cap_len": "285", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "271", - "ip.id": "0x00002727", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000090c5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "57721", - "udp.port": "53", - "udp.port": "57721", - "udp.length": "251", - "udp.checksum": "0x000082fe", - "udp.checksum.status": "2", - "udp.stream": "56" - }, - "dns": { - "dns.response_to": "2488", - "dns.time": "0.001805000", - "dns.id": "0x00000f10", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "1", - "dns.count.auth_rr": "3", - "dns.count.add_rr": "6", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { - "dns.resp.name": "dcp.cpp.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3070", - "dns.resp.len": "4", - "dns.a": "5.79.62.93" - } - }, - "Authoritative nameservers": { - "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": { - "dns.resp.name": "cpp.philips.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3024", - "dns.resp.len": "10", - "dns.ns": "ns2.ext.philips.com" - }, - "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": { - "dns.resp.name": "cpp.philips.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3024", - "dns.resp.len": "6", - "dns.ns": "ns1.ext.philips.com" - }, - "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": { - "dns.resp.name": "cpp.philips.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3024", - "dns.resp.len": "6", - "dns.ns": "ns3.ext.philips.com" - } - }, - "Additional records": { - "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": { - "dns.resp.name": "ns1.ext.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1456", - "dns.resp.len": "4", - "dns.a": "57.67.40.20" - }, - "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": { - "dns.resp.name": "ns2.ext.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "18289", - "dns.resp.len": "4", - "dns.a": "57.77.21.76" - }, - "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": { - "dns.resp.name": "ns3.ext.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "18289", - "dns.resp.len": "4", - "dns.a": "57.73.36.68" - }, - "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001:0:57:67:40:20": { - "dns.resp.name": "ns1.ext.philips.com", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "827", - "dns.resp.len": "16", - "dns.aaaa": "2a01:ce89:8001:0:57:67:40:20" - }, - "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": { - "dns.resp.name": "ns2.ext.philips.com", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "166942", - "dns.resp.len": "16", - "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76" - }, - "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1:0:57:73:36:68": { - "dns.resp.name": "ns3.ext.philips.com", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "166942", - "dns.resp.len": "16", - "dns.aaaa": "2a01:ce9d:1:0:57:73:36:68" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:27.568550000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494307.568550000", - "frame.time_delta": "0.000780000", - "frame.time_delta_displayed": "0.000780000", - "frame.time_relative": "716.107864000", - "frame.number": "2490", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000a429", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000091a6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35290", - "tcp.dstport": "80", - "tcp.port": "35290", - "tcp.port": "80", - "tcp.stream": "115", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x000040a7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:27.705199000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494307.705199000", - "frame.time_delta": "0.136649000", - "frame.time_delta_displayed": "0.136649000", - "frame.time_relative": "716.244513000", - "frame.number": "2491", - "frame.len": "62", - "frame.cap_len": "62", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "48", - "ip.id": "0x0000eeaa", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x00009c28", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35290", - "tcp.port": "80", - "tcp.port": "35290", - "tcp.stream": "115", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "28", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "4140", - "tcp.window_size": "4140", - "tcp.checksum": "0x00008111", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:64:04:02:00:00", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1380" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "End of Option List (EOL)": { - "tcp.options.type": "0", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "0" - } - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2490", - "tcp.analysis.ack_rtt": "0.136649000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:27.705747000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494307.705747000", - "frame.time_delta": "0.000548000", - "frame.time_delta_displayed": "0.000548000", - "frame.time_relative": "716.245061000", - "frame.number": "2492", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000a42a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000091b1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35290", - "tcp.dstport": "80", - "tcp.port": "35290", - "tcp.port": "80", - "tcp.stream": "115", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00004aa0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2491", - "tcp.analysis.ack_rtt": "0.000548000", - "tcp.analysis.initial_rtt": "0.137197000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:27.706052000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494307.706052000", - "frame.time_delta": "0.000305000", - "frame.time_delta_displayed": "0.000305000", - "frame.time_relative": "716.245366000", - "frame.number": "2493", - "frame.len": "654", - "frame.cap_len": "654", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "640", - "ip.id": "0x0000a42b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008f58", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35290", - "tcp.dstport": "80", - "tcp.port": "35290", - "tcp.port": "80", - "tcp.stream": "115", - "tcp.len": "600", - "tcp.seq": "1", - "tcp.nxtseq": "601", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000b5b9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.137197000", - "tcp.analysis.bytes_in_flight": "600", - "tcp.analysis.push_bytes_sent": "600" - }, - "tcp.segment_data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:37:39:22:2c:20:4e:6f:6e:63:65:3d:22:64:66:63:47:4a:4c:77:65:4a:66:65:35:49:4e:55:49:32:30:34:47:67:51:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:72:39:79:69:59:66:73:69:4c:35:74:35:59:73:4d:5a:70:78:53:39:37:51:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:27.843116000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494307.843116000", - "frame.time_delta": "0.137064000", - "frame.time_delta_displayed": "0.137064000", - "frame.time_relative": "716.382430000", - "frame.number": "2494", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002a53", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x00006088", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35290", - "tcp.port": "80", - "tcp.port": "35290", - "tcp.stream": "115", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "601", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4740", - "tcp.window_size": "4740", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000a7d4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2493", - "tcp.analysis.ack_rtt": "0.137064000", - "tcp.analysis.initial_rtt": "0.137197000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:27.843760000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494307.843760000", - "frame.time_delta": "0.000644000", - "frame.time_delta_displayed": "0.000644000", - "frame.time_relative": "716.383074000", - "frame.number": "2495", - "frame.len": "1302", - "frame.cap_len": "1302", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:media" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1288", - "ip.id": "0x0000a42c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008ccf", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35290", - "tcp.dstport": "80", - "tcp.port": "35290", - "tcp.port": "80", - "tcp.stream": "115", - "tcp.len": "1248", - "tcp.seq": "601", - "tcp.nxtseq": "1849", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000cc02", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.137197000", - "tcp.analysis.bytes_in_flight": "1248", - "tcp.analysis.push_bytes_sent": "1248" - }, - "tcp.segment_data": "25:45:3f:69:40:f2:26:7c:c1:e3:27:ba:40:2b:d9:27:5e:fc:db:54:6d:af:b3:f4:13:87:29:60:2d:8b:f6:ef:fe:50:4d:84:5e:cd:b6:19:af:a7:c6:08:14:0a:bf:14:dd:94:bc:bf:31:38:f0:a8:a4:a2:37:b8:66:67:f3:52:d4:ac:e5:02:dd:b8:4d:4f:e2:8f:97:ea:46:b3:f6:5a:ea:15:67:4e:e8:33:e3:14:94:40:8b:88:43:7b:79:2e:7f:dd:0c:ce:65:b6:b4:01:6d:62:6b:db:93:dd:ef:17:04:fb:75:8b:fb:24:96:f8:18:86:7a:6f:cc:25:10:8a:35:0d:bb:8e:8d:b2:c0:3e:05:52:63:0c:c0:9d:6d:6b:64:bb:b3:a3:ba:22:ce:5d:e7:1a:35:7a:3b:f5:14:d2:5b:1c:2f:6e:bc:1b:f5:6e:49:8f:2f:65:41:5f:8d:42:da:24:a2:e4:90:6b:83:f5:9f:77:d5:cd:a2:42:d7:33:aa:a5:cf:f5:9d:48:12:06:53:a4:1d:97:85:89:a8:82:ac:c9:a4:c2:6f:45:0a:3f:b2:93:af:11:0c:b8:6d:4d:cc:f2:ba:cd:ab:11:15:df:3a:2b:77:22:86:d7:46:53:b3:74:0e:a1:e1:28:74:9d:cf:81:2f:98:88:8c:d0:eb:a9:50:f4:a8:93:ca:32:c0:9a:c8:a6:ad:ba:09:5d:e7:45:2b:8e:36:2f:36:b0:42:f7:45:1a:15:76:76:41:7a:b3:50:2e:c8:73:36:37:f4:75:2d:00:78:c7:45:03:1d:e5:a6:04:ed:fd:21:c0:89:91:52:82:2c:6b:9d:e0:5a:a0:a1:a5:0d:bf:cb:79:5f:a9:06:85:0b:af:00:1f:25:c8:4b:ad:5f:07:44:57:2b:e6:d9:c5:e5:46:46:a8:e5:06:d5:1f:20:e4:60:d3:f5:eb:3b:ec:a3:60:c8:16:3d:7f:cf:f7:cb:9e:6a:cc:be:21:bf:f5:f3:af:84:38:22:a0:b5:ce:17:12:2f:e7:b3:25:e1:bf:be:c7:27:44:98:34:c6:f1:22:16:f2:05:44:65:8b:ad:6c:9b:ef:eb:c7:e8:a7:79:99:0b:fe:4b:e0:e3:11:6e:9d:56:8d:ff:aa:8c:8e:8f:35:d6:5e:97:ef:36:99:cb:7f:e4:fb:89:77:4a:d0:50:02:9f:06:54:c0:f5:de:71:5c:15:48:10:c4:c5:cd:9e:d8:4b:58:22:56:56:22:c1:89:29:3b:ec:8c:77:ea:ad:cb:a4:84:99:f5:65:b3:d0:1b:3b:df:68:de:70:07:51:ea:da:b7:64:ef:f3:7c:ba:cd:59:3e:6e:3c:9e:5f:6b:e4:2d:f7:12:af:b6:24:f8:08:f2:d5:a9:bb:63:6d:f0:ac:f7:b5:4b:cb:4e:c0:a8:0d:11:0d:b2:6a:89:eb:58:a8:13:ee:0b:e7:66:1f:25:3e:dd:9d:bb:de:13:d6:0f:b0:10:04:c8:08:75:d8:2a:41:dd:36:6f:8d:58:49:13:16:23:46:d9:0d:e1:a5:91:cc:8d:5d:28:5a:c3:f5:37:86:14:be:5d:69:8b:4e:8d:be:73:f2:96:04:3f:6b:01:db:51:ab:f6:ce:a5:c0:43:a2:2f:b8:4b:54:76:d4:40:d7:6a:5a:08:a9:81:ff:6b:f1:a5:f6:f4:12:8a:04:55:66:0f:3a:a4:58:b5:a5:66:6e:02:dd:b3:5b:68:84:12:db:8f:01:d6:38:bf:3f:15:38:c4:58:3f:7e:33:d3:f9:66:9c:d6:e2:a5:fe:21:d0:0d:92:cf:e4:84:e1:ec:07:f0:62:06:7d:5b:9c:1a:99:0e:df:84:d3:79:70:e7:9a:58:26:da:b5:78:7b:75:11:14:94:51:36:6a:cc:e6:d8:31:a8:8d:aa:12:93:86:1e:ee:64:ec:a1:0d:5b:ac:72:ec:49:83:8d:41:ad:b5:fb:65:99:eb:c6:ef:07:3d:05:d4:dc:4a:67:78:23:72:e1:25:e5:d1:a1:ae:fd:bd:59:b2:4e:77:89:3b:01:f2:7e:70:94:21:5a:20:9f:2b:78:e7:5f:41:86:f4:e5:87:b7:ce:65:66:4a:d4:9e:5a:b7:e4:c2:de:6f:e2:69:39:77:cc:ce:96:54:bf:18:76:fd:f4:13:f9:8a:72:ba:fa:18:17:77:01:39:fe:e7:68:ec:48:02:98:60:64:71:e5:6b:69:81:82:69:ba:b2:51:38:d3:5c:90:2c:fd:17:84:29:ba:0f:2d:14:9f:f7:83:5d:04:0c:6e:3f:c5:71:2a:4a:55:64:1b:1b:7d:7a:56:1d:94:da:0f:9d:91:e4:2f:ae:97:c4:0b:5f:4b:79:20:0d:6a:f6:a1:8b:35:36:db:59:3f:ff:48:b2:92:39:04:18:29:d8:05:49:b7:f6:5e:e2:ae:d8:4a:9c:af:ba:34:1d:12:87:9b:7d:53:8d:70:f1:fe:ae:cd:27:90:a4:53:75:8a:27:fc:7b:fc:a5:2a:6c:46:c5:a2:50:64:4b:40:e8:f0:22:13:5e:cb:9d:ff:53:fe:b2:5b:50:c5:79:81:f3:cb:e6:07:7a:84:93:47:9e:a3:d0:ca:a3:9d:57:05:8c:7e:9d:7a:ce:df:d5:10:63:2d:23:ba:29:d0:b8:31:e2:ae:73:b5:7f:08:56:46:6d:6a:bd:0b:7a:04:7b:3b:14:d4:bb:75:b1:28:48:a3:7e:83:34:03:90:8f:7c:56:c7:fe:e0:65:c9:8c:8a:15:c2:20:95:a7:9c:be:c7:39:e1:c8:24:c4:cd:5d:bc:16:50:02:f5:26:42:ad:e8:d3:65:ef:67:3f:b0:96:5b:e0:09:47:a2:e7:99:2d:c0:4e:17:bc:8d:8c:0e:cc:dc:fc:67:ad:53:05:8c:64:a7:62:60:72:cc:7f:b7:d4:e1:4f:aa:c6:db:19:ca:26:09:9d:fe:fd:97:4b:5d:32:49:35:69:b9:04:d3:8a:e5:05:dc:d1:5f:68:86:99:19:15:24:66:40:d1:79:89:b2:91:9b:ba:1c:8a:c1:d0:71:83:c8:65:f0:7f:a6:86:8c:7e:d8:2c:ff:08:3c:2d:05:da:a5:e5:20:10:69:af:c3:ba:a3:27:98:2d:4c:1b:b5:6f:fc:e9:d1:83:57:9e:bc:64:c9:80:ea:e5:92:00:b2:19:0e:45:42:e1:f3:8a:1a:52:a2:dd:97:75:cb:3c:95:06:9d:78:d5:d5:8a:7e:38:91:3c:07:e7:bf:55:ea:48:a5:5a:75:1e:66:62:ad:5b" - }, - "tcp.segments": { - "tcp.segment": "2493", - "tcp.segment": "2495", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1848", - "tcp.reassembled.data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:37:39:22:2c:20:4e:6f:6e:63:65:3d:22:64:66:63:47:4a:4c:77:65:4a:66:65:35:49:4e:55:49:32:30:34:47:67:51:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:72:39:79:69:59:66:73:69:4c:35:74:35:59:73:4d:5a:70:78:53:39:37:51:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a:25:45:3f:69:40:f2:26:7c:c1:e3:27:ba:40:2b:d9:27:5e:fc:db:54:6d:af:b3:f4:13:87:29:60:2d:8b:f6:ef:fe:50:4d:84:5e:cd:b6:19:af:a7:c6:08:14:0a:bf:14:dd:94:bc:bf:31:38:f0:a8:a4:a2:37:b8:66:67:f3:52:d4:ac:e5:02:dd:b8:4d:4f:e2:8f:97:ea:46:b3:f6:5a:ea:15:67:4e:e8:33:e3:14:94:40:8b:88:43:7b:79:2e:7f:dd:0c:ce:65:b6:b4:01:6d:62:6b:db:93:dd:ef:17:04:fb:75:8b:fb:24:96:f8:18:86:7a:6f:cc:25:10:8a:35:0d:bb:8e:8d:b2:c0:3e:05:52:63:0c:c0:9d:6d:6b:64:bb:b3:a3:ba:22:ce:5d:e7:1a:35:7a:3b:f5:14:d2:5b:1c:2f:6e:bc:1b:f5:6e:49:8f:2f:65:41:5f:8d:42:da:24:a2:e4:90:6b:83:f5:9f:77:d5:cd:a2:42:d7:33:aa:a5:cf:f5:9d:48:12:06:53:a4:1d:97:85:89:a8:82:ac:c9:a4:c2:6f:45:0a:3f:b2:93:af:11:0c:b8:6d:4d:cc:f2:ba:cd:ab:11:15:df:3a:2b:77:22:86:d7:46:53:b3:74:0e:a1:e1:28:74:9d:cf:81:2f:98:88:8c:d0:eb:a9:50:f4:a8:93:ca:32:c0:9a:c8:a6:ad:ba:09:5d:e7:45:2b:8e:36:2f:36:b0:42:f7:45:1a:15:76:76:41:7a:b3:50:2e:c8:73:36:37:f4:75:2d:00:78:c7:45:03:1d:e5:a6:04:ed:fd:21:c0:89:91:52:82:2c:6b:9d:e0:5a:a0:a1:a5:0d:bf:cb:79:5f:a9:06:85:0b:af:00:1f:25:c8:4b:ad:5f:07:44:57:2b:e6:d9:c5:e5:46:46:a8:e5:06:d5:1f:20:e4:60:d3:f5:eb:3b:ec:a3:60:c8:16:3d:7f:cf:f7:cb:9e:6a:cc:be:21:bf:f5:f3:af:84:38:22:a0:b5:ce:17:12:2f:e7:b3:25:e1:bf:be:c7:27:44:98:34:c6:f1:22:16:f2:05:44:65:8b:ad:6c:9b:ef:eb:c7:e8:a7:79:99:0b:fe:4b:e0:e3:11:6e:9d:56:8d:ff:aa:8c:8e:8f:35:d6:5e:97:ef:36:99:cb:7f:e4:fb:89:77:4a:d0:50:02:9f:06:54:c0:f5:de:71:5c:15:48:10:c4:c5:cd:9e:d8:4b:58:22:56:56:22:c1:89:29:3b:ec:8c:77:ea:ad:cb:a4:84:99:f5:65:b3:d0:1b:3b:df:68:de:70:07:51:ea:da:b7:64:ef:f3:7c:ba:cd:59:3e:6e:3c:9e:5f:6b:e4:2d:f7:12:af:b6:24:f8:08:f2:d5:a9:bb:63:6d:f0:ac:f7:b5:4b:cb:4e:c0:a8:0d:11:0d:b2:6a:89:eb:58:a8:13:ee:0b:e7:66:1f:25:3e:dd:9d:bb:de:13:d6:0f:b0:10:04:c8:08:75:d8:2a:41:dd:36:6f:8d:58:49:13:16:23:46:d9:0d:e1:a5:91:cc:8d:5d:28:5a:c3:f5:37:86:14:be:5d:69:8b:4e:8d:be:73:f2:96:04:3f:6b:01:db:51:ab:f6:ce:a5:c0:43:a2:2f:b8:4b:54:76:d4:40:d7:6a:5a:08:a9:81:ff:6b:f1:a5:f6:f4:12:8a:04:55:66:0f:3a:a4:58:b5:a5:66:6e:02:dd:b3:5b:68:84:12:db:8f:01:d6:38:bf:3f:15:38:c4:58:3f:7e:33:d3:f9:66:9c:d6:e2:a5:fe:21:d0:0d:92:cf:e4:84:e1:ec:07:f0:62:06:7d:5b:9c:1a:99:0e:df:84:d3:79:70:e7:9a:58:26:da:b5:78:7b:75:11:14:94:51:36:6a:cc:e6:d8:31:a8:8d:aa:12:93:86:1e:ee:64:ec:a1:0d:5b:ac:72:ec:49:83:8d:41:ad:b5:fb:65:99:eb:c6:ef:07:3d:05:d4:dc:4a:67:78:23:72:e1:25:e5:d1:a1:ae:fd:bd:59:b2:4e:77:89:3b:01:f2:7e:70:94:21:5a:20:9f:2b:78:e7:5f:41:86:f4:e5:87:b7:ce:65:66:4a:d4:9e:5a:b7:e4:c2:de:6f:e2:69:39:77:cc:ce:96:54:bf:18:76:fd:f4:13:f9:8a:72:ba:fa:18:17:77:01:39:fe:e7:68:ec:48:02:98:60:64:71:e5:6b:69:81:82:69:ba:b2:51:38:d3:5c:90:2c:fd:17:84:29:ba:0f:2d:14:9f:f7:83:5d:04:0c:6e:3f:c5:71:2a:4a:55:64:1b:1b:7d:7a:56:1d:94:da:0f:9d:91:e4:2f:ae:97:c4:0b:5f:4b:79:20:0d:6a:f6:a1:8b:35:36:db:59:3f:ff:48:b2:92:39:04:18:29:d8:05:49:b7:f6:5e:e2:ae:d8:4a:9c:af:ba:34:1d:12:87:9b:7d:53:8d:70:f1:fe:ae:cd:27:90:a4:53:75:8a:27:fc:7b:fc:a5:2a:6c:46:c5:a2:50:64:4b:40:e8:f0:22:13:5e:cb:9d:ff:53:fe:b2:5b:50:c5:79:81:f3:cb:e6:07:7a:84:93:47:9e:a3:d0:ca:a3:9d:57:05:8c:7e:9d:7a:ce:df:d5:10:63:2d:23:ba:29:d0:b8:31:e2:ae:73:b5:7f:08:56:46:6d:6a:bd:0b:7a:04:7b:3b:14:d4:bb:75:b1:28:48:a3:7e:83:34:03:90:8f:7c:56:c7:fe:e0:65:c9:8c:8a:15:c2:20:95:a7:9c:be:c7:39:e1:c8:24:c4:cd:5d:bc:16:50:02:f5:26:42:ad:e8:d3:65:ef:67:3f:b0:96:5b:e0:09:47:a2:e7:99:2d:c0:4e:17:bc:8d:8c:0e:cc:dc:fc:67:ad:53:05:8c:64:a7:62:60:72:cc:7f:b7:d4:e1:4f:aa:c6:db:19:ca:26:09:9d:fe:fd:97:4b:5d:32:49:35:69:b9:04:d3:8a:e5:05:dc:d1:5f:68:86:99:19:15:24:66:40:d1:79:89:b2:91:9b:ba:1c:8a:c1:d0:71:83:c8:65:f0:7f:a6:86:8c:7e:d8:2c:ff:08:3c:2d:05:da:a5:e5:20:10:69:af:c3:ba:a3:27:98:2d:4c:1b:b5:6f:fc:e9:d1:83:57:9e:bc:64:c9:80:ea:e5:92:00:b2:19:0e:45:42:e1:f3:8a:1a:52:a2:dd:97:75:cb:3c:95:06:9d:78:d5:d5:8a:7e:38:91:3c:07:e7:bf:55:ea:48:a5:5a:75:1e:66:62:ad:5b" - }, - "http": { - "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "POST", - "http.request.uri": "\/DcpRequestHandler\/index.ashx", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "dcp.cpp.philips.com:80", - "http.request.line": "Host: dcp.cpp.philips.com:80\r\n", - "http.authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"179\", Nonce=\"dfcGJLweJfe5INUI204GgQ==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"r9yiYfsiL5t5YsMZpxS97Q==\"", - "http.request.line": "Authorization: CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"179\", Nonce=\"dfcGJLweJfe5INUI204GgQ==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"r9yiYfsiL5t5YsMZpxS97Q==\"\r\n", - "http.content_length_header": "1248 ", - "http.content_length_header_tree": { - "http.content_length": "1248" - }, - "http.request.line": "Content-Length: 1248 \r\n", - "http.content_type": "application\/CB-Encrypted; cipher=AES", - "http.request.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", - "http.connection": "close", - "http.request.line": "Connection: close\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/dcp.cpp.philips.com:80\/DcpRequestHandler\/index.ashx", - "http.request": "1", - "http.request_number": "1", - "http.file_data": "%E?i@\u00ef\u00bf\u00bd&|\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd'\u00ef\u00bf\u00bd@+\u00ef\u00bf\u00bd'^\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdTm\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0013\u00ef\u00bf\u00bd)`-\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdPM\u00ef\u00bf\u00bd^\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0019\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\b\u0014\n\u00ef\u00bf\u00bd\u0014\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd18\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd7\u00ef\u00bf\u00bdfg\u00ef\u00bf\u00bdR\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0002\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdMO\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdF\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdZ\u00ef\u00bf\u00bd\u0015gN\u00ef\u00bf\u00bd3\u00ef\u00bf\u00bd\u0014\u00ef\u00bf\u00bd@\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdC{y.\u007f\u00ef\u00bf\u00bd\f\u00ef\u00bf\u00bde\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0001mbk\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0017\u0004\u00ef\u00bf\u00bdu\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd$\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0018\u00ef\u00bf\u00bdzo\u00ef\u00bf\u00bd%\u0010\u00ef\u00bf\u00bd5\r\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd>\u0005Rc\f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdmkd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\"\u00ef\u00bf\u00bd]\u00ef\u00bf\u00bd\u001a5z;\u00ef\u00bf\u00bd\u0014\u00ef\u00bf\u00bd[\u001c\/n\u00ef\u00bf\u00bd\u001b\u00ef\u00bf\u00bdnI\u00ef\u00bf\u00bd\/eA_\u00ef\u00bf\u00bdB\u00ef\u00bf\u00bd$\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdk\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdw\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdB\u00ef\u00bf\u00bd3\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdH\u0012\u0006S\u00ef\u00bf\u00bd\u001d\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdoE\n?\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0011\f\u00ef\u00bf\u00bdmM\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0011\u0015\u00ef\u00bf\u00bd:+w\"\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdFS\u00ef\u00bf\u00bdt\u000e\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd(t\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\/\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdP\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd2\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\t]\u00ef\u00bf\u00bdE+\u00ef\u00bf\u00bd6\/6\u00ef\u00bf\u00bdB\u00ef\u00bf\u00bdE\u001a\u0015vvAz\u00ef\u00bf\u00bdP.\u00ef\u00bf\u00bds67\u00ef\u00bf\u00bdu-" - }, - "media": { - "media.type": "25:45:3f:69:40:f2:26:7c:c1:e3:27:ba:40:2b:d9:27:5e:fc:db:54:6d:af:b3:f4:13:87:29:60:2d:8b:f6:ef:fe:50:4d:84:5e:cd:b6:19:af:a7:c6:08:14:0a:bf:14:dd:94:bc:bf:31:38:f0:a8:a4:a2:37:b8:66:67:f3:52:d4:ac:e5:02:dd:b8:4d:4f:e2:8f:97:ea:46:b3:f6:5a:ea:15:67:4e:e8:33:e3:14:94:40:8b:88:43:7b:79:2e:7f:dd:0c:ce:65:b6:b4:01:6d:62:6b:db:93:dd:ef:17:04:fb:75:8b:fb:24:96:f8:18:86:7a:6f:cc:25:10:8a:35:0d:bb:8e:8d:b2:c0:3e:05:52:63:0c:c0:9d:6d:6b:64:bb:b3:a3:ba:22:ce:5d:e7:1a:35:7a:3b:f5:14:d2:5b:1c:2f:6e:bc:1b:f5:6e:49:8f:2f:65:41:5f:8d:42:da:24:a2:e4:90:6b:83:f5:9f:77:d5:cd:a2:42:d7:33:aa:a5:cf:f5:9d:48:12:06:53:a4:1d:97:85:89:a8:82:ac:c9:a4:c2:6f:45:0a:3f:b2:93:af:11:0c:b8:6d:4d:cc:f2:ba:cd:ab:11:15:df:3a:2b:77:22:86:d7:46:53:b3:74:0e:a1:e1:28:74:9d:cf:81:2f:98:88:8c:d0:eb:a9:50:f4:a8:93:ca:32:c0:9a:c8:a6:ad:ba:09:5d:e7:45:2b:8e:36:2f:36:b0:42:f7:45:1a:15:76:76:41:7a:b3:50:2e:c8:73:36:37:f4:75:2d:00:78:c7:45:03:1d:e5:a6:04:ed:fd:21:c0:89:91:52:82:2c:6b:9d:e0:5a:a0:a1:a5:0d:bf:cb:79:5f:a9:06:85:0b:af:00:1f:25:c8:4b:ad:5f:07:44:57:2b:e6:d9:c5:e5:46:46:a8:e5:06:d5:1f:20:e4:60:d3:f5:eb:3b:ec:a3:60:c8:16:3d:7f:cf:f7:cb:9e:6a:cc:be:21:bf:f5:f3:af:84:38:22:a0:b5:ce:17:12:2f:e7:b3:25:e1:bf:be:c7:27:44:98:34:c6:f1:22:16:f2:05:44:65:8b:ad:6c:9b:ef:eb:c7:e8:a7:79:99:0b:fe:4b:e0:e3:11:6e:9d:56:8d:ff:aa:8c:8e:8f:35:d6:5e:97:ef:36:99:cb:7f:e4:fb:89:77:4a:d0:50:02:9f:06:54:c0:f5:de:71:5c:15:48:10:c4:c5:cd:9e:d8:4b:58:22:56:56:22:c1:89:29:3b:ec:8c:77:ea:ad:cb:a4:84:99:f5:65:b3:d0:1b:3b:df:68:de:70:07:51:ea:da:b7:64:ef:f3:7c:ba:cd:59:3e:6e:3c:9e:5f:6b:e4:2d:f7:12:af:b6:24:f8:08:f2:d5:a9:bb:63:6d:f0:ac:f7:b5:4b:cb:4e:c0:a8:0d:11:0d:b2:6a:89:eb:58:a8:13:ee:0b:e7:66:1f:25:3e:dd:9d:bb:de:13:d6:0f:b0:10:04:c8:08:75:d8:2a:41:dd:36:6f:8d:58:49:13:16:23:46:d9:0d:e1:a5:91:cc:8d:5d:28:5a:c3:f5:37:86:14:be:5d:69:8b:4e:8d:be:73:f2:96:04:3f:6b:01:db:51:ab:f6:ce:a5:c0:43:a2:2f:b8:4b:54:76:d4:40:d7:6a:5a:08:a9:81:ff:6b:f1:a5:f6:f4:12:8a:04:55:66:0f:3a:a4:58:b5:a5:66:6e:02:dd:b3:5b:68:84:12:db:8f:01:d6:38:bf:3f:15:38:c4:58:3f:7e:33:d3:f9:66:9c:d6:e2:a5:fe:21:d0:0d:92:cf:e4:84:e1:ec:07:f0:62:06:7d:5b:9c:1a:99:0e:df:84:d3:79:70:e7:9a:58:26:da:b5:78:7b:75:11:14:94:51:36:6a:cc:e6:d8:31:a8:8d:aa:12:93:86:1e:ee:64:ec:a1:0d:5b:ac:72:ec:49:83:8d:41:ad:b5:fb:65:99:eb:c6:ef:07:3d:05:d4:dc:4a:67:78:23:72:e1:25:e5:d1:a1:ae:fd:bd:59:b2:4e:77:89:3b:01:f2:7e:70:94:21:5a:20:9f:2b:78:e7:5f:41:86:f4:e5:87:b7:ce:65:66:4a:d4:9e:5a:b7:e4:c2:de:6f:e2:69:39:77:cc:ce:96:54:bf:18:76:fd:f4:13:f9:8a:72:ba:fa:18:17:77:01:39:fe:e7:68:ec:48:02:98:60:64:71:e5:6b:69:81:82:69:ba:b2:51:38:d3:5c:90:2c:fd:17:84:29:ba:0f:2d:14:9f:f7:83:5d:04:0c:6e:3f:c5:71:2a:4a:55:64:1b:1b:7d:7a:56:1d:94:da:0f:9d:91:e4:2f:ae:97:c4:0b:5f:4b:79:20:0d:6a:f6:a1:8b:35:36:db:59:3f:ff:48:b2:92:39:04:18:29:d8:05:49:b7:f6:5e:e2:ae:d8:4a:9c:af:ba:34:1d:12:87:9b:7d:53:8d:70:f1:fe:ae:cd:27:90:a4:53:75:8a:27:fc:7b:fc:a5:2a:6c:46:c5:a2:50:64:4b:40:e8:f0:22:13:5e:cb:9d:ff:53:fe:b2:5b:50:c5:79:81:f3:cb:e6:07:7a:84:93:47:9e:a3:d0:ca:a3:9d:57:05:8c:7e:9d:7a:ce:df:d5:10:63:2d:23:ba:29:d0:b8:31:e2:ae:73:b5:7f:08:56:46:6d:6a:bd:0b:7a:04:7b:3b:14:d4:bb:75:b1:28:48:a3:7e:83:34:03:90:8f:7c:56:c7:fe:e0:65:c9:8c:8a:15:c2:20:95:a7:9c:be:c7:39:e1:c8:24:c4:cd:5d:bc:16:50:02:f5:26:42:ad:e8:d3:65:ef:67:3f:b0:96:5b:e0:09:47:a2:e7:99:2d:c0:4e:17:bc:8d:8c:0e:cc:dc:fc:67:ad:53:05:8c:64:a7:62:60:72:cc:7f:b7:d4:e1:4f:aa:c6:db:19:ca:26:09:9d:fe:fd:97:4b:5d:32:49:35:69:b9:04:d3:8a:e5:05:dc:d1:5f:68:86:99:19:15:24:66:40:d1:79:89:b2:91:9b:ba:1c:8a:c1:d0:71:83:c8:65:f0:7f:a6:86:8c:7e:d8:2c:ff:08:3c:2d:05:da:a5:e5:20:10:69:af:c3:ba:a3:27:98:2d:4c:1b:b5:6f:fc:e9:d1:83:57:9e:bc:64:c9:80:ea:e5:92:00:b2:19:0e:45:42:e1:f3:8a:1a:52:a2:dd:97:75:cb:3c:95:06:9d:78:d5:d5:8a:7e:38:91:3c:07:e7:bf:55:ea:48:a5:5a:75:1e:66:62:ad:5b" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:27.980302000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494307.980302000", - "frame.time_delta": "0.136542000", - "frame.time_delta_displayed": "0.136542000", - "frame.time_relative": "716.519616000", - "frame.number": "2496", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000665d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x0000247e", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35290", - "tcp.port": "80", - "tcp.port": "35290", - "tcp.stream": "115", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1849", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00009e14", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2495", - "tcp.analysis.ack_rtt": "0.136542000", - "tcp.analysis.initial_rtt": "0.137197000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:27.983616000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494307.983616000", - "frame.time_delta": "0.003314000", - "frame.time_delta_displayed": "0.003314000", - "frame.time_relative": "716.522930000", - "frame.number": "2497", - "frame.len": "1434", - "frame.cap_len": "1434", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1420", - "ip.id": "0x00006733", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x00001e44", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35290", - "tcp.port": "80", - "tcp.port": "35290", - "tcp.stream": "115", - "tcp.len": "1380", - "tcp.seq": "1", - "tcp.nxtseq": "1381", - "tcp.ack": "1849", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00000a73", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.137197000", - "tcp.analysis.bytes_in_flight": "1380", - "tcp.analysis.push_bytes_sent": "1380" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:34:30:31:20:55:6e:61:75:74:68:6f:72:69:7a:65:64:0d:0a:43:61:63:68:65:2d:43:6f:6e:74:72:6f:6c:3a:20:70:72:69:76:61:74:65:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:74:65:78:74:2f:68:74:6d:6c:0d:0a:53:65:72:76:65:72:3a:20:4d:69:63:72:6f:73:6f:66:74:2d:49:49:53:2f:37:2e:35:0d:0a:57:57:57:2d:41:75:74:68:65:6e:74:69:63:61:74:65:3a:20:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:52:65:6e:65:77:4e:6f:6e:63:65:3d:22:54:72:75:65:22:2c:20:4e:6f:6e:63:65:3d:22:53:57:71:36:6f:34:66:2f:31:45:65:37:49:4e:55:49:5a:79:50:79:31:77:3d:3d:22:0d:0a:58:2d:41:73:70:4e:65:74:2d:56:65:72:73:69:6f:6e:3a:20:34:2e:30:2e:33:30:33:31:39:0d:0a:58:2d:50:6f:77:65:72:65:64:2d:42:79:3a:20:41:53:50:2e:4e:45:54:0d:0a:44:61:74:65:3a:20:54:75:65:2c:20:33:31:20:4f:63:74:20:32:30:31:37:20:32:33:3a:35:38:3a:32:37:20:47:4d:54:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:39:33:0d:0a:0d:0a:3c:21:44:4f:43:54:59:50:45:20:68:74:6d:6c:20:50:55:42:4c:49:43:20:22:2d:2f:2f:57:33:43:2f:2f:44:54:44:20:58:48:54:4d:4c:20:31:2e:30:20:53:74:72:69:63:74:2f:2f:45:4e:22:20:22:68:74:74:70:3a:2f:2f:77:77:77:2e:77:33:2e:6f:72:67:2f:54:52:2f:78:68:74:6d:6c:31:2f:44:54:44:2f:78:68:74:6d:6c:31:2d:73:74:72:69:63:74:2e:64:74:64:22:3e:0d:0a:3c:68:74:6d:6c:20:78:6d:6c:6e:73:3d:22:68:74:74:70:3a:2f:2f:77:77:77:2e:77:33:2e:6f:72:67:2f:31:39:39:39:2f:78:68:74:6d:6c:22:3e:0d:0a:3c:68:65:61:64:3e:0d:0a:3c:6d:65:74:61:20:68:74:74:70:2d:65:71:75:69:76:3d:22:43:6f:6e:74:65:6e:74:2d:54:79:70:65:22:20:63:6f:6e:74:65:6e:74:3d:22:74:65:78:74:2f:68:74:6d:6c:3b:20:63:68:61:72:73:65:74:3d:69:73:6f:2d:38:38:35:39:2d:31:22:2f:3e:0d:0a:3c:74:69:74:6c:65:3e:34:30:31:20:2d:20:55:6e:61:75:74:68:6f:72:69:7a:65:64:3a:20:41:63:63:65:73:73:20:69:73:20:64:65:6e:69:65:64:20:64:75:65:20:74:6f:20:69:6e:76:61:6c:69:64:20:63:72:65:64:65:6e:74:69:61:6c:73:2e:3c:2f:74:69:74:6c:65:3e:0d:0a:3c:73:74:79:6c:65:20:74:79:70:65:3d:22:74:65:78:74:2f:63:73:73:22:3e:0d:0a:3c:21:2d:2d:0d:0a:62:6f:64:79:7b:6d:61:72:67:69:6e:3a:30:3b:66:6f:6e:74:2d:73:69:7a:65:3a:2e:37:65:6d:3b:66:6f:6e:74:2d:66:61:6d:69:6c:79:3a:56:65:72:64:61:6e:61:2c:20:41:72:69:61:6c:2c:20:48:65:6c:76:65:74:69:63:61:2c:20:73:61:6e:73:2d:73:65:72:69:66:3b:62:61:63:6b:67:72:6f:75:6e:64:3a:23:45:45:45:45:45:45:3b:7d:0d:0a:66:69:65:6c:64:73:65:74:7b:70:61:64:64:69:6e:67:3a:30:20:31:35:70:78:20:31:30:70:78:20:31:35:70:78:3b:7d:20:0d:0a:68:31:7b:66:6f:6e:74:2d:73:69:7a:65:3a:32:2e:34:65:6d:3b:6d:61:72:67:69:6e:3a:30:3b:63:6f:6c:6f:72:3a:23:46:46:46:3b:7d:0d:0a:68:32:7b:66:6f:6e:74:2d:73:69:7a:65:3a:31:2e:37:65:6d:3b:6d:61:72:67:69:6e:3a:30:3b:63:6f:6c:6f:72:3a:23:43:43:30:30:30:30:3b:7d:20:0d:0a:68:33:7b:66:6f:6e:74:2d:73:69:7a:65:3a:31:2e:32:65:6d:3b:6d:61:72:67:69:6e:3a:31:30:70:78:20:30:20:30:20:30:3b:63:6f:6c:6f:72:3a:23:30:30:30:30:30:30:3b:7d:20:0d:0a:23:68:65:61:64:65:72:7b:77:69:64:74:68:3a:39:36:25:3b:6d:61:72:67:69:6e:3a:30:20:30:20:30:20:30:3b:70:61:64:64:69:6e:67:3a:36:70:78:20:32:25:20:36:70:78:20:32:25:3b:66:6f:6e:74:2d:66:61:6d:69:6c:79:3a:22:74:72:65:62:75:63:68:65:74:20:4d:53:22:2c:20:56:65:72:64:61:6e:61:2c:20:73:61:6e:73:2d:73:65:72:69:66:3b:63:6f:6c:6f:72:3a:23:46:46:46:3b:0d:0a:62:61:63:6b:67:72:6f:75:6e:64:2d:63:6f:6c:6f:72:3a:23:35:35:35:35:35:35:3b:7d:0d:0a:23:63:6f:6e:74:65:6e:74:7b:6d:61:72:67:69:6e:3a:30:20:30:20:30:20:32:25:3b:70:6f:73:69:74:69:6f:6e:3a:72:65:6c:61:74:69:76:65:3b:7d:0d:0a:2e:63:6f:6e:74:65:6e:74:2d:63:6f:6e:74:61:69:6e:65:72:7b:62:61:63:6b:67:72:6f:75:6e:64:3a:23:46:46:46:3b:77:69:64:74:68:3a:39:36:25:3b:6d:61:72:67:69:6e:2d:74:6f:70:3a:38:70:78:3b:70:61:64:64:69:6e:67:3a:31:30:70:78:3b:70:6f:73:69:74:69:6f:6e:3a:72:65:6c:61:74:69:76:65:3b:7d:0d:0a:2d:2d:3e:0d:0a:3c:2f:73:74:79:6c:65:3e:0d:0a:3c:2f:68:65:61:64:3e:0d:0a:3c:62:6f:64:79:3e:0d:0a:3c:64:69:76:20:69:64:3d:22:68:65:61:64:65:72:22:3e:3c:68:31:3e:53:65:72:76:65:72:20:45:72:72:6f:72:3c:2f:68:31:3e:3c:2f:64:69:76:3e:0d:0a:3c:64:69:76:20:69:64:3d:22:63:6f:6e:74:65:6e:74:22:3e:0d:0a:20:3c:64:69:76:20:63:6c:61:73:73:3d:22:63:6f:6e:74:65:6e:74:2d:63:6f:6e:74:61:69:6e:65:72:22:3e:3c:66:69:65:6c:64:73" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:27.983639000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494307.983639000", - "frame.time_delta": "0.000023000", - "frame.time_delta_displayed": "0.000023000", - "frame.time_relative": "716.522953000", - "frame.number": "2498", - "frame.len": "134", - "frame.cap_len": "134", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "120", - "ip.id": "0x00006734", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x00002357", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35290", - "tcp.port": "80", - "tcp.port": "35290", - "tcp.stream": "115", - "tcp.len": "80", - "tcp.seq": "1381", - "tcp.nxtseq": "1461", - "tcp.ack": "1849", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000055f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.137197000", - "tcp.analysis.bytes_in_flight": "1460", - "tcp.analysis.push_bytes_sent": "1460" - }, - "tcp.segment_data": "65:74:3e:0d:0a:20:20:3c:68:32:3e:34:30:31:20:2d:20:55:6e:61:75:74:68:6f:72:69:7a:65:64:3a:20:41:63:63:65:73:73:20:69:73:20:64:65:6e:69:65:64:20:64:75:65:20:74:6f:20:69:6e:76:61:6c:69:64:20:63:72:65:64:65:6e:74:69:61:6c:73:2e:3c:2f:68:32:3e" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:27.983721000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494307.983721000", - "frame.time_delta": "0.000082000", - "frame.time_delta_displayed": "0.000082000", - "frame.time_relative": "716.523035000", - "frame.number": "2499", - "frame.len": "213", - "frame.cap_len": "213", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:data-text-lines" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "199", - "ip.id": "0x00006735", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x00002307", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35290", - "tcp.port": "80", - "tcp.port": "35290", - "tcp.stream": "115", - "tcp.len": "159", - "tcp.seq": "1461", - "tcp.nxtseq": "1620", - "tcp.ack": "1849", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00003293", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.137197000", - "tcp.analysis.bytes_in_flight": "1619", - "tcp.analysis.push_bytes_sent": "159" - }, - "tcp.segment_data": "0d:0a:20:20:3c:68:33:3e:59:6f:75:20:64:6f:20:6e:6f:74:20:68:61:76:65:20:70:65:72:6d:69:73:73:69:6f:6e:20:74:6f:20:76:69:65:77:20:74:68:69:73:20:64:69:72:65:63:74:6f:72:79:20:6f:72:20:70:61:67:65:20:75:73:69:6e:67:20:74:68:65:20:63:72:65:64:65:6e:74:69:61:6c:73:20:74:68:61:74:20:79:6f:75:20:73:75:70:70:6c:69:65:64:2e:3c:2f:68:33:3e:0d:0a:20:3c:2f:66:69:65:6c:64:73:65:74:3e:3c:2f:64:69:76:3e:0d:0a:3c:2f:64:69:76:3e:0d:0a:3c:2f:62:6f:64:79:3e:0d:0a:3c:2f:68:74:6d:6c:3e:0d:0a" - }, - "tcp.segments": { - "tcp.segment": "2497", - "tcp.segment": "2498", - "tcp.segment": "2499", - "tcp.segment.count": "3", - "tcp.reassembled.length": "1619", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:34:30:31:20:55:6e:61:75:74:68:6f:72:69:7a:65:64:0d:0a:43:61:63:68:65:2d:43:6f:6e:74:72:6f:6c:3a:20:70:72:69:76:61:74:65:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:74:65:78:74:2f:68:74:6d:6c:0d:0a:53:65:72:76:65:72:3a:20:4d:69:63:72:6f:73:6f:66:74:2d:49:49:53:2f:37:2e:35:0d:0a:57:57:57:2d:41:75:74:68:65:6e:74:69:63:61:74:65:3a:20:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:52:65:6e:65:77:4e:6f:6e:63:65:3d:22:54:72:75:65:22:2c:20:4e:6f:6e:63:65:3d:22:53:57:71:36:6f:34:66:2f:31:45:65:37:49:4e:55:49:5a:79:50:79:31:77:3d:3d:22:0d:0a:58:2d:41:73:70:4e:65:74:2d:56:65:72:73:69:6f:6e:3a:20:34:2e:30:2e:33:30:33:31:39:0d:0a:58:2d:50:6f:77:65:72:65:64:2d:42:79:3a:20:41:53:50:2e:4e:45:54:0d:0a:44:61:74:65:3a:20:54:75:65:2c:20:33:31:20:4f:63:74:20:32:30:31:37:20:32:33:3a:35:38:3a:32:37:20:47:4d:54:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:39:33:0d:0a:0d:0a:3c:21:44:4f:43:54:59:50:45:20:68:74:6d:6c:20:50:55:42:4c:49:43:20:22:2d:2f:2f:57:33:43:2f:2f:44:54:44:20:58:48:54:4d:4c:20:31:2e:30:20:53:74:72:69:63:74:2f:2f:45:4e:22:20:22:68:74:74:70:3a:2f:2f:77:77:77:2e:77:33:2e:6f:72:67:2f:54:52:2f:78:68:74:6d:6c:31:2f:44:54:44:2f:78:68:74:6d:6c:31:2d:73:74:72:69:63:74:2e:64:74:64:22:3e:0d:0a:3c:68:74:6d:6c:20:78:6d:6c:6e:73:3d:22:68:74:74:70:3a:2f:2f:77:77:77:2e:77:33:2e:6f:72:67:2f:31:39:39:39:2f:78:68:74:6d:6c:22:3e:0d:0a:3c:68:65:61:64:3e:0d:0a:3c:6d:65:74:61:20:68:74:74:70:2d:65:71:75:69:76:3d:22:43:6f:6e:74:65:6e:74:2d:54:79:70:65:22:20:63:6f:6e:74:65:6e:74:3d:22:74:65:78:74:2f:68:74:6d:6c:3b:20:63:68:61:72:73:65:74:3d:69:73:6f:2d:38:38:35:39:2d:31:22:2f:3e:0d:0a:3c:74:69:74:6c:65:3e:34:30:31:20:2d:20:55:6e:61:75:74:68:6f:72:69:7a:65:64:3a:20:41:63:63:65:73:73:20:69:73:20:64:65:6e:69:65:64:20:64:75:65:20:74:6f:20:69:6e:76:61:6c:69:64:20:63:72:65:64:65:6e:74:69:61:6c:73:2e:3c:2f:74:69:74:6c:65:3e:0d:0a:3c:73:74:79:6c:65:20:74:79:70:65:3d:22:74:65:78:74:2f:63:73:73:22:3e:0d:0a:3c:21:2d:2d:0d:0a:62:6f:64:79:7b:6d:61:72:67:69:6e:3a:30:3b:66:6f:6e:74:2d:73:69:7a:65:3a:2e:37:65:6d:3b:66:6f:6e:74:2d:66:61:6d:69:6c:79:3a:56:65:72:64:61:6e:61:2c:20:41:72:69:61:6c:2c:20:48:65:6c:76:65:74:69:63:61:2c:20:73:61:6e:73:2d:73:65:72:69:66:3b:62:61:63:6b:67:72:6f:75:6e:64:3a:23:45:45:45:45:45:45:3b:7d:0d:0a:66:69:65:6c:64:73:65:74:7b:70:61:64:64:69:6e:67:3a:30:20:31:35:70:78:20:31:30:70:78:20:31:35:70:78:3b:7d:20:0d:0a:68:31:7b:66:6f:6e:74:2d:73:69:7a:65:3a:32:2e:34:65:6d:3b:6d:61:72:67:69:6e:3a:30:3b:63:6f:6c:6f:72:3a:23:46:46:46:3b:7d:0d:0a:68:32:7b:66:6f:6e:74:2d:73:69:7a:65:3a:31:2e:37:65:6d:3b:6d:61:72:67:69:6e:3a:30:3b:63:6f:6c:6f:72:3a:23:43:43:30:30:30:30:3b:7d:20:0d:0a:68:33:7b:66:6f:6e:74:2d:73:69:7a:65:3a:31:2e:32:65:6d:3b:6d:61:72:67:69:6e:3a:31:30:70:78:20:30:20:30:20:30:3b:63:6f:6c:6f:72:3a:23:30:30:30:30:30:30:3b:7d:20:0d:0a:23:68:65:61:64:65:72:7b:77:69:64:74:68:3a:39:36:25:3b:6d:61:72:67:69:6e:3a:30:20:30:20:30:20:30:3b:70:61:64:64:69:6e:67:3a:36:70:78:20:32:25:20:36:70:78:20:32:25:3b:66:6f:6e:74:2d:66:61:6d:69:6c:79:3a:22:74:72:65:62:75:63:68:65:74:20:4d:53:22:2c:20:56:65:72:64:61:6e:61:2c:20:73:61:6e:73:2d:73:65:72:69:66:3b:63:6f:6c:6f:72:3a:23:46:46:46:3b:0d:0a:62:61:63:6b:67:72:6f:75:6e:64:2d:63:6f:6c:6f:72:3a:23:35:35:35:35:35:35:3b:7d:0d:0a:23:63:6f:6e:74:65:6e:74:7b:6d:61:72:67:69:6e:3a:30:20:30:20:30:20:32:25:3b:70:6f:73:69:74:69:6f:6e:3a:72:65:6c:61:74:69:76:65:3b:7d:0d:0a:2e:63:6f:6e:74:65:6e:74:2d:63:6f:6e:74:61:69:6e:65:72:7b:62:61:63:6b:67:72:6f:75:6e:64:3a:23:46:46:46:3b:77:69:64:74:68:3a:39:36:25:3b:6d:61:72:67:69:6e:2d:74:6f:70:3a:38:70:78:3b:70:61:64:64:69:6e:67:3a:31:30:70:78:3b:70:6f:73:69:74:69:6f:6e:3a:72:65:6c:61:74:69:76:65:3b:7d:0d:0a:2d:2d:3e:0d:0a:3c:2f:73:74:79:6c:65:3e:0d:0a:3c:2f:68:65:61:64:3e:0d:0a:3c:62:6f:64:79:3e:0d:0a:3c:64:69:76:20:69:64:3d:22:68:65:61:64:65:72:22:3e:3c:68:31:3e:53:65:72:76:65:72:20:45:72:72:6f:72:3c:2f:68:31:3e:3c:2f:64:69:76:3e:0d:0a:3c:64:69:76:20:69:64:3d:22:63:6f:6e:74:65:6e:74:22:3e:0d:0a:20:3c:64:69:76:20:63:6c:61:73:73:3d:22:63:6f:6e:74:65:6e:74:2d:63:6f:6e:74:61:69:6e:65:72:22:3e:3c:66:69:65:6c:64:73:65:74:3e:0d:0a:20:20:3c:68:32:3e:34:30:31:20:2d:20:55:6e:61:75:74:68:6f:72:69:7a:65:64:3a:20:41:63:63:65:73:73:20:69:73:20:64:65:6e:69:65:64:20:64:75:65:20:74:6f:20:69:6e:76:61:6c:69:64:20:63:72:65:64:65:6e:74:69:61:6c:73:2e:3c:2f:68:32:3e:0d:0a:20:20:3c:68:33:3e:59:6f:75:20:64:6f:20:6e:6f:74:20:68:61:76:65:20:70:65:72:6d:69:73:73:69:6f:6e:20:74:6f:20:76:69:65:77:20:74:68:69:73:20:64:69:72:65:63:74:6f:72:79:20:6f:72:20:70:61:67:65:20:75:73:69:6e:67:20:74:68:65:20:63:72:65:64:65:6e:74:69:61:6c:73:20:74:68:61:74:20:79:6f:75:20:73:75:70:70:6c:69:65:64:2e:3c:2f:68:33:3e:0d:0a:20:3c:2f:66:69:65:6c:64:73:65:74:3e:3c:2f:64:69:76:3e:0d:0a:3c:2f:64:69:76:3e:0d:0a:3c:2f:62:6f:64:79:3e:0d:0a:3c:2f:68:74:6d:6c:3e:0d:0a" - }, - "http": { - "HTTP\/1.1 401 Unauthorized\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 401 Unauthorized\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "401", - "http.response.phrase": "Unauthorized" - }, - "http.cache_control": "private", - "http.response.line": "Cache-Control: private\r\n", - "http.content_type": "text\/html", - "http.response.line": "Content-Type: text\/html\r\n", - "http.server": "Microsoft-IIS\/7.5", - "http.response.line": "Server: Microsoft-IIS\/7.5\r\n", - "http.www_authenticate": "CBAuth Type=\"SSO\", RenewNonce=\"True\", Nonce=\"SWq6o4f\/1Ee7INUIZyPy1w==\"", - "http.response.line": "WWW-Authenticate: CBAuth Type=\"SSO\", RenewNonce=\"True\", Nonce=\"SWq6o4f\/1Ee7INUIZyPy1w==\"\r\n", - "http.response.line": "X-AspNet-Version: 4.0.30319\r\n", - "http.response.line": "X-Powered-By: ASP.NET\r\n", - "http.date": "Tue, 31 Oct 2017 23:58:27 GMT", - "http.response.line": "Date: Tue, 31 Oct 2017 23:58:27 GMT\r\n", - "http.connection": "close", - "http.response.line": "Connection: close\r\n", - "http.content_length_header": "1293", - "http.content_length_header_tree": { - "http.content_length": "1293" - }, - "http.response.line": "Content-Length: 1293\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.139961000", - "http.request_in": "2495", - "http.file_data": "<!DOCTYPE html PUBLIC \"-\/\/W3C\/\/DTD XHTML 1.0 Strict\/\/EN\" \"http:\/\/www.w3.org\/TR\/xhtml1\/DTD\/xhtml1-strict.dtd\">\r\n<html xmlns=\"http:\/\/www.w3.org\/1999\/xhtml\">\r\n<head>\r\n<meta http-equiv=\"Content-Type\" content=\"text\/html; charset=iso-8859-1\"\/>\r\n<title>401 - Unauthorized: Access is denied due to invalid credentials.<\/title>\r\n<style type=\"text\/css\">\r\n<!--\r\nbody{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}\r\nfieldset{padding:0 15px 10px 15px;} \r\nh1{font-size:2.4em;margin:0;color:#FFF;}\r\nh2{font-size:1.7em;margin:0;color:#CC0000;} \r\nh3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} \r\n#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:\"trebuchet MS\", Verdana, sans-serif;color:#FFF;\r\nbackground-color:#555555;}\r\n#content{margin:0 0 0 2%;position:relative;}\r\n.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}\r\n-->\r\n<\/style>\r\n<\/head>\r\n<body>\r\n<div id=\"header\"><h1>Server Error<\/h1><\/div>\r\n<div id=\"content\">\r\n <div class=\"content-container\"><fieldset>\r\n <h2>401 - Unauthorized: Access is denied due to invalid credentials.<\/h2>\r\n <h3>You do not have permission to view this directory or page using the credentials that you supplied.<\/h3>\r\n <\/fieldset><\/div>\r\n<\/div>\r\n<\/body>\r\n<\/html>\r\n" - }, - "data-text-lines": { - "<!DOCTYPE html PUBLIC \"-\/\/W3C\/\/DTD XHTML 1.0 Strict\/\/EN\" \"http:\/\/www.w3.org\/TR\/xhtml1\/DTD\/xhtml1-strict.dtd\">\\r\\n": "", - "<html xmlns=\"http:\/\/www.w3.org\/1999\/xhtml\">\\r\\n": "", - "<head>\\r\\n": "", - "<meta http-equiv=\"Content-Type\" content=\"text\/html; charset=iso-8859-1\"\/>\\r\\n": "", - "<title>401 - Unauthorized: Access is denied due to invalid credentials.<\/title>\\r\\n": "", - "<style type=\"text\/css\">\\r\\n": "", - "<!--\\r\\n": "", - "body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}\\r\\n": "", - "fieldset{padding:0 15px 10px 15px;} \\r\\n": "", - "h1{font-size:2.4em;margin:0;color:#FFF;}\\r\\n": "", - "h2{font-size:1.7em;margin:0;color:#CC0000;} \\r\\n": "", - "h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} \\r\\n": "", - "#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:\"trebuchet MS\", Verdana, sans-serif;color:#FFF;\\r\\n": "", - "background-color:#555555;}\\r\\n": "", - "#content{margin:0 0 0 2%;position:relative;}\\r\\n": "", - ".content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}\\r\\n": "", - "-->\\r\\n": "", - "<\/style>\\r\\n": "", - "<\/head>\\r\\n": "", - "<body>\\r\\n": "", - "<div id=\"header\"><h1>Server Error<\/h1><\/div>\\r\\n": "", - "<div id=\"content\">\\r\\n": "", - " <div class=\"content-container\"><fieldset>\\r\\n": "", - " <h2>401 - Unauthorized: Access is denied due to invalid credentials.<\/h2>\\r\\n": "", - " <h3>You do not have permission to view this directory or page using the credentials that you supplied.<\/h3>\\r\\n": "", - " <\/fieldset><\/div>\\r\\n": "", - "<\/div>\\r\\n": "", - "<\/body>\\r\\n": "", - "<\/html>\\r\\n": "" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:27.983801000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494307.983801000", - "frame.time_delta": "0.000080000", - "frame.time_delta_displayed": "0.000080000", - "frame.time_relative": "716.523115000", - "frame.number": "2500", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00006737", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x000023a4", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35290", - "tcp.port": "80", - "tcp.port": "35290", - "tcp.stream": "115", - "tcp.len": "0", - "tcp.seq": "1620", - "tcp.ack": "1849", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x000097c0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:27.984224000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494307.984224000", - "frame.time_delta": "0.000423000", - "frame.time_delta_displayed": "0.000423000", - "frame.time_relative": "716.523538000", - "frame.number": "2501", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000a42d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000091ae", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35290", - "tcp.dstport": "80", - "tcp.port": "35290", - "tcp.port": "80", - "tcp.stream": "115", - "tcp.len": "0", - "tcp.seq": "1849", - "tcp.ack": "1381", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "31740", - "tcp.window_size": "31740", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00003418", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2497", - "tcp.analysis.ack_rtt": "0.000608000", - "tcp.analysis.initial_rtt": "0.137197000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:27.984237000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494307.984237000", - "frame.time_delta": "0.000013000", - "frame.time_delta_displayed": "0.000013000", - "frame.time_relative": "716.523551000", - "frame.number": "2502", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000a42e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000091ad", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35290", - "tcp.dstport": "80", - "tcp.port": "35290", - "tcp.port": "80", - "tcp.stream": "115", - "tcp.len": "0", - "tcp.seq": "1849", - "tcp.ack": "1461", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "31740", - "tcp.window_size": "31740", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x000033c8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2498", - "tcp.analysis.ack_rtt": "0.000598000", - "tcp.analysis.initial_rtt": "0.137197000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:27.984246000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494307.984246000", - "frame.time_delta": "0.000009000", - "frame.time_delta_displayed": "0.000009000", - "frame.time_relative": "716.523560000", - "frame.number": "2503", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000a42f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000091ac", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35290", - "tcp.dstport": "80", - "tcp.port": "35290", - "tcp.port": "80", - "tcp.stream": "115", - "tcp.len": "0", - "tcp.seq": "1849", - "tcp.ack": "1620", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "31740", - "tcp.window_size": "31740", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00003329", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2499", - "tcp.analysis.ack_rtt": "0.000525000", - "tcp.analysis.initial_rtt": "0.137197000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:27.984643000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494307.984643000", - "frame.time_delta": "0.000397000", - "frame.time_delta_displayed": "0.000397000", - "frame.time_relative": "716.523957000", - "frame.number": "2504", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000a430", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000091ab", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35290", - "tcp.dstport": "80", - "tcp.port": "35290", - "tcp.port": "80", - "tcp.stream": "115", - "tcp.len": "0", - "tcp.seq": "1849", - "tcp.ack": "1621", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "31740", - "tcp.window_size": "31740", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00003327", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2500", - "tcp.analysis.ack_rtt": "0.000842000", - "tcp.analysis.initial_rtt": "0.137197000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:27.985623000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494307.985623000", - "frame.time_delta": "0.000980000", - "frame.time_delta_displayed": "0.000980000", - "frame.time_relative": "716.524937000", - "frame.number": "2505", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x0000e7b1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000d108", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57893", - "udp.dstport": "53", - "udp.port": "57893", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x0000d406", - "udp.checksum.status": "2", - "udp.stream": "57" - }, - "dns": { - "dns.id": "0x00000f11", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:27.986233000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494307.986233000", - "frame.time_delta": "0.000610000", - "frame.time_delta_displayed": "0.000610000", - "frame.time_relative": "716.525547000", - "frame.number": "2506", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x00002730", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000918a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "57893", - "udp.port": "53", - "udp.port": "57893", - "udp.length": "45", - "udp.checksum": "0x00008230", - "udp.checksum.status": "2", - "udp.stream": "57" - }, - "dns": { - "dns.response_to": "2505", - "dns.time": "0.000610000", - "dns.id": "0x00000f11", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:27.987038000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494307.987038000", - "frame.time_delta": "0.000805000", - "frame.time_delta_displayed": "0.000805000", - "frame.time_relative": "716.526352000", - "frame.number": "2507", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x0000e7b2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000d107", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "59712", - "udp.dstport": "53", - "udp.port": "59712", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x0000e7ea", - "udp.checksum.status": "2", - "udp.stream": "58" - }, - "dns": { - "dns.id": "0x00000f12", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:27.987547000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494307.987547000", - "frame.time_delta": "0.000509000", - "frame.time_delta_displayed": "0.000509000", - "frame.time_relative": "716.526861000", - "frame.number": "2508", - "frame.len": "95", - "frame.cap_len": "95", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "81", - "ip.id": "0x00002731", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009179", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "59712", - "udp.port": "53", - "udp.port": "59712", - "udp.length": "61", - "udp.checksum": "0x00008240", - "udp.checksum.status": "2", - "udp.stream": "58" - }, - "dns": { - "dns.response_to": "2507", - "dns.time": "0.000509000", - "dns.id": "0x00000f12", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "1", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { - "dns.resp.name": "dcp.cpp.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3070", - "dns.resp.len": "4", - "dns.a": "5.79.62.93" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:27.988296000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494307.988296000", - "frame.time_delta": "0.000749000", - "frame.time_delta_displayed": "0.000749000", - "frame.time_relative": "716.527610000", - "frame.number": "2509", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001052", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000257e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35291", - "tcp.dstport": "80", - "tcp.port": "35291", - "tcp.port": "80", - "tcp.stream": "116", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000a553", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:28.120947000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494308.120947000", - "frame.time_delta": "0.132651000", - "frame.time_delta_displayed": "0.132651000", - "frame.time_relative": "716.660261000", - "frame.number": "2510", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000a3c2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x0000e718", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35290", - "tcp.port": "80", - "tcp.port": "35290", - "tcp.stream": "115", - "tcp.len": "0", - "tcp.seq": "1621", - "tcp.ack": "1850", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x000097bf", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2504", - "tcp.analysis.ack_rtt": "0.136304000", - "tcp.analysis.initial_rtt": "0.137197000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:28.123882000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494308.123882000", - "frame.time_delta": "0.002935000", - "frame.time_delta_displayed": "0.002935000", - "frame.time_relative": "716.663196000", - "frame.number": "2511", - "frame.len": "62", - "frame.cap_len": "62", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "48", - "ip.id": "0x000054b7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x0000361c", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35291", - "tcp.port": "80", - "tcp.port": "35291", - "tcp.stream": "116", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "28", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "4140", - "tcp.window_size": "4140", - "tcp.checksum": "0x00000de5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:64:04:02:00:00", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1380" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "End of Option List (EOL)": { - "tcp.options.type": "0", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "0" - } - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2509", - "tcp.analysis.ack_rtt": "0.135586000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:28.124372000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494308.124372000", - "frame.time_delta": "0.000490000", - "frame.time_delta_displayed": "0.000490000", - "frame.time_relative": "716.663686000", - "frame.number": "2512", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001053", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00002589", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35291", - "tcp.dstport": "80", - "tcp.port": "35291", - "tcp.port": "80", - "tcp.stream": "116", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000d773", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2511", - "tcp.analysis.ack_rtt": "0.000490000", - "tcp.analysis.initial_rtt": "0.136076000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:28.124386000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494308.124386000", - "frame.time_delta": "0.000014000", - "frame.time_delta_displayed": "0.000014000", - "frame.time_relative": "716.663700000", - "frame.number": "2513", - "frame.len": "654", - "frame.cap_len": "654", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "640", - "ip.id": "0x00001054", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00002330", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35291", - "tcp.dstport": "80", - "tcp.port": "35291", - "tcp.port": "80", - "tcp.stream": "116", - "tcp.len": "600", - "tcp.seq": "1", - "tcp.nxtseq": "601", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00007656", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.136076000", - "tcp.analysis.bytes_in_flight": "600", - "tcp.analysis.push_bytes_sent": "600" - }, - "tcp.segment_data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:38:30:22:2c:20:4e:6f:6e:63:65:3d:22:53:57:71:36:6f:34:66:2f:31:45:65:37:49:4e:55:49:5a:79:50:79:31:77:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:36:67:67:55:30:57:67:4f:6c:76:55:42:4c:52:79:48:63:52:66:59:59:77:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:28.260711000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494308.260711000", - "frame.time_delta": "0.136325000", - "frame.time_delta_displayed": "0.136325000", - "frame.time_relative": "716.800025000", - "frame.number": "2514", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00009413", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x0000f6c7", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35291", - "tcp.port": "80", - "tcp.port": "35291", - "tcp.stream": "116", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "601", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4740", - "tcp.window_size": "4740", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x000034a8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2513", - "tcp.analysis.ack_rtt": "0.136325000", - "tcp.analysis.initial_rtt": "0.136076000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:28.261326000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494308.261326000", - "frame.time_delta": "0.000615000", - "frame.time_delta_displayed": "0.000615000", - "frame.time_relative": "716.800640000", - "frame.number": "2515", - "frame.len": "1302", - "frame.cap_len": "1302", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:media" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1288", - "ip.id": "0x00001055", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000020a7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35291", - "tcp.dstport": "80", - "tcp.port": "35291", - "tcp.port": "80", - "tcp.stream": "116", - "tcp.len": "1248", - "tcp.seq": "601", - "tcp.nxtseq": "1849", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000fe72", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.136076000", - "tcp.analysis.bytes_in_flight": "1248", - "tcp.analysis.push_bytes_sent": "1248" - }, - "tcp.segment_data": "3a:ff:58:84:05:05:40:e8:ad:48:d7:87:63:0f:14:07:f6:c4:e5:3e:ad:26:d6:64:e6:1a:59:6f:e9:fc:cc:a5:7f:aa:b5:92:f3:d7:6e:84:5c:8d:da:7c:ea:d7:b4:2c:d8:3d:88:cc:6c:cb:20:a2:48:04:b0:75:3c:98:33:15:91:35:26:42:1d:a0:b3:d4:b4:22:ea:00:bd:ab:ea:c1:c0:1e:1a:a1:4f:8f:84:f8:e7:a3:a0:fd:c1:c5:c4:1f:c6:e6:bd:af:92:b5:a2:b7:04:8e:4e:e6:4a:94:24:de:04:0e:4e:3a:5f:05:d0:14:38:f5:26:38:f8:e1:c8:ce:97:44:aa:83:3b:2d:39:64:36:60:23:e8:4d:40:a1:01:b8:3b:4e:c4:65:a7:fc:cc:04:c5:09:c9:50:d7:92:a5:ab:4e:7a:18:11:3b:e3:17:27:1b:8f:4e:e1:47:68:47:28:7d:87:44:3d:13:67:a7:66:0d:24:78:69:b7:1b:ca:a0:a8:86:f5:69:f4:eb:74:a1:aa:ef:8d:6d:46:07:e8:bf:89:82:65:0d:dc:8b:35:c1:d6:b1:27:55:3a:c5:76:a6:a3:46:c0:59:0c:05:4b:93:8a:43:3e:df:66:c2:40:3b:89:e6:55:9b:29:af:d6:30:56:91:60:1c:0e:fd:12:03:98:f2:b4:d4:b4:b7:6a:0d:f8:bc:11:25:ca:04:d1:5a:cd:a7:0f:a6:c2:8d:f0:27:ea:d5:60:ca:9d:3d:ce:12:78:90:ad:36:71:a7:3d:4c:79:90:8e:10:87:60:87:9d:93:78:9e:d3:77:d5:00:d1:bd:85:fe:96:c2:76:dd:8c:d9:cb:77:3a:18:09:45:36:dc:e2:76:2b:9a:40:d2:82:ec:04:c8:02:53:bd:c9:55:df:a9:62:2e:a1:cd:b9:d0:aa:82:8c:9e:f7:70:15:95:35:f2:94:ec:94:a0:b5:19:fb:bd:70:59:43:fc:0f:61:d7:d7:e7:fe:ef:21:d1:67:10:ab:3e:81:88:38:64:e5:e8:e0:cf:8a:67:30:96:25:ff:6d:40:a9:7b:e5:e1:45:4a:f7:b6:3a:22:25:99:ee:ac:ec:69:0f:dc:7d:08:57:20:77:98:01:a8:4d:14:fd:da:03:14:2b:ad:b3:8c:b4:01:72:e5:ae:42:41:72:56:0f:ce:a9:28:67:51:ad:ff:da:25:19:e3:c0:79:36:aa:93:1e:0a:a0:e6:7c:b3:2c:7c:c7:a9:20:05:ef:a6:30:3c:13:52:f8:ed:a4:fe:94:9d:c9:73:32:2e:3d:80:87:d3:43:de:f2:5c:29:be:71:73:f4:51:f4:aa:a1:51:2e:9c:3c:83:1a:bf:8d:1f:84:c8:16:0c:b0:91:00:1a:8f:74:c3:ed:3f:29:61:0a:12:b5:ff:28:85:2e:18:4b:58:0e:eb:50:be:1b:15:69:e5:d9:2a:ea:a6:ad:ce:da:d7:90:63:13:be:c8:08:9f:ad:3d:86:1f:59:1b:6f:44:25:5e:87:b9:05:bb:3e:41:c4:7b:ae:64:a7:49:42:22:ba:01:0b:67:52:ea:a0:95:68:41:04:0b:d6:28:d4:1e:ef:e1:1b:1a:ab:09:d0:8a:a6:ff:06:65:39:f5:dc:0a:15:ef:0c:a4:88:f0:ce:74:ae:f1:87:75:1f:a1:3e:ce:8f:0c:b0:8b:37:8d:7b:0e:6a:ef:16:0d:2d:03:76:10:71:20:f8:ea:4f:1b:20:af:7a:f5:ca:6e:55:2a:72:2f:3c:fb:3d:22:1d:be:a7:3e:e9:86:05:e0:c7:82:c4:52:7f:64:b9:7c:c0:26:2d:27:ab:c0:4c:cd:ea:ec:8d:d6:be:c9:2e:0e:6c:d6:a3:21:89:1e:71:7c:07:14:94:4e:03:89:6c:05:6d:7c:e7:3c:41:30:f5:58:f9:3e:0b:bb:08:f6:e8:c5:57:b9:bb:6f:8a:98:cb:23:8f:fb:a0:48:48:23:4c:11:03:0e:4f:4f:72:7a:82:3a:11:6b:25:60:23:cf:04:e6:e5:66:81:82:f3:53:ff:65:c6:ce:4e:85:32:a6:2e:e2:e9:65:97:fc:37:f9:5c:80:8c:8e:de:b0:37:75:d8:4b:1a:ab:47:9e:b4:5d:e4:74:76:8e:b9:c3:a5:9e:ea:12:40:78:00:e8:68:2d:f0:e7:6b:b5:16:81:f5:41:76:3b:69:c1:8a:8c:40:d9:ee:19:10:1e:2d:98:43:d7:6a:da:21:c5:9c:b0:e2:07:db:6a:eb:58:89:de:07:3d:4b:49:db:e2:0a:04:68:ab:93:63:f8:35:1a:43:94:a4:df:00:81:a7:37:a1:49:ef:bb:b9:65:0b:f9:93:56:bf:0d:10:85:a9:a5:0c:2d:8e:35:ba:c3:2e:b7:8a:3e:03:05:cd:9e:82:05:32:62:df:85:10:93:11:50:06:9d:ed:4a:0e:39:db:2e:62:a8:b0:e3:cd:28:bd:33:ad:a4:ad:1d:83:21:fa:99:06:8b:af:40:81:9d:4a:2d:d1:ac:8e:58:23:dd:01:95:95:9f:a9:f6:9f:0d:cf:ec:6d:2d:1d:76:2c:9c:16:9f:ab:2a:59:3c:b1:f3:68:f9:5b:ad:28:ff:83:29:e9:0e:0c:d6:79:1c:85:66:6a:49:0c:65:7a:22:10:7b:b6:6f:7e:c4:9a:12:1d:f6:2c:2f:62:0d:69:09:2e:c9:64:cf:6c:90:e0:3e:9f:b9:33:b9:38:e9:14:38:6b:d9:d6:06:f7:c7:7c:48:2e:8d:79:95:ec:3f:30:2b:34:fc:27:ae:69:f7:08:61:4d:66:26:9b:0b:31:36:b8:b8:db:e9:be:a0:31:4c:3f:8e:93:6a:8d:75:af:fa:43:5c:cd:79:85:dc:c1:91:90:e6:4c:bf:81:66:05:1f:2b:81:1f:f4:0f:29:ac:f0:79:91:04:98:69:9c:6d:44:2f:cf:0e:74:ef:cf:b6:65:28:89:3f:0f:e5:e6:c2:f4:3a:a5:ec:01:f3:83:19:62:a6:83:e6:89:58:18:6c:40:6d:36:79:28:94:89:b9:00:39:8a:11:94:9e:6a:99:ed:4b:5f:b9:3b:2b:0a:d3:8f:1f:e6:77:0f:b6:97:b3:c9:38:2c:10:7e:5f:3b:a7:8f:ad:5d:20:92:07:cc:92:31:49:dc:4d:75:a8:65:5c:f8:57:53:f7:ed:17:3d:46:76:0c:2c:66:32:b6:05:7f:89:89:15:19:a9:bd:a0:2a:79:09:48:d3:45:5f:0f:37:d8:ad:be:2d:31:34:06" - }, - "tcp.segments": { - "tcp.segment": "2513", - "tcp.segment": "2515", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1848", - "tcp.reassembled.data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:38:30:22:2c:20:4e:6f:6e:63:65:3d:22:53:57:71:36:6f:34:66:2f:31:45:65:37:49:4e:55:49:5a:79:50:79:31:77:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:36:67:67:55:30:57:67:4f:6c:76:55:42:4c:52:79:48:63:52:66:59:59:77:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a:3a:ff:58:84:05:05:40:e8:ad:48:d7:87:63:0f:14:07:f6:c4:e5:3e:ad:26:d6:64:e6:1a:59:6f:e9:fc:cc:a5:7f:aa:b5:92:f3:d7:6e:84:5c:8d:da:7c:ea:d7:b4:2c:d8:3d:88:cc:6c:cb:20:a2:48:04:b0:75:3c:98:33:15:91:35:26:42:1d:a0:b3:d4:b4:22:ea:00:bd:ab:ea:c1:c0:1e:1a:a1:4f:8f:84:f8:e7:a3:a0:fd:c1:c5:c4:1f:c6:e6:bd:af:92:b5:a2:b7:04:8e:4e:e6:4a:94:24:de:04:0e:4e:3a:5f:05:d0:14:38:f5:26:38:f8:e1:c8:ce:97:44:aa:83:3b:2d:39:64:36:60:23:e8:4d:40:a1:01:b8:3b:4e:c4:65:a7:fc:cc:04:c5:09:c9:50:d7:92:a5:ab:4e:7a:18:11:3b:e3:17:27:1b:8f:4e:e1:47:68:47:28:7d:87:44:3d:13:67:a7:66:0d:24:78:69:b7:1b:ca:a0:a8:86:f5:69:f4:eb:74:a1:aa:ef:8d:6d:46:07:e8:bf:89:82:65:0d:dc:8b:35:c1:d6:b1:27:55:3a:c5:76:a6:a3:46:c0:59:0c:05:4b:93:8a:43:3e:df:66:c2:40:3b:89:e6:55:9b:29:af:d6:30:56:91:60:1c:0e:fd:12:03:98:f2:b4:d4:b4:b7:6a:0d:f8:bc:11:25:ca:04:d1:5a:cd:a7:0f:a6:c2:8d:f0:27:ea:d5:60:ca:9d:3d:ce:12:78:90:ad:36:71:a7:3d:4c:79:90:8e:10:87:60:87:9d:93:78:9e:d3:77:d5:00:d1:bd:85:fe:96:c2:76:dd:8c:d9:cb:77:3a:18:09:45:36:dc:e2:76:2b:9a:40:d2:82:ec:04:c8:02:53:bd:c9:55:df:a9:62:2e:a1:cd:b9:d0:aa:82:8c:9e:f7:70:15:95:35:f2:94:ec:94:a0:b5:19:fb:bd:70:59:43:fc:0f:61:d7:d7:e7:fe:ef:21:d1:67:10:ab:3e:81:88:38:64:e5:e8:e0:cf:8a:67:30:96:25:ff:6d:40:a9:7b:e5:e1:45:4a:f7:b6:3a:22:25:99:ee:ac:ec:69:0f:dc:7d:08:57:20:77:98:01:a8:4d:14:fd:da:03:14:2b:ad:b3:8c:b4:01:72:e5:ae:42:41:72:56:0f:ce:a9:28:67:51:ad:ff:da:25:19:e3:c0:79:36:aa:93:1e:0a:a0:e6:7c:b3:2c:7c:c7:a9:20:05:ef:a6:30:3c:13:52:f8:ed:a4:fe:94:9d:c9:73:32:2e:3d:80:87:d3:43:de:f2:5c:29:be:71:73:f4:51:f4:aa:a1:51:2e:9c:3c:83:1a:bf:8d:1f:84:c8:16:0c:b0:91:00:1a:8f:74:c3:ed:3f:29:61:0a:12:b5:ff:28:85:2e:18:4b:58:0e:eb:50:be:1b:15:69:e5:d9:2a:ea:a6:ad:ce:da:d7:90:63:13:be:c8:08:9f:ad:3d:86:1f:59:1b:6f:44:25:5e:87:b9:05:bb:3e:41:c4:7b:ae:64:a7:49:42:22:ba:01:0b:67:52:ea:a0:95:68:41:04:0b:d6:28:d4:1e:ef:e1:1b:1a:ab:09:d0:8a:a6:ff:06:65:39:f5:dc:0a:15:ef:0c:a4:88:f0:ce:74:ae:f1:87:75:1f:a1:3e:ce:8f:0c:b0:8b:37:8d:7b:0e:6a:ef:16:0d:2d:03:76:10:71:20:f8:ea:4f:1b:20:af:7a:f5:ca:6e:55:2a:72:2f:3c:fb:3d:22:1d:be:a7:3e:e9:86:05:e0:c7:82:c4:52:7f:64:b9:7c:c0:26:2d:27:ab:c0:4c:cd:ea:ec:8d:d6:be:c9:2e:0e:6c:d6:a3:21:89:1e:71:7c:07:14:94:4e:03:89:6c:05:6d:7c:e7:3c:41:30:f5:58:f9:3e:0b:bb:08:f6:e8:c5:57:b9:bb:6f:8a:98:cb:23:8f:fb:a0:48:48:23:4c:11:03:0e:4f:4f:72:7a:82:3a:11:6b:25:60:23:cf:04:e6:e5:66:81:82:f3:53:ff:65:c6:ce:4e:85:32:a6:2e:e2:e9:65:97:fc:37:f9:5c:80:8c:8e:de:b0:37:75:d8:4b:1a:ab:47:9e:b4:5d:e4:74:76:8e:b9:c3:a5:9e:ea:12:40:78:00:e8:68:2d:f0:e7:6b:b5:16:81:f5:41:76:3b:69:c1:8a:8c:40:d9:ee:19:10:1e:2d:98:43:d7:6a:da:21:c5:9c:b0:e2:07:db:6a:eb:58:89:de:07:3d:4b:49:db:e2:0a:04:68:ab:93:63:f8:35:1a:43:94:a4:df:00:81:a7:37:a1:49:ef:bb:b9:65:0b:f9:93:56:bf:0d:10:85:a9:a5:0c:2d:8e:35:ba:c3:2e:b7:8a:3e:03:05:cd:9e:82:05:32:62:df:85:10:93:11:50:06:9d:ed:4a:0e:39:db:2e:62:a8:b0:e3:cd:28:bd:33:ad:a4:ad:1d:83:21:fa:99:06:8b:af:40:81:9d:4a:2d:d1:ac:8e:58:23:dd:01:95:95:9f:a9:f6:9f:0d:cf:ec:6d:2d:1d:76:2c:9c:16:9f:ab:2a:59:3c:b1:f3:68:f9:5b:ad:28:ff:83:29:e9:0e:0c:d6:79:1c:85:66:6a:49:0c:65:7a:22:10:7b:b6:6f:7e:c4:9a:12:1d:f6:2c:2f:62:0d:69:09:2e:c9:64:cf:6c:90:e0:3e:9f:b9:33:b9:38:e9:14:38:6b:d9:d6:06:f7:c7:7c:48:2e:8d:79:95:ec:3f:30:2b:34:fc:27:ae:69:f7:08:61:4d:66:26:9b:0b:31:36:b8:b8:db:e9:be:a0:31:4c:3f:8e:93:6a:8d:75:af:fa:43:5c:cd:79:85:dc:c1:91:90:e6:4c:bf:81:66:05:1f:2b:81:1f:f4:0f:29:ac:f0:79:91:04:98:69:9c:6d:44:2f:cf:0e:74:ef:cf:b6:65:28:89:3f:0f:e5:e6:c2:f4:3a:a5:ec:01:f3:83:19:62:a6:83:e6:89:58:18:6c:40:6d:36:79:28:94:89:b9:00:39:8a:11:94:9e:6a:99:ed:4b:5f:b9:3b:2b:0a:d3:8f:1f:e6:77:0f:b6:97:b3:c9:38:2c:10:7e:5f:3b:a7:8f:ad:5d:20:92:07:cc:92:31:49:dc:4d:75:a8:65:5c:f8:57:53:f7:ed:17:3d:46:76:0c:2c:66:32:b6:05:7f:89:89:15:19:a9:bd:a0:2a:79:09:48:d3:45:5f:0f:37:d8:ad:be:2d:31:34:06" - }, - "http": { - "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "POST", - "http.request.uri": "\/DcpRequestHandler\/index.ashx", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "dcp.cpp.philips.com:80", - "http.request.line": "Host: dcp.cpp.philips.com:80\r\n", - "http.authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"180\", Nonce=\"SWq6o4f\/1Ee7INUIZyPy1w==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"6ggU0WgOlvUBLRyHcRfYYw==\"", - "http.request.line": "Authorization: CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"180\", Nonce=\"SWq6o4f\/1Ee7INUIZyPy1w==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"6ggU0WgOlvUBLRyHcRfYYw==\"\r\n", - "http.content_length_header": "1248 ", - "http.content_length_header_tree": { - "http.content_length": "1248" - }, - "http.request.line": "Content-Length: 1248 \r\n", - "http.content_type": "application\/CB-Encrypted; cipher=AES", - "http.request.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", - "http.connection": "close", - "http.request.line": "Connection: close\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/dcp.cpp.philips.com:80\/DcpRequestHandler\/index.ashx", - "http.request": "1", - "http.request_number": "1", - "http.file_data": ":\u00ef\u00bf\u00bdX\u00ef\u00bf\u00bd\u0005\u0005@\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdH\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdc\u000f\u0014\u0007\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd>\u00ef\u00bf\u00bd&\u00ef\u00bf\u00bdd\u00ef\u00bf\u00bd\u001aYo\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u007f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdn\u00ef\u00bf\u00bd\\\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd|\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd,\u00ef\u00bf\u00bd=\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdl\u00ef\u00bf\u00bd \u00ef\u00bf\u00bdH\u0004\u00ef\u00bf\u00bdu<\u00ef\u00bf\u00bd3\u0015\u00ef\u00bf\u00bd5&B\u001d\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\"\u00ef\u00bf\u00bd" - }, - "media": { - "media.type": "3a:ff:58:84:05:05:40:e8:ad:48:d7:87:63:0f:14:07:f6:c4:e5:3e:ad:26:d6:64:e6:1a:59:6f:e9:fc:cc:a5:7f:aa:b5:92:f3:d7:6e:84:5c:8d:da:7c:ea:d7:b4:2c:d8:3d:88:cc:6c:cb:20:a2:48:04:b0:75:3c:98:33:15:91:35:26:42:1d:a0:b3:d4:b4:22:ea:00:bd:ab:ea:c1:c0:1e:1a:a1:4f:8f:84:f8:e7:a3:a0:fd:c1:c5:c4:1f:c6:e6:bd:af:92:b5:a2:b7:04:8e:4e:e6:4a:94:24:de:04:0e:4e:3a:5f:05:d0:14:38:f5:26:38:f8:e1:c8:ce:97:44:aa:83:3b:2d:39:64:36:60:23:e8:4d:40:a1:01:b8:3b:4e:c4:65:a7:fc:cc:04:c5:09:c9:50:d7:92:a5:ab:4e:7a:18:11:3b:e3:17:27:1b:8f:4e:e1:47:68:47:28:7d:87:44:3d:13:67:a7:66:0d:24:78:69:b7:1b:ca:a0:a8:86:f5:69:f4:eb:74:a1:aa:ef:8d:6d:46:07:e8:bf:89:82:65:0d:dc:8b:35:c1:d6:b1:27:55:3a:c5:76:a6:a3:46:c0:59:0c:05:4b:93:8a:43:3e:df:66:c2:40:3b:89:e6:55:9b:29:af:d6:30:56:91:60:1c:0e:fd:12:03:98:f2:b4:d4:b4:b7:6a:0d:f8:bc:11:25:ca:04:d1:5a:cd:a7:0f:a6:c2:8d:f0:27:ea:d5:60:ca:9d:3d:ce:12:78:90:ad:36:71:a7:3d:4c:79:90:8e:10:87:60:87:9d:93:78:9e:d3:77:d5:00:d1:bd:85:fe:96:c2:76:dd:8c:d9:cb:77:3a:18:09:45:36:dc:e2:76:2b:9a:40:d2:82:ec:04:c8:02:53:bd:c9:55:df:a9:62:2e:a1:cd:b9:d0:aa:82:8c:9e:f7:70:15:95:35:f2:94:ec:94:a0:b5:19:fb:bd:70:59:43:fc:0f:61:d7:d7:e7:fe:ef:21:d1:67:10:ab:3e:81:88:38:64:e5:e8:e0:cf:8a:67:30:96:25:ff:6d:40:a9:7b:e5:e1:45:4a:f7:b6:3a:22:25:99:ee:ac:ec:69:0f:dc:7d:08:57:20:77:98:01:a8:4d:14:fd:da:03:14:2b:ad:b3:8c:b4:01:72:e5:ae:42:41:72:56:0f:ce:a9:28:67:51:ad:ff:da:25:19:e3:c0:79:36:aa:93:1e:0a:a0:e6:7c:b3:2c:7c:c7:a9:20:05:ef:a6:30:3c:13:52:f8:ed:a4:fe:94:9d:c9:73:32:2e:3d:80:87:d3:43:de:f2:5c:29:be:71:73:f4:51:f4:aa:a1:51:2e:9c:3c:83:1a:bf:8d:1f:84:c8:16:0c:b0:91:00:1a:8f:74:c3:ed:3f:29:61:0a:12:b5:ff:28:85:2e:18:4b:58:0e:eb:50:be:1b:15:69:e5:d9:2a:ea:a6:ad:ce:da:d7:90:63:13:be:c8:08:9f:ad:3d:86:1f:59:1b:6f:44:25:5e:87:b9:05:bb:3e:41:c4:7b:ae:64:a7:49:42:22:ba:01:0b:67:52:ea:a0:95:68:41:04:0b:d6:28:d4:1e:ef:e1:1b:1a:ab:09:d0:8a:a6:ff:06:65:39:f5:dc:0a:15:ef:0c:a4:88:f0:ce:74:ae:f1:87:75:1f:a1:3e:ce:8f:0c:b0:8b:37:8d:7b:0e:6a:ef:16:0d:2d:03:76:10:71:20:f8:ea:4f:1b:20:af:7a:f5:ca:6e:55:2a:72:2f:3c:fb:3d:22:1d:be:a7:3e:e9:86:05:e0:c7:82:c4:52:7f:64:b9:7c:c0:26:2d:27:ab:c0:4c:cd:ea:ec:8d:d6:be:c9:2e:0e:6c:d6:a3:21:89:1e:71:7c:07:14:94:4e:03:89:6c:05:6d:7c:e7:3c:41:30:f5:58:f9:3e:0b:bb:08:f6:e8:c5:57:b9:bb:6f:8a:98:cb:23:8f:fb:a0:48:48:23:4c:11:03:0e:4f:4f:72:7a:82:3a:11:6b:25:60:23:cf:04:e6:e5:66:81:82:f3:53:ff:65:c6:ce:4e:85:32:a6:2e:e2:e9:65:97:fc:37:f9:5c:80:8c:8e:de:b0:37:75:d8:4b:1a:ab:47:9e:b4:5d:e4:74:76:8e:b9:c3:a5:9e:ea:12:40:78:00:e8:68:2d:f0:e7:6b:b5:16:81:f5:41:76:3b:69:c1:8a:8c:40:d9:ee:19:10:1e:2d:98:43:d7:6a:da:21:c5:9c:b0:e2:07:db:6a:eb:58:89:de:07:3d:4b:49:db:e2:0a:04:68:ab:93:63:f8:35:1a:43:94:a4:df:00:81:a7:37:a1:49:ef:bb:b9:65:0b:f9:93:56:bf:0d:10:85:a9:a5:0c:2d:8e:35:ba:c3:2e:b7:8a:3e:03:05:cd:9e:82:05:32:62:df:85:10:93:11:50:06:9d:ed:4a:0e:39:db:2e:62:a8:b0:e3:cd:28:bd:33:ad:a4:ad:1d:83:21:fa:99:06:8b:af:40:81:9d:4a:2d:d1:ac:8e:58:23:dd:01:95:95:9f:a9:f6:9f:0d:cf:ec:6d:2d:1d:76:2c:9c:16:9f:ab:2a:59:3c:b1:f3:68:f9:5b:ad:28:ff:83:29:e9:0e:0c:d6:79:1c:85:66:6a:49:0c:65:7a:22:10:7b:b6:6f:7e:c4:9a:12:1d:f6:2c:2f:62:0d:69:09:2e:c9:64:cf:6c:90:e0:3e:9f:b9:33:b9:38:e9:14:38:6b:d9:d6:06:f7:c7:7c:48:2e:8d:79:95:ec:3f:30:2b:34:fc:27:ae:69:f7:08:61:4d:66:26:9b:0b:31:36:b8:b8:db:e9:be:a0:31:4c:3f:8e:93:6a:8d:75:af:fa:43:5c:cd:79:85:dc:c1:91:90:e6:4c:bf:81:66:05:1f:2b:81:1f:f4:0f:29:ac:f0:79:91:04:98:69:9c:6d:44:2f:cf:0e:74:ef:cf:b6:65:28:89:3f:0f:e5:e6:c2:f4:3a:a5:ec:01:f3:83:19:62:a6:83:e6:89:58:18:6c:40:6d:36:79:28:94:89:b9:00:39:8a:11:94:9e:6a:99:ed:4b:5f:b9:3b:2b:0a:d3:8f:1f:e6:77:0f:b6:97:b3:c9:38:2c:10:7e:5f:3b:a7:8f:ad:5d:20:92:07:cc:92:31:49:dc:4d:75:a8:65:5c:f8:57:53:f7:ed:17:3d:46:76:0c:2c:66:32:b6:05:7f:89:89:15:19:a9:bd:a0:2a:79:09:48:d3:45:5f:0f:37:d8:ad:be:2d:31:34:06" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:28.397191000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494308.397191000", - "frame.time_delta": "0.135865000", - "frame.time_delta_displayed": "0.135865000", - "frame.time_relative": "716.936505000", - "frame.number": "2516", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000cf48", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x0000bb92", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35291", - "tcp.port": "80", - "tcp.port": "35291", - "tcp.stream": "116", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1849", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00002ae8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2515", - "tcp.analysis.ack_rtt": "0.135865000", - "tcp.analysis.initial_rtt": "0.136076000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:28.430570000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494308.430570000", - "frame.time_delta": "0.033379000", - "frame.time_delta_displayed": "0.033379000", - "frame.time_relative": "716.969884000", - "frame.number": "2517", - "frame.len": "925", - "frame.cap_len": "925", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:media" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "911", - "ip.id": "0x0000dcfb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x0000aa78", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35291", - "tcp.port": "80", - "tcp.port": "35291", - "tcp.stream": "116", - "tcp.len": "871", - "tcp.seq": "1", - "tcp.nxtseq": "872", - "tcp.ack": "1849", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000cd2e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.136076000", - "tcp.analysis.bytes_in_flight": "871", - "tcp.analysis.push_bytes_sent": "871" - } - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.cache_control": "private", - "http.response.line": "Cache-Control: private\r\n", - "http.content_length_header": "560", - "http.content_length_header_tree": { - "http.content_length": "560" - }, - "http.response.line": "Content-Length: 560\r\n", - "http.content_type": "application\/CB-Encrypted; cipher=AES", - "http.response.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", - "http.server": "Microsoft-IIS\/7.5", - "http.response.line": "Server: Microsoft-IIS\/7.5\r\n", - "http.www_authenticate": "CBAuth Nonce=\"Y0rdoiCuG0i7INUI4LtGzw==\"", - "http.response.line": "WWW-Authenticate: CBAuth Nonce=\"Y0rdoiCuG0i7INUI4LtGzw==\"\r\n", - "http.response.line": "X-AspNet-Version: 4.0.30319\r\n", - "http.response.line": "X-Powered-By: ASP.NET\r\n", - "http.date": "Tue, 31 Oct 2017 23:58:28 GMT", - "http.response.line": "Date: Tue, 31 Oct 2017 23:58:28 GMT\r\n", - "http.connection": "close", - "http.response.line": "Connection: close\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.169244000", - "http.request_in": "2515", - "http.file_data": ":\u00ef\u00bf\u00bdX\u00ef\u00bf\u00bd\u0005\u0005@\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdH\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdc\u000f\u0014\u0007\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd>\u00ef\u00bf\u00bd&\u00ef\u00bf\u00bdd\u00ef\u00bf\u00bd\u001aYo\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd77\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdu\u00ef\u00bf\u00bd\fx\u00ef\u00bf\u00bd1\u00ef\u00bf\u00bdX\u00ef\u00bf\u00bd0%\u00ef\u00bf\u00bd5\u00ef\u00bf\u00bdF\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd'\u0015\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdS\u00ef\u00bf\u00bd,\u00ef\u00bf\u00bdI\u0003\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0013\u00ef\u00bf\u00bd\u0010\u0017p\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdr\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdh\u00ef\u00bf\u00bd5T-\u00ef\u00bf\u00bdW\u001d\u007f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd#\u001dYRH<\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdl\u00ef\u00bf\u00bd~\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd|7\u00ef\u00bf\u00bd\u0006h\u00ef\u00bf\u00bdt\u00ef\u00bf\u00bdmA|\"R\u00ef\u00bf\u00bd\u001f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd^\u00ef\u00bf\u00bdJw\u00ef\u00bf\u00bd,\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdtpG \u00ef\u00bf\u00bdm\u00ef\u00bf\u00bdK<\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdV\u00ef\u00bf\u00bdmgB\u00ef\u00bf\u00bdY3sK\"^\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdL2\u0007\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdN7\tl)LjE0\u00ef\u00bf\u00bd" - }, - "media": { - "media.type": "3a:ff:58:84:05:05:40:e8:ad:48:d7:87:63:0f:14:07:f6:c4:e5:3e:ad:26:d6:64:e6:1a:59:6f:e9:fc:cc:a5:a7:37:37:b7:b1:e4:75:88:0c:78:a5:31:dd:58:b9:30:25:a4:35:ef:46:de:86:98:a8:b9:27:15:b8:da:53:a9:2c:e0:49:03:ff:c2:13:b1:10:17:70:ec:b0:72:b2:dc:68:bd:35:54:2d:93:57:1d:7f:f7:d0:23:1d:59:52:48:3c:a5:df:6c:de:7e:9b:fd:7c:37:f4:06:68:ec:74:cf:6d:41:7c:22:52:87:1f:ce:ff:e4:5e:e4:4a:77:f0:2c:ad:b2:74:70:47:20:f8:6d:83:4b:3c:c4:d4:b9:b7:ab:a8:e9:ac:ba:56:da:6d:67:42:fa:59:33:73:4b:22:5e:8b:b3:4c:32:07:a0:b5:4e:37:09:6c:29:4c:6a:45:30:d3:00:c0:6b:4f:5a:1a:11:6e:f5:ee:ca:31:ee:58:55:00:25:b3:c2:91:10:57:02:81:e7:79:db:6f:a0:c8:8b:1a:8f:fb:49:0d:ea:04:b5:fa:33:f4:5e:38:49:f7:ab:07:ee:e1:31:ed:b2:51:43:d5:3f:34:2c:5f:db:fb:e8:1e:9a:91:dd:d6:06:36:1d:f4:c9:a2:40:74:10:ee:b6:1f:3e:91:26:c5:79:4c:1b:bc:e7:bf:9a:4a:82:29:96:af:a9:1f:cd:9d:eb:9e:11:bb:86:da:e4:b3:02:6c:5c:29:d5:af:2d:28:0e:fa:2b:44:c1:99:ff:13:c5:ed:ab:e8:d5:ce:9e:8a:d4:c4:a2:dd:1b:0f:5f:ae:01:a5:0b:94:fe:6f:5c:39:ce:5e:51:7b:c4:f6:bf:76:97:a0:30:cd:2d:32:30:4f:20:fc:55:99:5b:a9:1a:9c:ad:14:04:fa:97:8b:17:b0:ee:4b:d2:69:ae:ef:ac:ce:8d:fd:d9:39:39:b3:5d:a6:1a:74:1c:11:ff:3a:35:43:be:e3:29:47:60:53:e5:43:5e:46:6a:8a:66:93:68:83:9e:c5:ae:78:d7:2e:41:6a:bd:18:71:06:a9:09:98:3a:3e:b5:0d:8b:63:ff:aa:ec:08:ca:71:b1:de:14:a3:55:b7:91:15:6d:17:29:22:68:d0:f0:96:b8:28:d6:e9:90:af:a0:78:8b:eb:31:65:ba:88:54:af:0e:15:1a:47:44:fe:09:b3:70:48:12:88:da:1a:6b:46:97:e0:b2:1c:41:18:c4:9c:f3:cd:6c:55:9a:9e:f1:ed:d7:c3:f4:12:13:2b:3a:fe:67:19:29:e9:04:77:80:d5:5f:20:67:f3:55:85:0b:16:5a:b6:78:ad:d1:2a:2d:7d:53:7a:61:17:ab:dd:77:b7:c4:50:30:78:08:7d:b2:ce:03:c2:3c:ad:a4:03:38:95:1e:4e:85:8b:5b:63:64:62:d4:7d:6c:c7:16:36:2e:17" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:28.430662000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494308.430662000", - "frame.time_delta": "0.000092000", - "frame.time_delta_displayed": "0.000092000", - "frame.time_relative": "716.969976000", - "frame.number": "2518", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000dcfd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x0000addd", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35291", - "tcp.port": "80", - "tcp.port": "35291", - "tcp.stream": "116", - "tcp.len": "0", - "tcp.seq": "872", - "tcp.ack": "1849", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00002780", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:28.431127000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494308.431127000", - "frame.time_delta": "0.000465000", - "frame.time_delta_displayed": "0.000465000", - "frame.time_relative": "716.970441000", - "frame.number": "2519", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001056", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00002586", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35291", - "tcp.dstport": "80", - "tcp.port": "35291", - "tcp.port": "80", - "tcp.stream": "116", - "tcp.len": "0", - "tcp.seq": "1849", - "tcp.ack": "872", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "30485", - "tcp.window_size": "30485", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000c7cf", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2517", - "tcp.analysis.ack_rtt": "0.000557000", - "tcp.analysis.initial_rtt": "0.136076000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:28.431775000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494308.431775000", - "frame.time_delta": "0.000648000", - "frame.time_delta_displayed": "0.000648000", - "frame.time_relative": "716.971089000", - "frame.number": "2520", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001057", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00002585", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35291", - "tcp.dstport": "80", - "tcp.port": "35291", - "tcp.port": "80", - "tcp.stream": "116", - "tcp.len": "0", - "tcp.seq": "1849", - "tcp.ack": "873", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "30485", - "tcp.window_size": "30485", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000c7cd", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2518", - "tcp.analysis.ack_rtt": "0.001113000", - "tcp.analysis.initial_rtt": "0.136076000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:28.567233000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494308.567233000", - "frame.time_delta": "0.135458000", - "frame.time_delta_displayed": "0.135458000", - "frame.time_relative": "717.106547000", - "frame.number": "2521", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001ab6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x00007025", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35291", - "tcp.port": "80", - "tcp.port": "35291", - "tcp.stream": "116", - "tcp.len": "0", - "tcp.seq": "873", - "tcp.ack": "1850", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000277f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2520", - "tcp.analysis.ack_rtt": "0.135458000", - "tcp.analysis.initial_rtt": "0.136076000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:28.852438000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494308.852438000", - "frame.time_delta": "0.285205000", - "frame.time_delta_displayed": "0.285205000", - "frame.time_relative": "717.391752000", - "frame.number": "2522", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "3c:ef:8c:6f:79:5a", - "eth.src_tree": { - "eth.src_resolved": "Zhejiang_6f:79:5a", - "eth.addr": "3c:ef:8c:6f:79:5a", - "eth.addr_resolved": "Zhejiang_6f:79:5a", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.isgratuitous": "1", - "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", - "arp.src.proto_ipv4": "192.168.0.71", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.71" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:28.904667000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494308.904667000", - "frame.time_delta": "0.052229000", - "frame.time_delta_displayed": "0.052229000", - "frame.time_relative": "717.443981000", - "frame.number": "2523", - "frame.len": "136", - "frame.cap_len": "136", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "122", - "ip.id": "0x00003233", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000a726", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "102", - "udp.checksum": "0x0000302a", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000003", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", - "dns.qry.name.len": "70", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:29.563379000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494309.563379000", - "frame.time_delta": "0.658712000", - "frame.time_delta_displayed": "0.658712000", - "frame.time_relative": "718.102693000", - "frame.number": "2524", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x0000e841", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000d078", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "58032", - "udp.dstport": "53", - "udp.port": "58032", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x0000d379", - "udp.checksum.status": "2", - "udp.stream": "59" - }, - "dns": { - "dns.id": "0x00000f13", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:29.563863000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494309.563863000", - "frame.time_delta": "0.000484000", - "frame.time_delta_displayed": "0.000484000", - "frame.time_relative": "718.103177000", - "frame.number": "2525", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x00002777", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009143", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "58032", - "udp.port": "53", - "udp.port": "58032", - "udp.length": "45", - "udp.checksum": "0x00008230", - "udp.checksum.status": "2", - "udp.stream": "59" - }, - "dns": { - "dns.response_to": "2524", - "dns.time": "0.000484000", - "dns.id": "0x00000f13", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:29.564696000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494309.564696000", - "frame.time_delta": "0.000833000", - "frame.time_delta_displayed": "0.000833000", - "frame.time_relative": "718.104010000", - "frame.number": "2526", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x0000e842", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000d077", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "35396", - "udp.dstport": "53", - "udp.port": "35396", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x000046e5", - "udp.checksum.status": "2", - "udp.stream": "60" - }, - "dns": { - "dns.id": "0x00000f14", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:29.565109000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494309.565109000", - "frame.time_delta": "0.000413000", - "frame.time_delta_displayed": "0.000413000", - "frame.time_relative": "718.104423000", - "frame.number": "2527", - "frame.len": "95", - "frame.cap_len": "95", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "81", - "ip.id": "0x00002778", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009132", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "35396", - "udp.port": "53", - "udp.port": "35396", - "udp.length": "61", - "udp.checksum": "0x00008240", - "udp.checksum.status": "2", - "udp.stream": "60" - }, - "dns": { - "dns.response_to": "2526", - "dns.time": "0.000413000", - "dns.id": "0x00000f14", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "1", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { - "dns.resp.name": "dcp.cpp.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3068", - "dns.resp.len": "4", - "dns.a": "5.79.62.93" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:29.566399000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494309.566399000", - "frame.time_delta": "0.001290000", - "frame.time_delta_displayed": "0.001290000", - "frame.time_relative": "718.105713000", - "frame.number": "2528", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00008134", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b49b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35292", - "tcp.dstport": "80", - "tcp.port": "35292", - "tcp.port": "80", - "tcp.stream": "117", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00007d97", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:29.701989000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494309.701989000", - "frame.time_delta": "0.135590000", - "frame.time_delta_displayed": "0.135590000", - "frame.time_relative": "718.241303000", - "frame.number": "2529", - "frame.len": "62", - "frame.cap_len": "62", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "48", - "ip.id": "0x0000ffc6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x00008b0c", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35292", - "tcp.port": "80", - "tcp.port": "35292", - "tcp.stream": "117", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "28", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "4140", - "tcp.window_size": "4140", - "tcp.checksum": "0x00004373", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:64:04:02:00:00", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1380" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "End of Option List (EOL)": { - "tcp.options.type": "0", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "0" - } - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2528", - "tcp.analysis.ack_rtt": "0.135590000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:29.702550000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494309.702550000", - "frame.time_delta": "0.000561000", - "frame.time_delta_displayed": "0.000561000", - "frame.time_relative": "718.241864000", - "frame.number": "2530", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00008135", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b4a6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35292", - "tcp.dstport": "80", - "tcp.port": "35292", - "tcp.port": "80", - "tcp.stream": "117", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00000d02", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2529", - "tcp.analysis.ack_rtt": "0.000561000", - "tcp.analysis.initial_rtt": "0.136151000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:29.702928000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494309.702928000", - "frame.time_delta": "0.000378000", - "frame.time_delta_displayed": "0.000378000", - "frame.time_relative": "718.242242000", - "frame.number": "2531", - "frame.len": "654", - "frame.cap_len": "654", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "640", - "ip.id": "0x00008136", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b24d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35292", - "tcp.dstport": "80", - "tcp.port": "35292", - "tcp.port": "80", - "tcp.stream": "117", - "tcp.len": "600", - "tcp.seq": "1", - "tcp.nxtseq": "601", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x000043c6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.136151000", - "tcp.analysis.bytes_in_flight": "600", - "tcp.analysis.push_bytes_sent": "600" - }, - "tcp.segment_data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:38:31:22:2c:20:4e:6f:6e:63:65:3d:22:59:30:72:64:6f:69:43:75:47:30:69:37:49:4e:55:49:34:4c:74:47:7a:77:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:68:6f:6c:79:4b:74:6d:36:31:46:66:5a:79:6e:50:4c:78:63:4d:55:4e:41:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:29.839128000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494309.839128000", - "frame.time_delta": "0.136200000", - "frame.time_delta_displayed": "0.136200000", - "frame.time_relative": "718.378442000", - "frame.number": "2532", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000398b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x00005150", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35292", - "tcp.port": "80", - "tcp.port": "35292", - "tcp.stream": "117", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "601", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4740", - "tcp.window_size": "4740", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00006a36", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2531", - "tcp.analysis.ack_rtt": "0.136200000", - "tcp.analysis.initial_rtt": "0.136151000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:29.839754000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494309.839754000", - "frame.time_delta": "0.000626000", - "frame.time_delta_displayed": "0.000626000", - "frame.time_relative": "718.379068000", - "frame.number": "2533", - "frame.len": "1302", - "frame.cap_len": "1302", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:media" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1288", - "ip.id": "0x00008137", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000afc4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35292", - "tcp.dstport": "80", - "tcp.port": "35292", - "tcp.port": "80", - "tcp.stream": "117", - "tcp.len": "1248", - "tcp.seq": "601", - "tcp.nxtseq": "1849", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x000074d2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.136151000", - "tcp.analysis.bytes_in_flight": "1248", - "tcp.analysis.push_bytes_sent": "1248" - }, - "tcp.segment_data": "da:62:51:2e:58:bd:19:b9:75:0c:2d:8f:53:8a:d8:31:af:9e:e7:24:47:20:7f:c1:8f:73:10:01:1b:e1:7e:c1:7c:d7:19:ce:c7:11:1a:f8:8d:bc:87:b4:ac:a5:72:3e:5f:02:a9:b6:bf:75:8d:aa:50:63:d4:69:34:29:b4:fd:e5:02:b5:ff:6c:b3:62:da:dd:d5:f3:d4:49:e3:c0:9d:f5:50:2a:3c:0a:48:83:f8:d1:2f:ec:ce:5d:1e:2d:0a:63:2f:37:3e:bb:b0:35:3b:85:18:e4:22:25:81:12:93:16:4b:d3:d6:a4:f7:77:68:08:6f:ac:7c:08:69:19:07:2d:de:24:94:49:9c:9d:fc:94:ec:52:bf:de:45:d5:46:4c:81:81:15:a6:51:1c:d3:21:40:2c:10:d8:a2:2e:9d:72:b6:8d:2e:47:bf:bb:4c:03:7e:e4:c7:6b:43:8e:89:c9:78:7d:22:cd:9c:b2:59:4c:05:6d:5d:25:d7:a5:33:67:1d:c3:85:79:24:23:74:ea:0f:76:7b:65:33:23:e6:83:70:ec:cf:d9:a8:49:3f:16:11:41:ad:ba:2d:d8:33:ee:95:7e:c6:97:e0:8c:6a:6e:73:43:48:6c:7c:d5:bb:44:66:8e:c1:0a:e4:a7:72:ac:c0:6f:de:fc:90:d2:65:5a:16:fe:0a:39:25:96:38:e4:92:25:ff:6f:42:8b:5e:12:19:e5:eb:54:6d:89:c0:cb:80:65:83:92:04:e0:48:63:18:14:da:7f:c5:41:3c:1f:5a:a7:66:35:ca:fb:ba:6d:69:55:f7:54:fa:10:a6:fc:fc:b8:16:12:0a:02:fd:b7:81:b3:ad:40:00:c3:e1:be:6c:a6:b4:ea:ab:b2:2a:13:f1:9b:ef:79:c3:2b:ee:ff:b4:06:95:26:79:74:1d:38:97:33:2a:98:93:e4:9c:92:7e:3b:08:69:e1:75:58:7e:1d:e2:e9:64:2b:1c:0f:67:d2:96:ae:48:4d:10:f2:94:a5:a5:dd:6e:b8:bd:04:29:e3:48:92:9e:bf:d1:5a:a9:c3:4e:28:ac:96:cc:6c:52:c0:8d:a9:2c:80:f4:66:7d:4b:95:38:3d:bd:83:a7:aa:05:1d:3c:32:f7:a7:5a:2e:1c:10:29:52:93:3a:89:c9:c6:c3:13:1a:35:4b:7a:b2:ef:be:63:67:62:fe:00:77:82:97:cc:6a:c8:60:5a:58:e7:53:10:8c:1b:26:4e:3c:8b:69:4c:dc:17:d5:32:5f:70:82:2e:56:a5:0d:bf:32:54:d2:3f:78:73:d9:2f:aa:b8:7a:d1:25:a3:52:49:b1:33:cf:0a:72:b3:f4:5f:68:da:f9:8b:a5:77:2c:cf:33:10:28:a6:86:de:86:fa:a5:27:b5:f7:cf:a0:42:d4:47:07:f8:e6:73:af:21:c2:90:59:4f:c6:1f:a7:58:a7:3c:1c:f4:ea:3e:d2:e1:42:8a:be:20:5b:0b:5a:8d:bd:e4:dd:9d:a4:98:dd:34:9f:ed:d9:7a:68:f0:36:6d:f9:02:91:d5:9f:c9:75:51:fe:d3:d1:f0:78:6f:a3:4e:0c:ee:67:c9:52:6e:25:44:92:e9:47:96:94:1f:30:17:56:a8:0d:09:03:94:6e:e0:26:3f:06:04:ca:33:9b:4c:29:0e:bd:c9:87:37:e4:ea:fb:2c:8b:4c:b1:29:a4:5e:7e:12:6c:fb:1e:71:88:ad:98:07:77:7e:83:39:9d:5a:c8:fa:6b:7b:46:56:9a:d3:d5:75:d3:74:3f:8f:01:88:fd:e1:dd:f2:ae:c6:e5:5e:39:a0:8f:44:93:61:9d:4f:83:01:6b:ef:4c:22:61:64:c3:3f:ce:a5:c0:97:6d:66:d7:63:30:3f:24:f6:24:24:81:24:1e:4e:c3:bc:99:5a:ef:e1:6f:09:99:2e:55:8c:34:35:0b:36:05:a7:77:f6:2a:ff:cd:83:60:05:da:8a:59:bb:4d:e9:82:39:52:c2:cc:39:5e:03:83:ac:74:1a:2a:bc:06:b9:c8:42:a8:ce:7e:e0:54:48:05:c1:da:ab:8b:50:cd:bb:38:e7:6e:58:3e:de:2b:aa:9f:99:64:bf:12:1a:ab:bf:73:3c:99:49:0c:67:66:14:d1:03:58:65:46:62:5c:3f:6d:3d:97:ce:59:de:d3:d2:c5:50:d8:c5:8b:0b:7f:c1:98:6a:df:3b:6a:b9:de:9a:86:d3:eb:7c:2d:da:6f:5f:0d:10:68:6c:f0:70:8a:84:1e:ff:4d:84:dd:ae:37:6f:b6:2c:3a:7c:67:32:ea:62:08:e5:10:88:06:c3:8b:6c:b7:c6:d2:e6:91:5a:aa:cb:28:0a:b3:ae:51:a1:fd:53:2c:fa:d8:12:3c:b9:b0:e8:30:11:9d:59:16:b0:64:d7:d7:c5:ed:b7:04:15:b2:a6:e9:b7:5d:4d:33:04:f3:ca:93:6d:63:86:33:7f:ea:7e:5a:d1:25:25:68:f2:64:81:cc:98:10:8e:3c:bf:f6:f1:de:f8:5f:12:28:18:7d:0b:f4:d2:59:ed:95:da:e7:e5:9c:4e:d5:b1:7e:c7:76:47:23:60:00:0a:f0:ea:27:35:21:f1:34:7f:16:44:bb:8a:9f:2a:c7:23:cd:3d:ea:bc:c0:15:6b:a8:66:92:cd:8f:c2:a8:31:21:5f:95:22:be:53:9d:b9:ec:bb:8b:a8:6a:5d:a2:83:8d:b1:b9:14:55:94:22:4a:4a:d0:1a:df:35:b1:50:3a:cd:9c:42:5f:7b:1b:59:42:7b:79:ea:66:16:10:08:1c:3d:76:1b:b9:6f:c8:25:f1:f6:33:9c:e7:0f:5a:8a:47:ee:81:ba:24:e8:0c:7c:df:19:5d:3f:b2:39:98:77:fe:9e:6e:b6:c0:a3:3b:37:eb:23:5a:51:04:dd:08:53:df:ce:4b:1b:91:8c:70:72:51:ae:03:85:d6:91:d1:16:69:a6:40:46:7d:da:a4:43:de:88:ae:e3:7c:04:42:49:57:de:89:7f:91:40:7a:5a:10:27:26:2c:b4:0c:8a:d0:a2:33:11:02:c2:58:2b:bc:bc:1a:96:18:ce:50:45:70:e5:aa:85:26:ee:1b:37:2c:4d:4b:be:5f:85:c6:24:a1:ae:38:46:2c:4e:83:aa:4c:4c:da:0a:d6:4a:72:22:7d:c2:f9:46:00:d4:8c:c3:dc:a5:71:e4:de:99:3e:37:a7:98:5b:3a:74:2f:00:cd:b1:8e:e0:e1:7a:6e:e7:f3:87:64:cf:d3:ab:e3:66:ad:8f:d5:c7:67" - }, - "tcp.segments": { - "tcp.segment": "2531", - "tcp.segment": "2533", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1848", - "tcp.reassembled.data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:38:31:22:2c:20:4e:6f:6e:63:65:3d:22:59:30:72:64:6f:69:43:75:47:30:69:37:49:4e:55:49:34:4c:74:47:7a:77:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:68:6f:6c:79:4b:74:6d:36:31:46:66:5a:79:6e:50:4c:78:63:4d:55:4e:41:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a:da:62:51:2e:58:bd:19:b9:75:0c:2d:8f:53:8a:d8:31:af:9e:e7:24:47:20:7f:c1:8f:73:10:01:1b:e1:7e:c1:7c:d7:19:ce:c7:11:1a:f8:8d:bc:87:b4:ac:a5:72:3e:5f:02:a9:b6:bf:75:8d:aa:50:63:d4:69:34:29:b4:fd:e5:02:b5:ff:6c:b3:62:da:dd:d5:f3:d4:49:e3:c0:9d:f5:50:2a:3c:0a:48:83:f8:d1:2f:ec:ce:5d:1e:2d:0a:63:2f:37:3e:bb:b0:35:3b:85:18:e4:22:25:81:12:93:16:4b:d3:d6:a4:f7:77:68:08:6f:ac:7c:08:69:19:07:2d:de:24:94:49:9c:9d:fc:94:ec:52:bf:de:45:d5:46:4c:81:81:15:a6:51:1c:d3:21:40:2c:10:d8:a2:2e:9d:72:b6:8d:2e:47:bf:bb:4c:03:7e:e4:c7:6b:43:8e:89:c9:78:7d:22:cd:9c:b2:59:4c:05:6d:5d:25:d7:a5:33:67:1d:c3:85:79:24:23:74:ea:0f:76:7b:65:33:23:e6:83:70:ec:cf:d9:a8:49:3f:16:11:41:ad:ba:2d:d8:33:ee:95:7e:c6:97:e0:8c:6a:6e:73:43:48:6c:7c:d5:bb:44:66:8e:c1:0a:e4:a7:72:ac:c0:6f:de:fc:90:d2:65:5a:16:fe:0a:39:25:96:38:e4:92:25:ff:6f:42:8b:5e:12:19:e5:eb:54:6d:89:c0:cb:80:65:83:92:04:e0:48:63:18:14:da:7f:c5:41:3c:1f:5a:a7:66:35:ca:fb:ba:6d:69:55:f7:54:fa:10:a6:fc:fc:b8:16:12:0a:02:fd:b7:81:b3:ad:40:00:c3:e1:be:6c:a6:b4:ea:ab:b2:2a:13:f1:9b:ef:79:c3:2b:ee:ff:b4:06:95:26:79:74:1d:38:97:33:2a:98:93:e4:9c:92:7e:3b:08:69:e1:75:58:7e:1d:e2:e9:64:2b:1c:0f:67:d2:96:ae:48:4d:10:f2:94:a5:a5:dd:6e:b8:bd:04:29:e3:48:92:9e:bf:d1:5a:a9:c3:4e:28:ac:96:cc:6c:52:c0:8d:a9:2c:80:f4:66:7d:4b:95:38:3d:bd:83:a7:aa:05:1d:3c:32:f7:a7:5a:2e:1c:10:29:52:93:3a:89:c9:c6:c3:13:1a:35:4b:7a:b2:ef:be:63:67:62:fe:00:77:82:97:cc:6a:c8:60:5a:58:e7:53:10:8c:1b:26:4e:3c:8b:69:4c:dc:17:d5:32:5f:70:82:2e:56:a5:0d:bf:32:54:d2:3f:78:73:d9:2f:aa:b8:7a:d1:25:a3:52:49:b1:33:cf:0a:72:b3:f4:5f:68:da:f9:8b:a5:77:2c:cf:33:10:28:a6:86:de:86:fa:a5:27:b5:f7:cf:a0:42:d4:47:07:f8:e6:73:af:21:c2:90:59:4f:c6:1f:a7:58:a7:3c:1c:f4:ea:3e:d2:e1:42:8a:be:20:5b:0b:5a:8d:bd:e4:dd:9d:a4:98:dd:34:9f:ed:d9:7a:68:f0:36:6d:f9:02:91:d5:9f:c9:75:51:fe:d3:d1:f0:78:6f:a3:4e:0c:ee:67:c9:52:6e:25:44:92:e9:47:96:94:1f:30:17:56:a8:0d:09:03:94:6e:e0:26:3f:06:04:ca:33:9b:4c:29:0e:bd:c9:87:37:e4:ea:fb:2c:8b:4c:b1:29:a4:5e:7e:12:6c:fb:1e:71:88:ad:98:07:77:7e:83:39:9d:5a:c8:fa:6b:7b:46:56:9a:d3:d5:75:d3:74:3f:8f:01:88:fd:e1:dd:f2:ae:c6:e5:5e:39:a0:8f:44:93:61:9d:4f:83:01:6b:ef:4c:22:61:64:c3:3f:ce:a5:c0:97:6d:66:d7:63:30:3f:24:f6:24:24:81:24:1e:4e:c3:bc:99:5a:ef:e1:6f:09:99:2e:55:8c:34:35:0b:36:05:a7:77:f6:2a:ff:cd:83:60:05:da:8a:59:bb:4d:e9:82:39:52:c2:cc:39:5e:03:83:ac:74:1a:2a:bc:06:b9:c8:42:a8:ce:7e:e0:54:48:05:c1:da:ab:8b:50:cd:bb:38:e7:6e:58:3e:de:2b:aa:9f:99:64:bf:12:1a:ab:bf:73:3c:99:49:0c:67:66:14:d1:03:58:65:46:62:5c:3f:6d:3d:97:ce:59:de:d3:d2:c5:50:d8:c5:8b:0b:7f:c1:98:6a:df:3b:6a:b9:de:9a:86:d3:eb:7c:2d:da:6f:5f:0d:10:68:6c:f0:70:8a:84:1e:ff:4d:84:dd:ae:37:6f:b6:2c:3a:7c:67:32:ea:62:08:e5:10:88:06:c3:8b:6c:b7:c6:d2:e6:91:5a:aa:cb:28:0a:b3:ae:51:a1:fd:53:2c:fa:d8:12:3c:b9:b0:e8:30:11:9d:59:16:b0:64:d7:d7:c5:ed:b7:04:15:b2:a6:e9:b7:5d:4d:33:04:f3:ca:93:6d:63:86:33:7f:ea:7e:5a:d1:25:25:68:f2:64:81:cc:98:10:8e:3c:bf:f6:f1:de:f8:5f:12:28:18:7d:0b:f4:d2:59:ed:95:da:e7:e5:9c:4e:d5:b1:7e:c7:76:47:23:60:00:0a:f0:ea:27:35:21:f1:34:7f:16:44:bb:8a:9f:2a:c7:23:cd:3d:ea:bc:c0:15:6b:a8:66:92:cd:8f:c2:a8:31:21:5f:95:22:be:53:9d:b9:ec:bb:8b:a8:6a:5d:a2:83:8d:b1:b9:14:55:94:22:4a:4a:d0:1a:df:35:b1:50:3a:cd:9c:42:5f:7b:1b:59:42:7b:79:ea:66:16:10:08:1c:3d:76:1b:b9:6f:c8:25:f1:f6:33:9c:e7:0f:5a:8a:47:ee:81:ba:24:e8:0c:7c:df:19:5d:3f:b2:39:98:77:fe:9e:6e:b6:c0:a3:3b:37:eb:23:5a:51:04:dd:08:53:df:ce:4b:1b:91:8c:70:72:51:ae:03:85:d6:91:d1:16:69:a6:40:46:7d:da:a4:43:de:88:ae:e3:7c:04:42:49:57:de:89:7f:91:40:7a:5a:10:27:26:2c:b4:0c:8a:d0:a2:33:11:02:c2:58:2b:bc:bc:1a:96:18:ce:50:45:70:e5:aa:85:26:ee:1b:37:2c:4d:4b:be:5f:85:c6:24:a1:ae:38:46:2c:4e:83:aa:4c:4c:da:0a:d6:4a:72:22:7d:c2:f9:46:00:d4:8c:c3:dc:a5:71:e4:de:99:3e:37:a7:98:5b:3a:74:2f:00:cd:b1:8e:e0:e1:7a:6e:e7:f3:87:64:cf:d3:ab:e3:66:ad:8f:d5:c7:67" - }, - "http": { - "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "POST", - "http.request.uri": "\/DcpRequestHandler\/index.ashx", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "dcp.cpp.philips.com:80", - "http.request.line": "Host: dcp.cpp.philips.com:80\r\n", - "http.authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"181\", Nonce=\"Y0rdoiCuG0i7INUI4LtGzw==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"holyKtm61FfZynPLxcMUNA==\"", - "http.request.line": "Authorization: CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"181\", Nonce=\"Y0rdoiCuG0i7INUI4LtGzw==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"holyKtm61FfZynPLxcMUNA==\"\r\n", - "http.content_length_header": "1248 ", - "http.content_length_header_tree": { - "http.content_length": "1248" - }, - "http.request.line": "Content-Length: 1248 \r\n", - "http.content_type": "application\/CB-Encrypted; cipher=AES", - "http.request.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", - "http.connection": "close", - "http.request.line": "Connection: close\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/dcp.cpp.philips.com:80\/DcpRequestHandler\/index.ashx", - "http.request": "1", - "http.request_number": "1", - "http.file_data": "\u00ef\u00bf\u00bdbQ.X\u00ef\u00bf\u00bd\u0019\u00ef\u00bf\u00bdu\f-\u00ef\u00bf\u00bdS\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd1\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd$G \u007f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bds\u0010\u0001\u001b\u00ef\u00bf\u00bd~\u00ef\u00bf\u00bd|\u00ef\u00bf\u00bd\u0019\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0011\u001a\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdr>_\u0002\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdu\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdPc\u00ef\u00bf\u00bdi4)\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0002\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdl\u00ef\u00bf\u00bdb\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdI\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdP*<\nH\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\/\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd]\u001e-\nc\/7>\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd5;\u00ef\u00bf\u00bd\u0018\u00ef\u00bf\u00bd\"%\u00ef\u00bf\u00bd\u0012\u00ef\u00bf\u00bd\u0016K\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdwh\bo\u00ef\u00bf\u00bd|\bi\u0019\u0007-\u00ef\u00bf\u00bd$\u00ef\u00bf\u00bdI\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdR\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdE\u00ef\u00bf\u00bdFL\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0015\u00ef\u00bf\u00bdQ\u001c\u00ef\u00bf\u00bd!@,\u0010\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd.\u00ef\u00bf\u00bdr\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd.G\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdL\u0003~\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdkC\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdx}\"\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdYL\u0005m]%\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd3g\u001d\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdy$#t\u00ef\u00bf\u00bd\u000fv{e3#\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdp\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdI?\u0016\u0011A\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd-\u00ef\u00bf\u00bd3\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd~\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdjnsCHl|\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdDf\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\n\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdr\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdo\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdeZ\u0016\u00ef\u00bf\u00bd\n9%\u00ef\u00bf\u00bd8\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd%\u00ef\u00bf\u00bdoB\u00ef\u00bf\u00bd^\u0012\u0019\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdTm\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bde\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0004\u00ef\u00bf\u00bdHc\u0018\u0014\u00ef\u00bf\u00bd\u007f\u00ef\u00bf\u00bdA<\u001fZ\u00ef\u00bf\u00bdf5\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdmiU\u00ef\u00bf\u00bdT\u00ef\u00bf\u00bd\u0010\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0016\u0012\n\u0002\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd@" - }, - "media": { - "media.type": "da:62:51:2e:58:bd:19:b9:75:0c:2d:8f:53:8a:d8:31:af:9e:e7:24:47:20:7f:c1:8f:73:10:01:1b:e1:7e:c1:7c:d7:19:ce:c7:11:1a:f8:8d:bc:87:b4:ac:a5:72:3e:5f:02:a9:b6:bf:75:8d:aa:50:63:d4:69:34:29:b4:fd:e5:02:b5:ff:6c:b3:62:da:dd:d5:f3:d4:49:e3:c0:9d:f5:50:2a:3c:0a:48:83:f8:d1:2f:ec:ce:5d:1e:2d:0a:63:2f:37:3e:bb:b0:35:3b:85:18:e4:22:25:81:12:93:16:4b:d3:d6:a4:f7:77:68:08:6f:ac:7c:08:69:19:07:2d:de:24:94:49:9c:9d:fc:94:ec:52:bf:de:45:d5:46:4c:81:81:15:a6:51:1c:d3:21:40:2c:10:d8:a2:2e:9d:72:b6:8d:2e:47:bf:bb:4c:03:7e:e4:c7:6b:43:8e:89:c9:78:7d:22:cd:9c:b2:59:4c:05:6d:5d:25:d7:a5:33:67:1d:c3:85:79:24:23:74:ea:0f:76:7b:65:33:23:e6:83:70:ec:cf:d9:a8:49:3f:16:11:41:ad:ba:2d:d8:33:ee:95:7e:c6:97:e0:8c:6a:6e:73:43:48:6c:7c:d5:bb:44:66:8e:c1:0a:e4:a7:72:ac:c0:6f:de:fc:90:d2:65:5a:16:fe:0a:39:25:96:38:e4:92:25:ff:6f:42:8b:5e:12:19:e5:eb:54:6d:89:c0:cb:80:65:83:92:04:e0:48:63:18:14:da:7f:c5:41:3c:1f:5a:a7:66:35:ca:fb:ba:6d:69:55:f7:54:fa:10:a6:fc:fc:b8:16:12:0a:02:fd:b7:81:b3:ad:40:00:c3:e1:be:6c:a6:b4:ea:ab:b2:2a:13:f1:9b:ef:79:c3:2b:ee:ff:b4:06:95:26:79:74:1d:38:97:33:2a:98:93:e4:9c:92:7e:3b:08:69:e1:75:58:7e:1d:e2:e9:64:2b:1c:0f:67:d2:96:ae:48:4d:10:f2:94:a5:a5:dd:6e:b8:bd:04:29:e3:48:92:9e:bf:d1:5a:a9:c3:4e:28:ac:96:cc:6c:52:c0:8d:a9:2c:80:f4:66:7d:4b:95:38:3d:bd:83:a7:aa:05:1d:3c:32:f7:a7:5a:2e:1c:10:29:52:93:3a:89:c9:c6:c3:13:1a:35:4b:7a:b2:ef:be:63:67:62:fe:00:77:82:97:cc:6a:c8:60:5a:58:e7:53:10:8c:1b:26:4e:3c:8b:69:4c:dc:17:d5:32:5f:70:82:2e:56:a5:0d:bf:32:54:d2:3f:78:73:d9:2f:aa:b8:7a:d1:25:a3:52:49:b1:33:cf:0a:72:b3:f4:5f:68:da:f9:8b:a5:77:2c:cf:33:10:28:a6:86:de:86:fa:a5:27:b5:f7:cf:a0:42:d4:47:07:f8:e6:73:af:21:c2:90:59:4f:c6:1f:a7:58:a7:3c:1c:f4:ea:3e:d2:e1:42:8a:be:20:5b:0b:5a:8d:bd:e4:dd:9d:a4:98:dd:34:9f:ed:d9:7a:68:f0:36:6d:f9:02:91:d5:9f:c9:75:51:fe:d3:d1:f0:78:6f:a3:4e:0c:ee:67:c9:52:6e:25:44:92:e9:47:96:94:1f:30:17:56:a8:0d:09:03:94:6e:e0:26:3f:06:04:ca:33:9b:4c:29:0e:bd:c9:87:37:e4:ea:fb:2c:8b:4c:b1:29:a4:5e:7e:12:6c:fb:1e:71:88:ad:98:07:77:7e:83:39:9d:5a:c8:fa:6b:7b:46:56:9a:d3:d5:75:d3:74:3f:8f:01:88:fd:e1:dd:f2:ae:c6:e5:5e:39:a0:8f:44:93:61:9d:4f:83:01:6b:ef:4c:22:61:64:c3:3f:ce:a5:c0:97:6d:66:d7:63:30:3f:24:f6:24:24:81:24:1e:4e:c3:bc:99:5a:ef:e1:6f:09:99:2e:55:8c:34:35:0b:36:05:a7:77:f6:2a:ff:cd:83:60:05:da:8a:59:bb:4d:e9:82:39:52:c2:cc:39:5e:03:83:ac:74:1a:2a:bc:06:b9:c8:42:a8:ce:7e:e0:54:48:05:c1:da:ab:8b:50:cd:bb:38:e7:6e:58:3e:de:2b:aa:9f:99:64:bf:12:1a:ab:bf:73:3c:99:49:0c:67:66:14:d1:03:58:65:46:62:5c:3f:6d:3d:97:ce:59:de:d3:d2:c5:50:d8:c5:8b:0b:7f:c1:98:6a:df:3b:6a:b9:de:9a:86:d3:eb:7c:2d:da:6f:5f:0d:10:68:6c:f0:70:8a:84:1e:ff:4d:84:dd:ae:37:6f:b6:2c:3a:7c:67:32:ea:62:08:e5:10:88:06:c3:8b:6c:b7:c6:d2:e6:91:5a:aa:cb:28:0a:b3:ae:51:a1:fd:53:2c:fa:d8:12:3c:b9:b0:e8:30:11:9d:59:16:b0:64:d7:d7:c5:ed:b7:04:15:b2:a6:e9:b7:5d:4d:33:04:f3:ca:93:6d:63:86:33:7f:ea:7e:5a:d1:25:25:68:f2:64:81:cc:98:10:8e:3c:bf:f6:f1:de:f8:5f:12:28:18:7d:0b:f4:d2:59:ed:95:da:e7:e5:9c:4e:d5:b1:7e:c7:76:47:23:60:00:0a:f0:ea:27:35:21:f1:34:7f:16:44:bb:8a:9f:2a:c7:23:cd:3d:ea:bc:c0:15:6b:a8:66:92:cd:8f:c2:a8:31:21:5f:95:22:be:53:9d:b9:ec:bb:8b:a8:6a:5d:a2:83:8d:b1:b9:14:55:94:22:4a:4a:d0:1a:df:35:b1:50:3a:cd:9c:42:5f:7b:1b:59:42:7b:79:ea:66:16:10:08:1c:3d:76:1b:b9:6f:c8:25:f1:f6:33:9c:e7:0f:5a:8a:47:ee:81:ba:24:e8:0c:7c:df:19:5d:3f:b2:39:98:77:fe:9e:6e:b6:c0:a3:3b:37:eb:23:5a:51:04:dd:08:53:df:ce:4b:1b:91:8c:70:72:51:ae:03:85:d6:91:d1:16:69:a6:40:46:7d:da:a4:43:de:88:ae:e3:7c:04:42:49:57:de:89:7f:91:40:7a:5a:10:27:26:2c:b4:0c:8a:d0:a2:33:11:02:c2:58:2b:bc:bc:1a:96:18:ce:50:45:70:e5:aa:85:26:ee:1b:37:2c:4d:4b:be:5f:85:c6:24:a1:ae:38:46:2c:4e:83:aa:4c:4c:da:0a:d6:4a:72:22:7d:c2:f9:46:00:d4:8c:c3:dc:a5:71:e4:de:99:3e:37:a7:98:5b:3a:74:2f:00:cd:b1:8e:e0:e1:7a:6e:e7:f3:87:64:cf:d3:ab:e3:66:ad:8f:d5:c7:67" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:29.988897000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494309.988897000", - "frame.time_delta": "0.149143000", - "frame.time_delta_displayed": "0.149143000", - "frame.time_relative": "718.528211000", - "frame.number": "2534", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000073ac", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x0000172f", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35292", - "tcp.port": "80", - "tcp.port": "35292", - "tcp.stream": "117", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1849", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00006076", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2533", - "tcp.analysis.ack_rtt": "0.149143000", - "tcp.analysis.initial_rtt": "0.136151000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:30.020598000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494310.020598000", - "frame.time_delta": "0.031701000", - "frame.time_delta_displayed": "0.031701000", - "frame.time_relative": "718.559912000", - "frame.number": "2535", - "frame.len": "925", - "frame.cap_len": "925", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:media" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "911", - "ip.id": "0x0000879a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x0000ffd9", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35292", - "tcp.port": "80", - "tcp.port": "35292", - "tcp.stream": "117", - "tcp.len": "871", - "tcp.seq": "1", - "tcp.nxtseq": "872", - "tcp.ack": "1849", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000abfc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.136151000", - "tcp.analysis.bytes_in_flight": "871", - "tcp.analysis.push_bytes_sent": "871" - } - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.cache_control": "private", - "http.response.line": "Cache-Control: private\r\n", - "http.content_length_header": "560", - "http.content_length_header_tree": { - "http.content_length": "560" - }, - "http.response.line": "Content-Length: 560\r\n", - "http.content_type": "application\/CB-Encrypted; cipher=AES", - "http.response.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", - "http.server": "Microsoft-IIS\/7.5", - "http.response.line": "Server: Microsoft-IIS\/7.5\r\n", - "http.www_authenticate": "CBAuth Nonce=\"0GOOY\/BSD0m7INUI1NLMvQ==\"", - "http.response.line": "WWW-Authenticate: CBAuth Nonce=\"0GOOY\/BSD0m7INUI1NLMvQ==\"\r\n", - "http.response.line": "X-AspNet-Version: 4.0.30319\r\n", - "http.response.line": "X-Powered-By: ASP.NET\r\n", - "http.date": "Tue, 31 Oct 2017 23:58:29 GMT", - "http.response.line": "Date: Tue, 31 Oct 2017 23:58:29 GMT\r\n", - "http.connection": "close", - "http.response.line": "Connection: close\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.180844000", - "http.request_in": "2533", - "http.file_data": "\u00ef\u00bf\u00bdbQ.X\u00ef\u00bf\u00bd\u0019\u00ef\u00bf\u00bdu\f-\u00ef\u00bf\u00bdS\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd1\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd$G \u007f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bds\u0010\u0001\u001b\u00ef\u00bf\u00bd~\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd>\u001d\u00ef\u00bf\u00bdT\\,n.\u00ef\u00bf\u00bd\u001eU9\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0005\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdF\u00ef\u00bf\u00bd\u000fCRxnY\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd'9}\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\rx\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdn,\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdi\u00ef\u00bf\u00bdi\u00ef\u00bf\u00bd}\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0017*|\u00ef\u00bf\u00bd(\u00ef\u00bf\u00bdJE_U\u00ef\u00bf\u00bdjd\u0005\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0016\u00ef\u00bf\u00bd*(rO \u00ef\u00bf\u00bd\u00ef\u00bf\u00bd:Di\u00ef\u00bf\u00bdYQ\u00ef\u00bf\u00bd\u001cK.\u001e\u00ef\u00bf\u00bdPF\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0007\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdf\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0004\u007fUvt\u00ef\u00bf\u00bdB\u00ef\u00bf\u00bdgH\u00ef\u00bf\u00bdE\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdul\u00ef\u00bf\u00bd-\u00ef\u00bf\u00bd<\u00ef\u00bf\u00bd{R\u00ef\u00bf\u00bd(\u00ef\u00bf\u00bda\u00ef\u00bf\u00bd\u0004\u00ef\u00bf\u00bdt@\u00ef\u00bf\u00bd%\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd%~\b\u00ef\u00bf\u00bd+@ .\u00ef\u00bf\u00bd[\u0018\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdl\u00ef\u00bf\u00bdm\u00ef\u00bf\u00bd\b\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001b\u0007\u001fp\u00ef\u00bf\u00bd%&\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd|;\u00ef\u00bf\u00bd=\u00ef\u00bf\u00bd\u0003\u00ef\u00bf\u00bd\u0014+\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd-\u001e\u00ef\u00bf\u00bdI\u00ef\u00bf\u00bdl8\u00ef\u00bf\u00bdW\u00ef\u00bf\u00bdz\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdj\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\/\u00ef\u00bf\u00bdy\u00ef\u00bf\u00bdt\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd>\u00ef\u00bf\u00bdP;\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdX\u0004+8\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdHI\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdoyf}<\\\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdf\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdj\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdZQ\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdj\u00ef\u00bf\u00bd^\u00ef\u00bf\u00bd\u0006x\u00ef\u00bf\u00bdG\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0014\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd!\u00ef\u00bf\u00bdNaUu\r\u00ef\u00bf\u00bd|~\u00ef\u00bf\u00bd\u0004q\u00ef\u00bf\u00bdz\u00ef\u00bf\u00bd\u00ef\u00bf\u00bda" - }, - "media": { - "media.type": "da:62:51:2e:58:bd:19:b9:75:0c:2d:8f:53:8a:d8:31:af:9e:e7:24:47:20:7f:c1:8f:73:10:01:1b:e1:7e:c1:ee:90:dd:e8:3e:1d:b3:54:5c:2c:6e:2e:b1:1e:55:39:fb:e1:a9:05:c8:b4:de:46:e1:0f:43:52:78:6e:59:8f:97:c5:95:fb:dc:27:39:7d:e1:a8:cc:8b:0d:78:c8:d8:bb:86:f1:b0:bc:6e:2c:e9:82:69:b8:69:95:7d:ae:94:b6:17:2a:7c:a2:28:d5:4a:45:5f:55:ac:6a:64:05:ed:b8:16:fc:2a:28:72:4f:20:87:94:3a:44:69:a7:59:51:f0:1c:4b:2e:1e:d0:50:46:d3:ac:07:ac:b1:88:af:66:c1:ca:ad:04:7f:55:76:74:b8:42:ae:67:48:a2:45:b2:92:d8:bb:75:6c:94:2d:f8:3c:b2:7b:52:d8:28:c7:61:f5:04:e1:74:40:e8:25:e6:db:25:7e:08:bb:2b:40:20:2e:bd:5b:18:88:b4:6c:de:6d:dd:08:94:fa:9d:1b:07:1f:70:c4:25:26:fb:99:7c:3b:91:3d:c0:03:9e:14:2b:a7:a5:c9:a1:2d:1e:92:49:ad:6c:38:ed:57:b5:7a:db:cb:6a:e6:b7:fb:b5:2f:a4:79:9b:74:b9:c5:3e:e2:50:3b:d6:85:bc:58:04:2b:38:cb:b1:48:49:8c:fa:b8:b0:f9:6f:79:66:7d:3c:5c:98:d0:66:f4:c5:6a:c3:dd:f2:5a:51:ec:ad:f8:6a:ec:5e:f8:06:78:a0:47:fb:e3:14:f0:fd:21:c8:4e:61:55:75:0d:8c:7c:7e:ae:04:71:a1:7a:bc:c3:61:00:f9:69:66:1f:82:6c:f5:6b:84:d1:5c:6f:ef:ae:ae:3d:e7:77:f1:c1:c4:a3:a2:8c:4f:ca:60:f7:5d:1e:ea:a7:47:e6:48:33:9a:13:85:7d:54:63:19:27:2e:bf:66:f0:26:2f:b1:c9:af:58:a6:da:44:0c:87:3f:9a:67:80:3a:08:31:82:43:32:a1:b5:79:2d:de:3f:f0:0d:b4:f9:62:a7:f2:d7:27:8c:22:66:d3:5e:fb:ba:7c:e4:dd:7a:40:da:a4:8b:9f:9f:34:95:a2:26:26:a3:f0:5d:02:5c:6f:c8:7f:b3:d5:c1:5c:ba:65:eb:e4:f6:3d:50:cf:20:30:3f:a7:05:da:0d:64:1e:c2:30:22:a7:57:36:17:89:df:c9:e3:13:fd:fc:67:af:17:af:44:9a:4c:2a:67:ad:dc:11:ca:68:60:6e:1d:ef:99:4e:0d:64:7f:ba:25:1d:ad:7c:52:26:d9:11:76:17:57:84:c8:bb:f1:7e:6d:06:b8:68:d3:1c:78:89:72:50:b5:e7:5b:fa:05:6c:dc:35:ff:8f:22:18:47:87:89:b1:7f:e2:85:13:cc:d4:34:76:da:47:b4:f1:ed:71:5e:5c:9a:4c:7c:b7" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:30.020665000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494310.020665000", - "frame.time_delta": "0.000067000", - "frame.time_delta_displayed": "0.000067000", - "frame.time_relative": "718.559979000", - "frame.number": "2536", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000879c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x0000033f", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35292", - "tcp.port": "80", - "tcp.port": "35292", - "tcp.stream": "117", - "tcp.len": "0", - "tcp.seq": "872", - "tcp.ack": "1849", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00005d0e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:30.021130000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494310.021130000", - "frame.time_delta": "0.000465000", - "frame.time_delta_displayed": "0.000465000", - "frame.time_relative": "718.560444000", - "frame.number": "2537", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00008138", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b4a3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35292", - "tcp.dstport": "80", - "tcp.port": "35292", - "tcp.port": "80", - "tcp.stream": "117", - "tcp.len": "0", - "tcp.seq": "1849", - "tcp.ack": "872", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "30485", - "tcp.window_size": "30485", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000fd5d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2535", - "tcp.analysis.ack_rtt": "0.000532000", - "tcp.analysis.initial_rtt": "0.136151000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:30.021868000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494310.021868000", - "frame.time_delta": "0.000738000", - "frame.time_delta_displayed": "0.000738000", - "frame.time_relative": "718.561182000", - "frame.number": "2538", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00008139", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b4a2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35292", - "tcp.dstport": "80", - "tcp.port": "35292", - "tcp.port": "80", - "tcp.stream": "117", - "tcp.len": "0", - "tcp.seq": "1849", - "tcp.ack": "873", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "30485", - "tcp.window_size": "30485", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000fd5b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2536", - "tcp.analysis.ack_rtt": "0.001203000", - "tcp.analysis.initial_rtt": "0.136151000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:30.157300000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494310.157300000", - "frame.time_delta": "0.135432000", - "frame.time_delta_displayed": "0.135432000", - "frame.time_relative": "718.696614000", - "frame.number": "2539", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000c169", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x0000c971", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35292", - "tcp.port": "80", - "tcp.port": "35292", - "tcp.stream": "117", - "tcp.len": "0", - "tcp.seq": "873", - "tcp.ack": "1850", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00005d0d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2538", - "tcp.analysis.ack_rtt": "0.135432000", - "tcp.analysis.initial_rtt": "0.136151000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:31.568708000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494311.568708000", - "frame.time_delta": "1.411408000", - "frame.time_delta_displayed": "1.411408000", - "frame.time_relative": "720.108022000", - "frame.number": "2540", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x0000e8b4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000d005", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "51339", - "udp.dstport": "53", - "udp.port": "51339", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x0000ed9c", - "udp.checksum.status": "2", - "udp.stream": "61" - }, - "dns": { - "dns.id": "0x00000f15", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:31.569291000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494311.569291000", - "frame.time_delta": "0.000583000", - "frame.time_delta_displayed": "0.000583000", - "frame.time_relative": "720.108605000", - "frame.number": "2541", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x000027d5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000090e5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "51339", - "udp.port": "53", - "udp.port": "51339", - "udp.length": "45", - "udp.checksum": "0x00008230", - "udp.checksum.status": "2", - "udp.stream": "61" - }, - "dns": { - "dns.response_to": "2540", - "dns.time": "0.000583000", - "dns.id": "0x00000f15", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:31.570161000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494311.570161000", - "frame.time_delta": "0.000870000", - "frame.time_delta_displayed": "0.000870000", - "frame.time_relative": "720.109475000", - "frame.number": "2542", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x0000e8b5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000d004", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "35453", - "udp.dstport": "53", - "udp.port": "35453", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x000046aa", - "udp.checksum.status": "2", - "udp.stream": "62" - }, - "dns": { - "dns.id": "0x00000f16", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:31.570675000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494311.570675000", - "frame.time_delta": "0.000514000", - "frame.time_delta_displayed": "0.000514000", - "frame.time_relative": "720.109989000", - "frame.number": "2543", - "frame.len": "95", - "frame.cap_len": "95", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "81", - "ip.id": "0x000027d6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000090d4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "35453", - "udp.port": "53", - "udp.port": "35453", - "udp.length": "61", - "udp.checksum": "0x00008240", - "udp.checksum.status": "2", - "udp.stream": "62" - }, - "dns": { - "dns.response_to": "2542", - "dns.time": "0.000514000", - "dns.id": "0x00000f16", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "1", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { - "dns.resp.name": "dcp.cpp.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3066", - "dns.resp.len": "4", - "dns.a": "5.79.62.93" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:31.571780000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494311.571780000", - "frame.time_delta": "0.001105000", - "frame.time_delta_displayed": "0.001105000", - "frame.time_relative": "720.111094000", - "frame.number": "2544", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x000085f7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000afd8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35293", - "tcp.dstport": "80", - "tcp.port": "35293", - "tcp.port": "80", - "tcp.stream": "118", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00004936", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:31.707307000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494311.707307000", - "frame.time_delta": "0.135527000", - "frame.time_delta_displayed": "0.135527000", - "frame.time_relative": "720.246621000", - "frame.number": "2545", - "frame.len": "62", - "frame.cap_len": "62", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "48", - "ip.id": "0x000010c1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x00007a12", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35293", - "tcp.port": "80", - "tcp.port": "35293", - "tcp.stream": "118", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "28", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "4140", - "tcp.window_size": "4140", - "tcp.checksum": "0x00006471", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:64:04:02:00:00", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1380" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "End of Option List (EOL)": { - "tcp.options.type": "0", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "0" - } - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2544", - "tcp.analysis.ack_rtt": "0.135527000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:31.707856000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494311.707856000", - "frame.time_delta": "0.000549000", - "frame.time_delta_displayed": "0.000549000", - "frame.time_relative": "720.247170000", - "frame.number": "2546", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000085f8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000afe3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35293", - "tcp.dstport": "80", - "tcp.port": "35293", - "tcp.port": "80", - "tcp.stream": "118", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00002e00", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2545", - "tcp.analysis.ack_rtt": "0.000549000", - "tcp.analysis.initial_rtt": "0.136076000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:31.708167000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494311.708167000", - "frame.time_delta": "0.000311000", - "frame.time_delta_displayed": "0.000311000", - "frame.time_relative": "720.247481000", - "frame.number": "2547", - "frame.len": "654", - "frame.cap_len": "654", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "640", - "ip.id": "0x000085f9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ad8a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35293", - "tcp.dstport": "80", - "tcp.port": "35293", - "tcp.port": "80", - "tcp.stream": "118", - "tcp.len": "600", - "tcp.seq": "1", - "tcp.nxtseq": "601", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000dc81", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.136076000", - "tcp.analysis.bytes_in_flight": "600", - "tcp.analysis.push_bytes_sent": "600" - }, - "tcp.segment_data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:38:32:22:2c:20:4e:6f:6e:63:65:3d:22:30:47:4f:4f:59:2f:42:53:44:30:6d:37:49:4e:55:49:31:4e:4c:4d:76:51:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:70:4e:34:48:57:31:58:44:7a:49:79:64:73:6e:73:69:6a:41:31:68:52:67:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:31.844705000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494311.844705000", - "frame.time_delta": "0.136538000", - "frame.time_delta_displayed": "0.136538000", - "frame.time_relative": "720.384019000", - "frame.number": "2548", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00004582", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x00004559", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35293", - "tcp.port": "80", - "tcp.port": "35293", - "tcp.stream": "118", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "601", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4740", - "tcp.window_size": "4740", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00008b34", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2547", - "tcp.analysis.ack_rtt": "0.136538000", - "tcp.analysis.initial_rtt": "0.136076000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:31.845328000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494311.845328000", - "frame.time_delta": "0.000623000", - "frame.time_delta_displayed": "0.000623000", - "frame.time_relative": "720.384642000", - "frame.number": "2549", - "frame.len": "1302", - "frame.cap_len": "1302", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:media" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1288", - "ip.id": "0x000085fa", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ab01", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35293", - "tcp.dstport": "80", - "tcp.port": "35293", - "tcp.port": "80", - "tcp.stream": "118", - "tcp.len": "1248", - "tcp.seq": "601", - "tcp.nxtseq": "1849", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000ee79", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.136076000", - "tcp.analysis.bytes_in_flight": "1248", - "tcp.analysis.push_bytes_sent": "1248" - }, - "tcp.segment_data": "de:0e:db:db:57:82:e5:41:8b:b9:47:6d:6b:d9:72:39:c3:63:11:e4:ee:e1:70:7d:b2:6b:20:d5:e1:10:1e:94:79:78:26:ff:1e:de:c0:13:ef:b2:e7:3b:b1:3b:7b:82:65:8b:4f:8b:e8:ca:a1:60:cc:42:80:32:c4:a7:55:ee:3d:e5:5c:da:df:eb:10:fd:d0:d0:8c:29:df:23:ca:52:89:22:97:b8:ad:f0:00:6d:9d:1b:7e:2a:16:fb:3d:49:fe:07:82:98:6c:70:a0:5f:cc:24:4f:9e:99:33:54:e9:b5:37:1b:34:fb:f1:a7:49:e1:32:7a:3d:76:1d:70:63:8e:7b:3c:ce:f5:e4:ec:08:bd:38:ae:2a:3d:3f:ba:68:76:51:fc:64:dd:e3:56:60:eb:25:04:d1:63:a4:fc:88:a4:3a:76:30:84:0a:e1:3a:54:b7:ff:a1:fe:44:a0:c2:fa:b0:6c:4c:32:9f:4d:87:04:0b:b8:13:23:37:62:81:36:af:f2:c3:26:ce:d5:2d:36:14:58:f9:c7:e6:30:5d:72:da:f5:cd:7f:3b:d2:cc:5f:3d:78:53:1e:1b:22:39:d9:bc:a4:ff:5b:48:d8:54:ad:74:71:c7:bd:08:e2:9f:a6:b0:4c:a8:fb:03:17:ec:01:29:48:a9:60:e7:14:0c:04:4d:bf:46:88:e1:f8:a7:48:a3:64:a4:dd:c4:b1:1c:4b:22:8c:1c:cb:d2:e4:b8:49:65:ec:e6:54:68:cd:91:5c:80:b6:65:21:70:44:2d:7d:23:07:23:70:32:fb:87:55:5a:54:8a:47:62:2a:bf:3c:3a:13:35:e9:ca:b5:91:0f:77:73:a2:81:82:38:6b:09:a3:3e:2e:0c:99:ed:f3:5e:b4:7c:17:d4:e3:04:63:2c:62:78:96:8e:74:62:9d:fe:d4:15:a7:b9:8c:de:2b:7f:3a:54:17:14:c7:60:02:90:fd:8c:a4:c9:61:d9:de:d0:d4:3c:e9:01:4d:60:56:84:5f:96:bd:26:ee:79:d3:e8:ff:7a:4c:e0:e6:dd:af:85:f7:45:2a:e3:24:ab:77:72:7e:9f:25:f5:5b:c6:6d:f3:77:17:a0:9d:96:84:e7:89:db:2e:b1:a9:52:36:78:48:6e:b9:a8:80:aa:3f:dd:1f:08:14:f5:1b:b7:fa:77:65:cf:5a:15:d6:06:90:1b:7e:0c:c8:91:de:78:08:86:96:d8:17:f5:29:10:29:de:9c:e1:dd:f5:cd:b0:6b:7f:96:06:34:6f:11:54:03:8f:7e:9f:6b:7b:7d:cc:86:1c:3f:dc:55:f2:f8:21:7a:96:23:b6:ac:85:4c:cc:a6:14:8c:9d:47:7c:65:59:05:7f:84:e4:a0:70:1f:4b:a9:ac:5a:21:9b:6f:b9:03:25:d5:cb:43:36:3e:23:7f:7b:4d:a6:e6:2f:02:c5:15:9a:61:79:c6:bc:47:32:f3:f2:5c:8f:50:de:07:1e:6c:dc:36:9d:ca:b6:7a:31:02:3b:87:51:ab:c1:fd:38:87:ac:ec:54:95:d2:38:03:5e:67:f6:87:cf:bd:1d:4b:84:fa:e5:06:4e:8e:52:4c:e1:43:5c:53:b3:67:10:99:49:27:1a:4f:80:9e:4d:44:08:e0:ca:09:a6:7d:2f:0d:bd:cd:8e:2c:0a:7d:6f:a5:c7:07:fc:c5:e5:71:16:75:b3:31:28:24:33:60:34:a5:d6:b1:14:9f:ea:ba:af:a1:2b:64:c1:e2:2b:23:27:48:4d:cf:4b:db:e1:65:9e:c7:04:28:9f:50:4b:e9:38:2d:9f:cd:65:b7:bf:ce:7e:1b:fc:2d:b6:d3:52:c7:d6:56:fc:3e:1b:93:e5:ea:e3:64:ab:fd:01:e5:b8:28:84:cf:f8:ef:74:9c:ad:09:ee:e4:b8:9b:3f:5c:3b:b2:6f:e6:8e:eb:85:a9:b1:92:46:36:49:b7:6b:1f:c1:fc:6d:7b:29:c1:ad:6e:bd:02:f1:c0:bd:82:9e:77:bd:f1:d0:bc:e5:37:1e:72:5b:1e:a5:5c:08:b3:95:3e:06:e2:7b:8b:90:18:d9:2a:de:55:f6:1d:ff:2d:1a:55:17:59:0d:d6:07:bb:0b:c6:03:fb:ac:52:e1:af:0f:1e:3d:31:96:75:af:a4:b0:a5:3b:a1:52:12:a4:9e:d7:3a:af:9a:80:c5:97:4b:02:08:37:96:ab:01:79:5c:d5:8a:52:f4:aa:b1:b3:33:5c:e7:e7:fd:09:a7:f1:c1:82:fa:d0:a9:c7:5b:f1:34:44:2b:3c:6f:2d:d1:99:a9:ef:7f:63:28:ca:18:d5:bd:f6:63:e6:7e:ee:90:c1:74:aa:77:00:5b:d3:33:04:ec:88:c7:d0:ad:1e:67:d6:54:6d:36:6c:a2:e6:0e:33:5d:25:e0:1f:5f:fa:78:2a:6b:b3:9b:5b:87:ec:32:32:b6:0f:0f:5f:0b:92:b7:50:9e:11:79:ee:bb:bd:29:03:27:f5:c6:9c:25:58:19:b7:4f:6c:5f:e7:b6:bc:de:34:43:16:1e:05:18:80:8d:47:eb:87:16:1c:29:23:78:01:d3:92:20:a8:52:a7:e4:b3:df:4b:fe:ad:92:d4:a0:2f:44:69:95:74:87:82:c1:b9:6c:97:86:ae:1d:5c:e2:89:46:08:99:8f:7c:ac:fe:0d:c2:e8:25:91:30:c8:4f:ff:95:8e:af:22:35:20:8d:60:17:93:44:91:51:e8:6c:ae:3d:41:a2:fe:bd:ae:1a:82:af:d6:c2:7d:c5:30:43:9f:38:2c:62:cd:74:b4:5f:70:2b:8a:74:5a:70:80:b9:49:fe:ae:bb:af:a3:43:68:4b:0a:29:17:c1:43:7f:2c:ce:1b:23:66:8c:cd:3e:49:0e:df:03:a9:d6:09:a8:69:b9:85:c4:73:af:33:23:97:d4:0f:73:57:26:82:7d:2b:4d:01:f2:88:92:9d:36:f0:f6:e9:2d:e0:53:48:b0:85:cd:0b:fd:e7:4b:cf:d3:44:6a:55:68:d9:56:5a:27:f5:1f:e3:00:d9:d4:a5:59:92:d3:6f:2c:58:eb:0b:90:04:98:f4:a2:51:91:00:d6:cf:cd:dd:c7:29:13:85:cb:cc:d2:4a:9d:63:53:6f:9c:38:fa:d1:c0:0a:6c:07:72:1c:12:e3:5f:a8:be:1e:e1:38:14:cd:2d:53:9c:02:58:29:89:68:fe:79:ea:00:1f:02:b2:c1:7e:c5:6b:7e:11:18:39:fd:2a:96:c6:6e:4f:a7:45:a3:58:f9:c1:e3:eb:97:e4:5c:f7" - }, - "tcp.segments": { - "tcp.segment": "2547", - "tcp.segment": "2549", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1848", - "tcp.reassembled.data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:38:32:22:2c:20:4e:6f:6e:63:65:3d:22:30:47:4f:4f:59:2f:42:53:44:30:6d:37:49:4e:55:49:31:4e:4c:4d:76:51:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:70:4e:34:48:57:31:58:44:7a:49:79:64:73:6e:73:69:6a:41:31:68:52:67:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a:de:0e:db:db:57:82:e5:41:8b:b9:47:6d:6b:d9:72:39:c3:63:11:e4:ee:e1:70:7d:b2:6b:20:d5:e1:10:1e:94:79:78:26:ff:1e:de:c0:13:ef:b2:e7:3b:b1:3b:7b:82:65:8b:4f:8b:e8:ca:a1:60:cc:42:80:32:c4:a7:55:ee:3d:e5:5c:da:df:eb:10:fd:d0:d0:8c:29:df:23:ca:52:89:22:97:b8:ad:f0:00:6d:9d:1b:7e:2a:16:fb:3d:49:fe:07:82:98:6c:70:a0:5f:cc:24:4f:9e:99:33:54:e9:b5:37:1b:34:fb:f1:a7:49:e1:32:7a:3d:76:1d:70:63:8e:7b:3c:ce:f5:e4:ec:08:bd:38:ae:2a:3d:3f:ba:68:76:51:fc:64:dd:e3:56:60:eb:25:04:d1:63:a4:fc:88:a4:3a:76:30:84:0a:e1:3a:54:b7:ff:a1:fe:44:a0:c2:fa:b0:6c:4c:32:9f:4d:87:04:0b:b8:13:23:37:62:81:36:af:f2:c3:26:ce:d5:2d:36:14:58:f9:c7:e6:30:5d:72:da:f5:cd:7f:3b:d2:cc:5f:3d:78:53:1e:1b:22:39:d9:bc:a4:ff:5b:48:d8:54:ad:74:71:c7:bd:08:e2:9f:a6:b0:4c:a8:fb:03:17:ec:01:29:48:a9:60:e7:14:0c:04:4d:bf:46:88:e1:f8:a7:48:a3:64:a4:dd:c4:b1:1c:4b:22:8c:1c:cb:d2:e4:b8:49:65:ec:e6:54:68:cd:91:5c:80:b6:65:21:70:44:2d:7d:23:07:23:70:32:fb:87:55:5a:54:8a:47:62:2a:bf:3c:3a:13:35:e9:ca:b5:91:0f:77:73:a2:81:82:38:6b:09:a3:3e:2e:0c:99:ed:f3:5e:b4:7c:17:d4:e3:04:63:2c:62:78:96:8e:74:62:9d:fe:d4:15:a7:b9:8c:de:2b:7f:3a:54:17:14:c7:60:02:90:fd:8c:a4:c9:61:d9:de:d0:d4:3c:e9:01:4d:60:56:84:5f:96:bd:26:ee:79:d3:e8:ff:7a:4c:e0:e6:dd:af:85:f7:45:2a:e3:24:ab:77:72:7e:9f:25:f5:5b:c6:6d:f3:77:17:a0:9d:96:84:e7:89:db:2e:b1:a9:52:36:78:48:6e:b9:a8:80:aa:3f:dd:1f:08:14:f5:1b:b7:fa:77:65:cf:5a:15:d6:06:90:1b:7e:0c:c8:91:de:78:08:86:96:d8:17:f5:29:10:29:de:9c:e1:dd:f5:cd:b0:6b:7f:96:06:34:6f:11:54:03:8f:7e:9f:6b:7b:7d:cc:86:1c:3f:dc:55:f2:f8:21:7a:96:23:b6:ac:85:4c:cc:a6:14:8c:9d:47:7c:65:59:05:7f:84:e4:a0:70:1f:4b:a9:ac:5a:21:9b:6f:b9:03:25:d5:cb:43:36:3e:23:7f:7b:4d:a6:e6:2f:02:c5:15:9a:61:79:c6:bc:47:32:f3:f2:5c:8f:50:de:07:1e:6c:dc:36:9d:ca:b6:7a:31:02:3b:87:51:ab:c1:fd:38:87:ac:ec:54:95:d2:38:03:5e:67:f6:87:cf:bd:1d:4b:84:fa:e5:06:4e:8e:52:4c:e1:43:5c:53:b3:67:10:99:49:27:1a:4f:80:9e:4d:44:08:e0:ca:09:a6:7d:2f:0d:bd:cd:8e:2c:0a:7d:6f:a5:c7:07:fc:c5:e5:71:16:75:b3:31:28:24:33:60:34:a5:d6:b1:14:9f:ea:ba:af:a1:2b:64:c1:e2:2b:23:27:48:4d:cf:4b:db:e1:65:9e:c7:04:28:9f:50:4b:e9:38:2d:9f:cd:65:b7:bf:ce:7e:1b:fc:2d:b6:d3:52:c7:d6:56:fc:3e:1b:93:e5:ea:e3:64:ab:fd:01:e5:b8:28:84:cf:f8:ef:74:9c:ad:09:ee:e4:b8:9b:3f:5c:3b:b2:6f:e6:8e:eb:85:a9:b1:92:46:36:49:b7:6b:1f:c1:fc:6d:7b:29:c1:ad:6e:bd:02:f1:c0:bd:82:9e:77:bd:f1:d0:bc:e5:37:1e:72:5b:1e:a5:5c:08:b3:95:3e:06:e2:7b:8b:90:18:d9:2a:de:55:f6:1d:ff:2d:1a:55:17:59:0d:d6:07:bb:0b:c6:03:fb:ac:52:e1:af:0f:1e:3d:31:96:75:af:a4:b0:a5:3b:a1:52:12:a4:9e:d7:3a:af:9a:80:c5:97:4b:02:08:37:96:ab:01:79:5c:d5:8a:52:f4:aa:b1:b3:33:5c:e7:e7:fd:09:a7:f1:c1:82:fa:d0:a9:c7:5b:f1:34:44:2b:3c:6f:2d:d1:99:a9:ef:7f:63:28:ca:18:d5:bd:f6:63:e6:7e:ee:90:c1:74:aa:77:00:5b:d3:33:04:ec:88:c7:d0:ad:1e:67:d6:54:6d:36:6c:a2:e6:0e:33:5d:25:e0:1f:5f:fa:78:2a:6b:b3:9b:5b:87:ec:32:32:b6:0f:0f:5f:0b:92:b7:50:9e:11:79:ee:bb:bd:29:03:27:f5:c6:9c:25:58:19:b7:4f:6c:5f:e7:b6:bc:de:34:43:16:1e:05:18:80:8d:47:eb:87:16:1c:29:23:78:01:d3:92:20:a8:52:a7:e4:b3:df:4b:fe:ad:92:d4:a0:2f:44:69:95:74:87:82:c1:b9:6c:97:86:ae:1d:5c:e2:89:46:08:99:8f:7c:ac:fe:0d:c2:e8:25:91:30:c8:4f:ff:95:8e:af:22:35:20:8d:60:17:93:44:91:51:e8:6c:ae:3d:41:a2:fe:bd:ae:1a:82:af:d6:c2:7d:c5:30:43:9f:38:2c:62:cd:74:b4:5f:70:2b:8a:74:5a:70:80:b9:49:fe:ae:bb:af:a3:43:68:4b:0a:29:17:c1:43:7f:2c:ce:1b:23:66:8c:cd:3e:49:0e:df:03:a9:d6:09:a8:69:b9:85:c4:73:af:33:23:97:d4:0f:73:57:26:82:7d:2b:4d:01:f2:88:92:9d:36:f0:f6:e9:2d:e0:53:48:b0:85:cd:0b:fd:e7:4b:cf:d3:44:6a:55:68:d9:56:5a:27:f5:1f:e3:00:d9:d4:a5:59:92:d3:6f:2c:58:eb:0b:90:04:98:f4:a2:51:91:00:d6:cf:cd:dd:c7:29:13:85:cb:cc:d2:4a:9d:63:53:6f:9c:38:fa:d1:c0:0a:6c:07:72:1c:12:e3:5f:a8:be:1e:e1:38:14:cd:2d:53:9c:02:58:29:89:68:fe:79:ea:00:1f:02:b2:c1:7e:c5:6b:7e:11:18:39:fd:2a:96:c6:6e:4f:a7:45:a3:58:f9:c1:e3:eb:97:e4:5c:f7" - }, - "http": { - "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "POST", - "http.request.uri": "\/DcpRequestHandler\/index.ashx", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "dcp.cpp.philips.com:80", - "http.request.line": "Host: dcp.cpp.philips.com:80\r\n", - "http.authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"182\", Nonce=\"0GOOY\/BSD0m7INUI1NLMvQ==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"pN4HW1XDzIydsnsijA1hRg==\"", - "http.request.line": "Authorization: CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"182\", Nonce=\"0GOOY\/BSD0m7INUI1NLMvQ==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"pN4HW1XDzIydsnsijA1hRg==\"\r\n", - "http.content_length_header": "1248 ", - "http.content_length_header_tree": { - "http.content_length": "1248" - }, - "http.request.line": "Content-Length: 1248 \r\n", - "http.content_type": "application\/CB-Encrypted; cipher=AES", - "http.request.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", - "http.connection": "close", - "http.request.line": "Connection: close\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/dcp.cpp.philips.com:80\/DcpRequestHandler\/index.ashx", - "http.request": "1", - "http.request_number": "1", - "http.file_data": "\u00ef\u00bf\u00bd\u000e\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdW\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdA\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdGmk\u00ef\u00bf\u00bdr9\u00ef\u00bf\u00bdc\u0011\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdp}\u00ef\u00bf\u00bdk \u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0010\u001e\u00ef\u00bf\u00bdyx&\u00ef\u00bf\u00bd\u001e\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0013\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd;\u00ef\u00bf\u00bd;{\u00ef\u00bf\u00bde\u00ef\u00bf\u00bdO\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd`\u00ef\u00bf\u00bdB\u00ef\u00bf\u00bd2\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdU\u00ef\u00bf\u00bd=\u00ef\u00bf\u00bd\\\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0010\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd)\u00ef\u00bf\u00bd#\u00ef\u00bf\u00bdR\u00ef\u00bf\u00bd\"\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd" - }, - "media": { - "media.type": "de:0e:db:db:57:82:e5:41:8b:b9:47:6d:6b:d9:72:39:c3:63:11:e4:ee:e1:70:7d:b2:6b:20:d5:e1:10:1e:94:79:78:26:ff:1e:de:c0:13:ef:b2:e7:3b:b1:3b:7b:82:65:8b:4f:8b:e8:ca:a1:60:cc:42:80:32:c4:a7:55:ee:3d:e5:5c:da:df:eb:10:fd:d0:d0:8c:29:df:23:ca:52:89:22:97:b8:ad:f0:00:6d:9d:1b:7e:2a:16:fb:3d:49:fe:07:82:98:6c:70:a0:5f:cc:24:4f:9e:99:33:54:e9:b5:37:1b:34:fb:f1:a7:49:e1:32:7a:3d:76:1d:70:63:8e:7b:3c:ce:f5:e4:ec:08:bd:38:ae:2a:3d:3f:ba:68:76:51:fc:64:dd:e3:56:60:eb:25:04:d1:63:a4:fc:88:a4:3a:76:30:84:0a:e1:3a:54:b7:ff:a1:fe:44:a0:c2:fa:b0:6c:4c:32:9f:4d:87:04:0b:b8:13:23:37:62:81:36:af:f2:c3:26:ce:d5:2d:36:14:58:f9:c7:e6:30:5d:72:da:f5:cd:7f:3b:d2:cc:5f:3d:78:53:1e:1b:22:39:d9:bc:a4:ff:5b:48:d8:54:ad:74:71:c7:bd:08:e2:9f:a6:b0:4c:a8:fb:03:17:ec:01:29:48:a9:60:e7:14:0c:04:4d:bf:46:88:e1:f8:a7:48:a3:64:a4:dd:c4:b1:1c:4b:22:8c:1c:cb:d2:e4:b8:49:65:ec:e6:54:68:cd:91:5c:80:b6:65:21:70:44:2d:7d:23:07:23:70:32:fb:87:55:5a:54:8a:47:62:2a:bf:3c:3a:13:35:e9:ca:b5:91:0f:77:73:a2:81:82:38:6b:09:a3:3e:2e:0c:99:ed:f3:5e:b4:7c:17:d4:e3:04:63:2c:62:78:96:8e:74:62:9d:fe:d4:15:a7:b9:8c:de:2b:7f:3a:54:17:14:c7:60:02:90:fd:8c:a4:c9:61:d9:de:d0:d4:3c:e9:01:4d:60:56:84:5f:96:bd:26:ee:79:d3:e8:ff:7a:4c:e0:e6:dd:af:85:f7:45:2a:e3:24:ab:77:72:7e:9f:25:f5:5b:c6:6d:f3:77:17:a0:9d:96:84:e7:89:db:2e:b1:a9:52:36:78:48:6e:b9:a8:80:aa:3f:dd:1f:08:14:f5:1b:b7:fa:77:65:cf:5a:15:d6:06:90:1b:7e:0c:c8:91:de:78:08:86:96:d8:17:f5:29:10:29:de:9c:e1:dd:f5:cd:b0:6b:7f:96:06:34:6f:11:54:03:8f:7e:9f:6b:7b:7d:cc:86:1c:3f:dc:55:f2:f8:21:7a:96:23:b6:ac:85:4c:cc:a6:14:8c:9d:47:7c:65:59:05:7f:84:e4:a0:70:1f:4b:a9:ac:5a:21:9b:6f:b9:03:25:d5:cb:43:36:3e:23:7f:7b:4d:a6:e6:2f:02:c5:15:9a:61:79:c6:bc:47:32:f3:f2:5c:8f:50:de:07:1e:6c:dc:36:9d:ca:b6:7a:31:02:3b:87:51:ab:c1:fd:38:87:ac:ec:54:95:d2:38:03:5e:67:f6:87:cf:bd:1d:4b:84:fa:e5:06:4e:8e:52:4c:e1:43:5c:53:b3:67:10:99:49:27:1a:4f:80:9e:4d:44:08:e0:ca:09:a6:7d:2f:0d:bd:cd:8e:2c:0a:7d:6f:a5:c7:07:fc:c5:e5:71:16:75:b3:31:28:24:33:60:34:a5:d6:b1:14:9f:ea:ba:af:a1:2b:64:c1:e2:2b:23:27:48:4d:cf:4b:db:e1:65:9e:c7:04:28:9f:50:4b:e9:38:2d:9f:cd:65:b7:bf:ce:7e:1b:fc:2d:b6:d3:52:c7:d6:56:fc:3e:1b:93:e5:ea:e3:64:ab:fd:01:e5:b8:28:84:cf:f8:ef:74:9c:ad:09:ee:e4:b8:9b:3f:5c:3b:b2:6f:e6:8e:eb:85:a9:b1:92:46:36:49:b7:6b:1f:c1:fc:6d:7b:29:c1:ad:6e:bd:02:f1:c0:bd:82:9e:77:bd:f1:d0:bc:e5:37:1e:72:5b:1e:a5:5c:08:b3:95:3e:06:e2:7b:8b:90:18:d9:2a:de:55:f6:1d:ff:2d:1a:55:17:59:0d:d6:07:bb:0b:c6:03:fb:ac:52:e1:af:0f:1e:3d:31:96:75:af:a4:b0:a5:3b:a1:52:12:a4:9e:d7:3a:af:9a:80:c5:97:4b:02:08:37:96:ab:01:79:5c:d5:8a:52:f4:aa:b1:b3:33:5c:e7:e7:fd:09:a7:f1:c1:82:fa:d0:a9:c7:5b:f1:34:44:2b:3c:6f:2d:d1:99:a9:ef:7f:63:28:ca:18:d5:bd:f6:63:e6:7e:ee:90:c1:74:aa:77:00:5b:d3:33:04:ec:88:c7:d0:ad:1e:67:d6:54:6d:36:6c:a2:e6:0e:33:5d:25:e0:1f:5f:fa:78:2a:6b:b3:9b:5b:87:ec:32:32:b6:0f:0f:5f:0b:92:b7:50:9e:11:79:ee:bb:bd:29:03:27:f5:c6:9c:25:58:19:b7:4f:6c:5f:e7:b6:bc:de:34:43:16:1e:05:18:80:8d:47:eb:87:16:1c:29:23:78:01:d3:92:20:a8:52:a7:e4:b3:df:4b:fe:ad:92:d4:a0:2f:44:69:95:74:87:82:c1:b9:6c:97:86:ae:1d:5c:e2:89:46:08:99:8f:7c:ac:fe:0d:c2:e8:25:91:30:c8:4f:ff:95:8e:af:22:35:20:8d:60:17:93:44:91:51:e8:6c:ae:3d:41:a2:fe:bd:ae:1a:82:af:d6:c2:7d:c5:30:43:9f:38:2c:62:cd:74:b4:5f:70:2b:8a:74:5a:70:80:b9:49:fe:ae:bb:af:a3:43:68:4b:0a:29:17:c1:43:7f:2c:ce:1b:23:66:8c:cd:3e:49:0e:df:03:a9:d6:09:a8:69:b9:85:c4:73:af:33:23:97:d4:0f:73:57:26:82:7d:2b:4d:01:f2:88:92:9d:36:f0:f6:e9:2d:e0:53:48:b0:85:cd:0b:fd:e7:4b:cf:d3:44:6a:55:68:d9:56:5a:27:f5:1f:e3:00:d9:d4:a5:59:92:d3:6f:2c:58:eb:0b:90:04:98:f4:a2:51:91:00:d6:cf:cd:dd:c7:29:13:85:cb:cc:d2:4a:9d:63:53:6f:9c:38:fa:d1:c0:0a:6c:07:72:1c:12:e3:5f:a8:be:1e:e1:38:14:cd:2d:53:9c:02:58:29:89:68:fe:79:ea:00:1f:02:b2:c1:7e:c5:6b:7e:11:18:39:fd:2a:96:c6:6e:4f:a7:45:a3:58:f9:c1:e3:eb:97:e4:5c:f7" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:31.980929000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494311.980929000", - "frame.time_delta": "0.135601000", - "frame.time_delta_displayed": "0.135601000", - "frame.time_relative": "720.520243000", - "frame.number": "2550", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000796e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x0000116d", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35293", - "tcp.port": "80", - "tcp.port": "35293", - "tcp.stream": "118", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1849", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00008174", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2549", - "tcp.analysis.ack_rtt": "0.135601000", - "tcp.analysis.initial_rtt": "0.136076000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:32.012911000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494312.012911000", - "frame.time_delta": "0.031982000", - "frame.time_delta_displayed": "0.031982000", - "frame.time_relative": "720.552225000", - "frame.number": "2551", - "frame.len": "925", - "frame.cap_len": "925", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:media" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "911", - "ip.id": "0x000085f5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x0000017f", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35293", - "tcp.port": "80", - "tcp.port": "35293", - "tcp.stream": "118", - "tcp.len": "871", - "tcp.seq": "1", - "tcp.nxtseq": "872", - "tcp.ack": "1849", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000c04d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.136076000", - "tcp.analysis.bytes_in_flight": "871", - "tcp.analysis.push_bytes_sent": "871" - } - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.cache_control": "private", - "http.response.line": "Cache-Control: private\r\n", - "http.content_length_header": "560", - "http.content_length_header_tree": { - "http.content_length": "560" - }, - "http.response.line": "Content-Length: 560\r\n", - "http.content_type": "application\/CB-Encrypted; cipher=AES", - "http.response.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", - "http.server": "Microsoft-IIS\/7.5", - "http.response.line": "Server: Microsoft-IIS\/7.5\r\n", - "http.www_authenticate": "CBAuth Nonce=\"PpNw5lBXOEq7INUImzY0+w==\"", - "http.response.line": "WWW-Authenticate: CBAuth Nonce=\"PpNw5lBXOEq7INUImzY0+w==\"\r\n", - "http.response.line": "X-AspNet-Version: 4.0.30319\r\n", - "http.response.line": "X-Powered-By: ASP.NET\r\n", - "http.date": "Tue, 31 Oct 2017 23:58:31 GMT", - "http.response.line": "Date: Tue, 31 Oct 2017 23:58:31 GMT\r\n", - "http.connection": "close", - "http.response.line": "Connection: close\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.167583000", - "http.request_in": "2549", - "http.file_data": "\u00ef\u00bf\u00bd\u000e\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdW\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdA\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdGmk\u00ef\u00bf\u00bdr9\u00ef\u00bf\u00bdc\u0011\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdp}\u00ef\u00bf\u00bdk \u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0010\u001e\u00ef\u00bf\u00bdIi\u00177-<w\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001a\n\u00ef\u00bf\u00bdlr{\u001a8p\b\u00ef\u00bf\u00bdj:\u0017'A'\u00ef\u00bf\u00bd\f9;\u001c\u00ef\u00bf\u00bd4\/\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd \u00ef\u00bf\u00bdy`kI\u00ef\u00bf\u00bd\u001b\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\\\u0013\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd3\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001ee\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd$F\u00ef\u00bf\u00bd\u0003\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0004\u00ef\u00bf\u00bd&\u00ef\u00bf\u00bdo\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdM\u00ef\u00bf\u00bd%\\Y\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00052\u0011" - }, - "media": { - "media.type": "de:0e:db:db:57:82:e5:41:8b:b9:47:6d:6b:d9:72:39:c3:63:11:e4:ee:e1:70:7d:b2:6b:20:d5:e1:10:1e:94:49:69:17:37:2d:3c:77:d1:be:9a:1a:0a:ee:6c:72:7b:1a:38:70:08:b8:6a:3a:17:27:41:27:a0:0c:39:3b:1c:da:34:2f:84:da:ab:20:c2:79:60:6b:49:c7:1b:db:e9:5c:13:bf:82:a5:33:c2:a2:9d:9a:a3:1e:65:ef:e1:24:46:c3:03:88:cc:d7:04:eb:26:b6:6f:e7:db:4d:e3:25:5c:59:cb:f5:b3:05:32:11:00:fb:a3:54:aa:67:49:1c:e4:9d:ba:13:a3:ff:a4:2e:46:3d:a4:7f:74:d0:45:b0:c9:dc:ac:9c:03:e8:dd:9b:7b:0d:01:c7:8c:a8:25:19:de:f0:26:0e:c0:f2:3b:d9:4d:c4:07:81:bf:39:66:73:4f:73:28:52:8e:15:94:0f:6f:d1:06:f3:1f:9e:7a:e6:f4:85:70:ac:2c:bc:b6:87:70:2c:bd:5e:24:f8:7d:5b:90:b1:37:6c:59:51:70:90:c4:00:02:b4:9a:f8:8f:73:3b:ea:cd:5c:9b:9f:c8:44:a2:16:34:fc:79:83:3e:ee:58:0e:67:c4:3a:7c:57:ad:98:b6:bd:57:4c:79:bb:ac:cd:94:e5:dc:09:95:4e:a5:ab:88:db:ef:35:0c:2c:58:d4:3b:76:4a:81:13:84:be:4d:b4:db:e1:55:db:80:b2:e5:d9:8b:e4:fa:43:f4:53:71:73:9f:25:99:82:c9:fe:26:12:72:6b:8b:f1:08:80:a4:5b:42:02:ae:f4:d1:48:6c:b9:86:39:d7:e9:9b:f3:57:4d:d3:f0:ed:fa:0d:e3:f6:9c:c4:87:dc:02:91:02:7f:73:ec:d8:48:35:b5:ce:c4:c7:36:36:54:53:68:9b:e4:b4:5a:26:7f:98:13:8d:ce:93:b3:79:0c:17:c8:07:31:33:9b:73:98:ed:fd:10:fe:57:26:26:80:80:d4:c3:fa:64:8b:a1:3f:67:da:1c:2b:8d:35:2b:ec:bc:c7:e2:72:e0:79:1b:eb:d5:fe:7f:db:e0:f9:be:60:46:d2:bf:52:a1:77:21:f8:7b:ce:22:b3:fe:61:89:3a:eb:ee:c5:9e:d1:4b:37:ba:f5:cf:95:a3:94:1b:af:06:31:2b:36:f6:57:16:63:1d:0c:94:5a:da:67:70:8a:e8:42:ae:97:85:bb:52:e0:f7:0e:47:b7:15:c9:00:e6:5f:b3:ee:69:3e:c9:70:0b:0f:30:41:6a:2c:c5:ad:46:53:af:55:5f:32:1b:d3:46:54:7c:ad:21:e6:7a:de:6a:53:0b:15:13:11:4a:f2:df:96:8f:7c:70:2d:34:7d:8f:d9:9a:29:1e:01:ec:ad:99:b9:5c:69:ea:00:b1:e5:3f:ca:e4:f9:15:10:e1:14:3a:77:a9:f6:3f" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:32.012998000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494312.012998000", - "frame.time_delta": "0.000087000", - "frame.time_delta_displayed": "0.000087000", - "frame.time_relative": "720.552312000", - "frame.number": "2552", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000085f7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x000004e4", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35293", - "tcp.port": "80", - "tcp.port": "35293", - "tcp.stream": "118", - "tcp.len": "0", - "tcp.seq": "872", - "tcp.ack": "1849", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00007e0c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:32.013481000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494312.013481000", - "frame.time_delta": "0.000483000", - "frame.time_delta_displayed": "0.000483000", - "frame.time_relative": "720.552795000", - "frame.number": "2553", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000085fb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000afe0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35293", - "tcp.dstport": "80", - "tcp.port": "35293", - "tcp.port": "80", - "tcp.stream": "118", - "tcp.len": "0", - "tcp.seq": "1849", - "tcp.ack": "872", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "30485", - "tcp.window_size": "30485", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00001e5c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2551", - "tcp.analysis.ack_rtt": "0.000570000", - "tcp.analysis.initial_rtt": "0.136076000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:32.014419000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494312.014419000", - "frame.time_delta": "0.000938000", - "frame.time_delta_displayed": "0.000938000", - "frame.time_relative": "720.553733000", - "frame.number": "2554", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000085fc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000afdf", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35293", - "tcp.dstport": "80", - "tcp.port": "35293", - "tcp.port": "80", - "tcp.stream": "118", - "tcp.len": "0", - "tcp.seq": "1849", - "tcp.ack": "873", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "30485", - "tcp.window_size": "30485", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00001e5a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2552", - "tcp.analysis.ack_rtt": "0.001421000", - "tcp.analysis.initial_rtt": "0.136076000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:32.149834000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494312.149834000", - "frame.time_delta": "0.135415000", - "frame.time_delta_displayed": "0.135415000", - "frame.time_relative": "720.689148000", - "frame.number": "2555", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000c2d9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x0000c801", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35293", - "tcp.port": "80", - "tcp.port": "35293", - "tcp.stream": "118", - "tcp.len": "0", - "tcp.seq": "873", - "tcp.ack": "1850", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00007e0b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2554", - "tcp.analysis.ack_rtt": "0.135415000", - "tcp.analysis.initial_rtt": "0.136076000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:32.570419000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494312.570419000", - "frame.time_delta": "0.420585000", - "frame.time_delta_displayed": "0.420585000", - "frame.time_relative": "721.109733000", - "frame.number": "2556", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.160" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:32.570815000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494312.570815000", - "frame.time_delta": "0.000396000", - "frame.time_delta_displayed": "0.000396000", - "frame.time_relative": "721.110129000", - "frame.number": "2557", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "00:17:88:69:ee:e4", - "arp.src.proto_ipv4": "192.168.0.160", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:34.580330000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494314.580330000", - "frame.time_delta": "2.009515000", - "frame.time_delta_displayed": "2.009515000", - "frame.time_relative": "723.119644000", - "frame.number": "2558", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000057ec", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a6a5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "241", - "tcp.ack": "217", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000004f7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive": "", - "_ws.expert.message": "TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:34.723652000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494314.723652000", - "frame.time_delta": "0.143322000", - "frame.time_delta_displayed": "0.143322000", - "frame.time_relative": "723.262966000", - "frame.number": "2559", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000fdb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fdb6", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "217", - "tcp.ack": "242", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00000f6c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive_ack": "", - "_ws.expert.message": "ACK to a TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:36.362193000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494316.362193000", - "frame.time_delta": "1.638541000", - "frame.time_delta_displayed": "1.638541000", - "frame.time_relative": "724.901507000", - "frame.number": "2560", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005c1d", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x00005bcc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:37.572097000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494317.572097000", - "frame.time_delta": "1.209904000", - "frame.time_delta_displayed": "1.209904000", - "frame.time_relative": "726.111411000", - "frame.number": "2561", - "frame.len": "344", - "frame.cap_len": "344", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "330", - "ip.id": "0x00002c25", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003844", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "278", - "tcp.seq": "2309", - "tcp.nxtseq": "2587", - "tcp.ack": "14397", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000cae9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9d:c0:6d:00:25:c6:98", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812133485, TSecr 2475672": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812133485", - "tcp.options.timestamp.tsecr": "2475672" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "278", - "tcp.analysis.push_bytes_sent": "278" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "273", - "ssl.app_data": "34:cd:34:17:47:48:0e:4d:5c:46:19:65:0d:77:3e:38:e6:1c:39:78:cf:38:d6:bf:e6:53:be:30:25:3c:82:74:eb:78:05:79:9d:7a:b4:b0:33:a0:7d:83:d1:a0:ea:12:77:17:aa:02:8e:ed:dc:34:d0:98:7b:dc:bf:32:71:a5:ea:0b:8d:77:9e:8a:a9:df:e6:4e:29:87:ef:ad:af:05:b4:ea:0b:32:07:a7:54:96:e8:5b:0a:c0:ad:de:d3:20:86:49:c6:21:16:61:06:f1:dd:8a:2f:60:05:f2:39:b4:14:02:7b:cf:25:e2:c2:e0:91:e7:5e:a0:bb:19:60:53:93:e5:6f:83:5c:95:d5:18:74:5f:c2:12:f9:fb:6b:df:64:49:5c:56:e6:4e:b8:73:34:05:de:52:16:dc:66:4b:6d:ab:f7:00:4e:18:a5:0c:fb:15:e6:c5:47:02:23:31:c6:a7:c3:dc:83:0d:80:49:c1:03:19:7b:fd:7f:a7:5d:1c:92:8b:69:7d:31:18:6e:a6:4c:87:8d:cb:9a:46:1c:60:18:a5:3c:d2:60:7b:29:02:9d:41:1f:5a:13:21:45:0b:6e:24:64:fa:03:14:3c:13:81:47:b9:38:b2:39:08:de:27:ab:a3:ca:9f:4c:f2:ea:13:a8:79:16:05:f0:3f:69:d7:9d:5d:ee:67:0d:df:96:e5:cf:45:99:d9:0c:d5:60" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:37.578706000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494317.578706000", - "frame.time_delta": "0.006609000", - "frame.time_delta_displayed": "0.006609000", - "frame.time_relative": "726.118020000", - "frame.number": "2562", - "frame.len": "119", - "frame.cap_len": "119", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "105", - "ip.id": "0x0000953a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007810", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "53", - "tcp.seq": "14397", - "tcp.nxtseq": "14450", - "tcp.ack": "2587", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00006ce9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:cc:91:a7:9d:c0:6d", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2477201, TSecr 2812133485": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2477201", - "tcp.options.timestamp.tsecr": "2812133485" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2561", - "tcp.analysis.ack_rtt": "0.006609000", - "tcp.analysis.bytes_in_flight": "53", - "tcp.analysis.push_bytes_sent": "53" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "48", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:cb:08:71:bb:8b:9e:48:73:e0:bc:67:67:96:4c:6c:89:53:9d:38:59:d9:11:79:b1:ec:4a:c7:ec:7e:78:8b:d0:34:58:cb:96:56:fc:24:0c:f1" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:37.638873000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494317.638873000", - "frame.time_delta": "0.060167000", - "frame.time_delta_displayed": "0.060167000", - "frame.time_relative": "726.178187000", - "frame.number": "2563", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c26", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003959", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "2587", - "tcp.ack": "14450", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000d8f1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9d:c0:7e:00:25:cc:91", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812133502, TSecr 2477201": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812133502", - "tcp.options.timestamp.tsecr": "2477201" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2562", - "tcp.analysis.ack_rtt": "0.060167000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:37.639405000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494317.639405000", - "frame.time_delta": "0.000532000", - "frame.time_delta_displayed": "0.000532000", - "frame.time_relative": "726.178719000", - "frame.number": "2564", - "frame.len": "725", - "frame.cap_len": "725", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "711", - "ip.id": "0x0000953b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000075b1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "659", - "tcp.seq": "14450", - "tcp.nxtseq": "15109", - "tcp.ack": "2587", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000074d8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:cc:98:a7:9d:c0:7e", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2477208, TSecr 2812133502": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2477208", - "tcp.options.timestamp.tsecr": "2812133502" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "659", - "tcp.analysis.push_bytes_sent": "659" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:cc:38:5b:47:d4:9e:79:0d:14:34:1f:5d:ac:9d:16:2e:9f:42:6b:b2:f4:6f:c8:02:b1:d5:1d:b0:25:4d:d5:8f:49:a0:89:19:df:b0:09:f4:96:86" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "96", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:cd:ff:55:dc:50:a0:b8:04:dd:18:88:db:54:19:da:59:27:67:b6:08:41:b5:9b:3b:21:60:f2:94:a3:24:22:94:83:e2:2a:2f:1f:0d:b2:0e:29:98:3e:eb:52:d7:3a:94:2e:8b:48:9d:7b:03:11:52:96:c0:7a:46:a2:4d:56:6b:7e:09:5c:4c:14:33:5d:04:67:b4:be:f3:03:63:55:4b:71:8b:b4:74:22:0e:e4:2c:05" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "499", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:ce:da:1a:86:64:72:0e:2a:93:5d:71:13:0a:24:cc:02:2f:0c:21:f9:05:af:3e:4b:83:10:b8:89:36:8d:ee:05:9b:eb:16:21:ac:00:e6:86:da:bf:76:2a:9f:00:d1:4b:49:32:98:72:b9:a1:b4:c8:4f:89:48:33:6f:2a:83:11:f2:0e:a6:cf:1a:1c:4f:b0:1e:a7:00:be:24:d8:a1:a9:80:b1:53:74:37:63:4d:8a:e1:90:2a:c3:7f:5c:c4:a9:08:f1:fb:b9:c8:d3:c5:3a:96:89:97:cc:66:e6:27:73:7d:93:e5:20:e5:7b:36:dc:d4:c3:af:35:00:b5:6d:0c:7f:c8:c2:a8:5e:a1:60:77:84:98:07:5e:69:6a:9b:60:5d:8b:95:4c:42:20:84:b7:c2:4d:5d:e6:2f:f0:8c:00:3f:f7:53:ee:56:36:4b:fc:06:8f:c5:e7:a3:54:34:ea:84:d7:ae:66:93:c1:95:cf:cf:11:06:19:d2:3a:ce:94:42:fc:e4:cd:33:b2:6f:33:01:59:80:40:3b:32:61:65:0d:d8:0d:3b:f1:9d:e5:8c:68:98:4f:83:57:0b:5c:bf:48:3b:d6:53:b9:a4:4f:c7:e3:92:6a:e9:0a:d8:1d:02:94:bc:37:00:e4:4d:47:a7:18:4a:55:02:8d:4a:18:66:36:d2:f5:2d:9f:ba:dc:f9:96:bb:e9:f7:be:b8:98:da:ef:66:a5:4a:77:f1:e4:0f:1b:dc:ce:e2:13:95:f7:28:49:56:30:4d:85:b7:b0:f9:04:b2:df:ac:8a:41:dd:60:25:71:64:30:31:a7:2e:d9:bd:7c:4b:85:43:cc:44:ab:79:48:0e:8f:16:f7:6d:83:89:ed:32:a3:ce:16:d9:4a:4e:15:db:e7:8d:d3:af:7d:a4:0f:8b:24:c8:d9:14:e2:85:14:d8:61:a3:41:83:3c:c8:d9:21:20:2b:14:60:b1:89:4f:9c:b8:f2:9d:2c:aa:b0:e8:9f:56:43:58:39:83:69:bb:5f:b5:07:1f:4d:6b:ec:0a:14:8d:e7:68:91:e7:3c:67:3f:a2:93:63:2c:e0:85:f3:c7:fc:d3:7a:fb:b4:f5:ce:25:66:a3:51:49:8d:3f:eb:08:fb:34:47:b9:a1:64:0e:a1:ff:53:ea:dc:4f:a9:da:fc:f6:41:da:88:cd:b1:e7:b7:1c:b5:53:98:a7:c8:43:81:3a:5a:7e:c1:95:26:d5:21:ce:2a:e0:96:e5:1a:66:a9:37:04:e4:59:30:6a:2f:ec:af:dc:23:93:9e:01:c8:fa:8f" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:37.699884000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494317.699884000", - "frame.time_delta": "0.060479000", - "frame.time_delta_displayed": "0.060479000", - "frame.time_relative": "726.239198000", - "frame.number": "2565", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c27", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003958", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "2587", - "tcp.ack": "15109", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000d648", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9d:c0:8d:00:25:cc:98", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812133517, TSecr 2477208": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812133517", - "tcp.options.timestamp.tsecr": "2477208" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2564", - "tcp.analysis.ack_rtt": "0.060479000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:37.976935000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494317.976935000", - "frame.time_delta": "0.277051000", - "frame.time_delta_displayed": "0.277051000", - "frame.time_relative": "726.516249000", - "frame.number": "2566", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "106", - "ip.id": "0x0000953c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000780d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "54", - "tcp.seq": "15109", - "tcp.nxtseq": "15163", - "tcp.ack": "2587", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000a5a1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:cc:b9:a7:9d:c0:8d", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2477241, TSecr 2812133517": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2477241", - "tcp.options.timestamp.tsecr": "2812133517" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "54", - "tcp.analysis.push_bytes_sent": "54" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:cf:13:6d:34:1e:ee:42:89:5d:cd:c1:3e:03:dd:e9:c7:78:fa:35:07:6b:a7:6b:5a:fa:0f:85:85:e6:90:37:72:66:ae:43:38:58:bf:a4:70:b4:16" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:38.037001000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494318.037001000", - "frame.time_delta": "0.060066000", - "frame.time_delta_displayed": "0.060066000", - "frame.time_relative": "726.576315000", - "frame.number": "2567", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c28", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003957", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "2587", - "tcp.ack": "15163", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000d59d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9d:c0:e1:00:25:cc:b9", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812133601, TSecr 2477241": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812133601", - "tcp.options.timestamp.tsecr": "2477241" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2566", - "tcp.analysis.ack_rtt": "0.060066000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:40.210542000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494320.210542000", - "frame.time_delta": "2.173541000", - "frame.time_delta_displayed": "2.173541000", - "frame.time_relative": "728.749856000", - "frame.number": "2568", - "frame.len": "92", - "frame.cap_len": "92", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "78", - "ip.id": "0x00000ab8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000edfe", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "58", - "udp.checksum": "0x0000a0c1", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "32:00:00:54:42:52:4b:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:00:c4:a8:64:fc:15:cd:f2:14:11:00:00:00:2a:43:4e:3c:aa:20:02:00:28:92:01:00:00:00", - "data.len": "50" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:42.580157000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494322.580157000", - "frame.time_delta": "2.369615000", - "frame.time_delta_displayed": "2.369615000", - "frame.time_relative": "731.119471000", - "frame.number": "2569", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.242" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:42.580590000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494322.580590000", - "frame.time_delta": "0.000433000", - "frame.time_delta_displayed": "0.000433000", - "frame.time_relative": "731.119904000", - "frame.number": "2570", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "d0:52:a8:a3:60:0f", - "arp.src.proto_ipv4": "192.168.0.242", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:43.586604000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494323.586604000", - "frame.time_delta": "1.006014000", - "frame.time_delta_displayed": "1.006014000", - "frame.time_relative": "732.125918000", - "frame.number": "2571", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x0000ebff", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000ccba", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "42113", - "udp.dstport": "53", - "udp.port": "42113", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x000011a5", - "udp.checksum.status": "2", - "udp.stream": "63" - }, - "dns": { - "dns.id": "0x00000f17", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:43.587155000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494323.587155000", - "frame.time_delta": "0.000551000", - "frame.time_delta_displayed": "0.000551000", - "frame.time_relative": "732.126469000", - "frame.number": "2572", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x000029de", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008edc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "42113", - "udp.port": "53", - "udp.port": "42113", - "udp.length": "45", - "udp.checksum": "0x00008230", - "udp.checksum.status": "2", - "udp.stream": "63" - }, - "dns": { - "dns.response_to": "2571", - "dns.time": "0.000551000", - "dns.id": "0x00000f17", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:43.587955000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494323.587955000", - "frame.time_delta": "0.000800000", - "frame.time_delta_displayed": "0.000800000", - "frame.time_relative": "732.127269000", - "frame.number": "2573", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x0000ec00", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000ccb9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "47635", - "udp.dstport": "53", - "udp.port": "47635", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x00001712", - "udp.checksum.status": "2", - "udp.stream": "64" - }, - "dns": { - "dns.id": "0x00000f18", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:43.588506000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494323.588506000", - "frame.time_delta": "0.000551000", - "frame.time_delta_displayed": "0.000551000", - "frame.time_relative": "732.127820000", - "frame.number": "2574", - "frame.len": "95", - "frame.cap_len": "95", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "81", - "ip.id": "0x000029df", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008ecb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "47635", - "udp.port": "53", - "udp.port": "47635", - "udp.length": "61", - "udp.checksum": "0x00008240", - "udp.checksum.status": "2", - "udp.stream": "64" - }, - "dns": { - "dns.response_to": "2573", - "dns.time": "0.000551000", - "dns.id": "0x00000f18", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "1", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { - "dns.resp.name": "dcp.cpp.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3054", - "dns.resp.len": "4", - "dns.a": "5.79.62.93" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:43.589634000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494323.589634000", - "frame.time_delta": "0.001128000", - "frame.time_delta_displayed": "0.001128000", - "frame.time_relative": "732.128948000", - "frame.number": "2575", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x000042bc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f313", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35294", - "tcp.dstport": "80", - "tcp.port": "35294", - "tcp.port": "80", - "tcp.stream": "119", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00005606", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:43.726169000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494323.726169000", - "frame.time_delta": "0.136535000", - "frame.time_delta_displayed": "0.136535000", - "frame.time_relative": "732.265483000", - "frame.number": "2576", - "frame.len": "62", - "frame.cap_len": "62", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "48", - "ip.id": "0x0000a7fc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x0000e2d6", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35294", - "tcp.port": "80", - "tcp.port": "35294", - "tcp.stream": "119", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "28", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "4140", - "tcp.window_size": "4140", - "tcp.checksum": "0x000010eb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:64:04:02:00:00", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1380" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "End of Option List (EOL)": { - "tcp.options.type": "0", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "0" - } - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2575", - "tcp.analysis.ack_rtt": "0.136535000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:43.726805000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494323.726805000", - "frame.time_delta": "0.000636000", - "frame.time_delta_displayed": "0.000636000", - "frame.time_relative": "732.266119000", - "frame.number": "2577", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000042bd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f31e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35294", - "tcp.dstport": "80", - "tcp.port": "35294", - "tcp.port": "80", - "tcp.stream": "119", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000da79", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2576", - "tcp.analysis.ack_rtt": "0.000636000", - "tcp.analysis.initial_rtt": "0.137171000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:43.726819000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494323.726819000", - "frame.time_delta": "0.000014000", - "frame.time_delta_displayed": "0.000014000", - "frame.time_relative": "732.266133000", - "frame.number": "2578", - "frame.len": "654", - "frame.cap_len": "654", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "640", - "ip.id": "0x000042be", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f0c5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35294", - "tcp.dstport": "80", - "tcp.port": "35294", - "tcp.port": "80", - "tcp.stream": "119", - "tcp.len": "600", - "tcp.seq": "1", - "tcp.nxtseq": "601", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000f913", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.137171000", - "tcp.analysis.bytes_in_flight": "600", - "tcp.analysis.push_bytes_sent": "600" - }, - "tcp.segment_data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:38:33:22:2c:20:4e:6f:6e:63:65:3d:22:50:70:4e:77:35:6c:42:58:4f:45:71:37:49:4e:55:49:6d:7a:59:30:2b:77:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:54:42:67:6d:50:6c:71:56:70:49:2f:52:35:30:44:63:32:6a:6a:39:70:67:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:43.864298000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494323.864298000", - "frame.time_delta": "0.137479000", - "frame.time_delta_displayed": "0.137479000", - "frame.time_relative": "732.403612000", - "frame.number": "2579", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e4d1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x0000a609", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35294", - "tcp.port": "80", - "tcp.port": "35294", - "tcp.stream": "119", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "601", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4740", - "tcp.window_size": "4740", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x000037ae", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2578", - "tcp.analysis.ack_rtt": "0.137479000", - "tcp.analysis.initial_rtt": "0.137171000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:43.864921000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494323.864921000", - "frame.time_delta": "0.000623000", - "frame.time_delta_displayed": "0.000623000", - "frame.time_relative": "732.404235000", - "frame.number": "2580", - "frame.len": "1302", - "frame.cap_len": "1302", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:media" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1288", - "ip.id": "0x000042bf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ee3c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35294", - "tcp.dstport": "80", - "tcp.port": "35294", - "tcp.port": "80", - "tcp.stream": "119", - "tcp.len": "1248", - "tcp.seq": "601", - "tcp.nxtseq": "1849", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00001bae", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.137171000", - "tcp.analysis.bytes_in_flight": "1248", - "tcp.analysis.push_bytes_sent": "1248" - }, - "tcp.segment_data": "a5:cb:c7:b8:31:d0:ec:c5:ce:7a:6c:91:61:9a:b0:01:d3:22:91:43:42:25:bf:f6:a2:63:c4:43:e6:32:e5:32:69:c3:e0:3d:c7:6a:f8:ca:91:94:52:0d:18:67:02:e3:92:9d:83:e8:02:2b:10:95:53:dc:93:dd:b9:e7:5f:ce:31:4d:af:9a:fc:50:64:0d:36:8f:cf:0d:23:7f:c9:f2:da:62:3a:0f:f3:40:bf:8c:37:53:1c:a0:fb:05:d0:b9:e2:6e:ff:aa:c2:94:7e:34:06:b6:28:19:f4:0d:d9:e9:5f:f2:6c:13:20:5e:80:b8:29:0a:56:f0:17:05:fc:10:58:38:29:e4:de:b5:06:d9:f0:c5:f9:63:be:e0:5e:9e:d9:5c:b6:76:78:ec:0b:93:43:44:92:81:bb:83:43:f2:43:96:e5:05:ea:02:e0:23:d3:6d:91:44:c0:6b:e9:27:db:3b:c9:2e:20:2e:f2:9d:29:4d:a3:ac:fc:97:51:7c:cc:9a:65:3c:92:70:cc:89:2b:7d:cf:c8:66:d5:8e:2f:d7:47:06:52:cf:0b:99:c3:90:ed:7c:64:eb:de:ae:56:fa:58:c9:63:37:df:57:54:34:ff:57:fb:d0:e1:f9:21:d2:87:ba:0c:45:a7:de:68:6c:21:92:5d:55:b4:96:5e:da:9d:5d:29:dd:75:77:25:bf:73:0b:47:3b:91:58:68:c7:39:69:d1:e4:81:4d:83:20:9d:f9:3d:9c:db:7e:5b:e2:f7:ec:4e:e4:d3:b7:6d:60:96:55:d9:b4:e4:63:cd:22:ba:a7:e4:d1:28:33:bf:7e:e5:7a:66:b4:81:18:f7:e4:48:50:4b:57:5c:5e:08:2e:28:b9:a3:86:f0:08:7d:42:a9:3b:57:02:aa:92:cf:cf:77:af:92:ea:f7:e4:b9:cc:d4:8a:81:4f:26:62:c6:5e:d1:e6:08:fe:9c:f3:8e:c6:8d:53:d3:c2:e4:d1:b2:63:d1:93:81:7e:c3:88:72:8a:a6:72:18:8b:2d:6d:d9:25:ae:0f:cf:bb:00:e9:9a:61:31:93:6f:cb:b2:4a:80:45:7e:9a:d0:f9:03:ce:9e:4b:e9:84:93:34:8a:cd:c6:bc:9f:59:c9:92:06:84:86:16:44:b5:90:67:0c:c5:07:41:c6:fd:95:97:ed:6c:74:bb:83:f9:e3:6b:30:37:05:dd:cd:7f:84:33:b2:4b:3c:c9:fe:e6:ae:c0:ca:64:22:0d:e1:06:09:fc:c1:12:55:1a:19:33:35:f0:f5:bf:8e:82:0e:17:d1:28:2f:22:9e:48:81:75:17:98:19:09:c0:ef:0a:59:bd:0a:c1:83:2b:e5:de:87:1c:db:b0:d9:f8:2e:f6:d4:79:18:f6:47:e4:4c:47:04:8e:b0:dc:d7:5c:09:ae:83:80:57:fb:de:87:98:ce:cf:15:3b:23:3d:c2:ab:60:d3:86:67:13:da:6f:39:49:a0:e6:ff:0a:60:38:3f:f8:8f:02:0b:6a:fb:94:98:b0:a4:c7:d2:2a:eb:24:86:69:20:47:29:c4:05:c4:87:83:5f:a1:b5:67:45:ee:15:62:cc:1f:ce:96:68:87:a5:06:33:90:5f:76:a8:20:89:43:59:56:c6:5d:5e:e3:37:e3:05:93:57:cf:9a:6c:bb:5f:29:51:ef:81:d2:e6:bc:f9:61:57:d4:fe:b3:5c:dd:7f:13:2e:c2:90:1b:15:bc:ae:bd:2f:8d:e2:c5:2a:f0:33:b3:ec:f7:43:b0:f6:2c:4a:c6:35:11:c7:b0:4d:78:69:2b:04:77:f3:56:2e:e8:72:23:77:4f:e7:a6:d7:8f:c5:b3:60:bb:99:64:00:fa:ef:8e:8b:4c:0d:31:99:8b:83:b6:b8:cc:fa:86:6c:0a:e0:c2:cc:1d:a5:23:16:15:63:39:42:ee:9b:3e:88:d1:55:b7:14:d4:46:76:1d:3d:85:ec:f9:ab:cb:c4:55:29:be:56:84:1e:25:9e:49:42:ba:14:f4:3f:fe:8c:3b:be:3b:4a:77:99:38:46:2a:f9:bb:be:1d:dd:c3:96:1e:8f:e6:dd:c1:6d:dd:6c:62:9f:81:69:50:d1:06:39:5f:92:07:f1:3f:0f:20:02:6a:b1:67:16:ab:54:22:6e:27:a0:d6:9d:43:3c:ca:ca:23:e8:56:d2:a0:ae:04:28:9b:22:98:d3:c7:bc:af:6c:6a:dc:0a:25:4e:b8:69:2f:59:39:4c:2a:2d:e3:bf:2b:5f:20:6e:c4:41:16:16:a2:0f:90:66:9f:a4:4b:4e:34:6b:5a:5a:48:ab:a4:18:7f:e4:30:87:72:25:16:23:68:6c:28:54:33:b1:87:fd:53:db:d3:37:c4:2f:51:0c:4b:5a:6d:d5:16:ea:c3:4b:fc:a6:3c:55:ba:46:37:d7:e0:37:cf:53:86:15:3d:28:2e:9a:df:76:c3:a8:a9:e5:94:7e:eb:a0:a0:60:ec:14:36:1b:a7:6f:03:6a:13:e9:df:e2:97:55:d1:fc:21:d8:a9:47:87:4e:43:46:4c:c4:8c:14:b9:4e:39:21:37:f1:28:15:6b:ee:2d:17:7a:8a:16:cb:14:61:a5:0c:86:cd:72:85:71:e9:cb:42:bb:e6:d1:1e:d6:2e:8b:64:ca:08:c3:79:1f:b8:5d:46:cc:3f:bb:89:73:be:e0:54:7e:4a:e1:14:ab:28:b4:96:f7:a2:c1:69:b0:58:3c:ab:e8:58:d0:6a:68:91:68:6a:c0:3d:0c:51:ab:99:40:de:db:aa:73:40:3b:b3:62:e6:39:60:96:9f:89:07:b6:48:3d:e7:f9:f2:74:71:30:c6:d5:1b:61:bd:1b:c0:47:e8:3a:f2:d4:38:f1:4c:3a:b5:67:62:41:8e:f9:f4:4c:cd:25:85:c3:7c:bb:3e:99:12:37:db:df:a8:94:3f:2b:06:45:26:34:88:58:70:ea:62:88:23:10:8b:2c:51:c0:ae:4e:ef:df:ed:2a:e6:01:24:92:ef:aa:13:c4:bd:ca:51:db:fe:1e:c8:0a:d2:be:6f:b8:2b:37:a1:ca:79:31:2f:9f:ea:65:47:04:62:2b:ea:10:a0:d1:75:68:99:fa:c1:15:8d:c5:8d:88:6a:2a:4c:cf:67:8f:cc:00:37:6b:c8:1c:12:0a:55:60:05:a2:bf:8c:d0:f8:44:ce:3f:70:f6:aa:11:65:96:a2:e4:be:cc:f9:74:46:b2:db:33:34:5f:96:70:43:19:67:c0:51:11:f0:1c:c6:f9:57:8d:c3:09:18:c6:2f:ef" - }, - "tcp.segments": { - "tcp.segment": "2578", - "tcp.segment": "2580", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1848", - "tcp.reassembled.data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:38:33:22:2c:20:4e:6f:6e:63:65:3d:22:50:70:4e:77:35:6c:42:58:4f:45:71:37:49:4e:55:49:6d:7a:59:30:2b:77:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:54:42:67:6d:50:6c:71:56:70:49:2f:52:35:30:44:63:32:6a:6a:39:70:67:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a:a5:cb:c7:b8:31:d0:ec:c5:ce:7a:6c:91:61:9a:b0:01:d3:22:91:43:42:25:bf:f6:a2:63:c4:43:e6:32:e5:32:69:c3:e0:3d:c7:6a:f8:ca:91:94:52:0d:18:67:02:e3:92:9d:83:e8:02:2b:10:95:53:dc:93:dd:b9:e7:5f:ce:31:4d:af:9a:fc:50:64:0d:36:8f:cf:0d:23:7f:c9:f2:da:62:3a:0f:f3:40:bf:8c:37:53:1c:a0:fb:05:d0:b9:e2:6e:ff:aa:c2:94:7e:34:06:b6:28:19:f4:0d:d9:e9:5f:f2:6c:13:20:5e:80:b8:29:0a:56:f0:17:05:fc:10:58:38:29:e4:de:b5:06:d9:f0:c5:f9:63:be:e0:5e:9e:d9:5c:b6:76:78:ec:0b:93:43:44:92:81:bb:83:43:f2:43:96:e5:05:ea:02:e0:23:d3:6d:91:44:c0:6b:e9:27:db:3b:c9:2e:20:2e:f2:9d:29:4d:a3:ac:fc:97:51:7c:cc:9a:65:3c:92:70:cc:89:2b:7d:cf:c8:66:d5:8e:2f:d7:47:06:52:cf:0b:99:c3:90:ed:7c:64:eb:de:ae:56:fa:58:c9:63:37:df:57:54:34:ff:57:fb:d0:e1:f9:21:d2:87:ba:0c:45:a7:de:68:6c:21:92:5d:55:b4:96:5e:da:9d:5d:29:dd:75:77:25:bf:73:0b:47:3b:91:58:68:c7:39:69:d1:e4:81:4d:83:20:9d:f9:3d:9c:db:7e:5b:e2:f7:ec:4e:e4:d3:b7:6d:60:96:55:d9:b4:e4:63:cd:22:ba:a7:e4:d1:28:33:bf:7e:e5:7a:66:b4:81:18:f7:e4:48:50:4b:57:5c:5e:08:2e:28:b9:a3:86:f0:08:7d:42:a9:3b:57:02:aa:92:cf:cf:77:af:92:ea:f7:e4:b9:cc:d4:8a:81:4f:26:62:c6:5e:d1:e6:08:fe:9c:f3:8e:c6:8d:53:d3:c2:e4:d1:b2:63:d1:93:81:7e:c3:88:72:8a:a6:72:18:8b:2d:6d:d9:25:ae:0f:cf:bb:00:e9:9a:61:31:93:6f:cb:b2:4a:80:45:7e:9a:d0:f9:03:ce:9e:4b:e9:84:93:34:8a:cd:c6:bc:9f:59:c9:92:06:84:86:16:44:b5:90:67:0c:c5:07:41:c6:fd:95:97:ed:6c:74:bb:83:f9:e3:6b:30:37:05:dd:cd:7f:84:33:b2:4b:3c:c9:fe:e6:ae:c0:ca:64:22:0d:e1:06:09:fc:c1:12:55:1a:19:33:35:f0:f5:bf:8e:82:0e:17:d1:28:2f:22:9e:48:81:75:17:98:19:09:c0:ef:0a:59:bd:0a:c1:83:2b:e5:de:87:1c:db:b0:d9:f8:2e:f6:d4:79:18:f6:47:e4:4c:47:04:8e:b0:dc:d7:5c:09:ae:83:80:57:fb:de:87:98:ce:cf:15:3b:23:3d:c2:ab:60:d3:86:67:13:da:6f:39:49:a0:e6:ff:0a:60:38:3f:f8:8f:02:0b:6a:fb:94:98:b0:a4:c7:d2:2a:eb:24:86:69:20:47:29:c4:05:c4:87:83:5f:a1:b5:67:45:ee:15:62:cc:1f:ce:96:68:87:a5:06:33:90:5f:76:a8:20:89:43:59:56:c6:5d:5e:e3:37:e3:05:93:57:cf:9a:6c:bb:5f:29:51:ef:81:d2:e6:bc:f9:61:57:d4:fe:b3:5c:dd:7f:13:2e:c2:90:1b:15:bc:ae:bd:2f:8d:e2:c5:2a:f0:33:b3:ec:f7:43:b0:f6:2c:4a:c6:35:11:c7:b0:4d:78:69:2b:04:77:f3:56:2e:e8:72:23:77:4f:e7:a6:d7:8f:c5:b3:60:bb:99:64:00:fa:ef:8e:8b:4c:0d:31:99:8b:83:b6:b8:cc:fa:86:6c:0a:e0:c2:cc:1d:a5:23:16:15:63:39:42:ee:9b:3e:88:d1:55:b7:14:d4:46:76:1d:3d:85:ec:f9:ab:cb:c4:55:29:be:56:84:1e:25:9e:49:42:ba:14:f4:3f:fe:8c:3b:be:3b:4a:77:99:38:46:2a:f9:bb:be:1d:dd:c3:96:1e:8f:e6:dd:c1:6d:dd:6c:62:9f:81:69:50:d1:06:39:5f:92:07:f1:3f:0f:20:02:6a:b1:67:16:ab:54:22:6e:27:a0:d6:9d:43:3c:ca:ca:23:e8:56:d2:a0:ae:04:28:9b:22:98:d3:c7:bc:af:6c:6a:dc:0a:25:4e:b8:69:2f:59:39:4c:2a:2d:e3:bf:2b:5f:20:6e:c4:41:16:16:a2:0f:90:66:9f:a4:4b:4e:34:6b:5a:5a:48:ab:a4:18:7f:e4:30:87:72:25:16:23:68:6c:28:54:33:b1:87:fd:53:db:d3:37:c4:2f:51:0c:4b:5a:6d:d5:16:ea:c3:4b:fc:a6:3c:55:ba:46:37:d7:e0:37:cf:53:86:15:3d:28:2e:9a:df:76:c3:a8:a9:e5:94:7e:eb:a0:a0:60:ec:14:36:1b:a7:6f:03:6a:13:e9:df:e2:97:55:d1:fc:21:d8:a9:47:87:4e:43:46:4c:c4:8c:14:b9:4e:39:21:37:f1:28:15:6b:ee:2d:17:7a:8a:16:cb:14:61:a5:0c:86:cd:72:85:71:e9:cb:42:bb:e6:d1:1e:d6:2e:8b:64:ca:08:c3:79:1f:b8:5d:46:cc:3f:bb:89:73:be:e0:54:7e:4a:e1:14:ab:28:b4:96:f7:a2:c1:69:b0:58:3c:ab:e8:58:d0:6a:68:91:68:6a:c0:3d:0c:51:ab:99:40:de:db:aa:73:40:3b:b3:62:e6:39:60:96:9f:89:07:b6:48:3d:e7:f9:f2:74:71:30:c6:d5:1b:61:bd:1b:c0:47:e8:3a:f2:d4:38:f1:4c:3a:b5:67:62:41:8e:f9:f4:4c:cd:25:85:c3:7c:bb:3e:99:12:37:db:df:a8:94:3f:2b:06:45:26:34:88:58:70:ea:62:88:23:10:8b:2c:51:c0:ae:4e:ef:df:ed:2a:e6:01:24:92:ef:aa:13:c4:bd:ca:51:db:fe:1e:c8:0a:d2:be:6f:b8:2b:37:a1:ca:79:31:2f:9f:ea:65:47:04:62:2b:ea:10:a0:d1:75:68:99:fa:c1:15:8d:c5:8d:88:6a:2a:4c:cf:67:8f:cc:00:37:6b:c8:1c:12:0a:55:60:05:a2:bf:8c:d0:f8:44:ce:3f:70:f6:aa:11:65:96:a2:e4:be:cc:f9:74:46:b2:db:33:34:5f:96:70:43:19:67:c0:51:11:f0:1c:c6:f9:57:8d:c3:09:18:c6:2f:ef" - }, - "http": { - "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "POST", - "http.request.uri": "\/DcpRequestHandler\/index.ashx", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "dcp.cpp.philips.com:80", - "http.request.line": "Host: dcp.cpp.philips.com:80\r\n", - "http.authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"183\", Nonce=\"PpNw5lBXOEq7INUImzY0+w==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"TBgmPlqVpI\/R50Dc2jj9pg==\"", - "http.request.line": "Authorization: CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"183\", Nonce=\"PpNw5lBXOEq7INUImzY0+w==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"TBgmPlqVpI\/R50Dc2jj9pg==\"\r\n", - "http.content_length_header": "1248 ", - "http.content_length_header_tree": { - "http.content_length": "1248" - }, - "http.request.line": "Content-Length: 1248 \r\n", - "http.content_type": "application\/CB-Encrypted; cipher=AES", - "http.request.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", - "http.connection": "close", - "http.request.line": "Connection: close\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/dcp.cpp.philips.com:80\/DcpRequestHandler\/index.ashx", - "http.request": "1", - "http.request_number": "1", - "http.file_data": "\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd1\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdzl\u00ef\u00bf\u00bda\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0001\u00ef\u00bf\u00bd\"\u00ef\u00bf\u00bdCB%\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdc\u00ef\u00bf\u00bdC\u00ef\u00bf\u00bd2\u00ef\u00bf\u00bd2i\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd=\u00ef\u00bf\u00bdj\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdR\r\u0018g\u0002\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0002+\u0010\u00ef\u00bf\u00bdS\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd_\u00ef\u00bf\u00bd1M\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdPd\r6\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\r#\u007f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdb:\u000f\u00ef\u00bf\u00bd@\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd7S\u001c\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0005\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdn\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd~4\u0006\u00ef\u00bf\u00bd(\u0019\u00ef\u00bf\u00bd\r\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd_\u00ef\u00bf\u00bdl\u0013 ^\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd)\nV\u00ef\u00bf\u00bd\u0017\u0005\u00ef\u00bf\u00bd\u0010X8)\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0006\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdc\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd^\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\\\u00ef\u00bf\u00bdvx\u00ef\u00bf\u00bd\u000b\u00ef\u00bf\u00bdCD\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdC\u00ef\u00bf\u00bdC\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0005\u00ef\u00bf\u00bd\u0002\u00ef\u00bf\u00bd#\u00ef\u00bf\u00bdm\u00ef\u00bf\u00bdD\u00ef\u00bf\u00bdk\u00ef\u00bf\u00bd'\u00ef\u00bf\u00bd;\u00ef\u00bf\u00bd. .\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd)M\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdQ|\u00ef\u00bf\u00bd\u00ef\u00bf\u00bde<\u00ef\u00bf\u00bdp\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd+}\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdf\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\/\u00ef\u00bf\u00bdG\u0006R\u00ef\u00bf\u00bd\u000b\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd|d\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdV\u00ef\u00bf\u00bdX\u00ef\u00bf\u00bdc7\u00ef\u00bf\u00bdWT4\u00ef\u00bf\u00bdW\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd!\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\fE\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdhl!\u00ef\u00bf\u00bd]U\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd^\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd])\u00ef\u00bf\u00bduw%\u00ef\u00bf\u00bds\u000bG;\u00ef\u00bf\u00bdXh\u00ef\u00bf\u00bd9i\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdM\u00ef\u00bf\u00bd \u00ef\u00bf\u00bd\u00ef\u00bf\u00bd=\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd~[\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdN\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdm`\u00ef\u00bf\u00bdU\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdc\u00ef\u00bf\u00bd\"\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd(3\u00ef\u00bf\u00bd~\u00ef\u00bf\u00bdzf\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0018\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdHPKW\\^\b.(\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\b}B\u00ef\u00bf\u00bd;W\u0002\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdw\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdO&b\u00ef\u00bf\u00bd^\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\b\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdS\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdc\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd~\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdr\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdr\u0018\u00ef\u00bf\u00bd-m\u00ef\u00bf\u00bd%\u00ef\u00bf\u00bd\u000f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd" - }, - "media": { - "media.type": "a5:cb:c7:b8:31:d0:ec:c5:ce:7a:6c:91:61:9a:b0:01:d3:22:91:43:42:25:bf:f6:a2:63:c4:43:e6:32:e5:32:69:c3:e0:3d:c7:6a:f8:ca:91:94:52:0d:18:67:02:e3:92:9d:83:e8:02:2b:10:95:53:dc:93:dd:b9:e7:5f:ce:31:4d:af:9a:fc:50:64:0d:36:8f:cf:0d:23:7f:c9:f2:da:62:3a:0f:f3:40:bf:8c:37:53:1c:a0:fb:05:d0:b9:e2:6e:ff:aa:c2:94:7e:34:06:b6:28:19:f4:0d:d9:e9:5f:f2:6c:13:20:5e:80:b8:29:0a:56:f0:17:05:fc:10:58:38:29:e4:de:b5:06:d9:f0:c5:f9:63:be:e0:5e:9e:d9:5c:b6:76:78:ec:0b:93:43:44:92:81:bb:83:43:f2:43:96:e5:05:ea:02:e0:23:d3:6d:91:44:c0:6b:e9:27:db:3b:c9:2e:20:2e:f2:9d:29:4d:a3:ac:fc:97:51:7c:cc:9a:65:3c:92:70:cc:89:2b:7d:cf:c8:66:d5:8e:2f:d7:47:06:52:cf:0b:99:c3:90:ed:7c:64:eb:de:ae:56:fa:58:c9:63:37:df:57:54:34:ff:57:fb:d0:e1:f9:21:d2:87:ba:0c:45:a7:de:68:6c:21:92:5d:55:b4:96:5e:da:9d:5d:29:dd:75:77:25:bf:73:0b:47:3b:91:58:68:c7:39:69:d1:e4:81:4d:83:20:9d:f9:3d:9c:db:7e:5b:e2:f7:ec:4e:e4:d3:b7:6d:60:96:55:d9:b4:e4:63:cd:22:ba:a7:e4:d1:28:33:bf:7e:e5:7a:66:b4:81:18:f7:e4:48:50:4b:57:5c:5e:08:2e:28:b9:a3:86:f0:08:7d:42:a9:3b:57:02:aa:92:cf:cf:77:af:92:ea:f7:e4:b9:cc:d4:8a:81:4f:26:62:c6:5e:d1:e6:08:fe:9c:f3:8e:c6:8d:53:d3:c2:e4:d1:b2:63:d1:93:81:7e:c3:88:72:8a:a6:72:18:8b:2d:6d:d9:25:ae:0f:cf:bb:00:e9:9a:61:31:93:6f:cb:b2:4a:80:45:7e:9a:d0:f9:03:ce:9e:4b:e9:84:93:34:8a:cd:c6:bc:9f:59:c9:92:06:84:86:16:44:b5:90:67:0c:c5:07:41:c6:fd:95:97:ed:6c:74:bb:83:f9:e3:6b:30:37:05:dd:cd:7f:84:33:b2:4b:3c:c9:fe:e6:ae:c0:ca:64:22:0d:e1:06:09:fc:c1:12:55:1a:19:33:35:f0:f5:bf:8e:82:0e:17:d1:28:2f:22:9e:48:81:75:17:98:19:09:c0:ef:0a:59:bd:0a:c1:83:2b:e5:de:87:1c:db:b0:d9:f8:2e:f6:d4:79:18:f6:47:e4:4c:47:04:8e:b0:dc:d7:5c:09:ae:83:80:57:fb:de:87:98:ce:cf:15:3b:23:3d:c2:ab:60:d3:86:67:13:da:6f:39:49:a0:e6:ff:0a:60:38:3f:f8:8f:02:0b:6a:fb:94:98:b0:a4:c7:d2:2a:eb:24:86:69:20:47:29:c4:05:c4:87:83:5f:a1:b5:67:45:ee:15:62:cc:1f:ce:96:68:87:a5:06:33:90:5f:76:a8:20:89:43:59:56:c6:5d:5e:e3:37:e3:05:93:57:cf:9a:6c:bb:5f:29:51:ef:81:d2:e6:bc:f9:61:57:d4:fe:b3:5c:dd:7f:13:2e:c2:90:1b:15:bc:ae:bd:2f:8d:e2:c5:2a:f0:33:b3:ec:f7:43:b0:f6:2c:4a:c6:35:11:c7:b0:4d:78:69:2b:04:77:f3:56:2e:e8:72:23:77:4f:e7:a6:d7:8f:c5:b3:60:bb:99:64:00:fa:ef:8e:8b:4c:0d:31:99:8b:83:b6:b8:cc:fa:86:6c:0a:e0:c2:cc:1d:a5:23:16:15:63:39:42:ee:9b:3e:88:d1:55:b7:14:d4:46:76:1d:3d:85:ec:f9:ab:cb:c4:55:29:be:56:84:1e:25:9e:49:42:ba:14:f4:3f:fe:8c:3b:be:3b:4a:77:99:38:46:2a:f9:bb:be:1d:dd:c3:96:1e:8f:e6:dd:c1:6d:dd:6c:62:9f:81:69:50:d1:06:39:5f:92:07:f1:3f:0f:20:02:6a:b1:67:16:ab:54:22:6e:27:a0:d6:9d:43:3c:ca:ca:23:e8:56:d2:a0:ae:04:28:9b:22:98:d3:c7:bc:af:6c:6a:dc:0a:25:4e:b8:69:2f:59:39:4c:2a:2d:e3:bf:2b:5f:20:6e:c4:41:16:16:a2:0f:90:66:9f:a4:4b:4e:34:6b:5a:5a:48:ab:a4:18:7f:e4:30:87:72:25:16:23:68:6c:28:54:33:b1:87:fd:53:db:d3:37:c4:2f:51:0c:4b:5a:6d:d5:16:ea:c3:4b:fc:a6:3c:55:ba:46:37:d7:e0:37:cf:53:86:15:3d:28:2e:9a:df:76:c3:a8:a9:e5:94:7e:eb:a0:a0:60:ec:14:36:1b:a7:6f:03:6a:13:e9:df:e2:97:55:d1:fc:21:d8:a9:47:87:4e:43:46:4c:c4:8c:14:b9:4e:39:21:37:f1:28:15:6b:ee:2d:17:7a:8a:16:cb:14:61:a5:0c:86:cd:72:85:71:e9:cb:42:bb:e6:d1:1e:d6:2e:8b:64:ca:08:c3:79:1f:b8:5d:46:cc:3f:bb:89:73:be:e0:54:7e:4a:e1:14:ab:28:b4:96:f7:a2:c1:69:b0:58:3c:ab:e8:58:d0:6a:68:91:68:6a:c0:3d:0c:51:ab:99:40:de:db:aa:73:40:3b:b3:62:e6:39:60:96:9f:89:07:b6:48:3d:e7:f9:f2:74:71:30:c6:d5:1b:61:bd:1b:c0:47:e8:3a:f2:d4:38:f1:4c:3a:b5:67:62:41:8e:f9:f4:4c:cd:25:85:c3:7c:bb:3e:99:12:37:db:df:a8:94:3f:2b:06:45:26:34:88:58:70:ea:62:88:23:10:8b:2c:51:c0:ae:4e:ef:df:ed:2a:e6:01:24:92:ef:aa:13:c4:bd:ca:51:db:fe:1e:c8:0a:d2:be:6f:b8:2b:37:a1:ca:79:31:2f:9f:ea:65:47:04:62:2b:ea:10:a0:d1:75:68:99:fa:c1:15:8d:c5:8d:88:6a:2a:4c:cf:67:8f:cc:00:37:6b:c8:1c:12:0a:55:60:05:a2:bf:8c:d0:f8:44:ce:3f:70:f6:aa:11:65:96:a2:e4:be:cc:f9:74:46:b2:db:33:34:5f:96:70:43:19:67:c0:51:11:f0:1c:c6:f9:57:8d:c3:09:18:c6:2f:ef" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:44.001531000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494324.001531000", - "frame.time_delta": "0.136610000", - "frame.time_delta_displayed": "0.136610000", - "frame.time_relative": "732.540845000", - "frame.number": "2581", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000206b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x00006a70", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35294", - "tcp.port": "80", - "tcp.port": "35294", - "tcp.stream": "119", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1849", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00002dee", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2580", - "tcp.analysis.ack_rtt": "0.136610000", - "tcp.analysis.initial_rtt": "0.137171000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:44.047623000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494324.047623000", - "frame.time_delta": "0.046092000", - "frame.time_delta_displayed": "0.046092000", - "frame.time_relative": "732.586937000", - "frame.number": "2582", - "frame.len": "925", - "frame.cap_len": "925", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:media" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "911", - "ip.id": "0x0000351e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x00005256", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35294", - "tcp.port": "80", - "tcp.port": "35294", - "tcp.stream": "119", - "tcp.len": "871", - "tcp.seq": "1", - "tcp.nxtseq": "872", - "tcp.ack": "1849", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x000007f7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.137171000", - "tcp.analysis.bytes_in_flight": "871", - "tcp.analysis.push_bytes_sent": "871" - } - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.cache_control": "private", - "http.response.line": "Cache-Control: private\r\n", - "http.content_length_header": "560", - "http.content_length_header_tree": { - "http.content_length": "560" - }, - "http.response.line": "Content-Length: 560\r\n", - "http.content_type": "application\/CB-Encrypted; cipher=AES", - "http.response.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", - "http.server": "Microsoft-IIS\/7.5", - "http.response.line": "Server: Microsoft-IIS\/7.5\r\n", - "http.www_authenticate": "CBAuth Nonce=\"mEvtc9bmYVG7INUIscZffg==\"", - "http.response.line": "WWW-Authenticate: CBAuth Nonce=\"mEvtc9bmYVG7INUIscZffg==\"\r\n", - "http.response.line": "X-AspNet-Version: 4.0.30319\r\n", - "http.response.line": "X-Powered-By: ASP.NET\r\n", - "http.date": "Tue, 31 Oct 2017 23:58:43 GMT", - "http.response.line": "Date: Tue, 31 Oct 2017 23:58:43 GMT\r\n", - "http.connection": "close", - "http.response.line": "Connection: close\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.182702000", - "http.request_in": "2580", - "http.file_data": "\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd1\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdzl\u00ef\u00bf\u00bda\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0001\u00ef\u00bf\u00bd\"\u00ef\u00bf\u00bdCB%\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdc\u00ef\u00bf\u00bdC\u00ef\u00bf\u00bd2\u00ef\u00bf\u00bd2kU87\r\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd#\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd1\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0005Z0`\u00ef\u00bf\u00bdc\u00ef\u00bf\u00bd\u0019\u00ef\u00bf\u00bdxG\b\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdc\u00ef\u00bf\u00bd,\u00ef\u00bf\u00bdA\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001f\u00ef\u00bf\u00bd.,\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd#\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0001\u0010M8b\u0006K%\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdN\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdM\u00ef\u00bf\u00bd+e%\u0012k\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdc\u00ef\u00bf\u00bdk}n\u001fs\u00ef\u00bf\u00bdq\u0015\u00ef\u00bf\u00bdS\u00151[\u00ef\u00bf\u00bd7" - }, - "media": { - "media.type": "a5:cb:c7:b8:31:d0:ec:c5:ce:7a:6c:91:61:9a:b0:01:d3:22:91:43:42:25:bf:f6:a2:63:c4:43:e6:32:e5:32:6b:55:38:37:0d:bd:dd:b7:c0:23:de:d3:de:31:d6:d0:05:5a:30:60:9e:63:93:19:cf:78:47:08:ad:d1:63:cf:2c:fe:41:f2:8b:1f:f6:2e:2c:b9:be:97:8a:23:d6:d3:ac:e9:bf:01:10:4d:38:62:06:4b:25:d6:c4:e2:c7:4e:d4:ea:e0:e0:4d:e9:2b:65:25:12:6b:d9:af:63:ec:6b:7d:6e:1f:73:c1:71:15:cf:53:15:31:5b:ed:37:00:10:22:8d:5b:01:17:e7:a5:fa:78:43:fd:81:03:4d:ab:e3:9d:9c:3a:ab:65:f8:7c:e2:8d:e8:57:18:6a:a9:8d:80:bc:30:30:15:45:ae:d0:10:da:c7:fe:55:f2:6c:be:8f:25:99:71:4d:54:71:2a:9c:a8:78:27:7c:0c:10:02:ae:5d:98:3b:d7:85:68:1f:24:61:ca:51:3a:67:fa:da:2c:d1:8b:b0:1c:2c:17:ed:ba:ba:8c:77:1d:54:ac:f9:b9:49:88:96:35:9a:70:da:00:0e:eb:e2:d8:23:c2:60:1b:3f:ce:70:cc:ee:43:ed:f0:80:34:94:c1:e2:8f:03:92:80:91:93:2b:17:54:f5:65:6a:86:f5:be:45:82:55:bd:eb:dd:94:b9:da:58:eb:fb:33:c2:7f:5d:d1:fb:ab:57:ac:01:b9:5f:a8:8a:40:66:12:ef:d7:fb:1f:9c:20:41:47:b4:95:f4:ab:3e:68:05:74:54:39:d3:be:0e:0b:c3:15:b5:86:db:3a:3d:ed:d8:22:db:a9:5e:fc:00:b2:84:31:c8:7e:73:4c:f6:0a:7f:f3:e9:f1:06:7d:50:1a:2c:5b:5a:ee:2c:e6:30:48:48:62:17:52:52:38:f3:36:0c:c2:08:13:af:9c:e1:27:67:c1:37:73:07:26:7c:7a:88:cc:11:a0:37:95:e6:64:be:0d:41:91:2b:7f:29:25:2b:54:5c:d4:30:45:2d:a2:48:64:cc:b6:99:d2:e2:32:e7:14:94:f0:bb:bf:93:e5:28:cd:16:f6:da:c9:e8:7a:75:05:5f:17:85:d2:25:2e:f5:c0:eb:0b:6c:f2:27:6d:44:cc:15:eb:91:ed:9e:b9:70:4d:8a:bf:14:b1:b2:06:64:0d:a4:9d:f7:7e:83:bb:91:a1:6a:7f:38:a1:f4:72:5f:d8:14:b3:31:63:2e:06:49:91:07:0a:8b:e6:66:82:7f:07:42:18:c8:51:ce:d4:11:cd:c6:38:b8:54:94:73:03:4f:a5:16:5f:da:45:cc:35:7a:23:31:20:ca:2b:d9:a8:2c:03:e5:b8:2b:d3:86:fc:f5:90:c5:f3:cc:b3:a2:50:bc:46:16:46:d5:4a:6f:13:eb:13:c5:cb:c1:6c:03:f1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:44.047711000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494324.047711000", - "frame.time_delta": "0.000088000", - "frame.time_delta_displayed": "0.000088000", - "frame.time_relative": "732.587025000", - "frame.number": "2583", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00003520", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x000055bb", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35294", - "tcp.port": "80", - "tcp.port": "35294", - "tcp.stream": "119", - "tcp.len": "0", - "tcp.seq": "872", - "tcp.ack": "1849", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00002a86", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:44.048177000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494324.048177000", - "frame.time_delta": "0.000466000", - "frame.time_delta_displayed": "0.000466000", - "frame.time_relative": "732.587491000", - "frame.number": "2584", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000042c0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f31b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35294", - "tcp.dstport": "80", - "tcp.port": "35294", - "tcp.port": "80", - "tcp.stream": "119", - "tcp.len": "0", - "tcp.seq": "1849", - "tcp.ack": "872", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "30485", - "tcp.window_size": "30485", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000cad5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2582", - "tcp.analysis.ack_rtt": "0.000554000", - "tcp.analysis.initial_rtt": "0.137171000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:44.048829000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494324.048829000", - "frame.time_delta": "0.000652000", - "frame.time_delta_displayed": "0.000652000", - "frame.time_relative": "732.588143000", - "frame.number": "2585", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000042c1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f31a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35294", - "tcp.dstport": "80", - "tcp.port": "35294", - "tcp.port": "80", - "tcp.stream": "119", - "tcp.len": "0", - "tcp.seq": "1849", - "tcp.ack": "873", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "30485", - "tcp.window_size": "30485", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000cad3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2583", - "tcp.analysis.ack_rtt": "0.001118000", - "tcp.analysis.initial_rtt": "0.137171000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:44.185128000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494324.185128000", - "frame.time_delta": "0.136299000", - "frame.time_delta_displayed": "0.136299000", - "frame.time_relative": "732.724442000", - "frame.number": "2586", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00006dfd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x00001cde", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35294", - "tcp.port": "80", - "tcp.port": "35294", - "tcp.stream": "119", - "tcp.len": "0", - "tcp.seq": "873", - "tcp.ack": "1850", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00002a85", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2585", - "tcp.analysis.ack_rtt": "0.136299000", - "tcp.analysis.initial_rtt": "0.137171000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:45.585041000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494325.585041000", - "frame.time_delta": "1.399913000", - "frame.time_delta_displayed": "1.399913000", - "frame.time_relative": "734.124355000", - "frame.number": "2587", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x0000ec8e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000cc2b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "43154", - "udp.dstport": "53", - "udp.port": "43154", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x00000d92", - "udp.checksum.status": "2", - "udp.stream": "65" - }, - "dns": { - "dns.id": "0x00000f19", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:45.585599000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494325.585599000", - "frame.time_delta": "0.000558000", - "frame.time_delta_displayed": "0.000558000", - "frame.time_relative": "734.124913000", - "frame.number": "2588", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x00002a03", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008eb7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "43154", - "udp.port": "53", - "udp.port": "43154", - "udp.length": "45", - "udp.checksum": "0x00008230", - "udp.checksum.status": "2", - "udp.stream": "65" - }, - "dns": { - "dns.response_to": "2587", - "dns.time": "0.000558000", - "dns.id": "0x00000f19", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:45.586428000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494325.586428000", - "frame.time_delta": "0.000829000", - "frame.time_delta_displayed": "0.000829000", - "frame.time_relative": "734.125742000", - "frame.number": "2589", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x0000ec8f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000cc2a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "59081", - "udp.dstport": "53", - "udp.port": "59081", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x0000ea59", - "udp.checksum.status": "2", - "udp.stream": "66" - }, - "dns": { - "dns.id": "0x00000f1a", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:45.586984000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494325.586984000", - "frame.time_delta": "0.000556000", - "frame.time_delta_displayed": "0.000556000", - "frame.time_relative": "734.126298000", - "frame.number": "2590", - "frame.len": "95", - "frame.cap_len": "95", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "81", - "ip.id": "0x00002a04", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008ea6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "59081", - "udp.port": "53", - "udp.port": "59081", - "udp.length": "61", - "udp.checksum": "0x00008240", - "udp.checksum.status": "2", - "udp.stream": "66" - }, - "dns": { - "dns.response_to": "2589", - "dns.time": "0.000556000", - "dns.id": "0x00000f1a", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "1", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { - "dns.resp.name": "dcp.cpp.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3052", - "dns.resp.len": "4", - "dns.a": "5.79.62.93" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:45.588131000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494325.588131000", - "frame.time_delta": "0.001147000", - "frame.time_delta_displayed": "0.001147000", - "frame.time_relative": "734.127445000", - "frame.number": "2591", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002f72", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000065e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35295", - "tcp.dstport": "80", - "tcp.port": "35295", - "tcp.port": "80", - "tcp.stream": "120", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00004ce3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:45.722273000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494325.722273000", - "frame.time_delta": "0.134142000", - "frame.time_delta_displayed": "0.134142000", - "frame.time_relative": "734.261587000", - "frame.number": "2592", - "frame.len": "62", - "frame.cap_len": "62", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "48", - "ip.id": "0x0000e6fb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x0000a3d7", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35295", - "tcp.port": "80", - "tcp.port": "35295", - "tcp.stream": "120", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "28", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "4140", - "tcp.window_size": "4140", - "tcp.checksum": "0x00000e56", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:64:04:02:00:00", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1380" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "End of Option List (EOL)": { - "tcp.options.type": "0", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "0" - } - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2591", - "tcp.analysis.ack_rtt": "0.134142000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:45.722818000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494325.722818000", - "frame.time_delta": "0.000545000", - "frame.time_delta_displayed": "0.000545000", - "frame.time_relative": "734.262132000", - "frame.number": "2593", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002f73", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000669", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35295", - "tcp.dstport": "80", - "tcp.port": "35295", - "tcp.port": "80", - "tcp.stream": "120", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000d7e4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2592", - "tcp.analysis.ack_rtt": "0.000545000", - "tcp.analysis.initial_rtt": "0.134687000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:45.722831000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494325.722831000", - "frame.time_delta": "0.000013000", - "frame.time_delta_displayed": "0.000013000", - "frame.time_relative": "734.262145000", - "frame.number": "2594", - "frame.len": "654", - "frame.cap_len": "654", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "640", - "ip.id": "0x00002f74", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000410", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35295", - "tcp.dstport": "80", - "tcp.port": "35295", - "tcp.port": "80", - "tcp.stream": "120", - "tcp.len": "600", - "tcp.seq": "1", - "tcp.nxtseq": "601", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000761f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.134687000", - "tcp.analysis.bytes_in_flight": "600", - "tcp.analysis.push_bytes_sent": "600" - }, - "tcp.segment_data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:38:34:22:2c:20:4e:6f:6e:63:65:3d:22:6d:45:76:74:63:39:62:6d:59:56:47:37:49:4e:55:49:73:63:5a:66:66:67:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:43:4c:38:52:68:46:36:78:71:6e:35:75:5a:5a:79:6c:31:77:63:76:45:41:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:45.857806000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494325.857806000", - "frame.time_delta": "0.134975000", - "frame.time_delta_displayed": "0.134975000", - "frame.time_relative": "734.397120000", - "frame.number": "2595", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001c99", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x00006e42", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35295", - "tcp.port": "80", - "tcp.port": "35295", - "tcp.stream": "120", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "601", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4740", - "tcp.window_size": "4740", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00003519", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2594", - "tcp.analysis.ack_rtt": "0.134975000", - "tcp.analysis.initial_rtt": "0.134687000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:45.857890000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494325.857890000", - "frame.time_delta": "0.000084000", - "frame.time_delta_displayed": "0.000084000", - "frame.time_relative": "734.397204000", - "frame.number": "2596", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001c9a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x00006e41", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35295", - "tcp.port": "80", - "tcp.port": "35295", - "tcp.stream": "120", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "601", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4740", - "tcp.window_size": "4740", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00003519", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.134687000", - "tcp.analysis.flags": { - "tcp.analysis.duplicate_ack": "" - }, - "tcp.analysis.duplicate_ack_num": "1", - "tcp.analysis.duplicate_ack_frame": "2595", - "tcp.analysis.duplicate_ack_frame_tree": { - "_ws.expert": { - "tcp.analysis.duplicate_ack": "", - "_ws.expert.message": "Duplicate ACK (#1)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:45.858445000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494325.858445000", - "frame.time_delta": "0.000555000", - "frame.time_delta_displayed": "0.000555000", - "frame.time_relative": "734.397759000", - "frame.number": "2597", - "frame.len": "1302", - "frame.cap_len": "1302", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:media" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1288", - "ip.id": "0x00002f75", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000187", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35295", - "tcp.dstport": "80", - "tcp.port": "35295", - "tcp.port": "80", - "tcp.stream": "120", - "tcp.len": "1248", - "tcp.seq": "601", - "tcp.nxtseq": "1849", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00003d66", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.134687000", - "tcp.analysis.bytes_in_flight": "1248", - "tcp.analysis.push_bytes_sent": "1248" - }, - "tcp.segment_data": "d3:16:79:01:a5:bb:86:e5:06:7e:33:04:b8:f8:35:19:e6:ab:ef:d9:bd:2e:46:d2:d9:23:cd:50:68:6c:59:bb:68:ac:3f:f4:5e:4a:20:e2:4e:1e:a3:a9:55:6c:91:06:58:6e:53:e5:e9:0e:d2:cb:1b:07:17:10:9b:25:93:89:b8:ab:08:47:af:2f:17:7a:33:aa:45:f4:05:d4:d3:b5:a0:dc:5b:c5:0a:9e:2e:c6:c9:8d:f7:05:4f:c4:1d:05:74:37:ec:4b:ce:c2:07:47:33:0e:fe:d6:33:aa:f9:64:09:00:60:90:ba:36:03:d7:a0:d1:14:76:cc:f3:85:31:e1:16:82:3e:99:ce:4b:f3:6e:d8:ce:7c:ee:ec:d3:8f:84:9d:59:9a:7d:55:58:4e:9f:ea:6c:b9:95:5e:79:0c:43:aa:9b:77:69:b8:98:39:63:27:2d:17:ec:99:b4:43:de:ab:76:0d:9b:eb:c7:18:3b:fd:07:01:16:50:71:9b:f2:29:df:9c:d0:d6:f7:b3:bf:cd:ca:cd:ea:d3:ae:a1:50:df:b5:e7:a1:7c:d4:50:d0:14:31:73:39:f3:72:a3:ab:c5:06:a9:44:90:e8:5a:85:1f:f9:2a:47:b7:cd:66:4f:34:37:cd:46:9e:41:fe:ce:34:bc:4c:be:dc:82:6f:84:8e:1d:f3:9c:f1:e0:32:33:ff:ff:ae:45:e3:b2:a6:41:13:3a:e2:ef:a9:8a:ec:72:22:22:d5:9b:c0:17:ef:a7:a1:73:5d:5f:e9:12:31:84:85:d1:2f:75:e1:90:8b:d2:72:c8:d6:1b:f8:be:de:8f:60:d2:8f:2b:c1:c1:dd:e8:28:59:91:f3:ec:a4:c0:e4:62:16:d5:9b:6e:02:45:2f:7f:6f:28:e7:64:8d:47:0d:c0:93:bb:e1:e7:3c:d8:33:2b:10:55:e6:44:f5:a5:30:29:2f:c8:9a:5b:20:7c:1c:fe:94:46:90:34:ef:3b:7e:35:16:88:45:b7:87:80:91:e7:f5:04:a6:96:6a:c7:f9:c8:02:67:87:63:af:f3:6a:d3:df:fb:14:a6:d4:78:eb:27:de:be:c0:a5:df:f2:a2:ae:9d:fa:8f:56:5b:57:79:9f:46:63:79:fd:64:0b:20:b6:cf:6c:d9:26:05:11:a8:00:8e:9a:4f:3b:d4:c8:c5:2f:5c:8f:e8:26:33:f4:fa:d3:88:d5:8e:1e:64:53:cb:4c:9d:39:61:73:a6:95:a9:3d:49:12:c5:da:76:33:39:bf:78:29:1f:dd:b0:6a:a6:78:29:67:7a:27:47:e1:56:71:7d:b6:6c:c4:f1:73:f7:84:c7:80:2b:b6:a5:54:c9:38:2a:f4:ed:1a:f1:69:54:ba:d8:f7:c8:2e:c3:ff:bb:7c:b9:6b:e5:e3:64:ab:fc:f9:9b:07:cb:cd:5a:4e:d1:ef:87:79:3b:49:1f:ab:f8:ae:fd:55:d8:9a:a5:ee:84:c0:db:ce:e6:e3:53:58:d3:a5:5a:9d:0a:0e:c7:8f:14:dd:97:78:94:33:68:1b:ce:c7:70:15:54:3c:e1:44:9e:52:a9:ee:10:eb:b1:7e:c6:c1:65:3f:58:71:40:4a:cb:ee:37:73:54:36:7d:7e:74:9b:f9:b2:7f:e8:0e:28:ec:e9:fe:4b:b5:45:4b:81:43:59:55:e9:b2:3f:9b:e3:b7:4e:da:f0:e9:1f:4e:9c:83:e0:99:59:d9:bd:40:f0:58:a6:62:57:77:11:56:8d:09:59:7b:ff:19:bf:3f:1a:86:d9:75:9a:c9:d3:8c:4a:f1:34:0a:8c:32:15:d3:ff:7e:6c:11:d0:bd:64:61:4e:e2:9f:20:16:2d:ee:2c:36:8e:db:9d:6d:cf:ac:fe:b7:14:9d:26:b7:e3:4e:66:99:52:d4:29:e9:e2:35:12:88:10:05:07:fa:c0:f1:3c:51:d2:91:b0:49:f9:9d:69:e6:44:fe:cb:d3:88:46:71:ec:5e:0a:4b:8a:ba:b1:6f:53:5a:41:ad:be:31:6f:8c:af:87:a6:78:1d:43:27:01:24:2e:bf:ff:5b:ed:ba:71:b5:a9:d9:d8:20:11:de:41:37:3b:15:9c:fd:f0:68:2d:8a:9b:22:07:5e:b3:af:51:57:e1:6b:ae:90:10:9e:bf:46:68:b8:fa:ae:a1:95:b8:af:8c:c5:c5:05:bc:25:19:86:57:11:e7:0e:dc:c1:84:8a:13:1b:40:77:b6:3b:e4:c5:54:7b:ea:00:85:87:53:04:ea:0b:92:97:95:e6:58:66:f5:de:5a:75:08:2c:63:01:cc:d5:10:97:5a:6c:23:8f:1c:12:70:81:d3:91:fc:67:cb:9e:83:83:0e:12:cd:dc:27:e1:4c:c6:d3:6a:9b:6c:9b:f5:19:90:c1:ed:24:be:06:2d:1c:3f:5b:21:3d:0e:3c:91:88:11:e6:c7:28:27:f9:0d:aa:a7:30:51:ec:95:85:35:4f:e4:28:7b:65:1c:85:e2:22:4e:f1:e4:77:bb:e2:b8:19:bd:f9:5d:be:d0:c7:46:77:b2:19:29:51:34:38:a3:cf:00:0f:aa:27:1b:b0:58:ea:4f:80:2f:69:47:85:7d:7e:8b:ab:e9:28:d8:cc:8c:d1:de:14:1d:84:2b:2b:b4:aa:ac:12:08:05:f1:12:fc:55:40:20:70:57:c9:f1:3d:54:b3:d9:de:3a:70:66:05:ee:db:a9:0c:fa:8e:5b:a0:26:9e:08:fe:a5:df:9b:2e:93:df:ef:14:2b:e1:e8:14:9b:0b:50:cc:d9:46:e1:23:1b:9c:d7:c0:f4:b9:5f:bf:91:de:a8:0a:60:9f:34:87:ac:d9:e1:36:e4:48:28:16:d5:d0:ba:eb:4f:15:1e:3b:6d:bf:b5:8c:bf:bd:0c:eb:65:9c:9e:dc:39:5c:9c:5a:52:a3:77:bd:95:9e:a4:d4:0a:0e:1c:a6:69:0b:c3:d3:bf:ff:c1:64:62:78:95:1e:f5:e2:df:88:b2:5a:98:58:66:1a:6f:67:7d:a2:72:9d:f6:84:8e:45:ec:78:63:a7:78:a5:c4:cf:11:84:bf:dc:bd:b8:dc:8f:1f:df:ba:cb:6e:3c:b7:50:5b:fb:6a:83:16:27:86:93:c6:c1:9f:33:f8:b5:97:e2:49:84:9f:53:43:6d:13:17:58:9e:19:dd:82:f9:d8:f9:36:a3:39:23:37:df:37:15:2a:ed:38:62:49:d1:a1:92:3c:3a:59:4e:f0:fb:ff:99:aa:93:3e:8c:2d:d5:79:0d:bd:b2:38:ac:38:f1:f6:27:1d:49" - }, - "tcp.segments": { - "tcp.segment": "2594", - "tcp.segment": "2597", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1848", - "tcp.reassembled.data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:38:34:22:2c:20:4e:6f:6e:63:65:3d:22:6d:45:76:74:63:39:62:6d:59:56:47:37:49:4e:55:49:73:63:5a:66:66:67:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:43:4c:38:52:68:46:36:78:71:6e:35:75:5a:5a:79:6c:31:77:63:76:45:41:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a:d3:16:79:01:a5:bb:86:e5:06:7e:33:04:b8:f8:35:19:e6:ab:ef:d9:bd:2e:46:d2:d9:23:cd:50:68:6c:59:bb:68:ac:3f:f4:5e:4a:20:e2:4e:1e:a3:a9:55:6c:91:06:58:6e:53:e5:e9:0e:d2:cb:1b:07:17:10:9b:25:93:89:b8:ab:08:47:af:2f:17:7a:33:aa:45:f4:05:d4:d3:b5:a0:dc:5b:c5:0a:9e:2e:c6:c9:8d:f7:05:4f:c4:1d:05:74:37:ec:4b:ce:c2:07:47:33:0e:fe:d6:33:aa:f9:64:09:00:60:90:ba:36:03:d7:a0:d1:14:76:cc:f3:85:31:e1:16:82:3e:99:ce:4b:f3:6e:d8:ce:7c:ee:ec:d3:8f:84:9d:59:9a:7d:55:58:4e:9f:ea:6c:b9:95:5e:79:0c:43:aa:9b:77:69:b8:98:39:63:27:2d:17:ec:99:b4:43:de:ab:76:0d:9b:eb:c7:18:3b:fd:07:01:16:50:71:9b:f2:29:df:9c:d0:d6:f7:b3:bf:cd:ca:cd:ea:d3:ae:a1:50:df:b5:e7:a1:7c:d4:50:d0:14:31:73:39:f3:72:a3:ab:c5:06:a9:44:90:e8:5a:85:1f:f9:2a:47:b7:cd:66:4f:34:37:cd:46:9e:41:fe:ce:34:bc:4c:be:dc:82:6f:84:8e:1d:f3:9c:f1:e0:32:33:ff:ff:ae:45:e3:b2:a6:41:13:3a:e2:ef:a9:8a:ec:72:22:22:d5:9b:c0:17:ef:a7:a1:73:5d:5f:e9:12:31:84:85:d1:2f:75:e1:90:8b:d2:72:c8:d6:1b:f8:be:de:8f:60:d2:8f:2b:c1:c1:dd:e8:28:59:91:f3:ec:a4:c0:e4:62:16:d5:9b:6e:02:45:2f:7f:6f:28:e7:64:8d:47:0d:c0:93:bb:e1:e7:3c:d8:33:2b:10:55:e6:44:f5:a5:30:29:2f:c8:9a:5b:20:7c:1c:fe:94:46:90:34:ef:3b:7e:35:16:88:45:b7:87:80:91:e7:f5:04:a6:96:6a:c7:f9:c8:02:67:87:63:af:f3:6a:d3:df:fb:14:a6:d4:78:eb:27:de:be:c0:a5:df:f2:a2:ae:9d:fa:8f:56:5b:57:79:9f:46:63:79:fd:64:0b:20:b6:cf:6c:d9:26:05:11:a8:00:8e:9a:4f:3b:d4:c8:c5:2f:5c:8f:e8:26:33:f4:fa:d3:88:d5:8e:1e:64:53:cb:4c:9d:39:61:73:a6:95:a9:3d:49:12:c5:da:76:33:39:bf:78:29:1f:dd:b0:6a:a6:78:29:67:7a:27:47:e1:56:71:7d:b6:6c:c4:f1:73:f7:84:c7:80:2b:b6:a5:54:c9:38:2a:f4:ed:1a:f1:69:54:ba:d8:f7:c8:2e:c3:ff:bb:7c:b9:6b:e5:e3:64:ab:fc:f9:9b:07:cb:cd:5a:4e:d1:ef:87:79:3b:49:1f:ab:f8:ae:fd:55:d8:9a:a5:ee:84:c0:db:ce:e6:e3:53:58:d3:a5:5a:9d:0a:0e:c7:8f:14:dd:97:78:94:33:68:1b:ce:c7:70:15:54:3c:e1:44:9e:52:a9:ee:10:eb:b1:7e:c6:c1:65:3f:58:71:40:4a:cb:ee:37:73:54:36:7d:7e:74:9b:f9:b2:7f:e8:0e:28:ec:e9:fe:4b:b5:45:4b:81:43:59:55:e9:b2:3f:9b:e3:b7:4e:da:f0:e9:1f:4e:9c:83:e0:99:59:d9:bd:40:f0:58:a6:62:57:77:11:56:8d:09:59:7b:ff:19:bf:3f:1a:86:d9:75:9a:c9:d3:8c:4a:f1:34:0a:8c:32:15:d3:ff:7e:6c:11:d0:bd:64:61:4e:e2:9f:20:16:2d:ee:2c:36:8e:db:9d:6d:cf:ac:fe:b7:14:9d:26:b7:e3:4e:66:99:52:d4:29:e9:e2:35:12:88:10:05:07:fa:c0:f1:3c:51:d2:91:b0:49:f9:9d:69:e6:44:fe:cb:d3:88:46:71:ec:5e:0a:4b:8a:ba:b1:6f:53:5a:41:ad:be:31:6f:8c:af:87:a6:78:1d:43:27:01:24:2e:bf:ff:5b:ed:ba:71:b5:a9:d9:d8:20:11:de:41:37:3b:15:9c:fd:f0:68:2d:8a:9b:22:07:5e:b3:af:51:57:e1:6b:ae:90:10:9e:bf:46:68:b8:fa:ae:a1:95:b8:af:8c:c5:c5:05:bc:25:19:86:57:11:e7:0e:dc:c1:84:8a:13:1b:40:77:b6:3b:e4:c5:54:7b:ea:00:85:87:53:04:ea:0b:92:97:95:e6:58:66:f5:de:5a:75:08:2c:63:01:cc:d5:10:97:5a:6c:23:8f:1c:12:70:81:d3:91:fc:67:cb:9e:83:83:0e:12:cd:dc:27:e1:4c:c6:d3:6a:9b:6c:9b:f5:19:90:c1:ed:24:be:06:2d:1c:3f:5b:21:3d:0e:3c:91:88:11:e6:c7:28:27:f9:0d:aa:a7:30:51:ec:95:85:35:4f:e4:28:7b:65:1c:85:e2:22:4e:f1:e4:77:bb:e2:b8:19:bd:f9:5d:be:d0:c7:46:77:b2:19:29:51:34:38:a3:cf:00:0f:aa:27:1b:b0:58:ea:4f:80:2f:69:47:85:7d:7e:8b:ab:e9:28:d8:cc:8c:d1:de:14:1d:84:2b:2b:b4:aa:ac:12:08:05:f1:12:fc:55:40:20:70:57:c9:f1:3d:54:b3:d9:de:3a:70:66:05:ee:db:a9:0c:fa:8e:5b:a0:26:9e:08:fe:a5:df:9b:2e:93:df:ef:14:2b:e1:e8:14:9b:0b:50:cc:d9:46:e1:23:1b:9c:d7:c0:f4:b9:5f:bf:91:de:a8:0a:60:9f:34:87:ac:d9:e1:36:e4:48:28:16:d5:d0:ba:eb:4f:15:1e:3b:6d:bf:b5:8c:bf:bd:0c:eb:65:9c:9e:dc:39:5c:9c:5a:52:a3:77:bd:95:9e:a4:d4:0a:0e:1c:a6:69:0b:c3:d3:bf:ff:c1:64:62:78:95:1e:f5:e2:df:88:b2:5a:98:58:66:1a:6f:67:7d:a2:72:9d:f6:84:8e:45:ec:78:63:a7:78:a5:c4:cf:11:84:bf:dc:bd:b8:dc:8f:1f:df:ba:cb:6e:3c:b7:50:5b:fb:6a:83:16:27:86:93:c6:c1:9f:33:f8:b5:97:e2:49:84:9f:53:43:6d:13:17:58:9e:19:dd:82:f9:d8:f9:36:a3:39:23:37:df:37:15:2a:ed:38:62:49:d1:a1:92:3c:3a:59:4e:f0:fb:ff:99:aa:93:3e:8c:2d:d5:79:0d:bd:b2:38:ac:38:f1:f6:27:1d:49" - }, - "http": { - "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "POST", - "http.request.uri": "\/DcpRequestHandler\/index.ashx", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "dcp.cpp.philips.com:80", - "http.request.line": "Host: dcp.cpp.philips.com:80\r\n", - "http.authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"184\", Nonce=\"mEvtc9bmYVG7INUIscZffg==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"CL8RhF6xqn5uZZyl1wcvEA==\"", - "http.request.line": "Authorization: CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"184\", Nonce=\"mEvtc9bmYVG7INUIscZffg==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"CL8RhF6xqn5uZZyl1wcvEA==\"\r\n", - "http.content_length_header": "1248 ", - "http.content_length_header_tree": { - "http.content_length": "1248" - }, - "http.request.line": "Content-Length: 1248 \r\n", - "http.content_type": "application\/CB-Encrypted; cipher=AES", - "http.request.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", - "http.connection": "close", - "http.request.line": "Connection: close\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/dcp.cpp.philips.com:80\/DcpRequestHandler\/index.ashx", - "http.request": "1", - "http.request_number": "1", - "http.file_data": "\u00ef\u00bf\u00bd\u0016y\u0001\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0006~3\u0004\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd5\u0019\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd.F\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd#\u00ef\u00bf\u00bdPhlY\u00ef\u00bf\u00bdh\u00ef\u00bf\u00bd?\u00ef\u00bf\u00bd^J \u00ef\u00bf\u00bdN\u001e\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdUl\u00ef\u00bf\u00bd\u0006XnS\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u000e\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001b\u0007\u0017\u0010\u00ef\u00bf\u00bd%\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\bG\u00ef\u00bf\u00bd\/\u0017z3\u00ef\u00bf\u00bdE\u00ef\u00bf\u00bd\u0005\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd[\u00ef\u00bf\u00bd\n\u00ef\u00bf\u00bd.\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0005O\u00ef\u00bf\u00bd\u001d\u0005t7\u00ef\u00bf\u00bdK\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0007G3\u000e\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd3\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdd\t" - }, - "media": { - "media.type": "d3:16:79:01:a5:bb:86:e5:06:7e:33:04:b8:f8:35:19:e6:ab:ef:d9:bd:2e:46:d2:d9:23:cd:50:68:6c:59:bb:68:ac:3f:f4:5e:4a:20:e2:4e:1e:a3:a9:55:6c:91:06:58:6e:53:e5:e9:0e:d2:cb:1b:07:17:10:9b:25:93:89:b8:ab:08:47:af:2f:17:7a:33:aa:45:f4:05:d4:d3:b5:a0:dc:5b:c5:0a:9e:2e:c6:c9:8d:f7:05:4f:c4:1d:05:74:37:ec:4b:ce:c2:07:47:33:0e:fe:d6:33:aa:f9:64:09:00:60:90:ba:36:03:d7:a0:d1:14:76:cc:f3:85:31:e1:16:82:3e:99:ce:4b:f3:6e:d8:ce:7c:ee:ec:d3:8f:84:9d:59:9a:7d:55:58:4e:9f:ea:6c:b9:95:5e:79:0c:43:aa:9b:77:69:b8:98:39:63:27:2d:17:ec:99:b4:43:de:ab:76:0d:9b:eb:c7:18:3b:fd:07:01:16:50:71:9b:f2:29:df:9c:d0:d6:f7:b3:bf:cd:ca:cd:ea:d3:ae:a1:50:df:b5:e7:a1:7c:d4:50:d0:14:31:73:39:f3:72:a3:ab:c5:06:a9:44:90:e8:5a:85:1f:f9:2a:47:b7:cd:66:4f:34:37:cd:46:9e:41:fe:ce:34:bc:4c:be:dc:82:6f:84:8e:1d:f3:9c:f1:e0:32:33:ff:ff:ae:45:e3:b2:a6:41:13:3a:e2:ef:a9:8a:ec:72:22:22:d5:9b:c0:17:ef:a7:a1:73:5d:5f:e9:12:31:84:85:d1:2f:75:e1:90:8b:d2:72:c8:d6:1b:f8:be:de:8f:60:d2:8f:2b:c1:c1:dd:e8:28:59:91:f3:ec:a4:c0:e4:62:16:d5:9b:6e:02:45:2f:7f:6f:28:e7:64:8d:47:0d:c0:93:bb:e1:e7:3c:d8:33:2b:10:55:e6:44:f5:a5:30:29:2f:c8:9a:5b:20:7c:1c:fe:94:46:90:34:ef:3b:7e:35:16:88:45:b7:87:80:91:e7:f5:04:a6:96:6a:c7:f9:c8:02:67:87:63:af:f3:6a:d3:df:fb:14:a6:d4:78:eb:27:de:be:c0:a5:df:f2:a2:ae:9d:fa:8f:56:5b:57:79:9f:46:63:79:fd:64:0b:20:b6:cf:6c:d9:26:05:11:a8:00:8e:9a:4f:3b:d4:c8:c5:2f:5c:8f:e8:26:33:f4:fa:d3:88:d5:8e:1e:64:53:cb:4c:9d:39:61:73:a6:95:a9:3d:49:12:c5:da:76:33:39:bf:78:29:1f:dd:b0:6a:a6:78:29:67:7a:27:47:e1:56:71:7d:b6:6c:c4:f1:73:f7:84:c7:80:2b:b6:a5:54:c9:38:2a:f4:ed:1a:f1:69:54:ba:d8:f7:c8:2e:c3:ff:bb:7c:b9:6b:e5:e3:64:ab:fc:f9:9b:07:cb:cd:5a:4e:d1:ef:87:79:3b:49:1f:ab:f8:ae:fd:55:d8:9a:a5:ee:84:c0:db:ce:e6:e3:53:58:d3:a5:5a:9d:0a:0e:c7:8f:14:dd:97:78:94:33:68:1b:ce:c7:70:15:54:3c:e1:44:9e:52:a9:ee:10:eb:b1:7e:c6:c1:65:3f:58:71:40:4a:cb:ee:37:73:54:36:7d:7e:74:9b:f9:b2:7f:e8:0e:28:ec:e9:fe:4b:b5:45:4b:81:43:59:55:e9:b2:3f:9b:e3:b7:4e:da:f0:e9:1f:4e:9c:83:e0:99:59:d9:bd:40:f0:58:a6:62:57:77:11:56:8d:09:59:7b:ff:19:bf:3f:1a:86:d9:75:9a:c9:d3:8c:4a:f1:34:0a:8c:32:15:d3:ff:7e:6c:11:d0:bd:64:61:4e:e2:9f:20:16:2d:ee:2c:36:8e:db:9d:6d:cf:ac:fe:b7:14:9d:26:b7:e3:4e:66:99:52:d4:29:e9:e2:35:12:88:10:05:07:fa:c0:f1:3c:51:d2:91:b0:49:f9:9d:69:e6:44:fe:cb:d3:88:46:71:ec:5e:0a:4b:8a:ba:b1:6f:53:5a:41:ad:be:31:6f:8c:af:87:a6:78:1d:43:27:01:24:2e:bf:ff:5b:ed:ba:71:b5:a9:d9:d8:20:11:de:41:37:3b:15:9c:fd:f0:68:2d:8a:9b:22:07:5e:b3:af:51:57:e1:6b:ae:90:10:9e:bf:46:68:b8:fa:ae:a1:95:b8:af:8c:c5:c5:05:bc:25:19:86:57:11:e7:0e:dc:c1:84:8a:13:1b:40:77:b6:3b:e4:c5:54:7b:ea:00:85:87:53:04:ea:0b:92:97:95:e6:58:66:f5:de:5a:75:08:2c:63:01:cc:d5:10:97:5a:6c:23:8f:1c:12:70:81:d3:91:fc:67:cb:9e:83:83:0e:12:cd:dc:27:e1:4c:c6:d3:6a:9b:6c:9b:f5:19:90:c1:ed:24:be:06:2d:1c:3f:5b:21:3d:0e:3c:91:88:11:e6:c7:28:27:f9:0d:aa:a7:30:51:ec:95:85:35:4f:e4:28:7b:65:1c:85:e2:22:4e:f1:e4:77:bb:e2:b8:19:bd:f9:5d:be:d0:c7:46:77:b2:19:29:51:34:38:a3:cf:00:0f:aa:27:1b:b0:58:ea:4f:80:2f:69:47:85:7d:7e:8b:ab:e9:28:d8:cc:8c:d1:de:14:1d:84:2b:2b:b4:aa:ac:12:08:05:f1:12:fc:55:40:20:70:57:c9:f1:3d:54:b3:d9:de:3a:70:66:05:ee:db:a9:0c:fa:8e:5b:a0:26:9e:08:fe:a5:df:9b:2e:93:df:ef:14:2b:e1:e8:14:9b:0b:50:cc:d9:46:e1:23:1b:9c:d7:c0:f4:b9:5f:bf:91:de:a8:0a:60:9f:34:87:ac:d9:e1:36:e4:48:28:16:d5:d0:ba:eb:4f:15:1e:3b:6d:bf:b5:8c:bf:bd:0c:eb:65:9c:9e:dc:39:5c:9c:5a:52:a3:77:bd:95:9e:a4:d4:0a:0e:1c:a6:69:0b:c3:d3:bf:ff:c1:64:62:78:95:1e:f5:e2:df:88:b2:5a:98:58:66:1a:6f:67:7d:a2:72:9d:f6:84:8e:45:ec:78:63:a7:78:a5:c4:cf:11:84:bf:dc:bd:b8:dc:8f:1f:df:ba:cb:6e:3c:b7:50:5b:fb:6a:83:16:27:86:93:c6:c1:9f:33:f8:b5:97:e2:49:84:9f:53:43:6d:13:17:58:9e:19:dd:82:f9:d8:f9:36:a3:39:23:37:df:37:15:2a:ed:38:62:49:d1:a1:92:3c:3a:59:4e:f0:fb:ff:99:aa:93:3e:8c:2d:d5:79:0d:bd:b2:38:ac:38:f1:f6:27:1d:49" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:45.992915000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494325.992915000", - "frame.time_delta": "0.134470000", - "frame.time_delta_displayed": "0.134470000", - "frame.time_relative": "734.532229000", - "frame.number": "2598", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000056d3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x00003408", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35295", - "tcp.port": "80", - "tcp.port": "35295", - "tcp.stream": "120", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1849", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00002b59", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2597", - "tcp.analysis.ack_rtt": "0.134470000", - "tcp.analysis.initial_rtt": "0.134687000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:46.344947000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494326.344947000", - "frame.time_delta": "0.352032000", - "frame.time_delta_displayed": "0.352032000", - "frame.time_relative": "734.884261000", - "frame.number": "2599", - "frame.len": "925", - "frame.cap_len": "925", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:media" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "911", - "ip.id": "0x0000ed9a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x000099d9", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35295", - "tcp.port": "80", - "tcp.port": "35295", - "tcp.stream": "120", - "tcp.len": "871", - "tcp.seq": "1", - "tcp.nxtseq": "872", - "tcp.ack": "1849", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00005180", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.134687000", - "tcp.analysis.bytes_in_flight": "871", - "tcp.analysis.push_bytes_sent": "871" - } - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.cache_control": "private", - "http.response.line": "Cache-Control: private\r\n", - "http.content_length_header": "560", - "http.content_length_header_tree": { - "http.content_length": "560" - }, - "http.response.line": "Content-Length: 560\r\n", - "http.content_type": "application\/CB-Encrypted; cipher=AES", - "http.response.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", - "http.server": "Microsoft-IIS\/7.5", - "http.response.line": "Server: Microsoft-IIS\/7.5\r\n", - "http.www_authenticate": "CBAuth Nonce=\"8PndQgBJvlK7INUIByF8rg==\"", - "http.response.line": "WWW-Authenticate: CBAuth Nonce=\"8PndQgBJvlK7INUIByF8rg==\"\r\n", - "http.response.line": "X-AspNet-Version: 4.0.30319\r\n", - "http.response.line": "X-Powered-By: ASP.NET\r\n", - "http.date": "Tue, 31 Oct 2017 23:58:46 GMT", - "http.response.line": "Date: Tue, 31 Oct 2017 23:58:46 GMT\r\n", - "http.connection": "close", - "http.response.line": "Connection: close\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.486502000", - "http.request_in": "2597", - "http.file_data": "\u00ef\u00bf\u00bd\u0016y\u0001\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0006~3\u0004\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd5\u0019\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd.F\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd#\u00ef\u00bf\u00bdPhlY\u00ef\u00bf\u00bd8\u00ef\u00bf\u00bdD;E\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bda\u0010M8\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdj\u00ef\u00bf\u00bd\u0016\u001b@\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdr\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd*?\u0013\u00ef\u00bf\u00bd2\u0011\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0016\u00ef\u00bf\u00bdSj\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdP,s\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdv\u0018G\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd@5\u00ef\u00bf\u00bd\u007f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdM\u0012u\u00ef\u00bf\u00bdL\u00ef\u00bf\u00bdd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u000e\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u000b2~\u001a\u0017\u00ef\u00bf\u00bd*\u00ef\u00bf\u00bd\tt\u00ef\u00bf\u00bdR\u00ef\u00bf\u00bd\u0017\u00ef\u00bf\u00bd\u001cO\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdaf\/\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdL\u00ef\u00bf\u00bdlZ\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdU\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd<WA\u00ef\u00bf\u00bdT\u0019\u0017\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0002 7\u00ef\u00bf\u00bd\u0007\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdNNh\u0005\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001c\u00ef\u00bf\u00bd\u0016@\u00ef\u00bf\u00bd\f\/\u00ef\u00bf\u00bdJ\u00ef\u00bf\u00bd\u0018\u00ef\u00bf\u00bd>\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd%\u00ef\u00bf\u00bd\"\u00ef\u00bf\u00bd+\bn\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdc\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdj\u00ef\u00bf\u00bdzVc\u000e\u00ef\u00bf\u00bd>\u0013\u00ef\u00bf\u00bd\u0017g\u00ef\u00bf\u00bd#2\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdr2\u001c\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd5\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdb\u00ef\u00bf\u00bdj\bb<\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u007f\u00ef\u00bf\u00bd\\\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdSQ\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdPn\u0005\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdz\u00ef\u00bf\u00bd%\u00ef\u00bf\u00bd8\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdp.\u00ef\u00bf\u00bd8\u00ef\u00bf\u00bd\/\u00ef\u00bf\u00bd!\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001c\u00ef\u00bf\u00bdK\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0019\u00ef\u00bf\u00bdz\u00ef\u00bf\u00bd\f\u00ef\u00bf\u00bd6\u00ef\u00bf\u00bd@\b\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdg\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdr37\u00ef\u00bf\u00bdI\u0019\u00ef\u00bf\u00bd\u000f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0012b$\u0012N\u00ef\u00bf\u00bdi\u000e_\u00ef\u00bf\u00bd\u0002\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001dj\u00ef\u00bf\u00bd\u00151Pa=\u0006\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdtAg7\f$7\u00ef\u00bf\u00bdCB\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdZ\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0014d\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd r" - }, - "media": { - "media.type": "d3:16:79:01:a5:bb:86:e5:06:7e:33:04:b8:f8:35:19:e6:ab:ef:d9:bd:2e:46:d2:d9:23:cd:50:68:6c:59:bb:38:d9:44:3b:45:d3:c3:ca:61:10:4d:38:ba:86:6a:cc:16:1b:40:bb:a6:dd:72:ed:a4:f5:2a:3f:13:9e:32:11:8d:a4:16:ab:53:6a:81:81:50:2c:73:c5:83:76:18:47:9c:ed:40:35:a3:7f:d3:b1:b8:4d:12:75:f7:4c:ef:64:f8:cc:80:fc:0e:d2:b6:ba:0b:32:7e:1a:17:f7:2a:ac:09:74:de:52:ce:17:aa:1c:4f:d1:ee:61:66:2f:9f:91:4c:a7:6c:5a:ea:ed:ee:55:c5:b4:3c:57:41:ee:54:19:17:ff:d1:ca:c5:fb:fc:02:20:37:d9:07:b1:cd:4e:4e:68:05:c1:92:1c:a9:16:40:c2:0c:2f:ad:4a:f7:18:d4:3e:86:d6:25:95:22:a0:2b:08:6e:d9:b0:63:e5:d1:db:6a:92:7a:56:63:0e:dd:3e:13:8a:17:67:c6:23:32:89:95:c8:fe:aa:f9:72:32:1c:83:8c:e0:35:8e:85:bf:62:df:6a:08:62:3c:ed:ee:7f:81:5c:cb:93:ad:fe:f3:e8:53:51:c1:f4:50:6e:05:8a:93:7a:e8:25:bd:38:f0:8e:70:2e:df:38:aa:2f:d3:21:c6:ee:8b:c9:1c:e8:4b:81:f8:19:a3:7a:83:0c:86:36:b0:40:08:f4:90:67:b3:c8:72:33:37:dd:49:19:b8:0f:b1:b0:12:62:24:12:4e:9e:69:0e:5f:fd:02:e4:ef:1d:6a:d6:15:31:50:61:3d:06:f8:9a:97:74:41:67:37:0c:24:37:bc:43:42:b9:93:5a:f1:d6:91:df:a5:14:64:f6:ba:f5:20:72:00:e0:43:1e:59:af:05:0d:8a:e4:b9:b2:95:ad:f7:e1:3a:40:15:1d:de:3b:4c:1d:e9:47:ad:3c:f6:90:d8:88:f5:9a:46:76:78:27:b1:42:43:86:b7:cd:b0:66:1d:99:e9:ba:75:91:21:91:dd:62:04:d5:0f:de:85:0a:d2:10:b6:81:91:fa:9c:be:1f:57:76:dc:0e:c7:0a:f7:88:ed:20:4d:3b:a6:94:5c:19:4a:88:08:e0:29:06:9d:6e:4b:79:d3:95:a7:26:e8:3b:19:d0:18:7f:e0:1f:f6:85:b9:54:75:d9:de:12:24:ac:c9:af:0c:ad:bb:1b:c0:7f:db:1e:74:e3:cf:c6:c9:da:cb:4a:25:74:c5:9b:d9:02:f9:24:39:a0:9c:70:9a:95:ad:c4:bd:b0:8b:b9:1d:e5:40:b0:21:71:35:ff:4e:b5:ae:04:c3:ec:a4:be:97:d2:8c:bf:09:34:4b:04:09:d0:31:e3:28:13:01:af:f5:54:ce:e0:da:63:5a:d0:14:21:a9:52:c9:6f:85:f7:b7:68:ff:84:c8:06:e4" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:46.345043000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494326.345043000", - "frame.time_delta": "0.000096000", - "frame.time_delta_displayed": "0.000096000", - "frame.time_relative": "734.884357000", - "frame.number": "2600", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000ed9c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x00009d3e", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35295", - "tcp.port": "80", - "tcp.port": "35295", - "tcp.stream": "120", - "tcp.len": "0", - "tcp.seq": "872", - "tcp.ack": "1849", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x000027f1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:46.345542000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494326.345542000", - "frame.time_delta": "0.000499000", - "frame.time_delta_displayed": "0.000499000", - "frame.time_relative": "734.884856000", - "frame.number": "2601", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002f76", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000666", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35295", - "tcp.dstport": "80", - "tcp.port": "35295", - "tcp.port": "80", - "tcp.stream": "120", - "tcp.len": "0", - "tcp.seq": "1849", - "tcp.ack": "872", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "30485", - "tcp.window_size": "30485", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000c840", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2599", - "tcp.analysis.ack_rtt": "0.000595000", - "tcp.analysis.initial_rtt": "0.134687000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:46.346521000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494326.346521000", - "frame.time_delta": "0.000979000", - "frame.time_delta_displayed": "0.000979000", - "frame.time_relative": "734.885835000", - "frame.number": "2602", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002f77", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000665", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35295", - "tcp.dstport": "80", - "tcp.port": "35295", - "tcp.port": "80", - "tcp.stream": "120", - "tcp.len": "0", - "tcp.seq": "1849", - "tcp.ack": "873", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "30485", - "tcp.window_size": "30485", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000c83e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2600", - "tcp.analysis.ack_rtt": "0.001478000", - "tcp.analysis.initial_rtt": "0.134687000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:46.480746000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494326.480746000", - "frame.time_delta": "0.134225000", - "frame.time_delta_displayed": "0.134225000", - "frame.time_relative": "735.020060000", - "frame.number": "2603", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000029f6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x000060e5", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35295", - "tcp.port": "80", - "tcp.port": "35295", - "tcp.stream": "120", - "tcp.len": "0", - "tcp.seq": "873", - "tcp.ack": "1850", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x000027f0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2602", - "tcp.analysis.ack_rtt": "0.134225000", - "tcp.analysis.initial_rtt": "0.134687000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:47.590523000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494327.590523000", - "frame.time_delta": "1.109777000", - "frame.time_delta_displayed": "1.109777000", - "frame.time_relative": "736.129837000", - "frame.number": "2604", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x0000ed3b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000cb7e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "55876", - "udp.dstport": "53", - "udp.port": "55876", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x0000dbdd", - "udp.checksum.status": "2", - "udp.stream": "67" - }, - "dns": { - "dns.id": "0x00000f1b", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:47.591011000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494327.591011000", - "frame.time_delta": "0.000488000", - "frame.time_delta_displayed": "0.000488000", - "frame.time_relative": "736.130325000", - "frame.number": "2605", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x00002a69", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008e51", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "55876", - "udp.port": "53", - "udp.port": "55876", - "udp.length": "45", - "udp.checksum": "0x00008230", - "udp.checksum.status": "2", - "udp.stream": "67" - }, - "dns": { - "dns.response_to": "2604", - "dns.time": "0.000488000", - "dns.id": "0x00000f1b", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:47.591831000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494327.591831000", - "frame.time_delta": "0.000820000", - "frame.time_delta_displayed": "0.000820000", - "frame.time_relative": "736.131145000", - "frame.number": "2606", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x0000ed3c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000cb7d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "37649", - "udp.dstport": "53", - "udp.port": "37649", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x00003e10", - "udp.checksum.status": "2", - "udp.stream": "68" - }, - "dns": { - "dns.id": "0x00000f1c", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:47.592256000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494327.592256000", - "frame.time_delta": "0.000425000", - "frame.time_delta_displayed": "0.000425000", - "frame.time_relative": "736.131570000", - "frame.number": "2607", - "frame.len": "95", - "frame.cap_len": "95", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "81", - "ip.id": "0x00002a6a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008e40", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "37649", - "udp.port": "53", - "udp.port": "37649", - "udp.length": "61", - "udp.checksum": "0x00008240", - "udp.checksum.status": "2", - "udp.stream": "68" - }, - "dns": { - "dns.response_to": "2606", - "dns.time": "0.000425000", - "dns.id": "0x00000f1c", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "1", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { - "dns.resp.name": "dcp.cpp.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3050", - "dns.resp.len": "4", - "dns.a": "5.79.62.93" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:47.593034000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494327.593034000", - "frame.time_delta": "0.000778000", - "frame.time_delta_displayed": "0.000778000", - "frame.time_relative": "736.132348000", - "frame.number": "2608", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000b49f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008130", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35296", - "tcp.dstport": "80", - "tcp.port": "35296", - "tcp.port": "80", - "tcp.stream": "121", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x000095df", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:47.729929000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494327.729929000", - "frame.time_delta": "0.136895000", - "frame.time_delta_displayed": "0.136895000", - "frame.time_relative": "736.269243000", - "frame.number": "2609", - "frame.len": "62", - "frame.cap_len": "62", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "48", - "ip.id": "0x0000177e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x00007355", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35296", - "tcp.port": "80", - "tcp.port": "35296", - "tcp.stream": "121", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "28", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "4140", - "tcp.window_size": "4140", - "tcp.checksum": "0x0000b96a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:64:04:02:00:00", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1380" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "End of Option List (EOL)": { - "tcp.options.type": "0", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "0" - } - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2608", - "tcp.analysis.ack_rtt": "0.136895000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:47.730476000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494327.730476000", - "frame.time_delta": "0.000547000", - "frame.time_delta_displayed": "0.000547000", - "frame.time_relative": "736.269790000", - "frame.number": "2610", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000b4a0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000813b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35296", - "tcp.dstport": "80", - "tcp.port": "35296", - "tcp.port": "80", - "tcp.stream": "121", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x000082f9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2609", - "tcp.analysis.ack_rtt": "0.000547000", - "tcp.analysis.initial_rtt": "0.137442000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:47.730490000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494327.730490000", - "frame.time_delta": "0.000014000", - "frame.time_delta_displayed": "0.000014000", - "frame.time_relative": "736.269804000", - "frame.number": "2611", - "frame.len": "654", - "frame.cap_len": "654", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "640", - "ip.id": "0x0000b4a1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007ee2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35296", - "tcp.dstport": "80", - "tcp.port": "35296", - "tcp.port": "80", - "tcp.stream": "121", - "tcp.len": "600", - "tcp.seq": "1", - "tcp.nxtseq": "601", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000a70c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.137442000", - "tcp.analysis.bytes_in_flight": "600", - "tcp.analysis.push_bytes_sent": "600" - }, - "tcp.segment_data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:38:35:22:2c:20:4e:6f:6e:63:65:3d:22:38:50:6e:64:51:67:42:4a:76:6c:4b:37:49:4e:55:49:42:79:46:38:72:67:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:30:32:44:65:43:72:69:4b:38:41:54:43:41:7a:45:41:54:33:6d:4f:7a:41:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:47.868150000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494327.868150000", - "frame.time_delta": "0.137660000", - "frame.time_delta_displayed": "0.137660000", - "frame.time_relative": "736.407464000", - "frame.number": "2612", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005063", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x00003a78", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35296", - "tcp.port": "80", - "tcp.port": "35296", - "tcp.stream": "121", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "601", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4740", - "tcp.window_size": "4740", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000e02d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2611", - "tcp.analysis.ack_rtt": "0.137660000", - "tcp.analysis.initial_rtt": "0.137442000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:47.868766000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494327.868766000", - "frame.time_delta": "0.000616000", - "frame.time_delta_displayed": "0.000616000", - "frame.time_relative": "736.408080000", - "frame.number": "2613", - "frame.len": "1302", - "frame.cap_len": "1302", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:media" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1288", - "ip.id": "0x0000b4a2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007c59", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35296", - "tcp.dstport": "80", - "tcp.port": "35296", - "tcp.port": "80", - "tcp.stream": "121", - "tcp.len": "1248", - "tcp.seq": "601", - "tcp.nxtseq": "1849", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000eaae", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.137442000", - "tcp.analysis.bytes_in_flight": "1248", - "tcp.analysis.push_bytes_sent": "1248" - }, - "tcp.segment_data": "ca:1e:7b:83:1c:13:38:ed:13:d8:f7:df:f3:9b:03:97:41:73:ef:83:af:94:e8:8a:0f:0c:8e:58:4c:be:24:57:a3:14:dc:3e:5d:c7:4b:fe:10:77:33:65:77:02:78:fb:d2:51:0c:3d:95:5c:cb:e9:76:a0:00:5a:9c:42:aa:0d:8b:97:0c:5d:27:65:e6:8c:9a:77:1c:eb:da:e7:4b:34:31:71:9c:3e:78:9d:87:1a:96:1a:cb:1b:6d:44:c8:6e:d0:cc:3e:01:51:6c:48:0d:fd:5a:c8:10:6a:5e:6f:e7:e0:bf:bf:6a:79:bb:84:02:60:9e:65:d0:47:4f:0f:29:be:63:f8:6d:8d:f2:93:00:ef:a8:68:77:9a:59:96:0e:c8:6f:95:1e:87:59:06:53:a3:dd:a2:95:bc:20:88:4f:28:07:8d:f7:9a:9b:df:e9:f8:b5:f6:5d:6b:a0:99:f7:21:f5:9d:15:7e:1b:cf:42:b0:f3:9d:f6:6c:ac:61:16:62:97:e3:26:4e:02:bd:b4:f5:38:30:16:13:8e:b0:af:25:98:b0:fd:86:73:ad:f7:3a:d6:6e:a6:e3:30:35:37:39:9e:6b:12:3d:2d:37:2f:79:59:89:bd:72:92:8c:71:00:f9:87:08:2c:4a:12:28:93:85:c3:ce:6c:7f:e8:83:43:5d:c5:98:c6:9d:cf:20:b8:c5:6d:6b:80:72:aa:00:bc:22:56:77:27:ed:75:8f:f4:0b:6c:cd:cd:eb:eb:37:14:d5:5d:6a:a9:f1:cf:39:e1:7f:44:26:aa:72:74:16:ba:82:7c:48:d4:7f:9c:e9:80:21:55:de:80:92:19:a4:1b:e5:9d:2b:26:68:70:9d:20:1b:c4:7b:06:21:f2:0b:f3:ad:48:1f:52:fc:70:ec:0c:e2:5c:fe:89:81:f5:4c:01:2c:9e:f3:b2:cb:34:22:e6:be:eb:8d:fe:ae:30:c2:18:8f:05:18:85:c3:32:2f:b2:74:35:9d:d7:4e:d0:ae:0f:f6:aa:8e:b2:23:ba:88:b3:1b:7a:ad:00:32:3a:b7:48:1b:eb:a3:43:7b:ba:97:45:3e:fb:d5:38:15:e0:00:52:5d:20:ab:02:46:33:68:e1:40:f7:a7:cc:a8:ca:13:f2:81:93:b5:a0:69:70:9d:e9:0b:7d:84:43:69:aa:b0:9e:6d:4b:38:eb:9b:2b:6b:53:b2:f4:d0:29:fd:39:e7:22:7c:df:83:f7:7a:7e:9d:02:4c:4b:71:6f:ba:e6:c2:43:aa:5b:e4:d9:43:eb:64:e3:87:ef:f1:57:df:5c:64:e5:c5:49:c0:1d:b8:3a:0d:89:60:d3:fa:d4:01:49:36:cd:98:ef:e9:59:34:dd:24:6e:5a:d8:98:53:c3:99:be:55:72:aa:d5:74:ef:0e:00:3a:77:ba:a4:f7:ff:96:21:a3:c4:31:ed:43:e8:81:9b:6a:07:16:b1:18:72:a6:53:f4:c6:f5:d0:86:c0:3b:a2:f4:f0:14:83:cd:80:ae:9c:ea:ed:59:c3:0e:66:58:52:44:7e:3c:57:5a:6a:71:a8:9b:27:f5:3b:f8:46:fc:8d:43:d4:9b:8e:bc:c8:0d:4c:c4:63:e6:de:2d:60:a0:63:34:bd:1d:1c:7f:34:17:e6:db:65:b7:db:24:d2:28:1b:a6:81:fc:ae:de:5d:d5:c6:5f:de:14:28:f0:7d:34:72:bd:cd:92:e5:f2:77:d8:1e:ae:26:fa:b5:25:92:46:e5:bf:4f:7d:4f:02:e8:bd:37:ce:6b:12:63:b9:0d:ad:7b:76:36:09:c8:52:39:59:52:f0:5c:fb:43:5b:4e:54:57:97:73:e2:1e:3a:26:13:3f:66:14:e9:d1:e5:bd:f9:c4:73:e6:fa:4d:15:17:7f:20:8a:d7:01:13:94:1e:33:19:cc:60:8c:76:e6:39:43:fd:b5:8c:6d:eb:b3:c6:69:65:56:f3:ce:51:de:83:3e:f3:2d:21:ef:f8:7b:78:ae:f7:d8:8e:8e:f0:57:6d:36:b5:3a:ba:8a:c2:1b:8f:b9:c2:6a:ad:68:1c:6a:02:61:76:8b:bd:8c:d8:79:b7:9c:ab:e1:7e:2b:eb:c9:90:35:5a:a8:f5:a1:a4:9f:0a:fb:7d:e5:b9:40:c7:12:05:b2:8d:65:66:20:bf:4e:dd:80:80:89:c7:77:f2:49:0c:3d:d7:25:2d:e8:39:18:c4:1f:54:03:0b:d8:2d:21:31:ca:89:db:e1:b4:c3:04:bc:95:60:82:ea:1e:28:2b:94:84:17:27:f2:eb:b3:6f:9a:15:a7:31:b5:93:41:a9:18:8d:0b:9a:ac:9e:b6:2d:cb:7b:cc:bc:b8:b8:8b:29:71:26:1f:dc:4c:d0:40:d7:2b:6e:9d:c6:40:60:44:91:84:ba:40:86:2c:5b:9f:ab:78:78:56:c3:a2:a1:53:80:b4:f6:f7:1e:a1:12:ed:97:5a:f7:76:c7:3e:b7:07:8e:e2:48:f7:f9:6f:9b:cb:c4:21:81:ca:c5:cb:56:7d:1a:47:3f:0d:bb:7e:a6:a6:f3:91:8a:68:2e:d2:71:ae:9a:8d:26:41:38:b9:b0:21:12:4d:8b:6e:fa:fe:4d:da:4d:f7:6c:4b:b1:4a:82:b3:9c:b4:fc:2b:32:6c:02:d5:63:84:73:59:66:58:80:7d:1c:70:8d:ad:42:4d:7c:7c:86:96:1e:24:49:85:61:fa:76:b6:35:7a:11:6c:7a:93:81:ed:4b:c8:f7:e1:64:85:ba:44:5f:f6:c3:fd:38:eb:3b:a1:56:49:73:17:a4:16:5d:d5:6a:ea:a2:07:ca:93:03:fd:be:4b:36:1f:9c:90:16:be:f5:4f:57:ff:0e:19:40:32:66:9e:ac:9c:1f:6a:c7:95:84:b7:05:5b:4b:14:96:6d:e8:fa:d8:69:25:99:6f:94:10:1e:6c:11:cb:b2:b7:14:d6:3d:53:8c:8c:a7:1c:ee:00:4a:33:c1:ee:a6:af:12:8b:5f:d2:eb:6a:68:7f:79:dc:f0:01:4d:24:44:57:b2:60:f8:25:7e:95:80:d9:6d:e8:9f:67:a7:a8:a2:2e:98:9d:17:8e:c3:8a:6a:9d:73:4e:e2:d0:b9:e9:c3:79:51:b1:d9:88:be:39:2f:54:72:2b:51:43:52:26:6d:42:65:36:7d:2c:c3:65:99:5c:df:ae:30:dc:82:a0:a5:43:d7:7c:7b:1a:c9:f4:86:48:5e:8f:49:b3:70:be:2f:eb:92:a9:96:93:2d:ab:91:96:99:b5:20:c1:3c:51:a5:8b:a2:aa:c0" - }, - "tcp.segments": { - "tcp.segment": "2611", - "tcp.segment": "2613", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1848", - "tcp.reassembled.data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:38:35:22:2c:20:4e:6f:6e:63:65:3d:22:38:50:6e:64:51:67:42:4a:76:6c:4b:37:49:4e:55:49:42:79:46:38:72:67:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:30:32:44:65:43:72:69:4b:38:41:54:43:41:7a:45:41:54:33:6d:4f:7a:41:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a:ca:1e:7b:83:1c:13:38:ed:13:d8:f7:df:f3:9b:03:97:41:73:ef:83:af:94:e8:8a:0f:0c:8e:58:4c:be:24:57:a3:14:dc:3e:5d:c7:4b:fe:10:77:33:65:77:02:78:fb:d2:51:0c:3d:95:5c:cb:e9:76:a0:00:5a:9c:42:aa:0d:8b:97:0c:5d:27:65:e6:8c:9a:77:1c:eb:da:e7:4b:34:31:71:9c:3e:78:9d:87:1a:96:1a:cb:1b:6d:44:c8:6e:d0:cc:3e:01:51:6c:48:0d:fd:5a:c8:10:6a:5e:6f:e7:e0:bf:bf:6a:79:bb:84:02:60:9e:65:d0:47:4f:0f:29:be:63:f8:6d:8d:f2:93:00:ef:a8:68:77:9a:59:96:0e:c8:6f:95:1e:87:59:06:53:a3:dd:a2:95:bc:20:88:4f:28:07:8d:f7:9a:9b:df:e9:f8:b5:f6:5d:6b:a0:99:f7:21:f5:9d:15:7e:1b:cf:42:b0:f3:9d:f6:6c:ac:61:16:62:97:e3:26:4e:02:bd:b4:f5:38:30:16:13:8e:b0:af:25:98:b0:fd:86:73:ad:f7:3a:d6:6e:a6:e3:30:35:37:39:9e:6b:12:3d:2d:37:2f:79:59:89:bd:72:92:8c:71:00:f9:87:08:2c:4a:12:28:93:85:c3:ce:6c:7f:e8:83:43:5d:c5:98:c6:9d:cf:20:b8:c5:6d:6b:80:72:aa:00:bc:22:56:77:27:ed:75:8f:f4:0b:6c:cd:cd:eb:eb:37:14:d5:5d:6a:a9:f1:cf:39:e1:7f:44:26:aa:72:74:16:ba:82:7c:48:d4:7f:9c:e9:80:21:55:de:80:92:19:a4:1b:e5:9d:2b:26:68:70:9d:20:1b:c4:7b:06:21:f2:0b:f3:ad:48:1f:52:fc:70:ec:0c:e2:5c:fe:89:81:f5:4c:01:2c:9e:f3:b2:cb:34:22:e6:be:eb:8d:fe:ae:30:c2:18:8f:05:18:85:c3:32:2f:b2:74:35:9d:d7:4e:d0:ae:0f:f6:aa:8e:b2:23:ba:88:b3:1b:7a:ad:00:32:3a:b7:48:1b:eb:a3:43:7b:ba:97:45:3e:fb:d5:38:15:e0:00:52:5d:20:ab:02:46:33:68:e1:40:f7:a7:cc:a8:ca:13:f2:81:93:b5:a0:69:70:9d:e9:0b:7d:84:43:69:aa:b0:9e:6d:4b:38:eb:9b:2b:6b:53:b2:f4:d0:29:fd:39:e7:22:7c:df:83:f7:7a:7e:9d:02:4c:4b:71:6f:ba:e6:c2:43:aa:5b:e4:d9:43:eb:64:e3:87:ef:f1:57:df:5c:64:e5:c5:49:c0:1d:b8:3a:0d:89:60:d3:fa:d4:01:49:36:cd:98:ef:e9:59:34:dd:24:6e:5a:d8:98:53:c3:99:be:55:72:aa:d5:74:ef:0e:00:3a:77:ba:a4:f7:ff:96:21:a3:c4:31:ed:43:e8:81:9b:6a:07:16:b1:18:72:a6:53:f4:c6:f5:d0:86:c0:3b:a2:f4:f0:14:83:cd:80:ae:9c:ea:ed:59:c3:0e:66:58:52:44:7e:3c:57:5a:6a:71:a8:9b:27:f5:3b:f8:46:fc:8d:43:d4:9b:8e:bc:c8:0d:4c:c4:63:e6:de:2d:60:a0:63:34:bd:1d:1c:7f:34:17:e6:db:65:b7:db:24:d2:28:1b:a6:81:fc:ae:de:5d:d5:c6:5f:de:14:28:f0:7d:34:72:bd:cd:92:e5:f2:77:d8:1e:ae:26:fa:b5:25:92:46:e5:bf:4f:7d:4f:02:e8:bd:37:ce:6b:12:63:b9:0d:ad:7b:76:36:09:c8:52:39:59:52:f0:5c:fb:43:5b:4e:54:57:97:73:e2:1e:3a:26:13:3f:66:14:e9:d1:e5:bd:f9:c4:73:e6:fa:4d:15:17:7f:20:8a:d7:01:13:94:1e:33:19:cc:60:8c:76:e6:39:43:fd:b5:8c:6d:eb:b3:c6:69:65:56:f3:ce:51:de:83:3e:f3:2d:21:ef:f8:7b:78:ae:f7:d8:8e:8e:f0:57:6d:36:b5:3a:ba:8a:c2:1b:8f:b9:c2:6a:ad:68:1c:6a:02:61:76:8b:bd:8c:d8:79:b7:9c:ab:e1:7e:2b:eb:c9:90:35:5a:a8:f5:a1:a4:9f:0a:fb:7d:e5:b9:40:c7:12:05:b2:8d:65:66:20:bf:4e:dd:80:80:89:c7:77:f2:49:0c:3d:d7:25:2d:e8:39:18:c4:1f:54:03:0b:d8:2d:21:31:ca:89:db:e1:b4:c3:04:bc:95:60:82:ea:1e:28:2b:94:84:17:27:f2:eb:b3:6f:9a:15:a7:31:b5:93:41:a9:18:8d:0b:9a:ac:9e:b6:2d:cb:7b:cc:bc:b8:b8:8b:29:71:26:1f:dc:4c:d0:40:d7:2b:6e:9d:c6:40:60:44:91:84:ba:40:86:2c:5b:9f:ab:78:78:56:c3:a2:a1:53:80:b4:f6:f7:1e:a1:12:ed:97:5a:f7:76:c7:3e:b7:07:8e:e2:48:f7:f9:6f:9b:cb:c4:21:81:ca:c5:cb:56:7d:1a:47:3f:0d:bb:7e:a6:a6:f3:91:8a:68:2e:d2:71:ae:9a:8d:26:41:38:b9:b0:21:12:4d:8b:6e:fa:fe:4d:da:4d:f7:6c:4b:b1:4a:82:b3:9c:b4:fc:2b:32:6c:02:d5:63:84:73:59:66:58:80:7d:1c:70:8d:ad:42:4d:7c:7c:86:96:1e:24:49:85:61:fa:76:b6:35:7a:11:6c:7a:93:81:ed:4b:c8:f7:e1:64:85:ba:44:5f:f6:c3:fd:38:eb:3b:a1:56:49:73:17:a4:16:5d:d5:6a:ea:a2:07:ca:93:03:fd:be:4b:36:1f:9c:90:16:be:f5:4f:57:ff:0e:19:40:32:66:9e:ac:9c:1f:6a:c7:95:84:b7:05:5b:4b:14:96:6d:e8:fa:d8:69:25:99:6f:94:10:1e:6c:11:cb:b2:b7:14:d6:3d:53:8c:8c:a7:1c:ee:00:4a:33:c1:ee:a6:af:12:8b:5f:d2:eb:6a:68:7f:79:dc:f0:01:4d:24:44:57:b2:60:f8:25:7e:95:80:d9:6d:e8:9f:67:a7:a8:a2:2e:98:9d:17:8e:c3:8a:6a:9d:73:4e:e2:d0:b9:e9:c3:79:51:b1:d9:88:be:39:2f:54:72:2b:51:43:52:26:6d:42:65:36:7d:2c:c3:65:99:5c:df:ae:30:dc:82:a0:a5:43:d7:7c:7b:1a:c9:f4:86:48:5e:8f:49:b3:70:be:2f:eb:92:a9:96:93:2d:ab:91:96:99:b5:20:c1:3c:51:a5:8b:a2:aa:c0" - }, - "http": { - "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "POST", - "http.request.uri": "\/DcpRequestHandler\/index.ashx", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "dcp.cpp.philips.com:80", - "http.request.line": "Host: dcp.cpp.philips.com:80\r\n", - "http.authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"185\", Nonce=\"8PndQgBJvlK7INUIByF8rg==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"02DeCriK8ATCAzEAT3mOzA==\"", - "http.request.line": "Authorization: CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"185\", Nonce=\"8PndQgBJvlK7INUIByF8rg==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"02DeCriK8ATCAzEAT3mOzA==\"\r\n", - "http.content_length_header": "1248 ", - "http.content_length_header_tree": { - "http.content_length": "1248" - }, - "http.request.line": "Content-Length: 1248 \r\n", - "http.content_type": "application\/CB-Encrypted; cipher=AES", - "http.request.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", - "http.connection": "close", - "http.request.line": "Connection: close\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/dcp.cpp.philips.com:80\/DcpRequestHandler\/index.ashx", - "http.request": "1", - "http.request_number": "1", - "http.file_data": "\u00ef\u00bf\u00bd\u001e{\u00ef\u00bf\u00bd\u001c\u00138\u00ef\u00bf\u00bd\u0013\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0003\u00ef\u00bf\u00bdAs\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u000f\f\u00ef\u00bf\u00bdXL\u00ef\u00bf\u00bd$W\u00ef\u00bf\u00bd\u0014\u00ef\u00bf\u00bd>]\u00ef\u00bf\u00bdK\u00ef\u00bf\u00bd\u0010w3ew\u0002x\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdQ\f=\u00ef\u00bf\u00bd\\\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdv\u00ef\u00bf\u00bd" - }, - "media": { - "media.type": "ca:1e:7b:83:1c:13:38:ed:13:d8:f7:df:f3:9b:03:97:41:73:ef:83:af:94:e8:8a:0f:0c:8e:58:4c:be:24:57:a3:14:dc:3e:5d:c7:4b:fe:10:77:33:65:77:02:78:fb:d2:51:0c:3d:95:5c:cb:e9:76:a0:00:5a:9c:42:aa:0d:8b:97:0c:5d:27:65:e6:8c:9a:77:1c:eb:da:e7:4b:34:31:71:9c:3e:78:9d:87:1a:96:1a:cb:1b:6d:44:c8:6e:d0:cc:3e:01:51:6c:48:0d:fd:5a:c8:10:6a:5e:6f:e7:e0:bf:bf:6a:79:bb:84:02:60:9e:65:d0:47:4f:0f:29:be:63:f8:6d:8d:f2:93:00:ef:a8:68:77:9a:59:96:0e:c8:6f:95:1e:87:59:06:53:a3:dd:a2:95:bc:20:88:4f:28:07:8d:f7:9a:9b:df:e9:f8:b5:f6:5d:6b:a0:99:f7:21:f5:9d:15:7e:1b:cf:42:b0:f3:9d:f6:6c:ac:61:16:62:97:e3:26:4e:02:bd:b4:f5:38:30:16:13:8e:b0:af:25:98:b0:fd:86:73:ad:f7:3a:d6:6e:a6:e3:30:35:37:39:9e:6b:12:3d:2d:37:2f:79:59:89:bd:72:92:8c:71:00:f9:87:08:2c:4a:12:28:93:85:c3:ce:6c:7f:e8:83:43:5d:c5:98:c6:9d:cf:20:b8:c5:6d:6b:80:72:aa:00:bc:22:56:77:27:ed:75:8f:f4:0b:6c:cd:cd:eb:eb:37:14:d5:5d:6a:a9:f1:cf:39:e1:7f:44:26:aa:72:74:16:ba:82:7c:48:d4:7f:9c:e9:80:21:55:de:80:92:19:a4:1b:e5:9d:2b:26:68:70:9d:20:1b:c4:7b:06:21:f2:0b:f3:ad:48:1f:52:fc:70:ec:0c:e2:5c:fe:89:81:f5:4c:01:2c:9e:f3:b2:cb:34:22:e6:be:eb:8d:fe:ae:30:c2:18:8f:05:18:85:c3:32:2f:b2:74:35:9d:d7:4e:d0:ae:0f:f6:aa:8e:b2:23:ba:88:b3:1b:7a:ad:00:32:3a:b7:48:1b:eb:a3:43:7b:ba:97:45:3e:fb:d5:38:15:e0:00:52:5d:20:ab:02:46:33:68:e1:40:f7:a7:cc:a8:ca:13:f2:81:93:b5:a0:69:70:9d:e9:0b:7d:84:43:69:aa:b0:9e:6d:4b:38:eb:9b:2b:6b:53:b2:f4:d0:29:fd:39:e7:22:7c:df:83:f7:7a:7e:9d:02:4c:4b:71:6f:ba:e6:c2:43:aa:5b:e4:d9:43:eb:64:e3:87:ef:f1:57:df:5c:64:e5:c5:49:c0:1d:b8:3a:0d:89:60:d3:fa:d4:01:49:36:cd:98:ef:e9:59:34:dd:24:6e:5a:d8:98:53:c3:99:be:55:72:aa:d5:74:ef:0e:00:3a:77:ba:a4:f7:ff:96:21:a3:c4:31:ed:43:e8:81:9b:6a:07:16:b1:18:72:a6:53:f4:c6:f5:d0:86:c0:3b:a2:f4:f0:14:83:cd:80:ae:9c:ea:ed:59:c3:0e:66:58:52:44:7e:3c:57:5a:6a:71:a8:9b:27:f5:3b:f8:46:fc:8d:43:d4:9b:8e:bc:c8:0d:4c:c4:63:e6:de:2d:60:a0:63:34:bd:1d:1c:7f:34:17:e6:db:65:b7:db:24:d2:28:1b:a6:81:fc:ae:de:5d:d5:c6:5f:de:14:28:f0:7d:34:72:bd:cd:92:e5:f2:77:d8:1e:ae:26:fa:b5:25:92:46:e5:bf:4f:7d:4f:02:e8:bd:37:ce:6b:12:63:b9:0d:ad:7b:76:36:09:c8:52:39:59:52:f0:5c:fb:43:5b:4e:54:57:97:73:e2:1e:3a:26:13:3f:66:14:e9:d1:e5:bd:f9:c4:73:e6:fa:4d:15:17:7f:20:8a:d7:01:13:94:1e:33:19:cc:60:8c:76:e6:39:43:fd:b5:8c:6d:eb:b3:c6:69:65:56:f3:ce:51:de:83:3e:f3:2d:21:ef:f8:7b:78:ae:f7:d8:8e:8e:f0:57:6d:36:b5:3a:ba:8a:c2:1b:8f:b9:c2:6a:ad:68:1c:6a:02:61:76:8b:bd:8c:d8:79:b7:9c:ab:e1:7e:2b:eb:c9:90:35:5a:a8:f5:a1:a4:9f:0a:fb:7d:e5:b9:40:c7:12:05:b2:8d:65:66:20:bf:4e:dd:80:80:89:c7:77:f2:49:0c:3d:d7:25:2d:e8:39:18:c4:1f:54:03:0b:d8:2d:21:31:ca:89:db:e1:b4:c3:04:bc:95:60:82:ea:1e:28:2b:94:84:17:27:f2:eb:b3:6f:9a:15:a7:31:b5:93:41:a9:18:8d:0b:9a:ac:9e:b6:2d:cb:7b:cc:bc:b8:b8:8b:29:71:26:1f:dc:4c:d0:40:d7:2b:6e:9d:c6:40:60:44:91:84:ba:40:86:2c:5b:9f:ab:78:78:56:c3:a2:a1:53:80:b4:f6:f7:1e:a1:12:ed:97:5a:f7:76:c7:3e:b7:07:8e:e2:48:f7:f9:6f:9b:cb:c4:21:81:ca:c5:cb:56:7d:1a:47:3f:0d:bb:7e:a6:a6:f3:91:8a:68:2e:d2:71:ae:9a:8d:26:41:38:b9:b0:21:12:4d:8b:6e:fa:fe:4d:da:4d:f7:6c:4b:b1:4a:82:b3:9c:b4:fc:2b:32:6c:02:d5:63:84:73:59:66:58:80:7d:1c:70:8d:ad:42:4d:7c:7c:86:96:1e:24:49:85:61:fa:76:b6:35:7a:11:6c:7a:93:81:ed:4b:c8:f7:e1:64:85:ba:44:5f:f6:c3:fd:38:eb:3b:a1:56:49:73:17:a4:16:5d:d5:6a:ea:a2:07:ca:93:03:fd:be:4b:36:1f:9c:90:16:be:f5:4f:57:ff:0e:19:40:32:66:9e:ac:9c:1f:6a:c7:95:84:b7:05:5b:4b:14:96:6d:e8:fa:d8:69:25:99:6f:94:10:1e:6c:11:cb:b2:b7:14:d6:3d:53:8c:8c:a7:1c:ee:00:4a:33:c1:ee:a6:af:12:8b:5f:d2:eb:6a:68:7f:79:dc:f0:01:4d:24:44:57:b2:60:f8:25:7e:95:80:d9:6d:e8:9f:67:a7:a8:a2:2e:98:9d:17:8e:c3:8a:6a:9d:73:4e:e2:d0:b9:e9:c3:79:51:b1:d9:88:be:39:2f:54:72:2b:51:43:52:26:6d:42:65:36:7d:2c:c3:65:99:5c:df:ae:30:dc:82:a0:a5:43:d7:7c:7b:1a:c9:f4:86:48:5e:8f:49:b3:70:be:2f:eb:92:a9:96:93:2d:ab:91:96:99:b5:20:c1:3c:51:a5:8b:a2:aa:c0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:48.005780000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494328.005780000", - "frame.time_delta": "0.137014000", - "frame.time_delta_displayed": "0.137014000", - "frame.time_relative": "736.545094000", - "frame.number": "2614", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00008b52", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x0000ff88", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35296", - "tcp.port": "80", - "tcp.port": "35296", - "tcp.stream": "121", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1849", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000d66d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2613", - "tcp.analysis.ack_rtt": "0.137014000", - "tcp.analysis.initial_rtt": "0.137442000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:48.049994000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494328.049994000", - "frame.time_delta": "0.044214000", - "frame.time_delta_displayed": "0.044214000", - "frame.time_relative": "736.589308000", - "frame.number": "2615", - "frame.len": "925", - "frame.cap_len": "925", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:media" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "911", - "ip.id": "0x00009cc7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x0000eaac", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35296", - "tcp.port": "80", - "tcp.port": "35296", - "tcp.stream": "121", - "tcp.len": "871", - "tcp.seq": "1", - "tcp.nxtseq": "872", - "tcp.ack": "1849", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000441b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.137442000", - "tcp.analysis.bytes_in_flight": "871", - "tcp.analysis.push_bytes_sent": "871" - } - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.cache_control": "private", - "http.response.line": "Cache-Control: private\r\n", - "http.content_length_header": "560", - "http.content_length_header_tree": { - "http.content_length": "560" - }, - "http.response.line": "Content-Length: 560\r\n", - "http.content_type": "application\/CB-Encrypted; cipher=AES", - "http.response.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", - "http.server": "Microsoft-IIS\/7.5", - "http.response.line": "Server: Microsoft-IIS\/7.5\r\n", - "http.www_authenticate": "CBAuth Nonce=\"kxGnpKZHyFO7INUIZYdSxg==\"", - "http.response.line": "WWW-Authenticate: CBAuth Nonce=\"kxGnpKZHyFO7INUIZYdSxg==\"\r\n", - "http.response.line": "X-AspNet-Version: 4.0.30319\r\n", - "http.response.line": "X-Powered-By: ASP.NET\r\n", - "http.date": "Tue, 31 Oct 2017 23:58:47 GMT", - "http.response.line": "Date: Tue, 31 Oct 2017 23:58:47 GMT\r\n", - "http.connection": "close", - "http.response.line": "Connection: close\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.181228000", - "http.request_in": "2613", - "http.file_data": "\u00ef\u00bf\u00bd\u001e{\u00ef\u00bf\u00bd\u001c\u00138\u00ef\u00bf\u00bd\u0013\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0003\u00ef\u00bf\u00bdAs\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u000f\f\u00ef\u00bf\u00bdXL\u00ef\u00bf\u00bd$Wa5+\u00ef\u00bf\u00bd;5\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0012J\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u000b\u001cEd\u00ef\u00bf\u00bd\"\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd$\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\n7%\u00ef\u00bf\u00bd}\b\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001d\u0017\u00ef\u00bf\u00bdA\u00ef\u00bf\u00bd),\u00ef\u00bf\u00bd'\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\/\u00ef\u00bf\u00bd- \u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bde\u00ef\u00bf\u00bdl\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\b\u00ef\u00bf\u00bd+\u00ef\u00bf\u00bdO\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd{x\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd|\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdj}\u00ef\u00bf\u00bd.\u00ef\u00bf\u00bdE\u00ef\u00bf\u00bdX\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdO\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd#f9\u00ef\u00bf\u00bd\/\u001e#\u00ef\u00bf\u00bd\u001f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdI8z\u00ef\u00bf\u00bd\u001ct\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdzi#\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0019\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\/g\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdQ" - }, - "media": { - "media.type": "ca:1e:7b:83:1c:13:38:ed:13:d8:f7:df:f3:9b:03:97:41:73:ef:83:af:94:e8:8a:0f:0c:8e:58:4c:be:24:57:61:35:2b:a2:3b:35:ef:cb:12:4a:f2:af:a3:0b:1c:45:64:bc:22:da:b9:24:b4:ca:0a:37:25:da:7d:08:96:9f:1d:17:87:41:a8:29:2c:b1:27:d9:87:2f:e4:2d:20:9a:ec:c1:65:aa:6c:f0:93:c4:08:de:2b:a8:4f:ed:88:7b:78:e3:97:7c:e1:a8:f4:6a:7d:d5:2e:83:45:be:58:8a:d6:4f:ac:9a:de:cb:aa:cb:23:66:39:d4:2f:1e:23:cb:1f:ae:92:fe:49:38:7a:93:1c:74:b5:aa:7a:69:23:bb:9b:e4:b5:19:95:a7:2f:67:ea:fb:51:00:05:a9:22:f0:09:2a:bf:9c:37:3e:ae:0e:31:68:65:51:b8:bc:45:e4:bd:3f:9f:96:bf:60:63:70:5d:2a:4f:e2:8b:c4:6e:d2:d6:60:2a:bd:58:11:e6:98:1b:f2:20:14:4d:29:21:cb:f4:de:a5:a9:04:16:2c:7a:89:9f:1e:9c:ce:cf:a3:db:2d:e2:c3:da:da:2f:31:92:f7:27:9b:d9:fe:fc:ab:69:fe:d3:0b:61:ef:80:c0:b8:d2:15:6b:e1:dc:c7:40:bb:bf:33:dc:ca:53:cf:51:72:e4:8e:00:b5:5a:92:7e:6a:c2:aa:b5:cf:d4:8e:6f:2b:d7:47:d2:a8:80:51:5b:58:45:f3:41:fe:b6:d9:e6:f2:f4:76:7a:73:e1:4a:14:0c:26:42:74:df:40:cc:9a:de:bd:75:f0:c9:19:4d:f4:cc:9d:85:2b:a6:b3:0a:0f:03:3a:c6:57:1e:32:09:d2:81:3a:1d:23:f1:8f:01:dc:08:be:04:c5:bc:46:3e:9c:45:46:42:bc:21:8e:32:f4:ca:92:7f:e6:aa:81:2b:ef:58:2d:ac:56:f2:9d:c1:a9:32:b0:26:3f:a1:d0:72:90:c4:5d:4e:86:2c:ff:68:b7:0a:75:7b:b7:a4:da:1f:47:96:f3:9e:af:23:65:45:0e:3f:a2:6a:fc:62:49:7b:b5:9f:dc:55:9d:91:bd:ea:94:d1:ab:cc:15:15:92:a6:43:13:75:e5:92:29:a7:f4:b7:a2:95:d4:05:90:5f:0a:78:ec:d2:3f:0b:ec:cc:ef:da:a0:ec:97:c5:61:32:3f:97:e9:67:34:2b:e2:ea:c3:0c:d8:79:9c:3c:74:1a:04:96:46:73:ec:68:be:d8:7b:40:30:70:ba:88:73:00:34:08:17:0b:12:63:d9:22:e2:7a:a0:b1:f1:9f:a6:f4:e3:68:8c:c1:79:f2:4c:d2:eb:55:33:84:dc:9e:06:51:7d:5f:0b:3c:ac:d7:31:20:dc:1e:ec:c5:c3:26:c4:8c:20:a6:81:c1:4c:ec:21:4c:e7:85:39:ee:80:28:29:dc:7d:0d:77" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:48.050182000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494328.050182000", - "frame.time_delta": "0.000188000", - "frame.time_delta_displayed": "0.000188000", - "frame.time_relative": "736.589496000", - "frame.number": "2616", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00009cc9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x0000ee11", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35296", - "tcp.port": "80", - "tcp.port": "35296", - "tcp.stream": "121", - "tcp.len": "0", - "tcp.seq": "872", - "tcp.ack": "1849", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000d305", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:48.050574000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494328.050574000", - "frame.time_delta": "0.000392000", - "frame.time_delta_displayed": "0.000392000", - "frame.time_relative": "736.589888000", - "frame.number": "2617", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000b4a3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008138", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35296", - "tcp.dstport": "80", - "tcp.port": "35296", - "tcp.port": "80", - "tcp.stream": "121", - "tcp.len": "0", - "tcp.seq": "1849", - "tcp.ack": "872", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "30485", - "tcp.window_size": "30485", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00007355", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2615", - "tcp.analysis.ack_rtt": "0.000580000", - "tcp.analysis.initial_rtt": "0.137442000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:48.051570000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494328.051570000", - "frame.time_delta": "0.000996000", - "frame.time_delta_displayed": "0.000996000", - "frame.time_relative": "736.590884000", - "frame.number": "2618", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000b4a4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008137", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35296", - "tcp.dstport": "80", - "tcp.port": "35296", - "tcp.port": "80", - "tcp.stream": "121", - "tcp.len": "0", - "tcp.seq": "1849", - "tcp.ack": "873", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "30485", - "tcp.window_size": "30485", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00007353", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2616", - "tcp.analysis.ack_rtt": "0.001388000", - "tcp.analysis.initial_rtt": "0.137442000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:48.188104000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494328.188104000", - "frame.time_delta": "0.136534000", - "frame.time_delta_displayed": "0.136534000", - "frame.time_relative": "736.727418000", - "frame.number": "2619", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d6d5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x0000b405", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35296", - "tcp.port": "80", - "tcp.port": "35296", - "tcp.stream": "121", - "tcp.len": "0", - "tcp.seq": "873", - "tcp.ack": "1850", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000d304", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2618", - "tcp.analysis.ack_rtt": "0.136534000", - "tcp.analysis.initial_rtt": "0.137442000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:49.016231000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494329.016231000", - "frame.time_delta": "0.828127000", - "frame.time_delta_displayed": "0.828127000", - "frame.time_relative": "737.555545000", - "frame.number": "2620", - "frame.len": "136", - "frame.cap_len": "136", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "122", - "ip.id": "0x000043e7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00009572", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "102", - "udp.checksum": "0x0000302a", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000003", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", - "dns.qry.name.len": "70", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:49.589121000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494329.589121000", - "frame.time_delta": "0.572890000", - "frame.time_delta_displayed": "0.572890000", - "frame.time_relative": "738.128435000", - "frame.number": "2621", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x0000eda6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000cb13", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "54091", - "udp.dstport": "53", - "udp.port": "54091", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x0000e2d4", - "udp.checksum.status": "2", - "udp.stream": "69" - }, - "dns": { - "dns.id": "0x00000f1d", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:49.589606000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494329.589606000", - "frame.time_delta": "0.000485000", - "frame.time_delta_displayed": "0.000485000", - "frame.time_relative": "738.128920000", - "frame.number": "2622", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x00002ada", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008de0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "54091", - "udp.port": "53", - "udp.port": "54091", - "udp.length": "45", - "udp.checksum": "0x00008230", - "udp.checksum.status": "2", - "udp.stream": "69" - }, - "dns": { - "dns.response_to": "2621", - "dns.time": "0.000485000", - "dns.id": "0x00000f1d", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:49.590462000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494329.590462000", - "frame.time_delta": "0.000856000", - "frame.time_delta_displayed": "0.000856000", - "frame.time_relative": "738.129776000", - "frame.number": "2623", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x0000eda7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000cb12", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "48957", - "udp.dstport": "53", - "udp.port": "48957", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x000011e2", - "udp.checksum.status": "2", - "udp.stream": "70" - }, - "dns": { - "dns.id": "0x00000f1e", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:49.590884000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494329.590884000", - "frame.time_delta": "0.000422000", - "frame.time_delta_displayed": "0.000422000", - "frame.time_relative": "738.130198000", - "frame.number": "2624", - "frame.len": "95", - "frame.cap_len": "95", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "81", - "ip.id": "0x00002adb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008dcf", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "48957", - "udp.port": "53", - "udp.port": "48957", - "udp.length": "61", - "udp.checksum": "0x00008240", - "udp.checksum.status": "2", - "udp.stream": "70" - }, - "dns": { - "dns.response_to": "2623", - "dns.time": "0.000422000", - "dns.id": "0x00000f1e", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "1", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { - "dns.resp.name": "dcp.cpp.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3048", - "dns.resp.len": "4", - "dns.a": "5.79.62.93" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:49.592928000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494329.592928000", - "frame.time_delta": "0.002044000", - "frame.time_delta_displayed": "0.002044000", - "frame.time_relative": "738.132242000", - "frame.number": "2625", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000c719", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006eb6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35297", - "tcp.dstport": "80", - "tcp.port": "35297", - "tcp.port": "80", - "tcp.stream": "122", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x000087b2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:49.729379000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494329.729379000", - "frame.time_delta": "0.136451000", - "frame.time_delta_displayed": "0.136451000", - "frame.time_relative": "738.268693000", - "frame.number": "2626", - "frame.len": "62", - "frame.cap_len": "62", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "48", - "ip.id": "0x0000aa93", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x0000e03f", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35297", - "tcp.port": "80", - "tcp.port": "35297", - "tcp.stream": "122", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "28", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "4140", - "tcp.window_size": "4140", - "tcp.checksum": "0x000072b8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:64:04:02:00:00", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1380" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "End of Option List (EOL)": { - "tcp.options.type": "0", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "0" - } - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2625", - "tcp.analysis.ack_rtt": "0.136451000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:49.729944000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494329.729944000", - "frame.time_delta": "0.000565000", - "frame.time_delta_displayed": "0.000565000", - "frame.time_relative": "738.269258000", - "frame.number": "2627", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000c71a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006ec1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35297", - "tcp.dstport": "80", - "tcp.port": "35297", - "tcp.port": "80", - "tcp.stream": "122", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00003c47", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2626", - "tcp.analysis.ack_rtt": "0.000565000", - "tcp.analysis.initial_rtt": "0.137016000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:49.730475000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494329.730475000", - "frame.time_delta": "0.000531000", - "frame.time_delta_displayed": "0.000531000", - "frame.time_relative": "738.269789000", - "frame.number": "2628", - "frame.len": "654", - "frame.cap_len": "654", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "640", - "ip.id": "0x0000c71b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006c68", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35297", - "tcp.dstport": "80", - "tcp.port": "35297", - "tcp.port": "80", - "tcp.stream": "122", - "tcp.len": "600", - "tcp.seq": "1", - "tcp.nxtseq": "601", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00004ba0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.137016000", - "tcp.analysis.bytes_in_flight": "600", - "tcp.analysis.push_bytes_sent": "600" - }, - "tcp.segment_data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:38:36:22:2c:20:4e:6f:6e:63:65:3d:22:6b:78:47:6e:70:4b:5a:48:79:46:4f:37:49:4e:55:49:5a:59:64:53:78:67:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:6a:58:6f:4b:58:50:6c:5a:46:79:75:4b:4d:5a:31:67:6e:73:6c:79:4b:67:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:49.788503000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494329.788503000", - "frame.time_delta": "0.058028000", - "frame.time_delta_displayed": "0.058028000", - "frame.time_relative": "738.327817000", - "frame.number": "2629", - "frame.len": "20", - "frame.cap_len": "20", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:llc" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.len": "6" - }, - "llc": { - "llc.dsap": "0x00000000", - "llc.dsap_tree": { - "llc.dsap.sap": "0", - "llc.dsap.ig": "0" - }, - "llc.ssap": "0x00000001", - "llc.ssap_tree": { - "llc.ssap.sap": "0", - "llc.ssap.cr": "1" - }, - "llc.control": "0x000000af", - "llc.control_tree": { - "llc.control.u_modifier_resp": "0x0000002b", - "llc.control.ftype": "0x00000003" - } - }, - "basicxid": { - "basicxid.llc.xid.format": "0x00000081", - "basicxid.llc.xid.types": "0x00000001", - "basicxid.llc.xid.wsize": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:49.867731000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494329.867731000", - "frame.time_delta": "0.079228000", - "frame.time_delta_displayed": "0.079228000", - "frame.time_relative": "738.407045000", - "frame.number": "2630", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e560", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x0000a57a", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35297", - "tcp.port": "80", - "tcp.port": "35297", - "tcp.stream": "122", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "601", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4740", - "tcp.window_size": "4740", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000997b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2628", - "tcp.analysis.ack_rtt": "0.137256000", - "tcp.analysis.initial_rtt": "0.137016000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:49.868344000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494329.868344000", - "frame.time_delta": "0.000613000", - "frame.time_delta_displayed": "0.000613000", - "frame.time_relative": "738.407658000", - "frame.number": "2631", - "frame.len": "1302", - "frame.cap_len": "1302", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:media" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1288", - "ip.id": "0x0000c71c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000069df", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35297", - "tcp.dstport": "80", - "tcp.port": "35297", - "tcp.port": "80", - "tcp.stream": "122", - "tcp.len": "1248", - "tcp.seq": "601", - "tcp.nxtseq": "1849", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000a372", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.137016000", - "tcp.analysis.bytes_in_flight": "1248", - "tcp.analysis.push_bytes_sent": "1248" - }, - "tcp.segment_data": "50:a6:5c:de:da:9d:d1:8a:04:28:db:d1:f0:57:82:bf:b6:1c:1e:e9:52:3b:4f:44:4d:18:7c:ce:94:67:e8:2f:16:90:db:42:4a:50:3e:40:ab:06:36:ac:95:df:fb:a3:60:be:bf:72:eb:71:91:66:a9:5b:81:7c:6b:7f:97:dc:28:ac:2f:68:47:f3:29:e2:e2:65:bc:0e:a0:07:fc:1a:5d:7b:b5:59:28:2b:30:2b:20:53:6b:a8:f2:7e:86:45:f8:dc:f1:d8:2e:26:0b:7b:a2:20:e4:8a:2c:b9:3b:7a:fc:0f:43:34:7f:1b:58:72:c8:3d:84:61:f5:10:01:bc:e7:28:19:2a:05:ce:ae:1f:6b:84:30:07:0f:bb:87:3b:03:73:ec:0e:6d:f4:bf:4d:c4:81:61:00:4d:7b:9a:e9:7b:86:fe:36:8d:9f:96:c6:87:b3:62:19:92:9b:2b:6e:6d:49:eb:f6:14:e9:0d:30:eb:ba:c5:1b:7e:1a:b5:cb:c4:88:16:98:30:57:35:f5:61:1c:8e:bb:a4:b7:db:e6:e3:34:f1:64:cb:1f:fb:1d:4d:ad:88:cd:58:1f:d5:b5:71:78:c8:49:f7:cb:d2:cc:ea:75:86:d5:e2:49:cd:6c:1c:e8:f0:a0:f7:32:38:0a:71:5b:ed:60:9c:b9:dc:01:62:ec:c5:a4:ae:1a:3c:4b:d6:18:99:72:ba:17:b7:65:2d:23:9f:83:92:09:1a:84:1e:e9:13:62:11:8d:65:70:1b:02:e7:d1:f5:1a:0a:96:11:00:a8:4d:0e:bb:02:ef:e8:4e:d5:a5:ed:8c:f2:db:3f:81:32:6b:ac:08:59:34:84:5d:8d:af:f0:7a:1a:fe:c1:d6:82:1e:5f:aa:f6:e0:6e:03:94:49:8a:13:b7:7a:78:9a:cb:ca:e8:34:d6:d9:2e:7a:77:c5:d1:8a:10:d1:ec:5e:e9:ce:a4:0c:2c:8a:bf:d1:43:43:3f:31:8f:bd:75:17:62:30:be:5a:d3:f7:7e:84:8d:7a:83:93:30:d6:76:8d:24:e2:95:df:a2:6a:36:4f:cc:36:ac:80:c4:90:08:6e:41:61:1f:4a:ee:c1:a5:20:59:4e:23:ae:2a:da:eb:d5:1b:10:42:25:b8:27:d5:db:2f:38:2b:2f:c9:f1:f0:2f:23:71:bf:5d:eb:6a:0e:f4:e3:df:a8:ec:b9:3c:2f:50:49:d9:b0:03:25:19:82:b5:fc:2b:c1:dc:95:c1:51:ce:64:4c:9e:d0:f6:f9:50:5b:ab:f7:e0:15:26:ee:bd:72:1b:7f:3d:6c:c0:c2:e3:7b:ad:46:dd:bd:f8:7b:47:3e:23:e6:ef:bd:a8:b8:58:6e:c3:92:86:a2:59:95:66:0e:97:c6:e7:59:8b:f5:3b:00:b8:d9:a6:00:3d:73:b1:a4:13:e5:1a:cc:27:3e:08:af:79:6f:ad:3f:db:07:95:00:ed:10:e1:95:86:3c:0d:b2:aa:c5:cf:68:00:95:4f:ce:e2:14:d2:f5:e6:ba:ab:fd:c6:3d:69:07:dc:25:d1:50:02:71:a4:2d:50:d7:3b:f5:0e:3b:7d:20:8d:4d:c8:1a:82:97:bd:86:3f:b1:92:59:f9:7d:c5:dd:57:bc:08:71:ff:87:98:e6:3e:4e:e1:44:cd:03:3e:36:86:c8:93:f3:ef:a0:10:0b:36:21:83:c3:c4:ec:99:97:3d:49:21:95:5d:57:43:c9:13:62:a2:db:57:05:29:db:d6:5a:72:cb:77:0a:20:fd:d3:e4:e5:b8:71:f2:ba:b1:d8:76:94:7f:09:9e:1d:a8:57:4f:c1:53:9c:09:ab:53:67:90:fc:03:b7:8e:8d:0d:33:5a:24:f0:72:95:82:8d:31:67:ab:0a:94:5f:2a:1b:51:73:cb:48:7b:79:b2:56:8d:9e:19:bc:f1:da:6c:cc:b8:58:3e:4f:ce:3e:d9:44:33:92:2c:01:4c:39:cf:46:00:79:71:62:96:63:4b:c2:18:0a:58:dc:cf:d6:39:7b:7f:00:3d:5e:98:f4:46:cb:43:52:7f:10:89:78:b2:f7:3b:fc:34:ca:0b:95:b2:b8:d7:c6:06:e2:51:19:b2:6b:60:f7:8e:71:b9:96:37:91:90:3b:f2:86:c1:cd:9f:82:eb:86:0a:03:0f:5b:41:ee:ee:d4:26:79:68:e7:dc:1c:c9:6f:72:3c:57:4c:c5:56:f2:dc:f2:c4:9b:58:b1:ba:61:41:ba:91:a0:d7:da:0b:cd:4c:dd:e2:65:f8:ba:d2:58:c0:d9:20:86:92:0c:48:43:46:33:6a:b1:34:63:07:19:e7:6a:20:55:d9:b9:4b:1b:3d:fe:1a:a9:72:6f:ab:d9:de:10:1a:80:71:3d:19:dd:3e:22:86:78:2e:2f:19:99:c6:b8:21:6c:24:a5:8e:ef:90:a4:ad:13:50:11:db:91:8b:05:6e:18:e1:07:f8:01:61:ac:8e:f4:c0:7d:04:43:4d:53:74:46:0d:47:42:32:7f:b9:24:1a:31:44:69:db:ef:3e:ce:c2:3b:dd:ca:b5:22:ff:cb:71:49:59:ce:03:8d:c1:44:78:5d:1f:7b:f7:5c:2a:c1:22:98:45:84:5f:89:df:ad:a0:2a:ec:37:8f:42:d7:9c:45:e5:1b:09:b9:f2:7e:c8:62:d9:f2:4a:82:55:bf:22:1a:4f:77:fa:71:96:97:5c:56:60:48:da:3a:fd:43:81:9a:8a:1e:f1:38:8f:94:83:91:8c:28:b4:d1:d0:9f:3b:d2:0d:ed:c3:5d:6b:7b:81:08:a8:9b:a4:17:2d:1a:51:75:fc:34:0a:d9:ef:90:bd:fa:57:e7:ac:67:f7:67:e9:89:ed:d4:5f:28:de:cd:84:4e:bc:4e:42:a8:54:08:8a:3b:b4:b1:ea:db:0f:b6:6d:d0:fb:aa:1c:c0:3e:2a:8c:13:b7:24:27:9c:40:be:e0:a3:bb:f7:c8:af:0d:30:a5:66:aa:7b:07:52:c4:0e:7a:ab:33:79:b7:d8:6e:b3:04:9e:1a:6c:6d:91:db:98:7a:7b:46:5f:f8:8e:29:cb:ab:98:6a:12:77:01:b9:7d:63:53:83:d7:58:4e:ac:38:dc:6c:67:3c:74:7f:71:cb:5c:f0:c0:a1:f6:52:5c:03:50:4d:b1:61:b4:3e:84:a2:c9:0f:62:a9:64:c7:67:e4:2b:51:4e:b1:b9:62:8f:de:85:42:3e:3b:02:62:8d:1e:73:77:67:b8:80:5a:43:eb:29:11:ba:5a:55:2e:ae:1b:37:59:b0:62:9c:8c:29" - }, - "tcp.segments": { - "tcp.segment": "2628", - "tcp.segment": "2631", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1848", - "tcp.reassembled.data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:38:36:22:2c:20:4e:6f:6e:63:65:3d:22:6b:78:47:6e:70:4b:5a:48:79:46:4f:37:49:4e:55:49:5a:59:64:53:78:67:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:6a:58:6f:4b:58:50:6c:5a:46:79:75:4b:4d:5a:31:67:6e:73:6c:79:4b:67:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a:50:a6:5c:de:da:9d:d1:8a:04:28:db:d1:f0:57:82:bf:b6:1c:1e:e9:52:3b:4f:44:4d:18:7c:ce:94:67:e8:2f:16:90:db:42:4a:50:3e:40:ab:06:36:ac:95:df:fb:a3:60:be:bf:72:eb:71:91:66:a9:5b:81:7c:6b:7f:97:dc:28:ac:2f:68:47:f3:29:e2:e2:65:bc:0e:a0:07:fc:1a:5d:7b:b5:59:28:2b:30:2b:20:53:6b:a8:f2:7e:86:45:f8:dc:f1:d8:2e:26:0b:7b:a2:20:e4:8a:2c:b9:3b:7a:fc:0f:43:34:7f:1b:58:72:c8:3d:84:61:f5:10:01:bc:e7:28:19:2a:05:ce:ae:1f:6b:84:30:07:0f:bb:87:3b:03:73:ec:0e:6d:f4:bf:4d:c4:81:61:00:4d:7b:9a:e9:7b:86:fe:36:8d:9f:96:c6:87:b3:62:19:92:9b:2b:6e:6d:49:eb:f6:14:e9:0d:30:eb:ba:c5:1b:7e:1a:b5:cb:c4:88:16:98:30:57:35:f5:61:1c:8e:bb:a4:b7:db:e6:e3:34:f1:64:cb:1f:fb:1d:4d:ad:88:cd:58:1f:d5:b5:71:78:c8:49:f7:cb:d2:cc:ea:75:86:d5:e2:49:cd:6c:1c:e8:f0:a0:f7:32:38:0a:71:5b:ed:60:9c:b9:dc:01:62:ec:c5:a4:ae:1a:3c:4b:d6:18:99:72:ba:17:b7:65:2d:23:9f:83:92:09:1a:84:1e:e9:13:62:11:8d:65:70:1b:02:e7:d1:f5:1a:0a:96:11:00:a8:4d:0e:bb:02:ef:e8:4e:d5:a5:ed:8c:f2:db:3f:81:32:6b:ac:08:59:34:84:5d:8d:af:f0:7a:1a:fe:c1:d6:82:1e:5f:aa:f6:e0:6e:03:94:49:8a:13:b7:7a:78:9a:cb:ca:e8:34:d6:d9:2e:7a:77:c5:d1:8a:10:d1:ec:5e:e9:ce:a4:0c:2c:8a:bf:d1:43:43:3f:31:8f:bd:75:17:62:30:be:5a:d3:f7:7e:84:8d:7a:83:93:30:d6:76:8d:24:e2:95:df:a2:6a:36:4f:cc:36:ac:80:c4:90:08:6e:41:61:1f:4a:ee:c1:a5:20:59:4e:23:ae:2a:da:eb:d5:1b:10:42:25:b8:27:d5:db:2f:38:2b:2f:c9:f1:f0:2f:23:71:bf:5d:eb:6a:0e:f4:e3:df:a8:ec:b9:3c:2f:50:49:d9:b0:03:25:19:82:b5:fc:2b:c1:dc:95:c1:51:ce:64:4c:9e:d0:f6:f9:50:5b:ab:f7:e0:15:26:ee:bd:72:1b:7f:3d:6c:c0:c2:e3:7b:ad:46:dd:bd:f8:7b:47:3e:23:e6:ef:bd:a8:b8:58:6e:c3:92:86:a2:59:95:66:0e:97:c6:e7:59:8b:f5:3b:00:b8:d9:a6:00:3d:73:b1:a4:13:e5:1a:cc:27:3e:08:af:79:6f:ad:3f:db:07:95:00:ed:10:e1:95:86:3c:0d:b2:aa:c5:cf:68:00:95:4f:ce:e2:14:d2:f5:e6:ba:ab:fd:c6:3d:69:07:dc:25:d1:50:02:71:a4:2d:50:d7:3b:f5:0e:3b:7d:20:8d:4d:c8:1a:82:97:bd:86:3f:b1:92:59:f9:7d:c5:dd:57:bc:08:71:ff:87:98:e6:3e:4e:e1:44:cd:03:3e:36:86:c8:93:f3:ef:a0:10:0b:36:21:83:c3:c4:ec:99:97:3d:49:21:95:5d:57:43:c9:13:62:a2:db:57:05:29:db:d6:5a:72:cb:77:0a:20:fd:d3:e4:e5:b8:71:f2:ba:b1:d8:76:94:7f:09:9e:1d:a8:57:4f:c1:53:9c:09:ab:53:67:90:fc:03:b7:8e:8d:0d:33:5a:24:f0:72:95:82:8d:31:67:ab:0a:94:5f:2a:1b:51:73:cb:48:7b:79:b2:56:8d:9e:19:bc:f1:da:6c:cc:b8:58:3e:4f:ce:3e:d9:44:33:92:2c:01:4c:39:cf:46:00:79:71:62:96:63:4b:c2:18:0a:58:dc:cf:d6:39:7b:7f:00:3d:5e:98:f4:46:cb:43:52:7f:10:89:78:b2:f7:3b:fc:34:ca:0b:95:b2:b8:d7:c6:06:e2:51:19:b2:6b:60:f7:8e:71:b9:96:37:91:90:3b:f2:86:c1:cd:9f:82:eb:86:0a:03:0f:5b:41:ee:ee:d4:26:79:68:e7:dc:1c:c9:6f:72:3c:57:4c:c5:56:f2:dc:f2:c4:9b:58:b1:ba:61:41:ba:91:a0:d7:da:0b:cd:4c:dd:e2:65:f8:ba:d2:58:c0:d9:20:86:92:0c:48:43:46:33:6a:b1:34:63:07:19:e7:6a:20:55:d9:b9:4b:1b:3d:fe:1a:a9:72:6f:ab:d9:de:10:1a:80:71:3d:19:dd:3e:22:86:78:2e:2f:19:99:c6:b8:21:6c:24:a5:8e:ef:90:a4:ad:13:50:11:db:91:8b:05:6e:18:e1:07:f8:01:61:ac:8e:f4:c0:7d:04:43:4d:53:74:46:0d:47:42:32:7f:b9:24:1a:31:44:69:db:ef:3e:ce:c2:3b:dd:ca:b5:22:ff:cb:71:49:59:ce:03:8d:c1:44:78:5d:1f:7b:f7:5c:2a:c1:22:98:45:84:5f:89:df:ad:a0:2a:ec:37:8f:42:d7:9c:45:e5:1b:09:b9:f2:7e:c8:62:d9:f2:4a:82:55:bf:22:1a:4f:77:fa:71:96:97:5c:56:60:48:da:3a:fd:43:81:9a:8a:1e:f1:38:8f:94:83:91:8c:28:b4:d1:d0:9f:3b:d2:0d:ed:c3:5d:6b:7b:81:08:a8:9b:a4:17:2d:1a:51:75:fc:34:0a:d9:ef:90:bd:fa:57:e7:ac:67:f7:67:e9:89:ed:d4:5f:28:de:cd:84:4e:bc:4e:42:a8:54:08:8a:3b:b4:b1:ea:db:0f:b6:6d:d0:fb:aa:1c:c0:3e:2a:8c:13:b7:24:27:9c:40:be:e0:a3:bb:f7:c8:af:0d:30:a5:66:aa:7b:07:52:c4:0e:7a:ab:33:79:b7:d8:6e:b3:04:9e:1a:6c:6d:91:db:98:7a:7b:46:5f:f8:8e:29:cb:ab:98:6a:12:77:01:b9:7d:63:53:83:d7:58:4e:ac:38:dc:6c:67:3c:74:7f:71:cb:5c:f0:c0:a1:f6:52:5c:03:50:4d:b1:61:b4:3e:84:a2:c9:0f:62:a9:64:c7:67:e4:2b:51:4e:b1:b9:62:8f:de:85:42:3e:3b:02:62:8d:1e:73:77:67:b8:80:5a:43:eb:29:11:ba:5a:55:2e:ae:1b:37:59:b0:62:9c:8c:29" - }, - "http": { - "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "POST", - "http.request.uri": "\/DcpRequestHandler\/index.ashx", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "dcp.cpp.philips.com:80", - "http.request.line": "Host: dcp.cpp.philips.com:80\r\n", - "http.authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"186\", Nonce=\"kxGnpKZHyFO7INUIZYdSxg==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"jXoKXPlZFyuKMZ1gnslyKg==\"", - "http.request.line": "Authorization: CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"186\", Nonce=\"kxGnpKZHyFO7INUIZYdSxg==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"jXoKXPlZFyuKMZ1gnslyKg==\"\r\n", - "http.content_length_header": "1248 ", - "http.content_length_header_tree": { - "http.content_length": "1248" - }, - "http.request.line": "Content-Length: 1248 \r\n", - "http.content_type": "application\/CB-Encrypted; cipher=AES", - "http.request.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", - "http.connection": "close", - "http.request.line": "Connection: close\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/dcp.cpp.philips.com:80\/DcpRequestHandler\/index.ashx", - "http.request": "1", - "http.request_number": "1", - "http.file_data": "P\u00ef\u00bf\u00bd\\\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0004(\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdW\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001c\u001e\u00ef\u00bf\u00bdR;ODM\u0018|\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdg\u00ef\u00bf\u00bd\/\u0016\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdBJP>@\u00ef\u00bf\u00bd\u00066\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd`\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdr\u00ef\u00bf\u00bdq\u00ef\u00bf\u00bdf\u00ef\u00bf\u00bd[\u00ef\u00bf\u00bd|k\u007f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd(\u00ef\u00bf\u00bd\/hG\u00ef\u00bf\u00bd)\u00ef\u00bf\u00bd\u00ef\u00bf\u00bde\u00ef\u00bf\u00bd\u000e\u00ef\u00bf\u00bd\u0007\u00ef\u00bf\u00bd\u001a]{\u00ef\u00bf\u00bdY(+0+ Sk\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd~\u00ef\u00bf\u00bdE\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd.&\u000b{\u00ef\u00bf\u00bd \u00ef\u00bf\u00bd\u00ef\u00bf\u00bd,\u00ef\u00bf\u00bd;z\u00ef\u00bf\u00bd\u000fC4\u007f\u001bXr\u00ef\u00bf\u00bd=\u00ef\u00bf\u00bda\u00ef\u00bf\u00bd\u0010\u0001\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd(\u0019*\u0005\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001fk\u00ef\u00bf\u00bd0\u0007\u000f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd;\u0003s\u00ef\u00bf\u00bd\u000em\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdM\u00ef\u00bf\u00bd\u00ef\u00bf\u00bda" - }, - "media": { - "media.type": "50:a6:5c:de:da:9d:d1:8a:04:28:db:d1:f0:57:82:bf:b6:1c:1e:e9:52:3b:4f:44:4d:18:7c:ce:94:67:e8:2f:16:90:db:42:4a:50:3e:40:ab:06:36:ac:95:df:fb:a3:60:be:bf:72:eb:71:91:66:a9:5b:81:7c:6b:7f:97:dc:28:ac:2f:68:47:f3:29:e2:e2:65:bc:0e:a0:07:fc:1a:5d:7b:b5:59:28:2b:30:2b:20:53:6b:a8:f2:7e:86:45:f8:dc:f1:d8:2e:26:0b:7b:a2:20:e4:8a:2c:b9:3b:7a:fc:0f:43:34:7f:1b:58:72:c8:3d:84:61:f5:10:01:bc:e7:28:19:2a:05:ce:ae:1f:6b:84:30:07:0f:bb:87:3b:03:73:ec:0e:6d:f4:bf:4d:c4:81:61:00:4d:7b:9a:e9:7b:86:fe:36:8d:9f:96:c6:87:b3:62:19:92:9b:2b:6e:6d:49:eb:f6:14:e9:0d:30:eb:ba:c5:1b:7e:1a:b5:cb:c4:88:16:98:30:57:35:f5:61:1c:8e:bb:a4:b7:db:e6:e3:34:f1:64:cb:1f:fb:1d:4d:ad:88:cd:58:1f:d5:b5:71:78:c8:49:f7:cb:d2:cc:ea:75:86:d5:e2:49:cd:6c:1c:e8:f0:a0:f7:32:38:0a:71:5b:ed:60:9c:b9:dc:01:62:ec:c5:a4:ae:1a:3c:4b:d6:18:99:72:ba:17:b7:65:2d:23:9f:83:92:09:1a:84:1e:e9:13:62:11:8d:65:70:1b:02:e7:d1:f5:1a:0a:96:11:00:a8:4d:0e:bb:02:ef:e8:4e:d5:a5:ed:8c:f2:db:3f:81:32:6b:ac:08:59:34:84:5d:8d:af:f0:7a:1a:fe:c1:d6:82:1e:5f:aa:f6:e0:6e:03:94:49:8a:13:b7:7a:78:9a:cb:ca:e8:34:d6:d9:2e:7a:77:c5:d1:8a:10:d1:ec:5e:e9:ce:a4:0c:2c:8a:bf:d1:43:43:3f:31:8f:bd:75:17:62:30:be:5a:d3:f7:7e:84:8d:7a:83:93:30:d6:76:8d:24:e2:95:df:a2:6a:36:4f:cc:36:ac:80:c4:90:08:6e:41:61:1f:4a:ee:c1:a5:20:59:4e:23:ae:2a:da:eb:d5:1b:10:42:25:b8:27:d5:db:2f:38:2b:2f:c9:f1:f0:2f:23:71:bf:5d:eb:6a:0e:f4:e3:df:a8:ec:b9:3c:2f:50:49:d9:b0:03:25:19:82:b5:fc:2b:c1:dc:95:c1:51:ce:64:4c:9e:d0:f6:f9:50:5b:ab:f7:e0:15:26:ee:bd:72:1b:7f:3d:6c:c0:c2:e3:7b:ad:46:dd:bd:f8:7b:47:3e:23:e6:ef:bd:a8:b8:58:6e:c3:92:86:a2:59:95:66:0e:97:c6:e7:59:8b:f5:3b:00:b8:d9:a6:00:3d:73:b1:a4:13:e5:1a:cc:27:3e:08:af:79:6f:ad:3f:db:07:95:00:ed:10:e1:95:86:3c:0d:b2:aa:c5:cf:68:00:95:4f:ce:e2:14:d2:f5:e6:ba:ab:fd:c6:3d:69:07:dc:25:d1:50:02:71:a4:2d:50:d7:3b:f5:0e:3b:7d:20:8d:4d:c8:1a:82:97:bd:86:3f:b1:92:59:f9:7d:c5:dd:57:bc:08:71:ff:87:98:e6:3e:4e:e1:44:cd:03:3e:36:86:c8:93:f3:ef:a0:10:0b:36:21:83:c3:c4:ec:99:97:3d:49:21:95:5d:57:43:c9:13:62:a2:db:57:05:29:db:d6:5a:72:cb:77:0a:20:fd:d3:e4:e5:b8:71:f2:ba:b1:d8:76:94:7f:09:9e:1d:a8:57:4f:c1:53:9c:09:ab:53:67:90:fc:03:b7:8e:8d:0d:33:5a:24:f0:72:95:82:8d:31:67:ab:0a:94:5f:2a:1b:51:73:cb:48:7b:79:b2:56:8d:9e:19:bc:f1:da:6c:cc:b8:58:3e:4f:ce:3e:d9:44:33:92:2c:01:4c:39:cf:46:00:79:71:62:96:63:4b:c2:18:0a:58:dc:cf:d6:39:7b:7f:00:3d:5e:98:f4:46:cb:43:52:7f:10:89:78:b2:f7:3b:fc:34:ca:0b:95:b2:b8:d7:c6:06:e2:51:19:b2:6b:60:f7:8e:71:b9:96:37:91:90:3b:f2:86:c1:cd:9f:82:eb:86:0a:03:0f:5b:41:ee:ee:d4:26:79:68:e7:dc:1c:c9:6f:72:3c:57:4c:c5:56:f2:dc:f2:c4:9b:58:b1:ba:61:41:ba:91:a0:d7:da:0b:cd:4c:dd:e2:65:f8:ba:d2:58:c0:d9:20:86:92:0c:48:43:46:33:6a:b1:34:63:07:19:e7:6a:20:55:d9:b9:4b:1b:3d:fe:1a:a9:72:6f:ab:d9:de:10:1a:80:71:3d:19:dd:3e:22:86:78:2e:2f:19:99:c6:b8:21:6c:24:a5:8e:ef:90:a4:ad:13:50:11:db:91:8b:05:6e:18:e1:07:f8:01:61:ac:8e:f4:c0:7d:04:43:4d:53:74:46:0d:47:42:32:7f:b9:24:1a:31:44:69:db:ef:3e:ce:c2:3b:dd:ca:b5:22:ff:cb:71:49:59:ce:03:8d:c1:44:78:5d:1f:7b:f7:5c:2a:c1:22:98:45:84:5f:89:df:ad:a0:2a:ec:37:8f:42:d7:9c:45:e5:1b:09:b9:f2:7e:c8:62:d9:f2:4a:82:55:bf:22:1a:4f:77:fa:71:96:97:5c:56:60:48:da:3a:fd:43:81:9a:8a:1e:f1:38:8f:94:83:91:8c:28:b4:d1:d0:9f:3b:d2:0d:ed:c3:5d:6b:7b:81:08:a8:9b:a4:17:2d:1a:51:75:fc:34:0a:d9:ef:90:bd:fa:57:e7:ac:67:f7:67:e9:89:ed:d4:5f:28:de:cd:84:4e:bc:4e:42:a8:54:08:8a:3b:b4:b1:ea:db:0f:b6:6d:d0:fb:aa:1c:c0:3e:2a:8c:13:b7:24:27:9c:40:be:e0:a3:bb:f7:c8:af:0d:30:a5:66:aa:7b:07:52:c4:0e:7a:ab:33:79:b7:d8:6e:b3:04:9e:1a:6c:6d:91:db:98:7a:7b:46:5f:f8:8e:29:cb:ab:98:6a:12:77:01:b9:7d:63:53:83:d7:58:4e:ac:38:dc:6c:67:3c:74:7f:71:cb:5c:f0:c0:a1:f6:52:5c:03:50:4d:b1:61:b4:3e:84:a2:c9:0f:62:a9:64:c7:67:e4:2b:51:4e:b1:b9:62:8f:de:85:42:3e:3b:02:62:8d:1e:73:77:67:b8:80:5a:43:eb:29:11:ba:5a:55:2e:ae:1b:37:59:b0:62:9c:8c:29" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:50.005189000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494330.005189000", - "frame.time_delta": "0.136845000", - "frame.time_delta_displayed": "0.136845000", - "frame.time_relative": "738.544503000", - "frame.number": "2632", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001ea7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x00006c34", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35297", - "tcp.port": "80", - "tcp.port": "35297", - "tcp.stream": "122", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1849", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00008fbb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2631", - "tcp.analysis.ack_rtt": "0.136845000", - "tcp.analysis.initial_rtt": "0.137016000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:50.029787000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494330.029787000", - "frame.time_delta": "0.024598000", - "frame.time_delta_displayed": "0.024598000", - "frame.time_relative": "738.569101000", - "frame.number": "2633", - "frame.len": "925", - "frame.cap_len": "925", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:media" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "911", - "ip.id": "0x00002870", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x00005f04", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35297", - "tcp.port": "80", - "tcp.port": "35297", - "tcp.stream": "122", - "tcp.len": "871", - "tcp.seq": "1", - "tcp.nxtseq": "872", - "tcp.ack": "1849", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00000aeb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.137016000", - "tcp.analysis.bytes_in_flight": "871", - "tcp.analysis.push_bytes_sent": "871" - } - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.cache_control": "private", - "http.response.line": "Cache-Control: private\r\n", - "http.content_length_header": "560", - "http.content_length_header_tree": { - "http.content_length": "560" - }, - "http.response.line": "Content-Length: 560\r\n", - "http.content_type": "application\/CB-Encrypted; cipher=AES", - "http.response.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", - "http.server": "Microsoft-IIS\/7.5", - "http.response.line": "Server: Microsoft-IIS\/7.5\r\n", - "http.www_authenticate": "CBAuth Nonce=\"UG5tp6C9+lS7INUIHif8gw==\"", - "http.response.line": "WWW-Authenticate: CBAuth Nonce=\"UG5tp6C9+lS7INUIHif8gw==\"\r\n", - "http.response.line": "X-AspNet-Version: 4.0.30319\r\n", - "http.response.line": "X-Powered-By: ASP.NET\r\n", - "http.date": "Tue, 31 Oct 2017 23:58:49 GMT", - "http.response.line": "Date: Tue, 31 Oct 2017 23:58:49 GMT\r\n", - "http.connection": "close", - "http.response.line": "Connection: close\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.161443000", - "http.request_in": "2631", - "http.file_data": "P\u00ef\u00bf\u00bd\\\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0004(\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdW\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001c\u001e\u00ef\u00bf\u00bdR;ODM\u0018|\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdg\u00ef\u00bf\u00bd\/ !\u00133O2\u001f\u0005<\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd2\u00ef\u00bf\u00bdk\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd:\u00ef\u00bf\u00bdO49cHj\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0003\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd;>\u00ef\u00bf\u00bdSE\u00ef\u00bf\u00bd|xk\u00ef\u00bf\u00bde\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd.q\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd#l\u00ef\u00bf\u00bd\f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\b\u00ef\u00bf\u00bd\u0013H\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdrc5\u00ef\u00bf\u00bd\be'\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001ay^\u00ef\u00bf\u00bd\u0013\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bde\u0018b\u00ef\u00bf\u00bduj\u00ef\u00bf\u00bd\u0018\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdPre\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdk\u00ef\u00bf\u00bdICh\\\u00ef\u00bf\u00bd!+\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd:\u00ef\u00bf\u00bdLD2\u00ef\u00bf\u00bd\r\u00ef\u00bf\u00bd!\u00ef\u00bf\u00bdg\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0002gI\u00ef\u00bf\u00bd\u0011`\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd5\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdS\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdz\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdC\u00ef\u00bf\u00bdC#\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd(\u00ef\u00bf\u00bdb$r\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdAi\u000b\u00ef\u00bf\u00bd\u0010\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdf\u001a\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0012\u007ff\u00ef\u00bf\u00bd}\u001f\u00ef\u00bf\u00bd0]ucw,\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001a\u00ef\u00bf\u00bd\u001a\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdF\u0014d\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0003\u00ef\u00bf\u00bd;\u00ef\u00bf\u00bd~\u00ef\u00bf\u00bd5\u0014\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00057\u00ef\u00bf\u00bdQ\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0002\u00ef\u00bf\u00bd4\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdT\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd,\u00ef\u00bf\u00bdqb\u0002Q,\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdt\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd&\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0018\u00ef\u00bf\u00bd-\u00ef\u00bf\u00bd~\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdW<\\i\u0010\u00ef\u00bf\u00bdo\"\u00ef\u00bf\u00bd \\qk" - }, - "media": { - "media.type": "50:a6:5c:de:da:9d:d1:8a:04:28:db:d1:f0:57:82:bf:b6:1c:1e:e9:52:3b:4f:44:4d:18:7c:ce:94:67:e8:2f:20:21:13:33:4f:32:1f:05:3c:8e:89:9f:f1:32:c0:6b:d6:ba:3a:c8:4f:34:39:63:48:6a:9d:d0:ae:e2:03:ec:d3:af:a6:82:a6:3b:3e:ad:53:45:c5:7c:78:6b:a5:65:a6:d9:2e:71:aa:80:ca:b9:23:6c:de:0c:8c:84:a1:08:bb:13:48:a9:f1:72:63:35:9e:08:65:27:dc:9e:1a:79:5e:fc:13:a1:d3:c7:65:18:62:94:75:6a:fb:18:a4:9f:50:72:65:f0:a0:6b:b9:49:43:68:5c:85:21:2b:ea:96:3a:ab:4c:44:32:88:0d:c7:21:8d:67:f0:94:02:67:49:fa:11:60:b1:d0:35:cb:85:a7:53:94:c4:9c:da:cf:c6:9c:e3:7a:87:ca:43:bb:43:23:d3:b4:fe:de:e1:28:ce:62:24:72:a6:af:d4:41:69:0b:ef:10:c1:99:66:1a:e8:d9:85:12:7f:66:8d:7d:1f:d2:30:5d:75:63:77:2c:ac:dc:b7:bd:e6:1a:b5:1a:cd:d2:46:14:64:f0:c5:a5:03:85:3b:cd:7e:cb:35:14:e4:f8:05:37:df:51:e6:98:02:90:34:a7:b7:88:54:f9:cb:83:c8:93:aa:c4:2c:95:71:62:02:51:2c:f6:df:f0:ea:74:8e:a6:ad:9b:26:8b:f8:18:c6:2d:ae:7e:94:f0:57:3c:5c:69:10:e6:6f:22:ac:20:5c:71:6b:00:b2:f6:29:01:45:c3:a6:83:a0:41:77:a4:00:f6:58:59:3b:b1:77:fd:cc:6b:8d:8f:e4:c8:6a:fa:20:6d:3b:01:8a:b8:a6:23:b5:84:4e:31:a7:cd:b0:16:c5:e9:37:8d:27:13:e9:86:50:7f:67:b3:1a:87:21:df:84:44:a2:64:1f:26:b7:79:c5:dd:bc:72:cd:7b:bd:b8:32:da:c5:c1:7f:98:bf:b0:55:ab:9e:a4:38:e4:ec:d7:5e:2f:0f:87:9b:08:4f:5a:be:d0:a6:5c:65:26:96:47:81:13:2e:0f:4f:fc:23:4d:dc:ec:99:b1:ab:84:9b:25:8b:5d:44:2a:ef:78:56:2b:03:00:87:2b:a9:45:95:a3:69:c6:7a:f9:c6:d7:83:fc:01:f2:1c:80:2b:df:2a:34:17:f1:c4:2e:3a:27:61:ea:89:d9:67:24:e7:44:7b:79:f0:13:52:47:26:82:9d:5b:4b:a8:9d:2b:4b:28:3f:cf:7a:bf:b9:df:a1:0e:12:4e:31:4d:22:dd:98:7e:88:fc:e3:71:41:5e:0f:41:62:98:ca:41:92:03:d1:6d:79:45:29:f6:ea:3d:2c:5a:f2:4c:a6:45:54:f7:a0:4c:5d:9a:df:2e:1c:9f:d6:0e:31:15:b8:ae:a4:c1:04:88:50" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:50.029858000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494330.029858000", - "frame.time_delta": "0.000071000", - "frame.time_delta_displayed": "0.000071000", - "frame.time_relative": "738.569172000", - "frame.number": "2634", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002872", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x00006269", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35297", - "tcp.port": "80", - "tcp.port": "35297", - "tcp.stream": "122", - "tcp.len": "0", - "tcp.seq": "872", - "tcp.ack": "1849", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00008c53", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:50.030388000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494330.030388000", - "frame.time_delta": "0.000530000", - "frame.time_delta_displayed": "0.000530000", - "frame.time_relative": "738.569702000", - "frame.number": "2635", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000c71d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006ebe", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35297", - "tcp.dstport": "80", - "tcp.port": "35297", - "tcp.port": "80", - "tcp.stream": "122", - "tcp.len": "0", - "tcp.seq": "1849", - "tcp.ack": "872", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "30485", - "tcp.window_size": "30485", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00002ca3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2633", - "tcp.analysis.ack_rtt": "0.000601000", - "tcp.analysis.initial_rtt": "0.137016000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:50.031029000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494330.031029000", - "frame.time_delta": "0.000641000", - "frame.time_delta_displayed": "0.000641000", - "frame.time_relative": "738.570343000", - "frame.number": "2636", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000c71e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006ebd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35297", - "tcp.dstport": "80", - "tcp.port": "35297", - "tcp.port": "80", - "tcp.stream": "122", - "tcp.len": "0", - "tcp.seq": "1849", - "tcp.ack": "873", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "30485", - "tcp.window_size": "30485", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00002ca1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2634", - "tcp.analysis.ack_rtt": "0.001171000", - "tcp.analysis.initial_rtt": "0.137016000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:50.063441000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494330.063441000", - "frame.time_delta": "0.032412000", - "frame.time_delta_displayed": "0.032412000", - "frame.time_relative": "738.602755000", - "frame.number": "2637", - "frame.len": "350", - "frame.cap_len": "350", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:bootp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "336", - "ip.id": "0x00000000", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ba9d", - "ip.checksum.status": "2", - "ip.src": "0.0.0.0", - "ip.addr": "0.0.0.0", - "ip.src_host": "0.0.0.0", - "ip.host": "0.0.0.0", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "68", - "udp.dstport": "67", - "udp.port": "68", - "udp.port": "67", - "udp.length": "316", - "udp.checksum": "0x00004f9e", - "udp.checksum.status": "2", - "udp.stream": "3" - }, - "bootp": { - "bootp.type": "1", - "bootp.hw.type": "0x00000001", - "bootp.hw.len": "6", - "bootp.hops": "0", - "bootp.id": "0xabcd0001", - "bootp.secs": "0", - "bootp.flags": "0x00000000", - "bootp.flags_tree": { - "bootp.flags.bc": "0", - "bootp.flags.reserved": "0x00000000" - }, - "bootp.ip.client": "0.0.0.0", - "bootp.ip.your": "0.0.0.0", - "bootp.ip.server": "0.0.0.0", - "bootp.ip.relay": "0.0.0.0", - "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", - "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", - "bootp.server": "", - "bootp.file": "", - "bootp.dhcp": "1", - "bootp.cookie": "99.130.83.99", - "bootp.option.type": "53", - "bootp.option.type_tree": { - "bootp.option.length": "1", - "bootp.option.value": "01", - "bootp.option.dhcp": "1" - }, - "bootp.option.type": "12", - "bootp.option.type_tree": { - "bootp.option.length": "14", - "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", - "bootp.option.hostname": "USR-WIFI232-G2" - }, - "bootp.option.type": "57", - "bootp.option.type_tree": { - "bootp.option.length": "2", - "bootp.option.value": "05:dc", - "bootp.option.dhcp_max_message_size": "1500" - }, - "bootp.option.type": "55", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "01:03:1c:06", - "bootp.option.request_list_item": "1", - "bootp.option.request_list_item": "3", - "bootp.option.request_list_item": "28", - "bootp.option.request_list_item": "6" - }, - "bootp.option.type": "0", - "bootp.option.type_tree": { - "bootp.option.end": "255" - }, - "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:50.164639000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494330.164639000", - "frame.time_delta": "0.101198000", - "frame.time_delta_displayed": "0.101198000", - "frame.time_relative": "738.703953000", - "frame.number": "2638", - "frame.len": "350", - "frame.cap_len": "350", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:bootp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "336", - "ip.id": "0x00000001", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ba9c", - "ip.checksum.status": "2", - "ip.src": "0.0.0.0", - "ip.addr": "0.0.0.0", - "ip.src_host": "0.0.0.0", - "ip.host": "0.0.0.0", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "68", - "udp.dstport": "67", - "udp.port": "68", - "udp.port": "67", - "udp.length": "316", - "udp.checksum": "0x000080b3", - "udp.checksum.status": "2", - "udp.stream": "3" - }, - "bootp": { - "bootp.type": "1", - "bootp.hw.type": "0x00000001", - "bootp.hw.len": "6", - "bootp.hops": "0", - "bootp.id": "0xabcd0002", - "bootp.secs": "0", - "bootp.flags": "0x00000000", - "bootp.flags_tree": { - "bootp.flags.bc": "0", - "bootp.flags.reserved": "0x00000000" - }, - "bootp.ip.client": "0.0.0.0", - "bootp.ip.your": "0.0.0.0", - "bootp.ip.server": "0.0.0.0", - "bootp.ip.relay": "0.0.0.0", - "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", - "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", - "bootp.server": "", - "bootp.file": "", - "bootp.dhcp": "1", - "bootp.cookie": "99.130.83.99", - "bootp.option.type": "53", - "bootp.option.type_tree": { - "bootp.option.length": "1", - "bootp.option.value": "03", - "bootp.option.dhcp": "3" - }, - "bootp.option.type": "12", - "bootp.option.type_tree": { - "bootp.option.length": "14", - "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", - "bootp.option.hostname": "USR-WIFI232-G2" - }, - "bootp.option.type": "57", - "bootp.option.type_tree": { - "bootp.option.length": "2", - "bootp.option.value": "05:dc", - "bootp.option.dhcp_max_message_size": "1500" - }, - "bootp.option.type": "50", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "c0:a8:00:72", - "bootp.option.requested_ip_address": "192.168.0.114" - }, - "bootp.option.type": "54", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "c0:a8:00:01", - "bootp.option.dhcp_server_id": "192.168.0.1" - }, - "bootp.option.type": "55", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "01:03:1c:06", - "bootp.option.request_list_item": "1", - "bootp.option.request_list_item": "3", - "bootp.option.request_list_item": "28", - "bootp.option.request_list_item": "6" - }, - "bootp.option.type": "0", - "bootp.option.type_tree": { - "bootp.option.end": "255" - }, - "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:50.167321000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494330.167321000", - "frame.time_delta": "0.002682000", - "frame.time_delta_displayed": "0.002682000", - "frame.time_relative": "738.706635000", - "frame.number": "2639", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000062d3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x00002808", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35297", - "tcp.port": "80", - "tcp.port": "35297", - "tcp.stream": "122", - "tcp.len": "0", - "tcp.seq": "873", - "tcp.ack": "1850", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00008c52", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2636", - "tcp.analysis.ack_rtt": "0.136292000", - "tcp.analysis.initial_rtt": "0.137016000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:50.194835000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494330.194835000", - "frame.time_delta": "0.027514000", - "frame.time_delta_displayed": "0.027514000", - "frame.time_relative": "738.734149000", - "frame.number": "2640", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", - "arp.src.proto_ipv4": "0.0.0.0", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.114" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:50.470952000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494330.470952000", - "frame.time_delta": "0.276117000", - "frame.time_delta_displayed": "0.276117000", - "frame.time_relative": "739.010266000", - "frame.number": "2641", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", - "arp.src.proto_ipv4": "0.0.0.0", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.114" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:51.410321000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494331.410321000", - "frame.time_delta": "0.939369000", - "frame.time_delta_displayed": "0.939369000", - "frame.time_relative": "739.949635000", - "frame.number": "2642", - "frame.len": "1323", - "frame.cap_len": "1323", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1309", - "ip.id": "0x0000953d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007359", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "1257", - "tcp.seq": "15163", - "tcp.nxtseq": "16420", - "tcp.ack": "2587", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000cd53", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:d1:f9:a7:9d:c0:e1", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2478585, TSecr 2812133601": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2478585", - "tcp.options.timestamp.tsecr": "2812133601" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "1257", - "tcp.analysis.push_bytes_sent": "1257" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "1252", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:d0:24:af:73:cc:1f:4c:81:6a:c4:1b:22:7f:5d:1c:38:8a:87:87:bb:73:16:b5:c0:19:68:bc:4a:00:7f:19:5b:45:6b:a1:a3:c1:e3:46:c7:48:83:a4:cc:e3:ef:75:83:92:3c:3e:a5:31:c9:0f:c9:5e:5e:50:a4:fd:0d:f8:70:1c:59:08:74:ab:23:11:dd:d6:32:dd:cd:df:6a:8a:41:f0:3c:27:5e:b2:63:4f:cc:6d:76:30:5b:61:be:e0:2f:ca:e8:d5:d8:37:8c:f5:36:69:87:fc:bd:b6:94:64:1d:4a:60:b3:0f:49:86:94:41:05:78:37:85:f9:b0:89:ba:8f:f2:b6:95:06:11:33:f4:b7:e4:13:36:3a:5a:70:c7:a4:d8:0f:13:a9:ad:93:0e:1f:2c:8d:ca:d2:a3:a8:11:16:6d:2a:6e:7c:d9:15:53:a6:43:4b:0d:4e:04:fd:52:ec:a8:81:6a:53:f3:a5:8e:64:f7:dc:72:be:9d:16:1c:9d:28:b9:60:b8:e5:2e:3e:d4:95:82:27:4c:90:4f:10:18:c7:5a:2d:3a:c6:32:58:aa:76:1f:f1:b4:ae:dc:81:9c:4f:c9:b8:c7:21:b6:26:eb:09:2e:61:ce:9c:16:48:f8:0d:55:ca:57:2f:69:68:c4:e5:92:7b:14:3d:db:ed:1a:e1:03:3f:3b:55:12:7e:79:95:00:11:2e:52:ba:37:63:0a:c3:a9:06:1a:a9:d9:8c:28:39:c1:45:d9:b3:92:a1:57:b6:d7:ad:09:9f:86:b6:f3:36:fc:d2:52:fd:68:35:82:e0:cd:b7:bb:1a:d6:d8:48:dc:21:93:72:85:a8:e4:ff:50:f2:5b:38:a5:29:1e:04:b2:ce:a6:40:20:2a:f7:50:8d:56:ff:6f:70:1f:06:7b:a9:cd:90:a0:a2:48:1a:73:dc:5c:b4:bc:18:6c:bb:17:0e:cc:7a:5e:38:d2:ac:9b:33:c9:35:90:28:8d:78:f2:30:c3:8a:0e:ce:74:29:89:55:f3:48:08:6a:6a:5d:b7:e0:17:33:cb:b6:9f:78:4d:6d:bb:fd:7c:99:32:ca:9c:42:85:4f:4a:24:67:d1:fd:8f:09:bd:a4:f0:ed:41:8d:6c:3c:56:98:ef:c7:4f:e9:a6:36:fd:1b:ad:dd:42:27:89:f2:42:09:bf:8a:17:24:43:87:9e:4b:bd:35:09:8e:34:fa:af:2a:b0:12:c6:f1:60:01:58:19:bc:73:e7:b5:ca:7c:fc:e0:b2:b6:21:92:a4:68:30:18:14:4d:b3:0f:18:42:2f:91:9b:c8:4f:0d:97:e1:a2:40:21:b6:83:15:ab:03:cc:5c:62:8d:e3:67:cf:73:23:bb:0d:f1:9f:d3:38:b4:99:c3:ee:35:2c:3f:5b:d9:a7:6e:b9:3f:55:33:ab:8b:79:2b:4f:78:3c:26:e5:e8:71:86:b2:00:94:3d:2d:73:74:8c:09:d4:27:8a:ce:c8:a9:c2:22:24:13:0f:7d:f6:6d:0d:c0:e4:c8:9c:91:4a:31:33:87:1a:c5:72:24:12:72:ff:9f:08:51:56:17:78:1d:13:4e:25:7f:2b:97:0e:46:72:f9:54:94:0e:68:23:ea:02:ad:c3:ae:91:69:d9:15:62:a8:60:80:cb:d8:cd:73:f9:46:7e:09:ae:a8:87:07:46:47:96:7e:26:b8:cd:9c:d5:fb:f3:6c:52:c4:e4:e1:3d:56:a1:58:cd:a2:33:ce:d4:69:24:fa:dc:e0:ff:30:9f:3e:06:7b:77:18:8e:46:89:54:d1:33:90:e4:57:e2:27:1f:30:86:0a:35:97:d5:3d:7a:1a:16:d3:d6:9e:26:d2:0d:28:f6:a0:3b:9e:a0:c2:8f:40:27:35:33:d7:52:27:f1:ea:a5:bc:a5:64:3c:be:0f:a5:90:d4:7f:46:2b:e4:96:fb:16:ec:63:0f:64:94:7b:6e:c9:fa:53:58:bb:b8:7d:66:9e:e7:ee:4e:47:81:d7:fb:cf:7e:fc:b3:83:54:4a:f6:d8:95:03:25:a1:ba:74:bf:40:56:72:54:92:95:39:10:99:7b:4a:6a:05:81:50:84:6a:e4:8e:c8:e0:70:0f:0d:f6:62:6c:53:c4:a1:96:54:43:20:46:54:14:ec:2c:b2:12:64:5d:bb:06:3d:3b:69:a7:66:b9:51:fa:36:81:72:d0:69:50:29:12:9f:ac:26:f4:f4:29:38:b7:ca:ce:73:37:9a:13:19:d4:c8:7e:7a:30:34:03:3c:b6:b8:16:67:81:6c:7e:5f:1a:47:be:f9:76:f5:03:c5:45:ca:b2:c1:b0:90:53:64:38:ed:4a:db:8d:2f:ff:9c:f2:41:59:a0:70:97:7f:ca:be:c7:ca:b1:b9:3b:30:06:bb:de:2e:87:56:38:9f:a4:ac:26:bf:8e:20:32:5f:74:87:8c:f1:c9:49:e5:ea:f0:de:3e:d8:2f:b9:a5:cf:dc:9c:ef:46:fe:5c:f3:e7:a5:56:36:f4:82:ad:f6:68:ea:39:ac:ef:2c:7b:77:fc:89:0b:36:47:75:81:e5:70:c8:d9:e8:ef:43:85:24:39:a8:6f:94:2b:69:6e:67:7f:6d:a9:b9:72:f6:64:a1:c9:31:77:10:5f:f6:43:32:3a:05:fd:46:98:a0:9d:ef:d0:28:f2:fd:68:c8:3e:17:14:9c:5a:92:45:d0:6b:44:2a:79:ac:7a:66:e7:64:e7:5a:cd:09:cb:b0:44:4f:cc:c9:26:98:ff:8c:08:c0:9b:94:41:34:b2:9f:94:8d:00:e1:7f:19:dd:08:07:30:de:7f:ae:d4:6e:1c:82:64:77:38:56:b5:62:30:3e:1c:e4:16:9b:18:5b:6b:c3:f2:aa:ae:b1:5f:21:47:cd:06:0d:9c:12:e4:93:ef:f6:d2:bf:96:7d:4d:e0:de:d9:06:5a:2e:2f:74:31:33:ee:e9:38:14:cd:59:9f:bc:58:4d:3b:60:4d:39:07:7c:4a:9c:1b:44:a5:80:41:b6:f1:66:5c:55:58:5f:18:71:e3:4a:f4:41:be:da:d5:be:79:e1:8c:69:8b:21:d5:17:19:6c:71:3c:a9:9c:3f:97:3e:e4:55:84:df:61:80:f9:b7:b0:c9:09:52:0e:4c:38:f2:2d:47:ae:84:ed:07:29:0a:d0:b3:87:6e:81:29:7d:a6:76:8b:ff:3e:ff:d4:15:3f:31:62:39:dd:a4:ff:9f:09:a7:0e:16:e7:3e:90:2f:1e:eb:1d:93:b9:45:25:47:e6:e8:08:fb:f6:cb" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:51.470754000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494331.470754000", - "frame.time_delta": "0.060433000", - "frame.time_delta_displayed": "0.060433000", - "frame.time_relative": "740.010068000", - "frame.number": "2643", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c29", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003956", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "2587", - "tcp.ack": "16420", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000be55", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9d:ce:00:00:25:d1:f9", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812136960, TSecr 2478585": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812136960", - "tcp.options.timestamp.tsecr": "2478585" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2642", - "tcp.analysis.ack_rtt": "0.060433000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:55.194113000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494335.194113000", - "frame.time_delta": "3.723359000", - "frame.time_delta_displayed": "3.723359000", - "frame.time_relative": "743.733427000", - "frame.number": "2644", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", - "arp.src.proto_ipv4": "192.168.0.114", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:57.112885000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494337.112885000", - "frame.time_delta": "1.918772000", - "frame.time_delta_displayed": "1.918772000", - "frame.time_relative": "745.652199000", - "frame.number": "2645", - "frame.len": "83", - "frame.cap_len": "83", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "69", - "ip.id": "0x000047d2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000091bc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "49", - "udp.checksum": "0x0000edf6", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_smartthings._tcp.local", - "dns.qry.name.len": "23", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:57.118656000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494337.118656000", - "frame.time_delta": "0.005771000", - "frame.time_delta_displayed": "0.005771000", - "frame.time_relative": "745.657970000", - "frame.number": "2646", - "frame.len": "211", - "frame.cap_len": "211", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "197", - "ip.id": "0x000019c6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000becb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "177", - "udp.checksum": "0x00009320", - "udp.checksum.status": "2", - "udp.stream": "45" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00008400", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "1", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.recavail": "0", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "0", - "dns.count.answers": "4", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Answers": { - "_smartthings._tcp.local: type PTR, class IN, D052A8A1D7EE0001._smartthings._tcp.local": { - "dns.resp.name": "_smartthings._tcp.local", - "dns.resp.type": "12", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "4500", - "dns.resp.len": "19", - "dns.ptr.domain_name": "D052A8A1D7EE0001._smartthings._tcp.local" - }, - "D052A8A1D7EE0001._smartthings._tcp.local: type TXT, class IN, cache flush": { - "dns.resp.name": "D052A8A1D7EE0001._smartthings._tcp.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "1", - "dns.resp.ttl": "4500", - "dns.resp.len": "38", - "dns.txt.length": "6", - "dns.txt": "path=\/", - "dns.txt.length": "19", - "dns.txt": "id=D052A8A1D7EE0001", - "dns.txt.length": "10", - "dns.txt": "type=hubv2" - }, - "D052A8A1D7EE0001._smartthings._tcp.local: type SRV, class IN, cache flush, priority 0, weight 0, port 8081, target D052A8A1D7EE0001.local": { - "dns.srv.service": "D052A8A1D7EE0001", - "dns.srv.proto": "_smartthings", - "dns.srv.name": "_tcp.local", - "dns.resp.type": "33", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "1", - "dns.resp.ttl": "120", - "dns.resp.len": "25", - "dns.srv.priority": "0", - "dns.srv.weight": "0", - "dns.srv.port": "8081", - "dns.srv.target": "D052A8A1D7EE0001.local" - }, - "D052A8A1D7EE0001.local: type A, class IN, cache flush, addr 192.168.0.242": { - "dns.resp.name": "D052A8A1D7EE0001.local", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "1", - "dns.resp.ttl": "120", - "dns.resp.len": "4", - "dns.a": "192.168.0.242" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:57.336531000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494337.336531000", - "frame.time_delta": "0.217875000", - "frame.time_delta_displayed": "0.217875000", - "frame.time_relative": "745.875845000", - "frame.number": "2647", - "frame.len": "83", - "frame.cap_len": "83", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "69", - "ip.id": "0x00004808", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00009186", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "49", - "udp.checksum": "0x0000edf6", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_smartthings._tcp.local", - "dns.qry.name.len": "23", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:57.564651000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494337.564651000", - "frame.time_delta": "0.228120000", - "frame.time_delta_displayed": "0.228120000", - "frame.time_relative": "746.103965000", - "frame.number": "2648", - "frame.len": "83", - "frame.cap_len": "83", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "69", - "ip.id": "0x00004833", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000915b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "49", - "udp.checksum": "0x0000edf6", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_smartthings._tcp.local", - "dns.qry.name.len": "23", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:58.495653000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494338.495653000", - "frame.time_delta": "0.931002000", - "frame.time_delta_displayed": "0.931002000", - "frame.time_relative": "747.034967000", - "frame.number": "2649", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x00009d5f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00002bf8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:58.548459000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494338.548459000", - "frame.time_delta": "0.052806000", - "frame.time_delta_displayed": "0.052806000", - "frame.time_relative": "747.087773000", - "frame.number": "2650", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x00009d61", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00002bf6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:58.601383000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494338.601383000", - "frame.time_delta": "0.052924000", - "frame.time_delta_displayed": "0.052924000", - "frame.time_relative": "747.140697000", - "frame.number": "2651", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x00009d67", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00002be7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:58.654313000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494338.654313000", - "frame.time_delta": "0.052930000", - "frame.time_delta_displayed": "0.052930000", - "frame.time_relative": "747.193627000", - "frame.number": "2652", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x00009d68", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00002be6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:58.707268000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494338.707268000", - "frame.time_delta": "0.052955000", - "frame.time_delta_displayed": "0.052955000", - "frame.time_relative": "747.246582000", - "frame.number": "2653", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x00009d6d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00002be7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:58:58.760110000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494338.760110000", - "frame.time_delta": "0.052842000", - "frame.time_delta_displayed": "0.052842000", - "frame.time_relative": "747.299424000", - "frame.number": "2654", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x00009d6f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00002be5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:04.720346000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494344.720346000", - "frame.time_delta": "5.960236000", - "frame.time_delta_displayed": "5.960236000", - "frame.time_relative": "753.259660000", - "frame.number": "2655", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000057ed", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a6a4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "241", - "tcp.ack": "217", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000004f7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive": "", - "_ws.expert.message": "TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:04.865384000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494344.865384000", - "frame.time_delta": "0.145038000", - "frame.time_delta_displayed": "0.145038000", - "frame.time_relative": "753.404698000", - "frame.number": "2656", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000fdc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fdb5", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "217", - "tcp.ack": "242", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00000f6c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive_ack": "", - "_ws.expert.message": "ACK to a TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:05.833905000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494345.833905000", - "frame.time_delta": "0.968521000", - "frame.time_delta_displayed": "0.968521000", - "frame.time_relative": "754.373219000", - "frame.number": "2657", - "frame.len": "62", - "frame.cap_len": "62", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_02", - "eth.addr": "33:33:00:00:00:02", - "eth.addr_resolved": "IPv6mcast_02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "8", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "::", - "ipv6.addr": "::", - "ipv6.src_host": "::", - "ipv6.host": "::", - "ipv6.dst": "ff02::2", - "ipv6.addr": "ff02::2", - "ipv6.dst_host": "ff02::2", - "ipv6.host": "ff02::2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "133", - "icmpv6.code": "0", - "icmpv6.checksum": "0x00007bb8", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:05.836319000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494345.836319000", - "frame.time_delta": "0.002414000", - "frame.time_delta_displayed": "0.002414000", - "frame.time_relative": "754.375633000", - "frame.number": "2658", - "frame.len": "174", - "frame.cap_len": "174", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:01", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01", - "eth.addr": "33:33:00:00:00:01", - "eth.addr_resolved": "IPv6mcast_01", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00016898", - "ipv6.plen": "120", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "fe80::b2b9:8aff:fe73:698e", - "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.dst": "ff02::1", - "ipv6.addr": "ff02::1", - "ipv6.dst_host": "ff02::1", - "ipv6.host": "ff02::1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "134", - "icmpv6.code": "0", - "icmpv6.checksum": "0x00006442", - "icmpv6.checksum.status": "1", - "icmpv6.nd.ra.cur_hop_limit": "64", - "icmpv6.nd.ra.flag": "0x000000c0", - "icmpv6.nd.ra.flag_tree": { - "icmpv6.nd.ra.flag.m": "1", - "icmpv6.nd.ra.flag.o": "1", - "icmpv6.nd.ra.flag.h": "0", - "icmpv6.nd.ra.flag.prf": "0", - "icmpv6.nd.ra.flag.p": "0", - "icmpv6.nd.ra.flag.rsv": "0" - }, - "icmpv6.nd.ra.router_lifetime": "0", - "icmpv6.nd.ra.reachable_time": "0", - "icmpv6.nd.ra.retrans_timer": "0", - "icmpv6.opt": { - "icmpv6.opt.type": "1", - "icmpv6.opt.length": "1", - "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", - "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "5", - "icmpv6.opt.length": "1", - "icmpv6.opt.reserved": "", - "icmpv6.opt.mtu": "1500" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "3", - "icmpv6.opt.length": "4", - "icmpv6.opt.prefix.length": "64", - "icmpv6.opt.prefix.flag": "0x000000c0", - "icmpv6.opt.prefix.flag_tree": { - "icmpv6.opt.prefix.flag.l": "1", - "icmpv6.opt.prefix.flag.a": "1", - "icmpv6.opt.prefix.flag.r": "0", - "icmpv6.opt.prefix.flag.reserved": "0" - }, - "icmpv6.opt.prefix.valid_lifetime": "4294967295", - "icmpv6.opt.prefix.preferred_lifetime": "4294967295", - "icmpv6.opt.reserved": "", - "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "24", - "icmpv6.opt.length": "3", - "icmpv6.opt.prefix.length": "48", - "icmpv6.opt.route_info.flag": "0x00000000", - "icmpv6.opt.route_info.flag_tree": { - "icmpv6.opt.route_info.flag.route_preference": "0", - "icmpv6.opt.route_info.flag.reserved": "0" - }, - "icmpv6.opt.route_lifetime": "4294967295", - "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "25", - "icmpv6.opt.length": "3", - "icmpv6.opt.reserved": "", - "icmpv6.opt.rdnss.lifetime": "6000", - "icmpv6.opt.rdnss": "fd1e:4e89:3b7b::1" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "7", - "icmpv6.opt.length": "1", - "icmpv6.opt.reserved": "", - "icmpv6.opt.advertisement_interval": "600000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:05.851471000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494345.851471000", - "frame.time_delta": "0.015152000", - "frame.time_delta_displayed": "0.015152000", - "frame.time_relative": "754.390785000", - "frame.number": "2659", - "frame.len": "150", - "frame.cap_len": "150", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "96", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000b490", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "4", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::fb" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:06.081791000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494346.081791000", - "frame.time_delta": "0.230320000", - "frame.time_delta_displayed": "0.230320000", - "frame.time_relative": "754.621105000", - "frame.number": "2660", - "frame.len": "150", - "frame.cap_len": "150", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "96", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000b590", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "4", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::fb" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:06.408951000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494346.408951000", - "frame.time_delta": "0.327160000", - "frame.time_delta_displayed": "0.327160000", - "frame.time_relative": "754.948265000", - "frame.number": "2661", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005c24", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x00005bc5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:06.796743000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494346.796743000", - "frame.time_delta": "0.387792000", - "frame.time_delta_displayed": "0.387792000", - "frame.time_relative": "755.336057000", - "frame.number": "2662", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" - }, - "eth": { - "eth.dst": "33:33:00:01:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:02", - "eth.addr": "33:33:00:01:00:02", - "eth.addr_resolved": "IPv6mcast_01:00:02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "66", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::1:2", - "ipv6.addr": "ff02::1:2", - "ipv6.dst_host": "ff02::1:2", - "ipv6.host": "ff02::1:2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "546", - "udp.dstport": "547", - "udp.port": "546", - "udp.port": "547", - "udp.length": "66", - "udp.checksum": "0x0000736f", - "udp.checksum.status": "2", - "udp.stream": "15" - }, - "dhcpv6": { - "dhcpv6.msgtype": "1", - "dhcpv6.xid": "0x0083a8ea", - "Elapsed time": { - "dhcpv6.option.type": "8", - "dhcpv6.option.length": "2", - "dhcpv6.option.value": "00:00", - "dhcpv6.elapsed_time": "0" - }, - "Rapid Commit": { - "dhcpv6.option.type": "14", - "dhcpv6.option.length": "0" - }, - "Client Identifier": { - "dhcpv6.option.type": "1", - "dhcpv6.option.length": "14", - "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.type": "1", - "dhcpv6.duidllt.hwtype": "1", - "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", - "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" - }, - "Identity Association for Non-temporary Address": { - "dhcpv6.option.type": "3", - "dhcpv6.option.length": "12", - "dhcpv6.option.value": "30:bf:34:7e:00:00:00:00:00:00:00:00", - "dhcpv6.iaid": "30bf347e", - "dhcpv6.iaid.t1": "0", - "dhcpv6.iaid.t2": "0" - }, - "Option Request": { - "dhcpv6.option.type": "6", - "dhcpv6.option.length": "6", - "dhcpv6.option.value": "00:17:00:18:00:1f", - "dhcpv6.requested_option_code": "23", - "dhcpv6.requested_option_code": "24", - "dhcpv6.requested_option_code": "31" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:06.802098000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494346.802098000", - "frame.time_delta": "0.005355000", - "frame.time_delta_displayed": "0.005355000", - "frame.time_relative": "755.341412000", - "frame.number": "2663", - "frame.len": "158", - "frame.cap_len": "158", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" - }, - "eth": { - "eth.dst": "33:33:00:01:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:02", - "eth.addr": "33:33:00:01:00:02", - "eth.addr_resolved": "IPv6mcast_01:00:02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "104", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::1:2", - "ipv6.addr": "ff02::1:2", - "ipv6.dst_host": "ff02::1:2", - "ipv6.host": "ff02::1:2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "546", - "udp.dstport": "547", - "udp.port": "546", - "udp.port": "547", - "udp.length": "104", - "udp.checksum": "0x00003a92", - "udp.checksum.status": "2", - "udp.stream": "15" - }, - "dhcpv6": { - "dhcpv6.msgtype": "3", - "dhcpv6.xid": "0x00f7d68b", - "Elapsed time": { - "dhcpv6.option.type": "8", - "dhcpv6.option.length": "2", - "dhcpv6.option.value": "00:00", - "dhcpv6.elapsed_time": "0" - }, - "Server Identifier": { - "dhcpv6.option.type": "2", - "dhcpv6.option.length": "10", - "dhcpv6.option.value": "00:03:00:01:b0:b9:8a:73:69:8e", - "dhcpv6.duid.bytes": "00:03:00:01:b0:b9:8a:73:69:8e", - "dhcpv6.duid.type": "3", - "dhcpv6.duidll.hwtype": "1", - "dhcpv6.duidll.link_layer_addr": "b0:b9:8a:73:69:8e" - }, - "Client Identifier": { - "dhcpv6.option.type": "1", - "dhcpv6.option.length": "14", - "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.type": "1", - "dhcpv6.duidllt.hwtype": "1", - "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", - "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" - }, - "Identity Association for Non-temporary Address": { - "dhcpv6.option.type": "3", - "dhcpv6.option.length": "40", - "dhcpv6.option.value": "30:bf:34:7e:00:00:54:60:00:00:87:00:00:05:00:18:fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", - "dhcpv6.iaid": "30bf347e", - "dhcpv6.iaid.t1": "21600", - "dhcpv6.iaid.t2": "34560", - "IA Address": { - "dhcpv6.option.type": "5", - "dhcpv6.option.length": "24", - "dhcpv6.option.value": "fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", - "dhcpv6.iaaddr.ip": "fd1e:4e89:3b7b::101", - "dhcpv6.iaaddr.pref_lifetime": "0", - "dhcpv6.iaaddr.valid_lifetime": "0" - } - }, - "Option Request": { - "dhcpv6.option.type": "6", - "dhcpv6.option.length": "6", - "dhcpv6.option.value": "00:17:00:18:00:1f", - "dhcpv6.requested_option_code": "23", - "dhcpv6.requested_option_code": "24", - "dhcpv6.requested_option_code": "31" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:06.808647000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494346.808647000", - "frame.time_delta": "0.006549000", - "frame.time_delta_displayed": "0.006549000", - "frame.time_relative": "755.347961000", - "frame.number": "2664", - "frame.len": "78", - "frame.cap_len": "78", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:ff:00:01:01", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_ff:00:01:01", - "eth.addr": "33:33:ff:00:01:01", - "eth.addr_resolved": "IPv6mcast_ff:00:01:01", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "24", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "::", - "ipv6.addr": "::", - "ipv6.src_host": "::", - "ipv6.host": "::", - "ipv6.dst": "ff02::1:ff00:101", - "ipv6.addr": "ff02::1:ff00:101", - "ipv6.dst_host": "ff02::1:ff00:101", - "ipv6.host": "ff02::1:ff00:101", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "135", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000f182", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00:00:00", - "icmpv6.nd.ns.target_address": "fd1e:4e89:3b7b::101" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:06.822205000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494346.822205000", - "frame.time_delta": "0.013558000", - "frame.time_delta_displayed": "0.013558000", - "frame.time_relative": "755.361519000", - "frame.number": "2665", - "frame.len": "110", - "frame.cap_len": "110", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "56", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000effa", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "2", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:07.105277000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494347.105277000", - "frame.time_delta": "0.283072000", - "frame.time_delta_displayed": "0.283072000", - "frame.time_relative": "755.644591000", - "frame.number": "2666", - "frame.len": "83", - "frame.cap_len": "83", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "69", - "ip.id": "0x00004e65", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00008b29", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "49", - "udp.checksum": "0x0000edf6", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_smartthings._tcp.local", - "dns.qry.name.len": "23", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:07.118739000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494347.118739000", - "frame.time_delta": "0.013462000", - "frame.time_delta_displayed": "0.013462000", - "frame.time_relative": "755.658053000", - "frame.number": "2667", - "frame.len": "211", - "frame.cap_len": "211", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "197", - "ip.id": "0x00001a71", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000be20", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "177", - "udp.checksum": "0x00009320", - "udp.checksum.status": "2", - "udp.stream": "45" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00008400", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "1", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.recavail": "0", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "0", - "dns.count.answers": "4", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Answers": { - "_smartthings._tcp.local: type PTR, class IN, D052A8A1D7EE0001._smartthings._tcp.local": { - "dns.resp.name": "_smartthings._tcp.local", - "dns.resp.type": "12", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "4500", - "dns.resp.len": "19", - "dns.ptr.domain_name": "D052A8A1D7EE0001._smartthings._tcp.local" - }, - "D052A8A1D7EE0001._smartthings._tcp.local: type TXT, class IN, cache flush": { - "dns.resp.name": "D052A8A1D7EE0001._smartthings._tcp.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "1", - "dns.resp.ttl": "4500", - "dns.resp.len": "38", - "dns.txt.length": "6", - "dns.txt": "path=\/", - "dns.txt.length": "19", - "dns.txt": "id=D052A8A1D7EE0001", - "dns.txt.length": "10", - "dns.txt": "type=hubv2" - }, - "D052A8A1D7EE0001._smartthings._tcp.local: type SRV, class IN, cache flush, priority 0, weight 0, port 8081, target D052A8A1D7EE0001.local": { - "dns.srv.service": "D052A8A1D7EE0001", - "dns.srv.proto": "_smartthings", - "dns.srv.name": "_tcp.local", - "dns.resp.type": "33", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "1", - "dns.resp.ttl": "120", - "dns.resp.len": "25", - "dns.srv.priority": "0", - "dns.srv.weight": "0", - "dns.srv.port": "8081", - "dns.srv.target": "D052A8A1D7EE0001.local" - }, - "D052A8A1D7EE0001.local: type A, class IN, cache flush, addr 192.168.0.242": { - "dns.resp.name": "D052A8A1D7EE0001.local", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "1", - "dns.resp.ttl": "120", - "dns.resp.len": "4", - "dns.a": "192.168.0.242" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:07.328034000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494347.328034000", - "frame.time_delta": "0.209295000", - "frame.time_delta_displayed": "0.209295000", - "frame.time_relative": "755.867348000", - "frame.number": "2668", - "frame.len": "83", - "frame.cap_len": "83", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "69", - "ip.id": "0x00004e9e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00008af0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "49", - "udp.checksum": "0x0000edf6", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_smartthings._tcp.local", - "dns.qry.name.len": "23", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:07.556274000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494347.556274000", - "frame.time_delta": "0.228240000", - "frame.time_delta_displayed": "0.228240000", - "frame.time_relative": "756.095588000", - "frame.number": "2669", - "frame.len": "83", - "frame.cap_len": "83", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "69", - "ip.id": "0x00004ea8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00008ae6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "49", - "udp.checksum": "0x0000edf6", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_smartthings._tcp.local", - "dns.qry.name.len": "23", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:07.831028000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494347.831028000", - "frame.time_delta": "0.274754000", - "frame.time_delta_displayed": "0.274754000", - "frame.time_relative": "756.370342000", - "frame.number": "2670", - "frame.len": "62", - "frame.cap_len": "62", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_02", - "eth.addr": "33:33:00:00:00:02", - "eth.addr_resolved": "IPv6mcast_02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "8", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "::", - "ipv6.addr": "::", - "ipv6.src_host": "::", - "ipv6.host": "::", - "ipv6.dst": "ff02::2", - "ipv6.addr": "ff02::2", - "ipv6.dst_host": "ff02::2", - "ipv6.host": "ff02::2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "133", - "icmpv6.code": "0", - "icmpv6.checksum": "0x00007bb8", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:07.833359000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494347.833359000", - "frame.time_delta": "0.002331000", - "frame.time_delta_displayed": "0.002331000", - "frame.time_relative": "756.372673000", - "frame.number": "2671", - "frame.len": "174", - "frame.cap_len": "174", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:01", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01", - "eth.addr": "33:33:00:00:00:01", - "eth.addr_resolved": "IPv6mcast_01", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00016898", - "ipv6.plen": "120", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "fe80::b2b9:8aff:fe73:698e", - "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.dst": "ff02::1", - "ipv6.addr": "ff02::1", - "ipv6.dst_host": "ff02::1", - "ipv6.host": "ff02::1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "134", - "icmpv6.code": "0", - "icmpv6.checksum": "0x00006442", - "icmpv6.checksum.status": "1", - "icmpv6.nd.ra.cur_hop_limit": "64", - "icmpv6.nd.ra.flag": "0x000000c0", - "icmpv6.nd.ra.flag_tree": { - "icmpv6.nd.ra.flag.m": "1", - "icmpv6.nd.ra.flag.o": "1", - "icmpv6.nd.ra.flag.h": "0", - "icmpv6.nd.ra.flag.prf": "0", - "icmpv6.nd.ra.flag.p": "0", - "icmpv6.nd.ra.flag.rsv": "0" - }, - "icmpv6.nd.ra.router_lifetime": "0", - "icmpv6.nd.ra.reachable_time": "0", - "icmpv6.nd.ra.retrans_timer": "0", - "icmpv6.opt": { - "icmpv6.opt.type": "1", - "icmpv6.opt.length": "1", - "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", - "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "5", - "icmpv6.opt.length": "1", - "icmpv6.opt.reserved": "", - "icmpv6.opt.mtu": "1500" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "3", - "icmpv6.opt.length": "4", - "icmpv6.opt.prefix.length": "64", - "icmpv6.opt.prefix.flag": "0x000000c0", - "icmpv6.opt.prefix.flag_tree": { - "icmpv6.opt.prefix.flag.l": "1", - "icmpv6.opt.prefix.flag.a": "1", - "icmpv6.opt.prefix.flag.r": "0", - "icmpv6.opt.prefix.flag.reserved": "0" - }, - "icmpv6.opt.prefix.valid_lifetime": "4294967295", - "icmpv6.opt.prefix.preferred_lifetime": "4294967295", - "icmpv6.opt.reserved": "", - "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "24", - "icmpv6.opt.length": "3", - "icmpv6.opt.prefix.length": "48", - "icmpv6.opt.route_info.flag": "0x00000000", - "icmpv6.opt.route_info.flag_tree": { - "icmpv6.opt.route_info.flag.route_preference": "0", - "icmpv6.opt.route_info.flag.reserved": "0" - }, - "icmpv6.opt.route_lifetime": "4294967295", - "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "25", - "icmpv6.opt.length": "3", - "icmpv6.opt.reserved": "", - "icmpv6.opt.rdnss.lifetime": "6000", - "icmpv6.opt.rdnss": "fd1e:4e89:3b7b::1" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "7", - "icmpv6.opt.length": "1", - "icmpv6.opt.reserved": "", - "icmpv6.opt.advertisement_interval": "600000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:07.834571000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494347.834571000", - "frame.time_delta": "0.001212000", - "frame.time_delta_displayed": "0.001212000", - "frame.time_relative": "756.373885000", - "frame.number": "2672", - "frame.len": "150", - "frame.cap_len": "150", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "96", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000b490", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "4", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::fb" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:07.883361000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494347.883361000", - "frame.time_delta": "0.048790000", - "frame.time_delta_displayed": "0.048790000", - "frame.time_relative": "756.422675000", - "frame.number": "2673", - "frame.len": "150", - "frame.cap_len": "150", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "96", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000b590", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "4", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::fb" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:08.466470000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494348.466470000", - "frame.time_delta": "0.583109000", - "frame.time_delta_displayed": "0.583109000", - "frame.time_relative": "757.005784000", - "frame.number": "2674", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" - }, - "eth": { - "eth.dst": "33:33:00:01:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:02", - "eth.addr": "33:33:00:01:00:02", - "eth.addr_resolved": "IPv6mcast_01:00:02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "66", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::1:2", - "ipv6.addr": "ff02::1:2", - "ipv6.dst_host": "ff02::1:2", - "ipv6.host": "ff02::1:2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "546", - "udp.dstport": "547", - "udp.port": "546", - "udp.port": "547", - "udp.length": "66", - "udp.checksum": "0x000006f4", - "udp.checksum.status": "2", - "udp.stream": "15" - }, - "dhcpv6": { - "dhcpv6.msgtype": "1", - "dhcpv6.xid": "0x00b41535", - "Elapsed time": { - "dhcpv6.option.type": "8", - "dhcpv6.option.length": "2", - "dhcpv6.option.value": "00:00", - "dhcpv6.elapsed_time": "0" - }, - "Rapid Commit": { - "dhcpv6.option.type": "14", - "dhcpv6.option.length": "0" - }, - "Client Identifier": { - "dhcpv6.option.type": "1", - "dhcpv6.option.length": "14", - "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.type": "1", - "dhcpv6.duidllt.hwtype": "1", - "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", - "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" - }, - "Identity Association for Non-temporary Address": { - "dhcpv6.option.type": "3", - "dhcpv6.option.length": "12", - "dhcpv6.option.value": "30:bf:34:7e:00:00:00:00:00:00:00:00", - "dhcpv6.iaid": "30bf347e", - "dhcpv6.iaid.t1": "0", - "dhcpv6.iaid.t2": "0" - }, - "Option Request": { - "dhcpv6.option.type": "6", - "dhcpv6.option.length": "6", - "dhcpv6.option.value": "00:17:00:18:00:1f", - "dhcpv6.requested_option_code": "23", - "dhcpv6.requested_option_code": "24", - "dhcpv6.requested_option_code": "31" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:08.600704000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494348.600704000", - "frame.time_delta": "0.134234000", - "frame.time_delta_displayed": "0.134234000", - "frame.time_relative": "757.140018000", - "frame.number": "2675", - "frame.len": "115", - "frame.cap_len": "115", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "101", - "ip.id": "0x0000953e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007810", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "49", - "tcp.seq": "16420", - "tcp.nxtseq": "16469", - "tcp.ack": "2587", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00007b9a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:d8:b0:a7:9d:ce:00", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2480304, TSecr 2812136960": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2480304", - "tcp.options.timestamp.tsecr": "2812136960" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "49", - "tcp.analysis.push_bytes_sent": "49" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "44", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:d1:2e:5c:0a:63:8d:61:a6:25:13:58:53:c2:0b:0e:74:2d:27:6a:39:44:60:9b:d8:41:0d:d3:f0:98:c4:aa:46:54:b3:31:13:a3" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:08.604660000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494348.604660000", - "frame.time_delta": "0.003956000", - "frame.time_delta_displayed": "0.003956000", - "frame.time_relative": "757.143974000", - "frame.number": "2676", - "frame.len": "158", - "frame.cap_len": "158", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" - }, - "eth": { - "eth.dst": "33:33:00:01:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:02", - "eth.addr": "33:33:00:01:00:02", - "eth.addr_resolved": "IPv6mcast_01:00:02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "104", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::1:2", - "ipv6.addr": "ff02::1:2", - "ipv6.dst_host": "ff02::1:2", - "ipv6.host": "ff02::1:2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "546", - "udp.dstport": "547", - "udp.port": "546", - "udp.port": "547", - "udp.length": "104", - "udp.checksum": "0x00005502", - "udp.checksum.status": "2", - "udp.stream": "15" - }, - "dhcpv6": { - "dhcpv6.msgtype": "3", - "dhcpv6.xid": "0x0084bc8e", - "Elapsed time": { - "dhcpv6.option.type": "8", - "dhcpv6.option.length": "2", - "dhcpv6.option.value": "00:00", - "dhcpv6.elapsed_time": "0" - }, - "Server Identifier": { - "dhcpv6.option.type": "2", - "dhcpv6.option.length": "10", - "dhcpv6.option.value": "00:03:00:01:b0:b9:8a:73:69:8e", - "dhcpv6.duid.bytes": "00:03:00:01:b0:b9:8a:73:69:8e", - "dhcpv6.duid.type": "3", - "dhcpv6.duidll.hwtype": "1", - "dhcpv6.duidll.link_layer_addr": "b0:b9:8a:73:69:8e" - }, - "Client Identifier": { - "dhcpv6.option.type": "1", - "dhcpv6.option.length": "14", - "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.type": "1", - "dhcpv6.duidllt.hwtype": "1", - "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", - "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" - }, - "Identity Association for Non-temporary Address": { - "dhcpv6.option.type": "3", - "dhcpv6.option.length": "40", - "dhcpv6.option.value": "30:bf:34:7e:00:00:54:60:00:00:87:00:00:05:00:18:fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", - "dhcpv6.iaid": "30bf347e", - "dhcpv6.iaid.t1": "21600", - "dhcpv6.iaid.t2": "34560", - "IA Address": { - "dhcpv6.option.type": "5", - "dhcpv6.option.length": "24", - "dhcpv6.option.value": "fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", - "dhcpv6.iaaddr.ip": "fd1e:4e89:3b7b::101", - "dhcpv6.iaaddr.pref_lifetime": "0", - "dhcpv6.iaaddr.valid_lifetime": "0" - } - }, - "Option Request": { - "dhcpv6.option.type": "6", - "dhcpv6.option.length": "6", - "dhcpv6.option.value": "00:17:00:18:00:1f", - "dhcpv6.requested_option_code": "23", - "dhcpv6.requested_option_code": "24", - "dhcpv6.requested_option_code": "31" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:08.660879000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494348.660879000", - "frame.time_delta": "0.056219000", - "frame.time_delta_displayed": "0.056219000", - "frame.time_relative": "757.200193000", - "frame.number": "2677", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c2a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003955", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "2587", - "tcp.ack": "16469", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000a6a4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9d:de:c9:00:25:d8:b0", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812141257, TSecr 2480304": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812141257", - "tcp.options.timestamp.tsecr": "2480304" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2675", - "tcp.analysis.ack_rtt": "0.060175000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:08.661642000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494348.661642000", - "frame.time_delta": "0.000763000", - "frame.time_delta_displayed": "0.000763000", - "frame.time_relative": "757.200956000", - "frame.number": "2678", - "frame.len": "78", - "frame.cap_len": "78", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:ff:00:01:01", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_ff:00:01:01", - "eth.addr": "33:33:ff:00:01:01", - "eth.addr_resolved": "IPv6mcast_ff:00:01:01", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "24", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "::", - "ipv6.addr": "::", - "ipv6.src_host": "::", - "ipv6.host": "::", - "ipv6.dst": "ff02::1:ff00:101", - "ipv6.addr": "ff02::1:ff00:101", - "ipv6.dst_host": "ff02::1:ff00:101", - "ipv6.host": "ff02::1:ff00:101", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "135", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000f182", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00:00:00", - "icmpv6.nd.ns.target_address": "fd1e:4e89:3b7b::101" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:08.661733000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494348.661733000", - "frame.time_delta": "0.000091000", - "frame.time_delta_displayed": "0.000091000", - "frame.time_relative": "757.201047000", - "frame.number": "2679", - "frame.len": "121", - "frame.cap_len": "121", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "107", - "ip.id": "0x00002c2b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000391d", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "55", - "tcp.seq": "2587", - "tcp.nxtseq": "2642", - "tcp.ack": "16469", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000888c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9d:de:c9:00:25:d8:b0", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812141257, TSecr 2480304": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812141257", - "tcp.options.timestamp.tsecr": "2480304" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "55", - "tcp.analysis.push_bytes_sent": "55" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "50", - "ssl.app_data": "34:cd:34:17:47:48:0e:4e:9e:76:0a:f0:8f:0d:9a:09:7e:e2:1d:e6:ec:ec:12:e8:47:91:3e:b3:8a:e6:25:7e:6b:fc:a5:da:d8:8c:28:ae:38:0a:72:4c:66:ad:22:b6:2a:c6" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:08.671702000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494348.671702000", - "frame.time_delta": "0.009969000", - "frame.time_delta_displayed": "0.009969000", - "frame.time_relative": "757.211016000", - "frame.number": "2680", - "frame.len": "110", - "frame.cap_len": "110", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "56", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000effa", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "2", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:08.697567000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494348.697567000", - "frame.time_delta": "0.025865000", - "frame.time_delta_displayed": "0.025865000", - "frame.time_relative": "757.236881000", - "frame.number": "2681", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000953f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007840", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "16469", - "tcp.ack": "2642", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000a574", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:d8:ba:a7:9d:de:c9", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2480314, TSecr 2812141257": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2480314", - "tcp.options.timestamp.tsecr": "2812141257" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2679", - "tcp.analysis.ack_rtt": "0.035834000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:09.004128000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494349.004128000", - "frame.time_delta": "0.306561000", - "frame.time_delta_displayed": "0.306561000", - "frame.time_relative": "757.543442000", - "frame.number": "2682", - "frame.len": "136", - "frame.cap_len": "136", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "122", - "ip.id": "0x00004ef3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00008a66", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "102", - "udp.checksum": "0x0000302a", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000003", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", - "dns.qry.name.len": "70", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:09.674052000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494349.674052000", - "frame.time_delta": "0.669924000", - "frame.time_delta_displayed": "0.669924000", - "frame.time_relative": "758.213366000", - "frame.number": "2683", - "frame.len": "62", - "frame.cap_len": "62", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_02", - "eth.addr": "33:33:00:00:00:02", - "eth.addr_resolved": "IPv6mcast_02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "8", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "::", - "ipv6.addr": "::", - "ipv6.src_host": "::", - "ipv6.host": "::", - "ipv6.dst": "ff02::2", - "ipv6.addr": "ff02::2", - "ipv6.dst_host": "ff02::2", - "ipv6.host": "ff02::2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "133", - "icmpv6.code": "0", - "icmpv6.checksum": "0x00007bb8", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:09.676408000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494349.676408000", - "frame.time_delta": "0.002356000", - "frame.time_delta_displayed": "0.002356000", - "frame.time_relative": "758.215722000", - "frame.number": "2684", - "frame.len": "174", - "frame.cap_len": "174", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:01", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01", - "eth.addr": "33:33:00:00:00:01", - "eth.addr_resolved": "IPv6mcast_01", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00016898", - "ipv6.plen": "120", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "fe80::b2b9:8aff:fe73:698e", - "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.dst": "ff02::1", - "ipv6.addr": "ff02::1", - "ipv6.dst_host": "ff02::1", - "ipv6.host": "ff02::1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "134", - "icmpv6.code": "0", - "icmpv6.checksum": "0x00006442", - "icmpv6.checksum.status": "1", - "icmpv6.nd.ra.cur_hop_limit": "64", - "icmpv6.nd.ra.flag": "0x000000c0", - "icmpv6.nd.ra.flag_tree": { - "icmpv6.nd.ra.flag.m": "1", - "icmpv6.nd.ra.flag.o": "1", - "icmpv6.nd.ra.flag.h": "0", - "icmpv6.nd.ra.flag.prf": "0", - "icmpv6.nd.ra.flag.p": "0", - "icmpv6.nd.ra.flag.rsv": "0" - }, - "icmpv6.nd.ra.router_lifetime": "0", - "icmpv6.nd.ra.reachable_time": "0", - "icmpv6.nd.ra.retrans_timer": "0", - "icmpv6.opt": { - "icmpv6.opt.type": "1", - "icmpv6.opt.length": "1", - "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", - "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "5", - "icmpv6.opt.length": "1", - "icmpv6.opt.reserved": "", - "icmpv6.opt.mtu": "1500" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "3", - "icmpv6.opt.length": "4", - "icmpv6.opt.prefix.length": "64", - "icmpv6.opt.prefix.flag": "0x000000c0", - "icmpv6.opt.prefix.flag_tree": { - "icmpv6.opt.prefix.flag.l": "1", - "icmpv6.opt.prefix.flag.a": "1", - "icmpv6.opt.prefix.flag.r": "0", - "icmpv6.opt.prefix.flag.reserved": "0" - }, - "icmpv6.opt.prefix.valid_lifetime": "4294967295", - "icmpv6.opt.prefix.preferred_lifetime": "4294967295", - "icmpv6.opt.reserved": "", - "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "24", - "icmpv6.opt.length": "3", - "icmpv6.opt.prefix.length": "48", - "icmpv6.opt.route_info.flag": "0x00000000", - "icmpv6.opt.route_info.flag_tree": { - "icmpv6.opt.route_info.flag.route_preference": "0", - "icmpv6.opt.route_info.flag.reserved": "0" - }, - "icmpv6.opt.route_lifetime": "4294967295", - "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "25", - "icmpv6.opt.length": "3", - "icmpv6.opt.reserved": "", - "icmpv6.opt.rdnss.lifetime": "6000", - "icmpv6.opt.rdnss": "fd1e:4e89:3b7b::1" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "7", - "icmpv6.opt.length": "1", - "icmpv6.opt.reserved": "", - "icmpv6.opt.advertisement_interval": "600000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:09.681618000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494349.681618000", - "frame.time_delta": "0.005210000", - "frame.time_delta_displayed": "0.005210000", - "frame.time_relative": "758.220932000", - "frame.number": "2685", - "frame.len": "150", - "frame.cap_len": "150", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "96", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000b490", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "4", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::fb" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:09.720778000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494349.720778000", - "frame.time_delta": "0.039160000", - "frame.time_delta_displayed": "0.039160000", - "frame.time_relative": "758.260092000", - "frame.number": "2686", - "frame.len": "150", - "frame.cap_len": "150", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "96", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000b590", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "4", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::fb" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:10.515326000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494350.515326000", - "frame.time_delta": "0.794548000", - "frame.time_delta_displayed": "0.794548000", - "frame.time_relative": "759.054640000", - "frame.number": "2687", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" - }, - "eth": { - "eth.dst": "33:33:00:01:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:02", - "eth.addr": "33:33:00:01:00:02", - "eth.addr_resolved": "IPv6mcast_01:00:02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "66", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::1:2", - "ipv6.addr": "ff02::1:2", - "ipv6.dst_host": "ff02::1:2", - "ipv6.host": "ff02::1:2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "546", - "udp.dstport": "547", - "udp.port": "546", - "udp.port": "547", - "udp.length": "66", - "udp.checksum": "0x00009ba9", - "udp.checksum.status": "2", - "udp.stream": "15" - }, - "dhcpv6": { - "dhcpv6.msgtype": "1", - "dhcpv6.xid": "0x006e80c5", - "Elapsed time": { - "dhcpv6.option.type": "8", - "dhcpv6.option.length": "2", - "dhcpv6.option.value": "00:00", - "dhcpv6.elapsed_time": "0" - }, - "Rapid Commit": { - "dhcpv6.option.type": "14", - "dhcpv6.option.length": "0" - }, - "Client Identifier": { - "dhcpv6.option.type": "1", - "dhcpv6.option.length": "14", - "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.type": "1", - "dhcpv6.duidllt.hwtype": "1", - "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", - "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" - }, - "Identity Association for Non-temporary Address": { - "dhcpv6.option.type": "3", - "dhcpv6.option.length": "12", - "dhcpv6.option.value": "30:bf:34:7e:00:00:00:00:00:00:00:00", - "dhcpv6.iaid": "30bf347e", - "dhcpv6.iaid.t1": "0", - "dhcpv6.iaid.t2": "0" - }, - "Option Request": { - "dhcpv6.option.type": "6", - "dhcpv6.option.length": "6", - "dhcpv6.option.value": "00:17:00:18:00:1f", - "dhcpv6.requested_option_code": "23", - "dhcpv6.requested_option_code": "24", - "dhcpv6.requested_option_code": "31" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:10.524963000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494350.524963000", - "frame.time_delta": "0.009637000", - "frame.time_delta_displayed": "0.009637000", - "frame.time_relative": "759.064277000", - "frame.number": "2688", - "frame.len": "158", - "frame.cap_len": "158", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" - }, - "eth": { - "eth.dst": "33:33:00:01:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:02", - "eth.addr": "33:33:00:01:00:02", - "eth.addr_resolved": "IPv6mcast_01:00:02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "104", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::1:2", - "ipv6.addr": "ff02::1:2", - "ipv6.dst_host": "ff02::1:2", - "ipv6.host": "ff02::1:2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "546", - "udp.dstport": "547", - "udp.port": "546", - "udp.port": "547", - "udp.length": "104", - "udp.checksum": "0x00008ea2", - "udp.checksum.status": "2", - "udp.stream": "15" - }, - "dhcpv6": { - "dhcpv6.msgtype": "3", - "dhcpv6.xid": "0x0035833d", - "Elapsed time": { - "dhcpv6.option.type": "8", - "dhcpv6.option.length": "2", - "dhcpv6.option.value": "00:00", - "dhcpv6.elapsed_time": "0" - }, - "Server Identifier": { - "dhcpv6.option.type": "2", - "dhcpv6.option.length": "10", - "dhcpv6.option.value": "00:03:00:01:b0:b9:8a:73:69:8e", - "dhcpv6.duid.bytes": "00:03:00:01:b0:b9:8a:73:69:8e", - "dhcpv6.duid.type": "3", - "dhcpv6.duidll.hwtype": "1", - "dhcpv6.duidll.link_layer_addr": "b0:b9:8a:73:69:8e" - }, - "Client Identifier": { - "dhcpv6.option.type": "1", - "dhcpv6.option.length": "14", - "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.type": "1", - "dhcpv6.duidllt.hwtype": "1", - "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", - "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" - }, - "Identity Association for Non-temporary Address": { - "dhcpv6.option.type": "3", - "dhcpv6.option.length": "40", - "dhcpv6.option.value": "30:bf:34:7e:00:00:54:60:00:00:87:00:00:05:00:18:fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", - "dhcpv6.iaid": "30bf347e", - "dhcpv6.iaid.t1": "21600", - "dhcpv6.iaid.t2": "34560", - "IA Address": { - "dhcpv6.option.type": "5", - "dhcpv6.option.length": "24", - "dhcpv6.option.value": "fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", - "dhcpv6.iaaddr.ip": "fd1e:4e89:3b7b::101", - "dhcpv6.iaaddr.pref_lifetime": "0", - "dhcpv6.iaaddr.valid_lifetime": "0" - } - }, - "Option Request": { - "dhcpv6.option.type": "6", - "dhcpv6.option.length": "6", - "dhcpv6.option.value": "00:17:00:18:00:1f", - "dhcpv6.requested_option_code": "23", - "dhcpv6.requested_option_code": "24", - "dhcpv6.requested_option_code": "31" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:10.535878000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494350.535878000", - "frame.time_delta": "0.010915000", - "frame.time_delta_displayed": "0.010915000", - "frame.time_relative": "759.075192000", - "frame.number": "2689", - "frame.len": "78", - "frame.cap_len": "78", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:ff:00:01:01", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_ff:00:01:01", - "eth.addr": "33:33:ff:00:01:01", - "eth.addr_resolved": "IPv6mcast_ff:00:01:01", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "24", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "::", - "ipv6.addr": "::", - "ipv6.src_host": "::", - "ipv6.host": "::", - "ipv6.dst": "ff02::1:ff00:101", - "ipv6.addr": "ff02::1:ff00:101", - "ipv6.dst_host": "ff02::1:ff00:101", - "ipv6.host": "ff02::1:ff00:101", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "135", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000f182", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00:00:00", - "icmpv6.nd.ns.target_address": "fd1e:4e89:3b7b::101" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:10.540852000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494350.540852000", - "frame.time_delta": "0.004974000", - "frame.time_delta_displayed": "0.004974000", - "frame.time_relative": "759.080166000", - "frame.number": "2690", - "frame.len": "110", - "frame.cap_len": "110", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "56", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000effa", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "2", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:10.588668000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494350.588668000", - "frame.time_delta": "0.047816000", - "frame.time_delta_displayed": "0.047816000", - "frame.time_relative": "759.127982000", - "frame.number": "2691", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d90", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000ba60", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00000f94", - "udp.checksum.status": "2", - "udp.stream": "16" - }, - "mdns": { - "dns.id": "0x0000026e", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=622", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:10.589209000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494350.589209000", - "frame.time_delta": "0.000541000", - "frame.time_delta_displayed": "0.000541000", - "frame.time_relative": "759.128523000", - "frame.number": "2692", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d91", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009b5b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f08f", - "udp.checksum.status": "2", - "udp.stream": "17" - }, - "mdns": { - "dns.id": "0x0000026e", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=622", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:10.589827000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494350.589827000", - "frame.time_delta": "0.000618000", - "frame.time_delta_displayed": "0.000618000", - "frame.time_relative": "759.129141000", - "frame.number": "2693", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1319", - "udp.dstport": "5353", - "udp.port": "1319", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00007e55", - "udp.checksum.status": "2", - "udp.stream": "18" - }, - "mdns": { - "dns.id": "0x0000026e", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=622", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:11.474202000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494351.474202000", - "frame.time_delta": "0.884375000", - "frame.time_delta_displayed": "0.884375000", - "frame.time_relative": "760.013516000", - "frame.number": "2694", - "frame.len": "353", - "frame.cap_len": "353", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "339", - "ip.id": "0x00002c2c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003834", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "287", - "tcp.seq": "2642", - "tcp.nxtseq": "2929", - "tcp.ack": "16469", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000a6a8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9d:e1:88:00:25:d8:ba", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812141960, TSecr 2480314": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812141960", - "tcp.options.timestamp.tsecr": "2480314" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "287", - "tcp.analysis.push_bytes_sent": "287" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "282", - "ssl.app_data": "34:cd:34:17:47:48:0e:4f:f8:95:53:fd:f4:80:95:08:e4:9c:98:2d:4e:da:f8:32:45:ca:69:f6:eb:7c:63:76:fc:5f:c3:57:51:f2:1e:0d:6e:db:95:48:1d:f9:41:c8:d1:4b:01:56:49:51:c2:a8:a2:7b:25:89:cf:00:3d:58:94:b4:5e:31:24:f5:fe:f2:08:3a:f8:cb:ee:05:25:1a:37:0e:f1:eb:40:8a:90:b8:01:8b:e2:cd:d5:5b:2a:07:05:83:76:aa:c1:7a:f8:b8:41:b4:56:78:c4:54:04:0f:5b:12:69:56:70:1a:fb:d9:3b:ce:8e:a4:00:59:b5:fc:c5:f3:b0:37:e9:ae:81:c6:5d:29:1a:fe:fd:24:43:06:e5:dd:19:7f:e4:1b:52:ff:85:c8:32:db:b4:fc:c3:47:0f:23:85:6c:62:f8:8a:e4:3b:49:ae:f3:55:62:05:7d:b9:d3:af:9a:e8:79:12:d7:64:4e:47:ed:cb:ad:45:6f:74:aa:28:9c:84:d4:df:ac:48:3f:fc:85:b9:39:ee:67:93:bc:58:85:45:06:e8:d1:39:27:7e:46:88:20:fb:31:a4:1a:e0:f4:77:22:72:de:de:68:5d:3b:14:0c:e0:66:a0:36:7a:56:aa:c1:89:36:3d:69:35:99:82:27:8b:75:36:13:05:8c:de:2a:52:11:4e:b7:13:54:22:e6:07:db:73:4a:b7:74:1b:49:5f:81:a7:8c" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:11.474707000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494351.474707000", - "frame.time_delta": "0.000505000", - "frame.time_delta_displayed": "0.000505000", - "frame.time_relative": "760.014021000", - "frame.number": "2695", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00009540", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000783f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "16469", - "tcp.ack": "2929", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000a081", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:d9:cf:a7:9d:e1:88", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2480591, TSecr 2812141960": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2480591", - "tcp.options.timestamp.tsecr": "2812141960" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2694", - "tcp.analysis.ack_rtt": "0.000505000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:11.490117000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494351.490117000", - "frame.time_delta": "0.015410000", - "frame.time_delta_displayed": "0.015410000", - "frame.time_relative": "760.029431000", - "frame.number": "2696", - "frame.len": "119", - "frame.cap_len": "119", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "105", - "ip.id": "0x00009541", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007809", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "53", - "tcp.seq": "16469", - "tcp.nxtseq": "16522", - "tcp.ack": "2929", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000675f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:d9:d1:a7:9d:e1:88", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2480593, TSecr 2812141960": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2480593", - "tcp.options.timestamp.tsecr": "2812141960" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "53", - "tcp.analysis.push_bytes_sent": "53" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "48", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:d2:4f:2b:9e:a9:6a:b9:3e:ac:96:e8:b7:a0:a4:0a:37:c0:d7:e9:4f:41:56:61:1e:21:ee:30:b5:4c:f9:e0:d8:c8:4f:bb:47:85:84:45:d4:76" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:11.555096000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494351.555096000", - "frame.time_delta": "0.064979000", - "frame.time_delta_displayed": "0.064979000", - "frame.time_relative": "760.094410000", - "frame.number": "2697", - "frame.len": "62", - "frame.cap_len": "62", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_02", - "eth.addr": "33:33:00:00:00:02", - "eth.addr_resolved": "IPv6mcast_02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "8", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "::", - "ipv6.addr": "::", - "ipv6.src_host": "::", - "ipv6.host": "::", - "ipv6.dst": "ff02::2", - "ipv6.addr": "ff02::2", - "ipv6.dst_host": "ff02::2", - "ipv6.host": "ff02::2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "133", - "icmpv6.code": "0", - "icmpv6.checksum": "0x00007bb8", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:11.557369000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494351.557369000", - "frame.time_delta": "0.002273000", - "frame.time_delta_displayed": "0.002273000", - "frame.time_relative": "760.096683000", - "frame.number": "2698", - "frame.len": "174", - "frame.cap_len": "174", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:01", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01", - "eth.addr": "33:33:00:00:00:01", - "eth.addr_resolved": "IPv6mcast_01", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00016898", - "ipv6.plen": "120", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "fe80::b2b9:8aff:fe73:698e", - "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.dst": "ff02::1", - "ipv6.addr": "ff02::1", - "ipv6.dst_host": "ff02::1", - "ipv6.host": "ff02::1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "134", - "icmpv6.code": "0", - "icmpv6.checksum": "0x00006442", - "icmpv6.checksum.status": "1", - "icmpv6.nd.ra.cur_hop_limit": "64", - "icmpv6.nd.ra.flag": "0x000000c0", - "icmpv6.nd.ra.flag_tree": { - "icmpv6.nd.ra.flag.m": "1", - "icmpv6.nd.ra.flag.o": "1", - "icmpv6.nd.ra.flag.h": "0", - "icmpv6.nd.ra.flag.prf": "0", - "icmpv6.nd.ra.flag.p": "0", - "icmpv6.nd.ra.flag.rsv": "0" - }, - "icmpv6.nd.ra.router_lifetime": "0", - "icmpv6.nd.ra.reachable_time": "0", - "icmpv6.nd.ra.retrans_timer": "0", - "icmpv6.opt": { - "icmpv6.opt.type": "1", - "icmpv6.opt.length": "1", - "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", - "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "5", - "icmpv6.opt.length": "1", - "icmpv6.opt.reserved": "", - "icmpv6.opt.mtu": "1500" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "3", - "icmpv6.opt.length": "4", - "icmpv6.opt.prefix.length": "64", - "icmpv6.opt.prefix.flag": "0x000000c0", - "icmpv6.opt.prefix.flag_tree": { - "icmpv6.opt.prefix.flag.l": "1", - "icmpv6.opt.prefix.flag.a": "1", - "icmpv6.opt.prefix.flag.r": "0", - "icmpv6.opt.prefix.flag.reserved": "0" - }, - "icmpv6.opt.prefix.valid_lifetime": "4294967295", - "icmpv6.opt.prefix.preferred_lifetime": "4294967295", - "icmpv6.opt.reserved": "", - "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "24", - "icmpv6.opt.length": "3", - "icmpv6.opt.prefix.length": "48", - "icmpv6.opt.route_info.flag": "0x00000000", - "icmpv6.opt.route_info.flag_tree": { - "icmpv6.opt.route_info.flag.route_preference": "0", - "icmpv6.opt.route_info.flag.reserved": "0" - }, - "icmpv6.opt.route_lifetime": "4294967295", - "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "25", - "icmpv6.opt.length": "3", - "icmpv6.opt.reserved": "", - "icmpv6.opt.rdnss.lifetime": "6000", - "icmpv6.opt.rdnss": "fd1e:4e89:3b7b::1" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "7", - "icmpv6.opt.length": "1", - "icmpv6.opt.reserved": "", - "icmpv6.opt.advertisement_interval": "600000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:11.600920000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494351.600920000", - "frame.time_delta": "0.043551000", - "frame.time_delta_displayed": "0.043551000", - "frame.time_relative": "760.140234000", - "frame.number": "2699", - "frame.len": "150", - "frame.cap_len": "150", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "96", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000b490", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "4", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::fb" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:11.601095000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494351.601095000", - "frame.time_delta": "0.000175000", - "frame.time_delta_displayed": "0.000175000", - "frame.time_relative": "760.140409000", - "frame.number": "2700", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c2d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003952", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "2929", - "tcp.ack": "16522", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000a11c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9d:e1:a5:00:25:d9:d1", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812141989, TSecr 2480593": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812141989", - "tcp.options.timestamp.tsecr": "2480593" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2696", - "tcp.analysis.ack_rtt": "0.110978000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:11.601634000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494351.601634000", - "frame.time_delta": "0.000539000", - "frame.time_delta_displayed": "0.000539000", - "frame.time_relative": "760.140948000", - "frame.number": "2701", - "frame.len": "764", - "frame.cap_len": "764", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "750", - "ip.id": "0x00009542", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007583", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "698", - "tcp.seq": "16522", - "tcp.nxtseq": "17220", - "tcp.ack": "2929", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00008c8f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:d9:dc:a7:9d:e1:a5", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2480604, TSecr 2812141989": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2480604", - "tcp.options.timestamp.tsecr": "2812141989" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "698", - "tcp.analysis.push_bytes_sent": "698" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:d3:2b:ea:b9:48:cd:9e:06:82:19:3f:1c:3b:00:fe:12:36:c2:f4:2b:85:25:bc:f3:2e:10:37:3d:22:b5:5e:f2:e1:f2:6e:04:03:17:3e:8a:55:26" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "96", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:d4:9e:8b:be:20:df:67:26:71:0c:fe:20:ee:e3:98:38:db:46:82:fb:e7:83:bc:9e:3a:c4:66:f5:d3:4c:3e:7e:2a:30:db:ee:d3:2f:84:e4:66:f6:5e:bf:99:04:bc:50:fb:d8:36:ee:a6:b7:45:5f:6e:5c:2c:0f:06:20:ef:bb:46:ca:86:aa:ff:5f:5d:2d:aa:17:1c:99:4d:55:32:f2:3c:f5:8f:dc:a5:96:b5:be:63" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "538", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:d5:74:18:ad:a0:3a:95:d0:75:9a:ed:84:51:47:32:a8:da:94:61:01:35:d5:cd:91:74:55:aa:0c:3f:c5:72:2f:49:bf:8d:1d:51:d4:2c:1f:c1:3d:2c:34:b4:04:94:11:99:91:3a:c6:34:ca:83:16:52:ca:8f:00:5e:ca:69:7c:73:85:61:80:6b:62:6e:87:ed:b4:7d:80:f2:63:01:3c:e6:d7:75:e8:8c:62:01:dc:66:18:52:56:2a:67:64:c7:88:3b:34:46:2d:06:fe:45:47:e6:46:44:2f:8e:b9:c3:a4:40:39:47:6b:b8:12:7c:f6:b8:42:03:f7:b2:8f:5a:22:25:8d:d2:cc:b5:92:a8:84:ac:18:d4:b1:c3:11:f1:59:0a:2b:e4:b0:1a:79:01:83:92:8d:33:9e:a3:12:db:89:86:6e:40:35:fe:bf:0c:4a:ce:b1:db:66:1f:f9:78:8a:ea:9f:24:c4:69:61:3e:e3:90:96:8e:66:eb:e1:d8:6b:17:93:3e:7c:4f:0d:2b:b2:c9:e2:15:87:8d:4b:e0:de:87:f7:e0:60:ce:3f:fe:dc:48:95:34:94:5e:3b:70:92:d6:87:53:d2:cf:63:90:10:1e:19:7f:71:f0:a8:d3:9f:2d:23:11:c5:7f:67:24:b9:ce:99:f2:15:86:0e:0d:ac:ae:15:56:0f:93:c6:dd:96:d6:cd:87:f6:19:40:ee:06:18:69:c8:5e:7a:8b:80:2a:8a:aa:73:56:e4:33:ef:b7:58:28:45:f2:96:02:96:cb:84:3a:62:da:fe:10:20:39:53:1f:c5:36:98:ac:4c:3d:dd:a1:37:e2:08:c5:6d:2c:a4:26:fb:aa:c2:8b:26:30:f5:52:d7:6d:f1:67:b6:9e:65:31:6a:dc:77:0a:4b:7b:6e:65:68:02:f4:f3:6c:71:3a:71:04:e4:2e:32:5a:ab:a4:93:12:74:d5:b2:f4:4b:da:a3:5d:b9:60:6a:54:95:50:a4:af:06:28:f5:b4:e9:1c:ff:c6:c7:5f:40:48:3e:31:35:b2:81:d7:61:bf:77:c4:02:31:6e:12:46:dd:9f:6b:a0:54:d1:4b:29:11:da:f5:f5:8f:3b:92:99:52:84:87:26:cc:3c:38:8b:fa:56:10:5b:0d:f4:2f:b0:4f:3e:6e:e4:4b:48:fc:c3:97:c8:05:67:48:a9:93:a9:e5:92:52:36:63:0b:3c:77:64:36:db:10:96:20:1e:82:06:2d:08:ff:ea:40:96:37:51:ab:14:e9:95:4b:d0:a5:0e:40:9a:9f:41:6f:4b:44:26:c6:46:c8:dc:92:be:c9:e3:71:71:11:d7:4c:10:e5:c7:08:84:3c:be:38:37:c2:b6:4a:6c:25:64:58:9e:b2:ef:1b:f0:86" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:11.661871000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494351.661871000", - "frame.time_delta": "0.060237000", - "frame.time_delta_displayed": "0.060237000", - "frame.time_relative": "760.201185000", - "frame.number": "2702", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c2e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003951", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "2929", - "tcp.ack": "17220", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00009e45", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9d:e1:b7:00:25:d9:dc", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812142007, TSecr 2480604": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812142007", - "tcp.options.timestamp.tsecr": "2480604" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2701", - "tcp.analysis.ack_rtt": "0.060237000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:11.781765000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494351.781765000", - "frame.time_delta": "0.119894000", - "frame.time_delta_displayed": "0.119894000", - "frame.time_relative": "760.321079000", - "frame.number": "2703", - "frame.len": "150", - "frame.cap_len": "150", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "96", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000b590", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "4", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::fb" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:11.889457000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494351.889457000", - "frame.time_delta": "0.107692000", - "frame.time_delta_displayed": "0.107692000", - "frame.time_relative": "760.428771000", - "frame.number": "2704", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "106", - "ip.id": "0x00009543", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007806", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "54", - "tcp.seq": "17220", - "tcp.nxtseq": "17274", - "tcp.ack": "2929", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000066a1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:d9:f9:a7:9d:e1:b7", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2480633, TSecr 2812142007": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2480633", - "tcp.options.timestamp.tsecr": "2812142007" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "54", - "tcp.analysis.push_bytes_sent": "54" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:d6:89:8b:b1:a0:2f:51:54:e2:34:b9:93:0f:43:94:d9:6e:4f:87:7f:a1:71:f3:b5:09:e0:00:93:a3:e0:af:43:23:65:c6:43:af:b7:7b:fe:9d:a9" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:11.949679000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494351.949679000", - "frame.time_delta": "0.060222000", - "frame.time_delta_displayed": "0.060222000", - "frame.time_relative": "760.488993000", - "frame.number": "2705", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c2f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003950", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "2929", - "tcp.ack": "17274", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00009daa", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9d:e1:ff:00:25:d9:f9", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812142079, TSecr 2480633": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812142079", - "tcp.options.timestamp.tsecr": "2480633" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2704", - "tcp.analysis.ack_rtt": "0.060222000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:12.631122000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494352.631122000", - "frame.time_delta": "0.681443000", - "frame.time_delta_displayed": "0.681443000", - "frame.time_relative": "761.170436000", - "frame.number": "2706", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" - }, - "eth": { - "eth.dst": "33:33:00:01:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:02", - "eth.addr": "33:33:00:01:00:02", - "eth.addr_resolved": "IPv6mcast_01:00:02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "66", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::1:2", - "ipv6.addr": "ff02::1:2", - "ipv6.dst_host": "ff02::1:2", - "ipv6.host": "ff02::1:2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "546", - "udp.dstport": "547", - "udp.port": "546", - "udp.port": "547", - "udp.length": "66", - "udp.checksum": "0x0000500e", - "udp.checksum.status": "2", - "udp.stream": "15" - }, - "dhcpv6": { - "dhcpv6.msgtype": "1", - "dhcpv6.xid": "0x006fcc5f", - "Elapsed time": { - "dhcpv6.option.type": "8", - "dhcpv6.option.length": "2", - "dhcpv6.option.value": "00:00", - "dhcpv6.elapsed_time": "0" - }, - "Rapid Commit": { - "dhcpv6.option.type": "14", - "dhcpv6.option.length": "0" - }, - "Client Identifier": { - "dhcpv6.option.type": "1", - "dhcpv6.option.length": "14", - "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.type": "1", - "dhcpv6.duidllt.hwtype": "1", - "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", - "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" - }, - "Identity Association for Non-temporary Address": { - "dhcpv6.option.type": "3", - "dhcpv6.option.length": "12", - "dhcpv6.option.value": "30:bf:34:7e:00:00:00:00:00:00:00:00", - "dhcpv6.iaid": "30bf347e", - "dhcpv6.iaid.t1": "0", - "dhcpv6.iaid.t2": "0" - }, - "Option Request": { - "dhcpv6.option.type": "6", - "dhcpv6.option.length": "6", - "dhcpv6.option.value": "00:17:00:18:00:1f", - "dhcpv6.requested_option_code": "23", - "dhcpv6.requested_option_code": "24", - "dhcpv6.requested_option_code": "31" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:12.642280000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494352.642280000", - "frame.time_delta": "0.011158000", - "frame.time_delta_displayed": "0.011158000", - "frame.time_relative": "761.181594000", - "frame.number": "2707", - "frame.len": "158", - "frame.cap_len": "158", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" - }, - "eth": { - "eth.dst": "33:33:00:01:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:02", - "eth.addr": "33:33:00:01:00:02", - "eth.addr_resolved": "IPv6mcast_01:00:02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "104", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::1:2", - "ipv6.addr": "ff02::1:2", - "ipv6.dst_host": "ff02::1:2", - "ipv6.host": "ff02::1:2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "546", - "udp.dstport": "547", - "udp.port": "546", - "udp.port": "547", - "udp.length": "104", - "udp.checksum": "0x00007edd", - "udp.checksum.status": "2", - "udp.stream": "15" - }, - "dhcpv6": { - "dhcpv6.msgtype": "3", - "dhcpv6.xid": "0x000f9328", - "Elapsed time": { - "dhcpv6.option.type": "8", - "dhcpv6.option.length": "2", - "dhcpv6.option.value": "00:00", - "dhcpv6.elapsed_time": "0" - }, - "Server Identifier": { - "dhcpv6.option.type": "2", - "dhcpv6.option.length": "10", - "dhcpv6.option.value": "00:03:00:01:b0:b9:8a:73:69:8e", - "dhcpv6.duid.bytes": "00:03:00:01:b0:b9:8a:73:69:8e", - "dhcpv6.duid.type": "3", - "dhcpv6.duidll.hwtype": "1", - "dhcpv6.duidll.link_layer_addr": "b0:b9:8a:73:69:8e" - }, - "Client Identifier": { - "dhcpv6.option.type": "1", - "dhcpv6.option.length": "14", - "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.type": "1", - "dhcpv6.duidllt.hwtype": "1", - "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", - "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" - }, - "Identity Association for Non-temporary Address": { - "dhcpv6.option.type": "3", - "dhcpv6.option.length": "40", - "dhcpv6.option.value": "30:bf:34:7e:00:00:54:60:00:00:87:00:00:05:00:18:fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", - "dhcpv6.iaid": "30bf347e", - "dhcpv6.iaid.t1": "21600", - "dhcpv6.iaid.t2": "34560", - "IA Address": { - "dhcpv6.option.type": "5", - "dhcpv6.option.length": "24", - "dhcpv6.option.value": "fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", - "dhcpv6.iaaddr.ip": "fd1e:4e89:3b7b::101", - "dhcpv6.iaaddr.pref_lifetime": "0", - "dhcpv6.iaaddr.valid_lifetime": "0" - } - }, - "Option Request": { - "dhcpv6.option.type": "6", - "dhcpv6.option.length": "6", - "dhcpv6.option.value": "00:17:00:18:00:1f", - "dhcpv6.requested_option_code": "23", - "dhcpv6.requested_option_code": "24", - "dhcpv6.requested_option_code": "31" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:12.650714000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494352.650714000", - "frame.time_delta": "0.008434000", - "frame.time_delta_displayed": "0.008434000", - "frame.time_relative": "761.190028000", - "frame.number": "2708", - "frame.len": "78", - "frame.cap_len": "78", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:ff:00:01:01", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_ff:00:01:01", - "eth.addr": "33:33:ff:00:01:01", - "eth.addr_resolved": "IPv6mcast_ff:00:01:01", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "24", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "::", - "ipv6.addr": "::", - "ipv6.src_host": "::", - "ipv6.host": "::", - "ipv6.dst": "ff02::1:ff00:101", - "ipv6.addr": "ff02::1:ff00:101", - "ipv6.dst_host": "ff02::1:ff00:101", - "ipv6.host": "ff02::1:ff00:101", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "135", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000f182", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00:00:00", - "icmpv6.nd.ns.target_address": "fd1e:4e89:3b7b::101" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:12.660804000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494352.660804000", - "frame.time_delta": "0.010090000", - "frame.time_delta_displayed": "0.010090000", - "frame.time_relative": "761.200118000", - "frame.number": "2709", - "frame.len": "110", - "frame.cap_len": "110", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "56", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000effa", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "2", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:13.631349000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494353.631349000", - "frame.time_delta": "0.970545000", - "frame.time_delta_displayed": "0.970545000", - "frame.time_relative": "762.170663000", - "frame.number": "2710", - "frame.len": "354", - "frame.cap_len": "354", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "340", - "ip.id": "0x00002c30", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000382f", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "288", - "tcp.seq": "2929", - "tcp.nxtseq": "3217", - "tcp.ack": "17274", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000084cc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9d:e3:a4:00:25:d9:f9", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812142500, TSecr 2480633": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812142500", - "tcp.options.timestamp.tsecr": "2480633" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "288", - "tcp.analysis.push_bytes_sent": "288" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "283", - "ssl.app_data": "34:cd:34:17:47:48:0e:50:98:c5:43:26:45:a9:fe:74:00:5c:a6:27:b9:21:02:df:07:a6:1f:29:c7:7f:fb:2a:5c:d1:62:55:78:28:27:47:aa:02:1a:fd:bb:f9:ee:c7:b8:09:f3:fb:87:2a:07:1b:06:52:42:4a:91:c6:5d:8e:e9:be:bd:11:1c:02:15:62:6c:84:13:79:d7:38:81:30:f0:9f:bd:a6:3c:73:16:dc:f3:b9:63:0f:78:d8:19:c8:73:ba:a8:0c:1e:ac:a7:25:19:a3:6c:f2:21:77:b0:ad:0f:04:0e:9b:1b:cc:97:6b:de:29:f3:43:72:0c:dd:72:d7:a7:94:39:5b:04:17:46:e7:00:3d:bf:78:44:2f:12:1f:ae:fc:8d:08:66:d9:ba:f2:27:94:a8:f2:d6:1c:14:50:ba:fd:d1:a8:9d:5a:f7:a0:bf:70:7f:6e:59:3e:03:3b:3f:88:0b:13:09:08:17:0f:96:fb:a5:1e:d3:a0:70:01:dd:95:48:3d:5c:10:a0:b4:66:68:48:82:e7:1d:a2:e7:16:37:d4:61:40:4c:3f:dc:73:98:c4:57:1f:42:d7:da:7a:ef:6e:b1:34:a6:88:2e:b0:4d:15:af:53:7d:63:39:aa:43:2d:69:02:26:56:b1:40:4e:a0:47:b0:23:85:30:dc:02:75:76:77:42:ee:b0:2c:09:0d:0c:52:c6:d1:2c:cc:85:75:c9:ba:5f:38:9d:69:32" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:13.649233000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494353.649233000", - "frame.time_delta": "0.017884000", - "frame.time_delta_displayed": "0.017884000", - "frame.time_relative": "762.188547000", - "frame.number": "2711", - "frame.len": "119", - "frame.cap_len": "119", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "105", - "ip.id": "0x00009544", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007806", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "53", - "tcp.seq": "17274", - "tcp.nxtseq": "17327", - "tcp.ack": "3217", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000a8d7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:da:a9:a7:9d:e3:a4", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2480809, TSecr 2812142500": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2480809", - "tcp.options.timestamp.tsecr": "2812142500" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2710", - "tcp.analysis.ack_rtt": "0.017884000", - "tcp.analysis.bytes_in_flight": "53", - "tcp.analysis.push_bytes_sent": "53" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "48", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:d7:7b:60:e8:8d:60:15:2a:76:e4:ff:3e:b2:98:f0:a8:5b:43:97:b5:45:e5:51:74:32:96:17:e7:bb:8b:ec:fa:34:88:f8:0f:b0:00:2d:cf:6e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:13.680557000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494353.680557000", - "frame.time_delta": "0.031324000", - "frame.time_delta_displayed": "0.031324000", - "frame.time_relative": "762.219871000", - "frame.number": "2712", - "frame.len": "62", - "frame.cap_len": "62", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_02", - "eth.addr": "33:33:00:00:00:02", - "eth.addr_resolved": "IPv6mcast_02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "8", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "::", - "ipv6.addr": "::", - "ipv6.src_host": "::", - "ipv6.host": "::", - "ipv6.dst": "ff02::2", - "ipv6.addr": "ff02::2", - "ipv6.dst_host": "ff02::2", - "ipv6.host": "ff02::2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "133", - "icmpv6.code": "0", - "icmpv6.checksum": "0x00007bb8", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:13.680718000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494353.680718000", - "frame.time_delta": "0.000161000", - "frame.time_delta_displayed": "0.000161000", - "frame.time_relative": "762.220032000", - "frame.number": "2713", - "frame.len": "150", - "frame.cap_len": "150", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "96", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000b490", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "4", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::fb" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:13.683077000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494353.683077000", - "frame.time_delta": "0.002359000", - "frame.time_delta_displayed": "0.002359000", - "frame.time_relative": "762.222391000", - "frame.number": "2714", - "frame.len": "174", - "frame.cap_len": "174", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:01", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01", - "eth.addr": "33:33:00:00:00:01", - "eth.addr_resolved": "IPv6mcast_01", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00016898", - "ipv6.plen": "120", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "fe80::b2b9:8aff:fe73:698e", - "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.dst": "ff02::1", - "ipv6.addr": "ff02::1", - "ipv6.dst_host": "ff02::1", - "ipv6.host": "ff02::1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "134", - "icmpv6.code": "0", - "icmpv6.checksum": "0x00006442", - "icmpv6.checksum.status": "1", - "icmpv6.nd.ra.cur_hop_limit": "64", - "icmpv6.nd.ra.flag": "0x000000c0", - "icmpv6.nd.ra.flag_tree": { - "icmpv6.nd.ra.flag.m": "1", - "icmpv6.nd.ra.flag.o": "1", - "icmpv6.nd.ra.flag.h": "0", - "icmpv6.nd.ra.flag.prf": "0", - "icmpv6.nd.ra.flag.p": "0", - "icmpv6.nd.ra.flag.rsv": "0" - }, - "icmpv6.nd.ra.router_lifetime": "0", - "icmpv6.nd.ra.reachable_time": "0", - "icmpv6.nd.ra.retrans_timer": "0", - "icmpv6.opt": { - "icmpv6.opt.type": "1", - "icmpv6.opt.length": "1", - "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", - "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "5", - "icmpv6.opt.length": "1", - "icmpv6.opt.reserved": "", - "icmpv6.opt.mtu": "1500" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "3", - "icmpv6.opt.length": "4", - "icmpv6.opt.prefix.length": "64", - "icmpv6.opt.prefix.flag": "0x000000c0", - "icmpv6.opt.prefix.flag_tree": { - "icmpv6.opt.prefix.flag.l": "1", - "icmpv6.opt.prefix.flag.a": "1", - "icmpv6.opt.prefix.flag.r": "0", - "icmpv6.opt.prefix.flag.reserved": "0" - }, - "icmpv6.opt.prefix.valid_lifetime": "4294967295", - "icmpv6.opt.prefix.preferred_lifetime": "4294967295", - "icmpv6.opt.reserved": "", - "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "24", - "icmpv6.opt.length": "3", - "icmpv6.opt.prefix.length": "48", - "icmpv6.opt.route_info.flag": "0x00000000", - "icmpv6.opt.route_info.flag_tree": { - "icmpv6.opt.route_info.flag.route_preference": "0", - "icmpv6.opt.route_info.flag.reserved": "0" - }, - "icmpv6.opt.route_lifetime": "4294967295", - "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "25", - "icmpv6.opt.length": "3", - "icmpv6.opt.reserved": "", - "icmpv6.opt.rdnss.lifetime": "6000", - "icmpv6.opt.rdnss": "fd1e:4e89:3b7b::1" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "7", - "icmpv6.opt.length": "1", - "icmpv6.opt.reserved": "", - "icmpv6.opt.advertisement_interval": "600000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:13.709393000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494353.709393000", - "frame.time_delta": "0.026316000", - "frame.time_delta_displayed": "0.026316000", - "frame.time_relative": "762.248707000", - "frame.number": "2715", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c31", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000394e", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "3217", - "tcp.ack": "17327", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000099ed", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9d:e3:b7:00:25:da:a9", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812142519, TSecr 2480809": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812142519", - "tcp.options.timestamp.tsecr": "2480809" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2711", - "tcp.analysis.ack_rtt": "0.060160000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:13.709899000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494353.709899000", - "frame.time_delta": "0.000506000", - "frame.time_delta_displayed": "0.000506000", - "frame.time_relative": "762.249213000", - "frame.number": "2716", - "frame.len": "765", - "frame.cap_len": "765", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "751", - "ip.id": "0x00009545", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000757f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "699", - "tcp.seq": "17327", - "tcp.nxtseq": "18026", - "tcp.ack": "3217", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000e946", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:da:af:a7:9d:e3:b7", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2480815, TSecr 2812142519": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2480815", - "tcp.options.timestamp.tsecr": "2812142519" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "699", - "tcp.analysis.push_bytes_sent": "699" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:d8:b8:72:e2:02:63:37:f7:25:ab:0d:28:3f:06:d6:45:4c:da:31:59:ed:00:04:6b:c2:5e:1e:e7:27:aa:17:30:d2:71:a0:cb:aa:b9:9b:4a:81:29" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "96", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:d9:20:8a:7b:50:34:7b:3d:15:e3:82:3d:e7:c8:66:c2:b6:1c:cb:ce:ef:16:9e:7f:97:c6:f8:3a:c4:85:de:4a:61:51:7d:d9:81:fc:7f:60:5e:1d:ba:c5:28:32:9e:9c:e8:f0:5f:c2:c2:f6:cd:6a:a0:a3:82:02:17:18:85:26:b2:b2:4d:e4:dd:63:db:ad:93:da:b8:36:ec:29:76:42:a0:a1:b1:73:74:87:11:a4:85" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "539", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:da:19:39:3a:3d:68:6d:22:67:d4:9f:02:b6:89:50:01:e9:28:52:17:fc:17:cf:5a:fa:69:6c:07:a1:a0:8e:16:b9:be:5d:27:c7:7e:d0:99:ba:a3:f6:2b:66:03:cc:16:5b:3a:42:06:eb:00:17:86:0c:0a:75:12:c9:c4:37:8f:15:96:3a:aa:25:fe:ea:4d:8e:fe:75:50:fb:a0:c1:ce:a5:bc:db:bf:17:47:76:c3:5f:de:26:93:19:5a:48:cd:f9:5e:9f:21:32:d2:f7:05:a7:b0:f7:87:03:40:50:31:3c:ce:3d:66:3c:77:2b:fe:a5:0e:ac:8f:d2:a1:c8:b7:58:1c:ad:1d:1a:4d:d4:bf:1f:c5:f8:a3:29:2a:dd:0e:63:7e:d9:a2:81:26:43:f8:04:25:72:5c:70:bf:62:36:7d:92:9d:d2:15:6e:5a:83:1e:84:96:48:fa:e6:7e:a8:87:b5:15:c8:ca:dc:d6:f1:ec:ee:56:33:22:ad:8b:a2:75:3a:ae:47:ed:dc:9f:3c:a0:71:ff:81:fc:77:f7:e9:aa:1a:31:1c:45:d9:6d:a8:7a:d9:22:50:d6:4c:47:ba:24:bc:e7:bd:ef:30:15:11:16:f0:a8:ad:f3:6d:47:f5:d1:0a:d5:2c:44:1a:14:5b:fa:54:10:89:65:d2:8e:50:6b:a0:42:e1:4c:11:8e:de:13:ab:9b:7b:63:b6:51:66:84:0c:b6:a1:6e:e1:74:3b:a7:ea:db:2c:66:3e:fe:2d:de:d9:ef:47:e2:27:01:51:f6:a9:4c:32:0c:f5:d6:a0:10:09:81:a4:ca:93:d0:31:3b:0d:6a:34:44:5a:37:04:4c:f6:fa:7b:f7:32:95:61:ad:68:7e:03:c6:ac:b6:f4:ec:25:98:8e:f2:e1:49:bd:0d:1a:f7:ee:ac:3d:49:42:ca:0c:4e:5d:c1:a7:e4:d1:0a:cd:a2:5e:6c:2f:d6:b5:2d:7f:eb:df:6b:d8:e8:2e:e6:34:1c:0b:a6:f5:25:12:8c:07:29:f9:48:c9:e7:5a:02:a9:d7:8e:c4:17:8f:7f:ff:d1:2b:59:84:47:27:d6:94:39:ec:5f:1f:01:89:23:93:4e:98:21:53:71:50:54:e7:48:cc:4f:1b:79:6f:d8:86:c8:2c:67:57:28:60:3d:05:28:51:a2:a3:5d:21:62:e7:91:79:39:51:60:f0:47:72:ed:eb:bf:da:75:af:ad:92:17:3d:42:ed:e3:6a:bb:41:e6:2d:e2:ae:81:ce:64:b4:e7:25:fc:7c:7e:ce:2a:c3:03:e0:58:c0:91:32:74:bc:bc:d4:13:d6:43:d4:9c:c7:ea:37:63:e7:e6:3e:b2:ac:9a:b3:60:9e:6a:99:a1:10:27:24:76:14:32:e8:66:2a:35:a4:c2" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:13.769997000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494353.769997000", - "frame.time_delta": "0.060098000", - "frame.time_delta_displayed": "0.060098000", - "frame.time_relative": "762.309311000", - "frame.number": "2717", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c32", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000394d", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "3217", - "tcp.ack": "18026", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000971d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9d:e3:c6:00:25:da:af", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812142534, TSecr 2480815": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812142534", - "tcp.options.timestamp.tsecr": "2480815" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2716", - "tcp.analysis.ack_rtt": "0.060098000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:13.831998000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494353.831998000", - "frame.time_delta": "0.062001000", - "frame.time_delta_displayed": "0.062001000", - "frame.time_relative": "762.371312000", - "frame.number": "2718", - "frame.len": "150", - "frame.cap_len": "150", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "96", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000b590", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "4", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::fb" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:14.048373000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494354.048373000", - "frame.time_delta": "0.216375000", - "frame.time_delta_displayed": "0.216375000", - "frame.time_relative": "762.587687000", - "frame.number": "2719", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "106", - "ip.id": "0x00009546", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007803", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "54", - "tcp.seq": "18026", - "tcp.nxtseq": "18080", - "tcp.ack": "3217", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000a525", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:da:d1:a7:9d:e3:c6", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2480849, TSecr 2812142534": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2480849", - "tcp.options.timestamp.tsecr": "2812142534" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "54", - "tcp.analysis.push_bytes_sent": "54" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:db:a0:d8:54:2f:f0:40:32:c3:08:0e:a7:45:3b:84:0f:22:dc:4a:b0:a9:e3:60:62:86:df:2d:5a:58:f6:e4:ce:3b:27:82:1d:8d:81:f8:f5:7c:e9" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:14.108479000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494354.108479000", - "frame.time_delta": "0.060106000", - "frame.time_delta_displayed": "0.060106000", - "frame.time_relative": "762.647793000", - "frame.number": "2720", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c33", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000394c", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "3217", - "tcp.ack": "18080", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00009670", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9d:e4:1b:00:25:da:d1", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812142619, TSecr 2480849": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812142619", - "tcp.options.timestamp.tsecr": "2480849" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2719", - "tcp.analysis.ack_rtt": "0.060106000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:14.157598000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494354.157598000", - "frame.time_delta": "0.049119000", - "frame.time_delta_displayed": "0.049119000", - "frame.time_relative": "762.696912000", - "frame.number": "2721", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" - }, - "eth": { - "eth.dst": "33:33:00:01:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:02", - "eth.addr": "33:33:00:01:00:02", - "eth.addr_resolved": "IPv6mcast_01:00:02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "66", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::1:2", - "ipv6.addr": "ff02::1:2", - "ipv6.dst_host": "ff02::1:2", - "ipv6.host": "ff02::1:2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "546", - "udp.dstport": "547", - "udp.port": "546", - "udp.port": "547", - "udp.length": "66", - "udp.checksum": "0x00006f88", - "udp.checksum.status": "2", - "udp.stream": "15" - }, - "dhcpv6": { - "dhcpv6.msgtype": "1", - "dhcpv6.xid": "0x00a4acb0", - "Elapsed time": { - "dhcpv6.option.type": "8", - "dhcpv6.option.length": "2", - "dhcpv6.option.value": "00:00", - "dhcpv6.elapsed_time": "0" - }, - "Rapid Commit": { - "dhcpv6.option.type": "14", - "dhcpv6.option.length": "0" - }, - "Client Identifier": { - "dhcpv6.option.type": "1", - "dhcpv6.option.length": "14", - "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.type": "1", - "dhcpv6.duidllt.hwtype": "1", - "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", - "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" - }, - "Identity Association for Non-temporary Address": { - "dhcpv6.option.type": "3", - "dhcpv6.option.length": "12", - "dhcpv6.option.value": "30:bf:34:7e:00:00:00:00:00:00:00:00", - "dhcpv6.iaid": "30bf347e", - "dhcpv6.iaid.t1": "0", - "dhcpv6.iaid.t2": "0" - }, - "Option Request": { - "dhcpv6.option.type": "6", - "dhcpv6.option.length": "6", - "dhcpv6.option.value": "00:17:00:18:00:1f", - "dhcpv6.requested_option_code": "23", - "dhcpv6.requested_option_code": "24", - "dhcpv6.requested_option_code": "31" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:14.171313000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494354.171313000", - "frame.time_delta": "0.013715000", - "frame.time_delta_displayed": "0.013715000", - "frame.time_relative": "762.710627000", - "frame.number": "2722", - "frame.len": "158", - "frame.cap_len": "158", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" - }, - "eth": { - "eth.dst": "33:33:00:01:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:02", - "eth.addr": "33:33:00:01:00:02", - "eth.addr_resolved": "IPv6mcast_01:00:02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "104", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::1:2", - "ipv6.addr": "ff02::1:2", - "ipv6.dst_host": "ff02::1:2", - "ipv6.host": "ff02::1:2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "546", - "udp.dstport": "547", - "udp.port": "546", - "udp.port": "547", - "udp.length": "104", - "udp.checksum": "0x00005e5f", - "udp.checksum.status": "2", - "udp.stream": "15" - }, - "dhcpv6": { - "dhcpv6.msgtype": "3", - "dhcpv6.xid": "0x00d8b2dd", - "Elapsed time": { - "dhcpv6.option.type": "8", - "dhcpv6.option.length": "2", - "dhcpv6.option.value": "00:00", - "dhcpv6.elapsed_time": "0" - }, - "Server Identifier": { - "dhcpv6.option.type": "2", - "dhcpv6.option.length": "10", - "dhcpv6.option.value": "00:03:00:01:b0:b9:8a:73:69:8e", - "dhcpv6.duid.bytes": "00:03:00:01:b0:b9:8a:73:69:8e", - "dhcpv6.duid.type": "3", - "dhcpv6.duidll.hwtype": "1", - "dhcpv6.duidll.link_layer_addr": "b0:b9:8a:73:69:8e" - }, - "Client Identifier": { - "dhcpv6.option.type": "1", - "dhcpv6.option.length": "14", - "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.type": "1", - "dhcpv6.duidllt.hwtype": "1", - "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", - "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" - }, - "Identity Association for Non-temporary Address": { - "dhcpv6.option.type": "3", - "dhcpv6.option.length": "40", - "dhcpv6.option.value": "30:bf:34:7e:00:00:54:60:00:00:87:00:00:05:00:18:fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", - "dhcpv6.iaid": "30bf347e", - "dhcpv6.iaid.t1": "21600", - "dhcpv6.iaid.t2": "34560", - "IA Address": { - "dhcpv6.option.type": "5", - "dhcpv6.option.length": "24", - "dhcpv6.option.value": "fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", - "dhcpv6.iaaddr.ip": "fd1e:4e89:3b7b::101", - "dhcpv6.iaaddr.pref_lifetime": "0", - "dhcpv6.iaaddr.valid_lifetime": "0" - } - }, - "Option Request": { - "dhcpv6.option.type": "6", - "dhcpv6.option.length": "6", - "dhcpv6.option.value": "00:17:00:18:00:1f", - "dhcpv6.requested_option_code": "23", - "dhcpv6.requested_option_code": "24", - "dhcpv6.requested_option_code": "31" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:14.178521000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494354.178521000", - "frame.time_delta": "0.007208000", - "frame.time_delta_displayed": "0.007208000", - "frame.time_relative": "762.717835000", - "frame.number": "2723", - "frame.len": "78", - "frame.cap_len": "78", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:ff:00:01:01", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_ff:00:01:01", - "eth.addr": "33:33:ff:00:01:01", - "eth.addr_resolved": "IPv6mcast_ff:00:01:01", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "24", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "::", - "ipv6.addr": "::", - "ipv6.src_host": "::", - "ipv6.host": "::", - "ipv6.dst": "ff02::1:ff00:101", - "ipv6.addr": "ff02::1:ff00:101", - "ipv6.dst_host": "ff02::1:ff00:101", - "ipv6.host": "ff02::1:ff00:101", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "135", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000f182", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00:00:00", - "icmpv6.nd.ns.target_address": "fd1e:4e89:3b7b::101" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:14.192177000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494354.192177000", - "frame.time_delta": "0.013656000", - "frame.time_delta_displayed": "0.013656000", - "frame.time_relative": "762.731491000", - "frame.number": "2724", - "frame.len": "110", - "frame.cap_len": "110", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "56", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000effa", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "2", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:15.196587000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494355.196587000", - "frame.time_delta": "1.004410000", - "frame.time_delta_displayed": "1.004410000", - "frame.time_relative": "763.735901000", - "frame.number": "2725", - "frame.len": "62", - "frame.cap_len": "62", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_02", - "eth.addr": "33:33:00:00:00:02", - "eth.addr_resolved": "IPv6mcast_02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "8", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "::", - "ipv6.addr": "::", - "ipv6.src_host": "::", - "ipv6.host": "::", - "ipv6.dst": "ff02::2", - "ipv6.addr": "ff02::2", - "ipv6.dst_host": "ff02::2", - "ipv6.host": "ff02::2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "133", - "icmpv6.code": "0", - "icmpv6.checksum": "0x00007bb8", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:15.199226000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494355.199226000", - "frame.time_delta": "0.002639000", - "frame.time_delta_displayed": "0.002639000", - "frame.time_relative": "763.738540000", - "frame.number": "2726", - "frame.len": "174", - "frame.cap_len": "174", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:01", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01", - "eth.addr": "33:33:00:00:00:01", - "eth.addr_resolved": "IPv6mcast_01", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00016898", - "ipv6.plen": "120", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "fe80::b2b9:8aff:fe73:698e", - "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.dst": "ff02::1", - "ipv6.addr": "ff02::1", - "ipv6.dst_host": "ff02::1", - "ipv6.host": "ff02::1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "134", - "icmpv6.code": "0", - "icmpv6.checksum": "0x00006442", - "icmpv6.checksum.status": "1", - "icmpv6.nd.ra.cur_hop_limit": "64", - "icmpv6.nd.ra.flag": "0x000000c0", - "icmpv6.nd.ra.flag_tree": { - "icmpv6.nd.ra.flag.m": "1", - "icmpv6.nd.ra.flag.o": "1", - "icmpv6.nd.ra.flag.h": "0", - "icmpv6.nd.ra.flag.prf": "0", - "icmpv6.nd.ra.flag.p": "0", - "icmpv6.nd.ra.flag.rsv": "0" - }, - "icmpv6.nd.ra.router_lifetime": "0", - "icmpv6.nd.ra.reachable_time": "0", - "icmpv6.nd.ra.retrans_timer": "0", - "icmpv6.opt": { - "icmpv6.opt.type": "1", - "icmpv6.opt.length": "1", - "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", - "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "5", - "icmpv6.opt.length": "1", - "icmpv6.opt.reserved": "", - "icmpv6.opt.mtu": "1500" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "3", - "icmpv6.opt.length": "4", - "icmpv6.opt.prefix.length": "64", - "icmpv6.opt.prefix.flag": "0x000000c0", - "icmpv6.opt.prefix.flag_tree": { - "icmpv6.opt.prefix.flag.l": "1", - "icmpv6.opt.prefix.flag.a": "1", - "icmpv6.opt.prefix.flag.r": "0", - "icmpv6.opt.prefix.flag.reserved": "0" - }, - "icmpv6.opt.prefix.valid_lifetime": "4294967295", - "icmpv6.opt.prefix.preferred_lifetime": "4294967295", - "icmpv6.opt.reserved": "", - "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "24", - "icmpv6.opt.length": "3", - "icmpv6.opt.prefix.length": "48", - "icmpv6.opt.route_info.flag": "0x00000000", - "icmpv6.opt.route_info.flag_tree": { - "icmpv6.opt.route_info.flag.route_preference": "0", - "icmpv6.opt.route_info.flag.reserved": "0" - }, - "icmpv6.opt.route_lifetime": "4294967295", - "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "25", - "icmpv6.opt.length": "3", - "icmpv6.opt.reserved": "", - "icmpv6.opt.rdnss.lifetime": "6000", - "icmpv6.opt.rdnss": "fd1e:4e89:3b7b::1" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "7", - "icmpv6.opt.length": "1", - "icmpv6.opt.reserved": "", - "icmpv6.opt.advertisement_interval": "600000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:15.210888000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494355.210888000", - "frame.time_delta": "0.011662000", - "frame.time_delta_displayed": "0.011662000", - "frame.time_relative": "763.750202000", - "frame.number": "2727", - "frame.len": "150", - "frame.cap_len": "150", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "96", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000b490", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "4", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::fb" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:15.252727000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494355.252727000", - "frame.time_delta": "0.041839000", - "frame.time_delta_displayed": "0.041839000", - "frame.time_relative": "763.792041000", - "frame.number": "2728", - "frame.len": "150", - "frame.cap_len": "150", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "96", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000b590", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "4", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::fb" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:15.488839000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494355.488839000", - "frame.time_delta": "0.236112000", - "frame.time_delta_displayed": "0.236112000", - "frame.time_relative": "764.028153000", - "frame.number": "2729", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" - }, - "eth": { - "eth.dst": "33:33:00:01:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:02", - "eth.addr": "33:33:00:01:00:02", - "eth.addr_resolved": "IPv6mcast_01:00:02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "66", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::1:2", - "ipv6.addr": "ff02::1:2", - "ipv6.dst_host": "ff02::1:2", - "ipv6.host": "ff02::1:2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "546", - "udp.dstport": "547", - "udp.port": "546", - "udp.port": "547", - "udp.length": "66", - "udp.checksum": "0x0000747a", - "udp.checksum.status": "2", - "udp.stream": "15" - }, - "dhcpv6": { - "dhcpv6.msgtype": "1", - "dhcpv6.xid": "0x009da7c5", - "Elapsed time": { - "dhcpv6.option.type": "8", - "dhcpv6.option.length": "2", - "dhcpv6.option.value": "00:00", - "dhcpv6.elapsed_time": "0" - }, - "Rapid Commit": { - "dhcpv6.option.type": "14", - "dhcpv6.option.length": "0" - }, - "Client Identifier": { - "dhcpv6.option.type": "1", - "dhcpv6.option.length": "14", - "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.type": "1", - "dhcpv6.duidllt.hwtype": "1", - "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", - "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" - }, - "Identity Association for Non-temporary Address": { - "dhcpv6.option.type": "3", - "dhcpv6.option.length": "12", - "dhcpv6.option.value": "30:bf:34:7e:00:00:00:00:00:00:00:00", - "dhcpv6.iaid": "30bf347e", - "dhcpv6.iaid.t1": "0", - "dhcpv6.iaid.t2": "0" - }, - "Option Request": { - "dhcpv6.option.type": "6", - "dhcpv6.option.length": "6", - "dhcpv6.option.value": "00:17:00:18:00:1f", - "dhcpv6.requested_option_code": "23", - "dhcpv6.requested_option_code": "24", - "dhcpv6.requested_option_code": "31" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:15.532370000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494355.532370000", - "frame.time_delta": "0.043531000", - "frame.time_delta_displayed": "0.043531000", - "frame.time_relative": "764.071684000", - "frame.number": "2730", - "frame.len": "158", - "frame.cap_len": "158", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" - }, - "eth": { - "eth.dst": "33:33:00:01:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:02", - "eth.addr": "33:33:00:01:00:02", - "eth.addr_resolved": "IPv6mcast_01:00:02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "104", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::1:2", - "ipv6.addr": "ff02::1:2", - "ipv6.dst_host": "ff02::1:2", - "ipv6.host": "ff02::1:2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "546", - "udp.dstport": "547", - "udp.port": "546", - "udp.port": "547", - "udp.length": "104", - "udp.checksum": "0x0000e07f", - "udp.checksum.status": "2", - "udp.stream": "15" - }, - "dhcpv6": { - "dhcpv6.msgtype": "3", - "dhcpv6.xid": "0x0057313e", - "Elapsed time": { - "dhcpv6.option.type": "8", - "dhcpv6.option.length": "2", - "dhcpv6.option.value": "00:00", - "dhcpv6.elapsed_time": "0" - }, - "Server Identifier": { - "dhcpv6.option.type": "2", - "dhcpv6.option.length": "10", - "dhcpv6.option.value": "00:03:00:01:b0:b9:8a:73:69:8e", - "dhcpv6.duid.bytes": "00:03:00:01:b0:b9:8a:73:69:8e", - "dhcpv6.duid.type": "3", - "dhcpv6.duidll.hwtype": "1", - "dhcpv6.duidll.link_layer_addr": "b0:b9:8a:73:69:8e" - }, - "Client Identifier": { - "dhcpv6.option.type": "1", - "dhcpv6.option.length": "14", - "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.type": "1", - "dhcpv6.duidllt.hwtype": "1", - "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", - "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" - }, - "Identity Association for Non-temporary Address": { - "dhcpv6.option.type": "3", - "dhcpv6.option.length": "40", - "dhcpv6.option.value": "30:bf:34:7e:00:00:54:60:00:00:87:00:00:05:00:18:fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", - "dhcpv6.iaid": "30bf347e", - "dhcpv6.iaid.t1": "21600", - "dhcpv6.iaid.t2": "34560", - "IA Address": { - "dhcpv6.option.type": "5", - "dhcpv6.option.length": "24", - "dhcpv6.option.value": "fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", - "dhcpv6.iaaddr.ip": "fd1e:4e89:3b7b::101", - "dhcpv6.iaaddr.pref_lifetime": "0", - "dhcpv6.iaaddr.valid_lifetime": "0" - } - }, - "Option Request": { - "dhcpv6.option.type": "6", - "dhcpv6.option.length": "6", - "dhcpv6.option.value": "00:17:00:18:00:1f", - "dhcpv6.requested_option_code": "23", - "dhcpv6.requested_option_code": "24", - "dhcpv6.requested_option_code": "31" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:15.559884000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494355.559884000", - "frame.time_delta": "0.027514000", - "frame.time_delta_displayed": "0.027514000", - "frame.time_relative": "764.099198000", - "frame.number": "2731", - "frame.len": "78", - "frame.cap_len": "78", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:ff:00:01:01", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_ff:00:01:01", - "eth.addr": "33:33:ff:00:01:01", - "eth.addr_resolved": "IPv6mcast_ff:00:01:01", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "24", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "::", - "ipv6.addr": "::", - "ipv6.src_host": "::", - "ipv6.host": "::", - "ipv6.dst": "ff02::1:ff00:101", - "ipv6.addr": "ff02::1:ff00:101", - "ipv6.dst_host": "ff02::1:ff00:101", - "ipv6.host": "ff02::1:ff00:101", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "135", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000f182", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00:00:00", - "icmpv6.nd.ns.target_address": "fd1e:4e89:3b7b::101" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:15.571111000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494355.571111000", - "frame.time_delta": "0.011227000", - "frame.time_delta_displayed": "0.011227000", - "frame.time_relative": "764.110425000", - "frame.number": "2732", - "frame.len": "110", - "frame.cap_len": "110", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "56", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000effa", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "2", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:15.588966000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494355.588966000", - "frame.time_delta": "0.017855000", - "frame.time_delta_displayed": "0.017855000", - "frame.time_relative": "764.128280000", - "frame.number": "2733", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d92", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000ba5e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00000f94", - "udp.checksum.status": "2", - "udp.stream": "16" - }, - "mdns": { - "dns.id": "0x0000026e", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=622", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:15.589537000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494355.589537000", - "frame.time_delta": "0.000571000", - "frame.time_delta_displayed": "0.000571000", - "frame.time_relative": "764.128851000", - "frame.number": "2734", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d93", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009b59", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f08f", - "udp.checksum.status": "2", - "udp.stream": "17" - }, - "mdns": { - "dns.id": "0x0000026e", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=622", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:15.590184000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494355.590184000", - "frame.time_delta": "0.000647000", - "frame.time_delta_displayed": "0.000647000", - "frame.time_relative": "764.129498000", - "frame.number": "2735", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1319", - "udp.dstport": "5353", - "udp.port": "1319", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00007e55", - "udp.checksum.status": "2", - "udp.stream": "18" - }, - "mdns": { - "dns.id": "0x0000026e", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=622", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:16.581956000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494356.581956000", - "frame.time_delta": "0.991772000", - "frame.time_delta_displayed": "0.991772000", - "frame.time_relative": "765.121270000", - "frame.number": "2736", - "frame.len": "62", - "frame.cap_len": "62", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_02", - "eth.addr": "33:33:00:00:00:02", - "eth.addr_resolved": "IPv6mcast_02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "8", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "::", - "ipv6.addr": "::", - "ipv6.src_host": "::", - "ipv6.host": "::", - "ipv6.dst": "ff02::2", - "ipv6.addr": "ff02::2", - "ipv6.dst_host": "ff02::2", - "ipv6.host": "ff02::2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "133", - "icmpv6.code": "0", - "icmpv6.checksum": "0x00007bb8", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:16.584370000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494356.584370000", - "frame.time_delta": "0.002414000", - "frame.time_delta_displayed": "0.002414000", - "frame.time_relative": "765.123684000", - "frame.number": "2737", - "frame.len": "174", - "frame.cap_len": "174", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:01", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01", - "eth.addr": "33:33:00:00:00:01", - "eth.addr_resolved": "IPv6mcast_01", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00016898", - "ipv6.plen": "120", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "fe80::b2b9:8aff:fe73:698e", - "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.dst": "ff02::1", - "ipv6.addr": "ff02::1", - "ipv6.dst_host": "ff02::1", - "ipv6.host": "ff02::1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "134", - "icmpv6.code": "0", - "icmpv6.checksum": "0x00006442", - "icmpv6.checksum.status": "1", - "icmpv6.nd.ra.cur_hop_limit": "64", - "icmpv6.nd.ra.flag": "0x000000c0", - "icmpv6.nd.ra.flag_tree": { - "icmpv6.nd.ra.flag.m": "1", - "icmpv6.nd.ra.flag.o": "1", - "icmpv6.nd.ra.flag.h": "0", - "icmpv6.nd.ra.flag.prf": "0", - "icmpv6.nd.ra.flag.p": "0", - "icmpv6.nd.ra.flag.rsv": "0" - }, - "icmpv6.nd.ra.router_lifetime": "0", - "icmpv6.nd.ra.reachable_time": "0", - "icmpv6.nd.ra.retrans_timer": "0", - "icmpv6.opt": { - "icmpv6.opt.type": "1", - "icmpv6.opt.length": "1", - "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", - "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "5", - "icmpv6.opt.length": "1", - "icmpv6.opt.reserved": "", - "icmpv6.opt.mtu": "1500" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "3", - "icmpv6.opt.length": "4", - "icmpv6.opt.prefix.length": "64", - "icmpv6.opt.prefix.flag": "0x000000c0", - "icmpv6.opt.prefix.flag_tree": { - "icmpv6.opt.prefix.flag.l": "1", - "icmpv6.opt.prefix.flag.a": "1", - "icmpv6.opt.prefix.flag.r": "0", - "icmpv6.opt.prefix.flag.reserved": "0" - }, - "icmpv6.opt.prefix.valid_lifetime": "4294967295", - "icmpv6.opt.prefix.preferred_lifetime": "4294967295", - "icmpv6.opt.reserved": "", - "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "24", - "icmpv6.opt.length": "3", - "icmpv6.opt.prefix.length": "48", - "icmpv6.opt.route_info.flag": "0x00000000", - "icmpv6.opt.route_info.flag_tree": { - "icmpv6.opt.route_info.flag.route_preference": "0", - "icmpv6.opt.route_info.flag.reserved": "0" - }, - "icmpv6.opt.route_lifetime": "4294967295", - "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "25", - "icmpv6.opt.length": "3", - "icmpv6.opt.reserved": "", - "icmpv6.opt.rdnss.lifetime": "6000", - "icmpv6.opt.rdnss": "fd1e:4e89:3b7b::1" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "7", - "icmpv6.opt.length": "1", - "icmpv6.opt.reserved": "", - "icmpv6.opt.advertisement_interval": "600000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:16.592876000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494356.592876000", - "frame.time_delta": "0.008506000", - "frame.time_delta_displayed": "0.008506000", - "frame.time_relative": "765.132190000", - "frame.number": "2738", - "frame.len": "150", - "frame.cap_len": "150", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "96", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000b490", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "4", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::fb" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:16.647136000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494356.647136000", - "frame.time_delta": "0.054260000", - "frame.time_delta_displayed": "0.054260000", - "frame.time_relative": "765.186450000", - "frame.number": "2739", - "frame.len": "354", - "frame.cap_len": "354", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "340", - "ip.id": "0x00002c34", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000382b", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "288", - "tcp.seq": "3217", - "tcp.nxtseq": "3505", - "tcp.ack": "18080", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00000221", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9d:e6:96:00:25:da:d1", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812143254, TSecr 2480849": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812143254", - "tcp.options.timestamp.tsecr": "2480849" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "288", - "tcp.analysis.push_bytes_sent": "288" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "283", - "ssl.app_data": "34:cd:34:17:47:48:0e:51:bc:16:8e:c6:40:46:19:0a:28:34:b0:d3:d5:a0:9a:20:41:bd:d2:cb:07:a2:0e:ef:99:f3:a2:06:26:df:fe:af:60:90:20:04:cd:23:25:ef:bf:bd:ba:2b:d7:9c:ab:1f:d9:68:00:ba:85:a1:bc:17:14:47:1f:71:b1:cd:9c:0c:59:4c:5d:27:85:c3:4c:82:99:72:d8:fd:15:f1:e3:53:42:95:e7:9f:d1:3f:79:c1:aa:9f:3d:9e:8d:1e:4f:63:9e:31:7c:4d:bd:99:13:53:9c:bc:1a:f9:b4:0c:30:26:fb:ed:f9:91:b0:41:0f:a7:f9:b4:53:f7:8d:89:40:c1:30:5b:21:d7:7d:21:f2:91:2c:5b:b8:74:58:1a:56:b8:26:ba:e2:16:98:42:e0:53:a3:01:8b:b4:b3:e5:20:fc:82:75:58:11:82:7a:6c:b6:ef:51:fe:55:e3:4c:85:b2:e6:c6:9e:4c:19:53:09:27:98:62:db:31:db:c2:99:61:a6:a1:96:e7:49:68:08:10:d0:dc:63:61:0a:ad:56:85:d3:2d:d7:5a:f7:d1:db:07:04:cb:f9:48:fc:8f:0e:31:be:07:68:70:b9:cf:bc:3a:df:ac:de:49:1a:84:c8:86:14:b5:30:0a:21:b0:b6:1e:eb:62:1a:01:67:fe:37:6b:b0:79:0b:19:63:0b:bb:fc:64:d5:ab:ce:53:4f:6c:b6:20:71:db" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:16.658149000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494356.658149000", - "frame.time_delta": "0.011013000", - "frame.time_delta_displayed": "0.011013000", - "frame.time_relative": "765.197463000", - "frame.number": "2740", - "frame.len": "119", - "frame.cap_len": "119", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "105", - "ip.id": "0x00009547", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007803", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "53", - "tcp.seq": "18080", - "tcp.nxtseq": "18133", - "tcp.ack": "3505", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00000279", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:db:d6:a7:9d:e6:96", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2481110, TSecr 2812143254": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2481110", - "tcp.options.timestamp.tsecr": "2812143254" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2739", - "tcp.analysis.ack_rtt": "0.011013000", - "tcp.analysis.bytes_in_flight": "53", - "tcp.analysis.push_bytes_sent": "53" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "48", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:dc:20:61:e1:27:f9:b9:fb:f2:5b:0f:b5:db:5e:1b:d1:c2:67:30:1f:84:f4:1f:e0:3d:bd:5d:e7:06:f6:51:bc:e0:c0:a5:4b:f9:c2:70:51:f3" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:16.692435000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494356.692435000", - "frame.time_delta": "0.034286000", - "frame.time_delta_displayed": "0.034286000", - "frame.time_relative": "765.231749000", - "frame.number": "2741", - "frame.len": "150", - "frame.cap_len": "150", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "96", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000b590", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "4", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::fb" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:16.718233000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494356.718233000", - "frame.time_delta": "0.025798000", - "frame.time_delta_displayed": "0.025798000", - "frame.time_relative": "765.257547000", - "frame.number": "2742", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c35", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000394a", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "3505", - "tcp.ack": "18133", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000918a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9d:e6:a7:00:25:db:d6", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812143271, TSecr 2481110": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812143271", - "tcp.options.timestamp.tsecr": "2481110" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2740", - "tcp.analysis.ack_rtt": "0.060084000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:16.718772000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494356.718772000", - "frame.time_delta": "0.000539000", - "frame.time_delta_displayed": "0.000539000", - "frame.time_relative": "765.258086000", - "frame.number": "2743", - "frame.len": "765", - "frame.cap_len": "765", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "751", - "ip.id": "0x00009548", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000757c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "699", - "tcp.seq": "18133", - "tcp.nxtseq": "18832", - "tcp.ack": "3505", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000d9ec", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:db:dc:a7:9d:e6:a7", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2481116, TSecr 2812143271": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2481116", - "tcp.options.timestamp.tsecr": "2812143271" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "699", - "tcp.analysis.push_bytes_sent": "699" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:dd:90:16:e6:fc:60:4b:71:9c:79:b9:af:dd:d5:89:2e:67:b2:bb:49:ab:8e:3a:d8:b3:fe:dc:20:3c:94:36:fd:77:48:59:96:62:6d:19:6d:ef:96" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "96", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:de:38:40:a5:97:c7:09:28:fc:40:5d:92:31:15:9b:50:56:74:de:57:ac:26:8a:f3:74:72:ba:fe:db:ba:54:2e:1c:0f:f6:28:14:32:c7:a6:51:ef:44:58:81:15:16:f9:14:f5:b4:3a:78:36:ee:d2:3a:71:1b:68:28:0a:a3:8f:ac:86:83:d1:4f:e6:53:24:a0:f5:ca:b5:cb:b7:88:ee:47:b2:16:4b:66:aa:47:3c:d7" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "539", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:df:1d:8a:bc:5f:de:f1:80:b5:1f:ad:3f:45:ed:e7:49:f5:80:2c:0b:10:86:08:d0:a4:61:af:81:a1:8a:a2:8a:e2:b9:08:b0:2d:5d:e6:68:fc:7c:6e:0f:d7:b9:dc:ad:61:02:f2:fc:30:1a:6b:0a:eb:57:60:44:a6:3b:74:d1:ec:64:43:d4:af:be:42:b6:7c:48:e1:5f:91:84:2e:f4:b7:ad:32:ab:04:f8:63:96:a1:77:fd:76:07:f6:bd:f0:96:9f:68:24:66:fe:7b:ad:b1:f2:f4:f6:54:a2:59:77:8e:ea:52:e2:c6:ef:e1:11:82:67:9f:4f:e5:27:19:d0:50:39:64:57:f8:39:0a:0c:6f:08:f5:91:31:b5:51:fc:49:18:ba:11:e9:9e:c0:de:17:1f:c4:2f:1b:4e:e2:6b:53:27:fa:a3:63:aa:a8:12:f4:48:52:c6:e6:96:73:86:1f:c8:52:a1:29:4c:84:b0:6b:ff:26:ea:23:b2:ae:f2:d4:8b:56:89:04:2c:7b:ae:cc:16:81:2d:c1:76:78:16:5f:a2:60:f3:46:b9:e6:7a:be:98:bf:f6:30:e2:70:70:c9:a4:28:d9:f6:ee:7b:83:ea:8f:3d:51:37:92:89:2c:99:73:91:17:29:3d:fa:b7:38:79:ed:09:06:53:df:25:5f:42:ca:20:ea:a6:9c:fb:fa:c0:4c:27:f6:67:28:8d:74:75:dc:99:2b:42:18:db:9d:65:08:ac:e4:05:a9:cb:e5:27:df:f1:ce:36:d6:f9:05:4f:4f:c7:2d:44:e9:27:52:f8:c9:52:d5:7d:e7:8a:05:03:8f:77:bd:80:55:65:e5:02:50:48:30:58:b7:84:69:00:aa:75:0d:30:5a:a4:af:6d:eb:3d:e4:f4:37:3b:c8:e7:92:88:6d:3d:88:32:70:d0:55:e7:15:31:18:bb:ed:05:b3:cc:be:04:6e:a1:48:38:4c:e6:52:04:94:a9:ef:5b:a9:d9:86:87:11:3e:c4:94:55:7c:d3:b3:48:72:3f:c9:ac:c3:1d:f3:1e:54:01:c1:62:9d:5e:86:fd:82:bb:be:4c:9c:f1:47:27:70:26:80:84:a0:4c:6f:25:b5:d0:23:a7:d2:4f:40:3b:01:f6:cc:c5:36:0b:17:ba:19:88:4c:d5:87:d5:cb:c3:17:9e:9c:3b:57:ab:50:c0:c8:0e:a7:f3:de:b3:2f:6a:11:84:97:d5:c1:75:a1:c2:2d:80:93:11:d0:21:eb:30:a2:f5:2b:6f:4a:99:31:09:9a:d8:36:55:3e:82:64:33:dc:59:8c:71:9c:8d:77:43:36:c8:40:44:28:83:85:49:70:cc:42:c8:5b:d3:d6:d1:60:2d:d9:f0:88:90:89:cd:02:76:8a:67:8b" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:16.779005000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494356.779005000", - "frame.time_delta": "0.060233000", - "frame.time_delta_displayed": "0.060233000", - "frame.time_relative": "765.318319000", - "frame.number": "2744", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c36", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003949", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "3505", - "tcp.ack": "18832", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00008eb9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9d:e6:b7:00:25:db:dc", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812143287, TSecr 2481116": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812143287", - "tcp.options.timestamp.tsecr": "2481116" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2743", - "tcp.analysis.ack_rtt": "0.060233000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:17.058836000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494357.058836000", - "frame.time_delta": "0.279831000", - "frame.time_delta_displayed": "0.279831000", - "frame.time_relative": "765.598150000", - "frame.number": "2745", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "106", - "ip.id": "0x00009549", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007800", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "54", - "tcp.seq": "18832", - "tcp.nxtseq": "18886", - "tcp.ack": "3505", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f308", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:db:fe:a7:9d:e6:b7", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2481150, TSecr 2812143287": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2481150", - "tcp.options.timestamp.tsecr": "2812143287" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "54", - "tcp.analysis.push_bytes_sent": "54" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:e0:23:ac:25:eb:f7:d4:e3:3a:72:a4:34:0e:7a:02:c3:a7:bf:4b:4e:35:ec:06:71:9c:32:cb:13:d4:41:db:59:6e:fe:38:c5:d0:84:dc:74:bb:2e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:17.118911000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494357.118911000", - "frame.time_delta": "0.060075000", - "frame.time_delta_displayed": "0.060075000", - "frame.time_relative": "765.658225000", - "frame.number": "2746", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c37", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003948", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "3505", - "tcp.ack": "18886", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00008e0c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9d:e7:0c:00:25:db:fe", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812143372, TSecr 2481150": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812143372", - "tcp.options.timestamp.tsecr": "2481150" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2745", - "tcp.analysis.ack_rtt": "0.060075000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:17.553788000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494357.553788000", - "frame.time_delta": "0.434877000", - "frame.time_delta_displayed": "0.434877000", - "frame.time_relative": "766.093102000", - "frame.number": "2747", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" - }, - "eth": { - "eth.dst": "33:33:00:01:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:02", - "eth.addr": "33:33:00:01:00:02", - "eth.addr_resolved": "IPv6mcast_01:00:02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "66", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::1:2", - "ipv6.addr": "ff02::1:2", - "ipv6.dst_host": "ff02::1:2", - "ipv6.host": "ff02::1:2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "546", - "udp.dstport": "547", - "udp.port": "546", - "udp.port": "547", - "udp.length": "66", - "udp.checksum": "0x00009d64", - "udp.checksum.status": "2", - "udp.stream": "15" - }, - "dhcpv6": { - "dhcpv6.msgtype": "1", - "dhcpv6.xid": "0x00727f06", - "Elapsed time": { - "dhcpv6.option.type": "8", - "dhcpv6.option.length": "2", - "dhcpv6.option.value": "00:00", - "dhcpv6.elapsed_time": "0" - }, - "Rapid Commit": { - "dhcpv6.option.type": "14", - "dhcpv6.option.length": "0" - }, - "Client Identifier": { - "dhcpv6.option.type": "1", - "dhcpv6.option.length": "14", - "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.type": "1", - "dhcpv6.duidllt.hwtype": "1", - "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", - "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" - }, - "Identity Association for Non-temporary Address": { - "dhcpv6.option.type": "3", - "dhcpv6.option.length": "12", - "dhcpv6.option.value": "30:bf:34:7e:00:00:00:00:00:00:00:00", - "dhcpv6.iaid": "30bf347e", - "dhcpv6.iaid.t1": "0", - "dhcpv6.iaid.t2": "0" - }, - "Option Request": { - "dhcpv6.option.type": "6", - "dhcpv6.option.length": "6", - "dhcpv6.option.value": "00:17:00:18:00:1f", - "dhcpv6.requested_option_code": "23", - "dhcpv6.requested_option_code": "24", - "dhcpv6.requested_option_code": "31" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:17.586230000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494357.586230000", - "frame.time_delta": "0.032442000", - "frame.time_delta_displayed": "0.032442000", - "frame.time_relative": "766.125544000", - "frame.number": "2748", - "frame.len": "158", - "frame.cap_len": "158", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" - }, - "eth": { - "eth.dst": "33:33:00:01:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:02", - "eth.addr": "33:33:00:01:00:02", - "eth.addr_resolved": "IPv6mcast_01:00:02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "104", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::1:2", - "ipv6.addr": "ff02::1:2", - "ipv6.dst_host": "ff02::1:2", - "ipv6.host": "ff02::1:2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "546", - "udp.dstport": "547", - "udp.port": "546", - "udp.port": "547", - "udp.length": "104", - "udp.checksum": "0x0000a02d", - "udp.checksum.status": "2", - "udp.stream": "15" - }, - "dhcpv6": { - "dhcpv6.msgtype": "3", - "dhcpv6.xid": "0x00857162", - "Elapsed time": { - "dhcpv6.option.type": "8", - "dhcpv6.option.length": "2", - "dhcpv6.option.value": "00:00", - "dhcpv6.elapsed_time": "0" - }, - "Server Identifier": { - "dhcpv6.option.type": "2", - "dhcpv6.option.length": "10", - "dhcpv6.option.value": "00:03:00:01:b0:b9:8a:73:69:8e", - "dhcpv6.duid.bytes": "00:03:00:01:b0:b9:8a:73:69:8e", - "dhcpv6.duid.type": "3", - "dhcpv6.duidll.hwtype": "1", - "dhcpv6.duidll.link_layer_addr": "b0:b9:8a:73:69:8e" - }, - "Client Identifier": { - "dhcpv6.option.type": "1", - "dhcpv6.option.length": "14", - "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.type": "1", - "dhcpv6.duidllt.hwtype": "1", - "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", - "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" - }, - "Identity Association for Non-temporary Address": { - "dhcpv6.option.type": "3", - "dhcpv6.option.length": "40", - "dhcpv6.option.value": "30:bf:34:7e:00:00:54:60:00:00:87:00:00:05:00:18:fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", - "dhcpv6.iaid": "30bf347e", - "dhcpv6.iaid.t1": "21600", - "dhcpv6.iaid.t2": "34560", - "IA Address": { - "dhcpv6.option.type": "5", - "dhcpv6.option.length": "24", - "dhcpv6.option.value": "fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", - "dhcpv6.iaaddr.ip": "fd1e:4e89:3b7b::101", - "dhcpv6.iaaddr.pref_lifetime": "0", - "dhcpv6.iaaddr.valid_lifetime": "0" - } - }, - "Option Request": { - "dhcpv6.option.type": "6", - "dhcpv6.option.length": "6", - "dhcpv6.option.value": "00:17:00:18:00:1f", - "dhcpv6.requested_option_code": "23", - "dhcpv6.requested_option_code": "24", - "dhcpv6.requested_option_code": "31" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:17.621995000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494357.621995000", - "frame.time_delta": "0.035765000", - "frame.time_delta_displayed": "0.035765000", - "frame.time_relative": "766.161309000", - "frame.number": "2749", - "frame.len": "78", - "frame.cap_len": "78", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:ff:00:01:01", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_ff:00:01:01", - "eth.addr": "33:33:ff:00:01:01", - "eth.addr_resolved": "IPv6mcast_ff:00:01:01", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "24", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "::", - "ipv6.addr": "::", - "ipv6.src_host": "::", - "ipv6.host": "::", - "ipv6.dst": "ff02::1:ff00:101", - "ipv6.addr": "ff02::1:ff00:101", - "ipv6.dst_host": "ff02::1:ff00:101", - "ipv6.host": "ff02::1:ff00:101", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "135", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000f182", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00:00:00", - "icmpv6.nd.ns.target_address": "fd1e:4e89:3b7b::101" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:17.630899000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494357.630899000", - "frame.time_delta": "0.008904000", - "frame.time_delta_displayed": "0.008904000", - "frame.time_relative": "766.170213000", - "frame.number": "2750", - "frame.len": "110", - "frame.cap_len": "110", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "56", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000effa", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "2", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:18.654269000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494358.654269000", - "frame.time_delta": "1.023370000", - "frame.time_delta_displayed": "1.023370000", - "frame.time_relative": "767.193583000", - "frame.number": "2751", - "frame.len": "62", - "frame.cap_len": "62", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_02", - "eth.addr": "33:33:00:00:00:02", - "eth.addr_resolved": "IPv6mcast_02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "8", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "::", - "ipv6.addr": "::", - "ipv6.src_host": "::", - "ipv6.host": "::", - "ipv6.dst": "ff02::2", - "ipv6.addr": "ff02::2", - "ipv6.dst_host": "ff02::2", - "ipv6.host": "ff02::2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "133", - "icmpv6.code": "0", - "icmpv6.checksum": "0x00007bb8", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:18.656615000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494358.656615000", - "frame.time_delta": "0.002346000", - "frame.time_delta_displayed": "0.002346000", - "frame.time_relative": "767.195929000", - "frame.number": "2752", - "frame.len": "174", - "frame.cap_len": "174", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:01", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01", - "eth.addr": "33:33:00:00:00:01", - "eth.addr_resolved": "IPv6mcast_01", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00016898", - "ipv6.plen": "120", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "fe80::b2b9:8aff:fe73:698e", - "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.dst": "ff02::1", - "ipv6.addr": "ff02::1", - "ipv6.dst_host": "ff02::1", - "ipv6.host": "ff02::1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "134", - "icmpv6.code": "0", - "icmpv6.checksum": "0x00006442", - "icmpv6.checksum.status": "1", - "icmpv6.nd.ra.cur_hop_limit": "64", - "icmpv6.nd.ra.flag": "0x000000c0", - "icmpv6.nd.ra.flag_tree": { - "icmpv6.nd.ra.flag.m": "1", - "icmpv6.nd.ra.flag.o": "1", - "icmpv6.nd.ra.flag.h": "0", - "icmpv6.nd.ra.flag.prf": "0", - "icmpv6.nd.ra.flag.p": "0", - "icmpv6.nd.ra.flag.rsv": "0" - }, - "icmpv6.nd.ra.router_lifetime": "0", - "icmpv6.nd.ra.reachable_time": "0", - "icmpv6.nd.ra.retrans_timer": "0", - "icmpv6.opt": { - "icmpv6.opt.type": "1", - "icmpv6.opt.length": "1", - "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", - "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "5", - "icmpv6.opt.length": "1", - "icmpv6.opt.reserved": "", - "icmpv6.opt.mtu": "1500" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "3", - "icmpv6.opt.length": "4", - "icmpv6.opt.prefix.length": "64", - "icmpv6.opt.prefix.flag": "0x000000c0", - "icmpv6.opt.prefix.flag_tree": { - "icmpv6.opt.prefix.flag.l": "1", - "icmpv6.opt.prefix.flag.a": "1", - "icmpv6.opt.prefix.flag.r": "0", - "icmpv6.opt.prefix.flag.reserved": "0" - }, - "icmpv6.opt.prefix.valid_lifetime": "4294967295", - "icmpv6.opt.prefix.preferred_lifetime": "4294967295", - "icmpv6.opt.reserved": "", - "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "24", - "icmpv6.opt.length": "3", - "icmpv6.opt.prefix.length": "48", - "icmpv6.opt.route_info.flag": "0x00000000", - "icmpv6.opt.route_info.flag_tree": { - "icmpv6.opt.route_info.flag.route_preference": "0", - "icmpv6.opt.route_info.flag.reserved": "0" - }, - "icmpv6.opt.route_lifetime": "4294967295", - "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "25", - "icmpv6.opt.length": "3", - "icmpv6.opt.reserved": "", - "icmpv6.opt.rdnss.lifetime": "6000", - "icmpv6.opt.rdnss": "fd1e:4e89:3b7b::1" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "7", - "icmpv6.opt.length": "1", - "icmpv6.opt.reserved": "", - "icmpv6.opt.advertisement_interval": "600000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:18.671057000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494358.671057000", - "frame.time_delta": "0.014442000", - "frame.time_delta_displayed": "0.014442000", - "frame.time_relative": "767.210371000", - "frame.number": "2753", - "frame.len": "150", - "frame.cap_len": "150", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "96", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000b490", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "4", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::fb" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:18.742040000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494358.742040000", - "frame.time_delta": "0.070983000", - "frame.time_delta_displayed": "0.070983000", - "frame.time_relative": "767.281354000", - "frame.number": "2754", - "frame.len": "150", - "frame.cap_len": "150", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "96", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000b590", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "4", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::fb" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:18.964777000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494358.964777000", - "frame.time_delta": "0.222737000", - "frame.time_delta_displayed": "0.222737000", - "frame.time_relative": "767.504091000", - "frame.number": "2755", - "frame.len": "353", - "frame.cap_len": "353", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "339", - "ip.id": "0x00002c38", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003828", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "287", - "tcp.seq": "3505", - "tcp.nxtseq": "3792", - "tcp.ack": "18886", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000986f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9d:e8:d9:00:25:db:fe", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812143833, TSecr 2481150": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812143833", - "tcp.options.timestamp.tsecr": "2481150" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "287", - "tcp.analysis.push_bytes_sent": "287" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "282", - "ssl.app_data": "34:cd:34:17:47:48:0e:52:58:4e:82:b0:d3:2a:88:02:f6:e3:9f:fd:94:17:4c:6e:da:a8:e5:e8:5d:03:59:f5:52:4d:9c:db:03:1e:0c:a1:86:d3:f2:67:17:d7:f8:c0:02:26:e1:5c:7d:e4:51:83:41:65:54:9b:32:2f:a8:37:af:c7:04:a8:df:57:01:82:9a:5c:c6:64:ed:ea:ff:5c:e6:0d:2d:69:0c:0f:9f:16:9a:0f:e0:ee:97:17:fc:f1:66:64:1d:55:3c:63:e9:b4:b3:f8:06:9c:4b:4d:2a:a5:99:43:84:09:96:8c:6f:02:90:9f:26:5a:54:af:ab:9c:77:b8:2b:8f:a3:26:c5:a0:8e:b0:57:dd:1c:bd:00:32:bc:8c:45:3a:23:59:20:23:37:e0:c1:0a:73:fc:d2:72:91:e2:ff:28:ff:d1:c5:cc:e8:4c:88:46:13:89:1f:77:6e:67:15:e9:cc:22:71:4b:be:17:a3:23:8e:d9:f2:1a:e1:eb:09:b7:3c:5e:c4:1a:a0:1e:2c:d1:c5:30:25:8f:25:15:09:85:9b:24:7a:89:2f:30:dd:b3:2c:c6:bd:e2:a2:3d:10:09:c5:c7:67:ca:56:e9:fe:48:1d:c7:d2:29:d1:71:9b:1b:e6:5d:dc:1c:cd:d9:d7:ed:56:45:d6:6c:32:07:81:80:74:15:b9:84:eb:33:81:18:3c:f0:32:e3:6f:64:4e:cc:65:6f:5c:27:3a:23" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:18.978375000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494358.978375000", - "frame.time_delta": "0.013598000", - "frame.time_delta_displayed": "0.013598000", - "frame.time_relative": "767.517689000", - "frame.number": "2756", - "frame.len": "119", - "frame.cap_len": "119", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "105", - "ip.id": "0x0000954a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007800", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "53", - "tcp.seq": "18886", - "tcp.nxtseq": "18939", - "tcp.ack": "3792", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000af66", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:dc:be:a7:9d:e8:d9", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2481342, TSecr 2812143833": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2481342", - "tcp.options.timestamp.tsecr": "2812143833" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2755", - "tcp.analysis.ack_rtt": "0.013598000", - "tcp.analysis.bytes_in_flight": "53", - "tcp.analysis.push_bytes_sent": "53" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "48", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:e1:fc:b3:84:67:5d:20:41:92:d1:86:dc:4a:44:c4:6d:3d:59:a5:ee:e5:ed:3c:82:0f:d7:0a:b3:75:9a:4c:71:81:3f:18:11:2c:d6:fb:b8:ea" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:19.038765000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494359.038765000", - "frame.time_delta": "0.060390000", - "frame.time_delta_displayed": "0.060390000", - "frame.time_relative": "767.578079000", - "frame.number": "2757", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c39", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003946", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "3792", - "tcp.ack": "18939", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00008a18", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9d:e8:ec:00:25:dc:be", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812143852, TSecr 2481342": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812143852", - "tcp.options.timestamp.tsecr": "2481342" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2756", - "tcp.analysis.ack_rtt": "0.060390000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:19.039304000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494359.039304000", - "frame.time_delta": "0.000539000", - "frame.time_delta_displayed": "0.000539000", - "frame.time_relative": "767.578618000", - "frame.number": "2758", - "frame.len": "764", - "frame.cap_len": "764", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "750", - "ip.id": "0x0000954b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000757a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "698", - "tcp.seq": "18939", - "tcp.nxtseq": "19637", - "tcp.ack": "3792", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000a2bb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:dc:c4:a7:9d:e8:ec", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2481348, TSecr 2812143852": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2481348", - "tcp.options.timestamp.tsecr": "2812143852" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "698", - "tcp.analysis.push_bytes_sent": "698" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:e2:e9:c0:f0:b3:2b:b7:b7:0b:a4:4b:b2:e9:a1:32:c3:63:b5:b1:ed:b1:8b:bf:9c:16:7b:22:51:07:07:9d:32:dc:81:ad:4d:9b:f0:6c:ad:bc:7c" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "96", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:e3:fd:12:20:b6:a5:ee:fd:dc:64:4c:7e:77:fd:78:1b:16:7c:2f:7d:80:d1:d5:93:8a:46:44:54:49:21:29:a9:10:da:d3:6c:a1:df:7b:d8:95:a5:70:b7:4d:01:b8:aa:d0:f1:b3:46:58:19:42:8a:fc:f8:2c:f3:b1:41:e1:00:ea:5d:65:b9:fa:68:6d:fb:92:8d:2a:40:9f:99:bf:ed:ce:ab:fa:31:cd:c7:a1:e1:64" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "538", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:e4:da:5e:1c:d2:6f:86:c7:62:8e:95:21:36:96:50:40:93:bb:85:76:85:73:ce:a7:4f:e8:35:59:ad:a8:4c:f6:b8:02:54:4d:8e:4e:b2:0f:79:ff:7b:e2:4d:80:25:de:1b:87:56:e6:20:c2:66:67:2f:58:14:de:aa:c6:ba:cf:0b:ea:8e:24:9c:31:d0:2f:c9:65:5d:6d:ba:3f:b8:c1:b5:80:51:c8:ec:a7:d1:e9:18:7f:a7:f6:40:dc:c6:bf:97:5a:2d:21:bd:34:ca:f7:6d:79:39:6e:3d:44:9e:28:ef:fe:93:f6:50:1e:a3:fd:34:c7:42:f2:bf:d8:2c:fa:3f:3d:10:b2:6c:2d:16:bb:31:6e:58:86:d6:3b:3d:90:90:96:7e:ff:50:6d:31:a0:b0:f8:60:d1:be:51:3e:6e:dd:22:ac:a3:94:a6:d5:10:3b:1c:6c:22:20:e8:6f:9c:3e:79:aa:7c:66:52:0a:1a:97:91:fd:61:8d:38:55:d0:0f:48:26:98:69:bd:a5:de:35:26:87:7c:e8:75:68:3a:0d:9e:a4:b1:de:c5:5d:d5:9b:98:be:2f:52:5a:5c:0e:fb:08:fa:90:06:6a:62:9f:fc:35:dc:01:ec:c8:69:18:54:ff:48:5c:38:e0:df:ee:96:b2:99:e4:62:f7:21:25:76:33:de:05:d1:6d:9a:29:f4:0a:f1:3d:0b:00:04:62:63:42:f2:96:7c:9c:b9:7a:2e:35:57:ae:71:bf:71:44:f6:d9:19:35:d3:98:67:2d:9f:5d:89:8d:50:ae:87:05:1c:97:1b:18:5f:7f:39:b9:17:80:50:1b:98:25:c1:6f:97:df:d6:67:cc:6d:47:28:e9:70:cb:b8:de:28:1f:92:63:6f:df:03:ce:d7:81:72:6d:ad:f9:31:a7:8f:97:a1:a8:7c:d7:a7:2d:f9:15:0e:6b:43:e6:9d:2f:f5:c5:2d:11:17:9d:0b:d8:d6:fa:5e:12:b1:eb:40:71:a9:53:fe:ea:8c:fb:11:20:33:b1:4a:cd:77:ff:82:39:b5:c3:b5:82:c5:d2:52:7b:c0:09:b8:1c:55:c1:b6:08:11:b9:fb:49:dc:6b:67:fd:f6:65:d5:d6:ca:2a:73:a0:43:bf:92:2a:b4:5c:f7:72:91:84:0e:65:44:82:c5:6f:87:0a:cc:f2:3e:fe:c8:73:77:46:0f:19:57:a2:8a:9a:5f:3f:a7:68:b3:e6:4f:e3:87:6a:21:2f:01:bb:69:47:42:69:dc:fd:99:56:54:bf:13:cb:fa:de:d1:57:51:b4:51:cb:56:42:ca:95:25:58:b2:dd:18:9a:11:64:89:0e:3d:50:7d:77:c3:84:9b:52:2f:6f:cf:2f:c8:7d:e6:93:c5:6f:2e:45:62:04" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:19.099591000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494359.099591000", - "frame.time_delta": "0.060287000", - "frame.time_delta_displayed": "0.060287000", - "frame.time_relative": "767.638905000", - "frame.number": "2759", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c3a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003945", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "3792", - "tcp.ack": "19637", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00008749", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9d:e8:fb:00:25:dc:c4", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812143867, TSecr 2481348": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812143867", - "tcp.options.timestamp.tsecr": "2481348" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2758", - "tcp.analysis.ack_rtt": "0.060287000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:19.378398000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494359.378398000", - "frame.time_delta": "0.278807000", - "frame.time_delta_displayed": "0.278807000", - "frame.time_relative": "767.917712000", - "frame.number": "2760", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "106", - "ip.id": "0x0000954c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000077fd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "54", - "tcp.seq": "19637", - "tcp.nxtseq": "19691", - "tcp.ack": "3792", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000da75", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:dc:e6:a7:9d:e8:fb", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2481382, TSecr 2812143867": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2481382", - "tcp.options.timestamp.tsecr": "2812143867" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "54", - "tcp.analysis.push_bytes_sent": "54" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:e5:c9:2f:6e:d4:3e:47:9b:25:49:9c:1a:0c:99:f0:6a:40:d8:ae:ae:b9:f2:e9:34:31:0a:d5:86:5c:6c:a6:44:0f:2f:39:84:43:ca:cb:6a:c1:12" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:19.438628000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494359.438628000", - "frame.time_delta": "0.060230000", - "frame.time_delta_displayed": "0.060230000", - "frame.time_relative": "767.977942000", - "frame.number": "2761", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c3b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003944", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "3792", - "tcp.ack": "19691", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000869c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9d:e9:50:00:25:dc:e6", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812143952, TSecr 2481382": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812143952", - "tcp.options.timestamp.tsecr": "2481382" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2760", - "tcp.analysis.ack_rtt": "0.060230000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:20.589270000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494360.589270000", - "frame.time_delta": "1.150642000", - "frame.time_delta_displayed": "1.150642000", - "frame.time_relative": "769.128584000", - "frame.number": "2762", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d96", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000ba5a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00000f94", - "udp.checksum.status": "2", - "udp.stream": "16" - }, - "mdns": { - "dns.id": "0x0000026e", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=622", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:20.589821000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494360.589821000", - "frame.time_delta": "0.000551000", - "frame.time_delta_displayed": "0.000551000", - "frame.time_relative": "769.129135000", - "frame.number": "2763", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d97", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009b55", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f08f", - "udp.checksum.status": "2", - "udp.stream": "17" - }, - "mdns": { - "dns.id": "0x0000026e", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=622", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:20.590401000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494360.590401000", - "frame.time_delta": "0.000580000", - "frame.time_delta_displayed": "0.000580000", - "frame.time_relative": "769.129715000", - "frame.number": "2764", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1319", - "udp.dstport": "5353", - "udp.port": "1319", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00007e55", - "udp.checksum.status": "2", - "udp.stream": "18" - }, - "mdns": { - "dns.id": "0x0000026e", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=622", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:21.031244000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494361.031244000", - "frame.time_delta": "0.440843000", - "frame.time_delta_displayed": "0.440843000", - "frame.time_relative": "769.570558000", - "frame.number": "2765", - "frame.len": "354", - "frame.cap_len": "354", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "340", - "ip.id": "0x00002c3c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003823", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "288", - "tcp.seq": "3792", - "tcp.nxtseq": "4080", - "tcp.ack": "19691", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00009c0a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9d:ea:de:00:25:dc:e6", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812144350, TSecr 2481382": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812144350", - "tcp.options.timestamp.tsecr": "2481382" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "288", - "tcp.analysis.push_bytes_sent": "288" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "283", - "ssl.app_data": "34:cd:34:17:47:48:0e:53:0a:17:14:e1:d3:42:ce:59:42:fa:29:86:53:8a:6f:f5:ec:4b:ff:e9:ab:84:e1:60:0e:27:1c:3a:7c:85:d6:34:35:b3:81:ee:21:dc:a0:2f:a9:27:fb:81:e0:99:dc:a6:cd:12:e3:03:21:04:be:41:1e:cb:08:f2:19:2b:78:23:49:f9:d7:e9:49:38:f5:75:ef:97:a9:1b:66:4d:1e:e5:c8:34:64:2d:03:03:f9:08:60:12:e4:7b:83:3f:15:60:11:fe:6a:08:df:f9:48:46:4c:85:b1:d7:80:7e:34:26:2b:9a:c1:98:f5:ff:03:4d:9b:2d:99:ba:d4:87:12:52:0d:a9:00:ff:69:e9:28:1e:65:53:16:73:92:aa:c3:dc:d8:cf:a7:2e:d1:af:6a:50:1b:9c:3c:95:cf:86:7b:83:60:b9:0e:ad:96:0a:f2:37:5f:95:86:08:74:74:1d:9b:9f:64:78:33:2a:9e:9c:58:a8:28:33:05:a9:ec:fb:03:dc:ca:0e:9f:36:b9:92:75:0c:8a:cd:13:66:b6:90:66:c4:71:d3:de:c5:57:0e:06:8b:b2:27:27:8f:0b:0d:92:e3:dc:ec:10:be:9c:77:3f:48:0a:9e:9f:30:f6:4a:07:8f:30:98:86:ff:18:75:ab:b7:f2:71:7d:12:6f:1a:00:cf:c3:4f:07:21:a7:b5:ef:b8:9a:27:b8:b0:e6:b1:12:09:99:b4" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:21.047961000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494361.047961000", - "frame.time_delta": "0.016717000", - "frame.time_delta_displayed": "0.016717000", - "frame.time_relative": "769.587275000", - "frame.number": "2766", - "frame.len": "119", - "frame.cap_len": "119", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "105", - "ip.id": "0x0000954d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000077fd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "53", - "tcp.seq": "19691", - "tcp.nxtseq": "19744", - "tcp.ack": "4080", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000073e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:dd:8d:a7:9d:ea:de", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2481549, TSecr 2812144350": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2481549", - "tcp.options.timestamp.tsecr": "2812144350" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2765", - "tcp.analysis.ack_rtt": "0.016717000", - "tcp.analysis.bytes_in_flight": "53", - "tcp.analysis.push_bytes_sent": "53" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "48", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:e6:ed:41:13:30:b0:d9:f9:11:57:94:9e:c6:9a:c5:45:08:08:08:77:17:b2:2e:f1:22:a6:5e:a4:eb:e4:a0:24:be:3c:15:fe:f8:b8:c5:d2:19" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:21.108022000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494361.108022000", - "frame.time_delta": "0.060061000", - "frame.time_delta_displayed": "0.060061000", - "frame.time_relative": "769.647336000", - "frame.number": "2767", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c3d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003942", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "4080", - "tcp.ack": "19744", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000082ff", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9d:ea:f1:00:25:dd:8d", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812144369, TSecr 2481549": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812144369", - "tcp.options.timestamp.tsecr": "2481549" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2766", - "tcp.analysis.ack_rtt": "0.060061000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:21.108522000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494361.108522000", - "frame.time_delta": "0.000500000", - "frame.time_delta_displayed": "0.000500000", - "frame.time_relative": "769.647836000", - "frame.number": "2768", - "frame.len": "765", - "frame.cap_len": "765", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "751", - "ip.id": "0x0000954e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007576", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "699", - "tcp.seq": "19744", - "tcp.nxtseq": "20443", - "tcp.ack": "4080", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f736", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:dd:93:a7:9d:ea:f1", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2481555, TSecr 2812144369": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2481555", - "tcp.options.timestamp.tsecr": "2812144369" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "699", - "tcp.analysis.push_bytes_sent": "699" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:e7:6c:0c:fc:c5:fe:fa:d3:2d:1c:1b:1f:8c:4f:1b:3d:2c:05:74:b6:91:2d:be:da:da:76:ac:61:d2:77:aa:2e:57:d9:1a:db:6b:ae:8b:1a:c8:35" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "96", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:e8:a2:e8:3f:c3:43:7a:ff:d2:50:f7:37:4a:36:b1:3f:36:9d:0b:ee:d6:db:2a:76:45:f9:a5:04:6f:a3:b0:73:4b:ea:27:5f:4f:a3:58:6e:0b:72:cd:7f:fd:10:46:ac:ac:c4:39:f4:6d:79:08:43:d6:0d:ef:95:27:39:e9:25:29:f2:9b:37:68:24:d7:b9:45:7d:fc:22:40:b3:54:3c:67:a9:f8:1f:e9:3c:9e:51:e1" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "539", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:e9:d3:6c:7e:1c:c2:e2:3a:ab:c0:42:49:f9:a3:34:57:85:51:78:d1:5d:6c:68:dc:35:2c:04:64:1c:e8:99:33:81:25:b7:e7:a7:1e:97:a4:22:b0:e5:d9:8b:7f:a8:59:0e:0e:cb:cb:e7:b2:4b:f6:44:bb:6c:6d:ea:eb:df:24:3d:89:8f:71:a8:8b:ef:f8:f2:e7:55:6f:91:fc:34:59:83:16:16:1f:00:a0:16:aa:4b:c0:dc:3f:cb:55:7e:77:66:0a:89:b2:fd:19:ce:98:3e:32:d1:cd:5c:d9:d5:93:5f:e1:52:66:bc:25:64:92:d8:f9:7c:8f:d1:59:22:18:30:e4:2d:0f:41:b1:c2:bc:49:c5:6c:4b:f2:c2:a2:0e:8c:7d:81:b7:e5:3a:f3:e3:1f:00:b9:50:18:cc:e1:8f:12:6a:15:13:e9:8d:37:0e:a0:98:1e:90:80:97:05:30:e0:f8:ef:2a:c6:01:fb:04:ab:aa:18:10:98:5c:8f:7a:eb:c6:58:a3:3e:19:a6:35:73:1d:e5:32:01:70:61:65:a4:ac:34:21:c1:6f:53:9e:cd:6e:2e:a0:26:a7:11:3f:83:15:49:ad:0b:cb:50:9c:e1:4e:e8:6c:ed:d5:e3:d1:25:85:ba:85:7a:6e:be:b8:8f:db:a5:1d:b1:26:3e:52:81:b6:3b:ea:83:39:36:2a:f9:9c:fa:ec:1c:ab:3d:d0:70:a0:f2:f6:52:f4:c8:08:2a:b5:33:31:49:ca:ed:2d:aa:04:8b:4e:65:fc:5a:cf:73:0b:42:7b:75:44:20:24:85:40:9e:18:67:db:4a:ff:af:40:fb:47:a6:d5:5d:cc:9c:1b:82:09:54:1b:e2:f9:ec:44:ad:b2:39:8a:84:58:01:c6:f2:32:79:28:7a:1f:8d:95:63:73:6d:a0:9c:c6:49:d9:19:12:2a:68:78:63:02:c8:f5:61:a1:48:af:81:6d:70:12:73:0f:7a:4a:2c:aa:7a:15:06:2e:89:d3:ae:2f:12:e7:37:b8:57:5c:eb:ca:32:fe:20:05:ef:4c:73:32:08:20:b3:8b:8e:f7:1e:b0:4b:cc:86:34:77:8c:d7:e1:ca:27:24:21:57:76:50:d2:74:a9:6b:a2:28:34:ce:44:09:45:b2:c9:9c:cc:58:74:93:ca:3c:de:a1:90:34:d1:ad:e9:7e:36:2d:a1:7f:13:76:f0:d0:a9:30:66:2b:ea:0d:7c:40:ad:7f:5e:55:85:af:5b:d5:e9:3d:35:cd:5a:30:67:b3:01:03:65:63:1c:67:d2:1e:6e:7e:49:43:a6:93:f7:10:2f:59:07:c0:5a:2f:db:06:92:45:6d:37:5f:67:0f:f5:28:51:5d:0e:3b:13:c4:79:db:55:15:1b:2f:3c:98:39" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:21.168828000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494361.168828000", - "frame.time_delta": "0.060306000", - "frame.time_delta_displayed": "0.060306000", - "frame.time_relative": "769.708142000", - "frame.number": "2769", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c3e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003941", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "4080", - "tcp.ack": "20443", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000802f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9d:eb:00:00:25:dd:93", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812144384, TSecr 2481555": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812144384", - "tcp.options.timestamp.tsecr": "2481555" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2768", - "tcp.analysis.ack_rtt": "0.060306000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:21.448872000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494361.448872000", - "frame.time_delta": "0.280044000", - "frame.time_delta_displayed": "0.280044000", - "frame.time_relative": "769.988186000", - "frame.number": "2770", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "106", - "ip.id": "0x0000954f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000077fa", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "54", - "tcp.seq": "20443", - "tcp.nxtseq": "20497", - "tcp.ack": "4080", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000fc09", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:dd:b5:a7:9d:eb:00", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2481589, TSecr 2812144384": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2481589", - "tcp.options.timestamp.tsecr": "2812144384" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "54", - "tcp.analysis.push_bytes_sent": "54" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:ea:e8:7f:2f:64:a7:fd:7a:e9:89:39:f4:ca:c9:a3:da:9a:1e:a2:25:8f:79:94:a8:42:5b:56:b0:7d:0a:ba:b4:c5:fe:46:2d:eb:5c:9f:6e:55:31" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:21.508943000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494361.508943000", - "frame.time_delta": "0.060071000", - "frame.time_delta_displayed": "0.060071000", - "frame.time_relative": "770.048257000", - "frame.number": "2771", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c3f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003940", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "4080", - "tcp.ack": "20497", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00007f82", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9d:eb:55:00:25:dd:b5", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812144469, TSecr 2481589": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812144469", - "tcp.options.timestamp.tsecr": "2481589" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2770", - "tcp.analysis.ack_rtt": "0.060071000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:23.490557000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494363.490557000", - "frame.time_delta": "1.981614000", - "frame.time_delta_displayed": "1.981614000", - "frame.time_relative": "772.029871000", - "frame.number": "2772", - "frame.len": "354", - "frame.cap_len": "354", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "340", - "ip.id": "0x00002c40", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000381f", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "288", - "tcp.seq": "4080", - "tcp.nxtseq": "4368", - "tcp.ack": "20497", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00002f2c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9d:ed:45:00:25:dd:b5", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812144965, TSecr 2481589": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812144965", - "tcp.options.timestamp.tsecr": "2481589" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "288", - "tcp.analysis.push_bytes_sent": "288" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "283", - "ssl.app_data": "34:cd:34:17:47:48:0e:54:4d:7d:29:12:82:ea:db:79:21:48:7f:fc:6b:9d:97:7c:e2:af:cc:25:9a:41:00:93:18:c9:25:77:3f:d6:89:ad:d5:4a:d9:f6:9d:e2:f2:f3:67:1a:42:9d:f4:00:bb:2e:0a:f6:02:87:d4:5f:85:97:3c:6b:ca:b8:8a:ff:6c:48:62:ac:86:9f:25:80:8a:6f:cf:bc:fa:d1:e4:db:43:c6:06:18:ec:44:6a:f8:6d:02:40:6a:e2:22:7c:64:c2:53:b9:4b:98:bc:ad:02:1a:85:08:03:69:cf:0b:92:57:fc:a3:fa:77:05:f3:e4:34:a8:1d:ba:87:0a:e0:2f:39:98:a1:cc:14:20:b0:32:48:44:f0:98:f2:68:bb:1a:16:90:16:6b:77:23:8f:a5:21:d2:6e:2c:63:a4:2c:94:a2:88:7c:f9:fb:a1:5a:f9:6e:7b:13:f6:fd:cc:2b:bc:23:99:8f:79:4e:a7:7d:77:9a:e6:0f:a4:ed:90:13:94:58:65:a4:a9:7c:f7:86:d5:f2:a4:bf:b5:5b:c5:8b:5f:f9:63:f6:f8:06:12:00:f8:7c:5f:79:bf:40:aa:6b:a2:87:57:86:9c:78:a2:ac:5b:c0:03:d8:4f:c8:30:d8:f9:5f:38:5a:17:7b:56:aa:86:d9:36:3a:c3:a0:b9:61:0c:93:d8:a0:09:d8:90:98:ea:44:f9:8d:ea:98:ce:48:f4:76:10:ba:cb:fb" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:23.508651000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494363.508651000", - "frame.time_delta": "0.018094000", - "frame.time_delta_displayed": "0.018094000", - "frame.time_relative": "772.047965000", - "frame.number": "2773", - "frame.len": "119", - "frame.cap_len": "119", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "105", - "ip.id": "0x00009550", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000077fa", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "53", - "tcp.seq": "20497", - "tcp.nxtseq": "20550", - "tcp.ack": "4368", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f67b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:de:83:a7:9d:ed:45", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2481795, TSecr 2812144965": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2481795", - "tcp.options.timestamp.tsecr": "2812144965" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2772", - "tcp.analysis.ack_rtt": "0.018094000", - "tcp.analysis.bytes_in_flight": "53", - "tcp.analysis.push_bytes_sent": "53" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "48", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:eb:47:a0:a9:f4:7f:73:30:1e:d1:27:48:97:0f:b9:c8:0f:8f:1e:c2:95:68:b1:f3:d4:fc:94:12:9b:84:32:96:b2:0c:23:05:71:a1:c1:be:3e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:23.568733000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494363.568733000", - "frame.time_delta": "0.060082000", - "frame.time_delta_displayed": "0.060082000", - "frame.time_relative": "772.108047000", - "frame.number": "2774", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c41", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000393e", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "4368", - "tcp.ack": "20550", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00007b5c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9d:ed:58:00:25:de:83", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812144984, TSecr 2481795": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812144984", - "tcp.options.timestamp.tsecr": "2481795" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2773", - "tcp.analysis.ack_rtt": "0.060082000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:23.569270000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494363.569270000", - "frame.time_delta": "0.000537000", - "frame.time_delta_displayed": "0.000537000", - "frame.time_relative": "772.108584000", - "frame.number": "2775", - "frame.len": "765", - "frame.cap_len": "765", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "751", - "ip.id": "0x00009551", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007573", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "699", - "tcp.seq": "20550", - "tcp.nxtseq": "21249", - "tcp.ack": "4368", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00002c5b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:de:89:a7:9d:ed:58", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2481801, TSecr 2812144984": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2481801", - "tcp.options.timestamp.tsecr": "2812144984" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "699", - "tcp.analysis.push_bytes_sent": "699" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:ec:3a:8b:16:2c:ab:2b:04:bd:a1:84:c8:58:63:08:dc:f2:c9:5d:38:b4:c3:ab:be:64:66:f2:2b:10:de:46:5b:7a:7f:79:b2:ee:ef:86:d7:5e:68" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "96", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:ed:09:bd:bb:24:9e:9c:b1:f5:7f:93:2d:83:91:1e:2d:a9:c0:43:7d:0f:3d:4a:25:24:41:24:5a:cb:a7:61:09:b1:81:61:43:7b:87:b5:ea:b5:aa:29:0f:30:08:2b:65:7f:75:43:01:49:6d:f3:ea:ce:4f:9c:38:fc:64:d9:f3:c5:9d:c4:4b:08:75:bb:06:34:f8:2e:89:49:4f:d1:d4:38:d7:98:99:95:1d:83:93:07" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "539", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:ee:0e:7f:71:6b:9e:62:0a:1b:e8:eb:41:29:2e:7d:7c:f2:ee:8b:36:03:b1:1b:7f:f6:f2:f4:ca:4c:7e:6a:4a:8b:c1:28:be:80:5e:ab:ef:17:82:09:17:d9:eb:dc:89:cf:0c:8a:4f:3f:e6:57:d8:b1:c5:34:9c:6a:33:a5:87:be:86:cc:04:06:c8:d8:9f:99:51:cc:43:8c:40:1d:13:a9:55:a4:6e:00:6f:8e:05:df:d1:04:b9:b6:a8:58:29:a8:ee:1d:f7:3f:63:6e:03:4f:46:e7:e0:f6:92:ac:b5:e4:51:04:6d:4c:f3:2e:b9:51:bf:c1:4c:a6:05:8a:f7:e4:45:9f:cf:75:ef:b3:aa:38:1f:ac:27:ab:0e:ea:55:25:1c:6a:9d:9d:78:ee:03:82:ab:f8:89:50:24:ef:cb:7f:c4:10:c8:11:30:6a:60:59:c5:27:67:3a:f7:dd:55:cf:91:28:9e:6f:fc:51:f2:b3:ad:ef:33:12:44:56:d3:be:21:68:bf:fd:ca:15:26:c0:60:79:f8:b2:4b:3b:f1:28:c4:d0:e3:63:f7:f9:12:84:40:05:3d:33:6f:09:45:df:80:3e:5e:2c:fc:b5:82:37:0f:4c:a1:81:25:a5:99:cb:ea:a9:8a:8f:f1:54:f5:16:8a:2b:5f:50:6c:8e:87:b6:20:18:b2:f6:15:df:03:ca:c4:36:1a:8e:ad:4b:ec:37:2d:55:6c:c0:2c:49:0d:d5:e2:a6:15:64:53:83:bd:98:3c:e5:d8:b9:77:dc:ff:66:85:fa:fe:00:9a:30:09:e2:59:ff:ce:a8:1e:be:58:39:94:07:26:bb:c0:10:05:fe:74:93:b8:7c:48:4f:10:20:ee:37:65:15:c0:a0:4e:53:21:3e:3d:94:fc:0f:f3:69:c0:8a:f6:5d:9f:9f:2a:96:7f:6c:27:54:c7:e2:d7:fd:e8:d0:8f:ce:d3:de:0c:39:03:fd:81:e7:b3:b2:1c:00:82:91:59:d0:eb:78:6d:36:54:f9:7c:66:59:1a:62:f1:fa:0e:68:d4:a7:a0:f9:e7:82:d0:ef:5a:65:36:9d:88:65:6e:af:80:78:12:b7:2f:5c:b7:03:19:47:f4:a7:88:2c:e5:17:8e:a3:4b:d1:47:01:ff:38:f2:ec:4a:52:ec:14:f1:f8:4f:d8:8d:c4:17:84:af:0e:bf:0a:ae:59:96:04:3c:a0:d3:28:69:57:91:7e:2f:88:38:84:82:12:2b:87:15:2a:4c:77:2a:36:d0:fc:2f:ac:7d:15:e2:b2:c1:b9:5a:94:11:d4:52:ba:3d:5a:9c:3e:56:da:ef:41:84:d3:09:4c:89:76:ba:57:d6:0b:dc:da:77:70:43:61:9d:80:c1:77:da:d4:4e:32:73:e8:6b:1f" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:23.629423000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494363.629423000", - "frame.time_delta": "0.060153000", - "frame.time_delta_displayed": "0.060153000", - "frame.time_relative": "772.168737000", - "frame.number": "2776", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c42", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000393d", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "4368", - "tcp.ack": "21249", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000788c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9d:ed:67:00:25:de:89", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812144999, TSecr 2481801": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812144999", - "tcp.options.timestamp.tsecr": "2481801" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2775", - "tcp.analysis.ack_rtt": "0.060153000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:23.908389000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494363.908389000", - "frame.time_delta": "0.278966000", - "frame.time_delta_displayed": "0.278966000", - "frame.time_relative": "772.447703000", - "frame.number": "2777", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "106", - "ip.id": "0x00009552", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000077f7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "54", - "tcp.seq": "21249", - "tcp.nxtseq": "21303", - "tcp.ack": "4368", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00006e9b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:de:ab:a7:9d:ed:67", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2481835, TSecr 2812144999": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2481835", - "tcp.options.timestamp.tsecr": "2812144999" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "54", - "tcp.analysis.push_bytes_sent": "54" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:ef:f1:83:f3:f7:56:01:91:01:47:cb:75:22:dd:1a:23:cb:cd:a8:b1:68:03:2f:77:bd:30:cc:1a:71:3e:c1:69:de:e3:06:a6:19:fa:07:55:bc:31" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:23.968842000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494363.968842000", - "frame.time_delta": "0.060453000", - "frame.time_delta_displayed": "0.060453000", - "frame.time_relative": "772.508156000", - "frame.number": "2778", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c43", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000393c", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "4368", - "tcp.ack": "21303", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000077df", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9d:ed:bc:00:25:de:ab", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812145084, TSecr 2481835": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812145084", - "tcp.options.timestamp.tsecr": "2481835" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2777", - "tcp.analysis.ack_rtt": "0.060453000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:24.639810000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494364.639810000", - "frame.time_delta": "0.670968000", - "frame.time_delta_displayed": "0.670968000", - "frame.time_relative": "773.179124000", - "frame.number": "2779", - "frame.len": "354", - "frame.cap_len": "354", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "340", - "ip.id": "0x00002c44", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000381b", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "288", - "tcp.seq": "4368", - "tcp.nxtseq": "4656", - "tcp.ack": "21303", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f46b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9d:ee:64:00:25:de:ab", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812145252, TSecr 2481835": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812145252", - "tcp.options.timestamp.tsecr": "2481835" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "288", - "tcp.analysis.push_bytes_sent": "288" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "283", - "ssl.app_data": "34:cd:34:17:47:48:0e:55:8a:24:cc:d1:e6:4a:f1:ae:60:82:1b:51:fb:a8:f1:3f:4f:1d:df:14:19:e6:68:fe:0a:40:10:a6:90:79:26:4f:b7:ce:88:ee:6e:2e:74:b8:33:c3:75:32:4a:7c:91:1a:4c:06:1d:c9:d8:4e:3c:9c:a2:47:bf:98:6d:73:1d:3e:fd:cb:7d:b3:0b:fd:01:9e:95:6a:ab:f8:c4:47:25:a3:43:2f:32:83:58:73:9b:b3:3c:4b:8b:57:c7:71:2d:48:b7:0b:80:99:79:76:18:bc:bb:39:10:b5:b7:d7:22:9a:88:68:e4:3d:ea:0a:4e:c6:67:fe:dc:81:68:5a:cd:30:d7:7e:3a:95:f2:7b:a3:e6:61:0a:1d:7a:9e:e0:8a:95:92:bd:8d:2c:37:6c:da:bd:7f:ff:6d:02:03:dc:8f:56:cb:55:99:ac:f7:f4:38:ce:f0:1c:ed:b4:3e:65:6f:65:6d:1f:70:1a:a4:58:1e:ba:ed:ab:4e:86:3a:9d:48:b7:de:87:a4:f8:30:9c:21:33:11:5b:8f:6f:25:7c:1b:91:e5:73:ad:7d:d8:2c:6f:be:4e:b6:1a:56:68:f4:97:0e:d9:71:76:2f:07:53:b5:a0:ce:41:fa:c6:e1:d4:ed:60:7c:d6:cd:03:30:fb:a0:8e:b7:27:78:27:49:ff:f2:93:32:b5:4d:13:c2:8c:7a:bd:90:bd:30:f7:75:28:c8:48:0e:2a:d3" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:24.658102000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494364.658102000", - "frame.time_delta": "0.018292000", - "frame.time_delta_displayed": "0.018292000", - "frame.time_relative": "773.197416000", - "frame.number": "2780", - "frame.len": "119", - "frame.cap_len": "119", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "105", - "ip.id": "0x00009553", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000077f7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "53", - "tcp.seq": "21303", - "tcp.nxtseq": "21356", - "tcp.ack": "4656", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00004687", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:de:f6:a7:9d:ee:64", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2481910, TSecr 2812145252": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2481910", - "tcp.options.timestamp.tsecr": "2812145252" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2779", - "tcp.analysis.ack_rtt": "0.018292000", - "tcp.analysis.bytes_in_flight": "53", - "tcp.analysis.push_bytes_sent": "53" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "48", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:f0:2a:dc:da:6a:7b:83:b9:0f:7c:b6:49:06:26:94:3f:f1:68:6e:2d:33:7c:81:8d:a4:31:55:8e:d3:58:ef:4e:ce:ab:8f:f2:41:13:60:da:3b" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:24.718264000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494364.718264000", - "frame.time_delta": "0.060162000", - "frame.time_delta_displayed": "0.060162000", - "frame.time_relative": "773.257578000", - "frame.number": "2781", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c45", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000393a", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "4656", - "tcp.ack": "21356", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00007584", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9d:ee:77:00:25:de:f6", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812145271, TSecr 2481910": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812145271", - "tcp.options.timestamp.tsecr": "2481910" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2780", - "tcp.analysis.ack_rtt": "0.060162000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:24.718800000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494364.718800000", - "frame.time_delta": "0.000536000", - "frame.time_delta_displayed": "0.000536000", - "frame.time_relative": "773.258114000", - "frame.number": "2782", - "frame.len": "765", - "frame.cap_len": "765", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "751", - "ip.id": "0x00009554", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007570", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "699", - "tcp.seq": "21356", - "tcp.nxtseq": "22055", - "tcp.ack": "4656", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000b701", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:de:fc:a7:9d:ee:77", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2481916, TSecr 2812145271": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2481916", - "tcp.options.timestamp.tsecr": "2812145271" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "699", - "tcp.analysis.push_bytes_sent": "699" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:f1:fc:8f:31:0c:04:11:28:f7:a6:2d:67:1e:d6:2b:d7:23:88:eb:fd:34:91:76:de:6c:77:39:76:94:a5:8a:4d:be:5c:4d:35:3d:5e:fd:37:82:15" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "96", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:f2:dc:08:ce:8a:c7:e2:09:a5:7e:1b:68:e9:1b:0b:a6:e7:80:67:cc:c5:c4:ed:2d:2f:06:94:2e:b7:af:93:89:10:ae:16:ad:d7:98:35:5e:8d:56:2e:49:53:65:d0:63:c9:f5:fb:c8:22:c3:81:26:8f:ef:d7:08:6b:5f:e8:65:0e:59:45:89:8c:06:f6:5b:97:ed:83:f2:d1:ee:f2:7e:1b:8d:04:c2:7c:e2:eb:85:5a" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "539", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:f3:55:49:29:72:10:2d:04:06:ac:02:67:b7:7a:59:4f:34:ca:98:b7:5e:d9:63:cf:b1:21:99:46:cb:64:6f:db:23:8a:5c:c8:12:0d:75:a2:ea:29:77:5a:2d:35:a0:05:b5:40:27:26:38:46:65:6b:22:ea:78:67:52:98:08:dd:28:cc:72:8c:6d:51:5d:32:41:cc:e0:9f:dd:15:46:a6:a0:a3:04:7f:00:91:0e:b9:6d:08:17:60:37:3d:b8:5a:89:62:28:97:85:34:17:3d:8c:97:ce:01:31:13:bf:62:e1:98:9c:f0:6e:43:25:d3:0f:9f:90:b3:70:c0:13:25:35:e9:49:38:70:f6:91:2c:b1:72:ff:da:f9:35:3c:4d:4b:73:16:00:e4:d6:02:63:0a:ec:75:00:ad:81:f3:cf:2f:11:e7:68:4a:a7:83:01:ce:dc:55:bb:00:9f:6b:15:39:c4:e0:0a:f1:4d:23:f7:e4:4c:6e:3c:41:50:d5:da:2b:7d:66:62:ce:db:f3:da:fb:7b:7f:db:4a:92:8e:60:6b:44:93:b2:6c:70:ab:0a:14:28:6d:b7:21:64:f3:72:98:63:4e:51:71:7c:11:55:aa:0f:c5:d7:ff:ff:62:c6:33:95:28:77:2a:0b:30:d5:7d:10:9b:98:6b:e8:88:37:19:39:49:6c:07:0d:65:15:85:d3:1a:ec:4d:92:97:e7:b8:68:76:1d:9a:f4:84:bd:13:d1:87:a0:7e:2e:a5:e1:1a:88:0c:66:32:07:9b:17:fe:c7:b4:d6:80:d6:ef:1e:89:76:93:ef:8d:6a:e8:82:7f:cf:8c:cf:2d:ea:ff:37:3a:ef:e4:e4:e3:bb:77:ca:0c:21:30:92:01:e4:7c:e7:2c:f1:c6:58:d6:eb:b0:9e:8c:49:fa:9e:49:3b:2f:e9:fb:20:25:89:a0:8b:2e:7a:ac:c6:e8:e8:1c:49:69:e4:4c:20:4f:4a:c4:e6:9e:b6:89:8e:14:36:96:ba:1e:21:54:ce:c0:bc:c4:1d:c1:1f:e4:d2:26:57:ea:36:e6:f9:bf:ba:5d:6e:0f:db:ef:81:32:66:52:ea:1c:20:07:c7:ff:46:0c:19:a6:4c:78:13:48:ee:c7:23:98:70:0a:85:26:c7:a7:13:49:6e:24:c9:63:02:73:fb:f5:07:1a:17:10:14:a0:73:72:af:6c:0e:f1:ab:d1:0e:0b:3b:e9:ec:ef:b2:4d:60:59:53:fc:9a:f9:d6:15:e6:bb:2a:b3:18:ad:c2:d2:d7:c9:02:0b:c4:fa:9f:c8:34:38:97:d1:55:b3:a2:c0:03:5f:d1:fa:bc:a7:86:8c:8c:6f:46:4d:87:a7:22:dc:5a:e0:9b:97:58:fa:77:9b:1e:fb:a6:c2:85:f3:76:96:e7" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:24.779100000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494364.779100000", - "frame.time_delta": "0.060300000", - "frame.time_delta_displayed": "0.060300000", - "frame.time_relative": "773.318414000", - "frame.number": "2783", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c46", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003939", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "4656", - "tcp.ack": "22055", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000072b3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9d:ee:87:00:25:de:fc", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812145287, TSecr 2481916": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812145287", - "tcp.options.timestamp.tsecr": "2481916" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2782", - "tcp.analysis.ack_rtt": "0.060300000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:25.057994000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494365.057994000", - "frame.time_delta": "0.278894000", - "frame.time_delta_displayed": "0.278894000", - "frame.time_relative": "773.597308000", - "frame.number": "2784", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "106", - "ip.id": "0x00009555", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000077f4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "54", - "tcp.seq": "22055", - "tcp.nxtseq": "22109", - "tcp.ack": "4656", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00007b34", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:df:1e:a7:9d:ee:87", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2481950, TSecr 2812145287": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2481950", - "tcp.options.timestamp.tsecr": "2812145287" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "54", - "tcp.analysis.push_bytes_sent": "54" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:f4:53:84:c8:8e:e7:52:8e:aa:5e:36:23:2a:2a:69:b5:a9:9f:1c:64:77:79:4b:0d:8c:dc:19:8f:ec:51:af:fd:53:91:53:13:61:63:10:c2:3c:0d" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:25.118244000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494365.118244000", - "frame.time_delta": "0.060250000", - "frame.time_delta_displayed": "0.060250000", - "frame.time_relative": "773.657558000", - "frame.number": "2785", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c47", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003938", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "4656", - "tcp.ack": "22109", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00007207", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9d:ee:db:00:25:df:1e", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812145371, TSecr 2481950": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812145371", - "tcp.options.timestamp.tsecr": "2481950" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2784", - "tcp.analysis.ack_rtt": "0.060250000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:25.360531000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494365.360531000", - "frame.time_delta": "0.242287000", - "frame.time_delta_displayed": "0.242287000", - "frame.time_relative": "773.899845000", - "frame.number": "2786", - "frame.len": "82", - "frame.cap_len": "82", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "68", - "ip.id": "0x00000aba", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ee06", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "48", - "udp.checksum": "0x00006f24", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "28:00:00:54:42:52:4b:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:00:44:fc:8a:7f:20:cd:f2:14:96:01:00:00:54:0b:00:00", - "data.len": "40" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:26.167932000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494366.167932000", - "frame.time_delta": "0.807401000", - "frame.time_delta_displayed": "0.807401000", - "frame.time_relative": "774.707246000", - "frame.number": "2787", - "frame.len": "354", - "frame.cap_len": "354", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "340", - "ip.id": "0x00002c48", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003817", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "288", - "tcp.seq": "4656", - "tcp.nxtseq": "4944", - "tcp.ack": "22109", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000b0b7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9d:ef:cf:00:25:df:1e", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812145615, TSecr 2481950": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812145615", - "tcp.options.timestamp.tsecr": "2481950" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "288", - "tcp.analysis.push_bytes_sent": "288" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "283", - "ssl.app_data": "34:cd:34:17:47:48:0e:56:09:18:62:89:0a:ab:80:ff:c5:4c:de:04:2b:11:70:99:db:96:5c:69:08:21:de:28:dd:bf:6a:15:43:91:60:19:58:74:57:83:7b:f0:ab:b5:e5:e7:85:4e:45:50:f5:c4:e6:35:d0:21:27:fd:19:02:71:0c:ff:12:cd:21:eb:0e:16:e4:bb:b5:12:31:ea:d2:dc:18:9f:e2:6b:89:00:69:51:fe:9d:cc:16:ff:cc:68:3d:54:72:67:17:15:45:7e:b1:ba:0c:27:30:f4:ff:db:98:ed:4c:13:64:ac:00:38:90:46:f3:ae:c6:3e:bc:02:f2:96:4e:82:21:96:e9:4c:f5:ce:92:cb:47:ca:10:26:7b:53:62:c0:d9:04:00:8f:d3:36:72:36:2c:b4:c0:08:48:4f:7d:2e:7a:39:ba:d3:e5:92:85:1b:d4:e9:e2:59:e7:7c:1a:f1:c0:e1:62:25:16:e1:c0:4f:74:a0:29:01:fa:7a:08:9f:96:2e:80:c8:85:57:2c:f8:9e:bb:8d:86:f6:23:49:e7:4b:e4:e0:e6:d7:09:6e:5e:19:84:82:c0:9b:5d:94:8a:6a:b5:2b:39:c9:2c:17:a8:c9:38:b4:ff:88:c8:2b:24:10:a1:00:61:2c:cb:89:01:06:7e:0f:f0:6a:fd:4b:08:a8:35:d3:e5:99:85:8e:0b:e8:b5:21:95:78:29:bf:ea:5c:6b:45:b1:77:08:3e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:26.188461000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494366.188461000", - "frame.time_delta": "0.020529000", - "frame.time_delta_displayed": "0.020529000", - "frame.time_relative": "774.727775000", - "frame.number": "2788", - "frame.len": "119", - "frame.cap_len": "119", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "105", - "ip.id": "0x00009556", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000077f4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "53", - "tcp.seq": "22109", - "tcp.nxtseq": "22162", - "tcp.ack": "4944", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000b518", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:df:8f:a7:9d:ef:cf", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2482063, TSecr 2812145615": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2482063", - "tcp.options.timestamp.tsecr": "2812145615" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2787", - "tcp.analysis.ack_rtt": "0.020529000", - "tcp.analysis.bytes_in_flight": "53", - "tcp.analysis.push_bytes_sent": "53" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "48", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:f5:64:ce:cf:89:e7:87:37:d5:cf:d9:d3:f2:46:ab:8e:39:5d:9f:49:fe:ed:9f:9c:54:5d:4b:43:7b:f5:df:58:f2:99:bc:f4:25:f3:49:ae:ff" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:26.250812000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494366.250812000", - "frame.time_delta": "0.062351000", - "frame.time_delta_displayed": "0.062351000", - "frame.time_relative": "774.790126000", - "frame.number": "2789", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c49", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003936", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "4944", - "tcp.ack": "22162", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00006f26", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9d:ef:f6:00:25:df:8f", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812145654, TSecr 2482063": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812145654", - "tcp.options.timestamp.tsecr": "2482063" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2788", - "tcp.analysis.ack_rtt": "0.062351000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:26.251317000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494366.251317000", - "frame.time_delta": "0.000505000", - "frame.time_delta_displayed": "0.000505000", - "frame.time_relative": "774.790631000", - "frame.number": "2790", - "frame.len": "765", - "frame.cap_len": "765", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "751", - "ip.id": "0x00009557", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000756d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "699", - "tcp.seq": "22162", - "tcp.nxtseq": "22861", - "tcp.ack": "4944", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000bff0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:df:95:a7:9d:ef:f6", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2482069, TSecr 2812145654": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2482069", - "tcp.options.timestamp.tsecr": "2812145654" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "699", - "tcp.analysis.push_bytes_sent": "699" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:f6:2f:b5:10:60:e7:08:a8:2d:10:b3:e9:63:72:a7:7a:39:4d:02:c9:69:b2:11:bd:b3:3b:ab:1e:7d:1d:64:f5:50:7e:cd:53:36:35:36:5c:c3:3f" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "96", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:f7:9e:c6:f8:ed:b9:b5:0b:9e:02:fa:47:79:b7:85:bd:96:e5:19:52:55:bc:04:49:83:3f:23:d0:52:b1:70:58:3c:7d:56:27:7f:d7:53:49:b2:72:5d:6c:45:03:70:d0:50:01:63:f3:af:5c:1c:11:29:2b:d3:e3:5c:e0:34:fe:db:d2:b2:91:56:f4:fa:d5:62:27:52:2b:9a:2d:60:47:07:d2:e6:50:92:ca:c8:3d:98" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "539", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:f8:0c:5e:1b:87:df:d2:f1:07:df:a5:79:d3:e5:c0:93:79:e7:84:b0:e1:95:d3:ed:a1:85:b2:05:74:14:e3:5d:cf:28:d0:28:49:71:a5:6c:ce:52:ad:7e:4f:a8:5a:30:c3:a1:f8:8f:d2:07:63:42:ca:3c:67:b1:79:67:78:18:7a:ac:b3:e1:2b:26:27:25:f7:8e:bf:7e:6b:46:96:cc:43:0d:24:5d:06:30:ad:9f:35:4a:e0:3d:97:17:0d:11:cb:92:77:1f:5b:c9:a8:08:0e:81:06:18:73:ae:c6:5f:07:3f:23:b5:b2:d5:26:4a:38:ab:58:36:a6:be:37:63:e9:fd:10:1b:75:eb:02:4a:65:b1:70:36:ad:06:c3:31:2a:c2:c0:af:28:ff:3f:0f:dd:c8:49:72:50:8b:cb:14:4c:14:61:81:3c:8b:0f:58:6f:07:12:27:79:98:4f:6a:c9:d9:5b:78:8f:f6:25:d9:2e:5d:da:a1:e1:ff:df:a9:0e:51:ed:23:c4:01:70:ea:17:ae:80:d5:a1:bc:30:52:63:c4:93:f0:17:4e:31:95:b2:d1:a2:0b:5d:d8:7c:25:81:4d:50:13:25:9b:1a:68:3a:b9:49:1b:08:52:d8:39:24:f9:23:36:83:7d:41:c9:cc:a4:eb:35:22:b9:ac:5c:70:5e:3d:25:43:1f:59:ab:2c:8b:09:c1:55:ab:4a:06:a2:5b:59:1d:25:27:9d:67:79:3f:58:3c:0d:83:b9:f0:8e:f5:74:44:71:72:a1:a8:91:bc:06:5d:57:e3:28:fe:fc:8c:fd:41:99:33:9f:8d:79:fb:8c:41:9c:eb:8b:a5:c2:17:f8:98:7f:44:9e:0d:f8:73:4c:d3:91:56:45:3d:b6:db:e5:87:5c:25:85:e1:5f:cf:ab:98:11:d1:0b:1d:30:98:be:e1:fb:7b:cd:3b:9b:0f:5f:2e:4e:24:f2:a8:43:3d:56:eb:82:18:6c:96:01:7a:b9:09:83:c1:cb:e0:c9:4a:d7:4c:eb:f7:18:c5:24:b5:30:5c:4e:41:07:23:43:a5:fc:28:b2:5f:e7:4f:d9:5f:cd:b1:dc:e2:0a:e7:ea:f8:69:0a:1f:86:7d:90:60:8d:44:1b:77:c7:88:7d:95:3e:47:05:d1:3c:b6:5e:13:ce:b5:cd:6f:8f:4a:e3:49:73:0d:d3:13:34:95:83:b9:1b:9f:9e:be:8b:72:f2:d4:76:e5:66:7d:f9:6f:24:e8:37:c6:7e:e9:6a:20:02:35:f6:b4:fa:75:fb:3e:5d:83:e2:73:99:18:69:53:90:d1:cb:0d:2f:46:a9:79:d7:bb:61:c2:ec:ec:e4:14:43:08:1f:07:1f:f2:a4:b2:50:5b:9a:7a:fe:ec:69:09:24:b3:18:86:ee" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:26.311618000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494366.311618000", - "frame.time_delta": "0.060301000", - "frame.time_delta_displayed": "0.060301000", - "frame.time_relative": "774.850932000", - "frame.number": "2791", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c4a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003935", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "4944", - "tcp.ack": "22861", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00006c55", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9d:f0:06:00:25:df:95", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812145670, TSecr 2482069": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812145670", - "tcp.options.timestamp.tsecr": "2482069" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2790", - "tcp.analysis.ack_rtt": "0.060301000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:26.587635000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494366.587635000", - "frame.time_delta": "0.276017000", - "frame.time_delta_displayed": "0.276017000", - "frame.time_relative": "775.126949000", - "frame.number": "2792", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "106", - "ip.id": "0x00009558", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000077f1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "54", - "tcp.seq": "22861", - "tcp.nxtseq": "22915", - "tcp.ack": "4944", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000b2b3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:df:b7:a7:9d:f0:06", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2482103, TSecr 2812145670": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2482103", - "tcp.options.timestamp.tsecr": "2812145670" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "54", - "tcp.analysis.push_bytes_sent": "54" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:f9:ff:18:0e:9e:f3:16:42:5e:ea:f6:aa:fb:9a:7f:bb:02:da:3a:d1:8b:1a:9d:c6:92:0d:51:be:1e:89:2f:f6:81:9c:ac:74:2e:72:31:9e:f2:0a" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:26.648123000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494366.648123000", - "frame.time_delta": "0.060488000", - "frame.time_delta_displayed": "0.060488000", - "frame.time_relative": "775.187437000", - "frame.number": "2793", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c4b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003934", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "4944", - "tcp.ack": "22915", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00006ba9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9d:f0:5a:00:25:df:b7", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812145754, TSecr 2482103": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812145754", - "tcp.options.timestamp.tsecr": "2482103" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2792", - "tcp.analysis.ack_rtt": "0.060488000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:27.678085000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494367.678085000", - "frame.time_delta": "1.029962000", - "frame.time_delta_displayed": "1.029962000", - "frame.time_relative": "776.217399000", - "frame.number": "2794", - "frame.len": "353", - "frame.cap_len": "353", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "339", - "ip.id": "0x00002c4c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003814", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "287", - "tcp.seq": "4944", - "tcp.nxtseq": "5231", - "tcp.ack": "22915", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00001439", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9d:f1:5b:00:25:df:b7", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812146011, TSecr 2482103": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812146011", - "tcp.options.timestamp.tsecr": "2482103" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "287", - "tcp.analysis.push_bytes_sent": "287" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "282", - "ssl.app_data": "34:cd:34:17:47:48:0e:57:d1:7a:de:4d:d1:77:1f:ca:23:f8:a6:8d:15:8b:9c:69:d8:e9:12:78:29:23:53:b5:a0:28:f8:9f:1f:09:79:5c:a7:f0:7c:db:73:93:cc:71:4e:d4:77:9a:58:de:6e:a2:a4:69:e6:2f:98:1b:84:22:fa:31:66:a2:9d:7c:74:e9:3e:30:76:ae:e2:c8:6c:0b:21:7d:52:ae:d9:b1:0b:61:75:3f:98:fd:9d:90:3e:d0:4b:dc:00:c0:a1:a1:43:be:ca:e6:6a:30:a1:7a:06:b6:14:32:3e:eb:82:90:ce:39:3d:b2:43:31:e3:f2:07:14:56:2b:f5:9e:02:12:df:b2:64:cc:7e:bc:3b:8e:52:d3:c4:b3:3b:87:01:39:dd:21:6b:d9:fa:da:6e:4a:b1:3a:39:32:7f:22:6b:f3:df:0b:85:0f:95:b6:9b:f5:8d:22:95:b6:2a:84:f3:19:10:1d:97:cf:af:1a:92:91:ca:92:34:06:60:eb:8b:2b:68:bc:b7:bd:87:79:cc:83:22:b3:cc:6a:3c:2c:4b:09:e7:dc:31:a3:50:4b:dd:e2:2f:9f:80:16:66:b9:81:ab:59:c2:6c:d6:3d:bb:bd:23:36:74:4b:e6:5a:b4:92:e8:93:cb:bf:21:89:b4:a3:ae:4f:a9:59:99:b6:c2:e1:fb:7f:1d:55:59:92:77:a4:3f:c0:28:55:2b:b8:ca:26:f2:0a:74:bf:16" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:27.699465000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494367.699465000", - "frame.time_delta": "0.021380000", - "frame.time_delta_displayed": "0.021380000", - "frame.time_relative": "776.238779000", - "frame.number": "2795", - "frame.len": "119", - "frame.cap_len": "119", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "105", - "ip.id": "0x00009559", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000077f1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "53", - "tcp.seq": "22915", - "tcp.nxtseq": "22968", - "tcp.ack": "5231", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f9f0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:e0:26:a7:9d:f1:5b", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2482214, TSecr 2812146011": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2482214", - "tcp.options.timestamp.tsecr": "2812146011" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2794", - "tcp.analysis.ack_rtt": "0.021380000", - "tcp.analysis.bytes_in_flight": "53", - "tcp.analysis.push_bytes_sent": "53" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "48", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:fa:d1:fa:81:8e:e2:1e:02:fe:4f:c0:a5:17:7c:a3:1b:73:16:b6:08:ec:05:fe:8e:df:ca:0b:ad:f6:b8:53:dd:6d:7e:cd:36:c8:8f:a9:10:56" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:27.761328000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494367.761328000", - "frame.time_delta": "0.061863000", - "frame.time_delta_displayed": "0.061863000", - "frame.time_relative": "776.300642000", - "frame.number": "2796", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c4d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003932", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "5231", - "tcp.ack": "22968", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000068d0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9d:f1:70:00:25:e0:26", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812146032, TSecr 2482214": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812146032", - "tcp.options.timestamp.tsecr": "2482214" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2795", - "tcp.analysis.ack_rtt": "0.061863000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:27.761878000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494367.761878000", - "frame.time_delta": "0.000550000", - "frame.time_delta_displayed": "0.000550000", - "frame.time_relative": "776.301192000", - "frame.number": "2797", - "frame.len": "764", - "frame.cap_len": "764", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "750", - "ip.id": "0x0000955a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000756b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "698", - "tcp.seq": "22968", - "tcp.nxtseq": "23666", - "tcp.ack": "5231", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000739f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:e0:2c:a7:9d:f1:70", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2482220, TSecr 2812146032": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2482220", - "tcp.options.timestamp.tsecr": "2812146032" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "698", - "tcp.analysis.push_bytes_sent": "698" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:fb:11:da:f3:ae:d4:30:e3:7a:68:9d:c5:e8:c0:69:1c:78:7e:2a:43:b6:c4:0f:ce:0d:bf:de:3e:eb:a5:18:12:8b:bf:9f:fa:e5:33:a6:01:9a:94" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "96", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:fc:42:b6:e3:c0:3e:02:29:eb:2d:6a:ff:99:99:b5:fc:0b:7c:0a:85:1e:d4:aa:50:94:d2:6e:31:1e:65:a2:84:30:e9:e7:ef:a7:1a:91:cf:f3:1b:ee:0e:35:c9:85:c6:fd:e5:1f:4e:91:2a:d2:de:c8:83:c2:e3:35:20:ed:15:91:f9:f0:db:76:0b:c7:30:00:6a:36:39:84:e5:a2:e1:94:f9:96:21:e1:93:d5:7c:00" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "538", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:fd:48:e2:a0:e7:d6:91:91:2d:12:13:da:a7:20:e9:d1:06:b6:f6:58:cd:a6:02:41:31:ea:94:d2:13:4f:5e:c8:fd:45:83:d1:09:83:a9:f6:96:c7:fb:34:42:21:4b:d7:92:fe:51:6d:c8:62:08:08:2d:f0:ab:c2:85:09:b0:3a:1c:32:44:ed:8e:7f:5b:f0:de:11:92:22:60:37:01:df:e6:d8:b9:e7:43:e0:0b:27:1e:5b:9d:2e:1f:f4:40:04:0b:fc:7c:55:21:bb:94:4d:93:90:f9:b4:88:1d:b7:25:91:c2:18:47:5e:59:11:6f:4e:8f:c2:5c:e4:43:8b:51:58:e7:72:3b:68:73:64:6d:4b:8b:cd:0f:83:d5:35:86:21:64:0c:4c:f7:d0:83:2d:6b:f2:75:e1:c2:a7:37:f3:f7:1d:4b:20:bc:c5:2b:9a:47:5d:3b:ae:8c:9e:7c:7a:1f:ed:4a:9d:dd:af:c7:09:da:13:2e:df:84:a5:a4:6f:90:98:1f:c2:28:3e:b2:76:54:f5:f7:3f:e8:93:59:21:a5:5a:a5:3a:da:c2:89:1d:f6:2f:ab:d9:34:33:eb:eb:8a:20:21:9a:fb:90:d8:b6:70:c0:0c:c1:6e:44:a0:1e:fe:46:d2:66:23:72:4a:67:50:1e:a5:c0:22:33:b6:44:cd:7a:d5:9f:26:67:dc:20:42:f8:cf:19:00:7a:cd:3b:55:55:a6:8e:5a:43:65:29:0f:3e:b4:30:f6:c1:5e:e0:5f:60:76:ed:86:7b:4f:28:9c:ec:c4:9b:b7:66:c3:0b:54:80:e3:82:15:88:a1:33:40:43:75:3a:38:23:fa:94:e1:bb:f7:21:15:c1:c1:c6:31:17:ac:73:35:34:20:7d:5d:eb:d5:67:c6:21:88:c4:7c:dd:50:7b:04:82:90:2c:cf:78:71:08:06:6f:d4:1f:91:6c:16:ad:e6:80:d6:71:3d:e8:e7:cd:46:49:43:69:e2:0f:83:15:63:b4:af:9f:a5:b3:a3:e5:13:7a:3d:b3:ee:f7:36:00:71:3f:ad:1d:48:48:1d:1c:2b:2f:c9:0a:d9:df:9f:22:06:8b:d6:b5:5a:3b:d9:66:50:d3:62:99:1a:4a:bc:19:71:0b:47:89:da:37:4f:64:d4:f2:5f:cd:ca:1f:83:d2:dc:d3:f1:ab:4e:e4:10:0e:7b:51:2f:c7:ca:f8:6a:0b:b0:3d:dd:53:7f:5e:3e:e5:d2:d8:92:50:eb:23:9b:4d:a4:9c:78:1e:97:16:97:11:5c:36:c8:0c:7b:8f:7f:39:3f:77:f6:98:43:f5:f3:72:e0:84:e8:a9:c6:6a:b4:ad:4d:cb:64:bf:ae:21:8e:d2:50:2d:64:bd:8c:57:b0:fe:43:5d:2a:21:2d:ed:35" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:27.823250000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494367.823250000", - "frame.time_delta": "0.061372000", - "frame.time_delta_displayed": "0.061372000", - "frame.time_relative": "776.362564000", - "frame.number": "2798", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c4e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003931", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "5231", - "tcp.ack": "23666", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00006601", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9d:f1:7f:00:25:e0:2c", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812146047, TSecr 2482220": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812146047", - "tcp.options.timestamp.tsecr": "2482220" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2797", - "tcp.analysis.ack_rtt": "0.061372000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:28.097645000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494368.097645000", - "frame.time_delta": "0.274395000", - "frame.time_delta_displayed": "0.274395000", - "frame.time_relative": "776.636959000", - "frame.number": "2799", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "106", - "ip.id": "0x0000955b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000077ee", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "54", - "tcp.seq": "23666", - "tcp.nxtseq": "23720", - "tcp.ack": "5231", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000bbb6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:e0:4e:a7:9d:f1:7f", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2482254, TSecr 2812146047": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2482254", - "tcp.options.timestamp.tsecr": "2812146047" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "54", - "tcp.analysis.push_bytes_sent": "54" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:fe:37:a0:81:80:3d:1c:ce:8d:d2:88:b9:9c:09:4a:a9:62:76:50:da:7e:29:4e:7b:0b:d9:7c:b6:eb:ac:5f:f7:5a:0d:62:d4:5d:04:e9:4c:11:7c" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:28.157818000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494368.157818000", - "frame.time_delta": "0.060173000", - "frame.time_delta_displayed": "0.060173000", - "frame.time_relative": "776.697132000", - "frame.number": "2800", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c4f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003930", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "5231", - "tcp.ack": "23720", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00006555", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9d:f1:d3:00:25:e0:4e", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812146131, TSecr 2482254": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812146131", - "tcp.options.timestamp.tsecr": "2482254" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2799", - "tcp.analysis.ack_rtt": "0.060173000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:28.852488000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494368.852488000", - "frame.time_delta": "0.694670000", - "frame.time_delta_displayed": "0.694670000", - "frame.time_relative": "777.391802000", - "frame.number": "2801", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "3c:ef:8c:6f:79:5a", - "eth.src_tree": { - "eth.src_resolved": "Zhejiang_6f:79:5a", - "eth.addr": "3c:ef:8c:6f:79:5a", - "eth.addr_resolved": "Zhejiang_6f:79:5a", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.isgratuitous": "1", - "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", - "arp.src.proto_ipv4": "192.168.0.71", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.71" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:28.944945000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494368.944945000", - "frame.time_delta": "0.092457000", - "frame.time_delta_displayed": "0.092457000", - "frame.time_relative": "777.484259000", - "frame.number": "2802", - "frame.len": "136", - "frame.cap_len": "136", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "122", - "ip.id": "0x000053f3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00008566", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "102", - "udp.checksum": "0x0000302a", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000003", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", - "dns.qry.name.len": "70", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:29.561908000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494369.561908000", - "frame.time_delta": "0.616963000", - "frame.time_delta_displayed": "0.616963000", - "frame.time_relative": "778.101222000", - "frame.number": "2803", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "3c:ef:8c:6f:79:5a", - "eth.src_tree": { - "eth.src_resolved": "Zhejiang_6f:79:5a", - "eth.addr": "3c:ef:8c:6f:79:5a", - "eth.addr_resolved": "Zhejiang_6f:79:5a", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.isgratuitous": "1", - "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", - "arp.src.proto_ipv4": "192.168.0.71", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.71" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:30.439121000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494370.439121000", - "frame.time_delta": "0.877213000", - "frame.time_delta_displayed": "0.877213000", - "frame.time_relative": "778.978435000", - "frame.number": "2804", - "frame.len": "168", - "frame.cap_len": "168", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "154", - "ip.id": "0x000020ec", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e758", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "52117", - "udp.dstport": "1900", - "udp.port": "52117", - "udp.port": "1900", - "udp.length": "134", - "udp.checksum": "0x00004d48", - "udp.checksum.status": "2", - "udp.stream": "10" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "7", - "http.prev_request_in": "2255" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:30.901748000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494370.901748000", - "frame.time_delta": "0.462627000", - "frame.time_delta_displayed": "0.462627000", - "frame.time_relative": "779.441062000", - "frame.number": "2805", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00007b0b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003c40", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "305", - "udp.checksum": "0x0000f985", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "37", - "http.prev_response_in": "2317" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:30.905668000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494370.905668000", - "frame.time_delta": "0.003920000", - "frame.time_delta_displayed": "0.003920000", - "frame.time_relative": "779.444982000", - "frame.number": "2806", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x000019bb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005eac", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54588", - "tcp.dstport": "80", - "tcp.port": "54588", - "tcp.port": "80", - "tcp.stream": "123", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x00005cf8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:30.906207000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494370.906207000", - "frame.time_delta": "0.000539000", - "frame.time_delta_displayed": "0.000539000", - "frame.time_relative": "779.445521000", - "frame.number": "2807", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54588", - "tcp.port": "80", - "tcp.port": "54588", - "tcp.stream": "123", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x000023a1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2806", - "tcp.analysis.ack_rtt": "0.000539000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:30.908577000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494370.908577000", - "frame.time_delta": "0.002370000", - "frame.time_delta_displayed": "0.002370000", - "frame.time_relative": "779.447891000", - "frame.number": "2808", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000019bc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005eb7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54588", - "tcp.dstport": "80", - "tcp.port": "54588", - "tcp.port": "80", - "tcp.stream": "123", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000d57f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2807", - "tcp.analysis.ack_rtt": "0.002370000", - "tcp.analysis.initial_rtt": "0.002909000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:30.909197000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494370.909197000", - "frame.time_delta": "0.000620000", - "frame.time_delta_displayed": "0.000620000", - "frame.time_relative": "779.448511000", - "frame.number": "2809", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x000019bd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005e0f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54588", - "tcp.dstport": "80", - "tcp.port": "54588", - "tcp.port": "80", - "tcp.stream": "123", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000eaf8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002909000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:30.909688000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494370.909688000", - "frame.time_delta": "0.000491000", - "frame.time_delta_displayed": "0.000491000", - "frame.time_relative": "779.449002000", - "frame.number": "2810", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000ccf2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000eb80", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54588", - "tcp.port": "80", - "tcp.port": "54588", - "tcp.stream": "123", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000c710", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2809", - "tcp.analysis.ack_rtt": "0.000491000", - "tcp.analysis.initial_rtt": "0.002909000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:30.910317000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494370.910317000", - "frame.time_delta": "0.000629000", - "frame.time_delta_displayed": "0.000629000", - "frame.time_relative": "779.449631000", - "frame.number": "2811", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000ccf3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000eb6e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54588", - "tcp.port": "80", - "tcp.port": "54588", - "tcp.stream": "123", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00000732", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002909000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:30.910660000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494370.910660000", - "frame.time_delta": "0.000343000", - "frame.time_delta_displayed": "0.000343000", - "frame.time_relative": "779.449974000", - "frame.number": "2812", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000ccf4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e79b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54588", - "tcp.port": "80", - "tcp.port": "54588", - "tcp.stream": "123", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000599b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002909000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "2811", - "tcp.segment": "2812", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001463000", - "http.request_in": "2809", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:30.915045000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494370.915045000", - "frame.time_delta": "0.004385000", - "frame.time_delta_displayed": "0.004385000", - "frame.time_relative": "779.454359000", - "frame.number": "2813", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000019be", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005eb5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54588", - "tcp.dstport": "80", - "tcp.port": "54588", - "tcp.port": "80", - "tcp.stream": "123", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000d0e7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2812", - "tcp.analysis.ack_rtt": "0.004385000", - "tcp.analysis.initial_rtt": "0.002909000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:30.916174000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494370.916174000", - "frame.time_delta": "0.001129000", - "frame.time_delta_displayed": "0.001129000", - "frame.time_relative": "779.455488000", - "frame.number": "2814", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000019bf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005eb4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54588", - "tcp.dstport": "80", - "tcp.port": "54588", - "tcp.port": "80", - "tcp.stream": "123", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000d0e6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:30.916620000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494370.916620000", - "frame.time_delta": "0.000446000", - "frame.time_delta_displayed": "0.000446000", - "frame.time_relative": "779.455934000", - "frame.number": "2815", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002534", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000933f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54588", - "tcp.port": "80", - "tcp.port": "54588", - "tcp.stream": "123", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000c31a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2814", - "tcp.analysis.ack_rtt": "0.000446000", - "tcp.analysis.initial_rtt": "0.002909000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:30.954612000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494370.954612000", - "frame.time_delta": "0.037992000", - "frame.time_delta_displayed": "0.037992000", - "frame.time_relative": "779.493926000", - "frame.number": "2816", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00007b0e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003c34", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "314", - "udp.checksum": "0x00000771", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "38", - "http.prev_response_in": "2805" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:30.966250000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494370.966250000", - "frame.time_delta": "0.011638000", - "frame.time_delta_displayed": "0.011638000", - "frame.time_relative": "779.505564000", - "frame.number": "2817", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x000019c0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005ea7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54589", - "tcp.dstport": "80", - "tcp.port": "54589", - "tcp.port": "80", - "tcp.stream": "124", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x00008f55", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:30.966798000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494370.966798000", - "frame.time_delta": "0.000548000", - "frame.time_delta_displayed": "0.000548000", - "frame.time_relative": "779.506112000", - "frame.number": "2818", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54589", - "tcp.port": "80", - "tcp.port": "54589", - "tcp.stream": "124", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x000097ff", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2817", - "tcp.analysis.ack_rtt": "0.000548000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:30.969029000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494370.969029000", - "frame.time_delta": "0.002231000", - "frame.time_delta_displayed": "0.002231000", - "frame.time_relative": "779.508343000", - "frame.number": "2819", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000019c1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005eb2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54589", - "tcp.dstport": "80", - "tcp.port": "54589", - "tcp.port": "80", - "tcp.stream": "124", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000049de", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2818", - "tcp.analysis.ack_rtt": "0.002231000", - "tcp.analysis.initial_rtt": "0.002779000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:30.969694000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494370.969694000", - "frame.time_delta": "0.000665000", - "frame.time_delta_displayed": "0.000665000", - "frame.time_relative": "779.509008000", - "frame.number": "2820", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x000019c2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005e0a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54589", - "tcp.dstport": "80", - "tcp.port": "54589", - "tcp.port": "80", - "tcp.stream": "124", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00005f57", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002779000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:30.970220000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494370.970220000", - "frame.time_delta": "0.000526000", - "frame.time_delta_displayed": "0.000526000", - "frame.time_relative": "779.509534000", - "frame.number": "2821", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000c4ef", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f383", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54589", - "tcp.port": "80", - "tcp.port": "54589", - "tcp.stream": "124", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00003b6f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2820", - "tcp.analysis.ack_rtt": "0.000526000", - "tcp.analysis.initial_rtt": "0.002779000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:30.970862000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494370.970862000", - "frame.time_delta": "0.000642000", - "frame.time_delta_displayed": "0.000642000", - "frame.time_relative": "779.510176000", - "frame.number": "2822", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000c4f0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f371", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54589", - "tcp.port": "80", - "tcp.port": "54589", - "tcp.stream": "124", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00007b90", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002779000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:30.971215000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494370.971215000", - "frame.time_delta": "0.000353000", - "frame.time_delta_displayed": "0.000353000", - "frame.time_relative": "779.510529000", - "frame.number": "2823", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000c4f1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ef9e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54589", - "tcp.port": "80", - "tcp.port": "54589", - "tcp.stream": "124", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000cdf9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002779000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "2822", - "tcp.segment": "2823", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001521000", - "http.request_in": "2820", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:30.974199000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494370.974199000", - "frame.time_delta": "0.002984000", - "frame.time_delta_displayed": "0.002984000", - "frame.time_relative": "779.513513000", - "frame.number": "2824", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000019c3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005eb0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54589", - "tcp.dstport": "80", - "tcp.port": "54589", - "tcp.port": "80", - "tcp.stream": "124", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00004546", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2823", - "tcp.analysis.ack_rtt": "0.002984000", - "tcp.analysis.initial_rtt": "0.002779000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:30.974890000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494370.974890000", - "frame.time_delta": "0.000691000", - "frame.time_delta_displayed": "0.000691000", - "frame.time_relative": "779.514204000", - "frame.number": "2825", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000019c4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005eaf", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54589", - "tcp.dstport": "80", - "tcp.port": "54589", - "tcp.port": "80", - "tcp.stream": "124", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00004545", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:30.975339000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494370.975339000", - "frame.time_delta": "0.000449000", - "frame.time_delta_displayed": "0.000449000", - "frame.time_relative": "779.514653000", - "frame.number": "2826", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002539", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000933a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54589", - "tcp.port": "80", - "tcp.port": "54589", - "tcp.stream": "124", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00003779", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2825", - "tcp.analysis.ack_rtt": "0.000449000", - "tcp.analysis.initial_rtt": "0.002779000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:31.008411000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494371.008411000", - "frame.time_delta": "0.033072000", - "frame.time_delta_displayed": "0.033072000", - "frame.time_relative": "779.547725000", - "frame.number": "2827", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00007b10", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003c38", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "308", - "udp.checksum": "0x00002afb", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "39", - "http.prev_response_in": "2816" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:31.025183000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494371.025183000", - "frame.time_delta": "0.016772000", - "frame.time_delta_displayed": "0.016772000", - "frame.time_relative": "779.564497000", - "frame.number": "2828", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x000019c5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005ea2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54590", - "tcp.dstport": "80", - "tcp.port": "54590", - "tcp.port": "80", - "tcp.stream": "125", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x000085f9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:31.025741000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494371.025741000", - "frame.time_delta": "0.000558000", - "frame.time_delta_displayed": "0.000558000", - "frame.time_relative": "779.565055000", - "frame.number": "2829", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54590", - "tcp.port": "80", - "tcp.port": "54590", - "tcp.stream": "125", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000d56e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2828", - "tcp.analysis.ack_rtt": "0.000558000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:31.028604000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494371.028604000", - "frame.time_delta": "0.002863000", - "frame.time_delta_displayed": "0.002863000", - "frame.time_relative": "779.567918000", - "frame.number": "2830", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000019c6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005ead", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54590", - "tcp.dstport": "80", - "tcp.port": "54590", - "tcp.port": "80", - "tcp.stream": "125", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000874d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2829", - "tcp.analysis.ack_rtt": "0.002863000", - "tcp.analysis.initial_rtt": "0.003421000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:31.029263000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494371.029263000", - "frame.time_delta": "0.000659000", - "frame.time_delta_displayed": "0.000659000", - "frame.time_relative": "779.568577000", - "frame.number": "2831", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x000019c7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005e05", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54590", - "tcp.dstport": "80", - "tcp.port": "54590", - "tcp.port": "80", - "tcp.stream": "125", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00009cc6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003421000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:31.029783000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494371.029783000", - "frame.time_delta": "0.000520000", - "frame.time_delta_displayed": "0.000520000", - "frame.time_relative": "779.569097000", - "frame.number": "2832", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000cff5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54590", - "tcp.port": "80", - "tcp.port": "54590", - "tcp.stream": "125", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000078de", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2831", - "tcp.analysis.ack_rtt": "0.000520000", - "tcp.analysis.initial_rtt": "0.003421000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:31.030403000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494371.030403000", - "frame.time_delta": "0.000620000", - "frame.time_delta_displayed": "0.000620000", - "frame.time_relative": "779.569717000", - "frame.number": "2833", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000cff6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e86b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54590", - "tcp.port": "80", - "tcp.port": "54590", - "tcp.stream": "125", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000b8ff", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003421000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:31.030749000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494371.030749000", - "frame.time_delta": "0.000346000", - "frame.time_delta_displayed": "0.000346000", - "frame.time_relative": "779.570063000", - "frame.number": "2834", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000cff7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e498", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54590", - "tcp.port": "80", - "tcp.port": "54590", - "tcp.stream": "125", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00000b69", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003421000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "2833", - "tcp.segment": "2834", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001486000", - "http.request_in": "2831", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:31.032841000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494371.032841000", - "frame.time_delta": "0.002092000", - "frame.time_delta_displayed": "0.002092000", - "frame.time_relative": "779.572155000", - "frame.number": "2835", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000019c8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005eab", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54590", - "tcp.dstport": "80", - "tcp.port": "54590", - "tcp.port": "80", - "tcp.stream": "125", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000082b5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2834", - "tcp.analysis.ack_rtt": "0.002092000", - "tcp.analysis.initial_rtt": "0.003421000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:31.033399000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494371.033399000", - "frame.time_delta": "0.000558000", - "frame.time_delta_displayed": "0.000558000", - "frame.time_relative": "779.572713000", - "frame.number": "2836", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000019c9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005eaa", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54590", - "tcp.dstport": "80", - "tcp.port": "54590", - "tcp.port": "80", - "tcp.stream": "125", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000082b4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:31.033843000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494371.033843000", - "frame.time_delta": "0.000444000", - "frame.time_delta_displayed": "0.000444000", - "frame.time_relative": "779.573157000", - "frame.number": "2837", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000253b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009338", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54590", - "tcp.port": "80", - "tcp.port": "54590", - "tcp.stream": "125", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000074e8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2836", - "tcp.analysis.ack_rtt": "0.000444000", - "tcp.analysis.initial_rtt": "0.003421000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:31.190165000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494371.190165000", - "frame.time_delta": "0.156322000", - "frame.time_delta_displayed": "0.156322000", - "frame.time_relative": "779.729479000", - "frame.number": "2838", - "frame.len": "418", - "frame.cap_len": "418", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "404", - "ip.id": "0x0000955c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000076c3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "352", - "tcp.seq": "23720", - "tcp.nxtseq": "24072", - "tcp.ack": "5231", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00006658", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:e1:83:a7:9d:f1:d3", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2482563, TSecr 2812146131": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2482563", - "tcp.options.timestamp.tsecr": "2812146131" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "352", - "tcp.analysis.push_bytes_sent": "352" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "347", - "ssl.app_data": "13:6b:24:d2:9f:7e:44:ff:29:be:fa:62:ea:10:71:16:10:5f:35:db:c2:f9:88:b7:ac:84:93:66:ae:10:76:4d:4b:27:d1:60:9c:76:b1:76:0e:45:a3:82:5b:7f:cf:04:74:9a:76:e2:48:6e:b0:9f:8b:f0:16:0e:d9:88:3e:84:cf:cf:ed:d8:0d:48:b5:7d:8e:94:4d:2e:bb:02:c6:64:d6:48:27:4e:cd:23:1e:63:db:6a:64:65:f0:50:78:7d:71:68:be:f4:27:a6:84:c9:11:57:0b:33:ae:71:5e:32:78:ac:9c:0b:7a:2e:2a:8f:6e:61:9e:8b:0a:54:95:28:d0:ba:c2:33:80:06:5e:d9:97:9f:c7:dc:7d:cf:b0:a4:d0:14:fd:c3:f3:18:67:c4:fd:83:0e:4a:41:4f:2d:64:56:4b:b2:35:09:ba:bd:87:99:31:0f:96:00:1b:cf:c8:7c:94:8f:8f:3b:38:93:47:13:2f:7e:38:50:27:a4:b9:fb:3e:fe:95:4e:ac:60:1d:d7:aa:68:83:ab:f3:02:79:a9:d7:af:c9:d7:4a:b8:6c:bf:ae:81:a9:fc:5c:7a:3b:72:69:e1:13:67:32:15:be:e4:05:42:b7:63:04:fc:d6:a2:78:df:42:95:9f:ac:66:e5:87:01:f1:b4:76:55:7e:cf:9b:a7:01:c8:b6:69:d1:f4:56:2a:4c:82:d1:12:92:1d:f5:5c:76:ff:3a:a1:c6:81:ae:1e:e0:9e:17:4c:2a:1a:67:92:98:61:3d:6a:a6:33:70:e1:23:6e:80:d2:01:6a:d6:67:9a:bd:3c:11:6f:a5:4a:d6:82:c6:50:90:61:4a:ef:7d:d1:ae:f6:fa:91:00:23:84:08:81:85:f3:e5:73:7a:ee:70:27:c2:d5:ee:8f:3d:e9" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:31.250502000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494371.250502000", - "frame.time_delta": "0.060337000", - "frame.time_delta_displayed": "0.060337000", - "frame.time_relative": "779.789816000", - "frame.number": "2839", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c50", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000392f", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "5231", - "tcp.ack": "24072", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00005fba", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9d:f4:d9:00:25:e1:83", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812146905, TSecr 2482563": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812146905", - "tcp.options.timestamp.tsecr": "2482563" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2838", - "tcp.analysis.ack_rtt": "0.060337000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:31.254376000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494371.254376000", - "frame.time_delta": "0.003874000", - "frame.time_delta_displayed": "0.003874000", - "frame.time_relative": "779.793690000", - "frame.number": "2840", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002c51", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038ff", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "5231", - "tcp.nxtseq": "5278", - "tcp.ack": "24072", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00000573", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9d:f4:da:00:25:e1:83", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812146906, TSecr 2482563": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812146906", - "tcp.options.timestamp.tsecr": "2482563" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:58:0a:d3:b3:f4:cd:22:42:ce:c4:da:8f:ec:08:bd:90:b2:3e:a5:32:8a:80:c3:ce:11:8b:f3:f6:6f:14:ca:ea:a2:4e:cc" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:31.286616000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494371.286616000", - "frame.time_delta": "0.032240000", - "frame.time_delta_displayed": "0.032240000", - "frame.time_relative": "779.825930000", - "frame.number": "2841", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000955d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007822", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "24072", - "tcp.ack": "5278", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00005e91", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:e1:8d:a7:9d:f4:da", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2482573, TSecr 2812146906": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2482573", - "tcp.options.timestamp.tsecr": "2812146906" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2840", - "tcp.analysis.ack_rtt": "0.032240000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:31.954980000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494371.954980000", - "frame.time_delta": "0.668364000", - "frame.time_delta_displayed": "0.668364000", - "frame.time_relative": "780.494294000", - "frame.number": "2842", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00007b42", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003c09", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "305", - "udp.checksum": "0x0000f985", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "40", - "http.prev_response_in": "2827" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:31.958840000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494371.958840000", - "frame.time_delta": "0.003860000", - "frame.time_delta_displayed": "0.003860000", - "frame.time_relative": "780.498154000", - "frame.number": "2843", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x000019cb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005e9c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54591", - "tcp.dstport": "80", - "tcp.port": "54591", - "tcp.port": "80", - "tcp.stream": "126", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x00000166", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:31.959379000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494371.959379000", - "frame.time_delta": "0.000539000", - "frame.time_delta_displayed": "0.000539000", - "frame.time_relative": "780.498693000", - "frame.number": "2844", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54591", - "tcp.port": "80", - "tcp.port": "54591", - "tcp.stream": "126", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00007cdd", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2843", - "tcp.analysis.ack_rtt": "0.000539000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:31.962478000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494371.962478000", - "frame.time_delta": "0.003099000", - "frame.time_delta_displayed": "0.003099000", - "frame.time_relative": "780.501792000", - "frame.number": "2845", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000019cc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005ea7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54591", - "tcp.dstport": "80", - "tcp.port": "54591", - "tcp.port": "80", - "tcp.stream": "126", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00002ebc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2844", - "tcp.analysis.ack_rtt": "0.003099000", - "tcp.analysis.initial_rtt": "0.003638000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:31.963074000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494371.963074000", - "frame.time_delta": "0.000596000", - "frame.time_delta_displayed": "0.000596000", - "frame.time_relative": "780.502388000", - "frame.number": "2846", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x000019cd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005dff", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54591", - "tcp.dstport": "80", - "tcp.port": "54591", - "tcp.port": "80", - "tcp.stream": "126", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00004435", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003638000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:31.963561000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494371.963561000", - "frame.time_delta": "0.000487000", - "frame.time_delta_displayed": "0.000487000", - "frame.time_relative": "780.502875000", - "frame.number": "2847", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e384", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d4ee", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54591", - "tcp.port": "80", - "tcp.port": "54591", - "tcp.stream": "126", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000204d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2846", - "tcp.analysis.ack_rtt": "0.000487000", - "tcp.analysis.initial_rtt": "0.003638000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:31.964136000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494371.964136000", - "frame.time_delta": "0.000575000", - "frame.time_delta_displayed": "0.000575000", - "frame.time_relative": "780.503450000", - "frame.number": "2848", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000e385", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d4dc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54591", - "tcp.port": "80", - "tcp.port": "54591", - "tcp.stream": "126", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000606e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003638000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:31.964487000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494371.964487000", - "frame.time_delta": "0.000351000", - "frame.time_delta_displayed": "0.000351000", - "frame.time_relative": "780.503801000", - "frame.number": "2849", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000e386", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d109", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54591", - "tcp.port": "80", - "tcp.port": "54591", - "tcp.stream": "126", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000b2d7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003638000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "2848", - "tcp.segment": "2849", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001413000", - "http.request_in": "2846", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:31.966991000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494371.966991000", - "frame.time_delta": "0.002504000", - "frame.time_delta_displayed": "0.002504000", - "frame.time_relative": "780.506305000", - "frame.number": "2850", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000019ce", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005ea5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54591", - "tcp.dstport": "80", - "tcp.port": "54591", - "tcp.port": "80", - "tcp.stream": "126", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00002a24", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2849", - "tcp.analysis.ack_rtt": "0.002504000", - "tcp.analysis.initial_rtt": "0.003638000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:31.967636000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494371.967636000", - "frame.time_delta": "0.000645000", - "frame.time_delta_displayed": "0.000645000", - "frame.time_relative": "780.506950000", - "frame.number": "2851", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000019cf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005ea4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54591", - "tcp.dstport": "80", - "tcp.port": "54591", - "tcp.port": "80", - "tcp.stream": "126", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00002a23", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:31.968065000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494371.968065000", - "frame.time_delta": "0.000429000", - "frame.time_delta_displayed": "0.000429000", - "frame.time_relative": "780.507379000", - "frame.number": "2852", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000257e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000092f5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54591", - "tcp.port": "80", - "tcp.port": "54591", - "tcp.stream": "126", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00001c57", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2851", - "tcp.analysis.ack_rtt": "0.000429000", - "tcp.analysis.initial_rtt": "0.003638000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:32.007888000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494372.007888000", - "frame.time_delta": "0.039823000", - "frame.time_delta_displayed": "0.039823000", - "frame.time_relative": "780.547202000", - "frame.number": "2853", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00007b44", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003bfe", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "314", - "udp.checksum": "0x00000771", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "41", - "http.prev_response_in": "2842" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:32.018304000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494372.018304000", - "frame.time_delta": "0.010416000", - "frame.time_delta_displayed": "0.010416000", - "frame.time_relative": "780.557618000", - "frame.number": "2854", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x000019d0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005e97", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54592", - "tcp.dstport": "80", - "tcp.port": "54592", - "tcp.port": "80", - "tcp.stream": "127", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x00008b60", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:32.018855000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494372.018855000", - "frame.time_delta": "0.000551000", - "frame.time_delta_displayed": "0.000551000", - "frame.time_relative": "780.558169000", - "frame.number": "2855", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54592", - "tcp.port": "80", - "tcp.port": "54592", - "tcp.stream": "127", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00008124", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2854", - "tcp.analysis.ack_rtt": "0.000551000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:32.021192000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494372.021192000", - "frame.time_delta": "0.002337000", - "frame.time_delta_displayed": "0.002337000", - "frame.time_relative": "780.560506000", - "frame.number": "2856", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000019d1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005ea2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54592", - "tcp.dstport": "80", - "tcp.port": "54592", - "tcp.port": "80", - "tcp.stream": "127", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00003303", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2855", - "tcp.analysis.ack_rtt": "0.002337000", - "tcp.analysis.initial_rtt": "0.002888000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:32.021819000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494372.021819000", - "frame.time_delta": "0.000627000", - "frame.time_delta_displayed": "0.000627000", - "frame.time_relative": "780.561133000", - "frame.number": "2857", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x000019d2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005dfa", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54592", - "tcp.dstport": "80", - "tcp.port": "54592", - "tcp.port": "80", - "tcp.stream": "127", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000487c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002888000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:32.022311000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494372.022311000", - "frame.time_delta": "0.000492000", - "frame.time_delta_displayed": "0.000492000", - "frame.time_relative": "780.561625000", - "frame.number": "2858", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002899", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008fda", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54592", - "tcp.port": "80", - "tcp.port": "54592", - "tcp.stream": "127", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00002494", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2857", - "tcp.analysis.ack_rtt": "0.000492000", - "tcp.analysis.initial_rtt": "0.002888000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:32.022880000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494372.022880000", - "frame.time_delta": "0.000569000", - "frame.time_delta_displayed": "0.000569000", - "frame.time_relative": "780.562194000", - "frame.number": "2859", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000289a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008fc8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54592", - "tcp.port": "80", - "tcp.port": "54592", - "tcp.stream": "127", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000064b5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002888000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:32.023230000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494372.023230000", - "frame.time_delta": "0.000350000", - "frame.time_delta_displayed": "0.000350000", - "frame.time_relative": "780.562544000", - "frame.number": "2860", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000289b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008bf5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54592", - "tcp.port": "80", - "tcp.port": "54592", - "tcp.stream": "127", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000b71e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002888000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "2859", - "tcp.segment": "2860", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001411000", - "http.request_in": "2857", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:32.027107000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494372.027107000", - "frame.time_delta": "0.003877000", - "frame.time_delta_displayed": "0.003877000", - "frame.time_relative": "780.566421000", - "frame.number": "2861", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000019d3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005ea0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54592", - "tcp.dstport": "80", - "tcp.port": "54592", - "tcp.port": "80", - "tcp.stream": "127", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00002e6b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2860", - "tcp.analysis.ack_rtt": "0.003877000", - "tcp.analysis.initial_rtt": "0.002888000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:32.027762000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494372.027762000", - "frame.time_delta": "0.000655000", - "frame.time_delta_displayed": "0.000655000", - "frame.time_relative": "780.567076000", - "frame.number": "2862", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000019d4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005e9f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54592", - "tcp.dstport": "80", - "tcp.port": "54592", - "tcp.port": "80", - "tcp.stream": "127", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00002e6a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:32.028193000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494372.028193000", - "frame.time_delta": "0.000431000", - "frame.time_delta_displayed": "0.000431000", - "frame.time_relative": "780.567507000", - "frame.number": "2863", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002584", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000092ef", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54592", - "tcp.port": "80", - "tcp.port": "54592", - "tcp.stream": "127", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000209e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2862", - "tcp.analysis.ack_rtt": "0.000431000", - "tcp.analysis.initial_rtt": "0.002888000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:32.060829000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494372.060829000", - "frame.time_delta": "0.032636000", - "frame.time_delta_displayed": "0.032636000", - "frame.time_relative": "780.600143000", - "frame.number": "2864", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00007b49", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003bff", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "308", - "udp.checksum": "0x00002afb", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "42", - "http.prev_response_in": "2853" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:32.064193000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494372.064193000", - "frame.time_delta": "0.003364000", - "frame.time_delta_displayed": "0.003364000", - "frame.time_relative": "780.603507000", - "frame.number": "2865", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x000019d5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005e92", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54593", - "tcp.dstport": "80", - "tcp.port": "54593", - "tcp.port": "80", - "tcp.stream": "128", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x000097e8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:32.064752000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494372.064752000", - "frame.time_delta": "0.000559000", - "frame.time_delta_displayed": "0.000559000", - "frame.time_relative": "780.604066000", - "frame.number": "2866", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54593", - "tcp.port": "80", - "tcp.port": "54593", - "tcp.stream": "128", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x000088f6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2865", - "tcp.analysis.ack_rtt": "0.000559000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:32.067392000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494372.067392000", - "frame.time_delta": "0.002640000", - "frame.time_delta_displayed": "0.002640000", - "frame.time_relative": "780.606706000", - "frame.number": "2867", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000019d6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005e9d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54593", - "tcp.dstport": "80", - "tcp.port": "54593", - "tcp.port": "80", - "tcp.stream": "128", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00003ad5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2866", - "tcp.analysis.ack_rtt": "0.002640000", - "tcp.analysis.initial_rtt": "0.003199000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:32.068009000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494372.068009000", - "frame.time_delta": "0.000617000", - "frame.time_delta_displayed": "0.000617000", - "frame.time_relative": "780.607323000", - "frame.number": "2868", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x000019d7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005df5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54593", - "tcp.dstport": "80", - "tcp.port": "54593", - "tcp.port": "80", - "tcp.stream": "128", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000504e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003199000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:32.068477000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494372.068477000", - "frame.time_delta": "0.000468000", - "frame.time_delta_displayed": "0.000468000", - "frame.time_relative": "780.607791000", - "frame.number": "2869", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000c95a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ef18", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54593", - "tcp.port": "80", - "tcp.port": "54593", - "tcp.stream": "128", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00002c66", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2868", - "tcp.analysis.ack_rtt": "0.000468000", - "tcp.analysis.initial_rtt": "0.003199000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:32.069168000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494372.069168000", - "frame.time_delta": "0.000691000", - "frame.time_delta_displayed": "0.000691000", - "frame.time_relative": "780.608482000", - "frame.number": "2870", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000c95b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ef06", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54593", - "tcp.port": "80", - "tcp.port": "54593", - "tcp.stream": "128", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00006c87", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003199000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:32.069523000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494372.069523000", - "frame.time_delta": "0.000355000", - "frame.time_delta_displayed": "0.000355000", - "frame.time_relative": "780.608837000", - "frame.number": "2871", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000c95c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000eb33", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54593", - "tcp.port": "80", - "tcp.port": "54593", - "tcp.stream": "128", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000bef0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003199000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "2870", - "tcp.segment": "2871", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001514000", - "http.request_in": "2868", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:32.070311000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494372.070311000", - "frame.time_delta": "0.000788000", - "frame.time_delta_displayed": "0.000788000", - "frame.time_relative": "780.609625000", - "frame.number": "2872", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000c95d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000eb32", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54593", - "tcp.port": "80", - "tcp.port": "54593", - "tcp.stream": "128", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000bef0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003199000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.out_of_order": "", - "_ws.expert.message": "This frame is a (suspected) out-of-order segment", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - } - } - }, - "_ws.malformed": { - "_ws.expert": { - "_ws.malformed.reassembly": "", - "_ws.expert.message": "New fragment overlaps old data (retransmission?)", - "_ws.expert.severity": "8388608", - "_ws.expert.group": "117440512" - }, - "_ws.malformed": "Malformed Packet" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:32.072360000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494372.072360000", - "frame.time_delta": "0.002049000", - "frame.time_delta_displayed": "0.002049000", - "frame.time_relative": "780.611674000", - "frame.number": "2873", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000019d8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005e9b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54593", - "tcp.dstport": "80", - "tcp.port": "54593", - "tcp.port": "80", - "tcp.stream": "128", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000363d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2871", - "tcp.analysis.ack_rtt": "0.002837000", - "tcp.analysis.initial_rtt": "0.003199000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:32.073472000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494372.073472000", - "frame.time_delta": "0.001112000", - "frame.time_delta_displayed": "0.001112000", - "frame.time_relative": "780.612786000", - "frame.number": "2874", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000019d9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005e9a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54593", - "tcp.dstport": "80", - "tcp.port": "54593", - "tcp.port": "80", - "tcp.stream": "128", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000363c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:32.073912000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494372.073912000", - "frame.time_delta": "0.000440000", - "frame.time_delta_displayed": "0.000440000", - "frame.time_relative": "780.613226000", - "frame.number": "2875", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002587", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000092ec", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54593", - "tcp.port": "80", - "tcp.port": "54593", - "tcp.stream": "128", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00002870", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2874", - "tcp.analysis.ack_rtt": "0.000440000", - "tcp.analysis.initial_rtt": "0.003199000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:32.074238000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494372.074238000", - "frame.time_delta": "0.000326000", - "frame.time_delta_displayed": "0.000326000", - "frame.time_relative": "780.613552000", - "frame.number": "2876", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x000019da", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005e8d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54593", - "tcp.dstport": "80", - "tcp.port": "54593", - "tcp.port": "80", - "tcp.stream": "128", - "tcp.len": "0", - "tcp.seq": "169", - "tcp.ack": "1014", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000cc90", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:05:0a:2d:01:6a:d7:2d:01:6e:ba", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "SACK: 18-1013": { - "tcp.option_kind": "5", - "tcp.option_len": "10", - "tcp.options.sack": "1", - "tcp.options.sack_le": "18", - "tcp.options.sack_re": "1013", - "tcp.options.sack.count": "1" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003199000", - "tcp.analysis.flags": { - "tcp.analysis.duplicate_ack": "" - }, - "tcp.analysis.duplicate_ack_num": "1", - "tcp.analysis.duplicate_ack_frame": "2873", - "tcp.analysis.duplicate_ack_frame_tree": { - "_ws.expert": { - "tcp.analysis.duplicate_ack": "", - "_ws.expert.message": "Duplicate ACK (#1)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:32.680230000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494372.680230000", - "frame.time_delta": "0.605992000", - "frame.time_delta_displayed": "0.605992000", - "frame.time_relative": "781.219544000", - "frame.number": "2877", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.242" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:32.680668000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494372.680668000", - "frame.time_delta": "0.000438000", - "frame.time_delta_displayed": "0.000438000", - "frame.time_relative": "781.219982000", - "frame.number": "2878", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "d0:52:a8:a3:60:0f", - "arp.src.proto_ipv4": "192.168.0.242", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:33.643546000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494373.643546000", - "frame.time_delta": "0.962878000", - "frame.time_delta_displayed": "0.962878000", - "frame.time_relative": "782.182860000", - "frame.number": "2879", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x0000fd3a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000bb7f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "35351", - "udp.dstport": "53", - "udp.port": "35351", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x00002c07", - "udp.checksum.status": "2", - "udp.stream": "71" - }, - "dns": { - "dns.id": "0x00000f1f", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:33.644194000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494373.644194000", - "frame.time_delta": "0.000648000", - "frame.time_delta_displayed": "0.000648000", - "frame.time_relative": "782.183508000", - "frame.number": "2880", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x00003af1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00007dc9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "35351", - "udp.port": "53", - "udp.port": "35351", - "udp.length": "45", - "udp.checksum": "0x00008230", - "udp.checksum.status": "2", - "udp.stream": "71" - }, - "dns": { - "dns.response_to": "2879", - "dns.time": "0.000648000", - "dns.id": "0x00000f1f", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:33.645211000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494373.645211000", - "frame.time_delta": "0.001017000", - "frame.time_delta_displayed": "0.001017000", - "frame.time_relative": "782.184525000", - "frame.number": "2881", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x0000fd3b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000bb7e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "55107", - "udp.dstport": "53", - "udp.port": "55107", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x0000f9d9", - "udp.checksum.status": "2", - "udp.stream": "72" - }, - "dns": { - "dns.id": "0x00000f20", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:33.645636000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494373.645636000", - "frame.time_delta": "0.000425000", - "frame.time_delta_displayed": "0.000425000", - "frame.time_relative": "782.184950000", - "frame.number": "2882", - "frame.len": "95", - "frame.cap_len": "95", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "81", - "ip.id": "0x00003af2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00007db8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "55107", - "udp.port": "53", - "udp.port": "55107", - "udp.length": "61", - "udp.checksum": "0x00008240", - "udp.checksum.status": "2", - "udp.stream": "72" - }, - "dns": { - "dns.response_to": "2881", - "dns.time": "0.000425000", - "dns.id": "0x00000f20", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "1", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { - "dns.resp.name": "dcp.cpp.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3004", - "dns.resp.len": "4", - "dns.a": "5.79.62.93" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:33.646391000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494373.646391000", - "frame.time_delta": "0.000755000", - "frame.time_delta_displayed": "0.000755000", - "frame.time_relative": "782.185705000", - "frame.number": "2883", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00003fdb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f5f4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35298", - "tcp.dstport": "80", - "tcp.port": "35298", - "tcp.port": "80", - "tcp.stream": "129", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000a3b1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:33.781737000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494373.781737000", - "frame.time_delta": "0.135346000", - "frame.time_delta_displayed": "0.135346000", - "frame.time_relative": "782.321051000", - "frame.number": "2884", - "frame.len": "62", - "frame.cap_len": "62", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "48", - "ip.id": "0x0000bcb7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x0000ce1b", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35298", - "tcp.port": "80", - "tcp.port": "35298", - "tcp.stream": "129", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "28", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "4140", - "tcp.window_size": "4140", - "tcp.checksum": "0x00004a5c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:64:04:02:00:00", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1380" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "End of Option List (EOL)": { - "tcp.options.type": "0", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "0" - } - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2883", - "tcp.analysis.ack_rtt": "0.135346000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:33.782286000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494373.782286000", - "frame.time_delta": "0.000549000", - "frame.time_delta_displayed": "0.000549000", - "frame.time_relative": "782.321600000", - "frame.number": "2885", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00003fdc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f5ff", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35298", - "tcp.dstport": "80", - "tcp.port": "35298", - "tcp.port": "80", - "tcp.stream": "129", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x000013eb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2884", - "tcp.analysis.ack_rtt": "0.000549000", - "tcp.analysis.initial_rtt": "0.135895000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:33.782299000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494373.782299000", - "frame.time_delta": "0.000013000", - "frame.time_delta_displayed": "0.000013000", - "frame.time_relative": "782.321613000", - "frame.number": "2886", - "frame.len": "654", - "frame.cap_len": "654", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "640", - "ip.id": "0x00003fdd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f3a6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35298", - "tcp.dstport": "80", - "tcp.port": "35298", - "tcp.port": "80", - "tcp.stream": "129", - "tcp.len": "600", - "tcp.seq": "1", - "tcp.nxtseq": "601", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00003e28", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.135895000", - "tcp.analysis.bytes_in_flight": "600", - "tcp.analysis.push_bytes_sent": "600" - }, - "tcp.segment_data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:38:37:22:2c:20:4e:6f:6e:63:65:3d:22:55:47:35:74:70:36:43:39:2b:6c:53:37:49:4e:55:49:48:69:66:38:67:77:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:4b:55:70:36:73:6a:68:30:6b:68:59:54:46:42:36:63:31:38:41:30:43:77:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:33.918506000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494373.918506000", - "frame.time_delta": "0.136207000", - "frame.time_delta_displayed": "0.136207000", - "frame.time_relative": "782.457820000", - "frame.number": "2887", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000f57a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x00009560", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35298", - "tcp.port": "80", - "tcp.port": "35298", - "tcp.stream": "129", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "601", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4740", - "tcp.window_size": "4740", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000711f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2886", - "tcp.analysis.ack_rtt": "0.136207000", - "tcp.analysis.initial_rtt": "0.135895000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:33.919164000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494373.919164000", - "frame.time_delta": "0.000658000", - "frame.time_delta_displayed": "0.000658000", - "frame.time_relative": "782.458478000", - "frame.number": "2888", - "frame.len": "1302", - "frame.cap_len": "1302", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:media" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1288", - "ip.id": "0x00003fde", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f11d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35298", - "tcp.dstport": "80", - "tcp.port": "35298", - "tcp.port": "80", - "tcp.stream": "129", - "tcp.len": "1248", - "tcp.seq": "601", - "tcp.nxtseq": "1849", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x000016e2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.135895000", - "tcp.analysis.bytes_in_flight": "1248", - "tcp.analysis.push_bytes_sent": "1248" - }, - "tcp.segment_data": "ad:1f:cb:8e:68:9a:e0:7c:41:5a:ea:55:58:00:d4:95:90:e3:ce:c1:bb:66:96:56:a5:33:e8:a5:8a:59:dd:4f:dc:d6:b0:c5:a1:ff:47:32:f8:72:fc:58:58:e8:a2:0d:33:d0:c7:f8:41:8b:d9:3a:a3:24:04:f8:23:c1:0b:1e:b8:7b:ef:e1:e4:e5:1e:3d:71:09:3c:de:86:34:c1:18:0b:a9:70:5d:0c:7b:cf:9e:b8:e6:e1:1b:83:97:68:50:d5:ff:6a:11:f9:ff:ec:ff:da:06:45:32:61:2a:22:12:d0:fc:55:73:26:1a:d2:25:58:d4:dc:36:0f:e5:67:49:e6:4a:7f:c4:68:75:3c:87:24:36:6c:c4:27:0e:7d:f3:72:ba:5d:d1:9a:f9:82:26:1b:c5:0c:05:46:f2:b3:83:c0:a3:cf:c1:fe:cb:7f:88:45:f7:5a:55:20:08:cc:dc:ac:ab:e1:ce:a4:8b:13:87:35:d4:32:68:cc:24:0c:a9:33:8f:9c:68:db:86:73:e1:20:f1:06:69:cf:3b:07:08:4d:ca:d9:3c:9b:06:50:0a:0d:ff:d5:44:49:e3:87:ab:45:5a:ac:c6:db:c1:8f:a7:c6:f2:28:64:5f:28:29:54:23:18:4b:61:02:7a:3b:79:da:3d:8d:0c:a4:a1:d1:7f:aa:65:c3:a8:c8:51:5a:4b:ed:3b:e5:63:cc:16:6e:9a:0d:6a:c6:b4:ba:fa:23:90:75:f6:e7:ff:62:33:9c:15:5c:16:dc:6b:1b:77:80:df:a0:57:26:6e:0b:c6:17:e2:01:78:02:97:68:b1:9a:96:91:26:15:46:1b:63:d4:66:eb:c1:9c:5e:78:fa:85:a0:3b:cf:91:92:99:e1:33:a3:31:09:d6:55:b1:08:52:87:ee:6c:95:39:94:38:bc:b6:52:09:d7:73:65:34:f0:1f:97:c4:b9:19:05:30:90:fa:0a:2f:c1:97:b9:43:ef:60:7d:01:9b:41:fa:35:02:28:05:91:24:18:b2:7d:c7:4c:af:3c:01:ae:35:6e:db:1c:b2:36:2c:fe:03:47:a4:54:f7:e2:6e:97:5c:99:b8:00:0c:be:e7:0e:e4:99:d4:69:1b:e2:4e:ea:92:58:1d:72:43:2f:bc:00:c1:2c:ca:8e:08:db:ae:e1:24:c6:e2:f7:65:26:40:88:2d:29:4b:ca:d4:a6:bf:8a:41:8d:b3:0a:7a:d0:52:3f:9b:9d:50:26:c3:0c:76:d4:11:d1:da:3d:a5:dc:f1:bd:21:8d:3b:1d:36:48:05:87:71:1f:eb:17:42:e7:95:bf:fb:78:67:d7:6b:5a:99:cc:02:e4:89:8d:92:36:aa:c4:18:28:04:d4:f4:90:f8:cd:0e:61:b8:ac:c9:f6:22:2d:79:3a:cd:39:c5:a5:a4:2f:33:9f:09:13:35:16:49:d7:f6:02:7d:40:5b:6e:98:ea:15:6a:68:66:0f:2e:ab:93:99:7c:ee:50:da:1a:4c:a0:c5:1c:60:91:5e:63:63:b4:fa:f5:94:1b:6e:df:de:16:06:b2:81:e4:4d:39:37:20:b4:76:ac:ad:a3:31:26:ae:7d:f9:d2:44:cd:10:f0:c7:9d:c4:ea:f7:63:d1:11:b4:3c:67:53:f1:21:c9:7e:29:a2:b6:fe:ce:d2:1d:97:ab:e6:d8:05:c1:a0:6e:38:30:9e:86:b5:8a:b7:39:14:92:9a:4c:83:b6:53:18:83:0e:46:67:af:e0:9a:29:56:69:fe:7d:e8:66:0e:97:f3:52:1c:1e:1f:c9:2c:a1:96:74:01:7e:6c:f0:9b:90:9e:39:eb:31:03:f5:5c:b7:98:b2:ba:5b:f4:62:c1:ce:3c:dd:5b:ed:ac:6e:53:91:53:e9:70:82:5e:a1:f2:11:25:fa:d5:9b:44:16:2c:64:86:33:a2:72:f7:7a:e4:da:40:2f:46:8b:2d:e0:82:ad:c9:0f:02:03:02:36:cc:10:8f:df:37:7c:1b:5a:12:c6:c8:63:4d:a6:e3:d6:7c:b7:62:41:a5:55:40:22:6d:70:9c:c4:4f:87:7a:e2:8d:e9:9d:2c:f7:1f:25:13:96:58:4b:34:62:3e:0f:d1:03:97:e4:7e:57:01:a8:d3:9d:7e:dc:74:48:74:0c:40:4b:91:e4:0f:0f:55:04:76:70:b6:31:aa:1a:9a:c9:40:19:2a:e9:74:f1:df:14:69:dd:dd:4e:c6:b6:da:ea:39:c3:a0:43:d6:cb:8e:52:19:60:e9:a1:b5:bf:fb:1e:87:38:88:03:3e:0f:e8:42:29:cc:d1:79:30:aa:df:de:24:dd:08:f2:4c:a6:14:0d:0b:a6:13:a4:19:b9:35:7b:fc:0d:fb:7f:ee:6b:ee:3b:d8:54:77:eb:c8:f8:d9:c0:80:d2:58:ae:16:84:b0:a9:39:00:65:b9:b7:4a:cf:49:e5:c6:f0:c7:0a:7a:71:21:71:6b:2d:fe:79:15:03:2c:7a:fe:b5:0e:cc:ea:6f:c4:d7:6a:0d:95:b4:7b:eb:60:14:bd:9d:ff:99:87:c6:a1:1d:b1:2f:f6:d3:a2:e4:97:de:4b:23:af:18:19:b3:e6:e8:0f:e2:f2:6d:4b:de:4c:64:14:06:9c:04:88:dd:6c:4b:4a:56:da:96:d4:dd:27:43:ad:bf:e3:b8:cc:d3:7f:db:d4:46:8f:56:98:49:ec:3f:69:0f:92:03:8e:f1:09:c2:c4:47:2d:9d:b7:6e:18:41:41:6d:7d:d1:5c:8a:1d:33:ee:3a:5d:a2:d7:64:fb:2e:e6:7f:1f:46:24:57:22:24:5e:3e:2c:49:f7:a2:7a:02:d6:19:0e:73:a0:49:e5:82:0e:9d:ee:1c:92:9e:7b:75:59:ce:58:a9:cb:0d:82:b0:96:66:a8:3c:bf:26:3a:63:e4:4d:ca:0e:61:ea:06:66:7a:11:ca:e6:97:ac:95:c4:d1:c5:b0:48:7f:4c:ed:ed:ab:45:ba:62:5a:f9:86:f0:88:1a:03:b6:58:00:f7:9d:60:7f:bd:71:48:d7:ee:0e:00:6c:47:a5:17:7f:03:69:36:f5:91:62:0d:14:cb:be:69:90:30:a5:db:f5:4e:71:f7:20:90:bc:26:d5:88:77:3a:5c:d0:4a:cc:99:7a:8a:f4:22:78:27:59:c4:03:0c:9e:9b:d4:ca:86:5d:6f:51:2e:41:78:bc:ed:56:ca:34:f5:66:4f:26:d0:de:29:0c:51:c2:12:f3:7e:17:17:39:15:ac:b1:d2:1d:37:8f:75:fb:d5:2c:a9:49:06:3e:34" - }, - "tcp.segments": { - "tcp.segment": "2886", - "tcp.segment": "2888", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1848", - "tcp.reassembled.data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:38:37:22:2c:20:4e:6f:6e:63:65:3d:22:55:47:35:74:70:36:43:39:2b:6c:53:37:49:4e:55:49:48:69:66:38:67:77:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:4b:55:70:36:73:6a:68:30:6b:68:59:54:46:42:36:63:31:38:41:30:43:77:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a:ad:1f:cb:8e:68:9a:e0:7c:41:5a:ea:55:58:00:d4:95:90:e3:ce:c1:bb:66:96:56:a5:33:e8:a5:8a:59:dd:4f:dc:d6:b0:c5:a1:ff:47:32:f8:72:fc:58:58:e8:a2:0d:33:d0:c7:f8:41:8b:d9:3a:a3:24:04:f8:23:c1:0b:1e:b8:7b:ef:e1:e4:e5:1e:3d:71:09:3c:de:86:34:c1:18:0b:a9:70:5d:0c:7b:cf:9e:b8:e6:e1:1b:83:97:68:50:d5:ff:6a:11:f9:ff:ec:ff:da:06:45:32:61:2a:22:12:d0:fc:55:73:26:1a:d2:25:58:d4:dc:36:0f:e5:67:49:e6:4a:7f:c4:68:75:3c:87:24:36:6c:c4:27:0e:7d:f3:72:ba:5d:d1:9a:f9:82:26:1b:c5:0c:05:46:f2:b3:83:c0:a3:cf:c1:fe:cb:7f:88:45:f7:5a:55:20:08:cc:dc:ac:ab:e1:ce:a4:8b:13:87:35:d4:32:68:cc:24:0c:a9:33:8f:9c:68:db:86:73:e1:20:f1:06:69:cf:3b:07:08:4d:ca:d9:3c:9b:06:50:0a:0d:ff:d5:44:49:e3:87:ab:45:5a:ac:c6:db:c1:8f:a7:c6:f2:28:64:5f:28:29:54:23:18:4b:61:02:7a:3b:79:da:3d:8d:0c:a4:a1:d1:7f:aa:65:c3:a8:c8:51:5a:4b:ed:3b:e5:63:cc:16:6e:9a:0d:6a:c6:b4:ba:fa:23:90:75:f6:e7:ff:62:33:9c:15:5c:16:dc:6b:1b:77:80:df:a0:57:26:6e:0b:c6:17:e2:01:78:02:97:68:b1:9a:96:91:26:15:46:1b:63:d4:66:eb:c1:9c:5e:78:fa:85:a0:3b:cf:91:92:99:e1:33:a3:31:09:d6:55:b1:08:52:87:ee:6c:95:39:94:38:bc:b6:52:09:d7:73:65:34:f0:1f:97:c4:b9:19:05:30:90:fa:0a:2f:c1:97:b9:43:ef:60:7d:01:9b:41:fa:35:02:28:05:91:24:18:b2:7d:c7:4c:af:3c:01:ae:35:6e:db:1c:b2:36:2c:fe:03:47:a4:54:f7:e2:6e:97:5c:99:b8:00:0c:be:e7:0e:e4:99:d4:69:1b:e2:4e:ea:92:58:1d:72:43:2f:bc:00:c1:2c:ca:8e:08:db:ae:e1:24:c6:e2:f7:65:26:40:88:2d:29:4b:ca:d4:a6:bf:8a:41:8d:b3:0a:7a:d0:52:3f:9b:9d:50:26:c3:0c:76:d4:11:d1:da:3d:a5:dc:f1:bd:21:8d:3b:1d:36:48:05:87:71:1f:eb:17:42:e7:95:bf:fb:78:67:d7:6b:5a:99:cc:02:e4:89:8d:92:36:aa:c4:18:28:04:d4:f4:90:f8:cd:0e:61:b8:ac:c9:f6:22:2d:79:3a:cd:39:c5:a5:a4:2f:33:9f:09:13:35:16:49:d7:f6:02:7d:40:5b:6e:98:ea:15:6a:68:66:0f:2e:ab:93:99:7c:ee:50:da:1a:4c:a0:c5:1c:60:91:5e:63:63:b4:fa:f5:94:1b:6e:df:de:16:06:b2:81:e4:4d:39:37:20:b4:76:ac:ad:a3:31:26:ae:7d:f9:d2:44:cd:10:f0:c7:9d:c4:ea:f7:63:d1:11:b4:3c:67:53:f1:21:c9:7e:29:a2:b6:fe:ce:d2:1d:97:ab:e6:d8:05:c1:a0:6e:38:30:9e:86:b5:8a:b7:39:14:92:9a:4c:83:b6:53:18:83:0e:46:67:af:e0:9a:29:56:69:fe:7d:e8:66:0e:97:f3:52:1c:1e:1f:c9:2c:a1:96:74:01:7e:6c:f0:9b:90:9e:39:eb:31:03:f5:5c:b7:98:b2:ba:5b:f4:62:c1:ce:3c:dd:5b:ed:ac:6e:53:91:53:e9:70:82:5e:a1:f2:11:25:fa:d5:9b:44:16:2c:64:86:33:a2:72:f7:7a:e4:da:40:2f:46:8b:2d:e0:82:ad:c9:0f:02:03:02:36:cc:10:8f:df:37:7c:1b:5a:12:c6:c8:63:4d:a6:e3:d6:7c:b7:62:41:a5:55:40:22:6d:70:9c:c4:4f:87:7a:e2:8d:e9:9d:2c:f7:1f:25:13:96:58:4b:34:62:3e:0f:d1:03:97:e4:7e:57:01:a8:d3:9d:7e:dc:74:48:74:0c:40:4b:91:e4:0f:0f:55:04:76:70:b6:31:aa:1a:9a:c9:40:19:2a:e9:74:f1:df:14:69:dd:dd:4e:c6:b6:da:ea:39:c3:a0:43:d6:cb:8e:52:19:60:e9:a1:b5:bf:fb:1e:87:38:88:03:3e:0f:e8:42:29:cc:d1:79:30:aa:df:de:24:dd:08:f2:4c:a6:14:0d:0b:a6:13:a4:19:b9:35:7b:fc:0d:fb:7f:ee:6b:ee:3b:d8:54:77:eb:c8:f8:d9:c0:80:d2:58:ae:16:84:b0:a9:39:00:65:b9:b7:4a:cf:49:e5:c6:f0:c7:0a:7a:71:21:71:6b:2d:fe:79:15:03:2c:7a:fe:b5:0e:cc:ea:6f:c4:d7:6a:0d:95:b4:7b:eb:60:14:bd:9d:ff:99:87:c6:a1:1d:b1:2f:f6:d3:a2:e4:97:de:4b:23:af:18:19:b3:e6:e8:0f:e2:f2:6d:4b:de:4c:64:14:06:9c:04:88:dd:6c:4b:4a:56:da:96:d4:dd:27:43:ad:bf:e3:b8:cc:d3:7f:db:d4:46:8f:56:98:49:ec:3f:69:0f:92:03:8e:f1:09:c2:c4:47:2d:9d:b7:6e:18:41:41:6d:7d:d1:5c:8a:1d:33:ee:3a:5d:a2:d7:64:fb:2e:e6:7f:1f:46:24:57:22:24:5e:3e:2c:49:f7:a2:7a:02:d6:19:0e:73:a0:49:e5:82:0e:9d:ee:1c:92:9e:7b:75:59:ce:58:a9:cb:0d:82:b0:96:66:a8:3c:bf:26:3a:63:e4:4d:ca:0e:61:ea:06:66:7a:11:ca:e6:97:ac:95:c4:d1:c5:b0:48:7f:4c:ed:ed:ab:45:ba:62:5a:f9:86:f0:88:1a:03:b6:58:00:f7:9d:60:7f:bd:71:48:d7:ee:0e:00:6c:47:a5:17:7f:03:69:36:f5:91:62:0d:14:cb:be:69:90:30:a5:db:f5:4e:71:f7:20:90:bc:26:d5:88:77:3a:5c:d0:4a:cc:99:7a:8a:f4:22:78:27:59:c4:03:0c:9e:9b:d4:ca:86:5d:6f:51:2e:41:78:bc:ed:56:ca:34:f5:66:4f:26:d0:de:29:0c:51:c2:12:f3:7e:17:17:39:15:ac:b1:d2:1d:37:8f:75:fb:d5:2c:a9:49:06:3e:34" - }, - "http": { - "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "POST", - "http.request.uri": "\/DcpRequestHandler\/index.ashx", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "dcp.cpp.philips.com:80", - "http.request.line": "Host: dcp.cpp.philips.com:80\r\n", - "http.authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"187\", Nonce=\"UG5tp6C9+lS7INUIHif8gw==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"KUp6sjh0khYTFB6c18A0Cw==\"", - "http.request.line": "Authorization: CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"187\", Nonce=\"UG5tp6C9+lS7INUIHif8gw==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"KUp6sjh0khYTFB6c18A0Cw==\"\r\n", - "http.content_length_header": "1248 ", - "http.content_length_header_tree": { - "http.content_length": "1248" - }, - "http.request.line": "Content-Length: 1248 \r\n", - "http.content_type": "application\/CB-Encrypted; cipher=AES", - "http.request.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", - "http.connection": "close", - "http.request.line": "Connection: close\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/dcp.cpp.philips.com:80\/DcpRequestHandler\/index.ashx", - "http.request": "1", - "http.request_number": "1", - "http.file_data": "\u00ef\u00bf\u00bd\u001f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdh\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd|AZ\u00ef\u00bf\u00bdUX" - }, - "media": { - "media.type": "ad:1f:cb:8e:68:9a:e0:7c:41:5a:ea:55:58:00:d4:95:90:e3:ce:c1:bb:66:96:56:a5:33:e8:a5:8a:59:dd:4f:dc:d6:b0:c5:a1:ff:47:32:f8:72:fc:58:58:e8:a2:0d:33:d0:c7:f8:41:8b:d9:3a:a3:24:04:f8:23:c1:0b:1e:b8:7b:ef:e1:e4:e5:1e:3d:71:09:3c:de:86:34:c1:18:0b:a9:70:5d:0c:7b:cf:9e:b8:e6:e1:1b:83:97:68:50:d5:ff:6a:11:f9:ff:ec:ff:da:06:45:32:61:2a:22:12:d0:fc:55:73:26:1a:d2:25:58:d4:dc:36:0f:e5:67:49:e6:4a:7f:c4:68:75:3c:87:24:36:6c:c4:27:0e:7d:f3:72:ba:5d:d1:9a:f9:82:26:1b:c5:0c:05:46:f2:b3:83:c0:a3:cf:c1:fe:cb:7f:88:45:f7:5a:55:20:08:cc:dc:ac:ab:e1:ce:a4:8b:13:87:35:d4:32:68:cc:24:0c:a9:33:8f:9c:68:db:86:73:e1:20:f1:06:69:cf:3b:07:08:4d:ca:d9:3c:9b:06:50:0a:0d:ff:d5:44:49:e3:87:ab:45:5a:ac:c6:db:c1:8f:a7:c6:f2:28:64:5f:28:29:54:23:18:4b:61:02:7a:3b:79:da:3d:8d:0c:a4:a1:d1:7f:aa:65:c3:a8:c8:51:5a:4b:ed:3b:e5:63:cc:16:6e:9a:0d:6a:c6:b4:ba:fa:23:90:75:f6:e7:ff:62:33:9c:15:5c:16:dc:6b:1b:77:80:df:a0:57:26:6e:0b:c6:17:e2:01:78:02:97:68:b1:9a:96:91:26:15:46:1b:63:d4:66:eb:c1:9c:5e:78:fa:85:a0:3b:cf:91:92:99:e1:33:a3:31:09:d6:55:b1:08:52:87:ee:6c:95:39:94:38:bc:b6:52:09:d7:73:65:34:f0:1f:97:c4:b9:19:05:30:90:fa:0a:2f:c1:97:b9:43:ef:60:7d:01:9b:41:fa:35:02:28:05:91:24:18:b2:7d:c7:4c:af:3c:01:ae:35:6e:db:1c:b2:36:2c:fe:03:47:a4:54:f7:e2:6e:97:5c:99:b8:00:0c:be:e7:0e:e4:99:d4:69:1b:e2:4e:ea:92:58:1d:72:43:2f:bc:00:c1:2c:ca:8e:08:db:ae:e1:24:c6:e2:f7:65:26:40:88:2d:29:4b:ca:d4:a6:bf:8a:41:8d:b3:0a:7a:d0:52:3f:9b:9d:50:26:c3:0c:76:d4:11:d1:da:3d:a5:dc:f1:bd:21:8d:3b:1d:36:48:05:87:71:1f:eb:17:42:e7:95:bf:fb:78:67:d7:6b:5a:99:cc:02:e4:89:8d:92:36:aa:c4:18:28:04:d4:f4:90:f8:cd:0e:61:b8:ac:c9:f6:22:2d:79:3a:cd:39:c5:a5:a4:2f:33:9f:09:13:35:16:49:d7:f6:02:7d:40:5b:6e:98:ea:15:6a:68:66:0f:2e:ab:93:99:7c:ee:50:da:1a:4c:a0:c5:1c:60:91:5e:63:63:b4:fa:f5:94:1b:6e:df:de:16:06:b2:81:e4:4d:39:37:20:b4:76:ac:ad:a3:31:26:ae:7d:f9:d2:44:cd:10:f0:c7:9d:c4:ea:f7:63:d1:11:b4:3c:67:53:f1:21:c9:7e:29:a2:b6:fe:ce:d2:1d:97:ab:e6:d8:05:c1:a0:6e:38:30:9e:86:b5:8a:b7:39:14:92:9a:4c:83:b6:53:18:83:0e:46:67:af:e0:9a:29:56:69:fe:7d:e8:66:0e:97:f3:52:1c:1e:1f:c9:2c:a1:96:74:01:7e:6c:f0:9b:90:9e:39:eb:31:03:f5:5c:b7:98:b2:ba:5b:f4:62:c1:ce:3c:dd:5b:ed:ac:6e:53:91:53:e9:70:82:5e:a1:f2:11:25:fa:d5:9b:44:16:2c:64:86:33:a2:72:f7:7a:e4:da:40:2f:46:8b:2d:e0:82:ad:c9:0f:02:03:02:36:cc:10:8f:df:37:7c:1b:5a:12:c6:c8:63:4d:a6:e3:d6:7c:b7:62:41:a5:55:40:22:6d:70:9c:c4:4f:87:7a:e2:8d:e9:9d:2c:f7:1f:25:13:96:58:4b:34:62:3e:0f:d1:03:97:e4:7e:57:01:a8:d3:9d:7e:dc:74:48:74:0c:40:4b:91:e4:0f:0f:55:04:76:70:b6:31:aa:1a:9a:c9:40:19:2a:e9:74:f1:df:14:69:dd:dd:4e:c6:b6:da:ea:39:c3:a0:43:d6:cb:8e:52:19:60:e9:a1:b5:bf:fb:1e:87:38:88:03:3e:0f:e8:42:29:cc:d1:79:30:aa:df:de:24:dd:08:f2:4c:a6:14:0d:0b:a6:13:a4:19:b9:35:7b:fc:0d:fb:7f:ee:6b:ee:3b:d8:54:77:eb:c8:f8:d9:c0:80:d2:58:ae:16:84:b0:a9:39:00:65:b9:b7:4a:cf:49:e5:c6:f0:c7:0a:7a:71:21:71:6b:2d:fe:79:15:03:2c:7a:fe:b5:0e:cc:ea:6f:c4:d7:6a:0d:95:b4:7b:eb:60:14:bd:9d:ff:99:87:c6:a1:1d:b1:2f:f6:d3:a2:e4:97:de:4b:23:af:18:19:b3:e6:e8:0f:e2:f2:6d:4b:de:4c:64:14:06:9c:04:88:dd:6c:4b:4a:56:da:96:d4:dd:27:43:ad:bf:e3:b8:cc:d3:7f:db:d4:46:8f:56:98:49:ec:3f:69:0f:92:03:8e:f1:09:c2:c4:47:2d:9d:b7:6e:18:41:41:6d:7d:d1:5c:8a:1d:33:ee:3a:5d:a2:d7:64:fb:2e:e6:7f:1f:46:24:57:22:24:5e:3e:2c:49:f7:a2:7a:02:d6:19:0e:73:a0:49:e5:82:0e:9d:ee:1c:92:9e:7b:75:59:ce:58:a9:cb:0d:82:b0:96:66:a8:3c:bf:26:3a:63:e4:4d:ca:0e:61:ea:06:66:7a:11:ca:e6:97:ac:95:c4:d1:c5:b0:48:7f:4c:ed:ed:ab:45:ba:62:5a:f9:86:f0:88:1a:03:b6:58:00:f7:9d:60:7f:bd:71:48:d7:ee:0e:00:6c:47:a5:17:7f:03:69:36:f5:91:62:0d:14:cb:be:69:90:30:a5:db:f5:4e:71:f7:20:90:bc:26:d5:88:77:3a:5c:d0:4a:cc:99:7a:8a:f4:22:78:27:59:c4:03:0c:9e:9b:d4:ca:86:5d:6f:51:2e:41:78:bc:ed:56:ca:34:f5:66:4f:26:d0:de:29:0c:51:c2:12:f3:7e:17:17:39:15:ac:b1:d2:1d:37:8f:75:fb:d5:2c:a9:49:06:3e:34" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:34.054549000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494374.054549000", - "frame.time_delta": "0.135385000", - "frame.time_delta_displayed": "0.135385000", - "frame.time_relative": "782.593863000", - "frame.number": "2889", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002d4c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x00005d8f", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35298", - "tcp.port": "80", - "tcp.port": "35298", - "tcp.stream": "129", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1849", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000675f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2888", - "tcp.analysis.ack_rtt": "0.135385000", - "tcp.analysis.initial_rtt": "0.135895000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:34.081130000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494374.081130000", - "frame.time_delta": "0.026581000", - "frame.time_delta_displayed": "0.026581000", - "frame.time_relative": "782.620444000", - "frame.number": "2890", - "frame.len": "925", - "frame.cap_len": "925", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:media" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "911", - "ip.id": "0x000037a8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x00004fcc", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35298", - "tcp.port": "80", - "tcp.port": "35298", - "tcp.stream": "129", - "tcp.len": "871", - "tcp.seq": "1", - "tcp.nxtseq": "872", - "tcp.ack": "1849", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000941a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.135895000", - "tcp.analysis.bytes_in_flight": "871", - "tcp.analysis.push_bytes_sent": "871" - } - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.cache_control": "private", - "http.response.line": "Cache-Control: private\r\n", - "http.content_length_header": "560", - "http.content_length_header_tree": { - "http.content_length": "560" - }, - "http.response.line": "Content-Length: 560\r\n", - "http.content_type": "application\/CB-Encrypted; cipher=AES", - "http.response.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", - "http.server": "Microsoft-IIS\/7.5", - "http.response.line": "Server: Microsoft-IIS\/7.5\r\n", - "http.www_authenticate": "CBAuth Nonce=\"c8fP1lt0O2+7INUIyF8wag==\"", - "http.response.line": "WWW-Authenticate: CBAuth Nonce=\"c8fP1lt0O2+7INUIyF8wag==\"\r\n", - "http.response.line": "X-AspNet-Version: 4.0.30319\r\n", - "http.response.line": "X-Powered-By: ASP.NET\r\n", - "http.date": "Tue, 31 Oct 2017 23:59:33 GMT", - "http.response.line": "Date: Tue, 31 Oct 2017 23:59:33 GMT\r\n", - "http.connection": "close", - "http.response.line": "Connection: close\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.161966000", - "http.request_in": "2888", - "http.file_data": "\u00ef\u00bf\u00bd\u001f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdh\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd|AZ\u00ef\u00bf\u00bdUX" - }, - "media": { - "media.type": "ad:1f:cb:8e:68:9a:e0:7c:41:5a:ea:55:58:00:d4:95:90:e3:ce:c1:bb:66:96:56:a5:33:e8:a5:8a:59:dd:4f:b2:a9:99:a2:38:a5:ee:ab:1c:be:a6:68:cf:6f:46:f3:42:5c:5f:ed:b1:9b:9c:c8:e1:46:30:ee:d3:4c:9c:2e:6c:df:c6:05:4c:2a:bc:99:97:4b:40:d3:23:f1:9c:a4:41:66:80:e5:db:0f:71:69:b3:b6:10:84:ab:b4:46:6c:95:c3:96:4f:f7:03:48:6e:3f:00:a7:72:41:4b:dd:f8:16:c0:4a:ee:8b:c3:e4:b4:c7:0a:9c:be:50:48:6f:74:29:74:d0:01:15:c5:fb:33:57:1a:ac:f4:46:39:c0:c2:b0:6e:b9:3b:a3:92:f3:4c:83:f9:2f:f3:7b:a4:66:0f:7f:21:6e:62:ec:2d:21:7d:f3:69:0f:c5:18:b9:6f:f8:b6:ad:bb:66:21:17:be:d1:8b:9c:3e:8b:c0:3a:b4:ca:8f:ac:bb:ee:35:fd:ad:57:1a:73:2f:0b:e2:ea:fc:ad:fd:7f:84:78:c6:d4:5a:4d:58:00:b8:0d:c1:fc:6c:3e:66:6e:1d:6d:bf:ec:17:f7:c9:0c:ae:a0:71:20:90:64:70:40:f7:44:59:93:a9:6a:ad:ad:1e:31:7f:bd:9d:4f:1d:5b:99:3f:d8:b4:d1:e0:51:ea:2f:5a:c5:6c:7a:6e:3f:56:f2:32:c3:de:48:27:26:d7:ea:95:44:09:3d:73:83:34:9d:27:0d:d7:0c:24:24:74:05:bc:7f:27:34:a9:57:f0:ef:9d:f6:a6:4d:9e:11:4b:82:f6:a9:5e:01:06:b5:f3:52:59:3c:46:bb:d4:02:19:b2:54:71:99:c5:18:30:a0:7b:c9:f6:1c:0c:50:cd:50:89:65:e0:72:01:30:fc:59:7c:53:1f:59:b6:67:0f:fb:f0:fd:fb:a3:51:9d:72:94:bc:c8:7f:cd:ea:43:14:6e:48:c7:b9:53:bb:57:de:06:93:2c:07:1b:25:29:8f:d6:02:0f:58:7c:6f:5d:e8:f6:b4:11:40:34:c2:67:01:8f:d1:27:50:bb:09:ad:c8:7d:7f:84:39:a1:2d:12:74:fc:6d:52:14:fb:d2:15:11:60:6f:81:b6:6c:2a:98:25:5a:d1:f3:cc:75:68:c1:fa:55:40:6a:45:e5:b0:d7:cc:4d:6a:10:63:be:e7:ca:d5:66:d9:cc:c8:5e:63:22:f3:c1:e9:be:56:1e:db:51:74:84:f8:31:5c:9e:60:b2:db:ce:02:9d:1e:05:a2:de:49:20:73:e9:de:30:6a:b9:4d:51:5b:69:c4:ad:c2:50:3a:52:38:35:1d:da:57:ed:ec:d2:28:14:4c:63:44:73:26:20:d5:fb:51:c9:cf:23:41:15:b9:87:a6:ec:ea:6f:fb:d9:6e:91:15:83:a6:c0:3f:bd:18:af:59:64:12:a8" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:34.081221000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494374.081221000", - "frame.time_delta": "0.000091000", - "frame.time_delta_displayed": "0.000091000", - "frame.time_relative": "782.620535000", - "frame.number": "2891", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000037aa", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x00005331", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35298", - "tcp.port": "80", - "tcp.port": "35298", - "tcp.stream": "129", - "tcp.len": "0", - "tcp.seq": "872", - "tcp.ack": "1849", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x000063f7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:34.081706000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494374.081706000", - "frame.time_delta": "0.000485000", - "frame.time_delta_displayed": "0.000485000", - "frame.time_relative": "782.621020000", - "frame.number": "2892", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00003fdf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f5fc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35298", - "tcp.dstport": "80", - "tcp.port": "35298", - "tcp.port": "80", - "tcp.stream": "129", - "tcp.len": "0", - "tcp.seq": "1849", - "tcp.ack": "872", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "30485", - "tcp.window_size": "30485", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00000447", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2890", - "tcp.analysis.ack_rtt": "0.000576000", - "tcp.analysis.initial_rtt": "0.135895000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:34.082387000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494374.082387000", - "frame.time_delta": "0.000681000", - "frame.time_delta_displayed": "0.000681000", - "frame.time_relative": "782.621701000", - "frame.number": "2893", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00003fe0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f5fb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35298", - "tcp.dstport": "80", - "tcp.port": "35298", - "tcp.port": "80", - "tcp.stream": "129", - "tcp.len": "0", - "tcp.seq": "1849", - "tcp.ack": "873", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "30485", - "tcp.window_size": "30485", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00000445", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2891", - "tcp.analysis.ack_rtt": "0.001166000", - "tcp.analysis.initial_rtt": "0.135895000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:34.217382000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494374.217382000", - "frame.time_delta": "0.134995000", - "frame.time_delta_displayed": "0.134995000", - "frame.time_relative": "782.756696000", - "frame.number": "2894", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00007181", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x0000195a", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35298", - "tcp.port": "80", - "tcp.port": "35298", - "tcp.stream": "129", - "tcp.len": "0", - "tcp.seq": "873", - "tcp.ack": "1850", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x000063f6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "2893", - "tcp.analysis.ack_rtt": "0.134995000", - "tcp.analysis.initial_rtt": "0.135895000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:34.860241000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494374.860241000", - "frame.time_delta": "0.642859000", - "frame.time_delta_displayed": "0.642859000", - "frame.time_relative": "783.399555000", - "frame.number": "2895", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000057ee", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a6a3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "241", - "tcp.ack": "217", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000004f7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive": "", - "_ws.expert.message": "TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:35.005706000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494375.005706000", - "frame.time_delta": "0.145465000", - "frame.time_delta_displayed": "0.145465000", - "frame.time_relative": "783.545020000", - "frame.number": "2896", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000fdd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fdb4", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "217", - "tcp.ack": "242", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00000f6c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive_ack": "", - "_ws.expert.message": "ACK to a TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:36.422594000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494376.422594000", - "frame.time_delta": "1.416888000", - "frame.time_delta_displayed": "1.416888000", - "frame.time_relative": "784.961908000", - "frame.number": "2897", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005c4a", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x00005b9f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:36.686412000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494376.686412000", - "frame.time_delta": "0.263818000", - "frame.time_delta_displayed": "0.263818000", - "frame.time_relative": "785.225726000", - "frame.number": "2898", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x000020ed", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e727", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "58929", - "udp.dstport": "1900", - "udp.port": "58929", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x0000642c", - "udp.checksum.status": "2", - "udp.stream": "73" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:37.237257000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494377.237257000", - "frame.time_delta": "0.550845000", - "frame.time_delta_displayed": "0.550845000", - "frame.time_relative": "785.776571000", - "frame.number": "2899", - "frame.len": "354", - "frame.cap_len": "354", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "340", - "ip.id": "0x00002c52", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000380d", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "288", - "tcp.seq": "5278", - "tcp.nxtseq": "5566", - "tcp.ack": "24072", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000093fc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9d:fa:b1:00:25:e1:8d", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812148401, TSecr 2482573": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812148401", - "tcp.options.timestamp.tsecr": "2482573" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "288", - "tcp.analysis.push_bytes_sent": "288" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "283", - "ssl.app_data": "34:cd:34:17:47:48:0e:59:d8:38:dd:48:81:b3:18:f9:c5:a2:06:f4:d8:dc:96:4e:5e:b1:ec:f7:4a:e0:11:61:79:d2:66:fa:c4:99:8a:57:76:72:11:48:21:34:d1:d8:24:19:fd:56:f8:b4:95:f2:73:e7:44:13:34:cf:57:88:a0:58:85:01:d6:5c:b2:16:e2:d5:62:5c:14:73:76:73:33:39:1d:9f:36:36:6e:79:d3:80:0a:8c:58:06:c4:40:05:84:3b:eb:1b:76:b2:7c:47:5d:78:f7:9e:85:05:a2:f9:c2:19:76:63:e5:39:da:6f:82:fb:9f:ec:e5:fb:7c:93:6b:88:93:3c:54:b8:db:c3:3d:ec:1c:48:53:25:2b:4c:73:7d:ee:5a:3c:cc:d7:27:e4:0e:6b:75:4c:4f:3b:70:54:6b:c7:84:29:aa:cd:d3:df:89:ba:0d:bc:1b:0c:aa:74:eb:91:9f:9d:ca:41:d4:88:05:a1:76:fa:3c:ee:e8:d0:7c:6d:9e:d5:7c:bf:db:df:55:ac:3e:9a:51:7b:06:13:be:4f:af:c4:7e:0c:5a:97:bd:d3:40:04:0b:73:26:b4:c0:0f:76:a9:4c:06:65:45:69:ed:bc:31:e9:31:f9:1b:4d:5f:72:a7:d9:bb:4f:59:36:bc:4a:17:d3:63:73:ff:48:cf:f4:0b:0c:41:ad:2a:7a:fc:a8:44:7e:0c:36:52:97:27:57:0d:67:9a:55:a1:f5" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:37.237762000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494377.237762000", - "frame.time_delta": "0.000505000", - "frame.time_delta_displayed": "0.000505000", - "frame.time_relative": "785.777076000", - "frame.number": "2900", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000955e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007821", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "24072", - "tcp.ack": "5566", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00005547", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:e3:e0:a7:9d:fa:b1", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2483168, TSecr 2812148401": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2483168", - "tcp.options.timestamp.tsecr": "2812148401" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2899", - "tcp.analysis.ack_rtt": "0.000505000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:37.246712000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494377.246712000", - "frame.time_delta": "0.008950000", - "frame.time_delta_displayed": "0.008950000", - "frame.time_relative": "785.786026000", - "frame.number": "2901", - "frame.len": "119", - "frame.cap_len": "119", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "105", - "ip.id": "0x0000955f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000077eb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "53", - "tcp.seq": "24072", - "tcp.nxtseq": "24125", - "tcp.ack": "5566", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000b1b5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:e3:e1:a7:9d:fa:b1", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2483169, TSecr 2812148401": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2483169", - "tcp.options.timestamp.tsecr": "2812148401" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "53", - "tcp.analysis.push_bytes_sent": "53" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "48", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:00:32:c3:43:57:df:16:b7:40:c5:11:28:29:5f:b4:b8:e0:26:cb:a7:8b:64:6d:cb:a4:99:15:c3:14:b3:f9:a9:8e:6c:c4:e9:cf:2b:14:e7:96" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:37.328593000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494377.328593000", - "frame.time_delta": "0.081881000", - "frame.time_delta_displayed": "0.081881000", - "frame.time_relative": "785.867907000", - "frame.number": "2902", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00007c50", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003afb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "58929", - "udp.port": "1900", - "udp.port": "58929", - "udp.length": "305", - "udp.checksum": "0x0000dee9", - "udp.checksum.status": "2", - "udp.stream": "74" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:37.346417000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494377.346417000", - "frame.time_delta": "0.017824000", - "frame.time_delta_displayed": "0.017824000", - "frame.time_relative": "785.885731000", - "frame.number": "2903", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c53", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000392c", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "5566", - "tcp.ack": "24125", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000055e4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9d:fa:cd:00:25:e3:e1", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812148429, TSecr 2483169": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812148429", - "tcp.options.timestamp.tsecr": "2483169" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2901", - "tcp.analysis.ack_rtt": "0.099705000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:37.346979000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494377.346979000", - "frame.time_delta": "0.000562000", - "frame.time_delta_displayed": "0.000562000", - "frame.time_relative": "785.886293000", - "frame.number": "2904", - "frame.len": "765", - "frame.cap_len": "765", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "751", - "ip.id": "0x00009560", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007564", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "699", - "tcp.seq": "24125", - "tcp.nxtseq": "24824", - "tcp.ack": "5566", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000311b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:e3:eb:a7:9d:fa:cd", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2483179, TSecr 2812148429": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2483179", - "tcp.options.timestamp.tsecr": "2812148429" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "699", - "tcp.analysis.push_bytes_sent": "699" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:01:72:df:96:0d:a3:b3:3e:ab:f3:47:86:6b:5b:e9:4c:57:70:e5:e6:2c:f0:e4:03:d3:85:1d:74:72:1b:00:82:3f:18:9f:ed:11:dc:3f:9f:d5:b5" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "251", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:02:18:43:cb:53:d9:d4:1f:54:91:c1:f6:6d:11:54:74:d0:29:db:f0:c2:ed:96:73:cc:30:ba:fd:9c:3c:38:c1:fd:0b:41:0a:a5:a3:dd:f0:bc:5b:59:0a:83:3c:97:a1:13:8f:2d:72:21:75:7d:0b:11:d6:d6:2c:79:13:e4:9b:94:3d:0d:f9:0e:09:0d:c1:bc:64:d2:c0:5f:4e:bb:ea:16:7e:ea:69:96:c5:3d:7c:b7:60:e3:da:1a:51:9b:c0:18:c1:d7:a1:b8:b9:a8:53:93:d4:45:fb:44:fe:cb:51:5e:e1:db:e6:64:25:c6:b9:21:1c:a9:d2:20:28:3b:74:94:88:68:5c:8c:da:3e:ca:0e:f2:e9:04:09:5a:1c:68:a8:b9:4a:1d:2d:ca:64:b1:f7:f1:c3:a7:dd:e4:25:00:6a:3a:e7:9d:11:75:a6:b4:b1:1e:3c:61:f7:d2:4e:cc:fb:df:6b:ad:03:6f:b6:b8:d8:dd:14:83:78:f6:2a:ee:8e:57:8f:22:8c:ef:fb:1a:6e:23:18:59:71:47:fe:ed:d4:d3:17:dd:83:4f:bb:a5:56:99:ee:dd:91:27:da:38:df:28:08:49:06:0d:13:fa:b9:f9:8e:54:c7:32:32:11:c7:a0:07:67" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "384", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:03:e0:8b:27:7b:f3:2e:f1:b5:be:85:47:df:44:a0:04:91:33:ba:2a:24:ac:6d:5a:8f:e7:c9:1c:c6:ce:d2:38:ae:a3:85:66:de:e9:19:e6:64:20:14:68:c3:86:d4:f2:f6:b4:1e:64:dc:d3:ef:b1:7d:4a:fa:66:8d:5a:fa:4e:18:70:c5:98:72:d1:89:8c:ea:a9:8f:dc:58:f1:fe:7d:eb:41:3f:15:c5:dc:a8:7e:a2:ee:5b:8b:67:74:f8:c3:0f:00:a2:73:7b:fe:f6:ae:4e:5a:65:f7:e7:fb:c1:d6:c1:30:f6:65:0f:38:cc:b9:63:9a:05:ef:f8:c4:e2:1b:ca:c4:07:10:8a:c0:6a:97:3a:a4:e4:d8:f2:3a:1e:e7:48:55:ac:b5:9f:25:63:26:91:8c:ce:f4:84:22:97:e0:ab:68:44:03:88:0f:75:c1:85:74:ec:a0:c4:57:a9:35:44:4c:da:61:2c:a3:15:c8:62:ff:dc:ed:19:6c:db:ac:ab:71:cb:53:c7:15:f9:e2:ed:8d:6e:c0:b3:12:3f:9e:4b:8d:17:2c:11:42:a6:a8:c3:d0:a7:eb:86:06:af:f0:0e:48:a6:a2:28:49:ad:ac:36:9a:ba:8f:e9:2c:66:e7:20:10:f2:fd:1f:54:9d:ba:ae:54:10:bb:4e:86:be:77:5f:7d:46:9f:68:96:5d:18:e7:41:99:39:fa:71:b5:8b:0d:50:a3:3b:75:af:e5:61:2a:31:18:0d:a3:ee:93:c3:70:20:50:30:9b:70:3f:4a:8a:41:1d:a4:aa:bb:54:08:db:22:52:eb:3a:2f:0a:fd:4e:31:55:8b:e6:bb:7b:5e:10:f1:01:0d:04:98:50:23:f8:62:56:21:03:c8:2a:2d:2e:27:10:9f:14:51:8e:89:43:54:ea:90:86:10:f5:4f:96:c3:73:78:25:b8:66:35:f8:a6:89:75:88:4a:89:8f:f0:40:3d:5a:49:a0:4c:ad:02" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:37.381339000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494377.381339000", - "frame.time_delta": "0.034360000", - "frame.time_delta_displayed": "0.034360000", - "frame.time_relative": "785.920653000", - "frame.number": "2905", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00007c54", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003aee", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "58929", - "udp.port": "1900", - "udp.port": "58929", - "udp.length": "314", - "udp.checksum": "0x0000ecd4", - "udp.checksum.status": "2", - "udp.stream": "74" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "2", - "http.prev_response_in": "2902" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:37.407358000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494377.407358000", - "frame.time_delta": "0.026019000", - "frame.time_delta_displayed": "0.026019000", - "frame.time_relative": "785.946672000", - "frame.number": "2906", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c54", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000392b", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "5566", - "tcp.ack": "24824", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00005310", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9d:fa:dc:00:25:e3:eb", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812148444, TSecr 2483179": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812148444", - "tcp.options.timestamp.tsecr": "2483179" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2904", - "tcp.analysis.ack_rtt": "0.060379000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:37.434351000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494377.434351000", - "frame.time_delta": "0.026993000", - "frame.time_delta_displayed": "0.026993000", - "frame.time_relative": "785.973665000", - "frame.number": "2907", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00007c59", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003aef", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "58929", - "udp.port": "1900", - "udp.port": "58929", - "udp.length": "308", - "udp.checksum": "0x0000105f", - "udp.checksum.status": "2", - "udp.stream": "74" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "3", - "http.prev_response_in": "2905" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:37.659394000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494377.659394000", - "frame.time_delta": "0.225043000", - "frame.time_delta_displayed": "0.225043000", - "frame.time_relative": "786.198708000", - "frame.number": "2908", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "106", - "ip.id": "0x00009561", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000077e8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "54", - "tcp.seq": "24824", - "tcp.nxtseq": "24878", - "tcp.ack": "5566", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00009bcb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:e4:0a:a7:9d:fa:dc", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2483210, TSecr 2812148444": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2483210", - "tcp.options.timestamp.tsecr": "2812148444" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "54", - "tcp.analysis.push_bytes_sent": "54" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:04:26:c8:c7:7e:1b:dd:b3:93:97:4f:48:bb:03:5c:b8:e5:b3:01:09:0f:2c:1c:8c:e9:c4:1b:bb:ea:09:8c:01:9b:80:6d:7a:75:e6:16:37:68:66" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:37.687041000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494377.687041000", - "frame.time_delta": "0.027647000", - "frame.time_delta_displayed": "0.027647000", - "frame.time_relative": "786.226355000", - "frame.number": "2909", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x000020ee", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e726", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "58929", - "udp.dstport": "1900", - "udp.port": "58929", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x0000642c", - "udp.checksum.status": "2", - "udp.stream": "73" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "2", - "http.prev_request_in": "2898" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:37.719647000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494377.719647000", - "frame.time_delta": "0.032606000", - "frame.time_delta_displayed": "0.032606000", - "frame.time_relative": "786.258961000", - "frame.number": "2910", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c55", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000392a", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "5566", - "tcp.ack": "24878", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000526d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9d:fb:2a:00:25:e4:0a", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812148522, TSecr 2483210": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812148522", - "tcp.options.timestamp.tsecr": "2483210" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2908", - "tcp.analysis.ack_rtt": "0.060253000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:38.333458000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494378.333458000", - "frame.time_delta": "0.613811000", - "frame.time_delta_displayed": "0.613811000", - "frame.time_relative": "786.872772000", - "frame.number": "2911", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00007c78", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003ad3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "58929", - "udp.port": "1900", - "udp.port": "58929", - "udp.length": "305", - "udp.checksum": "0x0000dee9", - "udp.checksum.status": "2", - "udp.stream": "74" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "4", - "http.prev_response_in": "2907" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:38.386248000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494378.386248000", - "frame.time_delta": "0.052790000", - "frame.time_delta_displayed": "0.052790000", - "frame.time_relative": "786.925562000", - "frame.number": "2912", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00007c7c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003ac6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "58929", - "udp.port": "1900", - "udp.port": "58929", - "udp.length": "314", - "udp.checksum": "0x0000ecd4", - "udp.checksum.status": "2", - "udp.stream": "74" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "5", - "http.prev_response_in": "2911" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:38.439025000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494378.439025000", - "frame.time_delta": "0.052777000", - "frame.time_delta_displayed": "0.052777000", - "frame.time_relative": "786.978339000", - "frame.number": "2913", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00007c80", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003ac8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "58929", - "udp.port": "1900", - "udp.port": "58929", - "udp.length": "308", - "udp.checksum": "0x0000105f", - "udp.checksum.status": "2", - "udp.stream": "74" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "6", - "http.prev_response_in": "2912" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:38.650884000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494378.650884000", - "frame.time_delta": "0.211859000", - "frame.time_delta_displayed": "0.211859000", - "frame.time_relative": "787.190198000", - "frame.number": "2914", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.160" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:38.651251000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494378.651251000", - "frame.time_delta": "0.000367000", - "frame.time_delta_displayed": "0.000367000", - "frame.time_relative": "787.190565000", - "frame.number": "2915", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "00:17:88:69:ee:e4", - "arp.src.proto_ipv4": "192.168.0.160", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:38.687809000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494378.687809000", - "frame.time_delta": "0.036558000", - "frame.time_delta_displayed": "0.036558000", - "frame.time_relative": "787.227123000", - "frame.number": "2916", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x000020ef", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e725", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "58929", - "udp.dstport": "1900", - "udp.port": "58929", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x0000642c", - "udp.checksum.status": "2", - "udp.stream": "73" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "3", - "http.prev_request_in": "2909" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:38.912968000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494378.912968000", - "frame.time_delta": "0.225159000", - "frame.time_delta_displayed": "0.225159000", - "frame.time_relative": "787.452282000", - "frame.number": "2917", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00007c9b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003ab0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "58929", - "udp.port": "1900", - "udp.port": "58929", - "udp.length": "305", - "udp.checksum": "0x0000dee9", - "udp.checksum.status": "2", - "udp.stream": "74" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "7", - "http.prev_response_in": "2913" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:38.965794000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494378.965794000", - "frame.time_delta": "0.052826000", - "frame.time_delta_displayed": "0.052826000", - "frame.time_relative": "787.505108000", - "frame.number": "2918", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00007c9f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003aa3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "58929", - "udp.port": "1900", - "udp.port": "58929", - "udp.length": "314", - "udp.checksum": "0x0000ecd4", - "udp.checksum.status": "2", - "udp.stream": "74" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "8", - "http.prev_response_in": "2917" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:39.018507000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494379.018507000", - "frame.time_delta": "0.052713000", - "frame.time_delta_displayed": "0.052713000", - "frame.time_relative": "787.557821000", - "frame.number": "2919", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00007ca2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003aa6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "58929", - "udp.port": "1900", - "udp.port": "58929", - "udp.length": "308", - "udp.checksum": "0x0000105f", - "udp.checksum.status": "2", - "udp.stream": "74" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "9", - "http.prev_response_in": "2918" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:39.386445000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494379.386445000", - "frame.time_delta": "0.367938000", - "frame.time_delta_displayed": "0.367938000", - "frame.time_relative": "787.925759000", - "frame.number": "2920", - "frame.len": "353", - "frame.cap_len": "353", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "339", - "ip.id": "0x00002c56", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000380a", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "287", - "tcp.seq": "5566", - "tcp.nxtseq": "5853", - "tcp.ack": "24878", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000c3fb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9d:fc:cb:00:25:e4:0a", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812148939, TSecr 2483210": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812148939", - "tcp.options.timestamp.tsecr": "2483210" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "287", - "tcp.analysis.push_bytes_sent": "287" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "282", - "ssl.app_data": "34:cd:34:17:47:48:0e:5a:a9:52:55:e4:70:c0:c1:4d:48:3f:a3:c6:2f:dc:ab:47:9e:bf:02:62:71:0f:af:e3:15:8d:d2:3f:72:2a:1b:4a:bd:05:35:bf:10:e1:3f:4c:73:4e:d0:49:b4:24:41:7d:6b:60:eb:b7:50:ff:b2:d3:de:ba:6e:d9:eb:87:f1:cf:4d:ca:3a:c0:fe:8d:43:f5:20:71:95:e8:af:68:47:f7:2a:f9:a5:75:49:87:c2:5c:da:44:26:14:be:ec:11:cc:1c:0c:bf:fd:30:09:ad:54:51:2b:ce:f1:1d:98:36:52:f0:38:13:10:0d:7e:31:da:2b:45:a0:c1:b0:aa:85:31:50:01:47:8e:44:1b:d0:c7:2e:e4:fe:31:88:78:78:f8:c1:10:d7:6a:25:ab:6e:b8:c9:01:ae:55:2d:b1:a4:2d:46:94:73:9f:f5:98:8b:9a:aa:8b:04:96:9e:89:0c:c4:6f:cb:1d:e2:54:de:03:ff:af:0e:04:c7:73:31:d6:b6:e9:18:59:a8:b6:d7:20:d7:1b:73:7b:29:48:69:91:2d:23:5a:d3:c7:fd:b0:e9:df:d2:06:1f:28:ea:f0:73:1b:fd:b9:31:1a:ef:4a:7e:84:5e:6c:a6:2e:df:fa:ab:d6:43:7a:39:24:3b:4a:f0:83:50:ec:08:db:de:23:5e:40:34:4d:7a:48:eb:b1:86:ae:ba:86:c4:7c:25:c6:e9:31:7e:8d" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:39.401107000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494379.401107000", - "frame.time_delta": "0.014662000", - "frame.time_delta_displayed": "0.014662000", - "frame.time_relative": "787.940421000", - "frame.number": "2921", - "frame.len": "119", - "frame.cap_len": "119", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "105", - "ip.id": "0x00009562", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000077e8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "53", - "tcp.seq": "24878", - "tcp.nxtseq": "24931", - "tcp.ack": "5853", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00005f3e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:e4:b8:a7:9d:fc:cb", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2483384, TSecr 2812148939": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2483384", - "tcp.options.timestamp.tsecr": "2812148939" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2920", - "tcp.analysis.ack_rtt": "0.014662000", - "tcp.analysis.bytes_in_flight": "53", - "tcp.analysis.push_bytes_sent": "53" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "48", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:05:70:cc:9d:66:3c:63:25:5e:a9:28:b2:7f:03:54:6a:7c:dc:e7:25:98:14:62:a8:87:26:3f:c6:ef:2f:d5:c7:06:04:dc:e0:29:da:49:d8:b1" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:39.461262000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494379.461262000", - "frame.time_delta": "0.060155000", - "frame.time_delta_displayed": "0.060155000", - "frame.time_relative": "788.000576000", - "frame.number": "2922", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c57", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003928", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "5853", - "tcp.ack": "24931", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00004eb8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9d:fc:dd:00:25:e4:b8", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812148957, TSecr 2483384": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812148957", - "tcp.options.timestamp.tsecr": "2483384" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2921", - "tcp.analysis.ack_rtt": "0.060155000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:39.461814000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494379.461814000", - "frame.time_delta": "0.000552000", - "frame.time_delta_displayed": "0.000552000", - "frame.time_relative": "788.001128000", - "frame.number": "2923", - "frame.len": "764", - "frame.cap_len": "764", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "750", - "ip.id": "0x00009563", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007562", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "698", - "tcp.seq": "24931", - "tcp.nxtseq": "25629", - "tcp.ack": "5853", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000ee7d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:e4:be:a7:9d:fc:dd", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2483390, TSecr 2812148957": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2483390", - "tcp.options.timestamp.tsecr": "2812148957" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "698", - "tcp.analysis.push_bytes_sent": "698" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:06:45:3b:30:b9:56:56:b1:62:76:98:6f:a9:49:6e:7f:e0:7d:a7:c7:b4:40:10:ac:f1:9b:ed:48:35:08:61:d4:d7:b8:82:8b:1a:e8:af:18:ab:15" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "353", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:07:db:b1:16:4f:77:e4:d9:26:cf:0b:46:c5:ac:12:b0:71:46:47:09:fc:7d:00:85:5a:a1:48:f6:57:61:e1:10:bf:7a:37:60:dd:07:44:b6:72:a0:3e:77:09:8c:df:a6:21:67:2f:3b:30:0a:89:da:03:1c:ea:65:ed:4a:64:ea:4a:d7:54:4c:a2:5a:99:61:81:40:ef:a2:94:ef:c2:c4:19:0a:3b:3d:fd:7b:eb:4e:6e:19:26:e1:de:26:78:b8:b6:36:aa:77:4a:ac:71:52:31:01:18:4b:19:b5:d0:bc:2f:6b:b1:a7:9e:6f:4e:49:94:f9:f5:cb:7a:e6:3f:0a:9f:4a:15:68:42:59:1e:16:1f:a3:31:86:b7:a8:bd:a3:c0:76:36:e7:bd:63:14:d9:c9:a0:4f:64:12:60:81:b1:80:2c:2c:b8:b3:6b:1e:60:51:8c:c6:0d:29:64:57:33:85:3c:f1:d9:e9:df:59:37:15:9b:dc:04:71:6d:87:40:3d:48:12:a5:2d:c3:9b:f1:74:3b:2c:13:51:2b:3e:b0:d2:dd:43:5a:d0:6e:8a:d0:dc:8c:20:41:8c:42:00:11:8c:0c:80:5a:40:2a:41:c9:0c:5e:b1:55:ab:7f:bc:24:b6:b1:50:31:cf:88:ac:e0:f4:8b:30:0d:b2:48:90:e3:a5:ca:cb:64:85:aa:a2:54:ec:80:af:01:0d:c8:29:bd:9c:91:d8:06:4e:5f:65:c3:10:53:91:94:79:a0:7a:6d:2d:3b:3f:a8:35:aa:ab:65:67:29:a7:01:69:ea:7d:3d:f1:24:d0:1b:8f:08:2c:9c:80:c8:97:5d:f1:37:a5:21:68:e0:ca:f1:9c:f1:2a:39:8d:6e:ad:b7:72:fa:3f:75:d1:f4:b6:c2:cc:48:96:7f:14:70" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "281", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:08:fb:5f:c9:61:b5:6f:24:f6:a1:ac:a7:7e:69:47:71:2e:4f:ab:1d:e8:73:28:39:3b:e8:03:03:5f:f5:fa:05:96:8b:39:50:78:12:84:2a:b7:2e:9d:0a:68:fd:d3:83:f0:b6:bc:5e:c8:3a:e0:86:8f:4b:cb:ce:bf:c3:2c:bc:a1:b2:a5:7e:30:58:52:1b:80:0f:a6:1a:f4:a2:ad:77:57:4e:0c:79:db:ea:47:8b:a2:e3:aa:29:06:e6:32:b5:2c:de:94:d3:78:e5:6c:b5:3e:da:47:79:9d:9a:94:7b:84:27:36:ce:5b:6e:f0:8c:bd:e8:f5:f6:e3:be:67:71:03:39:ca:69:a8:36:2e:9f:d1:31:b8:b3:a6:7f:83:84:21:9c:bc:f8:f8:6b:8b:b9:14:62:54:be:34:26:11:da:b8:02:34:f5:01:25:77:12:20:14:e5:2d:31:65:83:7b:0e:a8:29:4f:44:54:2a:8f:31:95:95:4e:a4:29:5d:a8:7a:24:6d:62:14:1b:0b:af:b6:54:91:8b:9e:75:4f:26:32:6d:ee:14:51:ad:b9:d7:85:f4:eb:87:67:bc:08:d7:6d:7f:31:40:b3:fb:60:34:88:8e:3b:29:d6:62:32:bf:f5:33:34:52:02:5e:e3:9a:c3:7b:7c:34:dc:b5:69:5c:06:d9:01:93:4a:e0:d1:4d:4a:a9:54:82:1b:7e:09:b3:a8:a5" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:39.521949000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494379.521949000", - "frame.time_delta": "0.060135000", - "frame.time_delta_displayed": "0.060135000", - "frame.time_relative": "788.061263000", - "frame.number": "2924", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c58", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003927", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "5853", - "tcp.ack": "25629", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00004be9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9d:fc:ec:00:25:e4:be", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812148972, TSecr 2483390": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812148972", - "tcp.options.timestamp.tsecr": "2483390" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2923", - "tcp.analysis.ack_rtt": "0.060135000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:39.688898000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494379.688898000", - "frame.time_delta": "0.166949000", - "frame.time_delta_displayed": "0.166949000", - "frame.time_relative": "788.228212000", - "frame.number": "2925", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x000020f0", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e724", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "58929", - "udp.dstport": "1900", - "udp.port": "58929", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x0000642c", - "udp.checksum.status": "2", - "udp.stream": "73" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "4", - "http.prev_request_in": "2916" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:39.812813000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494379.812813000", - "frame.time_delta": "0.123915000", - "frame.time_delta_displayed": "0.123915000", - "frame.time_relative": "788.352127000", - "frame.number": "2926", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "106", - "ip.id": "0x00009564", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000077e5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "54", - "tcp.seq": "25629", - "tcp.nxtseq": "25683", - "tcp.ack": "5853", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000044e1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:e4:e1:a7:9d:fc:ec", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2483425, TSecr 2812148972": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2483425", - "tcp.options.timestamp.tsecr": "2812148972" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "54", - "tcp.analysis.push_bytes_sent": "54" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:09:52:e3:b3:01:ae:09:de:6d:b7:82:34:c2:96:2c:67:03:f9:94:3c:27:66:6a:a2:90:69:dd:9f:e1:f6:87:d5:4e:32:98:18:73:25:19:66:b2:31" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:39.872889000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494379.872889000", - "frame.time_delta": "0.060076000", - "frame.time_delta_displayed": "0.060076000", - "frame.time_relative": "788.412203000", - "frame.number": "2927", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c59", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003926", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "5853", - "tcp.ack": "25683", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00004b38", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9d:fd:44:00:25:e4:e1", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812149060, TSecr 2483425": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812149060", - "tcp.options.timestamp.tsecr": "2483425" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2926", - "tcp.analysis.ack_rtt": "0.060076000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:39.965884000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494379.965884000", - "frame.time_delta": "0.092995000", - "frame.time_delta_displayed": "0.092995000", - "frame.time_relative": "788.505198000", - "frame.number": "2928", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00007cae", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003a9d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "58929", - "udp.port": "1900", - "udp.port": "58929", - "udp.length": "305", - "udp.checksum": "0x0000dee9", - "udp.checksum.status": "2", - "udp.stream": "74" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "10", - "http.prev_response_in": "2919" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:40.018620000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494380.018620000", - "frame.time_delta": "0.052736000", - "frame.time_delta_displayed": "0.052736000", - "frame.time_relative": "788.557934000", - "frame.number": "2929", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00007cb1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003a91", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "58929", - "udp.port": "1900", - "udp.port": "58929", - "udp.length": "314", - "udp.checksum": "0x0000ecd4", - "udp.checksum.status": "2", - "udp.stream": "74" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "11", - "http.prev_response_in": "2928" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:40.071422000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494380.071422000", - "frame.time_delta": "0.052802000", - "frame.time_delta_displayed": "0.052802000", - "frame.time_relative": "788.610736000", - "frame.number": "2930", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00007cb2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003a96", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "58929", - "udp.port": "1900", - "udp.port": "58929", - "udp.length": "308", - "udp.checksum": "0x0000105f", - "udp.checksum.status": "2", - "udp.stream": "74" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "12", - "http.prev_response_in": "2929" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:41.175576000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494381.175576000", - "frame.time_delta": "1.104154000", - "frame.time_delta_displayed": "1.104154000", - "frame.time_relative": "789.714890000", - "frame.number": "2931", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00007cea", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003a61", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "58929", - "udp.port": "1900", - "udp.port": "58929", - "udp.length": "305", - "udp.checksum": "0x0000dee9", - "udp.checksum.status": "2", - "udp.stream": "74" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "13", - "http.prev_response_in": "2930" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:41.228725000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494381.228725000", - "frame.time_delta": "0.053149000", - "frame.time_delta_displayed": "0.053149000", - "frame.time_relative": "789.768039000", - "frame.number": "2932", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00007ceb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003a57", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "58929", - "udp.port": "1900", - "udp.port": "58929", - "udp.length": "314", - "udp.checksum": "0x0000ecd4", - "udp.checksum.status": "2", - "udp.stream": "74" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "14", - "http.prev_response_in": "2931" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:41.281643000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494381.281643000", - "frame.time_delta": "0.052918000", - "frame.time_delta_displayed": "0.052918000", - "frame.time_relative": "789.820957000", - "frame.number": "2933", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00007cee", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003a5a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "58929", - "udp.port": "1900", - "udp.port": "58929", - "udp.length": "308", - "udp.checksum": "0x0000105f", - "udp.checksum.status": "2", - "udp.stream": "74" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "15", - "http.prev_response_in": "2932" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:41.498719000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494381.498719000", - "frame.time_delta": "0.217076000", - "frame.time_delta_displayed": "0.217076000", - "frame.time_relative": "790.038033000", - "frame.number": "2934", - "frame.len": "354", - "frame.cap_len": "354", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "340", - "ip.id": "0x00002c5a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003805", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "288", - "tcp.seq": "5853", - "tcp.nxtseq": "6141", - "tcp.ack": "25683", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00006265", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9d:fe:db:00:25:e4:e1", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812149467, TSecr 2483425": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812149467", - "tcp.options.timestamp.tsecr": "2483425" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "288", - "tcp.analysis.push_bytes_sent": "288" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "283", - "ssl.app_data": "34:cd:34:17:47:48:0e:5b:5f:de:ad:d9:0e:29:91:d1:ae:71:d2:09:c0:e7:05:79:3b:17:34:93:f0:32:f9:30:ef:13:15:cb:75:88:cc:91:3d:02:08:4e:50:70:28:50:52:2b:c3:f3:30:51:87:fa:43:55:07:a5:ec:da:a1:bc:2e:e8:ce:59:f8:fb:4e:63:ed:3c:d0:d2:cc:2b:3b:f7:65:ab:ef:f9:4e:55:e6:55:fb:96:0d:01:b6:2d:80:f6:06:62:0e:38:05:93:57:68:37:34:f5:0f:5b:ac:89:75:4c:b4:be:2c:6d:4c:0a:59:ef:89:b5:b3:ca:b1:33:19:97:17:e1:32:0a:18:9b:0d:47:3f:aa:3e:90:f2:9f:12:09:f2:e5:f0:ff:8f:dd:1d:c9:4b:5b:ba:f7:e9:b3:4b:7a:75:8a:f1:a9:11:c5:4d:1b:2d:e3:3b:38:c0:d4:ed:0e:3c:f6:cf:57:0f:a3:3b:1a:e3:4e:26:16:5f:2e:5b:77:65:87:1c:9f:a7:be:1f:bb:81:58:6f:ad:af:ae:13:5a:30:68:81:af:58:d7:eb:17:98:e0:1d:17:88:ea:40:fb:ae:d5:35:27:a8:72:51:be:65:f0:50:a8:16:64:b6:c9:0b:b0:c1:36:ec:52:db:fd:99:13:93:9d:a6:4d:94:a8:a5:19:c2:36:2d:b8:ef:54:bf:ab:1e:27:ec:7c:9a:1a:10:c3:48:4f:eb:2f:b7:2e:aa:b9" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:41.519779000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494381.519779000", - "frame.time_delta": "0.021060000", - "frame.time_delta_displayed": "0.021060000", - "frame.time_relative": "790.059093000", - "frame.number": "2935", - "frame.len": "119", - "frame.cap_len": "119", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "105", - "ip.id": "0x00009565", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000077e5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "53", - "tcp.seq": "25683", - "tcp.nxtseq": "25736", - "tcp.ack": "6141", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00003d6d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:e5:8c:a7:9d:fe:db", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2483596, TSecr 2812149467": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2483596", - "tcp.options.timestamp.tsecr": "2812149467" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2934", - "tcp.analysis.ack_rtt": "0.021060000", - "tcp.analysis.bytes_in_flight": "53", - "tcp.analysis.push_bytes_sent": "53" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "48", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:0a:e7:31:6e:c6:45:56:d5:f7:90:91:d6:2e:46:2a:1d:18:b6:45:fa:6e:ba:94:a0:1a:84:29:90:dc:e5:74:3f:ef:79:fc:f5:b9:08:34:23:f7" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:41.579840000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494381.579840000", - "frame.time_delta": "0.060061000", - "frame.time_delta_displayed": "0.060061000", - "frame.time_relative": "790.119154000", - "frame.number": "2936", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c5b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003924", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "6141", - "tcp.ack": "25736", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000478d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9d:fe:ef:00:25:e5:8c", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812149487, TSecr 2483596": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812149487", - "tcp.options.timestamp.tsecr": "2483596" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2935", - "tcp.analysis.ack_rtt": "0.060061000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:41.580384000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494381.580384000", - "frame.time_delta": "0.000544000", - "frame.time_delta_displayed": "0.000544000", - "frame.time_relative": "790.119698000", - "frame.number": "2937", - "frame.len": "765", - "frame.cap_len": "765", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "751", - "ip.id": "0x00009566", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000755e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "699", - "tcp.seq": "25736", - "tcp.nxtseq": "26435", - "tcp.ack": "6141", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00008787", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:e5:92:a7:9d:fe:ef", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2483602, TSecr 2812149487": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2483602", - "tcp.options.timestamp.tsecr": "2812149487" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "699", - "tcp.analysis.push_bytes_sent": "699" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:0b:6b:74:d8:af:76:2a:5d:5e:d4:48:06:22:a1:76:55:59:e7:d9:8c:6f:c1:6a:33:90:8a:83:66:17:ae:87:04:f5:c8:53:0f:76:9a:74:63:b2:05" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "96", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:0c:6c:bc:e5:13:4c:bf:d8:25:a1:86:0a:8a:57:1c:6a:bd:60:4c:77:02:14:1a:04:02:7b:4e:d7:17:60:f0:67:ee:d5:a9:6e:cd:2d:0c:bf:c4:51:ca:fa:03:18:d6:c3:47:4d:41:39:bf:2e:d6:2f:2a:ed:9f:0a:16:5d:00:c4:4a:96:46:c1:32:6a:ce:bf:db:4c:7a:c6:82:ad:69:f2:f0:9f:fc:57:3d:28:2a:08:f1" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "539", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:0d:a9:1d:7a:72:be:68:1e:6c:8e:bc:2a:15:a4:72:a1:92:5b:77:97:ed:eb:c3:87:9d:3e:92:fa:f5:fe:7b:d4:a0:9e:e8:c0:bf:e5:52:3f:74:2f:85:98:a2:10:af:35:44:03:f1:1d:9f:33:2c:0c:a7:b6:a2:7a:9e:0c:03:23:80:af:94:3a:52:31:12:5f:ae:42:93:d2:49:02:d1:c5:95:9c:b6:4e:ac:3a:6a:82:d2:b2:6d:b7:d1:22:a2:bf:4f:b3:72:00:69:05:84:c3:0d:c2:2b:23:66:6c:c2:b6:98:ed:ff:bc:72:41:6b:ce:9f:49:31:fd:39:28:41:9f:71:6e:53:0d:a8:8a:3a:ed:cf:4c:f3:b3:ce:66:06:03:98:66:3a:35:5b:9f:8a:bb:c8:f3:9a:ee:ec:c6:9c:13:7b:b2:a7:fa:56:17:98:74:b9:ac:0a:8f:66:20:73:ef:7c:cf:02:90:21:9d:03:9e:24:ad:87:b0:72:08:6a:c3:21:f8:0c:35:58:22:83:e0:c6:5d:46:6a:92:35:28:c4:3a:e1:43:49:e9:4b:0a:7b:0f:64:1a:f8:6d:b2:c7:5e:82:d3:e6:a1:34:6c:af:3e:17:dd:13:46:2f:f7:15:57:84:04:63:fa:0b:3c:90:2f:83:65:9f:d7:31:88:42:a0:11:2a:7f:c6:f6:83:52:f2:79:d9:d8:2c:36:e9:84:21:aa:fb:6e:6b:22:e3:dc:a3:f6:3b:37:cf:2a:df:15:9b:c7:d9:b4:7c:6b:ad:5d:ed:e7:87:04:88:7e:6c:d0:cc:bd:d7:c2:d3:8a:a4:a6:72:27:b8:cf:47:0e:83:c1:b3:dc:e1:f1:8b:f1:2c:c5:4f:fb:b9:39:cc:3c:33:ea:a7:23:ba:52:c7:4e:76:a9:a7:1e:f9:a8:a9:80:e2:0c:05:61:44:0c:2f:4a:23:fd:3c:e9:ce:46:d8:4f:1c:83:dd:e4:a3:23:c5:b6:e0:ba:1d:1f:1c:0e:71:0a:f0:2b:60:72:49:f0:7d:db:54:32:cc:3b:0b:04:b4:af:85:25:6f:b2:b6:e1:b1:52:c7:4a:30:56:e7:99:3e:33:86:c3:ae:b0:88:a9:ff:0d:c4:93:0a:a0:25:1b:50:ba:1e:1f:50:cb:1b:b5:af:7e:9d:23:df:ed:d9:fe:c9:0c:e0:eb:38:c0:75:f8:52:5f:0c:ba:5c:c7:a4:66:86:9d:b7:06:2b:52:be:4f:96:c7:47:db:a1:ce:c6:cd:91:6b:79:cd:34:53:38:f9:74:b9:0a:ce:73:64:21:fa:16:ab:e8:d8:e7:0d:a9:01:06:88:ce:ec:5b:81:57:6a:37:68:99:fe:8b:2b:ce:8b:13:db:4e:29:91:5d:af:96:4b:62:f0:39:64:aa:51:a2:ba" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:41.640630000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494381.640630000", - "frame.time_delta": "0.060246000", - "frame.time_delta_displayed": "0.060246000", - "frame.time_relative": "790.179944000", - "frame.number": "2938", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c5c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003923", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "6141", - "tcp.ack": "26435", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000044bd", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9d:fe:fe:00:25:e5:92", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812149502, TSecr 2483602": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812149502", - "tcp.options.timestamp.tsecr": "2483602" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2937", - "tcp.analysis.ack_rtt": "0.060246000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:41.920695000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494381.920695000", - "frame.time_delta": "0.280065000", - "frame.time_delta_displayed": "0.280065000", - "frame.time_relative": "790.460009000", - "frame.number": "2939", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "106", - "ip.id": "0x00009567", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000077e2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "54", - "tcp.seq": "26435", - "tcp.nxtseq": "26489", - "tcp.ack": "6141", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00003ac9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:e5:b4:a7:9d:fe:fe", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2483636, TSecr 2812149502": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2483636", - "tcp.options.timestamp.tsecr": "2812149502" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "54", - "tcp.analysis.push_bytes_sent": "54" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:0e:cb:8b:46:4d:22:62:97:11:b7:6d:1b:b4:dc:02:3a:ac:a3:c9:d1:ce:03:c0:58:c9:bf:d2:02:fe:0d:bf:3b:dc:f3:01:df:54:95:61:db:8e:ae" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:41.981092000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494381.981092000", - "frame.time_delta": "0.060397000", - "frame.time_delta_displayed": "0.060397000", - "frame.time_relative": "790.520406000", - "frame.number": "2940", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c5d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003922", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "6141", - "tcp.ack": "26489", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00004410", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9d:ff:53:00:25:e5:b4", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812149587, TSecr 2483636": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812149587", - "tcp.options.timestamp.tsecr": "2483636" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2939", - "tcp.analysis.ack_rtt": "0.060397000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:42.230451000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494382.230451000", - "frame.time_delta": "0.249359000", - "frame.time_delta_displayed": "0.249359000", - "frame.time_relative": "790.769765000", - "frame.number": "2941", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00007d00", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003a4b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "58929", - "udp.port": "1900", - "udp.port": "58929", - "udp.length": "305", - "udp.checksum": "0x0000dee9", - "udp.checksum.status": "2", - "udp.stream": "74" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "16", - "http.prev_response_in": "2933" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:42.283204000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494382.283204000", - "frame.time_delta": "0.052753000", - "frame.time_delta_displayed": "0.052753000", - "frame.time_relative": "790.822518000", - "frame.number": "2942", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00007d02", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003a40", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "58929", - "udp.port": "1900", - "udp.port": "58929", - "udp.length": "314", - "udp.checksum": "0x0000ecd4", - "udp.checksum.status": "2", - "udp.stream": "74" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "17", - "http.prev_response_in": "2941" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:42.335984000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494382.335984000", - "frame.time_delta": "0.052780000", - "frame.time_delta_displayed": "0.052780000", - "frame.time_relative": "790.875298000", - "frame.number": "2943", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00007d03", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003a45", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "58929", - "udp.port": "1900", - "udp.port": "58929", - "udp.length": "308", - "udp.checksum": "0x0000105f", - "udp.checksum.status": "2", - "udp.stream": "74" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "18", - "http.prev_response_in": "2942" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:42.704532000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494382.704532000", - "frame.time_delta": "0.368548000", - "frame.time_delta_displayed": "0.368548000", - "frame.time_relative": "791.243846000", - "frame.number": "2944", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00007d09", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003a42", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "58929", - "udp.port": "1900", - "udp.port": "58929", - "udp.length": "305", - "udp.checksum": "0x0000dee9", - "udp.checksum.status": "2", - "udp.stream": "74" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "19", - "http.prev_response_in": "2943" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:42.757301000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494382.757301000", - "frame.time_delta": "0.052769000", - "frame.time_delta_displayed": "0.052769000", - "frame.time_relative": "791.296615000", - "frame.number": "2945", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00007d0a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003a38", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "58929", - "udp.port": "1900", - "udp.port": "58929", - "udp.length": "314", - "udp.checksum": "0x0000ecd4", - "udp.checksum.status": "2", - "udp.stream": "74" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "20", - "http.prev_response_in": "2944" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:42.810187000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494382.810187000", - "frame.time_delta": "0.052886000", - "frame.time_delta_displayed": "0.052886000", - "frame.time_relative": "791.349501000", - "frame.number": "2946", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00007d0f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003a39", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "58929", - "udp.port": "1900", - "udp.port": "58929", - "udp.length": "308", - "udp.checksum": "0x0000105f", - "udp.checksum.status": "2", - "udp.stream": "74" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "21", - "http.prev_response_in": "2945" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:42.871509000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494382.871509000", - "frame.time_delta": "0.061322000", - "frame.time_delta_displayed": "0.061322000", - "frame.time_relative": "791.410823000", - "frame.number": "2947", - "frame.len": "353", - "frame.cap_len": "353", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "339", - "ip.id": "0x00002c5e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003802", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "287", - "tcp.seq": "6141", - "tcp.nxtseq": "6428", - "tcp.ack": "26489", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000e36c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:00:32:00:25:e5:b4", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812149810, TSecr 2483636": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812149810", - "tcp.options.timestamp.tsecr": "2483636" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "287", - "tcp.analysis.push_bytes_sent": "287" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "282", - "ssl.app_data": "34:cd:34:17:47:48:0e:5c:9c:4d:6e:32:b6:c1:c2:53:df:62:e4:ed:4e:2d:6c:fb:73:fa:ab:c9:06:09:3b:d4:28:8c:68:da:c8:69:e1:86:22:a4:4a:e1:e4:f2:e3:42:08:34:b6:ec:97:be:dc:27:88:57:e1:58:ed:a5:88:ef:7c:52:5c:02:2f:54:1d:74:3b:7a:e2:fa:2f:0f:10:cf:85:0b:0e:a0:1c:77:e2:ef:00:10:8d:40:10:a1:2b:c6:75:81:90:63:fe:5f:a5:82:c2:4f:14:ad:f3:cd:b6:9c:fa:e3:43:84:ef:f5:6c:a4:e0:ce:4c:fe:66:70:be:14:87:6f:bf:8e:26:be:b9:6b:a5:23:d3:bf:72:84:bb:32:c5:0a:1e:51:f2:19:cb:b5:83:2e:b9:e3:d7:74:59:61:7f:57:2b:54:de:f3:8b:97:bb:f5:c0:64:bd:f6:0c:00:36:1d:c7:93:6f:13:7b:c4:8d:c3:e4:7f:ea:d3:e4:9c:f4:db:c5:b9:74:c5:0b:ca:18:ce:78:9d:c1:42:71:d6:07:ce:e1:f0:57:2e:f2:d4:5d:5d:27:1f:10:2c:fe:b2:d4:e6:21:6e:ae:c2:61:ef:e6:b5:30:06:60:ae:a5:5d:bc:20:0d:af:e0:05:09:cb:6b:06:00:c6:f3:a5:1e:0a:5d:1d:19:08:47:f7:b3:07:b8:49:90:40:6a:a6:8b:d8:5d:02:0c:a6:ba:fa:8d:d4:17:dd" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:42.896940000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494382.896940000", - "frame.time_delta": "0.025431000", - "frame.time_delta_displayed": "0.025431000", - "frame.time_relative": "791.436254000", - "frame.number": "2948", - "frame.len": "119", - "frame.cap_len": "119", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "105", - "ip.id": "0x00009568", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000077e2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "53", - "tcp.seq": "26489", - "tcp.nxtseq": "26542", - "tcp.ack": "6428", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000e3d9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:e6:16:a7:9e:00:32", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2483734, TSecr 2812149810": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2483734", - "tcp.options.timestamp.tsecr": "2812149810" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2947", - "tcp.analysis.ack_rtt": "0.025431000", - "tcp.analysis.bytes_in_flight": "53", - "tcp.analysis.push_bytes_sent": "53" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "48", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:0f:1c:be:3f:19:8f:33:15:5a:1a:c4:eb:01:ef:04:24:51:cb:a0:6f:9c:c9:1e:da:8e:33:53:bf:c7:1f:9f:c9:3f:bb:47:ad:87:60:c9:ec:48" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:42.957139000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494382.957139000", - "frame.time_delta": "0.060199000", - "frame.time_delta_displayed": "0.060199000", - "frame.time_relative": "791.496453000", - "frame.number": "2949", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c5f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003920", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "6428", - "tcp.ack": "26542", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00004166", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:00:47:00:25:e6:16", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812149831, TSecr 2483734": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812149831", - "tcp.options.timestamp.tsecr": "2483734" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2948", - "tcp.analysis.ack_rtt": "0.060199000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:42.957665000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494382.957665000", - "frame.time_delta": "0.000526000", - "frame.time_delta_displayed": "0.000526000", - "frame.time_relative": "791.496979000", - "frame.number": "2950", - "frame.len": "764", - "frame.cap_len": "764", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "750", - "ip.id": "0x00009569", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000755c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "698", - "tcp.seq": "26542", - "tcp.nxtseq": "27240", - "tcp.ack": "6428", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000c116", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:e6:1c:a7:9e:00:47", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2483740, TSecr 2812149831": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2483740", - "tcp.options.timestamp.tsecr": "2812149831" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "698", - "tcp.analysis.push_bytes_sent": "698" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:10:48:c8:03:35:8d:a8:27:a5:20:24:d9:e7:79:1c:e3:cf:95:a4:a9:3f:56:90:ce:7e:bc:7f:b0:0d:3a:ba:38:aa:95:51:76:57:02:89:a3:7c:e7" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "96", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:11:9e:7c:36:f7:a0:6c:b5:52:c9:1b:1b:c2:3d:73:a0:41:71:af:d1:0c:65:0c:63:d2:f0:a2:c1:ef:72:93:8f:fa:20:07:77:63:fc:22:bc:e2:40:fa:7d:ac:65:9d:72:de:33:13:1a:c0:91:d2:1d:6e:33:c7:58:2f:a3:41:8a:f6:8c:c7:d1:a8:b1:d4:b6:33:70:e4:3a:f9:a3:6e:be:c2:1f:f8:50:18:e5:cb:8b:e6" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "538", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:12:1c:f0:bc:fd:a6:e0:b9:4e:51:d4:b1:85:e0:b7:92:ec:7a:7a:fe:81:da:3c:3a:64:7d:e3:b1:fa:54:fb:9b:ad:a9:4a:cd:d1:55:bc:23:13:f0:d5:fd:aa:de:7f:2c:4a:48:d9:65:77:35:d2:8b:56:c5:aa:3d:de:03:e3:e3:29:10:45:91:aa:fe:74:6c:ba:51:63:8b:b9:cc:40:25:8d:7a:c8:8b:13:b0:f6:ed:a5:e6:ce:c6:ae:fe:3d:05:ff:02:2a:f7:7a:ff:ec:84:0c:40:3e:dc:86:95:5e:45:05:c6:1a:59:80:8c:c7:98:99:51:91:04:eb:06:b1:05:a2:22:77:07:39:b5:e4:60:76:04:16:59:a1:55:7b:65:a7:ad:b5:ff:fc:d7:df:55:fe:47:78:a1:5d:ab:81:95:db:ad:78:70:8e:9b:84:36:fd:ad:b2:19:30:9e:41:44:d8:29:84:f7:be:d6:98:7b:27:8e:7f:10:ef:3b:29:bf:2c:35:df:d7:17:52:6b:43:36:14:8a:be:29:65:47:8b:3b:ca:8f:25:20:f8:de:be:75:af:9e:ba:c5:38:5c:bf:3b:a0:90:a9:bd:5e:fe:9c:0c:f9:d9:c4:a7:53:62:11:c8:5e:59:d2:1d:4f:b6:37:e9:1e:08:4c:c7:e3:cf:b4:6f:96:bd:d9:01:5f:e7:61:fe:b6:48:dc:93:87:c9:48:0f:34:17:74:f2:5b:dd:84:1d:b3:1a:16:c4:a9:b8:4a:80:e3:5e:f8:29:38:0b:ce:3f:4b:ba:d9:85:da:2f:da:dc:c0:9e:95:56:e0:8b:05:fd:dd:71:43:32:58:5c:31:f5:b7:b1:45:09:b7:b2:9f:60:23:d5:57:63:f5:90:74:c6:db:d2:66:6a:9e:59:d4:3e:3c:f7:77:2d:7c:5f:90:d0:ac:dc:3f:29:3b:b0:36:95:d2:15:28:44:91:02:fb:1d:78:a5:e2:4b:0f:c0:90:f6:e1:84:a9:6d:88:7c:d2:cd:9e:0d:52:62:f6:44:80:02:86:f2:a0:23:b2:2d:b4:b6:61:07:7e:38:fd:55:00:68:9b:96:ab:5e:24:4e:75:00:4d:c9:c1:55:3a:60:e8:05:64:f8:d7:66:c5:f2:c1:90:0c:b6:64:e5:26:de:fa:41:62:2e:e1:28:5b:af:3a:55:41:eb:92:6b:84:2b:2d:b3:15:84:eb:bf:f9:c0:0c:fd:e2:bf:6b:80:b0:b5:a2:5b:28:04:69:84:68:b1:b2:94:c3:3a:f4:6c:ee:a8:7c:6c:3a:4c:14:61:42:03:46:9f:73:0b:2d:32:f5:06:e7:06:31:0d:8d:6b:93:23:af:e4:f8:85:71:38:a0:cf:ce:8d:27:52:c2:63:11:d9:b5:33:11:12" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:43.017989000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494383.017989000", - "frame.time_delta": "0.060324000", - "frame.time_delta_displayed": "0.060324000", - "frame.time_relative": "791.557303000", - "frame.number": "2951", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c60", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000391f", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "6428", - "tcp.ack": "27240", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00003e97", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:00:56:00:25:e6:1c", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812149846, TSecr 2483740": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812149846", - "tcp.options.timestamp.tsecr": "2483740" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2950", - "tcp.analysis.ack_rtt": "0.060324000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:43.296266000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494383.296266000", - "frame.time_delta": "0.278277000", - "frame.time_delta_displayed": "0.278277000", - "frame.time_relative": "791.835580000", - "frame.number": "2952", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "106", - "ip.id": "0x0000956a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000077df", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "54", - "tcp.seq": "27240", - "tcp.nxtseq": "27294", - "tcp.ack": "6428", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000023da", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:e6:3e:a7:9e:00:56", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2483774, TSecr 2812149846": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2483774", - "tcp.options.timestamp.tsecr": "2812149846" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "54", - "tcp.analysis.push_bytes_sent": "54" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:13:b3:db:0b:ff:23:10:c9:47:d8:77:e5:12:a1:44:f7:9a:2a:de:b2:96:b9:f4:3d:d2:98:fc:b7:4e:35:03:2d:bb:f1:3e:9c:3a:d5:60:87:41:d9" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:43.356756000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494383.356756000", - "frame.time_delta": "0.060490000", - "frame.time_delta_displayed": "0.060490000", - "frame.time_relative": "791.896070000", - "frame.number": "2953", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c61", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000391e", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "6428", - "tcp.ack": "27294", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00003dea", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:00:ab:00:25:e6:3e", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812149931, TSecr 2483774": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812149931", - "tcp.options.timestamp.tsecr": "2483774" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2952", - "tcp.analysis.ack_rtt": "0.060490000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:43.759858000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494383.759858000", - "frame.time_delta": "0.403102000", - "frame.time_delta_displayed": "0.403102000", - "frame.time_relative": "792.299172000", - "frame.number": "2954", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00007d34", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003a17", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "58929", - "udp.port": "1900", - "udp.port": "58929", - "udp.length": "305", - "udp.checksum": "0x0000dee9", - "udp.checksum.status": "2", - "udp.stream": "74" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "22", - "http.prev_response_in": "2946" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:43.812898000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494383.812898000", - "frame.time_delta": "0.053040000", - "frame.time_delta_displayed": "0.053040000", - "frame.time_relative": "792.352212000", - "frame.number": "2955", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00007d35", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003a0d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "58929", - "udp.port": "1900", - "udp.port": "58929", - "udp.length": "314", - "udp.checksum": "0x0000ecd4", - "udp.checksum.status": "2", - "udp.stream": "74" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "23", - "http.prev_response_in": "2954" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:43.865769000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494383.865769000", - "frame.time_delta": "0.052871000", - "frame.time_delta_displayed": "0.052871000", - "frame.time_relative": "792.405083000", - "frame.number": "2956", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00007d37", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003a11", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "58929", - "udp.port": "1900", - "udp.port": "58929", - "udp.length": "308", - "udp.checksum": "0x0000105f", - "udp.checksum.status": "2", - "udp.stream": "74" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "24", - "http.prev_response_in": "2955" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:44.420785000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494384.420785000", - "frame.time_delta": "0.555016000", - "frame.time_delta_displayed": "0.555016000", - "frame.time_relative": "792.960099000", - "frame.number": "2957", - "frame.len": "145", - "frame.cap_len": "145", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "131", - "ip.id": "0x0000956b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000077c5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "79", - "tcp.seq": "27294", - "tcp.nxtseq": "27373", - "tcp.ack": "6428", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00003d46", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:e6:ae:a7:9e:00:ab", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2483886, TSecr 2812149931": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2483886", - "tcp.options.timestamp.tsecr": "2812149931" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "79", - "tcp.analysis.push_bytes_sent": "79" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "74", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:14:48:57:59:64:90:2e:c4:e5:f7:a7:36:3d:66:b1:65:ff:5a:58:83:7f:0e:7c:1e:9b:7d:ad:de:97:e0:63:99:3c:23:f9:b2:dc:48:82:93:af:dd:50:68:01:d3:73:dc:d8:3d:5f:12:31:44:20:4d:84:38:bd:93:43:80:9e:ba:41:6a:d3" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:44.480958000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494384.480958000", - "frame.time_delta": "0.060173000", - "frame.time_delta_displayed": "0.060173000", - "frame.time_relative": "793.020272000", - "frame.number": "2958", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c62", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000391d", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "6428", - "tcp.ack": "27373", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00003c12", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:01:c4:00:25:e6:ae", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812150212, TSecr 2483886": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812150212", - "tcp.options.timestamp.tsecr": "2483886" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2957", - "tcp.analysis.ack_rtt": "0.060173000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:44.482039000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494384.482039000", - "frame.time_delta": "0.001081000", - "frame.time_delta_displayed": "0.001081000", - "frame.time_relative": "793.021353000", - "frame.number": "2959", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002c63", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038ed", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "6428", - "tcp.nxtseq": "6475", - "tcp.ack": "27373", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000a35e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:01:c4:00:25:e6:ae", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812150212, TSecr 2483886": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812150212", - "tcp.options.timestamp.tsecr": "2483886" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:5d:b0:ea:65:be:0b:fb:af:ec:8b:cd:28:d9:eb:48:7f:8a:e9:a5:b7:bd:0e:b0:cb:fb:82:de:0b:73:6b:d8:68:a0:e9:e5" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:44.516064000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494384.516064000", - "frame.time_delta": "0.034025000", - "frame.time_delta_displayed": "0.034025000", - "frame.time_relative": "793.055378000", - "frame.number": "2960", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000956c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007813", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "27373", - "tcp.ack": "6475", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00003aea", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:e6:b8:a7:9e:01:c4", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2483896, TSecr 2812150212": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2483896", - "tcp.options.timestamp.tsecr": "2812150212" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2959", - "tcp.analysis.ack_rtt": "0.034025000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:44.889146000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494384.889146000", - "frame.time_delta": "0.373082000", - "frame.time_delta_displayed": "0.373082000", - "frame.time_relative": "793.428460000", - "frame.number": "2961", - "frame.len": "353", - "frame.cap_len": "353", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "339", - "ip.id": "0x00002c64", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037fc", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "287", - "tcp.seq": "6475", - "tcp.nxtseq": "6762", - "tcp.ack": "27373", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000070c6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:02:27:00:25:e6:b8", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812150311, TSecr 2483896": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812150311", - "tcp.options.timestamp.tsecr": "2483896" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "287", - "tcp.analysis.push_bytes_sent": "287" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "282", - "ssl.app_data": "34:cd:34:17:47:48:0e:5e:b7:c0:c7:7b:00:4c:66:09:ba:88:1d:65:3c:0e:88:e0:83:f9:fa:15:4d:26:7c:31:94:e6:f3:2d:0b:7d:0d:9f:7c:11:6a:1e:b6:9d:aa:d8:d0:e0:53:00:a4:5f:c1:0f:e1:30:2c:09:42:fa:69:0e:ea:6a:99:d8:d3:fb:94:9b:40:c7:ce:b4:53:29:4f:9e:ca:25:04:88:cb:e4:79:dc:3d:94:29:f3:41:26:b6:cb:9f:85:0c:4d:c1:02:3c:f5:72:ad:94:e9:62:e1:b0:f9:92:91:5b:02:56:b8:4d:79:13:39:f6:18:2a:37:c5:1b:3e:8d:47:c3:54:0d:bb:ac:fd:50:b8:84:2b:92:1c:fa:1c:98:99:b5:e9:b1:a8:a9:fc:62:1f:4c:0a:51:28:b9:94:11:17:9a:f8:d9:7b:55:97:50:39:56:63:a1:fa:c4:25:8b:d7:ce:bc:8a:52:20:cc:99:ef:77:1a:14:f3:e0:f6:03:65:64:d9:c7:ea:74:fa:64:45:d2:7a:ae:2a:ff:99:18:39:5e:8d:66:b4:bf:24:22:fe:50:f0:7b:95:fe:01:c0:a2:f4:62:53:ec:29:56:71:e3:71:2c:51:44:7f:5c:68:af:14:3c:a5:16:54:99:15:a5:b4:32:5c:37:0a:62:40:e6:46:00:65:2e:51:ce:42:64:71:6d:0c:41:c4:d7:ac:ac:91:29:86:db:7b:d3:b4" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:44.889620000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494384.889620000", - "frame.time_delta": "0.000474000", - "frame.time_delta_displayed": "0.000474000", - "frame.time_relative": "793.428934000", - "frame.number": "2962", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000956d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007812", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "27373", - "tcp.ack": "6762", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00003943", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:e6:dd:a7:9e:02:27", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2483933, TSecr 2812150311": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2483933", - "tcp.options.timestamp.tsecr": "2812150311" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2961", - "tcp.analysis.ack_rtt": "0.000474000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:44.909277000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494384.909277000", - "frame.time_delta": "0.019657000", - "frame.time_delta_displayed": "0.019657000", - "frame.time_relative": "793.448591000", - "frame.number": "2963", - "frame.len": "119", - "frame.cap_len": "119", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "105", - "ip.id": "0x0000956e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000077dc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "53", - "tcp.seq": "27373", - "tcp.nxtseq": "27426", - "tcp.ack": "6762", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000ffc2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:e6:df:a7:9e:02:27", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2483935, TSecr 2812150311": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2483935", - "tcp.options.timestamp.tsecr": "2812150311" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "53", - "tcp.analysis.push_bytes_sent": "53" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "48", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:15:e3:f5:d3:62:7e:e5:77:aa:18:f5:b0:82:7e:90:07:ad:d9:92:f3:5f:77:61:50:0d:ad:22:2f:82:7d:54:6a:0d:9f:89:92:46:13:de:85:69" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:45.006260000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494385.006260000", - "frame.time_delta": "0.096983000", - "frame.time_delta_displayed": "0.096983000", - "frame.time_relative": "793.545574000", - "frame.number": "2964", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c65", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000391a", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "6762", - "tcp.ack": "27426", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000039da", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:02:48:00:25:e6:df", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812150344, TSecr 2483935": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812150344", - "tcp.options.timestamp.tsecr": "2483935" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2963", - "tcp.analysis.ack_rtt": "0.096983000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:45.006795000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494385.006795000", - "frame.time_delta": "0.000535000", - "frame.time_delta_displayed": "0.000535000", - "frame.time_relative": "793.546109000", - "frame.number": "2965", - "frame.len": "764", - "frame.cap_len": "764", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "750", - "ip.id": "0x0000956f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007556", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "698", - "tcp.seq": "27426", - "tcp.nxtseq": "28124", - "tcp.ack": "6762", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000fba2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:e6:e9:a7:9e:02:48", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2483945, TSecr 2812150344": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2483945", - "tcp.options.timestamp.tsecr": "2812150344" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "698", - "tcp.analysis.push_bytes_sent": "698" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:16:a8:2f:00:4a:21:8b:14:b6:87:35:fa:95:4c:96:7b:57:9f:7d:55:87:22:f9:77:a1:70:29:de:4b:9c:c2:12:7f:2a:c8:ae:08:ad:19:d3:a9:20" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "96", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:17:88:4d:ff:c0:28:ef:de:32:55:4b:99:ec:72:0d:a7:23:8a:05:fd:29:5a:05:fd:9e:b9:57:68:f7:9b:e4:10:67:fc:de:93:a6:2f:b8:f3:fa:30:d9:58:de:39:5c:19:e8:7a:40:33:01:38:b6:ae:77:34:96:56:63:02:1b:1a:5e:75:af:54:21:ba:5b:78:d2:52:24:09:f2:93:80:69:ea:a2:17:8d:42:8c:c8:33:8b" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "538", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:18:c3:80:b8:4e:07:06:2b:b4:0c:ee:06:5b:29:87:c6:20:6f:12:ea:de:ed:06:18:5a:b6:f8:1a:54:43:9d:b7:d6:d2:b6:a1:f0:da:0e:db:e9:a6:c4:fa:aa:50:44:4b:6e:68:e1:1a:29:3f:54:12:ef:de:87:1e:d7:27:ee:bc:2c:19:71:f8:9c:76:c5:1c:9d:d6:ae:95:bd:ee:90:86:79:3d:d0:9a:2b:cc:b1:56:96:1c:94:d5:06:87:e6:a3:9d:35:6e:e5:13:3b:06:ee:6c:2e:83:5b:eb:f2:0a:3b:1d:77:31:8a:91:1d:b0:01:b6:47:6a:fa:9b:02:17:d5:3a:05:3d:46:b6:fd:a4:b0:30:1f:1e:32:c3:da:fd:e6:8c:46:1b:94:93:8b:0c:61:29:53:6e:89:d6:8a:71:bd:91:0a:26:7c:f1:57:79:4d:91:de:df:e1:7f:8a:ee:cf:a6:ee:97:27:67:6e:c0:c0:c0:5e:ed:72:40:c2:4e:a9:31:eb:3a:52:41:d1:2b:45:04:b5:45:1a:a1:50:12:38:a6:d7:3b:58:16:28:73:9f:42:68:8e:39:f3:6f:20:03:cd:87:5e:f5:ed:74:49:e7:fa:ef:f3:29:85:e4:b4:30:5e:49:02:4a:fb:7e:06:d7:91:93:a4:b0:a7:56:2a:40:25:80:44:d8:cb:9a:67:8e:cf:8a:d6:68:91:22:77:95:10:fe:0a:c9:57:90:6c:e3:33:1d:a3:44:b3:12:8f:65:e2:ca:a7:d2:f9:20:6d:bc:19:72:17:4d:e1:bc:3f:0e:a2:a8:41:92:db:d8:7e:b9:26:9f:c7:87:c5:d1:aa:cc:7b:20:30:03:1a:37:43:c4:a7:2e:5e:ef:51:7e:4a:0e:65:08:9c:dc:90:2b:6b:0d:51:21:9e:94:cf:12:81:d8:53:f5:a3:d5:85:cf:fd:59:cf:49:7d:44:3c:a5:d5:83:a5:32:e2:2a:37:ce:69:36:f3:9a:0d:b4:1e:ac:a7:78:06:af:dc:ae:f0:37:19:df:02:87:29:de:0f:a5:c6:8d:46:00:35:91:c9:6c:b1:87:c0:4f:62:81:4b:ae:24:03:30:27:f8:4c:39:bb:48:26:cb:48:ba:5b:ea:3e:8d:07:dd:c0:4a:84:f4:ec:27:1e:e7:21:1b:e6:c1:2b:8e:39:33:2a:56:0b:fd:55:89:0f:ad:1e:e7:56:28:05:c3:6a:37:d8:1f:3b:88:2f:6b:cb:fc:27:f7:8b:4a:6f:2b:92:6d:ab:b4:70:c9:e2:a6:99:d6:68:a8:c8:dc:85:28:19:25:65:2c:6f:53:9c:d6:7d:a2:00:37:67:39:c9:90:60:3b:a9:6f:ba:bd:9c:0d:bd:1f:d7:44:42:72:ce:ec:6e:f3:ad:71" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:45.066978000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494385.066978000", - "frame.time_delta": "0.060183000", - "frame.time_delta_displayed": "0.060183000", - "frame.time_relative": "793.606292000", - "frame.number": "2966", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c66", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003919", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "6762", - "tcp.ack": "28124", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00003707", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:02:57:00:25:e6:e9", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812150359, TSecr 2483945": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812150359", - "tcp.options.timestamp.tsecr": "2483945" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2965", - "tcp.analysis.ack_rtt": "0.060183000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:45.308979000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494385.308979000", - "frame.time_delta": "0.242001000", - "frame.time_delta_displayed": "0.242001000", - "frame.time_relative": "793.848293000", - "frame.number": "2967", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "106", - "ip.id": "0x00009570", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000077d9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "54", - "tcp.seq": "28124", - "tcp.nxtseq": "28178", - "tcp.ack": "6762", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000b764", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:e7:07:a7:9e:02:57", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2483975, TSecr 2812150359": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2483975", - "tcp.options.timestamp.tsecr": "2812150359" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "54", - "tcp.analysis.push_bytes_sent": "54" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:19:77:de:36:b3:0e:a9:55:b5:ea:33:09:1c:92:a8:cf:07:b6:4d:16:27:33:35:c6:2c:cb:7c:b0:48:36:15:b6:0d:56:f6:12:b3:ce:1a:e4:e9:85" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:45.369117000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494385.369117000", - "frame.time_delta": "0.060138000", - "frame.time_delta_displayed": "0.060138000", - "frame.time_relative": "793.908431000", - "frame.number": "2968", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c67", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003918", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "6762", - "tcp.ack": "28178", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00003668", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:02:a2:00:25:e7:07", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812150434, TSecr 2483975": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812150434", - "tcp.options.timestamp.tsecr": "2483975" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2967", - "tcp.analysis.ack_rtt": "0.060138000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:48.253394000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494388.253394000", - "frame.time_delta": "2.884277000", - "frame.time_delta_displayed": "2.884277000", - "frame.time_relative": "796.792708000", - "frame.number": "2969", - "frame.len": "92", - "frame.cap_len": "92", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:nbns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "78", - "ip.id": "0x00005c4e", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x00005b95", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "137", - "udp.dstport": "137", - "udp.port": "137", - "udp.port": "137", - "udp.length": "58", - "udp.checksum": "0x0000a42a", - "udp.checksum.status": "2", - "udp.stream": "28" - }, - "nbns": { - "nbns.id": "0x00009613", - "nbns.flags": "0x00000110", - "nbns.flags_tree": { - "nbns.flags.response": "0", - "nbns.flags.opcode": "0", - "nbns.flags.truncated": "0", - "nbns.flags.recdesired": "1", - "nbns.flags.broadcast": "1" - }, - "nbns.count.queries": "1", - "nbns.count.answers": "0", - "nbns.count.auth_rr": "0", - "nbns.count.add_rr": "0", - "Queries": { - "WPAD<00>: type NB, class IN": { - "nbns.name": "WPAD<00>", - "nbns.type": "32", - "nbns.class": "1" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:48.254228000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494388.254228000", - "frame.time_delta": "0.000834000", - "frame.time_delta_displayed": "0.000834000", - "frame.time_relative": "796.793542000", - "frame.number": "2970", - "frame.len": "84", - "frame.cap_len": "84", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:llmnr" - }, - "eth": { - "eth.dst": "33:33:00:01:00:03", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:03", - "eth.addr": "33:33:00:01:00:03", - "eth.addr_resolved": "IPv6mcast_01:00:03", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x000b0126", - "ipv6.plen": "30", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::790f:988f:49cf:68ba", - "ipv6.addr": "fe80::790f:988f:49cf:68ba", - "ipv6.src_host": "fe80::790f:988f:49cf:68ba", - "ipv6.host": "fe80::790f:988f:49cf:68ba", - "ipv6.dst": "ff02::1:3", - "ipv6.addr": "ff02::1:3", - "ipv6.dst_host": "ff02::1:3", - "ipv6.host": "ff02::1:3", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "55905", - "udp.dstport": "5355", - "udp.port": "55905", - "udp.port": "5355", - "udp.length": "30", - "udp.checksum": "0x0000c898", - "udp.checksum.status": "2", - "udp.stream": "75" - }, - "llmnr": { - "dns.id": "0x0000ad40", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.conflict": "0", - "dns.flags.truncated": "0", - "dns.flags.tentative": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "wpad: type A, class IN": { - "dns.qry.name": "wpad", - "dns.qry.name.len": "4", - "dns.count.labels": "1", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:48.254833000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494388.254833000", - "frame.time_delta": "0.000605000", - "frame.time_delta_displayed": "0.000605000", - "frame.time_relative": "796.794147000", - "frame.number": "2971", - "frame.len": "64", - "frame.cap_len": "64", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:llmnr" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fc", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fc", - "eth.addr": "01:00:5e:00:00:fc", - "eth.addr_resolved": "IPv4mcast_fc", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "50", - "ip.id": "0x00000576", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x00001235", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "224.0.0.252", - "ip.addr": "224.0.0.252", - "ip.dst_host": "224.0.0.252", - "ip.host": "224.0.0.252", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "55905", - "udp.dstport": "5355", - "udp.port": "55905", - "udp.port": "5355", - "udp.length": "30", - "udp.checksum": "0x0000e837", - "udp.checksum.status": "2", - "udp.stream": "76" - }, - "llmnr": { - "dns.id": "0x0000ad40", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.conflict": "0", - "dns.flags.truncated": "0", - "dns.flags.tentative": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "wpad: type A, class IN": { - "dns.qry.name": "wpad", - "dns.qry.name.len": "4", - "dns.count.labels": "1", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:48.255495000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494388.255495000", - "frame.time_delta": "0.000662000", - "frame.time_delta_displayed": "0.000662000", - "frame.time_relative": "796.794809000", - "frame.number": "2972", - "frame.len": "84", - "frame.cap_len": "84", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:llmnr" - }, - "eth": { - "eth.dst": "33:33:00:01:00:03", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:03", - "eth.addr": "33:33:00:01:00:03", - "eth.addr_resolved": "IPv6mcast_01:00:03", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x000d7f1e", - "ipv6.plen": "30", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::790f:988f:49cf:68ba", - "ipv6.addr": "fe80::790f:988f:49cf:68ba", - "ipv6.src_host": "fe80::790f:988f:49cf:68ba", - "ipv6.host": "fe80::790f:988f:49cf:68ba", - "ipv6.dst": "ff02::1:3", - "ipv6.addr": "ff02::1:3", - "ipv6.dst_host": "ff02::1:3", - "ipv6.host": "ff02::1:3", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "62461", - "udp.dstport": "5355", - "udp.port": "62461", - "udp.port": "5355", - "udp.length": "30", - "udp.checksum": "0x0000aff3", - "udp.checksum.status": "2", - "udp.stream": "77" - }, - "llmnr": { - "dns.id": "0x0000ac2e", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.conflict": "0", - "dns.flags.truncated": "0", - "dns.flags.tentative": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "wpad: type AAAA, class IN": { - "dns.qry.name": "wpad", - "dns.qry.name.len": "4", - "dns.count.labels": "1", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:48.256141000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494388.256141000", - "frame.time_delta": "0.000646000", - "frame.time_delta_displayed": "0.000646000", - "frame.time_relative": "796.795455000", - "frame.number": "2973", - "frame.len": "64", - "frame.cap_len": "64", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:llmnr" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fc", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fc", - "eth.addr": "01:00:5e:00:00:fc", - "eth.addr_resolved": "IPv4mcast_fc", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "50", - "ip.id": "0x00000577", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x00001234", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "224.0.0.252", - "ip.addr": "224.0.0.252", - "ip.dst_host": "224.0.0.252", - "ip.host": "224.0.0.252", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "62461", - "udp.dstport": "5355", - "udp.port": "62461", - "udp.port": "5355", - "udp.length": "30", - "udp.checksum": "0x0000cf92", - "udp.checksum.status": "2", - "udp.stream": "78" - }, - "llmnr": { - "dns.id": "0x0000ac2e", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.conflict": "0", - "dns.flags.truncated": "0", - "dns.flags.tentative": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "wpad: type AAAA, class IN": { - "dns.qry.name": "wpad", - "dns.qry.name.len": "4", - "dns.count.labels": "1", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:48.665736000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494388.665736000", - "frame.time_delta": "0.409595000", - "frame.time_delta_displayed": "0.409595000", - "frame.time_relative": "797.205050000", - "frame.number": "2974", - "frame.len": "84", - "frame.cap_len": "84", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:llmnr" - }, - "eth": { - "eth.dst": "33:33:00:01:00:03", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:03", - "eth.addr": "33:33:00:01:00:03", - "eth.addr_resolved": "IPv6mcast_01:00:03", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x000b0126", - "ipv6.plen": "30", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::790f:988f:49cf:68ba", - "ipv6.addr": "fe80::790f:988f:49cf:68ba", - "ipv6.src_host": "fe80::790f:988f:49cf:68ba", - "ipv6.host": "fe80::790f:988f:49cf:68ba", - "ipv6.dst": "ff02::1:3", - "ipv6.addr": "ff02::1:3", - "ipv6.dst_host": "ff02::1:3", - "ipv6.host": "ff02::1:3", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "55905", - "udp.dstport": "5355", - "udp.port": "55905", - "udp.port": "5355", - "udp.length": "30", - "udp.checksum": "0x0000c898", - "udp.checksum.status": "2", - "udp.stream": "75" - }, - "llmnr": { - "dns.id": "0x0000ad40", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.conflict": "0", - "dns.flags.truncated": "0", - "dns.flags.tentative": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "wpad: type A, class IN": { - "dns.qry.name": "wpad", - "dns.qry.name.len": "4", - "dns.count.labels": "1", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:48.666896000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494388.666896000", - "frame.time_delta": "0.001160000", - "frame.time_delta_displayed": "0.001160000", - "frame.time_relative": "797.206210000", - "frame.number": "2975", - "frame.len": "64", - "frame.cap_len": "64", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:llmnr" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fc", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fc", - "eth.addr": "01:00:5e:00:00:fc", - "eth.addr_resolved": "IPv4mcast_fc", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "50", - "ip.id": "0x00000578", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x00001233", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "224.0.0.252", - "ip.addr": "224.0.0.252", - "ip.dst_host": "224.0.0.252", - "ip.host": "224.0.0.252", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "55905", - "udp.dstport": "5355", - "udp.port": "55905", - "udp.port": "5355", - "udp.length": "30", - "udp.checksum": "0x0000e837", - "udp.checksum.status": "2", - "udp.stream": "76" - }, - "llmnr": { - "dns.id": "0x0000ad40", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.conflict": "0", - "dns.flags.truncated": "0", - "dns.flags.tentative": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "wpad: type A, class IN": { - "dns.qry.name": "wpad", - "dns.qry.name.len": "4", - "dns.count.labels": "1", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:48.667455000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494388.667455000", - "frame.time_delta": "0.000559000", - "frame.time_delta_displayed": "0.000559000", - "frame.time_relative": "797.206769000", - "frame.number": "2976", - "frame.len": "84", - "frame.cap_len": "84", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:llmnr" - }, - "eth": { - "eth.dst": "33:33:00:01:00:03", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:03", - "eth.addr": "33:33:00:01:00:03", - "eth.addr_resolved": "IPv6mcast_01:00:03", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x000d7f1e", - "ipv6.plen": "30", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::790f:988f:49cf:68ba", - "ipv6.addr": "fe80::790f:988f:49cf:68ba", - "ipv6.src_host": "fe80::790f:988f:49cf:68ba", - "ipv6.host": "fe80::790f:988f:49cf:68ba", - "ipv6.dst": "ff02::1:3", - "ipv6.addr": "ff02::1:3", - "ipv6.dst_host": "ff02::1:3", - "ipv6.host": "ff02::1:3", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "62461", - "udp.dstport": "5355", - "udp.port": "62461", - "udp.port": "5355", - "udp.length": "30", - "udp.checksum": "0x0000aff3", - "udp.checksum.status": "2", - "udp.stream": "77" - }, - "llmnr": { - "dns.id": "0x0000ac2e", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.conflict": "0", - "dns.flags.truncated": "0", - "dns.flags.tentative": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "wpad: type AAAA, class IN": { - "dns.qry.name": "wpad", - "dns.qry.name.len": "4", - "dns.count.labels": "1", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:48.668263000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494388.668263000", - "frame.time_delta": "0.000808000", - "frame.time_delta_displayed": "0.000808000", - "frame.time_relative": "797.207577000", - "frame.number": "2977", - "frame.len": "64", - "frame.cap_len": "64", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:llmnr" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fc", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fc", - "eth.addr": "01:00:5e:00:00:fc", - "eth.addr_resolved": "IPv4mcast_fc", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "50", - "ip.id": "0x00000579", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x00001232", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "224.0.0.252", - "ip.addr": "224.0.0.252", - "ip.dst_host": "224.0.0.252", - "ip.host": "224.0.0.252", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "62461", - "udp.dstport": "5355", - "udp.port": "62461", - "udp.port": "5355", - "udp.length": "30", - "udp.checksum": "0x0000cf92", - "udp.checksum.status": "2", - "udp.stream": "78" - }, - "llmnr": { - "dns.id": "0x0000ac2e", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.conflict": "0", - "dns.flags.truncated": "0", - "dns.flags.tentative": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "wpad: type AAAA, class IN": { - "dns.qry.name": "wpad", - "dns.qry.name.len": "4", - "dns.count.labels": "1", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:48.968592000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494388.968592000", - "frame.time_delta": "0.300329000", - "frame.time_delta_displayed": "0.300329000", - "frame.time_relative": "797.507906000", - "frame.number": "2978", - "frame.len": "136", - "frame.cap_len": "136", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "122", - "ip.id": "0x00005df5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00007b64", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "102", - "udp.checksum": "0x0000302a", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000003", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", - "dns.qry.name.len": "70", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:49.004742000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494389.004742000", - "frame.time_delta": "0.036150000", - "frame.time_delta_displayed": "0.036150000", - "frame.time_relative": "797.544056000", - "frame.number": "2979", - "frame.len": "92", - "frame.cap_len": "92", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:nbns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "78", - "ip.id": "0x00005c4f", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x00005b94", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "137", - "udp.dstport": "137", - "udp.port": "137", - "udp.port": "137", - "udp.length": "58", - "udp.checksum": "0x0000a42a", - "udp.checksum.status": "2", - "udp.stream": "28" - }, - "nbns": { - "nbns.id": "0x00009613", - "nbns.flags": "0x00000110", - "nbns.flags_tree": { - "nbns.flags.response": "0", - "nbns.flags.opcode": "0", - "nbns.flags.truncated": "0", - "nbns.flags.recdesired": "1", - "nbns.flags.broadcast": "1" - }, - "nbns.count.queries": "1", - "nbns.count.answers": "0", - "nbns.count.auth_rr": "0", - "nbns.count.add_rr": "0", - "Queries": { - "WPAD<00>: type NB, class IN": { - "nbns.name": "WPAD<00>", - "nbns.type": "32", - "nbns.class": "1" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:49.049697000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494389.049697000", - "frame.time_delta": "0.044955000", - "frame.time_delta_displayed": "0.044955000", - "frame.time_relative": "797.589011000", - "frame.number": "2980", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" - }, - "eth": { - "eth.dst": "33:33:00:01:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:02", - "eth.addr": "33:33:00:01:00:02", - "eth.addr_resolved": "IPv6mcast_01:00:02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "66", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::1:2", - "ipv6.addr": "ff02::1:2", - "ipv6.dst_host": "ff02::1:2", - "ipv6.host": "ff02::1:2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "546", - "udp.dstport": "547", - "udp.port": "546", - "udp.port": "547", - "udp.length": "66", - "udp.checksum": "0x0000ea2a", - "udp.checksum.status": "2", - "udp.stream": "15" - }, - "dhcpv6": { - "dhcpv6.msgtype": "1", - "dhcpv6.xid": "0x0084322e", - "Elapsed time": { - "dhcpv6.option.type": "8", - "dhcpv6.option.length": "2", - "dhcpv6.option.value": "00:00", - "dhcpv6.elapsed_time": "0" - }, - "Rapid Commit": { - "dhcpv6.option.type": "14", - "dhcpv6.option.length": "0" - }, - "Client Identifier": { - "dhcpv6.option.type": "1", - "dhcpv6.option.length": "14", - "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.type": "1", - "dhcpv6.duidllt.hwtype": "1", - "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", - "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" - }, - "Identity Association for Non-temporary Address": { - "dhcpv6.option.type": "3", - "dhcpv6.option.length": "12", - "dhcpv6.option.value": "30:bf:34:7e:00:00:00:00:00:00:00:00", - "dhcpv6.iaid": "30bf347e", - "dhcpv6.iaid.t1": "0", - "dhcpv6.iaid.t2": "0" - }, - "Option Request": { - "dhcpv6.option.type": "6", - "dhcpv6.option.length": "6", - "dhcpv6.option.value": "00:17:00:18:00:1f", - "dhcpv6.requested_option_code": "23", - "dhcpv6.requested_option_code": "24", - "dhcpv6.requested_option_code": "31" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:49.167722000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494389.167722000", - "frame.time_delta": "0.118025000", - "frame.time_delta_displayed": "0.118025000", - "frame.time_relative": "797.707036000", - "frame.number": "2981", - "frame.len": "158", - "frame.cap_len": "158", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" - }, - "eth": { - "eth.dst": "33:33:00:01:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:02", - "eth.addr": "33:33:00:01:00:02", - "eth.addr_resolved": "IPv6mcast_01:00:02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "104", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::1:2", - "ipv6.addr": "ff02::1:2", - "ipv6.dst_host": "ff02::1:2", - "ipv6.host": "ff02::1:2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "546", - "udp.dstport": "547", - "udp.port": "546", - "udp.port": "547", - "udp.length": "104", - "udp.checksum": "0x00003be6", - "udp.checksum.status": "2", - "udp.stream": "15" - }, - "dhcpv6": { - "dhcpv6.msgtype": "3", - "dhcpv6.xid": "0x00e8d546", - "Elapsed time": { - "dhcpv6.option.type": "8", - "dhcpv6.option.length": "2", - "dhcpv6.option.value": "00:00", - "dhcpv6.elapsed_time": "0" - }, - "Server Identifier": { - "dhcpv6.option.type": "2", - "dhcpv6.option.length": "10", - "dhcpv6.option.value": "00:03:00:01:b0:b9:8a:73:69:8e", - "dhcpv6.duid.bytes": "00:03:00:01:b0:b9:8a:73:69:8e", - "dhcpv6.duid.type": "3", - "dhcpv6.duidll.hwtype": "1", - "dhcpv6.duidll.link_layer_addr": "b0:b9:8a:73:69:8e" - }, - "Client Identifier": { - "dhcpv6.option.type": "1", - "dhcpv6.option.length": "14", - "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.type": "1", - "dhcpv6.duidllt.hwtype": "1", - "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", - "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" - }, - "Identity Association for Non-temporary Address": { - "dhcpv6.option.type": "3", - "dhcpv6.option.length": "40", - "dhcpv6.option.value": "30:bf:34:7e:00:00:54:60:00:00:87:00:00:05:00:18:fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", - "dhcpv6.iaid": "30bf347e", - "dhcpv6.iaid.t1": "21600", - "dhcpv6.iaid.t2": "34560", - "IA Address": { - "dhcpv6.option.type": "5", - "dhcpv6.option.length": "24", - "dhcpv6.option.value": "fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", - "dhcpv6.iaaddr.ip": "fd1e:4e89:3b7b::101", - "dhcpv6.iaaddr.pref_lifetime": "0", - "dhcpv6.iaaddr.valid_lifetime": "0" - } - }, - "Option Request": { - "dhcpv6.option.type": "6", - "dhcpv6.option.length": "6", - "dhcpv6.option.value": "00:17:00:18:00:1f", - "dhcpv6.requested_option_code": "23", - "dhcpv6.requested_option_code": "24", - "dhcpv6.requested_option_code": "31" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:49.174827000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494389.174827000", - "frame.time_delta": "0.007105000", - "frame.time_delta_displayed": "0.007105000", - "frame.time_relative": "797.714141000", - "frame.number": "2982", - "frame.len": "78", - "frame.cap_len": "78", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:ff:00:01:01", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_ff:00:01:01", - "eth.addr": "33:33:ff:00:01:01", - "eth.addr_resolved": "IPv6mcast_ff:00:01:01", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "24", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "::", - "ipv6.addr": "::", - "ipv6.src_host": "::", - "ipv6.host": "::", - "ipv6.dst": "ff02::1:ff00:101", - "ipv6.addr": "ff02::1:ff00:101", - "ipv6.dst_host": "ff02::1:ff00:101", - "ipv6.host": "ff02::1:ff00:101", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "135", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000f182", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00:00:00", - "icmpv6.nd.ns.target_address": "fd1e:4e89:3b7b::101" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:49.189761000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494389.189761000", - "frame.time_delta": "0.014934000", - "frame.time_delta_displayed": "0.014934000", - "frame.time_relative": "797.729075000", - "frame.number": "2983", - "frame.len": "110", - "frame.cap_len": "110", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "56", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000effa", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "2", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:49.756449000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494389.756449000", - "frame.time_delta": "0.566688000", - "frame.time_delta_displayed": "0.566688000", - "frame.time_relative": "798.295763000", - "frame.number": "2984", - "frame.len": "92", - "frame.cap_len": "92", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:nbns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "78", - "ip.id": "0x00005c50", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x00005b93", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "137", - "udp.dstport": "137", - "udp.port": "137", - "udp.port": "137", - "udp.length": "58", - "udp.checksum": "0x0000a42a", - "udp.checksum.status": "2", - "udp.stream": "28" - }, - "nbns": { - "nbns.id": "0x00009613", - "nbns.flags": "0x00000110", - "nbns.flags_tree": { - "nbns.flags.response": "0", - "nbns.flags.opcode": "0", - "nbns.flags.truncated": "0", - "nbns.flags.recdesired": "1", - "nbns.flags.broadcast": "1" - }, - "nbns.count.queries": "1", - "nbns.count.answers": "0", - "nbns.count.auth_rr": "0", - "nbns.count.add_rr": "0", - "Queries": { - "WPAD<00>: type NB, class IN": { - "nbns.name": "WPAD<00>", - "nbns.type": "32", - "nbns.class": "1" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:50.195771000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494390.195771000", - "frame.time_delta": "0.439322000", - "frame.time_delta_displayed": "0.439322000", - "frame.time_relative": "798.735085000", - "frame.number": "2985", - "frame.len": "62", - "frame.cap_len": "62", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_02", - "eth.addr": "33:33:00:00:00:02", - "eth.addr_resolved": "IPv6mcast_02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "8", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "::", - "ipv6.addr": "::", - "ipv6.src_host": "::", - "ipv6.host": "::", - "ipv6.dst": "ff02::2", - "ipv6.addr": "ff02::2", - "ipv6.dst_host": "ff02::2", - "ipv6.host": "ff02::2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "133", - "icmpv6.code": "0", - "icmpv6.checksum": "0x00007bb8", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:50.198618000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494390.198618000", - "frame.time_delta": "0.002847000", - "frame.time_delta_displayed": "0.002847000", - "frame.time_relative": "798.737932000", - "frame.number": "2986", - "frame.len": "174", - "frame.cap_len": "174", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:01", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01", - "eth.addr": "33:33:00:00:00:01", - "eth.addr_resolved": "IPv6mcast_01", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00016898", - "ipv6.plen": "120", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "fe80::b2b9:8aff:fe73:698e", - "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.dst": "ff02::1", - "ipv6.addr": "ff02::1", - "ipv6.dst_host": "ff02::1", - "ipv6.host": "ff02::1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "134", - "icmpv6.code": "0", - "icmpv6.checksum": "0x00006442", - "icmpv6.checksum.status": "1", - "icmpv6.nd.ra.cur_hop_limit": "64", - "icmpv6.nd.ra.flag": "0x000000c0", - "icmpv6.nd.ra.flag_tree": { - "icmpv6.nd.ra.flag.m": "1", - "icmpv6.nd.ra.flag.o": "1", - "icmpv6.nd.ra.flag.h": "0", - "icmpv6.nd.ra.flag.prf": "0", - "icmpv6.nd.ra.flag.p": "0", - "icmpv6.nd.ra.flag.rsv": "0" - }, - "icmpv6.nd.ra.router_lifetime": "0", - "icmpv6.nd.ra.reachable_time": "0", - "icmpv6.nd.ra.retrans_timer": "0", - "icmpv6.opt": { - "icmpv6.opt.type": "1", - "icmpv6.opt.length": "1", - "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", - "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "5", - "icmpv6.opt.length": "1", - "icmpv6.opt.reserved": "", - "icmpv6.opt.mtu": "1500" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "3", - "icmpv6.opt.length": "4", - "icmpv6.opt.prefix.length": "64", - "icmpv6.opt.prefix.flag": "0x000000c0", - "icmpv6.opt.prefix.flag_tree": { - "icmpv6.opt.prefix.flag.l": "1", - "icmpv6.opt.prefix.flag.a": "1", - "icmpv6.opt.prefix.flag.r": "0", - "icmpv6.opt.prefix.flag.reserved": "0" - }, - "icmpv6.opt.prefix.valid_lifetime": "4294967295", - "icmpv6.opt.prefix.preferred_lifetime": "4294967295", - "icmpv6.opt.reserved": "", - "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "24", - "icmpv6.opt.length": "3", - "icmpv6.opt.prefix.length": "48", - "icmpv6.opt.route_info.flag": "0x00000000", - "icmpv6.opt.route_info.flag_tree": { - "icmpv6.opt.route_info.flag.route_preference": "0", - "icmpv6.opt.route_info.flag.reserved": "0" - }, - "icmpv6.opt.route_lifetime": "4294967295", - "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "25", - "icmpv6.opt.length": "3", - "icmpv6.opt.reserved": "", - "icmpv6.opt.rdnss.lifetime": "6000", - "icmpv6.opt.rdnss": "fd1e:4e89:3b7b::1" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "7", - "icmpv6.opt.length": "1", - "icmpv6.opt.reserved": "", - "icmpv6.opt.advertisement_interval": "600000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:50.199759000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494390.199759000", - "frame.time_delta": "0.001141000", - "frame.time_delta_displayed": "0.001141000", - "frame.time_relative": "798.739073000", - "frame.number": "2987", - "frame.len": "150", - "frame.cap_len": "150", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "96", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000b490", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "4", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::fb" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:50.287116000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494390.287116000", - "frame.time_delta": "0.087357000", - "frame.time_delta_displayed": "0.087357000", - "frame.time_relative": "798.826430000", - "frame.number": "2988", - "frame.len": "150", - "frame.cap_len": "150", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "96", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000b590", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "4", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::fb" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:50.593461000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494390.593461000", - "frame.time_delta": "0.306345000", - "frame.time_delta_displayed": "0.306345000", - "frame.time_relative": "799.132775000", - "frame.number": "2989", - "frame.len": "1323", - "frame.cap_len": "1323", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1309", - "ip.id": "0x00009571", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007325", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "1257", - "tcp.seq": "28178", - "tcp.nxtseq": "29435", - "tcp.ack": "6762", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00006c13", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:e9:17:a7:9e:02:a2", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2484503, TSecr 2812150434": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2484503", - "tcp.options.timestamp.tsecr": "2812150434" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "1257", - "tcp.analysis.push_bytes_sent": "1257" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "1252", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:1a:21:92:28:f9:7e:8d:e5:99:c8:ff:90:d0:71:31:f1:ec:00:02:24:81:12:ab:9e:33:16:ce:88:35:6c:ac:22:9e:c1:a5:6a:5a:69:7c:b6:ae:f8:74:b4:4f:fb:9f:9a:24:61:dc:d0:94:b7:e3:7f:e6:58:73:fc:37:c7:0a:24:ce:f3:f8:c3:9c:b5:73:e1:f3:db:2d:00:ed:d7:38:2e:86:ef:ce:be:d5:eb:25:be:51:18:05:8a:52:2b:56:43:ed:99:b1:43:2a:70:94:b9:33:9b:6c:13:a7:b1:12:f2:af:c9:94:57:29:15:13:34:a0:a5:27:ce:c6:b1:be:e3:be:13:14:7a:3f:24:8a:a0:34:a0:56:a5:90:df:ce:51:42:81:5a:63:0e:c2:8c:ed:9b:0d:80:b5:75:78:bb:32:71:75:9e:26:4d:ec:10:53:a6:bf:0a:a5:94:a7:9b:58:da:ec:a2:7a:20:2b:a7:da:55:c7:b0:1a:4e:9b:31:17:66:fe:a4:2e:e1:48:d5:cb:0e:8f:f6:93:93:7f:36:23:e1:e2:4f:b7:1e:a7:36:62:de:a2:16:5c:77:00:88:1f:46:70:14:ff:2e:d5:37:5d:31:cf:b4:70:c9:ed:a4:ee:35:45:22:64:67:fc:61:58:e2:d3:80:24:6d:df:8c:00:0f:8b:8e:ed:a1:c1:3d:4c:d3:e9:36:e8:2d:c2:4d:15:98:64:1b:ef:bf:ac:84:c5:8a:95:c9:9e:1f:11:39:98:ab:8f:3b:d7:e3:d5:04:69:91:5e:85:74:a6:20:1f:af:8e:a0:b8:3f:20:40:2f:d3:37:20:c2:a2:a5:24:d8:c5:8c:c0:ee:0b:48:cb:5c:4f:ad:c5:95:9a:d2:8c:b3:6e:ad:ce:6a:3b:20:1e:86:66:81:55:bc:9b:43:7e:c6:2c:28:a1:6a:a6:39:36:7d:2a:1e:d2:28:6f:65:20:83:ed:ba:fa:2a:62:59:fd:dd:a0:6f:d6:6b:4d:9f:d6:e6:6c:1f:05:39:f3:ff:ca:18:b3:6f:b4:4e:c5:f2:1d:a3:f7:53:68:a0:c9:c0:46:d8:73:c4:46:c1:99:11:bf:70:11:6f:ef:12:c6:72:72:bc:a3:fd:f5:04:a7:ec:13:c0:60:6b:0c:3a:65:85:10:0f:c9:80:a4:d5:44:a7:7d:cb:e7:74:66:be:1d:91:97:11:36:a2:4a:e6:50:ef:3d:ae:92:a0:fb:90:4a:24:75:bc:0c:c3:b1:85:44:be:db:11:78:47:80:36:70:43:93:ba:e2:c2:a8:49:f5:12:d9:bb:58:1a:d3:fa:a5:7e:ae:0a:21:02:92:2e:1b:56:b2:a3:43:95:81:c9:ba:43:31:da:44:67:46:72:ef:12:40:9d:04:8b:b1:4f:50:1f:8e:fd:96:c1:43:1b:25:c7:87:d8:03:b0:07:9d:a8:6d:38:51:47:2b:0f:d6:57:b1:bc:1e:01:31:8c:fe:35:57:55:82:97:d8:e1:8f:bb:4a:a7:55:36:ac:e8:70:67:7a:d3:e9:e3:9c:66:bd:85:62:68:77:24:04:42:5e:48:02:8a:09:82:c1:dd:4c:b6:6b:99:57:50:a0:25:84:f0:c4:0a:83:ba:5f:3b:00:30:e9:61:d9:ae:40:25:b7:5f:5e:da:37:87:0e:12:a3:61:73:75:a3:b8:cf:95:52:26:d2:d5:a6:f7:1c:71:ce:76:b5:37:c7:6b:0c:88:2e:62:d6:25:63:9d:d2:54:c0:17:73:a0:b6:9d:89:cb:3b:01:16:28:45:36:1e:13:00:6a:89:51:0b:02:97:26:37:bf:f3:44:7d:4c:c2:31:cb:1a:20:4f:f1:f3:ac:91:31:e0:9f:39:21:9e:b8:f0:5b:d7:d2:d7:b2:03:b5:c8:e6:c4:fe:db:30:db:47:8f:e8:bc:ab:34:32:74:67:c1:f7:42:c6:11:56:c9:ae:66:a5:70:40:51:1f:21:f1:ba:f2:fe:bc:ee:cd:66:9a:8f:38:25:4f:c5:d3:ea:34:67:86:94:b7:01:e1:33:fd:96:a5:7a:1d:b4:64:22:f6:fa:2f:65:14:75:cb:b0:4e:f5:ae:ce:9e:d1:16:ac:78:a7:b0:20:d0:c6:27:d8:a4:87:20:c1:63:99:6e:f6:60:ac:74:a1:f4:e5:ef:ba:7e:2f:90:74:5d:63:d3:b3:7b:a9:0f:9b:1d:f1:98:9a:7a:1c:c9:54:f5:6a:a6:17:53:6a:7c:bc:14:e8:6e:7a:65:b7:97:39:fc:a4:c5:02:f9:49:88:5b:49:2c:9e:10:ab:70:e2:0d:a8:f5:f8:58:be:b3:c0:17:af:41:6c:7c:24:f7:a5:3c:b4:2f:b9:94:10:c0:ed:bc:e4:c7:4e:00:38:08:91:6f:c4:45:92:3d:98:ba:9f:ed:f9:c1:cb:73:a7:98:2a:76:ce:74:0e:e4:92:e4:8f:3c:96:6b:8a:fe:71:ae:15:b6:3d:52:0f:37:cc:a4:81:43:f2:8e:a7:e3:34:e2:82:24:76:a8:f2:af:bc:17:33:51:a3:5f:75:66:55:de:da:75:ea:85:c0:c3:a4:18:8a:78:ee:00:d7:19:f5:c8:b4:48:ee:73:4a:81:39:d4:f1:23:9b:02:8c:ec:46:73:fb:42:9a:55:a5:90:58:9e:d2:ee:6c:17:bb:d3:23:14:70:ac:17:1b:14:5a:59:be:2e:89:ec:0a:ee:36:39:b4:63:e3:1d:e4:6b:d0:e9:4a:25:e3:0a:e2:3b:77:97:26:4b:9d:57:fe:18:3b:92:59:a8:1b:95:24:7d:d7:77:09:c5:29:45:5f:86:2d:72:83:e2:24:82:fc:8d:7f:b9:c5:3a:4d:20:73:ca:b4:cc:11:70:2f:57:b2:89:dc:a4:04:1a:1c:03:ce:ab:cf:5c:3c:61:cc:be:70:17:80:fd:fd:31:af:7d:cb:ed:75:05:f5:c7:9c:dd:9b:38:da:a6:c3:a4:fa:bd:7d:2a:a2:af:53:9f:6f:7d:26:ab:5c:13:bc:19:81:30:16:81:d5:05:17:c7:c7:94:28:03:05:ee:c2:15:74:96:22:c9:7a:6e:d5:3c:89:69:5d:7c:00:9e:8a:78:0e:3e:c2:37:60:5a:4a:6c:02:25:8e:37:ba:ee:23:f2:18:a1:18:51:2f:32:6e:3c:89:e2:46:b8:f3:5d:b4:b0:a7:4b:91:ec:84:b3:c9:fa:16:b9:d3:67:a9:7a:58:8d:c5:b1:dc:52:f8:78:7a:c4:50:10:e3:ae:5a:a5:ac:43:9d:f0" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:50.654733000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494390.654733000", - "frame.time_delta": "0.061272000", - "frame.time_delta_displayed": "0.061272000", - "frame.time_relative": "799.194047000", - "frame.number": "2990", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c68", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003917", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "6762", - "tcp.ack": "29435", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00002a46", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:07:cb:00:25:e9:17", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812151755, TSecr 2484503": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812151755", - "tcp.options.timestamp.tsecr": "2484503" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "2989", - "tcp.analysis.ack_rtt": "0.061272000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:51.128627000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494391.128627000", - "frame.time_delta": "0.473894000", - "frame.time_delta_displayed": "0.473894000", - "frame.time_relative": "799.667941000", - "frame.number": "2991", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" - }, - "eth": { - "eth.dst": "33:33:00:01:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:02", - "eth.addr": "33:33:00:01:00:02", - "eth.addr_resolved": "IPv6mcast_01:00:02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "66", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::1:2", - "ipv6.addr": "ff02::1:2", - "ipv6.dst_host": "ff02::1:2", - "ipv6.host": "ff02::1:2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "546", - "udp.dstport": "547", - "udp.port": "546", - "udp.port": "547", - "udp.length": "66", - "udp.checksum": "0x0000cc1f", - "udp.checksum.status": "2", - "udp.stream": "15" - }, - "dhcpv6": { - "dhcpv6.msgtype": "1", - "dhcpv6.xid": "0x004e506f", - "Elapsed time": { - "dhcpv6.option.type": "8", - "dhcpv6.option.length": "2", - "dhcpv6.option.value": "00:00", - "dhcpv6.elapsed_time": "0" - }, - "Rapid Commit": { - "dhcpv6.option.type": "14", - "dhcpv6.option.length": "0" - }, - "Client Identifier": { - "dhcpv6.option.type": "1", - "dhcpv6.option.length": "14", - "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.type": "1", - "dhcpv6.duidllt.hwtype": "1", - "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", - "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" - }, - "Identity Association for Non-temporary Address": { - "dhcpv6.option.type": "3", - "dhcpv6.option.length": "12", - "dhcpv6.option.value": "30:bf:34:7e:00:00:00:00:00:00:00:00", - "dhcpv6.iaid": "30bf347e", - "dhcpv6.iaid.t1": "0", - "dhcpv6.iaid.t2": "0" - }, - "Option Request": { - "dhcpv6.option.type": "6", - "dhcpv6.option.length": "6", - "dhcpv6.option.value": "00:17:00:18:00:1f", - "dhcpv6.requested_option_code": "23", - "dhcpv6.requested_option_code": "24", - "dhcpv6.requested_option_code": "31" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:51.303132000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494391.303132000", - "frame.time_delta": "0.174505000", - "frame.time_delta_displayed": "0.174505000", - "frame.time_relative": "799.842446000", - "frame.number": "2992", - "frame.len": "158", - "frame.cap_len": "158", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" - }, - "eth": { - "eth.dst": "33:33:00:01:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:02", - "eth.addr": "33:33:00:01:00:02", - "eth.addr_resolved": "IPv6mcast_01:00:02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "104", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::1:2", - "ipv6.addr": "ff02::1:2", - "ipv6.dst_host": "ff02::1:2", - "ipv6.host": "ff02::1:2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "546", - "udp.dstport": "547", - "udp.port": "546", - "udp.port": "547", - "udp.length": "104", - "udp.checksum": "0x0000c868", - "udp.checksum.status": "2", - "udp.stream": "15" - }, - "dhcpv6": { - "dhcpv6.msgtype": "3", - "dhcpv6.xid": "0x00fa48b2", - "Elapsed time": { - "dhcpv6.option.type": "8", - "dhcpv6.option.length": "2", - "dhcpv6.option.value": "00:00", - "dhcpv6.elapsed_time": "0" - }, - "Server Identifier": { - "dhcpv6.option.type": "2", - "dhcpv6.option.length": "10", - "dhcpv6.option.value": "00:03:00:01:b0:b9:8a:73:69:8e", - "dhcpv6.duid.bytes": "00:03:00:01:b0:b9:8a:73:69:8e", - "dhcpv6.duid.type": "3", - "dhcpv6.duidll.hwtype": "1", - "dhcpv6.duidll.link_layer_addr": "b0:b9:8a:73:69:8e" - }, - "Client Identifier": { - "dhcpv6.option.type": "1", - "dhcpv6.option.length": "14", - "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.type": "1", - "dhcpv6.duidllt.hwtype": "1", - "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", - "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" - }, - "Identity Association for Non-temporary Address": { - "dhcpv6.option.type": "3", - "dhcpv6.option.length": "40", - "dhcpv6.option.value": "30:bf:34:7e:00:00:54:60:00:00:87:00:00:05:00:18:fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", - "dhcpv6.iaid": "30bf347e", - "dhcpv6.iaid.t1": "21600", - "dhcpv6.iaid.t2": "34560", - "IA Address": { - "dhcpv6.option.type": "5", - "dhcpv6.option.length": "24", - "dhcpv6.option.value": "fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", - "dhcpv6.iaaddr.ip": "fd1e:4e89:3b7b::101", - "dhcpv6.iaaddr.pref_lifetime": "0", - "dhcpv6.iaaddr.valid_lifetime": "0" - } - }, - "Option Request": { - "dhcpv6.option.type": "6", - "dhcpv6.option.length": "6", - "dhcpv6.option.value": "00:17:00:18:00:1f", - "dhcpv6.requested_option_code": "23", - "dhcpv6.requested_option_code": "24", - "dhcpv6.requested_option_code": "31" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:51.322504000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494391.322504000", - "frame.time_delta": "0.019372000", - "frame.time_delta_displayed": "0.019372000", - "frame.time_relative": "799.861818000", - "frame.number": "2993", - "frame.len": "78", - "frame.cap_len": "78", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:ff:00:01:01", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_ff:00:01:01", - "eth.addr": "33:33:ff:00:01:01", - "eth.addr_resolved": "IPv6mcast_ff:00:01:01", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "24", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "::", - "ipv6.addr": "::", - "ipv6.src_host": "::", - "ipv6.host": "::", - "ipv6.dst": "ff02::1:ff00:101", - "ipv6.addr": "ff02::1:ff00:101", - "ipv6.dst_host": "ff02::1:ff00:101", - "ipv6.host": "ff02::1:ff00:101", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "135", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000f182", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00:00:00", - "icmpv6.nd.ns.target_address": "fd1e:4e89:3b7b::101" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:51.342115000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494391.342115000", - "frame.time_delta": "0.019611000", - "frame.time_delta_displayed": "0.019611000", - "frame.time_relative": "799.881429000", - "frame.number": "2994", - "frame.len": "110", - "frame.cap_len": "110", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "56", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000effa", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "2", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:53.053432000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494393.053432000", - "frame.time_delta": "1.711317000", - "frame.time_delta_displayed": "1.711317000", - "frame.time_relative": "801.592746000", - "frame.number": "2995", - "frame.len": "174", - "frame.cap_len": "174", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:01", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01", - "eth.addr": "33:33:00:00:00:01", - "eth.addr_resolved": "IPv6mcast_01", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00016898", - "ipv6.plen": "120", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "fe80::b2b9:8aff:fe73:698e", - "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.dst": "ff02::1", - "ipv6.addr": "ff02::1", - "ipv6.dst_host": "ff02::1", - "ipv6.host": "ff02::1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "134", - "icmpv6.code": "0", - "icmpv6.checksum": "0x00006442", - "icmpv6.checksum.status": "1", - "icmpv6.nd.ra.cur_hop_limit": "64", - "icmpv6.nd.ra.flag": "0x000000c0", - "icmpv6.nd.ra.flag_tree": { - "icmpv6.nd.ra.flag.m": "1", - "icmpv6.nd.ra.flag.o": "1", - "icmpv6.nd.ra.flag.h": "0", - "icmpv6.nd.ra.flag.prf": "0", - "icmpv6.nd.ra.flag.p": "0", - "icmpv6.nd.ra.flag.rsv": "0" - }, - "icmpv6.nd.ra.router_lifetime": "0", - "icmpv6.nd.ra.reachable_time": "0", - "icmpv6.nd.ra.retrans_timer": "0", - "icmpv6.opt": { - "icmpv6.opt.type": "1", - "icmpv6.opt.length": "1", - "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", - "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "5", - "icmpv6.opt.length": "1", - "icmpv6.opt.reserved": "", - "icmpv6.opt.mtu": "1500" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "3", - "icmpv6.opt.length": "4", - "icmpv6.opt.prefix.length": "64", - "icmpv6.opt.prefix.flag": "0x000000c0", - "icmpv6.opt.prefix.flag_tree": { - "icmpv6.opt.prefix.flag.l": "1", - "icmpv6.opt.prefix.flag.a": "1", - "icmpv6.opt.prefix.flag.r": "0", - "icmpv6.opt.prefix.flag.reserved": "0" - }, - "icmpv6.opt.prefix.valid_lifetime": "4294967295", - "icmpv6.opt.prefix.preferred_lifetime": "4294967295", - "icmpv6.opt.reserved": "", - "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "24", - "icmpv6.opt.length": "3", - "icmpv6.opt.prefix.length": "48", - "icmpv6.opt.route_info.flag": "0x00000000", - "icmpv6.opt.route_info.flag_tree": { - "icmpv6.opt.route_info.flag.route_preference": "0", - "icmpv6.opt.route_info.flag.reserved": "0" - }, - "icmpv6.opt.route_lifetime": "4294967295", - "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "25", - "icmpv6.opt.length": "3", - "icmpv6.opt.reserved": "", - "icmpv6.opt.rdnss.lifetime": "6000", - "icmpv6.opt.rdnss": "fd1e:4e89:3b7b::1" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "7", - "icmpv6.opt.length": "1", - "icmpv6.opt.reserved": "", - "icmpv6.opt.advertisement_interval": "600000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:53.670282000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494393.670282000", - "frame.time_delta": "0.616850000", - "frame.time_delta_displayed": "0.616850000", - "frame.time_relative": "802.209596000", - "frame.number": "2996", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x000000dc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000b7de", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "33700", - "udp.dstport": "53", - "udp.port": "33700", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x00003278", - "udp.checksum.status": "2", - "udp.stream": "79" - }, - "dns": { - "dns.id": "0x00000f21", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:53.670825000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494393.670825000", - "frame.time_delta": "0.000543000", - "frame.time_delta_displayed": "0.000543000", - "frame.time_relative": "802.210139000", - "frame.number": "2997", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x00003b6c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00007d4e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "33700", - "udp.port": "53", - "udp.port": "33700", - "udp.length": "45", - "udp.checksum": "0x00008230", - "udp.checksum.status": "2", - "udp.stream": "79" - }, - "dns": { - "dns.response_to": "2996", - "dns.time": "0.000543000", - "dns.id": "0x00000f21", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:53.671627000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494393.671627000", - "frame.time_delta": "0.000802000", - "frame.time_delta_displayed": "0.000802000", - "frame.time_relative": "802.210941000", - "frame.number": "2998", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x000000dd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000b7dd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "33965", - "udp.dstport": "53", - "udp.port": "33965", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x00004c6e", - "udp.checksum.status": "2", - "udp.stream": "80" - }, - "dns": { - "dns.id": "0x00000f22", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:53.672176000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494393.672176000", - "frame.time_delta": "0.000549000", - "frame.time_delta_displayed": "0.000549000", - "frame.time_relative": "802.211490000", - "frame.number": "2999", - "frame.len": "95", - "frame.cap_len": "95", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "81", - "ip.id": "0x00003b6d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00007d3d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "33965", - "udp.port": "53", - "udp.port": "33965", - "udp.length": "61", - "udp.checksum": "0x00008240", - "udp.checksum.status": "2", - "udp.stream": "80" - }, - "dns": { - "dns.response_to": "2998", - "dns.time": "0.000549000", - "dns.id": "0x00000f22", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "1", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { - "dns.resp.name": "dcp.cpp.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2984", - "dns.resp.len": "4", - "dns.a": "5.79.62.93" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:53.673218000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494393.673218000", - "frame.time_delta": "0.001042000", - "frame.time_delta_displayed": "0.001042000", - "frame.time_relative": "802.212532000", - "frame.number": "3000", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x000014ae", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00002122", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35299", - "tcp.dstport": "80", - "tcp.port": "35299", - "tcp.port": "80", - "tcp.stream": "130", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000779b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:53.808778000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494393.808778000", - "frame.time_delta": "0.135560000", - "frame.time_delta_displayed": "0.135560000", - "frame.time_relative": "802.348092000", - "frame.number": "3001", - "frame.len": "62", - "frame.cap_len": "62", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "48", - "ip.id": "0x000067e8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x000022eb", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35299", - "tcp.port": "80", - "tcp.port": "35299", - "tcp.stream": "130", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "28", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "4140", - "tcp.window_size": "4140", - "tcp.checksum": "0x00006fc3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:64:04:02:00:00", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1380" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "End of Option List (EOL)": { - "tcp.options.type": "0", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "0" - } - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3000", - "tcp.analysis.ack_rtt": "0.135560000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:53.809318000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494393.809318000", - "frame.time_delta": "0.000540000", - "frame.time_delta_displayed": "0.000540000", - "frame.time_relative": "802.348632000", - "frame.number": "3002", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000014af", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000212d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35299", - "tcp.dstport": "80", - "tcp.port": "35299", - "tcp.port": "80", - "tcp.stream": "130", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00003952", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3001", - "tcp.analysis.ack_rtt": "0.000540000", - "tcp.analysis.initial_rtt": "0.136100000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:53.809877000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494393.809877000", - "frame.time_delta": "0.000559000", - "frame.time_delta_displayed": "0.000559000", - "frame.time_relative": "802.349191000", - "frame.number": "3003", - "frame.len": "654", - "frame.cap_len": "654", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "640", - "ip.id": "0x000014b0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001ed4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35299", - "tcp.dstport": "80", - "tcp.port": "35299", - "tcp.port": "80", - "tcp.stream": "130", - "tcp.len": "600", - "tcp.seq": "1", - "tcp.nxtseq": "601", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x000006c3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.136100000", - "tcp.analysis.bytes_in_flight": "600", - "tcp.analysis.push_bytes_sent": "600" - }, - "tcp.segment_data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:38:38:22:2c:20:4e:6f:6e:63:65:3d:22:63:38:66:50:31:6c:74:30:4f:32:2b:37:49:4e:55:49:79:46:38:77:61:67:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:71:53:6c:36:37:51:2f:4a:35:37:70:58:6e:7a:6f:49:48:65:41:38:70:51:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:53.946324000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494393.946324000", - "frame.time_delta": "0.136447000", - "frame.time_delta_displayed": "0.136447000", - "frame.time_relative": "802.485638000", - "frame.number": "3004", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00009ecb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x0000ec0f", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35299", - "tcp.port": "80", - "tcp.port": "35299", - "tcp.stream": "130", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "601", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4740", - "tcp.window_size": "4740", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00009686", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3003", - "tcp.analysis.ack_rtt": "0.136447000", - "tcp.analysis.initial_rtt": "0.136100000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:53.946953000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494393.946953000", - "frame.time_delta": "0.000629000", - "frame.time_delta_displayed": "0.000629000", - "frame.time_relative": "802.486267000", - "frame.number": "3005", - "frame.len": "1302", - "frame.cap_len": "1302", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:media" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1288", - "ip.id": "0x000014b1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001c4b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35299", - "tcp.dstport": "80", - "tcp.port": "35299", - "tcp.port": "80", - "tcp.stream": "130", - "tcp.len": "1248", - "tcp.seq": "601", - "tcp.nxtseq": "1849", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000694c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.136100000", - "tcp.analysis.bytes_in_flight": "1248", - "tcp.analysis.push_bytes_sent": "1248" - }, - "tcp.segment_data": "9c:2f:be:dc:a6:ac:10:6d:8f:e3:e5:17:c4:d9:a7:da:4e:32:23:28:1c:3a:f1:49:2c:47:c1:dd:07:ce:4e:28:70:75:6c:fe:96:0e:6d:3a:90:9c:86:71:cb:4e:a4:89:70:11:5c:6d:fd:0e:2e:53:c7:b3:a6:d8:13:2c:55:94:6d:77:10:39:0b:03:d4:0e:5c:4f:4c:47:52:4d:36:14:35:32:69:87:a9:84:9b:00:0d:c9:22:b1:ae:92:f0:ce:d7:ae:60:3c:c3:47:f3:77:e0:5d:3f:17:37:e3:d6:83:41:91:fb:b4:e4:22:9e:4d:91:ea:67:dc:c3:c1:9f:63:b7:d9:07:4e:2e:48:8f:70:0f:d0:70:74:76:38:ba:09:d5:5a:fa:ab:dd:c7:02:92:9b:1d:78:65:14:e7:58:d9:f8:fa:49:49:71:b0:45:3e:87:a7:65:5a:97:90:cd:62:fd:36:ba:48:9d:0a:41:d5:08:6e:c4:97:c8:8a:4f:47:37:57:eb:9a:ca:d1:d8:b2:ff:92:ed:ca:a3:45:51:ad:d7:b6:8f:de:9b:a2:23:fe:ec:48:43:23:41:d6:47:03:47:3d:eb:fb:e6:0d:6a:1c:c6:60:13:a7:94:d9:a8:7b:fa:12:fc:be:05:ca:4a:c2:72:be:e5:16:f1:5a:8d:e8:52:2a:4f:cb:9c:09:3a:e3:31:39:7a:26:19:8e:60:8c:b8:c1:6f:17:ab:01:e8:f3:e8:d4:bd:a7:3e:44:38:00:a0:35:92:5a:2d:25:6b:21:ce:ee:43:cb:63:73:0d:b7:63:5c:92:09:89:3b:e4:ef:ce:15:5d:5e:9f:00:2e:a8:c2:81:ef:3c:2d:c4:72:0c:b1:52:7d:1d:97:d2:ab:54:0a:91:92:e5:19:c8:8a:a9:a0:f1:35:d4:7d:b9:b0:f2:ea:b5:1d:2e:ab:57:66:f0:55:a3:6f:32:19:29:c4:af:e2:50:9b:2d:59:dc:f0:82:23:af:de:82:e9:3b:02:47:e4:9e:f8:3e:01:b3:2d:39:f6:a4:d5:92:28:23:75:b3:13:76:63:24:92:a1:f1:ba:95:ed:d6:f2:fd:fe:69:69:e7:53:3d:31:04:8d:30:cc:78:ae:7b:27:ca:bd:0d:61:86:55:e5:81:15:77:ac:8e:2c:43:d4:f1:7d:d6:34:06:4a:0d:3c:3d:03:48:87:b0:08:e9:dc:bf:9d:c5:4d:52:3f:3c:4a:9a:53:44:88:37:52:b6:0d:d1:37:e2:7d:92:f0:d6:0f:11:8a:a1:0a:de:e8:5f:93:00:e8:5c:96:e2:ef:45:b1:2b:35:83:f4:f0:62:98:d7:17:96:e2:45:7f:80:32:59:98:f0:d8:f3:00:7d:fe:bf:db:6a:d5:2d:d1:10:0d:36:d2:22:e7:88:ce:4e:c1:a1:1e:5f:fa:86:3d:b2:83:e9:51:f2:f7:7d:59:60:7a:ed:28:53:52:ae:a4:18:8f:b2:61:b7:6d:20:e1:c2:49:b9:95:e2:02:95:9e:f7:de:a1:d8:fa:23:86:c9:4e:9b:af:a3:47:6a:93:cc:6f:73:77:5a:fd:3c:7c:28:4c:01:06:45:66:45:58:6d:d2:18:d6:49:d7:4b:ad:0a:13:5c:c4:b3:3a:d1:0e:90:55:7d:21:c8:b5:c9:3a:ed:6c:0c:c6:70:27:63:83:40:dc:ec:37:30:30:81:5d:f8:07:6f:82:66:be:2f:e9:1c:3f:91:dd:e1:e7:09:f8:76:fc:23:07:94:15:0c:02:24:37:97:54:df:d9:53:59:f0:ce:e3:db:fc:7a:6e:be:f4:6c:17:d5:1a:69:3b:14:da:af:eb:79:15:5f:47:1d:af:39:b1:f4:1a:b5:a4:2e:35:c9:1d:09:07:db:55:07:fb:be:4a:05:82:d5:e4:d3:aa:fb:9c:72:e5:a4:79:ff:03:a1:f7:30:4a:61:99:f5:23:d0:af:46:37:f6:28:92:2f:d4:e9:c8:b9:52:b1:1f:d4:9c:bb:56:6c:b3:0f:b0:df:38:29:4f:45:d1:8f:b3:c4:e8:80:95:48:72:4b:fc:01:4c:16:b8:f2:2e:ff:b6:fb:1d:83:76:cc:2f:0d:74:77:71:32:af:1b:37:68:e9:0d:cc:bb:fa:f2:ec:b9:0d:7e:fc:ee:6f:7e:6c:77:55:22:05:1d:1a:c3:bb:42:f0:81:96:7b:70:dc:05:9b:9a:7b:2b:5d:47:b2:13:88:9f:4f:84:5c:44:f7:4a:f6:5b:0b:cb:33:80:65:b7:d7:8e:cb:a4:69:04:eb:69:21:f9:e6:b8:d1:8a:71:c1:a5:2b:b7:d2:24:2c:b4:0a:a7:e4:35:f7:05:24:2f:26:78:34:0e:50:0c:f8:4a:e8:36:6f:de:cf:4f:2a:fd:d4:67:e7:5d:2a:dc:61:de:ce:d6:62:1f:1b:d1:fa:bc:95:c2:13:29:e4:b6:00:5f:f3:5b:98:35:a0:93:53:c8:e2:5d:02:6c:b1:ac:fd:aa:62:75:7c:14:76:22:c3:b5:74:d2:5d:4d:70:2d:42:8d:44:a2:71:aa:00:e8:91:7d:27:c2:ac:99:9a:13:df:dc:d6:c9:59:67:f1:79:d9:e7:3c:99:22:f6:69:4a:65:b9:ef:c3:f8:e1:b1:53:b5:b0:f5:f8:03:17:77:c1:26:30:cd:91:53:96:56:37:1c:d2:f4:87:9b:c8:01:b9:04:d5:3d:6c:e4:39:4c:ee:95:20:f3:77:c7:c7:f3:9f:5f:ee:ad:0f:35:a6:0d:c0:d7:a1:74:d0:69:6a:df:19:66:87:6c:1f:fa:af:a5:ab:d6:c7:92:54:b1:ca:5d:cb:ff:d3:ac:ea:68:14:2c:ac:e6:f2:96:5f:bd:e7:aa:59:c2:03:68:dc:7d:91:a0:a2:c5:df:77:8f:5a:33:53:02:27:7e:fc:3d:24:3f:3b:56:e9:56:e3:0c:e4:61:2d:f7:50:0d:7e:40:6c:00:0c:89:34:68:86:c9:61:8a:f3:89:b8:00:09:36:1a:2a:71:03:66:13:80:7e:fd:7b:09:80:4d:31:a8:cd:5b:c9:04:88:de:e3:80:07:54:15:5a:85:7f:ef:70:6d:d8:7b:08:ab:16:f5:e9:73:cc:93:2f:cc:bd:e0:9c:1d:db:81:33:d6:b0:93:82:43:85:da:05:53:34:aa:27:17:8a:5b:66:fd:57:e2:64:f8:9e:5b:bb:6c:d5:20:72:81:1c:c2:76:51:a3:6b:aa:4d:3c:7c:39:0c:05:fb:8d:1a:3c:3c:51:0e:15:bd:45:40:21:b5" - }, - "tcp.segments": { - "tcp.segment": "3003", - "tcp.segment": "3005", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1848", - "tcp.reassembled.data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:38:38:22:2c:20:4e:6f:6e:63:65:3d:22:63:38:66:50:31:6c:74:30:4f:32:2b:37:49:4e:55:49:79:46:38:77:61:67:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:71:53:6c:36:37:51:2f:4a:35:37:70:58:6e:7a:6f:49:48:65:41:38:70:51:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a:9c:2f:be:dc:a6:ac:10:6d:8f:e3:e5:17:c4:d9:a7:da:4e:32:23:28:1c:3a:f1:49:2c:47:c1:dd:07:ce:4e:28:70:75:6c:fe:96:0e:6d:3a:90:9c:86:71:cb:4e:a4:89:70:11:5c:6d:fd:0e:2e:53:c7:b3:a6:d8:13:2c:55:94:6d:77:10:39:0b:03:d4:0e:5c:4f:4c:47:52:4d:36:14:35:32:69:87:a9:84:9b:00:0d:c9:22:b1:ae:92:f0:ce:d7:ae:60:3c:c3:47:f3:77:e0:5d:3f:17:37:e3:d6:83:41:91:fb:b4:e4:22:9e:4d:91:ea:67:dc:c3:c1:9f:63:b7:d9:07:4e:2e:48:8f:70:0f:d0:70:74:76:38:ba:09:d5:5a:fa:ab:dd:c7:02:92:9b:1d:78:65:14:e7:58:d9:f8:fa:49:49:71:b0:45:3e:87:a7:65:5a:97:90:cd:62:fd:36:ba:48:9d:0a:41:d5:08:6e:c4:97:c8:8a:4f:47:37:57:eb:9a:ca:d1:d8:b2:ff:92:ed:ca:a3:45:51:ad:d7:b6:8f:de:9b:a2:23:fe:ec:48:43:23:41:d6:47:03:47:3d:eb:fb:e6:0d:6a:1c:c6:60:13:a7:94:d9:a8:7b:fa:12:fc:be:05:ca:4a:c2:72:be:e5:16:f1:5a:8d:e8:52:2a:4f:cb:9c:09:3a:e3:31:39:7a:26:19:8e:60:8c:b8:c1:6f:17:ab:01:e8:f3:e8:d4:bd:a7:3e:44:38:00:a0:35:92:5a:2d:25:6b:21:ce:ee:43:cb:63:73:0d:b7:63:5c:92:09:89:3b:e4:ef:ce:15:5d:5e:9f:00:2e:a8:c2:81:ef:3c:2d:c4:72:0c:b1:52:7d:1d:97:d2:ab:54:0a:91:92:e5:19:c8:8a:a9:a0:f1:35:d4:7d:b9:b0:f2:ea:b5:1d:2e:ab:57:66:f0:55:a3:6f:32:19:29:c4:af:e2:50:9b:2d:59:dc:f0:82:23:af:de:82:e9:3b:02:47:e4:9e:f8:3e:01:b3:2d:39:f6:a4:d5:92:28:23:75:b3:13:76:63:24:92:a1:f1:ba:95:ed:d6:f2:fd:fe:69:69:e7:53:3d:31:04:8d:30:cc:78:ae:7b:27:ca:bd:0d:61:86:55:e5:81:15:77:ac:8e:2c:43:d4:f1:7d:d6:34:06:4a:0d:3c:3d:03:48:87:b0:08:e9:dc:bf:9d:c5:4d:52:3f:3c:4a:9a:53:44:88:37:52:b6:0d:d1:37:e2:7d:92:f0:d6:0f:11:8a:a1:0a:de:e8:5f:93:00:e8:5c:96:e2:ef:45:b1:2b:35:83:f4:f0:62:98:d7:17:96:e2:45:7f:80:32:59:98:f0:d8:f3:00:7d:fe:bf:db:6a:d5:2d:d1:10:0d:36:d2:22:e7:88:ce:4e:c1:a1:1e:5f:fa:86:3d:b2:83:e9:51:f2:f7:7d:59:60:7a:ed:28:53:52:ae:a4:18:8f:b2:61:b7:6d:20:e1:c2:49:b9:95:e2:02:95:9e:f7:de:a1:d8:fa:23:86:c9:4e:9b:af:a3:47:6a:93:cc:6f:73:77:5a:fd:3c:7c:28:4c:01:06:45:66:45:58:6d:d2:18:d6:49:d7:4b:ad:0a:13:5c:c4:b3:3a:d1:0e:90:55:7d:21:c8:b5:c9:3a:ed:6c:0c:c6:70:27:63:83:40:dc:ec:37:30:30:81:5d:f8:07:6f:82:66:be:2f:e9:1c:3f:91:dd:e1:e7:09:f8:76:fc:23:07:94:15:0c:02:24:37:97:54:df:d9:53:59:f0:ce:e3:db:fc:7a:6e:be:f4:6c:17:d5:1a:69:3b:14:da:af:eb:79:15:5f:47:1d:af:39:b1:f4:1a:b5:a4:2e:35:c9:1d:09:07:db:55:07:fb:be:4a:05:82:d5:e4:d3:aa:fb:9c:72:e5:a4:79:ff:03:a1:f7:30:4a:61:99:f5:23:d0:af:46:37:f6:28:92:2f:d4:e9:c8:b9:52:b1:1f:d4:9c:bb:56:6c:b3:0f:b0:df:38:29:4f:45:d1:8f:b3:c4:e8:80:95:48:72:4b:fc:01:4c:16:b8:f2:2e:ff:b6:fb:1d:83:76:cc:2f:0d:74:77:71:32:af:1b:37:68:e9:0d:cc:bb:fa:f2:ec:b9:0d:7e:fc:ee:6f:7e:6c:77:55:22:05:1d:1a:c3:bb:42:f0:81:96:7b:70:dc:05:9b:9a:7b:2b:5d:47:b2:13:88:9f:4f:84:5c:44:f7:4a:f6:5b:0b:cb:33:80:65:b7:d7:8e:cb:a4:69:04:eb:69:21:f9:e6:b8:d1:8a:71:c1:a5:2b:b7:d2:24:2c:b4:0a:a7:e4:35:f7:05:24:2f:26:78:34:0e:50:0c:f8:4a:e8:36:6f:de:cf:4f:2a:fd:d4:67:e7:5d:2a:dc:61:de:ce:d6:62:1f:1b:d1:fa:bc:95:c2:13:29:e4:b6:00:5f:f3:5b:98:35:a0:93:53:c8:e2:5d:02:6c:b1:ac:fd:aa:62:75:7c:14:76:22:c3:b5:74:d2:5d:4d:70:2d:42:8d:44:a2:71:aa:00:e8:91:7d:27:c2:ac:99:9a:13:df:dc:d6:c9:59:67:f1:79:d9:e7:3c:99:22:f6:69:4a:65:b9:ef:c3:f8:e1:b1:53:b5:b0:f5:f8:03:17:77:c1:26:30:cd:91:53:96:56:37:1c:d2:f4:87:9b:c8:01:b9:04:d5:3d:6c:e4:39:4c:ee:95:20:f3:77:c7:c7:f3:9f:5f:ee:ad:0f:35:a6:0d:c0:d7:a1:74:d0:69:6a:df:19:66:87:6c:1f:fa:af:a5:ab:d6:c7:92:54:b1:ca:5d:cb:ff:d3:ac:ea:68:14:2c:ac:e6:f2:96:5f:bd:e7:aa:59:c2:03:68:dc:7d:91:a0:a2:c5:df:77:8f:5a:33:53:02:27:7e:fc:3d:24:3f:3b:56:e9:56:e3:0c:e4:61:2d:f7:50:0d:7e:40:6c:00:0c:89:34:68:86:c9:61:8a:f3:89:b8:00:09:36:1a:2a:71:03:66:13:80:7e:fd:7b:09:80:4d:31:a8:cd:5b:c9:04:88:de:e3:80:07:54:15:5a:85:7f:ef:70:6d:d8:7b:08:ab:16:f5:e9:73:cc:93:2f:cc:bd:e0:9c:1d:db:81:33:d6:b0:93:82:43:85:da:05:53:34:aa:27:17:8a:5b:66:fd:57:e2:64:f8:9e:5b:bb:6c:d5:20:72:81:1c:c2:76:51:a3:6b:aa:4d:3c:7c:39:0c:05:fb:8d:1a:3c:3c:51:0e:15:bd:45:40:21:b5" - }, - "http": { - "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "POST", - "http.request.uri": "\/DcpRequestHandler\/index.ashx", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "dcp.cpp.philips.com:80", - "http.request.line": "Host: dcp.cpp.philips.com:80\r\n", - "http.authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"188\", Nonce=\"c8fP1lt0O2+7INUIyF8wag==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"qSl67Q\/J57pXnzoIHeA8pQ==\"", - "http.request.line": "Authorization: CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"188\", Nonce=\"c8fP1lt0O2+7INUIyF8wag==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"qSl67Q\/J57pXnzoIHeA8pQ==\"\r\n", - "http.content_length_header": "1248 ", - "http.content_length_header_tree": { - "http.content_length": "1248" - }, - "http.request.line": "Content-Length: 1248 \r\n", - "http.content_type": "application\/CB-Encrypted; cipher=AES", - "http.request.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", - "http.connection": "close", - "http.request.line": "Connection: close\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/dcp.cpp.philips.com:80\/DcpRequestHandler\/index.ashx", - "http.request": "1", - "http.request_number": "1", - "http.file_data": "\u00ef\u00bf\u00bd\/\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0010m\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0017\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdN2#(\u001c:\u00ef\u00bf\u00bdI,G\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0007\u00ef\u00bf\u00bdN(pul\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u000em:\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdq\u00ef\u00bf\u00bdN\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdp\u0011\\m\u00ef\u00bf\u00bd\u000e.S\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0013,U\u00ef\u00bf\u00bdmw\u00109\u000b\u0003\u00ef\u00bf\u00bd\u000e\\OLGRM6\u001452i\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd" - }, - "media": { - "media.type": "9c:2f:be:dc:a6:ac:10:6d:8f:e3:e5:17:c4:d9:a7:da:4e:32:23:28:1c:3a:f1:49:2c:47:c1:dd:07:ce:4e:28:70:75:6c:fe:96:0e:6d:3a:90:9c:86:71:cb:4e:a4:89:70:11:5c:6d:fd:0e:2e:53:c7:b3:a6:d8:13:2c:55:94:6d:77:10:39:0b:03:d4:0e:5c:4f:4c:47:52:4d:36:14:35:32:69:87:a9:84:9b:00:0d:c9:22:b1:ae:92:f0:ce:d7:ae:60:3c:c3:47:f3:77:e0:5d:3f:17:37:e3:d6:83:41:91:fb:b4:e4:22:9e:4d:91:ea:67:dc:c3:c1:9f:63:b7:d9:07:4e:2e:48:8f:70:0f:d0:70:74:76:38:ba:09:d5:5a:fa:ab:dd:c7:02:92:9b:1d:78:65:14:e7:58:d9:f8:fa:49:49:71:b0:45:3e:87:a7:65:5a:97:90:cd:62:fd:36:ba:48:9d:0a:41:d5:08:6e:c4:97:c8:8a:4f:47:37:57:eb:9a:ca:d1:d8:b2:ff:92:ed:ca:a3:45:51:ad:d7:b6:8f:de:9b:a2:23:fe:ec:48:43:23:41:d6:47:03:47:3d:eb:fb:e6:0d:6a:1c:c6:60:13:a7:94:d9:a8:7b:fa:12:fc:be:05:ca:4a:c2:72:be:e5:16:f1:5a:8d:e8:52:2a:4f:cb:9c:09:3a:e3:31:39:7a:26:19:8e:60:8c:b8:c1:6f:17:ab:01:e8:f3:e8:d4:bd:a7:3e:44:38:00:a0:35:92:5a:2d:25:6b:21:ce:ee:43:cb:63:73:0d:b7:63:5c:92:09:89:3b:e4:ef:ce:15:5d:5e:9f:00:2e:a8:c2:81:ef:3c:2d:c4:72:0c:b1:52:7d:1d:97:d2:ab:54:0a:91:92:e5:19:c8:8a:a9:a0:f1:35:d4:7d:b9:b0:f2:ea:b5:1d:2e:ab:57:66:f0:55:a3:6f:32:19:29:c4:af:e2:50:9b:2d:59:dc:f0:82:23:af:de:82:e9:3b:02:47:e4:9e:f8:3e:01:b3:2d:39:f6:a4:d5:92:28:23:75:b3:13:76:63:24:92:a1:f1:ba:95:ed:d6:f2:fd:fe:69:69:e7:53:3d:31:04:8d:30:cc:78:ae:7b:27:ca:bd:0d:61:86:55:e5:81:15:77:ac:8e:2c:43:d4:f1:7d:d6:34:06:4a:0d:3c:3d:03:48:87:b0:08:e9:dc:bf:9d:c5:4d:52:3f:3c:4a:9a:53:44:88:37:52:b6:0d:d1:37:e2:7d:92:f0:d6:0f:11:8a:a1:0a:de:e8:5f:93:00:e8:5c:96:e2:ef:45:b1:2b:35:83:f4:f0:62:98:d7:17:96:e2:45:7f:80:32:59:98:f0:d8:f3:00:7d:fe:bf:db:6a:d5:2d:d1:10:0d:36:d2:22:e7:88:ce:4e:c1:a1:1e:5f:fa:86:3d:b2:83:e9:51:f2:f7:7d:59:60:7a:ed:28:53:52:ae:a4:18:8f:b2:61:b7:6d:20:e1:c2:49:b9:95:e2:02:95:9e:f7:de:a1:d8:fa:23:86:c9:4e:9b:af:a3:47:6a:93:cc:6f:73:77:5a:fd:3c:7c:28:4c:01:06:45:66:45:58:6d:d2:18:d6:49:d7:4b:ad:0a:13:5c:c4:b3:3a:d1:0e:90:55:7d:21:c8:b5:c9:3a:ed:6c:0c:c6:70:27:63:83:40:dc:ec:37:30:30:81:5d:f8:07:6f:82:66:be:2f:e9:1c:3f:91:dd:e1:e7:09:f8:76:fc:23:07:94:15:0c:02:24:37:97:54:df:d9:53:59:f0:ce:e3:db:fc:7a:6e:be:f4:6c:17:d5:1a:69:3b:14:da:af:eb:79:15:5f:47:1d:af:39:b1:f4:1a:b5:a4:2e:35:c9:1d:09:07:db:55:07:fb:be:4a:05:82:d5:e4:d3:aa:fb:9c:72:e5:a4:79:ff:03:a1:f7:30:4a:61:99:f5:23:d0:af:46:37:f6:28:92:2f:d4:e9:c8:b9:52:b1:1f:d4:9c:bb:56:6c:b3:0f:b0:df:38:29:4f:45:d1:8f:b3:c4:e8:80:95:48:72:4b:fc:01:4c:16:b8:f2:2e:ff:b6:fb:1d:83:76:cc:2f:0d:74:77:71:32:af:1b:37:68:e9:0d:cc:bb:fa:f2:ec:b9:0d:7e:fc:ee:6f:7e:6c:77:55:22:05:1d:1a:c3:bb:42:f0:81:96:7b:70:dc:05:9b:9a:7b:2b:5d:47:b2:13:88:9f:4f:84:5c:44:f7:4a:f6:5b:0b:cb:33:80:65:b7:d7:8e:cb:a4:69:04:eb:69:21:f9:e6:b8:d1:8a:71:c1:a5:2b:b7:d2:24:2c:b4:0a:a7:e4:35:f7:05:24:2f:26:78:34:0e:50:0c:f8:4a:e8:36:6f:de:cf:4f:2a:fd:d4:67:e7:5d:2a:dc:61:de:ce:d6:62:1f:1b:d1:fa:bc:95:c2:13:29:e4:b6:00:5f:f3:5b:98:35:a0:93:53:c8:e2:5d:02:6c:b1:ac:fd:aa:62:75:7c:14:76:22:c3:b5:74:d2:5d:4d:70:2d:42:8d:44:a2:71:aa:00:e8:91:7d:27:c2:ac:99:9a:13:df:dc:d6:c9:59:67:f1:79:d9:e7:3c:99:22:f6:69:4a:65:b9:ef:c3:f8:e1:b1:53:b5:b0:f5:f8:03:17:77:c1:26:30:cd:91:53:96:56:37:1c:d2:f4:87:9b:c8:01:b9:04:d5:3d:6c:e4:39:4c:ee:95:20:f3:77:c7:c7:f3:9f:5f:ee:ad:0f:35:a6:0d:c0:d7:a1:74:d0:69:6a:df:19:66:87:6c:1f:fa:af:a5:ab:d6:c7:92:54:b1:ca:5d:cb:ff:d3:ac:ea:68:14:2c:ac:e6:f2:96:5f:bd:e7:aa:59:c2:03:68:dc:7d:91:a0:a2:c5:df:77:8f:5a:33:53:02:27:7e:fc:3d:24:3f:3b:56:e9:56:e3:0c:e4:61:2d:f7:50:0d:7e:40:6c:00:0c:89:34:68:86:c9:61:8a:f3:89:b8:00:09:36:1a:2a:71:03:66:13:80:7e:fd:7b:09:80:4d:31:a8:cd:5b:c9:04:88:de:e3:80:07:54:15:5a:85:7f:ef:70:6d:d8:7b:08:ab:16:f5:e9:73:cc:93:2f:cc:bd:e0:9c:1d:db:81:33:d6:b0:93:82:43:85:da:05:53:34:aa:27:17:8a:5b:66:fd:57:e2:64:f8:9e:5b:bb:6c:d5:20:72:81:1c:c2:76:51:a3:6b:aa:4d:3c:7c:39:0c:05:fb:8d:1a:3c:3c:51:0e:15:bd:45:40:21:b5" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:54.084043000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494394.084043000", - "frame.time_delta": "0.137090000", - "frame.time_delta_displayed": "0.137090000", - "frame.time_relative": "802.623357000", - "frame.number": "3006", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d4bf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x0000b61b", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35299", - "tcp.port": "80", - "tcp.port": "35299", - "tcp.stream": "130", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1849", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00008cc6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3005", - "tcp.analysis.ack_rtt": "0.137090000", - "tcp.analysis.initial_rtt": "0.136100000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:54.109943000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494394.109943000", - "frame.time_delta": "0.025900000", - "frame.time_delta_displayed": "0.025900000", - "frame.time_relative": "802.649257000", - "frame.number": "3007", - "frame.len": "925", - "frame.cap_len": "925", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:media" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "911", - "ip.id": "0x0000defc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x0000a877", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35299", - "tcp.port": "80", - "tcp.port": "35299", - "tcp.stream": "130", - "tcp.len": "871", - "tcp.seq": "1", - "tcp.nxtseq": "872", - "tcp.ack": "1849", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000f1bf", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.136100000", - "tcp.analysis.bytes_in_flight": "871", - "tcp.analysis.push_bytes_sent": "871" - } - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.cache_control": "private", - "http.response.line": "Cache-Control: private\r\n", - "http.content_length_header": "560", - "http.content_length_header_tree": { - "http.content_length": "560" - }, - "http.response.line": "Content-Length: 560\r\n", - "http.content_type": "application\/CB-Encrypted; cipher=AES", - "http.response.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", - "http.server": "Microsoft-IIS\/7.5", - "http.response.line": "Server: Microsoft-IIS\/7.5\r\n", - "http.www_authenticate": "CBAuth Nonce=\"2hhU3nemMHu7INUIpcyq8g==\"", - "http.response.line": "WWW-Authenticate: CBAuth Nonce=\"2hhU3nemMHu7INUIpcyq8g==\"\r\n", - "http.response.line": "X-AspNet-Version: 4.0.30319\r\n", - "http.response.line": "X-Powered-By: ASP.NET\r\n", - "http.date": "Tue, 31 Oct 2017 23:59:54 GMT", - "http.response.line": "Date: Tue, 31 Oct 2017 23:59:54 GMT\r\n", - "http.connection": "close", - "http.response.line": "Connection: close\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.162990000", - "http.request_in": "3005", - "http.file_data": "\u00ef\u00bf\u00bd\/\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0010m\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0017\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdN2#(\u001c:\u00ef\u00bf\u00bdI,G\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0007\u00ef\u00bf\u00bdN(\u00ef\u00bf\u00bd\u0005w\u00ef\u00bf\u00bd@" - }, - "media": { - "media.type": "9c:2f:be:dc:a6:ac:10:6d:8f:e3:e5:17:c4:d9:a7:da:4e:32:23:28:1c:3a:f1:49:2c:47:c1:dd:07:ce:4e:28:e9:05:77:9b:40:00:1b:ec:84:a2:6d:8d:1a:a7:ca:cc:b7:27:8a:3e:71:cb:78:ea:85:13:63:5e:3d:53:42:80:80:d8:70:ad:2e:4a:83:86:b0:cf:57:39:0a:49:0b:b5:02:2a:b9:aa:68:64:e0:a3:f3:e5:1e:ca:f5:9c:bd:06:66:5d:70:32:73:c1:08:e1:85:66:15:56:0d:f0:fa:82:b0:28:7b:6c:a3:c6:5d:22:c8:4c:4c:db:0e:dc:f4:2a:27:f7:61:42:55:78:db:f4:81:a7:a0:b0:e4:b5:e5:42:de:ba:5c:2b:c0:76:0a:08:9f:1d:63:db:22:48:a2:5f:c2:b7:50:00:59:79:ab:23:1c:af:2a:12:b7:8f:dd:c4:77:c4:e5:9c:c5:67:a8:95:1a:e5:46:22:be:26:a2:a5:c6:b9:d3:c1:dc:64:96:40:0b:20:5f:a6:0b:b1:de:4d:f1:3a:90:87:24:ad:e1:0b:c3:56:2b:d0:af:90:55:50:8a:ec:cd:e9:3d:a7:fc:3f:1c:ad:7c:08:94:33:81:85:2c:11:63:81:3d:64:7c:e0:96:2d:c3:ad:31:58:cb:ba:75:8b:a5:f0:e8:05:2b:84:a7:2c:6c:d2:95:05:45:20:44:5b:03:11:67:07:be:37:cd:b1:64:ae:d4:e5:5b:52:8c:46:b6:e6:b3:a2:2a:49:87:bc:03:55:89:d3:90:2f:98:50:c8:c2:b6:94:9d:24:cd:d7:e0:95:ea:07:a4:92:23:98:98:75:7a:fd:3f:e1:44:d6:d7:99:a4:85:84:b2:3d:47:99:0f:51:3c:b8:dd:66:88:bd:be:29:2a:8b:ea:1f:8e:d9:c1:42:40:d8:36:36:66:93:3e:b7:2a:d7:b4:d0:1e:5c:2a:21:bb:11:f5:8d:fd:02:2f:be:d3:cf:10:6b:06:09:3b:fe:c2:f1:1f:a8:a6:40:51:32:2a:dd:d6:0e:a3:a8:d7:38:7d:3c:e8:c0:cb:a9:75:ef:88:ca:78:e5:02:31:50:c9:61:67:6a:27:d8:51:eb:21:c5:99:e4:c1:17:64:76:bc:4f:fa:8d:8a:b6:56:3a:19:c6:e0:7d:b1:73:84:94:60:16:c9:2a:19:cc:71:89:15:07:92:7c:74:8d:a5:75:13:9d:9b:3e:f6:70:0d:17:74:99:65:ec:d4:4b:81:99:c2:8f:f3:66:ab:34:43:2c:fa:95:88:4a:4c:f8:c8:30:97:d1:e6:73:f1:aa:3d:15:55:28:e0:1e:60:2f:fe:f8:5d:fa:4d:41:37:5e:bc:1f:ce:8c:4f:60:b4:ac:aa:9c:38:18:b4:4f:66:52:f7:5a:ac:2f:93:17:11:e2:cd:41:eb:08:cd:4c:f9:3c:34:e0:ed:dd:58:26" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:54.110032000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494394.110032000", - "frame.time_delta": "0.000089000", - "frame.time_delta_displayed": "0.000089000", - "frame.time_relative": "802.649346000", - "frame.number": "3008", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000defe", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x0000abdc", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35299", - "tcp.port": "80", - "tcp.port": "35299", - "tcp.stream": "130", - "tcp.len": "0", - "tcp.seq": "872", - "tcp.ack": "1849", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000895e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:54.110516000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494394.110516000", - "frame.time_delta": "0.000484000", - "frame.time_delta_displayed": "0.000484000", - "frame.time_relative": "802.649830000", - "frame.number": "3009", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000014b2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000212a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35299", - "tcp.dstport": "80", - "tcp.port": "35299", - "tcp.port": "80", - "tcp.stream": "130", - "tcp.len": "0", - "tcp.seq": "1849", - "tcp.ack": "872", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "30485", - "tcp.window_size": "30485", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x000029ae", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3007", - "tcp.analysis.ack_rtt": "0.000573000", - "tcp.analysis.initial_rtt": "0.136100000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:54.111188000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494394.111188000", - "frame.time_delta": "0.000672000", - "frame.time_delta_displayed": "0.000672000", - "frame.time_relative": "802.650502000", - "frame.number": "3010", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000014b3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00002129", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35299", - "tcp.dstport": "80", - "tcp.port": "35299", - "tcp.port": "80", - "tcp.stream": "130", - "tcp.len": "0", - "tcp.seq": "1849", - "tcp.ack": "873", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "30485", - "tcp.window_size": "30485", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x000029ac", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3008", - "tcp.analysis.ack_rtt": "0.001156000", - "tcp.analysis.initial_rtt": "0.136100000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:54.247102000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494394.247102000", - "frame.time_delta": "0.135914000", - "frame.time_delta_displayed": "0.135914000", - "frame.time_relative": "802.786416000", - "frame.number": "3011", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001770", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x0000736b", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35299", - "tcp.port": "80", - "tcp.port": "35299", - "tcp.stream": "130", - "tcp.len": "0", - "tcp.seq": "873", - "tcp.ack": "1850", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000895d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3010", - "tcp.analysis.ack_rtt": "0.135914000", - "tcp.analysis.initial_rtt": "0.136100000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 16:59:56.270503000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494396.270503000", - "frame.time_delta": "2.023401000", - "frame.time_delta_displayed": "2.023401000", - "frame.time_relative": "804.809817000", - "frame.number": "3012", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "50:c7:bf:59:d5:84", - "eth.src_tree": { - "eth.src_resolved": "Tp-LinkT_59:d5:84", - "eth.addr": "50:c7:bf:59:d5:84", - "eth.addr_resolved": "Tp-LinkT_59:d5:84", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "50:c7:bf:59:d5:84", - "arp.src.proto_ipv4": "192.168.0.221", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:00.168575000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494400.168575000", - "frame.time_delta": "3.898072000", - "frame.time_delta_displayed": "3.898072000", - "frame.time_relative": "808.707889000", - "frame.number": "3013", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x0000a794", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000021c3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:00.221474000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494400.221474000", - "frame.time_delta": "0.052899000", - "frame.time_delta_displayed": "0.052899000", - "frame.time_relative": "808.760788000", - "frame.number": "3014", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x0000a797", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000021c0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:00.274279000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494400.274279000", - "frame.time_delta": "0.052805000", - "frame.time_delta_displayed": "0.052805000", - "frame.time_relative": "808.813593000", - "frame.number": "3015", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x0000a798", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000021b6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:00.327230000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494400.327230000", - "frame.time_delta": "0.052951000", - "frame.time_delta_displayed": "0.052951000", - "frame.time_relative": "808.866544000", - "frame.number": "3016", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x0000a79a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000021b4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:00.380034000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494400.380034000", - "frame.time_delta": "0.052804000", - "frame.time_delta_displayed": "0.052804000", - "frame.time_relative": "808.919348000", - "frame.number": "3017", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x0000a79f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000021b5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:00.432919000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494400.432919000", - "frame.time_delta": "0.052885000", - "frame.time_delta_displayed": "0.052885000", - "frame.time_relative": "808.972233000", - "frame.number": "3018", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x0000a7a1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000021b3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:04.224248000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494404.224248000", - "frame.time_delta": "3.791329000", - "frame.time_delta_displayed": "3.791329000", - "frame.time_relative": "812.763562000", - "frame.number": "3019", - "frame.len": "94", - "frame.cap_len": "94", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "80", - "ip.id": "0x000057ef", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a67a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "40", - "tcp.seq": "242", - "tcp.nxtseq": "282", - "tcp.ack": "217", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f223", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "40", - "tcp.analysis.push_bytes_sent": "40" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "35", - "ssl.app_data": "c1:4c:bc:6e:d4:4e:36:e2:23:e0:ad:50:62:31:57:66:3f:cc:f3:e9:32:bf:e3:14:89:09:1e:b4:c9:d4:7d:13:62:ef:f0" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:04.371464000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494404.371464000", - "frame.time_delta": "0.147216000", - "frame.time_delta_displayed": "0.147216000", - "frame.time_relative": "812.910778000", - "frame.number": "3020", - "frame.len": "90", - "frame.cap_len": "90", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "76", - "ip.id": "0x00000fde", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fd8f", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "36", - "tcp.seq": "217", - "tcp.nxtseq": "253", - "tcp.ack": "282", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000042b1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3019", - "tcp.analysis.ack_rtt": "0.147216000", - "tcp.analysis.bytes_in_flight": "36", - "tcp.analysis.push_bytes_sent": "36" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "31", - "ssl.app_data": "54:26:79:5a:1e:3d:fa:68:13:6a:a9:c9:b4:10:b7:8f:3e:a0:72:86:21:7d:af:b7:55:5f:71:d2:ba:0a:51" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:04.371975000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494404.371975000", - "frame.time_delta": "0.000511000", - "frame.time_delta_displayed": "0.000511000", - "frame.time_relative": "812.911289000", - "frame.number": "3021", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000057f0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a6a1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "282", - "tcp.ack": "253", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000004aa", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3020", - "tcp.analysis.ack_rtt": "0.000511000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:05.593160000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494405.593160000", - "frame.time_delta": "1.221185000", - "frame.time_delta_displayed": "1.221185000", - "frame.time_relative": "814.132474000", - "frame.number": "3022", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d9b", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000ba55", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00000e93", - "udp.checksum.status": "2", - "udp.stream": "16" - }, - "mdns": { - "dns.id": "0x0000026f", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=623", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:05.593687000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494405.593687000", - "frame.time_delta": "0.000527000", - "frame.time_delta_displayed": "0.000527000", - "frame.time_relative": "814.133001000", - "frame.number": "3023", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d9c", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009b50", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000ef8e", - "udp.checksum.status": "2", - "udp.stream": "17" - }, - "mdns": { - "dns.id": "0x0000026f", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=623", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:05.594053000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494405.594053000", - "frame.time_delta": "0.000366000", - "frame.time_delta_displayed": "0.000366000", - "frame.time_relative": "814.133367000", - "frame.number": "3024", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1319", - "udp.dstport": "5353", - "udp.port": "1319", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00007d54", - "udp.checksum.status": "2", - "udp.stream": "18" - }, - "mdns": { - "dns.id": "0x0000026f", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=623", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:06.473323000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494406.473323000", - "frame.time_delta": "0.879270000", - "frame.time_delta_displayed": "0.879270000", - "frame.time_relative": "815.012637000", - "frame.number": "3025", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005c54", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x00005b95", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:09.100907000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494409.100907000", - "frame.time_delta": "2.627584000", - "frame.time_delta_displayed": "2.627584000", - "frame.time_relative": "817.640221000", - "frame.number": "3026", - "frame.len": "136", - "frame.cap_len": "136", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "122", - "ip.id": "0x00006dd1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00006b88", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "102", - "udp.checksum": "0x0000302a", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000003", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", - "dns.qry.name.len": "70", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:10.592824000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494410.592824000", - "frame.time_delta": "1.491917000", - "frame.time_delta_displayed": "1.491917000", - "frame.time_relative": "819.132138000", - "frame.number": "3027", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d9d", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000ba53", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00000e93", - "udp.checksum.status": "2", - "udp.stream": "16" - }, - "mdns": { - "dns.id": "0x0000026f", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=623", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:10.593267000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494410.593267000", - "frame.time_delta": "0.000443000", - "frame.time_delta_displayed": "0.000443000", - "frame.time_relative": "819.132581000", - "frame.number": "3028", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d9e", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009b4e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000ef8e", - "udp.checksum.status": "2", - "udp.stream": "17" - }, - "mdns": { - "dns.id": "0x0000026f", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=623", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:10.593689000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494410.593689000", - "frame.time_delta": "0.000422000", - "frame.time_delta_displayed": "0.000422000", - "frame.time_relative": "819.133003000", - "frame.number": "3029", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1319", - "udp.dstport": "5353", - "udp.port": "1319", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00007d54", - "udp.checksum.status": "2", - "udp.stream": "18" - }, - "mdns": { - "dns.id": "0x0000026f", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=623", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:15.592316000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494415.592316000", - "frame.time_delta": "4.998627000", - "frame.time_delta_displayed": "4.998627000", - "frame.time_relative": "824.131630000", - "frame.number": "3030", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001d9f", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000ba51", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00000e93", - "udp.checksum.status": "2", - "udp.stream": "16" - }, - "mdns": { - "dns.id": "0x0000026f", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=623", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:15.596017000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494415.596017000", - "frame.time_delta": "0.003701000", - "frame.time_delta_displayed": "0.003701000", - "frame.time_relative": "824.135331000", - "frame.number": "3031", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001da0", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009b4c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000ef8e", - "udp.checksum.status": "2", - "udp.stream": "17" - }, - "mdns": { - "dns.id": "0x0000026f", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=623", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:15.596354000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494415.596354000", - "frame.time_delta": "0.000337000", - "frame.time_delta_displayed": "0.000337000", - "frame.time_relative": "824.135668000", - "frame.number": "3032", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1319", - "udp.dstport": "5353", - "udp.port": "1319", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00007d54", - "udp.checksum.status": "2", - "udp.stream": "18" - }, - "mdns": { - "dns.id": "0x0000026f", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=623", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:15.923192000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494415.923192000", - "frame.time_delta": "0.326838000", - "frame.time_delta_displayed": "0.326838000", - "frame.time_relative": "824.462506000", - "frame.number": "3033", - "frame.len": "115", - "frame.cap_len": "115", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "101", - "ip.id": "0x00009572", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000077dc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "49", - "tcp.seq": "29435", - "tcp.nxtseq": "29484", - "tcp.ack": "6762", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f9b4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:f2:fc:a7:9e:07:cb", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2487036, TSecr 2812151755": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2487036", - "tcp.options.timestamp.tsecr": "2812151755" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "49", - "tcp.analysis.push_bytes_sent": "49" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "44", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:1b:bc:4d:b6:46:1e:98:0d:b8:13:08:aa:d9:e2:fe:34:91:09:c7:06:e0:2c:19:1f:8d:fd:1f:c0:d0:a0:3c:2a:23:c9:ad:41:66" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:15.983525000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494415.983525000", - "frame.time_delta": "0.060333000", - "frame.time_delta_displayed": "0.060333000", - "frame.time_relative": "824.522839000", - "frame.number": "3034", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c69", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003916", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "6762", - "tcp.ack": "29484", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00000773", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:20:88:00:25:f2:fc", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812158088, TSecr 2487036": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812158088", - "tcp.options.timestamp.tsecr": "2487036" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3033", - "tcp.analysis.ack_rtt": "0.060333000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:15.983980000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494415.983980000", - "frame.time_delta": "0.000455000", - "frame.time_delta_displayed": "0.000455000", - "frame.time_relative": "824.523294000", - "frame.number": "3035", - "frame.len": "121", - "frame.cap_len": "121", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "107", - "ip.id": "0x00002c6a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038de", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "55", - "tcp.seq": "6762", - "tcp.nxtseq": "6817", - "tcp.ack": "29484", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000047aa", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:20:88:00:25:f2:fc", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812158088, TSecr 2487036": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812158088", - "tcp.options.timestamp.tsecr": "2487036" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "55", - "tcp.analysis.push_bytes_sent": "55" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "50", - "ssl.app_data": "34:cd:34:17:47:48:0e:5f:59:c6:a0:9d:b9:5c:2a:bc:4a:c4:e0:cb:7d:f8:91:60:56:63:dd:1b:5a:a2:33:c8:0c:11:7a:94:25:74:74:68:6f:6d:0b:b7:b9:d0:6b:d5:2b:4b" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:16.014710000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494416.014710000", - "frame.time_delta": "0.030730000", - "frame.time_delta_displayed": "0.030730000", - "frame.time_relative": "824.554024000", - "frame.number": "3036", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00009573", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000780c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "29484", - "tcp.ack": "6817", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00000643", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:f3:06:a7:9e:20:88", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2487046, TSecr 2812158088": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2487046", - "tcp.options.timestamp.tsecr": "2812158088" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3035", - "tcp.analysis.ack_rtt": "0.030730000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:16.521108000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494416.521108000", - "frame.time_delta": "0.506398000", - "frame.time_delta_displayed": "0.506398000", - "frame.time_relative": "825.060422000", - "frame.number": "3037", - "frame.len": "136", - "frame.cap_len": "136", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "122", - "ip.id": "0x00007266", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000066f3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "102", - "udp.checksum": "0x0000302b", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000001", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", - "dns.qry.name.len": "70", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:16.523876000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494416.523876000", - "frame.time_delta": "0.002768000", - "frame.time_delta_displayed": "0.002768000", - "frame.time_relative": "825.063190000", - "frame.number": "3038", - "frame.len": "136", - "frame.cap_len": "136", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "122", - "ip.id": "0x00007268", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000066f1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "102", - "udp.checksum": "0x0000302b", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000001", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", - "dns.qry.name.len": "70", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:17.001118000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494417.001118000", - "frame.time_delta": "0.477242000", - "frame.time_delta_displayed": "0.477242000", - "frame.time_relative": "825.540432000", - "frame.number": "3039", - "frame.len": "88", - "frame.cap_len": "88", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "74", - "ip.id": "0x000072f4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00006695", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "54", - "udp.checksum": "0x0000fd7d", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_services._dns-sd._udp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_services._dns-sd._udp.local", - "dns.qry.name.len": "28", - "dns.count.labels": "4", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:17.001277000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494417.001277000", - "frame.time_delta": "0.000159000", - "frame.time_delta_displayed": "0.000159000", - "frame.time_relative": "825.540591000", - "frame.number": "3040", - "frame.len": "83", - "frame.cap_len": "83", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "69", - "ip.id": "0x000072f5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00006699", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "49", - "udp.checksum": "0x0000edf6", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_smartthings._tcp.local", - "dns.qry.name.len": "23", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:17.001421000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494417.001421000", - "frame.time_delta": "0.000144000", - "frame.time_delta_displayed": "0.000144000", - "frame.time_relative": "825.540735000", - "frame.number": "3041", - "frame.len": "83", - "frame.cap_len": "83", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "69", - "ip.id": "0x000072f6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00006698", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "49", - "udp.checksum": "0x0000edf6", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_smartthings._tcp.local", - "dns.qry.name.len": "23", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:17.022759000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494417.022759000", - "frame.time_delta": "0.021338000", - "frame.time_delta_displayed": "0.021338000", - "frame.time_relative": "825.562073000", - "frame.number": "3042", - "frame.len": "211", - "frame.cap_len": "211", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "197", - "ip.id": "0x0000201c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000b875", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "177", - "udp.checksum": "0x00009320", - "udp.checksum.status": "2", - "udp.stream": "45" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00008400", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "1", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.recavail": "0", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "0", - "dns.count.answers": "4", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Answers": { - "_smartthings._tcp.local: type PTR, class IN, D052A8A1D7EE0001._smartthings._tcp.local": { - "dns.resp.name": "_smartthings._tcp.local", - "dns.resp.type": "12", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "4500", - "dns.resp.len": "19", - "dns.ptr.domain_name": "D052A8A1D7EE0001._smartthings._tcp.local" - }, - "D052A8A1D7EE0001._smartthings._tcp.local: type TXT, class IN, cache flush": { - "dns.resp.name": "D052A8A1D7EE0001._smartthings._tcp.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "1", - "dns.resp.ttl": "4500", - "dns.resp.len": "38", - "dns.txt.length": "6", - "dns.txt": "path=\/", - "dns.txt.length": "19", - "dns.txt": "id=D052A8A1D7EE0001", - "dns.txt.length": "10", - "dns.txt": "type=hubv2" - }, - "D052A8A1D7EE0001._smartthings._tcp.local: type SRV, class IN, cache flush, priority 0, weight 0, port 8081, target D052A8A1D7EE0001.local": { - "dns.srv.service": "D052A8A1D7EE0001", - "dns.srv.proto": "_smartthings", - "dns.srv.name": "_tcp.local", - "dns.resp.type": "33", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "1", - "dns.resp.ttl": "120", - "dns.resp.len": "25", - "dns.srv.priority": "0", - "dns.srv.weight": "0", - "dns.srv.port": "8081", - "dns.srv.target": "D052A8A1D7EE0001.local" - }, - "D052A8A1D7EE0001.local: type A, class IN, cache flush, addr 192.168.0.242": { - "dns.resp.name": "D052A8A1D7EE0001.local", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "1", - "dns.resp.ttl": "120", - "dns.resp.len": "4", - "dns.a": "192.168.0.242" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:17.117403000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494417.117403000", - "frame.time_delta": "0.094644000", - "frame.time_delta_displayed": "0.094644000", - "frame.time_relative": "825.656717000", - "frame.number": "3043", - "frame.len": "108", - "frame.cap_len": "108", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "c4:12:f5:de:38:20", - "eth.src_tree": { - "eth.src_resolved": "D-LinkIn_de:38:20", - "eth.addr": "c4:12:f5:de:38:20", - "eth.addr_resolved": "D-LinkIn_de:38:20", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "94", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000d995", - "ip.checksum.status": "2", - "ip.src": "192.168.0.85", - "ip.addr": "192.168.0.85", - "ip.src_host": "192.168.0.85", - "ip.host": "192.168.0.85", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "74", - "udp.checksum": "0x00009b9d", - "udp.checksum.status": "2", - "udp.stream": "50" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00008400", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "1", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.recavail": "0", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "0", - "dns.count.answers": "1", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Answers": { - "_services._dns-sd._udp.local: type PTR, class IN, _dhnap._tcp.local": { - "dns.resp.name": "_services._dns-sd._udp.local", - "dns.resp.type": "12", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "4500", - "dns.resp.len": "14", - "dns.ptr.domain_name": "_dhnap._tcp.local" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:17.136174000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494417.136174000", - "frame.time_delta": "0.018771000", - "frame.time_delta_displayed": "0.018771000", - "frame.time_relative": "825.675488000", - "frame.number": "3044", - "frame.len": "108", - "frame.cap_len": "108", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "c4:12:f5:e3:dc:17", - "eth.src_tree": { - "eth.src_resolved": "D-LinkIn_e3:dc:17", - "eth.addr": "c4:12:f5:e3:dc:17", - "eth.addr_resolved": "D-LinkIn_e3:dc:17", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "94", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000d963", - "ip.checksum.status": "2", - "ip.src": "192.168.0.135", - "ip.addr": "192.168.0.135", - "ip.src_host": "192.168.0.135", - "ip.host": "192.168.0.135", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "74", - "udp.checksum": "0x00009b6b", - "udp.checksum.status": "2", - "udp.stream": "48" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00008400", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "1", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.recavail": "0", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "0", - "dns.count.answers": "1", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Answers": { - "_services._dns-sd._udp.local: type PTR, class IN, _dhnap._tcp.local": { - "dns.resp.name": "_services._dns-sd._udp.local", - "dns.resp.type": "12", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "4500", - "dns.resp.len": "14", - "dns.ptr.domain_name": "_dhnap._tcp.local" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:17.152764000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494417.152764000", - "frame.time_delta": "0.016590000", - "frame.time_delta_displayed": "0.016590000", - "frame.time_relative": "825.692078000", - "frame.number": "3045", - "frame.len": "108", - "frame.cap_len": "108", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "90:8d:78:e3:81:0c", - "eth.src_tree": { - "eth.src_resolved": "D-LinkIn_e3:81:0c", - "eth.addr": "90:8d:78:e3:81:0c", - "eth.addr_resolved": "D-LinkIn_e3:81:0c", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "94", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000d8fa", - "ip.checksum.status": "2", - "ip.src": "192.168.0.240", - "ip.addr": "192.168.0.240", - "ip.src_host": "192.168.0.240", - "ip.host": "192.168.0.240", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "74", - "udp.checksum": "0x00009b02", - "udp.checksum.status": "2", - "udp.stream": "49" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00008400", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "1", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.recavail": "0", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "0", - "dns.count.answers": "1", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Answers": { - "_services._dns-sd._udp.local: type PTR, class IN, _dhnap._tcp.local": { - "dns.resp.name": "_services._dns-sd._udp.local", - "dns.resp.type": "12", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "4500", - "dns.resp.len": "14", - "dns.ptr.domain_name": "_dhnap._tcp.local" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:17.202581000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494417.202581000", - "frame.time_delta": "0.049817000", - "frame.time_delta_displayed": "0.049817000", - "frame.time_relative": "825.741895000", - "frame.number": "3046", - "frame.len": "114", - "frame.cap_len": "114", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "74:da:38:0d:05:55", - "eth.src_tree": { - "eth.src_resolved": "EdimaxTe_0d:05:55", - "eth.addr": "74:da:38:0d:05:55", - "eth.addr_resolved": "EdimaxTe_0d:05:55", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "100", - "ip.id": "0x00003827", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000a146", - "ip.checksum.status": "2", - "ip.src": "192.168.0.119", - "ip.addr": "192.168.0.119", - "ip.src_host": "192.168.0.119", - "ip.host": "192.168.0.119", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "80", - "udp.checksum": "0x00004200", - "udp.checksum.status": "2", - "udp.stream": "47" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00008400", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "1", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.recavail": "0", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "0", - "dns.count.answers": "1", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Answers": { - "_services._dns-sd._udp.local: type PTR, class IN, _workstation._tcp.local": { - "dns.resp.name": "_services._dns-sd._udp.local", - "dns.resp.type": "12", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "4500", - "dns.resp.len": "20", - "dns.ptr.domain_name": "_workstation._tcp.local" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:17.237071000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494417.237071000", - "frame.time_delta": "0.034490000", - "frame.time_delta_displayed": "0.034490000", - "frame.time_relative": "825.776385000", - "frame.number": "3047", - "frame.len": "83", - "frame.cap_len": "83", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "69", - "ip.id": "0x000072fc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00006692", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "49", - "udp.checksum": "0x0000edf6", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_smartthings._tcp.local", - "dns.qry.name.len": "23", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:17.237225000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494417.237225000", - "frame.time_delta": "0.000154000", - "frame.time_delta_displayed": "0.000154000", - "frame.time_relative": "825.776539000", - "frame.number": "3048", - "frame.len": "88", - "frame.cap_len": "88", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "74", - "ip.id": "0x000072fd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000668c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "54", - "udp.checksum": "0x0000fd7d", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_services._dns-sd._udp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_services._dns-sd._udp.local", - "dns.qry.name.len": "28", - "dns.count.labels": "4", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:17.237363000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494417.237363000", - "frame.time_delta": "0.000138000", - "frame.time_delta_displayed": "0.000138000", - "frame.time_relative": "825.776677000", - "frame.number": "3049", - "frame.len": "83", - "frame.cap_len": "83", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "69", - "ip.id": "0x000072fe", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00006690", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "49", - "udp.checksum": "0x0000edf6", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_smartthings._tcp.local", - "dns.qry.name.len": "23", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:17.483591000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494417.483591000", - "frame.time_delta": "0.246228000", - "frame.time_delta_displayed": "0.246228000", - "frame.time_relative": "826.022905000", - "frame.number": "3050", - "frame.len": "83", - "frame.cap_len": "83", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "69", - "ip.id": "0x0000730e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00006680", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "49", - "udp.checksum": "0x0000edf6", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_smartthings._tcp.local", - "dns.qry.name.len": "23", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:17.483765000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494417.483765000", - "frame.time_delta": "0.000174000", - "frame.time_delta_displayed": "0.000174000", - "frame.time_relative": "826.023079000", - "frame.number": "3051", - "frame.len": "83", - "frame.cap_len": "83", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "69", - "ip.id": "0x0000730f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000667f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "49", - "udp.checksum": "0x0000edf6", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_smartthings._tcp.local", - "dns.qry.name.len": "23", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:17.483911000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494417.483911000", - "frame.time_delta": "0.000146000", - "frame.time_delta_displayed": "0.000146000", - "frame.time_relative": "826.023225000", - "frame.number": "3052", - "frame.len": "88", - "frame.cap_len": "88", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "74", - "ip.id": "0x00007310", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00006679", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "54", - "udp.checksum": "0x0000fd7d", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_services._dns-sd._udp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_services._dns-sd._udp.local", - "dns.qry.name.len": "28", - "dns.count.labels": "4", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:17.529973000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494417.529973000", - "frame.time_delta": "0.046062000", - "frame.time_delta_displayed": "0.046062000", - "frame.time_relative": "826.069287000", - "frame.number": "3053", - "frame.len": "136", - "frame.cap_len": "136", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "122", - "ip.id": "0x0000731e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000663b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "102", - "udp.checksum": "0x0000302b", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000002", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", - "dns.qry.name.len": "70", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:17.723352000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494417.723352000", - "frame.time_delta": "0.193379000", - "frame.time_delta_displayed": "0.193379000", - "frame.time_relative": "826.262666000", - "frame.number": "3054", - "frame.len": "107", - "frame.cap_len": "107", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "3c:ef:8c:6f:79:5a", - "eth.src_tree": { - "eth.src_resolved": "Zhejiang_6f:79:5a", - "eth.addr": "3c:ef:8c:6f:79:5a", - "eth.addr_resolved": "Zhejiang_6f:79:5a", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "93", - "ip.id": "0x0000046b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000d539", - "ip.checksum.status": "2", - "ip.src": "192.168.0.71", - "ip.addr": "192.168.0.71", - "ip.src_host": "192.168.0.71", - "ip.host": "192.168.0.71", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "73", - "udp.checksum": "0x0000791d", - "udp.checksum.status": "2", - "udp.stream": "46" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00008400", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "1", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.recavail": "0", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "0", - "dns.count.answers": "1", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Answers": { - "_services._dns-sd._udp.local: type PTR, class IN, _http._tcp.local": { - "dns.resp.name": "_services._dns-sd._udp.local", - "dns.resp.type": "12", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "4500", - "dns.resp.len": "13", - "dns.ptr.domain_name": "_http._tcp.local" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:17.777190000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494417.777190000", - "frame.time_delta": "0.053838000", - "frame.time_delta_displayed": "0.053838000", - "frame.time_relative": "826.316504000", - "frame.number": "3055", - "frame.len": "95", - "frame.cap_len": "95", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "81", - "ip.id": "0x00007321", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00006661", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "61", - "udp.checksum": "0x0000e755", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "1", - "dns.count.add_rr": "0", - "Queries": { - "192-168-0-117.local: type ANY, class IN, \"QM\" question": { - "dns.qry.name": "192-168-0-117.local", - "dns.qry.name.len": "19", - "dns.count.labels": "2", - "dns.qry.type": "255", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - }, - "Authoritative nameservers": { - "192-168-0-117.local: type A, class IN, addr 192.168.0.117": { - "dns.resp.name": "192-168-0-117.local", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "3600", - "dns.resp.len": "4", - "dns.a": "192.168.0.117" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:18.530869000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494418.530869000", - "frame.time_delta": "0.753679000", - "frame.time_delta_displayed": "0.753679000", - "frame.time_relative": "827.070183000", - "frame.number": "3056", - "frame.len": "136", - "frame.cap_len": "136", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "122", - "ip.id": "0x00007373", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000065e6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "102", - "udp.checksum": "0x0000302a", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000003", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", - "dns.qry.name.len": "70", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:18.751526000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494418.751526000", - "frame.time_delta": "0.220657000", - "frame.time_delta_displayed": "0.220657000", - "frame.time_relative": "827.290840000", - "frame.number": "3057", - "frame.len": "142", - "frame.cap_len": "142", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:adwin_config" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "128", - "ip.id": "0x00000abe", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000edc6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "108", - "udp.checksum": "0x0000d490", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "adwin_config": { - "adwin_config.command": "1409286244", - "adwin_config.version": "1380667970", - "adwin_config.mac": "d0:73:d5:02:41:da", - "adwin_config.unused": "", - "adwin_config.server_ip": "88.70.73.76", - "adwin_config.unused": "", - "adwin_config.netmask": "237.213.187.196", - "adwin_config.unused": "", - "adwin_config.gateway": "0.0.0.59", - "adwin_config.unused": "", - "adwin_config.dhcp": "1", - "adwin_config.port": "351456555", - "adwin_config.password": "", - "adwin_config.bootloader": "0", - "adwin_config.unused": "", - "adwin_config.description": "", - "adwin_config.date": "", - "adwin_config.revision": "", - "adwin_config.processor_type_raw": "", - "adwin_config.processor_type": "Unknown", - "adwin_config.system_type_raw": "", - "adwin_config.system_type": "Unknown" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:18.776985000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494418.776985000", - "frame.time_delta": "0.025459000", - "frame.time_delta_displayed": "0.025459000", - "frame.time_relative": "827.316299000", - "frame.number": "3058", - "frame.len": "95", - "frame.cap_len": "95", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "81", - "ip.id": "0x000073bb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000065c7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "61", - "udp.checksum": "0x0000e755", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "1", - "dns.count.add_rr": "0", - "Queries": { - "192-168-0-117.local: type ANY, class IN, \"QM\" question": { - "dns.qry.name": "192-168-0-117.local", - "dns.qry.name.len": "19", - "dns.count.labels": "2", - "dns.qry.type": "255", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - }, - "Authoritative nameservers": { - "192-168-0-117.local: type A, class IN, addr 192.168.0.117": { - "dns.resp.name": "192-168-0-117.local", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "3600", - "dns.resp.len": "4", - "dns.a": "192.168.0.117" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:19.777025000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494419.777025000", - "frame.time_delta": "1.000040000", - "frame.time_delta_displayed": "1.000040000", - "frame.time_relative": "828.316339000", - "frame.number": "3059", - "frame.len": "95", - "frame.cap_len": "95", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "81", - "ip.id": "0x000073f4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000658e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "61", - "udp.checksum": "0x0000e755", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "1", - "dns.count.add_rr": "0", - "Queries": { - "192-168-0-117.local: type ANY, class IN, \"QM\" question": { - "dns.qry.name": "192-168-0-117.local", - "dns.qry.name.len": "19", - "dns.count.labels": "2", - "dns.qry.type": "255", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - }, - "Authoritative nameservers": { - "192-168-0-117.local: type A, class IN, addr 192.168.0.117": { - "dns.resp.name": "192-168-0-117.local", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "3600", - "dns.resp.len": "4", - "dns.a": "192.168.0.117" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:20.778356000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494420.778356000", - "frame.time_delta": "1.001331000", - "frame.time_delta_displayed": "1.001331000", - "frame.time_relative": "829.317670000", - "frame.number": "3060", - "frame.len": "89", - "frame.cap_len": "89", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "75", - "ip.id": "0x00007416", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00006572", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "55", - "udp.checksum": "0x00006fa3", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.response_to": "3059", - "dns.time": "1.001331000", - "dns.id": "0x00000000", - "dns.flags": "0x00008400", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "1", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.recavail": "0", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "0", - "dns.count.answers": "1", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Answers": { - "192-168-0-117.local: type A, class IN, cache flush, addr 192.168.0.117": { - "dns.resp.name": "192-168-0-117.local", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "1", - "dns.resp.ttl": "3600", - "dns.resp.len": "4", - "dns.a": "192.168.0.117" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:21.784655000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494421.784655000", - "frame.time_delta": "1.006299000", - "frame.time_delta_displayed": "1.006299000", - "frame.time_relative": "830.323969000", - "frame.number": "3061", - "frame.len": "89", - "frame.cap_len": "89", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "75", - "ip.id": "0x000074fb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000648d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "55", - "udp.checksum": "0x00006fa3", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.response_to": "3059", - "dns.time": "2.007630000", - "dns.id": "0x00000000", - "dns.flags": "0x00008400", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "1", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.recavail": "0", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "0", - "dns.count.answers": "1", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Answers": { - "192-168-0-117.local: type A, class IN, cache flush, addr 192.168.0.117": { - "dns.resp.name": "192-168-0-117.local", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "1", - "dns.resp.ttl": "3600", - "dns.resp.len": "4", - "dns.a": "192.168.0.117" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:27.433978000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494427.433978000", - "frame.time_delta": "5.649323000", - "frame.time_delta_displayed": "5.649323000", - "frame.time_relative": "835.973292000", - "frame.number": "3062", - "frame.len": "354", - "frame.cap_len": "354", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "340", - "ip.id": "0x00002c6b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037f4", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "288", - "tcp.seq": "6817", - "tcp.nxtseq": "7105", - "tcp.ack": "29484", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000381a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:2b:b6:00:25:f3:06", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812160950, TSecr 2487046": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812160950", - "tcp.options.timestamp.tsecr": "2487046" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "288", - "tcp.analysis.push_bytes_sent": "288" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "283", - "ssl.app_data": "34:cd:34:17:47:48:0e:60:79:6b:04:a3:82:68:e1:2e:1a:6c:22:69:e9:f6:08:16:b9:2c:95:b1:a6:c1:c0:e3:88:34:ce:b6:87:cc:9c:72:4c:a8:dd:63:ac:3b:a3:73:5e:8c:c3:2e:a4:e8:7d:87:33:70:b0:2a:fa:8e:42:55:af:77:04:53:b2:93:f5:c2:3f:db:d8:86:4a:bd:a4:6f:95:a7:34:82:33:80:ea:5e:15:dd:d6:84:7e:a3:a1:ba:ce:d2:97:51:02:7a:8a:38:0b:4d:84:0c:50:53:c5:26:15:5a:0d:ad:7d:f5:be:dd:b7:e0:34:bf:84:f2:fd:bd:66:45:f5:4f:57:d5:6c:6c:5a:09:38:55:5d:93:f6:61:3f:cf:97:21:c6:11:d1:18:9f:5b:85:aa:48:c4:87:2d:60:69:3a:14:5e:93:99:89:80:c7:5e:19:36:43:20:50:78:52:bf:12:58:3a:a0:1d:ff:3d:61:54:a7:1f:1f:0d:f6:ca:c3:87:31:d5:e2:fb:d4:8b:eb:22:cb:0d:7e:a1:ed:1e:7c:49:be:c6:9a:9e:b2:34:18:10:2a:d2:1f:b2:0f:d9:55:a7:3e:47:21:50:9f:77:10:86:41:b0:4e:12:34:e8:63:3c:7a:f5:0f:05:b2:1b:d3:3f:44:63:f8:e4:77:45:f4:0b:17:23:0c:12:9d:fa:f5:7f:84:b5:8d:b8:0d:7a:74:fe:da:bd:b2:05:ae:ed:0b" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:27.434477000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494427.434477000", - "frame.time_delta": "0.000499000", - "frame.time_delta_displayed": "0.000499000", - "frame.time_relative": "835.973791000", - "frame.number": "3063", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00009574", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000780b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "29484", - "tcp.ack": "7105", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f57e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:f7:7c:a7:9e:2b:b6", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2488188, TSecr 2812160950": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2488188", - "tcp.options.timestamp.tsecr": "2812160950" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3062", - "tcp.analysis.ack_rtt": "0.000499000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:27.462183000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494427.462183000", - "frame.time_delta": "0.027706000", - "frame.time_delta_displayed": "0.027706000", - "frame.time_relative": "836.001497000", - "frame.number": "3064", - "frame.len": "119", - "frame.cap_len": "119", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "105", - "ip.id": "0x00009575", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000077d5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "53", - "tcp.seq": "29484", - "tcp.nxtseq": "29537", - "tcp.ack": "7105", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00008733", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:f7:7e:a7:9e:2b:b6", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2488190, TSecr 2812160950": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2488190", - "tcp.options.timestamp.tsecr": "2812160950" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "53", - "tcp.analysis.push_bytes_sent": "53" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "48", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:1c:b9:00:c9:4f:9c:80:88:3f:de:31:a2:03:49:93:cc:81:65:06:41:37:05:16:5e:30:9f:e5:98:c6:58:e7:db:84:62:91:34:76:ac:3a:f5:11" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:27.558692000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494427.558692000", - "frame.time_delta": "0.096509000", - "frame.time_delta_displayed": "0.096509000", - "frame.time_relative": "836.098006000", - "frame.number": "3065", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c6c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003913", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "7105", - "tcp.ack": "29537", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f616", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:2b:d6:00:25:f7:7e", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812160982, TSecr 2488190": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812160982", - "tcp.options.timestamp.tsecr": "2488190" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3064", - "tcp.analysis.ack_rtt": "0.096509000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:27.559244000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494427.559244000", - "frame.time_delta": "0.000552000", - "frame.time_delta_displayed": "0.000552000", - "frame.time_relative": "836.098558000", - "frame.number": "3066", - "frame.len": "765", - "frame.cap_len": "765", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "751", - "ip.id": "0x00009576", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000754e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "699", - "tcp.seq": "29537", - "tcp.nxtseq": "30236", - "tcp.ack": "7105", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00008178", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:f7:88:a7:9e:2b:d6", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2488200, TSecr 2812160982": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2488200", - "tcp.options.timestamp.tsecr": "2812160982" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "699", - "tcp.analysis.push_bytes_sent": "699" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:1d:07:85:78:c1:88:06:97:0f:c4:ba:cc:ab:5c:49:21:88:cc:ae:fe:3b:61:e8:d7:05:e3:70:19:df:35:6c:43:8f:f0:33:fa:96:0a:14:70:0e:74" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "96", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:1e:51:6f:1c:05:0e:d9:77:f7:d3:bc:32:19:5d:2f:24:09:62:0e:e9:ca:95:13:dd:ce:d2:7c:79:91:1b:62:eb:b4:9c:f7:e9:95:6e:59:15:c5:2c:8d:fc:b7:be:e8:bf:51:0b:05:0b:6b:02:a6:67:7a:3e:c8:49:3d:97:87:6c:d2:32:3a:30:14:df:dd:f0:09:e9:32:da:d0:7c:58:f3:5f:6f:3b:c7:e0:4e:dd:ea:1c" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "539", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:1f:86:d8:41:4d:98:11:83:47:9e:29:0c:f3:e1:51:c1:88:87:f2:ce:39:35:f8:d5:45:5c:64:6b:16:22:ae:a6:a6:71:1e:0a:25:fb:35:7d:e6:ed:2b:81:ec:1c:55:8b:64:1b:29:ac:2b:c2:3f:02:1d:88:bd:9d:e3:29:39:19:09:0c:16:cf:ab:0a:e7:fa:bb:8b:cb:be:4a:f0:e7:ab:86:0c:fd:01:a8:45:3d:ac:68:73:a2:ec:8c:aa:ed:c2:49:35:36:06:ab:2c:8e:87:35:ff:ce:78:d5:2f:d2:8e:a4:20:07:e2:2b:14:83:6b:7e:3f:f5:52:22:88:1f:a0:e1:b7:e3:20:d5:ff:8d:97:1d:78:e9:77:0f:3a:c7:ec:c1:62:ed:38:96:15:ac:72:89:95:1c:66:57:b1:9c:fb:32:77:78:35:f9:be:7c:25:53:f1:7a:3e:60:57:07:21:df:63:32:c6:b3:64:a4:e4:08:1d:6c:8f:58:ac:aa:b6:37:2a:21:d2:9a:9c:d4:39:9f:16:e4:0f:01:54:70:bb:b8:f3:a2:37:52:be:dd:da:83:24:40:9f:02:28:df:13:6d:62:dd:63:5d:7b:89:af:60:72:55:c0:b6:2e:30:80:18:84:c0:88:4e:7e:2a:48:37:79:2e:b1:72:85:9a:31:7c:51:a6:f0:31:90:df:3b:89:3a:3b:8f:10:7f:27:8f:30:8a:2f:87:74:db:ea:fc:6c:ff:95:ad:68:5d:41:4a:81:63:fb:1d:54:2d:70:be:0d:53:4e:da:a8:ce:2d:3d:51:fb:d2:85:9d:22:74:28:53:7a:36:97:cc:dd:ac:5a:59:f3:47:21:48:ae:54:2b:b4:f5:65:39:a4:64:c7:06:c2:1d:62:d2:62:07:90:8b:de:94:1b:57:9b:14:64:14:1f:f0:4c:af:0e:a1:7e:d9:23:78:bf:c7:4e:25:fd:ac:b6:89:dd:2a:c6:d1:ba:06:64:a8:bd:03:e4:72:1a:45:32:05:48:73:a8:29:99:d0:53:5d:f8:53:73:31:86:fb:fd:6c:a1:71:58:04:ac:a8:47:e4:a0:50:14:d9:1c:50:62:80:e9:08:a0:11:5d:ab:65:af:17:5f:f1:cd:ea:70:5c:68:ad:28:8a:45:c0:a1:b5:07:80:9b:85:88:71:02:97:f1:5d:03:58:bd:9f:ba:91:d2:3f:b0:79:04:67:d9:24:20:f6:64:87:e1:c3:1d:b0:68:4d:a4:20:ee:f0:a9:88:23:de:07:09:2c:b3:3a:20:c9:9d:ed:8d:d6:6e:2c:5b:f5:50:20:05:eb:b7:0a:d4:48:ed:f5:b7:f2:1b:56:f9:5a:99:c2:c8:46:f2:8e:3f:ab:39:94:58:e2:3d:86:4a:e3:ea:6c" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:27.619367000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494427.619367000", - "frame.time_delta": "0.060123000", - "frame.time_delta_displayed": "0.060123000", - "frame.time_relative": "836.158681000", - "frame.number": "3067", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c6d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003912", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "7105", - "tcp.ack": "30236", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f342", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:2b:e5:00:25:f7:88", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812160997, TSecr 2488200": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812160997", - "tcp.options.timestamp.tsecr": "2488200" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3066", - "tcp.analysis.ack_rtt": "0.060123000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:27.854726000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494427.854726000", - "frame.time_delta": "0.235359000", - "frame.time_delta_displayed": "0.235359000", - "frame.time_relative": "836.394040000", - "frame.number": "3068", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "106", - "ip.id": "0x00009577", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000077d2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "54", - "tcp.seq": "30236", - "tcp.nxtseq": "30290", - "tcp.ack": "7105", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000ab6e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:f7:a6:a7:9e:2b:e5", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2488230, TSecr 2812160997": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2488230", - "tcp.options.timestamp.tsecr": "2812160997" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "54", - "tcp.analysis.push_bytes_sent": "54" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:20:2d:55:a2:e4:2f:9b:bf:ce:6c:6d:d3:c3:b5:d0:81:5a:b3:db:63:4c:5e:58:de:3b:fe:04:41:62:78:16:92:72:28:bf:c7:4f:4a:e6:31:7d:28" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:27.914872000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494427.914872000", - "frame.time_delta": "0.060146000", - "frame.time_delta_displayed": "0.060146000", - "frame.time_relative": "836.454186000", - "frame.number": "3069", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c6e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003911", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "7105", - "tcp.ack": "30290", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f2a4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:2c:2f:00:25:f7:a6", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812161071, TSecr 2488230": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812161071", - "tcp.options.timestamp.tsecr": "2488230" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3068", - "tcp.analysis.ack_rtt": "0.060146000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:28.851679000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494428.851679000", - "frame.time_delta": "0.936807000", - "frame.time_delta_displayed": "0.936807000", - "frame.time_relative": "837.390993000", - "frame.number": "3070", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "3c:ef:8c:6f:79:5a", - "eth.src_tree": { - "eth.src_resolved": "Zhejiang_6f:79:5a", - "eth.addr": "3c:ef:8c:6f:79:5a", - "eth.addr_resolved": "Zhejiang_6f:79:5a", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.isgratuitous": "1", - "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", - "arp.src.proto_ipv4": "192.168.0.71", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.71" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:31.723716000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494431.723716000", - "frame.time_delta": "2.872037000", - "frame.time_delta_displayed": "2.872037000", - "frame.time_relative": "840.263030000", - "frame.number": "3071", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x00000743", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000b177", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "44856", - "udp.dstport": "53", - "udp.port": "44856", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x000006e2", - "udp.checksum.status": "2", - "udp.stream": "81" - }, - "dns": { - "dns.id": "0x00000f23", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:31.724332000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494431.724332000", - "frame.time_delta": "0.000616000", - "frame.time_delta_displayed": "0.000616000", - "frame.time_relative": "840.263646000", - "frame.number": "3072", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x000046ce", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000071ec", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "44856", - "udp.port": "53", - "udp.port": "44856", - "udp.length": "45", - "udp.checksum": "0x00008230", - "udp.checksum.status": "2", - "udp.stream": "81" - }, - "dns": { - "dns.response_to": "3071", - "dns.time": "0.000616000", - "dns.id": "0x00000f23", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:31.725227000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494431.725227000", - "frame.time_delta": "0.000895000", - "frame.time_delta_displayed": "0.000895000", - "frame.time_relative": "840.264541000", - "frame.number": "3073", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x00000744", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000b176", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "43940", - "udp.dstport": "53", - "udp.port": "43940", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x00002575", - "udp.checksum.status": "2", - "udp.stream": "82" - }, - "dns": { - "dns.id": "0x00000f24", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:31.725761000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494431.725761000", - "frame.time_delta": "0.000534000", - "frame.time_delta_displayed": "0.000534000", - "frame.time_relative": "840.265075000", - "frame.number": "3074", - "frame.len": "95", - "frame.cap_len": "95", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "81", - "ip.id": "0x000046cf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000071db", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "43940", - "udp.port": "53", - "udp.port": "43940", - "udp.length": "61", - "udp.checksum": "0x00008240", - "udp.checksum.status": "2", - "udp.stream": "82" - }, - "dns": { - "dns.response_to": "3073", - "dns.time": "0.000534000", - "dns.id": "0x00000f24", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "1", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { - "dns.resp.name": "dcp.cpp.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2946", - "dns.resp.len": "4", - "dns.a": "5.79.62.93" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:31.726517000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494431.726517000", - "frame.time_delta": "0.000756000", - "frame.time_delta_displayed": "0.000756000", - "frame.time_relative": "840.265831000", - "frame.number": "3075", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00007505", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000c0ca", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35300", - "tcp.dstport": "80", - "tcp.port": "35300", - "tcp.port": "80", - "tcp.stream": "131", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00000c00", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:31.746839000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494431.746839000", - "frame.time_delta": "0.020322000", - "frame.time_delta_displayed": "0.020322000", - "frame.time_relative": "840.286153000", - "frame.number": "3076", - "frame.len": "20", - "frame.cap_len": "20", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:llc" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.len": "6" - }, - "llc": { - "llc.dsap": "0x00000000", - "llc.dsap_tree": { - "llc.dsap.sap": "0", - "llc.dsap.ig": "0" - }, - "llc.ssap": "0x00000001", - "llc.ssap_tree": { - "llc.ssap.sap": "0", - "llc.ssap.cr": "1" - }, - "llc.control": "0x000000af", - "llc.control_tree": { - "llc.control.u_modifier_resp": "0x0000002b", - "llc.control.ftype": "0x00000003" - } - }, - "basicxid": { - "basicxid.llc.xid.format": "0x00000081", - "basicxid.llc.xid.types": "0x00000001", - "basicxid.llc.xid.wsize": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:31.861972000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494431.861972000", - "frame.time_delta": "0.115133000", - "frame.time_delta_displayed": "0.115133000", - "frame.time_relative": "840.401286000", - "frame.number": "3077", - "frame.len": "62", - "frame.cap_len": "62", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "48", - "ip.id": "0x00004e93", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x00003c40", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35300", - "tcp.port": "80", - "tcp.port": "35300", - "tcp.stream": "131", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "28", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "4140", - "tcp.window_size": "4140", - "tcp.checksum": "0x00003553", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:64:04:02:00:00", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1380" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "End of Option List (EOL)": { - "tcp.options.type": "0", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "0" - } - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3075", - "tcp.analysis.ack_rtt": "0.135455000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:31.862511000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494431.862511000", - "frame.time_delta": "0.000539000", - "frame.time_delta_displayed": "0.000539000", - "frame.time_relative": "840.401825000", - "frame.number": "3078", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00007506", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000c0d5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35300", - "tcp.dstport": "80", - "tcp.port": "35300", - "tcp.port": "80", - "tcp.stream": "131", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000fee1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3077", - "tcp.analysis.ack_rtt": "0.000539000", - "tcp.analysis.initial_rtt": "0.135994000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:31.863126000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494431.863126000", - "frame.time_delta": "0.000615000", - "frame.time_delta_displayed": "0.000615000", - "frame.time_relative": "840.402440000", - "frame.number": "3079", - "frame.len": "654", - "frame.cap_len": "654", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "640", - "ip.id": "0x00007507", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000be7c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35300", - "tcp.dstport": "80", - "tcp.port": "35300", - "tcp.port": "80", - "tcp.stream": "131", - "tcp.len": "600", - "tcp.seq": "1", - "tcp.nxtseq": "601", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000a7d5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.135994000", - "tcp.analysis.bytes_in_flight": "600", - "tcp.analysis.push_bytes_sent": "600" - }, - "tcp.segment_data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:38:39:22:2c:20:4e:6f:6e:63:65:3d:22:32:68:68:55:33:6e:65:6d:4d:48:75:37:49:4e:55:49:70:63:79:71:38:67:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:4f:2f:50:44:65:48:6a:6a:44:53:61:41:4b:38:4b:62:4c:37:63:74:6f:41:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:31.975857000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494431.975857000", - "frame.time_delta": "0.112731000", - "frame.time_delta_displayed": "0.112731000", - "frame.time_relative": "840.515171000", - "frame.number": "3080", - "frame.len": "350", - "frame.cap_len": "350", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:bootp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "336", - "ip.id": "0x00000000", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ba9d", - "ip.checksum.status": "2", - "ip.src": "0.0.0.0", - "ip.addr": "0.0.0.0", - "ip.src_host": "0.0.0.0", - "ip.host": "0.0.0.0", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "68", - "udp.dstport": "67", - "udp.port": "68", - "udp.port": "67", - "udp.length": "316", - "udp.checksum": "0x00004f9e", - "udp.checksum.status": "2", - "udp.stream": "3" - }, - "bootp": { - "bootp.type": "1", - "bootp.hw.type": "0x00000001", - "bootp.hw.len": "6", - "bootp.hops": "0", - "bootp.id": "0xabcd0001", - "bootp.secs": "0", - "bootp.flags": "0x00000000", - "bootp.flags_tree": { - "bootp.flags.bc": "0", - "bootp.flags.reserved": "0x00000000" - }, - "bootp.ip.client": "0.0.0.0", - "bootp.ip.your": "0.0.0.0", - "bootp.ip.server": "0.0.0.0", - "bootp.ip.relay": "0.0.0.0", - "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", - "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", - "bootp.server": "", - "bootp.file": "", - "bootp.dhcp": "1", - "bootp.cookie": "99.130.83.99", - "bootp.option.type": "53", - "bootp.option.type_tree": { - "bootp.option.length": "1", - "bootp.option.value": "01", - "bootp.option.dhcp": "1" - }, - "bootp.option.type": "12", - "bootp.option.type_tree": { - "bootp.option.length": "14", - "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", - "bootp.option.hostname": "USR-WIFI232-G2" - }, - "bootp.option.type": "57", - "bootp.option.type_tree": { - "bootp.option.length": "2", - "bootp.option.value": "05:dc", - "bootp.option.dhcp_max_message_size": "1500" - }, - "bootp.option.type": "55", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "01:03:1c:06", - "bootp.option.request_list_item": "1", - "bootp.option.request_list_item": "3", - "bootp.option.request_list_item": "28", - "bootp.option.request_list_item": "6" - }, - "bootp.option.type": "0", - "bootp.option.type_tree": { - "bootp.option.end": "255" - }, - "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:31.992273000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494431.992273000", - "frame.time_delta": "0.016416000", - "frame.time_delta_displayed": "0.016416000", - "frame.time_relative": "840.531587000", - "frame.number": "3081", - "frame.len": "350", - "frame.cap_len": "350", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:bootp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "336", - "ip.id": "0x00000001", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ba9c", - "ip.checksum.status": "2", - "ip.src": "0.0.0.0", - "ip.addr": "0.0.0.0", - "ip.src_host": "0.0.0.0", - "ip.host": "0.0.0.0", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "68", - "udp.dstport": "67", - "udp.port": "68", - "udp.port": "67", - "udp.length": "316", - "udp.checksum": "0x000080b3", - "udp.checksum.status": "2", - "udp.stream": "3" - }, - "bootp": { - "bootp.type": "1", - "bootp.hw.type": "0x00000001", - "bootp.hw.len": "6", - "bootp.hops": "0", - "bootp.id": "0xabcd0002", - "bootp.secs": "0", - "bootp.flags": "0x00000000", - "bootp.flags_tree": { - "bootp.flags.bc": "0", - "bootp.flags.reserved": "0x00000000" - }, - "bootp.ip.client": "0.0.0.0", - "bootp.ip.your": "0.0.0.0", - "bootp.ip.server": "0.0.0.0", - "bootp.ip.relay": "0.0.0.0", - "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", - "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", - "bootp.server": "", - "bootp.file": "", - "bootp.dhcp": "1", - "bootp.cookie": "99.130.83.99", - "bootp.option.type": "53", - "bootp.option.type_tree": { - "bootp.option.length": "1", - "bootp.option.value": "03", - "bootp.option.dhcp": "3" - }, - "bootp.option.type": "12", - "bootp.option.type_tree": { - "bootp.option.length": "14", - "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", - "bootp.option.hostname": "USR-WIFI232-G2" - }, - "bootp.option.type": "57", - "bootp.option.type_tree": { - "bootp.option.length": "2", - "bootp.option.value": "05:dc", - "bootp.option.dhcp_max_message_size": "1500" - }, - "bootp.option.type": "50", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "c0:a8:00:72", - "bootp.option.requested_ip_address": "192.168.0.114" - }, - "bootp.option.type": "54", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "c0:a8:00:01", - "bootp.option.dhcp_server_id": "192.168.0.1" - }, - "bootp.option.type": "55", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "01:03:1c:06", - "bootp.option.request_list_item": "1", - "bootp.option.request_list_item": "3", - "bootp.option.request_list_item": "28", - "bootp.option.request_list_item": "6" - }, - "bootp.option.type": "0", - "bootp.option.type_tree": { - "bootp.option.end": "255" - }, - "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:31.999563000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494431.999563000", - "frame.time_delta": "0.007290000", - "frame.time_delta_displayed": "0.007290000", - "frame.time_relative": "840.538877000", - "frame.number": "3082", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00008dd1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x0000fd09", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35300", - "tcp.port": "80", - "tcp.port": "35300", - "tcp.stream": "131", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "601", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4740", - "tcp.window_size": "4740", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00005c16", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3079", - "tcp.analysis.ack_rtt": "0.136437000", - "tcp.analysis.initial_rtt": "0.135994000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:32.000366000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494432.000366000", - "frame.time_delta": "0.000803000", - "frame.time_delta_displayed": "0.000803000", - "frame.time_relative": "840.539680000", - "frame.number": "3083", - "frame.len": "1302", - "frame.cap_len": "1302", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:media" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1288", - "ip.id": "0x00007508", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000bbf3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35300", - "tcp.dstport": "80", - "tcp.port": "35300", - "tcp.port": "80", - "tcp.stream": "131", - "tcp.len": "1248", - "tcp.seq": "601", - "tcp.nxtseq": "1849", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000f9e1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.135994000", - "tcp.analysis.bytes_in_flight": "1248", - "tcp.analysis.push_bytes_sent": "1248" - }, - "tcp.segment_data": "fa:cd:b8:e8:59:a2:00:2d:1b:93:7f:e0:e0:d9:02:57:a1:cb:54:c8:17:16:59:a1:c4:5d:8f:ad:7c:5d:8a:35:c5:bc:0a:8b:6c:ad:be:2f:91:30:10:f9:fd:28:ae:fb:08:ee:29:93:bb:e4:ef:57:21:42:ef:bb:2f:cf:fd:1d:ae:4e:45:f7:b7:e6:20:b0:80:92:8f:ed:58:78:62:6c:cc:b3:8b:e9:2b:e4:f5:09:e1:93:a8:e0:13:02:cf:b5:95:7b:e2:87:bb:d5:b8:c8:89:68:4e:ed:21:72:02:e2:5b:93:3b:32:fc:9d:5e:a8:d7:95:fa:6b:1d:5a:66:00:73:36:d0:35:6d:be:b6:7d:77:32:0a:ff:c0:e9:40:2e:1d:c4:92:33:fb:4a:58:1c:ac:fb:81:e2:43:42:b7:e9:c2:e1:b8:0e:e5:59:77:09:f4:6b:72:5f:70:e3:cb:1a:9c:27:27:cd:a0:c4:fc:8e:ad:4a:0e:72:39:bd:49:55:34:4c:b7:e6:95:ae:19:91:3c:e2:b7:4c:0e:d7:cf:6b:2c:df:cf:8b:36:87:5f:b9:b2:64:2c:98:d4:37:6a:a7:e0:44:4b:d2:d7:5f:02:b7:a2:57:7f:58:2e:e4:98:3f:57:29:ad:cd:c9:1b:bc:97:b1:33:39:b5:3f:fc:37:4e:bd:46:21:48:90:24:68:fa:01:31:9b:4f:5d:d0:ea:4a:cc:8f:88:9b:2a:58:27:95:9c:68:0b:6a:6a:07:65:63:1a:b3:97:a9:3e:fb:40:6f:b2:60:aa:fb:9c:91:bf:70:f6:1f:49:53:c5:7f:eb:34:99:a2:a6:83:4f:ac:dc:82:a6:74:dd:11:c3:a4:55:62:d4:a6:6f:b7:60:6b:8e:b4:e2:44:63:a0:61:7e:90:cb:41:b1:f3:3f:cc:56:bb:dc:39:c0:1d:0f:37:1e:1e:2b:12:70:d2:c0:4f:49:23:02:59:ad:5e:51:0c:ac:f4:2b:ef:1b:c1:ea:3a:98:2f:a9:75:b4:48:6f:7f:79:9a:09:0b:ed:42:17:2e:f7:79:a9:b1:10:97:0f:bf:3e:36:4e:22:b2:f7:8f:98:5e:c3:b2:f8:eb:92:20:68:dc:09:56:25:02:2e:1e:39:7b:50:63:84:e3:68:4c:27:12:35:86:1d:fe:e7:f1:02:60:95:c7:cb:c0:4f:2e:40:dd:42:04:cc:df:5e:f8:ec:4d:0f:39:8b:00:d8:68:f9:fa:72:1b:fb:fa:7d:40:12:b8:83:cd:55:68:28:80:34:21:56:fc:69:ac:30:9d:e0:38:5d:01:3c:cf:de:e2:c4:97:e4:5d:bb:13:31:9c:68:b8:66:1a:e5:50:34:3a:aa:ac:27:bd:63:88:d2:c6:a8:53:79:72:3f:df:e3:93:09:c1:de:8b:c5:d5:8d:89:ec:a6:3c:73:e1:e5:e4:b1:41:2e:9c:ed:1f:59:77:75:ad:db:b7:19:5e:5a:dd:31:97:4c:00:31:3e:b6:ba:28:0d:f4:f7:a1:85:15:c0:79:a9:e3:ae:8b:9a:c5:bd:85:f4:7b:3e:70:79:b5:89:8b:1b:d8:64:b2:61:68:00:34:34:c2:b3:5d:c6:85:61:78:a5:47:a0:b0:b9:81:12:a4:2b:63:10:cf:ce:3e:88:37:50:52:4c:8a:d6:fe:80:c9:6e:b8:dd:fb:d5:06:ca:61:fa:af:d1:04:b5:48:65:8b:d7:bf:a5:6a:ee:7d:a4:79:21:c5:49:36:0b:de:35:c1:20:86:ec:2b:e1:a5:d8:25:84:d7:1e:09:41:72:f3:6e:c7:7e:b1:bb:4d:87:72:bb:31:3d:7f:c4:2d:39:9f:79:c2:6f:76:c6:84:eb:41:9f:53:bc:99:2a:4a:fd:ac:d0:bc:73:43:84:61:11:06:6c:77:75:b6:df:a3:ab:ce:ae:c4:0b:a2:54:4c:3f:5b:e4:34:0d:d5:f3:15:af:e6:7e:c0:bd:3f:3c:e6:66:14:d8:5b:69:b0:94:d2:9c:75:86:28:82:40:5b:88:9f:bc:9c:56:b1:72:9e:48:b1:55:29:62:5e:b2:2d:c1:a3:27:af:a1:be:63:f9:b0:42:50:0d:c9:69:c8:21:b1:2b:99:f4:41:7f:b8:c8:a1:f1:96:60:35:b4:d5:29:90:0a:88:d9:ac:12:10:de:81:a1:a9:9c:3b:88:2f:e4:26:57:3b:ce:01:5f:2e:07:da:78:a8:59:e4:b2:b2:91:7f:3f:99:f6:90:e3:8f:5b:d9:e3:2b:6a:e1:e1:34:c3:c9:52:1d:b8:6e:48:47:fd:cd:ec:96:e1:49:71:d4:c4:97:35:16:e8:00:19:f9:58:dd:8d:0a:f4:cb:9a:e6:34:f9:e5:8c:53:09:ae:f9:7d:f1:2c:38:8c:8d:12:66:f9:57:68:dc:a5:a2:69:15:8b:e5:a3:95:f0:71:18:ef:d0:ef:33:c3:1e:16:ca:7b:6c:30:80:11:df:ec:3a:df:4e:d9:02:16:a6:df:8a:fa:05:fb:ca:1e:e8:cc:58:58:2c:10:04:a5:6d:b2:fa:ab:f6:c2:f8:50:7b:a8:8a:01:27:e5:89:fd:f6:ea:56:87:c4:b3:fa:9e:79:c7:dd:d0:e7:ad:6f:32:79:a4:59:c8:49:1b:83:ce:96:95:2e:78:13:eb:ca:e2:5e:65:86:cf:ae:85:1c:f0:6d:be:5e:6a:13:32:e8:53:7f:2a:2c:4a:78:47:be:eb:7e:9a:2d:00:75:57:0d:b5:0f:75:2c:7c:0c:87:a2:dc:67:de:1b:53:e2:d5:3e:37:56:55:f3:f5:3f:ac:56:77:2f:57:0a:8e:d6:30:78:13:c9:8e:ab:92:46:01:d1:2a:ad:48:81:ff:df:78:7b:c0:9a:84:14:7c:71:ee:38:eb:7b:be:28:75:e0:e7:d5:5d:49:87:a0:12:cd:84:12:bf:6f:ef:8c:56:15:37:6f:6e:b3:4a:2a:d0:b4:06:be:6b:02:03:b4:79:53:fa:59:ff:69:a3:3e:ca:a3:de:e9:e3:d4:e9:2d:33:9a:2a:eb:28:36:df:07:fb:8a:e6:8f:d3:ea:c8:83:67:f1:9e:15:cf:3d:6c:c2:b6:b3:9b:80:57:d8:75:6d:c5:45:26:56:0b:98:9d:65:f7:6a:ef:0a:c4:a5:09:74:b6:44:63:95:50:79:21:3a:3c:68:26:9f:14:02:19:2a:3f:cd:e8:24:16:30:05:2c:23:be:9f:ff:f7:d0:65:84:df:84:87:bc:19:06:47:a5:1e:70:79:86:f7:cc:b4:c5:4d:79" - }, - "tcp.segments": { - "tcp.segment": "3079", - "tcp.segment": "3083", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1848", - "tcp.reassembled.data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:38:39:22:2c:20:4e:6f:6e:63:65:3d:22:32:68:68:55:33:6e:65:6d:4d:48:75:37:49:4e:55:49:70:63:79:71:38:67:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:4f:2f:50:44:65:48:6a:6a:44:53:61:41:4b:38:4b:62:4c:37:63:74:6f:41:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a:fa:cd:b8:e8:59:a2:00:2d:1b:93:7f:e0:e0:d9:02:57:a1:cb:54:c8:17:16:59:a1:c4:5d:8f:ad:7c:5d:8a:35:c5:bc:0a:8b:6c:ad:be:2f:91:30:10:f9:fd:28:ae:fb:08:ee:29:93:bb:e4:ef:57:21:42:ef:bb:2f:cf:fd:1d:ae:4e:45:f7:b7:e6:20:b0:80:92:8f:ed:58:78:62:6c:cc:b3:8b:e9:2b:e4:f5:09:e1:93:a8:e0:13:02:cf:b5:95:7b:e2:87:bb:d5:b8:c8:89:68:4e:ed:21:72:02:e2:5b:93:3b:32:fc:9d:5e:a8:d7:95:fa:6b:1d:5a:66:00:73:36:d0:35:6d:be:b6:7d:77:32:0a:ff:c0:e9:40:2e:1d:c4:92:33:fb:4a:58:1c:ac:fb:81:e2:43:42:b7:e9:c2:e1:b8:0e:e5:59:77:09:f4:6b:72:5f:70:e3:cb:1a:9c:27:27:cd:a0:c4:fc:8e:ad:4a:0e:72:39:bd:49:55:34:4c:b7:e6:95:ae:19:91:3c:e2:b7:4c:0e:d7:cf:6b:2c:df:cf:8b:36:87:5f:b9:b2:64:2c:98:d4:37:6a:a7:e0:44:4b:d2:d7:5f:02:b7:a2:57:7f:58:2e:e4:98:3f:57:29:ad:cd:c9:1b:bc:97:b1:33:39:b5:3f:fc:37:4e:bd:46:21:48:90:24:68:fa:01:31:9b:4f:5d:d0:ea:4a:cc:8f:88:9b:2a:58:27:95:9c:68:0b:6a:6a:07:65:63:1a:b3:97:a9:3e:fb:40:6f:b2:60:aa:fb:9c:91:bf:70:f6:1f:49:53:c5:7f:eb:34:99:a2:a6:83:4f:ac:dc:82:a6:74:dd:11:c3:a4:55:62:d4:a6:6f:b7:60:6b:8e:b4:e2:44:63:a0:61:7e:90:cb:41:b1:f3:3f:cc:56:bb:dc:39:c0:1d:0f:37:1e:1e:2b:12:70:d2:c0:4f:49:23:02:59:ad:5e:51:0c:ac:f4:2b:ef:1b:c1:ea:3a:98:2f:a9:75:b4:48:6f:7f:79:9a:09:0b:ed:42:17:2e:f7:79:a9:b1:10:97:0f:bf:3e:36:4e:22:b2:f7:8f:98:5e:c3:b2:f8:eb:92:20:68:dc:09:56:25:02:2e:1e:39:7b:50:63:84:e3:68:4c:27:12:35:86:1d:fe:e7:f1:02:60:95:c7:cb:c0:4f:2e:40:dd:42:04:cc:df:5e:f8:ec:4d:0f:39:8b:00:d8:68:f9:fa:72:1b:fb:fa:7d:40:12:b8:83:cd:55:68:28:80:34:21:56:fc:69:ac:30:9d:e0:38:5d:01:3c:cf:de:e2:c4:97:e4:5d:bb:13:31:9c:68:b8:66:1a:e5:50:34:3a:aa:ac:27:bd:63:88:d2:c6:a8:53:79:72:3f:df:e3:93:09:c1:de:8b:c5:d5:8d:89:ec:a6:3c:73:e1:e5:e4:b1:41:2e:9c:ed:1f:59:77:75:ad:db:b7:19:5e:5a:dd:31:97:4c:00:31:3e:b6:ba:28:0d:f4:f7:a1:85:15:c0:79:a9:e3:ae:8b:9a:c5:bd:85:f4:7b:3e:70:79:b5:89:8b:1b:d8:64:b2:61:68:00:34:34:c2:b3:5d:c6:85:61:78:a5:47:a0:b0:b9:81:12:a4:2b:63:10:cf:ce:3e:88:37:50:52:4c:8a:d6:fe:80:c9:6e:b8:dd:fb:d5:06:ca:61:fa:af:d1:04:b5:48:65:8b:d7:bf:a5:6a:ee:7d:a4:79:21:c5:49:36:0b:de:35:c1:20:86:ec:2b:e1:a5:d8:25:84:d7:1e:09:41:72:f3:6e:c7:7e:b1:bb:4d:87:72:bb:31:3d:7f:c4:2d:39:9f:79:c2:6f:76:c6:84:eb:41:9f:53:bc:99:2a:4a:fd:ac:d0:bc:73:43:84:61:11:06:6c:77:75:b6:df:a3:ab:ce:ae:c4:0b:a2:54:4c:3f:5b:e4:34:0d:d5:f3:15:af:e6:7e:c0:bd:3f:3c:e6:66:14:d8:5b:69:b0:94:d2:9c:75:86:28:82:40:5b:88:9f:bc:9c:56:b1:72:9e:48:b1:55:29:62:5e:b2:2d:c1:a3:27:af:a1:be:63:f9:b0:42:50:0d:c9:69:c8:21:b1:2b:99:f4:41:7f:b8:c8:a1:f1:96:60:35:b4:d5:29:90:0a:88:d9:ac:12:10:de:81:a1:a9:9c:3b:88:2f:e4:26:57:3b:ce:01:5f:2e:07:da:78:a8:59:e4:b2:b2:91:7f:3f:99:f6:90:e3:8f:5b:d9:e3:2b:6a:e1:e1:34:c3:c9:52:1d:b8:6e:48:47:fd:cd:ec:96:e1:49:71:d4:c4:97:35:16:e8:00:19:f9:58:dd:8d:0a:f4:cb:9a:e6:34:f9:e5:8c:53:09:ae:f9:7d:f1:2c:38:8c:8d:12:66:f9:57:68:dc:a5:a2:69:15:8b:e5:a3:95:f0:71:18:ef:d0:ef:33:c3:1e:16:ca:7b:6c:30:80:11:df:ec:3a:df:4e:d9:02:16:a6:df:8a:fa:05:fb:ca:1e:e8:cc:58:58:2c:10:04:a5:6d:b2:fa:ab:f6:c2:f8:50:7b:a8:8a:01:27:e5:89:fd:f6:ea:56:87:c4:b3:fa:9e:79:c7:dd:d0:e7:ad:6f:32:79:a4:59:c8:49:1b:83:ce:96:95:2e:78:13:eb:ca:e2:5e:65:86:cf:ae:85:1c:f0:6d:be:5e:6a:13:32:e8:53:7f:2a:2c:4a:78:47:be:eb:7e:9a:2d:00:75:57:0d:b5:0f:75:2c:7c:0c:87:a2:dc:67:de:1b:53:e2:d5:3e:37:56:55:f3:f5:3f:ac:56:77:2f:57:0a:8e:d6:30:78:13:c9:8e:ab:92:46:01:d1:2a:ad:48:81:ff:df:78:7b:c0:9a:84:14:7c:71:ee:38:eb:7b:be:28:75:e0:e7:d5:5d:49:87:a0:12:cd:84:12:bf:6f:ef:8c:56:15:37:6f:6e:b3:4a:2a:d0:b4:06:be:6b:02:03:b4:79:53:fa:59:ff:69:a3:3e:ca:a3:de:e9:e3:d4:e9:2d:33:9a:2a:eb:28:36:df:07:fb:8a:e6:8f:d3:ea:c8:83:67:f1:9e:15:cf:3d:6c:c2:b6:b3:9b:80:57:d8:75:6d:c5:45:26:56:0b:98:9d:65:f7:6a:ef:0a:c4:a5:09:74:b6:44:63:95:50:79:21:3a:3c:68:26:9f:14:02:19:2a:3f:cd:e8:24:16:30:05:2c:23:be:9f:ff:f7:d0:65:84:df:84:87:bc:19:06:47:a5:1e:70:79:86:f7:cc:b4:c5:4d:79" - }, - "http": { - "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "POST", - "http.request.uri": "\/DcpRequestHandler\/index.ashx", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "dcp.cpp.philips.com:80", - "http.request.line": "Host: dcp.cpp.philips.com:80\r\n", - "http.authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"189\", Nonce=\"2hhU3nemMHu7INUIpcyq8g==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"O\/PDeHjjDSaAK8KbL7ctoA==\"", - "http.request.line": "Authorization: CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"189\", Nonce=\"2hhU3nemMHu7INUIpcyq8g==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"O\/PDeHjjDSaAK8KbL7ctoA==\"\r\n", - "http.content_length_header": "1248 ", - "http.content_length_header_tree": { - "http.content_length": "1248" - }, - "http.request.line": "Content-Length: 1248 \r\n", - "http.content_type": "application\/CB-Encrypted; cipher=AES", - "http.request.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", - "http.connection": "close", - "http.request.line": "Connection: close\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/dcp.cpp.philips.com:80\/DcpRequestHandler\/index.ashx", - "http.request": "1", - "http.request_number": "1", - "http.file_data": "\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdY\u00ef\u00bf\u00bd" - }, - "media": { - "media.type": "fa:cd:b8:e8:59:a2:00:2d:1b:93:7f:e0:e0:d9:02:57:a1:cb:54:c8:17:16:59:a1:c4:5d:8f:ad:7c:5d:8a:35:c5:bc:0a:8b:6c:ad:be:2f:91:30:10:f9:fd:28:ae:fb:08:ee:29:93:bb:e4:ef:57:21:42:ef:bb:2f:cf:fd:1d:ae:4e:45:f7:b7:e6:20:b0:80:92:8f:ed:58:78:62:6c:cc:b3:8b:e9:2b:e4:f5:09:e1:93:a8:e0:13:02:cf:b5:95:7b:e2:87:bb:d5:b8:c8:89:68:4e:ed:21:72:02:e2:5b:93:3b:32:fc:9d:5e:a8:d7:95:fa:6b:1d:5a:66:00:73:36:d0:35:6d:be:b6:7d:77:32:0a:ff:c0:e9:40:2e:1d:c4:92:33:fb:4a:58:1c:ac:fb:81:e2:43:42:b7:e9:c2:e1:b8:0e:e5:59:77:09:f4:6b:72:5f:70:e3:cb:1a:9c:27:27:cd:a0:c4:fc:8e:ad:4a:0e:72:39:bd:49:55:34:4c:b7:e6:95:ae:19:91:3c:e2:b7:4c:0e:d7:cf:6b:2c:df:cf:8b:36:87:5f:b9:b2:64:2c:98:d4:37:6a:a7:e0:44:4b:d2:d7:5f:02:b7:a2:57:7f:58:2e:e4:98:3f:57:29:ad:cd:c9:1b:bc:97:b1:33:39:b5:3f:fc:37:4e:bd:46:21:48:90:24:68:fa:01:31:9b:4f:5d:d0:ea:4a:cc:8f:88:9b:2a:58:27:95:9c:68:0b:6a:6a:07:65:63:1a:b3:97:a9:3e:fb:40:6f:b2:60:aa:fb:9c:91:bf:70:f6:1f:49:53:c5:7f:eb:34:99:a2:a6:83:4f:ac:dc:82:a6:74:dd:11:c3:a4:55:62:d4:a6:6f:b7:60:6b:8e:b4:e2:44:63:a0:61:7e:90:cb:41:b1:f3:3f:cc:56:bb:dc:39:c0:1d:0f:37:1e:1e:2b:12:70:d2:c0:4f:49:23:02:59:ad:5e:51:0c:ac:f4:2b:ef:1b:c1:ea:3a:98:2f:a9:75:b4:48:6f:7f:79:9a:09:0b:ed:42:17:2e:f7:79:a9:b1:10:97:0f:bf:3e:36:4e:22:b2:f7:8f:98:5e:c3:b2:f8:eb:92:20:68:dc:09:56:25:02:2e:1e:39:7b:50:63:84:e3:68:4c:27:12:35:86:1d:fe:e7:f1:02:60:95:c7:cb:c0:4f:2e:40:dd:42:04:cc:df:5e:f8:ec:4d:0f:39:8b:00:d8:68:f9:fa:72:1b:fb:fa:7d:40:12:b8:83:cd:55:68:28:80:34:21:56:fc:69:ac:30:9d:e0:38:5d:01:3c:cf:de:e2:c4:97:e4:5d:bb:13:31:9c:68:b8:66:1a:e5:50:34:3a:aa:ac:27:bd:63:88:d2:c6:a8:53:79:72:3f:df:e3:93:09:c1:de:8b:c5:d5:8d:89:ec:a6:3c:73:e1:e5:e4:b1:41:2e:9c:ed:1f:59:77:75:ad:db:b7:19:5e:5a:dd:31:97:4c:00:31:3e:b6:ba:28:0d:f4:f7:a1:85:15:c0:79:a9:e3:ae:8b:9a:c5:bd:85:f4:7b:3e:70:79:b5:89:8b:1b:d8:64:b2:61:68:00:34:34:c2:b3:5d:c6:85:61:78:a5:47:a0:b0:b9:81:12:a4:2b:63:10:cf:ce:3e:88:37:50:52:4c:8a:d6:fe:80:c9:6e:b8:dd:fb:d5:06:ca:61:fa:af:d1:04:b5:48:65:8b:d7:bf:a5:6a:ee:7d:a4:79:21:c5:49:36:0b:de:35:c1:20:86:ec:2b:e1:a5:d8:25:84:d7:1e:09:41:72:f3:6e:c7:7e:b1:bb:4d:87:72:bb:31:3d:7f:c4:2d:39:9f:79:c2:6f:76:c6:84:eb:41:9f:53:bc:99:2a:4a:fd:ac:d0:bc:73:43:84:61:11:06:6c:77:75:b6:df:a3:ab:ce:ae:c4:0b:a2:54:4c:3f:5b:e4:34:0d:d5:f3:15:af:e6:7e:c0:bd:3f:3c:e6:66:14:d8:5b:69:b0:94:d2:9c:75:86:28:82:40:5b:88:9f:bc:9c:56:b1:72:9e:48:b1:55:29:62:5e:b2:2d:c1:a3:27:af:a1:be:63:f9:b0:42:50:0d:c9:69:c8:21:b1:2b:99:f4:41:7f:b8:c8:a1:f1:96:60:35:b4:d5:29:90:0a:88:d9:ac:12:10:de:81:a1:a9:9c:3b:88:2f:e4:26:57:3b:ce:01:5f:2e:07:da:78:a8:59:e4:b2:b2:91:7f:3f:99:f6:90:e3:8f:5b:d9:e3:2b:6a:e1:e1:34:c3:c9:52:1d:b8:6e:48:47:fd:cd:ec:96:e1:49:71:d4:c4:97:35:16:e8:00:19:f9:58:dd:8d:0a:f4:cb:9a:e6:34:f9:e5:8c:53:09:ae:f9:7d:f1:2c:38:8c:8d:12:66:f9:57:68:dc:a5:a2:69:15:8b:e5:a3:95:f0:71:18:ef:d0:ef:33:c3:1e:16:ca:7b:6c:30:80:11:df:ec:3a:df:4e:d9:02:16:a6:df:8a:fa:05:fb:ca:1e:e8:cc:58:58:2c:10:04:a5:6d:b2:fa:ab:f6:c2:f8:50:7b:a8:8a:01:27:e5:89:fd:f6:ea:56:87:c4:b3:fa:9e:79:c7:dd:d0:e7:ad:6f:32:79:a4:59:c8:49:1b:83:ce:96:95:2e:78:13:eb:ca:e2:5e:65:86:cf:ae:85:1c:f0:6d:be:5e:6a:13:32:e8:53:7f:2a:2c:4a:78:47:be:eb:7e:9a:2d:00:75:57:0d:b5:0f:75:2c:7c:0c:87:a2:dc:67:de:1b:53:e2:d5:3e:37:56:55:f3:f5:3f:ac:56:77:2f:57:0a:8e:d6:30:78:13:c9:8e:ab:92:46:01:d1:2a:ad:48:81:ff:df:78:7b:c0:9a:84:14:7c:71:ee:38:eb:7b:be:28:75:e0:e7:d5:5d:49:87:a0:12:cd:84:12:bf:6f:ef:8c:56:15:37:6f:6e:b3:4a:2a:d0:b4:06:be:6b:02:03:b4:79:53:fa:59:ff:69:a3:3e:ca:a3:de:e9:e3:d4:e9:2d:33:9a:2a:eb:28:36:df:07:fb:8a:e6:8f:d3:ea:c8:83:67:f1:9e:15:cf:3d:6c:c2:b6:b3:9b:80:57:d8:75:6d:c5:45:26:56:0b:98:9d:65:f7:6a:ef:0a:c4:a5:09:74:b6:44:63:95:50:79:21:3a:3c:68:26:9f:14:02:19:2a:3f:cd:e8:24:16:30:05:2c:23:be:9f:ff:f7:d0:65:84:df:84:87:bc:19:06:47:a5:1e:70:79:86:f7:cc:b4:c5:4d:79" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:32.007024000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494432.007024000", - "frame.time_delta": "0.006658000", - "frame.time_delta_displayed": "0.006658000", - "frame.time_relative": "840.546338000", - "frame.number": "3084", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", - "arp.src.proto_ipv4": "0.0.0.0", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.114" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:32.082972000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494432.082972000", - "frame.time_delta": "0.075948000", - "frame.time_delta_displayed": "0.075948000", - "frame.time_relative": "840.622286000", - "frame.number": "3085", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", - "arp.src.proto_ipv4": "0.0.0.0", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.114" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:32.136135000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494432.136135000", - "frame.time_delta": "0.053163000", - "frame.time_delta_displayed": "0.053163000", - "frame.time_relative": "840.675449000", - "frame.number": "3086", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000cfb2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x0000bb28", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35300", - "tcp.port": "80", - "tcp.port": "35300", - "tcp.stream": "131", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1849", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00005256", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3083", - "tcp.analysis.ack_rtt": "0.135769000", - "tcp.analysis.initial_rtt": "0.135994000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:32.180063000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494432.180063000", - "frame.time_delta": "0.043928000", - "frame.time_delta_displayed": "0.043928000", - "frame.time_relative": "840.719377000", - "frame.number": "3087", - "frame.len": "925", - "frame.cap_len": "925", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:media" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "911", - "ip.id": "0x0000e374", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x0000a3ff", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35300", - "tcp.port": "80", - "tcp.port": "35300", - "tcp.stream": "131", - "tcp.len": "871", - "tcp.seq": "1", - "tcp.nxtseq": "872", - "tcp.ack": "1849", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000a4ff", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.135994000", - "tcp.analysis.bytes_in_flight": "871", - "tcp.analysis.push_bytes_sent": "871" - } - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.cache_control": "private", - "http.response.line": "Cache-Control: private\r\n", - "http.content_length_header": "560", - "http.content_length_header_tree": { - "http.content_length": "560" - }, - "http.response.line": "Content-Length: 560\r\n", - "http.content_type": "application\/CB-Encrypted; cipher=AES", - "http.response.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", - "http.server": "Microsoft-IIS\/7.5", - "http.response.line": "Server: Microsoft-IIS\/7.5\r\n", - "http.www_authenticate": "CBAuth Nonce=\"5r6Va8g415G7INUIHtzlsw==\"", - "http.response.line": "WWW-Authenticate: CBAuth Nonce=\"5r6Va8g415G7INUIHtzlsw==\"\r\n", - "http.response.line": "X-AspNet-Version: 4.0.30319\r\n", - "http.response.line": "X-Powered-By: ASP.NET\r\n", - "http.date": "Wed, 01 Nov 2017 00:00:31 GMT", - "http.response.line": "Date: Wed, 01 Nov 2017 00:00:31 GMT\r\n", - "http.connection": "close", - "http.response.line": "Connection: close\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.179697000", - "http.request_in": "3083", - "http.file_data": "\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdY\u00ef\u00bf\u00bd" - }, - "media": { - "media.type": "fa:cd:b8:e8:59:a2:00:2d:1b:93:7f:e0:e0:d9:02:57:a1:cb:54:c8:17:16:59:a1:c4:5d:8f:ad:7c:5d:8a:35:1c:c1:92:7d:11:47:c2:5b:84:9e:55:c7:cf:7c:3e:f3:d3:b4:f1:54:a4:6e:57:9e:9c:16:32:21:65:7a:fc:c8:60:fe:69:ad:5c:f0:25:59:6c:02:30:d8:4f:0c:87:c4:40:8e:4b:1c:de:00:d4:48:01:c0:69:51:83:73:a1:3e:da:98:f5:6b:fa:e8:25:a5:aa:0a:ac:71:b4:3f:13:f1:b2:6b:6b:87:cc:fd:1e:82:3c:56:ea:51:ff:c0:e5:b8:20:21:f3:2c:bb:0b:39:fc:70:e7:31:5f:60:b3:66:4e:5e:63:59:a7:d8:2a:4a:e9:9a:b0:5e:20:14:81:58:7d:c0:ff:a6:88:40:75:aa:c1:59:ee:7e:4b:1c:b9:27:35:1e:f8:3f:3b:d7:e3:01:82:74:9a:0a:94:d7:9d:1a:96:b2:4e:f2:3d:34:b7:a2:e8:89:ec:fb:19:4c:8a:97:16:2d:07:ef:8d:38:8e:f4:5a:65:ef:14:e8:3d:5d:63:ba:aa:7a:74:b0:b2:46:11:79:84:65:5c:e3:ef:fd:1f:29:f9:28:58:91:a0:73:1e:64:d1:44:5d:39:18:fa:f9:d1:92:aa:ee:6f:ed:69:3d:55:05:a5:44:63:5c:6d:57:bc:6f:9b:f6:bc:e1:88:f0:74:09:a6:09:07:b7:c3:77:ac:37:f1:fb:ab:b8:14:97:02:53:0b:27:27:f8:7a:26:14:2c:4d:db:db:32:ed:01:a7:ff:93:7f:dd:2e:11:79:59:e8:f7:44:38:5a:e6:8d:88:8b:4c:dd:e4:c2:97:73:04:d2:c4:38:23:7e:93:dc:6c:7c:39:be:e6:fd:85:4f:3e:1e:b3:ea:a2:f1:15:2d:b8:8d:9d:87:62:48:1d:c8:6d:11:e0:52:40:db:41:fa:9f:0a:61:09:b2:14:f3:6d:1f:e4:73:e3:f0:e9:1a:c7:2e:6f:4b:75:93:99:c9:04:c4:d4:f5:26:c6:af:33:4c:a0:66:ea:5c:f5:46:b2:ef:c8:86:8a:81:f9:7e:0d:94:26:18:d9:5e:61:d0:19:08:4f:0e:0e:1e:24:b9:f1:41:29:21:da:9a:17:0c:22:2c:b0:09:7b:16:74:b7:5f:f0:c4:03:fa:2a:64:66:e3:b4:be:9f:9e:46:e1:11:15:ac:96:9f:a8:4d:af:20:17:ad:6d:47:50:2e:f5:97:7e:6a:a1:fa:83:5c:31:0d:d9:92:86:3b:8f:5d:62:c4:88:e4:0b:65:7b:6d:f4:69:66:c6:74:e9:29:8d:a4:1a:33:85:b1:b0:fd:1d:97:42:b6:72:6f:97:6e:74:a0:b3:e9:51:6b:de:e2:0c:24:09:e7:a7:88:4f:0c:f3:45:78:34:c1:30:f3:39:1f:a2:bf:fc:85:d6" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:32.180155000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494432.180155000", - "frame.time_delta": "0.000092000", - "frame.time_delta_displayed": "0.000092000", - "frame.time_relative": "840.719469000", - "frame.number": "3088", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e376", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x0000a764", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35300", - "tcp.port": "80", - "tcp.port": "35300", - "tcp.stream": "131", - "tcp.len": "0", - "tcp.seq": "872", - "tcp.ack": "1849", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00004eee", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:32.180625000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494432.180625000", - "frame.time_delta": "0.000470000", - "frame.time_delta_displayed": "0.000470000", - "frame.time_relative": "840.719939000", - "frame.number": "3089", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00007509", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000c0d2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35300", - "tcp.dstport": "80", - "tcp.port": "35300", - "tcp.port": "80", - "tcp.stream": "131", - "tcp.len": "0", - "tcp.seq": "1849", - "tcp.ack": "872", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "30485", - "tcp.window_size": "30485", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000ef3d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3087", - "tcp.analysis.ack_rtt": "0.000562000", - "tcp.analysis.initial_rtt": "0.135994000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:32.181359000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494432.181359000", - "frame.time_delta": "0.000734000", - "frame.time_delta_displayed": "0.000734000", - "frame.time_relative": "840.720673000", - "frame.number": "3090", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000750a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000c0d1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35300", - "tcp.dstport": "80", - "tcp.port": "35300", - "tcp.port": "80", - "tcp.stream": "131", - "tcp.len": "0", - "tcp.seq": "1849", - "tcp.ack": "873", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "30485", - "tcp.window_size": "30485", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000ef3b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3088", - "tcp.analysis.ack_rtt": "0.001204000", - "tcp.analysis.initial_rtt": "0.135994000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:32.316603000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494432.316603000", - "frame.time_delta": "0.135244000", - "frame.time_delta_displayed": "0.135244000", - "frame.time_relative": "840.855917000", - "frame.number": "3091", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002295", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x00006846", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35300", - "tcp.port": "80", - "tcp.port": "35300", - "tcp.stream": "131", - "tcp.len": "0", - "tcp.seq": "873", - "tcp.ack": "1850", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00004eed", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3090", - "tcp.analysis.ack_rtt": "0.135244000", - "tcp.analysis.initial_rtt": "0.135994000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:32.440467000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494432.440467000", - "frame.time_delta": "0.123864000", - "frame.time_delta_displayed": "0.123864000", - "frame.time_relative": "840.979781000", - "frame.number": "3092", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.242" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:32.440916000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494432.440916000", - "frame.time_delta": "0.000449000", - "frame.time_delta_displayed": "0.000449000", - "frame.time_relative": "840.980230000", - "frame.number": "3093", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "d0:52:a8:a3:60:0f", - "arp.src.proto_ipv4": "192.168.0.242", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:33.780258000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494433.780258000", - "frame.time_delta": "1.339342000", - "frame.time_delta_displayed": "1.339342000", - "frame.time_relative": "842.319572000", - "frame.number": "3094", - "frame.len": "353", - "frame.cap_len": "353", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "339", - "ip.id": "0x00002c6f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037f1", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "287", - "tcp.seq": "7105", - "tcp.nxtseq": "7392", - "tcp.ack": "30290", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00001f9e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:31:e9:00:25:f7:a6", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812162537, TSecr 2488230": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812162537", - "tcp.options.timestamp.tsecr": "2488230" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "287", - "tcp.analysis.push_bytes_sent": "287" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "282", - "ssl.app_data": "34:cd:34:17:47:48:0e:61:1e:e7:94:6d:71:32:11:d6:ff:d4:63:a3:08:4a:e4:db:d3:7a:eb:a5:0e:22:05:db:16:50:56:86:bd:d1:1d:4b:7b:5b:7b:68:ed:96:02:f4:0d:ae:51:cc:a8:6b:0d:b5:54:30:bf:9c:c6:91:3b:9f:24:aa:ea:b2:5d:21:e6:74:d0:64:d1:a5:de:89:cf:77:19:99:26:39:2b:f7:3d:8d:24:98:21:ff:bc:5c:e6:d1:6d:2f:ef:b2:84:e3:1f:2e:1d:89:b5:50:57:a3:ea:1b:fe:7e:22:99:31:8f:f9:ff:f6:c8:e8:25:d0:37:11:66:79:43:0b:5d:64:1d:44:45:28:65:39:45:fb:77:c6:cb:80:a4:18:63:cd:82:60:5c:75:d7:08:97:cd:a1:47:4c:7d:80:90:6d:e1:4a:54:3a:2e:46:6c:4f:f8:ac:f1:f2:7a:77:5c:f7:84:c3:ec:f2:e8:6d:2c:3f:f1:87:36:ca:aa:ad:0a:29:82:17:75:aa:01:90:b5:66:79:ef:25:68:d6:3f:45:18:3f:3a:6a:ad:3d:cc:66:72:bb:ba:d7:b0:ac:e6:7b:30:3c:c2:7a:dc:04:6c:c0:53:e4:c4:fa:ac:64:c9:fe:15:7c:01:7a:18:5f:d6:5f:ee:4f:92:24:40:f8:5f:0e:4d:e5:39:d6:14:b5:60:b8:b0:39:bd:fe:62:c5:07:84:77:25:13:83:a7:f0:85" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:33.799636000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494433.799636000", - "frame.time_delta": "0.019378000", - "frame.time_delta_displayed": "0.019378000", - "frame.time_relative": "842.338950000", - "frame.number": "3095", - "frame.len": "119", - "frame.cap_len": "119", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "105", - "ip.id": "0x00009578", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000077d2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "53", - "tcp.seq": "30290", - "tcp.nxtseq": "30343", - "tcp.ack": "7392", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000be2c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:f9:f8:a7:9e:31:e9", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2488824, TSecr 2812162537": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2488824", - "tcp.options.timestamp.tsecr": "2812162537" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3094", - "tcp.analysis.ack_rtt": "0.019378000", - "tcp.analysis.bytes_in_flight": "53", - "tcp.analysis.push_bytes_sent": "53" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "48", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:21:d2:41:04:80:60:63:16:31:c4:1a:07:26:2d:d6:b3:73:27:64:15:f5:b4:87:e0:7d:66:a6:9e:aa:02:c3:9f:e5:28:12:2d:cb:02:11:34:db" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:33.859939000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494433.859939000", - "frame.time_delta": "0.060303000", - "frame.time_delta_displayed": "0.060303000", - "frame.time_relative": "842.399253000", - "frame.number": "3096", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c70", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000390f", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "7392", - "tcp.ack": "30343", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000e930", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:31:fd:00:25:f9:f8", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812162557, TSecr 2488824": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812162557", - "tcp.options.timestamp.tsecr": "2488824" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3095", - "tcp.analysis.ack_rtt": "0.060303000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:33.860490000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494433.860490000", - "frame.time_delta": "0.000551000", - "frame.time_delta_displayed": "0.000551000", - "frame.time_relative": "842.399804000", - "frame.number": "3097", - "frame.len": "764", - "frame.cap_len": "764", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "750", - "ip.id": "0x00009579", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000754c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "698", - "tcp.seq": "30343", - "tcp.nxtseq": "31041", - "tcp.ack": "7392", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000b5b3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:f9:fe:a7:9e:31:fd", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2488830, TSecr 2812162557": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2488830", - "tcp.options.timestamp.tsecr": "2812162557" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "698", - "tcp.analysis.push_bytes_sent": "698" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:22:55:ee:d5:4f:bb:8e:0a:29:f7:13:9a:26:f8:25:44:ee:99:7e:d2:bc:76:40:7a:02:81:cb:01:3d:ba:b2:0d:50:30:c6:ae:ea:9b:a5:2f:f1:dc" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "96", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:23:cc:b5:44:da:11:e0:2f:7f:b9:99:4b:3a:be:69:d8:e8:09:2b:c2:18:fd:4d:3f:c0:70:74:09:8c:10:a1:3d:b3:8a:bb:aa:b5:1d:65:43:02:5a:18:e3:65:64:8f:70:68:3b:60:af:c6:b2:40:dc:2d:42:e0:59:28:24:35:2b:41:37:20:f7:02:a7:5c:fd:d2:2a:e8:30:cc:95:91:ac:54:c8:7d:2f:6a:db:08:03:eb" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "538", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:24:c4:df:91:c8:a5:0c:0e:f8:a1:91:72:92:7b:19:70:ec:82:25:46:3a:f5:ff:ec:45:6b:42:9d:fd:81:74:9b:73:8f:b7:75:b0:c0:d7:91:5f:07:a9:17:51:7a:3f:8e:94:7e:fa:fc:e7:65:e2:87:7b:ec:f9:ea:e8:14:67:ff:dd:b4:80:3a:2e:40:0f:00:86:33:17:fa:d7:0e:84:cd:64:cc:3d:3b:24:fe:37:95:82:14:54:d5:8e:96:0b:ff:38:8c:0b:39:74:19:f0:10:33:1a:81:17:4b:d8:cb:0a:39:a3:e1:74:01:2c:02:11:5b:71:c0:1b:c4:09:8f:a8:12:9d:f3:63:22:21:98:93:ac:39:cb:be:4e:6c:cb:04:90:ca:90:bf:e8:55:e4:34:42:21:b6:74:04:e3:c4:a5:a2:cc:62:b5:59:2e:ef:3d:e7:d6:7c:36:0d:18:b3:05:95:3a:37:65:05:6a:13:72:ca:b5:b8:49:58:59:58:4a:a1:f5:04:8f:75:9d:14:b3:52:91:64:3a:5d:54:22:aa:40:eb:f6:d0:60:96:b9:3c:76:ef:3c:2f:4f:cd:d7:7f:ef:18:61:21:29:bc:7a:44:54:9c:e6:64:da:5d:65:ca:c0:d1:d4:e3:43:eb:71:c9:38:4f:37:28:58:f8:07:dc:9a:79:e4:b6:f0:ad:a8:da:26:c9:f7:56:e7:86:e4:39:68:fe:45:2b:0b:a0:72:88:01:d0:7d:8a:a2:57:01:06:10:bd:19:21:88:ff:57:22:f3:b4:28:50:57:dd:9a:fa:08:3a:95:a2:96:8a:5e:44:a9:b5:2f:77:bb:69:1f:20:7c:4e:7b:34:1e:26:54:f8:11:79:88:29:1f:e0:67:84:f8:4f:ea:0f:25:bd:72:fd:1c:c6:be:c6:77:17:c9:0d:58:f0:89:48:76:c4:5e:2b:b3:da:1b:81:35:6a:45:75:2f:cf:cc:d3:33:68:61:88:6f:3b:7b:ae:eb:29:c5:0d:72:1f:20:7c:e2:26:68:54:84:8b:e2:4c:0c:43:ae:bf:86:7f:00:04:bc:2a:a2:74:ed:12:5a:c9:e9:fa:e7:31:59:6c:34:2f:94:a7:be:15:1a:18:7a:61:b7:86:eb:b9:22:ae:97:b4:a2:d9:29:d8:b6:f2:1a:5b:74:cf:66:c9:f0:86:e9:34:31:78:04:bf:a7:71:14:93:68:c9:b6:b5:13:b9:78:66:de:d8:58:c8:7a:11:81:26:25:44:d3:0a:d5:60:d0:fb:70:3d:c3:68:4e:05:e7:4b:34:ce:de:db:77:a0:47:b1:47:82:6f:35:6b:a8:83:05:62:a5:3b:6d:61:ed:67:4f:d2:8f:20:7f:91:2e:a1:78:c9:f7:22:32:7f:6b:b1" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:33.920742000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494433.920742000", - "frame.time_delta": "0.060252000", - "frame.time_delta_displayed": "0.060252000", - "frame.time_relative": "842.460056000", - "frame.number": "3098", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c71", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000390e", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "7392", - "tcp.ack": "31041", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000e661", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:32:0c:00:25:f9:fe", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812162572, TSecr 2488830": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812162572", - "tcp.options.timestamp.tsecr": "2488830" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3097", - "tcp.analysis.ack_rtt": "0.060252000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:34.194412000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494434.194412000", - "frame.time_delta": "0.273670000", - "frame.time_delta_displayed": "0.273670000", - "frame.time_relative": "842.733726000", - "frame.number": "3099", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "106", - "ip.id": "0x0000957a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000077cf", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "54", - "tcp.seq": "31041", - "tcp.nxtseq": "31095", - "tcp.ack": "7392", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000072aa", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:fa:20:a7:9e:32:0c", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2488864, TSecr 2812162572": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2488864", - "tcp.options.timestamp.tsecr": "2812162572" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "54", - "tcp.analysis.push_bytes_sent": "54" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:25:52:26:60:bf:ec:dc:54:3d:4e:27:70:a0:bf:d0:36:78:4c:08:47:76:13:38:5b:9f:5d:44:6e:f7:6d:7b:73:14:4f:d1:5a:4b:a9:7b:97:7b:05" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:34.254777000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494434.254777000", - "frame.time_delta": "0.060365000", - "frame.time_delta_displayed": "0.060365000", - "frame.time_relative": "842.794091000", - "frame.number": "3100", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c72", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000390d", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "7392", - "tcp.ack": "31095", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000e5b5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:32:60:00:25:fa:20", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812162656, TSecr 2488864": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812162656", - "tcp.options.timestamp.tsecr": "2488864" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3099", - "tcp.analysis.ack_rtt": "0.060365000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:34.420152000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494434.420152000", - "frame.time_delta": "0.165375000", - "frame.time_delta_displayed": "0.165375000", - "frame.time_relative": "842.959466000", - "frame.number": "3101", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000057f1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a6a0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "281", - "tcp.ack": "253", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000004ab", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive": "", - "_ws.expert.message": "TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:34.564191000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494434.564191000", - "frame.time_delta": "0.144039000", - "frame.time_delta_displayed": "0.144039000", - "frame.time_relative": "843.103505000", - "frame.number": "3102", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000fdf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fdb2", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "253", - "tcp.ack": "282", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00000f20", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive_ack": "", - "_ws.expert.message": "ACK to a TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:36.475551000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494436.475551000", - "frame.time_delta": "1.911360000", - "frame.time_delta_displayed": "1.911360000", - "frame.time_relative": "845.014865000", - "frame.number": "3103", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005c5b", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x00005b8e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:36.730107000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494436.730107000", - "frame.time_delta": "0.254556000", - "frame.time_delta_displayed": "0.254556000", - "frame.time_relative": "845.269421000", - "frame.number": "3104", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.160" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:36.730503000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494436.730503000", - "frame.time_delta": "0.000396000", - "frame.time_delta_displayed": "0.000396000", - "frame.time_relative": "845.269817000", - "frame.number": "3105", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "00:17:88:69:ee:e4", - "arp.src.proto_ipv4": "192.168.0.160", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:37.188318000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494437.188318000", - "frame.time_delta": "0.457815000", - "frame.time_delta_displayed": "0.457815000", - "frame.time_relative": "845.727632000", - "frame.number": "3106", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", - "arp.src.proto_ipv4": "192.168.0.114", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:38.029215000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494438.029215000", - "frame.time_delta": "0.840897000", - "frame.time_delta_displayed": "0.840897000", - "frame.time_relative": "846.568529000", - "frame.number": "3107", - "frame.len": "354", - "frame.cap_len": "354", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "340", - "ip.id": "0x00002c73", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037ec", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "288", - "tcp.seq": "7392", - "tcp.nxtseq": "7680", - "tcp.ack": "31095", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000dbc3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:36:0f:00:25:fa:20", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812163599, TSecr 2488864": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812163599", - "tcp.options.timestamp.tsecr": "2488864" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "288", - "tcp.analysis.push_bytes_sent": "288" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "283", - "ssl.app_data": "34:cd:34:17:47:48:0e:62:3e:5a:63:1d:1b:13:6e:2a:f8:b8:2f:81:d1:46:c3:73:d9:da:71:9e:f3:52:97:22:f2:19:a0:d3:7a:39:e7:dd:03:fb:c1:9b:97:dd:a8:89:2f:79:8d:c8:31:93:5b:e0:3f:82:c0:c2:f5:2f:ad:08:91:04:3e:30:62:ae:8e:f5:41:75:12:1c:c1:ba:26:8a:5b:0f:14:8f:05:f3:9d:de:2e:ff:f3:48:fb:85:32:93:ec:d8:fb:0d:43:e6:5c:7d:f2:7c:fe:a2:e3:ed:31:ce:fe:95:d3:8d:38:dc:c5:53:a1:b2:10:d6:1b:41:a7:4a:4b:85:c5:c4:12:5a:99:8d:89:7e:a1:6f:87:c8:0c:5f:e6:61:b2:2c:c2:aa:c0:76:55:43:64:b5:9b:02:7e:06:1d:3b:1b:97:66:6e:76:dc:dc:30:20:2f:63:72:ba:62:34:c4:4e:f2:80:a2:64:41:e7:bd:67:e4:fb:ce:73:1c:11:d7:b2:0e:0f:38:41:30:9e:da:ce:0b:17:ae:c2:fe:bd:56:6d:75:50:de:82:f3:64:e4:50:65:6d:67:39:02:5f:f8:ba:73:d4:99:d3:e0:de:dd:77:2f:a8:fe:8c:a7:db:6c:cc:c7:c1:63:82:b4:d2:21:d9:79:0e:a0:9d:7e:85:dd:b3:58:62:a8:d3:f6:7c:6e:c4:52:a0:9a:0e:19:a9:45:dd:b3:08:d1:35:07:15:ff:38" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:38.050187000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494438.050187000", - "frame.time_delta": "0.020972000", - "frame.time_delta_displayed": "0.020972000", - "frame.time_relative": "846.589501000", - "frame.number": "3108", - "frame.len": "119", - "frame.cap_len": "119", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "105", - "ip.id": "0x0000957b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000077cf", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "53", - "tcp.seq": "31095", - "tcp.nxtseq": "31148", - "tcp.ack": "7680", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000040ee", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:fb:a1:a7:9e:36:0f", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2489249, TSecr 2812163599": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2489249", - "tcp.options.timestamp.tsecr": "2812163599" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3107", - "tcp.analysis.ack_rtt": "0.020972000", - "tcp.analysis.bytes_in_flight": "53", - "tcp.analysis.push_bytes_sent": "53" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "48", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:26:66:0f:ae:42:19:e4:7d:6e:77:95:e4:53:fb:83:0c:86:a9:49:67:b9:8b:fa:a6:fb:a1:11:2a:3d:4a:71:bb:6d:a3:6e:8b:68:10:e5:c6:f5" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:38.110120000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494438.110120000", - "frame.time_delta": "0.059933000", - "frame.time_delta_displayed": "0.059933000", - "frame.time_relative": "846.649434000", - "frame.number": "3109", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c74", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000390b", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "7680", - "tcp.ack": "31148", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000df1b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:36:24:00:25:fb:a1", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812163620, TSecr 2489249": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812163620", - "tcp.options.timestamp.tsecr": "2489249" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3108", - "tcp.analysis.ack_rtt": "0.059933000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:38.110597000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494438.110597000", - "frame.time_delta": "0.000477000", - "frame.time_delta_displayed": "0.000477000", - "frame.time_relative": "846.649911000", - "frame.number": "3110", - "frame.len": "765", - "frame.cap_len": "765", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "751", - "ip.id": "0x0000957c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007548", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "699", - "tcp.seq": "31148", - "tcp.nxtseq": "31847", - "tcp.ack": "7680", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00009e6f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:fb:a7:a7:9e:36:24", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2489255, TSecr 2812163620": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2489255", - "tcp.options.timestamp.tsecr": "2812163620" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "699", - "tcp.analysis.push_bytes_sent": "699" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:27:43:38:b9:a8:4c:84:90:91:55:34:58:8e:b0:02:28:3a:03:e4:71:0e:d2:3b:84:bd:68:9b:22:6b:f1:ee:8a:ef:f2:72:74:03:ed:4b:9d:64:22" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "96", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:28:a8:79:b0:7d:7c:b7:db:3b:62:8b:d7:25:fe:cb:d7:00:8a:f2:54:e4:67:46:cc:96:c6:8d:83:aa:54:dc:fb:fe:3f:d1:86:e0:ad:49:7f:c7:3b:76:7f:ec:40:e3:5d:32:2b:c8:87:b3:2e:ff:06:c1:35:ae:e3:0a:43:d2:10:6c:da:26:4b:70:9c:43:c4:5e:97:b6:f8:da:7c:11:75:5e:92:1d:5d:34:ef:18:f6:96" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "539", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:29:ba:2a:1a:28:fc:c2:ac:59:b6:40:09:c0:70:dd:33:88:68:ab:fe:c1:b9:75:dd:7b:e5:40:9a:2a:4f:c6:9f:b1:a3:47:80:07:a6:4e:43:39:a5:b7:c0:6b:04:82:1c:2f:10:f9:58:cb:9c:a0:4a:29:cb:6a:62:ef:d3:ed:af:17:79:8f:a2:6c:40:69:16:5b:bb:e6:e1:9c:84:89:df:d8:fd:5a:60:ac:dd:77:82:64:41:a0:44:4c:75:8d:f0:bb:8d:85:88:0d:64:a5:c3:99:dc:09:15:91:42:e4:01:a9:9f:90:2f:67:29:1d:bd:c7:f2:12:9f:d2:e4:f1:dd:26:af:6e:2c:24:00:88:6d:59:4a:9b:60:5f:67:31:7c:c2:59:b5:48:54:e6:9c:01:72:9d:ee:48:c1:bd:9a:f1:70:64:80:10:17:e2:59:c6:50:71:d8:93:0a:ab:85:7e:3d:8c:fb:58:9e:38:9e:3c:9b:99:e5:03:50:cb:f6:cf:1c:18:3a:48:5f:cd:3d:78:c9:a6:e7:db:03:cd:02:6a:02:29:27:07:b5:44:17:8f:87:8a:84:85:19:60:e2:22:a8:ad:8d:d9:31:65:b7:a3:c5:94:b6:ed:67:91:ed:56:75:90:0b:f6:c7:60:ca:27:1b:0e:b4:c0:df:28:00:84:34:03:ee:4e:89:f2:80:ff:1b:d1:ed:42:cd:e7:9d:44:a1:a9:60:bb:5a:38:0e:c8:14:af:14:73:fd:7f:37:a2:3e:fe:d3:87:3d:c3:df:d9:8d:f6:fb:55:03:84:b8:f3:17:a4:6b:18:f5:bd:60:d5:d0:f6:10:bd:9e:96:12:6a:ce:98:00:2f:82:c6:78:66:18:de:46:f6:a6:20:ce:bb:f4:5a:c7:0d:d4:8e:6d:7f:0b:a9:2b:28:ca:ed:05:1e:cf:62:45:17:11:f3:05:48:8a:26:e1:b9:b6:6b:8f:fd:d3:b4:e1:3f:0b:64:89:be:d1:1c:45:a4:48:1e:a8:3d:b6:59:d6:55:32:de:3d:92:1f:55:40:65:cb:5e:96:50:60:1c:a8:30:9d:8d:db:95:a3:9f:f0:a6:e9:41:cd:9c:5a:95:75:29:9f:a5:75:9e:80:26:a3:c1:ac:35:b7:ef:ad:53:e0:fa:b3:b7:18:3a:bc:43:1e:11:e8:a2:9c:57:a9:b3:30:6c:fe:6b:bb:76:cc:bb:b0:19:d9:65:08:51:25:3e:22:77:b6:9d:07:fb:79:93:6e:60:f3:05:88:48:58:03:5d:f4:f5:5c:3e:9b:0c:6a:72:4e:45:3d:96:b1:41:e0:93:24:b0:91:a9:95:cc:1e:56:cb:dd:df:67:79:c2:73:7e:20:0e:f4:6b:a9:f2:59:0a:e2:38:11:8c:0c:01:75:17:c2" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:38.170857000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494438.170857000", - "frame.time_delta": "0.060260000", - "frame.time_delta_displayed": "0.060260000", - "frame.time_relative": "846.710171000", - "frame.number": "3111", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c75", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000390a", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "7680", - "tcp.ack": "31847", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000dc4b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:36:33:00:25:fb:a7", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812163635, TSecr 2489255": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812163635", - "tcp.options.timestamp.tsecr": "2489255" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3110", - "tcp.analysis.ack_rtt": "0.060260000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:38.446216000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494438.446216000", - "frame.time_delta": "0.275359000", - "frame.time_delta_displayed": "0.275359000", - "frame.time_relative": "846.985530000", - "frame.number": "3112", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "106", - "ip.id": "0x0000957d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000077cc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "54", - "tcp.seq": "31847", - "tcp.nxtseq": "31901", - "tcp.ack": "7680", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00006da6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:fb:c9:a7:9e:36:33", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2489289, TSecr 2812163635": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2489289", - "tcp.options.timestamp.tsecr": "2812163635" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "54", - "tcp.analysis.push_bytes_sent": "54" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:2a:3e:44:db:73:04:47:29:08:b0:32:d7:18:14:7c:f4:8b:25:90:a8:8d:67:44:d9:d2:68:55:97:00:72:de:bc:02:14:68:0f:83:dc:fb:6a:8d:b6" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:38.506358000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494438.506358000", - "frame.time_delta": "0.060142000", - "frame.time_delta_displayed": "0.060142000", - "frame.time_relative": "847.045672000", - "frame.number": "3113", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c76", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003909", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "7680", - "tcp.ack": "31901", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000db9f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:36:87:00:25:fb:c9", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812163719, TSecr 2489289": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812163719", - "tcp.options.timestamp.tsecr": "2489289" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3112", - "tcp.analysis.ack_rtt": "0.060142000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:38.534036000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494438.534036000", - "frame.time_delta": "0.027678000", - "frame.time_delta_displayed": "0.027678000", - "frame.time_relative": "847.073350000", - "frame.number": "3114", - "frame.len": "136", - "frame.cap_len": "136", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "122", - "ip.id": "0x000077aa", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000061af", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "102", - "udp.checksum": "0x0000302a", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000003", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", - "dns.qry.name.len": "70", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:43.739844000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494443.739844000", - "frame.time_delta": "5.205808000", - "frame.time_delta_displayed": "5.205808000", - "frame.time_relative": "852.279158000", - "frame.number": "3115", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x000008a4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000b016", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "55740", - "udp.dstport": "53", - "udp.port": "55740", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x0000dc5b", - "udp.checksum.status": "2", - "udp.stream": "83" - }, - "dns": { - "dns.id": "0x00000f25", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:43.740436000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494443.740436000", - "frame.time_delta": "0.000592000", - "frame.time_delta_displayed": "0.000592000", - "frame.time_relative": "852.279750000", - "frame.number": "3116", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x00004702", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000071b8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "55740", - "udp.port": "53", - "udp.port": "55740", - "udp.length": "45", - "udp.checksum": "0x00008230", - "udp.checksum.status": "2", - "udp.stream": "83" - }, - "dns": { - "dns.response_to": "3115", - "dns.time": "0.000592000", - "dns.id": "0x00000f25", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:43.741239000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494443.741239000", - "frame.time_delta": "0.000803000", - "frame.time_delta_displayed": "0.000803000", - "frame.time_relative": "852.280553000", - "frame.number": "3117", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x000008a5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000b015", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "41203", - "udp.dstport": "53", - "udp.port": "41203", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x00003024", - "udp.checksum.status": "2", - "udp.stream": "84" - }, - "dns": { - "dns.id": "0x00000f26", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:43.741798000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494443.741798000", - "frame.time_delta": "0.000559000", - "frame.time_delta_displayed": "0.000559000", - "frame.time_relative": "852.281112000", - "frame.number": "3118", - "frame.len": "95", - "frame.cap_len": "95", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "81", - "ip.id": "0x00004703", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000071a7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "41203", - "udp.port": "53", - "udp.port": "41203", - "udp.length": "61", - "udp.checksum": "0x00008240", - "udp.checksum.status": "2", - "udp.stream": "84" - }, - "dns": { - "dns.response_to": "3117", - "dns.time": "0.000559000", - "dns.id": "0x00000f26", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "1", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { - "dns.resp.name": "dcp.cpp.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2934", - "dns.resp.len": "4", - "dns.a": "5.79.62.93" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:43.742958000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494443.742958000", - "frame.time_delta": "0.001160000", - "frame.time_delta_displayed": "0.001160000", - "frame.time_relative": "852.282272000", - "frame.number": "3119", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000fb15", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003aba", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35301", - "tcp.dstport": "80", - "tcp.port": "35301", - "tcp.port": "80", - "tcp.stream": "132", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000c45b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:43.878094000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494443.878094000", - "frame.time_delta": "0.135136000", - "frame.time_delta_displayed": "0.135136000", - "frame.time_relative": "852.417408000", - "frame.number": "3120", - "frame.len": "62", - "frame.cap_len": "62", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "48", - "ip.id": "0x0000f206", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x000098cc", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35301", - "tcp.port": "80", - "tcp.port": "35301", - "tcp.stream": "132", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "28", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "4140", - "tcp.window_size": "4140", - "tcp.checksum": "0x0000cf66", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:64:04:02:00:00", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1380" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "End of Option List (EOL)": { - "tcp.options.type": "0", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "0" - } - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3119", - "tcp.analysis.ack_rtt": "0.135136000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:43.878632000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494443.878632000", - "frame.time_delta": "0.000538000", - "frame.time_delta_displayed": "0.000538000", - "frame.time_relative": "852.417946000", - "frame.number": "3121", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000fb16", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003ac5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35301", - "tcp.dstport": "80", - "tcp.port": "35301", - "tcp.port": "80", - "tcp.stream": "132", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x000098f5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3120", - "tcp.analysis.ack_rtt": "0.000538000", - "tcp.analysis.initial_rtt": "0.135674000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:43.878645000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494443.878645000", - "frame.time_delta": "0.000013000", - "frame.time_delta_displayed": "0.000013000", - "frame.time_relative": "852.417959000", - "frame.number": "3122", - "frame.len": "654", - "frame.cap_len": "654", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "640", - "ip.id": "0x0000fb17", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000386c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35301", - "tcp.dstport": "80", - "tcp.port": "35301", - "tcp.port": "80", - "tcp.stream": "132", - "tcp.len": "600", - "tcp.seq": "1", - "tcp.nxtseq": "601", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x000070c3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.135674000", - "tcp.analysis.bytes_in_flight": "600", - "tcp.analysis.push_bytes_sent": "600" - }, - "tcp.segment_data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:39:30:22:2c:20:4e:6f:6e:63:65:3d:22:35:72:36:56:61:38:67:34:31:35:47:37:49:4e:55:49:48:74:7a:6c:73:77:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:49:4a:4a:41:71:45:64:70:53:69:51:33:6a:64:4b:48:58:6e:4a:6c:69:67:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:44.014641000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494444.014641000", - "frame.time_delta": "0.135996000", - "frame.time_delta_displayed": "0.135996000", - "frame.time_relative": "852.553955000", - "frame.number": "3123", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00003233", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x000058a8", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35301", - "tcp.port": "80", - "tcp.port": "35301", - "tcp.stream": "132", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "601", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4740", - "tcp.window_size": "4740", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000f629", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3122", - "tcp.analysis.ack_rtt": "0.135996000", - "tcp.analysis.initial_rtt": "0.135674000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:44.015279000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494444.015279000", - "frame.time_delta": "0.000638000", - "frame.time_delta_displayed": "0.000638000", - "frame.time_relative": "852.554593000", - "frame.number": "3124", - "frame.len": "1302", - "frame.cap_len": "1302", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:media" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1288", - "ip.id": "0x0000fb18", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000035e3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35301", - "tcp.dstport": "80", - "tcp.port": "35301", - "tcp.port": "80", - "tcp.stream": "132", - "tcp.len": "1248", - "tcp.seq": "601", - "tcp.nxtseq": "1849", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x000008c4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.135674000", - "tcp.analysis.bytes_in_flight": "1248", - "tcp.analysis.push_bytes_sent": "1248" - }, - "tcp.segment_data": "18:90:be:3a:3c:7c:5c:1e:6d:bb:3d:9c:52:4d:85:36:94:51:43:f2:e7:c1:1c:40:43:ed:b7:f3:24:c7:ad:1b:d4:79:5c:bd:ed:95:6b:1d:19:fb:50:0e:91:bc:7b:c0:24:f0:ea:df:ac:1a:e6:c7:84:7d:e3:32:c3:b4:cb:c6:a6:98:6a:9f:5c:40:cd:1b:e1:3f:ca:77:f5:08:89:b8:21:bc:e5:f4:63:e6:46:3c:af:a2:1c:18:83:bb:f4:dd:ea:3d:dd:0b:ea:c1:32:8d:e8:48:1b:9c:31:a0:d1:46:f5:b9:f3:62:f9:a0:09:44:f0:1e:dd:bf:17:cb:5a:08:79:22:69:d6:41:6e:52:82:75:8e:75:ad:e4:37:44:1d:53:d6:bf:c3:58:c5:00:00:5f:23:cf:30:3b:72:6d:71:61:9c:9b:56:43:c7:57:04:92:62:a9:91:69:55:66:d4:b5:06:04:a5:01:81:6f:65:f9:73:40:12:84:0f:b5:c4:67:44:78:d9:5e:e2:54:61:dd:71:cd:00:fd:6d:c2:ea:14:87:e8:71:35:ce:d4:78:45:ef:46:d9:cb:7e:a1:62:40:79:9d:f3:b3:e7:31:6e:84:b8:06:fa:bf:2c:26:73:cf:1e:10:d1:b8:06:4e:b8:92:17:24:65:d4:06:78:33:26:81:67:6f:b5:aa:c0:2e:f3:ad:e6:ef:9c:c4:5d:de:d4:74:b8:13:40:3e:38:3c:66:a3:48:8d:07:33:26:41:9c:e0:43:eb:8b:32:f6:11:f1:87:eb:e7:4b:85:82:37:28:f1:dd:ff:7f:0f:60:da:8f:30:27:3b:59:78:74:7d:fa:2d:e9:34:70:ea:78:23:7c:99:89:88:b4:9c:45:23:b5:28:30:97:67:66:5f:70:74:3c:95:4d:bd:07:a3:31:2f:d3:80:90:10:2b:cb:83:da:71:37:28:ca:4d:4d:cf:ce:5d:ef:cb:bd:39:10:f3:37:2f:91:dd:2a:8a:45:20:15:ae:89:4a:a4:8e:29:c1:57:4e:62:3b:2b:54:01:19:fc:75:b2:3e:d0:c0:37:e9:75:bd:7c:54:75:63:72:bc:b8:49:de:b6:79:c8:53:6b:b3:9a:07:53:4b:6d:1c:22:15:13:58:a8:68:e5:8a:82:8f:1a:56:4a:41:d9:1f:0c:1a:63:c0:dc:ac:de:fe:6f:1a:be:42:be:41:50:44:70:05:2e:49:e8:b3:c9:f5:33:8b:ae:98:b1:fd:73:5f:85:78:ab:9d:a6:b8:f7:ec:a2:d2:f0:74:ec:68:d6:52:9d:16:d1:50:d6:0a:cc:e8:fe:f1:96:56:36:b3:fd:47:f6:40:99:db:91:11:a2:d2:fa:0c:75:54:7a:b2:5e:0e:db:cb:0e:b2:5a:31:ca:11:f8:83:6c:57:23:43:c7:f6:01:57:0f:c4:10:cf:d2:ba:84:f7:d5:ec:33:9e:6c:72:95:c7:42:3e:99:f9:38:77:ee:f2:e0:0d:f1:bc:63:8b:e0:53:c3:d8:9e:2e:c4:71:49:c1:da:94:42:78:99:a7:e3:3c:31:63:01:3d:df:2b:d6:40:72:35:fd:ee:e4:50:9b:69:5f:fa:78:9d:fb:0c:0f:60:99:c8:af:17:be:27:c1:33:bc:51:e2:dc:90:64:c7:90:01:10:be:92:b5:04:13:c6:b1:0f:49:a3:2e:e2:6f:98:77:8d:d1:f0:df:2c:d4:b1:1d:ad:b0:b4:a3:6c:64:0a:be:d0:59:8b:6e:43:4d:07:db:d2:a8:35:68:b7:ae:e1:f8:b0:9c:58:a8:af:83:56:ba:99:d2:eb:4d:8c:aa:82:c7:47:c9:61:62:10:1f:7d:d8:fc:e3:0c:fd:fa:5d:2e:83:34:03:ac:3b:3e:e2:54:05:ff:f7:df:4c:39:e3:2d:82:98:80:fb:bc:93:0d:6a:79:d4:bd:52:45:ef:d3:f8:a2:ca:39:fc:f8:e9:88:16:04:2a:a6:0b:02:6d:45:b3:2b:04:3b:94:3f:e9:00:8c:f2:67:bb:91:95:29:99:ee:6d:88:25:b0:2c:ab:57:5d:34:19:f3:a1:75:f8:85:27:7c:5b:ca:f4:d2:21:a3:97:79:f0:3b:61:90:af:41:3c:96:84:92:00:59:1d:0f:f2:7c:56:00:77:81:62:f5:bf:e7:8d:ca:ac:7e:42:2a:4e:d7:e5:0d:6e:60:c5:09:3c:91:68:6e:1c:62:5c:e8:13:07:b5:47:24:35:64:98:04:d6:d0:17:7f:e0:24:29:03:73:79:7b:46:46:69:ef:56:9a:b4:04:78:9b:09:c3:71:64:19:c4:85:f9:b0:c3:e5:c1:7a:1b:27:f3:a0:ef:ad:85:4b:d2:8c:80:2c:43:33:cb:7a:15:14:18:db:5f:7c:45:20:a3:dd:be:e5:bb:29:16:06:f5:df:9b:a9:9c:5c:a6:29:34:45:9c:75:81:83:f8:e9:0a:58:b6:33:53:65:ed:86:0a:18:e6:93:7b:48:f7:0e:8c:68:1c:8d:57:56:c7:dd:08:ac:6b:ed:83:9f:47:66:d8:12:ac:d4:c1:2d:e1:6c:7f:f4:36:35:f5:52:3b:34:4e:d2:31:02:6c:49:6f:9d:61:d0:75:72:2e:39:d0:3d:0c:53:3d:a0:cc:a7:b8:c3:80:47:ce:bb:09:c4:bd:17:aa:f6:2b:a6:8d:98:67:0a:79:ff:e2:d5:59:8c:54:b7:d7:c3:60:8b:e4:fd:4e:56:3c:7b:49:df:50:1c:39:b7:a5:ad:22:9d:f5:64:8a:c0:29:1a:85:8c:40:9b:69:43:b9:22:1a:9d:54:db:64:14:24:12:48:55:58:e7:a4:1b:77:b9:cb:8e:df:3a:ef:aa:f9:9d:3b:b2:ff:b1:fb:1c:7d:04:ea:ee:f7:b2:65:03:78:73:81:ee:30:02:d2:99:0b:e4:93:46:c1:9c:96:b2:0b:01:44:dc:71:ff:ff:73:8d:ce:66:43:bb:0e:07:b0:a6:ea:4f:ff:01:2d:28:b7:b5:c1:77:f9:89:6b:f9:2b:d0:65:f5:f9:f7:9d:10:93:12:4f:7c:97:4b:2d:5d:f5:73:5a:50:34:8d:82:61:1b:cb:70:ec:d6:d6:45:62:09:5b:ce:0e:17:c8:d1:e3:ab:cb:a0:01:8f:b3:a6:73:0d:02:b2:32:48:3b:67:39:25:f3:ab:bb:0a:08:f3:97:22:b8:2b:da:ec:7a:46:92:ae:df:43:ff:44:40:b9:a8:7b:86:44:2d:ef:7b:f4:90:98:96:c3:e5:1b:31" - }, - "tcp.segments": { - "tcp.segment": "3122", - "tcp.segment": "3124", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1848", - "tcp.reassembled.data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:39:30:22:2c:20:4e:6f:6e:63:65:3d:22:35:72:36:56:61:38:67:34:31:35:47:37:49:4e:55:49:48:74:7a:6c:73:77:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:49:4a:4a:41:71:45:64:70:53:69:51:33:6a:64:4b:48:58:6e:4a:6c:69:67:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a:18:90:be:3a:3c:7c:5c:1e:6d:bb:3d:9c:52:4d:85:36:94:51:43:f2:e7:c1:1c:40:43:ed:b7:f3:24:c7:ad:1b:d4:79:5c:bd:ed:95:6b:1d:19:fb:50:0e:91:bc:7b:c0:24:f0:ea:df:ac:1a:e6:c7:84:7d:e3:32:c3:b4:cb:c6:a6:98:6a:9f:5c:40:cd:1b:e1:3f:ca:77:f5:08:89:b8:21:bc:e5:f4:63:e6:46:3c:af:a2:1c:18:83:bb:f4:dd:ea:3d:dd:0b:ea:c1:32:8d:e8:48:1b:9c:31:a0:d1:46:f5:b9:f3:62:f9:a0:09:44:f0:1e:dd:bf:17:cb:5a:08:79:22:69:d6:41:6e:52:82:75:8e:75:ad:e4:37:44:1d:53:d6:bf:c3:58:c5:00:00:5f:23:cf:30:3b:72:6d:71:61:9c:9b:56:43:c7:57:04:92:62:a9:91:69:55:66:d4:b5:06:04:a5:01:81:6f:65:f9:73:40:12:84:0f:b5:c4:67:44:78:d9:5e:e2:54:61:dd:71:cd:00:fd:6d:c2:ea:14:87:e8:71:35:ce:d4:78:45:ef:46:d9:cb:7e:a1:62:40:79:9d:f3:b3:e7:31:6e:84:b8:06:fa:bf:2c:26:73:cf:1e:10:d1:b8:06:4e:b8:92:17:24:65:d4:06:78:33:26:81:67:6f:b5:aa:c0:2e:f3:ad:e6:ef:9c:c4:5d:de:d4:74:b8:13:40:3e:38:3c:66:a3:48:8d:07:33:26:41:9c:e0:43:eb:8b:32:f6:11:f1:87:eb:e7:4b:85:82:37:28:f1:dd:ff:7f:0f:60:da:8f:30:27:3b:59:78:74:7d:fa:2d:e9:34:70:ea:78:23:7c:99:89:88:b4:9c:45:23:b5:28:30:97:67:66:5f:70:74:3c:95:4d:bd:07:a3:31:2f:d3:80:90:10:2b:cb:83:da:71:37:28:ca:4d:4d:cf:ce:5d:ef:cb:bd:39:10:f3:37:2f:91:dd:2a:8a:45:20:15:ae:89:4a:a4:8e:29:c1:57:4e:62:3b:2b:54:01:19:fc:75:b2:3e:d0:c0:37:e9:75:bd:7c:54:75:63:72:bc:b8:49:de:b6:79:c8:53:6b:b3:9a:07:53:4b:6d:1c:22:15:13:58:a8:68:e5:8a:82:8f:1a:56:4a:41:d9:1f:0c:1a:63:c0:dc:ac:de:fe:6f:1a:be:42:be:41:50:44:70:05:2e:49:e8:b3:c9:f5:33:8b:ae:98:b1:fd:73:5f:85:78:ab:9d:a6:b8:f7:ec:a2:d2:f0:74:ec:68:d6:52:9d:16:d1:50:d6:0a:cc:e8:fe:f1:96:56:36:b3:fd:47:f6:40:99:db:91:11:a2:d2:fa:0c:75:54:7a:b2:5e:0e:db:cb:0e:b2:5a:31:ca:11:f8:83:6c:57:23:43:c7:f6:01:57:0f:c4:10:cf:d2:ba:84:f7:d5:ec:33:9e:6c:72:95:c7:42:3e:99:f9:38:77:ee:f2:e0:0d:f1:bc:63:8b:e0:53:c3:d8:9e:2e:c4:71:49:c1:da:94:42:78:99:a7:e3:3c:31:63:01:3d:df:2b:d6:40:72:35:fd:ee:e4:50:9b:69:5f:fa:78:9d:fb:0c:0f:60:99:c8:af:17:be:27:c1:33:bc:51:e2:dc:90:64:c7:90:01:10:be:92:b5:04:13:c6:b1:0f:49:a3:2e:e2:6f:98:77:8d:d1:f0:df:2c:d4:b1:1d:ad:b0:b4:a3:6c:64:0a:be:d0:59:8b:6e:43:4d:07:db:d2:a8:35:68:b7:ae:e1:f8:b0:9c:58:a8:af:83:56:ba:99:d2:eb:4d:8c:aa:82:c7:47:c9:61:62:10:1f:7d:d8:fc:e3:0c:fd:fa:5d:2e:83:34:03:ac:3b:3e:e2:54:05:ff:f7:df:4c:39:e3:2d:82:98:80:fb:bc:93:0d:6a:79:d4:bd:52:45:ef:d3:f8:a2:ca:39:fc:f8:e9:88:16:04:2a:a6:0b:02:6d:45:b3:2b:04:3b:94:3f:e9:00:8c:f2:67:bb:91:95:29:99:ee:6d:88:25:b0:2c:ab:57:5d:34:19:f3:a1:75:f8:85:27:7c:5b:ca:f4:d2:21:a3:97:79:f0:3b:61:90:af:41:3c:96:84:92:00:59:1d:0f:f2:7c:56:00:77:81:62:f5:bf:e7:8d:ca:ac:7e:42:2a:4e:d7:e5:0d:6e:60:c5:09:3c:91:68:6e:1c:62:5c:e8:13:07:b5:47:24:35:64:98:04:d6:d0:17:7f:e0:24:29:03:73:79:7b:46:46:69:ef:56:9a:b4:04:78:9b:09:c3:71:64:19:c4:85:f9:b0:c3:e5:c1:7a:1b:27:f3:a0:ef:ad:85:4b:d2:8c:80:2c:43:33:cb:7a:15:14:18:db:5f:7c:45:20:a3:dd:be:e5:bb:29:16:06:f5:df:9b:a9:9c:5c:a6:29:34:45:9c:75:81:83:f8:e9:0a:58:b6:33:53:65:ed:86:0a:18:e6:93:7b:48:f7:0e:8c:68:1c:8d:57:56:c7:dd:08:ac:6b:ed:83:9f:47:66:d8:12:ac:d4:c1:2d:e1:6c:7f:f4:36:35:f5:52:3b:34:4e:d2:31:02:6c:49:6f:9d:61:d0:75:72:2e:39:d0:3d:0c:53:3d:a0:cc:a7:b8:c3:80:47:ce:bb:09:c4:bd:17:aa:f6:2b:a6:8d:98:67:0a:79:ff:e2:d5:59:8c:54:b7:d7:c3:60:8b:e4:fd:4e:56:3c:7b:49:df:50:1c:39:b7:a5:ad:22:9d:f5:64:8a:c0:29:1a:85:8c:40:9b:69:43:b9:22:1a:9d:54:db:64:14:24:12:48:55:58:e7:a4:1b:77:b9:cb:8e:df:3a:ef:aa:f9:9d:3b:b2:ff:b1:fb:1c:7d:04:ea:ee:f7:b2:65:03:78:73:81:ee:30:02:d2:99:0b:e4:93:46:c1:9c:96:b2:0b:01:44:dc:71:ff:ff:73:8d:ce:66:43:bb:0e:07:b0:a6:ea:4f:ff:01:2d:28:b7:b5:c1:77:f9:89:6b:f9:2b:d0:65:f5:f9:f7:9d:10:93:12:4f:7c:97:4b:2d:5d:f5:73:5a:50:34:8d:82:61:1b:cb:70:ec:d6:d6:45:62:09:5b:ce:0e:17:c8:d1:e3:ab:cb:a0:01:8f:b3:a6:73:0d:02:b2:32:48:3b:67:39:25:f3:ab:bb:0a:08:f3:97:22:b8:2b:da:ec:7a:46:92:ae:df:43:ff:44:40:b9:a8:7b:86:44:2d:ef:7b:f4:90:98:96:c3:e5:1b:31" - }, - "http": { - "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "POST", - "http.request.uri": "\/DcpRequestHandler\/index.ashx", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "dcp.cpp.philips.com:80", - "http.request.line": "Host: dcp.cpp.philips.com:80\r\n", - "http.authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"190\", Nonce=\"5r6Va8g415G7INUIHtzlsw==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"IJJAqEdpSiQ3jdKHXnJlig==\"", - "http.request.line": "Authorization: CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"190\", Nonce=\"5r6Va8g415G7INUIHtzlsw==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"IJJAqEdpSiQ3jdKHXnJlig==\"\r\n", - "http.content_length_header": "1248 ", - "http.content_length_header_tree": { - "http.content_length": "1248" - }, - "http.request.line": "Content-Length: 1248 \r\n", - "http.content_type": "application\/CB-Encrypted; cipher=AES", - "http.request.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", - "http.connection": "close", - "http.request.line": "Connection: close\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/dcp.cpp.philips.com:80\/DcpRequestHandler\/index.ashx", - "http.request": "1", - "http.request_number": "1", - "http.file_data": "\u0018\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd:<|\\\u001em\u00ef\u00bf\u00bd=\u00ef\u00bf\u00bdRM\u00ef\u00bf\u00bd6\u00ef\u00bf\u00bdQC\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001c@C\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd$\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001b\u00ef\u00bf\u00bdy\\\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdk\u001d\u0019\u00ef\u00bf\u00bdP\u000e\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd{\u00ef\u00bf\u00bd$\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001a\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd}\u00ef\u00bf\u00bd2\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdj\u00ef\u00bf\u00bd\\@\u00ef\u00bf\u00bd\u001b\u00ef\u00bf\u00bd?\u00ef\u00bf\u00bdw\u00ef\u00bf\u00bd\b\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd!\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdc\u00ef\u00bf\u00bdF<\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001c\u0018\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd=\u00ef\u00bf\u00bd\u000b\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd2\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdH\u001b\u00ef\u00bf\u00bd1\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdF\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdb\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\tD\u00ef\u00bf\u00bd\u001e\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0017\u00ef\u00bf\u00bdZ\by\"i\u00ef\u00bf\u00bdAnR\u00ef\u00bf\u00bdu\u00ef\u00bf\u00bdu\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd7D\u001dS\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdX\u00ef\u00bf\u00bd" - }, - "media": { - "media.type": "18:90:be:3a:3c:7c:5c:1e:6d:bb:3d:9c:52:4d:85:36:94:51:43:f2:e7:c1:1c:40:43:ed:b7:f3:24:c7:ad:1b:d4:79:5c:bd:ed:95:6b:1d:19:fb:50:0e:91:bc:7b:c0:24:f0:ea:df:ac:1a:e6:c7:84:7d:e3:32:c3:b4:cb:c6:a6:98:6a:9f:5c:40:cd:1b:e1:3f:ca:77:f5:08:89:b8:21:bc:e5:f4:63:e6:46:3c:af:a2:1c:18:83:bb:f4:dd:ea:3d:dd:0b:ea:c1:32:8d:e8:48:1b:9c:31:a0:d1:46:f5:b9:f3:62:f9:a0:09:44:f0:1e:dd:bf:17:cb:5a:08:79:22:69:d6:41:6e:52:82:75:8e:75:ad:e4:37:44:1d:53:d6:bf:c3:58:c5:00:00:5f:23:cf:30:3b:72:6d:71:61:9c:9b:56:43:c7:57:04:92:62:a9:91:69:55:66:d4:b5:06:04:a5:01:81:6f:65:f9:73:40:12:84:0f:b5:c4:67:44:78:d9:5e:e2:54:61:dd:71:cd:00:fd:6d:c2:ea:14:87:e8:71:35:ce:d4:78:45:ef:46:d9:cb:7e:a1:62:40:79:9d:f3:b3:e7:31:6e:84:b8:06:fa:bf:2c:26:73:cf:1e:10:d1:b8:06:4e:b8:92:17:24:65:d4:06:78:33:26:81:67:6f:b5:aa:c0:2e:f3:ad:e6:ef:9c:c4:5d:de:d4:74:b8:13:40:3e:38:3c:66:a3:48:8d:07:33:26:41:9c:e0:43:eb:8b:32:f6:11:f1:87:eb:e7:4b:85:82:37:28:f1:dd:ff:7f:0f:60:da:8f:30:27:3b:59:78:74:7d:fa:2d:e9:34:70:ea:78:23:7c:99:89:88:b4:9c:45:23:b5:28:30:97:67:66:5f:70:74:3c:95:4d:bd:07:a3:31:2f:d3:80:90:10:2b:cb:83:da:71:37:28:ca:4d:4d:cf:ce:5d:ef:cb:bd:39:10:f3:37:2f:91:dd:2a:8a:45:20:15:ae:89:4a:a4:8e:29:c1:57:4e:62:3b:2b:54:01:19:fc:75:b2:3e:d0:c0:37:e9:75:bd:7c:54:75:63:72:bc:b8:49:de:b6:79:c8:53:6b:b3:9a:07:53:4b:6d:1c:22:15:13:58:a8:68:e5:8a:82:8f:1a:56:4a:41:d9:1f:0c:1a:63:c0:dc:ac:de:fe:6f:1a:be:42:be:41:50:44:70:05:2e:49:e8:b3:c9:f5:33:8b:ae:98:b1:fd:73:5f:85:78:ab:9d:a6:b8:f7:ec:a2:d2:f0:74:ec:68:d6:52:9d:16:d1:50:d6:0a:cc:e8:fe:f1:96:56:36:b3:fd:47:f6:40:99:db:91:11:a2:d2:fa:0c:75:54:7a:b2:5e:0e:db:cb:0e:b2:5a:31:ca:11:f8:83:6c:57:23:43:c7:f6:01:57:0f:c4:10:cf:d2:ba:84:f7:d5:ec:33:9e:6c:72:95:c7:42:3e:99:f9:38:77:ee:f2:e0:0d:f1:bc:63:8b:e0:53:c3:d8:9e:2e:c4:71:49:c1:da:94:42:78:99:a7:e3:3c:31:63:01:3d:df:2b:d6:40:72:35:fd:ee:e4:50:9b:69:5f:fa:78:9d:fb:0c:0f:60:99:c8:af:17:be:27:c1:33:bc:51:e2:dc:90:64:c7:90:01:10:be:92:b5:04:13:c6:b1:0f:49:a3:2e:e2:6f:98:77:8d:d1:f0:df:2c:d4:b1:1d:ad:b0:b4:a3:6c:64:0a:be:d0:59:8b:6e:43:4d:07:db:d2:a8:35:68:b7:ae:e1:f8:b0:9c:58:a8:af:83:56:ba:99:d2:eb:4d:8c:aa:82:c7:47:c9:61:62:10:1f:7d:d8:fc:e3:0c:fd:fa:5d:2e:83:34:03:ac:3b:3e:e2:54:05:ff:f7:df:4c:39:e3:2d:82:98:80:fb:bc:93:0d:6a:79:d4:bd:52:45:ef:d3:f8:a2:ca:39:fc:f8:e9:88:16:04:2a:a6:0b:02:6d:45:b3:2b:04:3b:94:3f:e9:00:8c:f2:67:bb:91:95:29:99:ee:6d:88:25:b0:2c:ab:57:5d:34:19:f3:a1:75:f8:85:27:7c:5b:ca:f4:d2:21:a3:97:79:f0:3b:61:90:af:41:3c:96:84:92:00:59:1d:0f:f2:7c:56:00:77:81:62:f5:bf:e7:8d:ca:ac:7e:42:2a:4e:d7:e5:0d:6e:60:c5:09:3c:91:68:6e:1c:62:5c:e8:13:07:b5:47:24:35:64:98:04:d6:d0:17:7f:e0:24:29:03:73:79:7b:46:46:69:ef:56:9a:b4:04:78:9b:09:c3:71:64:19:c4:85:f9:b0:c3:e5:c1:7a:1b:27:f3:a0:ef:ad:85:4b:d2:8c:80:2c:43:33:cb:7a:15:14:18:db:5f:7c:45:20:a3:dd:be:e5:bb:29:16:06:f5:df:9b:a9:9c:5c:a6:29:34:45:9c:75:81:83:f8:e9:0a:58:b6:33:53:65:ed:86:0a:18:e6:93:7b:48:f7:0e:8c:68:1c:8d:57:56:c7:dd:08:ac:6b:ed:83:9f:47:66:d8:12:ac:d4:c1:2d:e1:6c:7f:f4:36:35:f5:52:3b:34:4e:d2:31:02:6c:49:6f:9d:61:d0:75:72:2e:39:d0:3d:0c:53:3d:a0:cc:a7:b8:c3:80:47:ce:bb:09:c4:bd:17:aa:f6:2b:a6:8d:98:67:0a:79:ff:e2:d5:59:8c:54:b7:d7:c3:60:8b:e4:fd:4e:56:3c:7b:49:df:50:1c:39:b7:a5:ad:22:9d:f5:64:8a:c0:29:1a:85:8c:40:9b:69:43:b9:22:1a:9d:54:db:64:14:24:12:48:55:58:e7:a4:1b:77:b9:cb:8e:df:3a:ef:aa:f9:9d:3b:b2:ff:b1:fb:1c:7d:04:ea:ee:f7:b2:65:03:78:73:81:ee:30:02:d2:99:0b:e4:93:46:c1:9c:96:b2:0b:01:44:dc:71:ff:ff:73:8d:ce:66:43:bb:0e:07:b0:a6:ea:4f:ff:01:2d:28:b7:b5:c1:77:f9:89:6b:f9:2b:d0:65:f5:f9:f7:9d:10:93:12:4f:7c:97:4b:2d:5d:f5:73:5a:50:34:8d:82:61:1b:cb:70:ec:d6:d6:45:62:09:5b:ce:0e:17:c8:d1:e3:ab:cb:a0:01:8f:b3:a6:73:0d:02:b2:32:48:3b:67:39:25:f3:ab:bb:0a:08:f3:97:22:b8:2b:da:ec:7a:46:92:ae:df:43:ff:44:40:b9:a8:7b:86:44:2d:ef:7b:f4:90:98:96:c3:e5:1b:31" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:44.150626000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494444.150626000", - "frame.time_delta": "0.135347000", - "frame.time_delta_displayed": "0.135347000", - "frame.time_relative": "852.689940000", - "frame.number": "3125", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00006edc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x00001bff", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35301", - "tcp.port": "80", - "tcp.port": "35301", - "tcp.stream": "132", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1849", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000ec69", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3124", - "tcp.analysis.ack_rtt": "0.135347000", - "tcp.analysis.initial_rtt": "0.135674000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:44.187348000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494444.187348000", - "frame.time_delta": "0.036722000", - "frame.time_delta_displayed": "0.036722000", - "frame.time_relative": "852.726662000", - "frame.number": "3126", - "frame.len": "925", - "frame.cap_len": "925", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:media" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "911", - "ip.id": "0x00007f4e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x00000826", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35301", - "tcp.port": "80", - "tcp.port": "35301", - "tcp.stream": "132", - "tcp.len": "871", - "tcp.seq": "1", - "tcp.nxtseq": "872", - "tcp.ack": "1849", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000cc50", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.135674000", - "tcp.analysis.bytes_in_flight": "871", - "tcp.analysis.push_bytes_sent": "871" - } - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.cache_control": "private", - "http.response.line": "Cache-Control: private\r\n", - "http.content_length_header": "560", - "http.content_length_header_tree": { - "http.content_length": "560" - }, - "http.response.line": "Content-Length: 560\r\n", - "http.content_type": "application\/CB-Encrypted; cipher=AES", - "http.response.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", - "http.server": "Microsoft-IIS\/7.5", - "http.response.line": "Server: Microsoft-IIS\/7.5\r\n", - "http.www_authenticate": "CBAuth Nonce=\"9ooFVpb+B5m7INUIAH+wjw==\"", - "http.response.line": "WWW-Authenticate: CBAuth Nonce=\"9ooFVpb+B5m7INUIAH+wjw==\"\r\n", - "http.response.line": "X-AspNet-Version: 4.0.30319\r\n", - "http.response.line": "X-Powered-By: ASP.NET\r\n", - "http.date": "Wed, 01 Nov 2017 00:00:43 GMT", - "http.response.line": "Date: Wed, 01 Nov 2017 00:00:43 GMT\r\n", - "http.connection": "close", - "http.response.line": "Connection: close\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.172069000", - "http.request_in": "3124", - "http.file_data": "\u0018\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd:<|\\\u001em\u00ef\u00bf\u00bd=\u00ef\u00bf\u00bdRM\u00ef\u00bf\u00bd6\u00ef\u00bf\u00bdQC\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001c@C\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd$\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001b}\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0015\u00ef\u00bf\u00bd#O\u00ef\u00bf\u00bdC\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\n\u00ef\u00bf\u00bd]\u00ef\u00bf\u00bdi\u00127T\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdL#{\u0005\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u000e\u000e\u00ef\u00bf\u00bd3\u0012\u00ef\u00bf\u00bdRQ\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdr\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd*\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd6\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\t7\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd:\u00ef\u00bf\u00bd\u0001\u00ef\u00bf\u00bd-n\u0004O\u00ef\u00bf\u00bd\u0001\u00ef\u00bf\u00bdP\u007f~\\*V\u00ef\u00bf\u00bdv'N\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdNH<[\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0003\u00ef\u00bf\u00bdq\u0018|\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdc\u0014\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdR\u00ef\u00bf\u00bd7\u00ef\u00bf\u00bd5x\u00ef\u00bf\u00bd\u0014\u001f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0013}>\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdmsz\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdHqBK\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd9\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdNX\r\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdV\u0002\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd8\u00ef\u00bf\u00bdf\u00ef\u00bf\u00bdC}\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0016VY\u00ef\u00bf\u00bd.\u00ef\u00bf\u00bd\u0018^h\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd*\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdF\u00ef\u00bf\u00bdD\u00ef\u00bf\u00bd}m\u00ef\u00bf\u00bd\u0005nB0\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdT:x4\u0013$\u001b\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdLL\u00ef\u00bf\u00bd[\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd{Q]\\n\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdL%HuE4\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdp\u00ef\u00bf\u00bd\\\u00ef\u00bf\u00bdU\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdk\u00ef\u00bf\u00bd\u0004\u0003wx\u00ef\u00bf\u00bd3\u00ef\u00bf\u00bdzw\u001b\u00ef\u00bf\u00bdoFh\u0016\u00ef\u00bf\u00bdn\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdWCx=\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdr\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdK\u0016$\u00ef\u00bf\u00bd\u0018\u00ef\u00bf\u00bd'\u00ef\u00bf\u00bdl\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0017\u000e\u00ef\u00bf\u00bdK\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdB\u001b\u00ef\u00bf\u00bdi0\u0011#\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdL\u00ef\u00bf\u00bdf\u0019\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0001\u0001\u0006\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd)\u0004\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001df\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdX_\u00ef\u00bf\u00bdb\u00ef\u00bf\u00bd|\u00ef\u00bf\u00bdY\u00ef\u00bf\u00bd<\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdC\u00ef\u00bf\u00bd~\u00ef\u00bf\u00bdmP\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bderRx \u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\f\u00ef\u00bf\u00bdEA\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0003\/4\u00ef\u00bf\u00bde`\u00ef\u00bf\u00bd6w%n\u00ef\u00bf\u00bd8g@\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd*\u00ef\u00bf\u00bdM9fB\u0018\u000enqe1X#t',\u00ef\u00bf\u00bd:\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd0u\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdj\u00ef\u00bf\u00bd\u0014\u00ef\u00bf\u00bdJ\u00ef\u00bf\u00bdl\u000f\u00ef\u00bf\u00bd\f`\"\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdm\u0005r\u00ef\u00bf\u00bd>\u00ef\u00bf\u00bd,\u00ef\u00bf\u00bdz\u00ef\u00bf\u00bd\t\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdj\u00ef\u00bf\u00bd\u0004f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd*.L\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\r\u00ef\u00bf\u00bd*\u00ef\u00bf\u00bd5\u00ef\u00bf\u00bd@\u0019rA\u00ef\u00bf\u00bdN*U\u0017D@\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdRE \u00ef\u00bf\u00bd\u00ef\u00bf\u00bd|\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0019\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdE" - }, - "media": { - "media.type": "18:90:be:3a:3c:7c:5c:1e:6d:bb:3d:9c:52:4d:85:36:94:51:43:f2:e7:c1:1c:40:43:ed:b7:f3:24:c7:ad:1b:7d:d6:d7:d8:15:cf:23:4f:d6:43:bd:e7:9d:0a:f8:5d:a8:69:12:37:54:9d:ad:a0:4c:23:7b:05:ab:bf:b2:0e:0e:ab:33:12:88:52:51:a3:e4:85:72:fa:81:94:2a:de:f0:f3:36:db:bf:09:37:fe:ad:f2:e8:3a:f1:01:c8:2d:6e:04:4f:9e:01:8e:50:7f:7e:5c:2a:56:d7:76:27:4e:b8:f0:4e:48:3c:5b:94:ee:ca:a1:03:d1:71:18:7c:b7:b0:63:14:bd:e5:dc:80:52:f9:37:c5:35:78:9d:14:1f:fe:eb:99:cc:13:7d:3e:f9:a6:95:6d:73:7a:d4:a0:48:71:42:4b:ca:8f:39:90:81:fa:c5:e4:4e:58:0d:83:ab:ee:56:02:ec:e7:38:93:66:99:43:7d:af:fc:cd:9b:16:56:59:b8:2e:db:18:5e:68:b9:bb:93:ff:c7:2a:b6:87:f4:a5:fc:46:ca:44:81:7d:6d:b9:05:6e:42:30:98:ce:54:3a:78:34:13:24:1b:a9:b1:4c:4c:be:5b:f6:a3:7b:51:5d:5c:6e:b0:ac:4c:25:48:75:45:34:cc:92:70:e9:5c:dd:55:9f:dd:b4:6b:f4:04:03:77:78:c7:33:cf:7a:77:1b:da:6f:46:68:16:f9:6e:d0:df:90:bd:d7:57:43:78:3d:bc:a7:c3:de:72:88:a3:ab:4b:16:24:ca:18:a8:27:b7:6c:d2:b8:17:0e:d2:4b:d2:a6:c2:42:1b:e6:69:30:11:23:cb:d6:c4:4c:c9:66:19:9e:87:c3:d2:cd:01:01:06:99:a3:f4:b1:da:8c:85:a8:29:04:be:91:84:ac:b5:a0:1d:66:9a:ae:58:5f:92:62:f3:7c:98:59:e5:3c:ae:c0:43:93:7e:90:6d:50:c7:db:89:8a:65:72:52:78:20:df:a1:0c:a2:45:41:83:f4:03:2f:34:8d:65:60:9a:36:77:25:6e:ca:38:67:40:c8:d5:2a:d5:4d:39:66:42:18:0e:6e:71:65:31:58:23:74:27:2c:b5:3a:f5:e3:30:75:91:bd:6a:b8:14:c0:4a:af:6c:0f:d2:0c:60:22:b2:e2:85:6d:05:72:8d:3e:95:2c:be:7a:ce:09:fd:c4:6a:bc:04:66:df:d0:90:2a:2e:4c:f4:fa:8c:0d:a6:2a:f1:35:fa:40:19:72:41:c1:4e:2a:55:17:44:40:ba:af:52:45:20:98:cb:7c:e7:8b:cf:e6:eb:19:91:e5:e0:45:00:0c:bd:38:e3:43:2b:eb:6d:b8:d3:7c:44:6d:8c:24:b8:62:83:e4:29:65:88:f9:ee:25:2b:b5:2f:6b:a7:67:fa:b6:68:62:91:9e:79:c5:23:39:89:46:2c:f2:00:c7:a7" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:44.187434000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494444.187434000", - "frame.time_delta": "0.000086000", - "frame.time_delta_displayed": "0.000086000", - "frame.time_relative": "852.726748000", - "frame.number": "3127", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00007f50", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x00000b8b", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35301", - "tcp.port": "80", - "tcp.port": "35301", - "tcp.stream": "132", - "tcp.len": "0", - "tcp.seq": "872", - "tcp.ack": "1849", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000e901", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:44.187928000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494444.187928000", - "frame.time_delta": "0.000494000", - "frame.time_delta_displayed": "0.000494000", - "frame.time_relative": "852.727242000", - "frame.number": "3128", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000fb19", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003ac2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35301", - "tcp.dstport": "80", - "tcp.port": "35301", - "tcp.port": "80", - "tcp.stream": "132", - "tcp.len": "0", - "tcp.seq": "1849", - "tcp.ack": "872", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "30485", - "tcp.window_size": "30485", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00008951", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3126", - "tcp.analysis.ack_rtt": "0.000580000", - "tcp.analysis.initial_rtt": "0.135674000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:44.188626000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494444.188626000", - "frame.time_delta": "0.000698000", - "frame.time_delta_displayed": "0.000698000", - "frame.time_relative": "852.727940000", - "frame.number": "3129", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000fb1a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003ac1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35301", - "tcp.dstport": "80", - "tcp.port": "35301", - "tcp.port": "80", - "tcp.stream": "132", - "tcp.len": "0", - "tcp.seq": "1849", - "tcp.ack": "873", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "30485", - "tcp.window_size": "30485", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000894f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3127", - "tcp.analysis.ack_rtt": "0.001192000", - "tcp.analysis.initial_rtt": "0.135674000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:44.323968000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494444.323968000", - "frame.time_delta": "0.135342000", - "frame.time_delta_displayed": "0.135342000", - "frame.time_relative": "852.863282000", - "frame.number": "3130", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000bfe3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x0000caf7", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35301", - "tcp.port": "80", - "tcp.port": "35301", - "tcp.stream": "132", - "tcp.len": "0", - "tcp.seq": "873", - "tcp.ack": "1850", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000e900", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3129", - "tcp.analysis.ack_rtt": "0.135342000", - "tcp.analysis.initial_rtt": "0.135674000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:45.888821000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494445.888821000", - "frame.time_delta": "1.564853000", - "frame.time_delta_displayed": "1.564853000", - "frame.time_relative": "854.428135000", - "frame.number": "3131", - "frame.len": "415", - "frame.cap_len": "415", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "401", - "ip.id": "0x0000957e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000076a4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "349", - "tcp.seq": "31901", - "tcp.nxtseq": "32250", - "tcp.ack": "7680", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00000c13", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:fe:b1:a7:9e:36:87", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2490033, TSecr 2812163719": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2490033", - "tcp.options.timestamp.tsecr": "2812163719" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "349", - "tcp.analysis.push_bytes_sent": "349" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "344", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:2b:51:b2:28:e8:25:37:0b:74:25:4f:c5:a7:7d:cd:92:bc:b3:1f:ac:8d:50:d9:5a:82:67:41:ab:9e:46:50:7e:72:ea:33:be:b4:8e:a8:2b:b3:3f:49:9e:bf:05:60:f9:a6:a8:35:00:9c:86:1a:53:c5:f4:7f:36:14:59:9c:4f:0d:1a:75:7c:9f:98:a2:cc:0a:29:42:d4:f9:f4:32:8f:23:ec:9c:3b:ca:d8:06:04:7d:34:ce:8a:11:24:c1:17:c2:d0:1a:3f:7f:79:5e:64:50:8f:45:09:67:66:67:21:ef:64:30:6f:ce:01:19:e0:3f:89:08:8d:76:3d:f5:89:10:15:fa:cb:78:8d:6e:3d:15:df:e0:5c:3a:43:5f:2e:9b:b6:33:d0:12:97:e2:9f:b4:56:94:8e:96:1b:6d:ae:09:7b:81:c9:de:35:49:58:5a:8b:78:1d:60:82:bb:b4:ea:59:05:74:28:63:c2:f7:ac:90:62:9b:0d:33:bc:7b:d4:57:15:75:97:d9:c6:02:be:0f:58:fe:b1:b2:b5:47:46:c4:10:89:58:87:94:f3:86:63:93:00:87:f3:a9:ed:cb:ab:df:8d:2e:23:81:bb:17:fe:37:67:3c:4f:80:8c:5c:32:11:30:ee:a3:63:c8:aa:17:f2:b0:49:22:22:d4:f0:75:e6:4b:7a:e6:b1:04:6f:2f:10:86:de:00:76:88:fa:d2:6a:a0:fd:de:28:ed:e6:25:b1:41:69:09:2a:2d:cc:db:96:0f:a6:77:98:d2:fa:9a:22:30:61:c7:bb:98:39:8b:78:2b:ed:c6:e4:95:e4:9e:f3:8c:c4:5a:e9:50:0e:09:1c:ec:d4:07:60:6d:db:6f:af:77:8a:19:93:4c:16" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:45.950579000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494445.950579000", - "frame.time_delta": "0.061758000", - "frame.time_delta_displayed": "0.061758000", - "frame.time_relative": "854.489893000", - "frame.number": "3132", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c77", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003908", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "7680", - "tcp.ack": "32250", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000d016", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:3d:cb:00:25:fe:b1", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812165579, TSecr 2490033": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812165579", - "tcp.options.timestamp.tsecr": "2490033" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3131", - "tcp.analysis.ack_rtt": "0.061758000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:45.957700000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494445.957700000", - "frame.time_delta": "0.007121000", - "frame.time_delta_displayed": "0.007121000", - "frame.time_relative": "854.497014000", - "frame.number": "3133", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002c78", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038d8", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "7680", - "tcp.nxtseq": "7727", - "tcp.ack": "32250", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000bf84", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:3d:cd:00:25:fe:b1", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812165581, TSecr 2490033": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812165581", - "tcp.options.timestamp.tsecr": "2490033" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:63:f3:e4:90:54:2f:c7:2a:33:c3:f5:15:51:33:64:26:61:a0:a2:3f:bb:0d:17:18:b3:c5:53:75:e8:bd:56:af:16:d8:2a" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:45.993445000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494445.993445000", - "frame.time_delta": "0.035745000", - "frame.time_delta_displayed": "0.035745000", - "frame.time_relative": "854.532759000", - "frame.number": "3134", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000957f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007800", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "32250", - "tcp.ack": "7727", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000ceeb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:25:fe:bc:a7:9e:3d:cd", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2490044, TSecr 2812165581": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2490044", - "tcp.options.timestamp.tsecr": "2812165581" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3133", - "tcp.analysis.ack_rtt": "0.035745000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:47.020130000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494447.020130000", - "frame.time_delta": "1.026685000", - "frame.time_delta_displayed": "1.026685000", - "frame.time_relative": "855.559444000", - "frame.number": "3135", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "60:f1:89:96:45:f6", - "arp.src.proto_ipv4": "192.168.0.86", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:49.724202000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494449.724202000", - "frame.time_delta": "2.704072000", - "frame.time_delta_displayed": "2.704072000", - "frame.time_relative": "858.263516000", - "frame.number": "3136", - "frame.len": "1324", - "frame.cap_len": "1324", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1310", - "ip.id": "0x00009580", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007315", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "1258", - "tcp.seq": "32250", - "tcp.nxtseq": "33508", - "tcp.ack": "7727", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00002926", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:00:31:a7:9e:3d:cd", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2490417, TSecr 2812165581": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2490417", - "tcp.options.timestamp.tsecr": "2812165581" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "1258", - "tcp.analysis.push_bytes_sent": "1258" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "1253", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:2c:9b:1e:b7:01:cd:36:f8:52:65:db:90:17:16:d9:79:00:51:72:f1:40:cb:19:87:40:ed:80:89:b7:c3:a3:3e:00:ab:09:2d:17:b3:80:66:d2:01:f0:01:e0:71:0a:9d:7d:f6:43:37:46:47:4a:a7:63:c6:ff:87:57:d8:34:e4:be:92:bb:e8:6b:96:db:11:f2:f0:34:b3:48:08:28:21:80:fa:94:d3:4e:db:76:f6:f1:8b:ce:10:e0:11:41:47:c1:51:94:24:14:b3:bd:3f:b6:f2:fb:34:4a:17:bc:d5:fe:80:ec:f2:9f:25:75:f3:9b:bb:79:eb:ce:c6:14:10:f3:c4:ce:c3:b9:88:13:2c:06:c9:7e:8a:44:36:de:1e:38:d8:72:a8:c1:0c:91:3a:90:40:35:05:53:51:55:1d:61:98:8b:aa:f2:cc:17:24:d0:b5:c5:56:72:8a:32:67:bd:4a:d4:82:bd:17:73:47:a4:d8:4f:ea:19:37:60:7f:7c:a9:b8:07:fc:a3:b9:0c:5a:1a:5f:d4:67:14:e9:9b:0a:49:33:54:10:1a:44:f6:09:62:d6:73:d9:9d:74:09:db:47:46:63:3d:6b:75:70:7e:5a:45:7e:75:29:7a:06:2d:bf:98:eb:e3:c5:ee:37:a5:c9:4b:f5:a2:75:56:27:9f:24:fc:3e:a2:5b:db:b6:92:a5:17:3d:5d:68:c2:74:a8:eb:6c:98:10:a0:9f:20:86:e3:17:78:0c:d0:4f:c2:35:df:9c:0a:e7:a7:47:0d:4d:5b:27:ee:b0:a2:24:04:8e:0f:02:4d:08:bc:74:15:02:01:77:ac:8f:de:63:7e:89:6c:06:f1:e7:df:db:03:99:6e:fd:53:53:89:e2:b7:0a:a1:79:b8:ed:3e:d4:27:7c:2f:f5:44:b8:c2:71:d7:d6:b7:14:ad:0b:23:01:3e:af:5c:a4:a4:b1:52:7e:f6:9c:4d:1f:21:2e:84:8c:cc:e0:f8:29:f3:8e:e0:57:b8:7d:90:d5:96:ea:03:fd:02:4e:7c:3b:64:84:ec:85:89:d2:34:1a:aa:dd:18:6c:24:70:38:26:e5:9b:91:bc:d3:40:cc:e7:96:17:d4:2e:17:7e:af:27:6f:75:64:17:49:8a:3a:c1:4b:2c:d6:a3:44:72:56:f0:79:31:e2:e3:9d:fc:b7:59:27:fa:6c:1d:a0:c7:c1:cd:39:bb:bd:19:33:35:46:40:4f:28:fb:79:89:dc:d4:3d:27:81:af:6c:85:2e:7a:16:bd:8f:bb:51:a8:dd:89:42:97:41:15:90:94:45:e2:b6:0a:c8:d8:65:c1:04:e4:be:b3:c3:fb:78:9c:e0:28:fd:09:69:77:3f:f1:00:80:ff:c6:be:86:67:e2:24:63:9e:bc:fc:c6:09:df:fa:04:d7:c1:b1:08:60:f2:36:5a:36:a8:7b:f5:eb:4c:a8:fc:17:e1:d8:d8:67:78:7b:7a:1f:10:7c:2f:c4:dd:28:fa:09:e2:17:f3:3c:1c:41:0a:89:1a:a2:75:7d:12:04:e0:61:27:71:92:7b:fb:11:d8:7b:26:03:4c:43:fa:10:97:8f:9e:0c:1c:a2:06:41:f7:4c:4c:34:4f:33:d3:14:2e:e6:30:f0:41:84:22:38:fe:31:c9:06:b4:4b:65:77:c3:9b:d2:e7:8d:5b:89:2b:71:52:32:3a:30:fb:33:f2:24:b4:d9:0b:d0:bf:49:29:db:d9:f6:eb:08:41:cb:96:51:90:72:65:44:2c:86:a6:71:ff:20:02:38:52:e8:bf:ed:02:f3:38:8c:9f:90:39:e5:15:ff:d3:ed:ce:7e:1d:97:04:ff:b6:1a:5f:db:3a:c8:b7:85:3a:0b:7e:5a:fc:c5:e0:14:61:39:23:a9:84:6b:82:cb:a7:1c:fa:3a:58:3b:3e:9e:5d:40:15:9e:7f:d9:21:1c:82:96:ed:fb:72:3d:12:5e:bb:2b:47:c4:f2:82:64:3e:3a:2a:08:1d:e2:ae:0b:12:de:ec:79:97:62:6b:22:94:47:27:a1:92:81:d7:5c:97:68:fc:ba:84:99:74:30:f4:58:38:bf:c6:23:f1:e6:a2:c0:56:c1:41:18:fd:32:91:5d:32:d2:a4:aa:e5:9d:f7:61:fc:11:74:b6:cd:40:01:e8:e0:ed:40:b0:a1:b1:5c:a7:9c:ca:36:60:2f:de:8d:ae:7b:db:09:81:b9:4a:96:07:1c:e2:08:9f:76:2d:fd:09:dc:68:07:93:e1:23:36:33:ee:d7:72:c7:10:e1:5b:b5:0e:d9:e7:c1:39:71:01:a1:df:5e:1e:6d:9e:28:05:cf:8f:d3:d5:d4:79:16:e0:e8:ed:48:19:bf:23:a4:a9:d9:e3:51:39:2e:3b:72:4c:12:ef:6f:52:cf:9b:26:eb:52:0f:f7:e7:26:de:16:61:c3:0f:74:03:41:fe:7b:fd:06:98:12:37:f3:81:e8:45:e0:c0:b4:45:7a:f5:71:90:9a:a6:d3:2d:ed:8b:51:69:5f:4a:1a:dd:a5:97:59:0c:96:46:9f:ca:54:ce:88:67:c0:69:64:97:0c:5f:52:e2:ff:a1:64:20:28:2d:76:a4:fb:ce:23:65:d4:e8:c0:53:47:9d:35:ae:27:ed:6f:0d:ba:1f:95:59:9f:78:05:b5:c5:30:17:5d:2d:35:d9:a5:ce:f0:c3:59:24:12:83:a2:13:d5:f2:82:da:74:7d:4b:ec:07:fb:44:5f:62:6e:3b:1a:9a:11:01:3d:2b:6e:22:82:88:4f:ad:ea:d3:4b:49:00:31:57:cd:1d:bd:53:db:95:f0:2d:a3:99:70:17:38:16:8f:c8:5d:38:67:ee:32:73:ab:1c:f1:d2:a6:6b:1c:6b:3a:5c:8c:8b:23:c1:bb:36:f2:2f:fe:19:0f:89:e9:bc:5a:a1:76:43:50:c0:50:75:2d:27:a9:cc:fa:4b:b4:27:5e:bf:4b:ad:0b:54:f4:59:ed:c0:c8:65:b4:eb:96:95:06:81:ea:8d:2d:28:1f:12:28:b7:5b:fd:09:a5:57:7d:ce:d1:e8:98:e5:26:d7:76:15:e3:c6:26:72:37:93:4b:06:3a:56:3b:4e:95:53:be:d4:41:30:db:49:ed:7f:b2:c3:c5:78:35:3f:b9:39:6c:04:23:c0:b5:0e:28:97:41:83:a6:db:ac:c1:46:b4:b5:64:f5:eb:c9:ff:56:c0:2b:9a:e8:48:93:1c:3d:f7:a5:fd:0f:80:23:71:51:99:f3:ad:1c:43:8c:1f:37:c7:b7:c3" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:49.822351000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494449.822351000", - "frame.time_delta": "0.098149000", - "frame.time_delta_displayed": "0.098149000", - "frame.time_relative": "858.361665000", - "frame.number": "3137", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c79", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003906", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "7727", - "tcp.ack": "33508", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000c5b4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:41:94:00:26:00:31", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812166548, TSecr 2490417": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812166548", - "tcp.options.timestamp.tsecr": "2490417" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3136", - "tcp.analysis.ack_rtt": "0.098149000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:53.221592000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494453.221592000", - "frame.time_delta": "3.399241000", - "frame.time_delta_displayed": "3.399241000", - "frame.time_relative": "861.760906000", - "frame.number": "3138", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x0000b19d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000017ba", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:53.235853000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494453.235853000", - "frame.time_delta": "0.014261000", - "frame.time_delta_displayed": "0.014261000", - "frame.time_relative": "861.775167000", - "frame.number": "3139", - "frame.len": "213", - "frame.cap_len": "213", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "199", - "ip.id": "0x00009581", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000776b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "147", - "tcp.seq": "33508", - "tcp.nxtseq": "33655", - "tcp.ack": "7727", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00008716", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:01:90:a7:9e:41:94", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2490768, TSecr 2812166548": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2490768", - "tcp.options.timestamp.tsecr": "2812166548" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "147", - "tcp.analysis.push_bytes_sent": "147" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "142", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:2d:51:28:fc:ec:08:37:25:cc:65:52:f0:11:25:39:3f:7b:da:ca:c2:95:60:b1:b7:08:79:e6:2c:25:58:66:3c:8d:9b:58:a5:b6:08:d4:bc:64:cb:ad:4e:6b:2e:8d:57:a2:da:19:68:14:a2:30:7e:17:46:84:12:a2:0b:fd:b0:8f:00:ba:c8:02:e9:da:98:5c:3f:2f:c3:47:b0:98:5b:f5:3d:a0:33:77:f4:df:7d:d9:7e:b6:fd:a8:02:52:e9:8f:1b:2b:78:19:d3:d1:fd:57:f5:9c:c5:3b:ff:b1:1d:d4:16:a5:51:86:de:c7:74:cc:d2:5e:17:19:52:3e:8f:7e:00:63:3d:6f:a8:05" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:53.274501000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494453.274501000", - "frame.time_delta": "0.038648000", - "frame.time_delta_displayed": "0.038648000", - "frame.time_relative": "861.813815000", - "frame.number": "3140", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x0000b1a2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000017b5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:53.296635000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494453.296635000", - "frame.time_delta": "0.022134000", - "frame.time_delta_displayed": "0.022134000", - "frame.time_relative": "861.835949000", - "frame.number": "3141", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c7a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003905", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "7727", - "tcp.ack": "33655", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000c05e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:44:f8:00:26:01:90", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812167416, TSecr 2490768": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812167416", - "tcp.options.timestamp.tsecr": "2490768" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3139", - "tcp.analysis.ack_rtt": "0.060782000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:53.327352000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494453.327352000", - "frame.time_delta": "0.030717000", - "frame.time_delta_displayed": "0.030717000", - "frame.time_relative": "861.866666000", - "frame.number": "3142", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x0000b1a6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000017a8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:53.353907000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494453.353907000", - "frame.time_delta": "0.026555000", - "frame.time_delta_displayed": "0.026555000", - "frame.time_relative": "861.893221000", - "frame.number": "3143", - "frame.len": "196", - "frame.cap_len": "196", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "182", - "ip.id": "0x00009582", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000777b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "130", - "tcp.seq": "33655", - "tcp.nxtseq": "33785", - "tcp.ack": "7727", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00008a95", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:01:9c:a7:9e:44:f8", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2490780, TSecr 2812167416": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2490780", - "tcp.options.timestamp.tsecr": "2812167416" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "130", - "tcp.analysis.push_bytes_sent": "130" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "125", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:2e:da:ca:72:96:82:ad:da:de:e7:00:0d:c9:2b:d7:55:fb:1a:f3:73:54:27:01:cc:61:46:2c:1c:16:88:06:de:b9:b2:6d:f2:6e:92:15:12:e2:2f:50:cb:26:84:15:dc:cc:5e:cd:21:f8:04:75:4d:e5:82:ce:52:bd:87:d0:02:e1:da:fd:17:64:47:13:bf:1f:64:51:5b:25:77:02:c0:46:3c:52:fd:26:71:ce:d2:2e:46:28:df:6b:15:51:7a:3f:1e:7a:cb:32:39:28:ea:0b:52:dd:58:09:a4:f7:26:d4:8c:95:6e:d7:3e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:53.380376000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494453.380376000", - "frame.time_delta": "0.026469000", - "frame.time_delta_displayed": "0.026469000", - "frame.time_relative": "861.919690000", - "frame.number": "3144", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x0000b1a7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000017a7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:53.414386000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494453.414386000", - "frame.time_delta": "0.034010000", - "frame.time_delta_displayed": "0.034010000", - "frame.time_relative": "861.953700000", - "frame.number": "3145", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c7b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003904", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "7727", - "tcp.ack": "33785", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000bfb3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:45:15:00:26:01:9c", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812167445, TSecr 2490780": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812167445", - "tcp.options.timestamp.tsecr": "2490780" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3143", - "tcp.analysis.ack_rtt": "0.060479000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:53.433220000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494453.433220000", - "frame.time_delta": "0.018834000", - "frame.time_delta_displayed": "0.018834000", - "frame.time_relative": "861.972534000", - "frame.number": "3146", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x0000b1a9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000017ab", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:53.486106000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494453.486106000", - "frame.time_delta": "0.052886000", - "frame.time_delta_displayed": "0.052886000", - "frame.time_relative": "862.025420000", - "frame.number": "3147", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x0000b1ad", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000017a7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:54.959098000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494454.959098000", - "frame.time_delta": "1.472992000", - "frame.time_delta_displayed": "1.472992000", - "frame.time_relative": "863.498412000", - "frame.number": "3148", - "frame.len": "353", - "frame.cap_len": "353", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "339", - "ip.id": "0x00002c7c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037e4", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "287", - "tcp.seq": "7727", - "tcp.nxtseq": "8014", - "tcp.ack": "33785", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000017d6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:46:98:00:26:01:9c", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812167832, TSecr 2490780": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812167832", - "tcp.options.timestamp.tsecr": "2490780" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "287", - "tcp.analysis.push_bytes_sent": "287" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "282", - "ssl.app_data": "34:cd:34:17:47:48:0e:64:4f:2f:da:dd:79:14:31:0b:fc:3e:90:32:d6:01:a6:07:09:ae:45:21:fe:1d:0a:8b:a9:a4:88:18:d4:d3:8c:ee:77:8c:6a:ac:7a:1b:90:f1:9c:4a:83:4b:bf:5f:e5:a3:2a:0b:00:21:39:e6:d9:04:0d:bb:21:26:45:9c:fe:4b:7b:79:93:3b:47:77:b9:2a:7c:a8:fc:f1:ef:06:2f:05:d7:a8:7c:23:76:09:77:25:5c:88:0a:ff:72:3c:23:4b:f9:45:ca:d8:0d:a2:f6:73:fd:1b:37:d0:4e:68:8b:36:4c:d3:a4:62:be:e6:c5:03:7e:b1:1e:54:9d:5c:3f:4e:33:68:d6:42:e0:74:4f:20:d5:9f:7e:d4:c3:52:35:38:c8:29:e8:6c:43:d2:07:28:48:67:93:4e:45:67:af:1b:32:71:e6:6c:eb:03:62:16:a1:94:2d:99:c9:11:f0:22:42:d4:f8:e0:f9:cd:b8:79:b0:25:80:67:04:9a:c9:51:ec:3f:05:3d:9c:2f:b9:cb:c3:13:ad:3d:e2:d0:1b:fe:4a:2f:23:5f:e5:19:7e:dc:ab:df:5e:83:eb:0c:33:85:62:46:8f:38:bf:b4:d8:2b:74:2c:70:60:2b:33:02:86:10:c8:39:b7:a9:db:a1:69:e9:d7:6c:a1:35:26:e8:3a:58:ab:20:be:2a:f9:c6:8b:20:37:b3:92:2f:e3:7b:03:30:17" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:54.959610000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494454.959610000", - "frame.time_delta": "0.000512000", - "frame.time_delta_displayed": "0.000512000", - "frame.time_relative": "863.498924000", - "frame.number": "3149", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00009583", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000077fc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "33785", - "tcp.ack": "8014", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000bb82", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:02:3c:a7:9e:46:98", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2490940, TSecr 2812167832": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2490940", - "tcp.options.timestamp.tsecr": "2812167832" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3148", - "tcp.analysis.ack_rtt": "0.000512000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:54.980571000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494454.980571000", - "frame.time_delta": "0.020961000", - "frame.time_delta_displayed": "0.020961000", - "frame.time_relative": "863.519885000", - "frame.number": "3150", - "frame.len": "119", - "frame.cap_len": "119", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "105", - "ip.id": "0x00009584", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000077c6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "53", - "tcp.seq": "33785", - "tcp.nxtseq": "33838", - "tcp.ack": "8014", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000e60b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:02:3e:a7:9e:46:98", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2490942, TSecr 2812167832": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2490942", - "tcp.options.timestamp.tsecr": "2812167832" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "53", - "tcp.analysis.push_bytes_sent": "53" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "48", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:2f:b1:d8:af:ad:ab:d2:5c:e4:ca:55:a8:14:1c:f8:e6:51:ec:b2:e0:13:f4:98:dc:fe:44:b2:db:54:6e:19:e4:65:7f:84:1a:a3:f4:63:98:3d" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:55.042851000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494455.042851000", - "frame.time_delta": "0.062280000", - "frame.time_delta_displayed": "0.062280000", - "frame.time_relative": "863.582165000", - "frame.number": "3151", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c7d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003902", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "8014", - "tcp.ack": "33838", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000bc26", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:46:ac:00:26:02:3e", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812167852, TSecr 2490942": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812167852", - "tcp.options.timestamp.tsecr": "2490942" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3150", - "tcp.analysis.ack_rtt": "0.062280000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:55.043393000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494455.043393000", - "frame.time_delta": "0.000542000", - "frame.time_delta_displayed": "0.000542000", - "frame.time_relative": "863.582707000", - "frame.number": "3152", - "frame.len": "764", - "frame.cap_len": "764", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "750", - "ip.id": "0x00009585", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007540", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "698", - "tcp.seq": "33838", - "tcp.nxtseq": "34536", - "tcp.ack": "8014", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000d765", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:02:45:a7:9e:46:ac", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2490949, TSecr 2812167852": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2490949", - "tcp.options.timestamp.tsecr": "2812167852" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "698", - "tcp.analysis.push_bytes_sent": "698" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:30:98:bf:70:be:e1:ef:64:66:6c:58:72:c8:c2:74:08:41:c1:0f:43:63:d4:5c:89:30:55:77:37:b2:29:b7:ac:96:5e:d2:97:95:1b:66:4e:c1:90" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "96", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:31:79:7e:87:ab:af:66:63:ae:8c:e1:f1:08:e1:50:af:f8:6e:e2:c5:42:6f:a2:07:a5:b7:e8:0e:95:79:43:ff:e4:41:75:9a:c4:62:bf:ed:69:41:39:df:2d:2d:2e:05:43:bc:11:fb:25:0a:ea:d2:14:af:63:10:8f:47:72:03:67:a2:2b:09:2c:61:16:40:17:fe:a3:ba:fb:c9:8c:44:d3:25:a1:50:e9:38:cc:f8:87" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "538", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:32:04:c3:33:ae:eb:9f:c1:c7:e5:4c:6c:4a:29:4b:b0:85:3f:07:a1:5e:40:c9:ba:2c:33:b4:b9:ca:96:51:a9:c6:33:9c:8f:3c:1e:f6:6e:8f:47:01:e0:ab:91:1c:df:9d:33:56:60:b6:27:a6:e2:31:64:c6:f4:dd:79:13:9a:4a:1a:0d:5e:11:f8:f1:c8:a3:2c:3d:25:b7:59:e6:67:9b:88:2c:35:d7:11:80:1f:e7:aa:07:99:e8:57:7e:41:02:1e:67:f0:18:ff:89:c8:93:8c:7e:aa:67:ee:9d:b4:74:ae:63:74:88:30:24:c7:6a:2c:c0:97:31:02:a1:92:31:b8:d0:4f:4d:2b:ae:36:37:8e:bf:16:ae:73:fc:3f:a7:4a:2c:34:75:d7:b6:6b:af:7b:71:b3:f4:9c:25:26:67:02:e4:a6:2a:b9:08:08:87:03:65:32:e9:a8:83:40:f3:9b:f5:02:d1:86:24:0b:b9:79:58:60:0a:c6:42:e2:b8:d8:b8:d2:de:38:cd:ad:99:1b:08:b6:ad:48:6a:8a:72:35:1a:af:08:40:6f:64:21:83:b8:ba:90:05:60:67:2f:00:b1:2d:4b:a9:23:9b:f4:ef:1e:1f:78:f6:f3:cc:1a:43:bd:de:a3:31:8d:7c:aa:aa:29:1b:e1:b4:d5:a7:70:57:ed:9b:99:a8:f8:10:6b:37:1a:c9:5a:1e:79:bc:3e:4f:53:80:6c:43:85:4f:a8:e4:df:63:cc:df:de:ec:61:c0:1e:5a:d6:42:bf:5f:d0:06:03:10:c3:3a:45:f0:a2:df:8a:38:a5:5c:d1:57:37:93:1f:d0:ab:5b:a8:4d:ae:8b:4e:f0:e9:c6:a2:98:b1:46:60:75:6c:f5:ff:0b:58:de:2c:ad:06:5e:ce:3f:99:9c:36:6d:97:64:42:99:e1:d9:2c:6b:2b:a0:f3:7f:f1:15:9c:8b:2a:f4:ab:f3:4e:5c:26:10:d1:05:d4:b9:6e:63:5b:8e:bc:bf:b3:0b:ef:b0:bb:08:f4:b9:c0:91:31:7d:ec:9e:19:52:61:d7:fd:aa:4f:d5:47:44:e7:77:0f:ac:13:97:f8:90:24:32:43:1b:65:57:1a:e9:3b:06:c1:4d:41:e3:af:9e:38:bf:bf:84:b6:0c:65:db:87:82:59:f9:1f:d3:f4:0b:52:66:92:4a:24:2e:64:a9:91:88:01:ba:eb:89:b6:36:9d:30:1b:12:e6:24:fd:4e:be:85:ab:a6:b4:2e:aa:b6:26:97:88:9d:ee:9b:4c:92:49:e9:14:e0:40:ae:a5:33:d8:0d:6b:d0:2a:8d:ba:bb:ec:4c:b6:f8:ac:51:e4:12:dd:cb:bb:d6:76:3c:61:f0:11:d4:36:a2:1e:ed:79:b9:9f:c6:73:fd:eb" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:55.103657000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494455.103657000", - "frame.time_delta": "0.060264000", - "frame.time_delta_displayed": "0.060264000", - "frame.time_relative": "863.642971000", - "frame.number": "3153", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c7e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003901", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "8014", - "tcp.ack": "34536", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000b955", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:46:bc:00:26:02:45", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812167868, TSecr 2490949": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812167868", - "tcp.options.timestamp.tsecr": "2490949" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3152", - "tcp.analysis.ack_rtt": "0.060264000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:55.359774000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494455.359774000", - "frame.time_delta": "0.256117000", - "frame.time_delta_displayed": "0.256117000", - "frame.time_relative": "863.899088000", - "frame.number": "3154", - "frame.len": "134", - "frame.cap_len": "134", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:adwin_config" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "120", - "ip.id": "0x00000ac1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000edcb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "100", - "udp.checksum": "0x0000c47c", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "adwin_config": { - "adwin_config.pattern": "0x5c000054", - "adwin_config.version": "1112689490", - "adwin_config.scan_id": "0xd073d502", - "adwin_config.status": "0x41da0000", - "adwin_config.timeout": "1279870552", - "adwin_config.filename": "V2", - "adwin_config.mac": "02:d3:af:c3:9f:42", - "adwin_config.unused": "" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:55.375118000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494455.375118000", - "frame.time_delta": "0.015344000", - "frame.time_delta_displayed": "0.015344000", - "frame.time_relative": "863.914432000", - "frame.number": "3155", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "106", - "ip.id": "0x00009586", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000077c3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "54", - "tcp.seq": "34536", - "tcp.nxtseq": "34590", - "tcp.ack": "8014", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000886b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:02:66:a7:9e:46:bc", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2490982, TSecr 2812167868": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2490982", - "tcp.options.timestamp.tsecr": "2812167868" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "54", - "tcp.analysis.push_bytes_sent": "54" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:33:48:cf:50:5a:9e:05:f6:af:87:17:1a:3e:67:8d:89:e6:7c:8b:b6:38:30:c4:29:08:ee:f0:b0:d7:b5:1c:59:fe:ea:bb:2d:9d:5f:29:1c:55:ec" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:55.435269000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494455.435269000", - "frame.time_delta": "0.060151000", - "frame.time_delta_displayed": "0.060151000", - "frame.time_relative": "863.974583000", - "frame.number": "3156", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c7f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003900", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "8014", - "tcp.ack": "34590", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000b8ab", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:47:0f:00:26:02:66", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812167951, TSecr 2490982": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812167951", - "tcp.options.timestamp.tsecr": "2490982" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3155", - "tcp.analysis.ack_rtt": "0.060151000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:57.452979000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494457.452979000", - "frame.time_delta": "2.017710000", - "frame.time_delta_displayed": "2.017710000", - "frame.time_relative": "865.992293000", - "frame.number": "3157", - "frame.len": "354", - "frame.cap_len": "354", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "340", - "ip.id": "0x00002c80", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037df", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "288", - "tcp.seq": "8014", - "tcp.nxtseq": "8302", - "tcp.ack": "34590", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00001679", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:49:07:00:26:02:66", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812168455, TSecr 2490982": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812168455", - "tcp.options.timestamp.tsecr": "2490982" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "288", - "tcp.analysis.push_bytes_sent": "288" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "283", - "ssl.app_data": "34:cd:34:17:47:48:0e:65:65:86:af:d4:f7:65:c1:1e:83:73:4c:0b:c7:1c:88:7d:1c:c2:60:7c:70:45:1a:42:df:ef:42:40:7c:08:cf:48:5a:8e:8c:74:0a:af:cc:34:d1:32:7e:92:79:89:a5:4a:b6:e9:6a:44:c1:7e:c3:da:38:32:ba:30:76:67:8d:58:1b:d6:ff:fc:c9:3f:d4:9d:bc:34:4e:69:40:af:d7:49:47:41:c1:21:0a:b2:84:ff:d1:ef:55:a4:9d:68:42:00:62:21:81:b2:f3:3b:cf:af:51:68:74:ed:44:10:35:0a:8b:88:20:89:09:a3:7e:0d:ed:0e:c5:93:1f:f0:0f:5b:f0:3d:b6:25:76:65:51:cb:42:d0:57:9f:a0:27:49:44:51:2d:33:22:f7:b6:63:45:c7:cc:b1:9b:41:c3:8e:2e:2f:51:fb:d5:ef:0f:9e:f0:a2:53:e5:4a:18:d0:35:0e:ca:50:76:01:13:8e:46:0c:99:38:eb:64:77:e3:11:79:08:da:2e:d6:50:a5:05:bc:19:89:4d:cc:69:ba:18:92:b7:79:de:2c:af:1d:30:3b:49:fa:05:09:be:50:8d:63:80:93:1b:66:e2:30:d1:21:30:6a:1c:67:06:48:48:0c:9f:44:c3:d3:85:b0:ed:d6:c4:b4:5b:a1:a2:b5:fe:07:2e:48:ea:03:b5:8b:5b:42:ea:1a:ad:9b:89:7c:fe:13:55:a0:b4" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:57.473747000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494457.473747000", - "frame.time_delta": "0.020768000", - "frame.time_delta_displayed": "0.020768000", - "frame.time_relative": "866.013061000", - "frame.number": "3158", - "frame.len": "119", - "frame.cap_len": "119", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "105", - "ip.id": "0x00009587", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000077c3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "53", - "tcp.seq": "34590", - "tcp.nxtseq": "34643", - "tcp.ack": "8302", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000e565", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:03:38:a7:9e:49:07", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2491192, TSecr 2812168455": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2491192", - "tcp.options.timestamp.tsecr": "2812168455" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3157", - "tcp.analysis.ack_rtt": "0.020768000", - "tcp.analysis.bytes_in_flight": "53", - "tcp.analysis.push_bytes_sent": "53" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "48", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:34:1e:87:01:91:15:12:8f:74:bd:dd:10:87:ae:91:3a:8c:05:70:31:60:75:e9:10:c3:c7:1c:7b:6d:58:af:23:e0:0f:6c:b2:38:c3:1b:92:1b" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:57.537481000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494457.537481000", - "frame.time_delta": "0.063734000", - "frame.time_delta_displayed": "0.063734000", - "frame.time_relative": "866.076795000", - "frame.number": "3159", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c81", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038fe", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "8302", - "tcp.ack": "34643", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000b478", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:49:1b:00:26:03:38", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812168475, TSecr 2491192": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812168475", - "tcp.options.timestamp.tsecr": "2491192" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3158", - "tcp.analysis.ack_rtt": "0.063734000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:57.537929000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494457.537929000", - "frame.time_delta": "0.000448000", - "frame.time_delta_displayed": "0.000448000", - "frame.time_relative": "866.077243000", - "frame.number": "3160", - "frame.len": "765", - "frame.cap_len": "765", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "751", - "ip.id": "0x00009588", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000753c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "699", - "tcp.seq": "34643", - "tcp.nxtseq": "35342", - "tcp.ack": "8302", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000028ca", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:03:3e:a7:9e:49:1b", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2491198, TSecr 2812168475": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2491198", - "tcp.options.timestamp.tsecr": "2812168475" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "699", - "tcp.analysis.push_bytes_sent": "699" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:35:48:31:6e:eb:33:00:b5:f8:0b:01:fc:9c:e0:cb:b7:d6:4b:71:63:26:45:17:30:ea:b3:17:59:7b:80:71:18:5d:52:f0:e0:f4:3d:dd:5f:7a:a5" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "96", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:36:29:f0:3b:32:3e:3b:06:c4:96:e3:23:a4:c5:83:38:0f:dd:2e:ad:dc:30:74:cd:71:41:ae:ad:78:e8:91:96:ea:60:7f:7d:33:37:70:79:11:26:05:ac:56:a8:d1:6f:9f:ab:95:d9:a7:8a:76:4c:68:6e:41:20:62:d2:ae:43:05:98:09:46:c6:d3:58:7e:26:2d:be:b4:3b:da:63:29:b8:da:b6:b1:a8:6e:b2:69:7f" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "539", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:37:59:1f:c5:2a:76:bd:de:47:1a:97:17:a1:7a:4b:71:73:10:cf:4c:55:54:d6:a4:23:5f:5f:19:49:a0:39:b2:59:25:f5:fa:6c:a6:01:51:9a:9f:39:e2:14:d1:b3:24:ae:a7:6e:a2:79:d1:16:71:dd:b3:ea:89:2c:3f:e1:50:a2:92:09:8a:39:d8:44:19:3a:39:1b:03:44:9d:1d:d3:65:ab:b0:a8:94:5b:ba:df:37:83:17:ab:21:5b:84:cc:a5:51:6d:7b:8c:31:37:cf:4b:79:8c:2b:89:f9:99:c2:58:93:90:d9:e8:82:3a:e4:3f:62:02:4a:aa:cc:35:e5:f4:fc:a3:5d:c1:10:cd:62:dd:b7:45:8b:9c:29:a0:7e:bc:a5:7d:eb:2b:39:39:fe:55:25:3e:1f:ac:13:b6:dd:7b:44:3d:23:29:77:1f:40:48:cc:9e:57:af:a5:3e:f5:78:2c:cd:a9:bf:ea:84:41:7f:2d:18:00:6c:dd:d8:f6:18:8f:88:6a:1c:56:93:2e:d3:53:58:c3:ba:ad:ed:37:89:63:22:5a:87:da:40:97:a1:1e:ca:4b:cc:33:23:97:cf:ee:3a:06:46:0e:1f:95:09:bf:8c:95:53:da:bb:6a:c5:00:1d:39:af:93:f9:e7:97:3e:08:7b:4a:b4:b5:b4:67:85:ff:3f:74:e7:db:f2:89:2f:89:43:c9:35:55:9b:51:e0:9d:a3:e5:c2:74:23:00:42:7e:77:6c:38:3e:64:57:6f:bb:2e:99:61:6b:c9:da:5c:e9:cd:6b:95:30:e3:e4:b2:50:3b:80:38:d8:13:fe:dc:bd:b4:98:c6:7e:b3:c8:d2:a0:a0:c4:e9:32:62:b0:cf:e7:28:4a:4e:04:4a:24:73:a4:cc:e5:e3:b7:6a:2c:d9:07:7b:b6:cb:ab:d5:bf:d7:42:d5:60:9a:f4:4a:cd:bc:85:ad:e1:b6:ba:41:42:f8:0f:1b:d1:98:9f:f0:79:17:b1:c7:98:ba:a3:b7:ba:c0:f2:76:b5:d9:28:67:64:5e:71:2f:ce:5f:d6:4f:e6:12:e8:97:d2:b2:7b:e0:d5:aa:28:62:78:c0:5a:b3:17:01:80:ff:7b:4d:69:4c:59:2f:35:b2:e7:0c:55:8e:76:3c:bd:2f:35:48:3b:d3:60:5f:fa:ef:ae:59:9f:d4:c8:e4:c6:2c:d0:4d:a1:71:78:48:f6:f6:9c:be:5e:44:80:4a:4c:5c:6e:ba:07:2c:4b:e8:3d:3d:2f:e1:42:ad:a5:d3:be:63:3d:1d:28:68:f7:71:57:13:ce:4d:41:86:1c:4b:13:e9:cf:a4:4e:39:e6:b0:48:36:13:72:8f:02:38:9a:f5:a7:92:54:1b:e7:9b:6e:e1:10:b1:f8:b6:39:df:88:c4:9d" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:57.601107000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494457.601107000", - "frame.time_delta": "0.063178000", - "frame.time_delta_displayed": "0.063178000", - "frame.time_relative": "866.140421000", - "frame.number": "3161", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c82", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038fd", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "8302", - "tcp.ack": "35342", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000b1a7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:49:2b:00:26:03:3e", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812168491, TSecr 2491198": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812168491", - "tcp.options.timestamp.tsecr": "2491198" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3160", - "tcp.analysis.ack_rtt": "0.063178000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:57.883471000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494457.883471000", - "frame.time_delta": "0.282364000", - "frame.time_delta_displayed": "0.282364000", - "frame.time_relative": "866.422785000", - "frame.number": "3162", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "106", - "ip.id": "0x00009589", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000077c0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "54", - "tcp.seq": "35342", - "tcp.nxtseq": "35396", - "tcp.ack": "8302", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00004487", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:03:61:a7:9e:49:2b", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2491233, TSecr 2812168491": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2491233", - "tcp.options.timestamp.tsecr": "2812168491" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "54", - "tcp.analysis.push_bytes_sent": "54" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:38:fe:21:40:95:84:af:eb:25:87:61:58:d0:aa:76:65:d4:79:91:cc:6a:1e:b5:87:8c:5c:e9:e2:91:b3:22:0d:a7:98:1a:cb:69:b3:e4:8c:36:81" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:57.944297000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494457.944297000", - "frame.time_delta": "0.060826000", - "frame.time_delta_displayed": "0.060826000", - "frame.time_relative": "866.483611000", - "frame.number": "3163", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c83", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038fc", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "8302", - "tcp.ack": "35396", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000b0f7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:49:82:00:26:03:61", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812168578, TSecr 2491233": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812168578", - "tcp.options.timestamp.tsecr": "2491233" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3162", - "tcp.analysis.ack_rtt": "0.060826000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:58.444832000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494458.444832000", - "frame.time_delta": "0.500535000", - "frame.time_delta_displayed": "0.500535000", - "frame.time_relative": "866.984146000", - "frame.number": "3164", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00000748", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000b119", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "59589", - "udp.dstport": "53", - "udp.port": "59589", - "udp.port": "53", - "udp.length": "52", - "udp.checksum": "0x0000d0b4", - "udp.checksum.status": "2", - "udp.stream": "85" - }, - "dns": { - "dns.id": "0x00005d21", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "fw-update2.smartthings.com: type A, class IN": { - "dns.qry.name": "fw-update2.smartthings.com", - "dns.qry.name.len": "26", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:58.444848000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494458.444848000", - "frame.time_delta": "0.000016000", - "frame.time_delta_displayed": "0.000016000", - "frame.time_relative": "866.984162000", - "frame.number": "3165", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00000749", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000b118", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "59589", - "udp.dstport": "53", - "udp.port": "59589", - "udp.port": "53", - "udp.length": "52", - "udp.checksum": "0x00009953", - "udp.checksum.status": "2", - "udp.stream": "85" - }, - "dns": { - "dns.id": "0x00009467", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "fw-update2.smartthings.com: type AAAA, class IN": { - "dns.qry.name": "fw-update2.smartthings.com", - "dns.qry.name.len": "26", - "dns.count.labels": "3", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:58.445915000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494458.445915000", - "frame.time_delta": "0.001067000", - "frame.time_delta_displayed": "0.001067000", - "frame.time_relative": "866.985229000", - "frame.number": "3166", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00002fe0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008881", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "59589", - "udp.port": "53", - "udp.port": "59589", - "udp.length": "52", - "udp.checksum": "0x00008289", - "udp.checksum.status": "2", - "udp.stream": "85" - }, - "dns": { - "dns.response_to": "3165", - "dns.time": "0.001067000", - "dns.id": "0x00009467", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "fw-update2.smartthings.com: type AAAA, class IN": { - "dns.qry.name": "fw-update2.smartthings.com", - "dns.qry.name.len": "26", - "dns.count.labels": "3", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:58.446855000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494458.446855000", - "frame.time_delta": "0.000940000", - "frame.time_delta_displayed": "0.000940000", - "frame.time_relative": "866.986169000", - "frame.number": "3167", - "frame.len": "447", - "frame.cap_len": "447", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "433", - "ip.id": "0x00002fe1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008717", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "59589", - "udp.port": "53", - "udp.port": "59589", - "udp.length": "413", - "udp.checksum": "0x000083f2", - "udp.checksum.status": "2", - "udp.stream": "85" - }, - "dns": { - "dns.response_to": "3164", - "dns.time": "0.002023000", - "dns.id": "0x00005d21", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "3", - "dns.count.auth_rr": "4", - "dns.count.add_rr": "8", - "Queries": { - "fw-update2.smartthings.com: type A, class IN": { - "dns.qry.name": "fw-update2.smartthings.com", - "dns.qry.name.len": "26", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "fw-update2.smartthings.com: type A, class IN, addr 52.70.238.171": { - "dns.resp.name": "fw-update2.smartthings.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "58", - "dns.resp.len": "4", - "dns.a": "52.70.238.171" - }, - "fw-update2.smartthings.com: type A, class IN, addr 52.4.156.100": { - "dns.resp.name": "fw-update2.smartthings.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "58", - "dns.resp.len": "4", - "dns.a": "52.4.156.100" - }, - "fw-update2.smartthings.com: type A, class IN, addr 34.231.50.247": { - "dns.resp.name": "fw-update2.smartthings.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "58", - "dns.resp.len": "4", - "dns.a": "34.231.50.247" - } - }, - "Authoritative nameservers": { - "smartthings.com: type NS, class IN, ns ns-1275.awsdns-31.org": { - "dns.resp.name": "smartthings.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "64271", - "dns.resp.len": "23", - "dns.ns": "ns-1275.awsdns-31.org" - }, - "smartthings.com: type NS, class IN, ns ns-779.awsdns-33.net": { - "dns.resp.name": "smartthings.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "64271", - "dns.resp.len": "22", - "dns.ns": "ns-779.awsdns-33.net" - }, - "smartthings.com: type NS, class IN, ns ns-1610.awsdns-09.co.uk": { - "dns.resp.name": "smartthings.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "64271", - "dns.resp.len": "25", - "dns.ns": "ns-1610.awsdns-09.co.uk" - }, - "smartthings.com: type NS, class IN, ns ns-442.awsdns-55.com": { - "dns.resp.name": "smartthings.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "64271", - "dns.resp.len": "19", - "dns.ns": "ns-442.awsdns-55.com" - } - }, - "Additional records": { - "ns-442.awsdns-55.com: type A, class IN, addr 205.251.193.186": { - "dns.resp.name": "ns-442.awsdns-55.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "151095", - "dns.resp.len": "4", - "dns.a": "205.251.193.186" - }, - "ns-779.awsdns-33.net: type A, class IN, addr 205.251.195.11": { - "dns.resp.name": "ns-779.awsdns-33.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "60132", - "dns.resp.len": "4", - "dns.a": "205.251.195.11" - }, - "ns-1275.awsdns-31.org: type A, class IN, addr 205.251.196.251": { - "dns.resp.name": "ns-1275.awsdns-31.org", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "58371", - "dns.resp.len": "4", - "dns.a": "205.251.196.251" - }, - "ns-1610.awsdns-09.co.uk: type A, class IN, addr 205.251.198.74": { - "dns.resp.name": "ns-1610.awsdns-09.co.uk", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "58473", - "dns.resp.len": "4", - "dns.a": "205.251.198.74" - }, - "ns-442.awsdns-55.com: type AAAA, class IN, addr 2600:9000:5301:ba00::1": { - "dns.resp.name": "ns-442.awsdns-55.com", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "102028", - "dns.resp.len": "16", - "dns.aaaa": "2600:9000:5301:ba00::1" - }, - "ns-779.awsdns-33.net: type AAAA, class IN, addr 2600:9000:5303:b00::1": { - "dns.resp.name": "ns-779.awsdns-33.net", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "60132", - "dns.resp.len": "16", - "dns.aaaa": "2600:9000:5303:b00::1" - }, - "ns-1275.awsdns-31.org: type AAAA, class IN, addr 2600:9000:5304:fb00::1": { - "dns.resp.name": "ns-1275.awsdns-31.org", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "58371", - "dns.resp.len": "16", - "dns.aaaa": "2600:9000:5304:fb00::1" - }, - "ns-1610.awsdns-09.co.uk: type AAAA, class IN, addr 2600:9000:5306:4a00::1": { - "dns.resp.name": "ns-1610.awsdns-09.co.uk", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "58473", - "dns.resp.len": "16", - "dns.aaaa": "2600:9000:5306:4a00::1" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:58.447924000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494458.447924000", - "frame.time_delta": "0.001069000", - "frame.time_delta_displayed": "0.001069000", - "frame.time_relative": "866.987238000", - "frame.number": "3168", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x0000a403", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b22c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "52.70.238.171", - "ip.addr": "52.70.238.171", - "ip.dst_host": "52.70.238.171", - "ip.host": "52.70.238.171", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.dst_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.dst_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.dst_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - } - }, - "tcp": { - "tcp.srcport": "34258", - "tcp.dstport": "443", - "tcp.port": "34258", - "tcp.port": "443", - "tcp.stream": "133", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 443", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "14600", - "tcp.window_size": "14600", - "tcp.checksum": "0x0000a3ee", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:26:03:99:00:00:00:00:01:03:03:06", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 2491289, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2491289", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 6 (multiply by 64)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "6", - "tcp.options.wscale.multiplier": "64" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:58.518192000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494458.518192000", - "frame.time_delta": "0.070268000", - "frame.time_delta_displayed": "0.070268000", - "frame.time_relative": "867.057506000", - "frame.number": "3169", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "231", - "ip.proto": "6", - "ip.checksum": "0x0000af2f", - "ip.checksum.status": "2", - "ip.src": "52.70.238.171", - "ip.addr": "52.70.238.171", - "ip.src_host": "52.70.238.171", - "ip.host": "52.70.238.171", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.src_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.src_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.src_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "34258", - "tcp.port": "443", - "tcp.port": "34258", - "tcp.stream": "133", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 443", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "26847", - "tcp.window_size": "26847", - "tcp.checksum": "0x0000e0ce", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:4b:45:97:e6:00:26:03:99:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 1262852070, TSecr 2491289": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "1262852070", - "tcp.options.timestamp.tsecr": "2491289" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3168", - "tcp.analysis.ack_rtt": "0.070268000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:58.518707000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494458.518707000", - "frame.time_delta": "0.000515000", - "frame.time_delta_displayed": "0.000515000", - "frame.time_relative": "867.058021000", - "frame.number": "3170", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000a404", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b233", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "52.70.238.171", - "ip.addr": "52.70.238.171", - "ip.dst_host": "52.70.238.171", - "ip.host": "52.70.238.171", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.dst_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.dst_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.dst_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - } - }, - "tcp": { - "tcp.srcport": "34258", - "tcp.dstport": "443", - "tcp.port": "34258", - "tcp.port": "443", - "tcp.stream": "133", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "229", - "tcp.window_size": "14656", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000778f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:03:a0:4b:45:97:e6", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2491296, TSecr 1262852070": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2491296", - "tcp.options.timestamp.tsecr": "1262852070" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3169", - "tcp.analysis.ack_rtt": "0.000515000", - "tcp.analysis.initial_rtt": "0.070783000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:58.520822000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494458.520822000", - "frame.time_delta": "0.002115000", - "frame.time_delta_displayed": "0.002115000", - "frame.time_relative": "867.060136000", - "frame.number": "3171", - "frame.len": "373", - "frame.cap_len": "373", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "359", - "ip.id": "0x0000a405", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b0ff", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "52.70.238.171", - "ip.addr": "52.70.238.171", - "ip.dst_host": "52.70.238.171", - "ip.host": "52.70.238.171", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.dst_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.dst_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.dst_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - } - }, - "tcp": { - "tcp.srcport": "34258", - "tcp.dstport": "443", - "tcp.port": "34258", - "tcp.port": "443", - "tcp.stream": "133", - "tcp.len": "307", - "tcp.seq": "1", - "tcp.nxtseq": "308", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "229", - "tcp.window_size": "14656", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000ff0d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:03:a0:4b:45:97:e6", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2491296, TSecr 1262852070": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2491296", - "tcp.options.timestamp.tsecr": "1262852070" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.070783000", - "tcp.analysis.bytes_in_flight": "307", - "tcp.analysis.push_bytes_sent": "307" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "22", - "ssl.record.version": "0x00000301", - "ssl.record.length": "302", - "ssl.handshake": { - "ssl.handshake.type": "1", - "ssl.handshake.length": "298", - "ssl.handshake.version": "0x00000303", - "Random": { - "ssl.handshake.random_time": "Jan 3, 2007 00:29:32.000000000 PST", - "ssl.handshake.random": "e3:7d:69:b5:5b:a7:d1:b5:87:ad:5d:03:5f:9e:29:0f:89:cf:00:be:b1:d7:86:66:c4:63:93:89" - }, - "ssl.handshake.session_id_length": "0", - "ssl.handshake.cipher_suites_length": "148", - "ssl.handshake.ciphersuites": { - "ssl.handshake.ciphersuite": "49200", - "ssl.handshake.ciphersuite": "49196", - "ssl.handshake.ciphersuite": "49192", - "ssl.handshake.ciphersuite": "49188", - "ssl.handshake.ciphersuite": "49172", - "ssl.handshake.ciphersuite": "49162", - "ssl.handshake.ciphersuite": "163", - "ssl.handshake.ciphersuite": "159", - "ssl.handshake.ciphersuite": "107", - "ssl.handshake.ciphersuite": "106", - "ssl.handshake.ciphersuite": "57", - "ssl.handshake.ciphersuite": "56", - "ssl.handshake.ciphersuite": "136", - "ssl.handshake.ciphersuite": "135", - "ssl.handshake.ciphersuite": "49202", - "ssl.handshake.ciphersuite": "49198", - "ssl.handshake.ciphersuite": "49194", - "ssl.handshake.ciphersuite": "49190", - "ssl.handshake.ciphersuite": "49167", - "ssl.handshake.ciphersuite": "49157", - "ssl.handshake.ciphersuite": "157", - "ssl.handshake.ciphersuite": "61", - "ssl.handshake.ciphersuite": "53", - "ssl.handshake.ciphersuite": "132", - "ssl.handshake.ciphersuite": "49199", - "ssl.handshake.ciphersuite": "49195", - "ssl.handshake.ciphersuite": "49191", - "ssl.handshake.ciphersuite": "49187", - "ssl.handshake.ciphersuite": "49171", - "ssl.handshake.ciphersuite": "49161", - "ssl.handshake.ciphersuite": "162", - "ssl.handshake.ciphersuite": "158", - "ssl.handshake.ciphersuite": "103", - "ssl.handshake.ciphersuite": "64", - "ssl.handshake.ciphersuite": "51", - "ssl.handshake.ciphersuite": "50", - "ssl.handshake.ciphersuite": "154", - "ssl.handshake.ciphersuite": "153", - "ssl.handshake.ciphersuite": "69", - "ssl.handshake.ciphersuite": "68", - "ssl.handshake.ciphersuite": "49201", - "ssl.handshake.ciphersuite": "49197", - "ssl.handshake.ciphersuite": "49193", - "ssl.handshake.ciphersuite": "49189", - "ssl.handshake.ciphersuite": "49166", - "ssl.handshake.ciphersuite": "49156", - "ssl.handshake.ciphersuite": "156", - "ssl.handshake.ciphersuite": "60", - "ssl.handshake.ciphersuite": "47", - "ssl.handshake.ciphersuite": "150", - "ssl.handshake.ciphersuite": "65", - "ssl.handshake.ciphersuite": "7", - "ssl.handshake.ciphersuite": "49169", - "ssl.handshake.ciphersuite": "49159", - "ssl.handshake.ciphersuite": "49164", - "ssl.handshake.ciphersuite": "49154", - "ssl.handshake.ciphersuite": "5", - "ssl.handshake.ciphersuite": "4", - "ssl.handshake.ciphersuite": "49170", - "ssl.handshake.ciphersuite": "49160", - "ssl.handshake.ciphersuite": "22", - "ssl.handshake.ciphersuite": "19", - "ssl.handshake.ciphersuite": "49165", - "ssl.handshake.ciphersuite": "49155", - "ssl.handshake.ciphersuite": "10", - "ssl.handshake.ciphersuite": "21", - "ssl.handshake.ciphersuite": "18", - "ssl.handshake.ciphersuite": "9", - "ssl.handshake.ciphersuite": "20", - "ssl.handshake.ciphersuite": "17", - "ssl.handshake.ciphersuite": "8", - "ssl.handshake.ciphersuite": "6", - "ssl.handshake.ciphersuite": "3", - "ssl.handshake.ciphersuite": "255" - }, - "ssl.handshake.comp_methods_length": "1", - "ssl.handshake.comp_methods": { - "ssl.handshake.comp_method": "0" - }, - "ssl.handshake.extensions_length": "109", - "Extension: ec_point_formats": { - "ssl.handshake.extension.type": "0x0000000b", - "ssl.handshake.extension.len": "4", - "ssl.handshake.extensions_ec_point_formats_length": "3", - "ssl.handshake.extensions_elliptic_curves": { - "ssl.handshake.extensions_ec_point_format": "0", - "ssl.handshake.extensions_ec_point_format": "1", - "ssl.handshake.extensions_ec_point_format": "2" - } - }, - "Extension: elliptic_curves": { - "ssl.handshake.extension.type": "0x0000000a", - "ssl.handshake.extension.len": "52", - "ssl.handshake.extensions_elliptic_curves_length": "50", - "ssl.handshake.extensions_elliptic_curves": { - "ssl.handshake.extensions_elliptic_curve": "0x0000000e", - "ssl.handshake.extensions_elliptic_curve": "0x0000000d", - "ssl.handshake.extensions_elliptic_curve": "0x00000019", - "ssl.handshake.extensions_elliptic_curve": "0x0000000b", - "ssl.handshake.extensions_elliptic_curve": "0x0000000c", - "ssl.handshake.extensions_elliptic_curve": "0x00000018", - "ssl.handshake.extensions_elliptic_curve": "0x00000009", - "ssl.handshake.extensions_elliptic_curve": "0x0000000a", - "ssl.handshake.extensions_elliptic_curve": "0x00000016", - "ssl.handshake.extensions_elliptic_curve": "0x00000017", - "ssl.handshake.extensions_elliptic_curve": "0x00000008", - "ssl.handshake.extensions_elliptic_curve": "0x00000006", - "ssl.handshake.extensions_elliptic_curve": "0x00000007", - "ssl.handshake.extensions_elliptic_curve": "0x00000014", - "ssl.handshake.extensions_elliptic_curve": "0x00000015", - "ssl.handshake.extensions_elliptic_curve": "0x00000004", - "ssl.handshake.extensions_elliptic_curve": "0x00000005", - "ssl.handshake.extensions_elliptic_curve": "0x00000012", - "ssl.handshake.extensions_elliptic_curve": "0x00000013", - "ssl.handshake.extensions_elliptic_curve": "0x00000001", - "ssl.handshake.extensions_elliptic_curve": "0x00000002", - "ssl.handshake.extensions_elliptic_curve": "0x00000003", - "ssl.handshake.extensions_elliptic_curve": "0x0000000f", - "ssl.handshake.extensions_elliptic_curve": "0x00000010", - "ssl.handshake.extensions_elliptic_curve": "0x00000011" - } - }, - "Extension: SessionTicket TLS": { - "ssl.handshake.extension.type": "0x00000023", - "ssl.handshake.extension.len": "0", - "ssl.handshake.extension.data": "" - }, - "Extension: signature_algorithms": { - "ssl.handshake.extension.type": "0x0000000d", - "ssl.handshake.extension.len": "32", - "ssl.handshake.sig_hash_alg_len": "30", - "ssl.handshake.sig_hash_algs": { - "ssl.handshake.sig_hash_alg": "0x00000601", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "6", - "ssl.handshake.sig_hash_sig": "1" - }, - "ssl.handshake.sig_hash_alg": "0x00000602", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "6", - "ssl.handshake.sig_hash_sig": "2" - }, - "ssl.handshake.sig_hash_alg": "0x00000603", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "6", - "ssl.handshake.sig_hash_sig": "3" - }, - "ssl.handshake.sig_hash_alg": "0x00000501", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "5", - "ssl.handshake.sig_hash_sig": "1" - }, - "ssl.handshake.sig_hash_alg": "0x00000502", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "5", - "ssl.handshake.sig_hash_sig": "2" - }, - "ssl.handshake.sig_hash_alg": "0x00000503", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "5", - "ssl.handshake.sig_hash_sig": "3" - }, - "ssl.handshake.sig_hash_alg": "0x00000401", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "4", - "ssl.handshake.sig_hash_sig": "1" - }, - "ssl.handshake.sig_hash_alg": "0x00000402", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "4", - "ssl.handshake.sig_hash_sig": "2" - }, - "ssl.handshake.sig_hash_alg": "0x00000403", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "4", - "ssl.handshake.sig_hash_sig": "3" - }, - "ssl.handshake.sig_hash_alg": "0x00000301", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "3", - "ssl.handshake.sig_hash_sig": "1" - }, - "ssl.handshake.sig_hash_alg": "0x00000302", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "3", - "ssl.handshake.sig_hash_sig": "2" - }, - "ssl.handshake.sig_hash_alg": "0x00000303", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "3", - "ssl.handshake.sig_hash_sig": "3" - }, - "ssl.handshake.sig_hash_alg": "0x00000201", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "2", - "ssl.handshake.sig_hash_sig": "1" - }, - "ssl.handshake.sig_hash_alg": "0x00000202", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "2", - "ssl.handshake.sig_hash_sig": "2" - }, - "ssl.handshake.sig_hash_alg": "0x00000203", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "2", - "ssl.handshake.sig_hash_sig": "3" - } - } - }, - "Extension: Heartbeat": { - "ssl.handshake.extension.type": "0x0000000f", - "ssl.handshake.extension.len": "1", - "ssl.handshake.extension.heartbeat.mode": "1" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:58.580207000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494458.580207000", - "frame.time_delta": "0.059385000", - "frame.time_delta_displayed": "0.059385000", - "frame.time_relative": "867.119521000", - "frame.number": "3172", - "frame.len": "136", - "frame.cap_len": "136", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "122", - "ip.id": "0x000083a0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000055b9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "102", - "udp.checksum": "0x0000302a", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000003", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", - "dns.qry.name.len": "70", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:58.591131000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494458.591131000", - "frame.time_delta": "0.010924000", - "frame.time_delta_displayed": "0.010924000", - "frame.time_relative": "867.130445000", - "frame.number": "3173", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000fcdd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "231", - "ip.proto": "6", - "ip.checksum": "0x0000b259", - "ip.checksum.status": "2", - "ip.src": "52.70.238.171", - "ip.addr": "52.70.238.171", - "ip.src_host": "52.70.238.171", - "ip.host": "52.70.238.171", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.src_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.src_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.src_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "34258", - "tcp.port": "443", - "tcp.port": "34258", - "tcp.stream": "133", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "308", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "110", - "tcp.window_size": "28160", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000076c1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:4b:45:97:f8:00:26:03:a0", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 1262852088, TSecr 2491296": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "1262852088", - "tcp.options.timestamp.tsecr": "2491296" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3171", - "tcp.analysis.ack_rtt": "0.070309000", - "tcp.analysis.initial_rtt": "0.070783000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:58.592384000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494458.592384000", - "frame.time_delta": "0.001253000", - "frame.time_delta_displayed": "0.001253000", - "frame.time_relative": "867.131698000", - "frame.number": "3174", - "frame.len": "1514", - "frame.cap_len": "1514", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1500", - "ip.id": "0x0000fcde", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "231", - "ip.proto": "6", - "ip.checksum": "0x0000acb0", - "ip.checksum.status": "2", - "ip.src": "52.70.238.171", - "ip.addr": "52.70.238.171", - "ip.src_host": "52.70.238.171", - "ip.host": "52.70.238.171", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.src_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.src_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.src_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "34258", - "tcp.port": "443", - "tcp.port": "34258", - "tcp.stream": "133", - "tcp.len": "1448", - "tcp.seq": "1", - "tcp.nxtseq": "1449", - "tcp.ack": "308", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "110", - "tcp.window_size": "28160", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000ea5a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:4b:45:97:f8:00:26:03:a0", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 1262852088, TSecr 2491296": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "1262852088", - "tcp.options.timestamp.tsecr": "2491296" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.070783000", - "tcp.analysis.bytes_in_flight": "1448", - "tcp.analysis.push_bytes_sent": "1448" - }, - "tcp.segment_data": "16:03:03:05:49:0b:00:05:45:00:05:42:00:03:09:30:82:03:05:30:82:02:6e:a0:03:02:01:02:02:01:00:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:34:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:34:34:5a:30:5f:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:10:30:0e:06:03:55:04:03:13:07:53:54:46:57:53:52:56:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:c9:56:e8:6d:ec:56:0a:e8:a6:09:dc:50:d1:72:66:6d:16:64:1c:fa:f4:df:ab:ee:e5:89:6f:90:1c:78:63:3a:cd:18:c9:a0:0a:c2:c9:09:99:15:ce:93:87:44:31:dc:56:53:c4:1d:bd:6a:6a:96:2d:97:e8:16:59:4c:b6:13:6d:a7:e6:e1:1e:51:8f:7a:40:d9:eb:47:f6:88:3f:04:7a:a2:3a:49:ae:c4:fb:fe:f3:b6:72:59:38:60:5e:cf:12:0d:db:15:fe:f5:c9:0c:89:b1:91:59:69:d0:4a:1c:0a:86:4d:6f:66:19:22:eb:57:e3:c8:8f:b7:f6:4d:8b:02:03:01:00:01:a3:81:d3:30:81:d0:30:09:06:03:55:1d:13:04:02:30:00:30:2c:06:09:60:86:48:01:86:f8:42:01:0d:04:1f:16:1d:4f:70:65:6e:53:53:4c:20:47:65:6e:65:72:61:74:65:64:20:43:65:72:74:69:66:69:63:61:74:65:30:1d:06:03:55:1d:0e:04:16:04:14:01:07:04:ee:a6:17:33:cc:2d:e5:e1:56:cd:43:0f:b2:71:42:05:02:30:76:06:03:55:1d:23:04:6f:30:6d:a1:60:a4:5e:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:82:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:0f:26:11:8e:c5:ab:4b:39:27:63:dc:70:73:ad:5b:c3:b1:83:2e:2d:8d:93:d4:2a:6e:70:9a:38:75:cc:0c:c4:0d:13:ae:b5:72:2f:15:bf:44:17:4a:3d:c2:8b:15:3d:87:ce:90:01:e6:20:b4:55:04:15:30:3f:ac:1b:78:f8:ff:c0:64:74:c2:29:96:f3:5f:be:a1:59:6e:24:e4:0f:4b:08:71:22:83:e6:9a:ce:7f:64:11:05:4c:33:40:04:42:a4:bf:b0:e8:e5:50:2b:0f:7b:20:ec:53:4e:da:b4:e5:8f:3c:d1:bb:ab:95:e6:16:7a:9a:72:e5:e6:53:79:00:02:33:30:82:02:2f:30:82:01:98:02:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:33:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:33:34:5a:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:eb:7c:8a:c0:0c:30:96:1b:ea:91:46:ea:ed:6b:41:f5:f0:f6:0a:16:a7:f3:cd:25:e9:4a:2c:9b:b4:66:58:54:22:a2:ad:5a:31:51:fe:85:9a:52:f5:e0:b8:45:2e:05:75:5e:fd:39:35:35:11:62:26:19:f8:7b:7d:8d:aa:73:b4:24:ab:c3:b1:08:c5:81:f1:1f:a8:3a:e6:13:ce:42:d4:67:59:3c:50:1d:6b:a2:f9:87:11:24:b5:ca:e0:cc:23:54:af:1a:9d:60:21:8e:41:4c:f9:00:4f:8e:2e:48:be:60:61:25:8a:bb:e5:16:ac:c0:01:fe:bf:6c:ee:7f:02:03:01:00:01:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:48:44:84:f7:d5:c5:67:7f:cb:ea:65:30:ba:64:5c:53:a1:6d:22:f4:de:32:75:b0:cc:53:3d:29:00:14:5a:78:1c:40:a5:2d:4e:7e:fa:c8:d6:22:c3:3e:56:3f:33:22:0b:7a:23:02:e5:75:49:94:70:27:b4:a4:a4:48:5f:77:a2:09:78:90:0e:0d:41:6d:26:a7:9f:9b:e0:16:4f:9c:16:98:14:5e:99:67:f1:cb:ff:5d:b2:7e:bf:b3:fd:c3:b3:d5:fb:3a:fe:78:2d:df:5a:6f:db:e3:3a:b0:93:6f:ed:c8:ee:58:a4:f6:95:5e:43:48:37:1e" - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "22", - "ssl.record.version": "0x00000303", - "ssl.record.length": "89", - "ssl.handshake": { - "ssl.handshake.type": "2", - "ssl.handshake.length": "85", - "ssl.handshake.version": "0x00000303", - "Random": { - "ssl.handshake.random_time": "Jan 16, 2023 09:13:17.000000000 PST", - "ssl.handshake.random": "b0:4a:b1:b3:a2:83:46:44:26:16:d0:b0:f2:2c:48:8a:9a:11:c4:85:de:5e:19:a2:30:e2:6b:d3" - }, - "ssl.handshake.session_id_length": "32", - "ssl.handshake.session_id": "c6:e5:f8:17:69:1f:b1:d3:45:bd:16:ef:97:b5:4b:71:a6:c4:83:0b:23:2c:bc:72:8b:66:53:9d:22:55:39:86", - "ssl.handshake.ciphersuite": "49199", - "ssl.handshake.comp_method": "0", - "ssl.handshake.extensions_length": "13", - "Extension: renegotiation_info": { - "ssl.handshake.extension.type": "0x0000ff01", - "ssl.handshake.extension.len": "1", - "Renegotiation Info extension": { - "ssl.handshake.extensions_reneg_info_len": "0" - } - }, - "Extension: ec_point_formats": { - "ssl.handshake.extension.type": "0x0000000b", - "ssl.handshake.extension.len": "4", - "ssl.handshake.extensions_ec_point_formats_length": "3", - "ssl.handshake.extensions_elliptic_curves": { - "ssl.handshake.extensions_ec_point_format": "0", - "ssl.handshake.extensions_ec_point_format": "1", - "ssl.handshake.extensions_ec_point_format": "2" - } - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:58.592404000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494458.592404000", - "frame.time_delta": "0.000020000", - "frame.time_delta_displayed": "0.000020000", - "frame.time_relative": "867.131718000", - "frame.number": "3175", - "frame.len": "289", - "frame.cap_len": "289", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl:pkcs-1:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:pkcs-1:x509ce:ns_cert_exts:x509ce:x509ce:x509sat:x509sat:x509sat:x509sat:x509sat:pkcs-1:pkcs-1:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:pkcs-1:pkcs-1:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "275", - "ip.id": "0x0000fcdf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "231", - "ip.proto": "6", - "ip.checksum": "0x0000b178", - "ip.checksum.status": "2", - "ip.src": "52.70.238.171", - "ip.addr": "52.70.238.171", - "ip.src_host": "52.70.238.171", - "ip.host": "52.70.238.171", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.src_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.src_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.src_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "34258", - "tcp.port": "443", - "tcp.port": "34258", - "tcp.stream": "133", - "tcp.len": "223", - "tcp.seq": "1449", - "tcp.nxtseq": "1672", - "tcp.ack": "308", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "110", - "tcp.window_size": "28160", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000e591", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:4b:45:97:f8:00:26:03:a0", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 1262852088, TSecr 2491296": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "1262852088", - "tcp.options.timestamp.tsecr": "2491296" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.070783000", - "tcp.analysis.bytes_in_flight": "1671", - "tcp.analysis.push_bytes_sent": "1671" - }, - "tcp.segment_data": "3a:cd:63:9f" - }, - "tcp.segments": { - "tcp.segment": "3174", - "tcp.segment": "3175", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1358", - "tcp.reassembled.data": "16:03:03:05:49:0b:00:05:45:00:05:42:00:03:09:30:82:03:05:30:82:02:6e:a0:03:02:01:02:02:01:00:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:34:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:34:34:5a:30:5f:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:10:30:0e:06:03:55:04:03:13:07:53:54:46:57:53:52:56:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:c9:56:e8:6d:ec:56:0a:e8:a6:09:dc:50:d1:72:66:6d:16:64:1c:fa:f4:df:ab:ee:e5:89:6f:90:1c:78:63:3a:cd:18:c9:a0:0a:c2:c9:09:99:15:ce:93:87:44:31:dc:56:53:c4:1d:bd:6a:6a:96:2d:97:e8:16:59:4c:b6:13:6d:a7:e6:e1:1e:51:8f:7a:40:d9:eb:47:f6:88:3f:04:7a:a2:3a:49:ae:c4:fb:fe:f3:b6:72:59:38:60:5e:cf:12:0d:db:15:fe:f5:c9:0c:89:b1:91:59:69:d0:4a:1c:0a:86:4d:6f:66:19:22:eb:57:e3:c8:8f:b7:f6:4d:8b:02:03:01:00:01:a3:81:d3:30:81:d0:30:09:06:03:55:1d:13:04:02:30:00:30:2c:06:09:60:86:48:01:86:f8:42:01:0d:04:1f:16:1d:4f:70:65:6e:53:53:4c:20:47:65:6e:65:72:61:74:65:64:20:43:65:72:74:69:66:69:63:61:74:65:30:1d:06:03:55:1d:0e:04:16:04:14:01:07:04:ee:a6:17:33:cc:2d:e5:e1:56:cd:43:0f:b2:71:42:05:02:30:76:06:03:55:1d:23:04:6f:30:6d:a1:60:a4:5e:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:82:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:0f:26:11:8e:c5:ab:4b:39:27:63:dc:70:73:ad:5b:c3:b1:83:2e:2d:8d:93:d4:2a:6e:70:9a:38:75:cc:0c:c4:0d:13:ae:b5:72:2f:15:bf:44:17:4a:3d:c2:8b:15:3d:87:ce:90:01:e6:20:b4:55:04:15:30:3f:ac:1b:78:f8:ff:c0:64:74:c2:29:96:f3:5f:be:a1:59:6e:24:e4:0f:4b:08:71:22:83:e6:9a:ce:7f:64:11:05:4c:33:40:04:42:a4:bf:b0:e8:e5:50:2b:0f:7b:20:ec:53:4e:da:b4:e5:8f:3c:d1:bb:ab:95:e6:16:7a:9a:72:e5:e6:53:79:00:02:33:30:82:02:2f:30:82:01:98:02:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:33:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:33:34:5a:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:eb:7c:8a:c0:0c:30:96:1b:ea:91:46:ea:ed:6b:41:f5:f0:f6:0a:16:a7:f3:cd:25:e9:4a:2c:9b:b4:66:58:54:22:a2:ad:5a:31:51:fe:85:9a:52:f5:e0:b8:45:2e:05:75:5e:fd:39:35:35:11:62:26:19:f8:7b:7d:8d:aa:73:b4:24:ab:c3:b1:08:c5:81:f1:1f:a8:3a:e6:13:ce:42:d4:67:59:3c:50:1d:6b:a2:f9:87:11:24:b5:ca:e0:cc:23:54:af:1a:9d:60:21:8e:41:4c:f9:00:4f:8e:2e:48:be:60:61:25:8a:bb:e5:16:ac:c0:01:fe:bf:6c:ee:7f:02:03:01:00:01:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:48:44:84:f7:d5:c5:67:7f:cb:ea:65:30:ba:64:5c:53:a1:6d:22:f4:de:32:75:b0:cc:53:3d:29:00:14:5a:78:1c:40:a5:2d:4e:7e:fa:c8:d6:22:c3:3e:56:3f:33:22:0b:7a:23:02:e5:75:49:94:70:27:b4:a4:a4:48:5f:77:a2:09:78:90:0e:0d:41:6d:26:a7:9f:9b:e0:16:4f:9c:16:98:14:5e:99:67:f1:cb:ff:5d:b2:7e:bf:b3:fd:c3:b3:d5:fb:3a:fe:78:2d:df:5a:6f:db:e3:3a:b0:93:6f:ed:c8:ee:58:a4:f6:95:5e:43:48:37:1e:3a:cd:63:9f" - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "22", - "ssl.record.version": "0x00000303", - "ssl.record.length": "1353", - "ssl.handshake": { - "ssl.handshake.type": "11", - "ssl.handshake.length": "1349", - "ssl.handshake.certificates_length": "1346", - "ssl.handshake.certificates": { - "ssl.handshake.certificate_length": "777", - "ssl.handshake.certificate": "30:82:03:05:30:82:02:6e:a0:03:02:01:02:02:01:00:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:34:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:34:34:5a:30:5f:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:10:30:0e:06:03:55:04:03:13:07:53:54:46:57:53:52:56:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:c9:56:e8:6d:ec:56:0a:e8:a6:09:dc:50:d1:72:66:6d:16:64:1c:fa:f4:df:ab:ee:e5:89:6f:90:1c:78:63:3a:cd:18:c9:a0:0a:c2:c9:09:99:15:ce:93:87:44:31:dc:56:53:c4:1d:bd:6a:6a:96:2d:97:e8:16:59:4c:b6:13:6d:a7:e6:e1:1e:51:8f:7a:40:d9:eb:47:f6:88:3f:04:7a:a2:3a:49:ae:c4:fb:fe:f3:b6:72:59:38:60:5e:cf:12:0d:db:15:fe:f5:c9:0c:89:b1:91:59:69:d0:4a:1c:0a:86:4d:6f:66:19:22:eb:57:e3:c8:8f:b7:f6:4d:8b:02:03:01:00:01:a3:81:d3:30:81:d0:30:09:06:03:55:1d:13:04:02:30:00:30:2c:06:09:60:86:48:01:86:f8:42:01:0d:04:1f:16:1d:4f:70:65:6e:53:53:4c:20:47:65:6e:65:72:61:74:65:64:20:43:65:72:74:69:66:69:63:61:74:65:30:1d:06:03:55:1d:0e:04:16:04:14:01:07:04:ee:a6:17:33:cc:2d:e5:e1:56:cd:43:0f:b2:71:42:05:02:30:76:06:03:55:1d:23:04:6f:30:6d:a1:60:a4:5e:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:82:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:0f:26:11:8e:c5:ab:4b:39:27:63:dc:70:73:ad:5b:c3:b1:83:2e:2d:8d:93:d4:2a:6e:70:9a:38:75:cc:0c:c4:0d:13:ae:b5:72:2f:15:bf:44:17:4a:3d:c2:8b:15:3d:87:ce:90:01:e6:20:b4:55:04:15:30:3f:ac:1b:78:f8:ff:c0:64:74:c2:29:96:f3:5f:be:a1:59:6e:24:e4:0f:4b:08:71:22:83:e6:9a:ce:7f:64:11:05:4c:33:40:04:42:a4:bf:b0:e8:e5:50:2b:0f:7b:20:ec:53:4e:da:b4:e5:8f:3c:d1:bb:ab:95:e6:16:7a:9a:72:e5:e6:53:79", - "ssl.handshake.certificate_tree": { - "x509af.signedCertificate_element": { - "x509af.version": "2", - "x509af.serialNumber": "0", - "x509af.signature_element": { - "x509af.algorithm.id": "1.2.840.113549.1.1.5" - }, - "x509af.issuer": "0", - "x509af.issuer_tree": { - "x509if.rdnSequence": "5", - "x509if.rdnSequence_tree": { - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.6", - "x509sat.CountryName": "US" - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.8", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "Minnesota" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.10", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "SmartThings" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.11", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "SmartThings" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.3", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "STCA" - } - } - } - } - }, - "x509af.validity_element": { - "x509af.notBefore": "0", - "x509af.notBefore_tree": { - "x509af.utcTime": "15-03-05 21:25:44 (UTC)" - }, - "x509af.notAfter": "0", - "x509af.notAfter_tree": { - "x509af.utcTime": "25-03-02 21:25:44 (UTC)" - } - }, - "x509af.subject": "0", - "x509af.subject_tree": { - "x509af.rdnSequence": "5", - "x509af.rdnSequence_tree": { - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.6", - "x509sat.CountryName": "US" - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.8", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "Minnesota" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.10", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "SmartThings" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.11", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "SmartThings" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.3", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "STFWSRV" - } - } - } - } - }, - "x509af.subjectPublicKeyInfo_element": { - "x509af.algorithm_element": { - "x509af.algorithm.id": "1.2.840.113549.1.1.1" - }, - "x509af.subjectPublicKey": "30:81:89:02:81:81:00:c9:56:e8:6d:ec:56:0a:e8:a6:09:dc:50:d1:72:66:6d:16:64:1c:fa:f4:df:ab:ee:e5:89:6f:90:1c:78:63:3a:cd:18:c9:a0:0a:c2:c9:09:99:15:ce:93:87:44:31:dc:56:53:c4:1d:bd:6a:6a:96:2d:97:e8:16:59:4c:b6:13:6d:a7:e6:e1:1e:51:8f:7a:40:d9:eb:47:f6:88:3f:04:7a:a2:3a:49:ae:c4:fb:fe:f3:b6:72:59:38:60:5e:cf:12:0d:db:15:fe:f5:c9:0c:89:b1:91:59:69:d0:4a:1c:0a:86:4d:6f:66:19:22:eb:57:e3:c8:8f:b7:f6:4d:8b:02:03:01:00:01", - "x509af.subjectPublicKey_tree": { - "pkcs1.modulus": "00:c9:56:e8:6d:ec:56:0a:e8:a6:09:dc:50:d1:72:66:6d:16:64:1c:fa:f4:df:ab:ee:e5:89:6f:90:1c:78:63:3a:cd:18:c9:a0:0a:c2:c9:09:99:15:ce:93:87:44:31:dc:56:53:c4:1d:bd:6a:6a:96:2d:97:e8:16:59:4c:b6:13:6d:a7:e6:e1:1e:51:8f:7a:40:d9:eb:47:f6:88:3f:04:7a:a2:3a:49:ae:c4:fb:fe:f3:b6:72:59:38:60:5e:cf:12:0d:db:15:fe:f5:c9:0c:89:b1:91:59:69:d0:4a:1c:0a:86:4d:6f:66:19:22:eb:57:e3:c8:8f:b7:f6:4d:8b", - "pkcs1.publicExponent": "65537" - } - }, - "x509af.extensions": "4", - "x509af.extensions_tree": { - "x509af.Extension_element": { - "x509af.extension.id": "2.5.29.19", - "x509ce.BasicConstraintsSyntax_element": "" - }, - "x509af.Extension_element": { - "x509af.extension.id": "2.16.840.1.113730.1.13", - "ns_cert_exts.Comment": "OpenSSL Generated Certificate" - }, - "x509af.Extension_element": { - "x509af.extension.id": "2.5.29.14", - "x509ce.SubjectKeyIdentifier": "01:07:04:ee:a6:17:33:cc:2d:e5:e1:56:cd:43:0f:b2:71:42:05:02" - }, - "x509af.Extension_element": { - "x509af.extension.id": "2.5.29.35", - "x509ce.AuthorityKeyIdentifier_element": { - "x509ce.authorityCertIssuer": "1", - "x509ce.authorityCertIssuer_tree": { - "x509ce.GeneralName": "4", - "x509ce.GeneralName_tree": { - "x509ce.directoryName": "0", - "x509ce.directoryName_tree": { - "x509if.rdnSequence": "5", - "x509if.rdnSequence_tree": { - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.6", - "x509sat.CountryName": "US" - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.8", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "Minnesota" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.10", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "SmartThings" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.11", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "SmartThings" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.3", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "STCA" - } - } - } - } - } - } - }, - "x509ce.authorityCertSerialNumber": "-2877719464742176835" - } - } - } - }, - "x509af.algorithmIdentifier_element": { - "x509af.algorithm.id": "1.2.840.113549.1.1.5" - }, - "ber.bitstring.padding": "0", - "x509af.encrypted": "0f:26:11:8e:c5:ab:4b:39:27:63:dc:70:73:ad:5b:c3:b1:83:2e:2d:8d:93:d4:2a:6e:70:9a:38:75:cc:0c:c4:0d:13:ae:b5:72:2f:15:bf:44:17:4a:3d:c2:8b:15:3d:87:ce:90:01:e6:20:b4:55:04:15:30:3f:ac:1b:78:f8:ff:c0:64:74:c2:29:96:f3:5f:be:a1:59:6e:24:e4:0f:4b:08:71:22:83:e6:9a:ce:7f:64:11:05:4c:33:40:04:42:a4:bf:b0:e8:e5:50:2b:0f:7b:20:ec:53:4e:da:b4:e5:8f:3c:d1:bb:ab:95:e6:16:7a:9a:72:e5:e6:53:79" - }, - "ssl.handshake.certificate_length": "563", - "ssl.handshake.certificate": "30:82:02:2f:30:82:01:98:02:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:33:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:33:34:5a:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:eb:7c:8a:c0:0c:30:96:1b:ea:91:46:ea:ed:6b:41:f5:f0:f6:0a:16:a7:f3:cd:25:e9:4a:2c:9b:b4:66:58:54:22:a2:ad:5a:31:51:fe:85:9a:52:f5:e0:b8:45:2e:05:75:5e:fd:39:35:35:11:62:26:19:f8:7b:7d:8d:aa:73:b4:24:ab:c3:b1:08:c5:81:f1:1f:a8:3a:e6:13:ce:42:d4:67:59:3c:50:1d:6b:a2:f9:87:11:24:b5:ca:e0:cc:23:54:af:1a:9d:60:21:8e:41:4c:f9:00:4f:8e:2e:48:be:60:61:25:8a:bb:e5:16:ac:c0:01:fe:bf:6c:ee:7f:02:03:01:00:01:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:48:44:84:f7:d5:c5:67:7f:cb:ea:65:30:ba:64:5c:53:a1:6d:22:f4:de:32:75:b0:cc:53:3d:29:00:14:5a:78:1c:40:a5:2d:4e:7e:fa:c8:d6:22:c3:3e:56:3f:33:22:0b:7a:23:02:e5:75:49:94:70:27:b4:a4:a4:48:5f:77:a2:09:78:90:0e:0d:41:6d:26:a7:9f:9b:e0:16:4f:9c:16:98:14:5e:99:67:f1:cb:ff:5d:b2:7e:bf:b3:fd:c3:b3:d5:fb:3a:fe:78:2d:df:5a:6f:db:e3:3a:b0:93:6f:ed:c8:ee:58:a4:f6:95:5e:43:48:37:1e:3a:cd:63:9f", - "ssl.handshake.certificate_tree": { - "x509af.signedCertificate_element": { - "x509af.serialNumber": "-2877719464742176835", - "x509af.signature_element": { - "x509af.algorithm.id": "1.2.840.113549.1.1.5" - }, - "x509af.issuer": "0", - "x509af.issuer_tree": { - "x509if.rdnSequence": "5", - "x509if.rdnSequence_tree": { - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.6", - "x509sat.CountryName": "US" - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.8", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "Minnesota" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.10", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "SmartThings" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.11", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "SmartThings" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.3", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "STCA" - } - } - } - } - }, - "x509af.validity_element": { - "x509af.notBefore": "0", - "x509af.notBefore_tree": { - "x509af.utcTime": "15-03-05 21:25:34 (UTC)" - }, - "x509af.notAfter": "0", - "x509af.notAfter_tree": { - "x509af.utcTime": "25-03-02 21:25:34 (UTC)" - } - }, - "x509af.subject": "0", - "x509af.subject_tree": { - "x509af.rdnSequence": "5", - "x509af.rdnSequence_tree": { - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.6", - "x509sat.CountryName": "US" - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.8", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "Minnesota" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.10", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "SmartThings" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.11", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "SmartThings" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.3", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "STCA" - } - } - } - } - }, - "x509af.subjectPublicKeyInfo_element": { - "x509af.algorithm_element": { - "x509af.algorithm.id": "1.2.840.113549.1.1.1" - }, - "x509af.subjectPublicKey": "30:81:89:02:81:81:00:eb:7c:8a:c0:0c:30:96:1b:ea:91:46:ea:ed:6b:41:f5:f0:f6:0a:16:a7:f3:cd:25:e9:4a:2c:9b:b4:66:58:54:22:a2:ad:5a:31:51:fe:85:9a:52:f5:e0:b8:45:2e:05:75:5e:fd:39:35:35:11:62:26:19:f8:7b:7d:8d:aa:73:b4:24:ab:c3:b1:08:c5:81:f1:1f:a8:3a:e6:13:ce:42:d4:67:59:3c:50:1d:6b:a2:f9:87:11:24:b5:ca:e0:cc:23:54:af:1a:9d:60:21:8e:41:4c:f9:00:4f:8e:2e:48:be:60:61:25:8a:bb:e5:16:ac:c0:01:fe:bf:6c:ee:7f:02:03:01:00:01", - "x509af.subjectPublicKey_tree": { - "pkcs1.modulus": "00:eb:7c:8a:c0:0c:30:96:1b:ea:91:46:ea:ed:6b:41:f5:f0:f6:0a:16:a7:f3:cd:25:e9:4a:2c:9b:b4:66:58:54:22:a2:ad:5a:31:51:fe:85:9a:52:f5:e0:b8:45:2e:05:75:5e:fd:39:35:35:11:62:26:19:f8:7b:7d:8d:aa:73:b4:24:ab:c3:b1:08:c5:81:f1:1f:a8:3a:e6:13:ce:42:d4:67:59:3c:50:1d:6b:a2:f9:87:11:24:b5:ca:e0:cc:23:54:af:1a:9d:60:21:8e:41:4c:f9:00:4f:8e:2e:48:be:60:61:25:8a:bb:e5:16:ac:c0:01:fe:bf:6c:ee:7f", - "pkcs1.publicExponent": "65537" - } - } - }, - "x509af.algorithmIdentifier_element": { - "x509af.algorithm.id": "1.2.840.113549.1.1.5" - }, - "ber.bitstring.padding": "0", - "x509af.encrypted": "48:44:84:f7:d5:c5:67:7f:cb:ea:65:30:ba:64:5c:53:a1:6d:22:f4:de:32:75:b0:cc:53:3d:29:00:14:5a:78:1c:40:a5:2d:4e:7e:fa:c8:d6:22:c3:3e:56:3f:33:22:0b:7a:23:02:e5:75:49:94:70:27:b4:a4:a4:48:5f:77:a2:09:78:90:0e:0d:41:6d:26:a7:9f:9b:e0:16:4f:9c:16:98:14:5e:99:67:f1:cb:ff:5d:b2:7e:bf:b3:fd:c3:b3:d5:fb:3a:fe:78:2d:df:5a:6f:db:e3:3a:b0:93:6f:ed:c8:ee:58:a4:f6:95:5e:43:48:37:1e:3a:cd:63:9f" - } - } - } - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "22", - "ssl.record.version": "0x00000303", - "ssl.record.length": "205", - "ssl.handshake": { - "ssl.handshake.type": "12", - "ssl.handshake.length": "201", - "EC Diffie-Hellman Server Params": { - "ssl.handshake.server_curve_type": "0x00000003", - "ssl.handshake.server_named_curve": "0x00000017", - "ssl.handshake.server_point_len": "65", - "ssl.handshake.server_point": "04:ee:fc:45:8b:e0:cf:2e:aa:95:73:0a:92:d6:4c:63:97:ef:78:fc:b4:48:77:29:c8:0a:1c:e1:2e:05:7d:9a:a6:5b:b9:e7:a0:29:7b:fc:74:d8:d0:e3:52:2e:e2:0b:44:e9:ad:c6:32:1d:b1:b9:ba:58:7e:91:01:50:18:30:c6", - "ssl.handshake.sig_hash_alg": "0x00000601", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "6", - "ssl.handshake.sig_hash_sig": "1" - }, - "ssl.handshake.sig_len": "128", - "ssl.handshake.sig": "ab:98:8c:c7:4d:fd:55:0d:92:08:00:3b:f9:83:46:1d:b3:ed:94:b6:91:86:05:b4:da:ba:5f:74:99:28:dc:ea:72:c2:f9:92:3b:24:ff:39:aa:bf:46:91:fb:b4:f0:4b:8f:02:ec:4b:10:c3:24:5d:9f:92:ec:8f:82:5a:6b:7d:db:43:f1:bf:a6:46:a2:50:ed:22:9c:29:c6:e3:1e:6d:d4:65:03:7e:32:53:77:2e:88:cc:9d:1e:cd:6c:5f:df:32:1b:2c:fa:e7:17:26:34:e5:17:82:97:d2:22:6e:8f:2c:04:68:59:30:cd:9f:d6:90:6b:cd:c0:24:15:ac:35" - } - } - }, - "ssl.record": { - "ssl.record.content_type": "22", - "ssl.record.version": "0x00000303", - "ssl.record.length": "4", - "ssl.handshake": { - "ssl.handshake.type": "14", - "ssl.handshake.length": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:58.592984000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494458.592984000", - "frame.time_delta": "0.000580000", - "frame.time_delta_displayed": "0.000580000", - "frame.time_relative": "867.132298000", - "frame.number": "3176", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000a406", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b231", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "52.70.238.171", - "ip.addr": "52.70.238.171", - "ip.dst_host": "52.70.238.171", - "ip.host": "52.70.238.171", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.dst_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.dst_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.dst_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - } - }, - "tcp": { - "tcp.srcport": "34258", - "tcp.dstport": "443", - "tcp.port": "34258", - "tcp.port": "443", - "tcp.stream": "133", - "tcp.len": "0", - "tcp.seq": "308", - "tcp.ack": "1672", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "281", - "tcp.window_size": "17984", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x00006f87", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:03:a8:4b:45:97:f8", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2491304, TSecr 1262852088": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2491304", - "tcp.options.timestamp.tsecr": "1262852088" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3175", - "tcp.analysis.ack_rtt": "0.000580000", - "tcp.analysis.initial_rtt": "0.070783000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:58.611349000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494458.611349000", - "frame.time_delta": "0.018365000", - "frame.time_delta_displayed": "0.018365000", - "frame.time_relative": "867.150663000", - "frame.number": "3177", - "frame.len": "192", - "frame.cap_len": "192", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "178", - "ip.id": "0x0000a407", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b1b2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "52.70.238.171", - "ip.addr": "52.70.238.171", - "ip.dst_host": "52.70.238.171", - "ip.host": "52.70.238.171", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.dst_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.dst_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.dst_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - } - }, - "tcp": { - "tcp.srcport": "34258", - "tcp.dstport": "443", - "tcp.port": "34258", - "tcp.port": "443", - "tcp.stream": "133", - "tcp.len": "126", - "tcp.seq": "308", - "tcp.nxtseq": "434", - "tcp.ack": "1672", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "281", - "tcp.window_size": "17984", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000998e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:03:a9:4b:45:97:f8", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2491305, TSecr 1262852088": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2491305", - "tcp.options.timestamp.tsecr": "1262852088" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.070783000", - "tcp.analysis.bytes_in_flight": "126", - "tcp.analysis.push_bytes_sent": "126" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "22", - "ssl.record.version": "0x00000303", - "ssl.record.length": "70", - "ssl.handshake": { - "ssl.handshake.type": "16", - "ssl.handshake.length": "66", - "EC Diffie-Hellman Client Params": { - "ssl.handshake.client_point_len": "65", - "ssl.handshake.client_point": "04:e4:05:01:0a:92:4f:f8:cd:ae:e4:c1:71:00:83:da:93:89:79:a2:1b:87:ef:e7:70:a9:86:cf:1d:41:b2:d4:af:68:e0:f3:13:6b:54:ed:e5:d0:1d:df:da:22:06:37:f5:2d:50:f6:32:de:1f:24:2d:72:57:8d:9e:0f:d9:a3:aa" - } - } - }, - "ssl.record": { - "ssl.record.content_type": "20", - "ssl.record.version": "0x00000303", - "ssl.record.length": "1", - "ssl.change_cipher_spec": "" - }, - "ssl.record": { - "ssl.record.content_type": "22", - "ssl.record.version": "0x00000303", - "ssl.record.length": "40", - "ssl.handshake": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:58.681727000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494458.681727000", - "frame.time_delta": "0.070378000", - "frame.time_delta_displayed": "0.070378000", - "frame.time_relative": "867.221041000", - "frame.number": "3178", - "frame.len": "117", - "frame.cap_len": "117", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "103", - "ip.id": "0x0000fce0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "231", - "ip.proto": "6", - "ip.checksum": "0x0000b223", - "ip.checksum.status": "2", - "ip.src": "52.70.238.171", - "ip.addr": "52.70.238.171", - "ip.src_host": "52.70.238.171", - "ip.host": "52.70.238.171", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.src_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.src_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.src_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "34258", - "tcp.port": "443", - "tcp.port": "34258", - "tcp.stream": "133", - "tcp.len": "51", - "tcp.seq": "1672", - "tcp.nxtseq": "1723", - "tcp.ack": "434", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "110", - "tcp.window_size": "28160", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00003411", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:4b:45:98:0f:00:26:03:a9", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 1262852111, TSecr 2491305": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "1262852111", - "tcp.options.timestamp.tsecr": "2491305" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3177", - "tcp.analysis.ack_rtt": "0.070378000", - "tcp.analysis.initial_rtt": "0.070783000", - "tcp.analysis.bytes_in_flight": "51", - "tcp.analysis.push_bytes_sent": "51" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "20", - "ssl.record.version": "0x00000303", - "ssl.record.length": "1", - "ssl.change_cipher_spec": "" - }, - "ssl.record": { - "ssl.record.content_type": "22", - "ssl.record.version": "0x00000303", - "ssl.record.length": "40", - "ssl.handshake": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:58.682878000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494458.682878000", - "frame.time_delta": "0.001151000", - "frame.time_delta_displayed": "0.001151000", - "frame.time_relative": "867.222192000", - "frame.number": "3179", - "frame.len": "135", - "frame.cap_len": "135", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "121", - "ip.id": "0x0000a408", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b1ea", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "52.70.238.171", - "ip.addr": "52.70.238.171", - "ip.dst_host": "52.70.238.171", - "ip.host": "52.70.238.171", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.dst_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.dst_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.dst_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - } - }, - "tcp": { - "tcp.srcport": "34258", - "tcp.dstport": "443", - "tcp.port": "34258", - "tcp.port": "443", - "tcp.stream": "133", - "tcp.len": "69", - "tcp.seq": "434", - "tcp.nxtseq": "503", - "tcp.ack": "1723", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "281", - "tcp.window_size": "17984", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x00000c52", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:03:b0:4b:45:98:0f", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2491312, TSecr 1262852111": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2491312", - "tcp.options.timestamp.tsecr": "1262852111" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3178", - "tcp.analysis.ack_rtt": "0.001151000", - "tcp.analysis.initial_rtt": "0.070783000", - "tcp.analysis.bytes_in_flight": "69", - "tcp.analysis.push_bytes_sent": "69" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "64", - "ssl.app_data": "67:0f:57:86:63:76:3e:ee:89:8b:30:76:a8:24:93:d8:2b:74:7c:a9:05:24:4f:57:c3:4b:44:44:58:6c:68:54:25:f7:72:3f:35:4f:22:71:da:2b:c1:1d:fe:e3:7a:51:f9:6b:4c:38:88:b1:0f:d0:b3:16:27:72:c2:46:79:b9" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:58.754031000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494458.754031000", - "frame.time_delta": "0.071153000", - "frame.time_delta_displayed": "0.071153000", - "frame.time_relative": "867.293345000", - "frame.number": "3180", - "frame.len": "135", - "frame.cap_len": "135", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "121", - "ip.id": "0x0000fce1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "231", - "ip.proto": "6", - "ip.checksum": "0x0000b210", - "ip.checksum.status": "2", - "ip.src": "52.70.238.171", - "ip.addr": "52.70.238.171", - "ip.src_host": "52.70.238.171", - "ip.host": "52.70.238.171", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.src_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.src_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.src_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "34258", - "tcp.port": "443", - "tcp.port": "34258", - "tcp.stream": "133", - "tcp.len": "69", - "tcp.seq": "1723", - "tcp.nxtseq": "1792", - "tcp.ack": "503", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "110", - "tcp.window_size": "28160", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00007d5f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:4b:45:98:21:00:26:03:b0", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 1262852129, TSecr 2491312": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "1262852129", - "tcp.options.timestamp.tsecr": "2491312" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3179", - "tcp.analysis.ack_rtt": "0.071153000", - "tcp.analysis.initial_rtt": "0.070783000", - "tcp.analysis.bytes_in_flight": "69", - "tcp.analysis.push_bytes_sent": "69" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "64", - "ssl.app_data": "5d:d4:a8:41:f6:2d:2e:bb:7e:24:44:07:ee:16:18:1a:37:00:15:38:1f:ec:ee:6f:3b:c2:9e:3b:ff:94:0a:40:bd:a0:ce:2e:4e:cc:f2:00:ad:90:4c:21:55:1c:ae:bd:a6:ed:6d:62:e5:6a:79:8a:6e:78:f9:69:73:8a:10:f9" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:58.754979000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494458.754979000", - "frame.time_delta": "0.000948000", - "frame.time_delta_displayed": "0.000948000", - "frame.time_relative": "867.294293000", - "frame.number": "3181", - "frame.len": "555", - "frame.cap_len": "555", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "541", - "ip.id": "0x0000a409", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b045", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "52.70.238.171", - "ip.addr": "52.70.238.171", - "ip.dst_host": "52.70.238.171", - "ip.host": "52.70.238.171", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.dst_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.dst_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.dst_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - } - }, - "tcp": { - "tcp.srcport": "34258", - "tcp.dstport": "443", - "tcp.port": "34258", - "tcp.port": "443", - "tcp.stream": "133", - "tcp.len": "489", - "tcp.seq": "503", - "tcp.nxtseq": "992", - "tcp.ack": "1792", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "281", - "tcp.window_size": "17984", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000f54a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:03:b8:4b:45:98:21", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2491320, TSecr 1262852129": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2491320", - "tcp.options.timestamp.tsecr": "1262852129" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3180", - "tcp.analysis.ack_rtt": "0.000948000", - "tcp.analysis.initial_rtt": "0.070783000", - "tcp.analysis.bytes_in_flight": "489", - "tcp.analysis.push_bytes_sent": "489" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "484", - "ssl.app_data": "67:0f:57:86:63:76:3e:ef:66:0b:01:d6:9a:c9:ed:35:1e:61:a7:95:dd:c9:50:60:86:02:9d:3e:2b:43:30:79:12:e5:ab:f7:91:56:f3:ce:61:6f:d1:a0:0d:57:1f:d6:1f:22:c2:01:36:c1:18:a9:ec:2b:66:63:b6:de:ad:35:78:ba:06:d1:03:fb:43:f3:85:6d:54:45:2f:b6:59:8a:d2:ea:d4:42:43:6b:e3:3f:33:5d:e0:02:5e:bf:37:db:26:be:f2:f7:59:d6:53:9f:a5:a4:6e:15:35:9c:18:45:50:ba:26:0a:06:51:c2:ac:a5:d5:76:3f:ad:17:ec:aa:8d:66:70:5c:a4:1c:0f:02:b9:13:08:fb:29:87:e8:0e:26:26:cb:7c:b3:38:b4:1e:12:02:fe:81:cb:e6:c0:0e:5e:01:a6:d8:db:e5:d2:3e:a4:ba:fb:cf:0c:53:70:ba:2f:05:89:93:07:e3:b1:55:72:c3:40:11:52:34:f0:a1:27:0e:a1:25:1d:93:05:c7:98:3e:14:5a:ae:a5:cc:31:70:65:9e:ac:2f:8a:5d:90:41:be:ee:04:d2:23:33:c0:be:d7:4a:49:08:5f:a4:10:78:d9:2f:30:69:f0:01:26:ae:b3:4b:bd:68:7f:40:06:f2:e9:f4:1f:24:0c:9c:17:0c:0a:80:f5:61:46:6b:e9:4b:78:df:2e:84:c3:b1:50:b5:a9:d9:1e:ce:71:fd:dd:b9:16:ce:83:ca:e8:a3:3b:69:ad:34:11:f4:c4:52:5c:81:63:15:4e:b8:ba:fd:c3:3b:cb:8c:5a:9e:52:30:92:19:93:a3:06:f8:a3:84:45:ed:e9:43:54:5a:32:d6:1a:aa:24:fe:4e:53:c9:95:7f:68:d6:54:c8:4c:73:21:fd:11:0f:26:a9:3d:49:e8:ec:8f:cd:a0:e5:97:d0:ad:ac:7d:3d:8d:f1:5b:70:34:4e:5e:73:08:9d:af:c4:88:98:7a:4f:1b:f5:f1:3e:28:1b:36:e5:94:8d:6b:ce:e1:fd:78:8a:37:e5:2e:0e:30:09:b6:de:b0:ee:2c:2a:12:3c:35:4b:c3:89:6a:4a:dd:b3:f9:ae:92:8e:83:07:ac:07:7d:91:e8:de:ba:57:91:2c:b7:63:75:68:55:8c:93:61:08:81:7c:92:9b:1f:fc:72:fa:f6:e0:66:1d:e9:34:11:e5:52:a1:e8:18:10:60:a6:09:77:bb:b4:33:fb:95:b0:fb:f8:05:5e:a4:e3:81:97:65:47:35:3c" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:58.826268000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494458.826268000", - "frame.time_delta": "0.071289000", - "frame.time_delta_displayed": "0.071289000", - "frame.time_relative": "867.365582000", - "frame.number": "3182", - "frame.len": "141", - "frame.cap_len": "141", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "127", - "ip.id": "0x0000fce2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "231", - "ip.proto": "6", - "ip.checksum": "0x0000b209", - "ip.checksum.status": "2", - "ip.src": "52.70.238.171", - "ip.addr": "52.70.238.171", - "ip.src_host": "52.70.238.171", - "ip.host": "52.70.238.171", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.src_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.src_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.src_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "34258", - "tcp.port": "443", - "tcp.port": "34258", - "tcp.stream": "133", - "tcp.len": "75", - "tcp.seq": "1792", - "tcp.nxtseq": "1867", - "tcp.ack": "992", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "114", - "tcp.window_size": "29184", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000b11b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:4b:45:98:33:00:26:03:b8", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 1262852147, TSecr 2491320": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "1262852147", - "tcp.options.timestamp.tsecr": "2491320" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3181", - "tcp.analysis.ack_rtt": "0.071289000", - "tcp.analysis.initial_rtt": "0.070783000", - "tcp.analysis.bytes_in_flight": "75", - "tcp.analysis.push_bytes_sent": "75" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "70", - "ssl.app_data": "5d:d4:a8:41:f6:2d:2e:bc:60:ad:41:65:dc:8d:83:eb:8a:96:e2:15:0a:81:ba:16:78:bb:43:76:e1:58:c7:b8:bc:51:09:ab:a9:ce:36:8a:3b:a7:3b:9e:ab:7f:fb:a4:e6:5a:b7:89:56:ad:6f:b0:6a:b4:d3:e3:f9:f7:2d:0c:81:01:5f:ab:19:fc" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:58.827031000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494458.827031000", - "frame.time_delta": "0.000763000", - "frame.time_delta_displayed": "0.000763000", - "frame.time_relative": "867.366345000", - "frame.number": "3183", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000a40a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b22d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "52.70.238.171", - "ip.addr": "52.70.238.171", - "ip.dst_host": "52.70.238.171", - "ip.host": "52.70.238.171", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.dst_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.dst_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.dst_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - } - }, - "tcp": { - "tcp.srcport": "34258", - "tcp.dstport": "443", - "tcp.port": "34258", - "tcp.port": "443", - "tcp.stream": "133", - "tcp.len": "0", - "tcp.seq": "992", - "tcp.ack": "1867", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "281", - "tcp.window_size": "17984", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x00006bc5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:03:bf:4b:45:98:33", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2491327, TSecr 1262852147": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2491327", - "tcp.options.timestamp.tsecr": "1262852147" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3182", - "tcp.analysis.ack_rtt": "0.000763000", - "tcp.analysis.initial_rtt": "0.070783000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:58.897025000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494458.897025000", - "frame.time_delta": "0.069994000", - "frame.time_delta_displayed": "0.069994000", - "frame.time_relative": "867.436339000", - "frame.number": "3184", - "frame.len": "97", - "frame.cap_len": "97", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "83", - "ip.id": "0x0000fce3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "231", - "ip.proto": "6", - "ip.checksum": "0x0000b234", - "ip.checksum.status": "2", - "ip.src": "52.70.238.171", - "ip.addr": "52.70.238.171", - "ip.src_host": "52.70.238.171", - "ip.host": "52.70.238.171", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.src_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.src_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.src_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "34258", - "tcp.port": "443", - "tcp.port": "34258", - "tcp.stream": "133", - "tcp.len": "31", - "tcp.seq": "1867", - "tcp.nxtseq": "1898", - "tcp.ack": "993", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "114", - "tcp.window_size": "29184", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00004f86", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:4b:45:98:45:00:26:03:bf", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 1262852165, TSecr 2491327": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "1262852165", - "tcp.options.timestamp.tsecr": "2491327" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3183", - "tcp.analysis.ack_rtt": "0.069994000", - "tcp.analysis.initial_rtt": "0.070783000", - "tcp.analysis.bytes_in_flight": "31", - "tcp.analysis.push_bytes_sent": "31" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "21", - "ssl.record.version": "0x00000303", - "ssl.record.length": "26", - "ssl.alert_message": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:58.897110000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494458.897110000", - "frame.time_delta": "0.000085000", - "frame.time_delta_displayed": "0.000085000", - "frame.time_relative": "867.436424000", - "frame.number": "3185", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000fce4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "231", - "ip.proto": "6", - "ip.checksum": "0x0000b252", - "ip.checksum.status": "2", - "ip.src": "52.70.238.171", - "ip.addr": "52.70.238.171", - "ip.src_host": "52.70.238.171", - "ip.host": "52.70.238.171", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.src_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.src_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.src_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "34258", - "tcp.port": "443", - "tcp.port": "34258", - "tcp.stream": "133", - "tcp.len": "0", - "tcp.seq": "1898", - "tcp.ack": "993", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "114", - "tcp.window_size": "29184", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00006c3a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:4b:45:98:45:00:26:03:bf", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 1262852165, TSecr 2491327": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "1262852165", - "tcp.options.timestamp.tsecr": "2491327" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:58.897536000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494458.897536000", - "frame.time_delta": "0.000426000", - "frame.time_delta_displayed": "0.000426000", - "frame.time_relative": "867.436850000", - "frame.number": "3186", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e292", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000073b1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "52.70.238.171", - "ip.addr": "52.70.238.171", - "ip.dst_host": "52.70.238.171", - "ip.host": "52.70.238.171", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.dst_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.dst_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.dst_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - } - }, - "tcp": { - "tcp.srcport": "34258", - "tcp.dstport": "443", - "tcp.port": "34258", - "tcp.port": "443", - "tcp.stream": "133", - "tcp.len": "0", - "tcp.seq": "993", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x000044b4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:00:58.897548000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494458.897548000", - "frame.time_delta": "0.000012000", - "frame.time_delta_displayed": "0.000012000", - "frame.time_relative": "867.436862000", - "frame.number": "3187", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e293", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000073b0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "52.70.238.171", - "ip.addr": "52.70.238.171", - "ip.dst_host": "52.70.238.171", - "ip.host": "52.70.238.171", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.dst_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.dst_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.dst_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - } - }, - "tcp": { - "tcp.srcport": "34258", - "tcp.dstport": "443", - "tcp.port": "34258", - "tcp.port": "443", - "tcp.stream": "133", - "tcp.len": "0", - "tcp.seq": "993", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x000044b4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:00.594823000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494460.594823000", - "frame.time_delta": "1.697275000", - "frame.time_delta_displayed": "1.697275000", - "frame.time_relative": "869.134137000", - "frame.number": "3188", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001da6", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000ba4a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00000d92", - "udp.checksum.status": "2", - "udp.stream": "16" - }, - "mdns": { - "dns.id": "0x00000270", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=624", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:00.595378000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494460.595378000", - "frame.time_delta": "0.000555000", - "frame.time_delta_displayed": "0.000555000", - "frame.time_relative": "869.134692000", - "frame.number": "3189", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001da7", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009b45", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000ee8d", - "udp.checksum.status": "2", - "udp.stream": "17" - }, - "mdns": { - "dns.id": "0x00000270", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=624", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:00.595976000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494460.595976000", - "frame.time_delta": "0.000598000", - "frame.time_delta_displayed": "0.000598000", - "frame.time_relative": "869.135290000", - "frame.number": "3190", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1319", - "udp.dstport": "5353", - "udp.port": "1319", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00007c53", - "udp.checksum.status": "2", - "udp.stream": "18" - }, - "mdns": { - "dns.id": "0x00000270", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=624", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:00.630326000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494460.630326000", - "frame.time_delta": "0.034350000", - "frame.time_delta_displayed": "0.034350000", - "frame.time_relative": "869.169640000", - "frame.number": "3191", - "frame.len": "354", - "frame.cap_len": "354", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "340", - "ip.id": "0x00002c84", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037db", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "288", - "tcp.seq": "8302", - "tcp.nxtseq": "8590", - "tcp.ack": "35396", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00000d4d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:4c:21:00:26:03:61", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812169249, TSecr 2491233": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812169249", - "tcp.options.timestamp.tsecr": "2491233" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "288", - "tcp.analysis.push_bytes_sent": "288" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "283", - "ssl.app_data": "34:cd:34:17:47:48:0e:66:70:d7:08:18:94:c4:2b:ae:f3:92:68:e1:a8:34:c2:61:66:bc:8d:3d:34:c6:50:e6:91:d4:57:dd:84:c2:73:72:b2:b8:22:9e:3d:78:b3:4f:b5:3e:5c:20:54:df:e4:11:d1:23:0a:52:5f:59:7f:63:ae:84:c9:b9:9e:e5:04:06:5a:31:95:45:97:5b:a3:6e:94:9d:d8:3a:22:55:cb:ee:4b:c5:db:5e:b9:97:7d:4f:de:1c:4e:25:c9:0f:95:a1:6f:10:0a:cb:69:c3:a5:bf:ac:86:75:5c:76:2a:67:d3:ae:16:29:85:bb:a2:71:ec:c9:92:c6:74:4f:57:70:99:9e:46:2e:e3:71:9b:10:2f:64:9a:e4:25:0f:50:94:ea:18:69:82:f4:12:8a:da:76:4f:90:7d:37:14:27:1f:c9:07:ac:ea:3d:fd:da:bd:03:7f:7a:65:e0:57:0c:51:10:57:52:26:2e:50:dc:be:77:b2:5d:c9:0f:6d:3d:24:98:be:db:48:43:eb:33:51:3d:ac:9a:61:59:86:f5:86:fe:ad:3e:8c:25:16:54:39:e1:65:63:aa:57:7f:73:e3:f9:4b:8e:7f:e3:ed:9c:07:2c:94:79:92:50:c4:29:08:21:13:bf:b1:cb:9e:46:88:2a:93:e9:03:eb:8f:59:69:7b:82:08:84:13:23:42:a4:ea:cc:ab:00:19:05:01:b1:d2:62:e3:b8" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:00.651112000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494460.651112000", - "frame.time_delta": "0.020786000", - "frame.time_delta_displayed": "0.020786000", - "frame.time_relative": "869.190426000", - "frame.number": "3192", - "frame.len": "119", - "frame.cap_len": "119", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "105", - "ip.id": "0x0000958a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000077c0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "53", - "tcp.seq": "35396", - "tcp.nxtseq": "35449", - "tcp.ack": "8590", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000edad", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:04:75:a7:9e:4c:21", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2491509, TSecr 2812169249": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2491509", - "tcp.options.timestamp.tsecr": "2812169249" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3191", - "tcp.analysis.ack_rtt": "0.020786000", - "tcp.analysis.bytes_in_flight": "53", - "tcp.analysis.push_bytes_sent": "53" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "48", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:39:ae:e5:41:2c:9e:dc:b4:ea:53:ab:41:04:23:8e:fa:08:28:22:21:5c:e4:f4:ba:4d:7a:b0:16:73:76:3f:01:77:bd:87:e7:41:a8:97:f5:61" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:00.711239000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494460.711239000", - "frame.time_delta": "0.060127000", - "frame.time_delta_displayed": "0.060127000", - "frame.time_relative": "869.250553000", - "frame.number": "3193", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c85", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038fa", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "8590", - "tcp.ack": "35449", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000abda", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:4c:36:00:26:04:75", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812169270, TSecr 2491509": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812169270", - "tcp.options.timestamp.tsecr": "2491509" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3192", - "tcp.analysis.ack_rtt": "0.060127000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:00.711795000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494460.711795000", - "frame.time_delta": "0.000556000", - "frame.time_delta_displayed": "0.000556000", - "frame.time_relative": "869.251109000", - "frame.number": "3194", - "frame.len": "765", - "frame.cap_len": "765", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "751", - "ip.id": "0x0000958b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007539", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "699", - "tcp.seq": "35449", - "tcp.nxtseq": "36148", - "tcp.ack": "8590", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00003da5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:04:7b:a7:9e:4c:36", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2491515, TSecr 2812169270": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2491515", - "tcp.options.timestamp.tsecr": "2812169270" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "699", - "tcp.analysis.push_bytes_sent": "699" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:3a:25:10:56:b3:7b:79:55:44:89:46:c9:42:f1:b7:42:52:70:a4:e6:6d:8d:b4:3e:35:f3:8b:91:6b:c4:d2:0f:3a:55:a0:bf:d7:0c:09:a5:75:1f" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "96", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:3b:ba:c1:8e:73:97:a7:55:59:7f:5b:f9:a6:65:65:a1:a4:59:de:9e:62:8d:25:bc:cb:e4:9d:fb:ca:4f:b7:ca:cf:c5:a5:ea:03:77:61:8d:78:40:d6:03:54:0f:7e:41:47:a8:5c:a2:28:c8:75:8f:11:7f:28:04:cf:dd:42:df:86:9f:37:60:1b:b3:e3:41:2e:9d:70:86:34:e6:81:ee:20:1f:a9:b8:61:a3:5f:3d:6b" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "539", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:3c:85:ed:5e:0e:d7:a7:48:b3:ae:27:d8:21:a6:f6:8c:ca:56:74:42:e2:fc:20:57:f1:56:76:93:fd:0f:b2:a7:3f:f3:4a:c7:42:d2:e7:d7:23:e1:9a:32:fb:06:42:29:ab:7e:c9:c9:b8:af:22:2b:78:fc:d6:1c:76:9e:fc:3b:c0:16:f3:38:30:bf:d3:3b:bb:44:5d:fc:83:bf:43:2a:32:6b:1b:69:8a:28:65:3a:b1:57:a1:d1:74:10:6d:d4:58:34:60:e1:3a:a0:ec:b1:11:9c:56:fb:a7:11:1d:2f:2e:30:17:0f:02:f3:81:89:0a:a6:70:fa:b9:95:c9:15:32:08:59:ff:51:ea:20:16:4a:3b:a7:3c:30:51:98:8d:04:b8:c1:4d:0c:13:03:64:a6:9d:77:3f:72:21:9d:85:7d:9e:86:1a:34:4d:91:cb:03:96:79:cb:11:db:97:4e:ec:3d:db:e3:35:2c:b5:0d:3b:d2:87:9a:7d:90:b8:99:4d:ec:1e:7c:e3:fa:c1:b5:fd:27:8d:52:5c:a7:17:f8:4e:35:76:5a:aa:a5:56:8d:d1:76:d0:27:9d:e0:b2:82:f2:28:e0:39:82:1b:a1:60:b4:28:4e:9e:36:13:3d:de:16:4d:5d:80:6c:c1:87:b3:30:e6:1d:63:eb:55:54:de:84:1c:2a:93:8f:8b:35:48:71:d8:8e:5d:47:65:c6:ef:f6:95:b3:75:48:f7:e6:f6:9c:6c:69:e2:7c:8e:cf:dd:b6:af:01:4b:15:82:5e:9c:12:b6:7e:59:f8:3f:6a:de:72:df:af:28:be:9a:d7:f2:a3:c1:c2:14:5e:08:9a:1e:1a:fb:14:d4:99:cb:ff:65:00:4c:8e:62:68:4a:7f:1d:29:aa:e9:c8:0e:62:e6:05:00:5b:62:d4:67:a0:2b:61:dc:c5:5c:cd:43:fa:cf:c3:10:cf:31:c4:fb:cf:67:3e:b0:af:85:df:48:b0:74:99:37:24:e6:e0:d6:ea:6a:d0:d7:08:63:9a:e0:c2:a9:e6:fd:cc:d7:f2:ef:9b:f5:12:ca:82:7a:6b:31:40:63:d1:9b:cb:4a:4e:a9:40:5c:30:2a:ca:34:6c:df:79:cc:38:e3:25:72:62:64:78:a2:24:92:1d:a4:4f:8f:ce:51:ae:f2:4d:1c:cf:08:fd:3d:e7:61:11:89:24:c2:92:2d:bd:b8:22:42:c8:8e:79:a6:7e:3a:6f:89:12:d5:02:f6:92:e4:cf:ab:e0:9b:29:a9:8a:91:cc:5f:8e:e5:d4:9e:51:2b:a8:72:81:cf:7c:69:0d:de:f4:78:cc:c8:29:1e:8e:c4:56:f8:43:82:7e:29:e5:0b:d1:3d:55:70:34:59:aa:fe:40:88:f3:6a:b0:b0:9e:f0:4c:72:5d" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:00.772004000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494460.772004000", - "frame.time_delta": "0.060209000", - "frame.time_delta_displayed": "0.060209000", - "frame.time_relative": "869.311318000", - "frame.number": "3195", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c86", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038f9", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "8590", - "tcp.ack": "36148", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000a90a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:4c:45:00:26:04:7b", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812169285, TSecr 2491515": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812169285", - "tcp.options.timestamp.tsecr": "2491515" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3194", - "tcp.analysis.ack_rtt": "0.060209000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:01.049028000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494461.049028000", - "frame.time_delta": "0.277024000", - "frame.time_delta_displayed": "0.277024000", - "frame.time_relative": "869.588342000", - "frame.number": "3196", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "106", - "ip.id": "0x0000958c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000077bd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "54", - "tcp.seq": "36148", - "tcp.nxtseq": "36202", - "tcp.ack": "8590", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00000603", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:04:9d:a7:9e:4c:45", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2491549, TSecr 2812169285": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2491549", - "tcp.options.timestamp.tsecr": "2812169285" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "54", - "tcp.analysis.push_bytes_sent": "54" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:3d:b8:20:ed:7d:ad:85:a9:62:3b:f2:10:2e:1f:4e:d1:6b:44:b6:1c:a8:f2:5b:d7:9e:fa:17:a3:8d:ac:62:03:1c:4a:53:5a:b9:af:00:3d:71:55" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:01.109344000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494461.109344000", - "frame.time_delta": "0.060316000", - "frame.time_delta_displayed": "0.060316000", - "frame.time_relative": "869.648658000", - "frame.number": "3197", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c87", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038f8", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "8590", - "tcp.ack": "36202", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000a85e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:4c:99:00:26:04:9d", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812169369, TSecr 2491549": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812169369", - "tcp.options.timestamp.tsecr": "2491549" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3196", - "tcp.analysis.ack_rtt": "0.060316000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:03.337659000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494463.337659000", - "frame.time_delta": "2.228315000", - "frame.time_delta_displayed": "2.228315000", - "frame.time_relative": "871.876973000", - "frame.number": "3198", - "frame.len": "354", - "frame.cap_len": "354", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "340", - "ip.id": "0x00002c88", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037d7", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "288", - "tcp.seq": "8590", - "tcp.nxtseq": "8878", - "tcp.ack": "36202", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000918e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:4e:c6:00:26:04:9d", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812169926, TSecr 2491549": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812169926", - "tcp.options.timestamp.tsecr": "2491549" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "288", - "tcp.analysis.push_bytes_sent": "288" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "283", - "ssl.app_data": "34:cd:34:17:47:48:0e:67:79:2b:83:81:6c:f3:db:22:cc:6b:b3:90:e6:0d:4f:c3:73:17:a0:bc:e8:e6:57:a9:cf:1e:1a:5e:53:38:88:97:d9:db:a8:44:24:ea:90:f3:00:ba:1d:fc:b0:11:57:f7:e6:7c:2e:f6:3e:3a:fb:16:15:79:ab:53:e4:3c:b7:65:d5:52:8a:2f:d6:f8:b0:40:d4:76:fe:78:42:67:da:d5:30:d9:a9:68:6b:10:ff:2e:78:4a:83:9e:4d:82:7a:7e:66:e5:82:42:1c:ea:43:f3:d7:35:8f:f3:f7:f1:40:dc:2f:c7:1e:62:0e:9f:b4:8d:5b:25:c9:26:1e:47:5c:a2:0b:7b:62:98:78:cd:7d:72:e7:65:06:38:1a:1a:fc:5a:13:92:0c:d5:3f:0a:b0:29:1b:e2:e7:a8:c1:46:9a:16:c3:85:e1:95:e1:2b:1e:32:47:0d:ca:1b:bd:ad:08:43:93:98:79:66:56:8c:ce:37:0d:12:11:c4:2c:00:8e:25:e3:ed:d5:1b:5d:7a:46:c8:61:02:6b:c7:b9:55:ad:53:15:a3:ba:47:b0:4e:4d:4a:44:25:a6:26:ea:d9:c5:96:9c:de:85:03:33:12:2e:9d:50:8a:b8:96:53:2b:3f:81:8e:92:cb:c5:44:ad:0f:4b:8f:f6:a1:4b:67:e4:48:7c:bf:f3:28:9f:7c:f1:64:57:da:1a:50:ee:18:8e:ef:c1:87:76:96" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:03.352258000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494463.352258000", - "frame.time_delta": "0.014599000", - "frame.time_delta_displayed": "0.014599000", - "frame.time_relative": "871.891572000", - "frame.number": "3199", - "frame.len": "119", - "frame.cap_len": "119", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "105", - "ip.id": "0x0000958d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000077bd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "53", - "tcp.seq": "36202", - "tcp.nxtseq": "36255", - "tcp.ack": "8878", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000ab69", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:05:83:a7:9e:4e:c6", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2491779, TSecr 2812169926": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2491779", - "tcp.options.timestamp.tsecr": "2812169926" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3198", - "tcp.analysis.ack_rtt": "0.014599000", - "tcp.analysis.bytes_in_flight": "53", - "tcp.analysis.push_bytes_sent": "53" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "48", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:3e:8f:85:ca:9c:a5:99:b8:ec:13:59:d8:ae:fb:51:48:2c:5b:e8:43:a6:33:73:ff:3a:ae:8f:d4:2d:cd:94:a4:49:d0:66:3d:27:10:4f:a8:ce" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:03.412343000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494463.412343000", - "frame.time_delta": "0.060085000", - "frame.time_delta_displayed": "0.060085000", - "frame.time_relative": "871.951657000", - "frame.number": "3200", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c89", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038f6", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "8878", - "tcp.ack": "36255", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000a3e3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:4e:d9:00:26:05:83", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812169945, TSecr 2491779": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812169945", - "tcp.options.timestamp.tsecr": "2491779" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3199", - "tcp.analysis.ack_rtt": "0.060085000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:03.412882000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494463.412882000", - "frame.time_delta": "0.000539000", - "frame.time_delta_displayed": "0.000539000", - "frame.time_relative": "871.952196000", - "frame.number": "3201", - "frame.len": "765", - "frame.cap_len": "765", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "751", - "ip.id": "0x0000958e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007536", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "699", - "tcp.seq": "36255", - "tcp.nxtseq": "36954", - "tcp.ack": "8878", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00000782", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:05:8a:a7:9e:4e:d9", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2491786, TSecr 2812169945": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2491786", - "tcp.options.timestamp.tsecr": "2812169945" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "699", - "tcp.analysis.push_bytes_sent": "699" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:3f:9e:c7:da:55:b8:ea:97:e7:30:99:53:e3:6d:7a:9c:96:ae:9b:61:e6:f3:68:83:e9:48:8e:c9:86:32:6f:4e:7e:92:eb:bf:e4:ed:0a:0e:26:ef" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "96", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:40:8d:b5:03:17:e9:07:c9:21:dd:69:e6:5f:f9:20:e7:8d:16:2a:83:24:39:70:ea:0e:87:8f:d9:22:a0:99:d6:ba:d9:eb:5d:fd:41:9c:c8:c8:46:93:df:2f:da:68:2f:02:1c:29:c5:5c:78:ca:04:2f:4f:35:22:1b:92:2b:42:6f:53:56:05:d7:02:9c:2b:d6:b8:28:d0:39:7f:0f:86:be:06:8c:14:24:bc:9a:a6:46" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "539", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:41:c4:9b:e4:b9:78:38:79:c2:2f:0d:2e:53:24:1c:67:c9:d9:9a:c8:8d:37:5b:9b:38:2d:9c:d6:89:8a:cc:34:c2:eb:11:66:eb:7d:5b:f9:a7:86:fa:36:84:11:a8:48:47:63:63:de:80:58:14:41:26:9f:2d:17:1d:ae:0b:7d:09:7e:6a:f0:f3:ec:6b:f5:a0:80:ea:37:4e:d2:59:27:8a:e4:e8:8d:30:a8:38:f8:dd:bd:91:2e:28:d1:5c:a4:ee:6d:0a:3c:a5:f5:6e:f4:c5:01:a7:dd:31:79:a7:0c:91:40:98:67:aa:6b:ab:c8:42:1b:98:bf:2d:16:09:45:3e:5a:aa:e0:13:34:12:61:cb:23:82:b5:75:e9:a8:f2:84:6c:2f:37:2b:4c:92:e9:9f:38:bc:b8:6b:86:04:25:db:22:4d:cb:74:4b:22:bd:f7:0b:7a:bf:74:e2:a6:6c:91:f3:5f:4a:00:ca:e8:97:99:c8:c8:32:3e:b3:60:75:57:a3:90:18:16:69:82:20:b6:ca:be:03:44:6d:bd:67:86:ef:55:5b:cf:b3:4f:05:85:ef:42:cd:b4:3f:69:16:e6:a5:ca:dc:a7:8c:77:72:fc:85:77:ec:c3:46:1d:8e:9e:3d:ff:e7:6b:13:f0:53:68:9a:7a:a3:73:a4:d4:67:19:5e:ce:75:10:31:f2:65:82:ae:3a:ab:ea:45:3a:4f:64:d4:17:c8:26:00:bd:55:b6:ff:5a:30:5c:05:73:14:e9:00:53:df:a4:94:10:23:93:d0:b1:02:96:a9:56:2b:54:ce:fa:07:18:9b:e8:cc:fa:49:ab:f8:84:a2:1f:4f:a0:84:2f:55:42:2d:36:83:30:42:4a:74:ea:94:73:f5:d0:10:95:99:4d:b7:c5:fd:a0:2f:f2:fe:84:16:eb:5c:00:b6:85:a7:0d:f7:8b:b3:77:0e:9b:f7:c7:94:8c:c2:09:b2:21:fa:bb:b0:02:5d:af:53:0b:a0:94:48:84:36:73:2d:99:1c:15:61:75:ed:f3:81:3d:03:d4:4b:eb:12:08:09:80:b8:d0:c4:0e:5d:74:1e:82:05:df:dc:62:7d:e3:98:b0:37:bc:cf:97:8c:6c:62:cd:9a:4e:63:29:c6:c7:40:19:00:68:84:fa:70:d9:0b:a4:a5:2c:a8:37:2b:e8:80:d5:1d:a5:b4:50:7b:d4:0b:13:6a:9e:7c:62:e7:47:4d:c1:35:06:06:ca:15:e9:39:46:49:fc:61:59:c1:7c:07:c1:ca:88:cb:e3:f5:23:79:f8:74:4c:27:26:1b:b6:8e:a5:f0:0c:f5:2e:f4:f2:d3:3c:9f:d5:a6:ff:c7:6b:27:92:53:27:c3:a8:66:8f:d5:e2:9e:82:3a:5c:d0:81:45:ad:8d" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:03.473067000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494463.473067000", - "frame.time_delta": "0.060185000", - "frame.time_delta_displayed": "0.060185000", - "frame.time_relative": "872.012381000", - "frame.number": "3202", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c8a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038f5", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "8878", - "tcp.ack": "36954", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000a112", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:4e:e8:00:26:05:8a", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812169960, TSecr 2491786": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812169960", - "tcp.options.timestamp.tsecr": "2491786" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3201", - "tcp.analysis.ack_rtt": "0.060185000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:03.759864000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494463.759864000", - "frame.time_delta": "0.286797000", - "frame.time_delta_displayed": "0.286797000", - "frame.time_relative": "872.299178000", - "frame.number": "3203", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "106", - "ip.id": "0x0000958f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000077ba", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "54", - "tcp.seq": "36954", - "tcp.nxtseq": "37008", - "tcp.ack": "8878", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000fa66", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:05:ac:a7:9e:4e:e8", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2491820, TSecr 2812169960": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2491820", - "tcp.options.timestamp.tsecr": "2812169960" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "54", - "tcp.analysis.push_bytes_sent": "54" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:42:64:5b:41:17:ae:cf:b8:f3:03:72:0b:76:b8:f2:58:7e:0a:9e:d1:ba:d4:0e:ce:cc:e3:bd:48:14:c7:9d:60:0a:f0:50:79:3a:19:1e:3b:74:7e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:03.820031000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494463.820031000", - "frame.time_delta": "0.060167000", - "frame.time_delta_displayed": "0.060167000", - "frame.time_relative": "872.359345000", - "frame.number": "3204", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c8b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038f4", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "8878", - "tcp.ack": "37008", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000a063", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:4f:3f:00:26:05:ac", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812170047, TSecr 2491820": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812170047", - "tcp.options.timestamp.tsecr": "2491820" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3203", - "tcp.analysis.ack_rtt": "0.060167000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:04.560185000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494464.560185000", - "frame.time_delta": "0.740154000", - "frame.time_delta_displayed": "0.740154000", - "frame.time_relative": "873.099499000", - "frame.number": "3205", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000057f2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a69f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "281", - "tcp.ack": "253", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000004ab", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive": "", - "_ws.expert.message": "TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:04.703481000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494464.703481000", - "frame.time_delta": "0.143296000", - "frame.time_delta_displayed": "0.143296000", - "frame.time_relative": "873.242795000", - "frame.number": "3206", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000fe0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fdb1", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "253", - "tcp.ack": "282", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00000f20", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive_ack": "", - "_ws.expert.message": "ACK to a TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:05.595121000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494465.595121000", - "frame.time_delta": "0.891640000", - "frame.time_delta_displayed": "0.891640000", - "frame.time_relative": "874.134435000", - "frame.number": "3207", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001da8", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000ba48", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00000d92", - "udp.checksum.status": "2", - "udp.stream": "16" - }, - "mdns": { - "dns.id": "0x00000270", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=624", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:05.595676000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494465.595676000", - "frame.time_delta": "0.000555000", - "frame.time_delta_displayed": "0.000555000", - "frame.time_relative": "874.134990000", - "frame.number": "3208", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001da9", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009b43", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000ee8d", - "udp.checksum.status": "2", - "udp.stream": "17" - }, - "mdns": { - "dns.id": "0x00000270", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=624", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:05.596247000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494465.596247000", - "frame.time_delta": "0.000571000", - "frame.time_delta_displayed": "0.000571000", - "frame.time_relative": "874.135561000", - "frame.number": "3209", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1319", - "udp.dstport": "5353", - "udp.port": "1319", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00007c53", - "udp.checksum.status": "2", - "udp.stream": "18" - }, - "mdns": { - "dns.id": "0x00000270", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=624", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:06.478366000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494466.478366000", - "frame.time_delta": "0.882119000", - "frame.time_delta_displayed": "0.882119000", - "frame.time_relative": "875.017680000", - "frame.number": "3210", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005c62", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x00005b87", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:07.771076000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494467.771076000", - "frame.time_delta": "1.292710000", - "frame.time_delta_displayed": "1.292710000", - "frame.time_relative": "876.310390000", - "frame.number": "3211", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x00000a2b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000ae8f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "39740", - "udp.dstport": "53", - "udp.port": "39740", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x00001ada", - "udp.checksum.status": "2", - "udp.stream": "86" - }, - "dns": { - "dns.id": "0x00000f27", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:07.771663000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494467.771663000", - "frame.time_delta": "0.000587000", - "frame.time_delta_displayed": "0.000587000", - "frame.time_relative": "876.310977000", - "frame.number": "3212", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x00004fa6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00006914", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "39740", - "udp.port": "53", - "udp.port": "39740", - "udp.length": "45", - "udp.checksum": "0x00008230", - "udp.checksum.status": "2", - "udp.stream": "86" - }, - "dns": { - "dns.response_to": "3211", - "dns.time": "0.000587000", - "dns.id": "0x00000f27", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:07.772472000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494467.772472000", - "frame.time_delta": "0.000809000", - "frame.time_delta_displayed": "0.000809000", - "frame.time_relative": "876.311786000", - "frame.number": "3213", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x00000a2c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000ae8e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "45541", - "udp.dstport": "53", - "udp.port": "45541", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x00001f30", - "udp.checksum.status": "2", - "udp.stream": "87" - }, - "dns": { - "dns.id": "0x00000f28", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:07.773013000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494467.773013000", - "frame.time_delta": "0.000541000", - "frame.time_delta_displayed": "0.000541000", - "frame.time_relative": "876.312327000", - "frame.number": "3214", - "frame.len": "95", - "frame.cap_len": "95", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "81", - "ip.id": "0x00004fa7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00006903", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "45541", - "udp.port": "53", - "udp.port": "45541", - "udp.length": "61", - "udp.checksum": "0x00008240", - "udp.checksum.status": "2", - "udp.stream": "87" - }, - "dns": { - "dns.response_to": "3213", - "dns.time": "0.000541000", - "dns.id": "0x00000f28", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "1", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { - "dns.resp.name": "dcp.cpp.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2910", - "dns.resp.len": "4", - "dns.a": "5.79.62.93" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:07.774165000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494467.774165000", - "frame.time_delta": "0.001152000", - "frame.time_delta_displayed": "0.001152000", - "frame.time_relative": "876.313479000", - "frame.number": "3215", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x000089f7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000abd8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35302", - "tcp.dstport": "80", - "tcp.port": "35302", - "tcp.port": "80", - "tcp.stream": "134", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x000087ad", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:07.909526000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494467.909526000", - "frame.time_delta": "0.135361000", - "frame.time_delta_displayed": "0.135361000", - "frame.time_relative": "876.448840000", - "frame.number": "3216", - "frame.len": "62", - "frame.cap_len": "62", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "48", - "ip.id": "0x00009658", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x0000f47a", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35302", - "tcp.port": "80", - "tcp.port": "35302", - "tcp.stream": "134", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "28", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "4140", - "tcp.window_size": "4140", - "tcp.checksum": "0x000026cd", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:64:04:02:00:00", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1380" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "End of Option List (EOL)": { - "tcp.options.type": "0", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "0" - } - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3215", - "tcp.analysis.ack_rtt": "0.135361000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:07.910089000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494467.910089000", - "frame.time_delta": "0.000563000", - "frame.time_delta_displayed": "0.000563000", - "frame.time_relative": "876.449403000", - "frame.number": "3217", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000089f8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000abe3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35302", - "tcp.dstport": "80", - "tcp.port": "35302", - "tcp.port": "80", - "tcp.stream": "134", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000f05b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3216", - "tcp.analysis.ack_rtt": "0.000563000", - "tcp.analysis.initial_rtt": "0.135924000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:07.910103000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494467.910103000", - "frame.time_delta": "0.000014000", - "frame.time_delta_displayed": "0.000014000", - "frame.time_relative": "876.449417000", - "frame.number": "3218", - "frame.len": "654", - "frame.cap_len": "654", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "640", - "ip.id": "0x000089f9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a98a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35302", - "tcp.dstport": "80", - "tcp.port": "35302", - "tcp.port": "80", - "tcp.stream": "134", - "tcp.len": "600", - "tcp.seq": "1", - "tcp.nxtseq": "601", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000f56f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.135924000", - "tcp.analysis.bytes_in_flight": "600", - "tcp.analysis.push_bytes_sent": "600" - }, - "tcp.segment_data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:39:31:22:2c:20:4e:6f:6e:63:65:3d:22:39:6f:6f:46:56:70:62:2b:42:35:6d:37:49:4e:55:49:41:48:2b:77:6a:77:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:6f:57:6d:49:6b:6a:38:6f:53:65:35:5a:4a:32:4f:43:63:33:48:66:4f:41:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:08.046066000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494468.046066000", - "frame.time_delta": "0.135963000", - "frame.time_delta_displayed": "0.135963000", - "frame.time_relative": "876.585380000", - "frame.number": "3219", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000da6d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x0000b06d", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35302", - "tcp.port": "80", - "tcp.port": "35302", - "tcp.stream": "134", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "601", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4740", - "tcp.window_size": "4740", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00004d90", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3218", - "tcp.analysis.ack_rtt": "0.135963000", - "tcp.analysis.initial_rtt": "0.135924000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:08.046698000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494468.046698000", - "frame.time_delta": "0.000632000", - "frame.time_delta_displayed": "0.000632000", - "frame.time_relative": "876.586012000", - "frame.number": "3220", - "frame.len": "1302", - "frame.cap_len": "1302", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:media" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1288", - "ip.id": "0x000089fa", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a701", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35302", - "tcp.dstport": "80", - "tcp.port": "35302", - "tcp.port": "80", - "tcp.stream": "134", - "tcp.len": "1248", - "tcp.seq": "601", - "tcp.nxtseq": "1849", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000bbb0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.135924000", - "tcp.analysis.bytes_in_flight": "1248", - "tcp.analysis.push_bytes_sent": "1248" - }, - "tcp.segment_data": "bc:6b:25:cf:33:b3:b6:a2:7e:8a:cd:7f:15:a0:56:f0:ac:85:6b:b4:03:ff:26:06:90:76:04:96:12:bd:59:37:b9:46:46:d6:34:85:83:7f:52:2c:62:2e:d4:c3:e7:52:53:e2:24:94:79:25:9c:f1:e3:cb:c7:83:9a:49:c9:e5:9b:12:04:c2:8b:aa:7c:52:e5:a7:f7:e7:0d:76:e0:32:d1:cf:17:09:c9:32:46:74:f2:a8:61:10:e4:5e:51:94:6b:0b:d7:d8:53:96:8a:49:67:d1:ba:3e:63:0e:77:d3:1a:1a:30:4f:58:1f:87:75:48:a8:b4:2b:b0:5c:fe:96:56:3d:e5:0c:dc:77:72:8a:4e:a0:77:e8:3c:4a:5a:1a:40:a3:48:e5:4a:a7:e3:e4:95:19:32:7e:66:6c:e5:a4:72:49:a1:27:46:1c:83:77:3a:ff:62:3f:44:69:aa:9d:9e:ee:cc:17:18:7d:cb:c9:1d:22:b3:e0:4b:de:44:aa:15:2a:3f:45:f4:09:18:fe:37:94:58:97:19:ba:66:9a:80:87:0b:29:4e:cc:0d:19:09:4d:a4:40:a7:9e:9c:86:88:8e:5c:f9:60:8c:be:bf:3b:12:ba:ca:3d:2f:7a:8d:c3:89:bb:45:37:70:00:f5:1f:95:5c:c4:31:e0:30:a5:a8:68:e4:c8:7d:59:4a:8c:70:48:42:25:ef:1f:10:89:4e:b7:67:0f:1c:9d:c2:90:b7:a1:21:4d:9c:7b:67:30:62:ef:f5:87:da:08:f1:5b:aa:04:53:f3:de:0e:5e:fd:44:3a:27:de:b3:87:43:88:d3:86:6f:5d:46:1e:10:1b:ed:49:93:fc:5b:4c:7e:4b:a5:81:6b:90:97:ab:6f:09:4f:63:a6:c3:b3:6e:2e:03:95:6e:f6:a4:d7:f0:ff:95:11:1f:b1:ca:88:37:f3:fe:6b:8a:da:5d:11:23:6f:a4:7b:a6:75:6e:08:73:7b:44:f9:d6:39:fe:81:8f:c2:44:e7:0c:49:67:51:bc:b3:80:5a:a8:91:fe:a3:a2:93:2b:65:59:c2:7e:b5:bf:2c:8a:6f:64:22:6b:ef:49:b9:3d:e0:f9:06:0f:9e:f0:b8:25:a2:85:ad:b6:5e:8e:1b:b5:8a:fb:a7:68:eb:ce:9c:ae:9b:a6:7b:03:2f:11:da:44:27:7d:d6:a5:90:65:bd:c9:bc:cf:cf:43:04:ad:3b:67:49:31:c4:77:c4:d1:e2:4c:87:85:e0:18:93:ae:be:0f:9d:2a:e1:06:5e:7b:ea:9e:c0:3b:95:cd:f9:45:4e:56:86:b4:d8:09:04:48:b4:c5:87:b3:90:c9:7e:22:c4:fe:8b:21:80:82:2c:30:2c:6b:70:f9:87:83:67:17:a1:a2:87:01:cd:bf:de:43:1c:d6:70:2f:76:f9:ed:b9:d5:93:f1:b8:51:5a:f9:98:5b:4e:9d:95:89:c3:a5:c7:90:f3:8e:de:e9:4d:5f:d0:4b:44:f3:62:0a:f8:2a:79:89:9d:ad:e8:cd:ea:e1:21:ee:15:da:e4:3e:63:78:17:48:13:02:6a:b1:e3:4c:34:ac:e9:96:3a:26:5c:ad:64:b8:33:57:41:37:30:f5:21:07:9a:44:c6:70:28:54:8f:9b:e1:80:93:6d:f3:43:29:e2:f7:af:7a:f6:97:5a:66:2f:09:fd:fe:12:05:8c:f3:e0:31:09:01:8f:c4:b6:81:df:fc:25:25:d9:8f:34:6b:77:3b:95:21:09:8c:bb:65:f5:9a:b3:c3:51:1c:1d:87:44:1a:1c:ec:c8:83:4b:5e:88:d4:f3:7f:76:78:cd:21:78:11:8f:5d:2b:4a:eb:fd:e6:a5:9a:0a:40:8d:dd:f6:fe:20:f6:85:c3:90:a9:3f:f5:2a:b2:60:15:48:96:99:f1:8b:64:84:d6:bb:33:e1:00:9b:bf:a5:17:80:7f:5f:b9:fd:37:dd:be:3b:02:bc:8e:ca:8a:46:90:90:48:1d:2b:f3:ef:2b:9a:24:be:c7:1f:a5:da:b8:36:8f:7a:c5:19:38:92:c0:0e:0a:6c:a2:ac:81:d4:9e:00:a1:ba:71:c7:94:6b:1e:3e:7d:f4:60:98:d4:5f:d7:7e:79:86:cf:e4:62:b9:ad:34:9e:18:b8:82:b7:77:cb:83:e8:98:fc:39:dd:69:a3:59:7c:ab:d2:2f:52:73:e4:4e:6e:c2:79:13:b7:d6:b0:ee:11:e8:0a:87:f7:77:2c:58:93:0b:47:76:22:c8:ab:9b:b0:65:a9:a1:84:ad:92:5f:5c:7b:7e:99:80:ae:b1:98:45:e8:ce:67:30:2d:28:18:da:8f:86:70:f3:9f:87:fa:88:6b:fb:38:7d:5f:29:2f:9b:29:cc:cf:97:16:45:ee:e3:f7:af:ff:fc:d3:d2:57:e2:dc:60:1a:36:6d:7e:97:c0:f5:55:db:ed:c1:f6:cb:2c:f4:dc:1f:f1:dc:d1:ab:74:52:45:50:26:21:d0:82:d2:3b:99:be:bc:4c:67:07:73:74:e1:36:0d:90:5f:a2:b0:21:fb:17:4f:83:8b:32:60:b3:5a:3f:93:b1:86:7e:de:4b:57:f6:fd:0d:de:50:af:84:a7:4f:12:39:f6:36:53:ea:b2:b2:f4:eb:16:67:c7:30:29:5d:f8:f5:ea:a5:37:d1:e2:69:95:da:66:da:a1:77:ef:a0:2b:55:3c:f1:b5:3f:87:de:ca:2d:9e:a2:6f:88:5a:a3:b3:c4:0c:e0:71:bc:93:62:9d:e8:b2:5f:16:64:c9:86:6f:07:8d:9d:0a:19:0b:c7:c8:54:7f:88:f6:aa:52:d7:d0:22:b9:bd:53:b4:a3:9d:c0:49:d3:ed:5e:c2:cc:b2:f9:a5:3a:f0:05:8c:54:4e:88:31:34:fa:b2:8b:ea:9e:05:74:83:e3:d0:25:05:29:8c:8e:1c:fa:17:da:10:7d:7c:3e:96:87:75:93:d9:47:33:84:41:a9:be:ab:3a:56:a1:e1:ab:dd:5e:b1:80:23:27:c1:e1:d7:8f:e9:29:03:cc:e3:b5:b2:fd:d4:9b:d1:30:06:83:e9:7b:6a:13:28:09:fd:ab:67:f3:3c:73:30:cc:89:36:be:68:be:03:fb:02:9a:3c:0b:23:c2:fe:f0:3d:25:c6:ed:62:ef:1e:43:3d:d8:c9:44:d1:0b:9b:6a:70:89:6f:a9:64:34:3a:77:48:07:fb:7e:b7:da:13:59:fc:64:01:e0:df:8a:11:db:5a:f2:01:be:d7:33:e0:81:1e:c4:fa:ee:21:f3:37:79:bc" - }, - "tcp.segments": { - "tcp.segment": "3218", - "tcp.segment": "3220", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1848", - "tcp.reassembled.data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:39:31:22:2c:20:4e:6f:6e:63:65:3d:22:39:6f:6f:46:56:70:62:2b:42:35:6d:37:49:4e:55:49:41:48:2b:77:6a:77:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:6f:57:6d:49:6b:6a:38:6f:53:65:35:5a:4a:32:4f:43:63:33:48:66:4f:41:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a:bc:6b:25:cf:33:b3:b6:a2:7e:8a:cd:7f:15:a0:56:f0:ac:85:6b:b4:03:ff:26:06:90:76:04:96:12:bd:59:37:b9:46:46:d6:34:85:83:7f:52:2c:62:2e:d4:c3:e7:52:53:e2:24:94:79:25:9c:f1:e3:cb:c7:83:9a:49:c9:e5:9b:12:04:c2:8b:aa:7c:52:e5:a7:f7:e7:0d:76:e0:32:d1:cf:17:09:c9:32:46:74:f2:a8:61:10:e4:5e:51:94:6b:0b:d7:d8:53:96:8a:49:67:d1:ba:3e:63:0e:77:d3:1a:1a:30:4f:58:1f:87:75:48:a8:b4:2b:b0:5c:fe:96:56:3d:e5:0c:dc:77:72:8a:4e:a0:77:e8:3c:4a:5a:1a:40:a3:48:e5:4a:a7:e3:e4:95:19:32:7e:66:6c:e5:a4:72:49:a1:27:46:1c:83:77:3a:ff:62:3f:44:69:aa:9d:9e:ee:cc:17:18:7d:cb:c9:1d:22:b3:e0:4b:de:44:aa:15:2a:3f:45:f4:09:18:fe:37:94:58:97:19:ba:66:9a:80:87:0b:29:4e:cc:0d:19:09:4d:a4:40:a7:9e:9c:86:88:8e:5c:f9:60:8c:be:bf:3b:12:ba:ca:3d:2f:7a:8d:c3:89:bb:45:37:70:00:f5:1f:95:5c:c4:31:e0:30:a5:a8:68:e4:c8:7d:59:4a:8c:70:48:42:25:ef:1f:10:89:4e:b7:67:0f:1c:9d:c2:90:b7:a1:21:4d:9c:7b:67:30:62:ef:f5:87:da:08:f1:5b:aa:04:53:f3:de:0e:5e:fd:44:3a:27:de:b3:87:43:88:d3:86:6f:5d:46:1e:10:1b:ed:49:93:fc:5b:4c:7e:4b:a5:81:6b:90:97:ab:6f:09:4f:63:a6:c3:b3:6e:2e:03:95:6e:f6:a4:d7:f0:ff:95:11:1f:b1:ca:88:37:f3:fe:6b:8a:da:5d:11:23:6f:a4:7b:a6:75:6e:08:73:7b:44:f9:d6:39:fe:81:8f:c2:44:e7:0c:49:67:51:bc:b3:80:5a:a8:91:fe:a3:a2:93:2b:65:59:c2:7e:b5:bf:2c:8a:6f:64:22:6b:ef:49:b9:3d:e0:f9:06:0f:9e:f0:b8:25:a2:85:ad:b6:5e:8e:1b:b5:8a:fb:a7:68:eb:ce:9c:ae:9b:a6:7b:03:2f:11:da:44:27:7d:d6:a5:90:65:bd:c9:bc:cf:cf:43:04:ad:3b:67:49:31:c4:77:c4:d1:e2:4c:87:85:e0:18:93:ae:be:0f:9d:2a:e1:06:5e:7b:ea:9e:c0:3b:95:cd:f9:45:4e:56:86:b4:d8:09:04:48:b4:c5:87:b3:90:c9:7e:22:c4:fe:8b:21:80:82:2c:30:2c:6b:70:f9:87:83:67:17:a1:a2:87:01:cd:bf:de:43:1c:d6:70:2f:76:f9:ed:b9:d5:93:f1:b8:51:5a:f9:98:5b:4e:9d:95:89:c3:a5:c7:90:f3:8e:de:e9:4d:5f:d0:4b:44:f3:62:0a:f8:2a:79:89:9d:ad:e8:cd:ea:e1:21:ee:15:da:e4:3e:63:78:17:48:13:02:6a:b1:e3:4c:34:ac:e9:96:3a:26:5c:ad:64:b8:33:57:41:37:30:f5:21:07:9a:44:c6:70:28:54:8f:9b:e1:80:93:6d:f3:43:29:e2:f7:af:7a:f6:97:5a:66:2f:09:fd:fe:12:05:8c:f3:e0:31:09:01:8f:c4:b6:81:df:fc:25:25:d9:8f:34:6b:77:3b:95:21:09:8c:bb:65:f5:9a:b3:c3:51:1c:1d:87:44:1a:1c:ec:c8:83:4b:5e:88:d4:f3:7f:76:78:cd:21:78:11:8f:5d:2b:4a:eb:fd:e6:a5:9a:0a:40:8d:dd:f6:fe:20:f6:85:c3:90:a9:3f:f5:2a:b2:60:15:48:96:99:f1:8b:64:84:d6:bb:33:e1:00:9b:bf:a5:17:80:7f:5f:b9:fd:37:dd:be:3b:02:bc:8e:ca:8a:46:90:90:48:1d:2b:f3:ef:2b:9a:24:be:c7:1f:a5:da:b8:36:8f:7a:c5:19:38:92:c0:0e:0a:6c:a2:ac:81:d4:9e:00:a1:ba:71:c7:94:6b:1e:3e:7d:f4:60:98:d4:5f:d7:7e:79:86:cf:e4:62:b9:ad:34:9e:18:b8:82:b7:77:cb:83:e8:98:fc:39:dd:69:a3:59:7c:ab:d2:2f:52:73:e4:4e:6e:c2:79:13:b7:d6:b0:ee:11:e8:0a:87:f7:77:2c:58:93:0b:47:76:22:c8:ab:9b:b0:65:a9:a1:84:ad:92:5f:5c:7b:7e:99:80:ae:b1:98:45:e8:ce:67:30:2d:28:18:da:8f:86:70:f3:9f:87:fa:88:6b:fb:38:7d:5f:29:2f:9b:29:cc:cf:97:16:45:ee:e3:f7:af:ff:fc:d3:d2:57:e2:dc:60:1a:36:6d:7e:97:c0:f5:55:db:ed:c1:f6:cb:2c:f4:dc:1f:f1:dc:d1:ab:74:52:45:50:26:21:d0:82:d2:3b:99:be:bc:4c:67:07:73:74:e1:36:0d:90:5f:a2:b0:21:fb:17:4f:83:8b:32:60:b3:5a:3f:93:b1:86:7e:de:4b:57:f6:fd:0d:de:50:af:84:a7:4f:12:39:f6:36:53:ea:b2:b2:f4:eb:16:67:c7:30:29:5d:f8:f5:ea:a5:37:d1:e2:69:95:da:66:da:a1:77:ef:a0:2b:55:3c:f1:b5:3f:87:de:ca:2d:9e:a2:6f:88:5a:a3:b3:c4:0c:e0:71:bc:93:62:9d:e8:b2:5f:16:64:c9:86:6f:07:8d:9d:0a:19:0b:c7:c8:54:7f:88:f6:aa:52:d7:d0:22:b9:bd:53:b4:a3:9d:c0:49:d3:ed:5e:c2:cc:b2:f9:a5:3a:f0:05:8c:54:4e:88:31:34:fa:b2:8b:ea:9e:05:74:83:e3:d0:25:05:29:8c:8e:1c:fa:17:da:10:7d:7c:3e:96:87:75:93:d9:47:33:84:41:a9:be:ab:3a:56:a1:e1:ab:dd:5e:b1:80:23:27:c1:e1:d7:8f:e9:29:03:cc:e3:b5:b2:fd:d4:9b:d1:30:06:83:e9:7b:6a:13:28:09:fd:ab:67:f3:3c:73:30:cc:89:36:be:68:be:03:fb:02:9a:3c:0b:23:c2:fe:f0:3d:25:c6:ed:62:ef:1e:43:3d:d8:c9:44:d1:0b:9b:6a:70:89:6f:a9:64:34:3a:77:48:07:fb:7e:b7:da:13:59:fc:64:01:e0:df:8a:11:db:5a:f2:01:be:d7:33:e0:81:1e:c4:fa:ee:21:f3:37:79:bc" - }, - "http": { - "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "POST", - "http.request.uri": "\/DcpRequestHandler\/index.ashx", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "dcp.cpp.philips.com:80", - "http.request.line": "Host: dcp.cpp.philips.com:80\r\n", - "http.authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"191\", Nonce=\"9ooFVpb+B5m7INUIAH+wjw==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"oWmIkj8oSe5ZJ2OCc3HfOA==\"", - "http.request.line": "Authorization: CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"191\", Nonce=\"9ooFVpb+B5m7INUIAH+wjw==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"oWmIkj8oSe5ZJ2OCc3HfOA==\"\r\n", - "http.content_length_header": "1248 ", - "http.content_length_header_tree": { - "http.content_length": "1248" - }, - "http.request.line": "Content-Length: 1248 \r\n", - "http.content_type": "application\/CB-Encrypted; cipher=AES", - "http.request.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", - "http.connection": "close", - "http.request.line": "Connection: close\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/dcp.cpp.philips.com:80\/DcpRequestHandler\/index.ashx", - "http.request": "1", - "http.request_number": "1", - "http.file_data": "\u00ef\u00bf\u00bdk%\u00ef\u00bf\u00bd3\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd~\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u007f\u0015\u00ef\u00bf\u00bdV\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdk\u00ef\u00bf\u00bd\u0003\u00ef\u00bf\u00bd&\u0006\u00ef\u00bf\u00bdv\u0004\u00ef\u00bf\u00bd\u0012\u00ef\u00bf\u00bdY7\u00ef\u00bf\u00bdFF\u00ef\u00bf\u00bd4\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u007fR,b.\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdRS\u00ef\u00bf\u00bd$\u00ef\u00bf\u00bdy%\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdI\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0012\u0004\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd|R\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\rv\u00ef\u00bf\u00bd2\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0017\t\u00ef\u00bf\u00bd2Ft\u00ef\u00bf\u00bd\u00ef\u00bf\u00bda\u0010\u00ef\u00bf\u00bd^Q\u00ef\u00bf\u00bdk\u000b\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdS\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdIg\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd>c\u000ew\u00ef\u00bf\u00bd\u001a\u001a0OX\u001f\u00ef\u00bf\u00bduH\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd+\u00ef\u00bf\u00bd\\\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdV=\u00ef\u00bf\u00bd\f\u00ef\u00bf\u00bdwr\u00ef\u00bf\u00bdN\u00ef\u00bf\u00bdw\u00ef\u00bf\u00bd<JZ\u001a@\u00ef\u00bf\u00bdH\u00ef\u00bf\u00bdJ\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00192~fl\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdrI\u00ef\u00bf\u00bd'F\u001c\u00ef\u00bf\u00bdw:\u00ef\u00bf\u00bdb?Di\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0017\u0018}\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001d\"\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdK\u00ef\u00bf\u00bdD\u00ef\u00bf\u00bd\u0015*?E\u00ef\u00bf\u00bd\t\u0018\u00ef\u00bf\u00bd7\u00ef\u00bf\u00bdX\u00ef\u00bf\u00bd\u0019\u00ef\u00bf\u00bdf\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u000b)N\u00ef\u00bf\u00bd\r\u0019\tM\u00ef\u00bf\u00bd@\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\\\u00ef\u00bf\u00bd`\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd;\u0012\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd=\/z\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdE7p" - }, - "media": { - "media.type": "bc:6b:25:cf:33:b3:b6:a2:7e:8a:cd:7f:15:a0:56:f0:ac:85:6b:b4:03:ff:26:06:90:76:04:96:12:bd:59:37:b9:46:46:d6:34:85:83:7f:52:2c:62:2e:d4:c3:e7:52:53:e2:24:94:79:25:9c:f1:e3:cb:c7:83:9a:49:c9:e5:9b:12:04:c2:8b:aa:7c:52:e5:a7:f7:e7:0d:76:e0:32:d1:cf:17:09:c9:32:46:74:f2:a8:61:10:e4:5e:51:94:6b:0b:d7:d8:53:96:8a:49:67:d1:ba:3e:63:0e:77:d3:1a:1a:30:4f:58:1f:87:75:48:a8:b4:2b:b0:5c:fe:96:56:3d:e5:0c:dc:77:72:8a:4e:a0:77:e8:3c:4a:5a:1a:40:a3:48:e5:4a:a7:e3:e4:95:19:32:7e:66:6c:e5:a4:72:49:a1:27:46:1c:83:77:3a:ff:62:3f:44:69:aa:9d:9e:ee:cc:17:18:7d:cb:c9:1d:22:b3:e0:4b:de:44:aa:15:2a:3f:45:f4:09:18:fe:37:94:58:97:19:ba:66:9a:80:87:0b:29:4e:cc:0d:19:09:4d:a4:40:a7:9e:9c:86:88:8e:5c:f9:60:8c:be:bf:3b:12:ba:ca:3d:2f:7a:8d:c3:89:bb:45:37:70:00:f5:1f:95:5c:c4:31:e0:30:a5:a8:68:e4:c8:7d:59:4a:8c:70:48:42:25:ef:1f:10:89:4e:b7:67:0f:1c:9d:c2:90:b7:a1:21:4d:9c:7b:67:30:62:ef:f5:87:da:08:f1:5b:aa:04:53:f3:de:0e:5e:fd:44:3a:27:de:b3:87:43:88:d3:86:6f:5d:46:1e:10:1b:ed:49:93:fc:5b:4c:7e:4b:a5:81:6b:90:97:ab:6f:09:4f:63:a6:c3:b3:6e:2e:03:95:6e:f6:a4:d7:f0:ff:95:11:1f:b1:ca:88:37:f3:fe:6b:8a:da:5d:11:23:6f:a4:7b:a6:75:6e:08:73:7b:44:f9:d6:39:fe:81:8f:c2:44:e7:0c:49:67:51:bc:b3:80:5a:a8:91:fe:a3:a2:93:2b:65:59:c2:7e:b5:bf:2c:8a:6f:64:22:6b:ef:49:b9:3d:e0:f9:06:0f:9e:f0:b8:25:a2:85:ad:b6:5e:8e:1b:b5:8a:fb:a7:68:eb:ce:9c:ae:9b:a6:7b:03:2f:11:da:44:27:7d:d6:a5:90:65:bd:c9:bc:cf:cf:43:04:ad:3b:67:49:31:c4:77:c4:d1:e2:4c:87:85:e0:18:93:ae:be:0f:9d:2a:e1:06:5e:7b:ea:9e:c0:3b:95:cd:f9:45:4e:56:86:b4:d8:09:04:48:b4:c5:87:b3:90:c9:7e:22:c4:fe:8b:21:80:82:2c:30:2c:6b:70:f9:87:83:67:17:a1:a2:87:01:cd:bf:de:43:1c:d6:70:2f:76:f9:ed:b9:d5:93:f1:b8:51:5a:f9:98:5b:4e:9d:95:89:c3:a5:c7:90:f3:8e:de:e9:4d:5f:d0:4b:44:f3:62:0a:f8:2a:79:89:9d:ad:e8:cd:ea:e1:21:ee:15:da:e4:3e:63:78:17:48:13:02:6a:b1:e3:4c:34:ac:e9:96:3a:26:5c:ad:64:b8:33:57:41:37:30:f5:21:07:9a:44:c6:70:28:54:8f:9b:e1:80:93:6d:f3:43:29:e2:f7:af:7a:f6:97:5a:66:2f:09:fd:fe:12:05:8c:f3:e0:31:09:01:8f:c4:b6:81:df:fc:25:25:d9:8f:34:6b:77:3b:95:21:09:8c:bb:65:f5:9a:b3:c3:51:1c:1d:87:44:1a:1c:ec:c8:83:4b:5e:88:d4:f3:7f:76:78:cd:21:78:11:8f:5d:2b:4a:eb:fd:e6:a5:9a:0a:40:8d:dd:f6:fe:20:f6:85:c3:90:a9:3f:f5:2a:b2:60:15:48:96:99:f1:8b:64:84:d6:bb:33:e1:00:9b:bf:a5:17:80:7f:5f:b9:fd:37:dd:be:3b:02:bc:8e:ca:8a:46:90:90:48:1d:2b:f3:ef:2b:9a:24:be:c7:1f:a5:da:b8:36:8f:7a:c5:19:38:92:c0:0e:0a:6c:a2:ac:81:d4:9e:00:a1:ba:71:c7:94:6b:1e:3e:7d:f4:60:98:d4:5f:d7:7e:79:86:cf:e4:62:b9:ad:34:9e:18:b8:82:b7:77:cb:83:e8:98:fc:39:dd:69:a3:59:7c:ab:d2:2f:52:73:e4:4e:6e:c2:79:13:b7:d6:b0:ee:11:e8:0a:87:f7:77:2c:58:93:0b:47:76:22:c8:ab:9b:b0:65:a9:a1:84:ad:92:5f:5c:7b:7e:99:80:ae:b1:98:45:e8:ce:67:30:2d:28:18:da:8f:86:70:f3:9f:87:fa:88:6b:fb:38:7d:5f:29:2f:9b:29:cc:cf:97:16:45:ee:e3:f7:af:ff:fc:d3:d2:57:e2:dc:60:1a:36:6d:7e:97:c0:f5:55:db:ed:c1:f6:cb:2c:f4:dc:1f:f1:dc:d1:ab:74:52:45:50:26:21:d0:82:d2:3b:99:be:bc:4c:67:07:73:74:e1:36:0d:90:5f:a2:b0:21:fb:17:4f:83:8b:32:60:b3:5a:3f:93:b1:86:7e:de:4b:57:f6:fd:0d:de:50:af:84:a7:4f:12:39:f6:36:53:ea:b2:b2:f4:eb:16:67:c7:30:29:5d:f8:f5:ea:a5:37:d1:e2:69:95:da:66:da:a1:77:ef:a0:2b:55:3c:f1:b5:3f:87:de:ca:2d:9e:a2:6f:88:5a:a3:b3:c4:0c:e0:71:bc:93:62:9d:e8:b2:5f:16:64:c9:86:6f:07:8d:9d:0a:19:0b:c7:c8:54:7f:88:f6:aa:52:d7:d0:22:b9:bd:53:b4:a3:9d:c0:49:d3:ed:5e:c2:cc:b2:f9:a5:3a:f0:05:8c:54:4e:88:31:34:fa:b2:8b:ea:9e:05:74:83:e3:d0:25:05:29:8c:8e:1c:fa:17:da:10:7d:7c:3e:96:87:75:93:d9:47:33:84:41:a9:be:ab:3a:56:a1:e1:ab:dd:5e:b1:80:23:27:c1:e1:d7:8f:e9:29:03:cc:e3:b5:b2:fd:d4:9b:d1:30:06:83:e9:7b:6a:13:28:09:fd:ab:67:f3:3c:73:30:cc:89:36:be:68:be:03:fb:02:9a:3c:0b:23:c2:fe:f0:3d:25:c6:ed:62:ef:1e:43:3d:d8:c9:44:d1:0b:9b:6a:70:89:6f:a9:64:34:3a:77:48:07:fb:7e:b7:da:13:59:fc:64:01:e0:df:8a:11:db:5a:f2:01:be:d7:33:e0:81:1e:c4:fa:ee:21:f3:37:79:bc" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:08.181974000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494468.181974000", - "frame.time_delta": "0.135276000", - "frame.time_delta_displayed": "0.135276000", - "frame.time_relative": "876.721288000", - "frame.number": "3221", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001fb7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x00006b24", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35302", - "tcp.port": "80", - "tcp.port": "35302", - "tcp.stream": "134", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1849", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x000043d0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3220", - "tcp.analysis.ack_rtt": "0.135276000", - "tcp.analysis.initial_rtt": "0.135924000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:08.199533000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494468.199533000", - "frame.time_delta": "0.017559000", - "frame.time_delta_displayed": "0.017559000", - "frame.time_relative": "876.738847000", - "frame.number": "3222", - "frame.len": "151", - "frame.cap_len": "151", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "137", - "ip.id": "0x00002c8c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000389e", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "85", - "tcp.seq": "8878", - "tcp.nxtseq": "8963", - "tcp.ack": "37008", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000072e6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:53:86:00:26:05:ac", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812171142, TSecr 2491820": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812171142", - "tcp.options.timestamp.tsecr": "2491820" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "85", - "tcp.analysis.push_bytes_sent": "85" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "80", - "ssl.app_data": "34:cd:34:17:47:48:0e:68:33:4b:82:6b:87:ff:42:1f:f0:c2:cb:af:9a:18:ce:95:cb:7e:e3:a2:28:fe:3f:fa:f0:f0:dd:34:03:8b:3b:e6:92:ab:6b:4d:d8:39:fa:86:5f:3c:42:f8:2d:31:04:cb:cd:94:89:99:45:e0:b0:40:a7:44:d9:fc:b3:9b:73:6e:73:69:54:33:c1:7c:28:e3" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:08.206328000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494468.206328000", - "frame.time_delta": "0.006795000", - "frame.time_delta_displayed": "0.006795000", - "frame.time_relative": "876.745642000", - "frame.number": "3223", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00009590", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000077c0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "37008", - "tcp.nxtseq": "37055", - "tcp.ack": "8963", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000993e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:07:69:a7:9e:53:86", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2492265, TSecr 2812171142": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2492265", - "tcp.options.timestamp.tsecr": "2812171142" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3222", - "tcp.analysis.ack_rtt": "0.006795000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:43:10:0c:90:6d:c7:f7:18:19:99:c4:40:92:1c:82:61:d2:0d:41:24:48:c3:18:d9:57:ac:a9:4e:7f:3f:f8:59:ae:49:bd" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:08.223353000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494468.223353000", - "frame.time_delta": "0.017025000", - "frame.time_delta_displayed": "0.017025000", - "frame.time_relative": "876.762667000", - "frame.number": "3224", - "frame.len": "162", - "frame.cap_len": "162", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "148", - "ip.id": "0x000087ab", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00004218", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "10023", - "udp.dstport": "1900", - "udp.port": "10023", - "udp.port": "1900", - "udp.length": "128", - "udp.checksum": "0x0000e91a", - "udp.checksum.status": "2", - "udp.stream": "88" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.request.line": "MX: 4\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST:239.255.255.250:1900\r\n", - "http.request.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:08.232402000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494468.232402000", - "frame.time_delta": "0.009049000", - "frame.time_delta_displayed": "0.009049000", - "frame.time_relative": "876.771716000", - "frame.number": "3225", - "frame.len": "925", - "frame.cap_len": "925", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:media" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "911", - "ip.id": "0x00003a1d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x00004d57", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35302", - "tcp.port": "80", - "tcp.port": "35302", - "tcp.stream": "134", - "tcp.len": "871", - "tcp.seq": "1", - "tcp.nxtseq": "872", - "tcp.ack": "1849", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000bdf9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.135924000", - "tcp.analysis.bytes_in_flight": "871", - "tcp.analysis.push_bytes_sent": "871" - } - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.cache_control": "private", - "http.response.line": "Cache-Control: private\r\n", - "http.content_length_header": "560", - "http.content_length_header_tree": { - "http.content_length": "560" - }, - "http.response.line": "Content-Length: 560\r\n", - "http.content_type": "application\/CB-Encrypted; cipher=AES", - "http.response.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", - "http.server": "Microsoft-IIS\/7.5", - "http.response.line": "Server: Microsoft-IIS\/7.5\r\n", - "http.www_authenticate": "CBAuth Nonce=\"Q8NQBIifW6e7INUIn+yRKg==\"", - "http.response.line": "WWW-Authenticate: CBAuth Nonce=\"Q8NQBIifW6e7INUIn+yRKg==\"\r\n", - "http.response.line": "X-AspNet-Version: 4.0.30319\r\n", - "http.response.line": "X-Powered-By: ASP.NET\r\n", - "http.date": "Wed, 01 Nov 2017 00:01:08 GMT", - "http.response.line": "Date: Wed, 01 Nov 2017 00:01:08 GMT\r\n", - "http.connection": "close", - "http.response.line": "Connection: close\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.185704000", - "http.request_in": "3220", - "http.file_data": "\u00ef\u00bf\u00bdk%\u00ef\u00bf\u00bd3\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd~\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u007f\u0015\u00ef\u00bf\u00bdV\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdk\u00ef\u00bf\u00bd\u0003\u00ef\u00bf\u00bd&\u0006\u00ef\u00bf\u00bdv\u0004\u00ef\u00bf\u00bd\u0012\u00ef\u00bf\u00bdY7\u0005\u00ef\u00bf\u00bd\u0016\u0016F\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd0i\u000e" - }, - "media": { - "media.type": "bc:6b:25:cf:33:b3:b6:a2:7e:8a:cd:7f:15:a0:56:f0:ac:85:6b:b4:03:ff:26:06:90:76:04:96:12:bd:59:37:05:ea:16:16:46:da:ad:30:69:0e:00:18:42:e1:18:9b:1b:88:3c:ad:93:cb:bb:8e:19:e0:57:f6:ea:5c:8b:f4:e6:ae:d4:f4:17:88:28:35:3b:73:a8:4b:88:ac:52:94:3d:08:06:43:24:78:98:b8:65:4d:64:5f:09:87:ab:2e:0a:57:1e:47:ce:06:a5:d4:77:ac:42:ab:40:f1:81:f6:1e:58:e2:f4:f1:81:05:f3:f3:fd:bb:b6:60:a5:b6:09:57:d3:43:5a:5b:f4:32:d9:79:ef:0e:96:7d:fd:cd:a3:00:4a:dc:c1:1f:6e:93:81:86:30:64:df:70:03:c0:a5:8f:1d:41:c2:cf:ed:aa:0c:a5:8d:ed:fb:ed:46:42:b0:8b:c7:2c:ae:05:8f:b3:9f:22:bb:96:34:34:f8:eb:f2:c9:80:35:a2:04:d7:46:58:e7:60:a5:b5:09:fa:fa:ed:21:23:47:d5:92:23:d1:6b:48:62:14:10:7d:54:23:09:08:30:e3:b3:2e:97:75:86:75:f7:20:04:68:6c:74:24:57:1b:f0:76:74:f6:c8:7c:24:fd:2a:09:56:d1:5a:b6:01:79:da:41:c1:16:2c:6a:ac:44:67:0a:e4:87:a6:a5:80:ff:93:13:50:b8:b6:c8:90:4a:f9:10:cc:d9:69:3f:5f:a5:e9:4f:e4:3d:d8:90:70:50:c3:4c:2f:de:71:d5:ce:0a:32:48:84:d1:e3:d8:22:9b:93:1f:b7:2f:1b:b0:70:1e:72:d5:85:29:aa:60:74:90:9f:d9:87:e8:a8:19:ff:dd:fa:83:f8:40:46:8e:06:ca:90:98:5d:97:0a:9f:34:12:88:be:9b:29:70:37:0a:a8:9e:96:aa:c1:f6:24:bc:3c:a4:c2:06:2a:89:1e:a3:c3:af:d3:9f:77:47:1e:97:19:84:ea:82:da:03:b4:f5:4a:39:ed:9b:11:f6:01:6e:e9:6b:3a:a6:bd:6b:97:a5:7c:d6:24:22:03:16:da:a7:51:72:a9:19:8c:b8:be:2e:26:e8:66:39:83:b2:9b:3b:a6:d9:8b:1d:2f:4f:6c:bb:97:d3:3e:f3:f5:1d:26:45:7b:38:ce:12:a6:91:65:8d:11:ec:ba:56:29:e8:33:6f:31:d6:9f:d3:83:5f:f0:47:4c:55:50:e7:05:1b:e4:a8:0a:1a:97:7e:37:b1:23:20:ae:30:5a:90:41:ac:29:65:a4:a3:72:48:d3:ba:26:cc:18:d4:96:fc:17:3e:17:b8:44:db:71:f7:6f:54:9f:12:07:23:02:22:33:ce:81:f9:d3:97:09:1a:d1:38:93:e3:1a:f3:08:7a:3f:fa:26:1b:ec:37:e3:2c:5d:19:ec:db:cb:ed:62:45:7e:01:7d" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:08.232488000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494468.232488000", - "frame.time_delta": "0.000086000", - "frame.time_delta_displayed": "0.000086000", - "frame.time_relative": "876.771802000", - "frame.number": "3226", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00003a1f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x000050bc", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35302", - "tcp.port": "80", - "tcp.port": "35302", - "tcp.stream": "134", - "tcp.len": "0", - "tcp.seq": "872", - "tcp.ack": "1849", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00004068", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:08.232961000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494468.232961000", - "frame.time_delta": "0.000473000", - "frame.time_delta_displayed": "0.000473000", - "frame.time_relative": "876.772275000", - "frame.number": "3227", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000089fb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000abe0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35302", - "tcp.dstport": "80", - "tcp.port": "35302", - "tcp.port": "80", - "tcp.stream": "134", - "tcp.len": "0", - "tcp.seq": "1849", - "tcp.ack": "872", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "30485", - "tcp.window_size": "30485", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000e0b7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3225", - "tcp.analysis.ack_rtt": "0.000559000", - "tcp.analysis.initial_rtt": "0.135924000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:08.233605000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494468.233605000", - "frame.time_delta": "0.000644000", - "frame.time_delta_displayed": "0.000644000", - "frame.time_relative": "876.772919000", - "frame.number": "3228", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000089fc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000abdf", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35302", - "tcp.dstport": "80", - "tcp.port": "35302", - "tcp.port": "80", - "tcp.stream": "134", - "tcp.len": "0", - "tcp.seq": "1849", - "tcp.ack": "873", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "30485", - "tcp.window_size": "30485", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000e0b5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3226", - "tcp.analysis.ack_rtt": "0.001117000", - "tcp.analysis.initial_rtt": "0.135924000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:08.266803000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494468.266803000", - "frame.time_delta": "0.033198000", - "frame.time_delta_displayed": "0.033198000", - "frame.time_relative": "876.806117000", - "frame.number": "3229", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c8d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038f2", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "8963", - "tcp.ack": "37055", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000099ca", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:53:97:00:26:07:69", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812171159, TSecr 2492265": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812171159", - "tcp.options.timestamp.tsecr": "2492265" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3223", - "tcp.analysis.ack_rtt": "0.060475000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:08.267234000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494468.267234000", - "frame.time_delta": "0.000431000", - "frame.time_delta_displayed": "0.000431000", - "frame.time_relative": "876.806548000", - "frame.number": "3230", - "frame.len": "174", - "frame.cap_len": "174", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "160", - "ip.id": "0x00009591", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007782", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "108", - "tcp.seq": "37055", - "tcp.nxtseq": "37163", - "tcp.ack": "8963", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f4aa", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:07:6f:a7:9e:53:97", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2492271, TSecr 2812171159": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2492271", - "tcp.options.timestamp.tsecr": "2812171159" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "108", - "tcp.analysis.push_bytes_sent": "108" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:44:0f:34:14:be:74:ae:3b:8e:34:b0:d4:36:27:70:8a:5c:a0:0e:6d:d0:20:ba:00:79:61:ae:ed:2e:dc:50:f8:f1:60:8d:e4:a0:0a:9a:51:d5:b7" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:45:5b:76:d3:9f:c3:cb:10:61:b2:93:85:76:07:85:c6:48:60:1c:da:47:7d:95:95:ed:30:e0:6f:fe:9b:73:71:6f:06:8d:51:d4:e5:9a:da:98:1e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:08.327452000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494468.327452000", - "frame.time_delta": "0.060218000", - "frame.time_delta_displayed": "0.060218000", - "frame.time_relative": "876.866766000", - "frame.number": "3231", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c8e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038f1", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "8963", - "tcp.ack": "37163", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00009949", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:53:a6:00:26:07:6f", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812171174, TSecr 2492271": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812171174", - "tcp.options.timestamp.tsecr": "2492271" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3230", - "tcp.analysis.ack_rtt": "0.060218000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:08.369039000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494468.369039000", - "frame.time_delta": "0.041587000", - "frame.time_delta_displayed": "0.041587000", - "frame.time_relative": "876.908353000", - "frame.number": "3232", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00007de1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x00000cfa", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35302", - "tcp.port": "80", - "tcp.port": "35302", - "tcp.stream": "134", - "tcp.len": "0", - "tcp.seq": "873", - "tcp.ack": "1850", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00004067", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3228", - "tcp.analysis.ack_rtt": "0.135434000", - "tcp.analysis.initial_rtt": "0.135924000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:08.421089000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494468.421089000", - "frame.time_delta": "0.052050000", - "frame.time_delta_displayed": "0.052050000", - "frame.time_relative": "876.960403000", - "frame.number": "3233", - "frame.len": "218", - "frame.cap_len": "218", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "204", - "ip.id": "0x00009592", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007755", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "152", - "tcp.seq": "37163", - "tcp.nxtseq": "37315", - "tcp.ack": "8963", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000c9d6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:07:7e:a7:9e:53:a6", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2492286, TSecr 2812171174": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2492286", - "tcp.options.timestamp.tsecr": "2812171174" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "152", - "tcp.analysis.push_bytes_sent": "152" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "147", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:46:33:2f:10:6c:25:07:bd:ca:f4:b8:39:a7:53:dd:95:00:40:0a:89:f3:92:3e:71:d8:c9:6a:07:92:ee:cd:4b:e7:ce:77:15:04:9a:d5:9f:ac:63:07:2f:42:c7:98:37:72:d3:f1:60:4d:ce:fb:8e:4a:36:ce:67:94:5e:65:41:79:1d:fd:53:49:3b:45:53:b4:02:42:09:dd:88:ef:ed:7f:d7:bf:ce:51:3c:60:25:5a:99:c4:fa:2b:76:ed:b0:e7:c4:34:20:bc:b7:14:93:40:0e:92:6b:34:93:57:74:8a:52:17:06:69:b9:fb:01:69:62:c6:9f:a0:98:4c:ca:9a:59:7a:25:bc:47:77:9a:f8:b2:69:99" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:08.481388000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494468.481388000", - "frame.time_delta": "0.060299000", - "frame.time_delta_displayed": "0.060299000", - "frame.time_relative": "877.020702000", - "frame.number": "3234", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c8f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038f0", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "8963", - "tcp.ack": "37315", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000987c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:53:cc:00:26:07:7e", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812171212, TSecr 2492286": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812171212", - "tcp.options.timestamp.tsecr": "2492286" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3233", - "tcp.analysis.ack_rtt": "0.060299000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:08.481888000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494468.481888000", - "frame.time_delta": "0.000500000", - "frame.time_delta_displayed": "0.000500000", - "frame.time_relative": "877.021202000", - "frame.number": "3235", - "frame.len": "227", - "frame.cap_len": "227", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "213", - "ip.id": "0x00009593", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000774b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "161", - "tcp.seq": "37315", - "tcp.nxtseq": "37476", - "tcp.ack": "8963", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000048a8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:07:84:a7:9e:53:cc", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2492292, TSecr 2812171212": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2492292", - "tcp.options.timestamp.tsecr": "2812171212" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "161", - "tcp.analysis.push_bytes_sent": "161" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "156", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:47:7a:41:b5:d6:18:c3:19:f3:b2:fe:3f:7b:cc:4b:44:93:11:42:95:f7:3a:9b:5c:a3:b6:46:b4:41:ff:ad:ec:6d:bf:58:b8:80:1b:c8:70:e8:77:27:3f:0f:bf:b0:e6:2e:d7:2b:6e:63:7b:45:ce:d0:e3:d6:cd:bf:c9:a5:71:5c:a3:8a:bb:d0:ae:d0:d4:60:0b:f9:75:44:c1:3c:42:2b:e6:c4:ea:b6:e4:bf:11:62:a1:61:b6:90:8d:c5:6b:f8:94:4b:50:a7:fe:ba:6c:64:a8:de:ff:c4:69:82:af:20:08:b4:27:ab:a6:42:50:f7:4c:92:bb:fa:46:b9:8c:4b:bd:bb:e2:f3:57:d3:46:51:f1:98:cb:07:74:d3:9c:77:88:ad:13:00" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:08.542096000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494468.542096000", - "frame.time_delta": "0.060208000", - "frame.time_delta_displayed": "0.060208000", - "frame.time_relative": "877.081410000", - "frame.number": "3236", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c90", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038ef", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "8963", - "tcp.ack": "37476", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000097c6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:53:db:00:26:07:84", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812171227, TSecr 2492292": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812171227", - "tcp.options.timestamp.tsecr": "2492292" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3235", - "tcp.analysis.ack_rtt": "0.060208000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:08.542593000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494468.542593000", - "frame.time_delta": "0.000497000", - "frame.time_delta_displayed": "0.000497000", - "frame.time_relative": "877.081907000", - "frame.number": "3237", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00009594", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007750", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "155", - "tcp.seq": "37476", - "tcp.nxtseq": "37631", - "tcp.ack": "8963", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00006829", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:07:8b:a7:9e:53:db", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2492299, TSecr 2812171227": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2492299", - "tcp.options.timestamp.tsecr": "2812171227" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "155", - "tcp.analysis.push_bytes_sent": "155" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "150", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:48:6e:26:57:f7:67:f2:00:4c:8a:c6:be:40:a4:08:c2:78:68:aa:b5:d6:82:ef:b9:bd:f9:0a:3f:af:20:1b:bf:7b:80:dc:51:20:26:e7:ff:60:28:16:7f:a1:84:23:36:d3:c8:a8:ae:cf:c0:03:46:19:5f:39:b3:25:51:43:53:2a:fd:22:e6:58:bf:cd:09:06:bf:3b:24:63:82:fb:c6:c0:b4:4a:24:f2:56:c6:6e:0a:f1:cf:70:c0:b5:d6:50:35:9c:c8:cf:cf:61:66:43:ab:1a:83:cd:b0:50:c5:98:b9:7b:03:9c:1c:07:cb:a5:e6:77:80:99:6c:04:fb:02:ad:bc:fe:5c:30:79:63:d6:d6:3c:8b:07:c4:b3:ee" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:08.602756000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494468.602756000", - "frame.time_delta": "0.060163000", - "frame.time_delta_displayed": "0.060163000", - "frame.time_relative": "877.142070000", - "frame.number": "3238", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c91", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038ee", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "8963", - "tcp.ack": "37631", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00009714", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:53:eb:00:26:07:8b", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812171243, TSecr 2492299": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812171243", - "tcp.options.timestamp.tsecr": "2492299" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3237", - "tcp.analysis.ack_rtt": "0.060163000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:09.470436000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494469.470436000", - "frame.time_delta": "0.867680000", - "frame.time_delta_displayed": "0.867680000", - "frame.time_relative": "878.009750000", - "frame.number": "3239", - "frame.len": "218", - "frame.cap_len": "218", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "204", - "ip.id": "0x00009595", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007752", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "152", - "tcp.seq": "37631", - "tcp.nxtseq": "37783", - "tcp.ack": "8963", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000664b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:07:e7:a7:9e:53:eb", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2492391, TSecr 2812171243": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2492391", - "tcp.options.timestamp.tsecr": "2812171243" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "152", - "tcp.analysis.push_bytes_sent": "152" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "147", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:49:d5:99:f2:09:5d:20:d7:ef:e0:06:e9:ef:90:66:36:ca:0f:83:d7:27:a8:a9:bc:08:9c:0a:5b:e7:6f:95:eb:b7:88:a7:48:24:16:5a:22:c6:cb:db:5e:1e:7d:5e:00:cd:23:98:15:c3:40:3d:26:a2:cc:ef:34:11:44:29:71:f4:02:0b:29:f4:2b:fd:dd:78:94:3d:e1:0a:f4:15:77:c6:96:56:3e:f7:d1:ce:6a:82:c8:bc:1a:2f:51:ed:f0:47:d4:ae:f5:f3:6a:e7:39:f1:6c:29:eb:f2:fe:a6:d7:f4:e2:fc:4a:8e:18:df:24:8e:7d:b6:cc:19:d5:ee:08:f4:17:1e:06:a9:78:9e:6a:dc:59:1d:ae" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:09.531253000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494469.531253000", - "frame.time_delta": "0.060817000", - "frame.time_delta_displayed": "0.060817000", - "frame.time_relative": "878.070567000", - "frame.number": "3240", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c92", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038ed", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "8963", - "tcp.ack": "37783", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00009538", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:54:d3:00:26:07:e7", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812171475, TSecr 2492391": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812171475", - "tcp.options.timestamp.tsecr": "2492391" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3239", - "tcp.analysis.ack_rtt": "0.060817000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:09.531749000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494469.531749000", - "frame.time_delta": "0.000496000", - "frame.time_delta_displayed": "0.000496000", - "frame.time_relative": "878.071063000", - "frame.number": "3241", - "frame.len": "227", - "frame.cap_len": "227", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "213", - "ip.id": "0x00009596", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007748", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "161", - "tcp.seq": "37783", - "tcp.nxtseq": "37944", - "tcp.ack": "8963", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000efc4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:07:ed:a7:9e:54:d3", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2492397, TSecr 2812171475": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2492397", - "tcp.options.timestamp.tsecr": "2812171475" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "161", - "tcp.analysis.push_bytes_sent": "161" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "156", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:4a:70:bf:68:8b:92:11:fa:45:0a:7b:12:cb:d0:97:1a:70:8b:87:02:0c:7e:3d:8c:e6:6e:d9:50:36:40:bb:a0:ef:20:f6:68:79:12:21:47:17:24:ce:26:5e:4e:41:73:31:d6:4b:91:d9:45:78:88:c6:72:91:c1:4b:bb:80:e8:c5:1b:78:b0:ee:45:c4:5f:5a:90:7f:4d:f8:9d:5a:12:f7:29:eb:f3:2c:45:5d:98:97:97:6c:2b:c2:c4:ed:e6:4c:04:8b:89:1d:52:77:b7:35:9b:dc:1f:b8:21:d2:3c:07:82:1b:10:cf:c0:ce:1c:81:ec:bb:bd:f5:81:36:f2:cd:50:1f:d3:83:bc:3f:13:c4:ff:e7:08:e8:90:5f:b8:31:d8:4b:48:e8" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:09.591935000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494469.591935000", - "frame.time_delta": "0.060186000", - "frame.time_delta_displayed": "0.060186000", - "frame.time_relative": "878.131249000", - "frame.number": "3242", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c93", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038ec", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "8963", - "tcp.ack": "37944", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00009482", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:54:e2:00:26:07:ed", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812171490, TSecr 2492397": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812171490", - "tcp.options.timestamp.tsecr": "2492397" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3241", - "tcp.analysis.ack_rtt": "0.060186000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:09.592475000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494469.592475000", - "frame.time_delta": "0.000540000", - "frame.time_delta_displayed": "0.000540000", - "frame.time_relative": "878.131789000", - "frame.number": "3243", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00009597", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000774d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "155", - "tcp.seq": "37944", - "tcp.nxtseq": "38099", - "tcp.ack": "8963", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000078c3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:07:f4:a7:9e:54:e2", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2492404, TSecr 2812171490": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2492404", - "tcp.options.timestamp.tsecr": "2812171490" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "155", - "tcp.analysis.push_bytes_sent": "155" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "150", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:4b:d3:fb:c3:14:b6:fb:a5:6d:d6:ee:87:a3:67:03:bd:6e:fb:64:8d:64:1d:7e:81:ad:ff:ef:6a:e4:c6:48:72:12:9c:ed:8e:90:c1:fc:83:29:65:93:ea:e0:1a:b8:f1:cd:28:43:aa:ea:f2:b9:f7:ae:c7:6c:2e:3b:f7:37:b7:fb:54:89:07:16:bd:e9:05:cc:90:f0:11:6e:10:f5:50:cb:1c:ec:ff:9f:45:4f:14:87:4f:61:aa:63:4e:10:38:6d:8f:0e:f8:a9:82:bb:51:bb:f2:fb:0f:76:17:9f:b8:74:e7:a9:ff:86:20:85:6e:79:4d:e3:e2:ca:02:85:bb:bf:97:72:26:0f:20:ef:9a:7c:f8:b6:c4:26:af:f2" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:09.652614000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494469.652614000", - "frame.time_delta": "0.060139000", - "frame.time_delta_displayed": "0.060139000", - "frame.time_relative": "878.191928000", - "frame.number": "3244", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c94", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038eb", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "8963", - "tcp.ack": "38099", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000093d1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:54:f1:00:26:07:f4", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812171505, TSecr 2492404": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812171505", - "tcp.options.timestamp.tsecr": "2492404" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3243", - "tcp.analysis.ack_rtt": "0.060139000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:10.219162000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494470.219162000", - "frame.time_delta": "0.566548000", - "frame.time_delta_displayed": "0.566548000", - "frame.time_relative": "878.758476000", - "frame.number": "3245", - "frame.len": "353", - "frame.cap_len": "353", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "339", - "ip.id": "0x00002c95", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037cb", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "287", - "tcp.seq": "8963", - "tcp.nxtseq": "9250", - "tcp.ack": "38099", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00009ba1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:55:7d:00:26:07:f4", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812171645, TSecr 2492404": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812171645", - "tcp.options.timestamp.tsecr": "2492404" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "287", - "tcp.analysis.push_bytes_sent": "287" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "282", - "ssl.app_data": "34:cd:34:17:47:48:0e:69:49:fb:49:23:96:f9:f0:9a:32:ed:ca:a1:94:57:13:cc:d5:e5:ef:2f:dc:65:99:56:9b:c6:ec:8f:e6:c3:ea:83:b6:e8:87:b2:19:a9:ff:92:9e:fa:58:ea:7f:b5:d3:2a:8b:36:f1:f2:f2:9c:19:96:19:6c:08:09:21:3a:2c:5b:61:82:dc:4a:93:1a:40:fd:7f:27:a0:e0:18:6d:ee:d3:9f:2e:0a:2a:23:34:1d:ee:4f:b6:8c:5b:66:1a:26:9c:7f:1d:17:ae:92:5d:1d:e9:bd:2d:72:cc:c3:76:bc:bb:c0:d6:09:07:dd:50:07:24:13:ad:dc:e0:cf:d2:27:39:cf:15:93:09:e3:c0:28:64:e0:23:fb:e9:79:28:99:db:b8:05:c4:06:66:e2:f3:0a:1c:ef:20:20:c9:cd:59:65:e3:3a:43:71:22:b5:0b:95:ac:f4:63:e5:eb:ed:64:42:65:0c:08:9e:3b:b1:46:d3:4f:2f:80:a0:ea:cd:88:a5:10:17:8d:1d:52:49:df:8f:dc:b5:ff:8d:81:36:75:ea:14:da:4e:89:62:80:40:cf:dc:ab:42:eb:e9:1e:d1:23:0a:09:4b:59:08:b1:c9:55:ca:c4:6e:4f:b2:fe:12:7e:6e:27:02:c9:84:77:ed:79:d2:fd:98:64:cd:9d:07:8c:74:f6:ca:d1:42:52:53:e4:d9:6e:3c:06:96:da:4c:eb:98:0e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:10.239575000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494470.239575000", - "frame.time_delta": "0.020413000", - "frame.time_delta_displayed": "0.020413000", - "frame.time_relative": "878.778889000", - "frame.number": "3246", - "frame.len": "119", - "frame.cap_len": "119", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "105", - "ip.id": "0x00009598", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000077b2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "53", - "tcp.seq": "38099", - "tcp.nxtseq": "38152", - "tcp.ack": "9250", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00000ed4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:08:34:a7:9e:55:7d", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2492468, TSecr 2812171645": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2492468", - "tcp.options.timestamp.tsecr": "2812171645" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3245", - "tcp.analysis.ack_rtt": "0.020413000", - "tcp.analysis.bytes_in_flight": "53", - "tcp.analysis.push_bytes_sent": "53" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "48", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:4c:e5:9f:5a:c9:03:19:46:4f:57:dc:33:15:ec:f8:00:f8:a9:2d:5b:8f:63:76:9a:4c:13:0c:8f:33:75:1f:bc:bd:64:6e:b0:25:bc:0d:1c:3d" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:10.299838000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494470.299838000", - "frame.time_delta": "0.060263000", - "frame.time_delta_displayed": "0.060263000", - "frame.time_relative": "878.839152000", - "frame.number": "3247", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c96", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038e9", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "9250", - "tcp.ack": "38152", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000919b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:55:93:00:26:08:34", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812171667, TSecr 2492468": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812171667", - "tcp.options.timestamp.tsecr": "2492468" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3246", - "tcp.analysis.ack_rtt": "0.060263000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:10.300390000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494470.300390000", - "frame.time_delta": "0.000552000", - "frame.time_delta_displayed": "0.000552000", - "frame.time_relative": "878.839704000", - "frame.number": "3248", - "frame.len": "764", - "frame.cap_len": "764", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "750", - "ip.id": "0x00009599", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000752c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "698", - "tcp.seq": "38152", - "tcp.nxtseq": "38850", - "tcp.ack": "9250", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f1c3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:08:3a:a7:9e:55:93", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2492474, TSecr 2812171667": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2492474", - "tcp.options.timestamp.tsecr": "2812171667" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "698", - "tcp.analysis.push_bytes_sent": "698" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:4d:b7:46:57:72:11:1f:d2:2e:a5:4d:ae:bb:4d:04:c3:a9:67:02:6d:28:d9:a2:df:7a:fb:79:2f:42:c7:a3:dd:43:b9:51:d5:5b:ae:79:1a:5f:91" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "96", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:4e:a1:ce:c6:06:cd:db:40:dd:3e:33:b0:e2:0a:14:f3:c2:08:30:50:9a:43:14:21:94:4d:86:47:5d:91:4b:fb:43:59:a8:df:d1:34:be:d4:07:26:7b:43:6c:c4:3a:77:0e:c1:21:80:32:76:de:78:7f:e2:be:aa:e2:ab:56:63:d3:e8:20:80:11:4b:83:0b:75:ee:0d:b4:dd:96:64:8b:cd:4d:87:cb:16:69:df:3d:83" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "538", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:4f:98:ce:72:06:5b:19:ce:7d:b8:af:69:38:e8:03:30:bc:fb:43:6b:35:32:96:97:f2:12:24:b6:a7:8e:bb:fe:1c:3e:6a:4b:50:47:ae:c0:ac:9e:0f:18:a9:eb:63:e8:17:47:ea:99:d2:56:14:34:2e:47:56:6a:4b:4a:c3:57:36:73:90:f8:d9:a9:8f:41:c8:01:b3:c5:d0:af:29:85:8e:1c:b5:43:c4:ae:4e:90:81:17:58:39:f3:b3:2c:d2:0c:04:44:7e:81:b2:5d:45:df:fc:5f:6b:dd:b9:74:c4:17:a7:9e:08:1c:af:be:7c:ed:ac:07:81:3e:55:51:dc:a8:c3:7a:f8:29:1e:15:38:b9:1f:c9:1c:6f:4c:f6:05:22:2b:14:89:57:9c:24:34:39:14:42:fe:ae:d5:15:89:ea:c2:4b:e7:20:6e:93:69:17:30:01:a0:8a:e2:cd:2b:10:fb:91:fa:0b:22:e1:f9:3a:e7:d1:7d:0d:6e:06:b7:7b:e9:b6:ae:c3:de:1b:12:ac:72:a1:87:14:0f:ab:fd:de:9d:cb:af:2d:ea:57:ed:09:51:ff:bc:4c:e9:c4:4d:dc:e0:60:13:3d:82:64:bc:05:d6:03:ba:75:95:39:36:11:6c:3f:dd:22:a4:50:d6:bf:10:62:6a:ce:88:e9:64:cc:47:7d:e2:79:11:c1:96:68:e5:36:54:54:b3:38:b7:24:c5:e1:5d:f3:55:1f:e4:d2:b1:ba:f0:bc:4c:99:a2:8b:4c:82:8e:12:ab:53:12:a0:3c:dd:f6:d6:9c:e6:4f:8b:5a:0a:47:0f:20:08:81:96:4d:72:44:1f:ea:73:12:d0:3a:07:01:88:a8:13:a7:ce:ca:ef:e4:aa:fd:f6:02:f2:74:ba:84:04:c0:df:e2:45:1d:8c:a3:42:1b:54:e2:29:06:ec:94:d5:39:b1:60:f9:42:77:e8:38:9f:4b:12:f5:73:d8:98:ec:f4:6e:69:7a:af:f0:19:9c:41:7b:f8:2b:c2:dc:a8:3e:f8:52:67:dd:2f:1d:5b:74:ee:44:97:7a:62:72:47:8c:3f:95:10:57:f5:90:90:f3:83:4b:df:bc:50:cd:ab:96:ed:17:69:e5:06:d4:a4:50:66:d3:08:f2:fb:b4:19:f9:ae:20:68:3a:61:9f:d0:34:e7:19:e3:23:e2:ed:2f:cc:92:24:bb:41:4d:7b:3a:91:9d:5e:4a:ce:8c:6f:2d:ab:7f:cf:27:e2:79:64:c6:f0:da:6e:6f:78:5c:7b:2b:51:0d:77:6f:28:23:58:68:c1:78:96:26:ee:ae:43:02:39:12:6f:3d:aa:2d:0d:d7:b4:78:50:1d:97:3a:c9:c8:59:df:c9:c3:a7:8d:0b:27:ec:ca:0b:0e:6b:3d:a1" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:10.360566000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494470.360566000", - "frame.time_delta": "0.060176000", - "frame.time_delta_displayed": "0.060176000", - "frame.time_relative": "878.899880000", - "frame.number": "3249", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c97", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038e8", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "9250", - "tcp.ack": "38850", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00008ecc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:55:a2:00:26:08:3a", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812171682, TSecr 2492474": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812171682", - "tcp.options.timestamp.tsecr": "2492474" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3248", - "tcp.analysis.ack_rtt": "0.060176000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:10.595381000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494470.595381000", - "frame.time_delta": "0.234815000", - "frame.time_delta_displayed": "0.234815000", - "frame.time_relative": "879.134695000", - "frame.number": "3250", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001daa", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000ba46", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00000d92", - "udp.checksum.status": "2", - "udp.stream": "16" - }, - "mdns": { - "dns.id": "0x00000270", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=624", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:10.595945000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494470.595945000", - "frame.time_delta": "0.000564000", - "frame.time_delta_displayed": "0.000564000", - "frame.time_relative": "879.135259000", - "frame.number": "3251", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001dab", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009b41", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000ee8d", - "udp.checksum.status": "2", - "udp.stream": "17" - }, - "mdns": { - "dns.id": "0x00000270", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=624", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:10.596526000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494470.596526000", - "frame.time_delta": "0.000581000", - "frame.time_delta_displayed": "0.000581000", - "frame.time_relative": "879.135840000", - "frame.number": "3252", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1319", - "udp.dstport": "5353", - "udp.port": "1319", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00007c53", - "udp.checksum.status": "2", - "udp.stream": "18" - }, - "mdns": { - "dns.id": "0x00000270", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=624", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:10.637502000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494470.637502000", - "frame.time_delta": "0.040976000", - "frame.time_delta_displayed": "0.040976000", - "frame.time_relative": "879.176816000", - "frame.number": "3253", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "106", - "ip.id": "0x0000959a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000077af", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "54", - "tcp.seq": "38850", - "tcp.nxtseq": "38904", - "tcp.ack": "9250", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000d497", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:08:5c:a7:9e:55:a2", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2492508, TSecr 2812171682": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2492508", - "tcp.options.timestamp.tsecr": "2812171682" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "54", - "tcp.analysis.push_bytes_sent": "54" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:50:f1:c3:b4:d5:b0:54:a9:50:53:0d:5e:7b:78:a9:e3:49:7d:75:3e:5f:a2:ac:5a:24:fa:28:89:36:68:a1:31:16:b7:65:57:7d:5b:74:1c:92:5b" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:10.697824000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494470.697824000", - "frame.time_delta": "0.060322000", - "frame.time_delta_displayed": "0.060322000", - "frame.time_relative": "879.237138000", - "frame.number": "3254", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c98", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038e7", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "9250", - "tcp.ack": "38904", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00008e20", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:55:f6:00:26:08:5c", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812171766, TSecr 2492508": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812171766", - "tcp.options.timestamp.tsecr": "2492508" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3253", - "tcp.analysis.ack_rtt": "0.060322000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:11.200990000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494471.200990000", - "frame.time_delta": "0.503166000", - "frame.time_delta_displayed": "0.503166000", - "frame.time_relative": "879.740304000", - "frame.number": "3255", - "frame.len": "156", - "frame.cap_len": "156", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "142", - "ip.id": "0x00002c99", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000388c", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "90", - "tcp.seq": "9250", - "tcp.nxtseq": "9340", - "tcp.ack": "38904", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000182e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:56:74:00:26:08:5c", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812171892, TSecr 2492508": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812171892", - "tcp.options.timestamp.tsecr": "2492508" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "90", - "tcp.analysis.push_bytes_sent": "90" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "85", - "ssl.app_data": "34:cd:34:17:47:48:0e:6a:35:d6:e8:51:c0:a3:7e:e2:3e:5b:0e:3a:48:ab:5c:5c:14:27:4a:37:7a:d5:c0:1c:e3:b3:31:ec:72:9b:3e:8f:b3:a5:c3:fa:48:a7:5c:b6:dd:9b:24:df:c1:f0:0e:e3:d2:95:1c:21:1c:3e:8a:71:cd:c1:e4:73:dd:ba:a1:ce:c9:c9:ab:05:d4:15:a4:2b:04:38:d9:4c:1f" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:11.205572000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494471.205572000", - "frame.time_delta": "0.004582000", - "frame.time_delta_displayed": "0.004582000", - "frame.time_relative": "879.744886000", - "frame.number": "3256", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x0000959b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000077b5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "38904", - "tcp.nxtseq": "38951", - "tcp.ack": "9340", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00007491", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:08:95:a7:9e:56:74", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2492565, TSecr 2812171892": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2492565", - "tcp.options.timestamp.tsecr": "2812171892" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3255", - "tcp.analysis.ack_rtt": "0.004582000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:51:81:97:63:6b:1b:d4:24:6d:48:0c:59:4f:2d:c2:95:a2:34:d2:46:32:64:3c:a4:ee:67:d0:4c:37:fc:ea:89:eb:ee:b3" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:11.222032000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494471.222032000", - "frame.time_delta": "0.016460000", - "frame.time_delta_displayed": "0.016460000", - "frame.time_relative": "879.761346000", - "frame.number": "3257", - "frame.len": "167", - "frame.cap_len": "167", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "153", - "ip.id": "0x00008881", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000413d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "10024", - "udp.dstport": "1900", - "udp.port": "10024", - "udp.port": "1900", - "udp.length": "133", - "udp.checksum": "0x00009659", - "udp.checksum.status": "2", - "udp.stream": "89" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.request.line": "MX: 4\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST:239.255.255.250:1900\r\n", - "http.request.line": "ST: urn:schemas-upnp-org:device:ZonePlayer:1\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:11.265787000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494471.265787000", - "frame.time_delta": "0.043755000", - "frame.time_delta_displayed": "0.043755000", - "frame.time_relative": "879.805101000", - "frame.number": "3258", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c9a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038e5", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "9340", - "tcp.ack": "38951", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00008cd0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:56:84:00:26:08:95", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812171908, TSecr 2492565": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812171908", - "tcp.options.timestamp.tsecr": "2492565" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3256", - "tcp.analysis.ack_rtt": "0.060215000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:11.266281000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494471.266281000", - "frame.time_delta": "0.000494000", - "frame.time_delta_displayed": "0.000494000", - "frame.time_relative": "879.805595000", - "frame.number": "3259", - "frame.len": "174", - "frame.cap_len": "174", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "160", - "ip.id": "0x0000959c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007777", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "108", - "tcp.seq": "38951", - "tcp.nxtseq": "39059", - "tcp.ack": "9340", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000cd7c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:08:9b:a7:9e:56:84", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2492571, TSecr 2812171908": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2492571", - "tcp.options.timestamp.tsecr": "2812171908" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "108", - "tcp.analysis.push_bytes_sent": "108" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:52:76:00:c6:fe:ab:69:0c:32:4a:97:cf:1e:6e:df:be:2f:57:fa:21:04:6b:3e:b3:a8:d5:bf:35:34:51:cf:fd:55:d8:2f:29:f9:dd:48:f3:15:23" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:53:da:9d:12:f6:1e:de:b3:34:1a:f8:44:62:48:f5:24:7a:6a:02:7b:7b:99:f0:4f:02:20:94:4d:2e:30:99:c5:3a:c1:74:6a:38:2c:43:2c:bb:44" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:11.326500000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494471.326500000", - "frame.time_delta": "0.060219000", - "frame.time_delta_displayed": "0.060219000", - "frame.time_relative": "879.865814000", - "frame.number": "3260", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c9b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038e4", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "9340", - "tcp.ack": "39059", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00008c4e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:56:94:00:26:08:9b", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812171924, TSecr 2492571": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812171924", - "tcp.options.timestamp.tsecr": "2492571" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3259", - "tcp.analysis.ack_rtt": "0.060219000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:11.405912000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494471.405912000", - "frame.time_delta": "0.079412000", - "frame.time_delta_displayed": "0.079412000", - "frame.time_relative": "879.945226000", - "frame.number": "3261", - "frame.len": "218", - "frame.cap_len": "218", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "204", - "ip.id": "0x0000959d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000774a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "152", - "tcp.seq": "39059", - "tcp.nxtseq": "39211", - "tcp.ack": "9340", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00006886", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:08:a9:a7:9e:56:94", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2492585, TSecr 2812171924": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2492585", - "tcp.options.timestamp.tsecr": "2812171924" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "152", - "tcp.analysis.push_bytes_sent": "152" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "147", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:54:06:d5:2d:4f:ab:6b:a7:00:52:13:ee:f6:0c:01:82:2f:27:3a:eb:6f:34:1c:b7:0c:f8:9a:72:4e:9c:5f:63:9c:96:c1:07:cd:3a:52:6a:d3:e8:79:0b:64:1e:7b:1d:35:b7:49:8f:71:33:4e:34:5f:41:63:2b:8d:b8:3c:9b:14:af:ab:e3:2b:eb:fe:a2:11:3d:37:ca:72:37:0c:f6:3e:e6:76:21:89:3c:10:0a:80:43:50:6b:37:bd:1b:30:63:5c:f0:05:47:04:c6:1b:2e:d9:17:36:44:27:fd:fa:12:bf:45:35:d2:f5:81:c9:5e:bd:e7:ed:db:2f:81:6f:f4:14:c1:aa:82:4d:61:45:e1:48:2f:dc" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:11.466234000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494471.466234000", - "frame.time_delta": "0.060322000", - "frame.time_delta_displayed": "0.060322000", - "frame.time_relative": "880.005548000", - "frame.number": "3262", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c9c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038e3", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "9340", - "tcp.ack": "39211", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00008b86", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:56:b6:00:26:08:a9", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812171958, TSecr 2492585": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812171958", - "tcp.options.timestamp.tsecr": "2492585" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3261", - "tcp.analysis.ack_rtt": "0.060322000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:11.474454000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494471.474454000", - "frame.time_delta": "0.008220000", - "frame.time_delta_displayed": "0.008220000", - "frame.time_relative": "880.013768000", - "frame.number": "3263", - "frame.len": "227", - "frame.cap_len": "227", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "213", - "ip.id": "0x0000959e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007740", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "161", - "tcp.seq": "39211", - "tcp.nxtseq": "39372", - "tcp.ack": "9340", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00001d71", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:08:b0:a7:9e:56:b6", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2492592, TSecr 2812171958": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2492592", - "tcp.options.timestamp.tsecr": "2812171958" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "161", - "tcp.analysis.push_bytes_sent": "161" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "156", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:55:af:b2:af:b6:52:e4:c2:08:5c:01:13:e2:43:9e:2f:99:16:01:15:02:e5:85:ae:fb:c5:aa:35:4d:e1:3d:67:41:02:3e:f3:2d:94:5d:82:97:fe:70:ee:2d:12:37:f5:d7:88:6d:5c:17:69:25:b6:06:01:78:20:34:c6:72:c1:e8:43:a2:c4:ea:f0:51:90:1f:bf:2d:f4:86:04:9f:39:f9:d7:df:c3:cc:90:f2:1b:d7:e4:01:52:4e:22:f1:50:6b:c7:a7:8d:34:3b:a7:23:a5:04:3d:bc:11:d9:37:be:5b:49:e5:1d:4d:50:5e:04:9a:16:04:3d:a1:b4:35:9e:4f:3e:4f:de:b2:d4:71:56:22:1f:31:c3:0f:12:b2:9d:6c:0b:8c:8b:1f" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:11.534674000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494471.534674000", - "frame.time_delta": "0.060220000", - "frame.time_delta_displayed": "0.060220000", - "frame.time_relative": "880.073988000", - "frame.number": "3264", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c9d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038e2", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "9340", - "tcp.ack": "39372", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00008acc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:56:c8:00:26:08:b0", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812171976, TSecr 2492592": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812171976", - "tcp.options.timestamp.tsecr": "2492592" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3263", - "tcp.analysis.ack_rtt": "0.060220000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:11.535163000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494471.535163000", - "frame.time_delta": "0.000489000", - "frame.time_delta_displayed": "0.000489000", - "frame.time_relative": "880.074477000", - "frame.number": "3265", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x0000959f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007745", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "155", - "tcp.seq": "39372", - "tcp.nxtseq": "39527", - "tcp.ack": "9340", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000074ba", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:08:b6:a7:9e:56:c8", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2492598, TSecr 2812171976": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2492598", - "tcp.options.timestamp.tsecr": "2812171976" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "155", - "tcp.analysis.push_bytes_sent": "155" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "150", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:56:0d:3a:0a:f7:84:bb:d6:dd:3b:e2:01:be:09:d4:30:22:21:fb:b6:c3:03:93:78:62:1e:67:ff:75:6a:17:d0:b0:a4:6c:69:be:fd:e5:22:e7:7c:aa:55:f3:36:e7:e1:f5:81:21:c3:93:5d:62:22:3c:62:1a:e6:ed:2a:1d:a7:96:60:88:cc:a7:b8:8c:c2:40:03:d3:75:9a:dc:39:11:78:e2:7d:af:da:60:80:98:ae:5b:e7:01:1c:bb:d2:62:ed:fc:58:d6:7a:ba:a6:7d:b2:2e:42:f9:42:1f:6e:7d:f5:46:e0:67:4d:62:2e:16:5e:7d:30:f6:c3:0f:c1:25:9a:bb:96:91:00:e9:29:ba:ab:5d:8b:59:13:69:81" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:11.596085000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494471.596085000", - "frame.time_delta": "0.060922000", - "frame.time_delta_displayed": "0.060922000", - "frame.time_relative": "880.135399000", - "frame.number": "3266", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c9e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038e1", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "9340", - "tcp.ack": "39527", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00008a1c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:56:d7:00:26:08:b6", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812171991, TSecr 2492598": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812171991", - "tcp.options.timestamp.tsecr": "2492598" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3265", - "tcp.analysis.ack_rtt": "0.060922000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:12.467877000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494472.467877000", - "frame.time_delta": "0.871792000", - "frame.time_delta_displayed": "0.871792000", - "frame.time_relative": "881.007191000", - "frame.number": "3267", - "frame.len": "218", - "frame.cap_len": "218", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "204", - "ip.id": "0x000095a0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007747", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "152", - "tcp.seq": "39527", - "tcp.nxtseq": "39679", - "tcp.ack": "9340", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00006d20", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:09:13:a7:9e:56:d7", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2492691, TSecr 2812171991": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2492691", - "tcp.options.timestamp.tsecr": "2812171991" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "152", - "tcp.analysis.push_bytes_sent": "152" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "147", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:57:8d:3d:7d:c7:73:27:e4:ca:c4:05:19:4c:a0:bc:c3:97:2a:be:ff:a3:a7:84:3e:b3:6a:11:09:43:d4:ce:fe:01:82:6f:c2:17:e5:32:70:b0:9a:3d:89:81:87:a2:36:ac:ce:31:a7:ae:4c:de:b4:43:7a:71:da:c8:0a:ef:70:58:42:64:63:71:df:91:74:7e:e7:21:bb:de:81:50:73:06:29:f8:6c:f2:26:74:09:7b:92:a0:43:d4:b6:64:be:5d:30:9d:d8:a4:f1:8c:d3:db:24:44:24:af:3e:e0:46:2d:9a:81:17:82:30:a6:e6:e8:c6:72:91:98:a6:3b:1f:49:43:82:6c:e4:48:0c:07:f6:fb:7a:0d" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:12.528477000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494472.528477000", - "frame.time_delta": "0.060600000", - "frame.time_delta_displayed": "0.060600000", - "frame.time_relative": "881.067791000", - "frame.number": "3268", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002c9f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038e0", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "9340", - "tcp.ack": "39679", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000883e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:57:c0:00:26:09:13", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812172224, TSecr 2492691": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812172224", - "tcp.options.timestamp.tsecr": "2492691" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3267", - "tcp.analysis.ack_rtt": "0.060600000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:12.528970000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494472.528970000", - "frame.time_delta": "0.000493000", - "frame.time_delta_displayed": "0.000493000", - "frame.time_relative": "881.068284000", - "frame.number": "3269", - "frame.len": "227", - "frame.cap_len": "227", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "213", - "ip.id": "0x000095a1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000773d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "161", - "tcp.seq": "39679", - "tcp.nxtseq": "39840", - "tcp.ack": "9340", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000bb46", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:09:19:a7:9e:57:c0", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2492697, TSecr 2812172224": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2492697", - "tcp.options.timestamp.tsecr": "2812172224" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "161", - "tcp.analysis.push_bytes_sent": "161" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "156", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:58:7b:5e:42:42:30:be:15:d8:81:2f:a3:eb:83:2f:10:a4:09:9f:3a:c9:b2:1d:e2:ec:94:01:c5:79:21:f4:82:18:5d:c8:34:db:55:de:85:97:df:76:7d:f0:de:51:f5:03:fe:02:e1:24:f9:ae:e6:88:58:27:a7:4c:a5:34:ce:0b:08:2d:47:4b:5f:1a:06:e7:10:f2:ea:1b:32:85:60:70:56:5f:2e:6b:b1:db:89:2e:e8:67:d7:1f:1a:1e:ed:c2:5e:2a:ac:51:c0:99:25:7f:bf:43:f7:e8:48:c1:d7:f1:6d:10:e3:fa:90:70:26:d6:52:46:d1:6a:a8:f8:6e:ef:26:e7:44:7d:0b:1d:8a:64:1d:55:c7:30:7f:38:b5:7a:28:63:ba:58" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:12.589297000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494472.589297000", - "frame.time_delta": "0.060327000", - "frame.time_delta_displayed": "0.060327000", - "frame.time_relative": "881.128611000", - "frame.number": "3270", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002ca0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038df", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "9340", - "tcp.ack": "39840", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00008788", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:57:cf:00:26:09:19", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812172239, TSecr 2492697": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812172239", - "tcp.options.timestamp.tsecr": "2492697" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3269", - "tcp.analysis.ack_rtt": "0.060327000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:12.589795000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494472.589795000", - "frame.time_delta": "0.000498000", - "frame.time_delta_displayed": "0.000498000", - "frame.time_relative": "881.129109000", - "frame.number": "3271", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x000095a2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007742", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "155", - "tcp.seq": "39840", - "tcp.nxtseq": "39995", - "tcp.ack": "9340", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000065c6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:09:1f:a7:9e:57:cf", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2492703, TSecr 2812172239": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2492703", - "tcp.options.timestamp.tsecr": "2812172239" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "155", - "tcp.analysis.push_bytes_sent": "155" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "150", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:59:9c:8b:af:bc:fa:ef:14:6e:88:7b:70:fa:f7:21:6e:42:5f:3a:56:0e:33:70:39:12:9b:ae:55:e5:b3:52:14:ee:1b:3c:56:13:9a:9a:e1:d1:09:7d:ee:8a:f2:f4:3d:13:a2:5c:0d:dc:19:7c:53:20:2b:06:18:6f:d7:48:d1:88:8c:8f:75:cf:f3:9d:6c:1d:56:da:6d:ec:68:f2:c0:33:56:b0:e4:d2:5e:04:f2:0f:73:ca:f4:0c:0a:96:dc:43:a2:a0:c2:4b:81:04:58:57:f1:85:01:91:30:67:3b:84:fd:48:8b:95:07:93:3b:ca:c3:5b:c8:69:1e:2f:9e:53:a3:84:69:1d:ce:b0:21:39:e5:37:56:4a:40:25" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:12.650207000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494472.650207000", - "frame.time_delta": "0.060412000", - "frame.time_delta_displayed": "0.060412000", - "frame.time_relative": "881.189521000", - "frame.number": "3272", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002ca1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038de", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "9340", - "tcp.ack": "39995", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000086d8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:57:de:00:26:09:1f", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812172254, TSecr 2492703": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812172254", - "tcp.options.timestamp.tsecr": "2492703" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3271", - "tcp.analysis.ack_rtt": "0.060412000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:13.248172000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494473.248172000", - "frame.time_delta": "0.597965000", - "frame.time_delta_displayed": "0.597965000", - "frame.time_relative": "881.787486000", - "frame.number": "3273", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "106", - "ip.id": "0x000095a3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000077a6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "54", - "tcp.seq": "39995", - "tcp.nxtseq": "40049", - "tcp.ack": "9340", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000a987", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:09:61:a7:9e:57:de", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2492769, TSecr 2812172254": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2492769", - "tcp.options.timestamp.tsecr": "2812172254" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "54", - "tcp.analysis.push_bytes_sent": "54" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:5a:05:96:c3:f0:ed:bf:d7:df:14:06:0b:f7:ae:cc:a6:f2:f8:ee:f8:a4:ee:b8:3d:6b:f1:ac:38:f5:df:2e:c3:76:c4:5c:36:72:c7:9e:71:29:9e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:13.308275000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494473.308275000", - "frame.time_delta": "0.060103000", - "frame.time_delta_displayed": "0.060103000", - "frame.time_relative": "881.847589000", - "frame.number": "3274", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002ca2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038dd", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "9340", - "tcp.ack": "40049", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000085bb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:58:83:00:26:09:61", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812172419, TSecr 2492769": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812172419", - "tcp.options.timestamp.tsecr": "2492769" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3273", - "tcp.analysis.ack_rtt": "0.060103000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:14.201614000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494474.201614000", - "frame.time_delta": "0.893339000", - "frame.time_delta_displayed": "0.893339000", - "frame.time_relative": "882.740928000", - "frame.number": "3275", - "frame.len": "162", - "frame.cap_len": "162", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "148", - "ip.id": "0x00002ca3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000387c", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "96", - "tcp.seq": "9340", - "tcp.nxtseq": "9436", - "tcp.ack": "40049", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000dcac", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:59:62:00:26:09:61", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812172642, TSecr 2492769": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812172642", - "tcp.options.timestamp.tsecr": "2492769" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "96", - "tcp.analysis.push_bytes_sent": "96" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "91", - "ssl.app_data": "34:cd:34:17:47:48:0e:6b:10:9e:a3:48:a8:6e:37:54:ee:cd:5f:c7:78:98:af:03:e0:b8:82:96:91:17:01:e9:77:0a:05:35:86:78:17:c3:8f:9c:e4:33:82:58:0e:5e:49:9f:22:7b:44:4b:8c:9e:a8:dc:79:8b:ae:66:50:68:39:6f:08:94:ee:47:76:a0:c5:02:3f:f7:9f:5a:29:f0:d4:be:b3:8e:04:75:c3:ea:ee:53:d4" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:14.205518000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494474.205518000", - "frame.time_delta": "0.003904000", - "frame.time_delta_displayed": "0.003904000", - "frame.time_relative": "882.744832000", - "frame.number": "3276", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x000095a4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000077ac", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "40049", - "tcp.nxtseq": "40096", - "tcp.ack": "9436", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000100e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:09:c1:a7:9e:59:62", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2492865, TSecr 2812172642": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2492865", - "tcp.options.timestamp.tsecr": "2812172642" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3275", - "tcp.analysis.ack_rtt": "0.003904000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:5b:c7:87:2d:03:22:35:0b:d3:7d:8a:5e:e1:8e:a3:89:a8:5d:66:87:e6:3e:a4:03:f7:18:5b:18:b7:d5:56:6b:bb:16:c0" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:14.222087000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494474.222087000", - "frame.time_delta": "0.016569000", - "frame.time_delta_displayed": "0.016569000", - "frame.time_relative": "882.761401000", - "frame.number": "3277", - "frame.len": "173", - "frame.cap_len": "173", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "159", - "ip.id": "0x00008898", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00004120", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "10023", - "udp.dstport": "1900", - "udp.port": "10023", - "udp.port": "1900", - "udp.length": "139", - "udp.checksum": "0x000082c4", - "udp.checksum.status": "2", - "udp.stream": "88" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.request.line": "MX: 4\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST:239.255.255.250:1900\r\n", - "http.request.line": "ST: urn:samsung.com:device:RemoteControlReceiver:1\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "2", - "http.prev_request_in": "3224" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:14.265753000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494474.265753000", - "frame.time_delta": "0.043666000", - "frame.time_delta_displayed": "0.043666000", - "frame.time_relative": "882.805067000", - "frame.number": "3278", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002ca4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038db", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "9436", - "tcp.ack": "40096", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000083dd", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:59:72:00:26:09:c1", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812172658, TSecr 2492865": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812172658", - "tcp.options.timestamp.tsecr": "2492865" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3276", - "tcp.analysis.ack_rtt": "0.060235000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:14.266243000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494474.266243000", - "frame.time_delta": "0.000490000", - "frame.time_delta_displayed": "0.000490000", - "frame.time_relative": "882.805557000", - "frame.number": "3279", - "frame.len": "174", - "frame.cap_len": "174", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "160", - "ip.id": "0x000095a5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000776e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "108", - "tcp.seq": "40096", - "tcp.nxtseq": "40204", - "tcp.ack": "9436", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000e153", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:09:c7:a7:9e:59:72", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2492871, TSecr 2812172658": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2492871", - "tcp.options.timestamp.tsecr": "2812172658" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "108", - "tcp.analysis.push_bytes_sent": "108" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:5c:8c:9d:7d:16:63:f5:db:59:68:24:4e:e7:80:51:7d:8f:de:0c:86:75:4d:86:b7:8b:59:7e:e8:76:17:06:45:cd:e1:fa:0a:70:63:4b:07:7d:db" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:5d:04:c0:d7:7f:15:fc:2e:4b:be:66:ec:18:2e:90:b9:0f:7e:8f:f0:1a:33:7f:bf:5c:b2:50:ae:32:52:9c:47:a2:6e:e5:6c:cb:6d:de:ba:d9:94" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:14.376642000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494474.376642000", - "frame.time_delta": "0.110399000", - "frame.time_delta_displayed": "0.110399000", - "frame.time_relative": "882.915956000", - "frame.number": "3280", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002ca5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038da", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "9436", - "tcp.ack": "40204", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000835b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:59:82:00:26:09:c7", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812172674, TSecr 2492871": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812172674", - "tcp.options.timestamp.tsecr": "2492871" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3279", - "tcp.analysis.ack_rtt": "0.110399000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:14.431616000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494474.431616000", - "frame.time_delta": "0.054974000", - "frame.time_delta_displayed": "0.054974000", - "frame.time_relative": "882.970930000", - "frame.number": "3281", - "frame.len": "218", - "frame.cap_len": "218", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "204", - "ip.id": "0x000095a6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007741", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "152", - "tcp.seq": "40204", - "tcp.nxtseq": "40356", - "tcp.ack": "9436", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000021ca", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:09:d7:a7:9e:59:82", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2492887, TSecr 2812172674": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2492887", - "tcp.options.timestamp.tsecr": "2812172674" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "152", - "tcp.analysis.push_bytes_sent": "152" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "147", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:5e:00:0d:34:c4:f0:73:eb:cf:f8:d7:e9:1d:97:65:64:b4:c5:2a:c7:62:fe:79:ab:5f:9a:e9:9b:d7:45:88:f1:c4:f6:91:3d:c4:f4:10:bb:cf:a0:2a:53:eb:ae:b1:90:4e:3f:02:a9:08:79:97:8e:b9:03:2d:fd:5b:7a:fd:21:0b:fb:5b:15:f2:3c:be:6c:be:51:3b:ed:cf:49:72:18:1b:fa:b8:45:49:0a:e2:1f:d3:f6:2f:54:81:dd:f6:f0:05:f7:86:51:96:38:87:6a:33:88:51:b1:5d:58:bf:31:f2:14:c2:78:d2:7d:4f:44:45:00:4c:d2:52:85:ee:d3:fd:db:90:cf:e5:b0:5a:ff:a4:06:97:2d" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:14.491707000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494474.491707000", - "frame.time_delta": "0.060091000", - "frame.time_delta_displayed": "0.060091000", - "frame.time_relative": "883.031021000", - "frame.number": "3282", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002ca6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038d9", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "9436", - "tcp.ack": "40356", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000828a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:59:ab:00:26:09:d7", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812172715, TSecr 2492887": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812172715", - "tcp.options.timestamp.tsecr": "2492887" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3281", - "tcp.analysis.ack_rtt": "0.060091000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:14.492249000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494474.492249000", - "frame.time_delta": "0.000542000", - "frame.time_delta_displayed": "0.000542000", - "frame.time_relative": "883.031563000", - "frame.number": "3283", - "frame.len": "227", - "frame.cap_len": "227", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "213", - "ip.id": "0x000095a7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007737", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "161", - "tcp.seq": "40356", - "tcp.nxtseq": "40517", - "tcp.ack": "9436", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000dee8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:09:de:a7:9e:59:ab", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2492894, TSecr 2812172715": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2492894", - "tcp.options.timestamp.tsecr": "2812172715" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "161", - "tcp.analysis.push_bytes_sent": "161" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "156", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:5f:e2:ed:d6:df:41:98:2c:63:91:b5:4d:90:c3:05:0a:74:32:fd:9a:37:b8:14:05:64:02:ae:50:b0:45:14:3e:97:71:9f:55:ca:9e:60:0c:a4:4e:e2:b4:8f:74:5e:61:81:d2:34:e6:6d:c6:d5:ec:9a:c9:c2:ce:f5:cc:8c:a4:8f:cc:34:e9:b0:d0:29:34:e5:4d:e8:8b:f2:cb:f1:fc:6b:eb:37:be:cf:4c:a9:a9:37:f9:8e:62:dd:5d:1f:20:4c:38:c7:35:9a:32:9c:aa:df:aa:86:de:46:7f:9a:38:21:ab:64:64:cd:f9:96:8d:af:b1:fc:1b:4b:34:f6:72:7a:68:3d:b0:c2:68:e3:7a:e1:99:46:2d:f3:e9:ef:72:9e:51:cd:08:08" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:14.552306000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494474.552306000", - "frame.time_delta": "0.060057000", - "frame.time_delta_displayed": "0.060057000", - "frame.time_relative": "883.091620000", - "frame.number": "3284", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002ca7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038d8", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "9436", - "tcp.ack": "40517", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000081d3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:59:ba:00:26:09:de", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812172730, TSecr 2492894": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812172730", - "tcp.options.timestamp.tsecr": "2492894" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3283", - "tcp.analysis.ack_rtt": "0.060057000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:14.552788000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494474.552788000", - "frame.time_delta": "0.000482000", - "frame.time_delta_displayed": "0.000482000", - "frame.time_relative": "883.092102000", - "frame.number": "3285", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x000095a8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000773c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "155", - "tcp.seq": "40517", - "tcp.nxtseq": "40672", - "tcp.ack": "9436", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000dd60", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:09:e4:a7:9e:59:ba", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2492900, TSecr 2812172730": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2492900", - "tcp.options.timestamp.tsecr": "2812172730" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "155", - "tcp.analysis.push_bytes_sent": "155" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "150", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:60:11:ec:7a:72:68:04:c6:b6:df:f1:45:ed:a7:dd:a7:41:38:13:57:8b:60:e1:0e:d9:e4:41:45:17:27:92:c7:1d:6f:19:31:25:a2:00:84:26:a3:eb:83:52:8f:98:e6:07:cd:d4:88:14:c0:e5:86:6f:75:f5:17:5d:98:0f:0d:48:a4:80:c9:d3:6b:2c:24:22:85:00:36:e7:77:04:b3:20:59:95:92:77:25:1d:43:d3:1b:23:6c:40:32:17:b7:71:c2:f9:b3:54:3a:a1:d4:a0:9f:b6:96:bb:29:a7:d6:cb:b1:55:d5:50:c4:89:c2:b4:14:23:c2:34:05:8a:3c:ab:7c:dc:7e:8a:bd:79:6e:ac:36:27:5a:0c:fa:ec" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:14.613101000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494474.613101000", - "frame.time_delta": "0.060313000", - "frame.time_delta_displayed": "0.060313000", - "frame.time_relative": "883.152415000", - "frame.number": "3286", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002ca8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038d7", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "9436", - "tcp.ack": "40672", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00008123", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:59:c9:00:26:09:e4", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812172745, TSecr 2492900": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812172745", - "tcp.options.timestamp.tsecr": "2492900" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3285", - "tcp.analysis.ack_rtt": "0.060313000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:15.477124000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494475.477124000", - "frame.time_delta": "0.864023000", - "frame.time_delta_displayed": "0.864023000", - "frame.time_relative": "884.016438000", - "frame.number": "3287", - "frame.len": "218", - "frame.cap_len": "218", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "204", - "ip.id": "0x000095a9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000773e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "152", - "tcp.seq": "40672", - "tcp.nxtseq": "40824", - "tcp.ack": "9436", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000895a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:0a:40:a7:9e:59:c9", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2492992, TSecr 2812172745": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2492992", - "tcp.options.timestamp.tsecr": "2812172745" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "152", - "tcp.analysis.push_bytes_sent": "152" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "147", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:61:05:73:d0:e2:c6:cb:49:13:e9:5b:fd:7a:73:79:20:c9:9b:6e:de:1a:81:35:e8:c0:fd:48:b9:fd:79:8f:85:a6:08:11:f8:ed:9f:f6:c6:68:24:55:c2:68:f9:04:d8:a8:56:b3:61:e8:a1:4e:88:6d:02:e1:74:94:88:fb:fd:91:6c:a8:84:c6:9a:bd:32:9d:69:b2:db:4a:7a:75:4c:c6:c6:51:01:67:0f:9a:7a:53:0c:8d:95:1f:84:cb:96:51:bc:d2:4a:70:bc:49:f5:f7:ea:07:6e:98:12:15:90:7f:e2:c1:6d:8b:22:c8:77:38:9c:e1:77:6f:7f:8b:11:e3:70:82:53:e8:cc:67:00:3d:c7:71:4b" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:15.537341000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494475.537341000", - "frame.time_delta": "0.060217000", - "frame.time_delta_displayed": "0.060217000", - "frame.time_relative": "884.076655000", - "frame.number": "3288", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002ca9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038d6", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "9436", - "tcp.ack": "40824", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00007f48", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:5a:b0:00:26:0a:40", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812172976, TSecr 2492992": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812172976", - "tcp.options.timestamp.tsecr": "2492992" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3287", - "tcp.analysis.ack_rtt": "0.060217000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:15.537833000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494475.537833000", - "frame.time_delta": "0.000492000", - "frame.time_delta_displayed": "0.000492000", - "frame.time_relative": "884.077147000", - "frame.number": "3289", - "frame.len": "227", - "frame.cap_len": "227", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "213", - "ip.id": "0x000095aa", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007734", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "161", - "tcp.seq": "40824", - "tcp.nxtseq": "40985", - "tcp.ack": "9436", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000003f2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:0a:46:a7:9e:5a:b0", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2492998, TSecr 2812172976": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2492998", - "tcp.options.timestamp.tsecr": "2812172976" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "161", - "tcp.analysis.push_bytes_sent": "161" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "156", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:62:04:1f:59:a6:17:5d:bf:87:c0:c2:eb:f8:09:d1:51:52:25:b9:db:25:15:c2:6e:a4:fd:3b:e1:00:5c:59:9f:87:ae:6f:12:f8:3f:85:6b:05:27:a8:b3:38:6c:70:91:12:21:2f:fa:8f:25:c1:84:82:70:55:ae:c3:aa:5f:b7:e7:2a:d2:c6:c7:6a:4d:0b:b2:7f:9d:68:01:78:20:5a:0a:e6:f3:dd:01:e1:e7:fc:91:eb:8b:35:95:1e:70:25:4b:91:f1:3c:0d:c0:75:a4:f5:0b:bc:f2:b0:20:ab:14:10:da:39:28:33:78:88:f7:d0:ce:42:a0:d5:92:97:40:99:23:47:eb:e6:97:21:ab:22:87:8b:e9:f7:06:ef:7a:e9:86:13:60:cc" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:15.597960000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494475.597960000", - "frame.time_delta": "0.060127000", - "frame.time_delta_displayed": "0.060127000", - "frame.time_relative": "884.137274000", - "frame.number": "3290", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002caa", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038d5", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "9436", - "tcp.ack": "40985", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00007e92", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:5a:bf:00:26:0a:46", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812172991, TSecr 2492998": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812172991", - "tcp.options.timestamp.tsecr": "2492998" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3289", - "tcp.analysis.ack_rtt": "0.060127000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:15.598442000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494475.598442000", - "frame.time_delta": "0.000482000", - "frame.time_delta_displayed": "0.000482000", - "frame.time_relative": "884.137756000", - "frame.number": "3291", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x000095ab", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007739", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "155", - "tcp.seq": "40985", - "tcp.nxtseq": "41140", - "tcp.ack": "9436", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000d103", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:0a:4c:a7:9e:5a:bf", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2493004, TSecr 2812172991": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2493004", - "tcp.options.timestamp.tsecr": "2812172991" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "155", - "tcp.analysis.push_bytes_sent": "155" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "150", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:63:a4:a2:e0:27:f5:75:60:c6:70:93:59:82:fd:48:6e:18:47:44:05:1f:68:89:72:27:6a:0e:20:e6:85:e6:35:ed:df:c9:14:21:66:3d:18:c1:3d:42:89:b1:8d:c5:e0:72:e5:6e:a1:79:c8:0f:1f:d2:a1:2c:2c:eb:cd:b3:a8:e2:40:99:d8:c7:33:a7:7c:21:bd:3e:62:ca:e1:2c:58:57:eb:ca:37:ad:d3:d4:02:14:75:c2:03:86:db:46:29:65:47:23:0a:f1:59:b6:7d:4a:f3:90:c7:88:c4:b5:dd:4f:a8:4a:e8:e4:3f:e0:b5:a8:ab:57:14:30:b0:88:06:da:11:8c:8e:17:8a:68:68:96:9a:ac:18:88:98:38" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:15.658603000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494475.658603000", - "frame.time_delta": "0.060161000", - "frame.time_delta_displayed": "0.060161000", - "frame.time_relative": "884.197917000", - "frame.number": "3292", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002cab", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038d4", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "9436", - "tcp.ack": "41140", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00007de1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:5a:cf:00:26:0a:4c", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812173007, TSecr 2493004": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812173007", - "tcp.options.timestamp.tsecr": "2493004" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3291", - "tcp.analysis.ack_rtt": "0.060161000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:15.779497000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494475.779497000", - "frame.time_delta": "0.120894000", - "frame.time_delta_displayed": "0.120894000", - "frame.time_relative": "884.318811000", - "frame.number": "3293", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x00000a5f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000ae5b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "34965", - "udp.dstport": "53", - "udp.port": "34965", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x00002d7f", - "udp.checksum.status": "2", - "udp.stream": "90" - }, - "dns": { - "dns.id": "0x00000f29", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:15.780266000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494475.780266000", - "frame.time_delta": "0.000769000", - "frame.time_delta_displayed": "0.000769000", - "frame.time_relative": "884.319580000", - "frame.number": "3294", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x00005079", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00006841", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "34965", - "udp.port": "53", - "udp.port": "34965", - "udp.length": "45", - "udp.checksum": "0x00008230", - "udp.checksum.status": "2", - "udp.stream": "90" - }, - "dns": { - "dns.response_to": "3293", - "dns.time": "0.000769000", - "dns.id": "0x00000f29", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:15.782258000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494475.782258000", - "frame.time_delta": "0.001992000", - "frame.time_delta_displayed": "0.001992000", - "frame.time_relative": "884.321572000", - "frame.number": "3295", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x00000a60", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000ae5a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "40080", - "udp.dstport": "53", - "udp.port": "40080", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x00003483", - "udp.checksum.status": "2", - "udp.stream": "91" - }, - "dns": { - "dns.id": "0x00000f2a", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:15.782804000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494475.782804000", - "frame.time_delta": "0.000546000", - "frame.time_delta_displayed": "0.000546000", - "frame.time_relative": "884.322118000", - "frame.number": "3296", - "frame.len": "95", - "frame.cap_len": "95", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "81", - "ip.id": "0x0000507a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00006830", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "40080", - "udp.port": "53", - "udp.port": "40080", - "udp.length": "61", - "udp.checksum": "0x00008240", - "udp.checksum.status": "2", - "udp.stream": "91" - }, - "dns": { - "dns.response_to": "3295", - "dns.time": "0.000546000", - "dns.id": "0x00000f2a", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "1", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { - "dns.resp.name": "dcp.cpp.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2902", - "dns.resp.len": "4", - "dns.a": "5.79.62.93" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:15.783796000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494475.783796000", - "frame.time_delta": "0.000992000", - "frame.time_delta_displayed": "0.000992000", - "frame.time_relative": "884.323110000", - "frame.number": "3297", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00003413", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000001bd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35303", - "tcp.dstport": "80", - "tcp.port": "35303", - "tcp.port": "80", - "tcp.stream": "135", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00008f24", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:15.918043000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494475.918043000", - "frame.time_delta": "0.134247000", - "frame.time_delta_displayed": "0.134247000", - "frame.time_relative": "884.457357000", - "frame.number": "3298", - "frame.len": "62", - "frame.cap_len": "62", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "48", - "ip.id": "0x0000d77d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x0000b355", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35303", - "tcp.port": "80", - "tcp.port": "35303", - "tcp.stream": "135", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "28", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "4140", - "tcp.window_size": "4140", - "tcp.checksum": "0x000070be", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:64:04:02:00:00", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1380" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "End of Option List (EOL)": { - "tcp.options.type": "0", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "0" - } - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3297", - "tcp.analysis.ack_rtt": "0.134247000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:15.918586000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494475.918586000", - "frame.time_delta": "0.000543000", - "frame.time_delta_displayed": "0.000543000", - "frame.time_relative": "884.457900000", - "frame.number": "3299", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00003414", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000001c8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35303", - "tcp.dstport": "80", - "tcp.port": "35303", - "tcp.port": "80", - "tcp.stream": "135", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00003a4d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3298", - "tcp.analysis.ack_rtt": "0.000543000", - "tcp.analysis.initial_rtt": "0.134790000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:15.918600000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494475.918600000", - "frame.time_delta": "0.000014000", - "frame.time_delta_displayed": "0.000014000", - "frame.time_relative": "884.457914000", - "frame.number": "3300", - "frame.len": "654", - "frame.cap_len": "654", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "640", - "ip.id": "0x00003415", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ff6e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35303", - "tcp.dstport": "80", - "tcp.port": "35303", - "tcp.port": "80", - "tcp.stream": "135", - "tcp.len": "600", - "tcp.seq": "1", - "tcp.nxtseq": "601", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x000048dc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.134790000", - "tcp.analysis.bytes_in_flight": "600", - "tcp.analysis.push_bytes_sent": "600" - }, - "tcp.segment_data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:39:32:22:2c:20:4e:6f:6e:63:65:3d:22:51:38:4e:51:42:49:69:66:57:36:65:37:49:4e:55:49:6e:2b:79:52:4b:67:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:57:47:30:4a:76:31:31:65:37:57:2b:74:31:33:7a:47:4a:71:6e:30:4b:67:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:16.053372000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494476.053372000", - "frame.time_delta": "0.134772000", - "frame.time_delta_displayed": "0.134772000", - "frame.time_relative": "884.592686000", - "frame.number": "3301", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001762", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x00007379", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35303", - "tcp.port": "80", - "tcp.port": "35303", - "tcp.stream": "135", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "601", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4740", - "tcp.window_size": "4740", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00009781", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3300", - "tcp.analysis.ack_rtt": "0.134772000", - "tcp.analysis.initial_rtt": "0.134790000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:16.054000000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494476.054000000", - "frame.time_delta": "0.000628000", - "frame.time_delta_displayed": "0.000628000", - "frame.time_relative": "884.593314000", - "frame.number": "3302", - "frame.len": "1302", - "frame.cap_len": "1302", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:media" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1288", - "ip.id": "0x00003416", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000fce5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35303", - "tcp.dstport": "80", - "tcp.port": "35303", - "tcp.port": "80", - "tcp.stream": "135", - "tcp.len": "1248", - "tcp.seq": "601", - "tcp.nxtseq": "1849", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00005d0a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.134790000", - "tcp.analysis.bytes_in_flight": "1248", - "tcp.analysis.push_bytes_sent": "1248" - }, - "tcp.segment_data": "b0:5e:73:20:88:2c:35:9f:a3:e9:75:22:05:f7:a0:18:d4:42:8f:a8:2d:1d:d1:63:45:5d:6c:01:76:28:f8:07:52:c8:ea:6a:5a:6a:cb:cc:a5:00:41:0e:67:4b:5c:13:06:a3:9d:35:14:ec:64:4c:b8:d4:c8:6a:a6:3d:9b:c3:1c:16:ee:e2:b4:92:37:b1:a1:10:c0:cf:f0:69:e9:87:58:a3:cd:c1:77:97:84:a2:ca:f8:41:7f:16:26:8f:84:b1:b0:2f:23:58:b0:2a:6d:d7:2b:cc:06:68:bb:8a:d4:da:38:7f:7d:b5:44:8b:35:94:61:66:1e:60:ae:69:0b:98:90:63:ee:e7:b4:72:64:f9:31:57:ed:d7:34:0e:06:5e:dd:a9:42:d8:d0:dc:0f:d5:87:e6:a7:82:1d:67:cc:86:01:61:ef:d1:90:1b:dd:db:a7:b7:80:23:05:e8:9d:64:ec:9c:9b:66:a4:51:4a:6f:80:aa:7e:b6:3d:e1:2c:4e:b0:95:c7:d9:da:95:70:5a:29:3f:83:92:37:3e:84:c6:cf:f9:84:13:e2:45:55:82:ab:6c:03:8e:21:e4:7a:f4:da:fe:75:06:ce:a1:b3:20:97:36:7e:6b:93:88:51:b3:59:3b:e8:1e:1d:4d:e2:cc:ab:1f:7f:64:03:ee:df:64:70:6d:74:18:1d:ac:0a:4b:69:35:f4:3a:d9:74:e6:81:4f:08:e0:fc:1e:3e:fa:48:7b:97:73:5d:44:22:fd:f5:80:a1:d8:c7:95:25:f9:c1:59:88:0b:c5:00:70:c4:0c:33:12:66:38:3a:3b:ef:8c:cd:a5:58:ba:24:de:bd:29:ca:37:e0:f0:df:94:aa:9b:c2:6c:6b:eb:3b:1a:b3:d0:a5:63:f0:ed:62:c4:4b:6c:38:32:52:86:86:12:32:85:8f:75:03:ba:62:27:51:10:3c:b0:63:80:0a:88:09:48:5b:8b:bf:91:7e:a9:d7:2e:e1:57:24:89:95:da:29:49:bf:ca:f6:f2:ce:b5:12:27:c3:5b:86:2d:17:35:be:63:47:60:bd:83:e8:fd:f4:7d:7b:ee:c3:d5:a9:ae:1c:d5:26:27:a4:5a:9b:e8:7b:c8:e7:9e:fc:13:b8:f4:3b:4f:5a:1e:d3:04:62:4b:5b:0a:84:fb:0b:30:e7:52:fa:20:fb:c5:4e:34:56:ae:eb:24:2c:4f:f7:87:24:e6:12:6d:7f:ec:cd:10:15:ba:55:1c:85:f4:59:24:25:5c:33:fa:df:44:6d:98:f4:82:df:f4:c0:57:18:a6:f8:83:b4:73:00:5a:25:48:d8:f3:0c:f3:dc:78:d9:b9:44:6a:60:65:81:08:5f:0f:55:b7:db:e8:42:98:97:a7:3e:93:9d:8a:1b:0f:c7:1a:98:90:6e:e4:d8:42:b1:0e:ea:ff:25:f2:c5:07:3a:00:b4:4b:d4:9f:04:9c:da:97:fd:5e:8b:ad:6b:aa:ea:8a:b1:88:6e:35:8b:4a:11:3d:9d:62:f2:86:48:b6:37:65:68:03:5e:8d:c0:6b:c2:62:5c:67:53:c4:f8:fd:37:c9:25:3f:95:97:6d:48:6a:1e:07:dd:93:bd:05:60:ea:fd:92:7d:6e:5e:8f:6f:ea:27:a5:20:79:1a:44:c9:d1:a4:05:fe:88:6f:a1:48:4e:fa:72:03:77:3b:d7:2b:05:38:fc:24:57:75:b9:e1:aa:64:95:b0:26:08:0b:fb:8e:03:b9:f2:16:1e:c7:75:4b:7f:be:cc:6b:d5:0f:d5:5c:f8:70:72:48:81:30:ba:ae:0e:b3:9b:4c:88:cd:27:dc:af:f4:89:d0:91:54:79:df:27:db:e3:39:af:0c:8e:d3:5c:87:da:ca:9d:47:e8:26:d7:7a:2f:71:62:0b:0f:1c:86:b8:86:f5:aa:1b:de:ae:7d:8a:bb:8b:39:af:34:a2:93:f4:77:7f:11:71:3e:81:62:46:a9:c3:11:13:81:6b:20:d6:8a:7f:81:cc:cc:4c:89:34:05:1a:bf:65:dc:67:f4:22:39:dd:e3:ad:a4:21:de:76:a3:b6:87:26:5a:8c:4f:7b:0d:38:e3:90:8f:6c:f5:a7:27:0f:34:52:30:fb:22:98:4a:8a:2c:17:e7:6c:9e:cb:95:91:c2:d7:a5:5f:36:a9:b2:90:e5:7b:23:41:70:e0:6c:8e:2c:09:f9:f8:73:ce:a2:22:20:00:64:d4:76:27:44:1a:f1:a5:25:80:73:72:fb:32:fb:7a:73:2c:0f:9a:c8:0b:31:dd:1e:22:f8:70:ed:18:a8:4a:10:c0:59:da:3d:de:59:28:bd:80:67:d7:bd:b5:be:6b:e5:fb:6e:02:81:22:32:a0:e5:87:0b:1c:ec:a0:14:19:45:5b:3a:42:f3:58:dd:87:25:97:0c:d3:c0:03:da:38:48:c9:53:4f:75:83:48:64:7d:45:a1:e7:65:ee:e1:cc:4f:27:bb:ff:c8:62:e7:2a:26:43:83:e6:07:de:03:a7:51:19:2f:c0:de:53:0d:62:e8:93:fe:2c:4d:09:3f:1d:6e:23:1c:cf:3e:d2:96:bd:3c:28:c0:d7:1d:22:4c:78:97:8e:2e:49:00:16:fa:eb:d7:c6:14:89:7c:5b:6a:bf:91:dc:16:28:d4:75:6a:af:34:50:8f:2f:52:c8:f2:1a:36:b3:a4:3f:04:cc:26:40:4f:2b:7a:ff:71:bc:18:f1:00:ff:ba:bf:eb:6e:48:9d:ca:f5:1d:b5:50:0c:a6:11:e7:55:a2:e8:94:99:d3:be:d2:73:09:24:7e:5c:78:35:78:3d:0c:85:31:73:73:f1:a1:48:a5:82:56:e0:cc:20:3f:13:26:9c:d8:ce:94:1e:d0:38:ab:96:57:04:b8:74:42:40:32:d2:18:a1:49:a0:0a:85:b6:ce:c7:34:d8:3a:62:5a:dc:09:b4:9c:64:d1:c4:b1:a0:b8:71:45:f8:79:7d:a9:3f:f1:ae:73:11:99:dc:93:71:66:8c:a3:ee:60:30:71:d9:53:52:67:24:ca:40:ba:d2:6b:d0:fc:75:42:9e:b3:2d:28:80:d5:9d:c2:62:6d:51:8a:02:00:68:98:94:00:ea:3a:ef:a4:da:76:0c:6c:a8:f5:a6:18:d3:74:43:2a:7e:de:24:db:c2:57:09:d8:6e:b7:79:1d:0e:8b:39:1c:19:f1:1f:cb:3c:73:cf:4a:4d:63:dc:ca:d3:47:1a:35:d6:9d:8f:9c:1e:ae:66:e4:f4:f7:0d:f3:3b:8d:b4:b1:83:75:ee:14" - }, - "tcp.segments": { - "tcp.segment": "3300", - "tcp.segment": "3302", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1848", - "tcp.reassembled.data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:39:32:22:2c:20:4e:6f:6e:63:65:3d:22:51:38:4e:51:42:49:69:66:57:36:65:37:49:4e:55:49:6e:2b:79:52:4b:67:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:57:47:30:4a:76:31:31:65:37:57:2b:74:31:33:7a:47:4a:71:6e:30:4b:67:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a:b0:5e:73:20:88:2c:35:9f:a3:e9:75:22:05:f7:a0:18:d4:42:8f:a8:2d:1d:d1:63:45:5d:6c:01:76:28:f8:07:52:c8:ea:6a:5a:6a:cb:cc:a5:00:41:0e:67:4b:5c:13:06:a3:9d:35:14:ec:64:4c:b8:d4:c8:6a:a6:3d:9b:c3:1c:16:ee:e2:b4:92:37:b1:a1:10:c0:cf:f0:69:e9:87:58:a3:cd:c1:77:97:84:a2:ca:f8:41:7f:16:26:8f:84:b1:b0:2f:23:58:b0:2a:6d:d7:2b:cc:06:68:bb:8a:d4:da:38:7f:7d:b5:44:8b:35:94:61:66:1e:60:ae:69:0b:98:90:63:ee:e7:b4:72:64:f9:31:57:ed:d7:34:0e:06:5e:dd:a9:42:d8:d0:dc:0f:d5:87:e6:a7:82:1d:67:cc:86:01:61:ef:d1:90:1b:dd:db:a7:b7:80:23:05:e8:9d:64:ec:9c:9b:66:a4:51:4a:6f:80:aa:7e:b6:3d:e1:2c:4e:b0:95:c7:d9:da:95:70:5a:29:3f:83:92:37:3e:84:c6:cf:f9:84:13:e2:45:55:82:ab:6c:03:8e:21:e4:7a:f4:da:fe:75:06:ce:a1:b3:20:97:36:7e:6b:93:88:51:b3:59:3b:e8:1e:1d:4d:e2:cc:ab:1f:7f:64:03:ee:df:64:70:6d:74:18:1d:ac:0a:4b:69:35:f4:3a:d9:74:e6:81:4f:08:e0:fc:1e:3e:fa:48:7b:97:73:5d:44:22:fd:f5:80:a1:d8:c7:95:25:f9:c1:59:88:0b:c5:00:70:c4:0c:33:12:66:38:3a:3b:ef:8c:cd:a5:58:ba:24:de:bd:29:ca:37:e0:f0:df:94:aa:9b:c2:6c:6b:eb:3b:1a:b3:d0:a5:63:f0:ed:62:c4:4b:6c:38:32:52:86:86:12:32:85:8f:75:03:ba:62:27:51:10:3c:b0:63:80:0a:88:09:48:5b:8b:bf:91:7e:a9:d7:2e:e1:57:24:89:95:da:29:49:bf:ca:f6:f2:ce:b5:12:27:c3:5b:86:2d:17:35:be:63:47:60:bd:83:e8:fd:f4:7d:7b:ee:c3:d5:a9:ae:1c:d5:26:27:a4:5a:9b:e8:7b:c8:e7:9e:fc:13:b8:f4:3b:4f:5a:1e:d3:04:62:4b:5b:0a:84:fb:0b:30:e7:52:fa:20:fb:c5:4e:34:56:ae:eb:24:2c:4f:f7:87:24:e6:12:6d:7f:ec:cd:10:15:ba:55:1c:85:f4:59:24:25:5c:33:fa:df:44:6d:98:f4:82:df:f4:c0:57:18:a6:f8:83:b4:73:00:5a:25:48:d8:f3:0c:f3:dc:78:d9:b9:44:6a:60:65:81:08:5f:0f:55:b7:db:e8:42:98:97:a7:3e:93:9d:8a:1b:0f:c7:1a:98:90:6e:e4:d8:42:b1:0e:ea:ff:25:f2:c5:07:3a:00:b4:4b:d4:9f:04:9c:da:97:fd:5e:8b:ad:6b:aa:ea:8a:b1:88:6e:35:8b:4a:11:3d:9d:62:f2:86:48:b6:37:65:68:03:5e:8d:c0:6b:c2:62:5c:67:53:c4:f8:fd:37:c9:25:3f:95:97:6d:48:6a:1e:07:dd:93:bd:05:60:ea:fd:92:7d:6e:5e:8f:6f:ea:27:a5:20:79:1a:44:c9:d1:a4:05:fe:88:6f:a1:48:4e:fa:72:03:77:3b:d7:2b:05:38:fc:24:57:75:b9:e1:aa:64:95:b0:26:08:0b:fb:8e:03:b9:f2:16:1e:c7:75:4b:7f:be:cc:6b:d5:0f:d5:5c:f8:70:72:48:81:30:ba:ae:0e:b3:9b:4c:88:cd:27:dc:af:f4:89:d0:91:54:79:df:27:db:e3:39:af:0c:8e:d3:5c:87:da:ca:9d:47:e8:26:d7:7a:2f:71:62:0b:0f:1c:86:b8:86:f5:aa:1b:de:ae:7d:8a:bb:8b:39:af:34:a2:93:f4:77:7f:11:71:3e:81:62:46:a9:c3:11:13:81:6b:20:d6:8a:7f:81:cc:cc:4c:89:34:05:1a:bf:65:dc:67:f4:22:39:dd:e3:ad:a4:21:de:76:a3:b6:87:26:5a:8c:4f:7b:0d:38:e3:90:8f:6c:f5:a7:27:0f:34:52:30:fb:22:98:4a:8a:2c:17:e7:6c:9e:cb:95:91:c2:d7:a5:5f:36:a9:b2:90:e5:7b:23:41:70:e0:6c:8e:2c:09:f9:f8:73:ce:a2:22:20:00:64:d4:76:27:44:1a:f1:a5:25:80:73:72:fb:32:fb:7a:73:2c:0f:9a:c8:0b:31:dd:1e:22:f8:70:ed:18:a8:4a:10:c0:59:da:3d:de:59:28:bd:80:67:d7:bd:b5:be:6b:e5:fb:6e:02:81:22:32:a0:e5:87:0b:1c:ec:a0:14:19:45:5b:3a:42:f3:58:dd:87:25:97:0c:d3:c0:03:da:38:48:c9:53:4f:75:83:48:64:7d:45:a1:e7:65:ee:e1:cc:4f:27:bb:ff:c8:62:e7:2a:26:43:83:e6:07:de:03:a7:51:19:2f:c0:de:53:0d:62:e8:93:fe:2c:4d:09:3f:1d:6e:23:1c:cf:3e:d2:96:bd:3c:28:c0:d7:1d:22:4c:78:97:8e:2e:49:00:16:fa:eb:d7:c6:14:89:7c:5b:6a:bf:91:dc:16:28:d4:75:6a:af:34:50:8f:2f:52:c8:f2:1a:36:b3:a4:3f:04:cc:26:40:4f:2b:7a:ff:71:bc:18:f1:00:ff:ba:bf:eb:6e:48:9d:ca:f5:1d:b5:50:0c:a6:11:e7:55:a2:e8:94:99:d3:be:d2:73:09:24:7e:5c:78:35:78:3d:0c:85:31:73:73:f1:a1:48:a5:82:56:e0:cc:20:3f:13:26:9c:d8:ce:94:1e:d0:38:ab:96:57:04:b8:74:42:40:32:d2:18:a1:49:a0:0a:85:b6:ce:c7:34:d8:3a:62:5a:dc:09:b4:9c:64:d1:c4:b1:a0:b8:71:45:f8:79:7d:a9:3f:f1:ae:73:11:99:dc:93:71:66:8c:a3:ee:60:30:71:d9:53:52:67:24:ca:40:ba:d2:6b:d0:fc:75:42:9e:b3:2d:28:80:d5:9d:c2:62:6d:51:8a:02:00:68:98:94:00:ea:3a:ef:a4:da:76:0c:6c:a8:f5:a6:18:d3:74:43:2a:7e:de:24:db:c2:57:09:d8:6e:b7:79:1d:0e:8b:39:1c:19:f1:1f:cb:3c:73:cf:4a:4d:63:dc:ca:d3:47:1a:35:d6:9d:8f:9c:1e:ae:66:e4:f4:f7:0d:f3:3b:8d:b4:b1:83:75:ee:14" - }, - "http": { - "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "POST", - "http.request.uri": "\/DcpRequestHandler\/index.ashx", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "dcp.cpp.philips.com:80", - "http.request.line": "Host: dcp.cpp.philips.com:80\r\n", - "http.authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"192\", Nonce=\"Q8NQBIifW6e7INUIn+yRKg==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"WG0Jv11e7W+t13zGJqn0Kg==\"", - "http.request.line": "Authorization: CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"192\", Nonce=\"Q8NQBIifW6e7INUIn+yRKg==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"WG0Jv11e7W+t13zGJqn0Kg==\"\r\n", - "http.content_length_header": "1248 ", - "http.content_length_header_tree": { - "http.content_length": "1248" - }, - "http.request.line": "Content-Length: 1248 \r\n", - "http.content_type": "application\/CB-Encrypted; cipher=AES", - "http.request.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", - "http.connection": "close", - "http.request.line": "Connection: close\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/dcp.cpp.philips.com:80\/DcpRequestHandler\/index.ashx", - "http.request": "1", - "http.request_number": "1", - "http.file_data": "\u00ef\u00bf\u00bd^s \u00ef\u00bf\u00bd,5\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdu\"\u0005\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0018\u00ef\u00bf\u00bdB\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd-\u001d\u00ef\u00bf\u00bdcE]l\u0001v(\u00ef\u00bf\u00bd\u0007R\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdjZj\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd" - }, - "media": { - "media.type": "b0:5e:73:20:88:2c:35:9f:a3:e9:75:22:05:f7:a0:18:d4:42:8f:a8:2d:1d:d1:63:45:5d:6c:01:76:28:f8:07:52:c8:ea:6a:5a:6a:cb:cc:a5:00:41:0e:67:4b:5c:13:06:a3:9d:35:14:ec:64:4c:b8:d4:c8:6a:a6:3d:9b:c3:1c:16:ee:e2:b4:92:37:b1:a1:10:c0:cf:f0:69:e9:87:58:a3:cd:c1:77:97:84:a2:ca:f8:41:7f:16:26:8f:84:b1:b0:2f:23:58:b0:2a:6d:d7:2b:cc:06:68:bb:8a:d4:da:38:7f:7d:b5:44:8b:35:94:61:66:1e:60:ae:69:0b:98:90:63:ee:e7:b4:72:64:f9:31:57:ed:d7:34:0e:06:5e:dd:a9:42:d8:d0:dc:0f:d5:87:e6:a7:82:1d:67:cc:86:01:61:ef:d1:90:1b:dd:db:a7:b7:80:23:05:e8:9d:64:ec:9c:9b:66:a4:51:4a:6f:80:aa:7e:b6:3d:e1:2c:4e:b0:95:c7:d9:da:95:70:5a:29:3f:83:92:37:3e:84:c6:cf:f9:84:13:e2:45:55:82:ab:6c:03:8e:21:e4:7a:f4:da:fe:75:06:ce:a1:b3:20:97:36:7e:6b:93:88:51:b3:59:3b:e8:1e:1d:4d:e2:cc:ab:1f:7f:64:03:ee:df:64:70:6d:74:18:1d:ac:0a:4b:69:35:f4:3a:d9:74:e6:81:4f:08:e0:fc:1e:3e:fa:48:7b:97:73:5d:44:22:fd:f5:80:a1:d8:c7:95:25:f9:c1:59:88:0b:c5:00:70:c4:0c:33:12:66:38:3a:3b:ef:8c:cd:a5:58:ba:24:de:bd:29:ca:37:e0:f0:df:94:aa:9b:c2:6c:6b:eb:3b:1a:b3:d0:a5:63:f0:ed:62:c4:4b:6c:38:32:52:86:86:12:32:85:8f:75:03:ba:62:27:51:10:3c:b0:63:80:0a:88:09:48:5b:8b:bf:91:7e:a9:d7:2e:e1:57:24:89:95:da:29:49:bf:ca:f6:f2:ce:b5:12:27:c3:5b:86:2d:17:35:be:63:47:60:bd:83:e8:fd:f4:7d:7b:ee:c3:d5:a9:ae:1c:d5:26:27:a4:5a:9b:e8:7b:c8:e7:9e:fc:13:b8:f4:3b:4f:5a:1e:d3:04:62:4b:5b:0a:84:fb:0b:30:e7:52:fa:20:fb:c5:4e:34:56:ae:eb:24:2c:4f:f7:87:24:e6:12:6d:7f:ec:cd:10:15:ba:55:1c:85:f4:59:24:25:5c:33:fa:df:44:6d:98:f4:82:df:f4:c0:57:18:a6:f8:83:b4:73:00:5a:25:48:d8:f3:0c:f3:dc:78:d9:b9:44:6a:60:65:81:08:5f:0f:55:b7:db:e8:42:98:97:a7:3e:93:9d:8a:1b:0f:c7:1a:98:90:6e:e4:d8:42:b1:0e:ea:ff:25:f2:c5:07:3a:00:b4:4b:d4:9f:04:9c:da:97:fd:5e:8b:ad:6b:aa:ea:8a:b1:88:6e:35:8b:4a:11:3d:9d:62:f2:86:48:b6:37:65:68:03:5e:8d:c0:6b:c2:62:5c:67:53:c4:f8:fd:37:c9:25:3f:95:97:6d:48:6a:1e:07:dd:93:bd:05:60:ea:fd:92:7d:6e:5e:8f:6f:ea:27:a5:20:79:1a:44:c9:d1:a4:05:fe:88:6f:a1:48:4e:fa:72:03:77:3b:d7:2b:05:38:fc:24:57:75:b9:e1:aa:64:95:b0:26:08:0b:fb:8e:03:b9:f2:16:1e:c7:75:4b:7f:be:cc:6b:d5:0f:d5:5c:f8:70:72:48:81:30:ba:ae:0e:b3:9b:4c:88:cd:27:dc:af:f4:89:d0:91:54:79:df:27:db:e3:39:af:0c:8e:d3:5c:87:da:ca:9d:47:e8:26:d7:7a:2f:71:62:0b:0f:1c:86:b8:86:f5:aa:1b:de:ae:7d:8a:bb:8b:39:af:34:a2:93:f4:77:7f:11:71:3e:81:62:46:a9:c3:11:13:81:6b:20:d6:8a:7f:81:cc:cc:4c:89:34:05:1a:bf:65:dc:67:f4:22:39:dd:e3:ad:a4:21:de:76:a3:b6:87:26:5a:8c:4f:7b:0d:38:e3:90:8f:6c:f5:a7:27:0f:34:52:30:fb:22:98:4a:8a:2c:17:e7:6c:9e:cb:95:91:c2:d7:a5:5f:36:a9:b2:90:e5:7b:23:41:70:e0:6c:8e:2c:09:f9:f8:73:ce:a2:22:20:00:64:d4:76:27:44:1a:f1:a5:25:80:73:72:fb:32:fb:7a:73:2c:0f:9a:c8:0b:31:dd:1e:22:f8:70:ed:18:a8:4a:10:c0:59:da:3d:de:59:28:bd:80:67:d7:bd:b5:be:6b:e5:fb:6e:02:81:22:32:a0:e5:87:0b:1c:ec:a0:14:19:45:5b:3a:42:f3:58:dd:87:25:97:0c:d3:c0:03:da:38:48:c9:53:4f:75:83:48:64:7d:45:a1:e7:65:ee:e1:cc:4f:27:bb:ff:c8:62:e7:2a:26:43:83:e6:07:de:03:a7:51:19:2f:c0:de:53:0d:62:e8:93:fe:2c:4d:09:3f:1d:6e:23:1c:cf:3e:d2:96:bd:3c:28:c0:d7:1d:22:4c:78:97:8e:2e:49:00:16:fa:eb:d7:c6:14:89:7c:5b:6a:bf:91:dc:16:28:d4:75:6a:af:34:50:8f:2f:52:c8:f2:1a:36:b3:a4:3f:04:cc:26:40:4f:2b:7a:ff:71:bc:18:f1:00:ff:ba:bf:eb:6e:48:9d:ca:f5:1d:b5:50:0c:a6:11:e7:55:a2:e8:94:99:d3:be:d2:73:09:24:7e:5c:78:35:78:3d:0c:85:31:73:73:f1:a1:48:a5:82:56:e0:cc:20:3f:13:26:9c:d8:ce:94:1e:d0:38:ab:96:57:04:b8:74:42:40:32:d2:18:a1:49:a0:0a:85:b6:ce:c7:34:d8:3a:62:5a:dc:09:b4:9c:64:d1:c4:b1:a0:b8:71:45:f8:79:7d:a9:3f:f1:ae:73:11:99:dc:93:71:66:8c:a3:ee:60:30:71:d9:53:52:67:24:ca:40:ba:d2:6b:d0:fc:75:42:9e:b3:2d:28:80:d5:9d:c2:62:6d:51:8a:02:00:68:98:94:00:ea:3a:ef:a4:da:76:0c:6c:a8:f5:a6:18:d3:74:43:2a:7e:de:24:db:c2:57:09:d8:6e:b7:79:1d:0e:8b:39:1c:19:f1:1f:cb:3c:73:cf:4a:4d:63:dc:ca:d3:47:1a:35:d6:9d:8f:9c:1e:ae:66:e4:f4:f7:0d:f3:3b:8d:b4:b1:83:75:ee:14" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:16.188220000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494476.188220000", - "frame.time_delta": "0.134220000", - "frame.time_delta_displayed": "0.134220000", - "frame.time_relative": "884.727534000", - "frame.number": "3303", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000057d7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x00003304", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35303", - "tcp.port": "80", - "tcp.port": "35303", - "tcp.stream": "135", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1849", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00008dc1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3302", - "tcp.analysis.ack_rtt": "0.134220000", - "tcp.analysis.initial_rtt": "0.134790000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:16.222327000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494476.222327000", - "frame.time_delta": "0.034107000", - "frame.time_delta_displayed": "0.034107000", - "frame.time_relative": "884.761641000", - "frame.number": "3304", - "frame.len": "925", - "frame.cap_len": "925", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:media" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "911", - "ip.id": "0x0000678a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x00001fea", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35303", - "tcp.port": "80", - "tcp.port": "35303", - "tcp.stream": "135", - "tcp.len": "871", - "tcp.seq": "1", - "tcp.nxtseq": "872", - "tcp.ack": "1849", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000124b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.134790000", - "tcp.analysis.bytes_in_flight": "871", - "tcp.analysis.push_bytes_sent": "871" - } - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.cache_control": "private", - "http.response.line": "Cache-Control: private\r\n", - "http.content_length_header": "560", - "http.content_length_header_tree": { - "http.content_length": "560" - }, - "http.response.line": "Content-Length: 560\r\n", - "http.content_type": "application\/CB-Encrypted; cipher=AES", - "http.response.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", - "http.server": "Microsoft-IIS\/7.5", - "http.response.line": "Server: Microsoft-IIS\/7.5\r\n", - "http.www_authenticate": "CBAuth Nonce=\"2ZfS9PLIH6y7INUIe9Rh+w==\"", - "http.response.line": "WWW-Authenticate: CBAuth Nonce=\"2ZfS9PLIH6y7INUIe9Rh+w==\"\r\n", - "http.response.line": "X-AspNet-Version: 4.0.30319\r\n", - "http.response.line": "X-Powered-By: ASP.NET\r\n", - "http.date": "Wed, 01 Nov 2017 00:01:15 GMT", - "http.response.line": "Date: Wed, 01 Nov 2017 00:01:15 GMT\r\n", - "http.connection": "close", - "http.response.line": "Connection: close\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.168327000", - "http.request_in": "3302", - "http.file_data": "\u00ef\u00bf\u00bd^s \u00ef\u00bf\u00bd,5\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdu\"\u0005\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0018\u00ef\u00bf\u00bdB\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd-\u001d\u00ef\u00bf\u00bdcE]l\u0001v(\u00ef\u00bf\u00bd\u0007\u001c$\u00ef\u00bf\u00bdm\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd d)\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd>,\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd~\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdS\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd6\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdng\\8\u00ef\u00bf\u00bdV\u00ef\u00bf\u00bdt]\n|G4\t\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd.\u00ef\u00bf\u00bd\u0003 \u0017\u00ef\u00bf\u00bdi,\u0019\u001bR\u00ef\u00bf\u00bd\u0005\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd-\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdG\u00ef\u00bf\u00bd\u0004f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd.\u00ef\u00bf\u00bda\u0007\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0019T\u000e\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u007f\u0015\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bddm1\u00ef\u00bf\u00bd\u0015\u000b\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0011\u00ef\u00bf\u00bd\u0004\u0013\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdzQ\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd@T\u0003\u00ef\u00bf\u00bd" - }, - "media": { - "media.type": "b0:5e:73:20:88:2c:35:9f:a3:e9:75:22:05:f7:a0:18:d4:42:8f:a8:2d:1d:d1:63:45:5d:6c:01:76:28:f8:07:1c:24:e7:6d:e7:a1:d0:ff:b7:20:64:29:ac:d7:ae:df:3e:2c:f0:8a:d0:7e:84:86:53:a9:c4:e4:36:8f:b9:6e:67:5c:38:b4:56:d3:74:5d:0a:7c:47:34:09:88:cf:2e:8f:03:20:17:ee:69:2c:19:1b:52:d1:05:82:cc:2d:98:82:ee:f0:47:ae:04:66:dd:90:2e:fa:61:07:f3:c6:ca:d2:19:54:0e:8d:c1:7f:15:ca:a6:ce:64:6d:31:c1:15:0b:b9:cd:d8:11:80:04:13:ea:ae:f0:80:7a:51:b1:97:40:54:03:a8:00:32:1b:31:5d:99:d4:af:43:c4:aa:e9:e8:c4:94:e2:93:80:0c:65:74:d0:45:65:ff:45:d9:e8:e6:5a:a4:8c:81:09:39:6b:27:15:b4:a7:3a:c8:0e:12:e4:17:dd:bb:dd:12:19:88:a0:01:78:06:88:6f:a1:25:fd:78:1f:b6:91:66:11:e5:14:c4:02:93:9a:30:65:68:36:d7:4a:cc:e7:a9:5c:e6:b8:ea:35:20:e3:e1:73:80:14:37:df:f9:bd:55:78:30:f3:8c:19:96:60:1d:6e:88:43:a9:6b:1b:67:f7:22:ec:37:d7:4c:19:12:d7:4d:60:eb:e3:c0:21:af:31:b8:36:a2:f6:55:4b:19:e2:80:bf:77:8d:e7:5a:fc:b8:8b:12:3e:d1:75:90:3f:4c:d9:4d:9b:e4:b9:9c:3a:9c:02:22:14:a2:64:28:02:76:09:b3:25:71:99:7d:12:57:aa:eb:e7:78:f0:bd:b5:93:0f:2a:cb:e6:5b:90:0d:f2:ee:0c:a8:7b:c8:ce:0f:c3:b9:d5:90:10:40:d1:f2:ac:01:4b:d9:f0:37:65:20:68:fb:06:57:84:0f:9f:8b:25:5c:18:d7:75:27:e4:b4:02:a8:ee:0f:13:08:6a:f9:3b:f2:fe:05:7f:dc:37:1c:d1:62:e4:ed:0e:1c:5e:c0:fc:c0:01:50:89:ff:a1:35:96:72:d1:b6:ba:46:45:2d:2b:17:e0:b6:30:b9:ce:81:fe:d3:5b:60:8f:92:03:6c:f5:eb:7b:d2:14:ca:16:71:de:1a:66:9b:aa:6f:6c:84:f8:80:68:8d:69:b6:9b:f5:44:3e:0c:cd:b8:a1:46:6c:45:00:d9:2b:5b:9a:68:21:87:57:2f:74:47:14:96:96:e0:f5:3f:d0:2b:a5:36:26:0e:34:64:a5:50:1e:af:d9:86:3e:fe:c6:b4:ff:5c:ee:d8:9f:e4:64:13:1c:a3:f6:66:64:c2:da:03:4d:0d:b0:3b:8c:a6:57:2f:50:4f:5b:f6:22:78:cb:a7:51:1f:6e:e5:9f:50:c8:f7:94:9b:94:75:05:a3:cb:9d:c4:ff:0b:60:ea:1d" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:16.222413000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494476.222413000", - "frame.time_delta": "0.000086000", - "frame.time_delta_displayed": "0.000086000", - "frame.time_relative": "884.761727000", - "frame.number": "3305", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000678c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x0000234f", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35303", - "tcp.port": "80", - "tcp.port": "35303", - "tcp.stream": "135", - "tcp.len": "0", - "tcp.seq": "872", - "tcp.ack": "1849", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00008a59", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:16.222891000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494476.222891000", - "frame.time_delta": "0.000478000", - "frame.time_delta_displayed": "0.000478000", - "frame.time_relative": "884.762205000", - "frame.number": "3306", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00003417", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000001c5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35303", - "tcp.dstport": "80", - "tcp.port": "35303", - "tcp.port": "80", - "tcp.stream": "135", - "tcp.len": "0", - "tcp.seq": "1849", - "tcp.ack": "872", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "30485", - "tcp.window_size": "30485", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00002aa9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3304", - "tcp.analysis.ack_rtt": "0.000564000", - "tcp.analysis.initial_rtt": "0.134790000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:16.223529000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494476.223529000", - "frame.time_delta": "0.000638000", - "frame.time_delta_displayed": "0.000638000", - "frame.time_relative": "884.762843000", - "frame.number": "3307", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00003418", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000001c4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35303", - "tcp.dstport": "80", - "tcp.port": "35303", - "tcp.port": "80", - "tcp.stream": "135", - "tcp.len": "0", - "tcp.seq": "1849", - "tcp.ack": "873", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "30485", - "tcp.window_size": "30485", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00002aa7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3305", - "tcp.analysis.ack_rtt": "0.001116000", - "tcp.analysis.initial_rtt": "0.134790000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:16.242472000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494476.242472000", - "frame.time_delta": "0.018943000", - "frame.time_delta_displayed": "0.018943000", - "frame.time_relative": "884.781786000", - "frame.number": "3308", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "106", - "ip.id": "0x000095ac", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000779d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "54", - "tcp.seq": "41140", - "tcp.nxtseq": "41194", - "tcp.ack": "9436", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000e7cd", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:0a:8d:a7:9e:5a:cf", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2493069, TSecr 2812173007": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2493069", - "tcp.options.timestamp.tsecr": "2812173007" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "54", - "tcp.analysis.push_bytes_sent": "54" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:64:b0:1a:e4:b0:63:d0:b6:02:aa:0a:36:b6:5d:aa:b5:5f:c2:ce:e9:f6:cf:73:0a:10:1a:ff:26:bd:df:47:92:4c:b7:04:cc:60:31:c1:2c:fe:c7" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:16.302609000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494476.302609000", - "frame.time_delta": "0.060137000", - "frame.time_delta_displayed": "0.060137000", - "frame.time_relative": "884.841923000", - "frame.number": "3309", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002cac", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038d3", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "9436", - "tcp.ack": "41194", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00007cc9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:5b:70:00:26:0a:8d", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812173168, TSecr 2493069": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812173168", - "tcp.options.timestamp.tsecr": "2493069" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3308", - "tcp.analysis.ack_rtt": "0.060137000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:16.357428000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494476.357428000", - "frame.time_delta": "0.054819000", - "frame.time_delta_displayed": "0.054819000", - "frame.time_relative": "884.896742000", - "frame.number": "3310", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000a589", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x0000e551", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35303", - "tcp.port": "80", - "tcp.port": "35303", - "tcp.stream": "135", - "tcp.len": "0", - "tcp.seq": "873", - "tcp.ack": "1850", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00008a58", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3307", - "tcp.analysis.ack_rtt": "0.133899000", - "tcp.analysis.initial_rtt": "0.134790000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:17.202450000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494477.202450000", - "frame.time_delta": "0.845022000", - "frame.time_delta_displayed": "0.845022000", - "frame.time_relative": "885.741764000", - "frame.number": "3311", - "frame.len": "159", - "frame.cap_len": "159", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "145", - "ip.id": "0x00002cad", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003875", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "93", - "tcp.seq": "9436", - "tcp.nxtseq": "9529", - "tcp.ack": "41194", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000c9ac", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:5c:51:00:26:0a:8d", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812173393, TSecr 2493069": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812173393", - "tcp.options.timestamp.tsecr": "2493069" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "93", - "tcp.analysis.push_bytes_sent": "93" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "88", - "ssl.app_data": "34:cd:34:17:47:48:0e:6c:36:ff:92:39:2d:3f:3f:58:0b:ac:9f:16:21:a9:13:b8:87:e9:cb:9e:ac:13:f5:12:29:53:02:28:03:3a:1d:10:7a:09:4f:24:72:90:cb:9b:4f:17:ed:bf:42:6d:d3:86:ec:20:af:8f:16:34:9b:0c:1d:b8:55:20:ba:b4:96:0e:a1:45:fb:3f:d3:a6:e3:fb:b2:5d:b0:bd:13:68:88:e0" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:17.207602000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494477.207602000", - "frame.time_delta": "0.005152000", - "frame.time_delta_displayed": "0.005152000", - "frame.time_relative": "885.746916000", - "frame.number": "3312", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x000095ad", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000077a3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "41194", - "tcp.nxtseq": "41241", - "tcp.ack": "9529", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00006f1f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:0a:ed:a7:9e:5c:51", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2493165, TSecr 2812173393": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2493165", - "tcp.options.timestamp.tsecr": "2812173393" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3311", - "tcp.analysis.ack_rtt": "0.005152000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:65:c5:ad:97:ec:dd:ae:a6:19:c4:b2:0c:b9:a5:78:2d:b5:d6:6f:4b:7f:d9:a1:41:a4:12:00:1b:65:d8:70:f6:38:06:65" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:17.223482000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494477.223482000", - "frame.time_delta": "0.015880000", - "frame.time_delta_displayed": "0.015880000", - "frame.time_relative": "885.762796000", - "frame.number": "3313", - "frame.len": "170", - "frame.cap_len": "170", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "156", - "ip.id": "0x00008922", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00004099", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "10024", - "udp.dstport": "1900", - "udp.port": "10024", - "udp.port": "1900", - "udp.length": "136", - "udp.checksum": "0x00005981", - "udp.checksum.status": "2", - "udp.stream": "89" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.request.line": "MX: 4\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST:239.255.255.250:1900\r\n", - "http.request.line": "ST: urn:schemas-upnp-org:device:MediaRenderer:1\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "2", - "http.prev_request_in": "3257" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:17.270712000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494477.270712000", - "frame.time_delta": "0.047230000", - "frame.time_delta_displayed": "0.047230000", - "frame.time_relative": "885.810026000", - "frame.number": "3314", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002cae", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038d1", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "9529", - "tcp.ack": "41241", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00007aec", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:5c:61:00:26:0a:ed", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812173409, TSecr 2493165": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812173409", - "tcp.options.timestamp.tsecr": "2493165" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3312", - "tcp.analysis.ack_rtt": "0.063110000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:17.271191000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494477.271191000", - "frame.time_delta": "0.000479000", - "frame.time_delta_displayed": "0.000479000", - "frame.time_relative": "885.810505000", - "frame.number": "3315", - "frame.len": "174", - "frame.cap_len": "174", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "160", - "ip.id": "0x000095ae", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007765", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "108", - "tcp.seq": "41241", - "tcp.nxtseq": "41349", - "tcp.ack": "9529", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00003259", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:0a:f3:a7:9e:5c:61", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2493171, TSecr 2812173409": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2493171", - "tcp.options.timestamp.tsecr": "2812173409" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "108", - "tcp.analysis.push_bytes_sent": "108" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:66:e8:22:82:38:d2:b5:19:14:a0:88:29:26:06:c7:ec:27:f5:f0:a7:a7:f8:6b:77:31:3b:88:b9:a5:76:b2:e6:08:42:24:3f:4b:93:6f:3b:39:5a" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:67:8b:f8:03:76:d8:9b:c1:71:6f:37:cf:55:b0:cc:fc:d2:35:4f:3c:16:83:b8:2c:a7:1c:6e:79:ad:31:b7:fd:1e:b1:b7:4a:46:6f:49:81:c8:e4" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:17.331801000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494477.331801000", - "frame.time_delta": "0.060610000", - "frame.time_delta_displayed": "0.060610000", - "frame.time_relative": "885.871115000", - "frame.number": "3316", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002caf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038d0", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "9529", - "tcp.ack": "41349", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00007a6a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:5c:71:00:26:0a:f3", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812173425, TSecr 2493171": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812173425", - "tcp.options.timestamp.tsecr": "2493171" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3315", - "tcp.analysis.ack_rtt": "0.060610000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:17.417600000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494477.417600000", - "frame.time_delta": "0.085799000", - "frame.time_delta_displayed": "0.085799000", - "frame.time_relative": "885.956914000", - "frame.number": "3317", - "frame.len": "218", - "frame.cap_len": "218", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "204", - "ip.id": "0x000095af", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007738", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "152", - "tcp.seq": "41349", - "tcp.nxtseq": "41501", - "tcp.ack": "9529", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000e82c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:0b:02:a7:9e:5c:71", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2493186, TSecr 2812173425": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2493186", - "tcp.options.timestamp.tsecr": "2812173425" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "152", - "tcp.analysis.push_bytes_sent": "152" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "147", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:68:b9:34:bc:b7:c6:7d:f4:e9:b5:35:04:bb:57:01:90:aa:13:aa:70:c7:94:7b:ab:11:65:ca:b8:8d:5e:62:23:a6:3f:57:d9:f7:e0:6b:13:0d:c8:ee:d9:7d:21:62:4e:e0:17:91:5f:b4:f2:d5:8f:86:62:53:b1:03:fd:63:df:ba:ea:5e:8a:70:d4:6b:19:d4:83:9b:6d:e4:d5:a0:aa:70:79:d7:f9:db:39:0d:8a:0e:18:68:d5:7c:69:84:26:bd:fb:89:55:9e:5e:99:1d:3d:f2:1c:4e:88:c1:ce:47:43:77:86:d5:b5:e4:4d:17:d2:70:53:41:fe:4d:62:76:9b:a0:0e:0f:6f:1a:f6:0a:d8:cf:9b:39" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:17.477988000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494477.477988000", - "frame.time_delta": "0.060388000", - "frame.time_delta_displayed": "0.060388000", - "frame.time_relative": "886.017302000", - "frame.number": "3318", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002cb0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038cf", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "9529", - "tcp.ack": "41501", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000799f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:5c:95:00:26:0b:02", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812173461, TSecr 2493186": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812173461", - "tcp.options.timestamp.tsecr": "2493186" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3317", - "tcp.analysis.ack_rtt": "0.060388000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:17.480002000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494477.480002000", - "frame.time_delta": "0.002014000", - "frame.time_delta_displayed": "0.002014000", - "frame.time_relative": "886.019316000", - "frame.number": "3319", - "frame.len": "227", - "frame.cap_len": "227", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "213", - "ip.id": "0x000095b0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000772e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "161", - "tcp.seq": "41501", - "tcp.nxtseq": "41662", - "tcp.ack": "9529", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00008d87", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:0b:08:a7:9e:5c:95", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2493192, TSecr 2812173461": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2493192", - "tcp.options.timestamp.tsecr": "2812173461" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "161", - "tcp.analysis.push_bytes_sent": "161" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "156", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:69:a0:51:9c:54:2c:9f:62:69:2b:02:bb:37:f7:d0:66:2b:b6:7e:49:1b:85:8a:cc:e0:bc:28:1c:a4:94:d8:af:be:86:cd:90:ef:ab:5a:b6:93:ec:df:ab:56:26:ce:0e:90:7e:69:6c:6c:79:be:30:63:48:20:ce:4f:d3:76:db:57:4a:92:23:6f:32:91:d6:6b:59:44:97:04:e5:32:29:56:09:a0:bc:a1:d7:12:fd:71:b1:35:5c:c8:9e:b5:0d:0d:ae:d2:e0:50:6f:cd:c1:c6:c5:e9:b2:14:f7:e9:b6:d8:25:81:6a:0d:3f:bf:e3:7e:91:1b:d4:09:48:bc:72:de:2b:07:e0:5a:c7:f2:c4:fd:4b:5c:b7:02:d1:7b:2e:2e:50:40:c8:50" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:17.540889000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494477.540889000", - "frame.time_delta": "0.060887000", - "frame.time_delta_displayed": "0.060887000", - "frame.time_relative": "886.080203000", - "frame.number": "3320", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002cb1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038ce", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "9529", - "tcp.ack": "41662", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000078e8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:5c:a5:00:26:0b:08", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812173477, TSecr 2493192": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812173477", - "tcp.options.timestamp.tsecr": "2493192" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3319", - "tcp.analysis.ack_rtt": "0.060887000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:17.541421000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494477.541421000", - "frame.time_delta": "0.000532000", - "frame.time_delta_displayed": "0.000532000", - "frame.time_relative": "886.080735000", - "frame.number": "3321", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x000095b1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007733", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "155", - "tcp.seq": "41662", - "tcp.nxtseq": "41817", - "tcp.ack": "9529", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000038c6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:0b:0e:a7:9e:5c:a5", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2493198, TSecr 2812173477": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2493198", - "tcp.options.timestamp.tsecr": "2812173477" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "155", - "tcp.analysis.push_bytes_sent": "155" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "150", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:6a:be:39:78:dd:f1:0f:06:01:81:66:ef:41:51:3c:7f:bc:04:31:f7:5a:ae:b8:ea:3e:01:31:13:78:c1:a6:93:95:93:23:c9:f1:40:d1:e3:e4:5e:1a:73:52:b8:e3:5a:16:74:d6:24:06:8c:6c:36:0e:d0:17:1a:1d:12:39:c5:23:86:31:91:90:11:22:11:ef:7b:b6:e8:a2:d7:e2:30:c4:9e:28:14:f2:7b:d8:2e:8d:83:37:ed:0e:25:3e:7d:6b:3b:3f:a5:8a:fd:9f:7e:c4:d3:4c:39:16:87:2d:0b:1f:cb:aa:43:36:00:8a:e8:1d:81:cd:25:0f:49:76:ff:f5:a1:59:23:5b:24:c6:2f:06:d4:e2:fd:79:91:48" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:17.601984000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494477.601984000", - "frame.time_delta": "0.060563000", - "frame.time_delta_displayed": "0.060563000", - "frame.time_relative": "886.141298000", - "frame.number": "3322", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002cb2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038cd", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "9529", - "tcp.ack": "41817", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00007838", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:5c:b4:00:26:0b:0e", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812173492, TSecr 2493198": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812173492", - "tcp.options.timestamp.tsecr": "2493198" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3321", - "tcp.analysis.ack_rtt": "0.060563000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:18.483700000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494478.483700000", - "frame.time_delta": "0.881716000", - "frame.time_delta_displayed": "0.881716000", - "frame.time_relative": "887.023014000", - "frame.number": "3323", - "frame.len": "218", - "frame.cap_len": "218", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "204", - "ip.id": "0x000095b2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007735", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "152", - "tcp.seq": "41817", - "tcp.nxtseq": "41969", - "tcp.ack": "9529", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000fb9f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:0b:6d:a7:9e:5c:b4", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2493293, TSecr 2812173492": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2493293", - "tcp.options.timestamp.tsecr": "2812173492" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "152", - "tcp.analysis.push_bytes_sent": "152" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "147", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:6b:01:c1:70:77:d7:9d:3e:2a:56:02:63:75:98:50:f2:2a:6b:4a:fc:31:48:49:54:25:ec:81:38:cc:d5:9a:fd:9b:52:ed:92:08:52:af:59:6c:26:63:e2:11:f7:49:09:54:54:da:7a:54:0e:0e:36:06:87:28:cc:7b:5c:4c:b6:dc:82:32:c2:6d:54:7c:74:ee:53:e7:94:f6:b8:50:70:2e:7a:82:26:c8:ba:d9:c1:76:c2:c9:19:f7:3a:4a:0a:08:3c:bb:0b:5a:99:47:ee:b7:0d:2c:71:a4:96:1f:a6:7b:dd:d4:37:a8:a3:62:1a:01:64:d3:81:cd:c1:3e:db:97:fb:ab:c2:ad:16:e2:f8:4e:0e:93:91" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:18.544613000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494478.544613000", - "frame.time_delta": "0.060913000", - "frame.time_delta_displayed": "0.060913000", - "frame.time_relative": "887.083927000", - "frame.number": "3324", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002cb3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038cc", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "9529", - "tcp.ack": "41969", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00007655", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:5d:a0:00:26:0b:6d", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812173728, TSecr 2493293": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812173728", - "tcp.options.timestamp.tsecr": "2493293" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3323", - "tcp.analysis.ack_rtt": "0.060913000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:18.545455000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494478.545455000", - "frame.time_delta": "0.000842000", - "frame.time_delta_displayed": "0.000842000", - "frame.time_relative": "887.084769000", - "frame.number": "3325", - "frame.len": "227", - "frame.cap_len": "227", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "213", - "ip.id": "0x000095b3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000772b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "161", - "tcp.seq": "41969", - "tcp.nxtseq": "42130", - "tcp.ack": "9529", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000aae7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:0b:73:a7:9e:5d:a0", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2493299, TSecr 2812173728": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2493299", - "tcp.options.timestamp.tsecr": "2812173728" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "161", - "tcp.analysis.push_bytes_sent": "161" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "156", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:6c:e2:4e:68:d1:33:fc:8d:2a:95:fc:75:97:a7:ed:1e:8e:13:87:11:fb:9d:a1:9e:2e:5a:26:ae:5e:d4:a4:f9:a5:7e:d2:91:8d:73:da:cf:bd:6f:5e:df:83:73:a2:f2:03:3e:37:de:9d:be:2c:d7:09:e7:03:e8:63:37:db:8e:e4:5b:92:0b:21:8f:af:f5:de:d3:6e:e2:2b:52:d3:21:1e:b1:f7:fe:32:8a:35:f7:38:99:59:35:1b:41:64:8a:d3:76:7d:ed:97:9c:8d:0c:bc:23:3c:b5:87:08:0a:93:ff:75:27:8a:ed:a1:36:ea:27:ca:ab:a3:0b:64:a3:ff:ef:84:86:09:06:ef:e0:95:2e:4b:d8:5c:6f:8d:9e:a1:84:12:40:89:78" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:18.589528000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494478.589528000", - "frame.time_delta": "0.044073000", - "frame.time_delta_displayed": "0.044073000", - "frame.time_relative": "887.128842000", - "frame.number": "3326", - "frame.len": "136", - "frame.cap_len": "136", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "122", - "ip.id": "0x000090c3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00004896", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "102", - "udp.checksum": "0x0000302a", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000003", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", - "dns.qry.name.len": "70", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:18.606883000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494478.606883000", - "frame.time_delta": "0.017355000", - "frame.time_delta_displayed": "0.017355000", - "frame.time_relative": "887.146197000", - "frame.number": "3327", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002cb4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038cb", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "9529", - "tcp.ack": "42130", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000759f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:5d:af:00:26:0b:73", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812173743, TSecr 2493299": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812173743", - "tcp.options.timestamp.tsecr": "2493299" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3325", - "tcp.analysis.ack_rtt": "0.061428000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:18.607331000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494478.607331000", - "frame.time_delta": "0.000448000", - "frame.time_delta_displayed": "0.000448000", - "frame.time_relative": "887.146645000", - "frame.number": "3328", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x000095b4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007730", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "155", - "tcp.seq": "42130", - "tcp.nxtseq": "42285", - "tcp.ack": "9529", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000fe79", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:0b:79:a7:9e:5d:af", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2493305, TSecr 2812173743": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2493305", - "tcp.options.timestamp.tsecr": "2812173743" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "155", - "tcp.analysis.push_bytes_sent": "155" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "150", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:6d:31:6e:af:a7:eb:11:72:45:ae:c4:bc:f7:47:d3:95:03:39:1f:9f:13:ad:75:35:1c:be:ed:bf:7c:05:bd:89:54:3c:2a:5c:52:47:ad:09:f4:90:57:00:71:1f:3d:36:eb:c1:e4:f9:8c:00:d7:fa:5c:27:7c:cc:82:8e:fb:43:ae:d2:a5:07:e9:75:d2:2f:23:9f:55:69:d1:a9:92:06:fe:b1:dd:e7:92:5f:f0:47:14:5a:04:ea:14:9a:8f:aa:b0:63:ee:15:59:f6:fd:8e:dd:78:13:f2:e4:bf:39:d5:8f:33:c5:fe:7c:f2:5e:0c:02:cc:e2:29:5e:fd:9e:51:9a:ad:d1:bc:c9:2f:18:4d:95:80:45:be:b5:30:ac" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:18.667946000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494478.667946000", - "frame.time_delta": "0.060615000", - "frame.time_delta_displayed": "0.060615000", - "frame.time_relative": "887.207260000", - "frame.number": "3329", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002cb5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038ca", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "9529", - "tcp.ack": "42285", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000074ee", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:5d:bf:00:26:0b:79", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812173759, TSecr 2493305": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812173759", - "tcp.options.timestamp.tsecr": "2493305" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3328", - "tcp.analysis.ack_rtt": "0.060615000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:19.243134000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494479.243134000", - "frame.time_delta": "0.575188000", - "frame.time_delta_displayed": "0.575188000", - "frame.time_relative": "887.782448000", - "frame.number": "3330", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "106", - "ip.id": "0x000095b5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007794", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "54", - "tcp.seq": "42285", - "tcp.nxtseq": "42339", - "tcp.ack": "9529", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000a8c4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:0b:b9:a7:9e:5d:bf", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2493369, TSecr 2812173759": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2493369", - "tcp.options.timestamp.tsecr": "2812173759" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "54", - "tcp.analysis.push_bytes_sent": "54" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:6e:f4:2b:d3:6c:6f:dc:f4:9a:77:02:90:4e:8d:0c:10:9c:3c:2d:11:34:00:05:eb:86:01:04:02:c0:b2:be:e8:bb:9f:92:0b:b9:f6:b1:c1:21:90" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:19.303241000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494479.303241000", - "frame.time_delta": "0.060107000", - "frame.time_delta_displayed": "0.060107000", - "frame.time_relative": "887.842555000", - "frame.number": "3331", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002cb6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038c9", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "9529", - "tcp.ack": "42339", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000073d9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:5e:5e:00:26:0b:b9", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812173918, TSecr 2493369": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812173918", - "tcp.options.timestamp.tsecr": "2493369" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3330", - "tcp.analysis.ack_rtt": "0.060107000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:19.437907000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494479.437907000", - "frame.time_delta": "0.134666000", - "frame.time_delta_displayed": "0.134666000", - "frame.time_relative": "887.977221000", - "frame.number": "3332", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "106", - "ip.id": "0x000095b6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007793", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "54", - "tcp.seq": "42339", - "tcp.nxtseq": "42393", - "tcp.ack": "9529", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000063c6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:0b:cc:a7:9e:5e:5e", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2493388, TSecr 2812173918": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2493388", - "tcp.options.timestamp.tsecr": "2812173918" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "54", - "tcp.analysis.push_bytes_sent": "54" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:6f:8d:b1:69:ba:dd:29:da:30:4a:6e:d6:55:c6:50:ae:e2:8b:a6:41:c2:2f:94:f3:63:7f:66:a3:22:a2:03:cb:7e:e4:ed:d6:16:bd:fe:15:6a:5f" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:19.497950000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494479.497950000", - "frame.time_delta": "0.060043000", - "frame.time_delta_displayed": "0.060043000", - "frame.time_relative": "888.037264000", - "frame.number": "3333", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002cb7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038c8", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "9529", - "tcp.ack": "42393", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00007360", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:5e:8e:00:26:0b:cc", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812173966, TSecr 2493388": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812173966", - "tcp.options.timestamp.tsecr": "2493388" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3332", - "tcp.analysis.ack_rtt": "0.060043000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:19.498451000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494479.498451000", - "frame.time_delta": "0.000501000", - "frame.time_delta_displayed": "0.000501000", - "frame.time_relative": "888.037765000", - "frame.number": "3334", - "frame.len": "336", - "frame.cap_len": "336", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "322", - "ip.id": "0x000095b7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000076ba", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "270", - "tcp.seq": "42393", - "tcp.nxtseq": "42663", - "tcp.ack": "9529", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000c0b1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:0b:d2:a7:9e:5e:8e", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2493394, TSecr 2812173966": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2493394", - "tcp.options.timestamp.tsecr": "2812173966" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "270", - "tcp.analysis.push_bytes_sent": "270" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "265", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:70:18:81:49:18:34:ae:46:e4:b1:07:80:75:94:a5:d0:b2:ed:38:20:f3:17:f0:3a:3b:be:1b:25:69:a4:e5:3b:2d:55:c9:66:63:d6:3c:38:8d:cf:01:2d:1b:c8:e6:59:45:55:5c:a9:45:af:ae:b3:50:59:45:19:ff:f9:a9:3f:8a:3b:9d:ce:ab:7c:50:66:d0:b2:f0:fc:3b:f0:78:bd:fd:4f:a1:8c:20:8b:c4:de:ae:f7:26:63:5a:73:0a:43:d6:ab:d0:34:0a:4e:62:db:8b:31:29:56:d4:82:b7:7c:95:f3:04:54:10:81:b4:9d:72:c9:a5:c0:cd:96:9e:f0:a8:91:86:fe:61:ff:5e:6d:10:08:5f:a4:a2:52:5f:34:64:ca:5e:67:3c:d8:a8:54:3f:3d:7b:d9:90:3a:a0:b8:08:21:93:27:6a:bb:64:6d:6e:4f:33:c4:09:7b:ef:5b:a3:05:d8:dd:62:97:84:f3:43:da:95:f7:04:6f:77:d8:bd:04:fd:74:e4:f7:59:be:09:c6:35:9b:1a:4f:0a:87:a6:3b:91:61:6f:87:61:d0:9f:d4:f0:c2:ea:08:ad:e4:6f:8a:a6:b4:8b:cf:81:79:4e:e4:5b:e1:03:13:c0:8c:ab:cf:2d:de:7d:18:ee:42:de:99:72:16:c6:b4:68:1d:75:70" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:19.558558000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494479.558558000", - "frame.time_delta": "0.060107000", - "frame.time_delta_displayed": "0.060107000", - "frame.time_relative": "888.097872000", - "frame.number": "3335", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002cb8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038c7", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "9529", - "tcp.ack": "42663", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000723c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:5e:9e:00:26:0b:d2", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812173982, TSecr 2493394": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812173982", - "tcp.options.timestamp.tsecr": "2493394" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3334", - "tcp.analysis.ack_rtt": "0.060107000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:19.559305000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494479.559305000", - "frame.time_delta": "0.000747000", - "frame.time_delta_displayed": "0.000747000", - "frame.time_relative": "888.098619000", - "frame.number": "3336", - "frame.len": "157", - "frame.cap_len": "157", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "143", - "ip.id": "0x00002cb9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000386b", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "91", - "tcp.seq": "9529", - "tcp.nxtseq": "9620", - "tcp.ack": "42663", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00006f68", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:5e:9e:00:26:0b:d2", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812173982, TSecr 2493394": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812173982", - "tcp.options.timestamp.tsecr": "2493394" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "91", - "tcp.analysis.push_bytes_sent": "91" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "86", - "ssl.app_data": "34:cd:34:17:47:48:0e:6d:b6:4b:21:a6:b3:75:5f:18:56:b8:97:ce:c0:1a:8d:ae:04:96:1c:59:b6:a5:18:d1:04:0f:7b:ca:f0:16:27:16:17:b2:2d:e5:78:4d:d5:c8:88:d1:4b:dc:06:79:ff:a1:eb:6a:a2:31:ba:c4:7c:63:30:7d:50:2c:e0:13:9e:89:96:6c:d8:99:43:60:c3:6d:96:6a:2d:53:94:a7" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:19.563637000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494479.563637000", - "frame.time_delta": "0.004332000", - "frame.time_delta_displayed": "0.004332000", - "frame.time_relative": "888.102951000", - "frame.number": "3337", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x000095b8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007798", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "42663", - "tcp.nxtseq": "42710", - "tcp.ack": "9620", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000b892", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:0b:d9:a7:9e:5e:9e", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2493401, TSecr 2812173982": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2493401", - "tcp.options.timestamp.tsecr": "2812173982" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3336", - "tcp.analysis.ack_rtt": "0.004332000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:71:ea:ac:bb:67:0f:3f:ff:fa:e6:d2:c9:df:b3:d2:64:23:5c:40:04:ea:2c:cc:5d:71:be:ab:8e:a5:f4:28:55:3e:01:2f" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:19.579833000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494479.579833000", - "frame.time_delta": "0.016196000", - "frame.time_delta_displayed": "0.016196000", - "frame.time_relative": "888.119147000", - "frame.number": "3338", - "frame.len": "440", - "frame.cap_len": "440", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "426", - "ip.id": "0x00002cba", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000374f", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "374", - "tcp.seq": "9620", - "tcp.nxtseq": "9994", - "tcp.ack": "42663", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00005c0d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:5e:a3:00:26:0b:d2", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812173987, TSecr 2493394": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812173987", - "tcp.options.timestamp.tsecr": "2493394" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "374", - "tcp.analysis.push_bytes_sent": "374" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "369", - "ssl.app_data": "34:cd:34:17:47:48:0e:6e:84:9d:2c:c1:d0:80:d1:2d:02:ba:5f:a0:eb:22:77:cd:c2:82:41:da:77:4b:06:e8:9c:c6:1a:14:26:e9:a1:78:bd:df:e5:4c:f6:c8:60:5f:59:03:c3:1f:02:b1:d7:54:34:ef:aa:00:5d:fe:ac:08:f5:ca:6d:b1:b9:5e:f4:19:12:47:ae:53:9e:13:a0:0b:c7:44:84:5a:7b:37:0a:d7:79:a0:69:a9:61:f5:61:2b:37:8d:18:54:8f:b5:4f:97:c0:37:31:6d:3b:5a:64:9e:b0:89:08:b2:8f:5a:19:1a:e1:72:38:af:06:7f:0e:e8:de:2f:fa:5e:e5:7a:c9:ae:86:d9:ad:b7:e6:39:8f:1e:cd:26:57:b7:2a:85:6b:2c:71:8e:c9:94:ad:1f:83:35:68:14:2c:e2:99:62:b6:65:b8:51:85:44:ab:02:d9:b5:0b:b9:3f:61:3c:36:ab:bd:45:ed:1a:15:81:5b:d3:0d:21:66:b5:1e:8a:5f:c6:30:7d:fe:4c:49:0e:6a:0c:e5:cc:2e:f9:35:36:96:6b:f5:d5:5f:f8:a6:0e:cf:04:2c:9d:ae:81:f8:4a:05:88:0b:ef:ac:6a:a2:ed:21:63:78:71:c8:f9:bb:5e:17:8b:98:4c:08:25:a4:b7:76:92:0a:a0:c1:80:1f:7f:2c:54:84:9b:a2:ce:d7:5e:2b:fb:5f:b4:05:88:8c:20:0b:10:ea:7e:fa:f8:46:bb:58:e0:c4:24:9c:5a:a4:6b:6c:a4:2b:51:1b:a2:b3:1c:25:db:37:12:34:cf:c6:da:e5:dc:f1:62:b0:4e:9b:8f:b9:62:f8:a1:0b:26:0a:a2:91:ac:60:4f:7d:a4:a3:35:88:3b:b3:44:c9:3d:c1:b8:9c:f8:d1:67:d0:c3:d8:02:79:52:0f:d0:93:57:b9:18:1a:e6:0e:59:96:c4:8f:30:13:04:22:3e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:19.612035000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494479.612035000", - "frame.time_delta": "0.032202000", - "frame.time_delta_displayed": "0.032202000", - "frame.time_relative": "888.151349000", - "frame.number": "3339", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x000095b9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000077c6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "42710", - "tcp.ack": "9994", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00006f3c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:0b:de:a7:9e:5e:a3", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2493406, TSecr 2812173987": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2493406", - "tcp.options.timestamp.tsecr": "2812173987" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3338", - "tcp.analysis.ack_rtt": "0.032202000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:19.624383000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494479.624383000", - "frame.time_delta": "0.012348000", - "frame.time_delta_displayed": "0.012348000", - "frame.time_relative": "888.163697000", - "frame.number": "3340", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002cbb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003895", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "9994", - "tcp.nxtseq": "10041", - "tcp.ack": "42710", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000094db", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:5e:ae:00:26:0b:d9", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812173998, TSecr 2493401": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812173998", - "tcp.options.timestamp.tsecr": "2493401" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3337", - "tcp.analysis.ack_rtt": "0.060746000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:6f:59:92:56:d7:fb:5e:fd:04:05:1e:0a:6a:d3:2a:5e:18:0c:4a:cc:4b:84:c9:9a:73:51:19:59:6e:38:1d:b0:92:dc:57" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:19.624876000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494479.624876000", - "frame.time_delta": "0.000493000", - "frame.time_delta_displayed": "0.000493000", - "frame.time_relative": "888.164190000", - "frame.number": "3341", - "frame.len": "227", - "frame.cap_len": "227", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "213", - "ip.id": "0x000095ba", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007724", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "161", - "tcp.seq": "42710", - "tcp.nxtseq": "42871", - "tcp.ack": "10041", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000058f3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:0b:df:a7:9e:5e:ae", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2493407, TSecr 2812173998": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2493407", - "tcp.options.timestamp.tsecr": "2812173998" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3340", - "tcp.analysis.ack_rtt": "0.000493000", - "tcp.analysis.bytes_in_flight": "161", - "tcp.analysis.push_bytes_sent": "161" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:72:07:06:4a:96:ba:08:99:0c:b7:05:f9:ad:63:b3:bf:eb:9b:59:98:b7:e5:a6:69:31:2b:f6:d6:08:88:28:82:b9:85:09:f8:52:89:8a:cd:cc:1f" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "48", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:73:e7:e5:16:c9:53:4e:3a:49:52:cd:e9:1b:f7:2d:b2:a8:b9:a8:8f:ea:59:f6:97:b8:56:d9:6b:ee:50:1e:ee:67:76:c3:fb:66:e7:7c:8b:9f" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:74:65:e7:21:9a:d7:50:21:81:11:7c:8f:68:88:f1:0b:71:bd:a0:8f:2c:23:2a:c9:87:f2:a6:23:ad:52:05:c5:a9:b5:55:f2:f8:2c:f5:b1:b6:fe" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:19.722642000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494479.722642000", - "frame.time_delta": "0.097766000", - "frame.time_delta_displayed": "0.097766000", - "frame.time_relative": "888.261956000", - "frame.number": "3342", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002cbc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038c3", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "10041", - "tcp.ack": "42871", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00006f36", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:5e:c7:00:26:0b:df", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812174023, TSecr 2493407": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812174023", - "tcp.options.timestamp.tsecr": "2493407" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3341", - "tcp.analysis.ack_rtt": "0.097766000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:19.723167000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494479.723167000", - "frame.time_delta": "0.000525000", - "frame.time_delta_displayed": "0.000525000", - "frame.time_relative": "888.262481000", - "frame.number": "3343", - "frame.len": "526", - "frame.cap_len": "526", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "512", - "ip.id": "0x000095bb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000075f8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "460", - "tcp.seq": "42871", - "tcp.nxtseq": "43331", - "tcp.ack": "10041", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00007422", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:0b:e9:a7:9e:5e:c7", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2493417, TSecr 2812174023": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2493417", - "tcp.options.timestamp.tsecr": "2812174023" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "460", - "tcp.analysis.push_bytes_sent": "460" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "354", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:75:02:fb:e4:e1:84:4f:f7:99:57:5f:c6:9f:3c:13:cd:10:cb:26:65:b6:71:35:4d:2b:d0:bf:a8:cf:6d:59:36:fe:29:63:9c:93:d5:0c:3d:2d:47:1f:95:5e:b6:09:12:7c:9a:62:4d:65:ef:3c:63:58:a8:c3:68:39:0b:a0:b7:31:9a:c5:6e:52:e8:e9:db:04:93:24:23:14:85:07:61:9b:7b:0b:c8:08:bf:53:b6:ca:01:a7:23:4a:39:7b:32:05:a4:36:80:71:8a:ad:77:97:22:4f:48:c6:ff:ad:35:8f:ed:aa:1d:75:ed:44:1e:f2:f9:be:0a:81:76:3d:79:5d:a4:c8:f4:92:d5:c8:01:d7:43:07:f6:70:c8:b5:6d:4d:08:56:87:ef:87:87:4b:8d:43:4d:8e:4a:91:47:43:6c:a3:d4:66:05:52:c1:4a:6a:52:63:a9:f9:fc:60:a0:91:4c:0b:99:c2:48:5c:1e:2a:d3:b1:b4:52:9e:e7:b0:37:a1:d3:a6:97:c9:f9:eb:48:72:a9:e2:90:26:fe:b4:74:6e:48:1f:a2:d5:fd:53:2f:20:47:77:da:60:5a:df:2d:57:bb:38:53:59:ab:05:07:ce:6f:1a:7c:4d:bf:47:5b:7b:b7:bb:09:b9:8a:77:1f:31:aa:1f:42:15:d2:79:26:a9:bd:ab:b4:4d:8d:1f:9a:cd:95:49:14:c3:aa:a1:0c:2c:36:6c:f5:80:55:9f:62:9a:6b:d5:c5:18:54:a5:be:51:27:87:df:82:cc:30:d9:a8:93:13:10:95:b8:6f:45:c8:d6:15:52:02:bc:cb:07:08:27:9a:6d:26:de:e4:94:54:8f:be:02:0c:a5:36:77:26:e3:6d:04:a5:05:d6:f9:98:c1:f3:ef:d5:dc:03:d2:c8:55" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:76:11:27:ce:4d:ea:dc:f9:01:20:44:ac:4d:95:51:28:66:e5:e8:9f:3d:54:8c:28:a6:87:02:cc:ea:73:b0:62:be:4d:64" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:77:5b:d9:c6:64:88:08:ca:53:c3:10:0b:48:59:32:df:41:ba:c7:e3:a7:a9:86:ab:18:5d:58:98:6b:4c:81:34:1c:38:f0:9a:7a:b4:3b:07:2e:9b" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:19.783378000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494479.783378000", - "frame.time_delta": "0.060211000", - "frame.time_delta_displayed": "0.060211000", - "frame.time_relative": "888.322692000", - "frame.number": "3344", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002cbd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038c2", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "10041", - "tcp.ack": "43331", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00006d51", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:5e:d6:00:26:0b:e9", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812174038, TSecr 2493417": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812174038", - "tcp.options.timestamp.tsecr": "2493417" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3343", - "tcp.analysis.ack_rtt": "0.060211000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:19.785313000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494479.785313000", - "frame.time_delta": "0.001935000", - "frame.time_delta_displayed": "0.001935000", - "frame.time_relative": "888.324627000", - "frame.number": "3345", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002cbe", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003892", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "10041", - "tcp.nxtseq": "10088", - "tcp.ack": "43331", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00008a60", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:5e:d6:00:26:0b:e9", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812174038, TSecr 2493417": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812174038", - "tcp.options.timestamp.tsecr": "2493417" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:70:d6:f4:0d:f1:53:57:38:2f:bb:a3:60:f5:20:5a:55:f2:e6:81:34:99:98:03:f8:c6:db:63:ec:64:be:16:17:3b:ab:af" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:19.793438000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494479.793438000", - "frame.time_delta": "0.008125000", - "frame.time_delta_displayed": "0.008125000", - "frame.time_relative": "888.332752000", - "frame.number": "3346", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x000095bc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007794", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "43331", - "tcp.nxtseq": "43378", - "tcp.ack": "10088", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000eaa7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:0b:f0:a7:9e:5e:d6", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2493424, TSecr 2812174038": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2493424", - "tcp.options.timestamp.tsecr": "2812174038" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3345", - "tcp.analysis.ack_rtt": "0.008125000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:78:48:39:d5:38:d2:41:5e:ef:e5:1e:4b:cb:bf:eb:9f:12:a8:92:73:14:10:83:6f:f4:cf:60:de:b5:12:13:99:e0:58:54" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:19.890462000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494479.890462000", - "frame.time_delta": "0.097024000", - "frame.time_delta_displayed": "0.097024000", - "frame.time_relative": "888.429776000", - "frame.number": "3347", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002cbf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038c0", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "10088", - "tcp.ack": "43378", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00006cd1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:5e:f1:00:26:0b:f0", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812174065, TSecr 2493424": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812174065", - "tcp.options.timestamp.tsecr": "2493424" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3346", - "tcp.analysis.ack_rtt": "0.097024000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:19.890943000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494479.890943000", - "frame.time_delta": "0.000481000", - "frame.time_delta_displayed": "0.000481000", - "frame.time_relative": "888.430257000", - "frame.number": "3348", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "106", - "ip.id": "0x000095bd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000778c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "54", - "tcp.seq": "43378", - "tcp.nxtseq": "43432", - "tcp.ack": "10088", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000017d7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:0b:f9:a7:9e:5e:f1", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2493433, TSecr 2812174065": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2493433", - "tcp.options.timestamp.tsecr": "2812174065" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "54", - "tcp.analysis.push_bytes_sent": "54" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:79:70:ae:99:50:b0:7f:bf:92:a5:9f:3c:98:03:9e:04:e1:b5:04:56:37:a6:96:29:ab:16:a4:55:a0:5a:bd:b9:57:8c:96:51:49:9e:12:d6:40:91" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:19.951137000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494479.951137000", - "frame.time_delta": "0.060194000", - "frame.time_delta_displayed": "0.060194000", - "frame.time_relative": "888.490451000", - "frame.number": "3349", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002cc0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038bf", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "10088", - "tcp.ack": "43432", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00006c83", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:5f:00:00:26:0b:f9", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812174080, TSecr 2493433": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812174080", - "tcp.options.timestamp.tsecr": "2493433" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3348", - "tcp.analysis.ack_rtt": "0.060194000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:20.204210000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494480.204210000", - "frame.time_delta": "0.253073000", - "frame.time_delta_displayed": "0.253073000", - "frame.time_relative": "888.743524000", - "frame.number": "3350", - "frame.len": "143", - "frame.cap_len": "143", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "129", - "ip.id": "0x00002cc1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003871", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "77", - "tcp.seq": "10088", - "tcp.nxtseq": "10165", - "tcp.ack": "43432", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000322a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:5f:3f:00:26:0b:f9", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812174143, TSecr 2493433": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812174143", - "tcp.options.timestamp.tsecr": "2493433" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "77", - "tcp.analysis.push_bytes_sent": "77" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "72", - "ssl.app_data": "34:cd:34:17:47:48:0e:71:43:1c:50:e7:5d:70:81:31:88:a6:90:43:11:91:5e:9b:fb:3b:ec:bd:36:24:60:f8:05:a8:b0:cf:3f:48:00:17:37:8f:67:0a:e3:a2:74:2d:4f:0d:1b:0c:b0:a9:b0:ce:c4:dc:1c:04:51:8f:f5:a3:43:c3:eb:2c:d6:0e:a3:81" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:20.208125000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494480.208125000", - "frame.time_delta": "0.003915000", - "frame.time_delta_displayed": "0.003915000", - "frame.time_relative": "888.747439000", - "frame.number": "3351", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x000095be", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007792", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "43432", - "tcp.nxtseq": "43479", - "tcp.ack": "10165", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00007368", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:0c:19:a7:9e:5f:3f", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2493465, TSecr 2812174143": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2493465", - "tcp.options.timestamp.tsecr": "2812174143" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3350", - "tcp.analysis.ack_rtt": "0.003915000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:7a:d8:66:fa:fb:96:cc:c9:9a:02:61:27:30:b9:b9:a5:8e:90:c5:67:56:90:5a:e9:e8:43:64:4f:93:2e:c5:6e:b9:c9:03" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:20.222861000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494480.222861000", - "frame.time_delta": "0.014736000", - "frame.time_delta_displayed": "0.014736000", - "frame.time_relative": "888.762175000", - "frame.number": "3352", - "frame.len": "154", - "frame.cap_len": "154", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "140", - "ip.id": "0x000089f8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00003fd3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "10023", - "udp.dstport": "1900", - "udp.port": "10023", - "udp.port": "1900", - "udp.length": "120", - "udp.checksum": "0x000043d3", - "udp.checksum.status": "2", - "udp.stream": "88" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.request.line": "MX: 4\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST:239.255.255.250:1900\r\n", - "http.request.line": "ST: urn:Belkin:device:insight:1\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "3", - "http.prev_request_in": "3277" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:20.268936000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494480.268936000", - "frame.time_delta": "0.046075000", - "frame.time_delta_displayed": "0.046075000", - "frame.time_relative": "888.808250000", - "frame.number": "3353", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002cc2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038bd", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "10165", - "tcp.ack": "43479", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00006b98", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:5f:4f:00:26:0c:19", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812174159, TSecr 2493465": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812174159", - "tcp.options.timestamp.tsecr": "2493465" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3351", - "tcp.analysis.ack_rtt": "0.060811000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:20.269462000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494480.269462000", - "frame.time_delta": "0.000526000", - "frame.time_delta_displayed": "0.000526000", - "frame.time_relative": "888.808776000", - "frame.number": "3354", - "frame.len": "145", - "frame.cap_len": "145", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "131", - "ip.id": "0x000095bf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007771", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "79", - "tcp.seq": "43479", - "tcp.nxtseq": "43558", - "tcp.ack": "10165", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000031e5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:0c:1f:a7:9e:5f:4f", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2493471, TSecr 2812174159": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2493471", - "tcp.options.timestamp.tsecr": "2812174159" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "79", - "tcp.analysis.push_bytes_sent": "79" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "74", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:7b:dc:8d:46:d3:fd:8d:91:3a:ec:30:fa:02:d8:f0:0f:11:42:0c:71:89:22:64:04:79:1c:2d:4b:7e:ac:04:9c:2c:a8:3d:74:97:4e:d4:ea:73:eb:c4:0d:18:7d:14:b5:47:36:68:f3:37:d3:7b:f6:aa:40:e1:15:ba:6e:90:c4:14:3d:90" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:20.329716000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494480.329716000", - "frame.time_delta": "0.060254000", - "frame.time_delta_displayed": "0.060254000", - "frame.time_relative": "888.869030000", - "frame.number": "3355", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002cc3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038bc", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "10165", - "tcp.ack": "43558", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00006b34", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:5f:5e:00:26:0c:1f", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812174174, TSecr 2493471": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812174174", - "tcp.options.timestamp.tsecr": "2493471" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3354", - "tcp.analysis.ack_rtt": "0.060254000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:20.374781000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494480.374781000", - "frame.time_delta": "0.045065000", - "frame.time_delta_displayed": "0.045065000", - "frame.time_relative": "888.914095000", - "frame.number": "3356", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "14:91:82:25:10:77", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "14:91:82:25:10:77", - "arp.src.proto_ipv4": "192.168.0.65", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.242" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:20.375209000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494480.375209000", - "frame.time_delta": "0.000428000", - "frame.time_delta_displayed": "0.000428000", - "frame.time_relative": "888.914523000", - "frame.number": "3357", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "14:91:82:25:10:77", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "d0:52:a8:a3:60:0f", - "arp.src.proto_ipv4": "192.168.0.242", - "arp.dst.hw_mac": "14:91:82:25:10:77", - "arp.dst.proto_ipv4": "192.168.0.65" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:20.394735000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494480.394735000", - "frame.time_delta": "0.019526000", - "frame.time_delta_displayed": "0.019526000", - "frame.time_relative": "888.934049000", - "frame.number": "3358", - "frame.len": "444", - "frame.cap_len": "444", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "14:91:82:25:10:77", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "430", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000b6bb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.src_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "3118", - "udp.dstport": "10023", - "udp.port": "3118", - "udp.port": "10023", - "udp.length": "410", - "udp.checksum": "0x000053fa", - "udp.checksum.status": "2", - "udp.stream": "92" - }, - "data": { - "data.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:41:43:48:45:2d:43:4f:4e:54:52:4f:4c:3a:20:6d:61:78:2d:61:67:65:3d:38:36:34:30:30:0d:0a:44:41:54:45:3a:20:57:65:64:2c:20:30:31:20:4e:6f:76:20:32:30:31:37:20:30:30:3a:30:31:3a:32:30:20:47:4d:54:0d:0a:45:58:54:3a:0d:0a:4c:4f:43:41:54:49:4f:4e:3a:20:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:36:35:3a:34:39:31:35:34:2f:73:65:74:75:70:2e:78:6d:6c:0d:0a:4f:50:54:3a:20:22:68:74:74:70:3a:2f:2f:73:63:68:65:6d:61:73:2e:75:70:6e:70:2e:6f:72:67:2f:75:70:6e:70:2f:31:2f:30:2f:22:3b:20:6e:73:3d:30:31:0d:0a:30:31:2d:4e:4c:53:3a:20:61:30:66:33:37:36:66:61:2d:31:64:64:31:2d:31:31:62:32:2d:62:65:35:36:2d:62:30:65:66:32:36:30:30:36:38:61:61:0d:0a:53:45:52:56:45:52:3a:20:55:6e:73:70:65:63:69:66:69:65:64:2c:20:55:50:6e:50:2f:31:2e:30:2c:20:55:6e:73:70:65:63:69:66:69:65:64:0d:0a:58:2d:55:73:65:72:2d:41:67:65:6e:74:3a:20:72:65:64:73:6f:6e:69:63:0d:0a:53:54:3a:20:75:72:6e:3a:42:65:6c:6b:69:6e:3a:64:65:76:69:63:65:3a:69:6e:73:69:67:68:74:3a:31:0d:0a:55:53:4e:3a:20:75:75:69:64:3a:49:6e:73:69:67:68:74:2d:31:5f:30:2d:32:33:31:36:32:30:4b:31:32:30:30:38:30:45:3a:3a:75:72:6e:3a:42:65:6c:6b:69:6e:3a:64:65:76:69:63:65:3a:69:6e:73:69:67:68:74:3a:31:0d:0a:0d:0a", - "data.len": "402" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:20.411375000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494480.411375000", - "frame.time_delta": "0.016640000", - "frame.time_delta_displayed": "0.016640000", - "frame.time_relative": "888.950689000", - "frame.number": "3359", - "frame.len": "226", - "frame.cap_len": "226", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "212", - "ip.id": "0x000095c0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000771f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "160", - "tcp.seq": "43558", - "tcp.nxtseq": "43718", - "tcp.ack": "10165", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000e145", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:0c:2d:a7:9e:5f:5e", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2493485, TSecr 2812174174": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2493485", - "tcp.options.timestamp.tsecr": "2812174174" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "160", - "tcp.analysis.push_bytes_sent": "160" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "155", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:7c:27:2a:0b:8d:73:be:ca:3a:2a:26:d4:bf:08:c5:64:c7:a7:69:f9:6c:a0:80:3f:6e:05:7b:a4:e6:0b:5a:d5:f3:41:e0:5f:64:a1:79:89:ab:47:54:29:3b:87:92:62:be:ec:21:64:4f:b9:92:55:95:4e:f2:b4:bf:82:66:ea:7a:bd:dc:ca:af:13:cc:63:f2:ac:b6:95:39:8b:8f:bd:74:34:e3:d6:54:a2:9f:e0:5a:56:48:96:00:62:bb:48:bf:b2:e1:c5:6e:5e:95:e1:b3:8b:d4:6e:e6:1c:99:f0:23:eb:ef:1d:69:71:8c:f0:4d:f6:c6:6a:fb:4c:47:36:68:c4:70:63:d4:41:82:e2:ff:fc:9a:0f:82:b6:01:7b:0c:16:ac:e6" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:20.471655000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494480.471655000", - "frame.time_delta": "0.060280000", - "frame.time_delta_displayed": "0.060280000", - "frame.time_relative": "889.010969000", - "frame.number": "3360", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002cc4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038bb", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "10165", - "tcp.ack": "43718", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00006a62", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:5f:82:00:26:0c:2d", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812174210, TSecr 2493485": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812174210", - "tcp.options.timestamp.tsecr": "2493485" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3359", - "tcp.analysis.ack_rtt": "0.060280000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:20.472146000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494480.472146000", - "frame.time_delta": "0.000491000", - "frame.time_delta_displayed": "0.000491000", - "frame.time_relative": "889.011460000", - "frame.number": "3361", - "frame.len": "218", - "frame.cap_len": "218", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "204", - "ip.id": "0x000095c1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007726", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "152", - "tcp.seq": "43718", - "tcp.nxtseq": "43870", - "tcp.ack": "10165", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000086c0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:0c:34:a7:9e:5f:82", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2493492, TSecr 2812174210": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2493492", - "tcp.options.timestamp.tsecr": "2812174210" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "152", - "tcp.analysis.push_bytes_sent": "152" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "147", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:7d:92:59:de:39:f4:69:f2:e6:15:c6:90:40:5c:2f:12:fa:fa:e7:ea:0e:40:3c:bd:b4:39:19:e2:60:41:59:ea:41:34:6a:12:3a:11:3e:85:23:77:f6:10:be:16:58:dd:34:7f:be:f8:4d:71:9a:24:7f:5e:aa:6b:b4:bf:8c:8f:e4:ea:d3:14:79:71:4e:0f:be:16:49:aa:0b:d8:61:bb:c6:88:bc:8f:8b:99:d7:ad:92:a4:75:64:53:05:d9:ac:53:f6:84:f4:0c:d2:dd:15:c5:7f:86:5c:d2:18:a2:10:1a:e7:a4:60:32:94:45:e5:94:ac:d2:c4:f3:a0:7f:3f:5e:07:68:ce:0b:0e:ac:12:c9:a5:a4:5b" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:20.532372000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494480.532372000", - "frame.time_delta": "0.060226000", - "frame.time_delta_displayed": "0.060226000", - "frame.time_relative": "889.071686000", - "frame.number": "3362", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002cc5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038ba", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "10165", - "tcp.ack": "43870", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000069b4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:5f:91:00:26:0c:34", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812174225, TSecr 2493492": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812174225", - "tcp.options.timestamp.tsecr": "2493492" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3361", - "tcp.analysis.ack_rtt": "0.060226000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:20.532865000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494480.532865000", - "frame.time_delta": "0.000493000", - "frame.time_delta_displayed": "0.000493000", - "frame.time_relative": "889.072179000", - "frame.number": "3363", - "frame.len": "227", - "frame.cap_len": "227", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "213", - "ip.id": "0x000095c2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000771c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "161", - "tcp.seq": "43870", - "tcp.nxtseq": "44031", - "tcp.ack": "10165", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00008194", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:0c:3a:a7:9e:5f:91", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2493498, TSecr 2812174225": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2493498", - "tcp.options.timestamp.tsecr": "2812174225" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "161", - "tcp.analysis.push_bytes_sent": "161" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "156", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:7e:17:db:02:39:9a:6a:f9:1e:79:b9:88:be:b6:5e:04:b5:ef:57:0c:07:93:50:fe:28:28:0f:02:fb:08:02:d6:6c:11:85:02:44:a1:6d:b0:6c:99:6b:f0:0a:66:65:32:73:f6:3e:9b:f2:27:d8:2d:3c:a3:02:96:1e:46:55:77:d0:63:26:f6:b4:c0:75:1e:2d:7c:bb:89:1d:65:de:36:17:ba:56:e2:58:97:4f:0f:92:cc:82:93:d2:ec:aa:30:43:9b:ff:ee:fa:4e:01:5b:49:84:2f:53:82:28:77:da:67:a4:c6:d0:f1:00:9e:11:10:52:c2:b5:3c:0f:a6:47:5a:02:b1:25:c9:9a:e2:08:56:b8:8f:04:1c:bf:40:ee:72:59:2d:d9:5e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:20.619068000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494480.619068000", - "frame.time_delta": "0.086203000", - "frame.time_delta_displayed": "0.086203000", - "frame.time_relative": "889.158382000", - "frame.number": "3364", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002cc6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038b9", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "10165", - "tcp.ack": "44031", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000068fe", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:5f:a0:00:26:0c:3a", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812174240, TSecr 2493498": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812174240", - "tcp.options.timestamp.tsecr": "2493498" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3363", - "tcp.analysis.ack_rtt": "0.086203000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:20.619562000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494480.619562000", - "frame.time_delta": "0.000494000", - "frame.time_delta_displayed": "0.000494000", - "frame.time_relative": "889.158876000", - "frame.number": "3365", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x000095c3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007721", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "155", - "tcp.seq": "44031", - "tcp.nxtseq": "44186", - "tcp.ack": "10165", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000e0e3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:0c:42:a7:9e:5f:a0", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2493506, TSecr 2812174240": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2493506", - "tcp.options.timestamp.tsecr": "2812174240" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "155", - "tcp.analysis.push_bytes_sent": "155" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "150", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:7f:e5:8a:17:73:54:ec:d5:1e:23:d6:03:16:ac:26:f1:81:e3:27:16:b3:d0:50:41:1c:2f:6f:37:a3:f3:0b:46:a2:d8:cb:4b:4b:9f:4f:21:bd:70:bc:99:ce:c7:0f:d1:15:bf:cf:ee:76:a0:d3:54:fa:07:2c:96:8a:70:ee:06:d6:cf:dd:2e:12:7e:a4:5a:ef:98:5d:53:8d:81:d1:2e:4f:09:6e:24:67:6c:1b:ed:f3:ca:3f:93:0f:82:a6:67:69:91:61:b0:a5:1e:9e:f4:09:c5:ec:43:4b:0e:6c:9c:62:48:bd:58:70:56:ae:6b:6f:96:2f:1b:83:99:55:a5:e8:ff:a9:72:81:e7:21:1d:fb:1e:bd:1c:95:34:30" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:20.679715000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494480.679715000", - "frame.time_delta": "0.060153000", - "frame.time_delta_displayed": "0.060153000", - "frame.time_relative": "889.219029000", - "frame.number": "3366", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002cc7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038b8", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "10165", - "tcp.ack": "44186", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00006845", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:5f:b6:00:26:0c:42", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812174262, TSecr 2493506": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812174262", - "tcp.options.timestamp.tsecr": "2493506" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3365", - "tcp.analysis.ack_rtt": "0.060153000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:21.493447000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494481.493447000", - "frame.time_delta": "0.813732000", - "frame.time_delta_displayed": "0.813732000", - "frame.time_relative": "890.032761000", - "frame.number": "3367", - "frame.len": "218", - "frame.cap_len": "218", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "204", - "ip.id": "0x000095c4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007723", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "152", - "tcp.seq": "44186", - "tcp.nxtseq": "44338", - "tcp.ack": "10165", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000c8a5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:0c:9a:a7:9e:5f:b6", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2493594, TSecr 2812174262": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2493594", - "tcp.options.timestamp.tsecr": "2812174262" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "152", - "tcp.analysis.push_bytes_sent": "152" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "147", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:80:d4:06:fd:92:2f:07:7f:be:e5:6a:68:57:09:b1:a7:2a:41:09:c4:e5:cf:a9:78:47:ed:ee:0b:1a:99:39:be:07:f6:dc:e4:0f:0e:6c:9d:26:dc:7d:24:e7:fb:b8:fa:66:a8:26:31:de:d2:01:5c:7d:8c:2c:5a:62:92:6c:12:b2:98:5c:2c:a6:12:de:a6:e7:7e:d9:34:24:e2:f4:66:97:b2:20:06:62:76:bc:23:e1:d7:d4:10:b4:ee:cc:65:d8:e1:82:e7:ec:a7:75:6c:a3:a7:29:8b:4d:77:1d:56:6c:7d:ca:93:88:6f:74:e7:28:82:73:60:50:8d:4d:87:b2:c3:c9:bf:58:74:f0:23:76:0d:ed:f6" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:21.553727000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494481.553727000", - "frame.time_delta": "0.060280000", - "frame.time_delta_displayed": "0.060280000", - "frame.time_relative": "890.093041000", - "frame.number": "3368", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002cc8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038b7", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "10165", - "tcp.ack": "44338", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000667b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:60:90:00:26:0c:9a", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812174480, TSecr 2493594": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812174480", - "tcp.options.timestamp.tsecr": "2493594" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3367", - "tcp.analysis.ack_rtt": "0.060280000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:21.554220000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494481.554220000", - "frame.time_delta": "0.000493000", - "frame.time_delta_displayed": "0.000493000", - "frame.time_relative": "890.093534000", - "frame.number": "3369", - "frame.len": "227", - "frame.cap_len": "227", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "213", - "ip.id": "0x000095c5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007719", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "161", - "tcp.seq": "44338", - "tcp.nxtseq": "44499", - "tcp.ack": "10165", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00009f38", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:0c:a0:a7:9e:60:90", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2493600, TSecr 2812174480": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2493600", - "tcp.options.timestamp.tsecr": "2812174480" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "161", - "tcp.analysis.push_bytes_sent": "161" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "156", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:81:7a:c7:75:b6:18:00:5c:da:75:14:38:3e:76:19:89:73:75:13:49:dc:7e:aa:4a:bb:50:f4:db:20:c0:ee:8e:02:84:86:d9:3f:58:1a:5b:e4:0f:28:83:3f:1a:39:5a:40:e1:dd:ab:dd:dd:96:21:c1:b0:b7:75:c1:90:cb:8b:67:44:44:f5:3b:78:d5:58:2e:d4:8a:09:c6:b0:96:14:7b:b4:dd:38:3f:0f:d2:29:96:7e:de:eb:63:4e:3b:8c:ec:f8:66:3a:b6:54:f1:72:19:74:49:b8:ac:fc:1e:f7:e7:46:7f:2f:4e:a3:bb:cc:33:97:24:38:d9:d4:38:24:51:ad:72:a1:1f:a7:a3:6f:94:53:5e:29:a7:08:fa:27:89:b5:fe:d9:46" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:21.615496000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494481.615496000", - "frame.time_delta": "0.061276000", - "frame.time_delta_displayed": "0.061276000", - "frame.time_relative": "890.154810000", - "frame.number": "3370", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002cc9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038b6", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "10165", - "tcp.ack": "44499", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000065c4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:60:a0:00:26:0c:a0", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812174496, TSecr 2493600": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812174496", - "tcp.options.timestamp.tsecr": "2493600" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3369", - "tcp.analysis.ack_rtt": "0.061276000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:21.615987000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494481.615987000", - "frame.time_delta": "0.000491000", - "frame.time_delta_displayed": "0.000491000", - "frame.time_relative": "890.155301000", - "frame.number": "3371", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x000095c6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000771e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "155", - "tcp.seq": "44499", - "tcp.nxtseq": "44654", - "tcp.ack": "10165", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000676d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:0c:a6:a7:9e:60:a0", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2493606, TSecr 2812174496": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2493606", - "tcp.options.timestamp.tsecr": "2812174496" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "155", - "tcp.analysis.push_bytes_sent": "155" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "150", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:82:86:d2:55:58:01:a0:c8:5f:fb:c0:f2:f6:a9:0b:6f:ae:89:67:b5:b1:2a:f6:7f:e6:12:77:41:88:3f:6d:60:5b:5c:94:a0:82:4c:25:91:57:1a:67:26:06:ff:8b:b0:0d:81:7b:af:1e:dd:8a:0e:05:8a:8a:dc:1c:58:12:98:0d:9d:71:51:20:9c:88:29:3d:0c:13:14:94:de:08:5e:05:ac:d3:dd:3c:56:3b:50:f5:3e:7c:ae:a5:da:77:52:29:a6:9c:e4:ef:ad:c8:fd:d8:7b:18:e6:68:d1:4b:29:ef:77:85:52:b7:1e:a8:d4:45:76:00:5e:eb:72:e4:cf:01:89:2f:f0:5f:e4:14:4c:20:aa:ef:4d:02:6f:78" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:21.676099000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494481.676099000", - "frame.time_delta": "0.060112000", - "frame.time_delta_displayed": "0.060112000", - "frame.time_relative": "890.215413000", - "frame.number": "3372", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002cca", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038b5", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "10165", - "tcp.ack": "44654", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00006514", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:60:af:00:26:0c:a6", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812174511, TSecr 2493606": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812174511", - "tcp.options.timestamp.tsecr": "2493606" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3371", - "tcp.analysis.ack_rtt": "0.060112000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:22.210433000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494482.210433000", - "frame.time_delta": "0.534334000", - "frame.time_delta_displayed": "0.534334000", - "frame.time_relative": "890.749747000", - "frame.number": "3373", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.242" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:22.210883000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494482.210883000", - "frame.time_delta": "0.000450000", - "frame.time_delta_displayed": "0.000450000", - "frame.time_relative": "890.750197000", - "frame.number": "3374", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "d0:52:a8:a3:60:0f", - "arp.src.proto_ipv4": "192.168.0.242", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:22.243287000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494482.243287000", - "frame.time_delta": "0.032404000", - "frame.time_delta_displayed": "0.032404000", - "frame.time_relative": "890.782601000", - "frame.number": "3375", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "106", - "ip.id": "0x000095c7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007782", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "54", - "tcp.seq": "44654", - "tcp.nxtseq": "44708", - "tcp.ack": "10165", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000030d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:0c:e5:a7:9e:60:af", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2493669, TSecr 2812174511": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2493669", - "tcp.options.timestamp.tsecr": "2812174511" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "54", - "tcp.analysis.push_bytes_sent": "54" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:83:7c:df:11:31:82:c8:61:fb:58:08:ec:f2:ff:11:ed:b7:07:a0:54:32:9e:be:ec:0f:8e:ef:0e:3b:16:dd:e3:52:f5:87:46:54:2c:97:cf:cd:20" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:22.303694000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494482.303694000", - "frame.time_delta": "0.060407000", - "frame.time_delta_displayed": "0.060407000", - "frame.time_relative": "890.843008000", - "frame.number": "3376", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002ccb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038b4", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "10165", - "tcp.ack": "44708", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00006402", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:61:4c:00:26:0c:e5", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812174668, TSecr 2493669": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812174668", - "tcp.options.timestamp.tsecr": "2493669" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3375", - "tcp.analysis.ack_rtt": "0.060407000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:23.204022000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494483.204022000", - "frame.time_delta": "0.900328000", - "frame.time_delta_displayed": "0.900328000", - "frame.time_relative": "891.743336000", - "frame.number": "3377", - "frame.len": "146", - "frame.cap_len": "146", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "132", - "ip.id": "0x00002ccc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003863", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "80", - "tcp.seq": "10165", - "tcp.nxtseq": "10245", - "tcp.ack": "44708", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000e04f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:62:2d:00:26:0c:e5", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812174893, TSecr 2493669": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812174893", - "tcp.options.timestamp.tsecr": "2493669" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "80", - "tcp.analysis.push_bytes_sent": "80" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "75", - "ssl.app_data": "34:cd:34:17:47:48:0e:72:93:57:e6:66:14:78:54:de:d4:87:bd:12:5d:4a:80:b8:b8:a0:ac:ac:f0:42:78:95:b8:59:27:2a:2d:09:6d:d7:90:15:52:e2:aa:1e:b6:32:e4:b4:ed:0a:e8:a9:9a:4a:62:57:08:e9:22:7a:fa:38:e6:8c:ef:61:ed:c3:0a:07:fb:96:33" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:23.208040000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494483.208040000", - "frame.time_delta": "0.004018000", - "frame.time_delta_displayed": "0.004018000", - "frame.time_relative": "891.747354000", - "frame.number": "3378", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x000095c8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007788", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "44708", - "tcp.nxtseq": "44755", - "tcp.ack": "10245", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000030b5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:0d:45:a7:9e:62:2d", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2493765, TSecr 2812174893": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2493765", - "tcp.options.timestamp.tsecr": "2812174893" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3377", - "tcp.analysis.ack_rtt": "0.004018000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:84:fb:b6:ea:8e:e7:ae:43:cc:3a:c9:d8:56:f9:62:61:25:94:01:41:b5:e1:a4:d0:84:27:6b:cb:82:32:b8:7d:4e:cb:6d" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:23.223874000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494483.223874000", - "frame.time_delta": "0.015834000", - "frame.time_delta_displayed": "0.015834000", - "frame.time_relative": "891.763188000", - "frame.number": "3379", - "frame.len": "157", - "frame.cap_len": "157", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "143", - "ip.id": "0x00008b1a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00003eae", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "10024", - "udp.dstport": "1900", - "udp.port": "10024", - "udp.port": "1900", - "udp.length": "123", - "udp.checksum": "0x00006e5f", - "udp.checksum.status": "2", - "udp.stream": "89" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.request.line": "MX: 4\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST:239.255.255.250:1900\r\n", - "http.request.line": "ST: urn:Belkin:device:controllee:1\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "3", - "http.prev_request_in": "3313" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:23.268985000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494483.268985000", - "frame.time_delta": "0.045111000", - "frame.time_delta_displayed": "0.045111000", - "frame.time_relative": "891.808299000", - "frame.number": "3380", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002ccd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038b2", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "10245", - "tcp.ack": "44755", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00006232", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:62:3d:00:26:0d:45", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812174909, TSecr 2493765": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812174909", - "tcp.options.timestamp.tsecr": "2493765" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3378", - "tcp.analysis.ack_rtt": "0.060945000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:23.269492000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494483.269492000", - "frame.time_delta": "0.000507000", - "frame.time_delta_displayed": "0.000507000", - "frame.time_relative": "891.808806000", - "frame.number": "3381", - "frame.len": "145", - "frame.cap_len": "145", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "131", - "ip.id": "0x000095c9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007767", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "79", - "tcp.seq": "44755", - "tcp.nxtseq": "44834", - "tcp.ack": "10245", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000c8ec", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:0d:4b:a7:9e:62:3d", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2493771, TSecr 2812174909": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2493771", - "tcp.options.timestamp.tsecr": "2812174909" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "79", - "tcp.analysis.push_bytes_sent": "79" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "74", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:85:91:46:cc:00:d5:60:d6:f3:aa:a0:89:28:d8:95:14:d4:12:a7:94:f0:72:fa:a0:75:f4:0b:80:d3:d7:b1:f9:cc:23:2f:35:2f:2f:8e:da:0c:82:1f:16:09:a2:0f:f4:b4:f7:ce:b0:98:06:0a:79:aa:29:7b:e3:60:98:5d:48:06:06:7b" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:23.329857000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494483.329857000", - "frame.time_delta": "0.060365000", - "frame.time_delta_displayed": "0.060365000", - "frame.time_relative": "891.869171000", - "frame.number": "3382", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002cce", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038b1", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "10245", - "tcp.ack": "44834", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000061ce", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:62:4c:00:26:0d:4b", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812174924, TSecr 2493771": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812174924", - "tcp.options.timestamp.tsecr": "2493771" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3381", - "tcp.analysis.ack_rtt": "0.060365000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:23.434548000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494483.434548000", - "frame.time_delta": "0.104691000", - "frame.time_delta_displayed": "0.104691000", - "frame.time_relative": "891.973862000", - "frame.number": "3383", - "frame.len": "218", - "frame.cap_len": "218", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "204", - "ip.id": "0x000095ca", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000771d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "152", - "tcp.seq": "44834", - "tcp.nxtseq": "44986", - "tcp.ack": "10245", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000075e3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:0d:5c:a7:9e:62:4c", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2493788, TSecr 2812174924": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2493788", - "tcp.options.timestamp.tsecr": "2812174924" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "152", - "tcp.analysis.push_bytes_sent": "152" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "147", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:86:df:bc:88:53:66:27:fc:72:09:68:5a:df:eb:c5:da:87:da:b6:06:d8:ea:85:27:b8:d6:f8:13:03:61:92:ec:6b:eb:86:11:e2:99:16:4e:02:da:5e:34:b9:0c:80:73:85:0e:f8:b3:c7:5a:3f:0b:aa:fe:f3:07:78:54:a3:79:52:c5:c0:43:a9:6d:00:2d:43:47:14:61:56:f4:35:c6:e6:79:41:e3:ac:ce:54:ee:d5:3d:0a:32:01:fd:d1:de:6d:07:6f:ce:98:69:fc:78:a2:d7:00:7f:a0:08:0f:8b:1d:74:16:34:e7:b6:78:17:7b:54:b1:73:c6:65:0d:8b:5a:66:e2:63:dc:bc:75:b9:38:d4:fc:44" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:23.455514000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494483.455514000", - "frame.time_delta": "0.020966000", - "frame.time_delta_displayed": "0.020966000", - "frame.time_relative": "891.994828000", - "frame.number": "3384", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "94:10:3e:36:60:09", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "94:10:3e:36:60:09", - "arp.src.proto_ipv4": "192.168.0.225", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.242" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:23.455945000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494483.455945000", - "frame.time_delta": "0.000431000", - "frame.time_delta_displayed": "0.000431000", - "frame.time_relative": "891.995259000", - "frame.number": "3385", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "94:10:3e:36:60:09", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "d0:52:a8:a3:60:0f", - "arp.src.proto_ipv4": "192.168.0.242", - "arp.dst.hw_mac": "94:10:3e:36:60:09", - "arp.dst.proto_ipv4": "192.168.0.225" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:23.462923000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494483.462923000", - "frame.time_delta": "0.006978000", - "frame.time_delta_displayed": "0.006978000", - "frame.time_relative": "892.002237000", - "frame.number": "3386", - "frame.len": "450", - "frame.cap_len": "450", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "94:10:3e:36:60:09", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "436", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000b615", - "ip.checksum.status": "2", - "ip.src": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.src_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "3077", - "udp.dstport": "10024", - "udp.port": "3077", - "udp.port": "10024", - "udp.length": "416", - "udp.checksum": "0x0000f982", - "udp.checksum.status": "2", - "udp.stream": "93" - }, - "data": { - "data.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:41:43:48:45:2d:43:4f:4e:54:52:4f:4c:3a:20:6d:61:78:2d:61:67:65:3d:38:36:34:30:30:0d:0a:44:41:54:45:3a:20:57:65:64:2c:20:30:31:20:4e:6f:76:20:32:30:31:37:20:30:30:3a:30:31:3a:32:33:20:47:4d:54:0d:0a:45:58:54:3a:0d:0a:4c:4f:43:41:54:49:4f:4e:3a:20:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:32:32:35:3a:34:39:31:35:33:2f:73:65:74:75:70:2e:78:6d:6c:0d:0a:4f:50:54:3a:20:22:68:74:74:70:3a:2f:2f:73:63:68:65:6d:61:73:2e:75:70:6e:70:2e:6f:72:67:2f:75:70:6e:70:2f:31:2f:30:2f:22:3b:20:6e:73:3d:30:31:0d:0a:30:31:2d:4e:4c:53:3a:20:61:35:61:35:62:30:39:36:2d:31:64:64:31:2d:31:31:62:32:2d:62:64:62:38:2d:38:32:36:39:32:65:66:62:30:64:37:65:0d:0a:53:45:52:56:45:52:3a:20:55:6e:73:70:65:63:69:66:69:65:64:2c:20:55:50:6e:50:2f:31:2e:30:2c:20:55:6e:73:70:65:63:69:66:69:65:64:0d:0a:58:2d:55:73:65:72:2d:41:67:65:6e:74:3a:20:72:65:64:73:6f:6e:69:63:0d:0a:53:54:3a:20:75:72:6e:3a:42:65:6c:6b:69:6e:3a:64:65:76:69:63:65:3a:63:6f:6e:74:72:6f:6c:6c:65:65:3a:31:0d:0a:55:53:4e:3a:20:75:75:69:64:3a:53:6f:63:6b:65:74:2d:31:5f:30:2d:32:32:31:35:32:33:4b:30:31:30:30:42:31:31:3a:3a:75:72:6e:3a:42:65:6c:6b:69:6e:3a:64:65:76:69:63:65:3a:63:6f:6e:74:72:6f:6c:6c:65:65:3a:31:0d:0a:0d:0a", - "data.len": "408" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:23.494756000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494483.494756000", - "frame.time_delta": "0.031833000", - "frame.time_delta_displayed": "0.031833000", - "frame.time_relative": "892.034070000", - "frame.number": "3387", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002ccf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038b0", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "10245", - "tcp.ack": "44986", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000060fb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:62:76:00:26:0d:5c", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812174966, TSecr 2493788": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812174966", - "tcp.options.timestamp.tsecr": "2493788" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3383", - "tcp.analysis.ack_rtt": "0.060208000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:23.495260000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494483.495260000", - "frame.time_delta": "0.000504000", - "frame.time_delta_displayed": "0.000504000", - "frame.time_relative": "892.034574000", - "frame.number": "3388", - "frame.len": "231", - "frame.cap_len": "231", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "217", - "ip.id": "0x000095cb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000770f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "165", - "tcp.seq": "44986", - "tcp.nxtseq": "45151", - "tcp.ack": "10245", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00001d7b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:0d:62:a7:9e:62:76", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2493794, TSecr 2812174966": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2493794", - "tcp.options.timestamp.tsecr": "2812174966" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "165", - "tcp.analysis.push_bytes_sent": "165" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "160", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:87:77:4d:3d:ee:bb:0a:d6:98:66:8a:11:69:0c:4d:5c:52:d5:e8:56:c3:5e:8f:46:0b:1d:62:0a:d5:a2:60:2a:b7:38:aa:4f:7e:2a:6e:ed:55:23:1b:5a:dc:d1:30:67:09:8e:f0:78:01:9f:3a:62:83:5a:bc:aa:17:92:d2:24:6e:95:2a:92:da:a6:49:21:40:ef:73:8d:f3:64:3b:e8:a7:28:c0:d7:8c:87:83:c9:2e:5b:b2:52:b2:b6:1c:83:5e:51:4b:b7:d5:89:29:50:75:2f:93:85:62:28:33:e6:c3:ca:b7:46:2e:d0:90:ee:99:63:9f:0d:97:ac:33:a5:3e:c2:5d:17:13:91:6c:65:2c:5c:4e:bc:d2:0c:df:40:a0:11:f1:3d:81:66:e5:9b:38" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:23.555584000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494483.555584000", - "frame.time_delta": "0.060324000", - "frame.time_delta_displayed": "0.060324000", - "frame.time_relative": "892.094898000", - "frame.number": "3389", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002cd0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038af", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "10245", - "tcp.ack": "45151", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00006041", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:62:85:00:26:0d:62", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812174981, TSecr 2493794": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812174981", - "tcp.options.timestamp.tsecr": "2493794" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3388", - "tcp.analysis.ack_rtt": "0.060324000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:23.556093000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494483.556093000", - "frame.time_delta": "0.000509000", - "frame.time_delta_displayed": "0.000509000", - "frame.time_relative": "892.095407000", - "frame.number": "3390", - "frame.len": "382", - "frame.cap_len": "382", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "368", - "ip.id": "0x000095cc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007677", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "316", - "tcp.seq": "45151", - "tcp.nxtseq": "45467", - "tcp.ack": "10245", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000bb1b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:0d:68:a7:9e:62:85", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2493800, TSecr 2812174981": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2493800", - "tcp.options.timestamp.tsecr": "2812174981" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "316", - "tcp.analysis.push_bytes_sent": "316" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "156", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:88:85:3c:ba:72:89:9d:b2:0c:e8:8e:31:d7:92:f8:34:35:4a:7b:2e:0f:1b:8a:e7:6c:08:91:5e:4e:2d:e5:fd:c8:3a:e2:0a:1f:88:f4:62:3e:cd:c8:70:d9:11:28:55:79:e7:21:64:f5:0e:f9:5c:06:e7:b3:a5:04:11:3b:6b:7b:5b:25:5f:9e:37:a5:56:35:b1:c0:f0:20:b8:63:84:5d:5c:0d:b1:85:48:72:de:ef:f1:ca:50:ea:72:bf:f7:02:cf:0e:3c:53:77:24:fc:23:21:d1:0f:62:7c:f2:1e:69:ee:45:bf:31:09:2d:8a:2d:da:2d:f9:1a:72:9b:0b:8c:3f:6e:e3:5c:ac:49:d0:ae:7f:bd:88:1a:89:5f:4a:aa:75:ed:2d:8a" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "150", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:89:ae:86:f3:a8:ec:c9:99:7f:d6:e4:26:01:73:91:ae:98:a4:5c:85:d2:bd:e9:e1:29:1c:7a:a9:76:2a:da:37:83:81:75:1a:73:a6:a1:25:83:90:1c:5a:bb:c1:b8:15:c6:45:3e:76:34:99:a5:7a:e1:40:b8:98:82:e5:20:30:92:b6:ce:41:da:92:38:34:ed:a4:e8:ec:20:ef:82:da:6e:9c:c1:c1:0f:b6:ba:7d:ba:2f:0d:23:23:e7:ed:3b:e1:3a:74:1b:fa:c4:2e:9e:02:e2:bd:b7:ef:05:a9:b8:ca:a3:90:6c:09:a3:d3:1d:f8:2d:35:f3:a3:38:ef:d1:b5:29:c7:ad:63:e0:55:0b:e5:96:49:9a:30:fe:d4" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:23.616230000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494483.616230000", - "frame.time_delta": "0.060137000", - "frame.time_delta_displayed": "0.060137000", - "frame.time_relative": "892.155544000", - "frame.number": "3391", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002cd1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038ae", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "10245", - "tcp.ack": "45467", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00005ef0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:62:94:00:26:0d:68", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812174996, TSecr 2493800": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812174996", - "tcp.options.timestamp.tsecr": "2493800" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3390", - "tcp.analysis.ack_rtt": "0.060137000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:24.433147000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494484.433147000", - "frame.time_delta": "0.816917000", - "frame.time_delta_displayed": "0.816917000", - "frame.time_relative": "892.972461000", - "frame.number": "3392", - "frame.len": "218", - "frame.cap_len": "218", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "204", - "ip.id": "0x000095cd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000771a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "152", - "tcp.seq": "45467", - "tcp.nxtseq": "45619", - "tcp.ack": "10245", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00008a96", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:0d:c0:a7:9e:62:94", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2493888, TSecr 2812174996": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2493888", - "tcp.options.timestamp.tsecr": "2812174996" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "152", - "tcp.analysis.push_bytes_sent": "152" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "147", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:8a:b7:bb:f5:bc:b9:12:c7:f6:a1:05:de:53:eb:53:da:59:f5:3e:e1:7a:92:ba:65:b1:18:72:dc:f9:27:5f:0c:e3:26:f2:f0:c8:8d:01:d3:98:f0:29:80:19:ee:69:ed:f9:34:78:57:47:92:54:67:cc:7d:26:ed:f1:39:d9:e8:fc:0d:86:74:0e:b6:66:da:bc:58:10:86:6f:38:9e:a7:3c:f7:27:03:38:17:bd:32:81:81:b6:b1:8d:7d:04:80:7f:67:e0:ce:46:e3:77:a6:6f:d1:f5:59:1f:80:ba:97:7f:59:33:05:e2:83:31:60:74:2d:38:0b:59:2d:9b:e4:0b:46:d3:89:af:60:ec:d7:cc:36:ae:f6" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:24.493320000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494484.493320000", - "frame.time_delta": "0.060173000", - "frame.time_delta_displayed": "0.060173000", - "frame.time_relative": "893.032634000", - "frame.number": "3393", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002cd2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038ad", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "10245", - "tcp.ack": "45619", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00005d25", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:63:6f:00:26:0d:c0", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812175215, TSecr 2493888": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812175215", - "tcp.options.timestamp.tsecr": "2493888" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3392", - "tcp.analysis.ack_rtt": "0.060173000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:24.493842000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494484.493842000", - "frame.time_delta": "0.000522000", - "frame.time_delta_displayed": "0.000522000", - "frame.time_relative": "893.033156000", - "frame.number": "3394", - "frame.len": "227", - "frame.cap_len": "227", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "213", - "ip.id": "0x000095ce", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007710", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "161", - "tcp.seq": "45619", - "tcp.nxtseq": "45780", - "tcp.ack": "10245", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000d20e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:0d:c6:a7:9e:63:6f", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2493894, TSecr 2812175215": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2493894", - "tcp.options.timestamp.tsecr": "2812175215" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "161", - "tcp.analysis.push_bytes_sent": "161" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "156", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:8b:ea:2b:73:d4:3e:88:6b:29:0a:a7:08:50:50:c4:99:ee:a3:3a:1f:da:0e:a6:67:12:e2:c5:d5:f9:65:aa:5c:07:99:f0:b8:39:f8:bd:0b:60:95:a2:91:ef:d0:3a:31:1f:44:67:00:c3:09:94:16:1a:45:08:fa:55:d1:87:ed:ca:3d:0c:73:16:6f:e4:74:93:32:70:1c:d9:85:f0:cc:8a:bd:38:8a:09:00:d6:93:a7:58:90:a9:d1:85:94:42:2e:56:1a:24:c6:24:6e:b9:19:0f:32:91:f6:58:42:78:06:2e:d3:22:f8:29:89:c4:ff:80:a4:3f:c2:35:6a:fd:37:ec:46:45:a4:7a:4d:43:2b:0c:cf:76:67:c9:8b:d3:cb:bb:83:17:43" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:24.554006000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494484.554006000", - "frame.time_delta": "0.060164000", - "frame.time_delta_displayed": "0.060164000", - "frame.time_relative": "893.093320000", - "frame.number": "3395", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002cd3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038ac", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "10245", - "tcp.ack": "45780", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00005c6f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:63:7e:00:26:0d:c6", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812175230, TSecr 2493894": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812175230", - "tcp.options.timestamp.tsecr": "2493894" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3394", - "tcp.analysis.ack_rtt": "0.060164000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:24.554487000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494484.554487000", - "frame.time_delta": "0.000481000", - "frame.time_delta_displayed": "0.000481000", - "frame.time_relative": "893.093801000", - "frame.number": "3396", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x000095cf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007715", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "155", - "tcp.seq": "45780", - "tcp.nxtseq": "45935", - "tcp.ack": "10245", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000d3c4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:0d:cc:a7:9e:63:7e", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2493900, TSecr 2812175230": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2493900", - "tcp.options.timestamp.tsecr": "2812175230" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "155", - "tcp.analysis.push_bytes_sent": "155" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "150", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:8c:df:4d:cd:c1:db:e0:b0:a5:61:44:90:dc:6c:85:ce:41:cb:3f:8c:78:88:22:b5:59:58:1f:a5:63:0b:6b:f7:3b:7d:18:0a:e9:68:81:32:34:6d:b5:dc:79:2d:33:08:85:40:f0:ea:7e:01:a9:ea:10:fe:e6:12:62:55:32:7c:b7:40:dd:46:7c:25:56:49:9c:6e:91:b2:40:cf:84:aa:14:36:da:b0:bb:cf:6c:72:86:1d:b3:8f:f4:c9:65:c7:69:7f:04:4b:b5:c0:81:c3:31:4d:9d:b2:8e:ab:db:cf:18:61:ed:ee:68:61:88:25:66:60:e9:fc:6e:88:cd:05:0b:bc:44:bd:0d:bd:45:91:a3:07:e4:91:df:71:fc" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:24.615055000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494484.615055000", - "frame.time_delta": "0.060568000", - "frame.time_delta_displayed": "0.060568000", - "frame.time_relative": "893.154369000", - "frame.number": "3397", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002cd4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038ab", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "10245", - "tcp.ack": "45935", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00005bbe", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:63:8e:00:26:0d:cc", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812175246, TSecr 2493900": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812175246", - "tcp.options.timestamp.tsecr": "2493900" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3396", - "tcp.analysis.ack_rtt": "0.060568000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:25.240483000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494485.240483000", - "frame.time_delta": "0.625428000", - "frame.time_delta_displayed": "0.625428000", - "frame.time_relative": "893.779797000", - "frame.number": "3398", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "106", - "ip.id": "0x000095d0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007779", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "54", - "tcp.seq": "45935", - "tcp.nxtseq": "45989", - "tcp.ack": "10245", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00003098", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:0e:10:a7:9e:63:8e", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2493968, TSecr 2812175246": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2493968", - "tcp.options.timestamp.tsecr": "2812175246" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "54", - "tcp.analysis.push_bytes_sent": "54" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:8d:d9:2e:57:68:32:10:63:c6:81:0c:1c:d0:a4:9b:c5:93:29:de:a5:ad:25:4c:11:db:24:77:f0:48:9e:e5:af:c6:bd:26:92:53:e2:d0:0d:b1:1c" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:25.300638000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494485.300638000", - "frame.time_delta": "0.060155000", - "frame.time_delta_displayed": "0.060155000", - "frame.time_relative": "893.839952000", - "frame.number": "3399", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002cd5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038aa", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "10245", - "tcp.ack": "45989", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00005a99", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:64:39:00:26:0e:10", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812175417, TSecr 2493968": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812175417", - "tcp.options.timestamp.tsecr": "2493968" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3398", - "tcp.analysis.ack_rtt": "0.060155000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:25.394059000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494485.394059000", - "frame.time_delta": "0.093421000", - "frame.time_delta_displayed": "0.093421000", - "frame.time_relative": "893.933373000", - "frame.number": "3400", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "14:91:82:25:10:77", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "14:91:82:25:10:77", - "arp.src.proto_ipv4": "192.168.0.65", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.242" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:25.394495000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494485.394495000", - "frame.time_delta": "0.000436000", - "frame.time_delta_displayed": "0.000436000", - "frame.time_relative": "893.933809000", - "frame.number": "3401", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "14:91:82:25:10:77", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "d0:52:a8:a3:60:0f", - "arp.src.proto_ipv4": "192.168.0.242", - "arp.dst.hw_mac": "14:91:82:25:10:77", - "arp.dst.proto_ipv4": "192.168.0.65" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:26.204947000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494486.204947000", - "frame.time_delta": "0.810452000", - "frame.time_delta_displayed": "0.810452000", - "frame.time_relative": "894.744261000", - "frame.number": "3402", - "frame.len": "142", - "frame.cap_len": "142", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "128", - "ip.id": "0x00002cd6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000385d", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "76", - "tcp.seq": "10245", - "tcp.nxtseq": "10321", - "tcp.ack": "45989", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000264e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:65:1b:00:26:0e:10", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812175643, TSecr 2493968": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812175643", - "tcp.options.timestamp.tsecr": "2493968" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "76", - "tcp.analysis.push_bytes_sent": "76" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "71", - "ssl.app_data": "34:cd:34:17:47:48:0e:73:31:96:52:c1:53:00:0d:53:67:d8:ff:df:08:ac:61:8c:82:57:47:85:80:47:2b:8e:16:d4:5a:fc:d4:05:1e:bf:c0:44:51:e6:50:e2:9f:2f:f1:6e:4c:29:71:6f:dc:06:d6:37:4e:82:5c:7c:2c:f2:28:25:c4:6b:49:49:51" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:26.209290000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494486.209290000", - "frame.time_delta": "0.004343000", - "frame.time_delta_displayed": "0.004343000", - "frame.time_relative": "894.748604000", - "frame.number": "3403", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x000095d1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000777f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "45989", - "tcp.nxtseq": "46036", - "tcp.ack": "10321", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000e2e2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:0e:71:a7:9e:65:1b", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2494065, TSecr 2812175643": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2494065", - "tcp.options.timestamp.tsecr": "2812175643" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3402", - "tcp.analysis.ack_rtt": "0.004343000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:8e:83:83:e7:f7:25:82:90:24:80:71:ba:e0:b1:3c:f3:50:dc:c0:96:c1:ce:d2:b1:58:8f:21:83:66:49:d6:3d:0d:52:cb" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:26.224136000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494486.224136000", - "frame.time_delta": "0.014846000", - "frame.time_delta_displayed": "0.014846000", - "frame.time_relative": "894.763450000", - "frame.number": "3404", - "frame.len": "153", - "frame.cap_len": "153", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "139", - "ip.id": "0x00008b54", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00003e78", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "10023", - "udp.dstport": "1900", - "udp.port": "10023", - "udp.port": "1900", - "udp.length": "119", - "udp.checksum": "0x0000482d", - "udp.checksum.status": "2", - "udp.stream": "88" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.request.line": "MX: 4\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST:239.255.255.250:1900\r\n", - "http.request.line": "ST: urn:Belkin:device:sensor:1\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "4", - "http.prev_request_in": "3352" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:26.269633000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494486.269633000", - "frame.time_delta": "0.045497000", - "frame.time_delta_displayed": "0.045497000", - "frame.time_relative": "894.808947000", - "frame.number": "3405", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002cd7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038a8", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "10321", - "tcp.ack": "46036", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000058cb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:65:2b:00:26:0e:71", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812175659, TSecr 2494065": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812175659", - "tcp.options.timestamp.tsecr": "2494065" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3403", - "tcp.analysis.ack_rtt": "0.060343000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:26.270078000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494486.270078000", - "frame.time_delta": "0.000445000", - "frame.time_delta_displayed": "0.000445000", - "frame.time_relative": "894.809392000", - "frame.number": "3406", - "frame.len": "174", - "frame.cap_len": "174", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "160", - "ip.id": "0x000095d2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007741", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "108", - "tcp.seq": "46036", - "tcp.nxtseq": "46144", - "tcp.ack": "10321", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00007529", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:0e:77:a7:9e:65:2b", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2494071, TSecr 2812175659": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2494071", - "tcp.options.timestamp.tsecr": "2812175659" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "108", - "tcp.analysis.push_bytes_sent": "108" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:8f:fc:cf:4e:26:b9:33:59:24:33:12:c4:79:9c:df:2b:ff:03:d9:ca:d1:41:06:5f:f9:a8:2a:83:36:12:f8:25:40:4e:23:66:f9:b7:f3:75:e5:5f" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:90:24:7d:03:f0:ca:3b:8d:02:9c:9b:f2:26:92:64:f2:d5:d7:61:1d:fc:a2:60:0b:04:e7:ee:9d:52:38:7c:6f:f0:99:00:c5:8b:bf:29:7d:f1:c5" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:26.330369000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494486.330369000", - "frame.time_delta": "0.060291000", - "frame.time_delta_displayed": "0.060291000", - "frame.time_relative": "894.869683000", - "frame.number": "3407", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002cd8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038a7", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "10321", - "tcp.ack": "46144", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000584a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:65:3a:00:26:0e:77", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812175674, TSecr 2494071": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812175674", - "tcp.options.timestamp.tsecr": "2494071" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3406", - "tcp.analysis.ack_rtt": "0.060291000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:26.431570000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494486.431570000", - "frame.time_delta": "0.101201000", - "frame.time_delta_displayed": "0.101201000", - "frame.time_relative": "894.970884000", - "frame.number": "3408", - "frame.len": "218", - "frame.cap_len": "218", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "204", - "ip.id": "0x000095d3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007714", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "152", - "tcp.seq": "46144", - "tcp.nxtseq": "46296", - "tcp.ack": "10321", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000d213", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:0e:87:a7:9e:65:3a", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2494087, TSecr 2812175674": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2494087", - "tcp.options.timestamp.tsecr": "2812175674" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "152", - "tcp.analysis.push_bytes_sent": "152" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "147", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:91:90:80:98:1b:84:9b:95:0f:f9:b5:7f:fb:62:45:77:f2:e6:57:de:f2:05:83:4a:59:60:49:3f:e7:7f:2a:be:f7:da:3a:72:d0:eb:a0:92:bc:a2:07:2d:e6:5c:c5:29:32:a5:83:e9:d0:78:4f:3e:15:c8:8d:c1:05:eb:ea:57:ad:8b:45:09:a6:a6:89:fa:76:30:53:b4:f5:ce:58:be:d6:66:d8:50:54:03:46:42:aa:59:22:9c:72:4b:96:79:7e:05:10:d0:2a:3e:7a:e7:05:b5:14:4f:0b:b8:49:c6:52:04:6a:84:40:a8:47:13:2d:38:15:14:bc:3f:fc:24:43:44:80:82:44:b9:4f:22:c7:70:fd:d2" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:26.491834000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494486.491834000", - "frame.time_delta": "0.060264000", - "frame.time_delta_displayed": "0.060264000", - "frame.time_relative": "895.031148000", - "frame.number": "3409", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002cd9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038a6", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "10321", - "tcp.ack": "46296", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00005779", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:65:63:00:26:0e:87", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812175715, TSecr 2494087": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812175715", - "tcp.options.timestamp.tsecr": "2494087" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3408", - "tcp.analysis.ack_rtt": "0.060264000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:26.492322000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494486.492322000", - "frame.time_delta": "0.000488000", - "frame.time_delta_displayed": "0.000488000", - "frame.time_relative": "895.031636000", - "frame.number": "3410", - "frame.len": "227", - "frame.cap_len": "227", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "213", - "ip.id": "0x000095d4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000770a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "161", - "tcp.seq": "46296", - "tcp.nxtseq": "46457", - "tcp.ack": "10321", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00003d67", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:0e:8e:a7:9e:65:63", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2494094, TSecr 2812175715": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2494094", - "tcp.options.timestamp.tsecr": "2812175715" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "161", - "tcp.analysis.push_bytes_sent": "161" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "156", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:92:5f:f2:16:55:51:c4:3e:71:23:6d:e5:c6:ff:2f:a0:46:03:d5:3e:9c:be:d5:29:1e:1c:87:4c:06:8e:5c:1b:35:c3:63:a3:9d:2f:c4:f2:2e:b7:f7:ea:5b:e0:3d:09:0b:6c:54:84:72:94:6c:bc:91:11:1c:82:a5:77:6a:d2:10:d5:4b:39:c0:fa:51:a2:26:db:37:16:bc:16:68:e2:be:52:36:77:9f:cc:0c:3d:ef:52:38:27:a5:ff:71:2a:7b:e9:54:1f:08:f6:c4:5f:78:4c:50:35:9a:1f:83:a0:c6:b3:74:ad:2a:cf:01:5f:aa:e8:c7:7a:65:60:e3:91:10:9d:ea:1c:e8:08:30:64:e3:64:e4:52:4a:79:05:d7:a6:83:49:ec:52" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:26.552708000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494486.552708000", - "frame.time_delta": "0.060386000", - "frame.time_delta_displayed": "0.060386000", - "frame.time_relative": "895.092022000", - "frame.number": "3411", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002cda", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038a5", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "10321", - "tcp.ack": "46457", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000056c2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:65:72:00:26:0e:8e", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812175730, TSecr 2494094": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812175730", - "tcp.options.timestamp.tsecr": "2494094" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3410", - "tcp.analysis.ack_rtt": "0.060386000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:26.553206000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494486.553206000", - "frame.time_delta": "0.000498000", - "frame.time_delta_displayed": "0.000498000", - "frame.time_relative": "895.092520000", - "frame.number": "3412", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x000095d5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000770f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "155", - "tcp.seq": "46457", - "tcp.nxtseq": "46612", - "tcp.ack": "10321", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000035e0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:0e:94:a7:9e:65:72", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2494100, TSecr 2812175730": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2494100", - "tcp.options.timestamp.tsecr": "2812175730" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "155", - "tcp.analysis.push_bytes_sent": "155" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "150", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:93:b8:6a:2d:8e:8c:a0:a3:7c:31:b2:58:40:63:67:f5:83:7c:eb:4f:37:0d:12:91:ba:8b:c5:4f:50:d7:3f:f8:1d:bf:7d:9c:3e:53:90:e4:de:f0:4f:47:83:44:b0:f5:d1:d1:3f:51:ee:e6:c9:8c:de:a4:5a:b9:ab:a9:74:4a:e6:c5:4a:25:f7:a3:69:61:04:77:c2:39:75:1c:5b:0b:ba:1e:bc:5e:81:84:83:17:c4:f1:83:95:87:48:a0:87:8f:b9:ec:0c:75:96:75:20:4a:f0:3e:1a:c2:31:2b:5f:41:c8:a7:57:80:9e:82:84:77:c2:d6:06:8b:f6:f6:68:52:b5:b7:24:65:db:a0:67:b9:25:c5:ce:7e:5b:3b" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:26.613537000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494486.613537000", - "frame.time_delta": "0.060331000", - "frame.time_delta_displayed": "0.060331000", - "frame.time_relative": "895.152851000", - "frame.number": "3413", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002cdb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038a4", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "10321", - "tcp.ack": "46612", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00005612", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:65:81:00:26:0e:94", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812175745, TSecr 2494100": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812175745", - "tcp.options.timestamp.tsecr": "2494100" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3412", - "tcp.analysis.ack_rtt": "0.060331000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:27.008417000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494487.008417000", - "frame.time_delta": "0.394880000", - "frame.time_delta_displayed": "0.394880000", - "frame.time_relative": "895.547731000", - "frame.number": "3414", - "frame.len": "83", - "frame.cap_len": "83", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "69", - "ip.id": "0x0000944a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00004544", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "49", - "udp.checksum": "0x0000edf6", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_smartthings._tcp.local", - "dns.qry.name.len": "23", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:27.015665000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494487.015665000", - "frame.time_delta": "0.007248000", - "frame.time_delta_displayed": "0.007248000", - "frame.time_relative": "895.554979000", - "frame.number": "3415", - "frame.len": "211", - "frame.cap_len": "211", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "197", - "ip.id": "0x000030ba", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000a7d7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "177", - "udp.checksum": "0x00009320", - "udp.checksum.status": "2", - "udp.stream": "45" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00008400", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "1", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.recavail": "0", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "0", - "dns.count.answers": "4", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Answers": { - "_smartthings._tcp.local: type PTR, class IN, D052A8A1D7EE0001._smartthings._tcp.local": { - "dns.resp.name": "_smartthings._tcp.local", - "dns.resp.type": "12", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "4500", - "dns.resp.len": "19", - "dns.ptr.domain_name": "D052A8A1D7EE0001._smartthings._tcp.local" - }, - "D052A8A1D7EE0001._smartthings._tcp.local: type TXT, class IN, cache flush": { - "dns.resp.name": "D052A8A1D7EE0001._smartthings._tcp.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "1", - "dns.resp.ttl": "4500", - "dns.resp.len": "38", - "dns.txt.length": "6", - "dns.txt": "path=\/", - "dns.txt.length": "19", - "dns.txt": "id=D052A8A1D7EE0001", - "dns.txt.length": "10", - "dns.txt": "type=hubv2" - }, - "D052A8A1D7EE0001._smartthings._tcp.local: type SRV, class IN, cache flush, priority 0, weight 0, port 8081, target D052A8A1D7EE0001.local": { - "dns.srv.service": "D052A8A1D7EE0001", - "dns.srv.proto": "_smartthings", - "dns.srv.name": "_tcp.local", - "dns.resp.type": "33", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "1", - "dns.resp.ttl": "120", - "dns.resp.len": "25", - "dns.srv.priority": "0", - "dns.srv.weight": "0", - "dns.srv.port": "8081", - "dns.srv.target": "D052A8A1D7EE0001.local" - }, - "D052A8A1D7EE0001.local: type A, class IN, cache flush, addr 192.168.0.242": { - "dns.resp.name": "D052A8A1D7EE0001.local", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "1", - "dns.resp.ttl": "120", - "dns.resp.len": "4", - "dns.a": "192.168.0.242" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:27.234761000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494487.234761000", - "frame.time_delta": "0.219096000", - "frame.time_delta_displayed": "0.219096000", - "frame.time_relative": "895.774075000", - "frame.number": "3416", - "frame.len": "83", - "frame.cap_len": "83", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "69", - "ip.id": "0x0000944c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00004542", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "49", - "udp.checksum": "0x0000edf6", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_smartthings._tcp.local", - "dns.qry.name.len": "23", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:27.463746000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494487.463746000", - "frame.time_delta": "0.228985000", - "frame.time_delta_displayed": "0.228985000", - "frame.time_relative": "896.003060000", - "frame.number": "3417", - "frame.len": "83", - "frame.cap_len": "83", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "69", - "ip.id": "0x0000948c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00004502", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "49", - "udp.checksum": "0x0000edf6", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_smartthings._tcp.local", - "dns.qry.name.len": "23", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:27.489693000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494487.489693000", - "frame.time_delta": "0.025947000", - "frame.time_delta_displayed": "0.025947000", - "frame.time_relative": "896.029007000", - "frame.number": "3418", - "frame.len": "218", - "frame.cap_len": "218", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "204", - "ip.id": "0x000095d6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007711", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "152", - "tcp.seq": "46612", - "tcp.nxtseq": "46764", - "tcp.ack": "10321", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000ad1a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:0e:f1:a7:9e:65:81", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2494193, TSecr 2812175745": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2494193", - "tcp.options.timestamp.tsecr": "2812175745" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "152", - "tcp.analysis.push_bytes_sent": "152" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "147", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:94:59:df:89:c2:5e:69:57:fb:a4:10:9f:d1:ef:ae:d0:5b:dd:51:12:20:11:30:37:8b:42:8c:cb:6c:df:f2:22:c7:44:2c:67:be:4a:e4:34:9b:d7:ef:13:bb:a6:fb:f4:42:46:ee:1c:d0:40:9c:72:ca:c8:e0:69:d2:08:8b:a5:60:8d:ca:dc:49:94:f7:c8:b4:2c:4e:61:42:95:9b:09:5d:74:80:58:31:3b:93:b8:29:1c:4c:2e:91:fd:8e:15:a2:5b:52:e5:f5:38:35:6c:92:b1:de:df:c4:5d:ec:b6:dc:84:2d:a5:d2:67:49:9d:b3:6b:eb:b2:4f:1d:3e:32:12:84:e2:1b:77:bf:c4:b6:68:fe:6a:09" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:27.549988000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494487.549988000", - "frame.time_delta": "0.060295000", - "frame.time_delta_displayed": "0.060295000", - "frame.time_relative": "896.089302000", - "frame.number": "3419", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002cdc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038a3", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "10321", - "tcp.ack": "46764", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00005433", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:66:6b:00:26:0e:f1", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812175979, TSecr 2494193": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812175979", - "tcp.options.timestamp.tsecr": "2494193" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3418", - "tcp.analysis.ack_rtt": "0.060295000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:27.550470000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494487.550470000", - "frame.time_delta": "0.000482000", - "frame.time_delta_displayed": "0.000482000", - "frame.time_relative": "896.089784000", - "frame.number": "3420", - "frame.len": "227", - "frame.cap_len": "227", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "213", - "ip.id": "0x000095d7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007707", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "161", - "tcp.seq": "46764", - "tcp.nxtseq": "46925", - "tcp.ack": "10321", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000034c9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:0e:f7:a7:9e:66:6b", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2494199, TSecr 2812175979": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2494199", - "tcp.options.timestamp.tsecr": "2812175979" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "161", - "tcp.analysis.push_bytes_sent": "161" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "156", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:95:aa:40:0f:76:7b:2d:08:51:24:0f:4b:05:d1:b9:32:6a:74:14:8d:e9:77:2e:4d:3d:54:e9:c3:06:79:3d:e5:74:17:f1:bf:1e:b3:21:1d:6c:ee:17:7c:7c:fb:90:07:e8:a4:07:68:a1:23:1b:84:e0:6a:f5:c3:aa:c6:eb:a8:af:eb:09:48:03:1e:8f:5b:e0:eb:79:1c:18:24:51:d2:51:9e:7a:dc:b1:b7:d5:41:71:05:57:fd:37:8d:71:0c:16:c3:74:58:81:2e:dc:d6:0d:eb:61:28:39:df:1f:3b:01:73:cf:6d:91:02:47:17:cc:92:8b:be:6a:59:66:00:5f:db:b2:58:fc:94:2b:b6:c9:34:72:9e:12:e1:a2:23:b4:c5:f1:86:97" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:27.610867000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494487.610867000", - "frame.time_delta": "0.060397000", - "frame.time_delta_displayed": "0.060397000", - "frame.time_relative": "896.150181000", - "frame.number": "3421", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002cdd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038a2", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "10321", - "tcp.ack": "46925", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000537c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:66:7b:00:26:0e:f7", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812175995, TSecr 2494199": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812175995", - "tcp.options.timestamp.tsecr": "2494199" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3420", - "tcp.analysis.ack_rtt": "0.060397000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:27.611356000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494487.611356000", - "frame.time_delta": "0.000489000", - "frame.time_delta_displayed": "0.000489000", - "frame.time_relative": "896.150670000", - "frame.number": "3422", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x000095d8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000770c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "155", - "tcp.seq": "46925", - "tcp.nxtseq": "47080", - "tcp.ack": "10321", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000a1d7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:0e:fd:a7:9e:66:7b", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2494205, TSecr 2812175995": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2494205", - "tcp.options.timestamp.tsecr": "2812175995" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "155", - "tcp.analysis.push_bytes_sent": "155" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "150", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:96:38:d4:dd:19:4c:77:22:bc:af:ec:8d:58:f7:11:9a:1b:42:6e:c5:d7:02:53:03:4a:b5:57:00:77:f6:97:10:bf:2b:9e:f8:af:3a:23:73:d5:4b:32:a8:ce:44:c7:db:1b:b8:47:3f:5c:cb:24:06:0a:4d:e1:47:49:26:78:17:61:0b:0c:eb:7f:18:a0:8d:31:50:e0:d2:3f:cd:1e:47:1b:a9:33:be:99:76:9b:41:96:72:eb:ee:0a:e6:7d:26:7c:0a:67:4b:b3:ca:64:90:63:44:24:af:5b:68:16:ab:43:8c:42:50:5e:37:c4:e3:0a:1c:88:0f:76:c8:b6:66:06:cd:62:57:8f:b5:fe:f5:b8:82:49:aa:ba:e1:d1" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:27.671663000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494487.671663000", - "frame.time_delta": "0.060307000", - "frame.time_delta_displayed": "0.060307000", - "frame.time_relative": "896.210977000", - "frame.number": "3423", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002cde", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038a1", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "10321", - "tcp.ack": "47080", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000052cc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:66:8a:00:26:0e:fd", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812176010, TSecr 2494205": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812176010", - "tcp.options.timestamp.tsecr": "2494205" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3422", - "tcp.analysis.ack_rtt": "0.060307000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:28.247439000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494488.247439000", - "frame.time_delta": "0.575776000", - "frame.time_delta_displayed": "0.575776000", - "frame.time_relative": "896.786753000", - "frame.number": "3424", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "106", - "ip.id": "0x000095d9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007770", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "54", - "tcp.seq": "47080", - "tcp.nxtseq": "47134", - "tcp.ack": "10321", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000a04e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:0f:3d:a7:9e:66:8a", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2494269, TSecr 2812176010": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2494269", - "tcp.options.timestamp.tsecr": "2812176010" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "54", - "tcp.analysis.push_bytes_sent": "54" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:97:72:d3:a5:ea:7a:3b:07:e8:f0:9f:8f:9c:2f:83:74:5b:43:03:e0:51:ab:25:d9:79:68:07:43:22:3f:be:51:1f:e2:1d:8a:53:24:79:b1:2f:0b" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:28.307937000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494488.307937000", - "frame.time_delta": "0.060498000", - "frame.time_delta_displayed": "0.060498000", - "frame.time_relative": "896.847251000", - "frame.number": "3425", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002cdf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000038a0", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "10321", - "tcp.ack": "47134", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000051b7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:67:29:00:26:0f:3d", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812176169, TSecr 2494269": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812176169", - "tcp.options.timestamp.tsecr": "2494269" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3424", - "tcp.analysis.ack_rtt": "0.060498000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:28.463066000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494488.463066000", - "frame.time_delta": "0.155129000", - "frame.time_delta_displayed": "0.155129000", - "frame.time_relative": "897.002380000", - "frame.number": "3426", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "94:10:3e:36:60:09", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "94:10:3e:36:60:09", - "arp.src.proto_ipv4": "192.168.0.225", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.242" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:28.463498000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494488.463498000", - "frame.time_delta": "0.000432000", - "frame.time_delta_displayed": "0.000432000", - "frame.time_relative": "897.002812000", - "frame.number": "3427", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "94:10:3e:36:60:09", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "d0:52:a8:a3:60:0f", - "arp.src.proto_ipv4": "192.168.0.242", - "arp.dst.hw_mac": "94:10:3e:36:60:09", - "arp.dst.proto_ipv4": "192.168.0.225" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:28.850833000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494488.850833000", - "frame.time_delta": "0.387335000", - "frame.time_delta_displayed": "0.387335000", - "frame.time_relative": "897.390147000", - "frame.number": "3428", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "3c:ef:8c:6f:79:5a", - "eth.src_tree": { - "eth.src_resolved": "Zhejiang_6f:79:5a", - "eth.addr": "3c:ef:8c:6f:79:5a", - "eth.addr_resolved": "Zhejiang_6f:79:5a", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.isgratuitous": "1", - "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", - "arp.src.proto_ipv4": "192.168.0.71", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.71" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:29.206175000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494489.206175000", - "frame.time_delta": "0.355342000", - "frame.time_delta_displayed": "0.355342000", - "frame.time_relative": "897.745489000", - "frame.number": "3429", - "frame.len": "147", - "frame.cap_len": "147", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "133", - "ip.id": "0x00002ce0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000384e", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "81", - "tcp.seq": "10321", - "tcp.nxtseq": "10402", - "tcp.ack": "47134", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000064d4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:68:09:00:26:0f:3d", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812176393, TSecr 2494269": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812176393", - "tcp.options.timestamp.tsecr": "2494269" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "81", - "tcp.analysis.push_bytes_sent": "81" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "76", - "ssl.app_data": "34:cd:34:17:47:48:0e:74:29:20:7f:0a:85:d7:1b:65:05:9d:87:a4:24:0f:15:b9:c6:e4:41:6c:0e:f3:86:c6:d7:f7:13:bf:13:03:16:9a:57:40:e5:b9:bc:4a:c0:c5:54:19:c6:26:d1:81:b5:e8:3d:71:dd:32:33:b2:56:ac:3f:a0:2e:18:65:99:cc:09:85:95:fe:6b" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:29.210157000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494489.210157000", - "frame.time_delta": "0.003982000", - "frame.time_delta_displayed": "0.003982000", - "frame.time_relative": "897.749471000", - "frame.number": "3430", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x000095da", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007776", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "47134", - "tcp.nxtseq": "47181", - "tcp.ack": "10402", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000cb4a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:0f:9d:a7:9e:68:09", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2494365, TSecr 2812176393": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2494365", - "tcp.options.timestamp.tsecr": "2812176393" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3429", - "tcp.analysis.ack_rtt": "0.003982000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:98:1f:a4:d1:a2:18:25:ba:47:36:07:7c:c6:0c:b0:ba:90:36:c6:b7:26:02:3c:f1:d3:2b:b7:76:8a:dc:2d:8a:a8:6c:14" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:29.226854000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494489.226854000", - "frame.time_delta": "0.016697000", - "frame.time_delta_displayed": "0.016697000", - "frame.time_relative": "897.766168000", - "frame.number": "3431", - "frame.len": "158", - "frame.cap_len": "158", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "144", - "ip.id": "0x00008bb5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00003e12", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "10024", - "udp.dstport": "1900", - "udp.port": "10024", - "udp.port": "1900", - "udp.length": "124", - "udp.checksum": "0x000071e6", - "udp.checksum.status": "2", - "udp.stream": "89" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.request.line": "MX: 4\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST:239.255.255.250:1900\r\n", - "http.request.line": "ST: urn:Belkin:device:lightswitch:1\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "4", - "http.prev_request_in": "3379" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:29.271186000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494489.271186000", - "frame.time_delta": "0.044332000", - "frame.time_delta_displayed": "0.044332000", - "frame.time_relative": "897.810500000", - "frame.number": "3432", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002ce1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000389e", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "10402", - "tcp.ack": "47181", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00004fe6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:68:1a:00:26:0f:9d", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812176410, TSecr 2494365": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812176410", - "tcp.options.timestamp.tsecr": "2494365" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3430", - "tcp.analysis.ack_rtt": "0.061029000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:29.271679000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494489.271679000", - "frame.time_delta": "0.000493000", - "frame.time_delta_displayed": "0.000493000", - "frame.time_relative": "897.810993000", - "frame.number": "3433", - "frame.len": "145", - "frame.cap_len": "145", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "131", - "ip.id": "0x000095db", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007755", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "79", - "tcp.seq": "47181", - "tcp.nxtseq": "47260", - "tcp.ack": "10402", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00004ae3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:0f:a4:a7:9e:68:1a", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2494372, TSecr 2812176410": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2494372", - "tcp.options.timestamp.tsecr": "2812176410" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "79", - "tcp.analysis.push_bytes_sent": "79" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "74", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:99:08:c4:6e:67:04:bd:45:66:2f:53:cb:35:25:8c:6d:49:71:75:d3:3b:b4:8c:f7:99:c6:ef:61:0c:50:d6:4f:2e:6a:3f:16:d9:a9:14:92:6f:22:82:d8:72:03:f7:47:bb:79:8c:d2:fc:05:d0:20:54:f5:3f:29:61:ee:66:39:9e:d1:2c" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:29.331929000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494489.331929000", - "frame.time_delta": "0.060250000", - "frame.time_delta_displayed": "0.060250000", - "frame.time_relative": "897.871243000", - "frame.number": "3434", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002ce2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000389d", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "10402", - "tcp.ack": "47260", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00004f81", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:68:29:00:26:0f:a4", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812176425, TSecr 2494372": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812176425", - "tcp.options.timestamp.tsecr": "2494372" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3433", - "tcp.analysis.ack_rtt": "0.060250000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:29.444744000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494489.444744000", - "frame.time_delta": "0.112815000", - "frame.time_delta_displayed": "0.112815000", - "frame.time_relative": "897.984058000", - "frame.number": "3435", - "frame.len": "218", - "frame.cap_len": "218", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "204", - "ip.id": "0x000095dc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000770b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "152", - "tcp.seq": "47260", - "tcp.nxtseq": "47412", - "tcp.ack": "10402", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000bf8d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:0f:b5:a7:9e:68:29", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2494389, TSecr 2812176425": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2494389", - "tcp.options.timestamp.tsecr": "2812176425" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "152", - "tcp.analysis.push_bytes_sent": "152" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "147", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:9a:9b:cc:30:6a:9f:b3:08:5a:25:fc:fd:48:e4:c4:74:cd:9e:0f:58:02:3c:e1:11:22:79:cd:dd:44:b5:8b:36:ec:e6:16:36:2f:cc:d7:c6:40:24:35:fc:1a:04:e2:b2:c0:b0:73:87:3a:c4:1a:1a:d9:42:30:cb:35:f9:9b:12:5e:be:fd:8c:2e:72:88:c3:ad:5e:74:e0:ab:c9:b6:d5:a2:ee:2d:89:52:1f:89:f5:3e:2d:ed:0e:ce:79:88:e4:ad:64:0a:cf:47:a1:61:60:5b:12:4b:4a:cc:65:56:74:e9:8e:64:cb:f7:48:20:e1:ba:7b:a0:49:77:16:e1:19:a3:86:56:ef:59:2a:66:ec:9b:f3:78:15" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:29.506747000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494489.506747000", - "frame.time_delta": "0.062003000", - "frame.time_delta_displayed": "0.062003000", - "frame.time_relative": "898.046061000", - "frame.number": "3436", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002ce3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000389c", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "10402", - "tcp.ack": "47412", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00004ead", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:68:54:00:26:0f:b5", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812176468, TSecr 2494389": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812176468", - "tcp.options.timestamp.tsecr": "2494389" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3435", - "tcp.analysis.ack_rtt": "0.062003000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:29.507252000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494489.507252000", - "frame.time_delta": "0.000505000", - "frame.time_delta_displayed": "0.000505000", - "frame.time_relative": "898.046566000", - "frame.number": "3437", - "frame.len": "227", - "frame.cap_len": "227", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "213", - "ip.id": "0x000095dd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007701", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "161", - "tcp.seq": "47412", - "tcp.nxtseq": "47573", - "tcp.ack": "10402", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00002cae", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:0f:bb:a7:9e:68:54", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2494395, TSecr 2812176468": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2494395", - "tcp.options.timestamp.tsecr": "2812176468" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "161", - "tcp.analysis.push_bytes_sent": "161" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "156", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:9b:cb:65:b0:3c:2f:9e:a7:d6:f1:40:54:aa:98:48:fd:f3:1e:a0:97:7e:0f:2b:f1:d1:9c:66:ea:32:87:bf:3a:47:8f:e1:0a:f5:9f:33:76:3f:32:a5:45:94:a7:aa:11:f3:7f:f7:55:0b:a3:43:16:1e:d3:a8:18:6a:b4:5d:8d:49:a4:b9:33:cc:21:71:e0:01:1f:a4:8a:b4:7a:3c:00:67:ec:58:c0:0d:0b:62:a7:a5:50:4d:f4:94:86:df:d5:52:cb:ba:4a:1a:aa:16:d8:3e:1a:64:78:3b:19:44:9d:42:70:83:e5:4d:fc:94:4d:46:44:dc:2d:01:e2:ce:10:03:f6:5d:92:30:75:84:83:45:77:23:d7:c5:a4:da:6f:86:76:5c:32:b4" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:29.567699000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494489.567699000", - "frame.time_delta": "0.060447000", - "frame.time_delta_displayed": "0.060447000", - "frame.time_relative": "898.107013000", - "frame.number": "3438", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002ce4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000389b", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "10402", - "tcp.ack": "47573", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00004df6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:68:64:00:26:0f:bb", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812176484, TSecr 2494395": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812176484", - "tcp.options.timestamp.tsecr": "2494395" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3437", - "tcp.analysis.ack_rtt": "0.060447000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:29.568180000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494489.568180000", - "frame.time_delta": "0.000481000", - "frame.time_delta_displayed": "0.000481000", - "frame.time_relative": "898.107494000", - "frame.number": "3439", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x000095de", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007706", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "155", - "tcp.seq": "47573", - "tcp.nxtseq": "47728", - "tcp.ack": "10402", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00001115", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:0f:c1:a7:9e:68:64", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2494401, TSecr 2812176484": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2494401", - "tcp.options.timestamp.tsecr": "2812176484" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "155", - "tcp.analysis.push_bytes_sent": "155" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "150", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:9c:c8:a4:47:02:7f:12:de:ea:1d:5c:da:ce:83:87:c9:72:8b:a5:62:b3:a0:7e:63:1e:47:14:17:b7:38:c4:1c:6c:81:7c:38:d8:74:0a:3c:99:bf:7f:e7:1e:4d:aa:30:bc:06:b3:7e:08:e8:f6:07:ea:78:16:dc:11:15:ed:1c:ff:ee:7b:26:ec:a4:0a:c5:19:ec:2c:2c:fb:77:e2:52:ab:39:02:4a:6a:e8:66:72:4b:58:be:37:bd:b3:e0:1f:db:8c:fd:cc:44:6e:59:a8:45:71:22:1c:e8:ed:31:a1:0c:1b:fa:92:c6:f4:d8:53:a7:43:05:57:79:5f:04:41:1f:ad:50:3a:c1:ff:e0:be:53:a5:94:ef:b1:a4:95" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:29.628387000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494489.628387000", - "frame.time_delta": "0.060207000", - "frame.time_delta_displayed": "0.060207000", - "frame.time_relative": "898.167701000", - "frame.number": "3440", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002ce5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000389a", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "10402", - "tcp.ack": "47728", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00004d46", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:68:73:00:26:0f:c1", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812176499, TSecr 2494401": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812176499", - "tcp.options.timestamp.tsecr": "2494401" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3439", - "tcp.analysis.ack_rtt": "0.060207000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:30.439016000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494490.439016000", - "frame.time_delta": "0.810629000", - "frame.time_delta_displayed": "0.810629000", - "frame.time_relative": "898.978330000", - "frame.number": "3441", - "frame.len": "168", - "frame.cap_len": "168", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "154", - "ip.id": "0x000020f1", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e753", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "52117", - "udp.dstport": "1900", - "udp.port": "52117", - "udp.port": "1900", - "udp.length": "134", - "udp.checksum": "0x00004d48", - "udp.checksum.status": "2", - "udp.stream": "10" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "8", - "http.prev_request_in": "2804" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:30.496173000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494490.496173000", - "frame.time_delta": "0.057157000", - "frame.time_delta_displayed": "0.057157000", - "frame.time_relative": "899.035487000", - "frame.number": "3442", - "frame.len": "218", - "frame.cap_len": "218", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "204", - "ip.id": "0x000095df", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007708", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "152", - "tcp.seq": "47728", - "tcp.nxtseq": "47880", - "tcp.ack": "10402", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f290", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:10:1e:a7:9e:68:73", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2494494, TSecr 2812176499": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2494494", - "tcp.options.timestamp.tsecr": "2812176499" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "152", - "tcp.analysis.push_bytes_sent": "152" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "147", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:9d:22:36:43:f3:46:d7:1f:49:d3:52:dc:29:14:ca:1e:90:bf:54:8a:85:30:0d:04:e0:27:ec:ed:c3:95:f4:92:05:2c:ef:ce:0a:be:0e:13:a7:31:cd:f3:41:c9:da:b9:75:fc:1c:2b:55:2e:4a:9c:c5:0e:88:9d:22:f2:4d:4c:73:4e:18:37:ea:e2:34:42:22:9a:2b:42:5a:6a:59:ae:ea:fe:12:08:b4:8b:3d:7e:b3:bd:45:15:5d:39:d1:25:f3:b9:56:d9:52:51:ad:67:e3:be:d6:19:5b:f4:99:02:a8:ac:c6:3e:71:da:f0:d0:e7:72:f6:f9:e8:04:0d:f6:e4:d2:61:d2:35:f1:80:fb:84:87:51:d4" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:30.556790000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494490.556790000", - "frame.time_delta": "0.060617000", - "frame.time_delta_displayed": "0.060617000", - "frame.time_relative": "899.096104000", - "frame.number": "3443", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002ce6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003899", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "10402", - "tcp.ack": "47880", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00004b69", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:69:5b:00:26:10:1e", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812176731, TSecr 2494494": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812176731", - "tcp.options.timestamp.tsecr": "2494494" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3442", - "tcp.analysis.ack_rtt": "0.060617000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:30.557286000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494490.557286000", - "frame.time_delta": "0.000496000", - "frame.time_delta_displayed": "0.000496000", - "frame.time_relative": "899.096600000", - "frame.number": "3444", - "frame.len": "227", - "frame.cap_len": "227", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "213", - "ip.id": "0x000095e0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000076fe", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "161", - "tcp.seq": "47880", - "tcp.nxtseq": "48041", - "tcp.ack": "10402", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000135c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:10:24:a7:9e:69:5b", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2494500, TSecr 2812176731": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2494500", - "tcp.options.timestamp.tsecr": "2812176731" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "161", - "tcp.analysis.push_bytes_sent": "161" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "156", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:9e:f9:5f:4d:9a:49:73:66:11:92:10:a6:ca:cb:84:10:f8:c5:52:a7:48:1a:a7:35:84:a2:3e:43:59:11:26:d2:5c:34:3e:71:35:2a:1e:53:f5:c2:e1:fe:95:74:48:66:89:9f:1a:4d:44:cd:5b:c9:66:22:39:51:09:04:17:52:e1:9e:26:f3:5e:85:ae:89:e8:9d:57:fd:00:40:d6:6a:0d:42:28:32:bd:ad:64:dd:1f:0e:50:97:3d:95:3e:19:b7:6d:4b:cd:83:6a:e0:a7:da:70:d9:2d:f2:47:88:cd:86:fe:6b:ee:59:53:ca:42:3e:4a:c3:cf:18:f4:fb:f7:9a:47:2d:10:25:22:65:05:37:dd:83:6e:77:86:20:1a:ce:2d:bf:50:bc" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:30.621868000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494490.621868000", - "frame.time_delta": "0.064582000", - "frame.time_delta_displayed": "0.064582000", - "frame.time_relative": "899.161182000", - "frame.number": "3445", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002ce7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003898", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "10402", - "tcp.ack": "48041", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00004ab3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:69:6a:00:26:10:24", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812176746, TSecr 2494500": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812176746", - "tcp.options.timestamp.tsecr": "2494500" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3444", - "tcp.analysis.ack_rtt": "0.064582000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:30.622346000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494490.622346000", - "frame.time_delta": "0.000478000", - "frame.time_delta_displayed": "0.000478000", - "frame.time_relative": "899.161660000", - "frame.number": "3446", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x000095e1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007703", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "155", - "tcp.seq": "48041", - "tcp.nxtseq": "48196", - "tcp.ack": "10402", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000c0b7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:10:2b:a7:9e:69:6a", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2494507, TSecr 2812176746": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2494507", - "tcp.options.timestamp.tsecr": "2812176746" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "155", - "tcp.analysis.push_bytes_sent": "155" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "150", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:9f:03:79:7f:7d:67:89:1c:99:a7:90:04:f9:40:30:e0:59:13:80:e6:7f:af:ea:49:79:ed:cc:8a:9d:c2:36:95:6f:1b:79:1a:08:b1:71:e8:38:64:86:b3:15:57:e7:2d:a2:62:a1:8b:9d:81:28:95:c2:f4:1c:b3:c6:db:4c:34:47:8e:f5:e2:c9:39:3b:36:db:38:6e:b8:48:39:bb:7c:f0:c8:7f:d7:27:ab:a1:f2:f4:11:7a:b9:7f:f8:ea:c1:3e:72:84:ae:3a:7e:b9:14:07:e9:b0:85:e0:95:56:e6:56:1f:eb:09:66:39:06:f4:cc:dd:90:be:33:14:98:94:2f:90:e8:aa:3c:45:ad:cf:e0:b8:00:9f:8e:51:9c" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:30.689043000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494490.689043000", - "frame.time_delta": "0.066697000", - "frame.time_delta_displayed": "0.066697000", - "frame.time_relative": "899.228357000", - "frame.number": "3447", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002ce8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003897", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "10402", - "tcp.ack": "48196", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00004a00", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:69:7b:00:26:10:2b", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812176763, TSecr 2494507": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812176763", - "tcp.options.timestamp.tsecr": "2494507" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3446", - "tcp.analysis.ack_rtt": "0.066697000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:31.216837000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494491.216837000", - "frame.time_delta": "0.527794000", - "frame.time_delta_displayed": "0.527794000", - "frame.time_relative": "899.756151000", - "frame.number": "3448", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x000082da", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003471", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "305", - "udp.checksum": "0x0000f985", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "43", - "http.prev_response_in": "2864" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:31.220695000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494491.220695000", - "frame.time_delta": "0.003858000", - "frame.time_delta_displayed": "0.003858000", - "frame.time_relative": "899.760009000", - "frame.number": "3449", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x000019f9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005e6e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54598", - "tcp.dstport": "80", - "tcp.port": "54598", - "tcp.port": "80", - "tcp.stream": "136", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x0000f6e3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:31.221230000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494491.221230000", - "frame.time_delta": "0.000535000", - "frame.time_delta_displayed": "0.000535000", - "frame.time_relative": "899.760544000", - "frame.number": "3450", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54598", - "tcp.port": "80", - "tcp.port": "54598", - "tcp.stream": "136", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x000043d8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3449", - "tcp.analysis.ack_rtt": "0.000535000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:31.224084000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494491.224084000", - "frame.time_delta": "0.002854000", - "frame.time_delta_displayed": "0.002854000", - "frame.time_relative": "899.763398000", - "frame.number": "3451", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000019fa", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005e79", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54598", - "tcp.dstport": "80", - "tcp.port": "54598", - "tcp.port": "80", - "tcp.stream": "136", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000f5b6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3450", - "tcp.analysis.ack_rtt": "0.002854000", - "tcp.analysis.initial_rtt": "0.003389000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:31.225146000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494491.225146000", - "frame.time_delta": "0.001062000", - "frame.time_delta_displayed": "0.001062000", - "frame.time_relative": "899.764460000", - "frame.number": "3452", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x000019fb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005dd1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54598", - "tcp.dstport": "80", - "tcp.port": "54598", - "tcp.port": "80", - "tcp.stream": "136", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00000b30", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003389000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:31.225630000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494491.225630000", - "frame.time_delta": "0.000484000", - "frame.time_delta_displayed": "0.000484000", - "frame.time_relative": "899.764944000", - "frame.number": "3453", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000b76e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000105", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54598", - "tcp.port": "80", - "tcp.port": "54598", - "tcp.stream": "136", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000e747", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3452", - "tcp.analysis.ack_rtt": "0.000484000", - "tcp.analysis.initial_rtt": "0.003389000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:31.226201000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494491.226201000", - "frame.time_delta": "0.000571000", - "frame.time_delta_displayed": "0.000571000", - "frame.time_relative": "899.765515000", - "frame.number": "3454", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000b76f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000000f3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54598", - "tcp.port": "80", - "tcp.port": "54598", - "tcp.stream": "136", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00002769", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003389000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:31.226555000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494491.226555000", - "frame.time_delta": "0.000354000", - "frame.time_delta_displayed": "0.000354000", - "frame.time_relative": "899.765869000", - "frame.number": "3455", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000b770", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000fd1f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54598", - "tcp.port": "80", - "tcp.port": "54598", - "tcp.stream": "136", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000079d2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003389000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "3454", - "tcp.segment": "3455", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001409000", - "http.request_in": "3452", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:31.229154000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494491.229154000", - "frame.time_delta": "0.002599000", - "frame.time_delta_displayed": "0.002599000", - "frame.time_relative": "899.768468000", - "frame.number": "3456", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000019fc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005e77", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54598", - "tcp.dstport": "80", - "tcp.port": "54598", - "tcp.port": "80", - "tcp.stream": "136", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000f11e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3455", - "tcp.analysis.ack_rtt": "0.002599000", - "tcp.analysis.initial_rtt": "0.003389000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:31.229819000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494491.229819000", - "frame.time_delta": "0.000665000", - "frame.time_delta_displayed": "0.000665000", - "frame.time_relative": "899.769133000", - "frame.number": "3457", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000019fd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005e76", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54598", - "tcp.dstport": "80", - "tcp.port": "54598", - "tcp.port": "80", - "tcp.stream": "136", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000f11d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:31.230287000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494491.230287000", - "frame.time_delta": "0.000468000", - "frame.time_delta_displayed": "0.000468000", - "frame.time_relative": "899.769601000", - "frame.number": "3458", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00003e5e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007a15", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54598", - "tcp.port": "80", - "tcp.port": "54598", - "tcp.stream": "136", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000e351", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3457", - "tcp.analysis.ack_rtt": "0.000468000", - "tcp.analysis.initial_rtt": "0.003389000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:31.244503000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494491.244503000", - "frame.time_delta": "0.014216000", - "frame.time_delta_displayed": "0.014216000", - "frame.time_relative": "899.783817000", - "frame.number": "3459", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "106", - "ip.id": "0x000095e2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007767", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "54", - "tcp.seq": "48196", - "tcp.nxtseq": "48250", - "tcp.ack": "10402", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f061", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:10:69:a7:9e:69:7b", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2494569, TSecr 2812176763": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2494569", - "tcp.options.timestamp.tsecr": "2812176763" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "54", - "tcp.analysis.push_bytes_sent": "54" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:a0:a9:3d:d7:ae:e7:85:6f:a7:41:98:e1:fb:a8:e5:bd:95:a1:dd:90:b7:04:a1:3c:c5:8b:49:ab:08:99:ef:0a:04:db:af:54:05:f5:71:55:1e:e8" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:31.269720000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494491.269720000", - "frame.time_delta": "0.025217000", - "frame.time_delta_displayed": "0.025217000", - "frame.time_relative": "899.809034000", - "frame.number": "3460", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x000082dc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003466", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "314", - "udp.checksum": "0x00000771", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "44", - "http.prev_response_in": "3448" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:31.272788000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494491.272788000", - "frame.time_delta": "0.003068000", - "frame.time_delta_displayed": "0.003068000", - "frame.time_relative": "899.812102000", - "frame.number": "3461", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x000019fe", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005e69", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54599", - "tcp.dstport": "80", - "tcp.port": "54599", - "tcp.port": "80", - "tcp.stream": "137", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x000029cc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:31.273337000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494491.273337000", - "frame.time_delta": "0.000549000", - "frame.time_delta_displayed": "0.000549000", - "frame.time_relative": "899.812651000", - "frame.number": "3462", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54599", - "tcp.port": "80", - "tcp.port": "54599", - "tcp.stream": "137", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00000e46", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3461", - "tcp.analysis.ack_rtt": "0.000549000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:31.276196000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494491.276196000", - "frame.time_delta": "0.002859000", - "frame.time_delta_displayed": "0.002859000", - "frame.time_relative": "899.815510000", - "frame.number": "3463", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000019ff", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005e74", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54599", - "tcp.dstport": "80", - "tcp.port": "54599", - "tcp.port": "80", - "tcp.stream": "137", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000c024", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3462", - "tcp.analysis.ack_rtt": "0.002859000", - "tcp.analysis.initial_rtt": "0.003408000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:31.276768000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494491.276768000", - "frame.time_delta": "0.000572000", - "frame.time_delta_displayed": "0.000572000", - "frame.time_relative": "899.816082000", - "frame.number": "3464", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001a00", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005dcc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54599", - "tcp.dstport": "80", - "tcp.port": "54599", - "tcp.port": "80", - "tcp.stream": "137", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000d59d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003408000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:31.277244000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494491.277244000", - "frame.time_delta": "0.000476000", - "frame.time_delta_displayed": "0.000476000", - "frame.time_relative": "899.816558000", - "frame.number": "3465", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e706", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d16c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54599", - "tcp.port": "80", - "tcp.port": "54599", - "tcp.stream": "137", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000b1b5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3464", - "tcp.analysis.ack_rtt": "0.000476000", - "tcp.analysis.initial_rtt": "0.003408000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:31.277811000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494491.277811000", - "frame.time_delta": "0.000567000", - "frame.time_delta_displayed": "0.000567000", - "frame.time_relative": "899.817125000", - "frame.number": "3466", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000e707", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d15a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54599", - "tcp.port": "80", - "tcp.port": "54599", - "tcp.stream": "137", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000f1d6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003408000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:31.278166000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494491.278166000", - "frame.time_delta": "0.000355000", - "frame.time_delta_displayed": "0.000355000", - "frame.time_relative": "899.817480000", - "frame.number": "3467", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000e708", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000cd87", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54599", - "tcp.port": "80", - "tcp.port": "54599", - "tcp.stream": "137", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00004440", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003408000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "3466", - "tcp.segment": "3467", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001398000", - "http.request_in": "3464", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:31.280215000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494491.280215000", - "frame.time_delta": "0.002049000", - "frame.time_delta_displayed": "0.002049000", - "frame.time_relative": "899.819529000", - "frame.number": "3468", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000e709", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000cd86", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54599", - "tcp.port": "80", - "tcp.port": "54599", - "tcp.stream": "137", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00004440", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003408000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.out_of_order": "", - "_ws.expert.message": "This frame is a (suspected) out-of-order segment", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - } - } - }, - "_ws.malformed": { - "_ws.expert": { - "_ws.malformed.reassembly": "", - "_ws.expert.message": "New fragment overlaps old data (retransmission?)", - "_ws.expert.severity": "8388608", - "_ws.expert.group": "117440512" - }, - "_ws.malformed": "Malformed Packet" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:31.281051000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494491.281051000", - "frame.time_delta": "0.000836000", - "frame.time_delta_displayed": "0.000836000", - "frame.time_relative": "899.820365000", - "frame.number": "3469", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001a01", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005e72", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54599", - "tcp.dstport": "80", - "tcp.port": "54599", - "tcp.port": "80", - "tcp.stream": "137", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000bb8c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3467", - "tcp.analysis.ack_rtt": "0.002885000", - "tcp.analysis.initial_rtt": "0.003408000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:31.283246000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494491.283246000", - "frame.time_delta": "0.002195000", - "frame.time_delta_displayed": "0.002195000", - "frame.time_relative": "899.822560000", - "frame.number": "3470", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001a02", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005e71", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54599", - "tcp.dstport": "80", - "tcp.port": "54599", - "tcp.port": "80", - "tcp.stream": "137", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000bb8b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:31.283691000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494491.283691000", - "frame.time_delta": "0.000445000", - "frame.time_delta_displayed": "0.000445000", - "frame.time_relative": "899.823005000", - "frame.number": "3471", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00003e63", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007a10", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54599", - "tcp.port": "80", - "tcp.port": "54599", - "tcp.stream": "137", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000adbf", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3470", - "tcp.analysis.ack_rtt": "0.000445000", - "tcp.analysis.initial_rtt": "0.003408000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:31.283924000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494491.283924000", - "frame.time_delta": "0.000233000", - "frame.time_delta_displayed": "0.000233000", - "frame.time_relative": "899.823238000", - "frame.number": "3472", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001a03", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005e64", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54599", - "tcp.dstport": "80", - "tcp.port": "54599", - "tcp.port": "80", - "tcp.stream": "137", - "tcp.len": "0", - "tcp.seq": "169", - "tcp.ack": "1014", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000038b8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:05:0a:6f:30:35:3c:6f:30:39:1f", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "SACK: 18-1013": { - "tcp.option_kind": "5", - "tcp.option_len": "10", - "tcp.options.sack": "1", - "tcp.options.sack_le": "18", - "tcp.options.sack_re": "1013", - "tcp.options.sack.count": "1" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003408000", - "tcp.analysis.flags": { - "tcp.analysis.duplicate_ack": "" - }, - "tcp.analysis.duplicate_ack_num": "1", - "tcp.analysis.duplicate_ack_frame": "3469", - "tcp.analysis.duplicate_ack_frame_tree": { - "_ws.expert": { - "tcp.analysis.duplicate_ack": "", - "_ws.expert.message": "Duplicate ACK (#1)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:31.304769000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494491.304769000", - "frame.time_delta": "0.020845000", - "frame.time_delta_displayed": "0.020845000", - "frame.time_relative": "899.844083000", - "frame.number": "3473", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002ce9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003896", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "10402", - "tcp.ack": "48250", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000048f1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:6a:16:00:26:10:69", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812176918, TSecr 2494569": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812176918", - "tcp.options.timestamp.tsecr": "2494569" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3459", - "tcp.analysis.ack_rtt": "0.060266000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:31.322940000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494491.322940000", - "frame.time_delta": "0.018171000", - "frame.time_delta_displayed": "0.018171000", - "frame.time_relative": "899.862254000", - "frame.number": "3474", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x000082dd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000346b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "308", - "udp.checksum": "0x00002afb", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "45", - "http.prev_response_in": "3460" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:31.332008000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494491.332008000", - "frame.time_delta": "0.009068000", - "frame.time_delta_displayed": "0.009068000", - "frame.time_relative": "899.871322000", - "frame.number": "3475", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001a04", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005e63", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54600", - "tcp.dstport": "80", - "tcp.port": "54600", - "tcp.port": "80", - "tcp.stream": "138", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x00006df3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:31.332549000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494491.332549000", - "frame.time_delta": "0.000541000", - "frame.time_delta_displayed": "0.000541000", - "frame.time_relative": "899.871863000", - "frame.number": "3476", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54600", - "tcp.port": "80", - "tcp.port": "54600", - "tcp.stream": "138", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000cd2d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3475", - "tcp.analysis.ack_rtt": "0.000541000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:31.340029000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494491.340029000", - "frame.time_delta": "0.007480000", - "frame.time_delta_displayed": "0.007480000", - "frame.time_relative": "899.879343000", - "frame.number": "3477", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001a05", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005e6e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54600", - "tcp.dstport": "80", - "tcp.port": "54600", - "tcp.port": "80", - "tcp.stream": "138", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00007f0c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3476", - "tcp.analysis.ack_rtt": "0.007480000", - "tcp.analysis.initial_rtt": "0.008021000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:31.341092000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494491.341092000", - "frame.time_delta": "0.001063000", - "frame.time_delta_displayed": "0.001063000", - "frame.time_relative": "899.880406000", - "frame.number": "3478", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001a06", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005dc6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54600", - "tcp.dstport": "80", - "tcp.port": "54600", - "tcp.port": "80", - "tcp.stream": "138", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00009485", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.008021000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:31.341588000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494491.341588000", - "frame.time_delta": "0.000496000", - "frame.time_delta_displayed": "0.000496000", - "frame.time_relative": "899.880902000", - "frame.number": "3479", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000823d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003636", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54600", - "tcp.port": "80", - "tcp.port": "54600", - "tcp.stream": "138", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000709d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3478", - "tcp.analysis.ack_rtt": "0.000496000", - "tcp.analysis.initial_rtt": "0.008021000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:31.342241000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494491.342241000", - "frame.time_delta": "0.000653000", - "frame.time_delta_displayed": "0.000653000", - "frame.time_relative": "899.881555000", - "frame.number": "3480", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000823e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003624", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54600", - "tcp.port": "80", - "tcp.port": "54600", - "tcp.stream": "138", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000b0be", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.008021000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:31.342593000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494491.342593000", - "frame.time_delta": "0.000352000", - "frame.time_delta_displayed": "0.000352000", - "frame.time_relative": "899.881907000", - "frame.number": "3481", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000823f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003251", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54600", - "tcp.port": "80", - "tcp.port": "54600", - "tcp.stream": "138", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00000328", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.008021000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "3480", - "tcp.segment": "3481", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001501000", - "http.request_in": "3478", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:31.345127000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494491.345127000", - "frame.time_delta": "0.002534000", - "frame.time_delta_displayed": "0.002534000", - "frame.time_relative": "899.884441000", - "frame.number": "3482", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001a07", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005e6c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54600", - "tcp.dstport": "80", - "tcp.port": "54600", - "tcp.port": "80", - "tcp.stream": "138", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00007a74", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3481", - "tcp.analysis.ack_rtt": "0.002534000", - "tcp.analysis.initial_rtt": "0.008021000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:31.345704000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494491.345704000", - "frame.time_delta": "0.000577000", - "frame.time_delta_displayed": "0.000577000", - "frame.time_relative": "899.885018000", - "frame.number": "3483", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001a08", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005e6b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54600", - "tcp.dstport": "80", - "tcp.port": "54600", - "tcp.port": "80", - "tcp.stream": "138", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00007a73", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:31.346159000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494491.346159000", - "frame.time_delta": "0.000455000", - "frame.time_delta_displayed": "0.000455000", - "frame.time_relative": "899.885473000", - "frame.number": "3484", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00003e69", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007a0a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54600", - "tcp.port": "80", - "tcp.port": "54600", - "tcp.stream": "138", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00006ca7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3483", - "tcp.analysis.ack_rtt": "0.000455000", - "tcp.analysis.initial_rtt": "0.008021000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:32.269339000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494492.269339000", - "frame.time_delta": "0.923180000", - "frame.time_delta_displayed": "0.923180000", - "frame.time_relative": "900.808653000", - "frame.number": "3485", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000831f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000342c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "305", - "udp.checksum": "0x0000f985", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "46", - "http.prev_response_in": "3474" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:32.272597000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494492.272597000", - "frame.time_delta": "0.003258000", - "frame.time_delta_displayed": "0.003258000", - "frame.time_relative": "900.811911000", - "frame.number": "3486", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001a0a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005e5d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54601", - "tcp.dstport": "80", - "tcp.port": "54601", - "tcp.port": "80", - "tcp.stream": "139", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x000072ec", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:32.273139000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494492.273139000", - "frame.time_delta": "0.000542000", - "frame.time_delta_displayed": "0.000542000", - "frame.time_relative": "900.812453000", - "frame.number": "3487", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54601", - "tcp.port": "80", - "tcp.port": "54601", - "tcp.stream": "139", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00003e7c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3486", - "tcp.analysis.ack_rtt": "0.000542000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:32.276021000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494492.276021000", - "frame.time_delta": "0.002882000", - "frame.time_delta_displayed": "0.002882000", - "frame.time_relative": "900.815335000", - "frame.number": "3488", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001a0b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005e68", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54601", - "tcp.dstport": "80", - "tcp.port": "54601", - "tcp.port": "80", - "tcp.stream": "139", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000f05a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3487", - "tcp.analysis.ack_rtt": "0.002882000", - "tcp.analysis.initial_rtt": "0.003424000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:32.276635000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494492.276635000", - "frame.time_delta": "0.000614000", - "frame.time_delta_displayed": "0.000614000", - "frame.time_relative": "900.815949000", - "frame.number": "3489", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001a0c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005dc0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54601", - "tcp.dstport": "80", - "tcp.port": "54601", - "tcp.port": "80", - "tcp.stream": "139", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000005d4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003424000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:32.277121000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494492.277121000", - "frame.time_delta": "0.000486000", - "frame.time_delta_displayed": "0.000486000", - "frame.time_relative": "900.816435000", - "frame.number": "3490", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000059fd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005e76", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54601", - "tcp.port": "80", - "tcp.port": "54601", - "tcp.stream": "139", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000e1eb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3489", - "tcp.analysis.ack_rtt": "0.000486000", - "tcp.analysis.initial_rtt": "0.003424000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:32.277695000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494492.277695000", - "frame.time_delta": "0.000574000", - "frame.time_delta_displayed": "0.000574000", - "frame.time_relative": "900.817009000", - "frame.number": "3491", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x000059fe", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005e64", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54601", - "tcp.port": "80", - "tcp.port": "54601", - "tcp.stream": "139", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000220d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003424000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:32.278078000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494492.278078000", - "frame.time_delta": "0.000383000", - "frame.time_delta_displayed": "0.000383000", - "frame.time_relative": "900.817392000", - "frame.number": "3492", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x000059ff", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005a91", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54601", - "tcp.port": "80", - "tcp.port": "54601", - "tcp.stream": "139", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00007476", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003424000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "3491", - "tcp.segment": "3492", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001443000", - "http.request_in": "3489", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:32.280231000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494492.280231000", - "frame.time_delta": "0.002153000", - "frame.time_delta_displayed": "0.002153000", - "frame.time_relative": "900.819545000", - "frame.number": "3493", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001a0d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005e66", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54601", - "tcp.dstport": "80", - "tcp.port": "54601", - "tcp.port": "80", - "tcp.stream": "139", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000ebc2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3492", - "tcp.analysis.ack_rtt": "0.002153000", - "tcp.analysis.initial_rtt": "0.003424000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:32.280185000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494492.280185000", - "frame.time_delta": "-0.000046000", - "frame.time_delta_displayed": "-0.000046000", - "frame.time_relative": "900.819499000", - "frame.number": "3494", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00005a00", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005a90", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54601", - "tcp.port": "80", - "tcp.port": "54601", - "tcp.stream": "139", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00007476", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003424000", - "tcp.analysis.bytes_in_flight": "996", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.out_of_order": "", - "_ws.expert.message": "This frame is a (suspected) out-of-order segment", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - } - } - }, - "_ws.malformed": { - "_ws.expert": { - "_ws.malformed.reassembly": "", - "_ws.expert.message": "New fragment overlaps old data (retransmission?)", - "_ws.expert.severity": "8388608", - "_ws.expert.group": "117440512" - }, - "_ws.malformed": "Malformed Packet" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:32.280829000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494492.280829000", - "frame.time_delta": "0.000644000", - "frame.time_delta_displayed": "0.000644000", - "frame.time_relative": "900.820143000", - "frame.number": "3495", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001a0e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005e65", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54601", - "tcp.dstport": "80", - "tcp.port": "54601", - "tcp.port": "80", - "tcp.stream": "139", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000ebc1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3494", - "tcp.analysis.ack_rtt": "0.000644000", - "tcp.analysis.initial_rtt": "0.003424000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:32.281268000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494492.281268000", - "frame.time_delta": "0.000439000", - "frame.time_delta_displayed": "0.000439000", - "frame.time_relative": "900.820582000", - "frame.number": "3496", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00003e78", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000079fb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54601", - "tcp.port": "80", - "tcp.port": "54601", - "tcp.stream": "139", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000ddf5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3495", - "tcp.analysis.ack_rtt": "0.000439000", - "tcp.analysis.initial_rtt": "0.003424000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:32.284164000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494492.284164000", - "frame.time_delta": "0.002896000", - "frame.time_delta_displayed": "0.002896000", - "frame.time_relative": "900.823478000", - "frame.number": "3497", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001a0f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005e58", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54601", - "tcp.dstport": "80", - "tcp.port": "54601", - "tcp.port": "80", - "tcp.stream": "139", - "tcp.len": "0", - "tcp.seq": "169", - "tcp.ack": "1014", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000371a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:05:0a:31:d9:8b:7d:31:d9:8f:60", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "SACK: 18-1013": { - "tcp.option_kind": "5", - "tcp.option_len": "10", - "tcp.options.sack": "1", - "tcp.options.sack_le": "18", - "tcp.options.sack_re": "1013", - "tcp.options.sack.count": "1" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003424000", - "tcp.analysis.flags": { - "tcp.analysis.duplicate_ack": "" - }, - "tcp.analysis.duplicate_ack_num": "1", - "tcp.analysis.duplicate_ack_frame": "3493", - "tcp.analysis.duplicate_ack_frame_tree": { - "_ws.expert": { - "tcp.analysis.duplicate_ack": "", - "_ws.expert.message": "Duplicate ACK (#1)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:32.322291000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494492.322291000", - "frame.time_delta": "0.038127000", - "frame.time_delta_displayed": "0.038127000", - "frame.time_relative": "900.861605000", - "frame.number": "3498", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00008324", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000341e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "314", - "udp.checksum": "0x00000771", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "47", - "http.prev_response_in": "3485" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:32.333004000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494492.333004000", - "frame.time_delta": "0.010713000", - "frame.time_delta_displayed": "0.010713000", - "frame.time_relative": "900.872318000", - "frame.number": "3499", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001a10", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005e57", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54602", - "tcp.dstport": "80", - "tcp.port": "54602", - "tcp.port": "80", - "tcp.stream": "140", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x0000c540", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:32.333559000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494492.333559000", - "frame.time_delta": "0.000555000", - "frame.time_delta_displayed": "0.000555000", - "frame.time_relative": "900.872873000", - "frame.number": "3500", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54602", - "tcp.port": "80", - "tcp.port": "54602", - "tcp.stream": "140", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00006e90", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3499", - "tcp.analysis.ack_rtt": "0.000555000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:32.336314000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494492.336314000", - "frame.time_delta": "0.002755000", - "frame.time_delta_displayed": "0.002755000", - "frame.time_relative": "900.875628000", - "frame.number": "3501", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001a11", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005e62", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54602", - "tcp.dstport": "80", - "tcp.port": "54602", - "tcp.port": "80", - "tcp.stream": "140", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000206f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3500", - "tcp.analysis.ack_rtt": "0.002755000", - "tcp.analysis.initial_rtt": "0.003310000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:32.337009000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494492.337009000", - "frame.time_delta": "0.000695000", - "frame.time_delta_displayed": "0.000695000", - "frame.time_relative": "900.876323000", - "frame.number": "3502", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001a12", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005dba", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54602", - "tcp.dstport": "80", - "tcp.port": "54602", - "tcp.port": "80", - "tcp.stream": "140", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000035e8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003310000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:32.337484000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494492.337484000", - "frame.time_delta": "0.000475000", - "frame.time_delta_displayed": "0.000475000", - "frame.time_relative": "900.876798000", - "frame.number": "3503", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000ab52", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000d21", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54602", - "tcp.port": "80", - "tcp.port": "54602", - "tcp.stream": "140", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00001200", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3502", - "tcp.analysis.ack_rtt": "0.000475000", - "tcp.analysis.initial_rtt": "0.003310000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:32.338137000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494492.338137000", - "frame.time_delta": "0.000653000", - "frame.time_delta_displayed": "0.000653000", - "frame.time_relative": "900.877451000", - "frame.number": "3504", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000ab53", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000d0f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54602", - "tcp.port": "80", - "tcp.port": "54602", - "tcp.stream": "140", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00005221", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003310000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:32.338517000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494492.338517000", - "frame.time_delta": "0.000380000", - "frame.time_delta_displayed": "0.000380000", - "frame.time_relative": "900.877831000", - "frame.number": "3505", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000ab54", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000093c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54602", - "tcp.port": "80", - "tcp.port": "54602", - "tcp.stream": "140", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000a48a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003310000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "3504", - "tcp.segment": "3505", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001508000", - "http.request_in": "3502", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:32.340163000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494492.340163000", - "frame.time_delta": "0.001646000", - "frame.time_delta_displayed": "0.001646000", - "frame.time_relative": "900.879477000", - "frame.number": "3506", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000ab55", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000093b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54602", - "tcp.port": "80", - "tcp.port": "54602", - "tcp.stream": "140", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000a48a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003310000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.out_of_order": "", - "_ws.expert.message": "This frame is a (suspected) out-of-order segment", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - } - } - }, - "_ws.malformed": { - "_ws.expert": { - "_ws.malformed.reassembly": "", - "_ws.expert.message": "New fragment overlaps old data (retransmission?)", - "_ws.expert.severity": "8388608", - "_ws.expert.group": "117440512" - }, - "_ws.malformed": "Malformed Packet" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:32.341990000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494492.341990000", - "frame.time_delta": "0.001827000", - "frame.time_delta_displayed": "0.001827000", - "frame.time_relative": "900.881304000", - "frame.number": "3507", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001a13", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005e60", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54602", - "tcp.dstport": "80", - "tcp.port": "54602", - "tcp.port": "80", - "tcp.stream": "140", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00001bd7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3505", - "tcp.analysis.ack_rtt": "0.003473000", - "tcp.analysis.initial_rtt": "0.003310000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:32.345003000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494492.345003000", - "frame.time_delta": "0.003013000", - "frame.time_delta_displayed": "0.003013000", - "frame.time_relative": "900.884317000", - "frame.number": "3508", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001a14", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005e5f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54602", - "tcp.dstport": "80", - "tcp.port": "54602", - "tcp.port": "80", - "tcp.stream": "140", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00001bd6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:32.345451000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494492.345451000", - "frame.time_delta": "0.000448000", - "frame.time_delta_displayed": "0.000448000", - "frame.time_relative": "900.884765000", - "frame.number": "3509", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00003e7c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000079f7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54602", - "tcp.port": "80", - "tcp.port": "54602", - "tcp.stream": "140", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00000e0a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3508", - "tcp.analysis.ack_rtt": "0.000448000", - "tcp.analysis.initial_rtt": "0.003310000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:32.345698000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494492.345698000", - "frame.time_delta": "0.000247000", - "frame.time_delta_displayed": "0.000247000", - "frame.time_relative": "900.885012000", - "frame.number": "3510", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001a15", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005e52", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54602", - "tcp.dstport": "80", - "tcp.port": "54602", - "tcp.port": "80", - "tcp.stream": "140", - "tcp.len": "0", - "tcp.seq": "169", - "tcp.ack": "1014", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000022ae", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:05:0a:65:c0:79:d6:65:c0:7d:b9", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "SACK: 18-1013": { - "tcp.option_kind": "5", - "tcp.option_len": "10", - "tcp.options.sack": "1", - "tcp.options.sack_le": "18", - "tcp.options.sack_re": "1013", - "tcp.options.sack.count": "1" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003310000", - "tcp.analysis.flags": { - "tcp.analysis.duplicate_ack": "" - }, - "tcp.analysis.duplicate_ack_num": "1", - "tcp.analysis.duplicate_ack_frame": "3507", - "tcp.analysis.duplicate_ack_frame_tree": { - "_ws.expert": { - "tcp.analysis.duplicate_ack": "", - "_ws.expert.message": "Duplicate ACK (#1)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:32.375717000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494492.375717000", - "frame.time_delta": "0.030019000", - "frame.time_delta_displayed": "0.030019000", - "frame.time_relative": "900.915031000", - "frame.number": "3511", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00008329", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000341f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "308", - "udp.checksum": "0x00002afb", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "48", - "http.prev_response_in": "3498" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:32.390134000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494492.390134000", - "frame.time_delta": "0.014417000", - "frame.time_delta_displayed": "0.014417000", - "frame.time_relative": "900.929448000", - "frame.number": "3512", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001a16", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005e51", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54603", - "tcp.dstport": "80", - "tcp.port": "54603", - "tcp.port": "80", - "tcp.stream": "141", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x00000bd9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:32.390687000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494492.390687000", - "frame.time_delta": "0.000553000", - "frame.time_delta_displayed": "0.000553000", - "frame.time_relative": "900.930001000", - "frame.number": "3513", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54603", - "tcp.port": "80", - "tcp.port": "54603", - "tcp.stream": "141", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x000091e3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3512", - "tcp.analysis.ack_rtt": "0.000553000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:32.393790000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494492.393790000", - "frame.time_delta": "0.003103000", - "frame.time_delta_displayed": "0.003103000", - "frame.time_relative": "900.933104000", - "frame.number": "3514", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001a17", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005e5c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54603", - "tcp.dstport": "80", - "tcp.port": "54603", - "tcp.port": "80", - "tcp.stream": "141", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000043c2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3513", - "tcp.analysis.ack_rtt": "0.003103000", - "tcp.analysis.initial_rtt": "0.003656000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:32.394940000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494492.394940000", - "frame.time_delta": "0.001150000", - "frame.time_delta_displayed": "0.001150000", - "frame.time_relative": "900.934254000", - "frame.number": "3515", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001a18", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005db4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54603", - "tcp.dstport": "80", - "tcp.port": "54603", - "tcp.port": "80", - "tcp.stream": "141", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000593b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003656000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:32.395426000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494492.395426000", - "frame.time_delta": "0.000486000", - "frame.time_delta_displayed": "0.000486000", - "frame.time_relative": "900.934740000", - "frame.number": "3516", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00009d01", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001b72", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54603", - "tcp.port": "80", - "tcp.port": "54603", - "tcp.stream": "141", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00003553", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3515", - "tcp.analysis.ack_rtt": "0.000486000", - "tcp.analysis.initial_rtt": "0.003656000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:32.396001000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494492.396001000", - "frame.time_delta": "0.000575000", - "frame.time_delta_displayed": "0.000575000", - "frame.time_relative": "900.935315000", - "frame.number": "3517", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00009d02", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001b60", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54603", - "tcp.port": "80", - "tcp.port": "54603", - "tcp.stream": "141", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00007574", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003656000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:32.396354000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494492.396354000", - "frame.time_delta": "0.000353000", - "frame.time_delta_displayed": "0.000353000", - "frame.time_relative": "900.935668000", - "frame.number": "3518", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00009d03", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000178d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54603", - "tcp.port": "80", - "tcp.port": "54603", - "tcp.stream": "141", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000c7dd", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003656000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "3517", - "tcp.segment": "3518", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001414000", - "http.request_in": "3515", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:32.398425000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494492.398425000", - "frame.time_delta": "0.002071000", - "frame.time_delta_displayed": "0.002071000", - "frame.time_relative": "900.937739000", - "frame.number": "3519", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001a19", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005e5a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54603", - "tcp.dstport": "80", - "tcp.port": "54603", - "tcp.port": "80", - "tcp.stream": "141", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00003f2a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3518", - "tcp.analysis.ack_rtt": "0.002071000", - "tcp.analysis.initial_rtt": "0.003656000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:32.399411000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494492.399411000", - "frame.time_delta": "0.000986000", - "frame.time_delta_displayed": "0.000986000", - "frame.time_relative": "900.938725000", - "frame.number": "3520", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001a1a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005e59", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54603", - "tcp.dstport": "80", - "tcp.port": "54603", - "tcp.port": "80", - "tcp.stream": "141", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00003f29", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:32.399883000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494492.399883000", - "frame.time_delta": "0.000472000", - "frame.time_delta_displayed": "0.000472000", - "frame.time_relative": "900.939197000", - "frame.number": "3521", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00003e7f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000079f4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54603", - "tcp.port": "80", - "tcp.port": "54603", - "tcp.stream": "141", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000315d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3520", - "tcp.analysis.ack_rtt": "0.000472000", - "tcp.analysis.initial_rtt": "0.003656000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:34.259390000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494494.259390000", - "frame.time_delta": "1.859507000", - "frame.time_delta_displayed": "1.859507000", - "frame.time_relative": "902.798704000", - "frame.number": "3522", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "106", - "ip.id": "0x000095e3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007766", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "54", - "tcp.seq": "48250", - "tcp.nxtseq": "48304", - "tcp.ack": "10402", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00008605", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:11:96:a7:9e:6a:16", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2494870, TSecr 2812176918": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2494870", - "tcp.options.timestamp.tsecr": "2812176918" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "54", - "tcp.analysis.push_bytes_sent": "54" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:a1:1f:57:99:d8:6e:ef:7e:c4:3a:fc:b9:35:20:ce:7d:f0:3b:f3:c3:62:df:33:3b:e7:15:c3:fb:d4:c0:f1:22:45:98:a4:a6:bb:e3:cd:3b:d5:c9" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:34.320537000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494494.320537000", - "frame.time_delta": "0.061147000", - "frame.time_delta_displayed": "0.061147000", - "frame.time_relative": "902.859851000", - "frame.number": "3523", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002cea", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003895", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "10402", - "tcp.ack": "48304", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000449c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:6d:08:00:26:11:96", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812177672, TSecr 2494870": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812177672", - "tcp.options.timestamp.tsecr": "2494870" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3522", - "tcp.analysis.ack_rtt": "0.061147000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:34.700045000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494494.700045000", - "frame.time_delta": "0.379508000", - "frame.time_delta_displayed": "0.379508000", - "frame.time_relative": "903.239359000", - "frame.number": "3524", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000057f3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a69e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "281", - "tcp.ack": "253", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000004ab", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive": "", - "_ws.expert.message": "TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:34.843655000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494494.843655000", - "frame.time_delta": "0.143610000", - "frame.time_delta_displayed": "0.143610000", - "frame.time_relative": "903.382969000", - "frame.number": "3525", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000fe1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fdb0", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "253", - "tcp.ack": "282", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00000f20", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive_ack": "", - "_ws.expert.message": "ACK to a TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:36.481061000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494496.481061000", - "frame.time_delta": "1.637406000", - "frame.time_delta_displayed": "1.637406000", - "frame.time_relative": "905.020375000", - "frame.number": "3526", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005c8a", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x00005b5f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:36.683277000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494496.683277000", - "frame.time_delta": "0.202216000", - "frame.time_delta_displayed": "0.202216000", - "frame.time_relative": "905.222591000", - "frame.number": "3527", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x000020f2", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e722", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "50915", - "udp.dstport": "1900", - "udp.port": "50915", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x0000837a", - "udp.checksum.status": "2", - "udp.stream": "94" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:37.328929000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494497.328929000", - "frame.time_delta": "0.645652000", - "frame.time_delta_displayed": "0.645652000", - "frame.time_relative": "905.868243000", - "frame.number": "3528", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00008463", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000032e8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50915", - "udp.port": "1900", - "udp.port": "50915", - "udp.length": "305", - "udp.checksum": "0x0000fe37", - "udp.checksum.status": "2", - "udp.stream": "95" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:37.381851000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494497.381851000", - "frame.time_delta": "0.052922000", - "frame.time_delta_displayed": "0.052922000", - "frame.time_relative": "905.921165000", - "frame.number": "3529", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00008464", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000032de", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50915", - "udp.port": "1900", - "udp.port": "50915", - "udp.length": "314", - "udp.checksum": "0x00000c23", - "udp.checksum.status": "2", - "udp.stream": "95" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "2", - "http.prev_response_in": "3528" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:37.434687000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494497.434687000", - "frame.time_delta": "0.052836000", - "frame.time_delta_displayed": "0.052836000", - "frame.time_relative": "905.974001000", - "frame.number": "3530", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00008466", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000032e2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50915", - "udp.port": "1900", - "udp.port": "50915", - "udp.length": "308", - "udp.checksum": "0x00002fad", - "udp.checksum.status": "2", - "udp.stream": "95" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "3", - "http.prev_response_in": "3529" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:37.683950000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494497.683950000", - "frame.time_delta": "0.249263000", - "frame.time_delta_displayed": "0.249263000", - "frame.time_relative": "906.223264000", - "frame.number": "3531", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x000020f3", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e721", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "50915", - "udp.dstport": "1900", - "udp.port": "50915", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x0000837a", - "udp.checksum.status": "2", - "udp.stream": "94" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "2", - "http.prev_request_in": "3527" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:38.386471000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494498.386471000", - "frame.time_delta": "0.702521000", - "frame.time_delta_displayed": "0.702521000", - "frame.time_relative": "906.925785000", - "frame.number": "3532", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x000084aa", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000032a1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50915", - "udp.port": "1900", - "udp.port": "50915", - "udp.length": "305", - "udp.checksum": "0x0000fe37", - "udp.checksum.status": "2", - "udp.stream": "95" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "4", - "http.prev_response_in": "3530" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:38.439221000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494498.439221000", - "frame.time_delta": "0.052750000", - "frame.time_delta_displayed": "0.052750000", - "frame.time_relative": "906.978535000", - "frame.number": "3533", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x000084ab", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003297", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50915", - "udp.port": "1900", - "udp.port": "50915", - "udp.length": "314", - "udp.checksum": "0x00000c23", - "udp.checksum.status": "2", - "udp.stream": "95" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "5", - "http.prev_response_in": "3532" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:38.461721000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494498.461721000", - "frame.time_delta": "0.022500000", - "frame.time_delta_displayed": "0.022500000", - "frame.time_relative": "907.001035000", - "frame.number": "3534", - "frame.len": "622", - "frame.cap_len": "622", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "608", - "ip.id": "0x00002ceb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003668", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "556", - "tcp.seq": "10402", - "tcp.nxtseq": "10958", - "tcp.ack": "48304", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000068d8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:71:13:00:26:11:96", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812178707, TSecr 2494870": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812178707", - "tcp.options.timestamp.tsecr": "2494870" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "556", - "tcp.analysis.push_bytes_sent": "556" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "551", - "ssl.app_data": "34:cd:34:17:47:48:0e:75:da:cd:69:cd:74:9f:fb:44:97:ab:d2:15:4e:d8:18:3d:3b:ec:bc:f3:b4:a5:c0:c6:6a:64:27:0a:4e:c1:02:6d:ae:d5:da:8d:d7:27:9e:e9:40:5e:e7:2f:bc:a8:b5:c9:37:fa:c4:4a:0d:74:6c:31:45:a7:4f:0d:d4:1b:9d:2a:89:a5:c2:67:e1:ac:ef:27:8d:83:e3:e1:43:ce:8c:66:6b:bb:88:1f:f9:b4:6b:da:77:e0:2c:13:67:67:3e:cc:14:64:3a:f8:df:4b:27:99:28:91:6a:cd:c1:36:4d:b4:c3:36:fd:87:b2:07:13:38:83:9b:a6:97:c4:e0:7d:17:b8:8d:0d:57:f2:56:78:fa:d8:80:99:ee:ca:15:6f:a7:80:1a:60:49:1f:ca:f3:20:38:87:47:cb:f9:54:a2:c7:1d:74:99:3d:ff:2a:44:8f:68:2b:9c:41:47:af:96:b6:1f:a1:7f:61:ad:d8:93:2a:ce:e6:ed:c3:89:70:1d:b8:69:11:9b:c2:e2:67:03:42:2c:f0:38:21:87:78:40:1d:07:f9:77:6f:1f:fb:3f:4c:08:b2:75:a9:f5:98:44:49:45:d3:66:8f:da:53:ea:25:2a:81:6d:82:ef:d6:ac:88:92:1f:11:26:6c:5c:f7:1b:f2:ee:7c:a1:12:e6:6b:1a:db:53:16:52:fc:9c:87:2d:76:25:b3:a3:09:79:9f:ac:b3:2f:f2:23:ba:37:f0:d6:a4:12:16:d9:95:f1:85:40:50:dd:6c:1a:69:0c:8a:19:55:3c:d9:2b:59:20:fe:f3:3e:f0:8f:5f:9a:56:54:b3:46:5a:85:37:e7:23:1b:c7:57:37:44:f3:13:ab:b9:8b:df:79:92:af:da:29:47:83:ec:cc:9f:32:2d:07:1c:a4:2c:95:f9:94:22:9d:20:92:90:a9:8d:6e:c0:90:37:a0:24:94:38:62:4b:df:ea:9a:fd:d7:f8:c4:75:10:9a:1e:de:eb:c3:ed:c9:01:b6:d5:d3:83:30:3b:eb:54:31:cd:25:0f:73:e3:b0:e3:91:9e:80:c3:9d:2b:cf:0a:c9:52:07:d2:cf:f0:33:94:7a:9a:22:86:cd:cb:fb:4b:af:17:48:c1:6d:1e:2d:1f:3f:76:80:94:bb:78:b1:2c:23:7e:c6:6e:dd:c0:1e:a8:a3:01:14:a3:3f:ba:2c:67:1d:07:ff:ab:b9:ce:9d:44:10:03:12:d0:21:74:0c:0b:fb:5e:8a:c6:8b:18:3f:f3:5b:f5:05:b2:fe:bf:39:e3:d5:3a:07:27:6b:ba:8a:e1:17:1e:cf:bd:86:d3:ec:a6:1c:03:99:20:1f:55:69:db:a2:49:c8:05:96:97:0a:9f:12:44:98:3f:2f:6b:96:cc:06:b5:54:51:36:1e:5c:78:04:da:0d:83:05:c2:b5:a7:13" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:38.491963000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494498.491963000", - "frame.time_delta": "0.030242000", - "frame.time_delta_displayed": "0.030242000", - "frame.time_relative": "907.031277000", - "frame.number": "3535", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x000084ad", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000329b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50915", - "udp.port": "1900", - "udp.port": "50915", - "udp.length": "308", - "udp.checksum": "0x00002fad", - "udp.checksum.status": "2", - "udp.stream": "95" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "6", - "http.prev_response_in": "3533" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:38.501226000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494498.501226000", - "frame.time_delta": "0.009263000", - "frame.time_delta_displayed": "0.009263000", - "frame.time_relative": "907.040540000", - "frame.number": "3536", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x000095e4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000779b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "48304", - "tcp.ack": "10958", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00003bcd", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:13:3f:a7:9e:71:13", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2495295, TSecr 2812178707": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2495295", - "tcp.options.timestamp.tsecr": "2812178707" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3534", - "tcp.analysis.ack_rtt": "0.039505000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:38.508245000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494498.508245000", - "frame.time_delta": "0.007019000", - "frame.time_delta_displayed": "0.007019000", - "frame.time_relative": "907.047559000", - "frame.number": "3537", - "frame.len": "119", - "frame.cap_len": "119", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "105", - "ip.id": "0x000095e5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007765", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "53", - "tcp.seq": "48304", - "tcp.nxtseq": "48357", - "tcp.ack": "10958", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000cb48", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:13:3f:a7:9e:71:13", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2495295, TSecr 2812178707": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2495295", - "tcp.options.timestamp.tsecr": "2812178707" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "53", - "tcp.analysis.push_bytes_sent": "53" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "48", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:a2:f8:c7:db:2b:f5:a4:8f:12:1e:4a:cf:87:10:b4:49:fd:7b:71:1d:50:fd:be:0a:69:d9:5c:67:0c:bd:15:92:34:b8:35:88:95:e6:28:2e:08" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:38.515923000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494498.515923000", - "frame.time_delta": "0.007678000", - "frame.time_delta_displayed": "0.007678000", - "frame.time_relative": "907.055237000", - "frame.number": "3538", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "94:10:3e:36:60:09", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x0000dda6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d9f1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.dst_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "36171", - "tcp.dstport": "49153", - "tcp.port": "36171", - "tcp.port": "49153", - "tcp.stream": "142", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 49153", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "14600", - "tcp.window_size": "14600", - "tcp.checksum": "0x00003889", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:26:13:40:00:00:00:00:01:03:03:06", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 2495296, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2495296", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 6 (multiply by 64)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "6", - "tcp.options.wscale.multiplier": "64" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:38.517584000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494498.517584000", - "frame.time_delta": "0.001661000", - "frame.time_delta_displayed": "0.001661000", - "frame.time_relative": "907.056898000", - "frame.number": "3539", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "94:10:3e:36:60:09", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b7a0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.src_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "49153", - "tcp.dstport": "36171", - "tcp.port": "49153", - "tcp.port": "36171", - "tcp.stream": "142", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 49153", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "5840", - "tcp.window_size": "5840", - "tcp.checksum": "0x00005e8c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:01", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 1 (multiply by 2)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "1", - "tcp.options.wscale.multiplier": "2" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3538", - "tcp.analysis.ack_rtt": "0.001661000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:38.518181000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494498.518181000", - "frame.time_delta": "0.000597000", - "frame.time_delta_displayed": "0.000597000", - "frame.time_relative": "907.057495000", - "frame.number": "3540", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "94:10:3e:36:60:09", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000dda7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000da04", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.dst_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "36171", - "tcp.dstport": "49153", - "tcp.port": "36171", - "tcp.port": "49153", - "tcp.stream": "142", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "229", - "tcp.window_size": "14656", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000b543", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3539", - "tcp.analysis.ack_rtt": "0.000597000", - "tcp.analysis.initial_rtt": "0.002258000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:38.529090000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494498.529090000", - "frame.time_delta": "0.010909000", - "frame.time_delta_displayed": "0.010909000", - "frame.time_relative": "907.068404000", - "frame.number": "3541", - "frame.len": "558", - "frame.cap_len": "558", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "94:10:3e:36:60:09", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "544", - "ip.id": "0x0000dda8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d80b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.dst_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "36171", - "tcp.dstport": "49153", - "tcp.port": "36171", - "tcp.port": "49153", - "tcp.stream": "142", - "tcp.len": "504", - "tcp.seq": "1", - "tcp.nxtseq": "505", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "229", - "tcp.window_size": "14656", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000fd0c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002258000", - "tcp.analysis.bytes_in_flight": "504", - "tcp.analysis.push_bytes_sent": "504" - } - }, - "http": { - "POST \/upnp\/control\/basicevent1 HTTP\/1.1\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "POST \/upnp\/control\/basicevent1 HTTP\/1.1\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "POST", - "http.request.uri": "\/upnp\/control\/basicevent1", - "http.request.version": "HTTP\/1.1" - }, - "http.request.line": "SOAPAction: \"urn:Belkin:service:basicevent:1#SetBinaryState\"\n", - "http.host": "192.168.0.225:49153", - "http.request.line": "Host: 192.168.0.225:49153\n", - "http.content_type": "text\/xml", - "http.request.line": "Content-Type: text\/xml\n", - "http.content_length_header": "333", - "http.content_length_header_tree": { - "http.content_length": "333" - }, - "http.request.line": "Content-Length: 333\n", - "\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.225:49153\/upnp\/control\/basicevent1", - "http.request": "1", - "http.request_number": "1", - "http.file_data": "<?xml version=\"1.0\"?>\n<SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\" SOAP-ENV:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\">\n<SOAP-ENV:Body>\n <m:SetBinaryState xmlns:m=\"urn:Belkin:service:basicevent:1\">\n<BinaryState>1<\/BinaryState>\n <\/m:SetBinaryState>\n<\/SOAP-ENV:Body>\n<\/SOAP-ENV:Envelope>" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\"?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "?>": "" - }, - "xml.tag": "<SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\" SOAP-ENV:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\">", - "xml.tag_tree": { - "xml.attribute": "xmlns:SOAP-ENV=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\"", - "xml.attribute": "SOAP-ENV:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\"", - "xml.tag": "<SOAP-ENV:Body>", - "xml.tag_tree": { - "xml.tag": "<m:SetBinaryState xmlns:m=\"urn:Belkin:service:basicevent:1\">", - "xml.tag_tree": { - "xml.attribute": "xmlns:m=\"urn:Belkin:service:basicevent:1\"", - "xml.tag": "<BinaryState>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/BinaryState>": "" - }, - "<\/m:SetBinaryState>": "" - }, - "<\/SOAP-ENV:Body>": "" - }, - "<\/SOAP-ENV:Envelope>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:38.531089000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494498.531089000", - "frame.time_delta": "0.001999000", - "frame.time_delta_displayed": "0.001999000", - "frame.time_relative": "907.070403000", - "frame.number": "3542", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "94:10:3e:36:60:09", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000b43d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000036f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.src_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "49153", - "tcp.dstport": "36171", - "tcp.port": "49153", - "tcp.port": "36171", - "tcp.stream": "142", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "505", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3456", - "tcp.window_size": "6912", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x0000a6b0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3541", - "tcp.analysis.ack_rtt": "0.001999000", - "tcp.analysis.initial_rtt": "0.002258000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:38.561123000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494498.561123000", - "frame.time_delta": "0.030034000", - "frame.time_delta_displayed": "0.030034000", - "frame.time_relative": "907.100437000", - "frame.number": "3543", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "94:10:3e:36:60:09", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x0000b43e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000002ae", - "ip.checksum.status": "2", - "ip.src": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.src_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "49153", - "tcp.dstport": "36171", - "tcp.port": "49153", - "tcp.port": "36171", - "tcp.stream": "142", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "505", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3456", - "tcp.window_size": "6912", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x0000afb1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002258000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:4f:4e:54:45:4e:54:2d:4c:45:4e:47:54:48:3a:20:33:37:36:0d:0a:43:4f:4e:54:45:4e:54:2d:54:59:50:45:3a:20:74:65:78:74:2f:78:6d:6c:3b:20:63:68:61:72:73:65:74:3d:22:75:74:66:2d:38:22:0d:0a:44:41:54:45:3a:20:57:65:64:2c:20:30:31:20:4e:6f:76:20:32:30:31:37:20:30:30:3a:30:31:3a:33:38:20:47:4d:54:0d:0a:45:58:54:3a:0d:0a:53:45:52:56:45:52:3a:20:55:6e:73:70:65:63:69:66:69:65:64:2c:20:55:50:6e:50:2f:31:2e:30:2c:20:55:6e:73:70:65:63:69:66:69:65:64:0d:0a:58:2d:55:73:65:72:2d:41:67:65:6e:74:3a:20:72:65:64:73:6f:6e:69:63:0d:0a:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:38.561696000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494498.561696000", - "frame.time_delta": "0.000573000", - "frame.time_delta_displayed": "0.000573000", - "frame.time_relative": "907.101010000", - "frame.number": "3544", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "94:10:3e:36:60:09", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000dda9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000da02", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.dst_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "36171", - "tcp.dstport": "49153", - "tcp.port": "36171", - "tcp.port": "49153", - "tcp.stream": "142", - "tcp.len": "0", - "tcp.seq": "505", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "245", - "tcp.window_size": "15680", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000b27b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3543", - "tcp.analysis.ack_rtt": "0.000573000", - "tcp.analysis.initial_rtt": "0.002258000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:38.562569000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494498.562569000", - "frame.time_delta": "0.000873000", - "frame.time_delta_displayed": "0.000873000", - "frame.time_relative": "907.101883000", - "frame.number": "3545", - "frame.len": "430", - "frame.cap_len": "430", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "94:10:3e:36:60:09", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "416", - "ip.id": "0x0000b43f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000001f5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.src_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "49153", - "tcp.dstport": "36171", - "tcp.port": "49153", - "tcp.port": "36171", - "tcp.stream": "142", - "tcp.len": "376", - "tcp.seq": "193", - "tcp.nxtseq": "570", - "tcp.ack": "505", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3456", - "tcp.window_size": "6912", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x0000a8c9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002258000", - "tcp.analysis.bytes_in_flight": "377", - "tcp.analysis.push_bytes_sent": "376" - }, - "tcp.segment_data": "3c:73:3a:45:6e:76:65:6c:6f:70:65:20:78:6d:6c:6e:73:3a:73:3d:22:68:74:74:70:3a:2f:2f:73:63:68:65:6d:61:73:2e:78:6d:6c:73:6f:61:70:2e:6f:72:67:2f:73:6f:61:70:2f:65:6e:76:65:6c:6f:70:65:2f:22:20:73:3a:65:6e:63:6f:64:69:6e:67:53:74:79:6c:65:3d:22:68:74:74:70:3a:2f:2f:73:63:68:65:6d:61:73:2e:78:6d:6c:73:6f:61:70:2e:6f:72:67:2f:73:6f:61:70:2f:65:6e:63:6f:64:69:6e:67:2f:22:3e:3c:73:3a:42:6f:64:79:3e:0a:3c:75:3a:53:65:74:42:69:6e:61:72:79:53:74:61:74:65:52:65:73:70:6f:6e:73:65:20:78:6d:6c:6e:73:3a:75:3d:22:75:72:6e:3a:42:65:6c:6b:69:6e:3a:73:65:72:76:69:63:65:3a:62:61:73:69:63:65:76:65:6e:74:3a:31:22:3e:0d:0a:3c:42:69:6e:61:72:79:53:74:61:74:65:3e:31:3c:2f:42:69:6e:61:72:79:53:74:61:74:65:3e:0d:0a:3c:43:6f:75:6e:74:64:6f:77:6e:45:6e:64:54:69:6d:65:3e:30:3c:2f:43:6f:75:6e:74:64:6f:77:6e:45:6e:64:54:69:6d:65:3e:0d:0a:3c:64:65:76:69:63:65:43:75:72:72:65:6e:74:54:69:6d:65:3e:31:35:30:39:34:39:34:34:39:38:3c:2f:64:65:76:69:63:65:43:75:72:72:65:6e:74:54:69:6d:65:3e:0d:0a:3c:2f:75:3a:53:65:74:42:69:6e:61:72:79:53:74:61:74:65:52:65:73:70:6f:6e:73:65:3e:0d:0a:3c:2f:73:3a:42:6f:64:79:3e:20:3c:2f:73:3a:45:6e:76:65:6c:6f:70:65:3e" - }, - "tcp.segments": { - "tcp.segment": "3543", - "tcp.segment": "3545", - "tcp.segment.count": "2", - "tcp.reassembled.length": "568", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:4f:4e:54:45:4e:54:2d:4c:45:4e:47:54:48:3a:20:33:37:36:0d:0a:43:4f:4e:54:45:4e:54:2d:54:59:50:45:3a:20:74:65:78:74:2f:78:6d:6c:3b:20:63:68:61:72:73:65:74:3d:22:75:74:66:2d:38:22:0d:0a:44:41:54:45:3a:20:57:65:64:2c:20:30:31:20:4e:6f:76:20:32:30:31:37:20:30:30:3a:30:31:3a:33:38:20:47:4d:54:0d:0a:45:58:54:3a:0d:0a:53:45:52:56:45:52:3a:20:55:6e:73:70:65:63:69:66:69:65:64:2c:20:55:50:6e:50:2f:31:2e:30:2c:20:55:6e:73:70:65:63:69:66:69:65:64:0d:0a:58:2d:55:73:65:72:2d:41:67:65:6e:74:3a:20:72:65:64:73:6f:6e:69:63:0d:0a:0d:0a:3c:73:3a:45:6e:76:65:6c:6f:70:65:20:78:6d:6c:6e:73:3a:73:3d:22:68:74:74:70:3a:2f:2f:73:63:68:65:6d:61:73:2e:78:6d:6c:73:6f:61:70:2e:6f:72:67:2f:73:6f:61:70:2f:65:6e:76:65:6c:6f:70:65:2f:22:20:73:3a:65:6e:63:6f:64:69:6e:67:53:74:79:6c:65:3d:22:68:74:74:70:3a:2f:2f:73:63:68:65:6d:61:73:2e:78:6d:6c:73:6f:61:70:2e:6f:72:67:2f:73:6f:61:70:2f:65:6e:63:6f:64:69:6e:67:2f:22:3e:3c:73:3a:42:6f:64:79:3e:0a:3c:75:3a:53:65:74:42:69:6e:61:72:79:53:74:61:74:65:52:65:73:70:6f:6e:73:65:20:78:6d:6c:6e:73:3a:75:3d:22:75:72:6e:3a:42:65:6c:6b:69:6e:3a:73:65:72:76:69:63:65:3a:62:61:73:69:63:65:76:65:6e:74:3a:31:22:3e:0d:0a:3c:42:69:6e:61:72:79:53:74:61:74:65:3e:31:3c:2f:42:69:6e:61:72:79:53:74:61:74:65:3e:0d:0a:3c:43:6f:75:6e:74:64:6f:77:6e:45:6e:64:54:69:6d:65:3e:30:3c:2f:43:6f:75:6e:74:64:6f:77:6e:45:6e:64:54:69:6d:65:3e:0d:0a:3c:64:65:76:69:63:65:43:75:72:72:65:6e:74:54:69:6d:65:3e:31:35:30:39:34:39:34:34:39:38:3c:2f:64:65:76:69:63:65:43:75:72:72:65:6e:74:54:69:6d:65:3e:0d:0a:3c:2f:75:3a:53:65:74:42:69:6e:61:72:79:53:74:61:74:65:52:65:73:70:6f:6e:73:65:3e:0d:0a:3c:2f:73:3a:42:6f:64:79:3e:20:3c:2f:73:3a:45:6e:76:65:6c:6f:70:65:3e" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_length_header": "376", - "http.content_length_header_tree": { - "http.content_length": "376" - }, - "http.response.line": "CONTENT-LENGTH: 376\r\n", - "http.content_type": "text\/xml; charset=\"utf-8\"", - "http.response.line": "CONTENT-TYPE: text\/xml; charset=\"utf-8\"\r\n", - "http.date": "Wed, 01 Nov 2017 00:01:38 GMT", - "http.response.line": "DATE: Wed, 01 Nov 2017 00:01:38 GMT\r\n", - "http.response.line": "EXT:\r\n", - "http.server": "Unspecified, UPnP\/1.0, Unspecified", - "http.response.line": "SERVER: Unspecified, UPnP\/1.0, Unspecified\r\n", - "http.response.line": "X-User-Agent: redsonic\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.033479000", - "http.request_in": "3541", - "http.file_data": "<s:Envelope xmlns:s=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\" s:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\"><s:Body>\n<u:SetBinaryStateResponse xmlns:u=\"urn:Belkin:service:basicevent:1\">\r\n<BinaryState>1<\/BinaryState>\r\n<CountdownEndTime>0<\/CountdownEndTime>\r\n<deviceCurrentTime>1509494498<\/deviceCurrentTime>\r\n<\/u:SetBinaryStateResponse>\r\n<\/s:Body> <\/s:Envelope>" - }, - "xml": { - "xml.tag": "<s:Envelope xmlns:s=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\" s:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\">", - "xml.tag_tree": { - "xml.attribute": "xmlns:s=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\"", - "xml.attribute": "s:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\"", - "xml.tag": "<s:Body>", - "xml.tag_tree": { - "xml.tag": "<u:SetBinaryStateResponse xmlns:u=\"urn:Belkin:service:basicevent:1\">", - "xml.tag_tree": { - "xml.attribute": "xmlns:u=\"urn:Belkin:service:basicevent:1\"", - "xml.tag": "<BinaryState>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/BinaryState>": "" - }, - "xml.tag": "<CountdownEndTime>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/CountdownEndTime>": "" - }, - "xml.tag": "<deviceCurrentTime>", - "xml.tag_tree": { - "xml.cdata": "1509494498", - "<\/deviceCurrentTime>": "" - }, - "<\/u:SetBinaryStateResponse>": "" - }, - "<\/s:Body>": "" - }, - "<\/s:Envelope>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:38.568298000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494498.568298000", - "frame.time_delta": "0.005729000", - "frame.time_delta_displayed": "0.005729000", - "frame.time_relative": "907.107612000", - "frame.number": "3546", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002cec", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003893", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "10958", - "tcp.ack": "48357", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00003c6c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:71:2e:00:26:13:3f", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812178734, TSecr 2495295": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812178734", - "tcp.options.timestamp.tsecr": "2495295" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3537", - "tcp.analysis.ack_rtt": "0.060053000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:38.568743000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494498.568743000", - "frame.time_delta": "0.000445000", - "frame.time_delta_displayed": "0.000445000", - "frame.time_relative": "907.108057000", - "frame.number": "3547", - "frame.len": "174", - "frame.cap_len": "174", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "160", - "ip.id": "0x000095e6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000772d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "108", - "tcp.seq": "48357", - "tcp.nxtseq": "48465", - "tcp.ack": "10958", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000eea0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:13:45:a7:9e:71:2e", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2495301, TSecr 2812178734": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2495301", - "tcp.options.timestamp.tsecr": "2812178734" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "108", - "tcp.analysis.push_bytes_sent": "108" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:a3:81:ee:40:9f:6e:96:e0:71:76:73:9d:1b:17:c0:26:21:7f:84:45:63:9a:4b:5a:8f:18:86:7c:aa:b3:39:22:62:70:eb:53:b5:d1:27:5d:92:57" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:a4:87:f0:16:89:03:84:d4:a0:25:ad:c8:59:96:ed:66:3c:ce:5f:56:25:f6:3b:68:d0:f3:7b:a3:25:53:c7:d3:df:16:34:50:36:d5:52:09:9f:66" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:38.601186000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494498.601186000", - "frame.time_delta": "0.032443000", - "frame.time_delta_displayed": "0.032443000", - "frame.time_relative": "907.140500000", - "frame.number": "3548", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "94:10:3e:36:60:09", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000ddaa", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000da01", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.dst_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "36171", - "tcp.dstport": "49153", - "tcp.port": "36171", - "tcp.port": "49153", - "tcp.stream": "142", - "tcp.len": "0", - "tcp.seq": "505", - "tcp.ack": "570", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "262", - "tcp.window_size": "16768", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000b0f1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3545", - "tcp.analysis.ack_rtt": "0.038617000", - "tcp.analysis.initial_rtt": "0.002258000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:38.616901000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494498.616901000", - "frame.time_delta": "0.015715000", - "frame.time_delta_displayed": "0.015715000", - "frame.time_relative": "907.156215000", - "frame.number": "3549", - "frame.len": "136", - "frame.cap_len": "136", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "122", - "ip.id": "0x00009d53", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00003c06", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "102", - "udp.checksum": "0x0000302a", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000003", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", - "dns.qry.name.len": "70", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:38.628923000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494498.628923000", - "frame.time_delta": "0.012022000", - "frame.time_delta_displayed": "0.012022000", - "frame.time_relative": "907.168237000", - "frame.number": "3550", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002ced", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003892", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "10958", - "tcp.ack": "48465", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00003beb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:71:3d:00:26:13:45", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812178749, TSecr 2495301": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812178749", - "tcp.options.timestamp.tsecr": "2495301" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3547", - "tcp.analysis.ack_rtt": "0.060180000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:38.629420000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494498.629420000", - "frame.time_delta": "0.000497000", - "frame.time_delta_displayed": "0.000497000", - "frame.time_relative": "907.168734000", - "frame.number": "3551", - "frame.len": "752", - "frame.cap_len": "752", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "738", - "ip.id": "0x000095e7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000074ea", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "686", - "tcp.seq": "48465", - "tcp.nxtseq": "49151", - "tcp.ack": "10958", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000046a5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:13:4b:a7:9e:71:3d", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2495307, TSecr 2812178749": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2495307", - "tcp.options.timestamp.tsecr": "2812178749" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "686", - "tcp.analysis.push_bytes_sent": "686" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "246", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:a5:44:e3:3d:f5:dd:c1:26:7f:ea:d2:38:ee:36:5b:84:6b:f1:cb:51:f0:a5:7b:04:9b:8d:d0:48:b0:ac:46:9c:3f:24:01:10:69:a0:f7:41:46:50:28:5b:55:c5:c1:e4:5d:68:0d:37:8f:0e:3b:2a:21:6d:3c:24:08:ee:d6:cb:a7:90:ef:d8:b6:fd:22:3c:10:8b:df:83:4d:8e:c5:40:6f:d9:72:98:75:9d:5c:73:ca:15:e3:35:0d:be:93:68:26:f3:b0:f3:ec:c6:dc:9d:0b:28:2f:17:68:2b:78:a1:a9:0e:7b:97:08:32:c5:4c:fa:84:14:85:7e:26:00:81:a9:d2:8e:57:82:3d:60:d0:73:ea:47:3d:d1:a1:4f:b0:9b:c2:ae:dc:5e:1a:54:2f:7d:71:f2:1f:72:d6:1a:39:75:58:ef:8f:06:29:f7:d5:2e:c2:5d:25:39:b6:26:0b:f4:1c:6f:d9:44:c1:71:20:ef:8d:1b:69:5e:a7:43:18:89:7f:6f:4a:14:87:d3:1f:ac:30:c9:1c:36:1b:52:c9:1f:98:77:10:22:a3:72:45:56:9d:f8:b5:b4:77:1f:75:91:ec:8b:ee:9a:d4:aa:75:bb:7e:99:7a:00:dd:16" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "430", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:a6:8f:c2:8b:64:fa:58:10:d5:0a:34:c7:46:f0:da:f2:c5:6a:0d:bb:82:4f:b9:62:c7:4a:6c:28:27:bf:5b:9d:bf:dc:31:34:d2:06:5e:cd:34:ac:a5:34:92:b0:4d:3c:99:89:9f:db:95:f1:7c:3a:22:f5:51:b4:17:d4:23:8a:45:22:e1:71:93:19:86:b8:cd:25:b3:c8:f2:34:58:e9:8d:f7:b4:60:9b:85:02:48:ba:27:5f:90:cc:a5:2f:f1:60:c1:0a:3b:c4:77:eb:cf:5d:96:2d:a8:e7:42:9a:c6:20:fc:bf:1e:92:26:42:4d:fe:25:2b:7b:ed:2a:07:a7:1e:58:8f:47:95:b1:d8:0f:cb:12:82:26:90:8a:78:64:63:47:d5:32:ad:a1:61:43:9e:84:91:2b:7a:7a:f8:2e:b6:7d:18:72:36:82:54:05:a0:f9:e8:bd:32:e2:37:fb:38:a0:58:42:d4:be:08:47:4c:b9:12:02:78:6c:54:13:ec:63:4e:bd:70:2a:b4:11:70:a7:59:3d:6e:2b:a0:17:73:1a:46:fe:c0:cf:a6:75:09:a6:39:23:f0:cd:1c:88:b7:e8:97:62:ae:5a:b6:1e:44:c6:2a:fe:18:c4:22:88:07:8c:23:cc:43:ac:17:68:c4:f6:d4:e9:bb:8f:89:f8:71:d6:77:20:26:5b:22:90:3e:44:47:64:77:1b:ae:25:2e:ef:a6:26:8f:5f:91:b0:5f:49:bc:02:ce:de:94:47:37:19:e1:b6:d3:9b:ad:2f:4e:a8:f2:48:96:b7:7e:13:a4:ad:11:61:32:9c:fe:c4:e9:64:1f:20:70:f1:5d:08:6b:5f:23:e5:64:a3:cf:0a:4b:11:a5:5e:a4:aa:f1:6d:34:28:21:9d:e8:c1:90:19:40:7d:5d:bb:62:18:2c:63:e9:d4:91:33:da:25:15:90:24:10:7e:6f:80:9d:fa:45:c4:aa:08:87:50:02:6f:cf:c4:e5:04:bc:09:de:05:e5:c0:e3:16:9a:7d:5f:ca:37:54:72:63:98:81:58:c7:9a:18:85:97:52:a7:7f:35:60:ec:ad:4f:b0:d1:65:3c:35:86:61:6c:22:ed:20:de" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:38.684573000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494498.684573000", - "frame.time_delta": "0.055153000", - "frame.time_delta_displayed": "0.055153000", - "frame.time_relative": "907.223887000", - "frame.number": "3552", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x000020f4", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e720", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "50915", - "udp.dstport": "1900", - "udp.port": "50915", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x0000837a", - "udp.checksum.status": "2", - "udp.stream": "94" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "3", - "http.prev_request_in": "3531" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:38.689648000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494498.689648000", - "frame.time_delta": "0.005075000", - "frame.time_delta_displayed": "0.005075000", - "frame.time_relative": "907.228962000", - "frame.number": "3553", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002cee", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003891", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "10958", - "tcp.ack": "49151", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00003928", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:71:4c:00:26:13:4b", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812178764, TSecr 2495307": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812178764", - "tcp.options.timestamp.tsecr": "2495307" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3551", - "tcp.analysis.ack_rtt": "0.060228000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:38.690561000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494498.690561000", - "frame.time_delta": "0.000913000", - "frame.time_delta_displayed": "0.000913000", - "frame.time_relative": "907.229875000", - "frame.number": "3554", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002cef", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003861", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "10958", - "tcp.nxtseq": "11005", - "tcp.ack": "49151", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000784a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:71:4d:00:26:13:4b", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812178765, TSecr 2495307": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812178765", - "tcp.options.timestamp.tsecr": "2495307" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:76:d6:11:30:e3:e4:20:25:9b:60:69:47:b5:6d:1b:4a:65:3a:81:79:7f:25:4c:5f:8c:e7:0b:70:62:10:a4:ad:30:25:6d" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:38.691026000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494498.691026000", - "frame.time_delta": "0.000465000", - "frame.time_delta_displayed": "0.000465000", - "frame.time_relative": "907.230340000", - "frame.number": "3555", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x000095e8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007797", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "49151", - "tcp.ack": "11005", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00003803", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:13:51:a7:9e:71:4d", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2495313, TSecr 2812178765": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2495313", - "tcp.options.timestamp.tsecr": "2812178765" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3554", - "tcp.analysis.ack_rtt": "0.000465000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:38.692475000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494498.692475000", - "frame.time_delta": "0.001449000", - "frame.time_delta_displayed": "0.001449000", - "frame.time_relative": "907.231789000", - "frame.number": "3556", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "94:10:3e:36:60:09", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000d107", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e698", - "ip.checksum.status": "2", - "ip.src": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.src_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "3553", - "tcp.dstport": "39500", - "tcp.port": "3553", - "tcp.port": "39500", - "tcp.stream": "143", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 39500", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "5840", - "tcp.window_size": "5840", - "tcp.checksum": "0x0000d157", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:01", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 1 (multiply by 2)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "1", - "tcp.options.wscale.multiplier": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:38.692940000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494498.692940000", - "frame.time_delta": "0.000465000", - "frame.time_delta_displayed": "0.000465000", - "frame.time_relative": "907.232254000", - "frame.number": "3557", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "94:10:3e:36:60:09", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b7a0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.dst_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "39500", - "tcp.dstport": "3553", - "tcp.port": "39500", - "tcp.port": "3553", - "tcp.stream": "143", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 39500", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "14600", - "tcp.window_size": "14600", - "tcp.checksum": "0x0000a217", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:06", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 6 (multiply by 64)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "6", - "tcp.options.wscale.multiplier": "64" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3556", - "tcp.analysis.ack_rtt": "0.000465000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:38.694710000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494498.694710000", - "frame.time_delta": "0.001770000", - "frame.time_delta_displayed": "0.001770000", - "frame.time_relative": "907.234024000", - "frame.number": "3558", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x000095e9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007767", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "49151", - "tcp.nxtseq": "49198", - "tcp.ack": "11005", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000c229", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:13:52:a7:9e:71:4d", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2495314, TSecr 2812178765": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2495314", - "tcp.options.timestamp.tsecr": "2812178765" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:a7:6d:3a:89:d6:a7:f8:7d:5c:bb:2c:c3:ba:f9:23:d6:22:d8:8e:ce:fa:4f:dd:5b:9f:f0:ef:0d:49:cc:13:90:96:68:50" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:38.694760000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494498.694760000", - "frame.time_delta": "0.000050000", - "frame.time_delta_displayed": "0.000050000", - "frame.time_relative": "907.234074000", - "frame.number": "3559", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "94:10:3e:36:60:09", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d108", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e6a3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.src_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "3553", - "tcp.dstport": "39500", - "tcp.port": "3553", - "tcp.port": "39500", - "tcp.stream": "143", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "2920", - "tcp.window_size": "5840", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x00001089", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3557", - "tcp.analysis.ack_rtt": "0.001820000", - "tcp.analysis.initial_rtt": "0.002285000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:38.695567000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494498.695567000", - "frame.time_delta": "0.000807000", - "frame.time_delta_displayed": "0.000807000", - "frame.time_relative": "907.234881000", - "frame.number": "3560", - "frame.len": "258", - "frame.cap_len": "258", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "94:10:3e:36:60:09", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "244", - "ip.id": "0x0000d109", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e5d6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.src_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "3553", - "tcp.dstport": "39500", - "tcp.port": "3553", - "tcp.port": "39500", - "tcp.stream": "143", - "tcp.len": "204", - "tcp.seq": "1", - "tcp.nxtseq": "205", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "2920", - "tcp.window_size": "5840", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x0000dd3b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002285000", - "tcp.analysis.bytes_in_flight": "204", - "tcp.analysis.push_bytes_sent": "204" - }, - "tcp.segment_data": "4e:4f:54:49:46:59:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:4f:53:54:3a:20:31:39:32:2e:31:36:38:2e:30:2e:32:34:32:3a:33:39:35:30:30:0d:0a:43:4f:4e:54:45:4e:54:2d:54:59:50:45:3a:20:74:65:78:74:2f:78:6d:6c:3b:20:63:68:61:72:73:65:74:3d:22:75:74:66:2d:38:22:0d:0a:43:4f:4e:54:45:4e:54:2d:4c:45:4e:47:54:48:3a:20:31:33:32:0d:0a:4e:54:3a:20:75:70:6e:70:3a:65:76:65:6e:74:0d:0a:4e:54:53:3a:20:75:70:6e:70:3a:70:72:6f:70:63:68:61:6e:67:65:0d:0a:53:49:44:3a:20:75:75:69:64:3a:37:63:63:64:39:66:33:38:2d:31:64:64:32:2d:31:31:62:32:2d:62:64:62:64:2d:38:32:36:39:32:65:66:62:30:64:37:65:0d:0a:53:45:51:3a:20:31:0d:0a:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:38.696030000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494498.696030000", - "frame.time_delta": "0.000463000", - "frame.time_delta_displayed": "0.000463000", - "frame.time_relative": "907.235344000", - "frame.number": "3561", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "94:10:3e:36:60:09", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000055de", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000061ce", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.dst_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "39500", - "tcp.dstport": "3553", - "tcp.port": "39500", - "tcp.port": "3553", - "tcp.stream": "143", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "205", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "245", - "tcp.window_size": "15680", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x00001a30", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3560", - "tcp.analysis.ack_rtt": "0.000463000", - "tcp.analysis.initial_rtt": "0.002285000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:38.698141000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494498.698141000", - "frame.time_delta": "0.002111000", - "frame.time_delta_displayed": "0.002111000", - "frame.time_relative": "907.237455000", - "frame.number": "3562", - "frame.len": "187", - "frame.cap_len": "187", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml:http:data" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "94:10:3e:36:60:09", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "173", - "ip.id": "0x0000d10a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e61c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.src_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "3553", - "tcp.dstport": "39500", - "tcp.port": "3553", - "tcp.port": "39500", - "tcp.stream": "143", - "tcp.len": "133", - "tcp.seq": "205", - "tcp.nxtseq": "338", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "2920", - "tcp.window_size": "5840", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x00006b63", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002285000", - "tcp.analysis.bytes_in_flight": "133", - "tcp.analysis.push_bytes_sent": "133" - }, - "tcp.segment_data": "3c:65:3a:70:72:6f:70:65:72:74:79:73:65:74:20:78:6d:6c:6e:73:3a:65:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:65:76:65:6e:74:2d:31:2d:30:22:3e:0a:3c:65:3a:70:72:6f:70:65:72:74:79:3e:0a:3c:42:69:6e:61:72:79:53:74:61:74:65:3e:31:3c:2f:42:69:6e:61:72:79:53:74:61:74:65:3e:0a:3c:2f:65:3a:70:72:6f:70:65:72:74:79:3e:0a:3c:2f:65:3a:70:72:6f:70:65:72:74:79:73:65:74:3e:0a:0a:0d" - }, - "tcp.segments": { - "tcp.segment": "3560", - "tcp.segment": "3562", - "tcp.segment.count": "2", - "tcp.reassembled.length": "336", - "tcp.reassembled.data": "4e:4f:54:49:46:59:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:4f:53:54:3a:20:31:39:32:2e:31:36:38:2e:30:2e:32:34:32:3a:33:39:35:30:30:0d:0a:43:4f:4e:54:45:4e:54:2d:54:59:50:45:3a:20:74:65:78:74:2f:78:6d:6c:3b:20:63:68:61:72:73:65:74:3d:22:75:74:66:2d:38:22:0d:0a:43:4f:4e:54:45:4e:54:2d:4c:45:4e:47:54:48:3a:20:31:33:32:0d:0a:4e:54:3a:20:75:70:6e:70:3a:65:76:65:6e:74:0d:0a:4e:54:53:3a:20:75:70:6e:70:3a:70:72:6f:70:63:68:61:6e:67:65:0d:0a:53:49:44:3a:20:75:75:69:64:3a:37:63:63:64:39:66:33:38:2d:31:64:64:32:2d:31:31:62:32:2d:62:64:62:64:2d:38:32:36:39:32:65:66:62:30:64:37:65:0d:0a:53:45:51:3a:20:31:0d:0a:0d:0a:3c:65:3a:70:72:6f:70:65:72:74:79:73:65:74:20:78:6d:6c:6e:73:3a:65:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:65:76:65:6e:74:2d:31:2d:30:22:3e:0a:3c:65:3a:70:72:6f:70:65:72:74:79:3e:0a:3c:42:69:6e:61:72:79:53:74:61:74:65:3e:31:3c:2f:42:69:6e:61:72:79:53:74:61:74:65:3e:0a:3c:2f:65:3a:70:72:6f:70:65:72:74:79:3e:0a:3c:2f:65:3a:70:72:6f:70:65:72:74:79:73:65:74:3e:0a:0a:0d" - }, - "http": { - "NOTIFY \/ HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY \/ HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "\/", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.242:39500", - "http.content_type": "text\/xml; charset=\"utf-8\"", - "http.content_length_header": "132", - "http.content_length_header_tree": { - "http.content_length": "132" - }, - "http.unknown_header": "NT: upnp:event\\r\\n", - "http.unknown_header": "NTS: upnp:propchange\\r\\n", - "http.unknown_header": "SID: uuid:7ccd9f38-1dd2-11b2-bdbd-82692efb0d7e\\r\\n", - "http.unknown_header": "SEQ: 1\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.242:39500\/", - "http.notification": "1", - "http.file_data": "<e:propertyset xmlns:e=\"urn:schemas-upnp-org:event-1-0\">\n<e:property>\n<BinaryState>1<\/BinaryState>\n<\/e:property>\n<\/e:propertyset>\n\n\r" - }, - "xml": { - "xml.tag": "<e:propertyset xmlns:e=\"urn:schemas-upnp-org:event-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns:e=\"urn:schemas-upnp-org:event-1-0\"", - "xml.tag": "<e:property>", - "xml.tag_tree": { - "xml.tag": "<BinaryState>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/BinaryState>": "" - }, - "<\/e:property>": "" - }, - "<\/e:propertyset>": "" - } - }, - "http": { - "data": { - "data.data": "0a", - "data.len": "1" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:38.698585000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494498.698585000", - "frame.time_delta": "0.000444000", - "frame.time_delta_displayed": "0.000444000", - "frame.time_relative": "907.237899000", - "frame.number": "3563", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "94:10:3e:36:60:09", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000055df", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000061cd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.dst_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "39500", - "tcp.dstport": "3553", - "tcp.port": "39500", - "tcp.port": "3553", - "tcp.stream": "143", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "338", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "262", - "tcp.window_size": "16768", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000199a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3562", - "tcp.analysis.ack_rtt": "0.000444000", - "tcp.analysis.initial_rtt": "0.002285000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:38.711211000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494498.711211000", - "frame.time_delta": "0.012626000", - "frame.time_delta_displayed": "0.012626000", - "frame.time_relative": "907.250525000", - "frame.number": "3564", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "94:10:3e:36:60:09", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000ddab", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000da00", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.dst_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "36171", - "tcp.dstport": "49153", - "tcp.port": "36171", - "tcp.port": "49153", - "tcp.stream": "142", - "tcp.len": "0", - "tcp.seq": "505", - "tcp.ack": "570", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "262", - "tcp.window_size": "16768", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000b0f0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:38.713057000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494498.713057000", - "frame.time_delta": "0.001846000", - "frame.time_delta_displayed": "0.001846000", - "frame.time_relative": "907.252371000", - "frame.number": "3565", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "94:10:3e:36:60:09", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b7ac", - "ip.checksum.status": "2", - "ip.src": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.src_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "49153", - "tcp.dstport": "36171", - "tcp.port": "49153", - "tcp.port": "36171", - "tcp.stream": "142", - "tcp.len": "0", - "tcp.seq": "570", - "tcp.ack": "506", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3456", - "tcp.window_size": "6912", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x0000a476", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3564", - "tcp.analysis.ack_rtt": "0.001846000", - "tcp.analysis.initial_rtt": "0.002258000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:38.794261000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494498.794261000", - "frame.time_delta": "0.081204000", - "frame.time_delta_displayed": "0.081204000", - "frame.time_relative": "907.333575000", - "frame.number": "3566", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002cf0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000388f", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "11005", - "tcp.ack": "49198", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000038a8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:71:67:00:26:13:52", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812178791, TSecr 2495314": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812178791", - "tcp.options.timestamp.tsecr": "2495314" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3558", - "tcp.analysis.ack_rtt": "0.099551000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:38.794784000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494498.794784000", - "frame.time_delta": "0.000523000", - "frame.time_delta_displayed": "0.000523000", - "frame.time_relative": "907.334098000", - "frame.number": "3567", - "frame.len": "512", - "frame.cap_len": "512", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "498", - "ip.id": "0x000095ea", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000075d7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "446", - "tcp.seq": "49198", - "tcp.nxtseq": "49644", - "tcp.ack": "11005", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000ce86", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:13:5c:a7:9e:71:67", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2495324, TSecr 2812178791": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2495324", - "tcp.options.timestamp.tsecr": "2812178791" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "446", - "tcp.analysis.push_bytes_sent": "446" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "441", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:a8:65:07:aa:23:e1:98:a8:c4:87:0b:76:71:11:4b:c1:36:29:49:de:29:78:b6:38:d8:95:df:ed:6a:72:91:b0:e1:b6:eb:d7:89:e1:fe:e2:30:63:7c:38:cc:15:59:d3:22:d6:33:09:06:42:08:a9:00:2d:ac:ae:ed:49:02:4d:b8:15:52:7c:87:f0:44:16:a8:8d:33:29:a5:6b:dd:1e:e9:ae:af:7f:5e:3e:6a:31:59:9b:03:76:18:71:b3:43:a0:04:42:83:5f:cb:7b:2f:f8:29:66:95:a1:ad:62:fa:fd:e6:7b:29:a8:5f:6a:91:46:a9:93:80:12:7c:06:e5:5c:d3:2d:3a:84:65:79:86:4c:0f:a6:3a:b3:4f:92:54:2b:47:15:10:4c:3c:a6:6f:86:de:d8:49:5c:0d:f1:ea:ab:9b:6e:c5:1d:3f:83:76:72:35:3d:d1:96:e8:ac:ff:ce:60:20:03:dc:f7:fd:e8:6b:55:01:7d:6a:43:18:ec:15:f8:44:82:08:26:d7:25:02:f5:51:a7:a3:0a:6d:46:be:9a:a4:26:c1:1c:dd:ab:08:90:f7:19:8f:4a:c0:c0:d3:d0:78:76:ad:79:d7:f8:52:31:1a:09:ba:42:7d:10:96:8c:b2:cc:6e:9e:45:a3:93:34:31:32:5f:c6:de:1a:2b:48:d1:11:3c:7e:63:64:68:ae:ea:d3:e7:dc:7e:d6:6a:cd:71:c6:86:b8:e6:77:85:cc:87:76:6e:2c:0b:77:a0:50:39:68:7c:8d:db:4a:75:5b:2a:c0:16:02:c4:5c:fc:96:99:5e:37:26:46:67:ba:94:b6:c1:61:74:91:ee:b6:bf:18:06:d2:aa:47:91:67:e9:7b:d0:24:8d:be:6b:c0:d1:fd:4f:ca:b3:64:2e:b2:b7:02:21:eb:a6:4b:82:7c:65:49:29:3e:da:99:fb:22:89:8f:44:08:47:8a:5c:c6:a7:c3:ad:1e:22:9d:73:f0:78:94:c2:1f:df:87:74:57:09:22:06:84:73:95:f6:9b:c0:14:70:20:5f:a4:7d:21:c7:90:58:d7:44:ef:6d:19:84:2b:0c:80:bc:bb:67:ed:4c:0a:aa:37:2e:44:ce:9c:2f:1c:fd:b9:2d:c8:57:f9:13" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:38.855012000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494498.855012000", - "frame.time_delta": "0.060228000", - "frame.time_delta_displayed": "0.060228000", - "frame.time_relative": "907.394326000", - "frame.number": "3568", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002cf1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000388e", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "11005", - "tcp.ack": "49644", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000036d1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:71:76:00:26:13:5c", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812178806, TSecr 2495324": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812178806", - "tcp.options.timestamp.tsecr": "2495324" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3567", - "tcp.analysis.ack_rtt": "0.060228000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:38.855894000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494498.855894000", - "frame.time_delta": "0.000882000", - "frame.time_delta_displayed": "0.000882000", - "frame.time_relative": "907.395208000", - "frame.number": "3569", - "frame.len": "151", - "frame.cap_len": "151", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "137", - "ip.id": "0x00002cf2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003838", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "85", - "tcp.seq": "11005", - "tcp.nxtseq": "11090", - "tcp.ack": "49644", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00005fb0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:71:76:00:26:13:5c", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812178806, TSecr 2495324": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812178806", - "tcp.options.timestamp.tsecr": "2495324" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "85", - "tcp.analysis.push_bytes_sent": "85" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "80", - "ssl.app_data": "34:cd:34:17:47:48:0e:77:48:a5:9a:2b:75:1a:30:1e:1f:cc:38:4e:8b:56:0a:69:74:9c:2f:90:f6:17:a7:97:23:81:2e:19:e5:9d:ce:b3:34:85:cc:18:78:fa:77:94:13:3f:4a:e2:b6:10:f8:d9:96:c5:59:46:bd:a3:7b:c3:70:7b:9c:6d:64:63:b9:19:c2:16:ea:24:a9:98:9c:36" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:38.862431000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494498.862431000", - "frame.time_delta": "0.006537000", - "frame.time_delta_displayed": "0.006537000", - "frame.time_relative": "907.401745000", - "frame.number": "3570", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x000095eb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007765", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "49644", - "tcp.nxtseq": "49691", - "tcp.ack": "11090", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000062b4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:13:63:a7:9e:71:76", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2495331, TSecr 2812178806": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2495331", - "tcp.options.timestamp.tsecr": "2812178806" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3569", - "tcp.analysis.ack_rtt": "0.006537000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:a9:0d:48:71:6c:b8:5d:83:08:06:66:25:f9:2f:86:68:63:4a:b4:05:c9:bd:e3:1d:75:02:30:14:e5:a5:a6:52:ff:c0:34" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:38.874251000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494498.874251000", - "frame.time_delta": "0.011820000", - "frame.time_delta_displayed": "0.011820000", - "frame.time_relative": "907.413565000", - "frame.number": "3571", - "frame.len": "92", - "frame.cap_len": "92", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "94:10:3e:36:60:09", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "78", - "ip.id": "0x000055e0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000061a6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.dst_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "39500", - "tcp.dstport": "3553", - "tcp.port": "39500", - "tcp.port": "3553", - "tcp.stream": "143", - "tcp.len": "38", - "tcp.seq": "1", - "tcp.nxtseq": "39", - "tcp.ack": "338", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "262", - "tcp.window_size": "16768", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x00002625", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002285000", - "tcp.analysis.bytes_in_flight": "38", - "tcp.analysis.push_bytes_sent": "38" - } - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.connection": "close", - "http.response.line": "Connection: close\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:38.876091000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494498.876091000", - "frame.time_delta": "0.001840000", - "frame.time_delta_displayed": "0.001840000", - "frame.time_relative": "907.415405000", - "frame.number": "3572", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "94:10:3e:36:60:09", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d10b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e6a0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.src_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "3553", - "tcp.dstport": "39500", - "tcp.port": "3553", - "tcp.port": "39500", - "tcp.stream": "143", - "tcp.len": "0", - "tcp.seq": "338", - "tcp.ack": "39", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "2920", - "tcp.window_size": "5840", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x00000f12", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3571", - "tcp.analysis.ack_rtt": "0.001840000", - "tcp.analysis.initial_rtt": "0.002285000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:38.876939000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494498.876939000", - "frame.time_delta": "0.000848000", - "frame.time_delta_displayed": "0.000848000", - "frame.time_relative": "907.416253000", - "frame.number": "3573", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "94:10:3e:36:60:09", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d10c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e69f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.src_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "3553", - "tcp.dstport": "39500", - "tcp.port": "3553", - "tcp.port": "39500", - "tcp.stream": "143", - "tcp.len": "0", - "tcp.seq": "338", - "tcp.ack": "39", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "2920", - "tcp.window_size": "5840", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x00000f11", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:38.877568000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494498.877568000", - "frame.time_delta": "0.000629000", - "frame.time_delta_displayed": "0.000629000", - "frame.time_relative": "907.416882000", - "frame.number": "3574", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "94:10:3e:36:60:09", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000055e1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000061cb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.dst_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "39500", - "tcp.dstport": "3553", - "tcp.port": "39500", - "tcp.port": "3553", - "tcp.stream": "143", - "tcp.len": "0", - "tcp.seq": "39", - "tcp.ack": "339", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "262", - "tcp.window_size": "16768", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x00001972", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3573", - "tcp.analysis.ack_rtt": "0.000629000", - "tcp.analysis.initial_rtt": "0.002285000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:38.879251000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494498.879251000", - "frame.time_delta": "0.001683000", - "frame.time_delta_displayed": "0.001683000", - "frame.time_relative": "907.418565000", - "frame.number": "3575", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "94:10:3e:36:60:09", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d10d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e69e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.src_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "3553", - "tcp.dstport": "39500", - "tcp.port": "3553", - "tcp.port": "39500", - "tcp.stream": "143", - "tcp.len": "0", - "tcp.seq": "339", - "tcp.ack": "40", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "2920", - "tcp.window_size": "5840", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x00000f10", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3574", - "tcp.analysis.ack_rtt": "0.001683000", - "tcp.analysis.initial_rtt": "0.002285000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:38.923184000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494498.923184000", - "frame.time_delta": "0.043933000", - "frame.time_delta_displayed": "0.043933000", - "frame.time_relative": "907.462498000", - "frame.number": "3576", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002cf3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000385d", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "11090", - "tcp.nxtseq": "11137", - "tcp.ack": "49691", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000009d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:71:87:00:26:13:63", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812178823, TSecr 2495331": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812178823", - "tcp.options.timestamp.tsecr": "2495331" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3570", - "tcp.analysis.ack_rtt": "0.060753000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:78:06:82:d0:71:1b:42:42:54:b2:10:62:7e:0a:69:30:e0:94:0e:f7:92:be:ff:98:b1:be:6a:81:56:80:e1:7f:9e:f7:55" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:38.923678000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494498.923678000", - "frame.time_delta": "0.000494000", - "frame.time_delta_displayed": "0.000494000", - "frame.time_relative": "907.462992000", - "frame.number": "3577", - "frame.len": "145", - "frame.cap_len": "145", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "131", - "ip.id": "0x000095ec", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007744", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "79", - "tcp.seq": "49691", - "tcp.nxtseq": "49770", - "tcp.ack": "11137", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00003dba", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:13:69:a7:9e:71:87", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2495337, TSecr 2812178823": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2495337", - "tcp.options.timestamp.tsecr": "2812178823" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3576", - "tcp.analysis.ack_rtt": "0.000494000", - "tcp.analysis.bytes_in_flight": "79", - "tcp.analysis.push_bytes_sent": "79" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "74", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:aa:c2:cf:28:76:f4:ff:a5:94:7d:ec:c1:21:eb:55:9e:fa:95:d3:4c:31:d9:df:ce:c6:ab:d0:29:80:79:fb:41:e8:09:ce:21:60:20:95:02:63:2f:8c:fb:05:b0:0c:4e:e8:d6:14:d7:bd:75:1f:db:14:9f:ec:42:8f:e9:71:4f:dd:e2:93" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:39.018541000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494499.018541000", - "frame.time_delta": "0.094863000", - "frame.time_delta_displayed": "0.094863000", - "frame.time_relative": "907.557855000", - "frame.number": "3578", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x000084ce", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000327d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50915", - "udp.port": "1900", - "udp.port": "50915", - "udp.length": "305", - "udp.checksum": "0x0000fe37", - "udp.checksum.status": "2", - "udp.stream": "95" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "7", - "http.prev_response_in": "3535" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:39.022385000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494499.022385000", - "frame.time_delta": "0.003844000", - "frame.time_delta_displayed": "0.003844000", - "frame.time_relative": "907.561699000", - "frame.number": "3579", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002cf4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000388b", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "11137", - "tcp.ack": "49770", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00003598", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:71:a0:00:26:13:69", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812178848, TSecr 2495337": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812178848", - "tcp.options.timestamp.tsecr": "2495337" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3577", - "tcp.analysis.ack_rtt": "0.098707000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:39.022876000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494499.022876000", - "frame.time_delta": "0.000491000", - "frame.time_delta_displayed": "0.000491000", - "frame.time_relative": "907.562190000", - "frame.number": "3580", - "frame.len": "115", - "frame.cap_len": "115", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "101", - "ip.id": "0x000095ed", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007761", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "49", - "tcp.seq": "49770", - "tcp.nxtseq": "49819", - "tcp.ack": "11137", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000a89a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:13:73:a7:9e:71:a0", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2495347, TSecr 2812178848": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2495347", - "tcp.options.timestamp.tsecr": "2812178848" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "49", - "tcp.analysis.push_bytes_sent": "49" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "44", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:ab:a4:5d:49:04:d4:d3:8d:84:ac:30:78:f6:f2:61:5f:3b:70:54:56:42:a2:47:ed:1f:67:f6:13:23:2c:4f:52:7e:58:00:3c:7a" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:39.071362000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494499.071362000", - "frame.time_delta": "0.048486000", - "frame.time_delta_displayed": "0.048486000", - "frame.time_relative": "907.610676000", - "frame.number": "3581", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x000084cf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003273", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50915", - "udp.port": "1900", - "udp.port": "50915", - "udp.length": "314", - "udp.checksum": "0x00000c23", - "udp.checksum.status": "2", - "udp.stream": "95" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "8", - "http.prev_response_in": "3578" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:39.083381000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494499.083381000", - "frame.time_delta": "0.012019000", - "frame.time_delta_displayed": "0.012019000", - "frame.time_relative": "907.622695000", - "frame.number": "3582", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002cf5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000388a", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "11137", - "tcp.ack": "49819", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000354e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:71:af:00:26:13:73", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812178863, TSecr 2495347": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812178863", - "tcp.options.timestamp.tsecr": "2495347" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3580", - "tcp.analysis.ack_rtt": "0.060505000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:39.124175000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494499.124175000", - "frame.time_delta": "0.040794000", - "frame.time_delta_displayed": "0.040794000", - "frame.time_relative": "907.663489000", - "frame.number": "3583", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x000084d3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003275", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50915", - "udp.port": "1900", - "udp.port": "50915", - "udp.length": "308", - "udp.checksum": "0x00002fad", - "udp.checksum.status": "2", - "udp.stream": "95" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "9", - "http.prev_response_in": "3581" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:39.684780000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494499.684780000", - "frame.time_delta": "0.560605000", - "frame.time_delta_displayed": "0.560605000", - "frame.time_relative": "908.224094000", - "frame.number": "3584", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x000020f5", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e71f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "50915", - "udp.dstport": "1900", - "udp.port": "50915", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x0000837a", - "udp.checksum.status": "2", - "udp.stream": "94" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "4", - "http.prev_request_in": "3552" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:39.850173000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494499.850173000", - "frame.time_delta": "0.165393000", - "frame.time_delta_displayed": "0.165393000", - "frame.time_relative": "908.389487000", - "frame.number": "3585", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.160" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:39.850589000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494499.850589000", - "frame.time_delta": "0.000416000", - "frame.time_delta_displayed": "0.000416000", - "frame.time_relative": "908.389903000", - "frame.number": "3586", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "00:17:88:69:ee:e4", - "arp.src.proto_ipv4": "192.168.0.160", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:40.070866000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494500.070866000", - "frame.time_delta": "0.220277000", - "frame.time_delta_displayed": "0.220277000", - "frame.time_relative": "908.610180000", - "frame.number": "3587", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x000084fb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003250", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50915", - "udp.port": "1900", - "udp.port": "50915", - "udp.length": "305", - "udp.checksum": "0x0000fe37", - "udp.checksum.status": "2", - "udp.stream": "95" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "10", - "http.prev_response_in": "3583" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:40.123683000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494500.123683000", - "frame.time_delta": "0.052817000", - "frame.time_delta_displayed": "0.052817000", - "frame.time_relative": "908.662997000", - "frame.number": "3588", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x000084fd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003245", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50915", - "udp.port": "1900", - "udp.port": "50915", - "udp.length": "314", - "udp.checksum": "0x00000c23", - "udp.checksum.status": "2", - "udp.stream": "95" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "11", - "http.prev_response_in": "3587" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:40.176552000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494500.176552000", - "frame.time_delta": "0.052869000", - "frame.time_delta_displayed": "0.052869000", - "frame.time_relative": "908.715866000", - "frame.number": "3589", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00008502", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003246", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50915", - "udp.port": "1900", - "udp.port": "50915", - "udp.length": "308", - "udp.checksum": "0x00002fad", - "udp.checksum.status": "2", - "udp.stream": "95" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "12", - "http.prev_response_in": "3588" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:40.209159000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494500.209159000", - "frame.time_delta": "0.032607000", - "frame.time_delta_displayed": "0.032607000", - "frame.time_relative": "908.748473000", - "frame.number": "3590", - "frame.len": "134", - "frame.cap_len": "134", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:adwin_config" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "120", - "ip.id": "0x00000ac4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000edc8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "100", - "udp.checksum": "0x0000e7d4", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "adwin_config": { - "adwin_config.pattern": "0x5c000054", - "adwin_config.version": "1112689490", - "adwin_config.scan_id": "0xd073d502", - "adwin_config.status": "0x41da0000", - "adwin_config.timeout": "1279870552", - "adwin_config.filename": "V2", - "adwin_config.mac": "fc:de:8e:3a:f3:96", - "adwin_config.unused": "" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:40.387118000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494500.387118000", - "frame.time_delta": "0.177959000", - "frame.time_delta_displayed": "0.177959000", - "frame.time_relative": "908.926432000", - "frame.number": "3591", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00008510", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000323b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50915", - "udp.port": "1900", - "udp.port": "50915", - "udp.length": "305", - "udp.checksum": "0x0000fe37", - "udp.checksum.status": "2", - "udp.stream": "95" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "13", - "http.prev_response_in": "3589" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:40.439933000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494500.439933000", - "frame.time_delta": "0.052815000", - "frame.time_delta_displayed": "0.052815000", - "frame.time_relative": "908.979247000", - "frame.number": "3592", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00008514", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000322e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50915", - "udp.port": "1900", - "udp.port": "50915", - "udp.length": "314", - "udp.checksum": "0x00000c23", - "udp.checksum.status": "2", - "udp.stream": "95" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "14", - "http.prev_response_in": "3591" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:40.492677000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494500.492677000", - "frame.time_delta": "0.052744000", - "frame.time_delta_displayed": "0.052744000", - "frame.time_relative": "909.031991000", - "frame.number": "3593", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00008515", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003233", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50915", - "udp.port": "1900", - "udp.port": "50915", - "udp.length": "308", - "udp.checksum": "0x00002fad", - "udp.checksum.status": "2", - "udp.stream": "95" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "15", - "http.prev_response_in": "3592" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:41.439808000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494501.439808000", - "frame.time_delta": "0.947131000", - "frame.time_delta_displayed": "0.947131000", - "frame.time_relative": "909.979122000", - "frame.number": "3594", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00008550", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000031fb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50915", - "udp.port": "1900", - "udp.port": "50915", - "udp.length": "305", - "udp.checksum": "0x0000fe37", - "udp.checksum.status": "2", - "udp.stream": "95" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "16", - "http.prev_response_in": "3593" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:41.492591000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494501.492591000", - "frame.time_delta": "0.052783000", - "frame.time_delta_displayed": "0.052783000", - "frame.time_relative": "910.031905000", - "frame.number": "3595", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00008555", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000031ed", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50915", - "udp.port": "1900", - "udp.port": "50915", - "udp.length": "314", - "udp.checksum": "0x00000c23", - "udp.checksum.status": "2", - "udp.stream": "95" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "17", - "http.prev_response_in": "3594" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:41.545415000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494501.545415000", - "frame.time_delta": "0.052824000", - "frame.time_delta_displayed": "0.052824000", - "frame.time_relative": "910.084729000", - "frame.number": "3596", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00008559", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000031ef", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50915", - "udp.port": "1900", - "udp.port": "50915", - "udp.length": "308", - "udp.checksum": "0x00002fad", - "udp.checksum.status": "2", - "udp.stream": "95" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "18", - "http.prev_response_in": "3595" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:42.123723000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494502.123723000", - "frame.time_delta": "0.578308000", - "frame.time_delta_displayed": "0.578308000", - "frame.time_relative": "910.663037000", - "frame.number": "3597", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000856a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000031e1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50915", - "udp.port": "1900", - "udp.port": "50915", - "udp.length": "305", - "udp.checksum": "0x0000fe37", - "udp.checksum.status": "2", - "udp.stream": "95" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "19", - "http.prev_response_in": "3596" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:42.176478000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494502.176478000", - "frame.time_delta": "0.052755000", - "frame.time_delta_displayed": "0.052755000", - "frame.time_relative": "910.715792000", - "frame.number": "3598", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000856e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000031d4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50915", - "udp.port": "1900", - "udp.port": "50915", - "udp.length": "314", - "udp.checksum": "0x00000c23", - "udp.checksum.status": "2", - "udp.stream": "95" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "20", - "http.prev_response_in": "3597" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:42.229279000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494502.229279000", - "frame.time_delta": "0.052801000", - "frame.time_delta_displayed": "0.052801000", - "frame.time_relative": "910.768593000", - "frame.number": "3599", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00008572", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000031d6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50915", - "udp.port": "1900", - "udp.port": "50915", - "udp.length": "308", - "udp.checksum": "0x00002fad", - "udp.checksum.status": "2", - "udp.stream": "95" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "21", - "http.prev_response_in": "3598" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:43.176226000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494503.176226000", - "frame.time_delta": "0.946947000", - "frame.time_delta_displayed": "0.946947000", - "frame.time_relative": "911.715540000", - "frame.number": "3600", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000858e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000031bd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50915", - "udp.port": "1900", - "udp.port": "50915", - "udp.length": "305", - "udp.checksum": "0x0000fe37", - "udp.checksum.status": "2", - "udp.stream": "95" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "22", - "http.prev_response_in": "3599" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:43.228956000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494503.228956000", - "frame.time_delta": "0.052730000", - "frame.time_delta_displayed": "0.052730000", - "frame.time_relative": "911.768270000", - "frame.number": "3601", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000858f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000031b3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50915", - "udp.port": "1900", - "udp.port": "50915", - "udp.length": "314", - "udp.checksum": "0x00000c23", - "udp.checksum.status": "2", - "udp.stream": "95" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "23", - "http.prev_response_in": "3600" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:43.281735000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494503.281735000", - "frame.time_delta": "0.052779000", - "frame.time_delta_displayed": "0.052779000", - "frame.time_relative": "911.821049000", - "frame.number": "3602", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00008590", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000031b8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50915", - "udp.port": "1900", - "udp.port": "50915", - "udp.length": "308", - "udp.checksum": "0x00002fad", - "udp.checksum.status": "2", - "udp.stream": "95" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "24", - "http.prev_response_in": "3601" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:43.792871000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494503.792871000", - "frame.time_delta": "0.511136000", - "frame.time_delta_displayed": "0.511136000", - "frame.time_relative": "912.332185000", - "frame.number": "3603", - "frame.len": "318", - "frame.cap_len": "318", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:data-text-lines" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "304", - "ip.id": "0x0000916f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "46", - "ip.proto": "6", - "ip.checksum": "0x000085ae", - "ip.checksum.status": "2", - "ip.src": "52.9.63.129", - "ip.addr": "52.9.63.129", - "ip.src_host": "52.9.63.129", - "ip.host": "52.9.63.129", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.src_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.src_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.src_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49768", - "tcp.port": "80", - "tcp.port": "49768", - "tcp.stream": "107", - "tcp.len": "264", - "tcp.seq": "1", - "tcp.nxtseq": "265", - "tcp.ack": "258", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "15544", - "tcp.window_size": "15544", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00006b70", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.018000000", - "tcp.analysis.bytes_in_flight": "264", - "tcp.analysis.push_bytes_sent": "264" - } - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.date": "Wed, 01 Nov 2017 00:01:43 GMT", - "http.response.line": "Date: Wed, 01 Nov 2017 00:01:43 GMT\r\n", - "http.content_type": "text\/javascript; charset=\"UTF-8\"", - "http.response.line": "Content-Type: text\/javascript; charset=\"UTF-8\"\r\n", - "http.content_length_header": "24", - "http.content_length_header_tree": { - "http.content_length": "24" - }, - "http.response.line": "Content-Length: 24\r\n", - "http.connection": "keep-alive", - "http.response.line": "Connection: keep-alive\r\n", - "http.cache_control": "no-cache", - "http.response.line": "Cache-Control: no-cache\r\n", - "http.response.line": "Access-Control-Allow-Origin: *\r\n", - "http.response.line": "Access-Control-Allow-Methods: GET\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "280.029376000", - "http.request_in": "2217", - "http.file_data": "[[],\"15094933571306917\"]" - }, - "data-text-lines": { - "[[],\"15094933571306917\"]": "" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:43.826331000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494503.826331000", - "frame.time_delta": "0.033460000", - "frame.time_delta_displayed": "0.033460000", - "frame.time_relative": "912.365645000", - "frame.number": "3604", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000101f", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x00007706", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "52.9.63.129", - "ip.addr": "52.9.63.129", - "ip.dst_host": "52.9.63.129", - "ip.host": "52.9.63.129", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49768", - "tcp.dstport": "80", - "tcp.port": "49768", - "tcp.port": "80", - "tcp.stream": "107", - "tcp.len": "0", - "tcp.seq": "258", - "tcp.ack": "265", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "5336", - "tcp.window_size": "5336", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00008257", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3603", - "tcp.analysis.ack_rtt": "0.033460000", - "tcp.analysis.initial_rtt": "0.018000000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:43.838653000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494503.838653000", - "frame.time_delta": "0.012322000", - "frame.time_delta_displayed": "0.012322000", - "frame.time_relative": "912.377967000", - "frame.number": "3605", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00009170", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "46", - "ip.proto": "6", - "ip.checksum": "0x000086b5", - "ip.checksum.status": "2", - "ip.src": "52.9.63.129", - "ip.addr": "52.9.63.129", - "ip.src_host": "52.9.63.129", - "ip.host": "52.9.63.129", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.src_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.src_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.src_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49768", - "tcp.port": "80", - "tcp.port": "49768", - "tcp.stream": "107", - "tcp.len": "0", - "tcp.seq": "265", - "tcp.ack": "259", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "15544", - "tcp.window_size": "15544", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00005a76", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3604", - "tcp.analysis.ack_rtt": "0.012322000", - "tcp.analysis.initial_rtt": "0.018000000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:43.844475000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494503.844475000", - "frame.time_delta": "0.005822000", - "frame.time_delta_displayed": "0.005822000", - "frame.time_relative": "912.383789000", - "frame.number": "3606", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001020", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x00007705", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "52.9.63.129", - "ip.addr": "52.9.63.129", - "ip.dst_host": "52.9.63.129", - "ip.host": "52.9.63.129", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49768", - "tcp.dstport": "80", - "tcp.port": "49768", - "tcp.port": "80", - "tcp.stream": "107", - "tcp.len": "0", - "tcp.seq": "259", - "tcp.ack": "266", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5335", - "tcp.window_size": "5335", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00008257", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3605", - "tcp.analysis.ack_rtt": "0.005822000", - "tcp.analysis.initial_rtt": "0.018000000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:44.833006000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494504.833006000", - "frame.time_delta": "0.988531000", - "frame.time_delta_displayed": "0.988531000", - "frame.time_relative": "913.372320000", - "frame.number": "3607", - "frame.len": "77", - "frame.cap_len": "77", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "63", - "ip.id": "0x00001021", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000029c3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "49153", - "udp.dstport": "53", - "udp.port": "49153", - "udp.port": "53", - "udp.length": "43", - "udp.checksum": "0x0000ae31", - "udp.checksum.status": "2", - "udp.stream": "14" - }, - "dns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "pubsub.pubnub.com: type A, class IN": { - "dns.qry.name": "pubsub.pubnub.com", - "dns.qry.name.len": "17", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:44.834637000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494504.834637000", - "frame.time_delta": "0.001631000", - "frame.time_delta_displayed": "0.001631000", - "frame.time_relative": "913.373951000", - "frame.number": "3608", - "frame.len": "540", - "frame.cap_len": "540", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "526", - "ip.id": "0x00007a18", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003cfd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "49153", - "udp.port": "53", - "udp.port": "49153", - "udp.length": "506", - "udp.checksum": "0x000083d5", - "udp.checksum.status": "2", - "udp.stream": "14" - }, - "dns": { - "dns.response_to": "3607", - "dns.time": "0.001631000", - "dns.id": "0x00000000", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "2", - "dns.count.auth_rr": "8", - "dns.count.add_rr": "11", - "Queries": { - "pubsub.pubnub.com: type A, class IN": { - "dns.qry.name": "pubsub.pubnub.com", - "dns.qry.name.len": "17", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "pubsub.pubnub.com: type A, class IN, addr 54.241.191.234": { - "dns.resp.name": "pubsub.pubnub.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "47", - "dns.resp.len": "4", - "dns.a": "54.241.191.234" - }, - "pubsub.pubnub.com: type A, class IN, addr 52.9.63.129": { - "dns.resp.name": "pubsub.pubnub.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "47", - "dns.resp.len": "4", - "dns.a": "52.9.63.129" - } - }, - "Authoritative nameservers": { - "pubnub.com: type NS, class IN, ns ns-22.awsdns-02.com": { - "dns.resp.name": "pubnub.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "53055", - "dns.resp.len": "18", - "dns.ns": "ns-22.awsdns-02.com" - }, - "pubnub.com: type NS, class IN, ns ns2.p19.dynect.net": { - "dns.resp.name": "pubnub.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "53055", - "dns.resp.len": "20", - "dns.ns": "ns2.p19.dynect.net" - }, - "pubnub.com: type NS, class IN, ns ns3.p19.dynect.net": { - "dns.resp.name": "pubnub.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "53055", - "dns.resp.len": "6", - "dns.ns": "ns3.p19.dynect.net" - }, - "pubnub.com: type NS, class IN, ns ns-1127.awsdns-12.org": { - "dns.resp.name": "pubnub.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "53055", - "dns.resp.len": "23", - "dns.ns": "ns-1127.awsdns-12.org" - }, - "pubnub.com: type NS, class IN, ns ns-1979.awsdns-55.co.uk": { - "dns.resp.name": "pubnub.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "53055", - "dns.resp.len": "25", - "dns.ns": "ns-1979.awsdns-55.co.uk" - }, - "pubnub.com: type NS, class IN, ns ns-907.awsdns-49.net": { - "dns.resp.name": "pubnub.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "53055", - "dns.resp.len": "19", - "dns.ns": "ns-907.awsdns-49.net" - }, - "pubnub.com: type NS, class IN, ns ns4.p19.dynect.net": { - "dns.resp.name": "pubnub.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "53055", - "dns.resp.len": "6", - "dns.ns": "ns4.p19.dynect.net" - }, - "pubnub.com: type NS, class IN, ns ns1.p19.dynect.net": { - "dns.resp.name": "pubnub.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "53055", - "dns.resp.len": "6", - "dns.ns": "ns1.p19.dynect.net" - } - }, - "Additional records": { - "ns1.p19.dynect.net: type A, class IN, addr 208.78.70.19": { - "dns.resp.name": "ns1.p19.dynect.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "5346", - "dns.resp.len": "4", - "dns.a": "208.78.70.19" - }, - "ns2.p19.dynect.net: type A, class IN, addr 204.13.250.19": { - "dns.resp.name": "ns2.p19.dynect.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "57306", - "dns.resp.len": "4", - "dns.a": "204.13.250.19" - }, - "ns3.p19.dynect.net: type A, class IN, addr 208.78.71.19": { - "dns.resp.name": "ns3.p19.dynect.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3616", - "dns.resp.len": "4", - "dns.a": "208.78.71.19" - }, - "ns4.p19.dynect.net: type A, class IN, addr 204.13.251.19": { - "dns.resp.name": "ns4.p19.dynect.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "57307", - "dns.resp.len": "4", - "dns.a": "204.13.251.19" - }, - "ns-22.awsdns-02.com: type A, class IN, addr 205.251.192.22": { - "dns.resp.name": "ns-22.awsdns-02.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "58048", - "dns.resp.len": "4", - "dns.a": "205.251.192.22" - }, - "ns-907.awsdns-49.net: type A, class IN, addr 205.251.195.139": { - "dns.resp.name": "ns-907.awsdns-49.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "58156", - "dns.resp.len": "4", - "dns.a": "205.251.195.139" - }, - "ns-1127.awsdns-12.org: type A, class IN, addr 205.251.196.103": { - "dns.resp.name": "ns-1127.awsdns-12.org", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "57698", - "dns.resp.len": "4", - "dns.a": "205.251.196.103" - }, - "ns-1979.awsdns-55.co.uk: type A, class IN, addr 205.251.199.187": { - "dns.resp.name": "ns-1979.awsdns-55.co.uk", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "57499", - "dns.resp.len": "4", - "dns.a": "205.251.199.187" - }, - "ns-22.awsdns-02.com: type AAAA, class IN, addr 2600:9000:5300:1600::1": { - "dns.resp.name": "ns-22.awsdns-02.com", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "58048", - "dns.resp.len": "16", - "dns.aaaa": "2600:9000:5300:1600::1" - }, - "ns-907.awsdns-49.net: type AAAA, class IN, addr 2600:9000:5303:8b00::1": { - "dns.resp.name": "ns-907.awsdns-49.net", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "58156", - "dns.resp.len": "16", - "dns.aaaa": "2600:9000:5303:8b00::1" - }, - "ns-1127.awsdns-12.org: type AAAA, class IN, addr 2600:9000:5304:6700::1": { - "dns.resp.name": "ns-1127.awsdns-12.org", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "57698", - "dns.resp.len": "16", - "dns.aaaa": "2600:9000:5304:6700::1" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:44.840863000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494504.840863000", - "frame.time_delta": "0.006226000", - "frame.time_delta_displayed": "0.006226000", - "frame.time_relative": "913.380177000", - "frame.number": "3609", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "44", - "ip.id": "0x00001022", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x0000f3ad", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.241.191.234", - "ip.addr": "54.241.191.234", - "ip.dst_host": "54.241.191.234", - "ip.host": "54.241.191.234", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49769", - "tcp.dstport": "80", - "tcp.port": "49769", - "tcp.port": "80", - "tcp.stream": "144", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "24", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "5600", - "tcp.window_size": "5600", - "tcp.checksum": "0x000029e4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:78", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1400" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:44.852837000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494504.852837000", - "frame.time_delta": "0.011974000", - "frame.time_delta_displayed": "0.011974000", - "frame.time_relative": "913.392151000", - "frame.number": "3610", - "frame.len": "58", - "frame.cap_len": "58", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "44", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "47", - "ip.proto": "6", - "ip.checksum": "0x000093d0", - "ip.checksum.status": "2", - "ip.src": "54.241.191.234", - "ip.addr": "54.241.191.234", - "ip.src_host": "54.241.191.234", - "ip.host": "54.241.191.234", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.src_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.src_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.src_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49769", - "tcp.port": "80", - "tcp.port": "49769", - "tcp.stream": "144", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "24", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000b30d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3609", - "tcp.analysis.ack_rtt": "0.011974000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:44.858959000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494504.858959000", - "frame.time_delta": "0.006122000", - "frame.time_delta_displayed": "0.006122000", - "frame.time_relative": "913.398273000", - "frame.number": "3611", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001023", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x0000f3b0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.241.191.234", - "ip.addr": "54.241.191.234", - "ip.dst_host": "54.241.191.234", - "ip.host": "54.241.191.234", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49769", - "tcp.dstport": "80", - "tcp.port": "49769", - "tcp.port": "80", - "tcp.stream": "144", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5600", - "tcp.window_size": "5600", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x000026fb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3610", - "tcp.analysis.ack_rtt": "0.006122000", - "tcp.analysis.initial_rtt": "0.018096000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:44.878062000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494504.878062000", - "frame.time_delta": "0.019103000", - "frame.time_delta_displayed": "0.019103000", - "frame.time_relative": "913.417376000", - "frame.number": "3612", - "frame.len": "69", - "frame.cap_len": "69", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "55", - "ip.id": "0x00001024", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x0000f3a0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.241.191.234", - "ip.addr": "54.241.191.234", - "ip.dst_host": "54.241.191.234", - "ip.host": "54.241.191.234", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49769", - "tcp.dstport": "80", - "tcp.port": "49769", - "tcp.port": "80", - "tcp.stream": "144", - "tcp.len": "15", - "tcp.seq": "1", - "tcp.nxtseq": "16", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5600", - "tcp.window_size": "5600", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00006f76", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.018096000", - "tcp.analysis.bytes_in_flight": "15", - "tcp.analysis.push_bytes_sent": "15" - }, - "tcp.segment_data": "47:45:54:20:2f:73:75:62:73:63:72:69:62:65:2f" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:44.889545000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494504.889545000", - "frame.time_delta": "0.011483000", - "frame.time_delta_displayed": "0.011483000", - "frame.time_relative": "913.428859000", - "frame.number": "3613", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000c1e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "47", - "ip.proto": "6", - "ip.checksum": "0x000087b6", - "ip.checksum.status": "2", - "ip.src": "54.241.191.234", - "ip.addr": "54.241.191.234", - "ip.src_host": "54.241.191.234", - "ip.host": "54.241.191.234", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.src_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.src_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.src_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49769", - "tcp.port": "80", - "tcp.port": "49769", - "tcp.stream": "144", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "16", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000cabb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3612", - "tcp.analysis.ack_rtt": "0.011483000", - "tcp.analysis.initial_rtt": "0.018096000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:44.894646000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494504.894646000", - "frame.time_delta": "0.005101000", - "frame.time_delta_displayed": "0.005101000", - "frame.time_relative": "913.433960000", - "frame.number": "3614", - "frame.len": "296", - "frame.cap_len": "296", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "282", - "ip.id": "0x00001025", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x0000f2bc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.241.191.234", - "ip.addr": "54.241.191.234", - "ip.dst_host": "54.241.191.234", - "ip.host": "54.241.191.234", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49769", - "tcp.dstport": "80", - "tcp.port": "49769", - "tcp.port": "80", - "tcp.stream": "144", - "tcp.len": "242", - "tcp.seq": "16", - "tcp.nxtseq": "258", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5600", - "tcp.window_size": "5600", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000b508", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.018096000", - "tcp.analysis.bytes_in_flight": "242", - "tcp.analysis.push_bytes_sent": "242" - }, - "tcp.segment_data": "73:75:62:2d:63:2d:62:35:62:35:65:61:61:65:2d:38:63:64:39:2d:31:31:65:33:2d:61:35:36:62:2d:30:32:65:65:32:64:64:61:62:37:66:65:2f:63:68:61:6e:6e:65:6c:5f:39:62:63:34:31:61:63:34:2d:37:39:61:36:2d:34:35:65:31:2d:39:37:64:32:2d:34:62:30:65:31:64:62:65:35:39:32:33:2f:30:2f:31:35:30:39:34:39:33:33:35:37:31:33:30:36:39:31:37:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:70:75:62:73:75:62:2e:70:75:62:6e:75:62:2e:63:6f:6d:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:6c:77:73:6f:63:6b:65:74:73:2f:30:2e:31:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:6b:65:65:70:2d:61:6c:69:76:65:0d:0a:43:61:63:68:65:2d:43:6f:6e:74:72:6f:6c:3a:20:6e:6f:2d:63:61:63:68:65:2c:20:6e:6f:2d:73:74:6f:72:65:2c:20:6d:61:78:2d:61:67:65:3d:30:0d:0a:0d:0a" - }, - "tcp.segments": { - "tcp.segment": "3612", - "tcp.segment": "3614", - "tcp.segment.count": "2", - "tcp.reassembled.length": "257", - "tcp.reassembled.data": "47:45:54:20:2f:73:75:62:73:63:72:69:62:65:2f:73:75:62:2d:63:2d:62:35:62:35:65:61:61:65:2d:38:63:64:39:2d:31:31:65:33:2d:61:35:36:62:2d:30:32:65:65:32:64:64:61:62:37:66:65:2f:63:68:61:6e:6e:65:6c:5f:39:62:63:34:31:61:63:34:2d:37:39:61:36:2d:34:35:65:31:2d:39:37:64:32:2d:34:62:30:65:31:64:62:65:35:39:32:33:2f:30:2f:31:35:30:39:34:39:33:33:35:37:31:33:30:36:39:31:37:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:70:75:62:73:75:62:2e:70:75:62:6e:75:62:2e:63:6f:6d:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:6c:77:73:6f:63:6b:65:74:73:2f:30:2e:31:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:6b:65:65:70:2d:61:6c:69:76:65:0d:0a:43:61:63:68:65:2d:43:6f:6e:74:72:6f:6c:3a:20:6e:6f:2d:63:61:63:68:65:2c:20:6e:6f:2d:73:74:6f:72:65:2c:20:6d:61:78:2d:61:67:65:3d:30:0d:0a:0d:0a" - }, - "http": { - "GET \/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094933571306917 HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094933571306917 HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094933571306917", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "pubsub.pubnub.com", - "http.request.line": "Host: pubsub.pubnub.com\r\n", - "http.user_agent": "lwsockets\/0.1", - "http.request.line": "User-Agent: lwsockets\/0.1\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.cache_control": "no-cache, no-store, max-age=0", - "http.request.line": "Cache-Control: no-cache, no-store, max-age=0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/pubsub.pubnub.com\/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094933571306917", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:44.906967000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494504.906967000", - "frame.time_delta": "0.012321000", - "frame.time_delta_displayed": "0.012321000", - "frame.time_relative": "913.446281000", - "frame.number": "3615", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000c1f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "47", - "ip.proto": "6", - "ip.checksum": "0x000087b5", - "ip.checksum.status": "2", - "ip.src": "54.241.191.234", - "ip.addr": "54.241.191.234", - "ip.src_host": "54.241.191.234", - "ip.host": "54.241.191.234", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.src_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.src_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.src_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49769", - "tcp.port": "80", - "tcp.port": "49769", - "tcp.stream": "144", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "258", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "30016", - "tcp.window_size": "30016", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000c699", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3614", - "tcp.analysis.ack_rtt": "0.012321000", - "tcp.analysis.initial_rtt": "0.018096000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:45.031124000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494505.031124000", - "frame.time_delta": "0.124157000", - "frame.time_delta_displayed": "0.124157000", - "frame.time_relative": "913.570438000", - "frame.number": "3616", - "frame.len": "621", - "frame.cap_len": "621", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "607", - "ip.id": "0x00002cf6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000365e", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "555", - "tcp.seq": "11137", - "tcp.nxtseq": "11692", - "tcp.ack": "49819", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00003293", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:77:7e:00:26:13:73", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812180350, TSecr 2495347": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812180350", - "tcp.options.timestamp.tsecr": "2495347" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "555", - "tcp.analysis.push_bytes_sent": "555" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "550", - "ssl.app_data": "34:cd:34:17:47:48:0e:79:78:22:df:38:b9:21:f2:5e:05:51:65:fa:c1:84:ae:5e:3b:54:b4:a8:87:44:f6:e6:6b:34:14:cc:2a:ba:08:d4:d2:8d:3a:74:ab:54:83:18:c0:2a:78:2c:41:58:b1:a2:58:6b:dc:c0:f6:65:d6:ee:4a:1b:be:30:e2:f0:f2:c1:71:13:e0:da:f1:6a:c8:ba:63:6d:76:06:76:4f:72:16:82:65:9a:b4:38:92:6d:74:62:5c:d7:84:40:9b:5a:10:74:b9:aa:6f:4e:2f:0c:85:46:51:0c:71:ea:a4:90:cb:c8:e3:ef:ae:2c:d3:93:67:3a:2d:1b:c0:db:5d:40:3d:2d:1c:f7:41:15:81:c1:ef:ac:b4:5a:57:5a:c7:1e:f2:c7:0d:6a:ab:e6:fa:fd:45:34:a6:5d:1c:78:a9:a9:d0:a8:19:87:be:77:78:d9:e8:7a:ea:44:42:79:37:2a:79:2e:5a:fc:7c:fa:15:14:f8:ee:a2:3b:6c:2f:30:a1:78:c0:01:50:67:f2:c7:e1:4c:01:70:3a:47:e4:f8:95:8f:23:4c:35:ff:e4:ba:48:05:2a:73:73:ad:3f:0f:79:5f:6e:e1:66:77:ec:5d:e9:58:00:39:3b:95:d9:15:46:66:e7:b5:43:5f:c0:2c:4f:0c:a3:f9:54:b4:93:46:3b:37:64:04:63:25:3e:1e:31:b6:7d:da:01:de:5a:45:6d:38:6c:08:4e:f7:61:bc:fe:5f:a5:24:44:f5:da:87:ce:eb:bf:ab:71:61:0e:fb:aa:9d:49:2e:c3:74:98:a7:e0:ab:ca:75:5a:8f:85:57:f2:78:04:3b:34:15:a1:42:78:b8:37:31:df:5e:cf:d6:36:ba:4b:14:8a:74:a3:9d:8a:1d:5f:a6:f0:bf:15:a3:07:6c:40:9a:94:60:5d:4e:2d:e3:92:fe:d9:82:d4:f6:aa:b9:70:c1:4a:f6:41:cf:2e:9e:86:75:eb:0e:d5:1c:ba:4c:54:cc:20:e0:85:1e:aa:50:cc:07:a6:df:db:55:28:75:15:b6:e1:b5:2a:7e:d2:33:57:04:21:51:a1:26:9a:85:31:3d:4f:c0:7f:f6:ac:55:c0:e1:03:1f:24:c7:7d:74:42:e2:a4:22:d8:3a:93:da:4e:a3:b8:73:6d:7d:1f:68:66:23:4d:10:d0:cb:c7:e4:cd:41:c4:e8:7f:38:85:ce:ad:10:9e:85:82:a5:7f:c4:a2:ac:8c:2a:95:11:a7:74:f5:0f:18:f3:21:02:78:7e:d5:84:2a:92:e9:c3:24:34:4e:aa:b2:2e:be:c0:36:53:aa:f4:91:c4:96:08:a2:70:0e:fd:f3:93:73:ae:02:47:80:7c:13:58:7f:17:3f:47:60:86:84:03:43:d5:b3:83:9c:3d:c2:61:3d:23:bf:6b:84:31:12:f6:8e:d9" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:45.070947000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494505.070947000", - "frame.time_delta": "0.039823000", - "frame.time_delta_displayed": "0.039823000", - "frame.time_relative": "913.610261000", - "frame.number": "3617", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x000095ee", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007791", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "49819", - "tcp.ack": "11692", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00002a08", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:15:d0:a7:9e:77:7e", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2495952, TSecr 2812180350": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2495952", - "tcp.options.timestamp.tsecr": "2812180350" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3616", - "tcp.analysis.ack_rtt": "0.039823000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:45.076987000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494505.076987000", - "frame.time_delta": "0.006040000", - "frame.time_delta_displayed": "0.006040000", - "frame.time_relative": "913.616301000", - "frame.number": "3618", - "frame.len": "119", - "frame.cap_len": "119", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "105", - "ip.id": "0x000095ef", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000775b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "53", - "tcp.seq": "49819", - "tcp.nxtseq": "49872", - "tcp.ack": "11692", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00006c66", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:15:d0:a7:9e:77:7e", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2495952, TSecr 2812180350": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2495952", - "tcp.options.timestamp.tsecr": "2812180350" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "53", - "tcp.analysis.push_bytes_sent": "53" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "48", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:ac:b7:0b:36:4d:7d:d1:cb:65:f8:9b:2b:67:c9:b8:d9:2a:1e:9a:7d:79:64:c7:96:fb:c5:cf:75:41:a6:3a:0c:4b:19:c6:3f:6d:85:a2:e2:50" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:45.079772000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494505.079772000", - "frame.time_delta": "0.002785000", - "frame.time_delta_displayed": "0.002785000", - "frame.time_relative": "913.619086000", - "frame.number": "3619", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "14:91:82:25:10:77", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x00004dab", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006a8d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.dst_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "36175", - "tcp.dstport": "49154", - "tcp.port": "36175", - "tcp.port": "49154", - "tcp.stream": "145", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 49154", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "14600", - "tcp.window_size": "14600", - "tcp.checksum": "0x000041d4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:26:15:d0:00:00:00:00:01:03:03:06", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 2495952, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2495952", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 6 (multiply by 64)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "6", - "tcp.options.wscale.multiplier": "64" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:45.082741000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494505.082741000", - "frame.time_delta": "0.002969000", - "frame.time_delta_displayed": "0.002969000", - "frame.time_relative": "913.622055000", - "frame.number": "3620", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "14:91:82:25:10:77", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b840", - "ip.checksum.status": "2", - "ip.src": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.src_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "49154", - "tcp.dstport": "36175", - "tcp.port": "49154", - "tcp.port": "36175", - "tcp.stream": "145", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 49154", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "5840", - "tcp.window_size": "5840", - "tcp.checksum": "0x0000b182", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:01", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 1 (multiply by 2)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "1", - "tcp.options.wscale.multiplier": "2" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3619", - "tcp.analysis.ack_rtt": "0.002969000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:45.083214000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494505.083214000", - "frame.time_delta": "0.000473000", - "frame.time_delta_displayed": "0.000473000", - "frame.time_relative": "913.622528000", - "frame.number": "3621", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "14:91:82:25:10:77", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00004dac", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006aa0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.dst_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "36175", - "tcp.dstport": "49154", - "tcp.port": "36175", - "tcp.port": "49154", - "tcp.stream": "145", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "229", - "tcp.window_size": "14656", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000083a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3620", - "tcp.analysis.ack_rtt": "0.000473000", - "tcp.analysis.initial_rtt": "0.003442000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:45.094173000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494505.094173000", - "frame.time_delta": "0.010959000", - "frame.time_delta_displayed": "0.010959000", - "frame.time_relative": "913.633487000", - "frame.number": "3622", - "frame.len": "557", - "frame.cap_len": "557", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "14:91:82:25:10:77", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "543", - "ip.id": "0x00004dad", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000068a8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.dst_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "36175", - "tcp.dstport": "49154", - "tcp.port": "36175", - "tcp.port": "49154", - "tcp.stream": "145", - "tcp.len": "503", - "tcp.seq": "1", - "tcp.nxtseq": "504", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "229", - "tcp.window_size": "14656", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x00004041", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003442000", - "tcp.analysis.bytes_in_flight": "503", - "tcp.analysis.push_bytes_sent": "503" - } - }, - "http": { - "POST \/upnp\/control\/basicevent1 HTTP\/1.1\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "POST \/upnp\/control\/basicevent1 HTTP\/1.1\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "POST", - "http.request.uri": "\/upnp\/control\/basicevent1", - "http.request.version": "HTTP\/1.1" - }, - "http.request.line": "SOAPAction: \"urn:Belkin:service:basicevent:1#SetBinaryState\"\n", - "http.host": "192.168.0.65:49154", - "http.request.line": "Host: 192.168.0.65:49154\n", - "http.content_type": "text\/xml", - "http.request.line": "Content-Type: text\/xml\n", - "http.content_length_header": "333", - "http.content_length_header_tree": { - "http.content_length": "333" - }, - "http.request.line": "Content-Length: 333\n", - "\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.65:49154\/upnp\/control\/basicevent1", - "http.request": "1", - "http.request_number": "1", - "http.file_data": "<?xml version=\"1.0\"?>\n<SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\" SOAP-ENV:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\">\n<SOAP-ENV:Body>\n <m:SetBinaryState xmlns:m=\"urn:Belkin:service:basicevent:1\">\n<BinaryState>1<\/BinaryState>\n <\/m:SetBinaryState>\n<\/SOAP-ENV:Body>\n<\/SOAP-ENV:Envelope>" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\"?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "?>": "" - }, - "xml.tag": "<SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\" SOAP-ENV:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\">", - "xml.tag_tree": { - "xml.attribute": "xmlns:SOAP-ENV=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\"", - "xml.attribute": "SOAP-ENV:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\"", - "xml.tag": "<SOAP-ENV:Body>", - "xml.tag_tree": { - "xml.tag": "<m:SetBinaryState xmlns:m=\"urn:Belkin:service:basicevent:1\">", - "xml.tag_tree": { - "xml.attribute": "xmlns:m=\"urn:Belkin:service:basicevent:1\"", - "xml.tag": "<BinaryState>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/BinaryState>": "" - }, - "<\/m:SetBinaryState>": "" - }, - "<\/SOAP-ENV:Body>": "" - }, - "<\/SOAP-ENV:Envelope>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:45.095744000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494505.095744000", - "frame.time_delta": "0.001571000", - "frame.time_delta_displayed": "0.001571000", - "frame.time_relative": "913.635058000", - "frame.number": "3623", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "14:91:82:25:10:77", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000724a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004602", - "ip.checksum.status": "2", - "ip.src": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.src_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "49154", - "tcp.dstport": "36175", - "tcp.port": "49154", - "tcp.port": "36175", - "tcp.stream": "145", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "504", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3456", - "tcp.window_size": "6912", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x0000f9a7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3622", - "tcp.analysis.ack_rtt": "0.001571000", - "tcp.analysis.initial_rtt": "0.003442000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:45.122759000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494505.122759000", - "frame.time_delta": "0.027015000", - "frame.time_delta_displayed": "0.027015000", - "frame.time_relative": "913.662073000", - "frame.number": "3624", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "14:91:82:25:10:77", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x0000724b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004541", - "ip.checksum.status": "2", - "ip.src": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.src_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "49154", - "tcp.dstport": "36175", - "tcp.port": "49154", - "tcp.port": "36175", - "tcp.stream": "145", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "504", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3456", - "tcp.window_size": "6912", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x000006b1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003442000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:4f:4e:54:45:4e:54:2d:4c:45:4e:47:54:48:3a:20:34:32:30:0d:0a:43:4f:4e:54:45:4e:54:2d:54:59:50:45:3a:20:74:65:78:74:2f:78:6d:6c:3b:20:63:68:61:72:73:65:74:3d:22:75:74:66:2d:38:22:0d:0a:44:41:54:45:3a:20:57:65:64:2c:20:30:31:20:4e:6f:76:20:32:30:31:37:20:30:30:3a:30:31:3a:34:35:20:47:4d:54:0d:0a:45:58:54:3a:0d:0a:53:45:52:56:45:52:3a:20:55:6e:73:70:65:63:69:66:69:65:64:2c:20:55:50:6e:50:2f:31:2e:30:2c:20:55:6e:73:70:65:63:69:66:69:65:64:0d:0a:58:2d:55:73:65:72:2d:41:67:65:6e:74:3a:20:72:65:64:73:6f:6e:69:63:0d:0a:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:45.123234000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494505.123234000", - "frame.time_delta": "0.000475000", - "frame.time_delta_displayed": "0.000475000", - "frame.time_relative": "913.662548000", - "frame.number": "3625", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "14:91:82:25:10:77", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00004dae", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006a9e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.dst_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "36175", - "tcp.dstport": "49154", - "tcp.port": "36175", - "tcp.port": "49154", - "tcp.stream": "145", - "tcp.len": "0", - "tcp.seq": "504", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "245", - "tcp.window_size": "15680", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x00000573", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3624", - "tcp.analysis.ack_rtt": "0.000475000", - "tcp.analysis.initial_rtt": "0.003442000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:45.124931000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494505.124931000", - "frame.time_delta": "0.001697000", - "frame.time_delta_displayed": "0.001697000", - "frame.time_relative": "913.664245000", - "frame.number": "3626", - "frame.len": "474", - "frame.cap_len": "474", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "14:91:82:25:10:77", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "460", - "ip.id": "0x0000724c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000445c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.src_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "49154", - "tcp.dstport": "36175", - "tcp.port": "49154", - "tcp.port": "36175", - "tcp.stream": "145", - "tcp.len": "420", - "tcp.seq": "193", - "tcp.nxtseq": "614", - "tcp.ack": "504", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3456", - "tcp.window_size": "6912", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x00002f08", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003442000", - "tcp.analysis.bytes_in_flight": "421", - "tcp.analysis.push_bytes_sent": "420" - }, - "tcp.segment_data": "3c:73:3a:45:6e:76:65:6c:6f:70:65:20:78:6d:6c:6e:73:3a:73:3d:22:68:74:74:70:3a:2f:2f:73:63:68:65:6d:61:73:2e:78:6d:6c:73:6f:61:70:2e:6f:72:67:2f:73:6f:61:70:2f:65:6e:76:65:6c:6f:70:65:2f:22:20:73:3a:65:6e:63:6f:64:69:6e:67:53:74:79:6c:65:3d:22:68:74:74:70:3a:2f:2f:73:63:68:65:6d:61:73:2e:78:6d:6c:73:6f:61:70:2e:6f:72:67:2f:73:6f:61:70:2f:65:6e:63:6f:64:69:6e:67:2f:22:3e:3c:73:3a:42:6f:64:79:3e:0a:3c:75:3a:53:65:74:42:69:6e:61:72:79:53:74:61:74:65:52:65:73:70:6f:6e:73:65:20:78:6d:6c:6e:73:3a:75:3d:22:75:72:6e:3a:42:65:6c:6b:69:6e:3a:73:65:72:76:69:63:65:3a:62:61:73:69:63:65:76:65:6e:74:3a:31:22:3e:0d:0a:3c:42:69:6e:61:72:79:53:74:61:74:65:3e:38:7c:31:35:30:39:34:39:33:33:34:36:7c:30:7c:30:7c:31:34:33:32:30:7c:31:32:30:39:36:30:30:7c:31:35:7c:30:7c:30:7c:34:38:36:30:30:35:31:3c:2f:42:69:6e:61:72:79:53:74:61:74:65:3e:0d:0a:3c:43:6f:75:6e:74:64:6f:77:6e:45:6e:64:54:69:6d:65:3e:30:3c:2f:43:6f:75:6e:74:64:6f:77:6e:45:6e:64:54:69:6d:65:3e:0d:0a:3c:64:65:76:69:63:65:43:75:72:72:65:6e:74:54:69:6d:65:3e:31:35:30:39:34:39:34:35:30:35:3c:2f:64:65:76:69:63:65:43:75:72:72:65:6e:74:54:69:6d:65:3e:0d:0a:3c:2f:75:3a:53:65:74:42:69:6e:61:72:79:53:74:61:74:65:52:65:73:70:6f:6e:73:65:3e:0d:0a:3c:2f:73:3a:42:6f:64:79:3e:20:3c:2f:73:3a:45:6e:76:65:6c:6f:70:65:3e" - }, - "tcp.segments": { - "tcp.segment": "3624", - "tcp.segment": "3626", - "tcp.segment.count": "2", - "tcp.reassembled.length": "612", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:4f:4e:54:45:4e:54:2d:4c:45:4e:47:54:48:3a:20:34:32:30:0d:0a:43:4f:4e:54:45:4e:54:2d:54:59:50:45:3a:20:74:65:78:74:2f:78:6d:6c:3b:20:63:68:61:72:73:65:74:3d:22:75:74:66:2d:38:22:0d:0a:44:41:54:45:3a:20:57:65:64:2c:20:30:31:20:4e:6f:76:20:32:30:31:37:20:30:30:3a:30:31:3a:34:35:20:47:4d:54:0d:0a:45:58:54:3a:0d:0a:53:45:52:56:45:52:3a:20:55:6e:73:70:65:63:69:66:69:65:64:2c:20:55:50:6e:50:2f:31:2e:30:2c:20:55:6e:73:70:65:63:69:66:69:65:64:0d:0a:58:2d:55:73:65:72:2d:41:67:65:6e:74:3a:20:72:65:64:73:6f:6e:69:63:0d:0a:0d:0a:3c:73:3a:45:6e:76:65:6c:6f:70:65:20:78:6d:6c:6e:73:3a:73:3d:22:68:74:74:70:3a:2f:2f:73:63:68:65:6d:61:73:2e:78:6d:6c:73:6f:61:70:2e:6f:72:67:2f:73:6f:61:70:2f:65:6e:76:65:6c:6f:70:65:2f:22:20:73:3a:65:6e:63:6f:64:69:6e:67:53:74:79:6c:65:3d:22:68:74:74:70:3a:2f:2f:73:63:68:65:6d:61:73:2e:78:6d:6c:73:6f:61:70:2e:6f:72:67:2f:73:6f:61:70:2f:65:6e:63:6f:64:69:6e:67:2f:22:3e:3c:73:3a:42:6f:64:79:3e:0a:3c:75:3a:53:65:74:42:69:6e:61:72:79:53:74:61:74:65:52:65:73:70:6f:6e:73:65:20:78:6d:6c:6e:73:3a:75:3d:22:75:72:6e:3a:42:65:6c:6b:69:6e:3a:73:65:72:76:69:63:65:3a:62:61:73:69:63:65:76:65:6e:74:3a:31:22:3e:0d:0a:3c:42:69:6e:61:72:79:53:74:61:74:65:3e:38:7c:31:35:30:39:34:39:33:33:34:36:7c:30:7c:30:7c:31:34:33:32:30:7c:31:32:30:39:36:30:30:7c:31:35:7c:30:7c:30:7c:34:38:36:30:30:35:31:3c:2f:42:69:6e:61:72:79:53:74:61:74:65:3e:0d:0a:3c:43:6f:75:6e:74:64:6f:77:6e:45:6e:64:54:69:6d:65:3e:30:3c:2f:43:6f:75:6e:74:64:6f:77:6e:45:6e:64:54:69:6d:65:3e:0d:0a:3c:64:65:76:69:63:65:43:75:72:72:65:6e:74:54:69:6d:65:3e:31:35:30:39:34:39:34:35:30:35:3c:2f:64:65:76:69:63:65:43:75:72:72:65:6e:74:54:69:6d:65:3e:0d:0a:3c:2f:75:3a:53:65:74:42:69:6e:61:72:79:53:74:61:74:65:52:65:73:70:6f:6e:73:65:3e:0d:0a:3c:2f:73:3a:42:6f:64:79:3e:20:3c:2f:73:3a:45:6e:76:65:6c:6f:70:65:3e" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_length_header": "420", - "http.content_length_header_tree": { - "http.content_length": "420" - }, - "http.response.line": "CONTENT-LENGTH: 420\r\n", - "http.content_type": "text\/xml; charset=\"utf-8\"", - "http.response.line": "CONTENT-TYPE: text\/xml; charset=\"utf-8\"\r\n", - "http.date": "Wed, 01 Nov 2017 00:01:45 GMT", - "http.response.line": "DATE: Wed, 01 Nov 2017 00:01:45 GMT\r\n", - "http.response.line": "EXT:\r\n", - "http.server": "Unspecified, UPnP\/1.0, Unspecified", - "http.response.line": "SERVER: Unspecified, UPnP\/1.0, Unspecified\r\n", - "http.response.line": "X-User-Agent: redsonic\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.030758000", - "http.request_in": "3622", - "http.file_data": "<s:Envelope xmlns:s=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\" s:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\"><s:Body>\n<u:SetBinaryStateResponse xmlns:u=\"urn:Belkin:service:basicevent:1\">\r\n<BinaryState>8|1509493346|0|0|14320|1209600|15|0|0|4860051<\/BinaryState>\r\n<CountdownEndTime>0<\/CountdownEndTime>\r\n<deviceCurrentTime>1509494505<\/deviceCurrentTime>\r\n<\/u:SetBinaryStateResponse>\r\n<\/s:Body> <\/s:Envelope>" - }, - "xml": { - "xml.tag": "<s:Envelope xmlns:s=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\" s:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\">", - "xml.tag_tree": { - "xml.attribute": "xmlns:s=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\"", - "xml.attribute": "s:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\"", - "xml.tag": "<s:Body>", - "xml.tag_tree": { - "xml.tag": "<u:SetBinaryStateResponse xmlns:u=\"urn:Belkin:service:basicevent:1\">", - "xml.tag_tree": { - "xml.attribute": "xmlns:u=\"urn:Belkin:service:basicevent:1\"", - "xml.tag": "<BinaryState>", - "xml.tag_tree": { - "xml.cdata": "8|1509493346|0|0|14320|1209600|15|0|0|4860051", - "<\/BinaryState>": "" - }, - "xml.tag": "<CountdownEndTime>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/CountdownEndTime>": "" - }, - "xml.tag": "<deviceCurrentTime>", - "xml.tag_tree": { - "xml.cdata": "1509494505", - "<\/deviceCurrentTime>": "" - }, - "<\/u:SetBinaryStateResponse>": "" - }, - "<\/s:Body>": "" - }, - "<\/s:Envelope>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:45.137817000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494505.137817000", - "frame.time_delta": "0.012886000", - "frame.time_delta_displayed": "0.012886000", - "frame.time_relative": "913.677131000", - "frame.number": "3627", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002cf7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003888", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "11692", - "tcp.ack": "49872", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00002aa8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:77:98:00:26:15:d0", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812180376, TSecr 2495952": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812180376", - "tcp.options.timestamp.tsecr": "2495952" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3618", - "tcp.analysis.ack_rtt": "0.060830000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:45.138352000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494505.138352000", - "frame.time_delta": "0.000535000", - "frame.time_delta_displayed": "0.000535000", - "frame.time_relative": "913.677666000", - "frame.number": "3628", - "frame.len": "425", - "frame.cap_len": "425", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "411", - "ip.id": "0x000095f0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007628", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "359", - "tcp.seq": "49872", - "tcp.nxtseq": "50231", - "tcp.ack": "11692", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000fd7e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:15:d6:a7:9e:77:98", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2495958, TSecr 2812180376": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2495958", - "tcp.options.timestamp.tsecr": "2812180376" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "359", - "tcp.analysis.push_bytes_sent": "359" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:ad:45:6d:3b:96:02:0f:72:bb:4b:0f:38:3d:4c:e8:f4:74:f1:4b:e8:58:9e:3c:25:a7:7f:2f:61:52:eb:16:ab:44:01:62:1e:9d:cb:9c:3b:83:74" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:ae:2d:69:02:58:62:f6:81:e4:93:cf:63:e6:1e:c5:24:de:2c:74:01:be:ff:f0:3b:de:06:34:61:4a:e2:42:6e:f4:d2:84:97:24:94:71:67:ef:10" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "246", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:af:f8:3f:a4:75:1d:2e:83:ab:08:8e:72:43:81:de:2e:6e:e9:92:2c:2c:d4:7b:f7:f9:66:15:5a:29:36:97:d6:ce:56:03:9e:1a:3b:b8:92:13:20:fa:83:e6:3a:47:44:3d:a9:2f:5e:32:a1:88:d7:21:aa:bb:e5:62:32:7a:cd:90:8a:3a:c3:b3:8a:67:f9:08:f4:11:d5:19:fd:06:46:bb:6f:a6:fa:b8:2e:91:1d:56:4a:bd:cf:42:34:d3:55:d7:3a:0d:a7:e8:31:69:a4:f1:b6:79:88:07:f4:75:ca:62:63:a6:45:b8:2e:a3:9b:60:18:82:bf:1f:89:80:a3:2b:ab:ee:81:29:bc:42:2d:55:10:3a:1b:a5:67:e0:27:40:6e:6e:e7:60:92:16:11:c5:7e:9e:ba:8f:bd:dc:0e:3f:d2:47:3d:5f:78:1f:d5:0e:a7:dc:e0:4e:d8:ca:68:f9:cc:16:05:ee:fd:c0:83:a1:cf:44:9b:72:76:43:94:b6:6f:42:da:bc:61:87:04:41:e6:1b:d4:70:6f:1e:da:b9:ef:78:6a:d6:ba:07:94:64:3d:3f:90:ff:ab:9b:9f:33:0e:f1:7f:06:22:e3:72:53:93:44:3c:85:71:7b" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:45.160935000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494505.160935000", - "frame.time_delta": "0.022583000", - "frame.time_delta_displayed": "0.022583000", - "frame.time_relative": "913.700249000", - "frame.number": "3629", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "14:91:82:25:10:77", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00004daf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006a9d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.dst_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "36175", - "tcp.dstport": "49154", - "tcp.port": "36175", - "tcp.port": "49154", - "tcp.stream": "145", - "tcp.len": "0", - "tcp.seq": "504", - "tcp.ack": "614", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "262", - "tcp.window_size": "16768", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x000003bd", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3626", - "tcp.analysis.ack_rtt": "0.036004000", - "tcp.analysis.initial_rtt": "0.003442000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:45.198581000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494505.198581000", - "frame.time_delta": "0.037646000", - "frame.time_delta_displayed": "0.037646000", - "frame.time_relative": "913.737895000", - "frame.number": "3630", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002cf8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003887", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "11692", - "tcp.ack": "50231", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000292b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:77:a8:00:26:15:d6", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812180392, TSecr 2495958": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812180392", - "tcp.options.timestamp.tsecr": "2495958" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3628", - "tcp.analysis.ack_rtt": "0.060229000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:45.199107000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494505.199107000", - "frame.time_delta": "0.000526000", - "frame.time_delta_displayed": "0.000526000", - "frame.time_relative": "913.738421000", - "frame.number": "3631", - "frame.len": "545", - "frame.cap_len": "545", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "531", - "ip.id": "0x000095f1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000075af", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "479", - "tcp.seq": "50231", - "tcp.nxtseq": "50710", - "tcp.ack": "11692", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00003880", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:15:dc:a7:9e:77:a8", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2495964, TSecr 2812180392": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2495964", - "tcp.options.timestamp.tsecr": "2812180392" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "479", - "tcp.analysis.push_bytes_sent": "479" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "474", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:b0:63:95:e9:2a:d1:df:c3:3f:f1:45:48:7b:79:20:cc:fd:da:e4:ff:26:f0:be:83:c4:62:20:6d:ed:f3:94:d1:c1:31:39:e5:34:a0:ed:58:d2:3f:fe:1d:18:16:f6:55:e1:47:f4:b2:b7:cd:af:1f:9c:11:f4:50:09:69:7d:b6:4e:83:31:e7:0a:f6:ac:cf:c5:c9:89:80:7f:f9:4b:d8:71:f2:e2:0b:95:a0:81:e9:ef:35:1b:e7:f3:24:19:ca:d6:5b:38:cc:91:e9:6b:15:3f:d3:d0:d6:df:af:5f:7e:41:ff:c7:92:b1:81:93:a1:c1:a1:85:70:e6:01:50:75:13:0c:02:a4:ba:75:89:bc:1f:c4:69:04:72:04:63:eb:e5:a0:96:5c:05:8d:0d:24:ae:95:85:e7:5f:28:8b:e0:ea:f6:e9:e7:62:36:ae:2b:ca:31:6c:23:ab:7f:7d:0f:3d:15:1c:90:ff:97:9c:67:4b:b0:e7:c8:b5:9b:f5:64:ce:b9:81:cb:81:d1:f2:30:9f:0d:e5:75:16:e1:fd:f6:79:23:6f:40:00:98:6d:94:08:41:53:52:93:53:0d:a4:9c:21:5c:ce:93:d9:d1:25:8f:ed:fe:6b:9a:07:9a:ff:06:22:61:c7:00:8d:03:0e:a5:30:c0:c6:7c:85:e0:f0:0c:cf:fc:91:0e:29:af:72:ff:31:f1:a6:7d:17:08:a1:a1:9f:d6:06:39:00:96:c3:76:59:0b:58:24:3e:91:0e:47:eb:38:c3:37:1e:c7:a0:cb:c5:49:8a:6b:79:95:8a:c1:2c:f3:85:bc:a4:47:ab:04:26:c0:84:9c:28:ed:4c:20:92:3f:43:98:53:3d:91:fc:8d:b4:cf:72:4b:00:45:fe:19:40:6a:cf:7a:24:49:6c:d7:9f:d8:e9:a8:e8:4b:16:f5:61:dc:b5:4e:96:3c:f4:31:be:49:cb:f7:25:f6:5c:ac:23:2e:d7:ca:c2:7b:b8:8c:31:48:39:41:23:d9:56:1e:1d:fd:22:e1:db:28:c4:ab:8d:8a:cf:78:c9:45:f8:af:d0:8a:df:c5:bd:1f:9e:89:3d:71:91:a3:a3:6e:75:da:65:49:55:f9:16:54:cd:3c:03:dc:f6:55:83:e7:ba:ee:37:09:78:07:22:14:8f:5b:f6:f1:1d:31:c5:e4:c9:b1:f6:b0:b4:fd:04:ed:45:52:37:64:cc:08:95:38:7b:9c:0e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:45.259285000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494505.259285000", - "frame.time_delta": "0.060178000", - "frame.time_delta_displayed": "0.060178000", - "frame.time_relative": "913.798599000", - "frame.number": "3632", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002cf9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003886", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "11692", - "tcp.ack": "50710", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00002737", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:77:b7:00:26:15:dc", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812180407, TSecr 2495964": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812180407", - "tcp.options.timestamp.tsecr": "2495964" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3631", - "tcp.analysis.ack_rtt": "0.060178000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:45.259997000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494505.259997000", - "frame.time_delta": "0.000712000", - "frame.time_delta_displayed": "0.000712000", - "frame.time_relative": "913.799311000", - "frame.number": "3633", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002cfa", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003856", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "11692", - "tcp.nxtseq": "11739", - "tcp.ack": "50710", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000076d3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:77:b7:00:26:15:dc", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812180407, TSecr 2495964": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812180407", - "tcp.options.timestamp.tsecr": "2495964" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:7a:d4:ce:d7:b1:2a:8a:a2:05:01:ff:13:19:06:86:48:38:f8:62:ed:21:1d:92:b2:2c:22:91:e5:5f:6e:99:e7:f3:7a:1c" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:45.260427000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494505.260427000", - "frame.time_delta": "0.000430000", - "frame.time_delta_displayed": "0.000430000", - "frame.time_relative": "913.799741000", - "frame.number": "3634", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x000095f2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000778d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "50710", - "tcp.ack": "11739", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00002613", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:15:e2:a7:9e:77:b7", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2495970, TSecr 2812180407": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2495970", - "tcp.options.timestamp.tsecr": "2812180407" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3633", - "tcp.analysis.ack_rtt": "0.000430000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:45.263819000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494505.263819000", - "frame.time_delta": "0.003392000", - "frame.time_delta_displayed": "0.003392000", - "frame.time_relative": "913.803133000", - "frame.number": "3635", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x000095f3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000775d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "50710", - "tcp.nxtseq": "50757", - "tcp.ack": "11739", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000d1b7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:15:e3:a7:9e:77:b7", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2495971, TSecr 2812180407": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2495971", - "tcp.options.timestamp.tsecr": "2812180407" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:b1:40:b2:6e:23:26:53:63:83:fa:2b:69:0f:25:55:e0:20:08:d9:2b:2f:4d:da:94:36:73:62:60:4a:08:d3:a9:f2:c4:b9" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:45.295540000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494505.295540000", - "frame.time_delta": "0.031721000", - "frame.time_delta_displayed": "0.031721000", - "frame.time_relative": "913.834854000", - "frame.number": "3636", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "14:91:82:25:10:77", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00004db0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006a9c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.dst_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "36175", - "tcp.dstport": "49154", - "tcp.port": "36175", - "tcp.port": "49154", - "tcp.stream": "145", - "tcp.len": "0", - "tcp.seq": "504", - "tcp.ack": "614", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "262", - "tcp.window_size": "16768", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x000003bc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:45.297240000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494505.297240000", - "frame.time_delta": "0.001700000", - "frame.time_delta_displayed": "0.001700000", - "frame.time_relative": "913.836554000", - "frame.number": "3637", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "14:91:82:25:10:77", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b84c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.src_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "49154", - "tcp.dstport": "36175", - "tcp.port": "49154", - "tcp.port": "36175", - "tcp.stream": "145", - "tcp.len": "0", - "tcp.seq": "614", - "tcp.ack": "505", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3456", - "tcp.window_size": "6912", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x0000f741", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3636", - "tcp.analysis.ack_rtt": "0.001700000", - "tcp.analysis.initial_rtt": "0.003442000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:45.362773000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494505.362773000", - "frame.time_delta": "0.065533000", - "frame.time_delta_displayed": "0.065533000", - "frame.time_relative": "913.902087000", - "frame.number": "3638", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002cfb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003884", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "11739", - "tcp.ack": "50757", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000026b8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:77:d1:00:26:15:e3", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812180433, TSecr 2495971": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812180433", - "tcp.options.timestamp.tsecr": "2495971" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3635", - "tcp.analysis.ack_rtt": "0.098954000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:45.363270000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494505.363270000", - "frame.time_delta": "0.000497000", - "frame.time_delta_displayed": "0.000497000", - "frame.time_relative": "913.902584000", - "frame.number": "3639", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "106", - "ip.id": "0x000095f4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007755", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "54", - "tcp.seq": "50757", - "tcp.nxtseq": "50811", - "tcp.ack": "11739", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00007f2b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:15:ed:a7:9e:77:d1", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2495981, TSecr 2812180433": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2495981", - "tcp.options.timestamp.tsecr": "2812180433" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "54", - "tcp.analysis.push_bytes_sent": "54" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:b2:cc:61:82:de:b2:ef:a8:f4:52:43:d5:ad:e2:6e:6d:02:fc:a2:a1:a7:27:34:da:fe:f9:29:e4:4c:10:ce:13:ae:2c:6f:ca:39:02:e7:0a:65:6c" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:45.423954000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494505.423954000", - "frame.time_delta": "0.060684000", - "frame.time_delta_displayed": "0.060684000", - "frame.time_relative": "913.963268000", - "frame.number": "3640", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002cfc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003883", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "11739", - "tcp.ack": "50811", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00002669", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:77:e0:00:26:15:ed", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812180448, TSecr 2495981": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812180448", - "tcp.options.timestamp.tsecr": "2495981" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3639", - "tcp.analysis.ack_rtt": "0.060684000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:47.365982000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494507.365982000", - "frame.time_delta": "1.942028000", - "frame.time_delta_displayed": "1.942028000", - "frame.time_relative": "915.905296000", - "frame.number": "3641", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "14:91:82:25:10:77", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000bfbf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f880", - "ip.checksum.status": "2", - "ip.src": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.src_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "4882", - "tcp.dstport": "39500", - "tcp.port": "4882", - "tcp.port": "39500", - "tcp.stream": "146", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 39500", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "5840", - "tcp.window_size": "5840", - "tcp.checksum": "0x00007873", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:01", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 1 (multiply by 2)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "1", - "tcp.options.wscale.multiplier": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:47.366470000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494507.366470000", - "frame.time_delta": "0.000488000", - "frame.time_delta_displayed": "0.000488000", - "frame.time_relative": "915.905784000", - "frame.number": "3642", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "14:91:82:25:10:77", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b840", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.dst_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "39500", - "tcp.dstport": "4882", - "tcp.port": "39500", - "tcp.port": "4882", - "tcp.stream": "146", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 39500", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "14600", - "tcp.window_size": "14600", - "tcp.checksum": "0x00007e1d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:06", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 6 (multiply by 64)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "6", - "tcp.options.wscale.multiplier": "64" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3641", - "tcp.analysis.ack_rtt": "0.000488000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:47.368944000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494507.368944000", - "frame.time_delta": "0.002474000", - "frame.time_delta_displayed": "0.002474000", - "frame.time_relative": "915.908258000", - "frame.number": "3643", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "14:91:82:25:10:77", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000bfc0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f88b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.src_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "4882", - "tcp.dstport": "39500", - "tcp.port": "4882", - "tcp.port": "39500", - "tcp.stream": "146", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "2920", - "tcp.window_size": "5840", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x0000ec8e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3642", - "tcp.analysis.ack_rtt": "0.002474000", - "tcp.analysis.initial_rtt": "0.002962000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:47.369806000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494507.369806000", - "frame.time_delta": "0.000862000", - "frame.time_delta_displayed": "0.000862000", - "frame.time_relative": "915.909120000", - "frame.number": "3644", - "frame.len": "258", - "frame.cap_len": "258", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "14:91:82:25:10:77", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "244", - "ip.id": "0x0000bfc1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f7be", - "ip.checksum.status": "2", - "ip.src": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.src_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "4882", - "tcp.dstport": "39500", - "tcp.port": "4882", - "tcp.port": "39500", - "tcp.stream": "146", - "tcp.len": "204", - "tcp.seq": "1", - "tcp.nxtseq": "205", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "2920", - "tcp.window_size": "5840", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x0000612c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002962000", - "tcp.analysis.bytes_in_flight": "204", - "tcp.analysis.push_bytes_sent": "204" - }, - "tcp.segment_data": "4e:4f:54:49:46:59:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:4f:53:54:3a:20:31:39:32:2e:31:36:38:2e:30:2e:32:34:32:3a:33:39:35:30:30:0d:0a:43:4f:4e:54:45:4e:54:2d:54:59:50:45:3a:20:74:65:78:74:2f:78:6d:6c:3b:20:63:68:61:72:73:65:74:3d:22:75:74:66:2d:38:22:0d:0a:43:4f:4e:54:45:4e:54:2d:4c:45:4e:47:54:48:3a:20:31:37:36:0d:0a:4e:54:3a:20:75:70:6e:70:3a:65:76:65:6e:74:0d:0a:4e:54:53:3a:20:75:70:6e:70:3a:70:72:6f:70:63:68:61:6e:67:65:0d:0a:53:49:44:3a:20:75:75:69:64:3a:38:36:65:65:36:38:36:34:2d:31:64:64:32:2d:31:31:62:32:2d:62:65:35:62:2d:62:30:65:66:32:36:30:30:36:38:61:61:0d:0a:53:45:51:3a:20:33:0d:0a:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:47.370261000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494507.370261000", - "frame.time_delta": "0.000455000", - "frame.time_delta_displayed": "0.000455000", - "frame.time_relative": "915.909575000", - "frame.number": "3645", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "14:91:82:25:10:77", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000531c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006530", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.dst_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "39500", - "tcp.dstport": "4882", - "tcp.port": "39500", - "tcp.port": "4882", - "tcp.stream": "146", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "205", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "245", - "tcp.window_size": "15680", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000f635", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3644", - "tcp.analysis.ack_rtt": "0.000455000", - "tcp.analysis.initial_rtt": "0.002962000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:47.373425000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494507.373425000", - "frame.time_delta": "0.003164000", - "frame.time_delta_displayed": "0.003164000", - "frame.time_relative": "915.912739000", - "frame.number": "3646", - "frame.len": "231", - "frame.cap_len": "231", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml:http:data" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "14:91:82:25:10:77", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "217", - "ip.id": "0x0000bfc2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f7d8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.src_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "4882", - "tcp.dstport": "39500", - "tcp.port": "4882", - "tcp.port": "39500", - "tcp.stream": "146", - "tcp.len": "177", - "tcp.seq": "205", - "tcp.nxtseq": "382", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "2920", - "tcp.window_size": "5840", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x0000b66a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002962000", - "tcp.analysis.bytes_in_flight": "177", - "tcp.analysis.push_bytes_sent": "177" - }, - "tcp.segment_data": "3c:65:3a:70:72:6f:70:65:72:74:79:73:65:74:20:78:6d:6c:6e:73:3a:65:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:65:76:65:6e:74:2d:31:2d:30:22:3e:0a:3c:65:3a:70:72:6f:70:65:72:74:79:3e:0a:3c:42:69:6e:61:72:79:53:74:61:74:65:3e:38:7c:31:35:30:39:34:39:34:35:30:36:7c:30:7c:30:7c:31:34:33:32:30:7c:31:32:30:39:36:30:30:7c:31:35:7c:30:7c:30:7c:34:38:36:30:30:35:31:3c:2f:42:69:6e:61:72:79:53:74:61:74:65:3e:0a:3c:2f:65:3a:70:72:6f:70:65:72:74:79:3e:0a:3c:2f:65:3a:70:72:6f:70:65:72:74:79:73:65:74:3e:0a:0a:0d" - }, - "tcp.segments": { - "tcp.segment": "3644", - "tcp.segment": "3646", - "tcp.segment.count": "2", - "tcp.reassembled.length": "380", - "tcp.reassembled.data": "4e:4f:54:49:46:59:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:4f:53:54:3a:20:31:39:32:2e:31:36:38:2e:30:2e:32:34:32:3a:33:39:35:30:30:0d:0a:43:4f:4e:54:45:4e:54:2d:54:59:50:45:3a:20:74:65:78:74:2f:78:6d:6c:3b:20:63:68:61:72:73:65:74:3d:22:75:74:66:2d:38:22:0d:0a:43:4f:4e:54:45:4e:54:2d:4c:45:4e:47:54:48:3a:20:31:37:36:0d:0a:4e:54:3a:20:75:70:6e:70:3a:65:76:65:6e:74:0d:0a:4e:54:53:3a:20:75:70:6e:70:3a:70:72:6f:70:63:68:61:6e:67:65:0d:0a:53:49:44:3a:20:75:75:69:64:3a:38:36:65:65:36:38:36:34:2d:31:64:64:32:2d:31:31:62:32:2d:62:65:35:62:2d:62:30:65:66:32:36:30:30:36:38:61:61:0d:0a:53:45:51:3a:20:33:0d:0a:0d:0a:3c:65:3a:70:72:6f:70:65:72:74:79:73:65:74:20:78:6d:6c:6e:73:3a:65:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:65:76:65:6e:74:2d:31:2d:30:22:3e:0a:3c:65:3a:70:72:6f:70:65:72:74:79:3e:0a:3c:42:69:6e:61:72:79:53:74:61:74:65:3e:38:7c:31:35:30:39:34:39:34:35:30:36:7c:30:7c:30:7c:31:34:33:32:30:7c:31:32:30:39:36:30:30:7c:31:35:7c:30:7c:30:7c:34:38:36:30:30:35:31:3c:2f:42:69:6e:61:72:79:53:74:61:74:65:3e:0a:3c:2f:65:3a:70:72:6f:70:65:72:74:79:3e:0a:3c:2f:65:3a:70:72:6f:70:65:72:74:79:73:65:74:3e:0a:0a:0d" - }, - "http": { - "NOTIFY \/ HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY \/ HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "\/", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.242:39500", - "http.content_type": "text\/xml; charset=\"utf-8\"", - "http.content_length_header": "176", - "http.content_length_header_tree": { - "http.content_length": "176" - }, - "http.unknown_header": "NT: upnp:event\\r\\n", - "http.unknown_header": "NTS: upnp:propchange\\r\\n", - "http.unknown_header": "SID: uuid:86ee6864-1dd2-11b2-be5b-b0ef260068aa\\r\\n", - "http.unknown_header": "SEQ: 3\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.242:39500\/", - "http.notification": "1", - "http.file_data": "<e:propertyset xmlns:e=\"urn:schemas-upnp-org:event-1-0\">\n<e:property>\n<BinaryState>8|1509494506|0|0|14320|1209600|15|0|0|4860051<\/BinaryState>\n<\/e:property>\n<\/e:propertyset>\n\n\r" - }, - "xml": { - "xml.tag": "<e:propertyset xmlns:e=\"urn:schemas-upnp-org:event-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns:e=\"urn:schemas-upnp-org:event-1-0\"", - "xml.tag": "<e:property>", - "xml.tag_tree": { - "xml.tag": "<BinaryState>", - "xml.tag_tree": { - "xml.cdata": "8|1509494506|0|0|14320|1209600|15|0|0|4860051", - "<\/BinaryState>": "" - }, - "<\/e:property>": "" - }, - "<\/e:propertyset>": "" - } - }, - "http": { - "data": { - "data.data": "0a", - "data.len": "1" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:47.373887000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494507.373887000", - "frame.time_delta": "0.000462000", - "frame.time_delta_displayed": "0.000462000", - "frame.time_relative": "915.913201000", - "frame.number": "3647", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "14:91:82:25:10:77", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000531d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000652f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.dst_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "39500", - "tcp.dstport": "4882", - "tcp.port": "39500", - "tcp.port": "4882", - "tcp.stream": "146", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "382", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "262", - "tcp.window_size": "16768", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000f573", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3646", - "tcp.analysis.ack_rtt": "0.000462000", - "tcp.analysis.initial_rtt": "0.002962000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:47.385323000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494507.385323000", - "frame.time_delta": "0.011436000", - "frame.time_delta_displayed": "0.011436000", - "frame.time_relative": "915.924637000", - "frame.number": "3648", - "frame.len": "531", - "frame.cap_len": "531", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "517", - "ip.id": "0x000095f5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000075b9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "465", - "tcp.seq": "50811", - "tcp.nxtseq": "51276", - "tcp.ack": "11739", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000ece1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:16:b7:a7:9e:77:e0", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2496183, TSecr 2812180448": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2496183", - "tcp.options.timestamp.tsecr": "2812180448" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "465", - "tcp.analysis.push_bytes_sent": "465" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "460", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:b3:ca:d9:2f:b7:3a:22:5b:27:5b:4f:77:f5:ad:ba:26:70:07:eb:07:94:6e:a1:7d:60:04:78:73:9a:ca:28:28:c9:90:6e:6b:af:d7:64:ac:1f:08:3f:3f:32:de:33:f2:94:e4:88:66:bf:14:fd:3c:f6:d7:be:3e:0e:df:09:70:80:d4:9d:48:f2:87:56:73:89:f0:30:58:01:08:94:6c:86:e1:a8:c9:37:0a:eb:ec:61:65:5c:9c:a2:eb:7d:eb:18:8b:ee:ae:78:d1:b5:de:14:07:d0:99:85:aa:d7:1b:3d:86:30:25:8a:6e:35:86:1f:a3:8a:3d:9b:b0:ea:71:ab:5a:98:88:db:b4:69:6a:1d:6b:52:be:59:69:4d:9d:8d:84:69:98:45:87:8d:a1:2c:e5:7a:dc:e6:e8:27:f1:35:5c:79:1b:8d:3f:89:c0:6f:c9:38:01:cf:0c:d4:f3:d8:9e:cf:47:44:09:f1:d6:e9:47:94:eb:56:01:0e:e0:68:8d:54:6b:4e:6d:0f:13:cb:fc:02:90:87:5a:b5:5f:1f:09:50:ba:ae:e9:c8:1f:01:da:e2:b2:06:3a:84:61:93:e6:de:81:40:41:72:9d:ba:78:9c:02:a9:14:d9:ea:9f:fb:7f:27:4f:62:d8:83:68:ff:e5:1c:9c:8c:78:47:cb:15:ba:1b:94:89:ab:f1:98:bc:17:8e:5e:ef:81:5f:f7:a8:71:8d:50:ed:8d:3a:24:62:a3:94:a8:48:1c:86:c3:e4:29:5c:69:e1:99:12:b3:59:53:a9:17:44:8d:6c:29:86:e8:35:06:9a:f8:72:6a:46:fa:f4:b5:be:4f:55:1f:ec:b5:40:0d:64:15:c8:f9:ec:6b:ea:1a:8c:a4:98:52:9f:16:d1:22:88:25:81:a9:35:86:83:55:a4:15:5c:23:b6:4a:58:ad:97:77:2c:1d:83:44:3e:c2:46:b3:7c:e6:f2:66:b2:4d:6b:a5:a7:21:53:60:d9:c9:1c:4f:fe:62:1a:12:4f:bf:f9:90:3c:00:35:95:09:ff:ea:16:28:31:90:10:5b:7b:fe:05:0b:52:69:00:40:71:9c:a4:b7:8a:64:b6:e3:b8:ed:33:e2:2d:c5:90:ca:37:1f:90:9d:7d:0b:6a:95:b2:c7:ae:22:43:c3:7e:56:45:c9:b2:5d:3b:5b:fa:f5:d2" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:47.445772000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494507.445772000", - "frame.time_delta": "0.060449000", - "frame.time_delta_displayed": "0.060449000", - "frame.time_relative": "915.985086000", - "frame.number": "3649", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002cfd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003882", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "11739", - "tcp.ack": "51276", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000021d5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:79:d9:00:26:16:b7", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812180953, TSecr 2496183": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812180953", - "tcp.options.timestamp.tsecr": "2496183" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3648", - "tcp.analysis.ack_rtt": "0.060449000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:47.447005000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494507.447005000", - "frame.time_delta": "0.001233000", - "frame.time_delta_displayed": "0.001233000", - "frame.time_relative": "915.986319000", - "frame.number": "3650", - "frame.len": "151", - "frame.cap_len": "151", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "137", - "ip.id": "0x00002cfe", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000382c", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "85", - "tcp.seq": "11739", - "tcp.nxtseq": "11824", - "tcp.ack": "51276", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000046f2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:79:da:00:26:16:b7", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812180954, TSecr 2496183": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812180954", - "tcp.options.timestamp.tsecr": "2496183" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "85", - "tcp.analysis.push_bytes_sent": "85" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "80", - "ssl.app_data": "34:cd:34:17:47:48:0e:7b:90:c6:5f:56:1e:95:e4:db:f1:ad:97:5a:1e:f2:7b:a7:76:43:4c:45:53:43:69:5b:80:9e:9c:0f:dc:d8:39:fa:23:07:c5:2a:2c:18:8f:b5:4c:91:e0:59:81:7f:b3:92:ea:af:fe:c5:ee:5d:4e:04:70:cc:42:db:0e:b1:fd:4c:2f:9d:8f:ef:be:36:8f:b1" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:47.450950000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494507.450950000", - "frame.time_delta": "0.003945000", - "frame.time_delta_displayed": "0.003945000", - "frame.time_relative": "915.990264000", - "frame.number": "3651", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x000095f6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000775a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "51276", - "tcp.nxtseq": "51323", - "tcp.ack": "11824", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000528c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:16:be:a7:9e:79:da", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2496190, TSecr 2812180954": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2496190", - "tcp.options.timestamp.tsecr": "2812180954" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3650", - "tcp.analysis.ack_rtt": "0.003945000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:b4:71:3f:39:f9:09:5c:b5:ed:6a:af:29:c5:36:f6:bd:48:92:7e:53:16:a9:bd:b4:9f:b6:5a:d7:12:6d:be:f3:7e:7f:46" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:47.461800000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494507.461800000", - "frame.time_delta": "0.010850000", - "frame.time_delta_displayed": "0.010850000", - "frame.time_relative": "916.001114000", - "frame.number": "3652", - "frame.len": "92", - "frame.cap_len": "92", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "14:91:82:25:10:77", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "78", - "ip.id": "0x0000531e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006508", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.dst_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "39500", - "tcp.dstport": "4882", - "tcp.port": "39500", - "tcp.port": "4882", - "tcp.stream": "146", - "tcp.len": "38", - "tcp.seq": "1", - "tcp.nxtseq": "39", - "tcp.ack": "382", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "262", - "tcp.window_size": "16768", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x000001ff", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002962000", - "tcp.analysis.bytes_in_flight": "38", - "tcp.analysis.push_bytes_sent": "38" - } - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.connection": "close", - "http.response.line": "Connection: close\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:47.463612000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494507.463612000", - "frame.time_delta": "0.001812000", - "frame.time_delta_displayed": "0.001812000", - "frame.time_relative": "916.002926000", - "frame.number": "3653", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "14:91:82:25:10:77", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000bfc3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f888", - "ip.checksum.status": "2", - "ip.src": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.src_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "4882", - "tcp.dstport": "39500", - "tcp.port": "4882", - "tcp.port": "39500", - "tcp.stream": "146", - "tcp.len": "0", - "tcp.seq": "382", - "tcp.ack": "39", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "2920", - "tcp.window_size": "5840", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x0000eaeb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3652", - "tcp.analysis.ack_rtt": "0.001812000", - "tcp.analysis.initial_rtt": "0.002962000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:47.467102000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494507.467102000", - "frame.time_delta": "0.003490000", - "frame.time_delta_displayed": "0.003490000", - "frame.time_relative": "916.006416000", - "frame.number": "3654", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "14:91:82:25:10:77", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000bfc4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f887", - "ip.checksum.status": "2", - "ip.src": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.src_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "4882", - "tcp.dstport": "39500", - "tcp.port": "4882", - "tcp.port": "39500", - "tcp.stream": "146", - "tcp.len": "0", - "tcp.seq": "382", - "tcp.ack": "39", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "2920", - "tcp.window_size": "5840", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x0000eaea", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:47.467775000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494507.467775000", - "frame.time_delta": "0.000673000", - "frame.time_delta_displayed": "0.000673000", - "frame.time_relative": "916.007089000", - "frame.number": "3655", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "14:91:82:25:10:77", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000531f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000652d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.dst_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "39500", - "tcp.dstport": "4882", - "tcp.port": "39500", - "tcp.port": "4882", - "tcp.stream": "146", - "tcp.len": "0", - "tcp.seq": "39", - "tcp.ack": "383", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "262", - "tcp.window_size": "16768", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000f54b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3654", - "tcp.analysis.ack_rtt": "0.000673000", - "tcp.analysis.initial_rtt": "0.002962000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:47.469998000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494507.469998000", - "frame.time_delta": "0.002223000", - "frame.time_delta_displayed": "0.002223000", - "frame.time_relative": "916.009312000", - "frame.number": "3656", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "14:91:82:25:10:77", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000bfc5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f886", - "ip.checksum.status": "2", - "ip.src": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.src_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "4882", - "tcp.dstport": "39500", - "tcp.port": "4882", - "tcp.port": "39500", - "tcp.stream": "146", - "tcp.len": "0", - "tcp.seq": "383", - "tcp.ack": "40", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "2920", - "tcp.window_size": "5840", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x0000eae9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3655", - "tcp.analysis.ack_rtt": "0.002223000", - "tcp.analysis.initial_rtt": "0.002962000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:47.511939000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494507.511939000", - "frame.time_delta": "0.041941000", - "frame.time_delta_displayed": "0.041941000", - "frame.time_relative": "916.051253000", - "frame.number": "3657", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002cff", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003851", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "11824", - "tcp.nxtseq": "11871", - "tcp.ack": "51323", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00003b24", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:79:ea:00:26:16:be", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812180970, TSecr 2496190": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812180970", - "tcp.options.timestamp.tsecr": "2496190" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3651", - "tcp.analysis.ack_rtt": "0.060989000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:7c:a8:9e:72:83:2f:c9:28:f3:4c:54:19:09:be:d5:70:e8:06:99:ba:59:5c:be:d3:22:c5:dd:72:fd:bb:4b:19:37:14:cd" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:47.512437000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494507.512437000", - "frame.time_delta": "0.000498000", - "frame.time_delta_displayed": "0.000498000", - "frame.time_relative": "916.051751000", - "frame.number": "3658", - "frame.len": "174", - "frame.cap_len": "174", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "160", - "ip.id": "0x000095f7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000771c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "108", - "tcp.seq": "51323", - "tcp.nxtseq": "51431", - "tcp.ack": "11871", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000a3de", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:16:c4:a7:9e:79:ea", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2496196, TSecr 2812180970": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2496196", - "tcp.options.timestamp.tsecr": "2812180970" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3657", - "tcp.analysis.ack_rtt": "0.000498000", - "tcp.analysis.bytes_in_flight": "108", - "tcp.analysis.push_bytes_sent": "108" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:b5:61:25:e9:e7:ca:72:51:e5:52:a7:74:25:7f:cd:21:22:72:8c:f4:70:56:26:cd:8f:16:d4:5a:c0:8f:0f:86:9e:26:85:f1:ab:50:fb:40:47:78" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:b6:c8:ce:97:27:09:d7:dd:9d:a2:fc:38:ca:92:7f:4e:35:f3:eb:3b:0e:10:03:fb:19:02:29:26:77:32:47:93:0a:11:17:8c:ea:73:21:1b:63:26" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:47.669230000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494507.669230000", - "frame.time_delta": "0.156793000", - "frame.time_delta_displayed": "0.156793000", - "frame.time_relative": "916.208544000", - "frame.number": "3659", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d00", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000387f", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "11871", - "tcp.ack": "51431", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000207f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:7a:03:00:26:16:c4", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812180995, TSecr 2496196": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812180995", - "tcp.options.timestamp.tsecr": "2496196" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3658", - "tcp.analysis.ack_rtt": "0.156793000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:47.669690000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494507.669690000", - "frame.time_delta": "0.000460000", - "frame.time_delta_displayed": "0.000460000", - "frame.time_relative": "916.209004000", - "frame.number": "3660", - "frame.len": "115", - "frame.cap_len": "115", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "101", - "ip.id": "0x000095f8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007756", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "49", - "tcp.seq": "51431", - "tcp.nxtseq": "51480", - "tcp.ack": "11871", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00009595", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:16:d3:a7:9e:7a:03", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2496211, TSecr 2812180995": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2496211", - "tcp.options.timestamp.tsecr": "2812180995" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "49", - "tcp.analysis.push_bytes_sent": "49" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "44", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:b7:aa:75:ae:cd:44:9c:c7:c9:0c:95:e8:23:5b:fc:9a:20:c8:7c:80:1d:09:f8:10:64:c4:88:d1:15:b3:0b:b8:1a:11:e0:cb:b5" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:47.729881000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494507.729881000", - "frame.time_delta": "0.060191000", - "frame.time_delta_displayed": "0.060191000", - "frame.time_relative": "916.269195000", - "frame.number": "3661", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d01", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000387e", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "11871", - "tcp.ack": "51480", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00002022", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:7a:20:00:26:16:d3", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812181024, TSecr 2496211": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812181024", - "tcp.options.timestamp.tsecr": "2496211" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3660", - "tcp.analysis.ack_rtt": "0.060191000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:48.511035000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494508.511035000", - "frame.time_delta": "0.781154000", - "frame.time_delta_displayed": "0.781154000", - "frame.time_relative": "917.050349000", - "frame.number": "3662", - "frame.len": "1323", - "frame.cap_len": "1323", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1309", - "ip.id": "0x000095f9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000729d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "1257", - "tcp.seq": "51480", - "tcp.nxtseq": "52737", - "tcp.ack": "11871", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f652", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:17:28:a7:9e:7a:20", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2496296, TSecr 2812181024": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2496296", - "tcp.options.timestamp.tsecr": "2812181024" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "1257", - "tcp.analysis.push_bytes_sent": "1257" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "1252", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:b8:aa:61:b7:33:b2:0e:e8:54:ea:cf:27:f4:b3:e0:5b:57:ff:7a:68:dc:77:bc:1b:65:e4:2e:46:76:b2:70:e8:7b:6f:43:cc:2d:2e:31:02:80:29:7a:79:27:c8:94:95:ae:78:6e:94:a6:7b:69:ea:ef:0c:c7:78:9e:a8:e8:41:00:9c:ef:a9:b1:31:12:f2:79:9e:4d:0c:f5:97:0a:c9:8d:55:ac:c3:a9:17:28:b2:fb:39:59:ff:45:f2:29:38:bd:0c:7d:3f:87:ee:9a:d8:75:d0:93:7c:24:62:74:74:1d:98:3e:da:15:07:7f:d7:80:e3:c5:19:43:cf:f9:06:ec:cf:e5:3a:a5:4c:c8:fd:6d:fc:94:0c:f1:3d:26:ac:b3:29:ec:44:2a:6b:33:53:ea:ee:03:72:97:7c:b2:04:9a:50:a3:49:5c:a6:f7:10:31:03:d7:13:bb:27:a8:f8:85:e9:23:4b:da:1f:ea:47:ff:5a:bb:f1:c3:12:c6:69:cc:c0:2b:7f:c3:85:f9:30:94:1e:b9:31:99:8b:da:ec:36:8d:b2:1b:6c:d9:9d:f6:33:fe:90:df:2e:9d:77:db:c5:a8:ee:bf:c7:7e:64:c5:8a:e3:e7:63:56:5f:8b:af:4a:79:aa:4d:d8:5d:e3:3d:58:d2:8d:b1:ba:0b:3b:df:f5:c0:b3:cd:99:2c:4a:da:01:82:53:70:8b:f0:b7:d6:dc:f1:0a:f4:f4:0e:16:10:f1:23:e9:4c:2a:c3:f4:65:75:ce:b7:d4:62:11:8e:7d:bb:9d:4a:85:1f:5b:2b:3e:33:b9:2e:68:d1:2d:7a:cf:83:7f:1b:ad:d4:89:8a:f3:64:d6:24:8a:82:48:b1:f7:83:92:b5:31:c8:57:0c:02:1b:e6:81:bc:10:7e:36:e8:f1:c4:14:2b:15:3d:8f:5b:71:bc:e8:57:12:56:43:a1:92:98:66:4e:82:00:17:88:85:3f:cc:b7:12:7f:0f:00:0e:a7:19:54:c2:a3:9c:7e:fc:f0:fe:48:00:ae:6c:d2:ee:82:d0:0f:04:e3:c2:9c:b9:7d:b4:ad:1b:c4:3d:0d:03:27:3d:79:30:e1:78:97:fa:3e:a0:cd:d0:9a:e3:2a:7a:1a:27:f2:7f:cc:5b:cc:af:2c:4d:6b:b9:e3:5f:b4:68:17:38:03:b2:53:23:0f:c6:aa:61:12:02:4e:e0:62:e6:98:17:1c:92:aa:c5:3c:a8:19:82:5e:cd:ab:54:48:d5:ec:7e:93:5d:37:0e:81:39:14:a5:6a:6c:1f:99:17:94:bc:cf:21:59:ef:0a:28:f7:ab:65:b8:76:42:be:13:ef:8c:ce:b6:7b:bf:18:61:13:5c:5a:1c:83:05:11:b0:e0:5b:31:16:2a:59:10:61:9f:b1:20:21:ad:88:3e:c2:5e:b8:87:58:83:5e:b8:8a:9c:47:c9:01:39:71:e5:1f:a1:2b:17:65:cd:56:1c:d7:e4:70:ff:d9:83:8c:85:83:cc:d8:4c:be:64:84:a2:a5:8a:f9:d6:f4:08:e1:00:a0:e5:44:58:30:18:f7:b8:ae:13:db:30:e3:9f:7c:95:00:83:7f:6d:66:97:2d:40:79:8b:4c:c4:69:5b:b5:80:46:a2:d3:56:58:2b:42:68:80:7d:4e:0a:ab:07:0a:6f:ad:ab:f9:99:aa:f3:76:19:85:49:6a:38:70:1e:1a:bf:5d:45:f5:74:0d:4b:22:c5:0f:e7:be:b6:59:8b:22:2e:73:c3:e7:e3:32:e2:65:ab:55:2a:72:3e:ad:61:13:67:89:d6:0d:84:0c:42:87:4c:60:84:82:c0:18:e7:98:b4:78:e5:26:d9:fe:20:05:f6:6e:69:4c:06:fd:e3:94:8b:96:3a:e7:8a:05:e4:79:0e:c5:2e:34:83:af:f9:89:1f:d3:e0:d0:81:89:8c:cb:87:34:c4:07:05:de:e2:24:6c:fe:11:11:75:bb:6d:c7:2d:f9:dc:56:9e:e8:25:42:45:63:2c:f2:b9:8a:b1:d1:ce:f3:54:e0:1e:73:84:02:e8:d4:a6:93:9c:f7:b1:7e:52:36:91:98:f0:8a:8e:a4:6f:6d:4a:87:ce:f1:59:1a:e0:68:d5:70:28:03:d4:a7:f2:df:1f:3e:9a:31:7e:33:85:45:88:6a:d9:45:3f:dd:c2:01:14:3e:3a:98:43:88:e7:13:a3:0a:7f:20:fd:6a:c9:8d:68:6c:a4:94:64:a3:8d:b7:ae:9d:4f:cf:d3:50:c0:ce:53:6a:82:4c:a7:6a:2a:29:70:78:e2:9b:e9:3a:9b:4b:b7:ee:3f:6f:0b:4b:15:23:a8:38:1a:4b:f7:9a:8f:9f:fa:98:4f:df:33:f7:ae:9c:a9:55:54:bb:d1:ba:c3:a9:ed:c9:97:d5:02:a5:c4:8e:cd:f5:94:dd:d1:4c:dc:96:21:7a:15:8e:a4:d4:a3:c0:ff:50:6b:04:67:e0:5c:94:02:4f:98:cf:b9:46:7b:43:3a:56:33:d4:6d:a2:f5:48:be:ac:70:61:ff:76:c8:0f:34:ba:50:f8:9a:57:ae:fa:86:c6:6f:63:37:08:91:18:50:34:ba:b5:1c:0a:f8:62:34:22:71:77:fe:84:27:fc:ae:a9:ec:7d:10:2d:79:e6:36:47:24:93:d3:8d:ca:f5:de:67:2c:d5:59:72:f8:90:20:e3:78:b0:94:07:c1:c7:e3:c2:46:56:e1:e3:29:98:e6:08:9e:60:57:6c:08:c3:a8:70:e3:2b:b6:78:2e:70:33:3a:3e:8d:47:aa:f2:26:6b:76:93:37:cf:d8:73:3a:39:b7:90:8d:81:9b:ef:38:c2:28:fb:a9:3d:40:d9:9c:bc:3e:10:a0:7e:44:7c:e6:f3:7e:e4:f2:37:7d:df:a3:15:3a:e8:c2:d3:f4:74:c8:4e:75:7a:b4:1d:65:68:b8:c4:81:3b:88:4b:6f:62:92:0c:a6:9d:8b:11:76:5d:21:df:e8:1b:bc:6b:d4:98:20:ed:ba:9c:0b:27:62:36:38:11:1e:71:a8:d5:6d:19:c9:2e:5b:5e:27:f5:e8:3d:bb:ae:4f:be:a8:20:6a:ae:28:c8:6e:57:bb:c8:3d:13:8f:e3:97:33:af:82:1c:1a:8f:d2:c3:2d:62:a1:cd:4e:d3:3e:aa:42:06:97:60:69:e8:4d:83:37:4f:0e:ed:bc:9c:79:85:8f:a9:63:6e:f5:ee:22:b6:c7:21:6c:d5:d2:db:8f:c8:3a:2f:dd:7d:55:a8:bb:2b:57:4b:49:a6:34:d3:0f:dc:9b:c7:77" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:48.571245000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494508.571245000", - "frame.time_delta": "0.060210000", - "frame.time_delta_displayed": "0.060210000", - "frame.time_relative": "917.110559000", - "frame.number": "3663", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d02", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000387d", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "11871", - "tcp.ack": "52737", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00001a11", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:7a:f3:00:26:17:28", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812181235, TSecr 2496296": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812181235", - "tcp.options.timestamp.tsecr": "2496296" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3662", - "tcp.analysis.ack_rtt": "0.060210000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:48.802813000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494508.802813000", - "frame.time_delta": "0.231568000", - "frame.time_delta_displayed": "0.231568000", - "frame.time_relative": "917.342127000", - "frame.number": "3664", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.120" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:48.808830000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494508.808830000", - "frame.time_delta": "0.006017000", - "frame.time_delta_displayed": "0.006017000", - "frame.time_relative": "917.348144000", - "frame.number": "3665", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "e4:95:6e:b0:20:39", - "arp.src.proto_ipv4": "192.168.0.120", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:55.597890000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494515.597890000", - "frame.time_delta": "6.789060000", - "frame.time_delta_displayed": "6.789060000", - "frame.time_relative": "924.137204000", - "frame.number": "3666", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001db1", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000ba3f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00000c91", - "udp.checksum.status": "2", - "udp.stream": "16" - }, - "mdns": { - "dns.id": "0x00000271", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=625", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:55.598443000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494515.598443000", - "frame.time_delta": "0.000553000", - "frame.time_delta_displayed": "0.000553000", - "frame.time_relative": "924.137757000", - "frame.number": "3667", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001db2", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009b3a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000ed8c", - "udp.checksum.status": "2", - "udp.stream": "17" - }, - "mdns": { - "dns.id": "0x00000271", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=625", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:55.599027000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494515.599027000", - "frame.time_delta": "0.000584000", - "frame.time_delta_displayed": "0.000584000", - "frame.time_relative": "924.138341000", - "frame.number": "3668", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1319", - "udp.dstport": "5353", - "udp.port": "1319", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00007b52", - "udp.checksum.status": "2", - "udp.stream": "18" - }, - "mdns": { - "dns.id": "0x00000271", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=625", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:01:58.733910000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494518.733910000", - "frame.time_delta": "3.134883000", - "frame.time_delta_displayed": "3.134883000", - "frame.time_relative": "927.273224000", - "frame.number": "3669", - "frame.len": "136", - "frame.cap_len": "136", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "122", - "ip.id": "0x0000a4b2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000034a7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "102", - "udp.checksum": "0x0000302a", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000003", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", - "dns.qry.name.len": "70", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:00.598200000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494520.598200000", - "frame.time_delta": "1.864290000", - "frame.time_delta_displayed": "1.864290000", - "frame.time_relative": "929.137514000", - "frame.number": "3670", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001db3", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000ba3d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00000c91", - "udp.checksum.status": "2", - "udp.stream": "16" - }, - "mdns": { - "dns.id": "0x00000271", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=625", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:00.600614000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494520.600614000", - "frame.time_delta": "0.002414000", - "frame.time_delta_displayed": "0.002414000", - "frame.time_relative": "929.139928000", - "frame.number": "3671", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001db4", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009b38", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000ed8c", - "udp.checksum.status": "2", - "udp.stream": "17" - }, - "mdns": { - "dns.id": "0x00000271", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=625", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:00.601012000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494520.601012000", - "frame.time_delta": "0.000398000", - "frame.time_delta_displayed": "0.000398000", - "frame.time_relative": "929.140326000", - "frame.number": "3672", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1319", - "udp.dstport": "5353", - "udp.port": "1319", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00007b52", - "udp.checksum.status": "2", - "udp.stream": "18" - }, - "mdns": { - "dns.id": "0x00000271", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=625", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:04.048415000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494524.048415000", - "frame.time_delta": "3.447403000", - "frame.time_delta_displayed": "3.447403000", - "frame.time_relative": "932.587729000", - "frame.number": "3673", - "frame.len": "94", - "frame.cap_len": "94", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "80", - "ip.id": "0x000057f4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a675", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "40", - "tcp.seq": "282", - "tcp.nxtseq": "322", - "tcp.ack": "253", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f070", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "40", - "tcp.analysis.push_bytes_sent": "40" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "35", - "ssl.app_data": "c1:4c:bc:6e:d4:4e:36:e3:d0:68:56:59:24:6a:8c:62:38:41:fa:61:f5:40:d3:e9:9d:94:f2:2e:43:5d:5e:5c:60:0f:18" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:04.191955000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494524.191955000", - "frame.time_delta": "0.143540000", - "frame.time_delta_displayed": "0.143540000", - "frame.time_relative": "932.731269000", - "frame.number": "3674", - "frame.len": "90", - "frame.cap_len": "90", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "76", - "ip.id": "0x00000fe2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fd8b", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "36", - "tcp.seq": "253", - "tcp.nxtseq": "289", - "tcp.ack": "322", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000e4fe", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3673", - "tcp.analysis.ack_rtt": "0.143540000", - "tcp.analysis.bytes_in_flight": "36", - "tcp.analysis.push_bytes_sent": "36" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "31", - "ssl.app_data": "54:26:79:5a:1e:3d:fa:69:c6:6b:dd:b4:7d:55:96:77:2d:b4:1f:78:8b:f9:05:98:14:23:62:dc:ec:1c:ea" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:04.192495000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494524.192495000", - "frame.time_delta": "0.000540000", - "frame.time_delta_displayed": "0.000540000", - "frame.time_relative": "932.731809000", - "frame.number": "3675", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000057f5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a69c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "322", - "tcp.ack": "289", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000045e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3674", - "tcp.analysis.ack_rtt": "0.000540000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:04.946442000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494524.946442000", - "frame.time_delta": "0.753947000", - "frame.time_delta_displayed": "0.753947000", - "frame.time_relative": "933.485756000", - "frame.number": "3676", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x0000b6f8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000125f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:04.999349000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494524.999349000", - "frame.time_delta": "0.052907000", - "frame.time_delta_displayed": "0.052907000", - "frame.time_relative": "933.538663000", - "frame.number": "3677", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x0000b6fb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000125c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:05.052379000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494525.052379000", - "frame.time_delta": "0.053030000", - "frame.time_delta_displayed": "0.053030000", - "frame.time_relative": "933.591693000", - "frame.number": "3678", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x0000b701", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000124d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:05.105203000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494525.105203000", - "frame.time_delta": "0.052824000", - "frame.time_delta_displayed": "0.052824000", - "frame.time_relative": "933.644517000", - "frame.number": "3679", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x0000b706", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00001248", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:05.158121000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494525.158121000", - "frame.time_delta": "0.052918000", - "frame.time_delta_displayed": "0.052918000", - "frame.time_relative": "933.697435000", - "frame.number": "3680", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x0000b708", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000124c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:05.211018000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494525.211018000", - "frame.time_delta": "0.052897000", - "frame.time_delta_displayed": "0.052897000", - "frame.time_relative": "933.750332000", - "frame.number": "3681", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x0000b709", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000124b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:05.598433000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494525.598433000", - "frame.time_delta": "0.387415000", - "frame.time_delta_displayed": "0.387415000", - "frame.time_relative": "934.137747000", - "frame.number": "3682", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001db8", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000ba38", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00000c91", - "udp.checksum.status": "2", - "udp.stream": "16" - }, - "mdns": { - "dns.id": "0x00000271", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=625", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:05.599011000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494525.599011000", - "frame.time_delta": "0.000578000", - "frame.time_delta_displayed": "0.000578000", - "frame.time_relative": "934.138325000", - "frame.number": "3683", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001db9", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009b33", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000ed8c", - "udp.checksum.status": "2", - "udp.stream": "17" - }, - "mdns": { - "dns.id": "0x00000271", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=625", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:05.599579000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494525.599579000", - "frame.time_delta": "0.000568000", - "frame.time_delta_displayed": "0.000568000", - "frame.time_relative": "934.138893000", - "frame.number": "3684", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1319", - "udp.dstport": "5353", - "udp.port": "1319", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00007b52", - "udp.checksum.status": "2", - "udp.stream": "18" - }, - "mdns": { - "dns.id": "0x00000271", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=625", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:06.483051000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494526.483051000", - "frame.time_delta": "0.883472000", - "frame.time_delta_displayed": "0.883472000", - "frame.time_relative": "935.022365000", - "frame.number": "3685", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005c91", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x00005b58", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:07.508385000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494527.508385000", - "frame.time_delta": "1.025334000", - "frame.time_delta_displayed": "1.025334000", - "frame.time_relative": "936.047699000", - "frame.number": "3686", - "frame.len": "130", - "frame.cap_len": "130", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "116", - "ip.id": "0x00000ac6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000edca", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "96", - "udp.checksum": "0x000007d3", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:2a:c4:98:32:40:46:cd:f2:14:6b:00:00:00:52:a0:21:21:33:33:34:21:00:00:00:00:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", - "data.len": "88" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:13.750549000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494533.750549000", - "frame.time_delta": "6.242164000", - "frame.time_delta_displayed": "6.242164000", - "frame.time_relative": "942.289863000", - "frame.number": "3687", - "frame.len": "20", - "frame.cap_len": "20", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:llc" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.len": "6" - }, - "llc": { - "llc.dsap": "0x00000000", - "llc.dsap_tree": { - "llc.dsap.sap": "0", - "llc.dsap.ig": "0" - }, - "llc.ssap": "0x00000001", - "llc.ssap_tree": { - "llc.ssap.sap": "0", - "llc.ssap.cr": "1" - }, - "llc.control": "0x000000af", - "llc.control_tree": { - "llc.control.u_modifier_resp": "0x0000002b", - "llc.control.ftype": "0x00000003" - } - }, - "basicxid": { - "basicxid.llc.xid.format": "0x00000081", - "basicxid.llc.xid.types": "0x00000001", - "basicxid.llc.xid.wsize": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:14.010120000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494534.010120000", - "frame.time_delta": "0.259571000", - "frame.time_delta_displayed": "0.259571000", - "frame.time_relative": "942.549434000", - "frame.number": "3688", - "frame.len": "350", - "frame.cap_len": "350", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:bootp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "336", - "ip.id": "0x00000000", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ba9d", - "ip.checksum.status": "2", - "ip.src": "0.0.0.0", - "ip.addr": "0.0.0.0", - "ip.src_host": "0.0.0.0", - "ip.host": "0.0.0.0", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "68", - "udp.dstport": "67", - "udp.port": "68", - "udp.port": "67", - "udp.length": "316", - "udp.checksum": "0x00004f9e", - "udp.checksum.status": "2", - "udp.stream": "3" - }, - "bootp": { - "bootp.type": "1", - "bootp.hw.type": "0x00000001", - "bootp.hw.len": "6", - "bootp.hops": "0", - "bootp.id": "0xabcd0001", - "bootp.secs": "0", - "bootp.flags": "0x00000000", - "bootp.flags_tree": { - "bootp.flags.bc": "0", - "bootp.flags.reserved": "0x00000000" - }, - "bootp.ip.client": "0.0.0.0", - "bootp.ip.your": "0.0.0.0", - "bootp.ip.server": "0.0.0.0", - "bootp.ip.relay": "0.0.0.0", - "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", - "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", - "bootp.server": "", - "bootp.file": "", - "bootp.dhcp": "1", - "bootp.cookie": "99.130.83.99", - "bootp.option.type": "53", - "bootp.option.type_tree": { - "bootp.option.length": "1", - "bootp.option.value": "01", - "bootp.option.dhcp": "1" - }, - "bootp.option.type": "12", - "bootp.option.type_tree": { - "bootp.option.length": "14", - "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", - "bootp.option.hostname": "USR-WIFI232-G2" - }, - "bootp.option.type": "57", - "bootp.option.type_tree": { - "bootp.option.length": "2", - "bootp.option.value": "05:dc", - "bootp.option.dhcp_max_message_size": "1500" - }, - "bootp.option.type": "55", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "01:03:1c:06", - "bootp.option.request_list_item": "1", - "bootp.option.request_list_item": "3", - "bootp.option.request_list_item": "28", - "bootp.option.request_list_item": "6" - }, - "bootp.option.type": "0", - "bootp.option.type_tree": { - "bootp.option.end": "255" - }, - "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:14.057439000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494534.057439000", - "frame.time_delta": "0.047319000", - "frame.time_delta_displayed": "0.047319000", - "frame.time_relative": "942.596753000", - "frame.number": "3689", - "frame.len": "350", - "frame.cap_len": "350", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:bootp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "336", - "ip.id": "0x00000001", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ba9c", - "ip.checksum.status": "2", - "ip.src": "0.0.0.0", - "ip.addr": "0.0.0.0", - "ip.src_host": "0.0.0.0", - "ip.host": "0.0.0.0", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "68", - "udp.dstport": "67", - "udp.port": "68", - "udp.port": "67", - "udp.length": "316", - "udp.checksum": "0x000080b3", - "udp.checksum.status": "2", - "udp.stream": "3" - }, - "bootp": { - "bootp.type": "1", - "bootp.hw.type": "0x00000001", - "bootp.hw.len": "6", - "bootp.hops": "0", - "bootp.id": "0xabcd0002", - "bootp.secs": "0", - "bootp.flags": "0x00000000", - "bootp.flags_tree": { - "bootp.flags.bc": "0", - "bootp.flags.reserved": "0x00000000" - }, - "bootp.ip.client": "0.0.0.0", - "bootp.ip.your": "0.0.0.0", - "bootp.ip.server": "0.0.0.0", - "bootp.ip.relay": "0.0.0.0", - "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", - "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", - "bootp.server": "", - "bootp.file": "", - "bootp.dhcp": "1", - "bootp.cookie": "99.130.83.99", - "bootp.option.type": "53", - "bootp.option.type_tree": { - "bootp.option.length": "1", - "bootp.option.value": "03", - "bootp.option.dhcp": "3" - }, - "bootp.option.type": "12", - "bootp.option.type_tree": { - "bootp.option.length": "14", - "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", - "bootp.option.hostname": "USR-WIFI232-G2" - }, - "bootp.option.type": "57", - "bootp.option.type_tree": { - "bootp.option.length": "2", - "bootp.option.value": "05:dc", - "bootp.option.dhcp_max_message_size": "1500" - }, - "bootp.option.type": "50", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "c0:a8:00:72", - "bootp.option.requested_ip_address": "192.168.0.114" - }, - "bootp.option.type": "54", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "c0:a8:00:01", - "bootp.option.dhcp_server_id": "192.168.0.1" - }, - "bootp.option.type": "55", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "01:03:1c:06", - "bootp.option.request_list_item": "1", - "bootp.option.request_list_item": "3", - "bootp.option.request_list_item": "28", - "bootp.option.request_list_item": "6" - }, - "bootp.option.type": "0", - "bootp.option.type_tree": { - "bootp.option.end": "255" - }, - "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:14.087552000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494534.087552000", - "frame.time_delta": "0.030113000", - "frame.time_delta_displayed": "0.030113000", - "frame.time_relative": "942.626866000", - "frame.number": "3690", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", - "arp.src.proto_ipv4": "0.0.0.0", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.114" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:14.486579000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494534.486579000", - "frame.time_delta": "0.399027000", - "frame.time_delta_displayed": "0.399027000", - "frame.time_relative": "943.025893000", - "frame.number": "3691", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", - "arp.src.proto_ipv4": "0.0.0.0", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.114" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:18.525369000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494538.525369000", - "frame.time_delta": "4.038790000", - "frame.time_delta_displayed": "4.038790000", - "frame.time_relative": "947.064683000", - "frame.number": "3692", - "frame.len": "115", - "frame.cap_len": "115", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "101", - "ip.id": "0x000095fa", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007754", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "49", - "tcp.seq": "52737", - "tcp.nxtseq": "52786", - "tcp.ack": "11871", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000015b0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:22:e1:a7:9e:7a:f3", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2499297, TSecr 2812181235": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2499297", - "tcp.options.timestamp.tsecr": "2812181235" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "49", - "tcp.analysis.push_bytes_sent": "49" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "44", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:b9:96:b3:c1:43:d0:81:02:bc:56:b9:ed:04:65:03:5b:d3:2b:77:26:1d:aa:c1:81:42:e8:50:75:0b:6a:98:2f:26:db:12:df:ab" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:18.585669000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494538.585669000", - "frame.time_delta": "0.060300000", - "frame.time_delta_displayed": "0.060300000", - "frame.time_relative": "947.124983000", - "frame.number": "3693", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d03", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000387c", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "11871", - "tcp.ack": "52786", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f0d7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:98:42:00:26:22:e1", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812188738, TSecr 2499297": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812188738", - "tcp.options.timestamp.tsecr": "2499297" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3692", - "tcp.analysis.ack_rtt": "0.060300000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:18.586118000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494538.586118000", - "frame.time_delta": "0.000449000", - "frame.time_delta_displayed": "0.000449000", - "frame.time_relative": "947.125432000", - "frame.number": "3694", - "frame.len": "121", - "frame.cap_len": "121", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "107", - "ip.id": "0x00002d04", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003844", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "55", - "tcp.seq": "11871", - "tcp.nxtseq": "11926", - "tcp.ack": "52786", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00006908", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:98:42:00:26:22:e1", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812188738, TSecr 2499297": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812188738", - "tcp.options.timestamp.tsecr": "2499297" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "55", - "tcp.analysis.push_bytes_sent": "55" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "50", - "ssl.app_data": "34:cd:34:17:47:48:0e:7d:13:ed:eb:13:5e:91:ac:e8:0c:25:dd:fc:0c:ac:30:c8:c7:d8:b1:66:20:8d:81:6d:51:11:e0:df:45:08:90:79:4a:26:10:fa:ad:2a:84:74:ed:13" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:18.619536000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494538.619536000", - "frame.time_delta": "0.033418000", - "frame.time_delta_displayed": "0.033418000", - "frame.time_relative": "947.158850000", - "frame.number": "3695", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x000095fb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007784", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "52786", - "tcp.ack": "11926", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000efa7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:22:eb:a7:9e:98:42", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2499307, TSecr 2812188738": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2499307", - "tcp.options.timestamp.tsecr": "2812188738" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3694", - "tcp.analysis.ack_rtt": "0.033418000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:18.762766000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494538.762766000", - "frame.time_delta": "0.143230000", - "frame.time_delta_displayed": "0.143230000", - "frame.time_relative": "947.302080000", - "frame.number": "3696", - "frame.len": "136", - "frame.cap_len": "136", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "122", - "ip.id": "0x0000ba4a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00001f0f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "102", - "udp.checksum": "0x0000302a", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000003", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", - "dns.qry.name.len": "70", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:19.190574000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494539.190574000", - "frame.time_delta": "0.427808000", - "frame.time_delta_displayed": "0.427808000", - "frame.time_relative": "947.729888000", - "frame.number": "3697", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", - "arp.src.proto_ipv4": "192.168.0.114", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:23.590936000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494543.590936000", - "frame.time_delta": "4.400362000", - "frame.time_delta_displayed": "4.400362000", - "frame.time_relative": "952.130250000", - "frame.number": "3698", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.242" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:23.591385000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494543.591385000", - "frame.time_delta": "0.000449000", - "frame.time_delta_displayed": "0.000449000", - "frame.time_relative": "952.130699000", - "frame.number": "3699", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "d0:52:a8:a3:60:0f", - "arp.src.proto_ipv4": "192.168.0.242", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:25.208443000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494545.208443000", - "frame.time_delta": "1.617058000", - "frame.time_delta_displayed": "1.617058000", - "frame.time_relative": "953.747757000", - "frame.number": "3700", - "frame.len": "134", - "frame.cap_len": "134", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:adwin_config" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "120", - "ip.id": "0x00000ac8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000edc4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "100", - "udp.checksum": "0x0000c105", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "adwin_config": { - "adwin_config.pattern": "0x5c000054", - "adwin_config.version": "1112689490", - "adwin_config.scan_id": "0xd073d502", - "adwin_config.status": "0x41da0000", - "adwin_config.timeout": "1279870552", - "adwin_config.filename": "V2", - "adwin_config.mac": "9f:36:19:4e:7a:42", - "adwin_config.unused": "" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:26.092370000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494546.092370000", - "frame.time_delta": "0.883927000", - "frame.time_delta_displayed": "0.883927000", - "frame.time_relative": "954.631684000", - "frame.number": "3701", - "frame.len": "264", - "frame.cap_len": "264", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "250", - "ip.id": "0x00002d05", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037b4", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "198", - "tcp.seq": "11926", - "tcp.nxtseq": "12124", - "tcp.ack": "52786", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000561c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:9f:97:00:26:22:eb", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812190615, TSecr 2499307": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812190615", - "tcp.options.timestamp.tsecr": "2499307" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "198", - "tcp.analysis.push_bytes_sent": "198" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "193", - "ssl.app_data": "34:cd:34:17:47:48:0e:7e:1f:6b:5d:ac:9d:be:7b:d3:0f:e5:04:15:78:e4:61:0f:71:9d:8e:73:57:fb:7c:9b:8c:58:54:0c:c4:a5:99:30:74:59:df:30:80:25:c0:31:e3:6c:8c:fe:ce:75:9a:2a:2e:d1:a5:11:ee:c6:ee:87:d2:b5:75:31:7c:df:bb:13:68:9e:3b:9b:6d:45:b3:69:85:8d:44:68:2e:c5:16:4e:bf:c2:d2:4c:93:0c:04:f3:25:66:63:1a:a0:ce:71:8b:17:c4:94:f5:77:1f:4e:8f:f2:4f:be:0b:77:e1:5b:1d:1e:96:32:b1:3e:d8:af:d7:ba:e2:ba:ed:61:b0:ca:3f:b7:bc:c5:38:8a:05:b3:a8:e0:ac:ec:92:56:5b:40:bf:60:46:fc:2f:f6:64:a3:35:0d:21:ed:f9:f7:cc:af:86:a2:79:ef:d0:55:e9:6c:81:a1:06:a8:73:77:13:df:82:68:f3:7b:35:d0:e0:a6:f3:e7" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:26.092861000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494546.092861000", - "frame.time_delta": "0.000491000", - "frame.time_delta_displayed": "0.000491000", - "frame.time_relative": "954.632175000", - "frame.number": "3702", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x000095fc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007783", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "52786", - "tcp.ack": "12124", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000e4a1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:25:d6:a7:9e:9f:97", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2500054, TSecr 2812190615": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2500054", - "tcp.options.timestamp.tsecr": "2812190615" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3701", - "tcp.analysis.ack_rtt": "0.000491000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:26.099537000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494546.099537000", - "frame.time_delta": "0.006676000", - "frame.time_delta_displayed": "0.006676000", - "frame.time_relative": "954.638851000", - "frame.number": "3703", - "frame.len": "119", - "frame.cap_len": "119", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "105", - "ip.id": "0x000095fd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000774d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "53", - "tcp.seq": "52786", - "tcp.nxtseq": "52839", - "tcp.ack": "12124", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00009459", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:25:d7:a7:9e:9f:97", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2500055, TSecr 2812190615": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2500055", - "tcp.options.timestamp.tsecr": "2812190615" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "53", - "tcp.analysis.push_bytes_sent": "53" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "48", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:ba:e8:de:bc:d0:24:bf:64:4a:66:5f:f3:33:a5:36:de:11:44:4e:81:7c:74:b2:c5:d7:50:90:20:b9:b9:31:3e:b5:b5:ae:9b:fa:f0:54:32:77" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:26.198444000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494546.198444000", - "frame.time_delta": "0.098907000", - "frame.time_delta_displayed": "0.098907000", - "frame.time_relative": "954.737758000", - "frame.number": "3704", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d06", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003879", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "12124", - "tcp.ack": "52839", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000e53f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:9f:b2:00:26:25:d7", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812190642, TSecr 2500055": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812190642", - "tcp.options.timestamp.tsecr": "2500055" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3703", - "tcp.analysis.ack_rtt": "0.098907000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:26.199160000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494546.199160000", - "frame.time_delta": "0.000716000", - "frame.time_delta_displayed": "0.000716000", - "frame.time_relative": "954.738474000", - "frame.number": "3705", - "frame.len": "1440", - "frame.cap_len": "1440", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1426", - "ip.id": "0x000095fe", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007223", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "1374", - "tcp.seq": "52839", - "tcp.nxtseq": "54213", - "tcp.ack": "12124", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00001969", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:25:e0:a7:9e:9f:b2", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2500064, TSecr 2812190642": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2500064", - "tcp.options.timestamp.tsecr": "2812190642" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "1374", - "tcp.analysis.push_bytes_sent": "1374" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:bb:0e:2b:c4:90:4d:15:fe:af:e2:43:cd:b7:bc:cf:ff:32:39:4b:98:65:a5:81:2c:1d:e6:af:5e:7a:82:03:a4:87:80:b9:f0:13:e7:a8:ea:70:d3" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "96", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:bc:78:45:5f:93:90:36:09:fe:7e:d3:bb:4a:cd:4e:07:31:0b:29:61:50:11:f5:1a:e6:a5:b5:53:f4:dd:d2:5b:e1:fd:69:26:80:d5:84:f6:70:71:6e:a0:8b:2b:50:1f:7b:3e:5a:0a:51:87:28:3f:3a:94:5f:d5:91:dc:cf:68:2d:d8:97:49:b9:80:76:5f:86:6c:80:88:4e:c5:02:15:22:3f:92:5e:4c:18:29:21:82" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "1078", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:bd:4f:80:ea:08:ce:6b:c2:0c:6c:8b:25:b4:07:be:05:f5:7e:70:ea:9e:5f:1b:f7:cb:36:d5:af:76:4c:ae:0a:f8:cf:74:96:dc:c3:a1:41:f1:a9:d4:3d:fe:b5:b2:7c:72:54:6d:a5:57:ec:9c:4d:04:c1:47:09:f0:b9:df:a5:f1:c6:0a:fd:32:ae:54:c6:88:11:bb:ac:05:de:d8:8a:b5:19:be:66:da:86:26:49:de:33:0f:10:50:bc:e7:5c:c0:b7:78:19:d8:67:11:76:6e:5f:07:96:c9:42:42:28:59:9e:cc:c1:27:30:d5:e0:27:60:28:27:09:3c:b7:5f:9c:7e:ad:45:42:39:bf:c9:99:91:d5:e1:e4:7c:53:ee:45:1f:20:e3:57:4b:57:12:da:fb:6c:34:a0:83:af:da:00:c2:61:24:b5:90:3b:66:52:aa:dd:bc:43:94:f2:80:ca:fe:16:68:fe:cd:ed:4f:b5:ea:f8:3f:cd:ae:57:88:fe:1e:4f:9e:fa:cf:64:28:70:9d:6a:5e:af:d5:2c:8b:55:c7:49:61:eb:23:af:90:aa:e2:d8:1b:2c:c4:d7:9c:00:6c:59:c5:77:6d:9d:9d:3d:1e:5f:3b:41:d6:a7:3f:82:f1:fa:0e:3d:4f:0a:15:61:9a:5d:0e:22:a6:d4:49:0b:34:d8:d0:52:59:44:78:66:7d:2d:f3:7d:dd:59:37:a2:8d:b8:9e:17:02:94:ca:f8:b7:c6:9d:c2:20:b0:48:e6:55:8f:1d:59:2b:bb:24:ad:37:72:9e:5d:41:f4:48:87:97:82:1f:ef:6b:d5:a5:53:fa:7b:50:3f:19:ce:c9:16:50:3b:da:9b:e8:0b:ab:cd:2f:b4:56:88:43:9f:0b:2c:34:65:12:7a:ba:4d:3d:ad:24:5b:76:05:ac:9a:55:15:8f:a8:fe:c4:85:7f:6e:d6:d3:c8:01:d5:24:61:b7:28:a5:47:8b:a6:d5:e5:11:5d:59:24:31:f6:04:07:53:2e:89:83:c6:df:22:75:1d:fe:59:8b:65:5b:fa:da:05:d8:e4:41:25:d7:03:25:a7:85:c5:0e:04:1e:32:de:c1:e8:c0:4f:b4:fd:b2:4c:db:ae:dd:65:7f:e9:c6:6d:dd:e7:c5:ca:94:69:d5:a8:58:e3:1a:52:80:91:36:3a:ac:42:4a:22:d4:27:05:00:ab:b0:f4:1e:4e:c6:d6:a8:f5:04:ea:5a:5a:89:16:7b:75:aa:85:5c:33:11:45:97:02:3b:5d:d0:8e:52:58:eb:8d:5a:6e:e1:73:98:97:ed:36:f1:0a:d3:cd:38:fd:de:70:a4:a6:3b:e7:37:b1:84:de:bd:12:54:03:38:29:ed:5e:ba:0e:72:9a:77:ab:87:d5:b2:ea:83:51:7a:2e:8a:47:41:ef:5c:42:7e:c0:a8:f9:c9:72:05:d2:a5:3b:43:cf:bb:6f:12:f5:0c:7b:a8:7b:9a:25:65:57:97:4e:8e:b3:4a:4f:fe:b4:7a:b5:a5:0f:53:5e:3e:d4:56:52:8a:2e:9f:a3:95:81:9d:fd:95:0a:12:38:02:38:b8:32:fe:27:d3:35:00:ab:81:08:2d:cd:44:6b:6f:7d:37:bc:ae:37:53:2d:5e:0d:52:5c:e5:81:59:48:1f:1f:f0:13:69:69:32:af:35:58:d5:56:9f:2f:84:db:ac:c5:3d:57:b7:68:5f:5f:92:0c:2f:ab:bf:99:7c:33:51:ef:e1:ae:ae:a8:1d:2d:1b:07:13:cf:74:51:bf:a1:72:a5:1a:3c:40:a2:f7:3f:df:9f:7f:d9:72:b8:c8:6b:27:71:7c:aa:86:3d:08:5a:14:34:f7:e3:e1:c9:c1:30:84:f8:99:51:27:0b:ba:cd:6b:6f:5d:3c:de:91:0a:9d:90:01:a2:e1:01:15:cf:8b:a4:28:07:4a:14:da:ef:35:80:dc:24:ef:83:99:af:33:86:a4:46:de:7c:4a:2b:db:32:5c:3c:9d:29:cc:63:02:54:9f:2e:c8:94:5e:b3:3b:f5:68:f1:67:5c:13:c7:65:c9:6e:40:b9:b5:fc:7b:52:f0:36:03:6c:1f:a6:3b:03:90:24:4e:8b:b7:d3:2a:9d:80:47:4e:44:e7:0e:aa:51:ec:1e:0c:c0:5d:d2:76:3d:20:cd:7c:98:92:47:68:52:74:0d:e1:53:5c:7e:4e:9b:c2:11:19:19:b1:d2:83:9e:e3:a7:06:45:eb:6f:ba:cc:69:aa:06:a0:e4:2a:4b:c2:cb:b8:f0:ac:0c:6d:0c:39:e1:88:06:17:e0:21:8c:c4:f4:cd:c7:80:26:03:b5:7c:79:5c:3a:5a:da:ce:8e:d6:4b:e7:a1:73:5f:21:ab:c4:f5:7b:0e:f5:9f:44:29:58:f5:c2:16:d4:6f:a9:3d:ae:e4:d6:fd:57:78:0e:1b:ac:d8:75:22:88:0b:46:29:c3:f9:91:72:c6:4a:a3:e4:14:7e:5d:bb:3b:41:13:3c:2b:3e:9a:4e:25:9f:7a:be:f3:f2:46:80:7d:e7:21:27:08:01:c0:8a:1b:9c:ed:df:31:2c:40:c6:6d:1f:a1:90:19:83:36:ff:a2:d5:1d:dd:56:9a:51:bb:5e:e2:29:6f:6a:c7:e9:06:d6:5d:2b:6d:a0:d5:b7:56:4c:7e:ec:98:a2:9d:85:2a:a2:98:37:09:f0:e0:5e:22:46:26:85:20:99:1d:98:46:fe:79:e3:00:03:4d:3e:1c:c3:cc:c4:2f:dd:be:aa:50:00:41:59:b7:c6:43:ec:25:54:8a:17:0a:89:cf:1e:f8:5f:59:11:7a:be:46:a8:78:b5:db" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "131", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:be:30:2e:3d:53:e1:05:bb:45:1f:15:7d:b9:9d:85:ff:f8:8a:80:30:27:05:7a:e2:ba:84:f2:3a:68:b7:19:02:80:10:c2:47:c9:16:da:63:a0:9d:63:14:08:d5:dc:f7:89:77:a3:2b:1e:f5:a9:a6:db:c4:d4:55:2f:b9:53:94:c8:b3:9a:39:a4:6a:51:a9:0a:d1:17:c4:da:18:62:d5:f0:3d:59:2b:05:6f:08:24:af:53:1d:75:da:2e:37:8c:0d:74:2e:83:23:4f:49:91:ea:7d:a2:21:83:08:a0:3f:fe:ea:c6:8f:34:5a:ce:f9:8a:f8:b3:b8" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:26.259501000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494546.259501000", - "frame.time_delta": "0.060341000", - "frame.time_delta_displayed": "0.060341000", - "frame.time_relative": "954.798815000", - "frame.number": "3706", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d07", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003878", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "12124", - "tcp.ack": "54213", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000dfc9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:9f:c1:00:26:25:e0", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812190657, TSecr 2500064": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812190657", - "tcp.options.timestamp.tsecr": "2500064" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3705", - "tcp.analysis.ack_rtt": "0.060341000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:26.518886000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494546.518886000", - "frame.time_delta": "0.259385000", - "frame.time_delta_displayed": "0.259385000", - "frame.time_relative": "955.058200000", - "frame.number": "3707", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "106", - "ip.id": "0x000095ff", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000774a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "54", - "tcp.seq": "54213", - "tcp.nxtseq": "54267", - "tcp.ack": "12124", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000d5f1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:26:00:a7:9e:9f:c1", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2500096, TSecr 2812190657": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2500096", - "tcp.options.timestamp.tsecr": "2812190657" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "54", - "tcp.analysis.push_bytes_sent": "54" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:bf:4e:2f:9d:32:34:a0:d2:dc:37:d6:62:8c:af:ed:fb:22:75:42:3a:ea:74:fc:09:12:e0:ec:6e:f0:49:8c:2e:aa:5b:97:16:bf:2c:9f:a0:aa:fc" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:26.579752000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494546.579752000", - "frame.time_delta": "0.060866000", - "frame.time_delta_displayed": "0.060866000", - "frame.time_relative": "955.119066000", - "frame.number": "3708", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d08", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003877", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "12124", - "tcp.ack": "54267", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000df23", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:a0:11:00:26:26:00", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812190737, TSecr 2500096": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812190737", - "tcp.options.timestamp.tsecr": "2500096" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3707", - "tcp.analysis.ack_rtt": "0.060866000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:28.852700000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494548.852700000", - "frame.time_delta": "2.272948000", - "frame.time_delta_displayed": "2.272948000", - "frame.time_relative": "957.392014000", - "frame.number": "3709", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "3c:ef:8c:6f:79:5a", - "eth.src_tree": { - "eth.src_resolved": "Zhejiang_6f:79:5a", - "eth.addr": "3c:ef:8c:6f:79:5a", - "eth.addr_resolved": "Zhejiang_6f:79:5a", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.isgratuitous": "1", - "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", - "arp.src.proto_ipv4": "192.168.0.71", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.71" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:30.322156000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494550.322156000", - "frame.time_delta": "1.469456000", - "frame.time_delta_displayed": "1.469456000", - "frame.time_relative": "958.861470000", - "frame.number": "3710", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "60:57:18:8e:aa:94", - "arp.src.proto_ipv4": "192.168.0.108", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:32.831553000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494552.831553000", - "frame.time_delta": "2.509397000", - "frame.time_delta_displayed": "2.509397000", - "frame.time_relative": "961.370867000", - "frame.number": "3711", - "frame.len": "326", - "frame.cap_len": "326", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:data-text-lines" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "312", - "ip.id": "0x00000c20", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "47", - "ip.proto": "6", - "ip.checksum": "0x000086a4", - "ip.checksum.status": "2", - "ip.src": "54.241.191.234", - "ip.addr": "54.241.191.234", - "ip.src_host": "54.241.191.234", - "ip.host": "54.241.191.234", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.src_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.src_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.src_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49769", - "tcp.port": "80", - "tcp.port": "49769", - "tcp.stream": "144", - "tcp.len": "272", - "tcp.seq": "1", - "tcp.nxtseq": "273", - "tcp.ack": "258", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "30016", - "tcp.window_size": "30016", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000089c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.018096000", - "tcp.analysis.bytes_in_flight": "272", - "tcp.analysis.push_bytes_sent": "272" - } - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.date": "Wed, 01 Nov 2017 00:02:32 GMT", - "http.response.line": "Date: Wed, 01 Nov 2017 00:02:32 GMT\r\n", - "http.content_type": "text\/javascript; charset=\"UTF-8\"", - "http.response.line": "Content-Type: text\/javascript; charset=\"UTF-8\"\r\n", - "http.content_length_header": "32", - "http.content_length_header_tree": { - "http.content_length": "32" - }, - "http.response.line": "Content-Length: 32\r\n", - "http.connection": "keep-alive", - "http.response.line": "Connection: keep-alive\r\n", - "http.cache_control": "no-cache", - "http.response.line": "Cache-Control: no-cache\r\n", - "http.response.line": "Access-Control-Allow-Origin: *\r\n", - "http.response.line": "Access-Control-Allow-Methods: GET\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "47.936907000", - "http.request_in": "3614", - "http.file_data": "[[15453857],\"15094945528362978\"]" - }, - "data-text-lines": { - "[[15453857],\"15094945528362978\"]": "" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:32.865202000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494552.865202000", - "frame.time_delta": "0.033649000", - "frame.time_delta_displayed": "0.033649000", - "frame.time_relative": "961.404516000", - "frame.number": "3712", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001026", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x0000f3ad", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.241.191.234", - "ip.addr": "54.241.191.234", - "ip.dst_host": "54.241.191.234", - "ip.host": "54.241.191.234", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49769", - "tcp.dstport": "80", - "tcp.port": "49769", - "tcp.port": "80", - "tcp.stream": "144", - "tcp.len": "0", - "tcp.seq": "258", - "tcp.ack": "273", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "5328", - "tcp.window_size": "5328", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x000025f9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3711", - "tcp.analysis.ack_rtt": "0.033649000", - "tcp.analysis.initial_rtt": "0.018096000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:32.876699000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494552.876699000", - "frame.time_delta": "0.011497000", - "frame.time_delta_displayed": "0.011497000", - "frame.time_relative": "961.416013000", - "frame.number": "3713", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000c21", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "47", - "ip.proto": "6", - "ip.checksum": "0x000087b3", - "ip.checksum.status": "2", - "ip.src": "54.241.191.234", - "ip.addr": "54.241.191.234", - "ip.src_host": "54.241.191.234", - "ip.host": "54.241.191.234", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.src_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.src_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.src_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49769", - "tcp.port": "80", - "tcp.port": "49769", - "tcp.stream": "144", - "tcp.len": "0", - "tcp.seq": "273", - "tcp.ack": "259", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "30016", - "tcp.window_size": "30016", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000c587", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3712", - "tcp.analysis.ack_rtt": "0.011497000", - "tcp.analysis.initial_rtt": "0.018096000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:32.882012000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494552.882012000", - "frame.time_delta": "0.005313000", - "frame.time_delta_displayed": "0.005313000", - "frame.time_relative": "961.421326000", - "frame.number": "3714", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001027", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x0000f3ac", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.241.191.234", - "ip.addr": "54.241.191.234", - "ip.dst_host": "54.241.191.234", - "ip.host": "54.241.191.234", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49769", - "tcp.dstport": "80", - "tcp.port": "49769", - "tcp.port": "80", - "tcp.stream": "144", - "tcp.len": "0", - "tcp.seq": "259", - "tcp.ack": "274", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5327", - "tcp.window_size": "5327", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x000025f9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3713", - "tcp.analysis.ack_rtt": "0.005313000", - "tcp.analysis.initial_rtt": "0.018096000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:33.438853000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494553.438853000", - "frame.time_delta": "0.556841000", - "frame.time_delta_displayed": "0.556841000", - "frame.time_relative": "961.978167000", - "frame.number": "3715", - "frame.len": "78", - "frame.cap_len": "78", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "64", - "ip.id": "0x00001028", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000029bb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "49153", - "udp.dstport": "53", - "udp.port": "49153", - "udp.port": "53", - "udp.length": "44", - "udp.checksum": "0x0000f377", - "udp.checksum.status": "2", - "udp.stream": "14" - }, - "dns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "home.myblossom.com: type A, class IN": { - "dns.qry.name": "home.myblossom.com", - "dns.qry.name.len": "18", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:33.440438000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494553.440438000", - "frame.time_delta": "0.001585000", - "frame.time_delta_displayed": "0.001585000", - "frame.time_relative": "961.979752000", - "frame.number": "3716", - "frame.len": "423", - "frame.cap_len": "423", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "409", - "ip.id": "0x00008a9d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00002ced", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "49153", - "udp.port": "53", - "udp.port": "49153", - "udp.length": "389", - "udp.checksum": "0x00008360", - "udp.checksum.status": "2", - "udp.stream": "14" - }, - "dns": { - "dns.response_to": "3715", - "dns.time": "0.001585000", - "dns.id": "0x00000000", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "2", - "dns.count.auth_rr": "4", - "dns.count.add_rr": "8", - "Queries": { - "home.myblossom.com: type A, class IN": { - "dns.qry.name": "home.myblossom.com", - "dns.qry.name.len": "18", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "home.myblossom.com: type A, class IN, addr 54.153.31.0": { - "dns.resp.name": "home.myblossom.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "10", - "dns.resp.len": "4", - "dns.a": "54.153.31.0" - }, - "home.myblossom.com: type A, class IN, addr 54.219.161.163": { - "dns.resp.name": "home.myblossom.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "10", - "dns.resp.len": "4", - "dns.a": "54.219.161.163" - } - }, - "Authoritative nameservers": { - "myblossom.com: type NS, class IN, ns ns-1743.awsdns-25.co.uk": { - "dns.resp.name": "myblossom.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "58030", - "dns.resp.len": "25", - "dns.ns": "ns-1743.awsdns-25.co.uk" - }, - "myblossom.com: type NS, class IN, ns ns-540.awsdns-03.net": { - "dns.resp.name": "myblossom.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "58030", - "dns.resp.len": "22", - "dns.ns": "ns-540.awsdns-03.net" - }, - "myblossom.com: type NS, class IN, ns ns-477.awsdns-59.com": { - "dns.resp.name": "myblossom.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "58030", - "dns.resp.len": "19", - "dns.ns": "ns-477.awsdns-59.com" - }, - "myblossom.com: type NS, class IN, ns ns-1324.awsdns-37.org": { - "dns.resp.name": "myblossom.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "58030", - "dns.resp.len": "23", - "dns.ns": "ns-1324.awsdns-37.org" - } - }, - "Additional records": { - "ns-477.awsdns-59.com: type A, class IN, addr 205.251.193.221": { - "dns.resp.name": "ns-477.awsdns-59.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "101577", - "dns.resp.len": "4", - "dns.a": "205.251.193.221" - }, - "ns-540.awsdns-03.net: type A, class IN, addr 205.251.194.28": { - "dns.resp.name": "ns-540.awsdns-03.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "57564", - "dns.resp.len": "4", - "dns.a": "205.251.194.28" - }, - "ns-1324.awsdns-37.org: type A, class IN, addr 205.251.197.44": { - "dns.resp.name": "ns-1324.awsdns-37.org", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "57648", - "dns.resp.len": "4", - "dns.a": "205.251.197.44" - }, - "ns-1743.awsdns-25.co.uk: type A, class IN, addr 205.251.198.207": { - "dns.resp.name": "ns-1743.awsdns-25.co.uk", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "57974", - "dns.resp.len": "4", - "dns.a": "205.251.198.207" - }, - "ns-477.awsdns-59.com: type AAAA, class IN, addr 2600:9000:5301:dd00::1": { - "dns.resp.name": "ns-477.awsdns-59.com", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "101577", - "dns.resp.len": "16", - "dns.aaaa": "2600:9000:5301:dd00::1" - }, - "ns-540.awsdns-03.net: type AAAA, class IN, addr 2600:9000:5302:1c00::1": { - "dns.resp.name": "ns-540.awsdns-03.net", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "57564", - "dns.resp.len": "16", - "dns.aaaa": "2600:9000:5302:1c00::1" - }, - "ns-1324.awsdns-37.org: type AAAA, class IN, addr 2600:9000:5305:2c00::1": { - "dns.resp.name": "ns-1324.awsdns-37.org", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "57648", - "dns.resp.len": "16", - "dns.aaaa": "2600:9000:5305:2c00::1" - }, - "ns-1743.awsdns-25.co.uk: type AAAA, class IN, addr 2600:9000:5306:cf00::1": { - "dns.resp.name": "ns-1743.awsdns-25.co.uk", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "57974", - "dns.resp.len": "16", - "dns.aaaa": "2600:9000:5306:cf00::1" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:33.449988000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494553.449988000", - "frame.time_delta": "0.009550000", - "frame.time_delta_displayed": "0.009550000", - "frame.time_relative": "961.989302000", - "frame.number": "3717", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "44", - "ip.id": "0x00001029", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x000094e9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.153.31.0", - "ip.addr": "54.153.31.0", - "ip.dst_host": "54.153.31.0", - "ip.host": "54.153.31.0", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49770", - "tcp.dstport": "80", - "tcp.port": "49770", - "tcp.port": "80", - "tcp.stream": "147", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "24", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "5600", - "tcp.window_size": "5600", - "tcp.checksum": "0x00006c9e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:78", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1400" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:33.462671000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494553.462671000", - "frame.time_delta": "0.012683000", - "frame.time_delta_displayed": "0.012683000", - "frame.time_relative": "962.001985000", - "frame.number": "3718", - "frame.len": "58", - "frame.cap_len": "58", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "44", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "238", - "ip.proto": "6", - "ip.checksum": "0x00007612", - "ip.checksum.status": "2", - "ip.src": "54.153.31.0", - "ip.addr": "54.153.31.0", - "ip.src_host": "54.153.31.0", - "ip.host": "54.153.31.0", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.src_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.src_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.src_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49770", - "tcp.port": "80", - "tcp.port": "49770", - "tcp.stream": "147", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "24", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "26883", - "tcp.window_size": "26883", - "tcp.checksum": "0x00009ee0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3717", - "tcp.analysis.ack_rtt": "0.012683000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:33.467959000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494553.467959000", - "frame.time_delta": "0.005288000", - "frame.time_delta_displayed": "0.005288000", - "frame.time_relative": "962.007273000", - "frame.number": "3719", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000102a", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x000094ec", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.153.31.0", - "ip.addr": "54.153.31.0", - "ip.dst_host": "54.153.31.0", - "ip.host": "54.153.31.0", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49770", - "tcp.dstport": "80", - "tcp.port": "49770", - "tcp.port": "80", - "tcp.stream": "147", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5600", - "tcp.window_size": "5600", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x000009c1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3718", - "tcp.analysis.ack_rtt": "0.005288000", - "tcp.analysis.initial_rtt": "0.017971000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:33.899600000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494553.899600000", - "frame.time_delta": "0.431641000", - "frame.time_delta_displayed": "0.431641000", - "frame.time_relative": "962.438914000", - "frame.number": "3720", - "frame.len": "77", - "frame.cap_len": "77", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "63", - "ip.id": "0x0000102b", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000029b9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "49153", - "udp.dstport": "53", - "udp.port": "49153", - "udp.port": "53", - "udp.length": "43", - "udp.checksum": "0x0000ae30", - "udp.checksum.status": "2", - "udp.stream": "14" - }, - "dns": { - "dns.id": "0x00000001", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "pubsub.pubnub.com: type A, class IN": { - "dns.qry.name": "pubsub.pubnub.com", - "dns.qry.name.len": "17", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:33.901569000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494553.901569000", - "frame.time_delta": "0.001969000", - "frame.time_delta_displayed": "0.001969000", - "frame.time_relative": "962.440883000", - "frame.number": "3721", - "frame.len": "540", - "frame.cap_len": "540", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "526", - "ip.id": "0x00008ac5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00002c50", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "49153", - "udp.port": "53", - "udp.port": "49153", - "udp.length": "506", - "udp.checksum": "0x000083d5", - "udp.checksum.status": "2", - "udp.stream": "14" - }, - "dns": { - "dns.response_to": "3720", - "dns.time": "0.001969000", - "dns.id": "0x00000001", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "2", - "dns.count.auth_rr": "8", - "dns.count.add_rr": "11", - "Queries": { - "pubsub.pubnub.com: type A, class IN": { - "dns.qry.name": "pubsub.pubnub.com", - "dns.qry.name.len": "17", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "pubsub.pubnub.com: type A, class IN, addr 54.241.191.237": { - "dns.resp.name": "pubsub.pubnub.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "298", - "dns.resp.len": "4", - "dns.a": "54.241.191.237" - }, - "pubsub.pubnub.com: type A, class IN, addr 54.241.191.239": { - "dns.resp.name": "pubsub.pubnub.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "298", - "dns.resp.len": "4", - "dns.a": "54.241.191.239" - } - }, - "Authoritative nameservers": { - "pubnub.com: type NS, class IN, ns ns-1979.awsdns-55.co.uk": { - "dns.resp.name": "pubnub.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "53006", - "dns.resp.len": "25", - "dns.ns": "ns-1979.awsdns-55.co.uk" - }, - "pubnub.com: type NS, class IN, ns ns4.p19.dynect.net": { - "dns.resp.name": "pubnub.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "53006", - "dns.resp.len": "20", - "dns.ns": "ns4.p19.dynect.net" - }, - "pubnub.com: type NS, class IN, ns ns3.p19.dynect.net": { - "dns.resp.name": "pubnub.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "53006", - "dns.resp.len": "6", - "dns.ns": "ns3.p19.dynect.net" - }, - "pubnub.com: type NS, class IN, ns ns-1127.awsdns-12.org": { - "dns.resp.name": "pubnub.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "53006", - "dns.resp.len": "23", - "dns.ns": "ns-1127.awsdns-12.org" - }, - "pubnub.com: type NS, class IN, ns ns-22.awsdns-02.com": { - "dns.resp.name": "pubnub.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "53006", - "dns.resp.len": "18", - "dns.ns": "ns-22.awsdns-02.com" - }, - "pubnub.com: type NS, class IN, ns ns2.p19.dynect.net": { - "dns.resp.name": "pubnub.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "53006", - "dns.resp.len": "6", - "dns.ns": "ns2.p19.dynect.net" - }, - "pubnub.com: type NS, class IN, ns ns1.p19.dynect.net": { - "dns.resp.name": "pubnub.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "53006", - "dns.resp.len": "6", - "dns.ns": "ns1.p19.dynect.net" - }, - "pubnub.com: type NS, class IN, ns ns-907.awsdns-49.net": { - "dns.resp.name": "pubnub.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "53006", - "dns.resp.len": "19", - "dns.ns": "ns-907.awsdns-49.net" - } - }, - "Additional records": { - "ns1.p19.dynect.net: type A, class IN, addr 208.78.70.19": { - "dns.resp.name": "ns1.p19.dynect.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "5297", - "dns.resp.len": "4", - "dns.a": "208.78.70.19" - }, - "ns2.p19.dynect.net: type A, class IN, addr 204.13.250.19": { - "dns.resp.name": "ns2.p19.dynect.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "57257", - "dns.resp.len": "4", - "dns.a": "204.13.250.19" - }, - "ns3.p19.dynect.net: type A, class IN, addr 208.78.71.19": { - "dns.resp.name": "ns3.p19.dynect.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3567", - "dns.resp.len": "4", - "dns.a": "208.78.71.19" - }, - "ns4.p19.dynect.net: type A, class IN, addr 204.13.251.19": { - "dns.resp.name": "ns4.p19.dynect.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "57258", - "dns.resp.len": "4", - "dns.a": "204.13.251.19" - }, - "ns-22.awsdns-02.com: type A, class IN, addr 205.251.192.22": { - "dns.resp.name": "ns-22.awsdns-02.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "57999", - "dns.resp.len": "4", - "dns.a": "205.251.192.22" - }, - "ns-907.awsdns-49.net: type A, class IN, addr 205.251.195.139": { - "dns.resp.name": "ns-907.awsdns-49.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "58107", - "dns.resp.len": "4", - "dns.a": "205.251.195.139" - }, - "ns-1127.awsdns-12.org: type A, class IN, addr 205.251.196.103": { - "dns.resp.name": "ns-1127.awsdns-12.org", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "57649", - "dns.resp.len": "4", - "dns.a": "205.251.196.103" - }, - "ns-1979.awsdns-55.co.uk: type A, class IN, addr 205.251.199.187": { - "dns.resp.name": "ns-1979.awsdns-55.co.uk", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "57450", - "dns.resp.len": "4", - "dns.a": "205.251.199.187" - }, - "ns-22.awsdns-02.com: type AAAA, class IN, addr 2600:9000:5300:1600::1": { - "dns.resp.name": "ns-22.awsdns-02.com", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "57999", - "dns.resp.len": "16", - "dns.aaaa": "2600:9000:5300:1600::1" - }, - "ns-907.awsdns-49.net: type AAAA, class IN, addr 2600:9000:5303:8b00::1": { - "dns.resp.name": "ns-907.awsdns-49.net", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "58107", - "dns.resp.len": "16", - "dns.aaaa": "2600:9000:5303:8b00::1" - }, - "ns-1127.awsdns-12.org: type AAAA, class IN, addr 2600:9000:5304:6700::1": { - "dns.resp.name": "ns-1127.awsdns-12.org", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "57649", - "dns.resp.len": "16", - "dns.aaaa": "2600:9000:5304:6700::1" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:33.908291000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494553.908291000", - "frame.time_delta": "0.006722000", - "frame.time_delta_displayed": "0.006722000", - "frame.time_relative": "962.447605000", - "frame.number": "3722", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "44", - "ip.id": "0x0000102c", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x0000f3a0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.241.191.237", - "ip.addr": "54.241.191.237", - "ip.dst_host": "54.241.191.237", - "ip.host": "54.241.191.237", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49771", - "tcp.dstport": "80", - "tcp.port": "49771", - "tcp.port": "80", - "tcp.stream": "148", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "24", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "5600", - "tcp.window_size": "5600", - "tcp.checksum": "0x00006cce", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:78", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1400" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:33.919912000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494553.919912000", - "frame.time_delta": "0.011621000", - "frame.time_delta_displayed": "0.011621000", - "frame.time_relative": "962.459226000", - "frame.number": "3723", - "frame.len": "58", - "frame.cap_len": "58", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "44", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "47", - "ip.proto": "6", - "ip.checksum": "0x000093cd", - "ip.checksum.status": "2", - "ip.src": "54.241.191.237", - "ip.addr": "54.241.191.237", - "ip.src_host": "54.241.191.237", - "ip.host": "54.241.191.237", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.src_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.src_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.src_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49771", - "tcp.port": "80", - "tcp.port": "49771", - "tcp.stream": "148", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "24", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000d200", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3722", - "tcp.analysis.ack_rtt": "0.011621000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:33.925439000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494553.925439000", - "frame.time_delta": "0.005527000", - "frame.time_delta_displayed": "0.005527000", - "frame.time_relative": "962.464753000", - "frame.number": "3724", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000102d", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x0000f3a3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.241.191.237", - "ip.addr": "54.241.191.237", - "ip.dst_host": "54.241.191.237", - "ip.host": "54.241.191.237", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49771", - "tcp.dstport": "80", - "tcp.port": "49771", - "tcp.port": "80", - "tcp.stream": "148", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5600", - "tcp.window_size": "5600", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x000045ee", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3723", - "tcp.analysis.ack_rtt": "0.005527000", - "tcp.analysis.initial_rtt": "0.017148000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:33.944618000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494553.944618000", - "frame.time_delta": "0.019179000", - "frame.time_delta_displayed": "0.019179000", - "frame.time_relative": "962.483932000", - "frame.number": "3725", - "frame.len": "69", - "frame.cap_len": "69", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "55", - "ip.id": "0x0000102e", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x0000f393", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.241.191.237", - "ip.addr": "54.241.191.237", - "ip.dst_host": "54.241.191.237", - "ip.host": "54.241.191.237", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49771", - "tcp.dstport": "80", - "tcp.port": "49771", - "tcp.port": "80", - "tcp.stream": "148", - "tcp.len": "15", - "tcp.seq": "1", - "tcp.nxtseq": "16", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5600", - "tcp.window_size": "5600", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00008e69", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.017148000", - "tcp.analysis.bytes_in_flight": "15", - "tcp.analysis.push_bytes_sent": "15" - }, - "tcp.segment_data": "47:45:54:20:2f:73:75:62:73:63:72:69:62:65:2f" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:33.949896000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494553.949896000", - "frame.time_delta": "0.005278000", - "frame.time_delta_displayed": "0.005278000", - "frame.time_relative": "962.489210000", - "frame.number": "3726", - "frame.len": "177", - "frame.cap_len": "177", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "163", - "ip.id": "0x0000102f", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x0000946c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.153.31.0", - "ip.addr": "54.153.31.0", - "ip.dst_host": "54.153.31.0", - "ip.host": "54.153.31.0", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49770", - "tcp.dstport": "80", - "tcp.port": "49770", - "tcp.port": "80", - "tcp.stream": "147", - "tcp.len": "123", - "tcp.seq": "1", - "tcp.nxtseq": "124", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5600", - "tcp.window_size": "5600", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000496f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.017971000", - "tcp.analysis.bytes_in_flight": "123", - "tcp.analysis.push_bytes_sent": "123" - } - }, - "http": { - "GET \/api\/device\/v1\/9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/realtime\/ HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/api\/device\/v1\/9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/realtime\/ HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/api\/device\/v1\/9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/realtime\/", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "home.myblossom.com", - "http.request.line": "Host: home.myblossom.com\r\n", - "http.user_agent": "WMSDK", - "http.request.line": "User-Agent: WMSDK\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/home.myblossom.com\/api\/device\/v1\/9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/realtime\/", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:33.956020000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494553.956020000", - "frame.time_delta": "0.006124000", - "frame.time_delta_displayed": "0.006124000", - "frame.time_relative": "962.495334000", - "frame.number": "3727", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00004548", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "47", - "ip.proto": "6", - "ip.checksum": "0x00004e89", - "ip.checksum.status": "2", - "ip.src": "54.241.191.237", - "ip.addr": "54.241.191.237", - "ip.src_host": "54.241.191.237", - "ip.host": "54.241.191.237", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.src_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.src_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.src_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49771", - "tcp.port": "80", - "tcp.port": "49771", - "tcp.stream": "148", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "16", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000e9ae", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3725", - "tcp.analysis.ack_rtt": "0.011402000", - "tcp.analysis.initial_rtt": "0.017148000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:33.961176000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494553.961176000", - "frame.time_delta": "0.005156000", - "frame.time_delta_displayed": "0.005156000", - "frame.time_relative": "962.500490000", - "frame.number": "3728", - "frame.len": "296", - "frame.cap_len": "296", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "282", - "ip.id": "0x00001030", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x0000f2ae", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.241.191.237", - "ip.addr": "54.241.191.237", - "ip.dst_host": "54.241.191.237", - "ip.host": "54.241.191.237", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49771", - "tcp.dstport": "80", - "tcp.port": "49771", - "tcp.port": "80", - "tcp.stream": "148", - "tcp.len": "242", - "tcp.seq": "16", - "tcp.nxtseq": "258", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5600", - "tcp.window_size": "5600", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000c4fc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.017148000", - "tcp.analysis.bytes_in_flight": "242", - "tcp.analysis.push_bytes_sent": "242" - }, - "tcp.segment_data": "73:75:62:2d:63:2d:62:35:62:35:65:61:61:65:2d:38:63:64:39:2d:31:31:65:33:2d:61:35:36:62:2d:30:32:65:65:32:64:64:61:62:37:66:65:2f:63:68:61:6e:6e:65:6c:5f:39:62:63:34:31:61:63:34:2d:37:39:61:36:2d:34:35:65:31:2d:39:37:64:32:2d:34:62:30:65:31:64:62:65:35:39:32:33:2f:30:2f:31:35:30:39:34:39:34:35:35:32:38:33:36:32:39:37:38:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:70:75:62:73:75:62:2e:70:75:62:6e:75:62:2e:63:6f:6d:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:6c:77:73:6f:63:6b:65:74:73:2f:30:2e:31:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:6b:65:65:70:2d:61:6c:69:76:65:0d:0a:43:61:63:68:65:2d:43:6f:6e:74:72:6f:6c:3a:20:6e:6f:2d:63:61:63:68:65:2c:20:6e:6f:2d:73:74:6f:72:65:2c:20:6d:61:78:2d:61:67:65:3d:30:0d:0a:0d:0a" - }, - "tcp.segments": { - "tcp.segment": "3725", - "tcp.segment": "3728", - "tcp.segment.count": "2", - "tcp.reassembled.length": "257", - "tcp.reassembled.data": "47:45:54:20:2f:73:75:62:73:63:72:69:62:65:2f:73:75:62:2d:63:2d:62:35:62:35:65:61:61:65:2d:38:63:64:39:2d:31:31:65:33:2d:61:35:36:62:2d:30:32:65:65:32:64:64:61:62:37:66:65:2f:63:68:61:6e:6e:65:6c:5f:39:62:63:34:31:61:63:34:2d:37:39:61:36:2d:34:35:65:31:2d:39:37:64:32:2d:34:62:30:65:31:64:62:65:35:39:32:33:2f:30:2f:31:35:30:39:34:39:34:35:35:32:38:33:36:32:39:37:38:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:70:75:62:73:75:62:2e:70:75:62:6e:75:62:2e:63:6f:6d:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:6c:77:73:6f:63:6b:65:74:73:2f:30:2e:31:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:6b:65:65:70:2d:61:6c:69:76:65:0d:0a:43:61:63:68:65:2d:43:6f:6e:74:72:6f:6c:3a:20:6e:6f:2d:63:61:63:68:65:2c:20:6e:6f:2d:73:74:6f:72:65:2c:20:6d:61:78:2d:61:67:65:3d:30:0d:0a:0d:0a" - }, - "http": { - "GET \/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094945528362978 HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094945528362978 HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094945528362978", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "pubsub.pubnub.com", - "http.request.line": "Host: pubsub.pubnub.com\r\n", - "http.user_agent": "lwsockets\/0.1", - "http.request.line": "User-Agent: lwsockets\/0.1\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.cache_control": "no-cache, no-store, max-age=0", - "http.request.line": "Cache-Control: no-cache, no-store, max-age=0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/pubsub.pubnub.com\/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094945528362978", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:33.962766000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494553.962766000", - "frame.time_delta": "0.001590000", - "frame.time_delta_displayed": "0.001590000", - "frame.time_relative": "962.502080000", - "frame.number": "3729", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000476e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "238", - "ip.proto": "6", - "ip.checksum": "0x00002ea8", - "ip.checksum.status": "2", - "ip.src": "54.153.31.0", - "ip.addr": "54.153.31.0", - "ip.src_host": "54.153.31.0", - "ip.host": "54.153.31.0", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.src_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.src_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.src_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49770", - "tcp.port": "80", - "tcp.port": "49770", - "tcp.stream": "147", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "124", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "26883", - "tcp.window_size": "26883", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000b622", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3726", - "tcp.analysis.ack_rtt": "0.012870000", - "tcp.analysis.initial_rtt": "0.017971000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:33.973603000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494553.973603000", - "frame.time_delta": "0.010837000", - "frame.time_delta_displayed": "0.010837000", - "frame.time_relative": "962.512917000", - "frame.number": "3730", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00004549", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "47", - "ip.proto": "6", - "ip.checksum": "0x00004e88", - "ip.checksum.status": "2", - "ip.src": "54.241.191.237", - "ip.addr": "54.241.191.237", - "ip.src_host": "54.241.191.237", - "ip.host": "54.241.191.237", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.src_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.src_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.src_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49771", - "tcp.port": "80", - "tcp.port": "49771", - "tcp.stream": "148", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "258", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "30016", - "tcp.window_size": "30016", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000e58c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3728", - "tcp.analysis.ack_rtt": "0.012427000", - "tcp.analysis.initial_rtt": "0.017148000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:33.989629000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494553.989629000", - "frame.time_delta": "0.016026000", - "frame.time_delta_displayed": "0.016026000", - "frame.time_relative": "962.528943000", - "frame.number": "3731", - "frame.len": "457", - "frame.cap_len": "457", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:json" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "443", - "ip.id": "0x0000476f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "238", - "ip.proto": "6", - "ip.checksum": "0x00002d14", - "ip.checksum.status": "2", - "ip.src": "54.153.31.0", - "ip.addr": "54.153.31.0", - "ip.src_host": "54.153.31.0", - "ip.host": "54.153.31.0", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.src_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.src_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.src_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49770", - "tcp.port": "80", - "tcp.port": "49770", - "tcp.stream": "147", - "tcp.len": "403", - "tcp.seq": "1", - "tcp.nxtseq": "404", - "tcp.ack": "124", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "26883", - "tcp.window_size": "26883", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x000014c9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.017971000", - "tcp.analysis.bytes_in_flight": "403", - "tcp.analysis.push_bytes_sent": "403" - } - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.response.line": "Allow: GET, HEAD, OPTIONS\r\n", - "http.content_type": "application\/json", - "http.response.line": "Content-Type: application\/json\r\n", - "http.date": "Wed, 01 Nov 2017 00:02:33 GMT", - "http.response.line": "Date: Wed, 01 Nov 2017 00:02:33 GMT\r\n", - "http.server": "nginx\/1.4.6 (Ubuntu)", - "http.response.line": "Server: nginx\/1.4.6 (Ubuntu)\r\n", - "http.response.line": "Vary: Accept, Cookie\r\n", - "http.content_length_header": "191", - "http.content_length_header_tree": { - "http.content_length": "191" - }, - "http.response.line": "Content-Length: 191\r\n", - "http.connection": "keep-alive", - "http.response.line": "Connection: keep-alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.039733000", - "http.request_in": "3726", - "http.file_data": "{\"status\":\"pending\",\"operation_timeout_seconds\":30,\"current_time\":\"2017-10-31T17:02:33.991776-07:00\",\"psr\":0,\"timestamp\":\"1a604d\",\"message\":{},\"age\":3,\"message_type\":\"schedule\",\"id\":15453857}" - }, - "json": { - "json.object": { - "json.member": { - "json.value.string": "pending", - "json.key": "status" - }, - "json.member": { - "json.value.number": "30", - "json.key": "operation_timeout_seconds" - }, - "json.member": { - "json.value.string": "2017-10-31T17:02:33.991776-07:00", - "json.key": "current_time" - }, - "json.member": { - "json.value.number": "0", - "json.key": "psr" - }, - "json.member": { - "json.value.string": "1a604d", - "json.key": "timestamp" - }, - "json.member": { - "json.object": "", - "json.key": "message" - }, - "json.member": { - "json.value.number": "3", - "json.key": "age" - }, - "json.member": { - "json.value.string": "schedule", - "json.key": "message_type" - }, - "json.member": { - "json.value.number": "15453857", - "json.key": "id" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:33.999464000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494553.999464000", - "frame.time_delta": "0.009835000", - "frame.time_delta_displayed": "0.009835000", - "frame.time_relative": "962.538778000", - "frame.number": "3732", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001031", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x000094e5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.153.31.0", - "ip.addr": "54.153.31.0", - "ip.dst_host": "54.153.31.0", - "ip.host": "54.153.31.0", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49770", - "tcp.dstport": "80", - "tcp.port": "49770", - "tcp.port": "80", - "tcp.stream": "147", - "tcp.len": "0", - "tcp.seq": "124", - "tcp.ack": "404", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "5197", - "tcp.window_size": "5197", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00000945", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3731", - "tcp.analysis.ack_rtt": "0.009835000", - "tcp.analysis.initial_rtt": "0.017971000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:34.011844000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494554.011844000", - "frame.time_delta": "0.012380000", - "frame.time_delta_displayed": "0.012380000", - "frame.time_relative": "962.551158000", - "frame.number": "3733", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00004770", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "238", - "ip.proto": "6", - "ip.checksum": "0x00002ea6", - "ip.checksum.status": "2", - "ip.src": "54.153.31.0", - "ip.addr": "54.153.31.0", - "ip.src_host": "54.153.31.0", - "ip.host": "54.153.31.0", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.src_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.src_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.src_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49770", - "tcp.port": "80", - "tcp.port": "49770", - "tcp.stream": "147", - "tcp.len": "0", - "tcp.seq": "404", - "tcp.ack": "125", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "26883", - "tcp.window_size": "26883", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000b48d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3732", - "tcp.analysis.ack_rtt": "0.012380000", - "tcp.analysis.initial_rtt": "0.017971000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:34.017424000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494554.017424000", - "frame.time_delta": "0.005580000", - "frame.time_delta_displayed": "0.005580000", - "frame.time_relative": "962.556738000", - "frame.number": "3734", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001032", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x000094e4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.153.31.0", - "ip.addr": "54.153.31.0", - "ip.dst_host": "54.153.31.0", - "ip.host": "54.153.31.0", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49770", - "tcp.dstport": "80", - "tcp.port": "49770", - "tcp.port": "80", - "tcp.stream": "147", - "tcp.len": "0", - "tcp.seq": "125", - "tcp.ack": "405", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5196", - "tcp.window_size": "5196", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00000945", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3733", - "tcp.analysis.ack_rtt": "0.005580000", - "tcp.analysis.initial_rtt": "0.017971000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:34.259957000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494554.259957000", - "frame.time_delta": "0.242533000", - "frame.time_delta_displayed": "0.242533000", - "frame.time_relative": "962.799271000", - "frame.number": "3735", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000057f6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a69b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "321", - "tcp.ack": "289", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000045f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive": "", - "_ws.expert.message": "TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:34.403154000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494554.403154000", - "frame.time_delta": "0.143197000", - "frame.time_delta_displayed": "0.143197000", - "frame.time_relative": "962.942468000", - "frame.number": "3736", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000fe3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fdae", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "289", - "tcp.ack": "322", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00000ed4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive_ack": "", - "_ws.expert.message": "ACK to a TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:34.619899000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494554.619899000", - "frame.time_delta": "0.216745000", - "frame.time_delta_displayed": "0.216745000", - "frame.time_relative": "963.159213000", - "frame.number": "3737", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "44", - "ip.id": "0x00001033", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x000094df", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.153.31.0", - "ip.addr": "54.153.31.0", - "ip.dst_host": "54.153.31.0", - "ip.host": "54.153.31.0", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49772", - "tcp.dstport": "80", - "tcp.port": "49772", - "tcp.port": "80", - "tcp.stream": "149", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "24", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "5600", - "tcp.window_size": "5600", - "tcp.checksum": "0x0000af85", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:78", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1400" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:34.633702000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494554.633702000", - "frame.time_delta": "0.013803000", - "frame.time_delta_displayed": "0.013803000", - "frame.time_relative": "963.173016000", - "frame.number": "3738", - "frame.len": "58", - "frame.cap_len": "58", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "44", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "237", - "ip.proto": "6", - "ip.checksum": "0x00007712", - "ip.checksum.status": "2", - "ip.src": "54.153.31.0", - "ip.addr": "54.153.31.0", - "ip.src_host": "54.153.31.0", - "ip.host": "54.153.31.0", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.src_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.src_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.src_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49772", - "tcp.port": "80", - "tcp.port": "49772", - "tcp.stream": "149", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "24", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "26883", - "tcp.window_size": "26883", - "tcp.checksum": "0x0000a201", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3737", - "tcp.analysis.ack_rtt": "0.013803000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:34.638901000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494554.638901000", - "frame.time_delta": "0.005199000", - "frame.time_delta_displayed": "0.005199000", - "frame.time_relative": "963.178215000", - "frame.number": "3739", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001034", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x000094e2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.153.31.0", - "ip.addr": "54.153.31.0", - "ip.dst_host": "54.153.31.0", - "ip.host": "54.153.31.0", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49772", - "tcp.dstport": "80", - "tcp.port": "49772", - "tcp.port": "80", - "tcp.stream": "149", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5600", - "tcp.window_size": "5600", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00000ce2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3738", - "tcp.analysis.ack_rtt": "0.005199000", - "tcp.analysis.initial_rtt": "0.019002000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:35.119829000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494555.119829000", - "frame.time_delta": "0.480928000", - "frame.time_delta_displayed": "0.480928000", - "frame.time_relative": "963.659143000", - "frame.number": "3740", - "frame.len": "186", - "frame.cap_len": "186", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "172", - "ip.id": "0x00001035", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x0000945d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.153.31.0", - "ip.addr": "54.153.31.0", - "ip.dst_host": "54.153.31.0", - "ip.host": "54.153.31.0", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49772", - "tcp.dstport": "80", - "tcp.port": "49772", - "tcp.port": "80", - "tcp.stream": "149", - "tcp.len": "132", - "tcp.seq": "1", - "tcp.nxtseq": "133", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5600", - "tcp.window_size": "5600", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00003025", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.019002000", - "tcp.analysis.bytes_in_flight": "132", - "tcp.analysis.push_bytes_sent": "132" - } - }, - "http": { - "GET \/api\/device\/v1\/sc\/9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/activeschedule\/ HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/api\/device\/v1\/sc\/9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/activeschedule\/ HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/api\/device\/v1\/sc\/9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/activeschedule\/", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "home.myblossom.com", - "http.request.line": "Host: home.myblossom.com\r\n", - "http.user_agent": "WMSDK", - "http.request.line": "User-Agent: WMSDK\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/home.myblossom.com\/api\/device\/v1\/sc\/9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/activeschedule\/", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:35.133609000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494555.133609000", - "frame.time_delta": "0.013780000", - "frame.time_delta_displayed": "0.013780000", - "frame.time_relative": "963.672923000", - "frame.number": "3741", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000047c8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "237", - "ip.proto": "6", - "ip.checksum": "0x00002f4e", - "ip.checksum.status": "2", - "ip.src": "54.153.31.0", - "ip.addr": "54.153.31.0", - "ip.src_host": "54.153.31.0", - "ip.host": "54.153.31.0", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.src_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.src_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.src_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49772", - "tcp.port": "80", - "tcp.port": "49772", - "tcp.stream": "149", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "133", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "27872", - "tcp.window_size": "27872", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000b55d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3740", - "tcp.analysis.ack_rtt": "0.013780000", - "tcp.analysis.initial_rtt": "0.019002000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:35.173311000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494555.173311000", - "frame.time_delta": "0.039702000", - "frame.time_delta_displayed": "0.039702000", - "frame.time_relative": "963.712625000", - "frame.number": "3742", - "frame.len": "457", - "frame.cap_len": "457", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:json" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "443", - "ip.id": "0x000047c9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "237", - "ip.proto": "6", - "ip.checksum": "0x00002dba", - "ip.checksum.status": "2", - "ip.src": "54.153.31.0", - "ip.addr": "54.153.31.0", - "ip.src_host": "54.153.31.0", - "ip.host": "54.153.31.0", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.src_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.src_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.src_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49772", - "tcp.port": "80", - "tcp.port": "49772", - "tcp.stream": "149", - "tcp.len": "403", - "tcp.seq": "1", - "tcp.nxtseq": "404", - "tcp.ack": "133", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "27872", - "tcp.window_size": "27872", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00003972", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.019002000", - "tcp.analysis.bytes_in_flight": "403", - "tcp.analysis.push_bytes_sent": "403" - } - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.response.line": "Allow: GET, HEAD, OPTIONS\r\n", - "http.content_type": "application\/json", - "http.response.line": "Content-Type: application\/json\r\n", - "http.date": "Wed, 01 Nov 2017 00:02:35 GMT", - "http.response.line": "Date: Wed, 01 Nov 2017 00:02:35 GMT\r\n", - "http.server": "nginx\/1.4.6 (Ubuntu)", - "http.response.line": "Server: nginx\/1.4.6 (Ubuntu)\r\n", - "http.response.line": "Vary: Accept, Cookie\r\n", - "http.content_length_header": "191", - "http.content_length_header_tree": { - "http.content_length": "191" - }, - "http.response.line": "Content-Length: 191\r\n", - "http.connection": "keep-alive", - "http.response.line": "Connection: keep-alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.053482000", - "http.request_in": "3740", - "http.file_data": "{\"current_time\":\"2017-10-31T17:02:35.170563-07:00\",\"ts_utc\":1509523355.0,\"online_cycles\":1,\"psr\":0,\"online_id\":\"2b-hJd43S5--9wBtk-VN2A\",\"offline_cycles\":0,\"offline_id\":null,\"ts\":1509494555.0}" - }, - "json": { - "json.object": { - "json.member": { - "json.value.string": "2017-10-31T17:02:35.170563-07:00", - "json.key": "current_time" - }, - "json.member": { - "json.value.number": "1509523355.0", - "json.key": "ts_utc" - }, - "json.member": { - "json.value.number": "1", - "json.key": "online_cycles" - }, - "json.member": { - "json.value.number": "0", - "json.key": "psr" - }, - "json.member": { - "json.value.string": "2b-hJd43S5--9wBtk-VN2A", - "json.key": "online_id" - }, - "json.member": { - "json.value.number": "0", - "json.key": "offline_cycles" - }, - "json.member": { - "json.value.null": "", - "json.key": "offline_id" - }, - "json.member": { - "json.value.number": "1509494555.0", - "json.key": "ts" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:35.183288000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494555.183288000", - "frame.time_delta": "0.009977000", - "frame.time_delta_displayed": "0.009977000", - "frame.time_relative": "963.722602000", - "frame.number": "3743", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001036", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x000094e0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.153.31.0", - "ip.addr": "54.153.31.0", - "ip.dst_host": "54.153.31.0", - "ip.host": "54.153.31.0", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49772", - "tcp.dstport": "80", - "tcp.port": "49772", - "tcp.port": "80", - "tcp.stream": "149", - "tcp.len": "0", - "tcp.seq": "133", - "tcp.ack": "404", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "5197", - "tcp.window_size": "5197", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00000c5d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3742", - "tcp.analysis.ack_rtt": "0.009977000", - "tcp.analysis.initial_rtt": "0.019002000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:35.196935000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494555.196935000", - "frame.time_delta": "0.013647000", - "frame.time_delta_displayed": "0.013647000", - "frame.time_relative": "963.736249000", - "frame.number": "3744", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000047ca", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "237", - "ip.proto": "6", - "ip.checksum": "0x00002f4c", - "ip.checksum.status": "2", - "ip.src": "54.153.31.0", - "ip.addr": "54.153.31.0", - "ip.src_host": "54.153.31.0", - "ip.host": "54.153.31.0", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.src_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.src_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.src_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49772", - "tcp.port": "80", - "tcp.port": "49772", - "tcp.stream": "149", - "tcp.len": "0", - "tcp.seq": "404", - "tcp.ack": "134", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "27872", - "tcp.window_size": "27872", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000b3c8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3743", - "tcp.analysis.ack_rtt": "0.013647000", - "tcp.analysis.initial_rtt": "0.019002000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:35.202322000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494555.202322000", - "frame.time_delta": "0.005387000", - "frame.time_delta_displayed": "0.005387000", - "frame.time_relative": "963.741636000", - "frame.number": "3745", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001037", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x000094df", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.153.31.0", - "ip.addr": "54.153.31.0", - "ip.dst_host": "54.153.31.0", - "ip.host": "54.153.31.0", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49772", - "tcp.dstport": "80", - "tcp.port": "49772", - "tcp.port": "80", - "tcp.stream": "149", - "tcp.len": "0", - "tcp.seq": "134", - "tcp.ack": "405", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5196", - "tcp.window_size": "5196", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00000c5d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3744", - "tcp.analysis.ack_rtt": "0.005387000", - "tcp.analysis.initial_rtt": "0.019002000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:35.793513000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494555.793513000", - "frame.time_delta": "0.591191000", - "frame.time_delta_displayed": "0.591191000", - "frame.time_relative": "964.332827000", - "frame.number": "3746", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "44", - "ip.id": "0x00001038", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x000094da", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.153.31.0", - "ip.addr": "54.153.31.0", - "ip.dst_host": "54.153.31.0", - "ip.host": "54.153.31.0", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49773", - "tcp.dstport": "80", - "tcp.port": "49773", - "tcp.port": "80", - "tcp.stream": "150", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "24", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "5600", - "tcp.window_size": "5600", - "tcp.checksum": "0x000050f3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:78", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1400" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:35.807274000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494555.807274000", - "frame.time_delta": "0.013761000", - "frame.time_delta_displayed": "0.013761000", - "frame.time_relative": "964.346588000", - "frame.number": "3747", - "frame.len": "58", - "frame.cap_len": "58", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "44", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "237", - "ip.proto": "6", - "ip.checksum": "0x00007712", - "ip.checksum.status": "2", - "ip.src": "54.153.31.0", - "ip.addr": "54.153.31.0", - "ip.src_host": "54.153.31.0", - "ip.host": "54.153.31.0", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.src_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.src_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.src_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49773", - "tcp.port": "80", - "tcp.port": "49773", - "tcp.stream": "150", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "24", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "26883", - "tcp.window_size": "26883", - "tcp.checksum": "0x0000b9d7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3746", - "tcp.analysis.ack_rtt": "0.013761000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:35.813263000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494555.813263000", - "frame.time_delta": "0.005989000", - "frame.time_delta_displayed": "0.005989000", - "frame.time_relative": "964.352577000", - "frame.number": "3748", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001039", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x000094dd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.153.31.0", - "ip.addr": "54.153.31.0", - "ip.dst_host": "54.153.31.0", - "ip.host": "54.153.31.0", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49773", - "tcp.dstport": "80", - "tcp.port": "49773", - "tcp.port": "80", - "tcp.stream": "150", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5600", - "tcp.window_size": "5600", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x000024b8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3747", - "tcp.analysis.ack_rtt": "0.005989000", - "tcp.analysis.initial_rtt": "0.019750000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:36.293333000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494556.293333000", - "frame.time_delta": "0.480070000", - "frame.time_delta_displayed": "0.480070000", - "frame.time_relative": "964.832647000", - "frame.number": "3749", - "frame.len": "206", - "frame.cap_len": "206", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "192", - "ip.id": "0x0000103a", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x00009444", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.153.31.0", - "ip.addr": "54.153.31.0", - "ip.dst_host": "54.153.31.0", - "ip.host": "54.153.31.0", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49773", - "tcp.dstport": "80", - "tcp.port": "49773", - "tcp.port": "80", - "tcp.stream": "150", - "tcp.len": "152", - "tcp.seq": "1", - "tcp.nxtseq": "153", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5600", - "tcp.window_size": "5600", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x000085da", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.019750000", - "tcp.analysis.bytes_in_flight": "152", - "tcp.analysis.push_bytes_sent": "152" - } - }, - "http": { - "GET \/api\/device\/v1\/sc\/9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/cyclepnum\/2b-hJd43S5--9wBtk-VN2A\/0\/ HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/api\/device\/v1\/sc\/9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/cyclepnum\/2b-hJd43S5--9wBtk-VN2A\/0\/ HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/api\/device\/v1\/sc\/9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/cyclepnum\/2b-hJd43S5--9wBtk-VN2A\/0\/", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "home.myblossom.com", - "http.request.line": "Host: home.myblossom.com\r\n", - "http.user_agent": "WMSDK", - "http.request.line": "User-Agent: WMSDK\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/home.myblossom.com\/api\/device\/v1\/sc\/9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/cyclepnum\/2b-hJd43S5--9wBtk-VN2A\/0\/", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:36.307091000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494556.307091000", - "frame.time_delta": "0.013758000", - "frame.time_delta_displayed": "0.013758000", - "frame.time_relative": "964.846405000", - "frame.number": "3750", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00004a04", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "237", - "ip.proto": "6", - "ip.checksum": "0x00002d12", - "ip.checksum.status": "2", - "ip.src": "54.153.31.0", - "ip.addr": "54.153.31.0", - "ip.src_host": "54.153.31.0", - "ip.host": "54.153.31.0", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.src_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.src_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.src_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49773", - "tcp.port": "80", - "tcp.port": "49773", - "tcp.stream": "150", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "153", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "27872", - "tcp.window_size": "27872", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000cd1f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3749", - "tcp.analysis.ack_rtt": "0.013758000", - "tcp.analysis.initial_rtt": "0.019750000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:36.354038000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494556.354038000", - "frame.time_delta": "0.046947000", - "frame.time_delta_displayed": "0.046947000", - "frame.time_relative": "964.893352000", - "frame.number": "3751", - "frame.len": "432", - "frame.cap_len": "432", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:json" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "418", - "ip.id": "0x00004a05", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "237", - "ip.proto": "6", - "ip.checksum": "0x00002b97", - "ip.checksum.status": "2", - "ip.src": "54.153.31.0", - "ip.addr": "54.153.31.0", - "ip.src_host": "54.153.31.0", - "ip.host": "54.153.31.0", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.src_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.src_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.src_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49773", - "tcp.port": "80", - "tcp.port": "49773", - "tcp.stream": "150", - "tcp.len": "378", - "tcp.seq": "1", - "tcp.nxtseq": "379", - "tcp.ack": "153", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "27872", - "tcp.window_size": "27872", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00001818", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.019750000", - "tcp.analysis.bytes_in_flight": "378", - "tcp.analysis.push_bytes_sent": "378" - } - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.response.line": "Allow: GET, HEAD, OPTIONS\r\n", - "http.content_type": "application\/json", - "http.response.line": "Content-Type: application\/json\r\n", - "http.date": "Wed, 01 Nov 2017 00:02:36 GMT", - "http.response.line": "Date: Wed, 01 Nov 2017 00:02:36 GMT\r\n", - "http.server": "nginx\/1.4.6 (Ubuntu)", - "http.response.line": "Server: nginx\/1.4.6 (Ubuntu)\r\n", - "http.response.line": "Vary: Accept, Cookie\r\n", - "http.content_length_header": "166", - "http.content_length_header_tree": { - "http.content_length": "166" - }, - "http.response.line": "Content-Length: 166\r\n", - "http.connection": "keep-alive", - "http.response.line": "Connection: keep-alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.060705000", - "http.request_in": "3749", - "http.file_data": "{\"mm\":[120,120,120,120,120,0,0,0,0,0,0,0],\"start_ts\":1509501619,\"ts\":1509494556,\"rate\":[1651,1651,1651,1651,1651,100,100,100,100,100,100,100],\"r\":7063,\"id\":\"h49pw1V\"}" - }, - "json": { - "json.object": { - "json.member": { - "json.array": { - "json.value.number": "120", - "json.value.number": "120", - "json.value.number": "120", - "json.value.number": "120", - "json.value.number": "120", - "json.value.number": "0", - "json.value.number": "0", - "json.value.number": "0", - "json.value.number": "0", - "json.value.number": "0", - "json.value.number": "0", - "json.value.number": "0" - }, - "json.key": "mm" - }, - "json.member": { - "json.value.number": "1509501619", - "json.key": "start_ts" - }, - "json.member": { - "json.value.number": "1509494556", - "json.key": "ts" - }, - "json.member": { - "json.array": { - "json.value.number": "1651", - "json.value.number": "1651", - "json.value.number": "1651", - "json.value.number": "1651", - "json.value.number": "1651", - "json.value.number": "100", - "json.value.number": "100", - "json.value.number": "100", - "json.value.number": "100", - "json.value.number": "100", - "json.value.number": "100", - "json.value.number": "100" - }, - "json.key": "rate" - }, - "json.member": { - "json.value.number": "7063", - "json.key": "r" - }, - "json.member": { - "json.value.string": "h49pw1V", - "json.key": "id" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:36.363704000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494556.363704000", - "frame.time_delta": "0.009666000", - "frame.time_delta_displayed": "0.009666000", - "frame.time_relative": "964.903018000", - "frame.number": "3752", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000103b", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x000094db", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.153.31.0", - "ip.addr": "54.153.31.0", - "ip.dst_host": "54.153.31.0", - "ip.host": "54.153.31.0", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49773", - "tcp.dstport": "80", - "tcp.port": "49773", - "tcp.port": "80", - "tcp.stream": "150", - "tcp.len": "0", - "tcp.seq": "153", - "tcp.ack": "379", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "5222", - "tcp.window_size": "5222", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000241f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3751", - "tcp.analysis.ack_rtt": "0.009666000", - "tcp.analysis.initial_rtt": "0.019750000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:36.377054000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494556.377054000", - "frame.time_delta": "0.013350000", - "frame.time_delta_displayed": "0.013350000", - "frame.time_relative": "964.916368000", - "frame.number": "3753", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00004a06", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "237", - "ip.proto": "6", - "ip.checksum": "0x00002d10", - "ip.checksum.status": "2", - "ip.src": "54.153.31.0", - "ip.addr": "54.153.31.0", - "ip.src_host": "54.153.31.0", - "ip.host": "54.153.31.0", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.src_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.src_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.src_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49773", - "tcp.port": "80", - "tcp.port": "49773", - "tcp.stream": "150", - "tcp.len": "0", - "tcp.seq": "379", - "tcp.ack": "154", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "27872", - "tcp.window_size": "27872", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000cba3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3752", - "tcp.analysis.ack_rtt": "0.013350000", - "tcp.analysis.initial_rtt": "0.019750000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:36.382587000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494556.382587000", - "frame.time_delta": "0.005533000", - "frame.time_delta_displayed": "0.005533000", - "frame.time_relative": "964.921901000", - "frame.number": "3754", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000103c", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x000094da", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.153.31.0", - "ip.addr": "54.153.31.0", - "ip.dst_host": "54.153.31.0", - "ip.host": "54.153.31.0", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49773", - "tcp.dstport": "80", - "tcp.port": "49773", - "tcp.port": "80", - "tcp.stream": "150", - "tcp.len": "0", - "tcp.seq": "154", - "tcp.ack": "380", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5221", - "tcp.window_size": "5221", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000241f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3753", - "tcp.analysis.ack_rtt": "0.005533000", - "tcp.analysis.initial_rtt": "0.019750000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:36.486467000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494556.486467000", - "frame.time_delta": "0.103880000", - "frame.time_delta_displayed": "0.103880000", - "frame.time_relative": "965.025781000", - "frame.number": "3755", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005c98", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x00005b51", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:37.008531000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494557.008531000", - "frame.time_delta": "0.522064000", - "frame.time_delta_displayed": "0.522064000", - "frame.time_relative": "965.547845000", - "frame.number": "3756", - "frame.len": "83", - "frame.cap_len": "83", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "69", - "ip.id": "0x0000bd49", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00001c45", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "49", - "udp.checksum": "0x0000edf6", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_smartthings._tcp.local", - "dns.qry.name.len": "23", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:37.018523000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494557.018523000", - "frame.time_delta": "0.009992000", - "frame.time_delta_displayed": "0.009992000", - "frame.time_relative": "965.557837000", - "frame.number": "3757", - "frame.len": "211", - "frame.cap_len": "211", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "197", - "ip.id": "0x000040dd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000097b4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "177", - "udp.checksum": "0x00009320", - "udp.checksum.status": "2", - "udp.stream": "45" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00008400", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "1", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.recavail": "0", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "0", - "dns.count.answers": "4", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Answers": { - "_smartthings._tcp.local: type PTR, class IN, D052A8A1D7EE0001._smartthings._tcp.local": { - "dns.resp.name": "_smartthings._tcp.local", - "dns.resp.type": "12", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "4500", - "dns.resp.len": "19", - "dns.ptr.domain_name": "D052A8A1D7EE0001._smartthings._tcp.local" - }, - "D052A8A1D7EE0001._smartthings._tcp.local: type TXT, class IN, cache flush": { - "dns.resp.name": "D052A8A1D7EE0001._smartthings._tcp.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "1", - "dns.resp.ttl": "4500", - "dns.resp.len": "38", - "dns.txt.length": "6", - "dns.txt": "path=\/", - "dns.txt.length": "19", - "dns.txt": "id=D052A8A1D7EE0001", - "dns.txt.length": "10", - "dns.txt": "type=hubv2" - }, - "D052A8A1D7EE0001._smartthings._tcp.local: type SRV, class IN, cache flush, priority 0, weight 0, port 8081, target D052A8A1D7EE0001.local": { - "dns.srv.service": "D052A8A1D7EE0001", - "dns.srv.proto": "_smartthings", - "dns.srv.name": "_tcp.local", - "dns.resp.type": "33", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "1", - "dns.resp.ttl": "120", - "dns.resp.len": "25", - "dns.srv.priority": "0", - "dns.srv.weight": "0", - "dns.srv.port": "8081", - "dns.srv.target": "D052A8A1D7EE0001.local" - }, - "D052A8A1D7EE0001.local: type A, class IN, cache flush, addr 192.168.0.242": { - "dns.resp.name": "D052A8A1D7EE0001.local", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "1", - "dns.resp.ttl": "120", - "dns.resp.len": "4", - "dns.a": "192.168.0.242" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:37.235633000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494557.235633000", - "frame.time_delta": "0.217110000", - "frame.time_delta_displayed": "0.217110000", - "frame.time_relative": "965.774947000", - "frame.number": "3758", - "frame.len": "83", - "frame.cap_len": "83", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "69", - "ip.id": "0x0000bd6c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00001c22", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "49", - "udp.checksum": "0x0000edf6", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_smartthings._tcp.local", - "dns.qry.name.len": "23", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:37.411829000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494557.411829000", - "frame.time_delta": "0.176196000", - "frame.time_delta_displayed": "0.176196000", - "frame.time_relative": "965.951143000", - "frame.number": "3759", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "44", - "ip.id": "0x0000103d", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x000094d5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.153.31.0", - "ip.addr": "54.153.31.0", - "ip.dst_host": "54.153.31.0", - "ip.host": "54.153.31.0", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49774", - "tcp.dstport": "80", - "tcp.port": "49774", - "tcp.port": "80", - "tcp.stream": "151", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "24", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "5600", - "tcp.window_size": "5600", - "tcp.checksum": "0x0000f25a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:78", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1400" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:37.424921000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494557.424921000", - "frame.time_delta": "0.013092000", - "frame.time_delta_displayed": "0.013092000", - "frame.time_relative": "965.964235000", - "frame.number": "3760", - "frame.len": "58", - "frame.cap_len": "58", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "44", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "238", - "ip.proto": "6", - "ip.checksum": "0x00007612", - "ip.checksum.status": "2", - "ip.src": "54.153.31.0", - "ip.addr": "54.153.31.0", - "ip.src_host": "54.153.31.0", - "ip.host": "54.153.31.0", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.src_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.src_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.src_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49774", - "tcp.port": "80", - "tcp.port": "49774", - "tcp.stream": "151", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "24", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "26883", - "tcp.window_size": "26883", - "tcp.checksum": "0x000072cc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3759", - "tcp.analysis.ack_rtt": "0.013092000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:37.430533000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494557.430533000", - "frame.time_delta": "0.005612000", - "frame.time_delta_displayed": "0.005612000", - "frame.time_relative": "965.969847000", - "frame.number": "3761", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000103e", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x000094d8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.153.31.0", - "ip.addr": "54.153.31.0", - "ip.dst_host": "54.153.31.0", - "ip.host": "54.153.31.0", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49774", - "tcp.dstport": "80", - "tcp.port": "49774", - "tcp.port": "80", - "tcp.stream": "151", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5600", - "tcp.window_size": "5600", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000ddac", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3760", - "tcp.analysis.ack_rtt": "0.005612000", - "tcp.analysis.initial_rtt": "0.018704000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:37.459180000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494557.459180000", - "frame.time_delta": "0.028647000", - "frame.time_delta_displayed": "0.028647000", - "frame.time_relative": "965.998494000", - "frame.number": "3762", - "frame.len": "83", - "frame.cap_len": "83", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "69", - "ip.id": "0x0000bd7e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00001c10", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "49", - "udp.checksum": "0x0000edf6", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_smartthings._tcp.local", - "dns.qry.name.len": "23", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:37.751758000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494557.751758000", - "frame.time_delta": "0.292578000", - "frame.time_delta_displayed": "0.292578000", - "frame.time_relative": "966.291072000", - "frame.number": "3763", - "frame.len": "410", - "frame.cap_len": "410", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "396", - "ip.id": "0x00009600", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007627", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "344", - "tcp.seq": "54267", - "tcp.nxtseq": "54611", - "tcp.ack": "12124", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000d3a1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:2a:64:a7:9e:a0:11", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2501220, TSecr 2812190737": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2501220", - "tcp.options.timestamp.tsecr": "2812190737" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "344", - "tcp.analysis.push_bytes_sent": "344" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "339", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:c0:28:c0:e3:31:f2:54:22:51:43:90:a6:00:63:c2:da:f9:e7:0f:88:c2:e9:83:78:78:58:68:c1:d4:b3:bf:c5:72:1a:27:8b:ca:ac:5a:d5:c6:c1:7e:2f:63:cb:04:2b:b3:3c:da:77:eb:be:e5:3a:e6:2d:97:3a:05:2f:61:8a:62:cd:cc:3f:e8:ed:4b:ac:36:37:da:38:27:ac:13:a6:44:b7:31:4d:2b:19:97:bf:71:f7:9b:fd:5d:8f:e3:1d:aa:c3:8a:c9:b5:4d:92:fa:ba:d5:de:a5:15:8d:e3:1f:f1:05:7c:13:0f:49:9c:41:08:f4:81:b4:3b:32:22:54:b1:cf:23:a6:46:1c:fc:3b:3c:c4:9d:0c:8c:b0:a8:2e:2c:c5:05:38:12:54:0d:d7:f6:3b:8b:c9:e4:e2:7b:79:a5:8d:b6:c2:04:b3:09:49:2b:ab:a8:68:03:5b:cd:82:e6:89:d5:34:17:63:c3:75:4a:10:e5:59:28:48:42:02:fc:79:c7:58:21:42:dd:b9:a8:07:f7:be:c4:df:76:62:10:dd:c5:dc:b7:03:e8:41:44:9e:be:47:27:41:fb:fb:54:38:c8:e2:87:80:86:6b:05:bb:42:37:ab:31:4a:f6:13:d3:01:70:08:e1:4c:89:af:8e:f5:76:41:da:3e:2d:56:9d:e5:fa:03:4f:0d:cd:f5:68:2a:27:b7:7b:52:58:5c:74:d1:bf:c7:6c:1c:87:b6:d9:86:ed:d4:69:32:a6:93:71:42:79:14:0b:11:ff:fd:f7:33:e4:7e:5b:b1:63:c6:03:ac:87:a9:52:f8:6a:90:45:f3:f7:7b:70:b0:69:60:ad:16:f5:95:5a:1e:2d:6e:2a:1c:9f" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:37.811970000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494557.811970000", - "frame.time_delta": "0.060212000", - "frame.time_delta_displayed": "0.060212000", - "frame.time_relative": "966.351284000", - "frame.number": "3764", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d09", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003876", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "12124", - "tcp.ack": "54611", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000ce6f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:ab:09:00:26:2a:64", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812193545, TSecr 2501220": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812193545", - "tcp.options.timestamp.tsecr": "2501220" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3763", - "tcp.analysis.ack_rtt": "0.060212000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:37.812552000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494557.812552000", - "frame.time_delta": "0.000582000", - "frame.time_delta_displayed": "0.000582000", - "frame.time_relative": "966.351866000", - "frame.number": "3765", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002d0a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003846", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "12124", - "tcp.nxtseq": "12171", - "tcp.ack": "54611", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f757", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:ab:09:00:26:2a:64", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812193545, TSecr 2501220": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812193545", - "tcp.options.timestamp.tsecr": "2501220" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:7f:bf:34:e4:9c:d3:11:f0:3f:19:c7:d8:9a:10:2f:62:7c:61:cd:fb:7f:50:4d:c8:b3:e8:76:ba:27:36:cb:85:ac:7d:51" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:37.848690000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494557.848690000", - "frame.time_delta": "0.036138000", - "frame.time_delta_displayed": "0.036138000", - "frame.time_relative": "966.388004000", - "frame.number": "3766", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00009601", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000777e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "54611", - "tcp.ack": "12171", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000cd47", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:2a:6e:a7:9e:ab:09", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2501230, TSecr 2812193545": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2501230", - "tcp.options.timestamp.tsecr": "2812193545" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3765", - "tcp.analysis.ack_rtt": "0.036138000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:37.911967000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494557.911967000", - "frame.time_delta": "0.063277000", - "frame.time_delta_displayed": "0.063277000", - "frame.time_relative": "966.451281000", - "frame.number": "3767", - "frame.len": "254", - "frame.cap_len": "254", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "240", - "ip.id": "0x0000103f", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x0000940f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.153.31.0", - "ip.addr": "54.153.31.0", - "ip.dst_host": "54.153.31.0", - "ip.host": "54.153.31.0", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49774", - "tcp.dstport": "80", - "tcp.port": "49774", - "tcp.port": "80", - "tcp.stream": "151", - "tcp.len": "200", - "tcp.seq": "1", - "tcp.nxtseq": "201", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5600", - "tcp.window_size": "5600", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x000033fe", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.018704000", - "tcp.analysis.bytes_in_flight": "200", - "tcp.analysis.push_bytes_sent": "200" - }, - "tcp.segment_data": "50:4f:53:54:20:2f:61:70:69:2f:64:65:76:69:63:65:2f:76:31:2f:73:63:2f:39:62:63:34:31:61:63:34:2d:37:39:61:36:2d:34:35:65:31:2d:39:37:64:32:2d:34:62:30:65:31:64:62:65:35:39:32:33:2f:63:79:63:6c:65:73:2f:32:62:2d:68:4a:64:34:33:53:35:2d:2d:39:77:42:74:6b:2d:56:4e:32:41:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:68:6f:6d:65:2e:6d:79:62:6c:6f:73:73:6f:6d:2e:63:6f:6d:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:57:4d:53:44:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:6a:73:6f:6e:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:37:37:0d:0a:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:37.925042000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494557.925042000", - "frame.time_delta": "0.013075000", - "frame.time_delta_displayed": "0.013075000", - "frame.time_relative": "966.464356000", - "frame.number": "3768", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d82e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "238", - "ip.proto": "6", - "ip.checksum": "0x00009de7", - "ip.checksum.status": "2", - "ip.src": "54.153.31.0", - "ip.addr": "54.153.31.0", - "ip.src_host": "54.153.31.0", - "ip.host": "54.153.31.0", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.src_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.src_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.src_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49774", - "tcp.port": "80", - "tcp.port": "49774", - "tcp.stream": "151", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "201", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "27872", - "tcp.window_size": "27872", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x000085e4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3767", - "tcp.analysis.ack_rtt": "0.013075000", - "tcp.analysis.initial_rtt": "0.018704000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:37.929572000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494557.929572000", - "frame.time_delta": "0.004530000", - "frame.time_delta_displayed": "0.004530000", - "frame.time_relative": "966.468886000", - "frame.number": "3769", - "frame.len": "131", - "frame.cap_len": "131", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:json" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "117", - "ip.id": "0x00001040", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x00009489", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.153.31.0", - "ip.addr": "54.153.31.0", - "ip.dst_host": "54.153.31.0", - "ip.host": "54.153.31.0", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49774", - "tcp.dstport": "80", - "tcp.port": "49774", - "tcp.port": "80", - "tcp.stream": "151", - "tcp.len": "77", - "tcp.seq": "201", - "tcp.nxtseq": "278", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5600", - "tcp.window_size": "5600", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x000031da", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.018704000", - "tcp.analysis.bytes_in_flight": "77", - "tcp.analysis.push_bytes_sent": "77" - }, - "tcp.segment_data": "5b:7b:22:69:64:22:3a:22:68:34:39:70:77:31:56:22:2c:22:64:75:72:61:74:69:6f:6e:73:22:3a:5b:32:36:31:20:2c:32:36:31:20:2c:32:36:31:20:2c:32:36:31:20:2c:32:36:31:20:2c:30:20:2c:30:20:2c:30:20:2c:30:20:2c:30:20:2c:30:20:2c:30:5d:7d:5d" - }, - "tcp.segments": { - "tcp.segment": "3767", - "tcp.segment": "3769", - "tcp.segment.count": "2", - "tcp.reassembled.length": "277", - "tcp.reassembled.data": "50:4f:53:54:20:2f:61:70:69:2f:64:65:76:69:63:65:2f:76:31:2f:73:63:2f:39:62:63:34:31:61:63:34:2d:37:39:61:36:2d:34:35:65:31:2d:39:37:64:32:2d:34:62:30:65:31:64:62:65:35:39:32:33:2f:63:79:63:6c:65:73:2f:32:62:2d:68:4a:64:34:33:53:35:2d:2d:39:77:42:74:6b:2d:56:4e:32:41:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:68:6f:6d:65:2e:6d:79:62:6c:6f:73:73:6f:6d:2e:63:6f:6d:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:57:4d:53:44:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:6a:73:6f:6e:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:37:37:0d:0a:0d:0a:5b:7b:22:69:64:22:3a:22:68:34:39:70:77:31:56:22:2c:22:64:75:72:61:74:69:6f:6e:73:22:3a:5b:32:36:31:20:2c:32:36:31:20:2c:32:36:31:20:2c:32:36:31:20:2c:32:36:31:20:2c:30:20:2c:30:20:2c:30:20:2c:30:20:2c:30:20:2c:30:20:2c:30:5d:7d:5d" - }, - "http": { - "POST \/api\/device\/v1\/sc\/9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/cycles\/2b-hJd43S5--9wBtk-VN2A\/ HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "POST \/api\/device\/v1\/sc\/9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/cycles\/2b-hJd43S5--9wBtk-VN2A\/ HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "POST", - "http.request.uri": "\/api\/device\/v1\/sc\/9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/cycles\/2b-hJd43S5--9wBtk-VN2A\/", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "home.myblossom.com", - "http.request.line": "Host: home.myblossom.com\r\n", - "http.user_agent": "WMSDK", - "http.request.line": "User-Agent: WMSDK\r\n", - "http.content_type": "application\/json", - "http.request.line": "Content-Type: application\/json\r\n", - "http.content_length_header": "77", - "http.content_length_header_tree": { - "http.content_length": "77" - }, - "http.request.line": "Content-Length: 77\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/home.myblossom.com\/api\/device\/v1\/sc\/9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/cycles\/2b-hJd43S5--9wBtk-VN2A\/", - "http.request": "1", - "http.request_number": "1", - "http.file_data": "[{\"id\":\"h49pw1V\",\"durations\":[261 ,261 ,261 ,261 ,261 ,0 ,0 ,0 ,0 ,0 ,0 ,0]}]" - }, - "json": { - "json.array": { - "json.object": { - "json.member": { - "json.value.string": "h49pw1V", - "json.key": "id" - }, - "json.member": { - "json.array": { - "json.value.number": "261", - "json.value.number": "261", - "json.value.number": "261", - "json.value.number": "261", - "json.value.number": "261", - "json.value.number": "0", - "json.value.number": "0", - "json.value.number": "0", - "json.value.number": "0", - "json.value.number": "0", - "json.value.number": "0", - "json.value.number": "0" - }, - "json.key": "durations" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:37.941997000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494557.941997000", - "frame.time_delta": "0.012425000", - "frame.time_delta_displayed": "0.012425000", - "frame.time_relative": "966.481311000", - "frame.number": "3770", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d82f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "238", - "ip.proto": "6", - "ip.checksum": "0x00009de6", - "ip.checksum.status": "2", - "ip.src": "54.153.31.0", - "ip.addr": "54.153.31.0", - "ip.src_host": "54.153.31.0", - "ip.host": "54.153.31.0", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.src_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.src_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.src_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49774", - "tcp.port": "80", - "tcp.port": "49774", - "tcp.stream": "151", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "278", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "27872", - "tcp.window_size": "27872", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00008597", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3769", - "tcp.analysis.ack_rtt": "0.012425000", - "tcp.analysis.initial_rtt": "0.018704000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:38.086866000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494558.086866000", - "frame.time_delta": "0.144869000", - "frame.time_delta_displayed": "0.144869000", - "frame.time_relative": "966.626180000", - "frame.number": "3771", - "frame.len": "232", - "frame.cap_len": "232", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "218", - "ip.id": "0x0000d830", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "238", - "ip.proto": "6", - "ip.checksum": "0x00009d33", - "ip.checksum.status": "2", - "ip.src": "54.153.31.0", - "ip.addr": "54.153.31.0", - "ip.src_host": "54.153.31.0", - "ip.host": "54.153.31.0", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.src_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.src_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.src_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49774", - "tcp.port": "80", - "tcp.port": "49774", - "tcp.stream": "151", - "tcp.len": "178", - "tcp.seq": "1", - "tcp.nxtseq": "179", - "tcp.ack": "278", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "27872", - "tcp.window_size": "27872", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000fdea", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.018704000", - "tcp.analysis.bytes_in_flight": "178", - "tcp.analysis.push_bytes_sent": "178" - } - }, - "http": { - "HTTP\/1.1 201 Created\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 201 Created\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "201", - "http.response.phrase": "Created" - }, - "http.response.line": "Allow: POST, OPTIONS\r\n", - "http.date": "Wed, 01 Nov 2017 00:02:38 GMT", - "http.response.line": "Date: Wed, 01 Nov 2017 00:02:38 GMT\r\n", - "http.server": "nginx\/1.4.6 (Ubuntu)", - "http.response.line": "Server: nginx\/1.4.6 (Ubuntu)\r\n", - "http.response.line": "Vary: Accept, Cookie\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.response.line": "Content-Length: 0\r\n", - "http.connection": "keep-alive", - "http.response.line": "Connection: keep-alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.157294000", - "http.request_in": "3769" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:38.095318000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494558.095318000", - "frame.time_delta": "0.008452000", - "frame.time_delta_displayed": "0.008452000", - "frame.time_relative": "966.634632000", - "frame.number": "3772", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001041", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x000094d5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.153.31.0", - "ip.addr": "54.153.31.0", - "ip.dst_host": "54.153.31.0", - "ip.host": "54.153.31.0", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49774", - "tcp.dstport": "80", - "tcp.port": "49774", - "tcp.port": "80", - "tcp.stream": "151", - "tcp.len": "0", - "tcp.seq": "278", - "tcp.ack": "179", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "5422", - "tcp.window_size": "5422", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000dc96", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3771", - "tcp.analysis.ack_rtt": "0.008452000", - "tcp.analysis.initial_rtt": "0.018704000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:38.107596000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494558.107596000", - "frame.time_delta": "0.012278000", - "frame.time_delta_displayed": "0.012278000", - "frame.time_relative": "966.646910000", - "frame.number": "3773", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d831", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "238", - "ip.proto": "6", - "ip.checksum": "0x00009de4", - "ip.checksum.status": "2", - "ip.src": "54.153.31.0", - "ip.addr": "54.153.31.0", - "ip.src_host": "54.153.31.0", - "ip.host": "54.153.31.0", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.src_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.src_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.src_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49774", - "tcp.port": "80", - "tcp.port": "49774", - "tcp.stream": "151", - "tcp.len": "0", - "tcp.seq": "179", - "tcp.ack": "279", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "27872", - "tcp.window_size": "27872", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x000084e3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3772", - "tcp.analysis.ack_rtt": "0.012278000", - "tcp.analysis.initial_rtt": "0.018704000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:38.113676000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494558.113676000", - "frame.time_delta": "0.006080000", - "frame.time_delta_displayed": "0.006080000", - "frame.time_relative": "966.652990000", - "frame.number": "3774", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001042", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x000094d4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.153.31.0", - "ip.addr": "54.153.31.0", - "ip.dst_host": "54.153.31.0", - "ip.host": "54.153.31.0", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49774", - "tcp.dstport": "80", - "tcp.port": "49774", - "tcp.port": "80", - "tcp.stream": "151", - "tcp.len": "0", - "tcp.seq": "279", - "tcp.ack": "180", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5421", - "tcp.window_size": "5421", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000dc96", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3773", - "tcp.analysis.ack_rtt": "0.006080000", - "tcp.analysis.initial_rtt": "0.018704000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:38.450752000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494558.450752000", - "frame.time_delta": "0.337076000", - "frame.time_delta_displayed": "0.337076000", - "frame.time_relative": "966.990066000", - "frame.number": "3775", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.120" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:38.456757000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494558.456757000", - "frame.time_delta": "0.006005000", - "frame.time_delta_displayed": "0.006005000", - "frame.time_relative": "966.996071000", - "frame.number": "3776", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "e4:95:6e:b0:20:39", - "arp.src.proto_ipv4": "192.168.0.120", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:38.693863000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494558.693863000", - "frame.time_delta": "0.237106000", - "frame.time_delta_displayed": "0.237106000", - "frame.time_relative": "967.233177000", - "frame.number": "3777", - "frame.len": "136", - "frame.cap_len": "136", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "122", - "ip.id": "0x0000bdbd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00001b9c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "102", - "udp.checksum": "0x0000302a", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000003", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", - "dns.qry.name.len": "70", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:39.269882000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494559.269882000", - "frame.time_delta": "0.576019000", - "frame.time_delta_displayed": "0.576019000", - "frame.time_relative": "967.809196000", - "frame.number": "3778", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "00:17:88:69:ee:e4", - "arp.src.proto_ipv4": "192.168.0.160", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:39.270070000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494559.270070000", - "frame.time_delta": "0.000188000", - "frame.time_delta_displayed": "0.000188000", - "frame.time_relative": "967.809384000", - "frame.number": "3779", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:17:88:69:ee:e4", - "arp.dst.proto_ipv4": "192.168.0.160" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:46.893920000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494566.893920000", - "frame.time_delta": "7.623850000", - "frame.time_delta_displayed": "7.623850000", - "frame.time_relative": "975.433234000", - "frame.number": "3780", - "frame.len": "1323", - "frame.cap_len": "1323", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1309", - "ip.id": "0x00009602", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007294", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "1257", - "tcp.seq": "54611", - "tcp.nxtseq": "55868", - "tcp.ack": "12171", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000035e5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:2d:f6:a7:9e:ab:09", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2502134, TSecr 2812193545": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2502134", - "tcp.options.timestamp.tsecr": "2812193545" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "1257", - "tcp.analysis.push_bytes_sent": "1257" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "1252", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:c1:a2:33:d5:69:d5:ab:4c:3c:fe:1e:ee:f7:01:c3:b0:21:7e:e1:7e:43:83:21:13:7e:99:9d:70:2e:40:29:65:74:e4:f8:0b:e6:48:e5:a6:7b:20:e3:0d:9b:7f:87:fe:52:f3:96:98:1c:4d:fd:72:32:87:ea:c4:9c:05:a5:61:f2:f3:72:43:1b:0f:6e:43:c1:cd:fd:44:87:ec:60:71:98:b8:66:74:c8:24:eb:68:1d:f5:e2:4d:e3:67:f7:f3:0d:5d:76:b5:82:e7:87:88:8d:35:d7:0c:7b:90:d3:01:99:bc:6d:28:01:27:96:28:67:ba:ef:ac:1d:5c:d1:cd:a6:74:35:3a:a6:4a:64:8f:24:c2:23:37:d2:f3:81:c4:34:c3:ce:c2:1a:0a:a9:b0:da:73:e6:7a:e1:e6:a1:a1:64:09:23:d4:42:a3:b9:3f:e0:d2:60:9c:84:e0:4c:fa:2c:38:bb:29:a2:18:5c:c2:ad:2b:7e:9d:37:25:1d:95:3b:53:6e:c3:bb:fc:47:14:01:79:be:4d:ed:7d:90:80:cd:7e:f4:c5:7b:39:41:b6:af:46:b8:49:da:87:fb:be:b0:4f:54:3b:df:cc:46:8f:fc:94:84:61:cc:87:5e:15:09:6b:7e:93:1b:ae:11:d3:f2:de:bb:3a:83:d7:de:89:ff:ec:cd:5d:ad:54:cc:0a:06:dd:3b:87:c0:39:28:a2:1f:fd:ee:21:23:e5:29:e5:3e:64:1c:a9:14:5a:44:ca:d4:2c:02:6f:3b:19:b6:ff:e5:5a:7d:7c:70:6d:c2:f4:b5:31:fd:f2:98:76:d5:e4:36:a1:d6:0f:82:9a:88:bb:c3:0f:ce:6f:2a:bf:3d:7a:5f:87:77:9d:eb:6c:50:bb:b4:4c:0b:ff:bc:df:79:ce:48:d5:32:78:01:70:bb:14:e6:fb:6d:23:59:df:e8:96:bd:9f:4b:b1:be:a2:6e:6a:78:2a:58:df:d2:48:c0:6a:7b:04:22:d8:53:41:83:dd:b5:98:b1:70:b4:80:10:78:db:af:ab:9a:6e:3a:51:60:5f:e5:a0:a4:20:d1:6a:53:32:30:f2:13:bc:47:ea:e8:35:96:97:bf:d7:a4:75:47:18:62:0b:7b:0d:fd:ed:a6:ce:43:d4:16:97:7f:eb:24:d5:81:6c:dc:a7:c1:ed:0d:b7:67:38:de:39:e4:f8:61:56:e9:61:92:40:fc:69:dd:eb:c2:a3:a0:6b:4d:43:1e:93:df:51:8d:aa:87:4d:31:d3:fc:6c:eb:cb:2d:2d:db:37:f5:61:d6:cf:4d:03:52:a2:ad:cd:a9:fa:da:ea:e5:67:82:54:3f:1f:82:06:79:f4:45:5b:44:3e:6e:d9:35:1c:5a:5b:97:e2:9a:e5:7d:07:3b:b1:ed:0f:a4:7a:c4:c8:9d:8e:62:8d:81:04:c4:2a:0b:76:af:46:67:59:68:76:ed:d0:50:d2:88:d5:b6:ef:4a:bb:28:55:2a:87:71:f8:0f:6a:c5:b4:d8:63:ee:f8:e8:19:d8:94:13:a6:1e:2b:b6:6c:97:fa:a6:1b:e8:75:83:80:45:fa:e5:17:ab:eb:dc:2b:0c:2a:59:16:7a:9b:dd:d8:33:fe:a0:aa:53:6a:cc:23:8d:72:42:6c:ef:9c:ae:40:37:9c:1e:c7:79:34:41:d4:ed:21:5c:39:41:bc:70:ad:3e:a1:b5:83:fa:03:9b:59:ca:b4:78:41:ad:dd:78:54:ee:c3:f8:bd:1e:9c:f4:b6:65:c2:3b:fc:50:57:3a:0b:dc:78:b4:99:dc:be:43:3a:3c:a7:d7:3b:31:f7:75:8c:80:ad:9b:04:23:f7:03:32:97:a6:72:df:67:39:d5:84:b0:01:7b:a8:5a:34:ad:c0:e5:2c:7f:06:48:67:bc:57:4e:c7:92:39:1a:02:a2:b3:a5:b3:0c:9d:d2:6f:55:2b:46:bf:09:13:45:0f:b8:12:12:1b:2b:b9:65:c8:5c:a0:cf:e6:f4:52:6f:14:0b:cd:2e:b0:5c:5d:8b:6e:e1:a2:43:69:4e:8d:29:35:86:79:f1:03:e3:54:95:e7:9d:dc:3d:ae:8f:cf:a8:eb:67:47:c0:c1:5c:53:18:83:3d:7d:cc:cc:aa:5c:8b:80:7a:4c:51:f0:fe:49:eb:4f:db:65:6b:ab:80:17:ba:df:8e:2a:af:ce:64:eb:d1:f4:b3:46:e7:d2:59:05:c0:8c:fd:ed:dc:e7:7d:c1:a8:b2:0e:52:0c:94:43:9c:6c:33:21:5c:e7:40:57:52:8b:6a:39:4d:18:37:27:ec:a3:b7:4f:5b:e3:d2:12:18:4a:39:43:89:fe:55:7e:a6:1c:ad:ce:cc:21:e0:a1:6b:38:da:d4:4e:32:a7:17:19:7e:59:69:11:0d:36:ec:c6:d6:b2:d2:4a:44:de:87:10:75:66:c1:fd:d7:75:ff:d9:81:b6:e8:cc:47:79:1a:3e:63:b4:f3:16:a9:1c:1a:52:45:81:81:02:a6:fa:79:26:2d:6f:9a:33:52:d1:38:9a:51:21:57:be:61:2d:73:33:c6:3a:83:86:d7:a9:c2:de:d3:f3:c0:3d:d1:59:00:0c:a5:ca:a9:76:70:0c:25:7b:fe:fb:1e:28:a6:ce:d3:2a:fe:31:d9:a9:de:e8:7b:45:d7:d4:77:ba:d8:97:0e:c4:0d:6c:41:c9:93:92:50:cc:bb:da:a0:02:38:93:2e:ba:80:6e:d9:4a:37:10:51:be:73:90:07:4a:fc:5f:28:ac:c7:5c:ad:8e:2a:3f:5b:b9:59:ec:15:0a:6d:28:0f:2c:87:69:21:de:a9:6d:3f:8e:80:25:01:7f:77:29:5c:46:2d:97:66:34:c2:b9:b1:30:34:6a:ae:cf:17:7c:36:5a:6a:e5:cd:1d:83:de:2b:ee:c6:7d:49:73:3c:43:53:f4:5f:cd:8f:b6:28:cf:b1:a7:e2:5e:5c:ac:3d:52:32:bc:52:94:34:d5:0c:dc:2b:a0:32:10:0d:7a:d9:ca:44:7b:1a:b4:fd:4e:77:3c:d8:ea:c6:71:bb:64:3e:ae:d8:90:d2:f7:35:30:d4:af:e1:b8:9e:86:35:a3:6b:fe:eb:62:9c:79:c6:48:22:f3:97:8c:e3:95:3d:32:89:02:57:20:91:4f:b5:98:94:d5:87:a0:93:55:33:d9:72:30:2e:a2:5a:bb:3e:4b:36:32:2d:bb:38:45:d0:03:8b:6f:b0:ef:d1:2f:00:39:9f:17:33:07:76:30:b4:1c:a6:f1:58:52:f0:bc:b8:99:fc:29" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:46.990685000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494566.990685000", - "frame.time_delta": "0.096765000", - "frame.time_delta_displayed": "0.096765000", - "frame.time_relative": "975.529999000", - "frame.number": "3781", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d0b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003874", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "12171", - "tcp.ack": "55868", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000bcce", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:b4:00:00:26:2d:f6", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812195840, TSecr 2502134": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812195840", - "tcp.options.timestamp.tsecr": "2502134" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3780", - "tcp.analysis.ack_rtt": "0.096765000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:47.100865000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494567.100865000", - "frame.time_delta": "0.110180000", - "frame.time_delta_displayed": "0.110180000", - "frame.time_relative": "975.640179000", - "frame.number": "3782", - "frame.len": "83", - "frame.cap_len": "83", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "69", - "ip.id": "0x0000c5ae", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000013e0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "49", - "udp.checksum": "0x0000edf6", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_smartthings._tcp.local", - "dns.qry.name.len": "23", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:47.102579000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494567.102579000", - "frame.time_delta": "0.001714000", - "frame.time_delta_displayed": "0.001714000", - "frame.time_relative": "975.641893000", - "frame.number": "3783", - "frame.len": "211", - "frame.cap_len": "211", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "197", - "ip.id": "0x0000424c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00009645", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "177", - "udp.checksum": "0x00009320", - "udp.checksum.status": "2", - "udp.stream": "45" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00008400", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "1", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.recavail": "0", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "0", - "dns.count.answers": "4", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Answers": { - "_smartthings._tcp.local: type PTR, class IN, D052A8A1D7EE0001._smartthings._tcp.local": { - "dns.resp.name": "_smartthings._tcp.local", - "dns.resp.type": "12", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "4500", - "dns.resp.len": "19", - "dns.ptr.domain_name": "D052A8A1D7EE0001._smartthings._tcp.local" - }, - "D052A8A1D7EE0001._smartthings._tcp.local: type TXT, class IN, cache flush": { - "dns.resp.name": "D052A8A1D7EE0001._smartthings._tcp.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "1", - "dns.resp.ttl": "4500", - "dns.resp.len": "38", - "dns.txt.length": "6", - "dns.txt": "path=\/", - "dns.txt.length": "19", - "dns.txt": "id=D052A8A1D7EE0001", - "dns.txt.length": "10", - "dns.txt": "type=hubv2" - }, - "D052A8A1D7EE0001._smartthings._tcp.local: type SRV, class IN, cache flush, priority 0, weight 0, port 8081, target D052A8A1D7EE0001.local": { - "dns.srv.service": "D052A8A1D7EE0001", - "dns.srv.proto": "_smartthings", - "dns.srv.name": "_tcp.local", - "dns.resp.type": "33", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "1", - "dns.resp.ttl": "120", - "dns.resp.len": "25", - "dns.srv.priority": "0", - "dns.srv.weight": "0", - "dns.srv.port": "8081", - "dns.srv.target": "D052A8A1D7EE0001.local" - }, - "D052A8A1D7EE0001.local: type A, class IN, cache flush, addr 192.168.0.242": { - "dns.resp.name": "D052A8A1D7EE0001.local", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "1", - "dns.resp.ttl": "120", - "dns.resp.len": "4", - "dns.a": "192.168.0.242" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:47.234393000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494567.234393000", - "frame.time_delta": "0.131814000", - "frame.time_delta_displayed": "0.131814000", - "frame.time_relative": "975.773707000", - "frame.number": "3784", - "frame.len": "83", - "frame.cap_len": "83", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "69", - "ip.id": "0x0000c5b7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000013d7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "49", - "udp.checksum": "0x0000edf6", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_smartthings._tcp.local", - "dns.qry.name.len": "23", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:47.459038000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494567.459038000", - "frame.time_delta": "0.224645000", - "frame.time_delta_displayed": "0.224645000", - "frame.time_relative": "975.998352000", - "frame.number": "3785", - "frame.len": "83", - "frame.cap_len": "83", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "69", - "ip.id": "0x0000c5df", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000013af", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "49", - "udp.checksum": "0x0000edf6", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_smartthings._tcp.local", - "dns.qry.name.len": "23", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:50.600947000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494570.600947000", - "frame.time_delta": "3.141909000", - "frame.time_delta_displayed": "3.141909000", - "frame.time_relative": "979.140261000", - "frame.number": "3786", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001dc2", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000ba2e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00000b90", - "udp.checksum.status": "2", - "udp.stream": "16" - }, - "mdns": { - "dns.id": "0x00000272", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=626", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:50.601510000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494570.601510000", - "frame.time_delta": "0.000563000", - "frame.time_delta_displayed": "0.000563000", - "frame.time_relative": "979.140824000", - "frame.number": "3787", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001dc3", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009b29", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000ec8b", - "udp.checksum.status": "2", - "udp.stream": "17" - }, - "mdns": { - "dns.id": "0x00000272", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=626", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:50.602086000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494570.602086000", - "frame.time_delta": "0.000576000", - "frame.time_delta_displayed": "0.000576000", - "frame.time_relative": "979.141400000", - "frame.number": "3788", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1319", - "udp.dstport": "5353", - "udp.port": "1319", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00007a51", - "udp.checksum.status": "2", - "udp.stream": "18" - }, - "mdns": { - "dns.id": "0x00000272", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=626", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:54.741408000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494574.741408000", - "frame.time_delta": "4.139322000", - "frame.time_delta_displayed": "4.139322000", - "frame.time_relative": "983.280722000", - "frame.number": "3789", - "frame.len": "418", - "frame.cap_len": "418", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "404", - "ip.id": "0x00009603", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000761c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "352", - "tcp.seq": "55868", - "tcp.nxtseq": "56220", - "tcp.ack": "12171", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00004e83", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:31:07:a7:9e:b4:00", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2502919, TSecr 2812195840": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2502919", - "tcp.options.timestamp.tsecr": "2812195840" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "352", - "tcp.analysis.push_bytes_sent": "352" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "347", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:c2:fb:aa:be:8a:df:f4:ed:3a:92:05:57:e8:79:5c:2a:8e:9d:a7:0a:dc:35:24:45:b7:16:ef:33:27:82:d0:bf:d4:cd:95:41:76:90:c3:34:a0:a7:90:e3:17:0c:6e:c2:3b:0e:c3:6a:d8:d0:66:5a:63:5a:d0:59:d5:54:e9:22:35:3e:50:84:02:68:88:b6:e9:92:c6:e2:41:02:7f:b9:a0:0b:71:2e:67:94:61:b0:82:9e:3b:60:6a:bc:92:83:e0:c4:d6:f5:c6:a7:d0:59:e8:2b:61:42:41:86:e6:e2:f0:ed:68:7c:49:99:8f:3f:b1:96:c5:cd:7c:45:47:13:9a:e2:36:6f:a5:98:35:3c:4c:f7:7c:47:07:7e:b1:59:82:9b:59:1d:c1:c1:68:70:4f:ea:c8:0e:3e:88:12:b9:30:48:22:ed:ee:ae:44:1e:70:f2:0b:db:eb:2a:23:1a:fa:74:f6:e9:6b:69:57:c9:6b:46:7a:3c:ea:bf:b8:28:e3:6a:99:ff:21:1d:bf:67:5d:37:c8:df:3a:c7:0f:55:29:bc:86:a5:43:9c:a3:92:ed:6a:88:55:33:10:11:5e:13:9e:91:13:d1:c6:a1:e6:88:40:d1:dc:27:99:57:7f:00:cd:f1:f4:91:56:76:51:29:62:a5:e3:0a:51:e1:16:51:c6:46:96:f7:bd:c4:d8:37:6f:b4:d0:9e:e9:b3:31:f2:41:de:d4:0c:7a:e6:30:8c:ea:d9:43:cc:d6:19:9e:b6:64:d1:06:08:ef:61:73:57:38:b9:aa:2f:51:5a:bc:ce:11:26:01:41:1c:1e:c0:18:bf:cb:39:8d:cd:51:15:3d:05:e4:53:7e:ae:37:ab:ce:c0:83:c5:6d:c1:c8:59:7d:80:49:84" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:54.801585000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494574.801585000", - "frame.time_delta": "0.060177000", - "frame.time_delta_displayed": "0.060177000", - "frame.time_relative": "983.340899000", - "frame.number": "3790", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d0c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003873", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "12171", - "tcp.ack": "56220", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000b0bd", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:bb:a0:00:26:31:07", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812197792, TSecr 2502919": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812197792", - "tcp.options.timestamp.tsecr": "2502919" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3789", - "tcp.analysis.ack_rtt": "0.060177000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:54.802161000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494574.802161000", - "frame.time_delta": "0.000576000", - "frame.time_delta_displayed": "0.000576000", - "frame.time_relative": "983.341475000", - "frame.number": "3791", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002d0d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003843", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "12171", - "tcp.nxtseq": "12218", - "tcp.ack": "56220", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000a47c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:bb:a0:00:26:31:07", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812197792, TSecr 2502919": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812197792", - "tcp.options.timestamp.tsecr": "2502919" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:80:46:de:60:aa:f4:90:df:7b:6a:87:a7:2a:f6:34:c2:a8:b9:34:1c:79:72:df:68:04:7b:1f:f6:ff:85:1f:bd:73:9c:b1" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:54.802551000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494574.802551000", - "frame.time_delta": "0.000390000", - "frame.time_delta_displayed": "0.000390000", - "frame.time_relative": "983.341865000", - "frame.number": "3792", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00009604", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000777b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "56220", - "tcp.ack": "12218", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000af99", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:31:0d:a7:9e:bb:a0", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2502925, TSecr 2812197792": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2502925", - "tcp.options.timestamp.tsecr": "2812197792" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3791", - "tcp.analysis.ack_rtt": "0.000390000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:55.601219000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494575.601219000", - "frame.time_delta": "0.798668000", - "frame.time_delta_displayed": "0.798668000", - "frame.time_relative": "984.140533000", - "frame.number": "3793", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001dc4", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000ba2c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00000b90", - "udp.checksum.status": "2", - "udp.stream": "16" - }, - "mdns": { - "dns.id": "0x00000272", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=626", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:55.602143000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494575.602143000", - "frame.time_delta": "0.000924000", - "frame.time_delta_displayed": "0.000924000", - "frame.time_relative": "984.141457000", - "frame.number": "3794", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001dc5", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009b27", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000ec8b", - "udp.checksum.status": "2", - "udp.stream": "17" - }, - "mdns": { - "dns.id": "0x00000272", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=626", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:55.602820000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494575.602820000", - "frame.time_delta": "0.000677000", - "frame.time_delta_displayed": "0.000677000", - "frame.time_relative": "984.142134000", - "frame.number": "3795", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1319", - "udp.dstport": "5353", - "udp.port": "1319", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00007a51", - "udp.checksum.status": "2", - "udp.stream": "18" - }, - "mdns": { - "dns.id": "0x00000272", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=626", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:58.037545000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494578.037545000", - "frame.time_delta": "2.434725000", - "frame.time_delta_displayed": "2.434725000", - "frame.time_relative": "986.576859000", - "frame.number": "3796", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x0000c275", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000006e2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:58.090358000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494578.090358000", - "frame.time_delta": "0.052813000", - "frame.time_delta_displayed": "0.052813000", - "frame.time_relative": "986.629672000", - "frame.number": "3797", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x0000c277", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000006e0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:58.143225000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494578.143225000", - "frame.time_delta": "0.052867000", - "frame.time_delta_displayed": "0.052867000", - "frame.time_relative": "986.682539000", - "frame.number": "3798", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x0000c27a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000006d4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:58.196092000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494578.196092000", - "frame.time_delta": "0.052867000", - "frame.time_delta_displayed": "0.052867000", - "frame.time_relative": "986.735406000", - "frame.number": "3799", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x0000c27c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000006d2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:58.249033000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494578.249033000", - "frame.time_delta": "0.052941000", - "frame.time_delta_displayed": "0.052941000", - "frame.time_relative": "986.788347000", - "frame.number": "3800", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x0000c281", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000006d3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:58.301877000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494578.301877000", - "frame.time_delta": "0.052844000", - "frame.time_delta_displayed": "0.052844000", - "frame.time_relative": "986.841191000", - "frame.number": "3801", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x0000c286", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000006ce", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:02:58.700882000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494578.700882000", - "frame.time_delta": "0.399005000", - "frame.time_delta_displayed": "0.399005000", - "frame.time_relative": "987.240196000", - "frame.number": "3802", - "frame.len": "136", - "frame.cap_len": "136", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "122", - "ip.id": "0x0000d078", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000008e1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "102", - "udp.checksum": "0x0000302a", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000003", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", - "dns.qry.name.len": "70", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:00.601524000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494580.601524000", - "frame.time_delta": "1.900642000", - "frame.time_delta_displayed": "1.900642000", - "frame.time_relative": "989.140838000", - "frame.number": "3803", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001dc6", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000ba2a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00000b90", - "udp.checksum.status": "2", - "udp.stream": "16" - }, - "mdns": { - "dns.id": "0x00000272", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=626", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:00.602075000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494580.602075000", - "frame.time_delta": "0.000551000", - "frame.time_delta_displayed": "0.000551000", - "frame.time_relative": "989.141389000", - "frame.number": "3804", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001dc7", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009b25", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000ec8b", - "udp.checksum.status": "2", - "udp.stream": "17" - }, - "mdns": { - "dns.id": "0x00000272", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=626", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:00.602643000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494580.602643000", - "frame.time_delta": "0.000568000", - "frame.time_delta_displayed": "0.000568000", - "frame.time_relative": "989.141957000", - "frame.number": "3805", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1319", - "udp.dstport": "5353", - "udp.port": "1319", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00007a51", - "udp.checksum.status": "2", - "udp.stream": "18" - }, - "mdns": { - "dns.id": "0x00000272", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=626", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:04.399913000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494584.399913000", - "frame.time_delta": "3.797270000", - "frame.time_delta_displayed": "3.797270000", - "frame.time_relative": "992.939227000", - "frame.number": "3806", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000057f7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a69a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "321", - "tcp.ack": "289", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000045f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive": "", - "_ws.expert.message": "TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:04.543326000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494584.543326000", - "frame.time_delta": "0.143413000", - "frame.time_delta_displayed": "0.143413000", - "frame.time_relative": "993.082640000", - "frame.number": "3807", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000fe4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fdad", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "289", - "tcp.ack": "322", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00000ed4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive_ack": "", - "_ws.expert.message": "ACK to a TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:06.488578000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494586.488578000", - "frame.time_delta": "1.945252000", - "frame.time_delta_displayed": "1.945252000", - "frame.time_relative": "995.027892000", - "frame.number": "3808", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005c9f", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x00005b4a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:09.409838000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494589.409838000", - "frame.time_delta": "2.921260000", - "frame.time_delta_displayed": "2.921260000", - "frame.time_relative": "997.949152000", - "frame.number": "3809", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "00:17:88:69:ee:e4", - "arp.src.proto_ipv4": "192.168.0.160", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:09.410015000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494589.410015000", - "frame.time_delta": "0.000177000", - "frame.time_delta_displayed": "0.000177000", - "frame.time_relative": "997.949329000", - "frame.number": "3810", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:17:88:69:ee:e4", - "arp.dst.proto_ipv4": "192.168.0.160" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:10.207647000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494590.207647000", - "frame.time_delta": "0.797632000", - "frame.time_delta_displayed": "0.797632000", - "frame.time_relative": "998.746961000", - "frame.number": "3811", - "frame.len": "98", - "frame.cap_len": "98", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "84", - "ip.id": "0x00000acb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ede5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "64", - "udp.checksum": "0x00008af5", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "38:00:00:54:42:52:4b:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:00:84:69:59:d9:54:cd:f2:14:0f:00:00:00:00:a6:d4:73:1a:21:e0:13:ff:c9:9a:3b:00:00:00:00:01:00:02:00", - "data.len": "56" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:11.925020000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494591.925020000", - "frame.time_delta": "1.717373000", - "frame.time_delta_displayed": "1.717373000", - "frame.time_relative": "1000.464334000", - "frame.number": "3812", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "50:c7:bf:59:d5:84", - "eth.src_tree": { - "eth.src_resolved": "Tp-LinkT_59:d5:84", - "eth.addr": "50:c7:bf:59:d5:84", - "eth.addr_resolved": "Tp-LinkT_59:d5:84", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "50:c7:bf:59:d5:84", - "arp.src.proto_ipv4": "192.168.0.221", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:18.702577000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494598.702577000", - "frame.time_delta": "6.777557000", - "frame.time_delta_displayed": "6.777557000", - "frame.time_relative": "1007.241891000", - "frame.number": "3813", - "frame.len": "136", - "frame.cap_len": "136", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "122", - "ip.id": "0x0000e5fd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000f35b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "102", - "udp.checksum": "0x0000302a", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000003", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", - "dns.qry.name.len": "70", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:25.811662000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494605.811662000", - "frame.time_delta": "7.109085000", - "frame.time_delta_displayed": "7.109085000", - "frame.time_relative": "1014.350976000", - "frame.number": "3814", - "frame.len": "115", - "frame.cap_len": "115", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "101", - "ip.id": "0x00009605", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007749", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "49", - "tcp.seq": "56220", - "tcp.nxtseq": "56269", - "tcp.ack": "12218", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00007959", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:3d:2a:a7:9e:bb:a0", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2506026, TSecr 2812197792": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2506026", - "tcp.options.timestamp.tsecr": "2812197792" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "49", - "tcp.analysis.push_bytes_sent": "49" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "44", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:c3:7d:3a:f7:da:01:45:24:0a:f9:0d:fb:f9:00:de:9f:9b:d1:06:7f:e8:df:8d:d3:58:5c:4d:27:1f:5e:81:2c:bd:a5:f2:e1:0a" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:25.872433000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494605.872433000", - "frame.time_delta": "0.060771000", - "frame.time_delta_displayed": "0.060771000", - "frame.time_relative": "1014.411747000", - "frame.number": "3815", - "frame.len": "121", - "frame.cap_len": "121", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "107", - "ip.id": "0x00002d0e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000383a", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "55", - "tcp.seq": "12218", - "tcp.nxtseq": "12273", - "tcp.ack": "56269", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00000b4f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:d9:f8:00:26:3d:2a", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812205560, TSecr 2506026": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812205560", - "tcp.options.timestamp.tsecr": "2506026" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3814", - "tcp.analysis.ack_rtt": "0.060771000", - "tcp.analysis.bytes_in_flight": "55", - "tcp.analysis.push_bytes_sent": "55" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "50", - "ssl.app_data": "34:cd:34:17:47:48:0e:81:92:5a:3a:a0:ef:85:61:e5:0d:1b:40:69:74:a8:a8:af:7d:44:3a:6b:72:56:ab:8a:50:66:ab:b4:85:55:59:96:d7:39:1b:12:ac:67:70:eb:49:07" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:25.872936000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494605.872936000", - "frame.time_delta": "0.000503000", - "frame.time_delta_displayed": "0.000503000", - "frame.time_relative": "1014.412250000", - "frame.number": "3816", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00009606", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007779", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "56269", - "tcp.ack": "12273", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000084b6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:3d:30:a7:9e:d9:f8", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2506032, TSecr 2812205560": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2506032", - "tcp.options.timestamp.tsecr": "2812205560" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3815", - "tcp.analysis.ack_rtt": "0.000503000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:28.850674000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494608.850674000", - "frame.time_delta": "2.977738000", - "frame.time_delta_displayed": "2.977738000", - "frame.time_relative": "1017.389988000", - "frame.number": "3817", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "3c:ef:8c:6f:79:5a", - "eth.src_tree": { - "eth.src_resolved": "Zhejiang_6f:79:5a", - "eth.addr": "3c:ef:8c:6f:79:5a", - "eth.addr_resolved": "Zhejiang_6f:79:5a", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.isgratuitous": "1", - "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", - "arp.src.proto_ipv4": "192.168.0.71", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.71" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:29.058068000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494609.058068000", - "frame.time_delta": "0.207394000", - "frame.time_delta_displayed": "0.207394000", - "frame.time_relative": "1017.597382000", - "frame.number": "3818", - "frame.len": "130", - "frame.cap_len": "130", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "116", - "ip.id": "0x00000acd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000edc3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "96", - "udp.checksum": "0x000001dd", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:26:04:96:e5:3c:59:cd:f2:14:6b:00:00:00:52:a0:21:21:33:33:34:21:00:00:00:00:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", - "data.len": "88" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:29.156581000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494609.156581000", - "frame.time_delta": "0.098513000", - "frame.time_delta_displayed": "0.098513000", - "frame.time_relative": "1017.695895000", - "frame.number": "3819", - "frame.len": "78", - "frame.cap_len": "78", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "64", - "ip.id": "0x00000acf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000edf5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "44", - "udp.checksum": "0x0000d0dd", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "24:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:27:04:77:db:42:59:cd:f2:14:2d:00:00:00", - "data.len": "36" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:29.261074000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494609.261074000", - "frame.time_delta": "0.104493000", - "frame.time_delta_displayed": "0.104493000", - "frame.time_relative": "1017.800388000", - "frame.number": "3820", - "frame.len": "130", - "frame.cap_len": "130", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "116", - "ip.id": "0x00000ad1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000edbf", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "96", - "udp.checksum": "0x00006d66", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:28:44:9a:e0:48:59:cd:f2:14:6b:00:00:00:52:a0:21:21:33:33:34:21:00:00:59:64:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", - "data.len": "88" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:30.437547000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494610.437547000", - "frame.time_delta": "1.176473000", - "frame.time_delta_displayed": "1.176473000", - "frame.time_relative": "1018.976861000", - "frame.number": "3821", - "frame.len": "168", - "frame.cap_len": "168", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "154", - "ip.id": "0x000020f6", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e74e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "52117", - "udp.dstport": "1900", - "udp.port": "52117", - "udp.port": "1900", - "udp.length": "134", - "udp.checksum": "0x00004d48", - "udp.checksum.status": "2", - "udp.stream": "10" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "9", - "http.prev_request_in": "3441" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:30.831902000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494610.831902000", - "frame.time_delta": "0.394355000", - "frame.time_delta_displayed": "0.394355000", - "frame.time_relative": "1019.371216000", - "frame.number": "3822", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000a4e8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00001263", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "305", - "udp.checksum": "0x0000f985", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "49", - "http.prev_response_in": "3511" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:30.834950000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494610.834950000", - "frame.time_delta": "0.003048000", - "frame.time_delta_displayed": "0.003048000", - "frame.time_relative": "1019.374264000", - "frame.number": "3823", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001a36", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005e31", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54615", - "tcp.dstport": "80", - "tcp.port": "54615", - "tcp.port": "80", - "tcp.stream": "152", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x00008af8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:30.835488000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494610.835488000", - "frame.time_delta": "0.000538000", - "frame.time_delta_displayed": "0.000538000", - "frame.time_relative": "1019.374802000", - "frame.number": "3824", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54615", - "tcp.port": "80", - "tcp.port": "54615", - "tcp.stream": "152", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00005006", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3823", - "tcp.analysis.ack_rtt": "0.000538000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:30.842939000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494610.842939000", - "frame.time_delta": "0.007451000", - "frame.time_delta_displayed": "0.007451000", - "frame.time_relative": "1019.382253000", - "frame.number": "3825", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001a37", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005e3c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54615", - "tcp.dstport": "80", - "tcp.port": "54615", - "tcp.port": "80", - "tcp.stream": "152", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000001e5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3824", - "tcp.analysis.ack_rtt": "0.007451000", - "tcp.analysis.initial_rtt": "0.007989000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:30.843513000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494610.843513000", - "frame.time_delta": "0.000574000", - "frame.time_delta_displayed": "0.000574000", - "frame.time_relative": "1019.382827000", - "frame.number": "3826", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001a38", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005d94", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54615", - "tcp.dstport": "80", - "tcp.port": "54615", - "tcp.port": "80", - "tcp.stream": "152", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000175e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.007989000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:30.843990000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494610.843990000", - "frame.time_delta": "0.000477000", - "frame.time_delta_displayed": "0.000477000", - "frame.time_relative": "1019.383304000", - "frame.number": "3827", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000368b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000081e8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54615", - "tcp.port": "80", - "tcp.port": "54615", - "tcp.stream": "152", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000f375", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3826", - "tcp.analysis.ack_rtt": "0.000477000", - "tcp.analysis.initial_rtt": "0.007989000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:30.844639000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494610.844639000", - "frame.time_delta": "0.000649000", - "frame.time_delta_displayed": "0.000649000", - "frame.time_relative": "1019.383953000", - "frame.number": "3828", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000368c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000081d6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54615", - "tcp.port": "80", - "tcp.port": "54615", - "tcp.stream": "152", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00003397", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.007989000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:30.844986000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494610.844986000", - "frame.time_delta": "0.000347000", - "frame.time_delta_displayed": "0.000347000", - "frame.time_relative": "1019.384300000", - "frame.number": "3829", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000368d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007e03", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54615", - "tcp.port": "80", - "tcp.port": "54615", - "tcp.stream": "152", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00008600", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.007989000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "3828", - "tcp.segment": "3829", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001473000", - "http.request_in": "3826", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:30.848156000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494610.848156000", - "frame.time_delta": "0.003170000", - "frame.time_delta_displayed": "0.003170000", - "frame.time_relative": "1019.387470000", - "frame.number": "3830", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001a39", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005e3a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54615", - "tcp.dstport": "80", - "tcp.port": "54615", - "tcp.port": "80", - "tcp.stream": "152", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000fd4c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3829", - "tcp.analysis.ack_rtt": "0.003170000", - "tcp.analysis.initial_rtt": "0.007989000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:30.848780000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494610.848780000", - "frame.time_delta": "0.000624000", - "frame.time_delta_displayed": "0.000624000", - "frame.time_relative": "1019.388094000", - "frame.number": "3831", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001a3a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005e39", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54615", - "tcp.dstport": "80", - "tcp.port": "54615", - "tcp.port": "80", - "tcp.stream": "152", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000fd4b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:30.849228000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494610.849228000", - "frame.time_delta": "0.000448000", - "frame.time_delta_displayed": "0.000448000", - "frame.time_relative": "1019.388542000", - "frame.number": "3832", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005c95", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005bde", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54615", - "tcp.port": "80", - "tcp.port": "54615", - "tcp.stream": "152", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000ef7f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3831", - "tcp.analysis.ack_rtt": "0.000448000", - "tcp.analysis.initial_rtt": "0.007989000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:30.880210000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494610.880210000", - "frame.time_delta": "0.030982000", - "frame.time_delta_displayed": "0.030982000", - "frame.time_relative": "1019.419524000", - "frame.number": "3833", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.242" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:30.880653000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494610.880653000", - "frame.time_delta": "0.000443000", - "frame.time_delta_displayed": "0.000443000", - "frame.time_relative": "1019.419967000", - "frame.number": "3834", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "d0:52:a8:a3:60:0f", - "arp.src.proto_ipv4": "192.168.0.242", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:30.884791000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494610.884791000", - "frame.time_delta": "0.004138000", - "frame.time_delta_displayed": "0.004138000", - "frame.time_relative": "1019.424105000", - "frame.number": "3835", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000a4ec", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00001256", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "314", - "udp.checksum": "0x00000771", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "50", - "http.prev_response_in": "3822" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:30.901281000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494610.901281000", - "frame.time_delta": "0.016490000", - "frame.time_delta_displayed": "0.016490000", - "frame.time_relative": "1019.440595000", - "frame.number": "3836", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001a3b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005e2c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54616", - "tcp.dstport": "80", - "tcp.port": "54616", - "tcp.port": "80", - "tcp.stream": "153", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x0000bdda", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:30.901826000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494610.901826000", - "frame.time_delta": "0.000545000", - "frame.time_delta_displayed": "0.000545000", - "frame.time_relative": "1019.441140000", - "frame.number": "3837", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54616", - "tcp.port": "80", - "tcp.port": "54616", - "tcp.stream": "153", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000608e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3836", - "tcp.analysis.ack_rtt": "0.000545000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:30.904743000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494610.904743000", - "frame.time_delta": "0.002917000", - "frame.time_delta_displayed": "0.002917000", - "frame.time_relative": "1019.444057000", - "frame.number": "3838", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001a3c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005e37", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54616", - "tcp.dstport": "80", - "tcp.port": "54616", - "tcp.port": "80", - "tcp.stream": "153", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000126d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3837", - "tcp.analysis.ack_rtt": "0.002917000", - "tcp.analysis.initial_rtt": "0.003462000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:30.905353000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494610.905353000", - "frame.time_delta": "0.000610000", - "frame.time_delta_displayed": "0.000610000", - "frame.time_relative": "1019.444667000", - "frame.number": "3839", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001a3d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005d8f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54616", - "tcp.dstport": "80", - "tcp.port": "54616", - "tcp.port": "80", - "tcp.stream": "153", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000027e6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003462000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:30.906118000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494610.906118000", - "frame.time_delta": "0.000765000", - "frame.time_delta_displayed": "0.000765000", - "frame.time_relative": "1019.445432000", - "frame.number": "3840", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d6eb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e187", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54616", - "tcp.port": "80", - "tcp.port": "54616", - "tcp.stream": "153", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000003fe", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3839", - "tcp.analysis.ack_rtt": "0.000765000", - "tcp.analysis.initial_rtt": "0.003462000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:30.906737000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494610.906737000", - "frame.time_delta": "0.000619000", - "frame.time_delta_displayed": "0.000619000", - "frame.time_relative": "1019.446051000", - "frame.number": "3841", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000d6ec", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e175", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54616", - "tcp.port": "80", - "tcp.port": "54616", - "tcp.stream": "153", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000441f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003462000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:30.907092000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494610.907092000", - "frame.time_delta": "0.000355000", - "frame.time_delta_displayed": "0.000355000", - "frame.time_relative": "1019.446406000", - "frame.number": "3842", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000d6ed", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000dda2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54616", - "tcp.port": "80", - "tcp.port": "54616", - "tcp.stream": "153", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00009688", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003462000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "3841", - "tcp.segment": "3842", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001739000", - "http.request_in": "3839", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:30.909970000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494610.909970000", - "frame.time_delta": "0.002878000", - "frame.time_delta_displayed": "0.002878000", - "frame.time_relative": "1019.449284000", - "frame.number": "3843", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001a3e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005e35", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54616", - "tcp.dstport": "80", - "tcp.port": "54616", - "tcp.port": "80", - "tcp.stream": "153", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00000dd5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3842", - "tcp.analysis.ack_rtt": "0.002878000", - "tcp.analysis.initial_rtt": "0.003462000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:30.909944000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494610.909944000", - "frame.time_delta": "-0.000026000", - "frame.time_delta_displayed": "-0.000026000", - "frame.time_relative": "1019.449258000", - "frame.number": "3844", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000d6ee", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000dda1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54616", - "tcp.port": "80", - "tcp.port": "54616", - "tcp.stream": "153", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00009688", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003462000", - "tcp.analysis.bytes_in_flight": "996", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.out_of_order": "", - "_ws.expert.message": "This frame is a (suspected) out-of-order segment", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - } - } - }, - "_ws.malformed": { - "_ws.expert": { - "_ws.malformed.reassembly": "", - "_ws.expert.message": "New fragment overlaps old data (retransmission?)", - "_ws.expert.severity": "8388608", - "_ws.expert.group": "117440512" - }, - "_ws.malformed": "Malformed Packet" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:30.910566000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494610.910566000", - "frame.time_delta": "0.000622000", - "frame.time_delta_displayed": "0.000622000", - "frame.time_relative": "1019.449880000", - "frame.number": "3845", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001a3f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005e34", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54616", - "tcp.dstport": "80", - "tcp.port": "54616", - "tcp.port": "80", - "tcp.stream": "153", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00000dd4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3844", - "tcp.analysis.ack_rtt": "0.000622000", - "tcp.analysis.initial_rtt": "0.003462000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:30.910992000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494610.910992000", - "frame.time_delta": "0.000426000", - "frame.time_delta_displayed": "0.000426000", - "frame.time_relative": "1019.450306000", - "frame.number": "3846", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005c9b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005bd8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54616", - "tcp.port": "80", - "tcp.port": "54616", - "tcp.stream": "153", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00000008", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3845", - "tcp.analysis.ack_rtt": "0.000426000", - "tcp.analysis.initial_rtt": "0.003462000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:30.913180000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494610.913180000", - "frame.time_delta": "0.002188000", - "frame.time_delta_displayed": "0.002188000", - "frame.time_relative": "1019.452494000", - "frame.number": "3847", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001a40", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005e27", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54616", - "tcp.dstport": "80", - "tcp.port": "54616", - "tcp.port": "80", - "tcp.stream": "153", - "tcp.len": "0", - "tcp.seq": "169", - "tcp.ack": "1014", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00000774", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:05:0a:10:1e:d6:14:10:1e:d9:f7", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "SACK: 18-1013": { - "tcp.option_kind": "5", - "tcp.option_len": "10", - "tcp.options.sack": "1", - "tcp.options.sack_le": "18", - "tcp.options.sack_re": "1013", - "tcp.options.sack.count": "1" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003462000", - "tcp.analysis.flags": { - "tcp.analysis.duplicate_ack": "" - }, - "tcp.analysis.duplicate_ack_num": "1", - "tcp.analysis.duplicate_ack_frame": "3843", - "tcp.analysis.duplicate_ack_frame_tree": { - "_ws.expert": { - "tcp.analysis.duplicate_ack": "", - "_ws.expert.message": "Duplicate ACK (#1)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:30.938839000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494610.938839000", - "frame.time_delta": "0.025659000", - "frame.time_delta_displayed": "0.025659000", - "frame.time_relative": "1019.478153000", - "frame.number": "3848", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000a4ee", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000125a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "308", - "udp.checksum": "0x00002afb", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "51", - "http.prev_response_in": "3835" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:30.945876000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494610.945876000", - "frame.time_delta": "0.007037000", - "frame.time_delta_displayed": "0.007037000", - "frame.time_relative": "1019.485190000", - "frame.number": "3849", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001a41", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005e26", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54617", - "tcp.dstport": "80", - "tcp.port": "54617", - "tcp.port": "80", - "tcp.stream": "154", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x0000b096", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:30.946425000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494610.946425000", - "frame.time_delta": "0.000549000", - "frame.time_delta_displayed": "0.000549000", - "frame.time_relative": "1019.485739000", - "frame.number": "3850", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54617", - "tcp.port": "80", - "tcp.port": "54617", - "tcp.stream": "154", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x000071a8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3849", - "tcp.analysis.ack_rtt": "0.000549000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:30.948884000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494610.948884000", - "frame.time_delta": "0.002459000", - "frame.time_delta_displayed": "0.002459000", - "frame.time_relative": "1019.488198000", - "frame.number": "3851", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001a42", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005e31", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54617", - "tcp.dstport": "80", - "tcp.port": "54617", - "tcp.port": "80", - "tcp.stream": "154", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00002387", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3850", - "tcp.analysis.ack_rtt": "0.002459000", - "tcp.analysis.initial_rtt": "0.003008000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:30.949463000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494610.949463000", - "frame.time_delta": "0.000579000", - "frame.time_delta_displayed": "0.000579000", - "frame.time_relative": "1019.488777000", - "frame.number": "3852", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001a43", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005d89", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54617", - "tcp.dstport": "80", - "tcp.port": "54617", - "tcp.port": "80", - "tcp.stream": "154", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00003900", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003008000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:30.949950000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494610.949950000", - "frame.time_delta": "0.000487000", - "frame.time_delta_displayed": "0.000487000", - "frame.time_relative": "1019.489264000", - "frame.number": "3853", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00006c8c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004be7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54617", - "tcp.port": "80", - "tcp.port": "54617", - "tcp.stream": "154", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00001518", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3852", - "tcp.analysis.ack_rtt": "0.000487000", - "tcp.analysis.initial_rtt": "0.003008000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:30.950690000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494610.950690000", - "frame.time_delta": "0.000740000", - "frame.time_delta_displayed": "0.000740000", - "frame.time_relative": "1019.490004000", - "frame.number": "3854", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00006c8d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004bd5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54617", - "tcp.port": "80", - "tcp.port": "54617", - "tcp.stream": "154", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00005539", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003008000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:30.951050000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494610.951050000", - "frame.time_delta": "0.000360000", - "frame.time_delta_displayed": "0.000360000", - "frame.time_relative": "1019.490364000", - "frame.number": "3855", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00006c8e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004802", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54617", - "tcp.port": "80", - "tcp.port": "54617", - "tcp.stream": "154", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000a7a2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003008000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "3854", - "tcp.segment": "3855", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001587000", - "http.request_in": "3852", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:30.953585000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494610.953585000", - "frame.time_delta": "0.002535000", - "frame.time_delta_displayed": "0.002535000", - "frame.time_relative": "1019.492899000", - "frame.number": "3856", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001a44", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005e2f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54617", - "tcp.dstport": "80", - "tcp.port": "54617", - "tcp.port": "80", - "tcp.stream": "154", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00001eef", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3855", - "tcp.analysis.ack_rtt": "0.002535000", - "tcp.analysis.initial_rtt": "0.003008000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:30.954281000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494610.954281000", - "frame.time_delta": "0.000696000", - "frame.time_delta_displayed": "0.000696000", - "frame.time_relative": "1019.493595000", - "frame.number": "3857", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001a45", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005e2e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54617", - "tcp.dstport": "80", - "tcp.port": "54617", - "tcp.port": "80", - "tcp.stream": "154", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00001eee", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:30.954789000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494610.954789000", - "frame.time_delta": "0.000508000", - "frame.time_delta_displayed": "0.000508000", - "frame.time_relative": "1019.494103000", - "frame.number": "3858", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005c9d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005bd6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54617", - "tcp.port": "80", - "tcp.port": "54617", - "tcp.stream": "154", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00001122", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3857", - "tcp.analysis.ack_rtt": "0.000508000", - "tcp.analysis.initial_rtt": "0.003008000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:31.887383000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494611.887383000", - "frame.time_delta": "0.932594000", - "frame.time_delta_displayed": "0.932594000", - "frame.time_relative": "1020.426697000", - "frame.number": "3859", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000a54d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000011fe", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "305", - "udp.checksum": "0x0000f985", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "52", - "http.prev_response_in": "3848" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:31.890539000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494611.890539000", - "frame.time_delta": "0.003156000", - "frame.time_delta_displayed": "0.003156000", - "frame.time_relative": "1020.429853000", - "frame.number": "3860", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001a46", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005e21", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54618", - "tcp.dstport": "80", - "tcp.port": "54618", - "tcp.port": "80", - "tcp.stream": "155", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x00009d96", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:31.891094000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494611.891094000", - "frame.time_delta": "0.000555000", - "frame.time_delta_displayed": "0.000555000", - "frame.time_relative": "1020.430408000", - "frame.number": "3861", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54618", - "tcp.port": "80", - "tcp.port": "54618", - "tcp.stream": "155", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00008505", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3860", - "tcp.analysis.ack_rtt": "0.000555000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:31.894334000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494611.894334000", - "frame.time_delta": "0.003240000", - "frame.time_delta_displayed": "0.003240000", - "frame.time_relative": "1020.433648000", - "frame.number": "3862", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001a47", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005e2c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54618", - "tcp.dstport": "80", - "tcp.port": "54618", - "tcp.port": "80", - "tcp.stream": "155", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000036e4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3861", - "tcp.analysis.ack_rtt": "0.003240000", - "tcp.analysis.initial_rtt": "0.003795000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:31.895377000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494611.895377000", - "frame.time_delta": "0.001043000", - "frame.time_delta_displayed": "0.001043000", - "frame.time_relative": "1020.434691000", - "frame.number": "3863", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001a48", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005d84", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54618", - "tcp.dstport": "80", - "tcp.port": "54618", - "tcp.port": "80", - "tcp.stream": "155", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00004c5d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003795000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:31.895856000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494611.895856000", - "frame.time_delta": "0.000479000", - "frame.time_delta_displayed": "0.000479000", - "frame.time_relative": "1020.435170000", - "frame.number": "3864", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000cc41", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ec31", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54618", - "tcp.port": "80", - "tcp.port": "54618", - "tcp.stream": "155", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00002875", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3863", - "tcp.analysis.ack_rtt": "0.000479000", - "tcp.analysis.initial_rtt": "0.003795000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:31.896495000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494611.896495000", - "frame.time_delta": "0.000639000", - "frame.time_delta_displayed": "0.000639000", - "frame.time_relative": "1020.435809000", - "frame.number": "3865", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000cc42", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ec1f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54618", - "tcp.port": "80", - "tcp.port": "54618", - "tcp.stream": "155", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00006896", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003795000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:31.896850000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494611.896850000", - "frame.time_delta": "0.000355000", - "frame.time_delta_displayed": "0.000355000", - "frame.time_relative": "1020.436164000", - "frame.number": "3866", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000cc43", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e84c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54618", - "tcp.port": "80", - "tcp.port": "54618", - "tcp.stream": "155", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000baff", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003795000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "3865", - "tcp.segment": "3866", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001473000", - "http.request_in": "3863", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:31.899958000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494611.899958000", - "frame.time_delta": "0.003108000", - "frame.time_delta_displayed": "0.003108000", - "frame.time_relative": "1020.439272000", - "frame.number": "3867", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000cc44", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e84b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54618", - "tcp.port": "80", - "tcp.port": "54618", - "tcp.stream": "155", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000baff", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003795000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.out_of_order": "", - "_ws.expert.message": "This frame is a (suspected) out-of-order segment", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - } - } - }, - "_ws.malformed": { - "_ws.expert": { - "_ws.malformed.reassembly": "", - "_ws.expert.message": "New fragment overlaps old data (retransmission?)", - "_ws.expert.severity": "8388608", - "_ws.expert.group": "117440512" - }, - "_ws.malformed": "Malformed Packet" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:31.900225000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494611.900225000", - "frame.time_delta": "0.000267000", - "frame.time_delta_displayed": "0.000267000", - "frame.time_relative": "1020.439539000", - "frame.number": "3868", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001a49", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005e2a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54618", - "tcp.dstport": "80", - "tcp.port": "54618", - "tcp.port": "80", - "tcp.stream": "155", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000324c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3866", - "tcp.analysis.ack_rtt": "0.003375000", - "tcp.analysis.initial_rtt": "0.003795000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:31.900678000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494611.900678000", - "frame.time_delta": "0.000453000", - "frame.time_delta_displayed": "0.000453000", - "frame.time_relative": "1020.439992000", - "frame.number": "3869", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001a4a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005e29", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54618", - "tcp.dstport": "80", - "tcp.port": "54618", - "tcp.port": "80", - "tcp.stream": "155", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000324b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:31.901102000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494611.901102000", - "frame.time_delta": "0.000424000", - "frame.time_delta_displayed": "0.000424000", - "frame.time_relative": "1020.440416000", - "frame.number": "3870", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005ce0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005b93", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54618", - "tcp.port": "80", - "tcp.port": "54618", - "tcp.stream": "155", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000247f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3869", - "tcp.analysis.ack_rtt": "0.000424000", - "tcp.analysis.initial_rtt": "0.003795000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:31.902433000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494611.902433000", - "frame.time_delta": "0.001331000", - "frame.time_delta_displayed": "0.001331000", - "frame.time_relative": "1020.441747000", - "frame.number": "3871", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001a4b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005e1c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54618", - "tcp.dstport": "80", - "tcp.port": "54618", - "tcp.port": "80", - "tcp.stream": "155", - "tcp.len": "0", - "tcp.seq": "169", - "tcp.ack": "1014", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000b561", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:05:0a:d4:5b:cd:1b:d4:5b:d0:fe", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "SACK: 18-1013": { - "tcp.option_kind": "5", - "tcp.option_len": "10", - "tcp.options.sack": "1", - "tcp.options.sack_le": "18", - "tcp.options.sack_re": "1013", - "tcp.options.sack.count": "1" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003795000", - "tcp.analysis.flags": { - "tcp.analysis.duplicate_ack": "" - }, - "tcp.analysis.duplicate_ack_num": "1", - "tcp.analysis.duplicate_ack_frame": "3868", - "tcp.analysis.duplicate_ack_frame_tree": { - "_ws.expert": { - "tcp.analysis.duplicate_ack": "", - "_ws.expert.message": "Duplicate ACK (#1)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:31.940332000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494611.940332000", - "frame.time_delta": "0.037899000", - "frame.time_delta_displayed": "0.037899000", - "frame.time_relative": "1020.479646000", - "frame.number": "3872", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000a54e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000011f4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "314", - "udp.checksum": "0x00000771", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "53", - "http.prev_response_in": "3859" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:31.951171000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494611.951171000", - "frame.time_delta": "0.010839000", - "frame.time_delta_displayed": "0.010839000", - "frame.time_relative": "1020.490485000", - "frame.number": "3873", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001a4c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005e1b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54619", - "tcp.dstport": "80", - "tcp.port": "54619", - "tcp.port": "80", - "tcp.stream": "156", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x00007d94", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:31.951717000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494611.951717000", - "frame.time_delta": "0.000546000", - "frame.time_delta_displayed": "0.000546000", - "frame.time_relative": "1020.491031000", - "frame.number": "3874", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54619", - "tcp.port": "80", - "tcp.port": "54619", - "tcp.stream": "156", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000c4cd", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3873", - "tcp.analysis.ack_rtt": "0.000546000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:31.954348000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494611.954348000", - "frame.time_delta": "0.002631000", - "frame.time_delta_displayed": "0.002631000", - "frame.time_relative": "1020.493662000", - "frame.number": "3875", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001a4d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005e26", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54619", - "tcp.dstport": "80", - "tcp.port": "54619", - "tcp.port": "80", - "tcp.stream": "156", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000076ac", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3874", - "tcp.analysis.ack_rtt": "0.002631000", - "tcp.analysis.initial_rtt": "0.003177000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:31.954967000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494611.954967000", - "frame.time_delta": "0.000619000", - "frame.time_delta_displayed": "0.000619000", - "frame.time_relative": "1020.494281000", - "frame.number": "3876", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001a4e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005d7e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54619", - "tcp.dstport": "80", - "tcp.port": "54619", - "tcp.port": "80", - "tcp.stream": "156", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00008c25", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003177000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:31.955447000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494611.955447000", - "frame.time_delta": "0.000480000", - "frame.time_delta_displayed": "0.000480000", - "frame.time_relative": "1020.494761000", - "frame.number": "3877", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000fa7c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000bdf6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54619", - "tcp.port": "80", - "tcp.port": "54619", - "tcp.stream": "156", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000683d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3876", - "tcp.analysis.ack_rtt": "0.000480000", - "tcp.analysis.initial_rtt": "0.003177000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:31.956042000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494611.956042000", - "frame.time_delta": "0.000595000", - "frame.time_delta_displayed": "0.000595000", - "frame.time_relative": "1020.495356000", - "frame.number": "3878", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000fa7d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000bde4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54619", - "tcp.port": "80", - "tcp.port": "54619", - "tcp.stream": "156", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000a85e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003177000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:31.956391000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494611.956391000", - "frame.time_delta": "0.000349000", - "frame.time_delta_displayed": "0.000349000", - "frame.time_relative": "1020.495705000", - "frame.number": "3879", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000fa7e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ba11", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54619", - "tcp.port": "80", - "tcp.port": "54619", - "tcp.stream": "156", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000fac7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003177000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "3878", - "tcp.segment": "3879", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001424000", - "http.request_in": "3876", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:31.958439000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494611.958439000", - "frame.time_delta": "0.002048000", - "frame.time_delta_displayed": "0.002048000", - "frame.time_relative": "1020.497753000", - "frame.number": "3880", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001a4f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005e24", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54619", - "tcp.dstport": "80", - "tcp.port": "54619", - "tcp.port": "80", - "tcp.stream": "156", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00007214", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3879", - "tcp.analysis.ack_rtt": "0.002048000", - "tcp.analysis.initial_rtt": "0.003177000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:31.959009000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494611.959009000", - "frame.time_delta": "0.000570000", - "frame.time_delta_displayed": "0.000570000", - "frame.time_relative": "1020.498323000", - "frame.number": "3881", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001a50", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005e23", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54619", - "tcp.dstport": "80", - "tcp.port": "54619", - "tcp.port": "80", - "tcp.stream": "156", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00007213", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:31.959465000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494611.959465000", - "frame.time_delta": "0.000456000", - "frame.time_delta_displayed": "0.000456000", - "frame.time_relative": "1020.498779000", - "frame.number": "3882", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005ce3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005b90", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54619", - "tcp.port": "80", - "tcp.port": "54619", - "tcp.stream": "156", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00006447", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3881", - "tcp.analysis.ack_rtt": "0.000456000", - "tcp.analysis.initial_rtt": "0.003177000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:31.993157000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494611.993157000", - "frame.time_delta": "0.033692000", - "frame.time_delta_displayed": "0.033692000", - "frame.time_relative": "1020.532471000", - "frame.number": "3883", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000a551", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000011f7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "308", - "udp.checksum": "0x00002afb", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "54", - "http.prev_response_in": "3872" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:31.997514000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494611.997514000", - "frame.time_delta": "0.004357000", - "frame.time_delta_displayed": "0.004357000", - "frame.time_relative": "1020.536828000", - "frame.number": "3884", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001a51", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005e16", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54620", - "tcp.dstport": "80", - "tcp.port": "54620", - "tcp.port": "80", - "tcp.stream": "157", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x000090da", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:31.998073000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494611.998073000", - "frame.time_delta": "0.000559000", - "frame.time_delta_displayed": "0.000559000", - "frame.time_relative": "1020.537387000", - "frame.number": "3885", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54620", - "tcp.port": "80", - "tcp.port": "54620", - "tcp.stream": "157", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00003854", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3884", - "tcp.analysis.ack_rtt": "0.000559000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:32.001642000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494612.001642000", - "frame.time_delta": "0.003569000", - "frame.time_delta_displayed": "0.003569000", - "frame.time_relative": "1020.540956000", - "frame.number": "3886", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001a52", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005e21", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54620", - "tcp.dstport": "80", - "tcp.port": "54620", - "tcp.port": "80", - "tcp.stream": "157", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000ea32", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3885", - "tcp.analysis.ack_rtt": "0.003569000", - "tcp.analysis.initial_rtt": "0.004128000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:32.002225000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494612.002225000", - "frame.time_delta": "0.000583000", - "frame.time_delta_displayed": "0.000583000", - "frame.time_relative": "1020.541539000", - "frame.number": "3887", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001a53", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005d79", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54620", - "tcp.dstport": "80", - "tcp.port": "54620", - "tcp.port": "80", - "tcp.stream": "157", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000ffab", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004128000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:32.002702000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494612.002702000", - "frame.time_delta": "0.000477000", - "frame.time_delta_displayed": "0.000477000", - "frame.time_relative": "1020.542016000", - "frame.number": "3888", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000fdef", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ba83", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54620", - "tcp.port": "80", - "tcp.port": "54620", - "tcp.stream": "157", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000dbc3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3887", - "tcp.analysis.ack_rtt": "0.000477000", - "tcp.analysis.initial_rtt": "0.004128000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:32.003277000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494612.003277000", - "frame.time_delta": "0.000575000", - "frame.time_delta_displayed": "0.000575000", - "frame.time_relative": "1020.542591000", - "frame.number": "3889", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000fdf0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ba71", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54620", - "tcp.port": "80", - "tcp.port": "54620", - "tcp.stream": "157", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00001be5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004128000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:32.003648000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494612.003648000", - "frame.time_delta": "0.000371000", - "frame.time_delta_displayed": "0.000371000", - "frame.time_relative": "1020.542962000", - "frame.number": "3890", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000fdf1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b69e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54620", - "tcp.port": "80", - "tcp.port": "54620", - "tcp.stream": "157", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00006e4e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004128000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "3889", - "tcp.segment": "3890", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001423000", - "http.request_in": "3887", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:32.006322000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494612.006322000", - "frame.time_delta": "0.002674000", - "frame.time_delta_displayed": "0.002674000", - "frame.time_relative": "1020.545636000", - "frame.number": "3891", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001a54", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005e1f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54620", - "tcp.dstport": "80", - "tcp.port": "54620", - "tcp.port": "80", - "tcp.stream": "157", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000e59a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3890", - "tcp.analysis.ack_rtt": "0.002674000", - "tcp.analysis.initial_rtt": "0.004128000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:32.006946000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494612.006946000", - "frame.time_delta": "0.000624000", - "frame.time_delta_displayed": "0.000624000", - "frame.time_relative": "1020.546260000", - "frame.number": "3892", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001a55", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005e1e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54620", - "tcp.dstport": "80", - "tcp.port": "54620", - "tcp.port": "80", - "tcp.stream": "157", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000e599", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:32.007376000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494612.007376000", - "frame.time_delta": "0.000430000", - "frame.time_delta_displayed": "0.000430000", - "frame.time_relative": "1020.546690000", - "frame.number": "3893", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005ce8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005b8b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54620", - "tcp.port": "80", - "tcp.port": "54620", - "tcp.stream": "157", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000d7cd", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3892", - "tcp.analysis.ack_rtt": "0.000430000", - "tcp.analysis.initial_rtt": "0.004128000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:34.539869000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494614.539869000", - "frame.time_delta": "2.532493000", - "frame.time_delta_displayed": "2.532493000", - "frame.time_relative": "1023.079183000", - "frame.number": "3894", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000057f8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a699", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "321", - "tcp.ack": "289", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000045f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive": "", - "_ws.expert.message": "TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:34.683169000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494614.683169000", - "frame.time_delta": "0.143300000", - "frame.time_delta_displayed": "0.143300000", - "frame.time_relative": "1023.222483000", - "frame.number": "3895", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000fe5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fdac", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "289", - "tcp.ack": "322", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00000ed4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive_ack": "", - "_ws.expert.message": "ACK to a TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:36.522648000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494616.522648000", - "frame.time_delta": "1.839479000", - "frame.time_delta_displayed": "1.839479000", - "frame.time_relative": "1025.061962000", - "frame.number": "3896", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005cc6", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x00005b23", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:36.682097000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494616.682097000", - "frame.time_delta": "0.159449000", - "frame.time_delta_displayed": "0.159449000", - "frame.time_relative": "1025.221411000", - "frame.number": "3897", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x000020f7", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e71d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "50789", - "udp.dstport": "1900", - "udp.port": "50789", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x000083f8", - "udp.checksum.status": "2", - "udp.stream": "96" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:37.263541000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494617.263541000", - "frame.time_delta": "0.581444000", - "frame.time_delta_displayed": "0.581444000", - "frame.time_relative": "1025.802855000", - "frame.number": "3898", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000a659", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000010f2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50789", - "udp.port": "1900", - "udp.port": "50789", - "udp.length": "305", - "udp.checksum": "0x0000feb5", - "udp.checksum.status": "2", - "udp.stream": "97" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:37.316555000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494617.316555000", - "frame.time_delta": "0.053014000", - "frame.time_delta_displayed": "0.053014000", - "frame.time_relative": "1025.855869000", - "frame.number": "3899", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000a65d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000010e5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50789", - "udp.port": "1900", - "udp.port": "50789", - "udp.length": "314", - "udp.checksum": "0x00000ca1", - "udp.checksum.status": "2", - "udp.stream": "97" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "2", - "http.prev_response_in": "3898" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:37.369366000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494617.369366000", - "frame.time_delta": "0.052811000", - "frame.time_delta_displayed": "0.052811000", - "frame.time_relative": "1025.908680000", - "frame.number": "3900", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000a662", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000010e6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50789", - "udp.port": "1900", - "udp.port": "50789", - "udp.length": "308", - "udp.checksum": "0x0000302b", - "udp.checksum.status": "2", - "udp.stream": "97" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "3", - "http.prev_response_in": "3899" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:37.682749000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494617.682749000", - "frame.time_delta": "0.313383000", - "frame.time_delta_displayed": "0.313383000", - "frame.time_relative": "1026.222063000", - "frame.number": "3901", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x000020f8", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e71c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "50789", - "udp.dstport": "1900", - "udp.port": "50789", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x000083f8", - "udp.checksum.status": "2", - "udp.stream": "96" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "2", - "http.prev_request_in": "3897" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:38.320782000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494618.320782000", - "frame.time_delta": "0.638033000", - "frame.time_delta_displayed": "0.638033000", - "frame.time_relative": "1026.860096000", - "frame.number": "3902", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000a6a3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000010a8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50789", - "udp.port": "1900", - "udp.port": "50789", - "udp.length": "305", - "udp.checksum": "0x0000feb5", - "udp.checksum.status": "2", - "udp.stream": "97" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "4", - "http.prev_response_in": "3900" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:38.373672000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494618.373672000", - "frame.time_delta": "0.052890000", - "frame.time_delta_displayed": "0.052890000", - "frame.time_relative": "1026.912986000", - "frame.number": "3903", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000a6a4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000109e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50789", - "udp.port": "1900", - "udp.port": "50789", - "udp.length": "314", - "udp.checksum": "0x00000ca1", - "udp.checksum.status": "2", - "udp.stream": "97" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "5", - "http.prev_response_in": "3902" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:38.426428000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494618.426428000", - "frame.time_delta": "0.052756000", - "frame.time_delta_displayed": "0.052756000", - "frame.time_relative": "1026.965742000", - "frame.number": "3904", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000a6a9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000109f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50789", - "udp.port": "1900", - "udp.port": "50789", - "udp.length": "308", - "udp.checksum": "0x0000302b", - "udp.checksum.status": "2", - "udp.stream": "97" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "6", - "http.prev_response_in": "3903" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:38.683490000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494618.683490000", - "frame.time_delta": "0.257062000", - "frame.time_delta_displayed": "0.257062000", - "frame.time_relative": "1027.222804000", - "frame.number": "3905", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x000020f9", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e71b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "50789", - "udp.dstport": "1900", - "udp.port": "50789", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x000083f8", - "udp.checksum.status": "2", - "udp.stream": "96" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "3", - "http.prev_request_in": "3901" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:38.799286000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494618.799286000", - "frame.time_delta": "0.115796000", - "frame.time_delta_displayed": "0.115796000", - "frame.time_relative": "1027.338600000", - "frame.number": "3906", - "frame.len": "136", - "frame.cap_len": "136", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "122", - "ip.id": "0x0000eb4b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ee0d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "102", - "udp.checksum": "0x0000302a", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000003", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", - "dns.qry.name.len": "70", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:38.847957000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494618.847957000", - "frame.time_delta": "0.048671000", - "frame.time_delta_displayed": "0.048671000", - "frame.time_relative": "1027.387271000", - "frame.number": "3907", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000a6b4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00001097", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50789", - "udp.port": "1900", - "udp.port": "50789", - "udp.length": "305", - "udp.checksum": "0x0000feb5", - "udp.checksum.status": "2", - "udp.stream": "97" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "7", - "http.prev_response_in": "3904" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:38.900746000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494618.900746000", - "frame.time_delta": "0.052789000", - "frame.time_delta_displayed": "0.052789000", - "frame.time_relative": "1027.440060000", - "frame.number": "3908", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000a6b9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00001089", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50789", - "udp.port": "1900", - "udp.port": "50789", - "udp.length": "314", - "udp.checksum": "0x00000ca1", - "udp.checksum.status": "2", - "udp.stream": "97" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "8", - "http.prev_response_in": "3907" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:38.953585000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494618.953585000", - "frame.time_delta": "0.052839000", - "frame.time_delta_displayed": "0.052839000", - "frame.time_relative": "1027.492899000", - "frame.number": "3909", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000a6be", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000108a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50789", - "udp.port": "1900", - "udp.port": "50789", - "udp.length": "308", - "udp.checksum": "0x0000302b", - "udp.checksum.status": "2", - "udp.stream": "97" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "9", - "http.prev_response_in": "3908" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:39.549773000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494619.549773000", - "frame.time_delta": "0.596188000", - "frame.time_delta_displayed": "0.596188000", - "frame.time_relative": "1028.089087000", - "frame.number": "3910", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "00:17:88:69:ee:e4", - "arp.src.proto_ipv4": "192.168.0.160", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:39.549967000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494619.549967000", - "frame.time_delta": "0.000194000", - "frame.time_delta_displayed": "0.000194000", - "frame.time_relative": "1028.089281000", - "frame.number": "3911", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:17:88:69:ee:e4", - "arp.dst.proto_ipv4": "192.168.0.160" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:39.684333000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494619.684333000", - "frame.time_delta": "0.134366000", - "frame.time_delta_displayed": "0.134366000", - "frame.time_relative": "1028.223647000", - "frame.number": "3912", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x000020fa", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e71a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "50789", - "udp.dstport": "1900", - "udp.port": "50789", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x000083f8", - "udp.checksum.status": "2", - "udp.stream": "96" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "4", - "http.prev_request_in": "3905" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:39.900513000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494619.900513000", - "frame.time_delta": "0.216180000", - "frame.time_delta_displayed": "0.216180000", - "frame.time_relative": "1028.439827000", - "frame.number": "3913", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000a71b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00001030", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50789", - "udp.port": "1900", - "udp.port": "50789", - "udp.length": "305", - "udp.checksum": "0x0000feb5", - "udp.checksum.status": "2", - "udp.stream": "97" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "10", - "http.prev_response_in": "3909" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:39.953342000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494619.953342000", - "frame.time_delta": "0.052829000", - "frame.time_delta_displayed": "0.052829000", - "frame.time_relative": "1028.492656000", - "frame.number": "3914", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000a71d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00001025", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50789", - "udp.port": "1900", - "udp.port": "50789", - "udp.length": "314", - "udp.checksum": "0x00000ca1", - "udp.checksum.status": "2", - "udp.stream": "97" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "11", - "http.prev_response_in": "3913" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:40.018431000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494620.018431000", - "frame.time_delta": "0.065089000", - "frame.time_delta_displayed": "0.065089000", - "frame.time_relative": "1028.557745000", - "frame.number": "3915", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000a721", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00001027", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50789", - "udp.port": "1900", - "udp.port": "50789", - "udp.length": "308", - "udp.checksum": "0x0000302b", - "udp.checksum.status": "2", - "udp.stream": "97" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "12", - "http.prev_response_in": "3914" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:41.057443000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494621.057443000", - "frame.time_delta": "1.039012000", - "frame.time_delta_displayed": "1.039012000", - "frame.time_relative": "1029.596757000", - "frame.number": "3916", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000a74a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00001001", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50789", - "udp.port": "1900", - "udp.port": "50789", - "udp.length": "305", - "udp.checksum": "0x0000feb5", - "udp.checksum.status": "2", - "udp.stream": "97" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "13", - "http.prev_response_in": "3915" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:41.110682000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494621.110682000", - "frame.time_delta": "0.053239000", - "frame.time_delta_displayed": "0.053239000", - "frame.time_relative": "1029.649996000", - "frame.number": "3917", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000a74f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00000ff3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50789", - "udp.port": "1900", - "udp.port": "50789", - "udp.length": "314", - "udp.checksum": "0x00000ca1", - "udp.checksum.status": "2", - "udp.stream": "97" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "14", - "http.prev_response_in": "3916" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:41.163331000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494621.163331000", - "frame.time_delta": "0.052649000", - "frame.time_delta_displayed": "0.052649000", - "frame.time_relative": "1029.702645000", - "frame.number": "3918", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000a753", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00000ff5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50789", - "udp.port": "1900", - "udp.port": "50789", - "udp.length": "308", - "udp.checksum": "0x0000302b", - "udp.checksum.status": "2", - "udp.stream": "97" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "15", - "http.prev_response_in": "3917" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:42.114876000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494622.114876000", - "frame.time_delta": "0.951545000", - "frame.time_delta_displayed": "0.951545000", - "frame.time_relative": "1030.654190000", - "frame.number": "3919", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000a7a5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00000fa6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50789", - "udp.port": "1900", - "udp.port": "50789", - "udp.length": "305", - "udp.checksum": "0x0000feb5", - "udp.checksum.status": "2", - "udp.stream": "97" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "16", - "http.prev_response_in": "3918" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:42.167643000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494622.167643000", - "frame.time_delta": "0.052767000", - "frame.time_delta_displayed": "0.052767000", - "frame.time_relative": "1030.706957000", - "frame.number": "3920", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000a7aa", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00000f98", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50789", - "udp.port": "1900", - "udp.port": "50789", - "udp.length": "314", - "udp.checksum": "0x00000ca1", - "udp.checksum.status": "2", - "udp.stream": "97" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "17", - "http.prev_response_in": "3919" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:42.220428000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494622.220428000", - "frame.time_delta": "0.052785000", - "frame.time_delta_displayed": "0.052785000", - "frame.time_relative": "1030.759742000", - "frame.number": "3921", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000a7af", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00000f99", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50789", - "udp.port": "1900", - "udp.port": "50789", - "udp.length": "308", - "udp.checksum": "0x0000302b", - "udp.checksum.status": "2", - "udp.stream": "97" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "18", - "http.prev_response_in": "3920" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:42.483705000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494622.483705000", - "frame.time_delta": "0.263277000", - "frame.time_delta_displayed": "0.263277000", - "frame.time_relative": "1031.023019000", - "frame.number": "3922", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000a7c5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00000f86", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50789", - "udp.port": "1900", - "udp.port": "50789", - "udp.length": "305", - "udp.checksum": "0x0000feb5", - "udp.checksum.status": "2", - "udp.stream": "97" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "19", - "http.prev_response_in": "3921" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:42.536784000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494622.536784000", - "frame.time_delta": "0.053079000", - "frame.time_delta_displayed": "0.053079000", - "frame.time_relative": "1031.076098000", - "frame.number": "3923", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000a7ca", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00000f78", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50789", - "udp.port": "1900", - "udp.port": "50789", - "udp.length": "314", - "udp.checksum": "0x00000ca1", - "udp.checksum.status": "2", - "udp.stream": "97" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "20", - "http.prev_response_in": "3922" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:42.589465000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494622.589465000", - "frame.time_delta": "0.052681000", - "frame.time_delta_displayed": "0.052681000", - "frame.time_relative": "1031.128779000", - "frame.number": "3924", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000a7cd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00000f7b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50789", - "udp.port": "1900", - "udp.port": "50789", - "udp.length": "308", - "udp.checksum": "0x0000302b", - "udp.checksum.status": "2", - "udp.stream": "97" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "21", - "http.prev_response_in": "3923" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:43.536341000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494623.536341000", - "frame.time_delta": "0.946876000", - "frame.time_delta_displayed": "0.946876000", - "frame.time_relative": "1032.075655000", - "frame.number": "3925", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000a7ff", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00000f4c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50789", - "udp.port": "1900", - "udp.port": "50789", - "udp.length": "305", - "udp.checksum": "0x0000feb5", - "udp.checksum.status": "2", - "udp.stream": "97" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "22", - "http.prev_response_in": "3924" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:43.589123000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494623.589123000", - "frame.time_delta": "0.052782000", - "frame.time_delta_displayed": "0.052782000", - "frame.time_relative": "1032.128437000", - "frame.number": "3926", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000a804", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00000f3e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50789", - "udp.port": "1900", - "udp.port": "50789", - "udp.length": "314", - "udp.checksum": "0x00000ca1", - "udp.checksum.status": "2", - "udp.stream": "97" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "23", - "http.prev_response_in": "3925" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:43.642339000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494623.642339000", - "frame.time_delta": "0.053216000", - "frame.time_delta_displayed": "0.053216000", - "frame.time_relative": "1032.181653000", - "frame.number": "3927", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000a809", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00000f3f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50789", - "udp.port": "1900", - "udp.port": "50789", - "udp.length": "308", - "udp.checksum": "0x0000302b", - "udp.checksum.status": "2", - "udp.stream": "97" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "24", - "http.prev_response_in": "3926" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:45.604026000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494625.604026000", - "frame.time_delta": "1.961687000", - "frame.time_delta_displayed": "1.961687000", - "frame.time_relative": "1034.143340000", - "frame.number": "3928", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001dd5", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000ba1b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00000a8f", - "udp.checksum.status": "2", - "udp.stream": "16" - }, - "mdns": { - "dns.id": "0x00000273", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=627", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:45.604595000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494625.604595000", - "frame.time_delta": "0.000569000", - "frame.time_delta_displayed": "0.000569000", - "frame.time_relative": "1034.143909000", - "frame.number": "3929", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001dd6", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009b16", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000eb8a", - "udp.checksum.status": "2", - "udp.stream": "17" - }, - "mdns": { - "dns.id": "0x00000273", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=627", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:45.605155000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494625.605155000", - "frame.time_delta": "0.000560000", - "frame.time_delta_displayed": "0.000560000", - "frame.time_relative": "1034.144469000", - "frame.number": "3930", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1319", - "udp.dstport": "5353", - "udp.port": "1319", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00007950", - "udp.checksum.status": "2", - "udp.stream": "18" - }, - "mdns": { - "dns.id": "0x00000273", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=627", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:50.604861000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494630.604861000", - "frame.time_delta": "4.999706000", - "frame.time_delta_displayed": "4.999706000", - "frame.time_relative": "1039.144175000", - "frame.number": "3931", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001dd7", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000ba19", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00000a8f", - "udp.checksum.status": "2", - "udp.stream": "16" - }, - "mdns": { - "dns.id": "0x00000273", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=627", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:50.605355000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494630.605355000", - "frame.time_delta": "0.000494000", - "frame.time_delta_displayed": "0.000494000", - "frame.time_relative": "1039.144669000", - "frame.number": "3932", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001dd8", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009b14", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000eb8a", - "udp.checksum.status": "2", - "udp.stream": "17" - }, - "mdns": { - "dns.id": "0x00000273", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=627", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:50.605828000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494630.605828000", - "frame.time_delta": "0.000473000", - "frame.time_delta_displayed": "0.000473000", - "frame.time_relative": "1039.145142000", - "frame.number": "3933", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1319", - "udp.dstport": "5353", - "udp.port": "1319", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00007950", - "udp.checksum.status": "2", - "udp.stream": "18" - }, - "mdns": { - "dns.id": "0x00000273", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=627", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:55.357828000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494635.357828000", - "frame.time_delta": "4.752000000", - "frame.time_delta_displayed": "4.752000000", - "frame.time_relative": "1043.897142000", - "frame.number": "3934", - "frame.len": "98", - "frame.cap_len": "98", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "84", - "ip.id": "0x00000ad7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000edd9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "64", - "udp.checksum": "0x00008c9e", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "38:00:00:54:42:52:4b:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:00:c4:56:7c:5b:5f:cd:f2:14:13:00:00:00:00:70:a6:c7:74:f0:da:13:00:00:00:00:00:00:00:00:01:00:02:00", - "data.len": "56" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:55.605527000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494635.605527000", - "frame.time_delta": "0.247699000", - "frame.time_delta_displayed": "0.247699000", - "frame.time_relative": "1044.144841000", - "frame.number": "3935", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001dd9", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000ba17", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00000a8f", - "udp.checksum.status": "2", - "udp.stream": "16" - }, - "mdns": { - "dns.id": "0x00000273", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=627", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:55.606029000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494635.606029000", - "frame.time_delta": "0.000502000", - "frame.time_delta_displayed": "0.000502000", - "frame.time_relative": "1044.145343000", - "frame.number": "3936", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001dda", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009b12", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000eb8a", - "udp.checksum.status": "2", - "udp.stream": "17" - }, - "mdns": { - "dns.id": "0x00000273", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=627", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:55.606481000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494635.606481000", - "frame.time_delta": "0.000452000", - "frame.time_delta_displayed": "0.000452000", - "frame.time_relative": "1044.145795000", - "frame.number": "3937", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1319", - "udp.dstport": "5353", - "udp.port": "1319", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00007950", - "udp.checksum.status": "2", - "udp.stream": "18" - }, - "mdns": { - "dns.id": "0x00000273", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=627", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:55.705664000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494635.705664000", - "frame.time_delta": "0.099183000", - "frame.time_delta_displayed": "0.099183000", - "frame.time_relative": "1044.244978000", - "frame.number": "3938", - "frame.len": "20", - "frame.cap_len": "20", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:llc" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.len": "6" - }, - "llc": { - "llc.dsap": "0x00000000", - "llc.dsap_tree": { - "llc.dsap.sap": "0", - "llc.dsap.ig": "0" - }, - "llc.ssap": "0x00000001", - "llc.ssap_tree": { - "llc.ssap.sap": "0", - "llc.ssap.cr": "1" - }, - "llc.control": "0x000000af", - "llc.control_tree": { - "llc.control.u_modifier_resp": "0x0000002b", - "llc.control.ftype": "0x00000003" - } - }, - "basicxid": { - "basicxid.llc.xid.format": "0x00000081", - "basicxid.llc.xid.types": "0x00000001", - "basicxid.llc.xid.wsize": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:55.957427000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494635.957427000", - "frame.time_delta": "0.251763000", - "frame.time_delta_displayed": "0.251763000", - "frame.time_relative": "1044.496741000", - "frame.number": "3939", - "frame.len": "350", - "frame.cap_len": "350", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:bootp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "336", - "ip.id": "0x00000000", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ba9d", - "ip.checksum.status": "2", - "ip.src": "0.0.0.0", - "ip.addr": "0.0.0.0", - "ip.src_host": "0.0.0.0", - "ip.host": "0.0.0.0", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "68", - "udp.dstport": "67", - "udp.port": "68", - "udp.port": "67", - "udp.length": "316", - "udp.checksum": "0x00004f9e", - "udp.checksum.status": "2", - "udp.stream": "3" - }, - "bootp": { - "bootp.type": "1", - "bootp.hw.type": "0x00000001", - "bootp.hw.len": "6", - "bootp.hops": "0", - "bootp.id": "0xabcd0001", - "bootp.secs": "0", - "bootp.flags": "0x00000000", - "bootp.flags_tree": { - "bootp.flags.bc": "0", - "bootp.flags.reserved": "0x00000000" - }, - "bootp.ip.client": "0.0.0.0", - "bootp.ip.your": "0.0.0.0", - "bootp.ip.server": "0.0.0.0", - "bootp.ip.relay": "0.0.0.0", - "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", - "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", - "bootp.server": "", - "bootp.file": "", - "bootp.dhcp": "1", - "bootp.cookie": "99.130.83.99", - "bootp.option.type": "53", - "bootp.option.type_tree": { - "bootp.option.length": "1", - "bootp.option.value": "01", - "bootp.option.dhcp": "1" - }, - "bootp.option.type": "12", - "bootp.option.type_tree": { - "bootp.option.length": "14", - "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", - "bootp.option.hostname": "USR-WIFI232-G2" - }, - "bootp.option.type": "57", - "bootp.option.type_tree": { - "bootp.option.length": "2", - "bootp.option.value": "05:dc", - "bootp.option.dhcp_max_message_size": "1500" - }, - "bootp.option.type": "55", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "01:03:1c:06", - "bootp.option.request_list_item": "1", - "bootp.option.request_list_item": "3", - "bootp.option.request_list_item": "28", - "bootp.option.request_list_item": "6" - }, - "bootp.option.type": "0", - "bootp.option.type_tree": { - "bootp.option.end": "255" - }, - "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:55.974396000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494635.974396000", - "frame.time_delta": "0.016969000", - "frame.time_delta_displayed": "0.016969000", - "frame.time_relative": "1044.513710000", - "frame.number": "3940", - "frame.len": "350", - "frame.cap_len": "350", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:bootp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "336", - "ip.id": "0x00000001", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ba9c", - "ip.checksum.status": "2", - "ip.src": "0.0.0.0", - "ip.addr": "0.0.0.0", - "ip.src_host": "0.0.0.0", - "ip.host": "0.0.0.0", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "68", - "udp.dstport": "67", - "udp.port": "68", - "udp.port": "67", - "udp.length": "316", - "udp.checksum": "0x000080b3", - "udp.checksum.status": "2", - "udp.stream": "3" - }, - "bootp": { - "bootp.type": "1", - "bootp.hw.type": "0x00000001", - "bootp.hw.len": "6", - "bootp.hops": "0", - "bootp.id": "0xabcd0002", - "bootp.secs": "0", - "bootp.flags": "0x00000000", - "bootp.flags_tree": { - "bootp.flags.bc": "0", - "bootp.flags.reserved": "0x00000000" - }, - "bootp.ip.client": "0.0.0.0", - "bootp.ip.your": "0.0.0.0", - "bootp.ip.server": "0.0.0.0", - "bootp.ip.relay": "0.0.0.0", - "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", - "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", - "bootp.server": "", - "bootp.file": "", - "bootp.dhcp": "1", - "bootp.cookie": "99.130.83.99", - "bootp.option.type": "53", - "bootp.option.type_tree": { - "bootp.option.length": "1", - "bootp.option.value": "03", - "bootp.option.dhcp": "3" - }, - "bootp.option.type": "12", - "bootp.option.type_tree": { - "bootp.option.length": "14", - "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", - "bootp.option.hostname": "USR-WIFI232-G2" - }, - "bootp.option.type": "57", - "bootp.option.type_tree": { - "bootp.option.length": "2", - "bootp.option.value": "05:dc", - "bootp.option.dhcp_max_message_size": "1500" - }, - "bootp.option.type": "50", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "c0:a8:00:72", - "bootp.option.requested_ip_address": "192.168.0.114" - }, - "bootp.option.type": "54", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "c0:a8:00:01", - "bootp.option.dhcp_server_id": "192.168.0.1" - }, - "bootp.option.type": "55", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "01:03:1c:06", - "bootp.option.request_list_item": "1", - "bootp.option.request_list_item": "3", - "bootp.option.request_list_item": "28", - "bootp.option.request_list_item": "6" - }, - "bootp.option.type": "0", - "bootp.option.type_tree": { - "bootp.option.end": "255" - }, - "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:56.005845000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494636.005845000", - "frame.time_delta": "0.031449000", - "frame.time_delta_displayed": "0.031449000", - "frame.time_relative": "1044.545159000", - "frame.number": "3941", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", - "arp.src.proto_ipv4": "0.0.0.0", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.114" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:56.095366000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494636.095366000", - "frame.time_delta": "0.089521000", - "frame.time_delta_displayed": "0.089521000", - "frame.time_relative": "1044.634680000", - "frame.number": "3942", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", - "arp.src.proto_ipv4": "0.0.0.0", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.114" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:56.886210000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494636.886210000", - "frame.time_delta": "0.790844000", - "frame.time_delta_displayed": "0.790844000", - "frame.time_relative": "1045.425524000", - "frame.number": "3943", - "frame.len": "115", - "frame.cap_len": "115", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "101", - "ip.id": "0x00009607", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007747", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "49", - "tcp.seq": "56269", - "tcp.nxtseq": "56318", - "tcp.ack": "12273", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000c98d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:49:4e:a7:9e:d9:f8", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2509134, TSecr 2812205560": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2509134", - "tcp.options.timestamp.tsecr": "2812205560" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "49", - "tcp.analysis.push_bytes_sent": "49" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "44", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:c4:4c:05:bb:78:45:c8:de:1c:c8:21:bd:32:ba:5b:d6:02:fc:aa:78:9d:60:fe:67:68:cb:24:90:25:1d:b9:47:70:81:0d:f0:a1" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:56.946937000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494636.946937000", - "frame.time_delta": "0.060727000", - "frame.time_delta_displayed": "0.060727000", - "frame.time_relative": "1045.486251000", - "frame.number": "3944", - "frame.len": "121", - "frame.cap_len": "121", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "107", - "ip.id": "0x00002d0f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003839", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "55", - "tcp.seq": "12273", - "tcp.nxtseq": "12328", - "tcp.ack": "56318", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f41b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9e:f8:51:00:26:49:4e", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812213329, TSecr 2509134": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812213329", - "tcp.options.timestamp.tsecr": "2509134" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3943", - "tcp.analysis.ack_rtt": "0.060727000", - "tcp.analysis.bytes_in_flight": "55", - "tcp.analysis.push_bytes_sent": "55" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "50", - "ssl.app_data": "34:cd:34:17:47:48:0e:82:2f:70:3d:ea:ac:47:b7:ce:ce:5b:43:a7:a5:80:5b:c3:7f:0f:9e:fa:d7:92:d5:b9:65:ea:d4:28:c8:cc:c1:07:77:ed:0d:cb:26:79:c4:0d:fc:35" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:56.947425000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494636.947425000", - "frame.time_delta": "0.000488000", - "frame.time_delta_displayed": "0.000488000", - "frame.time_relative": "1045.486739000", - "frame.number": "3945", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00009608", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007777", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "56318", - "tcp.ack": "12328", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000059d1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:49:54:a7:9e:f8:51", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2509140, TSecr 2812213329": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2509140", - "tcp.options.timestamp.tsecr": "2812213329" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3944", - "tcp.analysis.ack_rtt": "0.000488000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:57.019555000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494637.019555000", - "frame.time_delta": "0.072130000", - "frame.time_delta_displayed": "0.072130000", - "frame.time_relative": "1045.558869000", - "frame.number": "3946", - "frame.len": "83", - "frame.cap_len": "83", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "69", - "ip.id": "0x0000f037", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000e956", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "49", - "udp.checksum": "0x0000edf6", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_smartthings._tcp.local", - "dns.qry.name.len": "23", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:57.025055000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494637.025055000", - "frame.time_delta": "0.005500000", - "frame.time_delta_displayed": "0.005500000", - "frame.time_relative": "1045.564369000", - "frame.number": "3947", - "frame.len": "211", - "frame.cap_len": "211", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "197", - "ip.id": "0x000044d7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000093ba", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "177", - "udp.checksum": "0x00009320", - "udp.checksum.status": "2", - "udp.stream": "45" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00008400", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "1", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.recavail": "0", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "0", - "dns.count.answers": "4", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Answers": { - "_smartthings._tcp.local: type PTR, class IN, D052A8A1D7EE0001._smartthings._tcp.local": { - "dns.resp.name": "_smartthings._tcp.local", - "dns.resp.type": "12", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "4500", - "dns.resp.len": "19", - "dns.ptr.domain_name": "D052A8A1D7EE0001._smartthings._tcp.local" - }, - "D052A8A1D7EE0001._smartthings._tcp.local: type TXT, class IN, cache flush": { - "dns.resp.name": "D052A8A1D7EE0001._smartthings._tcp.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "1", - "dns.resp.ttl": "4500", - "dns.resp.len": "38", - "dns.txt.length": "6", - "dns.txt": "path=\/", - "dns.txt.length": "19", - "dns.txt": "id=D052A8A1D7EE0001", - "dns.txt.length": "10", - "dns.txt": "type=hubv2" - }, - "D052A8A1D7EE0001._smartthings._tcp.local: type SRV, class IN, cache flush, priority 0, weight 0, port 8081, target D052A8A1D7EE0001.local": { - "dns.srv.service": "D052A8A1D7EE0001", - "dns.srv.proto": "_smartthings", - "dns.srv.name": "_tcp.local", - "dns.resp.type": "33", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "1", - "dns.resp.ttl": "120", - "dns.resp.len": "25", - "dns.srv.priority": "0", - "dns.srv.weight": "0", - "dns.srv.port": "8081", - "dns.srv.target": "D052A8A1D7EE0001.local" - }, - "D052A8A1D7EE0001.local: type A, class IN, cache flush, addr 192.168.0.242": { - "dns.resp.name": "D052A8A1D7EE0001.local", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "1", - "dns.resp.ttl": "120", - "dns.resp.len": "4", - "dns.a": "192.168.0.242" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:57.246798000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494637.246798000", - "frame.time_delta": "0.221743000", - "frame.time_delta_displayed": "0.221743000", - "frame.time_relative": "1045.786112000", - "frame.number": "3948", - "frame.len": "83", - "frame.cap_len": "83", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "69", - "ip.id": "0x0000f039", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000e954", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "49", - "udp.checksum": "0x0000edf6", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_smartthings._tcp.local", - "dns.qry.name.len": "23", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:57.471773000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494637.471773000", - "frame.time_delta": "0.224975000", - "frame.time_delta_displayed": "0.224975000", - "frame.time_relative": "1046.011087000", - "frame.number": "3949", - "frame.len": "83", - "frame.cap_len": "83", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "69", - "ip.id": "0x0000f06b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000e922", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "49", - "udp.checksum": "0x0000edf6", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_smartthings._tcp.local", - "dns.qry.name.len": "23", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:58.785655000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494638.785655000", - "frame.time_delta": "1.313882000", - "frame.time_delta_displayed": "1.313882000", - "frame.time_relative": "1047.324969000", - "frame.number": "3950", - "frame.len": "136", - "frame.cap_len": "136", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "122", - "ip.id": "0x0000f086", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000e8d2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "102", - "udp.checksum": "0x0000302a", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000003", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", - "dns.qry.name.len": "70", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:59.464410000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494639.464410000", - "frame.time_delta": "0.678755000", - "frame.time_delta_displayed": "0.678755000", - "frame.time_relative": "1048.003724000", - "frame.number": "3951", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x0000c352", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00000605", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:59.517232000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494639.517232000", - "frame.time_delta": "0.052822000", - "frame.time_delta_displayed": "0.052822000", - "frame.time_relative": "1048.056546000", - "frame.number": "3952", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x0000c357", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00000600", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:59.570183000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494639.570183000", - "frame.time_delta": "0.052951000", - "frame.time_delta_displayed": "0.052951000", - "frame.time_relative": "1048.109497000", - "frame.number": "3953", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x0000c35a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000005f4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:59.623164000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494639.623164000", - "frame.time_delta": "0.052981000", - "frame.time_delta_displayed": "0.052981000", - "frame.time_relative": "1048.162478000", - "frame.number": "3954", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x0000c35b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000005f3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:59.676022000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494639.676022000", - "frame.time_delta": "0.052858000", - "frame.time_delta_displayed": "0.052858000", - "frame.time_relative": "1048.215336000", - "frame.number": "3955", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x0000c360", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000005f4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:03:59.728880000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494639.728880000", - "frame.time_delta": "0.052858000", - "frame.time_delta_displayed": "0.052858000", - "frame.time_relative": "1048.268194000", - "frame.number": "3956", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x0000c363", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000005f1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:01.180822000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494641.180822000", - "frame.time_delta": "1.451942000", - "frame.time_delta_displayed": "1.451942000", - "frame.time_relative": "1049.720136000", - "frame.number": "3957", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", - "arp.src.proto_ipv4": "192.168.0.114", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:01.950203000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494641.950203000", - "frame.time_delta": "0.769381000", - "frame.time_delta_displayed": "0.769381000", - "frame.time_relative": "1050.489517000", - "frame.number": "3958", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.242" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:01.950632000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494641.950632000", - "frame.time_delta": "0.000429000", - "frame.time_delta_displayed": "0.000429000", - "frame.time_relative": "1050.489946000", - "frame.number": "3959", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "d0:52:a8:a3:60:0f", - "arp.src.proto_ipv4": "192.168.0.242", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:04.007425000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494644.007425000", - "frame.time_delta": "2.056793000", - "frame.time_delta_displayed": "2.056793000", - "frame.time_relative": "1052.546739000", - "frame.number": "3960", - "frame.len": "130", - "frame.cap_len": "130", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "116", - "ip.id": "0x00000ad9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000edb7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "96", - "udp.checksum": "0x00008e70", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:29:44:dd:10:5f:61:cd:f2:14:6b:00:00:00:52:a0:21:21:33:33:34:21:00:00:ff:ff:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", - "data.len": "88" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:04.106883000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494644.106883000", - "frame.time_delta": "0.099458000", - "frame.time_delta_displayed": "0.099458000", - "frame.time_relative": "1052.646197000", - "frame.number": "3961", - "frame.len": "78", - "frame.cap_len": "78", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "64", - "ip.id": "0x00000adb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ede9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "44", - "udp.checksum": "0x00005d71", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "24:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:2a:44:be:06:65:61:cd:f2:14:2d:00:00:00", - "data.len": "36" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:04.207540000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494644.207540000", - "frame.time_delta": "0.100657000", - "frame.time_delta_displayed": "0.100657000", - "frame.time_relative": "1052.746854000", - "frame.number": "3962", - "frame.len": "78", - "frame.cap_len": "78", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "64", - "ip.id": "0x00000add", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ede7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "44", - "udp.checksum": "0x00001847", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "24:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:2b:84:e1:0b:6b:61:cd:f2:14:2d:00:00:00", - "data.len": "36" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:04.314996000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494644.314996000", - "frame.time_delta": "0.107456000", - "frame.time_delta_displayed": "0.107456000", - "frame.time_relative": "1052.854310000", - "frame.number": "3963", - "frame.len": "130", - "frame.cap_len": "130", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "116", - "ip.id": "0x00000adf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000edb1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "96", - "udp.checksum": "0x00004023", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:2c:c4:04:11:71:61:cd:f2:14:6b:00:00:00:52:a0:21:21:01:44:34:21:00:00:ff:ff:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", - "data.len": "88" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:04.372375000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494644.372375000", - "frame.time_delta": "0.057379000", - "frame.time_delta_displayed": "0.057379000", - "frame.time_relative": "1052.911689000", - "frame.number": "3964", - "frame.len": "94", - "frame.cap_len": "94", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "80", - "ip.id": "0x000057f9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a670", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "40", - "tcp.seq": "322", - "tcp.nxtseq": "362", - "tcp.ack": "289", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000107f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "40", - "tcp.analysis.push_bytes_sent": "40" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "35", - "ssl.app_data": "c1:4c:bc:6e:d4:4e:36:e4:53:ad:df:af:ce:e5:c3:fd:0d:2d:99:ab:41:94:66:6b:36:d9:46:83:88:7a:20:8a:71:4d:76" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:04.515680000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494644.515680000", - "frame.time_delta": "0.143305000", - "frame.time_delta_displayed": "0.143305000", - "frame.time_relative": "1053.054994000", - "frame.number": "3965", - "frame.len": "90", - "frame.cap_len": "90", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "76", - "ip.id": "0x00000fe6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fd87", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "36", - "tcp.seq": "289", - "tcp.nxtseq": "325", - "tcp.ack": "362", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000508b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3964", - "tcp.analysis.ack_rtt": "0.143305000", - "tcp.analysis.bytes_in_flight": "36", - "tcp.analysis.push_bytes_sent": "36" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "31", - "ssl.app_data": "54:26:79:5a:1e:3d:fa:6a:02:9c:cf:13:72:ec:28:b2:11:ba:45:cd:82:ec:58:28:ac:a5:27:ec:a0:de:f6" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:04.516193000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494644.516193000", - "frame.time_delta": "0.000513000", - "frame.time_delta_displayed": "0.000513000", - "frame.time_relative": "1053.055507000", - "frame.number": "3966", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000057fa", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a697", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "362", - "tcp.ack": "325", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00000412", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "3965", - "tcp.analysis.ack_rtt": "0.000513000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:06.571983000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494646.571983000", - "frame.time_delta": "2.055790000", - "frame.time_delta_displayed": "2.055790000", - "frame.time_relative": "1055.111297000", - "frame.number": "3967", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005ccd", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x00005b1c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:07.307535000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494647.307535000", - "frame.time_delta": "0.735552000", - "frame.time_delta_displayed": "0.735552000", - "frame.time_relative": "1055.846849000", - "frame.number": "3968", - "frame.len": "130", - "frame.cap_len": "130", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "116", - "ip.id": "0x00000ae1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000edaf", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "96", - "udp.checksum": "0x000056fe", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:2a:44:de:c2:23:62:cd:f2:14:6b:00:00:00:52:a0:21:21:b7:de:34:21:00:00:ff:ff:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", - "data.len": "88" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:07.457571000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494647.457571000", - "frame.time_delta": "0.150036000", - "frame.time_delta_displayed": "0.150036000", - "frame.time_relative": "1055.996885000", - "frame.number": "3969", - "frame.len": "78", - "frame.cap_len": "78", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "64", - "ip.id": "0x00000ae3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ede1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "44", - "udp.checksum": "0x00002fb7", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "24:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:2b:c4:af:b3:2c:62:cd:f2:14:2d:00:00:00", - "data.len": "36" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:07.556933000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494647.556933000", - "frame.time_delta": "0.099362000", - "frame.time_delta_displayed": "0.099362000", - "frame.time_relative": "1056.096247000", - "frame.number": "3970", - "frame.len": "78", - "frame.cap_len": "78", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "64", - "ip.id": "0x00000ae5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000eddf", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "44", - "udp.checksum": "0x0000ea8c", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "24:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:2c:04:d3:b8:32:62:cd:f2:14:2d:00:00:00", - "data.len": "36" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:07.660429000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494647.660429000", - "frame.time_delta": "0.103496000", - "frame.time_delta_displayed": "0.103496000", - "frame.time_relative": "1056.199743000", - "frame.number": "3971", - "frame.len": "130", - "frame.cap_len": "130", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "116", - "ip.id": "0x00000ae7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000eda9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "96", - "udp.checksum": "0x0000690d", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:2d:04:b4:ae:38:62:cd:f2:14:6b:00:00:00:52:a0:21:21:f9:e1:34:21:00:00:ff:ff:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", - "data.len": "88" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:09.520454000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494649.520454000", - "frame.time_delta": "1.860025000", - "frame.time_delta_displayed": "1.860025000", - "frame.time_relative": "1058.059768000", - "frame.number": "3972", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.160" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:09.521063000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494649.521063000", - "frame.time_delta": "0.000609000", - "frame.time_delta_displayed": "0.000609000", - "frame.time_relative": "1058.060377000", - "frame.number": "3973", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "00:17:88:69:ee:e4", - "arp.src.proto_ipv4": "192.168.0.160", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:11.258340000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494651.258340000", - "frame.time_delta": "1.737277000", - "frame.time_delta_displayed": "1.737277000", - "frame.time_relative": "1059.797654000", - "frame.number": "3974", - "frame.len": "130", - "frame.cap_len": "130", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "116", - "ip.id": "0x00000ae9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000eda7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "96", - "udp.checksum": "0x00001db9", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:2b:c4:15:33:0f:63:cd:f2:14:6b:00:00:00:52:a0:21:21:ff:ff:34:21:00:00:ff:ff:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", - "data.len": "88" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:11.407179000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494651.407179000", - "frame.time_delta": "0.148839000", - "frame.time_delta_displayed": "0.148839000", - "frame.time_relative": "1059.946493000", - "frame.number": "3975", - "frame.len": "78", - "frame.cap_len": "78", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "64", - "ip.id": "0x00000aeb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000edd9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "44", - "udp.checksum": "0x00003e93", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "24:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:2c:44:e7:23:18:63:cd:f2:14:2d:00:00:00", - "data.len": "36" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:11.560297000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494651.560297000", - "frame.time_delta": "0.153118000", - "frame.time_delta_displayed": "0.153118000", - "frame.time_relative": "1060.099611000", - "frame.number": "3976", - "frame.len": "78", - "frame.cap_len": "78", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "64", - "ip.id": "0x00000aed", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000edd7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "44", - "udp.checksum": "0x00007e75", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "24:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:2d:04:fb:23:21:63:cd:f2:14:2d:00:00:00", - "data.len": "36" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:11.712461000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494651.712461000", - "frame.time_delta": "0.152164000", - "frame.time_delta_displayed": "0.152164000", - "frame.time_relative": "1060.251775000", - "frame.number": "3977", - "frame.len": "130", - "frame.cap_len": "130", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "116", - "ip.id": "0x00000aef", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000eda1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "96", - "udp.checksum": "0x0000fa45", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:2e:44:8a:05:2a:63:cd:f2:14:6b:00:00:00:52:a0:21:21:d0:e0:34:21:00:00:ff:ff:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", - "data.len": "88" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:18.799912000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494658.799912000", - "frame.time_delta": "7.087451000", - "frame.time_delta_displayed": "7.087451000", - "frame.time_relative": "1067.339226000", - "frame.number": "3978", - "frame.len": "136", - "frame.cap_len": "136", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "122", - "ip.id": "0x0000f121", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000e837", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "102", - "udp.checksum": "0x0000302a", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000003", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", - "dns.qry.name.len": "70", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:25.857616000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494665.857616000", - "frame.time_delta": "7.057704000", - "frame.time_delta_displayed": "7.057704000", - "frame.time_relative": "1074.396930000", - "frame.number": "3979", - "frame.len": "130", - "frame.cap_len": "130", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "116", - "ip.id": "0x00000af1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ed9f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "96", - "udp.checksum": "0x0000d89b", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:2e:04:a1:3f:75:66:cd:f2:14:6b:00:00:00:52:a0:21:21:f5:28:34:21:00:00:ff:ff:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", - "data.len": "88" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:25.956097000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494665.956097000", - "frame.time_delta": "0.098481000", - "frame.time_delta_displayed": "0.098481000", - "frame.time_relative": "1074.495411000", - "frame.number": "3980", - "frame.len": "78", - "frame.cap_len": "78", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "64", - "ip.id": "0x00000af3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000edd1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "44", - "udp.checksum": "0x00006992", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "24:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:2f:04:82:35:7b:66:cd:f2:14:2d:00:00:00", - "data.len": "36" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:26.057079000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494666.057079000", - "frame.time_delta": "0.100982000", - "frame.time_delta_displayed": "0.100982000", - "frame.time_relative": "1074.596393000", - "frame.number": "3981", - "frame.len": "78", - "frame.cap_len": "78", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "64", - "ip.id": "0x00000af5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000edcf", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "44", - "udp.checksum": "0x000073aa", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "24:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:30:04:63:2b:81:66:cd:f2:14:2d:00:00:00", - "data.len": "36" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:26.160590000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494666.160590000", - "frame.time_delta": "0.103511000", - "frame.time_delta_displayed": "0.103511000", - "frame.time_relative": "1074.699904000", - "frame.number": "3982", - "frame.len": "130", - "frame.cap_len": "130", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "116", - "ip.id": "0x00000af7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ed99", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "96", - "udp.checksum": "0x0000d991", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:31:44:86:30:87:66:cd:f2:14:6b:00:00:00:52:a0:21:21:c3:38:34:21:00:00:ff:ff:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", - "data.len": "88" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:27.968500000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494667.968500000", - "frame.time_delta": "1.807910000", - "frame.time_delta_displayed": "1.807910000", - "frame.time_relative": "1076.507814000", - "frame.number": "3983", - "frame.len": "115", - "frame.cap_len": "115", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "101", - "ip.id": "0x00009609", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007745", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "49", - "tcp.seq": "56318", - "tcp.nxtseq": "56367", - "tcp.ack": "12328", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000ff04", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:55:72:a7:9e:f8:51", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2512242, TSecr 2812213329": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2512242", - "tcp.options.timestamp.tsecr": "2812213329" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "49", - "tcp.analysis.push_bytes_sent": "49" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "44", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:c5:41:cc:47:3e:d5:64:ca:b0:86:55:72:a8:fe:3b:4b:a4:6a:a9:20:2f:74:35:d6:66:4e:e5:aa:17:26:b2:1a:52:3b:3c:9d:d6" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:28.029144000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494668.029144000", - "frame.time_delta": "0.060644000", - "frame.time_delta_displayed": "0.060644000", - "frame.time_relative": "1076.568458000", - "frame.number": "3984", - "frame.len": "121", - "frame.cap_len": "121", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "107", - "ip.id": "0x00002d10", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003838", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "55", - "tcp.seq": "12328", - "tcp.nxtseq": "12383", - "tcp.ack": "56367", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00002ed3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9f:16:ab:00:26:55:72", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812221099, TSecr 2512242": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812221099", - "tcp.options.timestamp.tsecr": "2512242" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3983", - "tcp.analysis.ack_rtt": "0.060644000", - "tcp.analysis.bytes_in_flight": "55", - "tcp.analysis.push_bytes_sent": "55" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "50", - "ssl.app_data": "34:cd:34:17:47:48:0e:83:b2:ce:1b:c9:49:2f:59:79:72:7a:d2:75:de:30:fe:f5:33:f2:a1:8b:c3:25:7c:e1:21:4b:95:ed:c6:b5:f0:95:aa:f2:a5:d6:50:34:c1:79:c9:2c" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:28.029653000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494668.029653000", - "frame.time_delta": "0.000509000", - "frame.time_delta_displayed": "0.000509000", - "frame.time_relative": "1076.568967000", - "frame.number": "3985", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000960a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007775", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "56367", - "tcp.ack": "12383", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00002eeb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:55:78:a7:9f:16:ab", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2512248, TSecr 2812221099": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2512248", - "tcp.options.timestamp.tsecr": "2812221099" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3984", - "tcp.analysis.ack_rtt": "0.000509000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:28.851094000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494668.851094000", - "frame.time_delta": "0.821441000", - "frame.time_delta_displayed": "0.821441000", - "frame.time_relative": "1077.390408000", - "frame.number": "3986", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "3c:ef:8c:6f:79:5a", - "eth.src_tree": { - "eth.src_resolved": "Zhejiang_6f:79:5a", - "eth.addr": "3c:ef:8c:6f:79:5a", - "eth.addr_resolved": "Zhejiang_6f:79:5a", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.isgratuitous": "1", - "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", - "arp.src.proto_ipv4": "192.168.0.71", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.71" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:29.560760000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494669.560760000", - "frame.time_delta": "0.709666000", - "frame.time_delta_displayed": "0.709666000", - "frame.time_relative": "1078.100074000", - "frame.number": "3987", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "3c:ef:8c:6f:79:5a", - "eth.src_tree": { - "eth.src_resolved": "Zhejiang_6f:79:5a", - "eth.addr": "3c:ef:8c:6f:79:5a", - "eth.addr_resolved": "Zhejiang_6f:79:5a", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.isgratuitous": "1", - "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", - "arp.src.proto_ipv4": "192.168.0.71", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.71" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:30.407648000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494670.407648000", - "frame.time_delta": "0.846888000", - "frame.time_delta_displayed": "0.846888000", - "frame.time_relative": "1078.946962000", - "frame.number": "3988", - "frame.len": "130", - "frame.cap_len": "130", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "116", - "ip.id": "0x00000af9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ed97", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "96", - "udp.checksum": "0x0000dc70", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:2b:84:1e:73:84:67:cd:f2:14:6b:00:00:00:52:a0:21:21:3c:ca:34:21:00:00:ff:ff:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", - "data.len": "88" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:30.506618000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494670.506618000", - "frame.time_delta": "0.098970000", - "frame.time_delta_displayed": "0.098970000", - "frame.time_relative": "1079.045932000", - "frame.number": "3989", - "frame.len": "78", - "frame.cap_len": "78", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "64", - "ip.id": "0x00000afb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000edc9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "44", - "udp.checksum": "0x0000b508", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "24:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:2c:84:ff:68:8a:67:cd:f2:14:2d:00:00:00", - "data.len": "36" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:30.609345000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494670.609345000", - "frame.time_delta": "0.102727000", - "frame.time_delta_displayed": "0.102727000", - "frame.time_relative": "1079.148659000", - "frame.number": "3990", - "frame.len": "78", - "frame.cap_len": "78", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "64", - "ip.id": "0x00000afd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000edc7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "44", - "udp.checksum": "0x0000ace7", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "24:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:2d:c4:19:31:90:67:cd:f2:14:2d:00:00:00", - "data.len": "36" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:30.711696000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494670.711696000", - "frame.time_delta": "0.102351000", - "frame.time_delta_displayed": "0.102351000", - "frame.time_relative": "1079.251010000", - "frame.number": "3991", - "frame.len": "130", - "frame.cap_len": "130", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "116", - "ip.id": "0x00000aff", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ed91", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "96", - "udp.checksum": "0x0000c00a", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:2e:44:7f:45:96:67:cd:f2:14:6b:00:00:00:52:a0:21:21:c6:ba:34:21:00:00:ff:ff:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", - "data.len": "88" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:31.557026000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494671.557026000", - "frame.time_delta": "0.845330000", - "frame.time_delta_displayed": "0.845330000", - "frame.time_relative": "1080.096340000", - "frame.number": "3992", - "frame.len": "418", - "frame.cap_len": "418", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "404", - "ip.id": "0x0000960b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007614", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "352", - "tcp.seq": "56367", - "tcp.nxtseq": "56719", - "tcp.ack": "12383", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000066ea", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:56:d9:a7:9f:16:ab", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2512601, TSecr 2812221099": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2512601", - "tcp.options.timestamp.tsecr": "2812221099" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "352", - "tcp.analysis.push_bytes_sent": "352" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "347", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:c6:cc:07:1a:bb:27:b3:29:42:72:b0:ab:b0:43:9e:60:05:22:83:a9:0d:09:47:a3:a6:9e:7f:38:0c:eb:9d:71:40:09:97:8e:49:05:31:1e:37:a4:da:40:47:f7:dd:eb:d7:8e:38:d8:1f:17:ca:36:72:6f:6a:a3:b5:d0:b2:bc:d0:df:ad:05:38:25:1e:33:d8:94:07:c5:62:13:0c:c1:12:64:a4:6b:80:3f:74:8d:89:44:52:8a:fd:75:8f:03:57:7e:61:4e:a1:44:fa:7b:bf:7a:d7:41:6c:1a:99:01:58:e6:36:1a:32:db:a3:0e:c1:ea:71:32:ae:86:95:d7:76:16:d2:81:0d:0e:0d:ea:4b:f4:42:ef:e2:8d:a4:fa:4c:22:d5:90:ee:38:0a:bb:3b:dd:1e:cb:a0:33:7d:a3:3f:e4:e4:e0:86:e3:d2:af:c0:1a:57:55:71:6e:fc:d9:f7:1b:c9:09:a8:9e:ec:e6:ca:e7:26:a3:d9:88:99:2b:68:2f:c0:1b:ff:1d:5b:fb:c4:d7:87:c7:17:4c:d6:d9:24:f4:db:34:b7:59:71:96:53:23:96:fd:15:7f:80:a9:8b:d1:f1:15:40:a5:87:60:95:db:3a:05:09:b0:eb:88:4d:af:af:59:99:5b:68:69:b7:bc:cb:1f:0c:38:3d:57:69:87:e6:15:2f:14:5d:1d:3c:cb:bf:f3:ca:22:1b:06:93:3a:df:a0:23:d3:b3:98:56:97:b0:28:ab:82:ad:53:0f:25:f8:fe:de:ba:52:45:0d:c6:8c:45:91:fd:b8:d6:16:89:be:c5:86:19:7a:b0:78:6a:d1:2b:41:af:15:e1:e2:70:9d:cf:08:d7:ad:b1:46:4f:33:90:a8:37:a0:2c:56:66:47:43" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:31.617797000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494671.617797000", - "frame.time_delta": "0.060771000", - "frame.time_delta_displayed": "0.060771000", - "frame.time_relative": "1080.157111000", - "frame.number": "3993", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002d11", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000383f", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "12383", - "tcp.nxtseq": "12430", - "tcp.ack": "56719", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000028f3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9f:1a:2c:00:26:56:d9", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812221996, TSecr 2512601": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812221996", - "tcp.options.timestamp.tsecr": "2512601" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3992", - "tcp.analysis.ack_rtt": "0.060771000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:84:fb:47:db:d0:89:39:7e:2f:0b:37:72:d5:e0:54:4a:d6:4b:85:02:92:a3:47:29:40:06:21:03:3e:78:7d:79:c9:0e:0d" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:31.618246000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494671.618246000", - "frame.time_delta": "0.000449000", - "frame.time_delta_displayed": "0.000449000", - "frame.time_relative": "1080.157560000", - "frame.number": "3994", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000960c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007773", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "56719", - "tcp.ack": "12430", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00002874", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:56:df:a7:9f:1a:2c", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2512607, TSecr 2812221996": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2512607", - "tcp.options.timestamp.tsecr": "2812221996" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "3993", - "tcp.analysis.ack_rtt": "0.000449000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:33.030195000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494673.030195000", - "frame.time_delta": "1.411949000", - "frame.time_delta_displayed": "1.411949000", - "frame.time_relative": "1081.569509000", - "frame.number": "3995", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.242" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:33.030634000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494673.030634000", - "frame.time_delta": "0.000439000", - "frame.time_delta_displayed": "0.000439000", - "frame.time_relative": "1081.569948000", - "frame.number": "3996", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "d0:52:a8:a3:60:0f", - "arp.src.proto_ipv4": "192.168.0.242", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:34.579774000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494674.579774000", - "frame.time_delta": "1.549140000", - "frame.time_delta_displayed": "1.549140000", - "frame.time_relative": "1083.119088000", - "frame.number": "3997", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000057fb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a696", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "361", - "tcp.ack": "325", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00000413", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive": "", - "_ws.expert.message": "TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:34.722765000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494674.722765000", - "frame.time_delta": "0.142991000", - "frame.time_delta_displayed": "0.142991000", - "frame.time_relative": "1083.262079000", - "frame.number": "3998", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000fe7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fdaa", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "325", - "tcp.ack": "362", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00000e88", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive_ack": "", - "_ws.expert.message": "ACK to a TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:36.590008000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494676.590008000", - "frame.time_delta": "1.867243000", - "frame.time_delta_displayed": "1.867243000", - "frame.time_relative": "1085.129322000", - "frame.number": "3999", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005cd4", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x00005b15", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:38.826381000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494678.826381000", - "frame.time_delta": "2.236373000", - "frame.time_delta_displayed": "2.236373000", - "frame.time_relative": "1087.365695000", - "frame.number": "4000", - "frame.len": "136", - "frame.cap_len": "136", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "122", - "ip.id": "0x00000172", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000d7e7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "102", - "udp.checksum": "0x0000302a", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000003", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", - "dns.qry.name.len": "70", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:39.740060000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494679.740060000", - "frame.time_delta": "0.913679000", - "frame.time_delta_displayed": "0.913679000", - "frame.time_relative": "1088.279374000", - "frame.number": "4001", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.160" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:39.740459000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494679.740459000", - "frame.time_delta": "0.000399000", - "frame.time_delta_displayed": "0.000399000", - "frame.time_relative": "1088.279773000", - "frame.number": "4002", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "00:17:88:69:ee:e4", - "arp.src.proto_ipv4": "192.168.0.160", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:40.206376000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494680.206376000", - "frame.time_delta": "0.465917000", - "frame.time_delta_displayed": "0.465917000", - "frame.time_relative": "1088.745690000", - "frame.number": "4003", - "frame.len": "90", - "frame.cap_len": "90", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "76", - "ip.id": "0x00000b02", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000edb6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "56", - "udp.checksum": "0x0000c15f", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "30:00:00:54:42:52:4b:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:00:c4:70:28:cc:69:cd:f2:14:21:00:00:00:01:00:00:00:01:00:00:00:06:00:00:00", - "data.len": "48" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:40.607087000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494680.607087000", - "frame.time_delta": "0.400711000", - "frame.time_delta_displayed": "0.400711000", - "frame.time_relative": "1089.146401000", - "frame.number": "4004", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001de0", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000ba10", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000098e", - "udp.checksum.status": "2", - "udp.stream": "16" - }, - "mdns": { - "dns.id": "0x00000274", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=628", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:40.607633000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494680.607633000", - "frame.time_delta": "0.000546000", - "frame.time_delta_displayed": "0.000546000", - "frame.time_relative": "1089.146947000", - "frame.number": "4005", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001de1", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009b0b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000ea89", - "udp.checksum.status": "2", - "udp.stream": "17" - }, - "mdns": { - "dns.id": "0x00000274", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=628", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:40.608706000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494680.608706000", - "frame.time_delta": "0.001073000", - "frame.time_delta_displayed": "0.001073000", - "frame.time_relative": "1089.148020000", - "frame.number": "4006", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1319", - "udp.dstport": "5353", - "udp.port": "1319", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000784f", - "udp.checksum.status": "2", - "udp.stream": "18" - }, - "mdns": { - "dns.id": "0x00000274", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=628", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:40.956765000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494680.956765000", - "frame.time_delta": "0.348059000", - "frame.time_delta_displayed": "0.348059000", - "frame.time_relative": "1089.496079000", - "frame.number": "4007", - "frame.len": "130", - "frame.cap_len": "130", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "116", - "ip.id": "0x00000b04", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ed8c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "96", - "udp.checksum": "0x0000d92a", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:2f:44:88:dc:f8:69:cd:f2:14:6b:00:00:00:52:a0:21:21:14:2e:34:21:00:00:ff:ff:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", - "data.len": "88" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:41.056874000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494681.056874000", - "frame.time_delta": "0.100109000", - "frame.time_delta_displayed": "0.100109000", - "frame.time_relative": "1089.596188000", - "frame.number": "4008", - "frame.len": "78", - "frame.cap_len": "78", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "64", - "ip.id": "0x00000b06", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000edbe", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "44", - "udp.checksum": "0x000039e4", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "24:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:30:84:ab:e1:fe:69:cd:f2:14:2d:00:00:00", - "data.len": "36" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:41.157219000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494681.157219000", - "frame.time_delta": "0.100345000", - "frame.time_delta_displayed": "0.100345000", - "frame.time_relative": "1089.696533000", - "frame.number": "4009", - "frame.len": "78", - "frame.cap_len": "78", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "64", - "ip.id": "0x00000b08", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000edbc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "44", - "udp.checksum": "0x000043fc", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "24:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:31:84:8c:d7:04:6a:cd:f2:14:2d:00:00:00", - "data.len": "36" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:41.267886000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494681.267886000", - "frame.time_delta": "0.110667000", - "frame.time_delta_displayed": "0.110667000", - "frame.time_relative": "1089.807200000", - "frame.number": "4010", - "frame.len": "130", - "frame.cap_len": "130", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "116", - "ip.id": "0x00000b0a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ed86", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "96", - "udp.checksum": "0x000071e6", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:32:c4:af:dc:0a:6a:cd:f2:14:6b:00:00:00:73:94:e7:34:14:2e:34:21:00:00:ff:ff:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", - "data.len": "88" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:43.207266000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494683.207266000", - "frame.time_delta": "1.939380000", - "frame.time_delta_displayed": "1.939380000", - "frame.time_relative": "1091.746580000", - "frame.number": "4011", - "frame.len": "130", - "frame.cap_len": "130", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "116", - "ip.id": "0x00000b0c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ed84", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "96", - "udp.checksum": "0x000042c3", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:37:04:11:08:7f:6a:cd:f2:14:6b:00:00:00:33:27:ea:ea:14:2e:34:21:00:00:ff:ff:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", - "data.len": "88" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:43.306762000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494683.306762000", - "frame.time_delta": "0.099496000", - "frame.time_delta_displayed": "0.099496000", - "frame.time_relative": "1091.846076000", - "frame.number": "4012", - "frame.len": "78", - "frame.cap_len": "78", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "64", - "ip.id": "0x00000b0e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000edb6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "44", - "udp.checksum": "0x0000ec51", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "24:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:38:c4:af:ee:84:6a:cd:f2:14:2d:00:00:00", - "data.len": "36" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:43.406252000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494683.406252000", - "frame.time_delta": "0.099490000", - "frame.time_delta_displayed": "0.099490000", - "frame.time_relative": "1091.945566000", - "frame.number": "4013", - "frame.len": "78", - "frame.cap_len": "78", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "64", - "ip.id": "0x00000b10", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000edb4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "44", - "udp.checksum": "0x0000a727", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "24:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:39:04:d3:f3:8a:6a:cd:f2:14:2d:00:00:00", - "data.len": "36" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:43.511584000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494683.511584000", - "frame.time_delta": "0.105332000", - "frame.time_delta_displayed": "0.105332000", - "frame.time_relative": "1092.050898000", - "frame.number": "4014", - "frame.len": "130", - "frame.cap_len": "130", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "116", - "ip.id": "0x00000b12", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ed7e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "96", - "udp.checksum": "0x00001fd2", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:3a:44:f6:f8:90:6a:cd:f2:14:6b:00:00:00:8b:24:84:e4:14:2e:34:21:00:00:ff:ff:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", - "data.len": "88" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:45.607380000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494685.607380000", - "frame.time_delta": "2.095796000", - "frame.time_delta_displayed": "2.095796000", - "frame.time_relative": "1094.146694000", - "frame.number": "4015", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001de2", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000ba0e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000098e", - "udp.checksum.status": "2", - "udp.stream": "16" - }, - "mdns": { - "dns.id": "0x00000274", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=628", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:45.607930000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494685.607930000", - "frame.time_delta": "0.000550000", - "frame.time_delta_displayed": "0.000550000", - "frame.time_relative": "1094.147244000", - "frame.number": "4016", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001de3", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009b09", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000ea89", - "udp.checksum.status": "2", - "udp.stream": "17" - }, - "mdns": { - "dns.id": "0x00000274", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=628", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:45.608499000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494685.608499000", - "frame.time_delta": "0.000569000", - "frame.time_delta_displayed": "0.000569000", - "frame.time_relative": "1094.147813000", - "frame.number": "4017", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1319", - "udp.dstport": "5353", - "udp.port": "1319", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000784f", - "udp.checksum.status": "2", - "udp.stream": "18" - }, - "mdns": { - "dns.id": "0x00000274", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=628", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:46.208542000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494686.208542000", - "frame.time_delta": "0.600043000", - "frame.time_delta_displayed": "0.600043000", - "frame.time_relative": "1094.747856000", - "frame.number": "4018", - "frame.len": "130", - "frame.cap_len": "130", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "116", - "ip.id": "0x00000b14", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ed7c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "96", - "udp.checksum": "0x0000b6da", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:32:44:a8:aa:31:6b:cd:f2:14:6b:00:00:00:1d:0c:a9:a9:14:2e:34:21:00:00:ff:ff:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", - "data.len": "88" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:46.306284000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494686.306284000", - "frame.time_delta": "0.097742000", - "frame.time_delta_displayed": "0.097742000", - "frame.time_relative": "1094.845598000", - "frame.number": "4019", - "frame.len": "78", - "frame.cap_len": "78", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "64", - "ip.id": "0x00000b16", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000edae", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "44", - "udp.checksum": "0x0000090d", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "24:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:33:04:47:91:37:6b:cd:f2:14:2d:00:00:00", - "data.len": "36" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:46.456286000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494686.456286000", - "frame.time_delta": "0.150002000", - "frame.time_delta_displayed": "0.150002000", - "frame.time_relative": "1094.995600000", - "frame.number": "4020", - "frame.len": "78", - "frame.cap_len": "78", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "64", - "ip.id": "0x00000b18", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000edac", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "44", - "udp.checksum": "0x000048ef", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "24:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:34:c4:5a:91:40:6b:cd:f2:14:2d:00:00:00", - "data.len": "36" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:46.608704000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494686.608704000", - "frame.time_delta": "0.152418000", - "frame.time_delta_displayed": "0.152418000", - "frame.time_relative": "1095.148018000", - "frame.number": "4021", - "frame.len": "130", - "frame.cap_len": "130", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "116", - "ip.id": "0x00000b1a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ed76", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "96", - "udp.checksum": "0x00004e86", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:35:04:ea:72:49:6b:cd:f2:14:6b:00:00:00:74:0d:32:a0:14:2e:34:21:00:00:ff:ff:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", - "data.len": "88" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:48.648637000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494688.648637000", - "frame.time_delta": "2.039933000", - "frame.time_delta_displayed": "2.039933000", - "frame.time_relative": "1097.187951000", - "frame.number": "4022", - "frame.len": "130", - "frame.cap_len": "130", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "116", - "ip.id": "0x00000b1c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ed74", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "96", - "udp.checksum": "0x000002ad", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:33:04:7e:a8:c0:6b:cd:f2:14:6b:00:00:00:55:15:67:68:14:2e:34:21:00:00:ff:ff:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", - "data.len": "88" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:48.756300000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494688.756300000", - "frame.time_delta": "0.107663000", - "frame.time_delta_displayed": "0.107663000", - "frame.time_relative": "1097.295614000", - "frame.number": "4023", - "frame.len": "78", - "frame.cap_len": "78", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "64", - "ip.id": "0x00000b1e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000eda6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "44", - "udp.checksum": "0x00006e38", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "24:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:34:c4:88:6b:c9:6b:cd:f2:14:2d:00:00:00", - "data.len": "36" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:48.856499000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494688.856499000", - "frame.time_delta": "0.100199000", - "frame.time_delta_displayed": "0.100199000", - "frame.time_relative": "1097.395813000", - "frame.number": "4024", - "frame.len": "78", - "frame.cap_len": "78", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "64", - "ip.id": "0x00000b20", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000eda4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "44", - "udp.checksum": "0x0000290e", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "24:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:35:04:ac:70:cf:6b:cd:f2:14:2d:00:00:00", - "data.len": "36" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:49.011828000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494689.011828000", - "frame.time_delta": "0.155329000", - "frame.time_delta_displayed": "0.155329000", - "frame.time_relative": "1097.551142000", - "frame.number": "4025", - "frame.len": "130", - "frame.cap_len": "130", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "116", - "ip.id": "0x00000b22", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ed6e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "96", - "udp.checksum": "0x00002f04", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:36:04:02:80:d8:6b:cd:f2:14:6b:00:00:00:c5:0c:f3:7a:14:2e:34:21:00:00:ff:ff:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", - "data.len": "88" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:50.613756000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494690.613756000", - "frame.time_delta": "1.601928000", - "frame.time_delta_displayed": "1.601928000", - "frame.time_relative": "1099.153070000", - "frame.number": "4026", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001de4", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000ba0c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000098e", - "udp.checksum.status": "2", - "udp.stream": "16" - }, - "mdns": { - "dns.id": "0x00000274", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=628", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:50.614174000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494690.614174000", - "frame.time_delta": "0.000418000", - "frame.time_delta_displayed": "0.000418000", - "frame.time_relative": "1099.153488000", - "frame.number": "4027", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001de5", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009b07", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1318", - "udp.dstport": "5353", - "udp.port": "1318", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000ea89", - "udp.checksum.status": "2", - "udp.stream": "17" - }, - "mdns": { - "dns.id": "0x00000274", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=628", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:50.614600000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494690.614600000", - "frame.time_delta": "0.000426000", - "frame.time_delta_displayed": "0.000426000", - "frame.time_relative": "1099.153914000", - "frame.number": "4028", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1319", - "udp.dstport": "5353", - "udp.port": "1319", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000784f", - "udp.checksum.status": "2", - "udp.stream": "18" - }, - "mdns": { - "dns.id": "0x00000274", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=628", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=60559" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:51.507667000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494691.507667000", - "frame.time_delta": "0.893067000", - "frame.time_delta_displayed": "0.893067000", - "frame.time_relative": "1100.046981000", - "frame.number": "4029", - "frame.len": "130", - "frame.cap_len": "130", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "116", - "ip.id": "0x00000b24", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ed6c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "96", - "udp.checksum": "0x00000aff", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:3b:44:34:55:6d:6c:cd:f2:14:6b:00:00:00:e1:db:e4:e4:14:2e:34:21:00:00:ff:ff:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", - "data.len": "88" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:51.609742000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494691.609742000", - "frame.time_delta": "0.102075000", - "frame.time_delta_displayed": "0.102075000", - "frame.time_relative": "1100.149056000", - "frame.number": "4030", - "frame.len": "78", - "frame.cap_len": "78", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "64", - "ip.id": "0x00000b26", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ed9e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "44", - "udp.checksum": "0x00000dfa", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "24:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:3c:44:15:4b:73:6c:cd:f2:14:2d:00:00:00", - "data.len": "36" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:51.707325000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494691.707325000", - "frame.time_delta": "0.097583000", - "frame.time_delta_displayed": "0.097583000", - "frame.time_relative": "1100.246639000", - "frame.number": "4031", - "frame.len": "78", - "frame.cap_len": "78", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "64", - "ip.id": "0x00000b28", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ed9c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "44", - "udp.checksum": "0x0000b696", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "24:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:3d:c4:71:22:79:6c:cd:f2:14:2d:00:00:00", - "data.len": "36" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:51.809823000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494691.809823000", - "frame.time_delta": "0.102498000", - "frame.time_delta_displayed": "0.102498000", - "frame.time_relative": "1100.349137000", - "frame.number": "4032", - "frame.len": "130", - "frame.cap_len": "130", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "116", - "ip.id": "0x00000b2a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ed66", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "96", - "udp.checksum": "0x00004c83", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:3e:04:95:27:7f:6c:cd:f2:14:6b:00:00:00:f4:e1:fd:e4:14:2e:34:21:00:00:ff:ff:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", - "data.len": "88" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:52.158853000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494692.158853000", - "frame.time_delta": "0.349030000", - "frame.time_delta_displayed": "0.349030000", - "frame.time_relative": "1100.698167000", - "frame.number": "4033", - "frame.len": "130", - "frame.cap_len": "130", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "116", - "ip.id": "0x00000b2c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ed64", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "96", - "udp.checksum": "0x0000a050", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:37:04:a4:e5:93:6c:cd:f2:14:6b:00:00:00:89:f7:56:e5:14:2e:34:21:00:00:ff:ff:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", - "data.len": "88" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:52.310337000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494692.310337000", - "frame.time_delta": "0.151484000", - "frame.time_delta_displayed": "0.151484000", - "frame.time_relative": "1100.849651000", - "frame.number": "4034", - "frame.len": "78", - "frame.cap_len": "78", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "64", - "ip.id": "0x00000b2e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ed96", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "44", - "udp.checksum": "0x0000a3ef", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "24:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:38:04:fa:f4:9c:6c:cd:f2:14:2d:00:00:00", - "data.len": "36" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:52.456895000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494692.456895000", - "frame.time_delta": "0.146558000", - "frame.time_delta_displayed": "0.146558000", - "frame.time_relative": "1100.996209000", - "frame.number": "4035", - "frame.len": "78", - "frame.cap_len": "78", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "64", - "ip.id": "0x00000b30", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ed94", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "44", - "udp.checksum": "0x00008256", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "24:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:39:44:89:d6:a5:6c:cd:f2:14:2d:00:00:00", - "data.len": "36" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:52.560094000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494692.560094000", - "frame.time_delta": "0.103199000", - "frame.time_delta_displayed": "0.103199000", - "frame.time_relative": "1101.099408000", - "frame.number": "4036", - "frame.len": "130", - "frame.cap_len": "130", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "116", - "ip.id": "0x00000b32", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ed5e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "96", - "udp.checksum": "0x00004a56", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:3a:44:6a:cc:ab:6c:cd:f2:14:6b:00:00:00:0f:0e:00:e8:14:2e:34:21:00:00:ff:ff:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", - "data.len": "88" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:52.594071000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494692.594071000", - "frame.time_delta": "0.033977000", - "frame.time_delta_displayed": "0.033977000", - "frame.time_relative": "1101.133385000", - "frame.number": "4037", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x0000d22d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000f729", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:52.646956000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494692.646956000", - "frame.time_delta": "0.052885000", - "frame.time_delta_displayed": "0.052885000", - "frame.time_relative": "1101.186270000", - "frame.number": "4038", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x0000d231", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000f725", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:52.699797000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494692.699797000", - "frame.time_delta": "0.052841000", - "frame.time_delta_displayed": "0.052841000", - "frame.time_relative": "1101.239111000", - "frame.number": "4039", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x0000d232", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000f71b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:52.808110000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494692.808110000", - "frame.time_delta": "0.108313000", - "frame.time_delta_displayed": "0.108313000", - "frame.time_relative": "1101.347424000", - "frame.number": "4040", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x0000d234", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000f719", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:52.808122000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494692.808122000", - "frame.time_delta": "0.000012000", - "frame.time_delta_displayed": "0.000012000", - "frame.time_relative": "1101.347436000", - "frame.number": "4041", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x0000d237", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000f71c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:52.858751000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494692.858751000", - "frame.time_delta": "0.050629000", - "frame.time_delta_displayed": "0.050629000", - "frame.time_relative": "1101.398065000", - "frame.number": "4042", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x0000d23a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000f719", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:53.707284000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494693.707284000", - "frame.time_delta": "0.848533000", - "frame.time_delta_displayed": "0.848533000", - "frame.time_relative": "1102.246598000", - "frame.number": "4043", - "frame.len": "130", - "frame.cap_len": "130", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "116", - "ip.id": "0x00000b34", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ed5c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "96", - "udp.checksum": "0x00008881", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:36:84:c3:48:f0:6c:cd:f2:14:6b:00:00:00:18:33:fc:fd:14:2e:34:21:00:00:ff:ff:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", - "data.len": "88" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:53.857051000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494693.857051000", - "frame.time_delta": "0.149767000", - "frame.time_delta_displayed": "0.149767000", - "frame.time_relative": "1102.396365000", - "frame.number": "4044", - "frame.len": "78", - "frame.cap_len": "78", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "64", - "ip.id": "0x00000b36", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ed8e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "44", - "udp.checksum": "0x00005ef9", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "24:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:37:04:95:39:f9:6c:cd:f2:14:2d:00:00:00", - "data.len": "36" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:53.956465000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494693.956465000", - "frame.time_delta": "0.099414000", - "frame.time_delta_displayed": "0.099414000", - "frame.time_relative": "1102.495779000", - "frame.number": "4045", - "frame.len": "78", - "frame.cap_len": "78", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "64", - "ip.id": "0x00000b38", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ed8c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "44", - "udp.checksum": "0x000019cf", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "24:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:38:44:b8:3e:ff:6c:cd:f2:14:2d:00:00:00", - "data.len": "36" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:54.061623000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494694.061623000", - "frame.time_delta": "0.105158000", - "frame.time_delta_displayed": "0.105158000", - "frame.time_relative": "1102.600937000", - "frame.number": "4046", - "frame.len": "130", - "frame.cap_len": "130", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "116", - "ip.id": "0x00000b3a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ed56", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "96", - "udp.checksum": "0x0000a05a", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:39:84:db:43:05:6d:cd:f2:14:6b:00:00:00:13:33:ee:f4:14:2e:34:21:00:00:ff:ff:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", - "data.len": "88" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:54.609884000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494694.609884000", - "frame.time_delta": "0.548261000", - "frame.time_delta_displayed": "0.548261000", - "frame.time_relative": "1103.149198000", - "frame.number": "4047", - "frame.len": "130", - "frame.cap_len": "130", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "116", - "ip.id": "0x00000b3c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ed54", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "96", - "udp.checksum": "0x00007a53", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:3f:c4:ee:fc:25:6d:cd:f2:14:6b:00:00:00:f4:32:3a:c2:14:2e:34:21:00:00:ff:ff:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", - "data.len": "88" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:54.710369000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494694.710369000", - "frame.time_delta": "0.100485000", - "frame.time_delta_displayed": "0.100485000", - "frame.time_relative": "1103.249683000", - "frame.number": "4048", - "frame.len": "78", - "frame.cap_len": "78", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "64", - "ip.id": "0x00000b3e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ed86", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "44", - "udp.checksum": "0x00009640", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "24:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:40:04:12:02:2c:6d:cd:f2:14:2d:00:00:00", - "data.len": "36" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:54.889853000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494694.889853000", - "frame.time_delta": "0.179484000", - "frame.time_delta_displayed": "0.179484000", - "frame.time_relative": "1103.429167000", - "frame.number": "4049", - "frame.len": "78", - "frame.cap_len": "78", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "64", - "ip.id": "0x00000b40", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ed84", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "44", - "udp.checksum": "0x00005116", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "24:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:41:44:35:07:32:6d:cd:f2:14:2d:00:00:00", - "data.len": "36" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:54.958863000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494694.958863000", - "frame.time_delta": "0.069010000", - "frame.time_delta_displayed": "0.069010000", - "frame.time_relative": "1103.498177000", - "frame.number": "4050", - "frame.len": "130", - "frame.cap_len": "130", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "116", - "ip.id": "0x00000b42", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ed4e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "96", - "udp.checksum": "0x00003cf7", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:42:04:40:ca:3a:6d:cd:f2:14:6b:00:00:00:43:31:1b:b7:14:2e:34:21:00:00:ff:ff:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", - "data.len": "88" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:57.457088000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494697.457088000", - "frame.time_delta": "2.498225000", - "frame.time_delta_displayed": "2.498225000", - "frame.time_relative": "1105.996402000", - "frame.number": "4051", - "frame.len": "130", - "frame.cap_len": "130", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "116", - "ip.id": "0x00000b44", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ed4c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "96", - "udp.checksum": "0x00003c45", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:43:04:39:cd:cf:6d:cd:f2:14:6b:00:00:00:78:27:e3:e3:14:2e:34:21:00:00:ff:ff:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", - "data.len": "88" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:57.556374000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494697.556374000", - "frame.time_delta": "0.099286000", - "frame.time_delta_displayed": "0.099286000", - "frame.time_relative": "1106.095688000", - "frame.number": "4052", - "frame.len": "78", - "frame.cap_len": "78", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "64", - "ip.id": "0x00000b46", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ed7e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "44", - "udp.checksum": "0x0000d48a", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "24:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:44:04:1a:c3:d5:6d:cd:f2:14:2d:00:00:00", - "data.len": "36" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:57.657978000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494697.657978000", - "frame.time_delta": "0.101604000", - "frame.time_delta_displayed": "0.101604000", - "frame.time_relative": "1106.197292000", - "frame.number": "4053", - "frame.len": "78", - "frame.cap_len": "78", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "64", - "ip.id": "0x00000b48", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ed7c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "44", - "udp.checksum": "0x00008f60", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "24:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:45:44:3d:c8:db:6d:cd:f2:14:2d:00:00:00", - "data.len": "36" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:57.759893000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494697.759893000", - "frame.time_delta": "0.101915000", - "frame.time_delta_displayed": "0.101915000", - "frame.time_relative": "1106.299207000", - "frame.number": "4054", - "frame.len": "130", - "frame.cap_len": "130", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "116", - "ip.id": "0x00000b4a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ed46", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "96", - "udp.checksum": "0x0000114d", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:46:44:1e:be:e1:6d:cd:f2:14:6b:00:00:00:3a:26:1b:e3:14:2e:34:21:00:00:ff:ff:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", - "data.len": "88" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:58.365165000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494698.365165000", - "frame.time_delta": "0.605272000", - "frame.time_delta_displayed": "0.605272000", - "frame.time_relative": "1106.904479000", - "frame.number": "4055", - "frame.len": "130", - "frame.cap_len": "130", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "116", - "ip.id": "0x00000b4c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ed44", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "96", - "udp.checksum": "0x000080b9", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:3a:84:a6:90:05:6e:cd:f2:14:6b:00:00:00:8c:1e:47:de:14:2e:34:21:00:00:ff:ff:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", - "data.len": "88" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:58.462160000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494698.462160000", - "frame.time_delta": "0.096995000", - "frame.time_delta_displayed": "0.096995000", - "frame.time_relative": "1107.001474000", - "frame.number": "4056", - "frame.len": "78", - "frame.cap_len": "78", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "64", - "ip.id": "0x00000b4e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ed76", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "44", - "udp.checksum": "0x00002f75", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "24:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:3b:04:03:68:0b:6e:cd:f2:14:2d:00:00:00", - "data.len": "36" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:58.561396000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494698.561396000", - "frame.time_delta": "0.099236000", - "frame.time_delta_displayed": "0.099236000", - "frame.time_relative": "1107.100710000", - "frame.number": "4057", - "frame.len": "78", - "frame.cap_len": "78", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "64", - "ip.id": "0x00000b50", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ed74", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "44", - "udp.checksum": "0x0000ea4a", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "24:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:3c:44:26:6d:11:6e:cd:f2:14:2d:00:00:00", - "data.len": "36" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:58.658753000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494698.658753000", - "frame.time_delta": "0.097357000", - "frame.time_delta_displayed": "0.097357000", - "frame.time_relative": "1107.198067000", - "frame.number": "4058", - "frame.len": "130", - "frame.cap_len": "130", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "116", - "ip.id": "0x00000b52", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ed3e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "96", - "udp.checksum": "0x00006791", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:3d:04:c5:53:17:6e:cd:f2:14:6b:00:00:00:6c:13:3d:de:14:2e:34:21:00:00:ff:ff:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", - "data.len": "88" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:04:58.754256000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494698.754256000", - "frame.time_delta": "0.095503000", - "frame.time_delta_displayed": "0.095503000", - "frame.time_relative": "1107.293570000", - "frame.number": "4059", - "frame.len": "136", - "frame.cap_len": "136", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "122", - "ip.id": "0x00000f5c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000c9fd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "102", - "udp.checksum": "0x0000302a", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000003", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", - "dns.qry.name.len": "70", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:00.109020000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494700.109020000", - "frame.time_delta": "1.354764000", - "frame.time_delta_displayed": "1.354764000", - "frame.time_relative": "1108.648334000", - "frame.number": "4060", - "frame.len": "130", - "frame.cap_len": "130", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "116", - "ip.id": "0x00000b54", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ed3c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "96", - "udp.checksum": "0x0000c54d", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:2f:84:03:c1:6d:6e:cd:f2:14:6b:00:00:00:71:c1:ec:ec:14:2e:34:21:00:00:ff:ff:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", - "data.len": "88" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:00.206849000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494700.206849000", - "frame.time_delta": "0.097829000", - "frame.time_delta_displayed": "0.097829000", - "frame.time_relative": "1108.746163000", - "frame.number": "4061", - "frame.len": "78", - "frame.cap_len": "78", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "64", - "ip.id": "0x00000b56", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ed6e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "44", - "udp.checksum": "0x00006036", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "24:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:30:84:e4:b6:73:6e:cd:f2:14:2d:00:00:00", - "data.len": "36" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:00.306405000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494700.306405000", - "frame.time_delta": "0.099556000", - "frame.time_delta_displayed": "0.099556000", - "frame.time_relative": "1108.845719000", - "frame.number": "4062", - "frame.len": "78", - "frame.cap_len": "78", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "64", - "ip.id": "0x00000b58", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ed6c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "44", - "udp.checksum": "0x00001b0c", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "24:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:31:c4:07:bc:79:6e:cd:f2:14:2d:00:00:00", - "data.len": "36" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:00.409178000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494700.409178000", - "frame.time_delta": "0.102773000", - "frame.time_delta_displayed": "0.102773000", - "frame.time_relative": "1108.948492000", - "frame.number": "4063", - "frame.len": "130", - "frame.cap_len": "130", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "116", - "ip.id": "0x00000b5a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ed36", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "96", - "udp.checksum": "0x0000784a", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:32:c4:e8:b1:7f:6e:cd:f2:14:6b:00:00:00:70:cb:09:ec:14:2e:34:21:00:00:ff:ff:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", - "data.len": "88" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:02.634062000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494702.634062000", - "frame.time_delta": "2.224884000", - "frame.time_delta_displayed": "2.224884000", - "frame.time_relative": "1111.173376000", - "frame.number": "4064", - "frame.len": "115", - "frame.cap_len": "115", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "101", - "ip.id": "0x0000960d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007741", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "49", - "tcp.seq": "56719", - "tcp.nxtseq": "56768", - "tcp.ack": "12430", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000076ed", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:62:fd:a7:9f:1a:2c", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2515709, TSecr 2812221996": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2515709", - "tcp.options.timestamp.tsecr": "2812221996" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "49", - "tcp.analysis.push_bytes_sent": "49" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "44", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:c7:b0:23:c2:33:7b:1a:cd:fd:97:23:ff:99:c6:9b:59:c6:cf:8f:b3:17:ea:8e:63:c1:bd:c3:11:14:c9:3e:ce:32:8e:99:d6:71" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:02.694906000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494702.694906000", - "frame.time_delta": "0.060844000", - "frame.time_delta_displayed": "0.060844000", - "frame.time_relative": "1111.234220000", - "frame.number": "4065", - "frame.len": "121", - "frame.cap_len": "121", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "107", - "ip.id": "0x00002d12", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003836", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "55", - "tcp.seq": "12430", - "tcp.nxtseq": "12485", - "tcp.ack": "56768", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000bcec", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9f:38:86:00:26:62:fd", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812229766, TSecr 2515709": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812229766", - "tcp.options.timestamp.tsecr": "2515709" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4064", - "tcp.analysis.ack_rtt": "0.060844000", - "tcp.analysis.bytes_in_flight": "55", - "tcp.analysis.push_bytes_sent": "55" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "50", - "ssl.app_data": "34:cd:34:17:47:48:0e:85:4e:69:ab:05:73:e1:96:b5:a7:73:cc:5f:bf:70:4e:2d:a8:39:c2:1f:15:18:18:7b:06:da:da:87:9e:e6:9c:82:a0:67:28:04:f4:b3:8f:8a:45:6a" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:02.695392000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494702.695392000", - "frame.time_delta": "0.000486000", - "frame.time_delta_displayed": "0.000486000", - "frame.time_relative": "1111.234706000", - "frame.number": "4066", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000960e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007771", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "56768", - "tcp.ack": "12485", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000fd8d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:63:03:a7:9f:38:86", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2515715, TSecr 2812229766": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2515715", - "tcp.options.timestamp.tsecr": "2812229766" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4065", - "tcp.analysis.ack_rtt": "0.000486000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:04.719745000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494704.719745000", - "frame.time_delta": "2.024353000", - "frame.time_delta_displayed": "2.024353000", - "frame.time_relative": "1113.259059000", - "frame.number": "4067", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000057fc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a695", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "361", - "tcp.ack": "325", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00000413", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive": "", - "_ws.expert.message": "TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:04.899389000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494704.899389000", - "frame.time_delta": "0.179644000", - "frame.time_delta_displayed": "0.179644000", - "frame.time_relative": "1113.438703000", - "frame.number": "4068", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000fe8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fda9", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "325", - "tcp.ack": "362", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00000e88", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive_ack": "", - "_ws.expert.message": "ACK to a TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:06.588758000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494706.588758000", - "frame.time_delta": "1.689369000", - "frame.time_delta_displayed": "1.689369000", - "frame.time_relative": "1115.128072000", - "frame.number": "4069", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005cdb", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x00005b0e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:07.023088000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494707.023088000", - "frame.time_delta": "0.434330000", - "frame.time_delta_displayed": "0.434330000", - "frame.time_relative": "1115.562402000", - "frame.number": "4070", - "frame.len": "83", - "frame.cap_len": "83", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "69", - "ip.id": "0x00001836", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000c158", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "49", - "udp.checksum": "0x0000edf6", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_smartthings._tcp.local", - "dns.qry.name.len": "23", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:07.036777000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494707.036777000", - "frame.time_delta": "0.013689000", - "frame.time_delta_displayed": "0.013689000", - "frame.time_relative": "1115.576091000", - "frame.number": "4071", - "frame.len": "211", - "frame.cap_len": "211", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "197", - "ip.id": "0x000046ad", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000091e4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "177", - "udp.checksum": "0x00009320", - "udp.checksum.status": "2", - "udp.stream": "45" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00008400", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "1", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.recavail": "0", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "0", - "dns.count.answers": "4", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Answers": { - "_smartthings._tcp.local: type PTR, class IN, D052A8A1D7EE0001._smartthings._tcp.local": { - "dns.resp.name": "_smartthings._tcp.local", - "dns.resp.type": "12", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "4500", - "dns.resp.len": "19", - "dns.ptr.domain_name": "D052A8A1D7EE0001._smartthings._tcp.local" - }, - "D052A8A1D7EE0001._smartthings._tcp.local: type TXT, class IN, cache flush": { - "dns.resp.name": "D052A8A1D7EE0001._smartthings._tcp.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "1", - "dns.resp.ttl": "4500", - "dns.resp.len": "38", - "dns.txt.length": "6", - "dns.txt": "path=\/", - "dns.txt.length": "19", - "dns.txt": "id=D052A8A1D7EE0001", - "dns.txt.length": "10", - "dns.txt": "type=hubv2" - }, - "D052A8A1D7EE0001._smartthings._tcp.local: type SRV, class IN, cache flush, priority 0, weight 0, port 8081, target D052A8A1D7EE0001.local": { - "dns.srv.service": "D052A8A1D7EE0001", - "dns.srv.proto": "_smartthings", - "dns.srv.name": "_tcp.local", - "dns.resp.type": "33", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "1", - "dns.resp.ttl": "120", - "dns.resp.len": "25", - "dns.srv.priority": "0", - "dns.srv.weight": "0", - "dns.srv.port": "8081", - "dns.srv.target": "D052A8A1D7EE0001.local" - }, - "D052A8A1D7EE0001.local: type A, class IN, cache flush, addr 192.168.0.242": { - "dns.resp.name": "D052A8A1D7EE0001.local", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "1", - "dns.resp.ttl": "120", - "dns.resp.len": "4", - "dns.a": "192.168.0.242" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:07.248911000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494707.248911000", - "frame.time_delta": "0.212134000", - "frame.time_delta_displayed": "0.212134000", - "frame.time_relative": "1115.788225000", - "frame.number": "4072", - "frame.len": "83", - "frame.cap_len": "83", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "69", - "ip.id": "0x00001855", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000c139", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "49", - "udp.checksum": "0x0000edf6", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_smartthings._tcp.local", - "dns.qry.name.len": "23", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:07.474838000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494707.474838000", - "frame.time_delta": "0.225927000", - "frame.time_delta_displayed": "0.225927000", - "frame.time_relative": "1116.014152000", - "frame.number": "4073", - "frame.len": "83", - "frame.cap_len": "83", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "69", - "ip.id": "0x0000188e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000c100", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "49", - "udp.checksum": "0x0000edf6", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_smartthings._tcp.local", - "dns.qry.name.len": "23", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:07.700190000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494707.700190000", - "frame.time_delta": "0.225352000", - "frame.time_delta_displayed": "0.225352000", - "frame.time_relative": "1116.239504000", - "frame.number": "4074", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.242" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:07.700580000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494707.700580000", - "frame.time_delta": "0.000390000", - "frame.time_delta_displayed": "0.000390000", - "frame.time_relative": "1116.239894000", - "frame.number": "4075", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "d0:52:a8:a3:60:0f", - "arp.src.proto_ipv4": "192.168.0.242", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:09.729658000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494709.729658000", - "frame.time_delta": "2.029078000", - "frame.time_delta_displayed": "2.029078000", - "frame.time_relative": "1118.268972000", - "frame.number": "4076", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "00:17:88:69:ee:e4", - "arp.src.proto_ipv4": "192.168.0.160", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:09.729849000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494709.729849000", - "frame.time_delta": "0.000191000", - "frame.time_delta_displayed": "0.000191000", - "frame.time_relative": "1118.269163000", - "frame.number": "4077", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:17:88:69:ee:e4", - "arp.dst.proto_ipv4": "192.168.0.160" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:18.763484000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494718.763484000", - "frame.time_delta": "9.033635000", - "frame.time_delta_displayed": "9.033635000", - "frame.time_relative": "1127.302798000", - "frame.number": "4078", - "frame.len": "136", - "frame.cap_len": "136", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "122", - "ip.id": "0x00002096", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000b8c3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "102", - "udp.checksum": "0x0000302a", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000003", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", - "dns.qry.name.len": "70", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:27.629748000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494727.629748000", - "frame.time_delta": "8.866264000", - "frame.time_delta_displayed": "8.866264000", - "frame.time_relative": "1136.169062000", - "frame.number": "4079", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001deb", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000ba05", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00001082", - "udp.checksum.status": "2", - "udp.stream": "98" - }, - "mdns": { - "dns.id": "0x00000275", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=629", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:27.630388000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494727.630388000", - "frame.time_delta": "0.000640000", - "frame.time_delta_displayed": "0.000640000", - "frame.time_relative": "1136.169702000", - "frame.number": "4080", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001dec", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009b00", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f17d", - "udp.checksum.status": "2", - "udp.stream": "99" - }, - "mdns": { - "dns.id": "0x00000275", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=629", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:27.630894000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494727.630894000", - "frame.time_delta": "0.000506000", - "frame.time_delta_displayed": "0.000506000", - "frame.time_relative": "1136.170208000", - "frame.number": "4081", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1322", - "udp.dstport": "5353", - "udp.port": "1322", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00007f43", - "udp.checksum.status": "2", - "udp.stream": "100" - }, - "mdns": { - "dns.id": "0x00000275", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=629", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:28.852684000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494728.852684000", - "frame.time_delta": "1.221790000", - "frame.time_delta_displayed": "1.221790000", - "frame.time_relative": "1137.391998000", - "frame.number": "4082", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "3c:ef:8c:6f:79:5a", - "eth.src_tree": { - "eth.src_resolved": "Zhejiang_6f:79:5a", - "eth.addr": "3c:ef:8c:6f:79:5a", - "eth.addr_resolved": "Zhejiang_6f:79:5a", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.isgratuitous": "1", - "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", - "arp.src.proto_ipv4": "192.168.0.71", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.71" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:30.437785000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494730.437785000", - "frame.time_delta": "1.585101000", - "frame.time_delta_displayed": "1.585101000", - "frame.time_relative": "1138.977099000", - "frame.number": "4083", - "frame.len": "168", - "frame.cap_len": "168", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "154", - "ip.id": "0x000020fb", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e749", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "52117", - "udp.dstport": "1900", - "udp.port": "52117", - "udp.port": "1900", - "udp.length": "134", - "udp.checksum": "0x00004d48", - "udp.checksum.status": "2", - "udp.stream": "10" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "10", - "http.prev_request_in": "3821" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:30.820902000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494730.820902000", - "frame.time_delta": "0.383117000", - "frame.time_delta_displayed": "0.383117000", - "frame.time_relative": "1139.360216000", - "frame.number": "4084", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000c491", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000f2b9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "305", - "udp.checksum": "0x0000f985", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "55", - "http.prev_response_in": "3883" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:30.826107000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494730.826107000", - "frame.time_delta": "0.005205000", - "frame.time_delta_displayed": "0.005205000", - "frame.time_relative": "1139.365421000", - "frame.number": "4085", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001a72", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005df5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54624", - "tcp.dstport": "80", - "tcp.port": "54624", - "tcp.port": "80", - "tcp.stream": "158", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x00000c36", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:30.826769000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494730.826769000", - "frame.time_delta": "0.000662000", - "frame.time_delta_displayed": "0.000662000", - "frame.time_relative": "1139.366083000", - "frame.number": "4086", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54624", - "tcp.port": "80", - "tcp.port": "54624", - "tcp.stream": "158", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00000c45", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4085", - "tcp.analysis.ack_rtt": "0.000662000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:30.829876000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494730.829876000", - "frame.time_delta": "0.003107000", - "frame.time_delta_displayed": "0.003107000", - "frame.time_relative": "1139.369190000", - "frame.number": "4087", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001a73", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005e00", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54624", - "tcp.dstport": "80", - "tcp.port": "54624", - "tcp.port": "80", - "tcp.stream": "158", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000be23", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4086", - "tcp.analysis.ack_rtt": "0.003107000", - "tcp.analysis.initial_rtt": "0.003769000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:30.830480000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494730.830480000", - "frame.time_delta": "0.000604000", - "frame.time_delta_displayed": "0.000604000", - "frame.time_relative": "1139.369794000", - "frame.number": "4088", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001a74", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005d58", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54624", - "tcp.dstport": "80", - "tcp.port": "54624", - "tcp.port": "80", - "tcp.stream": "158", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000d39c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003769000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:30.830981000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494730.830981000", - "frame.time_delta": "0.000501000", - "frame.time_delta_displayed": "0.000501000", - "frame.time_relative": "1139.370295000", - "frame.number": "4089", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000dbc6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000dcac", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54624", - "tcp.port": "80", - "tcp.port": "54624", - "tcp.stream": "158", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000afb4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4088", - "tcp.analysis.ack_rtt": "0.000501000", - "tcp.analysis.initial_rtt": "0.003769000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:30.831540000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494730.831540000", - "frame.time_delta": "0.000559000", - "frame.time_delta_displayed": "0.000559000", - "frame.time_relative": "1139.370854000", - "frame.number": "4090", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000dbc7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000dc9a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54624", - "tcp.port": "80", - "tcp.port": "54624", - "tcp.stream": "158", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000efd5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003769000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:30.831915000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494730.831915000", - "frame.time_delta": "0.000375000", - "frame.time_delta_displayed": "0.000375000", - "frame.time_relative": "1139.371229000", - "frame.number": "4091", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000dbc8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d8c7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54624", - "tcp.port": "80", - "tcp.port": "54624", - "tcp.stream": "158", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000423f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003769000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "4090", - "tcp.segment": "4091", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001435000", - "http.request_in": "4088", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:30.837540000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494730.837540000", - "frame.time_delta": "0.005625000", - "frame.time_delta_displayed": "0.005625000", - "frame.time_relative": "1139.376854000", - "frame.number": "4092", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001a75", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005dfe", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54624", - "tcp.dstport": "80", - "tcp.port": "54624", - "tcp.port": "80", - "tcp.stream": "158", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000b98b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4091", - "tcp.analysis.ack_rtt": "0.005625000", - "tcp.analysis.initial_rtt": "0.003769000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:30.838163000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494730.838163000", - "frame.time_delta": "0.000623000", - "frame.time_delta_displayed": "0.000623000", - "frame.time_relative": "1139.377477000", - "frame.number": "4093", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001a76", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005dfd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54624", - "tcp.dstport": "80", - "tcp.port": "54624", - "tcp.port": "80", - "tcp.stream": "158", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000b98a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:30.838595000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494730.838595000", - "frame.time_delta": "0.000432000", - "frame.time_delta_displayed": "0.000432000", - "frame.time_relative": "1139.377909000", - "frame.number": "4094", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00008ab1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00002dc2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54624", - "tcp.port": "80", - "tcp.port": "54624", - "tcp.stream": "158", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000abbe", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4093", - "tcp.analysis.ack_rtt": "0.000432000", - "tcp.analysis.initial_rtt": "0.003769000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:30.874296000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494730.874296000", - "frame.time_delta": "0.035701000", - "frame.time_delta_displayed": "0.035701000", - "frame.time_relative": "1139.413610000", - "frame.number": "4095", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000c493", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000f2ae", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "314", - "udp.checksum": "0x00000771", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "56", - "http.prev_response_in": "4084" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:30.888525000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494730.888525000", - "frame.time_delta": "0.014229000", - "frame.time_delta_displayed": "0.014229000", - "frame.time_relative": "1139.427839000", - "frame.number": "4096", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001a77", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005df0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54625", - "tcp.dstport": "80", - "tcp.port": "54625", - "tcp.port": "80", - "tcp.stream": "159", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x0000ae1c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:30.889082000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494730.889082000", - "frame.time_delta": "0.000557000", - "frame.time_delta_displayed": "0.000557000", - "frame.time_relative": "1139.428396000", - "frame.number": "4097", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54625", - "tcp.port": "80", - "tcp.port": "54625", - "tcp.stream": "159", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000cf53", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4096", - "tcp.analysis.ack_rtt": "0.000557000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:30.891610000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494730.891610000", - "frame.time_delta": "0.002528000", - "frame.time_delta_displayed": "0.002528000", - "frame.time_relative": "1139.430924000", - "frame.number": "4098", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001a78", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005dfb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54625", - "tcp.dstport": "80", - "tcp.port": "54625", - "tcp.port": "80", - "tcp.stream": "159", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00008132", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4097", - "tcp.analysis.ack_rtt": "0.002528000", - "tcp.analysis.initial_rtt": "0.003085000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:30.892316000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494730.892316000", - "frame.time_delta": "0.000706000", - "frame.time_delta_displayed": "0.000706000", - "frame.time_relative": "1139.431630000", - "frame.number": "4099", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001a79", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005d53", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54625", - "tcp.dstport": "80", - "tcp.port": "54625", - "tcp.port": "80", - "tcp.stream": "159", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000096ab", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003085000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:30.892794000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494730.892794000", - "frame.time_delta": "0.000478000", - "frame.time_delta_displayed": "0.000478000", - "frame.time_relative": "1139.432108000", - "frame.number": "4100", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000077b9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000040ba", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54625", - "tcp.port": "80", - "tcp.port": "54625", - "tcp.stream": "159", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000072c3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4099", - "tcp.analysis.ack_rtt": "0.000478000", - "tcp.analysis.initial_rtt": "0.003085000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:30.893360000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494730.893360000", - "frame.time_delta": "0.000566000", - "frame.time_delta_displayed": "0.000566000", - "frame.time_relative": "1139.432674000", - "frame.number": "4101", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x000077ba", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000040a8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54625", - "tcp.port": "80", - "tcp.port": "54625", - "tcp.stream": "159", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000b2e4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003085000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:30.893856000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494730.893856000", - "frame.time_delta": "0.000496000", - "frame.time_delta_displayed": "0.000496000", - "frame.time_relative": "1139.433170000", - "frame.number": "4102", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x000077bb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003cd5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54625", - "tcp.port": "80", - "tcp.port": "54625", - "tcp.stream": "159", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000054e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003085000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "4101", - "tcp.segment": "4102", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001540000", - "http.request_in": "4099", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:30.896975000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494730.896975000", - "frame.time_delta": "0.003119000", - "frame.time_delta_displayed": "0.003119000", - "frame.time_relative": "1139.436289000", - "frame.number": "4103", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001a7a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005df9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54625", - "tcp.dstport": "80", - "tcp.port": "54625", - "tcp.port": "80", - "tcp.stream": "159", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00007c9a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4102", - "tcp.analysis.ack_rtt": "0.003119000", - "tcp.analysis.initial_rtt": "0.003085000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:30.897612000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494730.897612000", - "frame.time_delta": "0.000637000", - "frame.time_delta_displayed": "0.000637000", - "frame.time_relative": "1139.436926000", - "frame.number": "4104", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001a7b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005df8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54625", - "tcp.dstport": "80", - "tcp.port": "54625", - "tcp.port": "80", - "tcp.stream": "159", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00007c99", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:30.898057000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494730.898057000", - "frame.time_delta": "0.000445000", - "frame.time_delta_displayed": "0.000445000", - "frame.time_relative": "1139.437371000", - "frame.number": "4105", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00008ab6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00002dbd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54625", - "tcp.port": "80", - "tcp.port": "54625", - "tcp.stream": "159", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00006ecd", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4104", - "tcp.analysis.ack_rtt": "0.000445000", - "tcp.analysis.initial_rtt": "0.003085000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:30.927142000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494730.927142000", - "frame.time_delta": "0.029085000", - "frame.time_delta_displayed": "0.029085000", - "frame.time_relative": "1139.466456000", - "frame.number": "4106", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000c497", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000f2b0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "308", - "udp.checksum": "0x00002afb", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "57", - "http.prev_response_in": "4095" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:30.947745000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494730.947745000", - "frame.time_delta": "0.020603000", - "frame.time_delta_displayed": "0.020603000", - "frame.time_relative": "1139.487059000", - "frame.number": "4107", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001a7c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005deb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54626", - "tcp.dstport": "80", - "tcp.port": "54626", - "tcp.port": "80", - "tcp.stream": "160", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x00007385", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:30.948327000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494730.948327000", - "frame.time_delta": "0.000582000", - "frame.time_delta_displayed": "0.000582000", - "frame.time_relative": "1139.487641000", - "frame.number": "4108", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54626", - "tcp.port": "80", - "tcp.port": "54626", - "tcp.stream": "160", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x000032aa", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4107", - "tcp.analysis.ack_rtt": "0.000582000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:30.961850000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494730.961850000", - "frame.time_delta": "0.013523000", - "frame.time_delta_displayed": "0.013523000", - "frame.time_relative": "1139.501164000", - "frame.number": "4109", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001a7d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005df6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54626", - "tcp.dstport": "80", - "tcp.port": "54626", - "tcp.port": "80", - "tcp.stream": "160", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000e488", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4108", - "tcp.analysis.ack_rtt": "0.013523000", - "tcp.analysis.initial_rtt": "0.014105000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:30.963112000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494730.963112000", - "frame.time_delta": "0.001262000", - "frame.time_delta_displayed": "0.001262000", - "frame.time_relative": "1139.502426000", - "frame.number": "4110", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001a7e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005d4e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54626", - "tcp.dstport": "80", - "tcp.port": "54626", - "tcp.port": "80", - "tcp.stream": "160", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000fa01", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.014105000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:30.963599000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494730.963599000", - "frame.time_delta": "0.000487000", - "frame.time_delta_displayed": "0.000487000", - "frame.time_relative": "1139.502913000", - "frame.number": "4111", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d7aa", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e0c8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54626", - "tcp.port": "80", - "tcp.port": "54626", - "tcp.stream": "160", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000d619", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4110", - "tcp.analysis.ack_rtt": "0.000487000", - "tcp.analysis.initial_rtt": "0.014105000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:30.964254000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494730.964254000", - "frame.time_delta": "0.000655000", - "frame.time_delta_displayed": "0.000655000", - "frame.time_relative": "1139.503568000", - "frame.number": "4112", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000d7ab", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e0b6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54626", - "tcp.port": "80", - "tcp.port": "54626", - "tcp.stream": "160", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000163b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.014105000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:30.964606000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494730.964606000", - "frame.time_delta": "0.000352000", - "frame.time_delta_displayed": "0.000352000", - "frame.time_relative": "1139.503920000", - "frame.number": "4113", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000d7ac", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000dce3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54626", - "tcp.port": "80", - "tcp.port": "54626", - "tcp.stream": "160", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000068a4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.014105000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "4112", - "tcp.segment": "4113", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001494000", - "http.request_in": "4110", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:30.969354000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494730.969354000", - "frame.time_delta": "0.004748000", - "frame.time_delta_displayed": "0.004748000", - "frame.time_relative": "1139.508668000", - "frame.number": "4114", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001a7f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005df4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54626", - "tcp.dstport": "80", - "tcp.port": "54626", - "tcp.port": "80", - "tcp.stream": "160", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000dff0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4113", - "tcp.analysis.ack_rtt": "0.004748000", - "tcp.analysis.initial_rtt": "0.014105000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:30.971546000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494730.971546000", - "frame.time_delta": "0.002192000", - "frame.time_delta_displayed": "0.002192000", - "frame.time_relative": "1139.510860000", - "frame.number": "4115", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001a80", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005df3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54626", - "tcp.dstport": "80", - "tcp.port": "54626", - "tcp.port": "80", - "tcp.stream": "160", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000dfef", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:30.972010000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494730.972010000", - "frame.time_delta": "0.000464000", - "frame.time_delta_displayed": "0.000464000", - "frame.time_relative": "1139.511324000", - "frame.number": "4116", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00008ab8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00002dbb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54626", - "tcp.port": "80", - "tcp.port": "54626", - "tcp.stream": "160", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000d223", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4115", - "tcp.analysis.ack_rtt": "0.000464000", - "tcp.analysis.initial_rtt": "0.014105000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:31.874849000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494731.874849000", - "frame.time_delta": "0.902839000", - "frame.time_delta_displayed": "0.902839000", - "frame.time_relative": "1140.414163000", - "frame.number": "4117", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000c4e6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000f264", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "305", - "udp.checksum": "0x0000f985", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "58", - "http.prev_response_in": "4106" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:31.877883000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494731.877883000", - "frame.time_delta": "0.003034000", - "frame.time_delta_displayed": "0.003034000", - "frame.time_relative": "1140.417197000", - "frame.number": "4118", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001a81", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005de6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54627", - "tcp.dstport": "80", - "tcp.port": "54627", - "tcp.port": "80", - "tcp.stream": "161", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x0000573c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:31.878420000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494731.878420000", - "frame.time_delta": "0.000537000", - "frame.time_delta_displayed": "0.000537000", - "frame.time_relative": "1140.417734000", - "frame.number": "4119", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54627", - "tcp.port": "80", - "tcp.port": "54627", - "tcp.stream": "161", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00008915", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4118", - "tcp.analysis.ack_rtt": "0.000537000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:31.881754000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494731.881754000", - "frame.time_delta": "0.003334000", - "frame.time_delta_displayed": "0.003334000", - "frame.time_relative": "1140.421068000", - "frame.number": "4120", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001a82", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005df1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54627", - "tcp.dstport": "80", - "tcp.port": "54627", - "tcp.port": "80", - "tcp.stream": "161", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00003af4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4119", - "tcp.analysis.ack_rtt": "0.003334000", - "tcp.analysis.initial_rtt": "0.003871000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:31.883313000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494731.883313000", - "frame.time_delta": "0.001559000", - "frame.time_delta_displayed": "0.001559000", - "frame.time_relative": "1140.422627000", - "frame.number": "4121", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001a83", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005d49", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54627", - "tcp.dstport": "80", - "tcp.port": "54627", - "tcp.port": "80", - "tcp.stream": "161", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000506d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003871000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:31.883789000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494731.883789000", - "frame.time_delta": "0.000476000", - "frame.time_delta_displayed": "0.000476000", - "frame.time_relative": "1140.423103000", - "frame.number": "4122", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000206e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009805", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54627", - "tcp.port": "80", - "tcp.port": "54627", - "tcp.stream": "161", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00002c85", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4121", - "tcp.analysis.ack_rtt": "0.000476000", - "tcp.analysis.initial_rtt": "0.003871000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:31.884426000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494731.884426000", - "frame.time_delta": "0.000637000", - "frame.time_delta_displayed": "0.000637000", - "frame.time_relative": "1140.423740000", - "frame.number": "4123", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000206f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000097f3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54627", - "tcp.port": "80", - "tcp.port": "54627", - "tcp.stream": "161", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00006ca6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003871000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:31.884799000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494731.884799000", - "frame.time_delta": "0.000373000", - "frame.time_delta_displayed": "0.000373000", - "frame.time_relative": "1140.424113000", - "frame.number": "4124", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00002070", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009420", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54627", - "tcp.port": "80", - "tcp.port": "54627", - "tcp.stream": "161", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000bf0f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003871000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "4123", - "tcp.segment": "4124", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001486000", - "http.request_in": "4121", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:31.889621000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494731.889621000", - "frame.time_delta": "0.004822000", - "frame.time_delta_displayed": "0.004822000", - "frame.time_relative": "1140.428935000", - "frame.number": "4125", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001a84", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005def", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54627", - "tcp.dstport": "80", - "tcp.port": "54627", - "tcp.port": "80", - "tcp.stream": "161", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000365c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4124", - "tcp.analysis.ack_rtt": "0.004822000", - "tcp.analysis.initial_rtt": "0.003871000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:31.890301000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494731.890301000", - "frame.time_delta": "0.000680000", - "frame.time_delta_displayed": "0.000680000", - "frame.time_relative": "1140.429615000", - "frame.number": "4126", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001a85", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005dee", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54627", - "tcp.dstport": "80", - "tcp.port": "54627", - "tcp.port": "80", - "tcp.stream": "161", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000365b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:31.890756000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494731.890756000", - "frame.time_delta": "0.000455000", - "frame.time_delta_displayed": "0.000455000", - "frame.time_relative": "1140.430070000", - "frame.number": "4127", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00008ae1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00002d92", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54627", - "tcp.port": "80", - "tcp.port": "54627", - "tcp.stream": "161", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000288f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4126", - "tcp.analysis.ack_rtt": "0.000455000", - "tcp.analysis.initial_rtt": "0.003871000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:31.927971000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494731.927971000", - "frame.time_delta": "0.037215000", - "frame.time_delta_displayed": "0.037215000", - "frame.time_relative": "1140.467285000", - "frame.number": "4128", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000c4e7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000f25a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "314", - "udp.checksum": "0x00000771", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "59", - "http.prev_response_in": "4117" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:31.939921000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494731.939921000", - "frame.time_delta": "0.011950000", - "frame.time_delta_displayed": "0.011950000", - "frame.time_relative": "1140.479235000", - "frame.number": "4129", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001a86", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005de1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54628", - "tcp.dstport": "80", - "tcp.port": "54628", - "tcp.port": "80", - "tcp.stream": "162", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x000029bc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:31.940461000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494731.940461000", - "frame.time_delta": "0.000540000", - "frame.time_delta_displayed": "0.000540000", - "frame.time_relative": "1140.479775000", - "frame.number": "4130", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54628", - "tcp.port": "80", - "tcp.port": "54628", - "tcp.stream": "162", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00009c08", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4129", - "tcp.analysis.ack_rtt": "0.000540000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:31.943534000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494731.943534000", - "frame.time_delta": "0.003073000", - "frame.time_delta_displayed": "0.003073000", - "frame.time_relative": "1140.482848000", - "frame.number": "4131", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001a87", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005dec", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54628", - "tcp.dstport": "80", - "tcp.port": "54628", - "tcp.port": "80", - "tcp.stream": "162", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00004de7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4130", - "tcp.analysis.ack_rtt": "0.003073000", - "tcp.analysis.initial_rtt": "0.003613000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:31.944110000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494731.944110000", - "frame.time_delta": "0.000576000", - "frame.time_delta_displayed": "0.000576000", - "frame.time_relative": "1140.483424000", - "frame.number": "4132", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001a88", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005d44", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54628", - "tcp.dstport": "80", - "tcp.port": "54628", - "tcp.port": "80", - "tcp.stream": "162", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00006360", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003613000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:31.944588000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494731.944588000", - "frame.time_delta": "0.000478000", - "frame.time_delta_displayed": "0.000478000", - "frame.time_relative": "1140.483902000", - "frame.number": "4133", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000354b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008328", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54628", - "tcp.port": "80", - "tcp.port": "54628", - "tcp.stream": "162", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00003f78", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4132", - "tcp.analysis.ack_rtt": "0.000478000", - "tcp.analysis.initial_rtt": "0.003613000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:31.945249000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494731.945249000", - "frame.time_delta": "0.000661000", - "frame.time_delta_displayed": "0.000661000", - "frame.time_relative": "1140.484563000", - "frame.number": "4134", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000354c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008316", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54628", - "tcp.port": "80", - "tcp.port": "54628", - "tcp.stream": "162", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00007f99", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003613000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:31.945605000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494731.945605000", - "frame.time_delta": "0.000356000", - "frame.time_delta_displayed": "0.000356000", - "frame.time_relative": "1140.484919000", - "frame.number": "4135", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000354d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007f43", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54628", - "tcp.port": "80", - "tcp.port": "54628", - "tcp.stream": "162", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000d202", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003613000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "4134", - "tcp.segment": "4135", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001495000", - "http.request_in": "4132", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:31.947928000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494731.947928000", - "frame.time_delta": "0.002323000", - "frame.time_delta_displayed": "0.002323000", - "frame.time_relative": "1140.487242000", - "frame.number": "4136", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001a89", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005dea", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54628", - "tcp.dstport": "80", - "tcp.port": "54628", - "tcp.port": "80", - "tcp.stream": "162", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000494f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4135", - "tcp.analysis.ack_rtt": "0.002323000", - "tcp.analysis.initial_rtt": "0.003613000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:31.949355000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494731.949355000", - "frame.time_delta": "0.001427000", - "frame.time_delta_displayed": "0.001427000", - "frame.time_relative": "1140.488669000", - "frame.number": "4137", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001a8a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005de9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54628", - "tcp.dstport": "80", - "tcp.port": "54628", - "tcp.port": "80", - "tcp.stream": "162", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000494e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:31.949816000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494731.949816000", - "frame.time_delta": "0.000461000", - "frame.time_delta_displayed": "0.000461000", - "frame.time_relative": "1140.489130000", - "frame.number": "4138", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00008ae5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00002d8e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54628", - "tcp.port": "80", - "tcp.port": "54628", - "tcp.stream": "162", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00003b82", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4137", - "tcp.analysis.ack_rtt": "0.000461000", - "tcp.analysis.initial_rtt": "0.003613000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:31.980952000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494731.980952000", - "frame.time_delta": "0.031136000", - "frame.time_delta_displayed": "0.031136000", - "frame.time_relative": "1140.520266000", - "frame.number": "4139", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000c4ed", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000f25a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "308", - "udp.checksum": "0x00002afb", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "60", - "http.prev_response_in": "4128" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:31.984525000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494731.984525000", - "frame.time_delta": "0.003573000", - "frame.time_delta_displayed": "0.003573000", - "frame.time_relative": "1140.523839000", - "frame.number": "4140", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001a8b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005ddc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54629", - "tcp.dstport": "80", - "tcp.port": "54629", - "tcp.port": "80", - "tcp.stream": "163", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x0000115c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:31.985052000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494731.985052000", - "frame.time_delta": "0.000527000", - "frame.time_delta_displayed": "0.000527000", - "frame.time_relative": "1140.524366000", - "frame.number": "4141", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54629", - "tcp.port": "80", - "tcp.port": "54629", - "tcp.stream": "163", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000970a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4140", - "tcp.analysis.ack_rtt": "0.000527000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:31.988642000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494731.988642000", - "frame.time_delta": "0.003590000", - "frame.time_delta_displayed": "0.003590000", - "frame.time_relative": "1140.527956000", - "frame.number": "4142", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001a8c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005de7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54629", - "tcp.dstport": "80", - "tcp.port": "54629", - "tcp.port": "80", - "tcp.stream": "163", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000048e9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4141", - "tcp.analysis.ack_rtt": "0.003590000", - "tcp.analysis.initial_rtt": "0.004117000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:31.989333000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494731.989333000", - "frame.time_delta": "0.000691000", - "frame.time_delta_displayed": "0.000691000", - "frame.time_relative": "1140.528647000", - "frame.number": "4143", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001a8d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005d3f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54629", - "tcp.dstport": "80", - "tcp.port": "54629", - "tcp.port": "80", - "tcp.stream": "163", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00005e62", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004117000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:31.989827000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494731.989827000", - "frame.time_delta": "0.000494000", - "frame.time_delta_displayed": "0.000494000", - "frame.time_relative": "1140.529141000", - "frame.number": "4144", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000fd73", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000baff", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54629", - "tcp.port": "80", - "tcp.port": "54629", - "tcp.stream": "163", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00003a7a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4143", - "tcp.analysis.ack_rtt": "0.000494000", - "tcp.analysis.initial_rtt": "0.004117000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:31.990399000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494731.990399000", - "frame.time_delta": "0.000572000", - "frame.time_delta_displayed": "0.000572000", - "frame.time_relative": "1140.529713000", - "frame.number": "4145", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000fd74", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000baed", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54629", - "tcp.port": "80", - "tcp.port": "54629", - "tcp.stream": "163", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00007a9b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004117000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:31.990754000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494731.990754000", - "frame.time_delta": "0.000355000", - "frame.time_delta_displayed": "0.000355000", - "frame.time_relative": "1140.530068000", - "frame.number": "4146", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000fd75", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b71a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54629", - "tcp.port": "80", - "tcp.port": "54629", - "tcp.stream": "163", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000cd04", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004117000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "4145", - "tcp.segment": "4146", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001421000", - "http.request_in": "4143", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:31.993077000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494731.993077000", - "frame.time_delta": "0.002323000", - "frame.time_delta_displayed": "0.002323000", - "frame.time_relative": "1140.532391000", - "frame.number": "4147", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001a8e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005de5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54629", - "tcp.dstport": "80", - "tcp.port": "54629", - "tcp.port": "80", - "tcp.stream": "163", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00004451", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4146", - "tcp.analysis.ack_rtt": "0.002323000", - "tcp.analysis.initial_rtt": "0.004117000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:31.993775000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494731.993775000", - "frame.time_delta": "0.000698000", - "frame.time_delta_displayed": "0.000698000", - "frame.time_relative": "1140.533089000", - "frame.number": "4148", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001a8f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005de4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54629", - "tcp.dstport": "80", - "tcp.port": "54629", - "tcp.port": "80", - "tcp.stream": "163", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00004450", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:31.994232000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494731.994232000", - "frame.time_delta": "0.000457000", - "frame.time_delta_displayed": "0.000457000", - "frame.time_relative": "1140.533546000", - "frame.number": "4149", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00008ae9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00002d8a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54629", - "tcp.port": "80", - "tcp.port": "54629", - "tcp.stream": "163", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00003684", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4148", - "tcp.analysis.ack_rtt": "0.000457000", - "tcp.analysis.initial_rtt": "0.004117000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:32.630406000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494732.630406000", - "frame.time_delta": "0.636174000", - "frame.time_delta_displayed": "0.636174000", - "frame.time_relative": "1141.169720000", - "frame.number": "4150", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001ded", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000ba03", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00001082", - "udp.checksum.status": "2", - "udp.stream": "98" - }, - "mdns": { - "dns.id": "0x00000275", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=629", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:32.630756000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494732.630756000", - "frame.time_delta": "0.000350000", - "frame.time_delta_displayed": "0.000350000", - "frame.time_relative": "1141.170070000", - "frame.number": "4151", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001dee", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009afe", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f17d", - "udp.checksum.status": "2", - "udp.stream": "99" - }, - "mdns": { - "dns.id": "0x00000275", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=629", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:32.631218000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494732.631218000", - "frame.time_delta": "0.000462000", - "frame.time_delta_displayed": "0.000462000", - "frame.time_relative": "1141.170532000", - "frame.number": "4152", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1322", - "udp.dstport": "5353", - "udp.port": "1322", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00007f43", - "udp.checksum.status": "2", - "udp.stream": "100" - }, - "mdns": { - "dns.id": "0x00000275", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=629", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:33.712544000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494733.712544000", - "frame.time_delta": "1.081326000", - "frame.time_delta_displayed": "1.081326000", - "frame.time_relative": "1142.251858000", - "frame.number": "4153", - "frame.len": "115", - "frame.cap_len": "115", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "101", - "ip.id": "0x0000960f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000773f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "49", - "tcp.seq": "56768", - "tcp.nxtseq": "56817", - "tcp.ack": "12485", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00002013", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:6f:21:a7:9f:38:86", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2518817, TSecr 2812229766": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2518817", - "tcp.options.timestamp.tsecr": "2812229766" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "49", - "tcp.analysis.push_bytes_sent": "49" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "44", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:c8:68:e8:dd:bc:9c:ca:c7:d8:ce:68:30:af:13:02:08:86:5b:59:16:a6:af:d3:55:c7:9c:23:bf:bc:4f:d4:04:21:e1:2d:34:80" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:33.773245000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494733.773245000", - "frame.time_delta": "0.060701000", - "frame.time_delta_displayed": "0.060701000", - "frame.time_relative": "1142.312559000", - "frame.number": "4154", - "frame.len": "121", - "frame.cap_len": "121", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "107", - "ip.id": "0x00002d13", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003835", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "55", - "tcp.seq": "12485", - "tcp.nxtseq": "12540", - "tcp.ack": "56817", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00005fb2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9f:56:df:00:26:6f:21", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812237535, TSecr 2518817": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812237535", - "tcp.options.timestamp.tsecr": "2518817" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4153", - "tcp.analysis.ack_rtt": "0.060701000", - "tcp.analysis.bytes_in_flight": "55", - "tcp.analysis.push_bytes_sent": "55" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "50", - "ssl.app_data": "34:cd:34:17:47:48:0e:86:74:b2:b3:be:57:e7:ef:81:46:f9:20:d5:5c:d0:80:a7:ae:22:1e:97:83:90:9e:a1:e2:ea:09:c9:61:a7:59:34:34:aa:74:3d:8d:25:72:10:2d:bb" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:33.773733000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494733.773733000", - "frame.time_delta": "0.000488000", - "frame.time_delta_displayed": "0.000488000", - "frame.time_relative": "1142.313047000", - "frame.number": "4155", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00009610", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000776f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "56817", - "tcp.ack": "12540", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000d2a8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:6f:27:a7:9f:56:df", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2518823, TSecr 2812237535": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2518823", - "tcp.options.timestamp.tsecr": "2812237535" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4154", - "tcp.analysis.ack_rtt": "0.000488000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:34.899695000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494734.899695000", - "frame.time_delta": "1.125962000", - "frame.time_delta_displayed": "1.125962000", - "frame.time_relative": "1143.439009000", - "frame.number": "4156", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000057fd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a694", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "361", - "tcp.ack": "325", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00000413", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive": "", - "_ws.expert.message": "TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:35.042897000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494735.042897000", - "frame.time_delta": "0.143202000", - "frame.time_delta_displayed": "0.143202000", - "frame.time_relative": "1143.582211000", - "frame.number": "4157", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000fe9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fda8", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "325", - "tcp.ack": "362", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00000e88", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive_ack": "", - "_ws.expert.message": "ACK to a TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:36.583898000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494736.583898000", - "frame.time_delta": "1.541001000", - "frame.time_delta_displayed": "1.541001000", - "frame.time_relative": "1145.123212000", - "frame.number": "4158", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005d00", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x00005ae9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:36.681695000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494736.681695000", - "frame.time_delta": "0.097797000", - "frame.time_delta_displayed": "0.097797000", - "frame.time_relative": "1145.221009000", - "frame.number": "4159", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x000020fc", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e718", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56551", - "udp.dstport": "1900", - "udp.port": "56551", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x00006d76", - "udp.checksum.status": "2", - "udp.stream": "101" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:37.356394000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494737.356394000", - "frame.time_delta": "0.674699000", - "frame.time_delta_displayed": "0.674699000", - "frame.time_relative": "1145.895708000", - "frame.number": "4160", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000c702", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000f048", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "56551", - "udp.port": "1900", - "udp.port": "56551", - "udp.length": "305", - "udp.checksum": "0x0000e833", - "udp.checksum.status": "2", - "udp.stream": "102" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:37.409252000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494737.409252000", - "frame.time_delta": "0.052858000", - "frame.time_delta_displayed": "0.052858000", - "frame.time_relative": "1145.948566000", - "frame.number": "4161", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000c706", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000f03b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "56551", - "udp.port": "1900", - "udp.port": "56551", - "udp.length": "314", - "udp.checksum": "0x0000f61e", - "udp.checksum.status": "2", - "udp.stream": "102" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "2", - "http.prev_response_in": "4160" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:37.462434000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494737.462434000", - "frame.time_delta": "0.053182000", - "frame.time_delta_displayed": "0.053182000", - "frame.time_relative": "1146.001748000", - "frame.number": "4162", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000c70c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000f03b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "56551", - "udp.port": "1900", - "udp.port": "56551", - "udp.length": "308", - "udp.checksum": "0x000019a9", - "udp.checksum.status": "2", - "udp.stream": "102" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "3", - "http.prev_response_in": "4161" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:37.630313000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494737.630313000", - "frame.time_delta": "0.167879000", - "frame.time_delta_displayed": "0.167879000", - "frame.time_relative": "1146.169627000", - "frame.number": "4163", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001def", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000ba01", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00001082", - "udp.checksum.status": "2", - "udp.stream": "98" - }, - "mdns": { - "dns.id": "0x00000275", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=629", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:37.630849000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494737.630849000", - "frame.time_delta": "0.000536000", - "frame.time_delta_displayed": "0.000536000", - "frame.time_relative": "1146.170163000", - "frame.number": "4164", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001df0", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009afc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f17d", - "udp.checksum.status": "2", - "udp.stream": "99" - }, - "mdns": { - "dns.id": "0x00000275", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=629", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:37.631454000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494737.631454000", - "frame.time_delta": "0.000605000", - "frame.time_delta_displayed": "0.000605000", - "frame.time_relative": "1146.170768000", - "frame.number": "4165", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1322", - "udp.dstport": "5353", - "udp.port": "1322", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00007f43", - "udp.checksum.status": "2", - "udp.stream": "100" - }, - "mdns": { - "dns.id": "0x00000275", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=629", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:37.667425000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494737.667425000", - "frame.time_delta": "0.035971000", - "frame.time_delta_displayed": "0.035971000", - "frame.time_relative": "1146.206739000", - "frame.number": "4166", - "frame.len": "20", - "frame.cap_len": "20", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:llc" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.len": "6" - }, - "llc": { - "llc.dsap": "0x00000000", - "llc.dsap_tree": { - "llc.dsap.sap": "0", - "llc.dsap.ig": "0" - }, - "llc.ssap": "0x00000001", - "llc.ssap_tree": { - "llc.ssap.sap": "0", - "llc.ssap.cr": "1" - }, - "llc.control": "0x000000af", - "llc.control_tree": { - "llc.control.u_modifier_resp": "0x0000002b", - "llc.control.ftype": "0x00000003" - } - }, - "basicxid": { - "basicxid.llc.xid.format": "0x00000081", - "basicxid.llc.xid.types": "0x00000001", - "basicxid.llc.xid.wsize": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:37.682197000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494737.682197000", - "frame.time_delta": "0.014772000", - "frame.time_delta_displayed": "0.014772000", - "frame.time_relative": "1146.221511000", - "frame.number": "4167", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x000020fd", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e717", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56551", - "udp.dstport": "1900", - "udp.port": "56551", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x00006d76", - "udp.checksum.status": "2", - "udp.stream": "101" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "2", - "http.prev_request_in": "4159" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:37.927377000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494737.927377000", - "frame.time_delta": "0.245180000", - "frame.time_delta_displayed": "0.245180000", - "frame.time_relative": "1146.466691000", - "frame.number": "4168", - "frame.len": "350", - "frame.cap_len": "350", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:bootp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "336", - "ip.id": "0x00000000", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ba9d", - "ip.checksum.status": "2", - "ip.src": "0.0.0.0", - "ip.addr": "0.0.0.0", - "ip.src_host": "0.0.0.0", - "ip.host": "0.0.0.0", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "68", - "udp.dstport": "67", - "udp.port": "68", - "udp.port": "67", - "udp.length": "316", - "udp.checksum": "0x00004f9e", - "udp.checksum.status": "2", - "udp.stream": "3" - }, - "bootp": { - "bootp.type": "1", - "bootp.hw.type": "0x00000001", - "bootp.hw.len": "6", - "bootp.hops": "0", - "bootp.id": "0xabcd0001", - "bootp.secs": "0", - "bootp.flags": "0x00000000", - "bootp.flags_tree": { - "bootp.flags.bc": "0", - "bootp.flags.reserved": "0x00000000" - }, - "bootp.ip.client": "0.0.0.0", - "bootp.ip.your": "0.0.0.0", - "bootp.ip.server": "0.0.0.0", - "bootp.ip.relay": "0.0.0.0", - "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", - "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", - "bootp.server": "", - "bootp.file": "", - "bootp.dhcp": "1", - "bootp.cookie": "99.130.83.99", - "bootp.option.type": "53", - "bootp.option.type_tree": { - "bootp.option.length": "1", - "bootp.option.value": "01", - "bootp.option.dhcp": "1" - }, - "bootp.option.type": "12", - "bootp.option.type_tree": { - "bootp.option.length": "14", - "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", - "bootp.option.hostname": "USR-WIFI232-G2" - }, - "bootp.option.type": "57", - "bootp.option.type_tree": { - "bootp.option.length": "2", - "bootp.option.value": "05:dc", - "bootp.option.dhcp_max_message_size": "1500" - }, - "bootp.option.type": "55", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "01:03:1c:06", - "bootp.option.request_list_item": "1", - "bootp.option.request_list_item": "3", - "bootp.option.request_list_item": "28", - "bootp.option.request_list_item": "6" - }, - "bootp.option.type": "0", - "bootp.option.type_tree": { - "bootp.option.end": "255" - }, - "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:37.951526000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494737.951526000", - "frame.time_delta": "0.024149000", - "frame.time_delta_displayed": "0.024149000", - "frame.time_relative": "1146.490840000", - "frame.number": "4169", - "frame.len": "350", - "frame.cap_len": "350", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:bootp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "336", - "ip.id": "0x00000001", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ba9c", - "ip.checksum.status": "2", - "ip.src": "0.0.0.0", - "ip.addr": "0.0.0.0", - "ip.src_host": "0.0.0.0", - "ip.host": "0.0.0.0", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "68", - "udp.dstport": "67", - "udp.port": "68", - "udp.port": "67", - "udp.length": "316", - "udp.checksum": "0x000080b3", - "udp.checksum.status": "2", - "udp.stream": "3" - }, - "bootp": { - "bootp.type": "1", - "bootp.hw.type": "0x00000001", - "bootp.hw.len": "6", - "bootp.hops": "0", - "bootp.id": "0xabcd0002", - "bootp.secs": "0", - "bootp.flags": "0x00000000", - "bootp.flags_tree": { - "bootp.flags.bc": "0", - "bootp.flags.reserved": "0x00000000" - }, - "bootp.ip.client": "0.0.0.0", - "bootp.ip.your": "0.0.0.0", - "bootp.ip.server": "0.0.0.0", - "bootp.ip.relay": "0.0.0.0", - "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", - "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", - "bootp.server": "", - "bootp.file": "", - "bootp.dhcp": "1", - "bootp.cookie": "99.130.83.99", - "bootp.option.type": "53", - "bootp.option.type_tree": { - "bootp.option.length": "1", - "bootp.option.value": "03", - "bootp.option.dhcp": "3" - }, - "bootp.option.type": "12", - "bootp.option.type_tree": { - "bootp.option.length": "14", - "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", - "bootp.option.hostname": "USR-WIFI232-G2" - }, - "bootp.option.type": "57", - "bootp.option.type_tree": { - "bootp.option.length": "2", - "bootp.option.value": "05:dc", - "bootp.option.dhcp_max_message_size": "1500" - }, - "bootp.option.type": "50", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "c0:a8:00:72", - "bootp.option.requested_ip_address": "192.168.0.114" - }, - "bootp.option.type": "54", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "c0:a8:00:01", - "bootp.option.dhcp_server_id": "192.168.0.1" - }, - "bootp.option.type": "55", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "01:03:1c:06", - "bootp.option.request_list_item": "1", - "bootp.option.request_list_item": "3", - "bootp.option.request_list_item": "28", - "bootp.option.request_list_item": "6" - }, - "bootp.option.type": "0", - "bootp.option.type_tree": { - "bootp.option.end": "255" - }, - "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:37.981140000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494737.981140000", - "frame.time_delta": "0.029614000", - "frame.time_delta_displayed": "0.029614000", - "frame.time_relative": "1146.520454000", - "frame.number": "4170", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", - "arp.src.proto_ipv4": "0.0.0.0", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.114" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:38.057086000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494738.057086000", - "frame.time_delta": "0.075946000", - "frame.time_delta_displayed": "0.075946000", - "frame.time_relative": "1146.596400000", - "frame.number": "4171", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", - "arp.src.proto_ipv4": "0.0.0.0", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.114" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:38.409156000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494738.409156000", - "frame.time_delta": "0.352070000", - "frame.time_delta_displayed": "0.352070000", - "frame.time_relative": "1146.948470000", - "frame.number": "4172", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000c735", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000f015", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "56551", - "udp.port": "1900", - "udp.port": "56551", - "udp.length": "305", - "udp.checksum": "0x0000e833", - "udp.checksum.status": "2", - "udp.stream": "102" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "4", - "http.prev_response_in": "4162" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:38.461906000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494738.461906000", - "frame.time_delta": "0.052750000", - "frame.time_delta_displayed": "0.052750000", - "frame.time_relative": "1147.001220000", - "frame.number": "4173", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000c73a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000f007", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "56551", - "udp.port": "1900", - "udp.port": "56551", - "udp.length": "314", - "udp.checksum": "0x0000f61e", - "udp.checksum.status": "2", - "udp.stream": "102" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "5", - "http.prev_response_in": "4172" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:38.514971000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494738.514971000", - "frame.time_delta": "0.053065000", - "frame.time_delta_displayed": "0.053065000", - "frame.time_relative": "1147.054285000", - "frame.number": "4174", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000c73c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000f00b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "56551", - "udp.port": "1900", - "udp.port": "56551", - "udp.length": "308", - "udp.checksum": "0x000019a9", - "udp.checksum.status": "2", - "udp.stream": "102" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "6", - "http.prev_response_in": "4173" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:38.682273000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494738.682273000", - "frame.time_delta": "0.167302000", - "frame.time_delta_displayed": "0.167302000", - "frame.time_relative": "1147.221587000", - "frame.number": "4175", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x000020fe", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e716", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56551", - "udp.dstport": "1900", - "udp.port": "56551", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x00006d76", - "udp.checksum.status": "2", - "udp.stream": "101" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "3", - "http.prev_request_in": "4167" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:38.768520000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494738.768520000", - "frame.time_delta": "0.086247000", - "frame.time_delta_displayed": "0.086247000", - "frame.time_relative": "1147.307834000", - "frame.number": "4176", - "frame.len": "136", - "frame.cap_len": "136", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "122", - "ip.id": "0x00002175", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000b7e4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "102", - "udp.checksum": "0x0000302a", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000003", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", - "dns.qry.name.len": "70", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:38.780194000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494738.780194000", - "frame.time_delta": "0.011674000", - "frame.time_delta_displayed": "0.011674000", - "frame.time_relative": "1147.319508000", - "frame.number": "4177", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.242" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:38.780642000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494738.780642000", - "frame.time_delta": "0.000448000", - "frame.time_delta_displayed": "0.000448000", - "frame.time_relative": "1147.319956000", - "frame.number": "4178", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "d0:52:a8:a3:60:0f", - "arp.src.proto_ipv4": "192.168.0.242", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:39.041483000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494739.041483000", - "frame.time_delta": "0.260841000", - "frame.time_delta_displayed": "0.260841000", - "frame.time_relative": "1147.580797000", - "frame.number": "4179", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000c752", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000eff8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "56551", - "udp.port": "1900", - "udp.port": "56551", - "udp.length": "305", - "udp.checksum": "0x0000e833", - "udp.checksum.status": "2", - "udp.stream": "102" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "7", - "http.prev_response_in": "4174" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:39.094255000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494739.094255000", - "frame.time_delta": "0.052772000", - "frame.time_delta_displayed": "0.052772000", - "frame.time_relative": "1147.633569000", - "frame.number": "4180", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000c756", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000efeb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "56551", - "udp.port": "1900", - "udp.port": "56551", - "udp.length": "314", - "udp.checksum": "0x0000f61e", - "udp.checksum.status": "2", - "udp.stream": "102" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "8", - "http.prev_response_in": "4179" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:39.147083000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494739.147083000", - "frame.time_delta": "0.052828000", - "frame.time_delta_displayed": "0.052828000", - "frame.time_relative": "1147.686397000", - "frame.number": "4181", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000c75b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000efec", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "56551", - "udp.port": "1900", - "udp.port": "56551", - "udp.length": "308", - "udp.checksum": "0x000019a9", - "udp.checksum.status": "2", - "udp.stream": "102" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "9", - "http.prev_response_in": "4180" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:39.683542000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494739.683542000", - "frame.time_delta": "0.536459000", - "frame.time_delta_displayed": "0.536459000", - "frame.time_relative": "1148.222856000", - "frame.number": "4182", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x000020ff", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e715", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56551", - "udp.dstport": "1900", - "udp.port": "56551", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x00006d76", - "udp.checksum.status": "2", - "udp.stream": "101" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "4", - "http.prev_request_in": "4175" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:40.050192000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494740.050192000", - "frame.time_delta": "0.366650000", - "frame.time_delta_displayed": "0.366650000", - "frame.time_relative": "1148.589506000", - "frame.number": "4183", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.160" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:40.050590000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494740.050590000", - "frame.time_delta": "0.000398000", - "frame.time_delta_displayed": "0.000398000", - "frame.time_relative": "1148.589904000", - "frame.number": "4184", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "00:17:88:69:ee:e4", - "arp.src.proto_ipv4": "192.168.0.160", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:40.094030000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494740.094030000", - "frame.time_delta": "0.043440000", - "frame.time_delta_displayed": "0.043440000", - "frame.time_relative": "1148.633344000", - "frame.number": "4185", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000c78f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000efbb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "56551", - "udp.port": "1900", - "udp.port": "56551", - "udp.length": "305", - "udp.checksum": "0x0000e833", - "udp.checksum.status": "2", - "udp.stream": "102" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "10", - "http.prev_response_in": "4181" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:40.146801000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494740.146801000", - "frame.time_delta": "0.052771000", - "frame.time_delta_displayed": "0.052771000", - "frame.time_relative": "1148.686115000", - "frame.number": "4186", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000c794", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000efad", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "56551", - "udp.port": "1900", - "udp.port": "56551", - "udp.length": "314", - "udp.checksum": "0x0000f61e", - "udp.checksum.status": "2", - "udp.stream": "102" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "11", - "http.prev_response_in": "4185" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:40.199600000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494740.199600000", - "frame.time_delta": "0.052799000", - "frame.time_delta_displayed": "0.052799000", - "frame.time_relative": "1148.738914000", - "frame.number": "4187", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000c799", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000efae", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "56551", - "udp.port": "1900", - "udp.port": "56551", - "udp.length": "308", - "udp.checksum": "0x000019a9", - "udp.checksum.status": "2", - "udp.stream": "102" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "12", - "http.prev_response_in": "4186" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:40.409736000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494740.409736000", - "frame.time_delta": "0.210136000", - "frame.time_delta_displayed": "0.210136000", - "frame.time_relative": "1148.949050000", - "frame.number": "4188", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000c7ac", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000ef9e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "56551", - "udp.port": "1900", - "udp.port": "56551", - "udp.length": "305", - "udp.checksum": "0x0000e833", - "udp.checksum.status": "2", - "udp.stream": "102" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "13", - "http.prev_response_in": "4187" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:40.462528000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494740.462528000", - "frame.time_delta": "0.052792000", - "frame.time_delta_displayed": "0.052792000", - "frame.time_relative": "1149.001842000", - "frame.number": "4189", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000c7b1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000ef90", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "56551", - "udp.port": "1900", - "udp.port": "56551", - "udp.length": "314", - "udp.checksum": "0x0000f61e", - "udp.checksum.status": "2", - "udp.stream": "102" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "14", - "http.prev_response_in": "4188" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:40.515344000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494740.515344000", - "frame.time_delta": "0.052816000", - "frame.time_delta_displayed": "0.052816000", - "frame.time_relative": "1149.054658000", - "frame.number": "4190", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000c7b6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000ef91", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "56551", - "udp.port": "1900", - "udp.port": "56551", - "udp.length": "308", - "udp.checksum": "0x000019a9", - "udp.checksum.status": "2", - "udp.stream": "102" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "15", - "http.prev_response_in": "4189" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:41.462266000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494741.462266000", - "frame.time_delta": "0.946922000", - "frame.time_delta_displayed": "0.946922000", - "frame.time_relative": "1150.001580000", - "frame.number": "4191", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000c7d6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000ef74", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "56551", - "udp.port": "1900", - "udp.port": "56551", - "udp.length": "305", - "udp.checksum": "0x0000e833", - "udp.checksum.status": "2", - "udp.stream": "102" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "16", - "http.prev_response_in": "4190" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:41.515113000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494741.515113000", - "frame.time_delta": "0.052847000", - "frame.time_delta_displayed": "0.052847000", - "frame.time_relative": "1150.054427000", - "frame.number": "4192", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000c7d7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000ef6a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "56551", - "udp.port": "1900", - "udp.port": "56551", - "udp.length": "314", - "udp.checksum": "0x0000f61e", - "udp.checksum.status": "2", - "udp.stream": "102" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "17", - "http.prev_response_in": "4191" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:41.567916000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494741.567916000", - "frame.time_delta": "0.052803000", - "frame.time_delta_displayed": "0.052803000", - "frame.time_relative": "1150.107230000", - "frame.number": "4193", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000c7dc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000ef6b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "56551", - "udp.port": "1900", - "udp.port": "56551", - "udp.length": "308", - "udp.checksum": "0x000019a9", - "udp.checksum.status": "2", - "udp.stream": "102" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "18", - "http.prev_response_in": "4192" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:42.147007000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494742.147007000", - "frame.time_delta": "0.579091000", - "frame.time_delta_displayed": "0.579091000", - "frame.time_relative": "1150.686321000", - "frame.number": "4194", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000c802", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000ef48", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "56551", - "udp.port": "1900", - "udp.port": "56551", - "udp.length": "305", - "udp.checksum": "0x0000e833", - "udp.checksum.status": "2", - "udp.stream": "102" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "19", - "http.prev_response_in": "4193" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:42.199911000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494742.199911000", - "frame.time_delta": "0.052904000", - "frame.time_delta_displayed": "0.052904000", - "frame.time_relative": "1150.739225000", - "frame.number": "4195", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000c808", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000ef39", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "56551", - "udp.port": "1900", - "udp.port": "56551", - "udp.length": "314", - "udp.checksum": "0x0000f61e", - "udp.checksum.status": "2", - "udp.stream": "102" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "20", - "http.prev_response_in": "4194" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:42.252195000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494742.252195000", - "frame.time_delta": "0.052284000", - "frame.time_delta_displayed": "0.052284000", - "frame.time_relative": "1150.791509000", - "frame.number": "4196", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000c80b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000ef3c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "56551", - "udp.port": "1900", - "udp.port": "56551", - "udp.length": "308", - "udp.checksum": "0x000019a9", - "udp.checksum.status": "2", - "udp.stream": "102" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "21", - "http.prev_response_in": "4195" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:43.184488000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494743.184488000", - "frame.time_delta": "0.932293000", - "frame.time_delta_displayed": "0.932293000", - "frame.time_relative": "1151.723802000", - "frame.number": "4197", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", - "arp.src.proto_ipv4": "192.168.0.114", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:43.198658000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494743.198658000", - "frame.time_delta": "0.014170000", - "frame.time_delta_displayed": "0.014170000", - "frame.time_relative": "1151.737972000", - "frame.number": "4198", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000c810", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000ef3a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "56551", - "udp.port": "1900", - "udp.port": "56551", - "udp.length": "305", - "udp.checksum": "0x0000e833", - "udp.checksum.status": "2", - "udp.stream": "102" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "22", - "http.prev_response_in": "4196" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:43.251434000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494743.251434000", - "frame.time_delta": "0.052776000", - "frame.time_delta_displayed": "0.052776000", - "frame.time_relative": "1151.790748000", - "frame.number": "4199", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000c812", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000ef2f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "56551", - "udp.port": "1900", - "udp.port": "56551", - "udp.length": "314", - "udp.checksum": "0x0000f61e", - "udp.checksum.status": "2", - "udp.stream": "102" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "23", - "http.prev_response_in": "4198" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:43.304218000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494743.304218000", - "frame.time_delta": "0.052784000", - "frame.time_delta_displayed": "0.052784000", - "frame.time_relative": "1151.843532000", - "frame.number": "4200", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000c815", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000ef32", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "56551", - "udp.port": "1900", - "udp.port": "56551", - "udp.length": "308", - "udp.checksum": "0x000019a9", - "udp.checksum.status": "2", - "udp.stream": "102" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "24", - "http.prev_response_in": "4199" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:47.631203000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494747.631203000", - "frame.time_delta": "4.326985000", - "frame.time_delta_displayed": "4.326985000", - "frame.time_relative": "1156.170517000", - "frame.number": "4201", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001df1", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b9ff", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00001980", - "udp.checksum.status": "2", - "udp.stream": "98" - }, - "mdns": { - "dns.id": "0x00000276", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=630", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:47.631545000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494747.631545000", - "frame.time_delta": "0.000342000", - "frame.time_delta_displayed": "0.000342000", - "frame.time_relative": "1156.170859000", - "frame.number": "4202", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001df2", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009afa", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000fa7b", - "udp.checksum.status": "2", - "udp.stream": "99" - }, - "mdns": { - "dns.id": "0x00000276", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=630", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:47.632492000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494747.632492000", - "frame.time_delta": "0.000947000", - "frame.time_delta_displayed": "0.000947000", - "frame.time_relative": "1156.171806000", - "frame.number": "4203", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1322", - "udp.dstport": "5353", - "udp.port": "1322", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00008841", - "udp.checksum.status": "2", - "udp.stream": "100" - }, - "mdns": { - "dns.id": "0x00000276", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=630", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:49.466062000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494749.466062000", - "frame.time_delta": "1.833570000", - "frame.time_delta_displayed": "1.833570000", - "frame.time_relative": "1158.005376000", - "frame.number": "4204", - "frame.len": "418", - "frame.cap_len": "418", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "404", - "ip.id": "0x00009611", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000760e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "352", - "tcp.seq": "56817", - "tcp.nxtseq": "57169", - "tcp.ack": "12540", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00008a52", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:75:48:a7:9f:56:df", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2520392, TSecr 2812237535": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2520392", - "tcp.options.timestamp.tsecr": "2812237535" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "352", - "tcp.analysis.push_bytes_sent": "352" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "347", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:c9:9e:60:5c:03:14:a2:e2:58:e2:57:71:91:69:ff:cb:b6:86:20:35:f5:4f:5c:1e:f6:44:1e:c4:2d:59:11:74:2b:b3:f1:74:0e:4d:a1:45:cb:ac:44:6a:8c:dc:d0:cb:50:36:c3:d3:e8:fd:26:fb:f9:59:06:fc:76:e6:0b:76:e5:29:8a:56:1e:e2:a4:e0:db:5d:94:1a:f3:27:e4:f5:ad:d1:da:90:0a:e8:18:29:ab:f2:62:49:78:39:d8:56:2a:26:ca:84:2e:6d:50:f8:da:67:7c:86:17:5b:e4:66:81:c3:45:c1:05:0a:bd:b3:2b:58:87:1b:8c:54:b4:f1:97:f2:4a:7d:7f:5b:51:8e:2c:d2:08:1e:74:d1:56:80:aa:9f:17:ae:f1:d1:0f:ef:3a:64:8b:d2:20:2e:f2:9e:67:35:a7:f5:4d:42:34:b5:8f:fa:69:ff:86:e2:9f:64:5d:72:0a:cf:fe:24:99:a5:fa:92:a5:85:a9:ab:10:c9:17:3b:a1:7e:9f:55:7d:e9:36:ff:47:c4:29:57:94:b0:97:c6:5c:39:78:52:cd:1b:ea:b7:74:2e:f1:8b:c0:a8:4c:41:0a:9d:15:eb:ab:4a:da:96:47:5a:a3:0d:51:18:93:ba:cc:d9:b7:36:d3:6f:66:54:63:d1:9f:a7:c6:78:45:95:f8:49:e7:08:48:c4:5e:63:e7:51:46:b2:bf:74:24:f1:a0:68:5a:8e:40:d6:48:37:e7:37:b7:2b:84:f5:a9:be:49:8f:64:33:f9:32:4d:38:26:6a:22:e0:79:e8:80:2b:75:0e:16:92:41:10:78:c6:64:44:2f:76:84:d7:ff:d9:2d:1e:54:b6:76:1a:85:ab:aa:e9:64:3c:cc:0a:75:d4:3f:df" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:49.526981000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494749.526981000", - "frame.time_delta": "0.060919000", - "frame.time_delta_displayed": "0.060919000", - "frame.time_relative": "1158.066295000", - "frame.number": "4205", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002d14", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000383c", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "12540", - "tcp.nxtseq": "12587", - "tcp.ack": "57169", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000d701", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9f:66:42:00:26:75:48", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812241474, TSecr 2520392": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812241474", - "tcp.options.timestamp.tsecr": "2520392" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4204", - "tcp.analysis.ack_rtt": "0.060919000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:87:1e:f8:82:45:46:3c:43:3d:76:da:a2:a2:c7:ea:23:c7:2c:29:72:c7:20:b5:a7:65:02:56:3f:1b:f6:9b:09:f0:df:fe" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:49.527414000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494749.527414000", - "frame.time_delta": "0.000433000", - "frame.time_delta_displayed": "0.000433000", - "frame.time_relative": "1158.066728000", - "frame.number": "4206", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00009612", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000776d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "57169", - "tcp.ack": "12587", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000bb8f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:75:4e:a7:9f:66:42", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2520398, TSecr 2812241474": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2520398", - "tcp.options.timestamp.tsecr": "2812241474" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4205", - "tcp.analysis.ack_rtt": "0.000433000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:52.635150000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494752.635150000", - "frame.time_delta": "3.107736000", - "frame.time_delta_displayed": "3.107736000", - "frame.time_relative": "1161.174464000", - "frame.number": "4207", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001df6", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b9fa", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00001980", - "udp.checksum.status": "2", - "udp.stream": "98" - }, - "mdns": { - "dns.id": "0x00000276", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=630", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:52.635938000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494752.635938000", - "frame.time_delta": "0.000788000", - "frame.time_delta_displayed": "0.000788000", - "frame.time_relative": "1161.175252000", - "frame.number": "4208", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001df7", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009af5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000fa7b", - "udp.checksum.status": "2", - "udp.stream": "99" - }, - "mdns": { - "dns.id": "0x00000276", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=630", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:52.636824000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494752.636824000", - "frame.time_delta": "0.000886000", - "frame.time_delta_displayed": "0.000886000", - "frame.time_relative": "1161.176138000", - "frame.number": "4209", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1322", - "udp.dstport": "5353", - "udp.port": "1322", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00008841", - "udp.checksum.status": "2", - "udp.stream": "100" - }, - "mdns": { - "dns.id": "0x00000276", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=630", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:53.640338000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494753.640338000", - "frame.time_delta": "1.003514000", - "frame.time_delta_displayed": "1.003514000", - "frame.time_relative": "1162.179652000", - "frame.number": "4210", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x0000d2a8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000f6ae", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:53.657795000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494753.657795000", - "frame.time_delta": "0.017457000", - "frame.time_delta_displayed": "0.017457000", - "frame.time_relative": "1162.197109000", - "frame.number": "4211", - "frame.len": "213", - "frame.cap_len": "213", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "199", - "ip.id": "0x00009613", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000076d9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "147", - "tcp.seq": "57169", - "tcp.nxtseq": "57316", - "tcp.ack": "12587", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000c421", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:76:eb:a7:9f:66:42", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2520811, TSecr 2812241474": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2520811", - "tcp.options.timestamp.tsecr": "2812241474" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "147", - "tcp.analysis.push_bytes_sent": "147" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "142", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:ca:b8:d9:f6:07:7b:16:98:77:99:92:8d:56:5f:5d:73:5f:61:23:2f:59:0e:46:88:d7:b4:84:f8:fe:f2:7b:67:25:28:84:50:62:8f:4f:21:ab:58:5b:6d:32:61:a7:40:8f:03:b5:72:36:79:fe:e5:13:e7:e1:1e:54:b7:19:33:56:00:9a:e1:b3:44:7f:4c:2d:b2:17:38:e1:41:e3:fb:e7:3f:70:7a:09:83:68:43:4c:ba:11:a1:b5:73:23:08:13:59:ca:47:70:6e:36:4b:cb:a4:5f:ad:d2:4f:1f:77:1d:53:4d:30:b0:20:0b:3d:a0:26:e8:56:c2:9d:ef:dc:8b:2f:ef:55:2c:0d:28" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:53.693053000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494753.693053000", - "frame.time_delta": "0.035258000", - "frame.time_delta_displayed": "0.035258000", - "frame.time_relative": "1162.232367000", - "frame.number": "4212", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x0000d2ad", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000f6a9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:53.746266000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494753.746266000", - "frame.time_delta": "0.053213000", - "frame.time_delta_displayed": "0.053213000", - "frame.time_relative": "1162.285580000", - "frame.number": "4213", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x0000d2b2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000f69b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:53.754454000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494753.754454000", - "frame.time_delta": "0.008188000", - "frame.time_delta_displayed": "0.008188000", - "frame.time_relative": "1162.293768000", - "frame.number": "4214", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d15", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000386a", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "12587", - "tcp.ack": "57316", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000b62d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9f:6a:63:00:26:76:eb", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812242531, TSecr 2520811": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812242531", - "tcp.options.timestamp.tsecr": "2520811" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4211", - "tcp.analysis.ack_rtt": "0.096659000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:53.764794000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494753.764794000", - "frame.time_delta": "0.010340000", - "frame.time_delta_displayed": "0.010340000", - "frame.time_relative": "1162.304108000", - "frame.number": "4215", - "frame.len": "196", - "frame.cap_len": "196", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "182", - "ip.id": "0x00009614", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000076e9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "130", - "tcp.seq": "57316", - "tcp.nxtseq": "57446", - "tcp.ack": "12587", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000001d9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:76:f6:a7:9f:6a:63", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2520822, TSecr 2812242531": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2520822", - "tcp.options.timestamp.tsecr": "2812242531" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "130", - "tcp.analysis.push_bytes_sent": "130" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "125", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:cb:52:a6:f4:7e:a3:82:e1:56:ac:8e:c5:90:8e:da:af:72:36:82:f9:b7:b0:42:39:8b:79:30:5a:28:7c:68:85:3e:7e:4d:35:7f:33:1f:ac:2f:96:19:8e:cf:7f:29:23:a3:b4:de:22:de:14:6a:54:24:13:a3:ea:b4:32:bb:69:ce:f8:dc:9b:96:09:c7:f1:82:aa:d6:28:11:70:e2:fe:8e:c4:b2:f5:58:8d:32:5a:dd:70:9e:3e:c8:ad:72:0a:00:82:a7:d3:e1:20:8b:51:7c:89:3a:a3:12:82:a6:85:8c:fa:f0:85:14:b6" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:53.799104000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494753.799104000", - "frame.time_delta": "0.034310000", - "frame.time_delta_displayed": "0.034310000", - "frame.time_relative": "1162.338418000", - "frame.number": "4216", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x0000d2b7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000f696", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:53.824943000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494753.824943000", - "frame.time_delta": "0.025839000", - "frame.time_delta_displayed": "0.025839000", - "frame.time_relative": "1162.364257000", - "frame.number": "4217", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d16", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003869", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "12587", - "tcp.ack": "57446", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000b58f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9f:6a:74:00:26:76:f6", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812242548, TSecr 2520822": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812242548", - "tcp.options.timestamp.tsecr": "2520822" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4215", - "tcp.analysis.ack_rtt": "0.060149000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:53.852063000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494753.852063000", - "frame.time_delta": "0.027120000", - "frame.time_delta_displayed": "0.027120000", - "frame.time_relative": "1162.391377000", - "frame.number": "4218", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x0000d2b9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000f69a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:53.905027000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494753.905027000", - "frame.time_delta": "0.052964000", - "frame.time_delta_displayed": "0.052964000", - "frame.time_relative": "1162.444341000", - "frame.number": "4219", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x0000d2bb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000f698", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:57.631418000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494757.631418000", - "frame.time_delta": "3.726391000", - "frame.time_delta_displayed": "3.726391000", - "frame.time_relative": "1166.170732000", - "frame.number": "4220", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001df8", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b9f8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00001980", - "udp.checksum.status": "2", - "udp.stream": "98" - }, - "mdns": { - "dns.id": "0x00000276", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=630", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:57.631941000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494757.631941000", - "frame.time_delta": "0.000523000", - "frame.time_delta_displayed": "0.000523000", - "frame.time_relative": "1166.171255000", - "frame.number": "4221", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001df9", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009af3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000fa7b", - "udp.checksum.status": "2", - "udp.stream": "99" - }, - "mdns": { - "dns.id": "0x00000276", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=630", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:57.632553000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494757.632553000", - "frame.time_delta": "0.000612000", - "frame.time_delta_displayed": "0.000612000", - "frame.time_relative": "1166.171867000", - "frame.number": "4222", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1322", - "udp.dstport": "5353", - "udp.port": "1322", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00008841", - "udp.checksum.status": "2", - "udp.stream": "100" - }, - "mdns": { - "dns.id": "0x00000276", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=630", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:05:58.814693000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494758.814693000", - "frame.time_delta": "1.182140000", - "frame.time_delta_displayed": "1.182140000", - "frame.time_relative": "1167.354007000", - "frame.number": "4223", - "frame.len": "136", - "frame.cap_len": "136", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "122", - "ip.id": "0x000033f8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000a561", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "102", - "udp.checksum": "0x0000302a", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000003", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", - "dns.qry.name.len": "70", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:04.195429000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494764.195429000", - "frame.time_delta": "5.380736000", - "frame.time_delta_displayed": "5.380736000", - "frame.time_relative": "1172.734743000", - "frame.number": "4224", - "frame.len": "94", - "frame.cap_len": "94", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "80", - "ip.id": "0x000057fe", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a66b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "40", - "tcp.seq": "362", - "tcp.nxtseq": "402", - "tcp.ack": "325", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000038a6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "40", - "tcp.analysis.push_bytes_sent": "40" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "35", - "ssl.app_data": "c1:4c:bc:6e:d4:4e:36:e5:5b:cd:c4:d5:f7:f0:e5:de:32:2e:35:6a:e2:dc:bf:48:78:71:4c:8b:4c:96:ae:51:7e:88:69" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:04.339162000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494764.339162000", - "frame.time_delta": "0.143733000", - "frame.time_delta_displayed": "0.143733000", - "frame.time_relative": "1172.878476000", - "frame.number": "4225", - "frame.len": "90", - "frame.cap_len": "90", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "76", - "ip.id": "0x00000fea", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fd83", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "36", - "tcp.seq": "325", - "tcp.nxtseq": "361", - "tcp.ack": "402", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000fb8b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4224", - "tcp.analysis.ack_rtt": "0.143733000", - "tcp.analysis.bytes_in_flight": "36", - "tcp.analysis.push_bytes_sent": "36" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "31", - "ssl.app_data": "54:26:79:5a:1e:3d:fa:6b:52:90:30:78:58:d0:87:55:b5:9b:63:e6:4c:d7:02:8c:6c:80:1e:6a:f1:b0:76" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:04.339705000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494764.339705000", - "frame.time_delta": "0.000543000", - "frame.time_delta_displayed": "0.000543000", - "frame.time_relative": "1172.879019000", - "frame.number": "4226", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000057ff", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a692", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "402", - "tcp.ack": "361", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000003c6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4225", - "tcp.analysis.ack_rtt": "0.000543000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:06.586567000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494766.586567000", - "frame.time_delta": "2.246862000", - "frame.time_delta_displayed": "2.246862000", - "frame.time_relative": "1175.125881000", - "frame.number": "4227", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005d07", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x00005ae2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:07.631983000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494767.631983000", - "frame.time_delta": "1.045416000", - "frame.time_delta_displayed": "1.045416000", - "frame.time_relative": "1176.171297000", - "frame.number": "4228", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001dfa", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b9f6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000187f", - "udp.checksum.status": "2", - "udp.stream": "98" - }, - "mdns": { - "dns.id": "0x00000277", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=631", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:07.632497000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494767.632497000", - "frame.time_delta": "0.000514000", - "frame.time_delta_displayed": "0.000514000", - "frame.time_relative": "1176.171811000", - "frame.number": "4229", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001dfb", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009af1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f97a", - "udp.checksum.status": "2", - "udp.stream": "99" - }, - "mdns": { - "dns.id": "0x00000277", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=631", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:07.633206000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494767.633206000", - "frame.time_delta": "0.000709000", - "frame.time_delta_displayed": "0.000709000", - "frame.time_relative": "1176.172520000", - "frame.number": "4230", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1322", - "udp.dstport": "5353", - "udp.port": "1322", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00008740", - "udp.checksum.status": "2", - "udp.stream": "100" - }, - "mdns": { - "dns.id": "0x00000277", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=631", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:09.340425000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494769.340425000", - "frame.time_delta": "1.707219000", - "frame.time_delta_displayed": "1.707219000", - "frame.time_relative": "1177.879739000", - "frame.number": "4231", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.160" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:09.340822000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494769.340822000", - "frame.time_delta": "0.000397000", - "frame.time_delta_displayed": "0.000397000", - "frame.time_relative": "1177.880136000", - "frame.number": "4232", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "00:17:88:69:ee:e4", - "arp.src.proto_ipv4": "192.168.0.160", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:09.815620000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494769.815620000", - "frame.time_delta": "0.474798000", - "frame.time_delta_displayed": "0.474798000", - "frame.time_relative": "1178.354934000", - "frame.number": "4233", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x0000100a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000a857", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "45267", - "udp.dstport": "53", - "udp.port": "45267", - "udp.port": "53", - "udp.length": "52", - "udp.checksum": "0x000061fb", - "udp.checksum.status": "2", - "udp.stream": "103" - }, - "dns": { - "dns.id": "0x000003cd", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "fw-update2.smartthings.com: type A, class IN": { - "dns.qry.name": "fw-update2.smartthings.com", - "dns.qry.name.len": "26", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:09.815635000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494769.815635000", - "frame.time_delta": "0.000015000", - "frame.time_delta_displayed": "0.000015000", - "frame.time_relative": "1178.354949000", - "frame.number": "4234", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x0000100b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000a856", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "45267", - "udp.dstport": "53", - "udp.port": "45267", - "udp.port": "53", - "udp.length": "52", - "udp.checksum": "0x0000e97a", - "udp.checksum.status": "2", - "udp.stream": "103" - }, - "dns": { - "dns.id": "0x00007c32", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "fw-update2.smartthings.com: type AAAA, class IN": { - "dns.qry.name": "fw-update2.smartthings.com", - "dns.qry.name.len": "26", - "dns.count.labels": "3", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:09.841805000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494769.841805000", - "frame.time_delta": "0.026170000", - "frame.time_delta_displayed": "0.026170000", - "frame.time_relative": "1178.381119000", - "frame.number": "4235", - "frame.len": "447", - "frame.cap_len": "447", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "433", - "ip.id": "0x0000a5ee", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000110a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "45267", - "udp.port": "53", - "udp.port": "45267", - "udp.length": "413", - "udp.checksum": "0x000083f2", - "udp.checksum.status": "2", - "udp.stream": "103" - }, - "dns": { - "dns.response_to": "4233", - "dns.time": "0.026185000", - "dns.id": "0x000003cd", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "3", - "dns.count.auth_rr": "4", - "dns.count.add_rr": "8", - "Queries": { - "fw-update2.smartthings.com: type A, class IN": { - "dns.qry.name": "fw-update2.smartthings.com", - "dns.qry.name.len": "26", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "fw-update2.smartthings.com: type A, class IN, addr 52.4.156.100": { - "dns.resp.name": "fw-update2.smartthings.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "60", - "dns.resp.len": "4", - "dns.a": "52.4.156.100" - }, - "fw-update2.smartthings.com: type A, class IN, addr 52.70.238.171": { - "dns.resp.name": "fw-update2.smartthings.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "60", - "dns.resp.len": "4", - "dns.a": "52.70.238.171" - }, - "fw-update2.smartthings.com: type A, class IN, addr 34.231.50.247": { - "dns.resp.name": "fw-update2.smartthings.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "60", - "dns.resp.len": "4", - "dns.a": "34.231.50.247" - } - }, - "Authoritative nameservers": { - "smartthings.com: type NS, class IN, ns ns-442.awsdns-55.com": { - "dns.resp.name": "smartthings.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "10093", - "dns.resp.len": "19", - "dns.ns": "ns-442.awsdns-55.com" - }, - "smartthings.com: type NS, class IN, ns ns-779.awsdns-33.net": { - "dns.resp.name": "smartthings.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "10093", - "dns.resp.len": "22", - "dns.ns": "ns-779.awsdns-33.net" - }, - "smartthings.com: type NS, class IN, ns ns-1610.awsdns-09.co.uk": { - "dns.resp.name": "smartthings.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "10093", - "dns.resp.len": "25", - "dns.ns": "ns-1610.awsdns-09.co.uk" - }, - "smartthings.com: type NS, class IN, ns ns-1275.awsdns-31.org": { - "dns.resp.name": "smartthings.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "10093", - "dns.resp.len": "23", - "dns.ns": "ns-1275.awsdns-31.org" - } - }, - "Additional records": { - "ns-442.awsdns-55.com: type A, class IN, addr 205.251.193.186": { - "dns.resp.name": "ns-442.awsdns-55.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "139159", - "dns.resp.len": "4", - "dns.a": "205.251.193.186" - }, - "ns-779.awsdns-33.net: type A, class IN, addr 205.251.195.11": { - "dns.resp.name": "ns-779.awsdns-33.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "10779", - "dns.resp.len": "4", - "dns.a": "205.251.195.11" - }, - "ns-1275.awsdns-31.org: type A, class IN, addr 205.251.196.251": { - "dns.resp.name": "ns-1275.awsdns-31.org", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "7072", - "dns.resp.len": "4", - "dns.a": "205.251.196.251" - }, - "ns-1610.awsdns-09.co.uk: type A, class IN, addr 205.251.198.74": { - "dns.resp.name": "ns-1610.awsdns-09.co.uk", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "15674", - "dns.resp.len": "4", - "dns.a": "205.251.198.74" - }, - "ns-442.awsdns-55.com: type AAAA, class IN, addr 2600:9000:5301:ba00::1": { - "dns.resp.name": "ns-442.awsdns-55.com", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "139159", - "dns.resp.len": "16", - "dns.aaaa": "2600:9000:5301:ba00::1" - }, - "ns-779.awsdns-33.net: type AAAA, class IN, addr 2600:9000:5303:b00::1": { - "dns.resp.name": "ns-779.awsdns-33.net", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "10779", - "dns.resp.len": "16", - "dns.aaaa": "2600:9000:5303:b00::1" - }, - "ns-1275.awsdns-31.org: type AAAA, class IN, addr 2600:9000:5304:fb00::1": { - "dns.resp.name": "ns-1275.awsdns-31.org", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "7072", - "dns.resp.len": "16", - "dns.aaaa": "2600:9000:5304:fb00::1" - }, - "ns-1610.awsdns-09.co.uk: type AAAA, class IN, addr 2600:9000:5306:4a00::1": { - "dns.resp.name": "ns-1610.awsdns-09.co.uk", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "15674", - "dns.resp.len": "16", - "dns.aaaa": "2600:9000:5306:4a00::1" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:09.841985000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494769.841985000", - "frame.time_delta": "0.000180000", - "frame.time_delta_displayed": "0.000180000", - "frame.time_relative": "1178.381299000", - "frame.number": "4236", - "frame.len": "168", - "frame.cap_len": "168", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "154", - "ip.id": "0x0000a5ef", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00001220", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "45267", - "udp.port": "53", - "udp.port": "45267", - "udp.length": "134", - "udp.checksum": "0x000082db", - "udp.checksum.status": "2", - "udp.stream": "103" - }, - "dns": { - "dns.response_to": "4234", - "dns.time": "0.026350000", - "dns.id": "0x00007c32", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "1", - "dns.count.add_rr": "0", - "Queries": { - "fw-update2.smartthings.com: type AAAA, class IN": { - "dns.qry.name": "fw-update2.smartthings.com", - "dns.qry.name.len": "26", - "dns.count.labels": "3", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - }, - "Authoritative nameservers": { - "smartthings.com: type SOA, class IN, mname ns-1275.awsdns-31.org": { - "dns.resp.name": "smartthings.com", - "dns.resp.type": "6", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "900", - "dns.resp.len": "70", - "dns.soa.mname": "ns-1275.awsdns-31.org", - "dns.soa.rname": "awsdns-hostmaster.amazon.com", - "dns.soa.serial_number": "1", - "dns.soa.refresh_interval": "7200", - "dns.soa.retry_interval": "900", - "dns.soa.expire_limit": "1209600", - "dns.soa.mininum_ttl": "86400" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:09.842985000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494769.842985000", - "frame.time_delta": "0.001000000", - "frame.time_delta_displayed": "0.001000000", - "frame.time_relative": "1178.382299000", - "frame.number": "4237", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x0000d960", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000cf58", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "52.4.156.100", - "ip.addr": "52.4.156.100", - "ip.dst_host": "52.4.156.100", - "ip.host": "52.4.156.100", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.dst_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.dst_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.dst_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - } - }, - "tcp": { - "tcp.srcport": "58212", - "tcp.dstport": "443", - "tcp.port": "58212", - "tcp.port": "443", - "tcp.stream": "164", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 443", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "14600", - "tcp.window_size": "14600", - "tcp.checksum": "0x0000bfbb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:26:7d:3e:00:00:00:00:01:03:03:06", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 2522430, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2522430", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 6 (multiply by 64)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "6", - "tcp.options.wscale.multiplier": "64" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:09.920451000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494769.920451000", - "frame.time_delta": "0.077466000", - "frame.time_delta_displayed": "0.077466000", - "frame.time_relative": "1178.459765000", - "frame.number": "4238", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "230", - "ip.proto": "6", - "ip.checksum": "0x000002b9", - "ip.checksum.status": "2", - "ip.src": "52.4.156.100", - "ip.addr": "52.4.156.100", - "ip.src_host": "52.4.156.100", - "ip.host": "52.4.156.100", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.src_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.src_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.src_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "58212", - "tcp.port": "443", - "tcp.port": "58212", - "tcp.stream": "164", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 443", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "26847", - "tcp.window_size": "26847", - "tcp.checksum": "0x0000b8b8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:4b:46:b9:55:00:26:7d:3e:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 1262926165, TSecr 2522430": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "1262926165", - "tcp.options.timestamp.tsecr": "2522430" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4237", - "tcp.analysis.ack_rtt": "0.077466000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:09.920943000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494769.920943000", - "frame.time_delta": "0.000492000", - "frame.time_delta_displayed": "0.000492000", - "frame.time_relative": "1178.460257000", - "frame.number": "4239", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000d961", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000cf5f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "52.4.156.100", - "ip.addr": "52.4.156.100", - "ip.dst_host": "52.4.156.100", - "ip.host": "52.4.156.100", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.dst_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.dst_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.dst_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - } - }, - "tcp": { - "tcp.srcport": "58212", - "tcp.dstport": "443", - "tcp.port": "58212", - "tcp.port": "443", - "tcp.stream": "164", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "229", - "tcp.window_size": "14656", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x00004f78", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:7d:46:4b:46:b9:55", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2522438, TSecr 1262926165": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2522438", - "tcp.options.timestamp.tsecr": "1262926165" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4238", - "tcp.analysis.ack_rtt": "0.000492000", - "tcp.analysis.initial_rtt": "0.077958000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:09.923128000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494769.923128000", - "frame.time_delta": "0.002185000", - "frame.time_delta_displayed": "0.002185000", - "frame.time_relative": "1178.462442000", - "frame.number": "4240", - "frame.len": "373", - "frame.cap_len": "373", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "359", - "ip.id": "0x0000d962", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ce2b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "52.4.156.100", - "ip.addr": "52.4.156.100", - "ip.dst_host": "52.4.156.100", - "ip.host": "52.4.156.100", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.dst_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.dst_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.dst_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - } - }, - "tcp": { - "tcp.srcport": "58212", - "tcp.dstport": "443", - "tcp.port": "58212", - "tcp.port": "443", - "tcp.stream": "164", - "tcp.len": "307", - "tcp.seq": "1", - "tcp.nxtseq": "308", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "229", - "tcp.window_size": "14656", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x00001504", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:7d:46:4b:46:b9:55", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2522438, TSecr 1262926165": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2522438", - "tcp.options.timestamp.tsecr": "1262926165" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.077958000", - "tcp.analysis.bytes_in_flight": "307", - "tcp.analysis.push_bytes_sent": "307" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "22", - "ssl.record.version": "0x00000301", - "ssl.record.length": "302", - "ssl.handshake": { - "ssl.handshake.type": "1", - "ssl.handshake.length": "298", - "ssl.handshake.version": "0x00000303", - "Random": { - "ssl.handshake.random_time": "Aug 20, 2068 20:01:30.000000000 PDT", - "ssl.handshake.random": "ba:b5:8f:26:77:de:77:2d:47:27:fd:20:34:db:56:6b:8c:f6:fa:fd:88:45:ab:96:d8:39:9b:5c" - }, - "ssl.handshake.session_id_length": "0", - "ssl.handshake.cipher_suites_length": "148", - "ssl.handshake.ciphersuites": { - "ssl.handshake.ciphersuite": "49200", - "ssl.handshake.ciphersuite": "49196", - "ssl.handshake.ciphersuite": "49192", - "ssl.handshake.ciphersuite": "49188", - "ssl.handshake.ciphersuite": "49172", - "ssl.handshake.ciphersuite": "49162", - "ssl.handshake.ciphersuite": "163", - "ssl.handshake.ciphersuite": "159", - "ssl.handshake.ciphersuite": "107", - "ssl.handshake.ciphersuite": "106", - "ssl.handshake.ciphersuite": "57", - "ssl.handshake.ciphersuite": "56", - "ssl.handshake.ciphersuite": "136", - "ssl.handshake.ciphersuite": "135", - "ssl.handshake.ciphersuite": "49202", - "ssl.handshake.ciphersuite": "49198", - "ssl.handshake.ciphersuite": "49194", - "ssl.handshake.ciphersuite": "49190", - "ssl.handshake.ciphersuite": "49167", - "ssl.handshake.ciphersuite": "49157", - "ssl.handshake.ciphersuite": "157", - "ssl.handshake.ciphersuite": "61", - "ssl.handshake.ciphersuite": "53", - "ssl.handshake.ciphersuite": "132", - "ssl.handshake.ciphersuite": "49199", - "ssl.handshake.ciphersuite": "49195", - "ssl.handshake.ciphersuite": "49191", - "ssl.handshake.ciphersuite": "49187", - "ssl.handshake.ciphersuite": "49171", - "ssl.handshake.ciphersuite": "49161", - "ssl.handshake.ciphersuite": "162", - "ssl.handshake.ciphersuite": "158", - "ssl.handshake.ciphersuite": "103", - "ssl.handshake.ciphersuite": "64", - "ssl.handshake.ciphersuite": "51", - "ssl.handshake.ciphersuite": "50", - "ssl.handshake.ciphersuite": "154", - "ssl.handshake.ciphersuite": "153", - "ssl.handshake.ciphersuite": "69", - "ssl.handshake.ciphersuite": "68", - "ssl.handshake.ciphersuite": "49201", - "ssl.handshake.ciphersuite": "49197", - "ssl.handshake.ciphersuite": "49193", - "ssl.handshake.ciphersuite": "49189", - "ssl.handshake.ciphersuite": "49166", - "ssl.handshake.ciphersuite": "49156", - "ssl.handshake.ciphersuite": "156", - "ssl.handshake.ciphersuite": "60", - "ssl.handshake.ciphersuite": "47", - "ssl.handshake.ciphersuite": "150", - "ssl.handshake.ciphersuite": "65", - "ssl.handshake.ciphersuite": "7", - "ssl.handshake.ciphersuite": "49169", - "ssl.handshake.ciphersuite": "49159", - "ssl.handshake.ciphersuite": "49164", - "ssl.handshake.ciphersuite": "49154", - "ssl.handshake.ciphersuite": "5", - "ssl.handshake.ciphersuite": "4", - "ssl.handshake.ciphersuite": "49170", - "ssl.handshake.ciphersuite": "49160", - "ssl.handshake.ciphersuite": "22", - "ssl.handshake.ciphersuite": "19", - "ssl.handshake.ciphersuite": "49165", - "ssl.handshake.ciphersuite": "49155", - "ssl.handshake.ciphersuite": "10", - "ssl.handshake.ciphersuite": "21", - "ssl.handshake.ciphersuite": "18", - "ssl.handshake.ciphersuite": "9", - "ssl.handshake.ciphersuite": "20", - "ssl.handshake.ciphersuite": "17", - "ssl.handshake.ciphersuite": "8", - "ssl.handshake.ciphersuite": "6", - "ssl.handshake.ciphersuite": "3", - "ssl.handshake.ciphersuite": "255" - }, - "ssl.handshake.comp_methods_length": "1", - "ssl.handshake.comp_methods": { - "ssl.handshake.comp_method": "0" - }, - "ssl.handshake.extensions_length": "109", - "Extension: ec_point_formats": { - "ssl.handshake.extension.type": "0x0000000b", - "ssl.handshake.extension.len": "4", - "ssl.handshake.extensions_ec_point_formats_length": "3", - "ssl.handshake.extensions_elliptic_curves": { - "ssl.handshake.extensions_ec_point_format": "0", - "ssl.handshake.extensions_ec_point_format": "1", - "ssl.handshake.extensions_ec_point_format": "2" - } - }, - "Extension: elliptic_curves": { - "ssl.handshake.extension.type": "0x0000000a", - "ssl.handshake.extension.len": "52", - "ssl.handshake.extensions_elliptic_curves_length": "50", - "ssl.handshake.extensions_elliptic_curves": { - "ssl.handshake.extensions_elliptic_curve": "0x0000000e", - "ssl.handshake.extensions_elliptic_curve": "0x0000000d", - "ssl.handshake.extensions_elliptic_curve": "0x00000019", - "ssl.handshake.extensions_elliptic_curve": "0x0000000b", - "ssl.handshake.extensions_elliptic_curve": "0x0000000c", - "ssl.handshake.extensions_elliptic_curve": "0x00000018", - "ssl.handshake.extensions_elliptic_curve": "0x00000009", - "ssl.handshake.extensions_elliptic_curve": "0x0000000a", - "ssl.handshake.extensions_elliptic_curve": "0x00000016", - "ssl.handshake.extensions_elliptic_curve": "0x00000017", - "ssl.handshake.extensions_elliptic_curve": "0x00000008", - "ssl.handshake.extensions_elliptic_curve": "0x00000006", - "ssl.handshake.extensions_elliptic_curve": "0x00000007", - "ssl.handshake.extensions_elliptic_curve": "0x00000014", - "ssl.handshake.extensions_elliptic_curve": "0x00000015", - "ssl.handshake.extensions_elliptic_curve": "0x00000004", - "ssl.handshake.extensions_elliptic_curve": "0x00000005", - "ssl.handshake.extensions_elliptic_curve": "0x00000012", - "ssl.handshake.extensions_elliptic_curve": "0x00000013", - "ssl.handshake.extensions_elliptic_curve": "0x00000001", - "ssl.handshake.extensions_elliptic_curve": "0x00000002", - "ssl.handshake.extensions_elliptic_curve": "0x00000003", - "ssl.handshake.extensions_elliptic_curve": "0x0000000f", - "ssl.handshake.extensions_elliptic_curve": "0x00000010", - "ssl.handshake.extensions_elliptic_curve": "0x00000011" - } - }, - "Extension: SessionTicket TLS": { - "ssl.handshake.extension.type": "0x00000023", - "ssl.handshake.extension.len": "0", - "ssl.handshake.extension.data": "" - }, - "Extension: signature_algorithms": { - "ssl.handshake.extension.type": "0x0000000d", - "ssl.handshake.extension.len": "32", - "ssl.handshake.sig_hash_alg_len": "30", - "ssl.handshake.sig_hash_algs": { - "ssl.handshake.sig_hash_alg": "0x00000601", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "6", - "ssl.handshake.sig_hash_sig": "1" - }, - "ssl.handshake.sig_hash_alg": "0x00000602", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "6", - "ssl.handshake.sig_hash_sig": "2" - }, - "ssl.handshake.sig_hash_alg": "0x00000603", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "6", - "ssl.handshake.sig_hash_sig": "3" - }, - "ssl.handshake.sig_hash_alg": "0x00000501", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "5", - "ssl.handshake.sig_hash_sig": "1" - }, - "ssl.handshake.sig_hash_alg": "0x00000502", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "5", - "ssl.handshake.sig_hash_sig": "2" - }, - "ssl.handshake.sig_hash_alg": "0x00000503", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "5", - "ssl.handshake.sig_hash_sig": "3" - }, - "ssl.handshake.sig_hash_alg": "0x00000401", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "4", - "ssl.handshake.sig_hash_sig": "1" - }, - "ssl.handshake.sig_hash_alg": "0x00000402", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "4", - "ssl.handshake.sig_hash_sig": "2" - }, - "ssl.handshake.sig_hash_alg": "0x00000403", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "4", - "ssl.handshake.sig_hash_sig": "3" - }, - "ssl.handshake.sig_hash_alg": "0x00000301", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "3", - "ssl.handshake.sig_hash_sig": "1" - }, - "ssl.handshake.sig_hash_alg": "0x00000302", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "3", - "ssl.handshake.sig_hash_sig": "2" - }, - "ssl.handshake.sig_hash_alg": "0x00000303", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "3", - "ssl.handshake.sig_hash_sig": "3" - }, - "ssl.handshake.sig_hash_alg": "0x00000201", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "2", - "ssl.handshake.sig_hash_sig": "1" - }, - "ssl.handshake.sig_hash_alg": "0x00000202", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "2", - "ssl.handshake.sig_hash_sig": "2" - }, - "ssl.handshake.sig_hash_alg": "0x00000203", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "2", - "ssl.handshake.sig_hash_sig": "3" - } - } - }, - "Extension: Heartbeat": { - "ssl.handshake.extension.type": "0x0000000f", - "ssl.handshake.extension.len": "1", - "ssl.handshake.extension.heartbeat.mode": "1" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:10.000876000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494770.000876000", - "frame.time_delta": "0.077748000", - "frame.time_delta_displayed": "0.077748000", - "frame.time_relative": "1178.540190000", - "frame.number": "4241", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x000052c2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "230", - "ip.proto": "6", - "ip.checksum": "0x0000affe", - "ip.checksum.status": "2", - "ip.src": "52.4.156.100", - "ip.addr": "52.4.156.100", - "ip.src_host": "52.4.156.100", - "ip.host": "52.4.156.100", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.src_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.src_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.src_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "58212", - "tcp.port": "443", - "tcp.port": "58212", - "tcp.stream": "164", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "308", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "110", - "tcp.window_size": "28160", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00004ea8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:4b:46:b9:69:00:26:7d:46", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 1262926185, TSecr 2522438": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "1262926185", - "tcp.options.timestamp.tsecr": "2522438" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4240", - "tcp.analysis.ack_rtt": "0.077748000", - "tcp.analysis.initial_rtt": "0.077958000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:10.001931000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494770.001931000", - "frame.time_delta": "0.001055000", - "frame.time_delta_displayed": "0.001055000", - "frame.time_relative": "1178.541245000", - "frame.number": "4242", - "frame.len": "1514", - "frame.cap_len": "1514", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1500", - "ip.id": "0x000052c3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "230", - "ip.proto": "6", - "ip.checksum": "0x0000aa55", - "ip.checksum.status": "2", - "ip.src": "52.4.156.100", - "ip.addr": "52.4.156.100", - "ip.src_host": "52.4.156.100", - "ip.host": "52.4.156.100", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.src_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.src_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.src_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "58212", - "tcp.port": "443", - "tcp.port": "58212", - "tcp.stream": "164", - "tcp.len": "1448", - "tcp.seq": "1", - "tcp.nxtseq": "1449", - "tcp.ack": "308", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "110", - "tcp.window_size": "28160", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000097d1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:4b:46:b9:69:00:26:7d:46", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 1262926185, TSecr 2522438": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "1262926185", - "tcp.options.timestamp.tsecr": "2522438" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.077958000", - "tcp.analysis.bytes_in_flight": "1448", - "tcp.analysis.push_bytes_sent": "1448" - }, - "tcp.segment_data": "16:03:03:05:49:0b:00:05:45:00:05:42:00:03:09:30:82:03:05:30:82:02:6e:a0:03:02:01:02:02:01:00:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:34:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:34:34:5a:30:5f:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:10:30:0e:06:03:55:04:03:13:07:53:54:46:57:53:52:56:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:c9:56:e8:6d:ec:56:0a:e8:a6:09:dc:50:d1:72:66:6d:16:64:1c:fa:f4:df:ab:ee:e5:89:6f:90:1c:78:63:3a:cd:18:c9:a0:0a:c2:c9:09:99:15:ce:93:87:44:31:dc:56:53:c4:1d:bd:6a:6a:96:2d:97:e8:16:59:4c:b6:13:6d:a7:e6:e1:1e:51:8f:7a:40:d9:eb:47:f6:88:3f:04:7a:a2:3a:49:ae:c4:fb:fe:f3:b6:72:59:38:60:5e:cf:12:0d:db:15:fe:f5:c9:0c:89:b1:91:59:69:d0:4a:1c:0a:86:4d:6f:66:19:22:eb:57:e3:c8:8f:b7:f6:4d:8b:02:03:01:00:01:a3:81:d3:30:81:d0:30:09:06:03:55:1d:13:04:02:30:00:30:2c:06:09:60:86:48:01:86:f8:42:01:0d:04:1f:16:1d:4f:70:65:6e:53:53:4c:20:47:65:6e:65:72:61:74:65:64:20:43:65:72:74:69:66:69:63:61:74:65:30:1d:06:03:55:1d:0e:04:16:04:14:01:07:04:ee:a6:17:33:cc:2d:e5:e1:56:cd:43:0f:b2:71:42:05:02:30:76:06:03:55:1d:23:04:6f:30:6d:a1:60:a4:5e:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:82:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:0f:26:11:8e:c5:ab:4b:39:27:63:dc:70:73:ad:5b:c3:b1:83:2e:2d:8d:93:d4:2a:6e:70:9a:38:75:cc:0c:c4:0d:13:ae:b5:72:2f:15:bf:44:17:4a:3d:c2:8b:15:3d:87:ce:90:01:e6:20:b4:55:04:15:30:3f:ac:1b:78:f8:ff:c0:64:74:c2:29:96:f3:5f:be:a1:59:6e:24:e4:0f:4b:08:71:22:83:e6:9a:ce:7f:64:11:05:4c:33:40:04:42:a4:bf:b0:e8:e5:50:2b:0f:7b:20:ec:53:4e:da:b4:e5:8f:3c:d1:bb:ab:95:e6:16:7a:9a:72:e5:e6:53:79:00:02:33:30:82:02:2f:30:82:01:98:02:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:33:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:33:34:5a:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:eb:7c:8a:c0:0c:30:96:1b:ea:91:46:ea:ed:6b:41:f5:f0:f6:0a:16:a7:f3:cd:25:e9:4a:2c:9b:b4:66:58:54:22:a2:ad:5a:31:51:fe:85:9a:52:f5:e0:b8:45:2e:05:75:5e:fd:39:35:35:11:62:26:19:f8:7b:7d:8d:aa:73:b4:24:ab:c3:b1:08:c5:81:f1:1f:a8:3a:e6:13:ce:42:d4:67:59:3c:50:1d:6b:a2:f9:87:11:24:b5:ca:e0:cc:23:54:af:1a:9d:60:21:8e:41:4c:f9:00:4f:8e:2e:48:be:60:61:25:8a:bb:e5:16:ac:c0:01:fe:bf:6c:ee:7f:02:03:01:00:01:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:48:44:84:f7:d5:c5:67:7f:cb:ea:65:30:ba:64:5c:53:a1:6d:22:f4:de:32:75:b0:cc:53:3d:29:00:14:5a:78:1c:40:a5:2d:4e:7e:fa:c8:d6:22:c3:3e:56:3f:33:22:0b:7a:23:02:e5:75:49:94:70:27:b4:a4:a4:48:5f:77:a2:09:78:90:0e:0d:41:6d:26:a7:9f:9b:e0:16:4f:9c:16:98:14:5e:99:67:f1:cb:ff:5d:b2:7e:bf:b3:fd:c3:b3:d5:fb:3a:fe:78:2d:df:5a:6f:db:e3:3a:b0:93:6f:ed:c8:ee:58:a4:f6:95:5e:43:48:37:1e" - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "22", - "ssl.record.version": "0x00000303", - "ssl.record.length": "89", - "ssl.handshake": { - "ssl.handshake.type": "2", - "ssl.handshake.length": "85", - "ssl.handshake.version": "0x00000303", - "Random": { - "ssl.handshake.random_time": "Aug 4, 2011 19:21:40.000000000 PDT", - "ssl.handshake.random": "67:91:a7:75:70:05:f1:f6:a4:8a:92:5b:6a:79:f5:cb:0d:f1:e8:d0:71:32:50:47:21:b3:89:6f" - }, - "ssl.handshake.session_id_length": "32", - "ssl.handshake.session_id": "db:a8:5b:1d:19:71:51:d1:ff:da:ae:4e:67:c9:7b:c1:21:90:98:af:17:5d:5e:fb:87:bb:7b:9b:e7:88:05:56", - "ssl.handshake.ciphersuite": "49199", - "ssl.handshake.comp_method": "0", - "ssl.handshake.extensions_length": "13", - "Extension: renegotiation_info": { - "ssl.handshake.extension.type": "0x0000ff01", - "ssl.handshake.extension.len": "1", - "Renegotiation Info extension": { - "ssl.handshake.extensions_reneg_info_len": "0" - } - }, - "Extension: ec_point_formats": { - "ssl.handshake.extension.type": "0x0000000b", - "ssl.handshake.extension.len": "4", - "ssl.handshake.extensions_ec_point_formats_length": "3", - "ssl.handshake.extensions_elliptic_curves": { - "ssl.handshake.extensions_ec_point_format": "0", - "ssl.handshake.extensions_ec_point_format": "1", - "ssl.handshake.extensions_ec_point_format": "2" - } - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:10.001952000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494770.001952000", - "frame.time_delta": "0.000021000", - "frame.time_delta_displayed": "0.000021000", - "frame.time_relative": "1178.541266000", - "frame.number": "4243", - "frame.len": "289", - "frame.cap_len": "289", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl:pkcs-1:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:pkcs-1:x509ce:ns_cert_exts:x509ce:x509ce:x509sat:x509sat:x509sat:x509sat:x509sat:pkcs-1:pkcs-1:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:pkcs-1:pkcs-1:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "275", - "ip.id": "0x000052c4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "230", - "ip.proto": "6", - "ip.checksum": "0x0000af1d", - "ip.checksum.status": "2", - "ip.src": "52.4.156.100", - "ip.addr": "52.4.156.100", - "ip.src_host": "52.4.156.100", - "ip.host": "52.4.156.100", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.src_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.src_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.src_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "58212", - "tcp.port": "443", - "tcp.port": "58212", - "tcp.stream": "164", - "tcp.len": "223", - "tcp.seq": "1449", - "tcp.nxtseq": "1672", - "tcp.ack": "308", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "110", - "tcp.window_size": "28160", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00009308", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:4b:46:b9:69:00:26:7d:46", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 1262926185, TSecr 2522438": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "1262926185", - "tcp.options.timestamp.tsecr": "2522438" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.077958000", - "tcp.analysis.bytes_in_flight": "1671", - "tcp.analysis.push_bytes_sent": "1671" - }, - "tcp.segment_data": "3a:cd:63:9f" - }, - "tcp.segments": { - "tcp.segment": "4242", - "tcp.segment": "4243", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1358", - "tcp.reassembled.data": "16:03:03:05:49:0b:00:05:45:00:05:42:00:03:09:30:82:03:05:30:82:02:6e:a0:03:02:01:02:02:01:00:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:34:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:34:34:5a:30:5f:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:10:30:0e:06:03:55:04:03:13:07:53:54:46:57:53:52:56:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:c9:56:e8:6d:ec:56:0a:e8:a6:09:dc:50:d1:72:66:6d:16:64:1c:fa:f4:df:ab:ee:e5:89:6f:90:1c:78:63:3a:cd:18:c9:a0:0a:c2:c9:09:99:15:ce:93:87:44:31:dc:56:53:c4:1d:bd:6a:6a:96:2d:97:e8:16:59:4c:b6:13:6d:a7:e6:e1:1e:51:8f:7a:40:d9:eb:47:f6:88:3f:04:7a:a2:3a:49:ae:c4:fb:fe:f3:b6:72:59:38:60:5e:cf:12:0d:db:15:fe:f5:c9:0c:89:b1:91:59:69:d0:4a:1c:0a:86:4d:6f:66:19:22:eb:57:e3:c8:8f:b7:f6:4d:8b:02:03:01:00:01:a3:81:d3:30:81:d0:30:09:06:03:55:1d:13:04:02:30:00:30:2c:06:09:60:86:48:01:86:f8:42:01:0d:04:1f:16:1d:4f:70:65:6e:53:53:4c:20:47:65:6e:65:72:61:74:65:64:20:43:65:72:74:69:66:69:63:61:74:65:30:1d:06:03:55:1d:0e:04:16:04:14:01:07:04:ee:a6:17:33:cc:2d:e5:e1:56:cd:43:0f:b2:71:42:05:02:30:76:06:03:55:1d:23:04:6f:30:6d:a1:60:a4:5e:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:82:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:0f:26:11:8e:c5:ab:4b:39:27:63:dc:70:73:ad:5b:c3:b1:83:2e:2d:8d:93:d4:2a:6e:70:9a:38:75:cc:0c:c4:0d:13:ae:b5:72:2f:15:bf:44:17:4a:3d:c2:8b:15:3d:87:ce:90:01:e6:20:b4:55:04:15:30:3f:ac:1b:78:f8:ff:c0:64:74:c2:29:96:f3:5f:be:a1:59:6e:24:e4:0f:4b:08:71:22:83:e6:9a:ce:7f:64:11:05:4c:33:40:04:42:a4:bf:b0:e8:e5:50:2b:0f:7b:20:ec:53:4e:da:b4:e5:8f:3c:d1:bb:ab:95:e6:16:7a:9a:72:e5:e6:53:79:00:02:33:30:82:02:2f:30:82:01:98:02:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:33:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:33:34:5a:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:eb:7c:8a:c0:0c:30:96:1b:ea:91:46:ea:ed:6b:41:f5:f0:f6:0a:16:a7:f3:cd:25:e9:4a:2c:9b:b4:66:58:54:22:a2:ad:5a:31:51:fe:85:9a:52:f5:e0:b8:45:2e:05:75:5e:fd:39:35:35:11:62:26:19:f8:7b:7d:8d:aa:73:b4:24:ab:c3:b1:08:c5:81:f1:1f:a8:3a:e6:13:ce:42:d4:67:59:3c:50:1d:6b:a2:f9:87:11:24:b5:ca:e0:cc:23:54:af:1a:9d:60:21:8e:41:4c:f9:00:4f:8e:2e:48:be:60:61:25:8a:bb:e5:16:ac:c0:01:fe:bf:6c:ee:7f:02:03:01:00:01:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:48:44:84:f7:d5:c5:67:7f:cb:ea:65:30:ba:64:5c:53:a1:6d:22:f4:de:32:75:b0:cc:53:3d:29:00:14:5a:78:1c:40:a5:2d:4e:7e:fa:c8:d6:22:c3:3e:56:3f:33:22:0b:7a:23:02:e5:75:49:94:70:27:b4:a4:a4:48:5f:77:a2:09:78:90:0e:0d:41:6d:26:a7:9f:9b:e0:16:4f:9c:16:98:14:5e:99:67:f1:cb:ff:5d:b2:7e:bf:b3:fd:c3:b3:d5:fb:3a:fe:78:2d:df:5a:6f:db:e3:3a:b0:93:6f:ed:c8:ee:58:a4:f6:95:5e:43:48:37:1e:3a:cd:63:9f" - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "22", - "ssl.record.version": "0x00000303", - "ssl.record.length": "1353", - "ssl.handshake": { - "ssl.handshake.type": "11", - "ssl.handshake.length": "1349", - "ssl.handshake.certificates_length": "1346", - "ssl.handshake.certificates": { - "ssl.handshake.certificate_length": "777", - "ssl.handshake.certificate": "30:82:03:05:30:82:02:6e:a0:03:02:01:02:02:01:00:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:34:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:34:34:5a:30:5f:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:10:30:0e:06:03:55:04:03:13:07:53:54:46:57:53:52:56:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:c9:56:e8:6d:ec:56:0a:e8:a6:09:dc:50:d1:72:66:6d:16:64:1c:fa:f4:df:ab:ee:e5:89:6f:90:1c:78:63:3a:cd:18:c9:a0:0a:c2:c9:09:99:15:ce:93:87:44:31:dc:56:53:c4:1d:bd:6a:6a:96:2d:97:e8:16:59:4c:b6:13:6d:a7:e6:e1:1e:51:8f:7a:40:d9:eb:47:f6:88:3f:04:7a:a2:3a:49:ae:c4:fb:fe:f3:b6:72:59:38:60:5e:cf:12:0d:db:15:fe:f5:c9:0c:89:b1:91:59:69:d0:4a:1c:0a:86:4d:6f:66:19:22:eb:57:e3:c8:8f:b7:f6:4d:8b:02:03:01:00:01:a3:81:d3:30:81:d0:30:09:06:03:55:1d:13:04:02:30:00:30:2c:06:09:60:86:48:01:86:f8:42:01:0d:04:1f:16:1d:4f:70:65:6e:53:53:4c:20:47:65:6e:65:72:61:74:65:64:20:43:65:72:74:69:66:69:63:61:74:65:30:1d:06:03:55:1d:0e:04:16:04:14:01:07:04:ee:a6:17:33:cc:2d:e5:e1:56:cd:43:0f:b2:71:42:05:02:30:76:06:03:55:1d:23:04:6f:30:6d:a1:60:a4:5e:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:82:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:0f:26:11:8e:c5:ab:4b:39:27:63:dc:70:73:ad:5b:c3:b1:83:2e:2d:8d:93:d4:2a:6e:70:9a:38:75:cc:0c:c4:0d:13:ae:b5:72:2f:15:bf:44:17:4a:3d:c2:8b:15:3d:87:ce:90:01:e6:20:b4:55:04:15:30:3f:ac:1b:78:f8:ff:c0:64:74:c2:29:96:f3:5f:be:a1:59:6e:24:e4:0f:4b:08:71:22:83:e6:9a:ce:7f:64:11:05:4c:33:40:04:42:a4:bf:b0:e8:e5:50:2b:0f:7b:20:ec:53:4e:da:b4:e5:8f:3c:d1:bb:ab:95:e6:16:7a:9a:72:e5:e6:53:79", - "ssl.handshake.certificate_tree": { - "x509af.signedCertificate_element": { - "x509af.version": "2", - "x509af.serialNumber": "0", - "x509af.signature_element": { - "x509af.algorithm.id": "1.2.840.113549.1.1.5" - }, - "x509af.issuer": "0", - "x509af.issuer_tree": { - "x509if.rdnSequence": "5", - "x509if.rdnSequence_tree": { - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.6", - "x509sat.CountryName": "US" - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.8", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "Minnesota" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.10", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "SmartThings" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.11", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "SmartThings" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.3", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "STCA" - } - } - } - } - }, - "x509af.validity_element": { - "x509af.notBefore": "0", - "x509af.notBefore_tree": { - "x509af.utcTime": "15-03-05 21:25:44 (UTC)" - }, - "x509af.notAfter": "0", - "x509af.notAfter_tree": { - "x509af.utcTime": "25-03-02 21:25:44 (UTC)" - } - }, - "x509af.subject": "0", - "x509af.subject_tree": { - "x509af.rdnSequence": "5", - "x509af.rdnSequence_tree": { - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.6", - "x509sat.CountryName": "US" - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.8", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "Minnesota" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.10", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "SmartThings" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.11", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "SmartThings" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.3", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "STFWSRV" - } - } - } - } - }, - "x509af.subjectPublicKeyInfo_element": { - "x509af.algorithm_element": { - "x509af.algorithm.id": "1.2.840.113549.1.1.1" - }, - "x509af.subjectPublicKey": "30:81:89:02:81:81:00:c9:56:e8:6d:ec:56:0a:e8:a6:09:dc:50:d1:72:66:6d:16:64:1c:fa:f4:df:ab:ee:e5:89:6f:90:1c:78:63:3a:cd:18:c9:a0:0a:c2:c9:09:99:15:ce:93:87:44:31:dc:56:53:c4:1d:bd:6a:6a:96:2d:97:e8:16:59:4c:b6:13:6d:a7:e6:e1:1e:51:8f:7a:40:d9:eb:47:f6:88:3f:04:7a:a2:3a:49:ae:c4:fb:fe:f3:b6:72:59:38:60:5e:cf:12:0d:db:15:fe:f5:c9:0c:89:b1:91:59:69:d0:4a:1c:0a:86:4d:6f:66:19:22:eb:57:e3:c8:8f:b7:f6:4d:8b:02:03:01:00:01", - "x509af.subjectPublicKey_tree": { - "pkcs1.modulus": "00:c9:56:e8:6d:ec:56:0a:e8:a6:09:dc:50:d1:72:66:6d:16:64:1c:fa:f4:df:ab:ee:e5:89:6f:90:1c:78:63:3a:cd:18:c9:a0:0a:c2:c9:09:99:15:ce:93:87:44:31:dc:56:53:c4:1d:bd:6a:6a:96:2d:97:e8:16:59:4c:b6:13:6d:a7:e6:e1:1e:51:8f:7a:40:d9:eb:47:f6:88:3f:04:7a:a2:3a:49:ae:c4:fb:fe:f3:b6:72:59:38:60:5e:cf:12:0d:db:15:fe:f5:c9:0c:89:b1:91:59:69:d0:4a:1c:0a:86:4d:6f:66:19:22:eb:57:e3:c8:8f:b7:f6:4d:8b", - "pkcs1.publicExponent": "65537" - } - }, - "x509af.extensions": "4", - "x509af.extensions_tree": { - "x509af.Extension_element": { - "x509af.extension.id": "2.5.29.19", - "x509ce.BasicConstraintsSyntax_element": "" - }, - "x509af.Extension_element": { - "x509af.extension.id": "2.16.840.1.113730.1.13", - "ns_cert_exts.Comment": "OpenSSL Generated Certificate" - }, - "x509af.Extension_element": { - "x509af.extension.id": "2.5.29.14", - "x509ce.SubjectKeyIdentifier": "01:07:04:ee:a6:17:33:cc:2d:e5:e1:56:cd:43:0f:b2:71:42:05:02" - }, - "x509af.Extension_element": { - "x509af.extension.id": "2.5.29.35", - "x509ce.AuthorityKeyIdentifier_element": { - "x509ce.authorityCertIssuer": "1", - "x509ce.authorityCertIssuer_tree": { - "x509ce.GeneralName": "4", - "x509ce.GeneralName_tree": { - "x509ce.directoryName": "0", - "x509ce.directoryName_tree": { - "x509if.rdnSequence": "5", - "x509if.rdnSequence_tree": { - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.6", - "x509sat.CountryName": "US" - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.8", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "Minnesota" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.10", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "SmartThings" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.11", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "SmartThings" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.3", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "STCA" - } - } - } - } - } - } - }, - "x509ce.authorityCertSerialNumber": "-2877719464742176835" - } - } - } - }, - "x509af.algorithmIdentifier_element": { - "x509af.algorithm.id": "1.2.840.113549.1.1.5" - }, - "ber.bitstring.padding": "0", - "x509af.encrypted": "0f:26:11:8e:c5:ab:4b:39:27:63:dc:70:73:ad:5b:c3:b1:83:2e:2d:8d:93:d4:2a:6e:70:9a:38:75:cc:0c:c4:0d:13:ae:b5:72:2f:15:bf:44:17:4a:3d:c2:8b:15:3d:87:ce:90:01:e6:20:b4:55:04:15:30:3f:ac:1b:78:f8:ff:c0:64:74:c2:29:96:f3:5f:be:a1:59:6e:24:e4:0f:4b:08:71:22:83:e6:9a:ce:7f:64:11:05:4c:33:40:04:42:a4:bf:b0:e8:e5:50:2b:0f:7b:20:ec:53:4e:da:b4:e5:8f:3c:d1:bb:ab:95:e6:16:7a:9a:72:e5:e6:53:79" - }, - "ssl.handshake.certificate_length": "563", - "ssl.handshake.certificate": "30:82:02:2f:30:82:01:98:02:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:33:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:33:34:5a:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:eb:7c:8a:c0:0c:30:96:1b:ea:91:46:ea:ed:6b:41:f5:f0:f6:0a:16:a7:f3:cd:25:e9:4a:2c:9b:b4:66:58:54:22:a2:ad:5a:31:51:fe:85:9a:52:f5:e0:b8:45:2e:05:75:5e:fd:39:35:35:11:62:26:19:f8:7b:7d:8d:aa:73:b4:24:ab:c3:b1:08:c5:81:f1:1f:a8:3a:e6:13:ce:42:d4:67:59:3c:50:1d:6b:a2:f9:87:11:24:b5:ca:e0:cc:23:54:af:1a:9d:60:21:8e:41:4c:f9:00:4f:8e:2e:48:be:60:61:25:8a:bb:e5:16:ac:c0:01:fe:bf:6c:ee:7f:02:03:01:00:01:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:48:44:84:f7:d5:c5:67:7f:cb:ea:65:30:ba:64:5c:53:a1:6d:22:f4:de:32:75:b0:cc:53:3d:29:00:14:5a:78:1c:40:a5:2d:4e:7e:fa:c8:d6:22:c3:3e:56:3f:33:22:0b:7a:23:02:e5:75:49:94:70:27:b4:a4:a4:48:5f:77:a2:09:78:90:0e:0d:41:6d:26:a7:9f:9b:e0:16:4f:9c:16:98:14:5e:99:67:f1:cb:ff:5d:b2:7e:bf:b3:fd:c3:b3:d5:fb:3a:fe:78:2d:df:5a:6f:db:e3:3a:b0:93:6f:ed:c8:ee:58:a4:f6:95:5e:43:48:37:1e:3a:cd:63:9f", - "ssl.handshake.certificate_tree": { - "x509af.signedCertificate_element": { - "x509af.serialNumber": "-2877719464742176835", - "x509af.signature_element": { - "x509af.algorithm.id": "1.2.840.113549.1.1.5" - }, - "x509af.issuer": "0", - "x509af.issuer_tree": { - "x509if.rdnSequence": "5", - "x509if.rdnSequence_tree": { - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.6", - "x509sat.CountryName": "US" - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.8", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "Minnesota" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.10", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "SmartThings" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.11", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "SmartThings" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.3", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "STCA" - } - } - } - } - }, - "x509af.validity_element": { - "x509af.notBefore": "0", - "x509af.notBefore_tree": { - "x509af.utcTime": "15-03-05 21:25:34 (UTC)" - }, - "x509af.notAfter": "0", - "x509af.notAfter_tree": { - "x509af.utcTime": "25-03-02 21:25:34 (UTC)" - } - }, - "x509af.subject": "0", - "x509af.subject_tree": { - "x509af.rdnSequence": "5", - "x509af.rdnSequence_tree": { - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.6", - "x509sat.CountryName": "US" - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.8", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "Minnesota" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.10", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "SmartThings" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.11", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "SmartThings" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.3", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "STCA" - } - } - } - } - }, - "x509af.subjectPublicKeyInfo_element": { - "x509af.algorithm_element": { - "x509af.algorithm.id": "1.2.840.113549.1.1.1" - }, - "x509af.subjectPublicKey": "30:81:89:02:81:81:00:eb:7c:8a:c0:0c:30:96:1b:ea:91:46:ea:ed:6b:41:f5:f0:f6:0a:16:a7:f3:cd:25:e9:4a:2c:9b:b4:66:58:54:22:a2:ad:5a:31:51:fe:85:9a:52:f5:e0:b8:45:2e:05:75:5e:fd:39:35:35:11:62:26:19:f8:7b:7d:8d:aa:73:b4:24:ab:c3:b1:08:c5:81:f1:1f:a8:3a:e6:13:ce:42:d4:67:59:3c:50:1d:6b:a2:f9:87:11:24:b5:ca:e0:cc:23:54:af:1a:9d:60:21:8e:41:4c:f9:00:4f:8e:2e:48:be:60:61:25:8a:bb:e5:16:ac:c0:01:fe:bf:6c:ee:7f:02:03:01:00:01", - "x509af.subjectPublicKey_tree": { - "pkcs1.modulus": "00:eb:7c:8a:c0:0c:30:96:1b:ea:91:46:ea:ed:6b:41:f5:f0:f6:0a:16:a7:f3:cd:25:e9:4a:2c:9b:b4:66:58:54:22:a2:ad:5a:31:51:fe:85:9a:52:f5:e0:b8:45:2e:05:75:5e:fd:39:35:35:11:62:26:19:f8:7b:7d:8d:aa:73:b4:24:ab:c3:b1:08:c5:81:f1:1f:a8:3a:e6:13:ce:42:d4:67:59:3c:50:1d:6b:a2:f9:87:11:24:b5:ca:e0:cc:23:54:af:1a:9d:60:21:8e:41:4c:f9:00:4f:8e:2e:48:be:60:61:25:8a:bb:e5:16:ac:c0:01:fe:bf:6c:ee:7f", - "pkcs1.publicExponent": "65537" - } - } - }, - "x509af.algorithmIdentifier_element": { - "x509af.algorithm.id": "1.2.840.113549.1.1.5" - }, - "ber.bitstring.padding": "0", - "x509af.encrypted": "48:44:84:f7:d5:c5:67:7f:cb:ea:65:30:ba:64:5c:53:a1:6d:22:f4:de:32:75:b0:cc:53:3d:29:00:14:5a:78:1c:40:a5:2d:4e:7e:fa:c8:d6:22:c3:3e:56:3f:33:22:0b:7a:23:02:e5:75:49:94:70:27:b4:a4:a4:48:5f:77:a2:09:78:90:0e:0d:41:6d:26:a7:9f:9b:e0:16:4f:9c:16:98:14:5e:99:67:f1:cb:ff:5d:b2:7e:bf:b3:fd:c3:b3:d5:fb:3a:fe:78:2d:df:5a:6f:db:e3:3a:b0:93:6f:ed:c8:ee:58:a4:f6:95:5e:43:48:37:1e:3a:cd:63:9f" - } - } - } - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "22", - "ssl.record.version": "0x00000303", - "ssl.record.length": "205", - "ssl.handshake": { - "ssl.handshake.type": "12", - "ssl.handshake.length": "201", - "EC Diffie-Hellman Server Params": { - "ssl.handshake.server_curve_type": "0x00000003", - "ssl.handshake.server_named_curve": "0x00000017", - "ssl.handshake.server_point_len": "65", - "ssl.handshake.server_point": "04:ca:c7:f7:9f:6c:1c:57:b7:f3:18:a7:d9:6f:b4:80:ff:ab:92:b3:c6:97:85:51:4a:09:36:82:ec:14:78:c6:6b:f5:20:14:36:34:31:6d:3e:81:6b:9b:b2:92:fd:da:1f:f6:5c:44:4d:72:02:7f:ec:0c:ff:35:b0:43:76:70:57", - "ssl.handshake.sig_hash_alg": "0x00000601", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "6", - "ssl.handshake.sig_hash_sig": "1" - }, - "ssl.handshake.sig_len": "128", - "ssl.handshake.sig": "65:92:be:87:ca:e9:e8:f0:43:4b:2c:e7:64:e7:3b:f4:a5:41:5e:e8:2a:60:24:02:0e:9e:53:f9:de:d6:a4:14:ff:9f:9f:91:f2:54:f9:da:9c:a5:c6:83:8f:d7:86:ab:3a:ab:44:95:6e:ab:27:07:b9:00:7a:5f:84:e8:2f:65:9b:c6:40:b5:72:72:c0:a0:3a:b7:59:8e:8a:13:2a:b8:2c:c7:58:cd:e2:59:97:ec:d2:aa:98:02:c3:b6:45:e3:96:8b:8a:42:60:61:ad:1b:b4:43:81:3e:c4:88:9d:f0:55:a4:a3:de:89:1f:e1:48:16:54:65:8f:a4:0f:e6:d8" - } - } - }, - "ssl.record": { - "ssl.record.content_type": "22", - "ssl.record.version": "0x00000303", - "ssl.record.length": "4", - "ssl.handshake": { - "ssl.handshake.type": "14", - "ssl.handshake.length": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:10.002624000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494770.002624000", - "frame.time_delta": "0.000672000", - "frame.time_delta_displayed": "0.000672000", - "frame.time_relative": "1178.541938000", - "frame.number": "4244", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000d963", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000cf5d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "52.4.156.100", - "ip.addr": "52.4.156.100", - "ip.dst_host": "52.4.156.100", - "ip.host": "52.4.156.100", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.dst_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.dst_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.dst_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - } - }, - "tcp": { - "tcp.srcport": "58212", - "tcp.dstport": "443", - "tcp.port": "58212", - "tcp.port": "443", - "tcp.stream": "164", - "tcp.len": "0", - "tcp.seq": "308", - "tcp.ack": "1672", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "281", - "tcp.window_size": "17984", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000476e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:7d:4e:4b:46:b9:69", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2522446, TSecr 1262926185": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2522446", - "tcp.options.timestamp.tsecr": "1262926185" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4243", - "tcp.analysis.ack_rtt": "0.000672000", - "tcp.analysis.initial_rtt": "0.077958000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:10.027979000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494770.027979000", - "frame.time_delta": "0.025355000", - "frame.time_delta_displayed": "0.025355000", - "frame.time_relative": "1178.567293000", - "frame.number": "4245", - "frame.len": "192", - "frame.cap_len": "192", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "178", - "ip.id": "0x0000d964", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000cede", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "52.4.156.100", - "ip.addr": "52.4.156.100", - "ip.dst_host": "52.4.156.100", - "ip.host": "52.4.156.100", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.dst_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.dst_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.dst_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - } - }, - "tcp": { - "tcp.srcport": "58212", - "tcp.dstport": "443", - "tcp.port": "58212", - "tcp.port": "443", - "tcp.stream": "164", - "tcp.len": "126", - "tcp.seq": "308", - "tcp.nxtseq": "434", - "tcp.ack": "1672", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "281", - "tcp.window_size": "17984", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x00004882", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:7d:50:4b:46:b9:69", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2522448, TSecr 1262926185": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2522448", - "tcp.options.timestamp.tsecr": "1262926185" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.077958000", - "tcp.analysis.bytes_in_flight": "126", - "tcp.analysis.push_bytes_sent": "126" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "22", - "ssl.record.version": "0x00000303", - "ssl.record.length": "70", - "ssl.handshake": { - "ssl.handshake.type": "16", - "ssl.handshake.length": "66", - "EC Diffie-Hellman Client Params": { - "ssl.handshake.client_point_len": "65", - "ssl.handshake.client_point": "04:a5:bd:40:10:30:db:74:02:5b:da:93:5d:61:3a:ba:c7:87:8d:95:06:82:6b:68:65:18:cb:f5:9c:7a:fa:dc:ae:60:83:58:cf:20:f1:98:35:54:7e:da:ec:ab:90:76:1e:f7:b1:cc:12:6d:5f:df:c7:d6:e4:e7:ed:32:ad:93:3f" - } - } - }, - "ssl.record": { - "ssl.record.content_type": "20", - "ssl.record.version": "0x00000303", - "ssl.record.length": "1", - "ssl.change_cipher_spec": "" - }, - "ssl.record": { - "ssl.record.content_type": "22", - "ssl.record.version": "0x00000303", - "ssl.record.length": "40", - "ssl.handshake": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:10.105993000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494770.105993000", - "frame.time_delta": "0.078014000", - "frame.time_delta_displayed": "0.078014000", - "frame.time_relative": "1178.645307000", - "frame.number": "4246", - "frame.len": "117", - "frame.cap_len": "117", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "103", - "ip.id": "0x000052c5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "230", - "ip.proto": "6", - "ip.checksum": "0x0000afc8", - "ip.checksum.status": "2", - "ip.src": "52.4.156.100", - "ip.addr": "52.4.156.100", - "ip.src_host": "52.4.156.100", - "ip.host": "52.4.156.100", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.src_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.src_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.src_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "58212", - "tcp.port": "443", - "tcp.port": "58212", - "tcp.stream": "164", - "tcp.len": "51", - "tcp.seq": "1672", - "tcp.nxtseq": "1723", - "tcp.ack": "434", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "110", - "tcp.window_size": "28160", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00001050", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:4b:46:b9:83:00:26:7d:50", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 1262926211, TSecr 2522448": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "1262926211", - "tcp.options.timestamp.tsecr": "2522448" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4245", - "tcp.analysis.ack_rtt": "0.078014000", - "tcp.analysis.initial_rtt": "0.077958000", - "tcp.analysis.bytes_in_flight": "51", - "tcp.analysis.push_bytes_sent": "51" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "20", - "ssl.record.version": "0x00000303", - "ssl.record.length": "1", - "ssl.change_cipher_spec": "" - }, - "ssl.record": { - "ssl.record.content_type": "22", - "ssl.record.version": "0x00000303", - "ssl.record.length": "40", - "ssl.handshake": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:10.107589000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494770.107589000", - "frame.time_delta": "0.001596000", - "frame.time_delta_displayed": "0.001596000", - "frame.time_relative": "1178.646903000", - "frame.number": "4247", - "frame.len": "135", - "frame.cap_len": "135", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "121", - "ip.id": "0x0000d965", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000cf16", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "52.4.156.100", - "ip.addr": "52.4.156.100", - "ip.dst_host": "52.4.156.100", - "ip.host": "52.4.156.100", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.dst_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.dst_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.dst_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - } - }, - "tcp": { - "tcp.srcport": "58212", - "tcp.dstport": "443", - "tcp.port": "58212", - "tcp.port": "443", - "tcp.stream": "164", - "tcp.len": "69", - "tcp.seq": "434", - "tcp.nxtseq": "503", - "tcp.ack": "1723", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "281", - "tcp.window_size": "17984", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x00006c57", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:7d:58:4b:46:b9:83", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2522456, TSecr 1262926211": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2522456", - "tcp.options.timestamp.tsecr": "1262926211" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4246", - "tcp.analysis.ack_rtt": "0.001596000", - "tcp.analysis.initial_rtt": "0.077958000", - "tcp.analysis.bytes_in_flight": "69", - "tcp.analysis.push_bytes_sent": "69" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "64", - "ssl.app_data": "2f:63:9c:0b:41:37:ce:75:95:de:0b:6a:ad:d0:52:de:6f:09:d9:48:12:f9:51:7d:05:78:81:a6:7b:a4:d4:da:1b:09:b5:67:f8:41:46:4c:d6:0c:51:05:4f:ff:1b:6f:dc:81:3d:2b:f9:2b:0d:aa:80:9c:f4:16:97:fc:21:53" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:10.185677000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494770.185677000", - "frame.time_delta": "0.078088000", - "frame.time_delta_displayed": "0.078088000", - "frame.time_relative": "1178.724991000", - "frame.number": "4248", - "frame.len": "135", - "frame.cap_len": "135", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "121", - "ip.id": "0x000052c6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "230", - "ip.proto": "6", - "ip.checksum": "0x0000afb5", - "ip.checksum.status": "2", - "ip.src": "52.4.156.100", - "ip.addr": "52.4.156.100", - "ip.src_host": "52.4.156.100", - "ip.host": "52.4.156.100", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.src_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.src_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.src_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "58212", - "tcp.port": "443", - "tcp.port": "58212", - "tcp.stream": "164", - "tcp.len": "69", - "tcp.seq": "1723", - "tcp.nxtseq": "1792", - "tcp.ack": "503", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "110", - "tcp.window_size": "28160", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000f3a9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:4b:46:b9:97:00:26:7d:58", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 1262926231, TSecr 2522456": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "1262926231", - "tcp.options.timestamp.tsecr": "2522456" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4247", - "tcp.analysis.ack_rtt": "0.078088000", - "tcp.analysis.initial_rtt": "0.077958000", - "tcp.analysis.bytes_in_flight": "69", - "tcp.analysis.push_bytes_sent": "69" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "64", - "ssl.app_data": "cd:29:b1:ef:4f:b6:e5:8e:a3:53:b0:5e:63:9b:a8:a6:27:70:9e:39:9a:9c:21:75:c0:e5:cf:f6:65:32:f0:48:6a:8e:74:93:87:80:21:bc:85:63:3b:ea:bf:2e:75:00:1e:9d:2a:2c:a0:90:61:55:be:c1:c1:c3:a1:89:89:f8" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:10.186612000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494770.186612000", - "frame.time_delta": "0.000935000", - "frame.time_delta_displayed": "0.000935000", - "frame.time_relative": "1178.725926000", - "frame.number": "4249", - "frame.len": "555", - "frame.cap_len": "555", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "541", - "ip.id": "0x0000d966", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000cd71", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "52.4.156.100", - "ip.addr": "52.4.156.100", - "ip.dst_host": "52.4.156.100", - "ip.host": "52.4.156.100", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.dst_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.dst_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.dst_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - } - }, - "tcp": { - "tcp.srcport": "58212", - "tcp.dstport": "443", - "tcp.port": "58212", - "tcp.port": "443", - "tcp.stream": "164", - "tcp.len": "489", - "tcp.seq": "503", - "tcp.nxtseq": "992", - "tcp.ack": "1792", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "281", - "tcp.window_size": "17984", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x00002c59", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:7d:60:4b:46:b9:97", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2522464, TSecr 1262926231": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2522464", - "tcp.options.timestamp.tsecr": "1262926231" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4248", - "tcp.analysis.ack_rtt": "0.000935000", - "tcp.analysis.initial_rtt": "0.077958000", - "tcp.analysis.bytes_in_flight": "489", - "tcp.analysis.push_bytes_sent": "489" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "484", - "ssl.app_data": "2f:63:9c:0b:41:37:ce:76:29:41:5c:d8:6f:a7:02:40:19:3a:0e:f6:83:91:d0:84:d8:a4:97:e1:f2:e8:6f:36:5a:c1:3f:59:6c:82:e7:70:1a:25:19:48:20:00:3f:38:39:99:b1:e4:05:2e:7d:74:32:60:2e:81:74:4c:f4:5e:64:95:32:8b:03:25:d6:50:e7:a3:80:a4:6b:29:a6:ec:0b:7b:ba:5e:e5:23:94:b1:77:36:3e:a8:4d:89:28:97:41:27:37:3c:cb:0c:cf:45:ee:c8:69:b7:43:3c:02:71:c8:c2:ea:ea:c8:ad:60:21:67:59:44:0b:c0:85:95:29:2c:b9:10:c5:93:79:fe:56:f1:da:70:98:a0:bf:f1:db:b0:2a:80:ff:f3:a5:3e:1d:c3:f7:19:2a:a0:b0:ae:4e:73:c7:64:d5:3a:dd:f8:07:b1:cc:75:cb:e3:63:e7:e1:4f:89:70:4b:46:77:35:f1:52:cf:60:f2:c1:ca:12:2b:a5:f9:16:ad:0f:6f:02:d8:8a:8a:16:28:bc:33:4d:24:34:a4:43:34:e3:76:d1:75:03:21:53:42:41:f2:0e:68:94:4c:53:4d:de:16:2d:a4:78:51:2d:e1:ae:a0:b6:8c:64:8e:2a:07:e1:e2:73:f7:bd:ec:7e:59:da:c9:5c:f1:75:21:19:ff:c7:00:bd:d9:57:76:83:7b:8c:1a:09:12:c6:59:12:35:83:27:14:d2:68:5d:af:3b:12:b7:f3:06:87:e6:09:79:4c:1e:0f:38:f7:7b:53:82:53:f5:c2:63:93:54:c1:04:cf:e2:cf:62:4e:65:0d:a2:24:61:72:da:cc:ba:6c:4c:11:36:98:de:a8:16:a4:9f:0b:48:92:4a:d8:7c:f0:3a:a5:35:57:aa:6b:1d:e9:fc:a1:b0:62:f9:26:c2:70:c4:bb:eb:a2:41:40:01:f8:5d:48:e1:e4:f3:0c:a2:c6:9d:e7:97:f8:f0:45:a8:01:91:38:c9:0e:34:86:82:08:25:e6:18:47:3f:6b:0d:e3:99:d7:fc:8d:99:58:9f:0b:ab:d2:d2:71:e2:6c:f3:7c:e8:80:36:95:5f:a5:a9:3a:cf:90:dd:5d:57:12:d2:18:cd:e3:c4:97:9f:e4:16:94:96:fe:a7:74:c0:a9:57:d6:a8:40:b6:a2:ec:e4:81:4c:b5:1c:c8:43:f0:1e:a9:5f:3a:95:2c:a2:04:8e:66:8f:be:65:7b:23:f3:e5:ec:ad:b2:88:8d:71:7a:6f:13:90:36" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:10.206589000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494770.206589000", - "frame.time_delta": "0.019977000", - "frame.time_delta_displayed": "0.019977000", - "frame.time_relative": "1178.745903000", - "frame.number": "4250", - "frame.len": "130", - "frame.cap_len": "130", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "116", - "ip.id": "0x00000b5f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ed31", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "96", - "udp.checksum": "0x0000c1af", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "58:00:00:54:42:52:4b:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:00:84:17:cd:bf:7e:cd:f2:14:6b:00:00:00:78:27:e3:e3:14:2e:34:21:00:00:ff:ff:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", - "data.len": "88" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:10.264434000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494770.264434000", - "frame.time_delta": "0.057845000", - "frame.time_delta_displayed": "0.057845000", - "frame.time_relative": "1178.803748000", - "frame.number": "4251", - "frame.len": "141", - "frame.cap_len": "141", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "127", - "ip.id": "0x000052c7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "230", - "ip.proto": "6", - "ip.checksum": "0x0000afae", - "ip.checksum.status": "2", - "ip.src": "52.4.156.100", - "ip.addr": "52.4.156.100", - "ip.src_host": "52.4.156.100", - "ip.host": "52.4.156.100", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.src_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.src_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.src_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "58212", - "tcp.port": "443", - "tcp.port": "58212", - "tcp.stream": "164", - "tcp.len": "75", - "tcp.seq": "1792", - "tcp.nxtseq": "1867", - "tcp.ack": "992", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "114", - "tcp.window_size": "29184", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000002eb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:4b:46:b9:aa:00:26:7d:60", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 1262926250, TSecr 2522464": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "1262926250", - "tcp.options.timestamp.tsecr": "2522464" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4249", - "tcp.analysis.ack_rtt": "0.077822000", - "tcp.analysis.initial_rtt": "0.077958000", - "tcp.analysis.bytes_in_flight": "75", - "tcp.analysis.push_bytes_sent": "75" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "70", - "ssl.app_data": "cd:29:b1:ef:4f:b6:e5:8f:9e:18:0a:95:71:f4:88:65:bf:5f:00:a5:7c:a1:00:f0:c4:49:72:14:4b:a6:63:08:ad:a0:a4:61:b4:dd:a7:53:a2:bb:86:24:a9:30:58:24:3d:5f:c5:c2:85:bf:ce:21:77:2c:af:90:b9:3b:e4:1e:4f:2b:9a:da:05:4d" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:10.265024000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494770.265024000", - "frame.time_delta": "0.000590000", - "frame.time_delta_displayed": "0.000590000", - "frame.time_relative": "1178.804338000", - "frame.number": "4252", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000d967", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000cf59", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "52.4.156.100", - "ip.addr": "52.4.156.100", - "ip.dst_host": "52.4.156.100", - "ip.host": "52.4.156.100", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.dst_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.dst_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.dst_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - } - }, - "tcp": { - "tcp.srcport": "58212", - "tcp.dstport": "443", - "tcp.port": "58212", - "tcp.port": "443", - "tcp.stream": "164", - "tcp.len": "0", - "tcp.seq": "992", - "tcp.ack": "1867", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "281", - "tcp.window_size": "17984", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x000043a3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:7d:68:4b:46:b9:aa", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2522472, TSecr 1262926250": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2522472", - "tcp.options.timestamp.tsecr": "1262926250" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4251", - "tcp.analysis.ack_rtt": "0.000590000", - "tcp.analysis.initial_rtt": "0.077958000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:10.342684000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494770.342684000", - "frame.time_delta": "0.077660000", - "frame.time_delta_displayed": "0.077660000", - "frame.time_relative": "1178.881998000", - "frame.number": "4253", - "frame.len": "97", - "frame.cap_len": "97", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "83", - "ip.id": "0x000052c8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "230", - "ip.proto": "6", - "ip.checksum": "0x0000afd9", - "ip.checksum.status": "2", - "ip.src": "52.4.156.100", - "ip.addr": "52.4.156.100", - "ip.src_host": "52.4.156.100", - "ip.host": "52.4.156.100", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.src_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.src_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.src_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "58212", - "tcp.port": "443", - "tcp.port": "58212", - "tcp.stream": "164", - "tcp.len": "31", - "tcp.seq": "1867", - "tcp.nxtseq": "1898", - "tcp.ack": "993", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "114", - "tcp.window_size": "29184", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000b7cb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:4b:46:b9:be:00:26:7d:68", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 1262926270, TSecr 2522472": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "1262926270", - "tcp.options.timestamp.tsecr": "2522472" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4252", - "tcp.analysis.ack_rtt": "0.077660000", - "tcp.analysis.initial_rtt": "0.077958000", - "tcp.analysis.bytes_in_flight": "31", - "tcp.analysis.push_bytes_sent": "31" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "21", - "ssl.record.version": "0x00000303", - "ssl.record.length": "26", - "ssl.alert_message": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:10.342770000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494770.342770000", - "frame.time_delta": "0.000086000", - "frame.time_delta_displayed": "0.000086000", - "frame.time_relative": "1178.882084000", - "frame.number": "4254", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x000052c9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "230", - "ip.proto": "6", - "ip.checksum": "0x0000aff7", - "ip.checksum.status": "2", - "ip.src": "52.4.156.100", - "ip.addr": "52.4.156.100", - "ip.src_host": "52.4.156.100", - "ip.host": "52.4.156.100", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.src_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.src_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.src_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "58212", - "tcp.port": "443", - "tcp.port": "58212", - "tcp.stream": "164", - "tcp.len": "0", - "tcp.seq": "1898", - "tcp.ack": "993", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "114", - "tcp.window_size": "29184", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00004416", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:4b:46:b9:be:00:26:7d:68", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 1262926270, TSecr 2522472": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "1262926270", - "tcp.options.timestamp.tsecr": "2522472" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:10.343196000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494770.343196000", - "frame.time_delta": "0.000426000", - "frame.time_delta_displayed": "0.000426000", - "frame.time_relative": "1178.882510000", - "frame.number": "4255", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00007041", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000388c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "52.4.156.100", - "ip.addr": "52.4.156.100", - "ip.dst_host": "52.4.156.100", - "ip.host": "52.4.156.100", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.dst_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.dst_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.dst_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - } - }, - "tcp": { - "tcp.srcport": "58212", - "tcp.dstport": "443", - "tcp.port": "58212", - "tcp.port": "443", - "tcp.stream": "164", - "tcp.len": "0", - "tcp.seq": "993", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000da26", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:10.343207000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494770.343207000", - "frame.time_delta": "0.000011000", - "frame.time_delta_displayed": "0.000011000", - "frame.time_relative": "1178.882521000", - "frame.number": "4256", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00007042", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000388b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "52.4.156.100", - "ip.addr": "52.4.156.100", - "ip.dst_host": "52.4.156.100", - "ip.host": "52.4.156.100", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.dst_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.dst_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.dst_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - } - }, - "tcp": { - "tcp.srcport": "58212", - "tcp.dstport": "443", - "tcp.port": "58212", - "tcp.port": "443", - "tcp.stream": "164", - "tcp.len": "0", - "tcp.seq": "993", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000da26", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:12.636056000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494772.636056000", - "frame.time_delta": "2.292849000", - "frame.time_delta_displayed": "2.292849000", - "frame.time_relative": "1181.175370000", - "frame.number": "4257", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001dfc", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b9f4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000187f", - "udp.checksum.status": "2", - "udp.stream": "98" - }, - "mdns": { - "dns.id": "0x00000277", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=631", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:12.636489000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494772.636489000", - "frame.time_delta": "0.000433000", - "frame.time_delta_displayed": "0.000433000", - "frame.time_relative": "1181.175803000", - "frame.number": "4258", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001dfd", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009aef", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f97a", - "udp.checksum.status": "2", - "udp.stream": "99" - }, - "mdns": { - "dns.id": "0x00000277", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=631", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:12.636955000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494772.636955000", - "frame.time_delta": "0.000466000", - "frame.time_delta_displayed": "0.000466000", - "frame.time_relative": "1181.176269000", - "frame.number": "4259", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1322", - "udp.dstport": "5353", - "udp.port": "1322", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00008740", - "udp.checksum.status": "2", - "udp.stream": "100" - }, - "mdns": { - "dns.id": "0x00000277", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=631", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:13.856627000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494773.856627000", - "frame.time_delta": "1.219672000", - "frame.time_delta_displayed": "1.219672000", - "frame.time_relative": "1182.395941000", - "frame.number": "4260", - "frame.len": "130", - "frame.cap_len": "130", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "116", - "ip.id": "0x00000b61", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ed2f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "96", - "udp.checksum": "0x00009c3a", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:11:04:ac:5b:99:7f:cd:f2:14:6b:00:00:00:78:27:e3:e3:14:2e:34:21:00:00:ff:ff:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", - "data.len": "88" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:14.470426000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494774.470426000", - "frame.time_delta": "0.613799000", - "frame.time_delta_displayed": "0.613799000", - "frame.time_relative": "1183.009740000", - "frame.number": "4261", - "frame.len": "162", - "frame.cap_len": "162", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "148", - "ip.id": "0x00000feb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fd3a", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "108", - "tcp.seq": "361", - "tcp.nxtseq": "469", - "tcp.ack": "402", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000959b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "108", - "tcp.analysis.push_bytes_sent": "108" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "103", - "ssl.app_data": "54:26:79:5a:1e:3d:fa:6c:28:9c:fb:80:53:b5:aa:c8:66:5b:92:31:3c:48:d3:b5:72:50:d3:82:f1:e9:32:d0:a2:7f:00:1a:34:d0:ca:6b:92:0d:b3:dc:7c:e1:84:fc:60:38:ab:e5:7f:7e:fc:fd:80:49:36:e4:93:0e:b5:62:77:12:90:03:c9:ae:15:57:72:59:ad:69:91:5d:55:29:81:ce:23:e4:68:12:00:6d:22:ff:a9:47:8c:a8:76:59:cf:4a:89:40:39:d4:df" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:14.470916000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494774.470916000", - "frame.time_delta": "0.000490000", - "frame.time_delta_displayed": "0.000490000", - "frame.time_relative": "1183.010230000", - "frame.number": "4262", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005800", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a691", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "402", - "tcp.ack": "469", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000035a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4261", - "tcp.analysis.ack_rtt": "0.000490000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:14.488458000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494774.488458000", - "frame.time_delta": "0.017542000", - "frame.time_delta_displayed": "0.017542000", - "frame.time_relative": "1183.027772000", - "frame.number": "4263", - "frame.len": "4522", - "frame.cap_len": "4522", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "4508", - "ip.id": "0x00005801", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000951c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "4468", - "tcp.seq": "402", - "tcp.nxtseq": "4870", - "tcp.ack": "469", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00004dcd", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "4468", - "tcp.analysis.push_bytes_sent": "4468" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "4463", - "ssl.app_data": "c1:4c:bc:6e:d4:4e:36:e6:6d:07:2f:82:44:0f:35:f6:18:2b:36:73:a9:1e:b0:c1:06:c6:1a:13:b0:fe:8d:b9:f4:23:5d:b2:19:81:a5:77:c7:a5:b0:cb:53:e2:23:91:b6:d7:60:c6:e7:bd:41:f2:af:1f:b1:0e:83:c1:f7:fa:2f:e7:4f:5d:56:ad:a1:5e:2a:5b:80:be:f1:70:2e:ab:98:94:9f:be:25:dc:34:a9:d4:41:28:47:68:38:9a:2e:30:57:82:69:5d:5a:fe:90:42:67:4e:ee:6d:d7:1c:35:ce:20:38:44:58:af:61:ec:e3:9e:ab:20:17:36:35:d3:0e:61:96:b5:4e:c6:60:a3:13:82:85:f1:75:35:be:97:a7:59:5b:8e:b9:f4:e6:4a:3d:2e:7f:05:2f:36:61:54:5d:c2:61:7d:91:e2:a5:b7:da:9d:ea:3a:61:2d:fb:3f:34:7c:5d:db:31:be:da:d9:8b:a6:9f:2c:ab:37:1c:1a:9f:74:ea:78:8e:d9:ee:16:c3:af:86:d6:ca:ba:84:d9:65:fb:1b:71:8e:b8:e1:cf:06:33:11:e3:62:21:8d:30:8f:a2:25:97:d4:10:68:d7:18:a5:a3:b2:ef:8a:4b:68:fe:bb:4f:5a:e6:62:34:d4:d7:10:b8:ef:26:0a:03:6e:0a:e1:e6:5d:ea:b9:da:a9:1f:a5:b3:50:98:c4:fc:5a:35:16:5a:ae:d1:d5:20:40:2f:b6:5c:85:05:c9:af:61:78:9b:1c:54:56:18:b7:4a:57:8f:a0:e8:ee:80:2a:cb:b1:c8:a4:cf:a9:b7:26:8e:a6:af:86:0a:f6:56:c7:49:55:44:98:dc:eb:2f:af:19:de:32:6d:f0:a1:0d:b9:70:29:d9:c9:da:c1:55:9f:66:cd:27:a8:f7:a6:4e:9c:57:4d:da:a4:d9:07:b6:de:d9:35:40:ad:a3:87:45:45:72:a4:ce:03:68:45:27:75:01:29:9b:af:48:4b:4b:9f:09:7c:34:8a:1e:bb:7e:09:6e:71:bd:ed:53:e4:69:72:37:81:9b:25:11:8b:52:28:f8:5a:32:da:3e:5f:a5:dc:a0:30:0a:b7:8d:07:91:51:68:c3:d3:7c:94:6e:47:af:16:dc:73:a6:bd:33:24:f9:4a:cf:64:14:aa:fe:1f:88:d2:e1:7c:5d:29:55:61:84:d7:3f:3d:21:b7:3a:92:85:f1:81:cf:a5:d6:9b:a8:27:59:1e:65:84:10:89:2f:52:d1:28:c4:d3:4c:18:fd:cc:79:2b:e4:90:e8:4a:70:e3:f9:8a:3a:b2:b6:00:1b:3a:ba:b1:eb:68:d2:02:f4:45:28:4e:7a:30:60:9c:73:93:55:e2:32:d0:08:4a:6f:97:a4:c4:57:7c:c3:3b:4b:59:9f:b4:37:8e:83:cd:52:e0:ec:0a:5b:6c:bf:17:77:84:93:16:85:b4:b1:a2:73:03:a5:1a:b5:6c:b2:a6:96:ee:8f:25:01:ec:5b:1f:0a:65:54:95:b2:3e:8c:25:c3:fe:bf:0e:ea:aa:37:79:e7:05:54:94:c2:d4:6e:ee:e8:29:83:3e:d4:d1:ae:da:a9:67:cc:a4:2a:c6:df:df:0f:b5:6b:2c:c6:be:43:f9:94:93:ea:d6:03:1d:70:45:ae:99:35:35:d5:2f:ed:c5:d4:95:63:d0:8c:b3:7b:1e:2f:58:18:56:23:30:63:24:ce:20:8d:21:fa:82:f0:84:9b:db:a9:0c:b5:f1:f1:63:8d:b3:cb:1f:24:62:84:69:fe:8e:74:b7:13:33:05:38:a1:50:8d:23:a6:72:2e:34:a9:30:ed:fb:2c:0b:4c:25:1e:03:23:16:96:e6:53:21:12:e0:dc:0d:30:25:88:bb:a2:54:fb:47:7c:56:29:2c:70:4e:a1:ed:3b:88:10:fb:c5:df:d4:d5:b4:4b:a2:69:d1:9b:6a:92:37:ff:f2:5c:09:7e:23:a5:bd:d0:0d:d0:39:d0:ca:6b:99:21:a8:61:d9:7c:5c:b4:f8:84:4f:f6:28:b1:a7:80:63:fe:6e:0f:31:b4:e9:b8:f9:41:fa:65:3e:ac:1b:3a:4c:af:30:11:49:7e:71:a0:43:37:a8:34:ca:c1:6e:62:c4:cd:84:a3:82:74:62:0d:d4:7c:4a:e7:57:24:da:7d:ac:1e:89:fb:a8:a5:71:50:21:96:4c:70:c9:83:b1:42:d7:9c:30:3b:5e:2f:18:6b:24:1b:d0:ab:d8:8e:a9:0e:69:6c:ee:ec:e4:23:56:58:8b:08:e8:55:15:94:b1:9a:17:a4:ce:b7:b4:42:ab:12:da:d9:3e:59:62:c9:ad:3f:7b:ed:6f:f4:54:59:15:35:77:01:3d:69:59:a7:00:4c:78:0d:6b:d8:92:6a:e8:66:ef:60:97:43:c7:c6:59:5a:e6:21:bf:63:86:50:20:00:0a:b3:49:c5:4d:2e:ef:7b:64:29:d7:2b:bf:44:5c:c6:04:99:4f:72:b0:44:04:02:59:95:2b:e4:23:fa:39:2c:46:5d:89:1b:9f:a4:92:96:9e:53:70:f6:4d:a9:30:90:4e:2f:97:93:3f:99:59:89:4a:76:50:fd:41:11:6a:d3:d8:71:20:18:3c:98:45:70:5b:d8:b7:aa:be:41:2a:55:70:c5:7e:1f:cd:f0:b1:20:c4:3c:f4:5b:81:71:5f:1f:dd:ee:fc:98:80:46:2f:2c:19:a7:55:ae:ec:a4:d6:e1:f2:6b:f8:4b:b2:f5:3b:d7:0a:94:39:c5:e5:e2:48:cb:a2:ac:bd:fc:fd:b4:6d:65:cc:97:85:f4:99:5d:f1:3f:75:f2:81:f3:72:dc:b2:cd:89:7e:51:19:d7:7e:56:b3:c0:73:e7:1b:eb:72:8c:ef:24:8c:4d:a1:81:95:b0:ea:07:47:12:ff:e2:ef:d8:33:67:d6:82:b4:34:ee:92:96:f3:77:ce:ab:ca:69:fa:49:f3:b1:df:6a:a6:4e:fb:88:2d:06:7a:7f:58:be:73:78:d4:a7:bb:9d:33:53:e6:a4:55:39:b1:12:54:93:f0:ae:f7:cd:a1:cc:4f:84:bb:58:5b:27:71:c0:aa:0b:df:db:db:7e:e2:7a:c3:2e:47:f7:cd:5d:56:48:bc:85:e5:99:3f:95:ac:6d:45:38:a9:28:39:25:ee:2b:ae:e2:37:81:23:a5:d3:22:4e:ee:2e:a0:4c:89:4d:7a:e7:ef:69:45:70:64:14:07:6f:02:78:82:50:a8:17:37:36:f3:2b:86:73:94:47:75:d9:4e:c6:bc:1d:1b:25:d3:78:37:83:7b:01:82:6a:6f:96:d7:40:44:f3:b7:48:98:be:dd:e0:fe:4d:a4:da:75:4a:cf:36:09:a5:27:d4:cb:a7:ca:28:cd:ad:d1:a3:46:89:dd:6a:e6:c0:1e:ad:9a:fc:25:0f:39:cc:59:c4:ba:c9:64:0e:3d:c5:b2:0d:fc:4c:94:f4:e0:0f:3a:bd:f7:60:32:06:86:1e:27:4c:22:4d:cf:a6:19:f2:19:3c:c6:58:d6:fc:e4:e4:25:19:2f:b7:1d:8d:c7:09:08:53:6c:12:e5:81:6b:01:dc:09:39:b3:24:91:9b:b5:4f:9b:16:cc:dd:f3:3a:21:17:64:e7:31:5f:8b:4b:06:61:fd:8d:73:3b:a4:cc:c4:92:fd:44:bc:d4:c6:70:56:a3:36:96:1b:00:9f:40:9e:c5:dc:47:9f:76:f7:75:5a:2b:90:e7:5f:1e:f9:dc:e6:aa:cf:b1:cc:d5:af:9a:91:59:eb:06:d6:da:9d:d3:54:c7:92:bc:a1:e3:90:31:2b:ec:cc:05:7e:e7:dc:88:9d:6d:18:df:5f:e2:59:66:09:4d:3b:a0:04:a3:5d:9c:28:89:17:c6:70:85:df:54:85:18:3d:97:95:ca:90:25:45:3f:da:28:78:b8:d6:33:20:f6:cb:db:de:c6:ef:7a:26:4c:b8:80:5c:4b:f8:38:98:3d:2c:95:55:be:60:12:2c:98:9e:a3:0f:5a:e7:22:8a:42:7e:44:f2:31:fd:f2:9a:67:93:8e:88:ec:e1:cb:c2:0d:96:5c:fe:d3:58:a4:c3:a6:84:83:85:ed:40:8a:4b:47:72:ef:02:8f:44:61:7a:7f:0f:39:4f:72:59:5f:3a:7a:7b:5b:91:4f:29:6a:05:c2:67:42:96:62:45:4c:c3:56:01:9b:ac:08:a2:43:8b:53:10:35:02:5e:17:fa:15:2b:88:eb:84:52:90:8e:d2:88:aa:47:89:da:5e:e1:0f:99:03:9b:6e:9d:51:68:9a:40:48:2a:ca:16:31:24:6f:0f:1e:7a:fc:7e:12:9a:64:d6:81:81:b1:08:7e:e4:e4:ce:ac:77:2a:54:78:ce:16:4f:94:25:96:33:5d:44:4a:01:aa:f7:c1:7a:86:2f:35:fa:3d:73:a2:cb:87:6b:52:5a:0a:a7:0e:32:0e:51:70:9f:bd:1c:e7:03:bf:72:7f:6e:5b:22:14:4b:70:88:64:f2:c9:6c:e3:bf:ef:ec:32:6e:51:5a:8f:de:8b:c8:6c:36:60:25:9f:2f:e2:68:19:64:78:f9:0b:e9:c6:93:c1:82:03:84:59:7e:52:57:f1:a8:14:ab:28:35:29:5d:53:b7:17:85:81:bc:ad:8d:45:6f:4c:79:c0:7b:21:c0:0e:11:2e:4d:bb:55:f6:1d:ac:b2:b9:6b:6f:c5:ea:ad:be:0b:5b:c2:f3:59:1a:25:09:df:6c:4b:7f:3a:4a:8b:3f:eb:11:15:83:ae:b3:bf:bc:15:8e:c3:02:0a:17:17:a3:84:ac:3b:5f:81:c5:f6:7c:d2:cd:36:a1:ed:92:db:24:15:c1:fc:57:54:a7:b6:4f:74:72:2e:b1:78:13:d3:02:68:13:72:90:f8:b4:f8:ba:9b:e6:09:28:88:d6:e2:71:c2:87:11:e3:2a:d4:08:f1:92:85:ed:af:73:3f:43:5f:18:09:cf:c7:9d:7d:2b:97:1c:e5:b0:67:31:ee:80:47:84:50:3f:5d:e7:f0:32:9e:43:a3:98:38:5d:8b:a8:cb:b0:af:95:e3:61:62:1b:85:45:93:2f:fc:07:f8:66:30:94:bc:fd:dc:f6:ab:3b:70:ee:b7:61:23:65:f0:8a:bd:3d:53:64:16:5c:81:a9:d6:53:2a:8f:92:a8:61:c2:a9:24:78:c5:61:d3:7c:6f:70:60:61:6f:cd:03:44:c9:e1:1e:46:e6:47:db:c4:22:9e:c7:42:33:14:11:ed:83:d3:4d:f7:51:ca:7c:b7:6d:e7:42:47:07:76:98:c1:9f:d5:1b:62:29:e4:dc:87:3d:b3:46:eb:75:eb:f1:31:67:4d:b7:ed:de:d7:e0:4a:ad:dd:7a:f4:09:2c:69:49:47:fa:cb:39:02:7a:4e:45:1e:65:47:e9:6e:7d:6c:e0:96:ec:d0:3c:53:97:56:50:7b:2e:8d:42:58:50:42:89:4d:82:23:fd:48:3c:12:49:b2:a7:ad:84:4f:92:14:17:06:d9:c6:36:89:11:a5:e7:37:2c:e7:68:e8:88:81:0a:24:64:1c:45:46:57:46:be:e0:9f:19:ed:9f:52:05:fd:e5:40:7f:56:9e:50:b6:38:38:06:74:b7:3f:46:50:78:38:31:a9:7a:05:3d:f0:cc:55:49:29:80:1d:67:40:43:8b:1a:f7:49:32:8f:ca:e2:b4:7e:3b:c1:97:f9:77:13:90:29:5a:d6:28:f7:8d:7f:e7:fd:b8:2e:49:be:09:2b:83:72:cb:92:f2:4a:0c:64:1c:81:b3:cb:6c:92:9d:20:e3:76:48:51:72:c2:33:cb:45:0c:93:05:db:7b:67:58:25:cf:ec:c0:ea:79:fa:02:82:41:44:17:52:36:dc:7f:f3:13:c4:f7:c5:73:27:ef:60:05:02:fe:af:e2:a3:18:2e:28:b5:af:f9:d3:a5:08:63:69:cc:83:ae:76:94:10:3e:5b:e3:50:31:f4:8c:96:bb:f1:83:cc:2f:d1:4b:f6:82:b6:6a:21:d4:8c:74:4b:be:31:98:9e:09:73:31:75:04:34:dc:fa:90:01:a5:99:a3:b5:44:99:f6:1a:72:47:f5:e1:42:a1:9f:a8:8f:00:d5:15:1c:fd:57:9d:1f:50:f0:9a:0a:cf:31:1e:c2:d1:78:89:c0:ad:64:8f:c7:5d:39:dd:92:e8:25:c4:29:7c:f8:0a:2e:9b:87:f1:cb:20:6e:78:bd:c5:36:03:9e:7b:8b:33:94:59:5e:ac:46:71:03:ea:03:71:78:41:fa:19:25:cd:9f:f5:76:6f:6e:79:b8:cf:ef:63:1b:3e:bc:93:fd:d7:fc:85:e5:1b:aa:98:38:4f:75:19:6b:d8:91:f6:7f:57:5f:66:a8:14:90:70:de:e9:ef:bc:7b:bc:fd:3d:fc:ed:df:c3:7d:3f:fc:8a:9f:74:e0:6d:aa:2c:dc:8a:53:06:4a:73:85:7c:31:52:94:cb:81:7d:fd:45:92:25:2f:4a:70:78:30:27:43:74:8e:93:fa:60:62:41:3c:ff:e9:b1:a4:2d:7b:dd:1f:92:9a:30:3f:5a:32:f2:76:f4:46:91:f4:86:5b:b1:74:d9:f9:cb:5a:80:48:4c:6f:7a:f9:ed:e3:85:14:65:c5:08:f6:39:66:b1:ac:ff:a8:94:f9:0c:7e:6c:71:c9:e6:5a:1c:80:84:2b:57:66:5c:f1:a7:a1:52:92:16:8e:49:4e:07:58:5f:d8:ea:35:01:0d:d1:99:7e:92:87:42:65:c4:f4:7a:c3:48:2a:a5:73:88:6e:60:1a:0d:2f:6f:13:2d:de:cc:66:53:e7:c1:7f:9c:ea:89:11:5c:89:b8:55:17:da:d8:ec:d5:52:fa:b1:42:6f:bb:44:f8:75:fc:0a:6e:74:ba:fc:eb:66:cc:49:47:04:bd:ca:d5:df:98:25:be:df:8c:1f:43:0e:03:02:03:c6:71:fe:bb:f4:b3:ec:56:6c:2e:56:af:af:f1:ee:1e:e1:9c:a1:f2:03:38:1c:e3:a3:16:31:66:ea:13:fa:cc:d4:46:6e:0a:18:8b:4f:c2:76:b5:4d:24:30:da:82:e3:b1:38:aa:5a:82:78:0c:f5:f4:10:c5:62:e9:f0:ec:70:51:db:46:86:cf:01:2f:ae:35:55:2d:d5:f6:74:f7:9f:ae:d2:49:ba:e4:f3:ec:7f:6e:52:52:b0:5b:48:ae:7a:89:f1:61:b5:b2:c9:b9:37:b9:bd:c1:48:24:ae:08:74:62:7c:bb:78:08:67:44:77:a0:0b:a8:11:97:21:fb:a0:f7:3c:e6:18:48:f0:c7:81:51:f4:d5:ce:55:6f:b0:db:d2:1d:f0:93:ba:e1:9e:3a:f5:1d:cb:ab:86:be:5d:0e:1a:9c:62:16:2e:8f:ac:e6:f7:b4:7d:45:e1:22:18:29:21:72:f4:95:a3:73:e6:82:17:38:ef:c6:98:d0:ba:c0:12:4f:c9:fd:0f:2b:14:5f:d6:8c:a2:10:81:d7:05:b3:e8:f7:f1:5c:35:b4:db:a5:df:10:e0:b7:f4:14:e5:12:0c:2a:0f:c6:f5:37:30:37:c1:eb:f7:a4:87:74:35:33:65:b5:04:5e:fa:21:77:90:24:36:f1:bf:ef:90:18:0c:e9:ff:39:ce:51:f4:e2:88:66:c7:10:4e:7f:cb:41:7e:cb:bf:93:d9:fc:06:6e:7a:ce:4d:da:5f:18:da:52:61:e3:6b:52:00:33:b0:2e:21:1f:4e:cb:ed:27:98:29:d5:85:3e:0c:f5:8c:70:19:5b:12:3c:4b:39:7c:34:bf:a7:71:fd:f3:18:98:f2:ba:4c:fe:85:0c:be:43:48:99:37:ba:c8:e3:81:b7:cb:14:6e:67:49:9f:73:0d:b7:7f:33:51:3f:18:ba:8c:8d:26:61:1c:d8:91:88:25:92:0b:b3:f9:b9:c5:63:bf:80:77:bd:d9:ee:19:84:f1:9f:ca:d4:9a:e3:de:30:46:38:58:f9:5b:bc:a2:05:ff:89:82:2b:3f:a2:77:c7:ae:3f:fe:e5:68:6c:78:7f:40:57:74:ec:8a:c9:90:77:b9:9c:2c:30:42:57:de:32:c0:db:e2:b7:b0:31:82:e9:64:60:19:e8:ac:e8:e5:f1:65:83:aa:bd:37:d9:d4:3a:99:a2:b1:4a:5e:f6:f6:9a:91:da:18:43:ba:e0:ea:e2:6d:f9:92:e4:0e:76:c9:1a:8e:e0:10:da:b1:6e:ee:59:c3:f1:ce:09:d8:41:74:0d:b8:87:b5:66:62:52:fc:59:3f:13:c7:e1:0f:ac:86:80:0d:99:b4:f2:04:15:6d:ab:43:96:73:f5:f6:f2:7e:ad:eb:0d:f8:de:6a:13:ed:0c:f7:1f:07:72:90:dd:27:2d:32:53:c8:74:b1:d0:d1:9b:96:6c:80:cd:ac:3b:d7:91:68:b4:47:ee:05:5d:48:f1:f6:92:14:22:2e:a7:67:13:e7:56:92:c8:0e:37:e6:c1:18:b8:ee:4b:26:7c:6a:86:22:5e:2b:60:42:44:10:68:22:1b:14:b0:3f:19:06:61:59:7f:0a:5d:a5:10:20:0d:e7:e5:cc:17:78:f9:c3:3c:32:a2:c0:e7:ea:40:02:66:5f:91:bf:ae:8c:96:14:d0:95:30:5b:c1:ee:19:3b:ab:fc:29:88:36:05:f7:ea:71:a6:e3:70:98:a0:96:14:97:16:8a:9c:4a:26:9a:d2:21:80:68:e2:0a:40:7a:da:78:23:c5:70:9d:46:04:f7:fa:ee:95:f1:e5:e1:96:4d:2d:ef:90:2f:3b:cb:87:64:34:c2:2c:9f:ad:56:41:d3:5e:56:77:bd:73:a2:94:2f:8b:fe:f8:0d:b3:14:19:f1:15:f1:6e:11:e5:f1:05:33:50:3c:d2:28:87:75:13:f7:c0:d3:29:de:a2:31:b1:2c:b3:30:37:f3:8c:8d:45:ec:5c:16:bb:5b:ab:d5:7e:fb:48:a0:ba:87:b6:2b:4e:04:c5:e0:f8:e6:a6:98:05:73:5a:1e:0c:e8:1c:33:83:f4:ea:c3:68:8b:66:a0:c5:b1:45:4f:6f:5e:35:aa:a7:86:1e:ad:28:a0:72:7a:23:29:c0:f2:e9:1d:f4:d8:60:d1:d2:8d:a8:f5:b5:2e:d6:b9:66:a4:f2:ae:c2:71:1b:57:1d:cf:4e:ee:ec:e0:cf:41:3f:25:e9:65:ee:d5:a8:82:48:27:79:83:a5:19:9f:be:86:f3:97:ec:47:96:8e:16:80:47:91:49:f1:a5:d5:9f:fd:2b:93:b3:46:fd:d7:11:f5:83:15:a5:4b:0e:4d:65:9f:f3:e9:7c:6a:b6:61:d0:53:2f:76:fc:78:29:14:b0:86:1b:25:9d:7c:cc:63:ce:37:44:46:16:e4:08:e5:d1:e0:16:2e:12:d8:cd:58:17:9d:9e:d1:7e:55:13:34:5b:12:e5:64:f5:e0:74:e2:fa:15:3b:f8:67:d8:1d:61:38:da:58:cc:8d:44:98:bb:15:03:ee:ae:17:63:fb:64:5a:de:06:37:6c:42:8d:08:ef:16:1c:2b:78:c8:fa:ef:34:24:e8:ba:e6:c2:00:ef:13:b1:38:59:dd:e2:02:34:cd:da:14:08:47:aa:8c:6a:ce:95:ab:5e:18:fc:4a:2c:d9:63:f6:ec:5f:b8:3e:64:2d:3c:c5:75:f6:4e:cb:dd:c0:ec:9b:91:63:b8:83:c1:cf:a8:1b:3c:08:59:10:94:03:da:77:4e:22:f5:0f:d3:e5:00:ac:08:73:31:bb:59:3d:4c:a9:9a:b8:0d:b5:d7:55:84:11:82:68:f2:25:64:8b:df:dd:17:ea:02:82:08:6e:46:cb:c4:3e:7a:b5:b7:84:f7:78:5c:98:1b:df:e4:02:78:30:76:b8:d0:a3:f9:d6:0b:81:2a:0d:e0:83:81:ea:57:0c:92:74:9c:f5:47:21:a4:69:94:a6:ed:ba:8e:a2:c7:3c:73:e3:4b:9d:4a:ef:15:91:03:b3:be:f5:5d:00:66:86:0e:63:7b:6b:23:19:6f:bf:82:cf:4b:1a:ed:e7:9b:c0:ff:56:ca:a9:b0:1b:b8:d2:c7:7c:96:c3:5d:02:f5:c8:0d:a3:c6:23:bc:c2:3a:79:ce:c7:c5:ce:67:32:15:d7:05:4f:ee:2e:14:2e:8c:71:00:26:8f:2b:57:81:b6:c2:3b:e3:24:c5:d6:41:22:66:f2:04:a1:e7:cc:25:bb:33:94:76:e4:e4:31:cc:85:db:9b:b7:22:b7:fb:b2:2d:e8:2a:13:17:f8:d7:b0:9f:e3:40:81:38:09:d6:31:ee:54:62:84:40:d0:5e:66:5f:3e:92:0a:0a:72:f3:97:8e:80:25:4a:31:7b:c0:78:83:6f:91:74:50:90:12:c9:6e:76:5c:8f:be:75:de:5b:be:e9:1e:52:26:56:61:51:32:ae:28:50:dc:33:81:fb:d8:40:5e:e5:89:17:9f:26:18:a7:43:6f:18:7d:6f:fc:cf:75:71:23:27:a4:da:69:82:e0:df:78:ea:1f:17:e1:ca:0f:38:30:7c:11:2f:0f:b1:c6:1f:02:69:37:c9:78:6a:69:a3:2e:fc:b0:9b:3d:48:8a:05:46:40:00:48:8a:9d:e7:76:f1:d6:a5:2d:59:61:c7:c2:ec:41:22:eb:46:bb:ad:c4:43:8a:29:3d:7f:a1:45:96:a5:b0:23:c7:48:77:93:15:13:97:02:a2:64:ff:81:63:4c:35:49:fd:39:cd:79:37:76:7b:5b:ec:48:63:94:a8:c1:3e:de:3c:6f:98:63:69:33:50:3c:c8:b8:88:a7:92:2d:77:80:98:45:35:ed:31:7e:64:db:e0:e0:cf:5f:e7:9d:d5:8e:84:f5:59:44:62:0d:d7:dd:a7:38:39:33:15:c4:c1:d3:d4:18:4f:7d:28:20:8f:4f:fa:1b:04:4f:80:e3:9c:62:68:11:31:dc:b5:1f:3d:76:3a:aa:2c:dc:f7:5d:e1:ff:3b:39:45:39:45:f1:cb:bb:41:22:bc:66:23:47:44:8c:6a:3d:3b:f4:d2:07:7a:a0:45:af:2a:96:b3:8b:27:64:04:a5:29:a9:71:7d:a8:7d:8a:70:44:dc:d7:0f:66:03:61:c3:0c:56:8e:d6:3b:07:38:16:88:7e:90:20:0c:53:5b:cc:d3:af:32:3a:12:40:b7:5e:74:6b:46:ab:bd:dd:17:99:59:e4:72:80:c8:5d:2c:6b:b6:20:d9:a3:89:5b:86:2d:70:74:28:08:15:51:c7:ab:f3:6a:3e:a2:4f:a3:59:66:cd:b5:40:5d:8d:e7:2d:2a:66:47:52:d4:d4:aa:7f:8f:48:3b:86:55:ff:4f:a7:ec:ed:fd:5d:12:f2:bb:11:1f:cb:82:40:01:18:e9:c2:24:7a:4b:66:25:24:83:d2:83:10:44:81:4f:ce:f8:ad:88:ab:e7:0a:32:12:ff:35:0c:c0:7e:b7:ad:98:c1:3c:f9:7c:2a:8c:08:06:8f:47:40:db:44:a1:2a:94:d5:e0:aa:44:c7:16:10:0e:50:42:f4:5c:1f:e1:a8:ec:49:42:38:f9:b8:e1:08:5e:6b:93:51:d2:de:5a:6f:01:66:d0:1a:45:0a:36:33:83:c3:47:d1:40:12:e7:78:24:11:c5:6a:7f:bf:85:71:6e:ab:dc:f0:2b:80:4f:d4:12:92:f2:74:97:19:58:cf:8f:82:cb:bd:51:53:aa:1c:0a:5a:fb:ca:d9:62:e8:71" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:14.488469000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494774.488469000", - "frame.time_delta": "0.000011000", - "frame.time_delta_displayed": "0.000011000", - "frame.time_relative": "1183.027783000", - "frame.number": "4264", - "frame.len": "102", - "frame.cap_len": "102", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "88", - "ip.id": "0x00005805", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a65c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "48", - "tcp.seq": "4870", - "tcp.nxtseq": "4918", - "tcp.ack": "469", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000e54e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "4516", - "tcp.analysis.push_bytes_sent": "48" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "43", - "ssl.app_data": "c1:4c:bc:6e:d4:4e:36:e7:b6:70:51:62:fb:65:6d:f6:63:86:e7:35:b7:c0:11:36:64:b0:e9:52:a4:6c:5f:a6:2a:e9:9e:5f:40:7c:ba:11:ba:05:7e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:14.631377000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494774.631377000", - "frame.time_delta": "0.142908000", - "frame.time_delta_displayed": "0.142908000", - "frame.time_relative": "1183.170691000", - "frame.number": "4265", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000fec", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fd99", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "469", - "tcp.ack": "402", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000415a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:05:0a:7c:25:cb:db:7c:25:d2:37", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "SACK: 3242-4870": { - "tcp.option_kind": "5", - "tcp.option_len": "10", - "tcp.options.sack": "1", - "tcp.options.sack_le": "3242", - "tcp.options.sack_re": "4870", - "tcp.options.sack.count": "1" - } - }, - "tcp.analysis": { - "tcp.analysis.flags": { - "tcp.analysis.duplicate_ack": "" - }, - "tcp.analysis.duplicate_ack_num": "1", - "tcp.analysis.duplicate_ack_frame": "4225", - "tcp.analysis.duplicate_ack_frame_tree": { - "_ws.expert": { - "tcp.analysis.duplicate_ack": "", - "_ws.expert.message": "Duplicate ACK (#1)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:14.631464000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494774.631464000", - "frame.time_delta": "0.000087000", - "frame.time_delta_displayed": "0.000087000", - "frame.time_relative": "1183.170778000", - "frame.number": "4266", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000fed", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fd98", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "469", - "tcp.ack": "1822", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1329", - "tcp.window_size": "1329", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00003bd6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:05:0a:7c:25:cb:db:7c:25:d2:37", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "SACK: 3242-4870": { - "tcp.option_kind": "5", - "tcp.option_len": "10", - "tcp.options.sack": "1", - "tcp.options.sack_le": "3242", - "tcp.options.sack_re": "4870", - "tcp.options.sack.count": "1" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:14.631538000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494774.631538000", - "frame.time_delta": "0.000074000", - "frame.time_delta_displayed": "0.000074000", - "frame.time_relative": "1183.170852000", - "frame.number": "4267", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000fee", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fda3", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "469", - "tcp.ack": "4870", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1322", - "tcp.window_size": "1322", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000fc6a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4263", - "tcp.analysis.ack_rtt": "0.143080000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:14.631608000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494774.631608000", - "frame.time_delta": "0.000070000", - "frame.time_delta_displayed": "0.000070000", - "frame.time_relative": "1183.170922000", - "frame.number": "4268", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000fef", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fda2", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "469", - "tcp.ack": "4918", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1322", - "tcp.window_size": "1322", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000fc3a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4264", - "tcp.analysis.ack_rtt": "0.143139000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:14.632077000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494774.632077000", - "frame.time_delta": "0.000469000", - "frame.time_delta_displayed": "0.000469000", - "frame.time_relative": "1183.171391000", - "frame.number": "4269", - "frame.len": "2894", - "frame.cap_len": "2894", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "2880", - "ip.id": "0x00005806", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009b73", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "2840", - "tcp.seq": "402", - "tcp.nxtseq": "3242", - "tcp.ack": "469", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00004771", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "2840", - "tcp.analysis.push_bytes_sent": "2840", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.spurious_retransmission": "", - "_ws.expert.message": "This frame is a (suspected) spurious retransmission", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - }, - "_ws.expert": { - "tcp.analysis.retransmission": "", - "_ws.expert.message": "This frame is a (suspected) retransmission", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - }, - "tcp.segment_data": "17:03:03:11:6f:c1:4c:bc:6e:d4:4e:36:e6:6d:07:2f:82:44:0f:35:f6:18:2b:36:73:a9:1e:b0:c1:06:c6:1a:13:b0:fe:8d:b9:f4:23:5d:b2:19:81:a5:77:c7:a5:b0:cb:53:e2:23:91:b6:d7:60:c6:e7:bd:41:f2:af:1f:b1:0e:83:c1:f7:fa:2f:e7:4f:5d:56:ad:a1:5e:2a:5b:80:be:f1:70:2e:ab:98:94:9f:be:25:dc:34:a9:d4:41:28:47:68:38:9a:2e:30:57:82:69:5d:5a:fe:90:42:67:4e:ee:6d:d7:1c:35:ce:20:38:44:58:af:61:ec:e3:9e:ab:20:17:36:35:d3:0e:61:96:b5:4e:c6:60:a3:13:82:85:f1:75:35:be:97:a7:59:5b:8e:b9:f4:e6:4a:3d:2e:7f:05:2f:36:61:54:5d:c2:61:7d:91:e2:a5:b7:da:9d:ea:3a:61:2d:fb:3f:34:7c:5d:db:31:be:da:d9:8b:a6:9f:2c:ab:37:1c:1a:9f:74:ea:78:8e:d9:ee:16:c3:af:86:d6:ca:ba:84:d9:65:fb:1b:71:8e:b8:e1:cf:06:33:11:e3:62:21:8d:30:8f:a2:25:97:d4:10:68:d7:18:a5:a3:b2:ef:8a:4b:68:fe:bb:4f:5a:e6:62:34:d4:d7:10:b8:ef:26:0a:03:6e:0a:e1:e6:5d:ea:b9:da:a9:1f:a5:b3:50:98:c4:fc:5a:35:16:5a:ae:d1:d5:20:40:2f:b6:5c:85:05:c9:af:61:78:9b:1c:54:56:18:b7:4a:57:8f:a0:e8:ee:80:2a:cb:b1:c8:a4:cf:a9:b7:26:8e:a6:af:86:0a:f6:56:c7:49:55:44:98:dc:eb:2f:af:19:de:32:6d:f0:a1:0d:b9:70:29:d9:c9:da:c1:55:9f:66:cd:27:a8:f7:a6:4e:9c:57:4d:da:a4:d9:07:b6:de:d9:35:40:ad:a3:87:45:45:72:a4:ce:03:68:45:27:75:01:29:9b:af:48:4b:4b:9f:09:7c:34:8a:1e:bb:7e:09:6e:71:bd:ed:53:e4:69:72:37:81:9b:25:11:8b:52:28:f8:5a:32:da:3e:5f:a5:dc:a0:30:0a:b7:8d:07:91:51:68:c3:d3:7c:94:6e:47:af:16:dc:73:a6:bd:33:24:f9:4a:cf:64:14:aa:fe:1f:88:d2:e1:7c:5d:29:55:61:84:d7:3f:3d:21:b7:3a:92:85:f1:81:cf:a5:d6:9b:a8:27:59:1e:65:84:10:89:2f:52:d1:28:c4:d3:4c:18:fd:cc:79:2b:e4:90:e8:4a:70:e3:f9:8a:3a:b2:b6:00:1b:3a:ba:b1:eb:68:d2:02:f4:45:28:4e:7a:30:60:9c:73:93:55:e2:32:d0:08:4a:6f:97:a4:c4:57:7c:c3:3b:4b:59:9f:b4:37:8e:83:cd:52:e0:ec:0a:5b:6c:bf:17:77:84:93:16:85:b4:b1:a2:73:03:a5:1a:b5:6c:b2:a6:96:ee:8f:25:01:ec:5b:1f:0a:65:54:95:b2:3e:8c:25:c3:fe:bf:0e:ea:aa:37:79:e7:05:54:94:c2:d4:6e:ee:e8:29:83:3e:d4:d1:ae:da:a9:67:cc:a4:2a:c6:df:df:0f:b5:6b:2c:c6:be:43:f9:94:93:ea:d6:03:1d:70:45:ae:99:35:35:d5:2f:ed:c5:d4:95:63:d0:8c:b3:7b:1e:2f:58:18:56:23:30:63:24:ce:20:8d:21:fa:82:f0:84:9b:db:a9:0c:b5:f1:f1:63:8d:b3:cb:1f:24:62:84:69:fe:8e:74:b7:13:33:05:38:a1:50:8d:23:a6:72:2e:34:a9:30:ed:fb:2c:0b:4c:25:1e:03:23:16:96:e6:53:21:12:e0:dc:0d:30:25:88:bb:a2:54:fb:47:7c:56:29:2c:70:4e:a1:ed:3b:88:10:fb:c5:df:d4:d5:b4:4b:a2:69:d1:9b:6a:92:37:ff:f2:5c:09:7e:23:a5:bd:d0:0d:d0:39:d0:ca:6b:99:21:a8:61:d9:7c:5c:b4:f8:84:4f:f6:28:b1:a7:80:63:fe:6e:0f:31:b4:e9:b8:f9:41:fa:65:3e:ac:1b:3a:4c:af:30:11:49:7e:71:a0:43:37:a8:34:ca:c1:6e:62:c4:cd:84:a3:82:74:62:0d:d4:7c:4a:e7:57:24:da:7d:ac:1e:89:fb:a8:a5:71:50:21:96:4c:70:c9:83:b1:42:d7:9c:30:3b:5e:2f:18:6b:24:1b:d0:ab:d8:8e:a9:0e:69:6c:ee:ec:e4:23:56:58:8b:08:e8:55:15:94:b1:9a:17:a4:ce:b7:b4:42:ab:12:da:d9:3e:59:62:c9:ad:3f:7b:ed:6f:f4:54:59:15:35:77:01:3d:69:59:a7:00:4c:78:0d:6b:d8:92:6a:e8:66:ef:60:97:43:c7:c6:59:5a:e6:21:bf:63:86:50:20:00:0a:b3:49:c5:4d:2e:ef:7b:64:29:d7:2b:bf:44:5c:c6:04:99:4f:72:b0:44:04:02:59:95:2b:e4:23:fa:39:2c:46:5d:89:1b:9f:a4:92:96:9e:53:70:f6:4d:a9:30:90:4e:2f:97:93:3f:99:59:89:4a:76:50:fd:41:11:6a:d3:d8:71:20:18:3c:98:45:70:5b:d8:b7:aa:be:41:2a:55:70:c5:7e:1f:cd:f0:b1:20:c4:3c:f4:5b:81:71:5f:1f:dd:ee:fc:98:80:46:2f:2c:19:a7:55:ae:ec:a4:d6:e1:f2:6b:f8:4b:b2:f5:3b:d7:0a:94:39:c5:e5:e2:48:cb:a2:ac:bd:fc:fd:b4:6d:65:cc:97:85:f4:99:5d:f1:3f:75:f2:81:f3:72:dc:b2:cd:89:7e:51:19:d7:7e:56:b3:c0:73:e7:1b:eb:72:8c:ef:24:8c:4d:a1:81:95:b0:ea:07:47:12:ff:e2:ef:d8:33:67:d6:82:b4:34:ee:92:96:f3:77:ce:ab:ca:69:fa:49:f3:b1:df:6a:a6:4e:fb:88:2d:06:7a:7f:58:be:73:78:d4:a7:bb:9d:33:53:e6:a4:55:39:b1:12:54:93:f0:ae:f7:cd:a1:cc:4f:84:bb:58:5b:27:71:c0:aa:0b:df:db:db:7e:e2:7a:c3:2e:47:f7:cd:5d:56:48:bc:85:e5:99:3f:95:ac:6d:45:38:a9:28:39:25:ee:2b:ae:e2:37:81:23:a5:d3:22:4e:ee:2e:a0:4c:89:4d:7a:e7:ef:69:45:70:64:14:07:6f:02:78:82:50:a8:17:37:36:f3:2b:86:73:94:47:75:d9:4e:c6:bc:1d:1b:25:d3:78:37:83:7b:01:82:6a:6f:96:d7:40:44:f3:b7:48:98:be:dd:e0:fe:4d:a4:da:75:4a:cf:36:09:a5:27:d4:cb:a7:ca:28:cd:ad:d1:a3:46:89:dd:6a:e6:c0:1e:ad:9a:fc:25:0f:39:cc:59:c4:ba:c9:64:0e:3d:c5:b2:0d:fc:4c:94:f4:e0:0f:3a:bd:f7:60:32:06:86:1e:27:4c:22:4d:cf:a6:19:f2:19:3c:c6:58:d6:fc:e4:e4:25:19:2f:b7:1d:8d:c7:09:08:53:6c:12:e5:81:6b:01:dc:09:39:b3:24:91:9b:b5:4f:9b:16:cc:dd:f3:3a:21:17:64:e7:31:5f:8b:4b:06:61:fd:8d:73:3b:a4:cc:c4:92:fd:44:bc:d4:c6:70:56:a3:36:96:1b:00:9f:40:9e:c5:dc:47:9f:76:f7:75:5a:2b:90:e7:5f:1e:f9:dc:e6:aa:cf:b1:cc:d5:af:9a:91:59:eb:06:d6:da:9d:d3:54:c7:92:bc:a1:e3:90:31:2b:ec:cc:05:7e:e7:dc:88:9d:6d:18:df:5f:e2:59:66:09:4d:3b:a0:04:a3:5d:9c:28:89:17:c6:70:85:df:54:85:18:3d:97:95:ca:90:25:45:3f:da:28:78:b8:d6:33:20:f6:cb:db:de:c6:ef:7a:26:4c:b8:80:5c:4b:f8:38:98:3d:2c:95:55:be:60:12:2c:98:9e:a3:0f:5a:e7:22:8a:42:7e:44:f2:31:fd:f2:9a:67:93:8e:88:ec:e1:cb:c2:0d:96:5c:fe:d3:58:a4:c3:a6:84:83:85:ed:40:8a:4b:47:72:ef:02:8f:44:61:7a:7f:0f:39:4f:72:59:5f:3a:7a:7b:5b:91:4f:29:6a:05:c2:67:42:96:62:45:4c:c3:56:01:9b:ac:08:a2:43:8b:53:10:35:02:5e:17:fa:15:2b:88:eb:84:52:90:8e:d2:88:aa:47:89:da:5e:e1:0f:99:03:9b:6e:9d:51:68:9a:40:48:2a:ca:16:31:24:6f:0f:1e:7a:fc:7e:12:9a:64:d6:81:81:b1:08:7e:e4:e4:ce:ac:77:2a:54:78:ce:16:4f:94:25:96:33:5d:44:4a:01:aa:f7:c1:7a:86:2f:35:fa:3d:73:a2:cb:87:6b:52:5a:0a:a7:0e:32:0e:51:70:9f:bd:1c:e7:03:bf:72:7f:6e:5b:22:14:4b:70:88:64:f2:c9:6c:e3:bf:ef:ec:32:6e:51:5a:8f:de:8b:c8:6c:36:60:25:9f:2f:e2:68:19:64:78:f9:0b:e9:c6:93:c1:82:03:84:59:7e:52:57:f1:a8:14:ab:28:35:29:5d:53:b7:17:85:81:bc:ad:8d:45:6f:4c:79:c0:7b:21:c0:0e:11:2e:4d:bb:55:f6:1d:ac:b2:b9:6b:6f:c5:ea:ad:be:0b:5b:c2:f3:59:1a:25:09:df:6c:4b:7f:3a:4a:8b:3f:eb:11:15:83:ae:b3:bf:bc:15:8e:c3:02:0a:17:17:a3:84:ac:3b:5f:81:c5:f6:7c:d2:cd:36:a1:ed:92:db:24:15:c1:fc:57:54:a7:b6:4f:74:72:2e:b1:78:13:d3:02:68:13:72:90:f8:b4:f8:ba:9b:e6:09:28:88:d6:e2:71:c2:87:11:e3:2a:d4:08:f1:92:85:ed:af:73:3f:43:5f:18:09:cf:c7:9d:7d:2b:97:1c:e5:b0:67:31:ee:80:47:84:50:3f:5d:e7:f0:32:9e:43:a3:98:38:5d:8b:a8:cb:b0:af:95:e3:61:62:1b:85:45:93:2f:fc:07:f8:66:30:94:bc:fd:dc:f6:ab:3b:70:ee:b7:61:23:65:f0:8a:bd:3d:53:64:16:5c:81:a9:d6:53:2a:8f:92:a8:61:c2:a9:24:78:c5:61:d3:7c:6f:70:60:61:6f:cd:03:44:c9:e1:1e:46:e6:47:db:c4:22:9e:c7:42:33:14:11:ed:83:d3:4d:f7:51:ca:7c:b7:6d:e7:42:47:07:76:98:c1:9f:d5:1b:62:29:e4:dc:87:3d:b3:46:eb:75:eb:f1:31:67:4d:b7:ed:de:d7:e0:4a:ad:dd:7a:f4:09:2c:69:49:47:fa:cb:39:02:7a:4e:45:1e:65:47:e9:6e:7d:6c:e0:96:ec:d0:3c:53:97:56:50:7b:2e:8d:42:58:50:42:89:4d:82:23:fd:48:3c:12:49:b2:a7:ad:84:4f:92:14:17:06:d9:c6:36:89:11:a5:e7:37:2c:e7:68:e8:88:81:0a:24:64:1c:45:46:57:46:be:e0:9f:19:ed:9f:52:05:fd:e5:40:7f:56:9e:50:b6:38:38:06:74:b7:3f:46:50:78:38:31:a9:7a:05:3d:f0:cc:55:49:29:80:1d:67:40:43:8b:1a:f7:49:32:8f:ca:e2:b4:7e:3b:c1:97:f9:77:13:90:29:5a:d6:28:f7:8d:7f:e7:fd:b8:2e:49:be:09:2b:83:72:cb:92:f2:4a:0c:64:1c:81:b3:cb:6c:92:9d:20:e3:76:48:51:72:c2:33:cb:45:0c:93:05:db:7b:67:58:25:cf:ec:c0:ea:79:fa:02:82:41:44:17:52:36:dc:7f:f3:13:c4:f7:c5:73:27:ef:60:05:02:fe:af:e2:a3:18:2e:28:b5:af:f9:d3:a5:08:63:69:cc:83:ae:76:94:10:3e:5b:e3:50:31:f4:8c:96:bb:f1:83:cc:2f:d1:4b:f6:82:b6:6a:21:d4:8c:74:4b:be:31:98:9e:09:73:31:75:04:34:dc:fa:90:01:a5:99:a3:b5:44:99:f6:1a:72:47:f5:e1:42:a1:9f:a8:8f:00:d5:15:1c:fd:57:9d:1f:50:f0:9a:0a:cf:31:1e:c2:d1:78:89:c0:ad:64:8f:c7:5d:39:dd:92:e8:25:c4:29:7c:f8:0a:2e:9b:87:f1:cb:20:6e:78:bd:c5:36:03:9e:7b:8b:33:94:59:5e:ac:46:71:03:ea:03:71:78:41:fa:19:25:cd:9f:f5:76:6f:6e:79:b8:cf:ef:63:1b:3e:bc:93:fd:d7:fc:85:e5:1b:aa:98:38:4f:75:19:6b:d8:91:f6:7f:57:5f:66:a8:14:90:70:de:e9:ef:bc:7b:bc:fd:3d:fc:ed:df:c3:7d:3f:fc:8a:9f:74:e0:6d:aa:2c:dc:8a:53:06:4a:73:85:7c:31:52:94:cb:81:7d:fd:45:92:25:2f:4a:70:78:30:27:43:74:8e:93:fa:60:62:41:3c:ff:e9:b1:a4:2d:7b:dd:1f:92:9a:30:3f:5a:32:f2:76:f4:46:91:f4:86:5b:b1:74:d9:f9:cb:5a:80:48:4c:6f:7a:f9:ed:e3:85:14:65:c5:08:f6:39:66:b1:ac:ff:a8:94:f9:0c:7e:6c:71:c9:e6:5a:1c:80:84:2b:57:66:5c:f1:a7:a1:52:92:16:8e:49:4e:07:58:5f:d8:ea:35:01:0d:d1:99:7e:92:87:42:65:c4:f4:7a:c3:48:2a:a5:73:88:6e:60:1a:0d:2f:6f:13:2d:de:cc:66:53:e7:c1:7f:9c:ea:89:11:5c:89:b8:55:17:da:d8:ec:d5:52:fa:b1:42:6f:bb:44:f8:75:fc:0a:6e:74:ba:fc:eb:66:cc:49:47:04:bd:ca:d5:df:98:25:be:df:8c:1f:43:0e:03:02:03:c6:71:fe:bb:f4:b3:ec:56:6c:2e:56:af:af:f1:ee:1e:e1:9c:a1:f2:03:38:1c:e3:a3:16:31:66:ea:13:fa:cc:d4:46:6e:0a:18:8b:4f:c2:76:b5:4d:24:30:da:82:e3:b1:38:aa:5a:82:78:0c:f5:f4:10:c5:62:e9:f0:ec:70:51:db:46:86:cf:01:2f:ae:35:55:2d:d5:f6:74:f7:9f:ae:d2:49:ba:e4:f3:ec:7f:6e:52:52:b0:5b:48:ae:7a:89:f1:61:b5:b2:c9:b9:37:b9:bd:c1:48:24:ae:08:74:62:7c:bb:78:08:67:44:77:a0:0b:a8:11:97:21:fb:a0:f7:3c:e6:18:48:f0:c7:81:51:f4:d5:ce:55:6f:b0:db:d2:1d:f0:93:ba:e1:9e:3a:f5:1d:cb:ab:86:be:5d:0e:1a:9c:62:16:2e:8f:ac:e6:f7:b4:7d:45:e1:22:18:29:21:72:f4:95:a3:73:e6:82:17:38:ef" - }, - "ssl": "Secure Sockets Layer" - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:14.775255000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494774.775255000", - "frame.time_delta": "0.143178000", - "frame.time_delta_displayed": "0.143178000", - "frame.time_relative": "1183.314569000", - "frame.number": "4270", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000ff0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fd95", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "469", - "tcp.ack": "4918", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000412a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:05:0a:7c:25:c0:c3:7c:25:cb:db", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "SACK: 402-3242": { - "tcp.option_kind": "5", - "tcp.option_len": "10", - "tcp.options.sack": "1", - "tcp.options.sack_le": "402", - "tcp.options.sack_re": "3242", - "tcp.options.sack.count": "1" - } - }, - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.window_update": "", - "_ws.expert.message": "TCP window update", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:14.850462000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494774.850462000", - "frame.time_delta": "0.075207000", - "frame.time_delta_displayed": "0.075207000", - "frame.time_relative": "1183.389776000", - "frame.number": "4271", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.242" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:14.850889000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494774.850889000", - "frame.time_delta": "0.000427000", - "frame.time_delta_displayed": "0.000427000", - "frame.time_relative": "1183.390203000", - "frame.number": "4272", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "d0:52:a8:a3:60:0f", - "arp.src.proto_ipv4": "192.168.0.242", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:14.983476000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494774.983476000", - "frame.time_delta": "0.132587000", - "frame.time_delta_displayed": "0.132587000", - "frame.time_relative": "1183.522790000", - "frame.number": "4273", - "frame.len": "163", - "frame.cap_len": "163", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "68:37:e9:d2:26:0d", - "eth.src_tree": { - "eth.src_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "149", - "ip.id": "0x0000c90f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "4", - "ip.proto": "17", - "ip.checksum": "0x0000fbc2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.src_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "50000", - "udp.dstport": "1900", - "udp.port": "50000", - "udp.port": "1900", - "udp.length": "129", - "udp.checksum": "0x0000bf6c", - "udp.checksum.status": "2", - "udp.stream": "104" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 3\r\n", - "http.request.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:15.087180000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494775.087180000", - "frame.time_delta": "0.103704000", - "frame.time_delta_displayed": "0.103704000", - "frame.time_relative": "1183.626494000", - "frame.number": "4274", - "frame.len": "163", - "frame.cap_len": "163", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "68:37:e9:d2:26:0d", - "eth.src_tree": { - "eth.src_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "149", - "ip.id": "0x0000c918", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "4", - "ip.proto": "17", - "ip.checksum": "0x0000fbb9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.src_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "50000", - "udp.dstport": "1900", - "udp.port": "50000", - "udp.port": "1900", - "udp.length": "129", - "udp.checksum": "0x0000bf6c", - "udp.checksum.status": "2", - "udp.stream": "104" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 3\r\n", - "http.request.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "2", - "http.prev_request_in": "4273" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:15.184991000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494775.184991000", - "frame.time_delta": "0.097811000", - "frame.time_delta_displayed": "0.097811000", - "frame.time_relative": "1183.724305000", - "frame.number": "4275", - "frame.len": "148", - "frame.cap_len": "148", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "68:37:e9:d2:26:0d", - "eth.src_tree": { - "eth.src_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "134", - "ip.id": "0x0000c91a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "4", - "ip.proto": "17", - "ip.checksum": "0x0000fbc6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.src_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "50000", - "udp.dstport": "1900", - "udp.port": "50000", - "udp.port": "1900", - "udp.length": "114", - "udp.checksum": "0x0000213c", - "udp.checksum.status": "2", - "udp.stream": "104" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 3\r\n", - "http.request.line": "ST: urn:Belkin:device:**\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "3", - "http.prev_request_in": "4274" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:15.287124000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494775.287124000", - "frame.time_delta": "0.102133000", - "frame.time_delta_displayed": "0.102133000", - "frame.time_relative": "1183.826438000", - "frame.number": "4276", - "frame.len": "148", - "frame.cap_len": "148", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "68:37:e9:d2:26:0d", - "eth.src_tree": { - "eth.src_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "134", - "ip.id": "0x0000c91b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "4", - "ip.proto": "17", - "ip.checksum": "0x0000fbc5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.src_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "50000", - "udp.dstport": "1900", - "udp.port": "50000", - "udp.port": "1900", - "udp.length": "114", - "udp.checksum": "0x0000213c", - "udp.checksum.status": "2", - "udp.stream": "104" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 3\r\n", - "http.request.line": "ST: urn:Belkin:device:**\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "4", - "http.prev_request_in": "4275" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:15.292515000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494775.292515000", - "frame.time_delta": "0.005391000", - "frame.time_delta_displayed": "0.005391000", - "frame.time_relative": "1183.831829000", - "frame.number": "4277", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "14:91:82:25:10:77", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "14:91:82:25:10:77", - "arp.src.proto_ipv4": "192.168.0.65", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.227" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:15.499591000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494775.499591000", - "frame.time_delta": "0.207076000", - "frame.time_delta_displayed": "0.207076000", - "frame.time_relative": "1184.038905000", - "frame.number": "4278", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "94:10:3e:36:60:09", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "94:10:3e:36:60:09", - "arp.src.proto_ipv4": "192.168.0.225", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.227" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:15.883637000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494775.883637000", - "frame.time_delta": "0.384046000", - "frame.time_delta_displayed": "0.384046000", - "frame.time_relative": "1184.422951000", - "frame.number": "4279", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "68:37:e9:d2:26:0d", - "eth.dst_tree": { - "eth.dst_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x000079ec", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003ce8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.dst_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50000", - "udp.port": "1900", - "udp.port": "50000", - "udp.length": "305", - "udp.checksum": "0x00000154", - "udp.checksum.status": "2", - "udp.stream": "105" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:15.936740000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494775.936740000", - "frame.time_delta": "0.053103000", - "frame.time_delta_displayed": "0.053103000", - "frame.time_relative": "1184.476054000", - "frame.number": "4280", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "68:37:e9:d2:26:0d", - "eth.dst_tree": { - "eth.dst_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x000079ee", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003cdd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.dst_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50000", - "udp.port": "1900", - "udp.port": "50000", - "udp.length": "314", - "udp.checksum": "0x00000f3f", - "udp.checksum.status": "2", - "udp.stream": "105" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "2", - "http.prev_response_in": "4279" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:16.058510000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494776.058510000", - "frame.time_delta": "0.121770000", - "frame.time_delta_displayed": "0.121770000", - "frame.time_relative": "1184.597824000", - "frame.number": "4281", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "68:37:e9:d2:26:0d", - "eth.dst_tree": { - "eth.dst_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x000079f0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003ce1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.dst_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50000", - "udp.port": "1900", - "udp.port": "50000", - "udp.length": "308", - "udp.checksum": "0x000032c9", - "udp.checksum.status": "2", - "udp.stream": "105" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "3", - "http.prev_response_in": "4280" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:16.069538000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494776.069538000", - "frame.time_delta": "0.011028000", - "frame.time_delta_displayed": "0.011028000", - "frame.time_relative": "1184.608852000", - "frame.number": "4282", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "68:37:e9:d2:26:0d", - "eth.src_tree": { - "eth.src_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x000057de", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000600a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.src_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "56888", - "tcp.dstport": "80", - "tcp.port": "56888", - "tcp.port": "80", - "tcp.stream": "165", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x00009c48", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:03:c1:b9:56:00:00:00:00:01:03:03:06", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 63027542, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "63027542", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 6 (multiply by 64)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "6", - "tcp.options.wscale.multiplier": "64" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:16.070143000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494776.070143000", - "frame.time_delta": "0.000605000", - "frame.time_delta_displayed": "0.000605000", - "frame.time_relative": "1184.609457000", - "frame.number": "4283", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "68:37:e9:d2:26:0d", - "eth.dst_tree": { - "eth.dst_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b7f0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.dst_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "56888", - "tcp.port": "80", - "tcp.port": "56888", - "tcp.stream": "165", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000260b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4282", - "tcp.analysis.ack_rtt": "0.000605000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:16.071851000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494776.071851000", - "frame.time_delta": "0.001708000", - "frame.time_delta_displayed": "0.001708000", - "frame.time_relative": "1184.611165000", - "frame.number": "4284", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "68:37:e9:d2:26:0d", - "eth.src_tree": { - "eth.src_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000057df", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000601d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.src_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "56888", - "tcp.dstport": "80", - "tcp.port": "56888", - "tcp.port": "80", - "tcp.stream": "165", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1369", - "tcp.window_size": "87616", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000d390", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4283", - "tcp.analysis.ack_rtt": "0.001708000", - "tcp.analysis.initial_rtt": "0.002313000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:16.072091000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494776.072091000", - "frame.time_delta": "0.000240000", - "frame.time_delta_displayed": "0.000240000", - "frame.time_relative": "1184.611405000", - "frame.number": "4285", - "frame.len": "121", - "frame.cap_len": "121", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "68:37:e9:d2:26:0d", - "eth.src_tree": { - "eth.src_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "107", - "ip.id": "0x000057e0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005fd9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.src_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "56888", - "tcp.dstport": "80", - "tcp.port": "56888", - "tcp.port": "80", - "tcp.stream": "165", - "tcp.len": "67", - "tcp.seq": "1", - "tcp.nxtseq": "68", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1369", - "tcp.window_size": "87616", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x00002c5d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002313000", - "tcp.analysis.bytes_in_flight": "67", - "tcp.analysis.push_bytes_sent": "67" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.accept": "*\/*", - "http.request.line": "Accept: *\/*\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:16.072530000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494776.072530000", - "frame.time_delta": "0.000439000", - "frame.time_delta_displayed": "0.000439000", - "frame.time_relative": "1184.611844000", - "frame.number": "4286", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "68:37:e9:d2:26:0d", - "eth.dst_tree": { - "eth.dst_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e50c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d2ef", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.dst_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "56888", - "tcp.port": "80", - "tcp.port": "56888", - "tcp.stream": "165", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "68", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3650", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000ca64", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4285", - "tcp.analysis.ack_rtt": "0.000439000", - "tcp.analysis.initial_rtt": "0.002313000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:16.072960000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494776.072960000", - "frame.time_delta": "0.000430000", - "frame.time_delta_displayed": "0.000430000", - "frame.time_relative": "1184.612274000", - "frame.number": "4287", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "68:37:e9:d2:26:0d", - "eth.dst_tree": { - "eth.dst_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000e50d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d2dd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.dst_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "56888", - "tcp.port": "80", - "tcp.port": "56888", - "tcp.stream": "165", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "68", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3650", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00000a86", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002313000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:16.073405000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494776.073405000", - "frame.time_delta": "0.000445000", - "frame.time_delta_displayed": "0.000445000", - "frame.time_relative": "1184.612719000", - "frame.number": "4288", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "68:37:e9:d2:26:0d", - "eth.dst_tree": { - "eth.dst_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000e50e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000cf0a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.dst_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "56888", - "tcp.port": "80", - "tcp.port": "56888", - "tcp.stream": "165", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "68", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3650", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00005cef", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002313000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "4287", - "tcp.segment": "4288", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001314000", - "http.request_in": "4285", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:16.074510000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494776.074510000", - "frame.time_delta": "0.001105000", - "frame.time_delta_displayed": "0.001105000", - "frame.time_relative": "1184.613824000", - "frame.number": "4289", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "68:37:e9:d2:26:0d", - "eth.src_tree": { - "eth.src_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000057e1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000601b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.src_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "56888", - "tcp.dstport": "80", - "tcp.port": "56888", - "tcp.port": "80", - "tcp.stream": "165", - "tcp.len": "0", - "tcp.seq": "68", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1369", - "tcp.window_size": "87616", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000d33c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4287", - "tcp.analysis.ack_rtt": "0.001550000", - "tcp.analysis.initial_rtt": "0.002313000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:16.074743000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494776.074743000", - "frame.time_delta": "0.000233000", - "frame.time_delta_displayed": "0.000233000", - "frame.time_relative": "1184.614057000", - "frame.number": "4290", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "68:37:e9:d2:26:0d", - "eth.src_tree": { - "eth.src_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000057e2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000601a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.src_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "56888", - "tcp.dstport": "80", - "tcp.port": "56888", - "tcp.port": "80", - "tcp.stream": "165", - "tcp.len": "0", - "tcp.seq": "68", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1400", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000cf39", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4288", - "tcp.analysis.ack_rtt": "0.001338000", - "tcp.analysis.initial_rtt": "0.002313000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:16.104664000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494776.104664000", - "frame.time_delta": "0.029921000", - "frame.time_delta_displayed": "0.029921000", - "frame.time_relative": "1184.643978000", - "frame.number": "4291", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "68:37:e9:d2:26:0d", - "eth.src_tree": { - "eth.src_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000057e3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006019", - "ip.checksum.status": "2", - "ip.src": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.src_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "56888", - "tcp.dstport": "80", - "tcp.port": "56888", - "tcp.port": "80", - "tcp.stream": "165", - "tcp.len": "0", - "tcp.seq": "68", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "1400", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000cf38", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:16.105141000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494776.105141000", - "frame.time_delta": "0.000477000", - "frame.time_delta_displayed": "0.000477000", - "frame.time_relative": "1184.644455000", - "frame.number": "4292", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "68:37:e9:d2:26:0d", - "eth.dst_tree": { - "eth.dst_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000ffbd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b83e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.dst_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "56888", - "tcp.port": "80", - "tcp.port": "56888", - "tcp.stream": "165", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "69", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3650", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000c66e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4291", - "tcp.analysis.ack_rtt": "0.000477000", - "tcp.analysis.initial_rtt": "0.002313000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:16.315452000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494776.315452000", - "frame.time_delta": "0.210311000", - "frame.time_delta_displayed": "0.210311000", - "frame.time_relative": "1184.854766000", - "frame.number": "4293", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "68:37:e9:d2:26:0d", - "eth.src_tree": { - "eth.src_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x0000603d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000057ab", - "ip.checksum.status": "2", - "ip.src": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.src_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "56889", - "tcp.dstport": "80", - "tcp.port": "56889", - "tcp.port": "80", - "tcp.stream": "166", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x0000a8af", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:03:c1:b9:6e:00:00:00:00:01:03:03:06", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 63027566, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "63027566", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 6 (multiply by 64)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "6", - "tcp.options.wscale.multiplier": "64" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:16.316020000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494776.316020000", - "frame.time_delta": "0.000568000", - "frame.time_delta_displayed": "0.000568000", - "frame.time_relative": "1184.855334000", - "frame.number": "4294", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "68:37:e9:d2:26:0d", - "eth.dst_tree": { - "eth.dst_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b7f0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.dst_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "56889", - "tcp.port": "80", - "tcp.port": "56889", - "tcp.stream": "166", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000c309", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4293", - "tcp.analysis.ack_rtt": "0.000568000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:16.342847000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494776.342847000", - "frame.time_delta": "0.026827000", - "frame.time_delta_displayed": "0.026827000", - "frame.time_relative": "1184.882161000", - "frame.number": "4295", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "68:37:e9:d2:26:0d", - "eth.src_tree": { - "eth.src_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x0000109d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a74b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.src_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "56890", - "tcp.dstport": "80", - "tcp.port": "56890", - "tcp.port": "80", - "tcp.stream": "167", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x0000e745", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:03:c1:b9:6e:00:00:00:00:01:03:03:06", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 63027566, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "63027566", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 6 (multiply by 64)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "6", - "tcp.options.wscale.multiplier": "64" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:16.343193000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494776.343193000", - "frame.time_delta": "0.000346000", - "frame.time_delta_displayed": "0.000346000", - "frame.time_relative": "1184.882507000", - "frame.number": "4296", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "68:37:e9:d2:26:0d", - "eth.src_tree": { - "eth.src_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000603e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000057be", - "ip.checksum.status": "2", - "ip.src": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.src_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "56889", - "tcp.dstport": "80", - "tcp.port": "56889", - "tcp.port": "80", - "tcp.stream": "166", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1369", - "tcp.window_size": "87616", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000708f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4294", - "tcp.analysis.ack_rtt": "0.027173000", - "tcp.analysis.initial_rtt": "0.027741000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:16.343236000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494776.343236000", - "frame.time_delta": "0.000043000", - "frame.time_delta_displayed": "0.000043000", - "frame.time_relative": "1184.882550000", - "frame.number": "4297", - "frame.len": "157", - "frame.cap_len": "157", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "68:37:e9:d2:26:0d", - "eth.src_tree": { - "eth.src_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "143", - "ip.id": "0x0000603f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005756", - "ip.checksum.status": "2", - "ip.src": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.src_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "56889", - "tcp.dstport": "80", - "tcp.port": "56889", - "tcp.port": "80", - "tcp.stream": "166", - "tcp.len": "103", - "tcp.seq": "1", - "tcp.nxtseq": "104", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1369", - "tcp.window_size": "87616", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000f5b4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.027741000", - "tcp.analysis.bytes_in_flight": "103", - "tcp.analysis.push_bytes_sent": "103" - } - }, - "http": { - "GET \/api\/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j\/lights HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/api\/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j\/lights HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/api\/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j\/lights", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.accept": "*\/*", - "http.request.line": "Accept: *\/*\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/api\/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j\/lights", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:16.343397000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494776.343397000", - "frame.time_delta": "0.000161000", - "frame.time_delta_displayed": "0.000161000", - "frame.time_relative": "1184.882711000", - "frame.number": "4298", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "68:37:e9:d2:26:0d", - "eth.dst_tree": { - "eth.dst_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b7f0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.dst_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "56890", - "tcp.port": "80", - "tcp.port": "56890", - "tcp.stream": "167", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00001535", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4295", - "tcp.analysis.ack_rtt": "0.000550000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:16.343687000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494776.343687000", - "frame.time_delta": "0.000290000", - "frame.time_delta_displayed": "0.000290000", - "frame.time_relative": "1184.883001000", - "frame.number": "4299", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "68:37:e9:d2:26:0d", - "eth.dst_tree": { - "eth.dst_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000b12e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000006ce", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.dst_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "56889", - "tcp.port": "80", - "tcp.port": "56889", - "tcp.stream": "166", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "104", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3650", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000673f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4297", - "tcp.analysis.ack_rtt": "0.000451000", - "tcp.analysis.initial_rtt": "0.027741000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:16.344296000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494776.344296000", - "frame.time_delta": "0.000609000", - "frame.time_delta_displayed": "0.000609000", - "frame.time_relative": "1184.883610000", - "frame.number": "4300", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "68:37:e9:d2:26:0d", - "eth.dst_tree": { - "eth.dst_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000b12f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000006bc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.dst_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "56889", - "tcp.port": "80", - "tcp.port": "56889", - "tcp.stream": "166", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "104", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3650", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000a760", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.027741000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:16.345857000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494776.345857000", - "frame.time_delta": "0.001561000", - "frame.time_delta_displayed": "0.001561000", - "frame.time_relative": "1184.885171000", - "frame.number": "4301", - "frame.len": "1155", - "frame.cap_len": "1155", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:json" - }, - "eth": { - "eth.dst": "68:37:e9:d2:26:0d", - "eth.dst_tree": { - "eth.dst_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1141", - "ip.id": "0x0000b130", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000027f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.dst_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "56889", - "tcp.port": "80", - "tcp.port": "56889", - "tcp.stream": "166", - "tcp.len": "1101", - "tcp.seq": "18", - "tcp.nxtseq": "1120", - "tcp.ack": "104", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3650", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000e0f6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.027741000", - "tcp.analysis.bytes_in_flight": "1119", - "tcp.analysis.push_bytes_sent": "1101" - }, - "tcp.segment_data": "43:61:63:68:65:2d:43:6f:6e:74:72:6f:6c:3a:20:6e:6f:2d:73:74:6f:72:65:2c:20:6e:6f:2d:63:61:63:68:65:2c:20:6d:75:73:74:2d:72:65:76:61:6c:69:64:61:74:65:2c:20:70:6f:73:74:2d:63:68:65:63:6b:3d:30:2c:20:70:72:65:2d:63:68:65:63:6b:3d:30:0d:0a:50:72:61:67:6d:61:3a:20:6e:6f:2d:63:61:63:68:65:0d:0a:45:78:70:69:72:65:73:3a:20:4d:6f:6e:2c:20:31:20:41:75:67:20:32:30:31:31:20:30:39:3a:30:30:3a:30:30:20:47:4d:54:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:41:63:63:65:73:73:2d:43:6f:6e:74:72:6f:6c:2d:4d:61:78:2d:41:67:65:3a:20:33:36:30:30:0d:0a:41:63:63:65:73:73:2d:43:6f:6e:74:72:6f:6c:2d:41:6c:6c:6f:77:2d:4f:72:69:67:69:6e:3a:20:2a:0d:0a:41:63:63:65:73:73:2d:43:6f:6e:74:72:6f:6c:2d:41:6c:6c:6f:77:2d:43:72:65:64:65:6e:74:69:61:6c:73:3a:20:74:72:75:65:0d:0a:41:63:63:65:73:73:2d:43:6f:6e:74:72:6f:6c:2d:41:6c:6c:6f:77:2d:4d:65:74:68:6f:64:73:3a:20:50:4f:53:54:2c:20:47:45:54:2c:20:4f:50:54:49:4f:4e:53:2c:20:50:55:54:2c:20:44:45:4c:45:54:45:2c:20:48:45:41:44:0d:0a:41:63:63:65:73:73:2d:43:6f:6e:74:72:6f:6c:2d:41:6c:6c:6f:77:2d:48:65:61:64:65:72:73:3a:20:43:6f:6e:74:65:6e:74:2d:54:79:70:65:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:6a:73:6f:6e:0d:0a:0d:0a:7b:22:31:22:3a:7b:22:73:74:61:74:65:22:3a:7b:22:6f:6e:22:3a:74:72:75:65:2c:22:62:72:69:22:3a:32:35:2c:22:61:6c:65:72:74:22:3a:22:6e:6f:6e:65:22:2c:22:72:65:61:63:68:61:62:6c:65:22:3a:74:72:75:65:7d:2c:22:73:77:75:70:64:61:74:65:22:3a:7b:22:73:74:61:74:65:22:3a:22:6e:6f:75:70:64:61:74:65:73:22:2c:22:6c:61:73:74:69:6e:73:74:61:6c:6c:22:3a:6e:75:6c:6c:7d:2c:22:74:79:70:65:22:3a:22:44:69:6d:6d:61:62:6c:65:20:6c:69:67:68:74:22:2c:22:6e:61:6d:65:22:3a:22:48:75:65:20:77:68:69:74:65:20:6c:61:6d:70:20:31:22:2c:22:6d:6f:64:65:6c:69:64:22:3a:22:4c:57:42:30:31:34:22:2c:22:6d:61:6e:75:66:61:63:74:75:72:65:72:6e:61:6d:65:22:3a:22:50:68:69:6c:69:70:73:22:2c:22:75:6e:69:71:75:65:69:64:22:3a:22:30:30:3a:31:37:3a:38:38:3a:30:31:3a:30:32:3a:38:33:3a:63:62:3a:38:63:2d:30:62:22:2c:22:73:77:76:65:72:73:69:6f:6e:22:3a:22:31:2e:31:35:2e:32:5f:72:31:39:31:38:31:22:2c:22:73:77:63:6f:6e:66:69:67:69:64:22:3a:22:44:31:44:32:30:35:35:46:22:2c:22:70:72:6f:64:75:63:74:69:64:22:3a:22:50:68:69:6c:69:70:73:2d:4c:57:42:30:31:34:2d:31:2d:41:31:39:44:4c:76:33:22:7d:2c:22:32:22:3a:7b:22:73:74:61:74:65:22:3a:7b:22:6f:6e:22:3a:74:72:75:65:2c:22:62:72:69:22:3a:33:30:2c:22:61:6c:65:72:74:22:3a:22:6e:6f:6e:65:22:2c:22:72:65:61:63:68:61:62:6c:65:22:3a:74:72:75:65:7d:2c:22:73:77:75:70:64:61:74:65:22:3a:7b:22:73:74:61:74:65:22:3a:22:6e:6f:75:70:64:61:74:65:73:22:2c:22:6c:61:73:74:69:6e:73:74:61:6c:6c:22:3a:6e:75:6c:6c:7d:2c:22:74:79:70:65:22:3a:22:44:69:6d:6d:61:62:6c:65:20:6c:69:67:68:74:22:2c:22:6e:61:6d:65:22:3a:22:48:75:65:20:77:68:69:74:65:20:6c:61:6d:70:20:32:22:2c:22:6d:6f:64:65:6c:69:64:22:3a:22:4c:57:42:30:31:34:22:2c:22:6d:61:6e:75:66:61:63:74:75:72:65:72:6e:61:6d:65:22:3a:22:50:68:69:6c:69:70:73:22:2c:22:75:6e:69:71:75:65:69:64:22:3a:22:30:30:3a:31:37:3a:38:38:3a:30:31:3a:30:32:3a:38:30:3a:66:32:3a:38:61:2d:30:62:22:2c:22:73:77:76:65:72:73:69:6f:6e:22:3a:22:31:2e:31:35:2e:32:5f:72:31:39:31:38:31:22:2c:22:73:77:63:6f:6e:66:69:67:69:64:22:3a:22:44:31:44:32:30:35:35:46:22:2c:22:70:72:6f:64:75:63:74:69:64:22:3a:22:50:68:69:6c:69:70:73:2d:4c:57:42:30:31:34:2d:31:2d:41:31:39:44:4c:76:33:22:7d:7d" - }, - "tcp.segments": { - "tcp.segment": "4300", - "tcp.segment": "4301", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1118", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:61:63:68:65:2d:43:6f:6e:74:72:6f:6c:3a:20:6e:6f:2d:73:74:6f:72:65:2c:20:6e:6f:2d:63:61:63:68:65:2c:20:6d:75:73:74:2d:72:65:76:61:6c:69:64:61:74:65:2c:20:70:6f:73:74:2d:63:68:65:63:6b:3d:30:2c:20:70:72:65:2d:63:68:65:63:6b:3d:30:0d:0a:50:72:61:67:6d:61:3a:20:6e:6f:2d:63:61:63:68:65:0d:0a:45:78:70:69:72:65:73:3a:20:4d:6f:6e:2c:20:31:20:41:75:67:20:32:30:31:31:20:30:39:3a:30:30:3a:30:30:20:47:4d:54:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:41:63:63:65:73:73:2d:43:6f:6e:74:72:6f:6c:2d:4d:61:78:2d:41:67:65:3a:20:33:36:30:30:0d:0a:41:63:63:65:73:73:2d:43:6f:6e:74:72:6f:6c:2d:41:6c:6c:6f:77:2d:4f:72:69:67:69:6e:3a:20:2a:0d:0a:41:63:63:65:73:73:2d:43:6f:6e:74:72:6f:6c:2d:41:6c:6c:6f:77:2d:43:72:65:64:65:6e:74:69:61:6c:73:3a:20:74:72:75:65:0d:0a:41:63:63:65:73:73:2d:43:6f:6e:74:72:6f:6c:2d:41:6c:6c:6f:77:2d:4d:65:74:68:6f:64:73:3a:20:50:4f:53:54:2c:20:47:45:54:2c:20:4f:50:54:49:4f:4e:53:2c:20:50:55:54:2c:20:44:45:4c:45:54:45:2c:20:48:45:41:44:0d:0a:41:63:63:65:73:73:2d:43:6f:6e:74:72:6f:6c:2d:41:6c:6c:6f:77:2d:48:65:61:64:65:72:73:3a:20:43:6f:6e:74:65:6e:74:2d:54:79:70:65:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:6a:73:6f:6e:0d:0a:0d:0a:7b:22:31:22:3a:7b:22:73:74:61:74:65:22:3a:7b:22:6f:6e:22:3a:74:72:75:65:2c:22:62:72:69:22:3a:32:35:2c:22:61:6c:65:72:74:22:3a:22:6e:6f:6e:65:22:2c:22:72:65:61:63:68:61:62:6c:65:22:3a:74:72:75:65:7d:2c:22:73:77:75:70:64:61:74:65:22:3a:7b:22:73:74:61:74:65:22:3a:22:6e:6f:75:70:64:61:74:65:73:22:2c:22:6c:61:73:74:69:6e:73:74:61:6c:6c:22:3a:6e:75:6c:6c:7d:2c:22:74:79:70:65:22:3a:22:44:69:6d:6d:61:62:6c:65:20:6c:69:67:68:74:22:2c:22:6e:61:6d:65:22:3a:22:48:75:65:20:77:68:69:74:65:20:6c:61:6d:70:20:31:22:2c:22:6d:6f:64:65:6c:69:64:22:3a:22:4c:57:42:30:31:34:22:2c:22:6d:61:6e:75:66:61:63:74:75:72:65:72:6e:61:6d:65:22:3a:22:50:68:69:6c:69:70:73:22:2c:22:75:6e:69:71:75:65:69:64:22:3a:22:30:30:3a:31:37:3a:38:38:3a:30:31:3a:30:32:3a:38:33:3a:63:62:3a:38:63:2d:30:62:22:2c:22:73:77:76:65:72:73:69:6f:6e:22:3a:22:31:2e:31:35:2e:32:5f:72:31:39:31:38:31:22:2c:22:73:77:63:6f:6e:66:69:67:69:64:22:3a:22:44:31:44:32:30:35:35:46:22:2c:22:70:72:6f:64:75:63:74:69:64:22:3a:22:50:68:69:6c:69:70:73:2d:4c:57:42:30:31:34:2d:31:2d:41:31:39:44:4c:76:33:22:7d:2c:22:32:22:3a:7b:22:73:74:61:74:65:22:3a:7b:22:6f:6e:22:3a:74:72:75:65:2c:22:62:72:69:22:3a:33:30:2c:22:61:6c:65:72:74:22:3a:22:6e:6f:6e:65:22:2c:22:72:65:61:63:68:61:62:6c:65:22:3a:74:72:75:65:7d:2c:22:73:77:75:70:64:61:74:65:22:3a:7b:22:73:74:61:74:65:22:3a:22:6e:6f:75:70:64:61:74:65:73:22:2c:22:6c:61:73:74:69:6e:73:74:61:6c:6c:22:3a:6e:75:6c:6c:7d:2c:22:74:79:70:65:22:3a:22:44:69:6d:6d:61:62:6c:65:20:6c:69:67:68:74:22:2c:22:6e:61:6d:65:22:3a:22:48:75:65:20:77:68:69:74:65:20:6c:61:6d:70:20:32:22:2c:22:6d:6f:64:65:6c:69:64:22:3a:22:4c:57:42:30:31:34:22:2c:22:6d:61:6e:75:66:61:63:74:75:72:65:72:6e:61:6d:65:22:3a:22:50:68:69:6c:69:70:73:22:2c:22:75:6e:69:71:75:65:69:64:22:3a:22:30:30:3a:31:37:3a:38:38:3a:30:31:3a:30:32:3a:38:30:3a:66:32:3a:38:61:2d:30:62:22:2c:22:73:77:76:65:72:73:69:6f:6e:22:3a:22:31:2e:31:35:2e:32:5f:72:31:39:31:38:31:22:2c:22:73:77:63:6f:6e:66:69:67:69:64:22:3a:22:44:31:44:32:30:35:35:46:22:2c:22:70:72:6f:64:75:63:74:69:64:22:3a:22:50:68:69:6c:69:70:73:2d:4c:57:42:30:31:34:2d:31:2d:41:31:39:44:4c:76:33:22:7d:7d" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.cache_control": "no-store, no-cache, must-revalidate, post-check=0, pre-check=0", - "http.response.line": "Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\n", - "http.response.line": "Pragma: no-cache\r\n", - "http.response.line": "Expires: Mon, 1 Aug 2011 09:00:00 GMT\r\n", - "http.connection": "close", - "http.response.line": "Connection: close\r\n", - "http.response.line": "Access-Control-Max-Age: 3600\r\n", - "http.response.line": "Access-Control-Allow-Origin: *\r\n", - "http.response.line": "Access-Control-Allow-Credentials: true\r\n", - "http.response.line": "Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE, HEAD\r\n", - "http.response.line": "Access-Control-Allow-Headers: Content-Type\r\n", - "http.content_type": "application\/json", - "http.response.line": "Content-type: application\/json\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.002621000", - "http.request_in": "4297", - "http.file_data": "{\"1\":{\"state\":{\"on\":true,\"bri\":25,\"alert\":\"none\",\"reachable\":true},\"swupdate\":{\"state\":\"noupdates\",\"lastinstall\":null},\"type\":\"Dimmable light\",\"name\":\"Hue white lamp 1\",\"modelid\":\"LWB014\",\"manufacturername\":\"Philips\",\"uniqueid\":\"00:17:88:01:02:83:cb:8c-0b\",\"swversion\":\"1.15.2_r19181\",\"swconfigid\":\"D1D2055F\",\"productid\":\"Philips-LWB014-1-A19DLv3\"},\"2\":{\"state\":{\"on\":true,\"bri\":30,\"alert\":\"none\",\"reachable\":true},\"swupdate\":{\"state\":\"noupdates\",\"lastinstall\":null},\"type\":\"Dimmable light\",\"name\":\"Hue white lamp 2\",\"modelid\":\"LWB014\",\"manufacturername\":\"Philips\",\"uniqueid\":\"00:17:88:01:02:80:f2:8a-0b\",\"swversion\":\"1.15.2_r19181\",\"swconfigid\":\"D1D2055F\",\"productid\":\"Philips-LWB014-1-A19DLv3\"}}" - }, - "json": { - "json.object": { - "json.member": { - "json.object": { - "json.member": { - "json.object": { - "json.member": { - "json.value.true": "", - "json.key": "on" - }, - "json.member": { - "json.value.number": "25", - "json.key": "bri" - }, - "json.member": { - "json.value.string": "none", - "json.key": "alert" - }, - "json.member": { - "json.value.true": "", - "json.key": "reachable" - } - }, - "json.key": "state" - }, - "json.member": { - "json.object": { - "json.member": { - "json.value.string": "noupdates", - "json.key": "state" - }, - "json.member": { - "json.value.null": "", - "json.key": "lastinstall" - } - }, - "json.key": "swupdate" - }, - "json.member": { - "json.value.string": "Dimmable light", - "json.key": "type" - }, - "json.member": { - "json.value.string": "Hue white lamp 1", - "json.key": "name" - }, - "json.member": { - "json.value.string": "LWB014", - "json.key": "modelid" - }, - "json.member": { - "json.value.string": "Philips", - "json.key": "manufacturername" - }, - "json.member": { - "json.value.string": "00:17:88:01:02:83:cb:8c-0b", - "json.key": "uniqueid" - }, - "json.member": { - "json.value.string": "1.15.2_r19181", - "json.key": "swversion" - }, - "json.member": { - "json.value.string": "D1D2055F", - "json.key": "swconfigid" - }, - "json.member": { - "json.value.string": "Philips-LWB014-1-A19DLv3", - "json.key": "productid" - } - }, - "json.key": "1" - }, - "json.member": { - "json.object": { - "json.member": { - "json.object": { - "json.member": { - "json.value.true": "", - "json.key": "on" - }, - "json.member": { - "json.value.number": "30", - "json.key": "bri" - }, - "json.member": { - "json.value.string": "none", - "json.key": "alert" - }, - "json.member": { - "json.value.true": "", - "json.key": "reachable" - } - }, - "json.key": "state" - }, - "json.member": { - "json.object": { - "json.member": { - "json.value.string": "noupdates", - "json.key": "state" - }, - "json.member": { - "json.value.null": "", - "json.key": "lastinstall" - } - }, - "json.key": "swupdate" - }, - "json.member": { - "json.value.string": "Dimmable light", - "json.key": "type" - }, - "json.member": { - "json.value.string": "Hue white lamp 2", - "json.key": "name" - }, - "json.member": { - "json.value.string": "LWB014", - "json.key": "modelid" - }, - "json.member": { - "json.value.string": "Philips", - "json.key": "manufacturername" - }, - "json.member": { - "json.value.string": "00:17:88:01:02:80:f2:8a-0b", - "json.key": "uniqueid" - }, - "json.member": { - "json.value.string": "1.15.2_r19181", - "json.key": "swversion" - }, - "json.member": { - "json.value.string": "D1D2055F", - "json.key": "swconfigid" - }, - "json.member": { - "json.value.string": "Philips-LWB014-1-A19DLv3", - "json.key": "productid" - } - }, - "json.key": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:16.353605000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494776.353605000", - "frame.time_delta": "0.007748000", - "frame.time_delta_displayed": "0.007748000", - "frame.time_relative": "1184.892919000", - "frame.number": "4302", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "68:37:e9:d2:26:0d", - "eth.src_tree": { - "eth.src_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00006040", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000057bc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.src_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "56889", - "tcp.dstport": "80", - "tcp.port": "56889", - "tcp.port": "80", - "tcp.stream": "166", - "tcp.len": "0", - "tcp.seq": "104", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1369", - "tcp.window_size": "87616", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x00007017", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4300", - "tcp.analysis.ack_rtt": "0.009309000", - "tcp.analysis.initial_rtt": "0.027741000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:16.353638000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494776.353638000", - "frame.time_delta": "0.000033000", - "frame.time_delta_displayed": "0.000033000", - "frame.time_relative": "1184.892952000", - "frame.number": "4303", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "68:37:e9:d2:26:0d", - "eth.src_tree": { - "eth.src_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000109e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a75e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.src_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "56890", - "tcp.dstport": "80", - "tcp.port": "56890", - "tcp.port": "80", - "tcp.stream": "167", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1369", - "tcp.window_size": "87616", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000c2ba", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4298", - "tcp.analysis.ack_rtt": "0.010241000", - "tcp.analysis.initial_rtt": "0.010791000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:16.353658000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494776.353658000", - "frame.time_delta": "0.000020000", - "frame.time_delta_displayed": "0.000020000", - "frame.time_relative": "1184.892972000", - "frame.number": "4304", - "frame.len": "121", - "frame.cap_len": "121", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "68:37:e9:d2:26:0d", - "eth.src_tree": { - "eth.src_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "107", - "ip.id": "0x0000109f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a71a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.src_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "56890", - "tcp.dstport": "80", - "tcp.port": "56890", - "tcp.port": "80", - "tcp.stream": "167", - "tcp.len": "67", - "tcp.seq": "1", - "tcp.nxtseq": "68", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1369", - "tcp.window_size": "87616", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x00001b87", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.010791000", - "tcp.analysis.bytes_in_flight": "67", - "tcp.analysis.push_bytes_sent": "67" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.accept": "*\/*", - "http.request.line": "Accept: *\/*\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:16.353698000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494776.353698000", - "frame.time_delta": "0.000040000", - "frame.time_delta_displayed": "0.000040000", - "frame.time_relative": "1184.893012000", - "frame.number": "4305", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "68:37:e9:d2:26:0d", - "eth.src_tree": { - "eth.src_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00006041", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000057bb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.src_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "56889", - "tcp.dstport": "80", - "tcp.port": "56889", - "tcp.port": "80", - "tcp.stream": "166", - "tcp.len": "0", - "tcp.seq": "104", - "tcp.ack": "1120", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1404", - "tcp.window_size": "89856", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x00006ba6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4301", - "tcp.analysis.ack_rtt": "0.007841000", - "tcp.analysis.initial_rtt": "0.027741000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:16.354266000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494776.354266000", - "frame.time_delta": "0.000568000", - "frame.time_delta_displayed": "0.000568000", - "frame.time_relative": "1184.893580000", - "frame.number": "4306", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "68:37:e9:d2:26:0d", - "eth.dst_tree": { - "eth.dst_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000041c9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007633", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.dst_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "56890", - "tcp.port": "80", - "tcp.port": "56890", - "tcp.stream": "167", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "68", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3650", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000b98e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4304", - "tcp.analysis.ack_rtt": "0.000608000", - "tcp.analysis.initial_rtt": "0.010791000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:16.354835000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494776.354835000", - "frame.time_delta": "0.000569000", - "frame.time_delta_displayed": "0.000569000", - "frame.time_relative": "1184.894149000", - "frame.number": "4307", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "68:37:e9:d2:26:0d", - "eth.src_tree": { - "eth.src_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00006042", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000057ba", - "ip.checksum.status": "2", - "ip.src": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.src_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "56889", - "tcp.dstport": "80", - "tcp.port": "56889", - "tcp.port": "80", - "tcp.stream": "166", - "tcp.len": "0", - "tcp.seq": "104", - "tcp.ack": "1120", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "1404", - "tcp.window_size": "89856", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x00006ba5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:16.355276000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494776.355276000", - "frame.time_delta": "0.000441000", - "frame.time_delta_displayed": "0.000441000", - "frame.time_relative": "1184.894590000", - "frame.number": "4308", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "68:37:e9:d2:26:0d", - "eth.dst_tree": { - "eth.dst_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000ffc6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b835", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.dst_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "56889", - "tcp.port": "80", - "tcp.port": "56889", - "tcp.stream": "166", - "tcp.len": "0", - "tcp.seq": "1120", - "tcp.ack": "105", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3650", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000062df", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4307", - "tcp.analysis.ack_rtt": "0.000441000", - "tcp.analysis.initial_rtt": "0.027741000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:16.356388000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494776.356388000", - "frame.time_delta": "0.001112000", - "frame.time_delta_displayed": "0.001112000", - "frame.time_relative": "1184.895702000", - "frame.number": "4309", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "68:37:e9:d2:26:0d", - "eth.dst_tree": { - "eth.dst_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x000041ca", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007621", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.dst_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "56890", - "tcp.port": "80", - "tcp.port": "56890", - "tcp.stream": "167", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "68", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3650", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000f9af", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.010791000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:16.356778000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494776.356778000", - "frame.time_delta": "0.000390000", - "frame.time_delta_displayed": "0.000390000", - "frame.time_relative": "1184.896092000", - "frame.number": "4310", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "68:37:e9:d2:26:0d", - "eth.dst_tree": { - "eth.dst_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x000041cb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000724e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.dst_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "56890", - "tcp.port": "80", - "tcp.port": "56890", - "tcp.stream": "167", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "68", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3650", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00004c19", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.010791000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "4309", - "tcp.segment": "4310", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.003120000", - "http.request_in": "4304", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:16.358019000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494776.358019000", - "frame.time_delta": "0.001241000", - "frame.time_delta_displayed": "0.001241000", - "frame.time_relative": "1184.897333000", - "frame.number": "4311", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "68:37:e9:d2:26:0d", - "eth.src_tree": { - "eth.src_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000010a0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a75c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.src_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "56890", - "tcp.dstport": "80", - "tcp.port": "56890", - "tcp.port": "80", - "tcp.stream": "167", - "tcp.len": "0", - "tcp.seq": "68", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1369", - "tcp.window_size": "87616", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000c266", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4309", - "tcp.analysis.ack_rtt": "0.001631000", - "tcp.analysis.initial_rtt": "0.010791000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:16.358244000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494776.358244000", - "frame.time_delta": "0.000225000", - "frame.time_delta_displayed": "0.000225000", - "frame.time_relative": "1184.897558000", - "frame.number": "4312", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "68:37:e9:d2:26:0d", - "eth.src_tree": { - "eth.src_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000010a1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a75b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.src_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "56890", - "tcp.dstport": "80", - "tcp.port": "56890", - "tcp.port": "80", - "tcp.stream": "167", - "tcp.len": "0", - "tcp.seq": "68", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1400", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000be63", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4310", - "tcp.analysis.ack_rtt": "0.001466000", - "tcp.analysis.initial_rtt": "0.010791000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:16.382316000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494776.382316000", - "frame.time_delta": "0.024072000", - "frame.time_delta_displayed": "0.024072000", - "frame.time_relative": "1184.921630000", - "frame.number": "4313", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "68:37:e9:d2:26:0d", - "eth.src_tree": { - "eth.src_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000010a2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a75a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.src_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "56890", - "tcp.dstport": "80", - "tcp.port": "56890", - "tcp.port": "80", - "tcp.stream": "167", - "tcp.len": "0", - "tcp.seq": "68", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "1400", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000be62", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:16.382823000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494776.382823000", - "frame.time_delta": "0.000507000", - "frame.time_delta_displayed": "0.000507000", - "frame.time_relative": "1184.922137000", - "frame.number": "4314", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "68:37:e9:d2:26:0d", - "eth.dst_tree": { - "eth.dst_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000ffc8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b833", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.dst_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "56890", - "tcp.port": "80", - "tcp.port": "56890", - "tcp.stream": "167", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "69", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3650", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000b598", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4313", - "tcp.analysis.ack_rtt": "0.000507000", - "tcp.analysis.initial_rtt": "0.010791000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:16.940729000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494776.940729000", - "frame.time_delta": "0.557906000", - "frame.time_delta_displayed": "0.557906000", - "frame.time_relative": "1185.480043000", - "frame.number": "4315", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "68:37:e9:d2:26:0d", - "eth.dst_tree": { - "eth.dst_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00007a3d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003c97", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.dst_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50000", - "udp.port": "1900", - "udp.port": "50000", - "udp.length": "305", - "udp.checksum": "0x00000154", - "udp.checksum.status": "2", - "udp.stream": "105" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "4", - "http.prev_response_in": "4281" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:16.993573000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494776.993573000", - "frame.time_delta": "0.052844000", - "frame.time_delta_displayed": "0.052844000", - "frame.time_relative": "1185.532887000", - "frame.number": "4316", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "68:37:e9:d2:26:0d", - "eth.dst_tree": { - "eth.dst_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00007a42", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003c89", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.dst_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50000", - "udp.port": "1900", - "udp.port": "50000", - "udp.length": "314", - "udp.checksum": "0x00000f3f", - "udp.checksum.status": "2", - "udp.stream": "105" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "5", - "http.prev_response_in": "4315" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:17.025519000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494777.025519000", - "frame.time_delta": "0.031946000", - "frame.time_delta_displayed": "0.031946000", - "frame.time_relative": "1185.564833000", - "frame.number": "4317", - "frame.len": "83", - "frame.cap_len": "83", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "69", - "ip.id": "0x0000438f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000095ff", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "49", - "udp.checksum": "0x0000edf6", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_smartthings._tcp.local", - "dns.qry.name.len": "23", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:17.033196000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494777.033196000", - "frame.time_delta": "0.007677000", - "frame.time_delta_displayed": "0.007677000", - "frame.time_relative": "1185.572510000", - "frame.number": "4318", - "frame.len": "211", - "frame.cap_len": "211", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "197", - "ip.id": "0x00005727", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000816a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "177", - "udp.checksum": "0x00009320", - "udp.checksum.status": "2", - "udp.stream": "45" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00008400", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "1", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.recavail": "0", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "0", - "dns.count.answers": "4", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Answers": { - "_smartthings._tcp.local: type PTR, class IN, D052A8A1D7EE0001._smartthings._tcp.local": { - "dns.resp.name": "_smartthings._tcp.local", - "dns.resp.type": "12", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "4500", - "dns.resp.len": "19", - "dns.ptr.domain_name": "D052A8A1D7EE0001._smartthings._tcp.local" - }, - "D052A8A1D7EE0001._smartthings._tcp.local: type TXT, class IN, cache flush": { - "dns.resp.name": "D052A8A1D7EE0001._smartthings._tcp.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "1", - "dns.resp.ttl": "4500", - "dns.resp.len": "38", - "dns.txt.length": "6", - "dns.txt": "path=\/", - "dns.txt.length": "19", - "dns.txt": "id=D052A8A1D7EE0001", - "dns.txt.length": "10", - "dns.txt": "type=hubv2" - }, - "D052A8A1D7EE0001._smartthings._tcp.local: type SRV, class IN, cache flush, priority 0, weight 0, port 8081, target D052A8A1D7EE0001.local": { - "dns.srv.service": "D052A8A1D7EE0001", - "dns.srv.proto": "_smartthings", - "dns.srv.name": "_tcp.local", - "dns.resp.type": "33", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "1", - "dns.resp.ttl": "120", - "dns.resp.len": "25", - "dns.srv.priority": "0", - "dns.srv.weight": "0", - "dns.srv.port": "8081", - "dns.srv.target": "D052A8A1D7EE0001.local" - }, - "D052A8A1D7EE0001.local: type A, class IN, cache flush, addr 192.168.0.242": { - "dns.resp.name": "D052A8A1D7EE0001.local", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "1", - "dns.resp.ttl": "120", - "dns.resp.len": "4", - "dns.a": "192.168.0.242" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:17.046448000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494777.046448000", - "frame.time_delta": "0.013252000", - "frame.time_delta_displayed": "0.013252000", - "frame.time_relative": "1185.585762000", - "frame.number": "4319", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "68:37:e9:d2:26:0d", - "eth.dst_tree": { - "eth.dst_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00007a45", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003c8c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.dst_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50000", - "udp.port": "1900", - "udp.port": "50000", - "udp.length": "308", - "udp.checksum": "0x000032c9", - "udp.checksum.status": "2", - "udp.stream": "105" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "6", - "http.prev_response_in": "4316" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:17.053045000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494777.053045000", - "frame.time_delta": "0.006597000", - "frame.time_delta_displayed": "0.006597000", - "frame.time_relative": "1185.592359000", - "frame.number": "4320", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "68:37:e9:d2:26:0d", - "eth.src_tree": { - "eth.src_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x000014c2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a326", - "ip.checksum.status": "2", - "ip.src": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.src_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "56891", - "tcp.dstport": "80", - "tcp.port": "56891", - "tcp.port": "80", - "tcp.stream": "168", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x0000f490", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:03:c1:b9:b8:00:00:00:00:01:03:03:06", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 63027640, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "63027640", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 6 (multiply by 64)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "6", - "tcp.options.wscale.multiplier": "64" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:17.053611000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494777.053611000", - "frame.time_delta": "0.000566000", - "frame.time_delta_displayed": "0.000566000", - "frame.time_relative": "1185.592925000", - "frame.number": "4321", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "68:37:e9:d2:26:0d", - "eth.dst_tree": { - "eth.dst_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b7f0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.dst_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "56891", - "tcp.port": "80", - "tcp.port": "56891", - "tcp.stream": "168", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000ae4a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4320", - "tcp.analysis.ack_rtt": "0.000566000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:17.055865000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494777.055865000", - "frame.time_delta": "0.002254000", - "frame.time_delta_displayed": "0.002254000", - "frame.time_relative": "1185.595179000", - "frame.number": "4322", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "68:37:e9:d2:26:0d", - "eth.src_tree": { - "eth.src_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000014c3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a339", - "ip.checksum.status": "2", - "ip.src": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.src_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "56891", - "tcp.dstport": "80", - "tcp.port": "56891", - "tcp.port": "80", - "tcp.stream": "168", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1369", - "tcp.window_size": "87616", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x00005bd0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4321", - "tcp.analysis.ack_rtt": "0.002254000", - "tcp.analysis.initial_rtt": "0.002820000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:17.056189000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494777.056189000", - "frame.time_delta": "0.000324000", - "frame.time_delta_displayed": "0.000324000", - "frame.time_relative": "1185.595503000", - "frame.number": "4323", - "frame.len": "121", - "frame.cap_len": "121", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "68:37:e9:d2:26:0d", - "eth.src_tree": { - "eth.src_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "107", - "ip.id": "0x000014c4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a2f5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.src_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "56891", - "tcp.dstport": "80", - "tcp.port": "56891", - "tcp.port": "80", - "tcp.stream": "168", - "tcp.len": "67", - "tcp.seq": "1", - "tcp.nxtseq": "68", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1369", - "tcp.window_size": "87616", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000b49c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002820000", - "tcp.analysis.bytes_in_flight": "67", - "tcp.analysis.push_bytes_sent": "67" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.accept": "*\/*", - "http.request.line": "Accept: *\/*\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:17.056668000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494777.056668000", - "frame.time_delta": "0.000479000", - "frame.time_delta_displayed": "0.000479000", - "frame.time_relative": "1185.595982000", - "frame.number": "4324", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "68:37:e9:d2:26:0d", - "eth.dst_tree": { - "eth.dst_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000075cb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004231", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.dst_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "56891", - "tcp.port": "80", - "tcp.port": "56891", - "tcp.stream": "168", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "68", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3650", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000052a4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4323", - "tcp.analysis.ack_rtt": "0.000479000", - "tcp.analysis.initial_rtt": "0.002820000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:17.057079000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494777.057079000", - "frame.time_delta": "0.000411000", - "frame.time_delta_displayed": "0.000411000", - "frame.time_relative": "1185.596393000", - "frame.number": "4325", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "68:37:e9:d2:26:0d", - "eth.dst_tree": { - "eth.dst_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x000075cc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000421f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.dst_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "56891", - "tcp.port": "80", - "tcp.port": "56891", - "tcp.stream": "168", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "68", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3650", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000092c5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002820000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:17.057438000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494777.057438000", - "frame.time_delta": "0.000359000", - "frame.time_delta_displayed": "0.000359000", - "frame.time_relative": "1185.596752000", - "frame.number": "4326", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "68:37:e9:d2:26:0d", - "eth.dst_tree": { - "eth.dst_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x000075cd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003e4c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.dst_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "56891", - "tcp.port": "80", - "tcp.port": "56891", - "tcp.stream": "168", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "68", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3650", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000e52e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002820000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "4325", - "tcp.segment": "4326", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001249000", - "http.request_in": "4323", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:17.058797000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494777.058797000", - "frame.time_delta": "0.001359000", - "frame.time_delta_displayed": "0.001359000", - "frame.time_relative": "1185.598111000", - "frame.number": "4327", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "68:37:e9:d2:26:0d", - "eth.src_tree": { - "eth.src_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000014c5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a337", - "ip.checksum.status": "2", - "ip.src": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.src_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "56891", - "tcp.dstport": "80", - "tcp.port": "56891", - "tcp.port": "80", - "tcp.stream": "168", - "tcp.len": "0", - "tcp.seq": "68", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1369", - "tcp.window_size": "87616", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x00005b7c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4325", - "tcp.analysis.ack_rtt": "0.001718000", - "tcp.analysis.initial_rtt": "0.002820000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:17.059101000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494777.059101000", - "frame.time_delta": "0.000304000", - "frame.time_delta_displayed": "0.000304000", - "frame.time_relative": "1185.598415000", - "frame.number": "4328", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "68:37:e9:d2:26:0d", - "eth.src_tree": { - "eth.src_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000014c6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a336", - "ip.checksum.status": "2", - "ip.src": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.src_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "56891", - "tcp.dstport": "80", - "tcp.port": "56891", - "tcp.port": "80", - "tcp.stream": "168", - "tcp.len": "0", - "tcp.seq": "68", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1400", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x00005779", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4326", - "tcp.analysis.ack_rtt": "0.001663000", - "tcp.analysis.initial_rtt": "0.002820000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:17.065526000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494777.065526000", - "frame.time_delta": "0.006425000", - "frame.time_delta_displayed": "0.006425000", - "frame.time_relative": "1185.604840000", - "frame.number": "4329", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "68:37:e9:d2:26:0d", - "eth.src_tree": { - "eth.src_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000014c7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a335", - "ip.checksum.status": "2", - "ip.src": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.src_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "56891", - "tcp.dstport": "80", - "tcp.port": "56891", - "tcp.port": "80", - "tcp.stream": "168", - "tcp.len": "0", - "tcp.seq": "68", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "1400", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x00005778", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:17.066004000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494777.066004000", - "frame.time_delta": "0.000478000", - "frame.time_delta_displayed": "0.000478000", - "frame.time_relative": "1185.605318000", - "frame.number": "4330", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "68:37:e9:d2:26:0d", - "eth.dst_tree": { - "eth.dst_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000ffe9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b812", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.dst_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "56891", - "tcp.port": "80", - "tcp.port": "56891", - "tcp.stream": "168", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "69", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3650", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00004eae", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4329", - "tcp.analysis.ack_rtt": "0.000478000", - "tcp.analysis.initial_rtt": "0.002820000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:17.201776000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494777.201776000", - "frame.time_delta": "0.135772000", - "frame.time_delta_displayed": "0.135772000", - "frame.time_relative": "1185.741090000", - "frame.number": "4331", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "68:37:e9:d2:26:0d", - "eth.src_tree": { - "eth.src_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x0000827f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003569", - "ip.checksum.status": "2", - "ip.src": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.src_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "56892", - "tcp.dstport": "80", - "tcp.port": "56892", - "tcp.port": "80", - "tcp.stream": "169", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x0000fd19", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:03:c1:b9:c7:00:00:00:00:01:03:03:06", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 63027655, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "63027655", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 6 (multiply by 64)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "6", - "tcp.options.wscale.multiplier": "64" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:17.202345000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494777.202345000", - "frame.time_delta": "0.000569000", - "frame.time_delta_displayed": "0.000569000", - "frame.time_relative": "1185.741659000", - "frame.number": "4332", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "68:37:e9:d2:26:0d", - "eth.dst_tree": { - "eth.dst_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b7f0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.dst_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "56892", - "tcp.port": "80", - "tcp.port": "56892", - "tcp.stream": "169", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x000024f5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4331", - "tcp.analysis.ack_rtt": "0.000569000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:17.203696000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494777.203696000", - "frame.time_delta": "0.001351000", - "frame.time_delta_displayed": "0.001351000", - "frame.time_relative": "1185.743010000", - "frame.number": "4333", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "68:37:e9:d2:26:0d", - "eth.src_tree": { - "eth.src_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00008280", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000357c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.src_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "56892", - "tcp.dstport": "80", - "tcp.port": "56892", - "tcp.port": "80", - "tcp.stream": "169", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1369", - "tcp.window_size": "87616", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000d27a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4332", - "tcp.analysis.ack_rtt": "0.001351000", - "tcp.analysis.initial_rtt": "0.001920000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:17.203945000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494777.203945000", - "frame.time_delta": "0.000249000", - "frame.time_delta_displayed": "0.000249000", - "frame.time_relative": "1185.743259000", - "frame.number": "4334", - "frame.len": "157", - "frame.cap_len": "157", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "68:37:e9:d2:26:0d", - "eth.src_tree": { - "eth.src_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "143", - "ip.id": "0x00008281", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003514", - "ip.checksum.status": "2", - "ip.src": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.src_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "56892", - "tcp.dstport": "80", - "tcp.port": "56892", - "tcp.port": "80", - "tcp.stream": "169", - "tcp.len": "103", - "tcp.seq": "1", - "tcp.nxtseq": "104", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1369", - "tcp.window_size": "87616", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x000057a0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.001920000", - "tcp.analysis.bytes_in_flight": "103", - "tcp.analysis.push_bytes_sent": "103" - } - }, - "http": { - "GET \/api\/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j\/lights HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/api\/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j\/lights HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/api\/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j\/lights", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.accept": "*\/*", - "http.request.line": "Accept: *\/*\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/api\/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j\/lights", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:17.204402000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494777.204402000", - "frame.time_delta": "0.000457000", - "frame.time_delta_displayed": "0.000457000", - "frame.time_relative": "1185.743716000", - "frame.number": "4335", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "68:37:e9:d2:26:0d", - "eth.dst_tree": { - "eth.dst_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000f905", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000bef6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.dst_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "56892", - "tcp.port": "80", - "tcp.port": "56892", - "tcp.stream": "169", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "104", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3650", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000c92a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4334", - "tcp.analysis.ack_rtt": "0.000457000", - "tcp.analysis.initial_rtt": "0.001920000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:17.204878000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494777.204878000", - "frame.time_delta": "0.000476000", - "frame.time_delta_displayed": "0.000476000", - "frame.time_relative": "1185.744192000", - "frame.number": "4336", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "68:37:e9:d2:26:0d", - "eth.dst_tree": { - "eth.dst_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000f906", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000bee4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.dst_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "56892", - "tcp.port": "80", - "tcp.port": "56892", - "tcp.stream": "169", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "104", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3650", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000094c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.001920000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:17.206444000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494777.206444000", - "frame.time_delta": "0.001566000", - "frame.time_delta_displayed": "0.001566000", - "frame.time_relative": "1185.745758000", - "frame.number": "4337", - "frame.len": "1155", - "frame.cap_len": "1155", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:json" - }, - "eth": { - "eth.dst": "68:37:e9:d2:26:0d", - "eth.dst_tree": { - "eth.dst_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1141", - "ip.id": "0x0000f907", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000baa7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.dst_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "56892", - "tcp.port": "80", - "tcp.port": "56892", - "tcp.stream": "169", - "tcp.len": "1101", - "tcp.seq": "18", - "tcp.nxtseq": "1120", - "tcp.ack": "104", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3650", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000042e2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.001920000", - "tcp.analysis.bytes_in_flight": "1119", - "tcp.analysis.push_bytes_sent": "1101" - }, - "tcp.segment_data": "43:61:63:68:65:2d:43:6f:6e:74:72:6f:6c:3a:20:6e:6f:2d:73:74:6f:72:65:2c:20:6e:6f:2d:63:61:63:68:65:2c:20:6d:75:73:74:2d:72:65:76:61:6c:69:64:61:74:65:2c:20:70:6f:73:74:2d:63:68:65:63:6b:3d:30:2c:20:70:72:65:2d:63:68:65:63:6b:3d:30:0d:0a:50:72:61:67:6d:61:3a:20:6e:6f:2d:63:61:63:68:65:0d:0a:45:78:70:69:72:65:73:3a:20:4d:6f:6e:2c:20:31:20:41:75:67:20:32:30:31:31:20:30:39:3a:30:30:3a:30:30:20:47:4d:54:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:41:63:63:65:73:73:2d:43:6f:6e:74:72:6f:6c:2d:4d:61:78:2d:41:67:65:3a:20:33:36:30:30:0d:0a:41:63:63:65:73:73:2d:43:6f:6e:74:72:6f:6c:2d:41:6c:6c:6f:77:2d:4f:72:69:67:69:6e:3a:20:2a:0d:0a:41:63:63:65:73:73:2d:43:6f:6e:74:72:6f:6c:2d:41:6c:6c:6f:77:2d:43:72:65:64:65:6e:74:69:61:6c:73:3a:20:74:72:75:65:0d:0a:41:63:63:65:73:73:2d:43:6f:6e:74:72:6f:6c:2d:41:6c:6c:6f:77:2d:4d:65:74:68:6f:64:73:3a:20:50:4f:53:54:2c:20:47:45:54:2c:20:4f:50:54:49:4f:4e:53:2c:20:50:55:54:2c:20:44:45:4c:45:54:45:2c:20:48:45:41:44:0d:0a:41:63:63:65:73:73:2d:43:6f:6e:74:72:6f:6c:2d:41:6c:6c:6f:77:2d:48:65:61:64:65:72:73:3a:20:43:6f:6e:74:65:6e:74:2d:54:79:70:65:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:6a:73:6f:6e:0d:0a:0d:0a:7b:22:31:22:3a:7b:22:73:74:61:74:65:22:3a:7b:22:6f:6e:22:3a:74:72:75:65:2c:22:62:72:69:22:3a:32:35:2c:22:61:6c:65:72:74:22:3a:22:6e:6f:6e:65:22:2c:22:72:65:61:63:68:61:62:6c:65:22:3a:74:72:75:65:7d:2c:22:73:77:75:70:64:61:74:65:22:3a:7b:22:73:74:61:74:65:22:3a:22:6e:6f:75:70:64:61:74:65:73:22:2c:22:6c:61:73:74:69:6e:73:74:61:6c:6c:22:3a:6e:75:6c:6c:7d:2c:22:74:79:70:65:22:3a:22:44:69:6d:6d:61:62:6c:65:20:6c:69:67:68:74:22:2c:22:6e:61:6d:65:22:3a:22:48:75:65:20:77:68:69:74:65:20:6c:61:6d:70:20:31:22:2c:22:6d:6f:64:65:6c:69:64:22:3a:22:4c:57:42:30:31:34:22:2c:22:6d:61:6e:75:66:61:63:74:75:72:65:72:6e:61:6d:65:22:3a:22:50:68:69:6c:69:70:73:22:2c:22:75:6e:69:71:75:65:69:64:22:3a:22:30:30:3a:31:37:3a:38:38:3a:30:31:3a:30:32:3a:38:33:3a:63:62:3a:38:63:2d:30:62:22:2c:22:73:77:76:65:72:73:69:6f:6e:22:3a:22:31:2e:31:35:2e:32:5f:72:31:39:31:38:31:22:2c:22:73:77:63:6f:6e:66:69:67:69:64:22:3a:22:44:31:44:32:30:35:35:46:22:2c:22:70:72:6f:64:75:63:74:69:64:22:3a:22:50:68:69:6c:69:70:73:2d:4c:57:42:30:31:34:2d:31:2d:41:31:39:44:4c:76:33:22:7d:2c:22:32:22:3a:7b:22:73:74:61:74:65:22:3a:7b:22:6f:6e:22:3a:74:72:75:65:2c:22:62:72:69:22:3a:33:30:2c:22:61:6c:65:72:74:22:3a:22:6e:6f:6e:65:22:2c:22:72:65:61:63:68:61:62:6c:65:22:3a:74:72:75:65:7d:2c:22:73:77:75:70:64:61:74:65:22:3a:7b:22:73:74:61:74:65:22:3a:22:6e:6f:75:70:64:61:74:65:73:22:2c:22:6c:61:73:74:69:6e:73:74:61:6c:6c:22:3a:6e:75:6c:6c:7d:2c:22:74:79:70:65:22:3a:22:44:69:6d:6d:61:62:6c:65:20:6c:69:67:68:74:22:2c:22:6e:61:6d:65:22:3a:22:48:75:65:20:77:68:69:74:65:20:6c:61:6d:70:20:32:22:2c:22:6d:6f:64:65:6c:69:64:22:3a:22:4c:57:42:30:31:34:22:2c:22:6d:61:6e:75:66:61:63:74:75:72:65:72:6e:61:6d:65:22:3a:22:50:68:69:6c:69:70:73:22:2c:22:75:6e:69:71:75:65:69:64:22:3a:22:30:30:3a:31:37:3a:38:38:3a:30:31:3a:30:32:3a:38:30:3a:66:32:3a:38:61:2d:30:62:22:2c:22:73:77:76:65:72:73:69:6f:6e:22:3a:22:31:2e:31:35:2e:32:5f:72:31:39:31:38:31:22:2c:22:73:77:63:6f:6e:66:69:67:69:64:22:3a:22:44:31:44:32:30:35:35:46:22:2c:22:70:72:6f:64:75:63:74:69:64:22:3a:22:50:68:69:6c:69:70:73:2d:4c:57:42:30:31:34:2d:31:2d:41:31:39:44:4c:76:33:22:7d:7d" - }, - "tcp.segments": { - "tcp.segment": "4336", - "tcp.segment": "4337", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1118", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:61:63:68:65:2d:43:6f:6e:74:72:6f:6c:3a:20:6e:6f:2d:73:74:6f:72:65:2c:20:6e:6f:2d:63:61:63:68:65:2c:20:6d:75:73:74:2d:72:65:76:61:6c:69:64:61:74:65:2c:20:70:6f:73:74:2d:63:68:65:63:6b:3d:30:2c:20:70:72:65:2d:63:68:65:63:6b:3d:30:0d:0a:50:72:61:67:6d:61:3a:20:6e:6f:2d:63:61:63:68:65:0d:0a:45:78:70:69:72:65:73:3a:20:4d:6f:6e:2c:20:31:20:41:75:67:20:32:30:31:31:20:30:39:3a:30:30:3a:30:30:20:47:4d:54:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:41:63:63:65:73:73:2d:43:6f:6e:74:72:6f:6c:2d:4d:61:78:2d:41:67:65:3a:20:33:36:30:30:0d:0a:41:63:63:65:73:73:2d:43:6f:6e:74:72:6f:6c:2d:41:6c:6c:6f:77:2d:4f:72:69:67:69:6e:3a:20:2a:0d:0a:41:63:63:65:73:73:2d:43:6f:6e:74:72:6f:6c:2d:41:6c:6c:6f:77:2d:43:72:65:64:65:6e:74:69:61:6c:73:3a:20:74:72:75:65:0d:0a:41:63:63:65:73:73:2d:43:6f:6e:74:72:6f:6c:2d:41:6c:6c:6f:77:2d:4d:65:74:68:6f:64:73:3a:20:50:4f:53:54:2c:20:47:45:54:2c:20:4f:50:54:49:4f:4e:53:2c:20:50:55:54:2c:20:44:45:4c:45:54:45:2c:20:48:45:41:44:0d:0a:41:63:63:65:73:73:2d:43:6f:6e:74:72:6f:6c:2d:41:6c:6c:6f:77:2d:48:65:61:64:65:72:73:3a:20:43:6f:6e:74:65:6e:74:2d:54:79:70:65:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:6a:73:6f:6e:0d:0a:0d:0a:7b:22:31:22:3a:7b:22:73:74:61:74:65:22:3a:7b:22:6f:6e:22:3a:74:72:75:65:2c:22:62:72:69:22:3a:32:35:2c:22:61:6c:65:72:74:22:3a:22:6e:6f:6e:65:22:2c:22:72:65:61:63:68:61:62:6c:65:22:3a:74:72:75:65:7d:2c:22:73:77:75:70:64:61:74:65:22:3a:7b:22:73:74:61:74:65:22:3a:22:6e:6f:75:70:64:61:74:65:73:22:2c:22:6c:61:73:74:69:6e:73:74:61:6c:6c:22:3a:6e:75:6c:6c:7d:2c:22:74:79:70:65:22:3a:22:44:69:6d:6d:61:62:6c:65:20:6c:69:67:68:74:22:2c:22:6e:61:6d:65:22:3a:22:48:75:65:20:77:68:69:74:65:20:6c:61:6d:70:20:31:22:2c:22:6d:6f:64:65:6c:69:64:22:3a:22:4c:57:42:30:31:34:22:2c:22:6d:61:6e:75:66:61:63:74:75:72:65:72:6e:61:6d:65:22:3a:22:50:68:69:6c:69:70:73:22:2c:22:75:6e:69:71:75:65:69:64:22:3a:22:30:30:3a:31:37:3a:38:38:3a:30:31:3a:30:32:3a:38:33:3a:63:62:3a:38:63:2d:30:62:22:2c:22:73:77:76:65:72:73:69:6f:6e:22:3a:22:31:2e:31:35:2e:32:5f:72:31:39:31:38:31:22:2c:22:73:77:63:6f:6e:66:69:67:69:64:22:3a:22:44:31:44:32:30:35:35:46:22:2c:22:70:72:6f:64:75:63:74:69:64:22:3a:22:50:68:69:6c:69:70:73:2d:4c:57:42:30:31:34:2d:31:2d:41:31:39:44:4c:76:33:22:7d:2c:22:32:22:3a:7b:22:73:74:61:74:65:22:3a:7b:22:6f:6e:22:3a:74:72:75:65:2c:22:62:72:69:22:3a:33:30:2c:22:61:6c:65:72:74:22:3a:22:6e:6f:6e:65:22:2c:22:72:65:61:63:68:61:62:6c:65:22:3a:74:72:75:65:7d:2c:22:73:77:75:70:64:61:74:65:22:3a:7b:22:73:74:61:74:65:22:3a:22:6e:6f:75:70:64:61:74:65:73:22:2c:22:6c:61:73:74:69:6e:73:74:61:6c:6c:22:3a:6e:75:6c:6c:7d:2c:22:74:79:70:65:22:3a:22:44:69:6d:6d:61:62:6c:65:20:6c:69:67:68:74:22:2c:22:6e:61:6d:65:22:3a:22:48:75:65:20:77:68:69:74:65:20:6c:61:6d:70:20:32:22:2c:22:6d:6f:64:65:6c:69:64:22:3a:22:4c:57:42:30:31:34:22:2c:22:6d:61:6e:75:66:61:63:74:75:72:65:72:6e:61:6d:65:22:3a:22:50:68:69:6c:69:70:73:22:2c:22:75:6e:69:71:75:65:69:64:22:3a:22:30:30:3a:31:37:3a:38:38:3a:30:31:3a:30:32:3a:38:30:3a:66:32:3a:38:61:2d:30:62:22:2c:22:73:77:76:65:72:73:69:6f:6e:22:3a:22:31:2e:31:35:2e:32:5f:72:31:39:31:38:31:22:2c:22:73:77:63:6f:6e:66:69:67:69:64:22:3a:22:44:31:44:32:30:35:35:46:22:2c:22:70:72:6f:64:75:63:74:69:64:22:3a:22:50:68:69:6c:69:70:73:2d:4c:57:42:30:31:34:2d:31:2d:41:31:39:44:4c:76:33:22:7d:7d" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.cache_control": "no-store, no-cache, must-revalidate, post-check=0, pre-check=0", - "http.response.line": "Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\n", - "http.response.line": "Pragma: no-cache\r\n", - "http.response.line": "Expires: Mon, 1 Aug 2011 09:00:00 GMT\r\n", - "http.connection": "close", - "http.response.line": "Connection: close\r\n", - "http.response.line": "Access-Control-Max-Age: 3600\r\n", - "http.response.line": "Access-Control-Allow-Origin: *\r\n", - "http.response.line": "Access-Control-Allow-Credentials: true\r\n", - "http.response.line": "Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE, HEAD\r\n", - "http.response.line": "Access-Control-Allow-Headers: Content-Type\r\n", - "http.content_type": "application\/json", - "http.response.line": "Content-type: application\/json\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.002499000", - "http.request_in": "4334", - "http.file_data": "{\"1\":{\"state\":{\"on\":true,\"bri\":25,\"alert\":\"none\",\"reachable\":true},\"swupdate\":{\"state\":\"noupdates\",\"lastinstall\":null},\"type\":\"Dimmable light\",\"name\":\"Hue white lamp 1\",\"modelid\":\"LWB014\",\"manufacturername\":\"Philips\",\"uniqueid\":\"00:17:88:01:02:83:cb:8c-0b\",\"swversion\":\"1.15.2_r19181\",\"swconfigid\":\"D1D2055F\",\"productid\":\"Philips-LWB014-1-A19DLv3\"},\"2\":{\"state\":{\"on\":true,\"bri\":30,\"alert\":\"none\",\"reachable\":true},\"swupdate\":{\"state\":\"noupdates\",\"lastinstall\":null},\"type\":\"Dimmable light\",\"name\":\"Hue white lamp 2\",\"modelid\":\"LWB014\",\"manufacturername\":\"Philips\",\"uniqueid\":\"00:17:88:01:02:80:f2:8a-0b\",\"swversion\":\"1.15.2_r19181\",\"swconfigid\":\"D1D2055F\",\"productid\":\"Philips-LWB014-1-A19DLv3\"}}" - }, - "json": { - "json.object": { - "json.member": { - "json.object": { - "json.member": { - "json.object": { - "json.member": { - "json.value.true": "", - "json.key": "on" - }, - "json.member": { - "json.value.number": "25", - "json.key": "bri" - }, - "json.member": { - "json.value.string": "none", - "json.key": "alert" - }, - "json.member": { - "json.value.true": "", - "json.key": "reachable" - } - }, - "json.key": "state" - }, - "json.member": { - "json.object": { - "json.member": { - "json.value.string": "noupdates", - "json.key": "state" - }, - "json.member": { - "json.value.null": "", - "json.key": "lastinstall" - } - }, - "json.key": "swupdate" - }, - "json.member": { - "json.value.string": "Dimmable light", - "json.key": "type" - }, - "json.member": { - "json.value.string": "Hue white lamp 1", - "json.key": "name" - }, - "json.member": { - "json.value.string": "LWB014", - "json.key": "modelid" - }, - "json.member": { - "json.value.string": "Philips", - "json.key": "manufacturername" - }, - "json.member": { - "json.value.string": "00:17:88:01:02:83:cb:8c-0b", - "json.key": "uniqueid" - }, - "json.member": { - "json.value.string": "1.15.2_r19181", - "json.key": "swversion" - }, - "json.member": { - "json.value.string": "D1D2055F", - "json.key": "swconfigid" - }, - "json.member": { - "json.value.string": "Philips-LWB014-1-A19DLv3", - "json.key": "productid" - } - }, - "json.key": "1" - }, - "json.member": { - "json.object": { - "json.member": { - "json.object": { - "json.member": { - "json.value.true": "", - "json.key": "on" - }, - "json.member": { - "json.value.number": "30", - "json.key": "bri" - }, - "json.member": { - "json.value.string": "none", - "json.key": "alert" - }, - "json.member": { - "json.value.true": "", - "json.key": "reachable" - } - }, - "json.key": "state" - }, - "json.member": { - "json.object": { - "json.member": { - "json.value.string": "noupdates", - "json.key": "state" - }, - "json.member": { - "json.value.null": "", - "json.key": "lastinstall" - } - }, - "json.key": "swupdate" - }, - "json.member": { - "json.value.string": "Dimmable light", - "json.key": "type" - }, - "json.member": { - "json.value.string": "Hue white lamp 2", - "json.key": "name" - }, - "json.member": { - "json.value.string": "LWB014", - "json.key": "modelid" - }, - "json.member": { - "json.value.string": "Philips", - "json.key": "manufacturername" - }, - "json.member": { - "json.value.string": "00:17:88:01:02:80:f2:8a-0b", - "json.key": "uniqueid" - }, - "json.member": { - "json.value.string": "1.15.2_r19181", - "json.key": "swversion" - }, - "json.member": { - "json.value.string": "D1D2055F", - "json.key": "swconfigid" - }, - "json.member": { - "json.value.string": "Philips-LWB014-1-A19DLv3", - "json.key": "productid" - } - }, - "json.key": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:17.207785000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494777.207785000", - "frame.time_delta": "0.001341000", - "frame.time_delta_displayed": "0.001341000", - "frame.time_relative": "1185.747099000", - "frame.number": "4338", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "68:37:e9:d2:26:0d", - "eth.src_tree": { - "eth.src_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00008282", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000357a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.src_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "56892", - "tcp.dstport": "80", - "tcp.port": "56892", - "tcp.port": "80", - "tcp.stream": "169", - "tcp.len": "0", - "tcp.seq": "104", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1369", - "tcp.window_size": "87616", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000d202", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4336", - "tcp.analysis.ack_rtt": "0.002907000", - "tcp.analysis.initial_rtt": "0.001920000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:17.208070000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494777.208070000", - "frame.time_delta": "0.000285000", - "frame.time_delta_displayed": "0.000285000", - "frame.time_relative": "1185.747384000", - "frame.number": "4339", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "68:37:e9:d2:26:0d", - "eth.src_tree": { - "eth.src_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00008283", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003579", - "ip.checksum.status": "2", - "ip.src": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.src_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "56892", - "tcp.dstport": "80", - "tcp.port": "56892", - "tcp.port": "80", - "tcp.stream": "169", - "tcp.len": "0", - "tcp.seq": "104", - "tcp.ack": "1120", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1404", - "tcp.window_size": "89856", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000cd91", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4337", - "tcp.analysis.ack_rtt": "0.001626000", - "tcp.analysis.initial_rtt": "0.001920000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:17.210509000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494777.210509000", - "frame.time_delta": "0.002439000", - "frame.time_delta_displayed": "0.002439000", - "frame.time_relative": "1185.749823000", - "frame.number": "4340", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "68:37:e9:d2:26:0d", - "eth.src_tree": { - "eth.src_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00008284", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003578", - "ip.checksum.status": "2", - "ip.src": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.src_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "56892", - "tcp.dstport": "80", - "tcp.port": "56892", - "tcp.port": "80", - "tcp.stream": "169", - "tcp.len": "0", - "tcp.seq": "104", - "tcp.ack": "1120", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "1404", - "tcp.window_size": "89856", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000cd90", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:17.210984000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494777.210984000", - "frame.time_delta": "0.000475000", - "frame.time_delta_displayed": "0.000475000", - "frame.time_relative": "1185.750298000", - "frame.number": "4341", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "68:37:e9:d2:26:0d", - "eth.dst_tree": { - "eth.dst_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000fff1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b80a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.dst_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "56892", - "tcp.port": "80", - "tcp.port": "56892", - "tcp.stream": "169", - "tcp.len": "0", - "tcp.seq": "1120", - "tcp.ack": "105", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3650", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000c4ca", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4340", - "tcp.analysis.ack_rtt": "0.000475000", - "tcp.analysis.initial_rtt": "0.001920000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:17.251995000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494777.251995000", - "frame.time_delta": "0.041011000", - "frame.time_delta_displayed": "0.041011000", - "frame.time_relative": "1185.791309000", - "frame.number": "4342", - "frame.len": "83", - "frame.cap_len": "83", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "69", - "ip.id": "0x000043a2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000095ec", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "49", - "udp.checksum": "0x0000edf6", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_smartthings._tcp.local", - "dns.qry.name.len": "23", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:17.476968000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494777.476968000", - "frame.time_delta": "0.224973000", - "frame.time_delta_displayed": "0.224973000", - "frame.time_relative": "1186.016282000", - "frame.number": "4343", - "frame.len": "83", - "frame.cap_len": "83", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "69", - "ip.id": "0x000043b0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000095de", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "49", - "udp.checksum": "0x0000edf6", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_smartthings._tcp.local", - "dns.qry.name.len": "23", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:17.634393000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494777.634393000", - "frame.time_delta": "0.157425000", - "frame.time_delta_displayed": "0.157425000", - "frame.time_relative": "1186.173707000", - "frame.number": "4344", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001e0e", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b9e2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000187f", - "udp.checksum.status": "2", - "udp.stream": "98" - }, - "mdns": { - "dns.id": "0x00000277", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=631", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:17.634762000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494777.634762000", - "frame.time_delta": "0.000369000", - "frame.time_delta_displayed": "0.000369000", - "frame.time_relative": "1186.174076000", - "frame.number": "4345", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001e0f", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009add", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f97a", - "udp.checksum.status": "2", - "udp.stream": "99" - }, - "mdns": { - "dns.id": "0x00000277", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=631", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:17.635264000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494777.635264000", - "frame.time_delta": "0.000502000", - "frame.time_delta_displayed": "0.000502000", - "frame.time_relative": "1186.174578000", - "frame.number": "4346", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1322", - "udp.dstport": "5353", - "udp.port": "1322", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00008740", - "udp.checksum.status": "2", - "udp.stream": "100" - }, - "mdns": { - "dns.id": "0x00000277", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=631", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:18.138661000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494778.138661000", - "frame.time_delta": "0.503397000", - "frame.time_delta_displayed": "0.503397000", - "frame.time_relative": "1186.677975000", - "frame.number": "4347", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "68:37:e9:d2:26:0d", - "eth.dst_tree": { - "eth.dst_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00007a89", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003c4b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.dst_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50000", - "udp.port": "1900", - "udp.port": "50000", - "udp.length": "305", - "udp.checksum": "0x00000154", - "udp.checksum.status": "2", - "udp.stream": "105" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "7", - "http.prev_response_in": "4319" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:18.153523000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494778.153523000", - "frame.time_delta": "0.014862000", - "frame.time_delta_displayed": "0.014862000", - "frame.time_relative": "1186.692837000", - "frame.number": "4348", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "68:37:e9:d2:26:0d", - "eth.dst_tree": { - "eth.dst_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00007a8b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003c40", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.dst_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50000", - "udp.port": "1900", - "udp.port": "50000", - "udp.length": "314", - "udp.checksum": "0x00000f3f", - "udp.checksum.status": "2", - "udp.stream": "105" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "8", - "http.prev_response_in": "4347" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:18.206288000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494778.206288000", - "frame.time_delta": "0.052765000", - "frame.time_delta_displayed": "0.052765000", - "frame.time_relative": "1186.745602000", - "frame.number": "4349", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "68:37:e9:d2:26:0d", - "eth.dst_tree": { - "eth.dst_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00007a90", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003c41", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.dst_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50000", - "udp.port": "1900", - "udp.port": "50000", - "udp.length": "308", - "udp.checksum": "0x000032c9", - "udp.checksum.status": "2", - "udp.stream": "105" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "9", - "http.prev_response_in": "4348" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:18.920978000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494778.920978000", - "frame.time_delta": "0.714690000", - "frame.time_delta_displayed": "0.714690000", - "frame.time_relative": "1187.460292000", - "frame.number": "4350", - "frame.len": "136", - "frame.cap_len": "136", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "122", - "ip.id": "0x00004467", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000094f2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "102", - "udp.checksum": "0x0000302a", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000003", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", - "dns.qry.name.len": "70", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:19.153008000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494779.153008000", - "frame.time_delta": "0.232030000", - "frame.time_delta_displayed": "0.232030000", - "frame.time_relative": "1187.692322000", - "frame.number": "4351", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "68:37:e9:d2:26:0d", - "eth.dst_tree": { - "eth.dst_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00007a9e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003c36", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.dst_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50000", - "udp.port": "1900", - "udp.port": "50000", - "udp.length": "305", - "udp.checksum": "0x00000154", - "udp.checksum.status": "2", - "udp.stream": "105" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "10", - "http.prev_response_in": "4349" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:19.205750000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494779.205750000", - "frame.time_delta": "0.052742000", - "frame.time_delta_displayed": "0.052742000", - "frame.time_relative": "1187.745064000", - "frame.number": "4352", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "68:37:e9:d2:26:0d", - "eth.dst_tree": { - "eth.dst_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00007aa1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003c2a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.dst_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50000", - "udp.port": "1900", - "udp.port": "50000", - "udp.length": "314", - "udp.checksum": "0x00000f3f", - "udp.checksum.status": "2", - "udp.stream": "105" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "11", - "http.prev_response_in": "4351" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:19.258552000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494779.258552000", - "frame.time_delta": "0.052802000", - "frame.time_delta_displayed": "0.052802000", - "frame.time_relative": "1187.797866000", - "frame.number": "4353", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "68:37:e9:d2:26:0d", - "eth.dst_tree": { - "eth.dst_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00007aa4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003c2d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.dst_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50000", - "udp.port": "1900", - "udp.port": "50000", - "udp.length": "308", - "udp.checksum": "0x000032c9", - "udp.checksum.status": "2", - "udp.stream": "105" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "12", - "http.prev_response_in": "4352" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:19.521735000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494779.521735000", - "frame.time_delta": "0.263183000", - "frame.time_delta_displayed": "0.263183000", - "frame.time_relative": "1188.061049000", - "frame.number": "4354", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "68:37:e9:d2:26:0d", - "eth.dst_tree": { - "eth.dst_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00007aaf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003c25", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.dst_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50000", - "udp.port": "1900", - "udp.port": "50000", - "udp.length": "305", - "udp.checksum": "0x00000154", - "udp.checksum.status": "2", - "udp.stream": "105" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "13", - "http.prev_response_in": "4353" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:19.574612000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494779.574612000", - "frame.time_delta": "0.052877000", - "frame.time_delta_displayed": "0.052877000", - "frame.time_relative": "1188.113926000", - "frame.number": "4355", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "68:37:e9:d2:26:0d", - "eth.dst_tree": { - "eth.dst_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00007ab1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003c1a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.dst_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50000", - "udp.port": "1900", - "udp.port": "50000", - "udp.length": "314", - "udp.checksum": "0x00000f3f", - "udp.checksum.status": "2", - "udp.stream": "105" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "14", - "http.prev_response_in": "4354" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:19.627372000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494779.627372000", - "frame.time_delta": "0.052760000", - "frame.time_delta_displayed": "0.052760000", - "frame.time_relative": "1188.166686000", - "frame.number": "4356", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "68:37:e9:d2:26:0d", - "eth.dst_tree": { - "eth.dst_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00007ab4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003c1d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.dst_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50000", - "udp.port": "1900", - "udp.port": "50000", - "udp.length": "308", - "udp.checksum": "0x000032c9", - "udp.checksum.status": "2", - "udp.stream": "105" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "15", - "http.prev_response_in": "4355" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:20.534801000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494780.534801000", - "frame.time_delta": "0.907429000", - "frame.time_delta_displayed": "0.907429000", - "frame.time_relative": "1189.074115000", - "frame.number": "4357", - "frame.len": "115", - "frame.cap_len": "115", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "101", - "ip.id": "0x00009615", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007739", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "49", - "tcp.seq": "57446", - "tcp.nxtseq": "57495", - "tcp.ack": "12587", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000e0fc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:81:6b:a7:9f:6a:74", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2523499, TSecr 2812242548": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2523499", - "tcp.options.timestamp.tsecr": "2812242548" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "49", - "tcp.analysis.push_bytes_sent": "49" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "44", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:cc:47:81:3d:c8:95:48:fc:a6:cd:bd:7d:2d:8c:9e:dd:5b:60:de:ef:ec:c4:91:0f:40:dc:ab:9a:e0:93:97:9b:39:cd:12:70:ce" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:20.579237000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494780.579237000", - "frame.time_delta": "0.044436000", - "frame.time_delta_displayed": "0.044436000", - "frame.time_relative": "1189.118551000", - "frame.number": "4358", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "68:37:e9:d2:26:0d", - "eth.dst_tree": { - "eth.dst_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00007aef", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003be5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.dst_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50000", - "udp.port": "1900", - "udp.port": "50000", - "udp.length": "305", - "udp.checksum": "0x00000154", - "udp.checksum.status": "2", - "udp.stream": "105" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "16", - "http.prev_response_in": "4356" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:20.594888000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494780.594888000", - "frame.time_delta": "0.015651000", - "frame.time_delta_displayed": "0.015651000", - "frame.time_relative": "1189.134202000", - "frame.number": "4359", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d17", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003868", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "12587", - "tcp.ack": "57495", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000090c4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9f:84:99:00:26:81:6b", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812249241, TSecr 2523499": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812249241", - "tcp.options.timestamp.tsecr": "2523499" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4357", - "tcp.analysis.ack_rtt": "0.060087000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:20.595383000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494780.595383000", - "frame.time_delta": "0.000495000", - "frame.time_delta_displayed": "0.000495000", - "frame.time_relative": "1189.134697000", - "frame.number": "4360", - "frame.len": "121", - "frame.cap_len": "121", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "107", - "ip.id": "0x00002d18", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003830", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "55", - "tcp.seq": "12587", - "tcp.nxtseq": "12642", - "tcp.ack": "57495", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000c254", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9f:84:99:00:26:81:6b", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812249241, TSecr 2523499": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812249241", - "tcp.options.timestamp.tsecr": "2523499" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "55", - "tcp.analysis.push_bytes_sent": "55" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "50", - "ssl.app_data": "34:cd:34:17:47:48:0e:88:96:ac:7f:85:97:4f:37:23:2e:46:57:87:6e:42:12:56:72:fe:ce:65:c7:ac:12:e7:5a:5a:3d:1b:76:5a:4c:fb:27:3d:32:a4:1b:8d:a7:79:f0:16" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:20.595808000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494780.595808000", - "frame.time_delta": "0.000425000", - "frame.time_delta_displayed": "0.000425000", - "frame.time_relative": "1189.135122000", - "frame.number": "4361", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00009616", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007769", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "57495", - "tcp.ack": "12642", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00008f98", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:81:71:a7:9f:84:99", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2523505, TSecr 2812249241": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2523505", - "tcp.options.timestamp.tsecr": "2812249241" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4360", - "tcp.analysis.ack_rtt": "0.000425000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:20.632119000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494780.632119000", - "frame.time_delta": "0.036311000", - "frame.time_delta_displayed": "0.036311000", - "frame.time_relative": "1189.171433000", - "frame.number": "4362", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "68:37:e9:d2:26:0d", - "eth.dst_tree": { - "eth.dst_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00007af0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003bdb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.dst_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50000", - "udp.port": "1900", - "udp.port": "50000", - "udp.length": "314", - "udp.checksum": "0x00000f3f", - "udp.checksum.status": "2", - "udp.stream": "105" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "17", - "http.prev_response_in": "4358" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:20.684981000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494780.684981000", - "frame.time_delta": "0.052862000", - "frame.time_delta_displayed": "0.052862000", - "frame.time_relative": "1189.224295000", - "frame.number": "4363", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "68:37:e9:d2:26:0d", - "eth.dst_tree": { - "eth.dst_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00007af5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003bdc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.dst_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50000", - "udp.port": "1900", - "udp.port": "50000", - "udp.length": "308", - "udp.checksum": "0x000032c9", - "udp.checksum.status": "2", - "udp.stream": "105" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "18", - "http.prev_response_in": "4362" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:21.369400000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494781.369400000", - "frame.time_delta": "0.684419000", - "frame.time_delta_displayed": "0.684419000", - "frame.time_relative": "1189.908714000", - "frame.number": "4364", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "68:37:e9:d2:26:0d", - "eth.dst_tree": { - "eth.dst_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00007b11", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003bc3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.dst_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50000", - "udp.port": "1900", - "udp.port": "50000", - "udp.length": "305", - "udp.checksum": "0x00000154", - "udp.checksum.status": "2", - "udp.stream": "105" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "19", - "http.prev_response_in": "4363" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:21.422169000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494781.422169000", - "frame.time_delta": "0.052769000", - "frame.time_delta_displayed": "0.052769000", - "frame.time_relative": "1189.961483000", - "frame.number": "4365", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "68:37:e9:d2:26:0d", - "eth.dst_tree": { - "eth.dst_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00007b17", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003bb4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.dst_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50000", - "udp.port": "1900", - "udp.port": "50000", - "udp.length": "314", - "udp.checksum": "0x00000f3f", - "udp.checksum.status": "2", - "udp.stream": "105" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "20", - "http.prev_response_in": "4364" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:21.474931000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494781.474931000", - "frame.time_delta": "0.052762000", - "frame.time_delta_displayed": "0.052762000", - "frame.time_relative": "1190.014245000", - "frame.number": "4366", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "68:37:e9:d2:26:0d", - "eth.dst_tree": { - "eth.dst_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00007b19", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003bb8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.dst_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50000", - "udp.port": "1900", - "udp.port": "50000", - "udp.length": "308", - "udp.checksum": "0x000032c9", - "udp.checksum.status": "2", - "udp.stream": "105" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "21", - "http.prev_response_in": "4365" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:22.421454000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494782.421454000", - "frame.time_delta": "0.946523000", - "frame.time_delta_displayed": "0.946523000", - "frame.time_relative": "1190.960768000", - "frame.number": "4367", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "68:37:e9:d2:26:0d", - "eth.dst_tree": { - "eth.dst_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00007b4c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003b88", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.dst_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50000", - "udp.port": "1900", - "udp.port": "50000", - "udp.length": "305", - "udp.checksum": "0x00000154", - "udp.checksum.status": "2", - "udp.stream": "105" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "22", - "http.prev_response_in": "4366" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:22.474276000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494782.474276000", - "frame.time_delta": "0.052822000", - "frame.time_delta_displayed": "0.052822000", - "frame.time_relative": "1191.013590000", - "frame.number": "4368", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "68:37:e9:d2:26:0d", - "eth.dst_tree": { - "eth.dst_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00007b4d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003b7e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.dst_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50000", - "udp.port": "1900", - "udp.port": "50000", - "udp.length": "314", - "udp.checksum": "0x00000f3f", - "udp.checksum.status": "2", - "udp.stream": "105" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "23", - "http.prev_response_in": "4367" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:22.527130000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494782.527130000", - "frame.time_delta": "0.052854000", - "frame.time_delta_displayed": "0.052854000", - "frame.time_relative": "1191.066444000", - "frame.number": "4369", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "68:37:e9:d2:26:0d", - "eth.dst_tree": { - "eth.dst_resolved": "AmazonTe_d2:26:0d", - "eth.addr": "68:37:e9:d2:26:0d", - "eth.addr_resolved": "AmazonTe_d2:26:0d", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00007b4e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003b83", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.227", - "ip.addr": "192.168.0.227", - "ip.dst_host": "192.168.0.227", - "ip.host": "192.168.0.227", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50000", - "udp.port": "1900", - "udp.port": "50000", - "udp.length": "308", - "udp.checksum": "0x000032c9", - "udp.checksum.status": "2", - "udp.stream": "105" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "24", - "http.prev_response_in": "4368" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:24.909553000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494784.909553000", - "frame.time_delta": "2.382423000", - "frame.time_delta_displayed": "2.382423000", - "frame.time_relative": "1193.448867000", - "frame.number": "4370", - "frame.len": "318", - "frame.cap_len": "318", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:data-text-lines" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "304", - "ip.id": "0x0000454a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "47", - "ip.proto": "6", - "ip.checksum": "0x00004d7f", - "ip.checksum.status": "2", - "ip.src": "54.241.191.237", - "ip.addr": "54.241.191.237", - "ip.src_host": "54.241.191.237", - "ip.host": "54.241.191.237", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.src_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.src_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.src_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49771", - "tcp.port": "80", - "tcp.port": "49771", - "tcp.stream": "148", - "tcp.len": "264", - "tcp.seq": "1", - "tcp.nxtseq": "265", - "tcp.ack": "258", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "30016", - "tcp.window_size": "30016", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000f36c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.017148000", - "tcp.analysis.bytes_in_flight": "264", - "tcp.analysis.push_bytes_sent": "264" - } - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.date": "Wed, 01 Nov 2017 00:06:24 GMT", - "http.response.line": "Date: Wed, 01 Nov 2017 00:06:24 GMT\r\n", - "http.content_type": "text\/javascript; charset=\"UTF-8\"", - "http.response.line": "Content-Type: text\/javascript; charset=\"UTF-8\"\r\n", - "http.content_length_header": "24", - "http.content_length_header_tree": { - "http.content_length": "24" - }, - "http.response.line": "Content-Length: 24\r\n", - "http.connection": "keep-alive", - "http.response.line": "Connection: keep-alive\r\n", - "http.cache_control": "no-cache", - "http.response.line": "Cache-Control: no-cache\r\n", - "http.response.line": "Access-Control-Allow-Origin: *\r\n", - "http.response.line": "Access-Control-Allow-Methods: GET\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "230.948377000", - "http.request_in": "3728", - "http.file_data": "[[],\"15094945528362978\"]" - }, - "data-text-lines": { - "[[],\"15094945528362978\"]": "" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:24.915487000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494784.915487000", - "frame.time_delta": "0.005934000", - "frame.time_delta_displayed": "0.005934000", - "frame.time_relative": "1193.454801000", - "frame.number": "4371", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001043", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x0000f38d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.241.191.237", - "ip.addr": "54.241.191.237", - "ip.dst_host": "54.241.191.237", - "ip.host": "54.241.191.237", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49771", - "tcp.dstport": "80", - "tcp.port": "49771", - "tcp.port": "80", - "tcp.stream": "148", - "tcp.len": "0", - "tcp.seq": "258", - "tcp.ack": "265", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5336", - "tcp.window_size": "5336", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x000044ed", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4370", - "tcp.analysis.ack_rtt": "0.005934000", - "tcp.analysis.initial_rtt": "0.017148000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:24.943446000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494784.943446000", - "frame.time_delta": "0.027959000", - "frame.time_delta_displayed": "0.027959000", - "frame.time_relative": "1193.482760000", - "frame.number": "4372", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001044", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x0000f38c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.241.191.237", - "ip.addr": "54.241.191.237", - "ip.dst_host": "54.241.191.237", - "ip.host": "54.241.191.237", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49771", - "tcp.dstport": "80", - "tcp.port": "49771", - "tcp.port": "80", - "tcp.stream": "148", - "tcp.len": "0", - "tcp.seq": "258", - "tcp.ack": "265", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "5336", - "tcp.window_size": "5336", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x000044ec", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:24.955264000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494784.955264000", - "frame.time_delta": "0.011818000", - "frame.time_delta_displayed": "0.011818000", - "frame.time_relative": "1193.494578000", - "frame.number": "4373", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000454b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "47", - "ip.proto": "6", - "ip.checksum": "0x00004e86", - "ip.checksum.status": "2", - "ip.src": "54.241.191.237", - "ip.addr": "54.241.191.237", - "ip.src_host": "54.241.191.237", - "ip.host": "54.241.191.237", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.src_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.src_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.src_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49771", - "tcp.port": "80", - "tcp.port": "49771", - "tcp.stream": "148", - "tcp.len": "0", - "tcp.seq": "265", - "tcp.ack": "259", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "30016", - "tcp.window_size": "30016", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000e482", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4372", - "tcp.analysis.ack_rtt": "0.011818000", - "tcp.analysis.initial_rtt": "0.017148000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:24.962531000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494784.962531000", - "frame.time_delta": "0.007267000", - "frame.time_delta_displayed": "0.007267000", - "frame.time_relative": "1193.501845000", - "frame.number": "4374", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001045", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x0000f38b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.241.191.237", - "ip.addr": "54.241.191.237", - "ip.dst_host": "54.241.191.237", - "ip.host": "54.241.191.237", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49771", - "tcp.dstport": "80", - "tcp.port": "49771", - "tcp.port": "80", - "tcp.stream": "148", - "tcp.len": "0", - "tcp.seq": "259", - "tcp.ack": "266", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5335", - "tcp.window_size": "5335", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x000044ec", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4373", - "tcp.analysis.ack_rtt": "0.007267000", - "tcp.analysis.initial_rtt": "0.017148000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:25.950205000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494785.950205000", - "frame.time_delta": "0.987674000", - "frame.time_delta_displayed": "0.987674000", - "frame.time_relative": "1194.489519000", - "frame.number": "4375", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "44", - "ip.id": "0x00001046", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x0000f386", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.241.191.237", - "ip.addr": "54.241.191.237", - "ip.dst_host": "54.241.191.237", - "ip.host": "54.241.191.237", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49775", - "tcp.dstport": "80", - "tcp.port": "49775", - "tcp.port": "80", - "tcp.stream": "170", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "24", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "5600", - "tcp.window_size": "5600", - "tcp.checksum": "0x0000eeea", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:78", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1400" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:25.962824000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494785.962824000", - "frame.time_delta": "0.012619000", - "frame.time_delta_displayed": "0.012619000", - "frame.time_relative": "1194.502138000", - "frame.number": "4376", - "frame.len": "58", - "frame.cap_len": "58", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "44", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "46", - "ip.proto": "6", - "ip.checksum": "0x000094cd", - "ip.checksum.status": "2", - "ip.src": "54.241.191.237", - "ip.addr": "54.241.191.237", - "ip.src_host": "54.241.191.237", - "ip.host": "54.241.191.237", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.src_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.src_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.src_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49775", - "tcp.port": "80", - "tcp.port": "49775", - "tcp.stream": "170", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "24", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00006d54", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4375", - "tcp.analysis.ack_rtt": "0.012619000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:25.968834000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494785.968834000", - "frame.time_delta": "0.006010000", - "frame.time_delta_displayed": "0.006010000", - "frame.time_relative": "1194.508148000", - "frame.number": "4377", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001047", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x0000f389", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.241.191.237", - "ip.addr": "54.241.191.237", - "ip.dst_host": "54.241.191.237", - "ip.host": "54.241.191.237", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49775", - "tcp.dstport": "80", - "tcp.port": "49775", - "tcp.port": "80", - "tcp.stream": "170", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5600", - "tcp.window_size": "5600", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000e141", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4376", - "tcp.analysis.ack_rtt": "0.006010000", - "tcp.analysis.initial_rtt": "0.018629000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:25.987365000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494785.987365000", - "frame.time_delta": "0.018531000", - "frame.time_delta_displayed": "0.018531000", - "frame.time_relative": "1194.526679000", - "frame.number": "4378", - "frame.len": "69", - "frame.cap_len": "69", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "55", - "ip.id": "0x00001048", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x0000f379", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.241.191.237", - "ip.addr": "54.241.191.237", - "ip.dst_host": "54.241.191.237", - "ip.host": "54.241.191.237", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49775", - "tcp.dstport": "80", - "tcp.port": "49775", - "tcp.port": "80", - "tcp.stream": "170", - "tcp.len": "15", - "tcp.seq": "1", - "tcp.nxtseq": "16", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5600", - "tcp.window_size": "5600", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x000029bd", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.018629000", - "tcp.analysis.bytes_in_flight": "15", - "tcp.analysis.push_bytes_sent": "15" - }, - "tcp.segment_data": "47:45:54:20:2f:73:75:62:73:63:72:69:62:65:2f" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:26.000044000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494786.000044000", - "frame.time_delta": "0.012679000", - "frame.time_delta_displayed": "0.012679000", - "frame.time_relative": "1194.539358000", - "frame.number": "4379", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00003b07", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "46", - "ip.proto": "6", - "ip.checksum": "0x000059ca", - "ip.checksum.status": "2", - "ip.src": "54.241.191.237", - "ip.addr": "54.241.191.237", - "ip.src_host": "54.241.191.237", - "ip.host": "54.241.191.237", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.src_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.src_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.src_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49775", - "tcp.port": "80", - "tcp.port": "49775", - "tcp.stream": "170", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "16", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00008502", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4378", - "tcp.analysis.ack_rtt": "0.012679000", - "tcp.analysis.initial_rtt": "0.018629000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:26.005858000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494786.005858000", - "frame.time_delta": "0.005814000", - "frame.time_delta_displayed": "0.005814000", - "frame.time_relative": "1194.545172000", - "frame.number": "4380", - "frame.len": "296", - "frame.cap_len": "296", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "282", - "ip.id": "0x00001049", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x0000f295", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.241.191.237", - "ip.addr": "54.241.191.237", - "ip.dst_host": "54.241.191.237", - "ip.host": "54.241.191.237", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49775", - "tcp.dstport": "80", - "tcp.port": "49775", - "tcp.port": "80", - "tcp.stream": "170", - "tcp.len": "242", - "tcp.seq": "16", - "tcp.nxtseq": "258", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5600", - "tcp.window_size": "5600", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00006050", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.018629000", - "tcp.analysis.bytes_in_flight": "242", - "tcp.analysis.push_bytes_sent": "242" - }, - "tcp.segment_data": "73:75:62:2d:63:2d:62:35:62:35:65:61:61:65:2d:38:63:64:39:2d:31:31:65:33:2d:61:35:36:62:2d:30:32:65:65:32:64:64:61:62:37:66:65:2f:63:68:61:6e:6e:65:6c:5f:39:62:63:34:31:61:63:34:2d:37:39:61:36:2d:34:35:65:31:2d:39:37:64:32:2d:34:62:30:65:31:64:62:65:35:39:32:33:2f:30:2f:31:35:30:39:34:39:34:35:35:32:38:33:36:32:39:37:38:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:70:75:62:73:75:62:2e:70:75:62:6e:75:62:2e:63:6f:6d:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:6c:77:73:6f:63:6b:65:74:73:2f:30:2e:31:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:6b:65:65:70:2d:61:6c:69:76:65:0d:0a:43:61:63:68:65:2d:43:6f:6e:74:72:6f:6c:3a:20:6e:6f:2d:63:61:63:68:65:2c:20:6e:6f:2d:73:74:6f:72:65:2c:20:6d:61:78:2d:61:67:65:3d:30:0d:0a:0d:0a" - }, - "tcp.segments": { - "tcp.segment": "4378", - "tcp.segment": "4380", - "tcp.segment.count": "2", - "tcp.reassembled.length": "257", - "tcp.reassembled.data": "47:45:54:20:2f:73:75:62:73:63:72:69:62:65:2f:73:75:62:2d:63:2d:62:35:62:35:65:61:61:65:2d:38:63:64:39:2d:31:31:65:33:2d:61:35:36:62:2d:30:32:65:65:32:64:64:61:62:37:66:65:2f:63:68:61:6e:6e:65:6c:5f:39:62:63:34:31:61:63:34:2d:37:39:61:36:2d:34:35:65:31:2d:39:37:64:32:2d:34:62:30:65:31:64:62:65:35:39:32:33:2f:30:2f:31:35:30:39:34:39:34:35:35:32:38:33:36:32:39:37:38:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:70:75:62:73:75:62:2e:70:75:62:6e:75:62:2e:63:6f:6d:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:6c:77:73:6f:63:6b:65:74:73:2f:30:2e:31:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:6b:65:65:70:2d:61:6c:69:76:65:0d:0a:43:61:63:68:65:2d:43:6f:6e:74:72:6f:6c:3a:20:6e:6f:2d:63:61:63:68:65:2c:20:6e:6f:2d:73:74:6f:72:65:2c:20:6d:61:78:2d:61:67:65:3d:30:0d:0a:0d:0a" - }, - "http": { - "GET \/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094945528362978 HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094945528362978 HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094945528362978", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "pubsub.pubnub.com", - "http.request.line": "Host: pubsub.pubnub.com\r\n", - "http.user_agent": "lwsockets\/0.1", - "http.request.line": "User-Agent: lwsockets\/0.1\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.cache_control": "no-cache, no-store, max-age=0", - "http.request.line": "Cache-Control: no-cache, no-store, max-age=0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/pubsub.pubnub.com\/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094945528362978", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:26.019819000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494786.019819000", - "frame.time_delta": "0.013961000", - "frame.time_delta_displayed": "0.013961000", - "frame.time_relative": "1194.559133000", - "frame.number": "4381", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00003b08", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "46", - "ip.proto": "6", - "ip.checksum": "0x000059c9", - "ip.checksum.status": "2", - "ip.src": "54.241.191.237", - "ip.addr": "54.241.191.237", - "ip.src_host": "54.241.191.237", - "ip.host": "54.241.191.237", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.src_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.src_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.src_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49775", - "tcp.port": "80", - "tcp.port": "49775", - "tcp.stream": "170", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "258", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "30016", - "tcp.window_size": "30016", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x000080e0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4380", - "tcp.analysis.ack_rtt": "0.013961000", - "tcp.analysis.initial_rtt": "0.018629000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:27.026427000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494787.026427000", - "frame.time_delta": "1.006608000", - "frame.time_delta_displayed": "1.006608000", - "frame.time_relative": "1195.565741000", - "frame.number": "4382", - "frame.len": "412", - "frame.cap_len": "412", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "398", - "ip.id": "0x00009617", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000760e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "346", - "tcp.seq": "57495", - "tcp.nxtseq": "57841", - "tcp.ack": "12642", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000035b6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:83:f4:a7:9f:84:99", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2524148, TSecr 2812249241": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2524148", - "tcp.options.timestamp.tsecr": "2812249241" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "346", - "tcp.analysis.push_bytes_sent": "346" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "341", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:cd:68:19:de:fb:5d:34:5f:b9:92:2a:d1:dd:8a:40:99:c1:9b:65:30:43:a5:4d:be:f4:ae:41:f1:c6:10:4d:2a:f6:3a:ce:e3:8c:cd:50:cf:9c:e9:b6:f4:b9:ad:93:2f:1e:e6:a0:12:ad:5c:1a:fe:10:7d:83:0d:6e:97:12:56:48:45:17:11:fb:65:b0:13:fd:33:a0:18:5b:1c:a7:08:4f:11:81:e6:40:f8:c3:b9:20:d6:1b:96:4b:d9:86:6a:18:5c:03:1a:06:e3:c5:bb:43:4b:2e:16:61:79:0e:91:76:73:35:36:85:a4:e7:ce:11:4d:2e:a9:e5:1a:24:71:6a:b4:01:a1:09:f4:4e:13:7d:a8:d8:0d:16:23:65:50:c9:92:b0:08:9a:9b:0d:da:ee:eb:06:5a:f9:ee:1b:53:6b:aa:cb:22:e6:f4:62:1a:00:99:1c:d4:8f:ed:80:0d:ab:ad:d9:21:1b:d4:cb:f2:32:36:bf:3b:02:e4:39:c2:a4:ba:76:b3:d0:fa:61:3a:b4:66:b9:23:de:c5:39:f8:e1:7f:d5:ab:17:5f:9a:e9:06:34:ce:fb:42:b4:11:d0:c2:4f:07:25:ff:d0:39:b8:eb:70:3b:aa:41:b5:6e:1e:a6:12:4b:12:d1:72:bd:fe:bc:9e:e0:31:f4:d9:0f:d2:4f:49:a8:68:47:6d:87:ab:e6:44:d3:4f:4c:aa:62:03:d9:46:5e:8c:1a:1a:3e:12:58:c9:47:66:25:b5:62:a9:e0:db:38:7c:0c:00:70:70:18:4d:25:7f:e3:d2:a2:12:dc:2e:93:60:2b:84:ad:73:99:ae:2d:81:5f:85:d0:0f:31:29:ae:2f:e8:6b:c0:cd:0b:a1:d0:dc:22:ad" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:27.087419000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494787.087419000", - "frame.time_delta": "0.060992000", - "frame.time_delta_displayed": "0.060992000", - "frame.time_relative": "1195.626733000", - "frame.number": "4383", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002d19", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003837", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "12642", - "tcp.nxtseq": "12689", - "tcp.ack": "57841", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00001e58", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9f:8a:f0:00:26:83:f4", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812250864, TSecr 2524148": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812250864", - "tcp.options.timestamp.tsecr": "2524148" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4382", - "tcp.analysis.ack_rtt": "0.060992000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:89:4f:2e:1f:5b:b5:5d:eb:99:2c:52:19:71:d1:8b:59:4c:22:ae:56:6c:b4:c4:37:55:ed:29:8d:74:ee:6f:ba:bc:f9:51" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:27.087841000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494787.087841000", - "frame.time_delta": "0.000422000", - "frame.time_delta_displayed": "0.000422000", - "frame.time_relative": "1195.627155000", - "frame.number": "4384", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00009618", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007767", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "57841", - "tcp.ack": "12689", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000852f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:83:fa:a7:9f:8a:f0", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2524154, TSecr 2812250864": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2524154", - "tcp.options.timestamp.tsecr": "2812250864" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4383", - "tcp.analysis.ack_rtt": "0.000422000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:27.571933000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494787.571933000", - "frame.time_delta": "0.484092000", - "frame.time_delta_displayed": "0.484092000", - "frame.time_relative": "1196.111247000", - "frame.number": "4385", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "50:c7:bf:59:d5:84", - "eth.src_tree": { - "eth.src_resolved": "Tp-LinkT_59:d5:84", - "eth.addr": "50:c7:bf:59:d5:84", - "eth.addr_resolved": "Tp-LinkT_59:d5:84", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "50:c7:bf:59:d5:84", - "arp.src.proto_ipv4": "192.168.0.221", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:27.633070000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494787.633070000", - "frame.time_delta": "0.061137000", - "frame.time_delta_displayed": "0.061137000", - "frame.time_relative": "1196.172384000", - "frame.number": "4386", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001e22", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b9ce", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000177e", - "udp.checksum.status": "2", - "udp.stream": "98" - }, - "mdns": { - "dns.id": "0x00000278", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=632", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:27.633613000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494787.633613000", - "frame.time_delta": "0.000543000", - "frame.time_delta_displayed": "0.000543000", - "frame.time_relative": "1196.172927000", - "frame.number": "4387", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001e23", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009ac9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f879", - "udp.checksum.status": "2", - "udp.stream": "99" - }, - "mdns": { - "dns.id": "0x00000278", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=632", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:27.634699000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494787.634699000", - "frame.time_delta": "0.001086000", - "frame.time_delta_displayed": "0.001086000", - "frame.time_relative": "1196.174013000", - "frame.number": "4388", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1322", - "udp.dstport": "5353", - "udp.port": "1322", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000863f", - "udp.checksum.status": "2", - "udp.stream": "100" - }, - "mdns": { - "dns.id": "0x00000278", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=632", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:28.852537000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494788.852537000", - "frame.time_delta": "1.217838000", - "frame.time_delta_displayed": "1.217838000", - "frame.time_relative": "1197.391851000", - "frame.number": "4389", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "3c:ef:8c:6f:79:5a", - "eth.src_tree": { - "eth.src_resolved": "Zhejiang_6f:79:5a", - "eth.addr": "3c:ef:8c:6f:79:5a", - "eth.addr_resolved": "Zhejiang_6f:79:5a", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.isgratuitous": "1", - "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", - "arp.src.proto_ipv4": "192.168.0.71", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.71" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:29.910698000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494789.910698000", - "frame.time_delta": "1.058161000", - "frame.time_delta_displayed": "1.058161000", - "frame.time_relative": "1198.450012000", - "frame.number": "4390", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.120" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:29.916405000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494789.916405000", - "frame.time_delta": "0.005707000", - "frame.time_delta_displayed": "0.005707000", - "frame.time_relative": "1198.455719000", - "frame.number": "4391", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "e4:95:6e:b0:20:39", - "arp.src.proto_ipv4": "192.168.0.120", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:32.635573000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494792.635573000", - "frame.time_delta": "2.719168000", - "frame.time_delta_displayed": "2.719168000", - "frame.time_relative": "1201.174887000", - "frame.number": "4392", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001e29", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b9c7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000177e", - "udp.checksum.status": "2", - "udp.stream": "98" - }, - "mdns": { - "dns.id": "0x00000278", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=632", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:32.709209000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494792.709209000", - "frame.time_delta": "0.073636000", - "frame.time_delta_displayed": "0.073636000", - "frame.time_relative": "1201.248523000", - "frame.number": "4393", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1322", - "udp.dstport": "5353", - "udp.port": "1322", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000863f", - "udp.checksum.status": "2", - "udp.stream": "100" - }, - "mdns": { - "dns.id": "0x00000278", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=632", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:32.710028000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494792.710028000", - "frame.time_delta": "0.000819000", - "frame.time_delta_displayed": "0.000819000", - "frame.time_relative": "1201.249342000", - "frame.number": "4394", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001e2a", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009ac2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f879", - "udp.checksum.status": "2", - "udp.stream": "99" - }, - "mdns": { - "dns.id": "0x00000278", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=632", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:36.588432000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494796.588432000", - "frame.time_delta": "3.878404000", - "frame.time_delta_displayed": "3.878404000", - "frame.time_relative": "1205.127746000", - "frame.number": "4395", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005d0e", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x00005adb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:37.635674000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494797.635674000", - "frame.time_delta": "1.047242000", - "frame.time_delta_displayed": "1.047242000", - "frame.time_relative": "1206.174988000", - "frame.number": "4396", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001e42", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b9ae", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000177e", - "udp.checksum.status": "2", - "udp.stream": "98" - }, - "mdns": { - "dns.id": "0x00000278", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=632", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:37.636228000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494797.636228000", - "frame.time_delta": "0.000554000", - "frame.time_delta_displayed": "0.000554000", - "frame.time_relative": "1206.175542000", - "frame.number": "4397", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001e43", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009aa9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f879", - "udp.checksum.status": "2", - "udp.stream": "99" - }, - "mdns": { - "dns.id": "0x00000278", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=632", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:37.636925000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494797.636925000", - "frame.time_delta": "0.000697000", - "frame.time_delta_displayed": "0.000697000", - "frame.time_relative": "1206.176239000", - "frame.number": "4398", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1322", - "udp.dstport": "5353", - "udp.port": "1322", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000863f", - "udp.checksum.status": "2", - "udp.stream": "100" - }, - "mdns": { - "dns.id": "0x00000278", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=632", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:38.872401000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494798.872401000", - "frame.time_delta": "1.235476000", - "frame.time_delta_displayed": "1.235476000", - "frame.time_relative": "1207.411715000", - "frame.number": "4399", - "frame.len": "136", - "frame.cap_len": "136", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "122", - "ip.id": "0x00005742", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00008217", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "102", - "udp.checksum": "0x0000302a", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000003", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", - "dns.qry.name.len": "70", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:44.779625000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494804.779625000", - "frame.time_delta": "5.907224000", - "frame.time_delta_displayed": "5.907224000", - "frame.time_relative": "1213.318939000", - "frame.number": "4400", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005808", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a689", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "4917", - "tcp.ack": "469", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f1b6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive": "", - "_ws.expert.message": "TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:44.922983000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494804.922983000", - "frame.time_delta": "0.143358000", - "frame.time_delta_displayed": "0.143358000", - "frame.time_relative": "1213.462297000", - "frame.number": "4401", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000ff1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fda0", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "469", - "tcp.ack": "4918", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000fc2b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive_ack": "", - "_ws.expert.message": "ACK to a TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:47.636212000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494807.636212000", - "frame.time_delta": "2.713229000", - "frame.time_delta_displayed": "2.713229000", - "frame.time_relative": "1216.175526000", - "frame.number": "4402", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001e44", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b9ac", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000167d", - "udp.checksum.status": "2", - "udp.stream": "98" - }, - "mdns": { - "dns.id": "0x00000279", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=633", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:47.636740000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494807.636740000", - "frame.time_delta": "0.000528000", - "frame.time_delta_displayed": "0.000528000", - "frame.time_relative": "1216.176054000", - "frame.number": "4403", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001e45", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009aa7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f778", - "udp.checksum.status": "2", - "udp.stream": "99" - }, - "mdns": { - "dns.id": "0x00000279", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=633", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:47.637343000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494807.637343000", - "frame.time_delta": "0.000603000", - "frame.time_delta_displayed": "0.000603000", - "frame.time_relative": "1216.176657000", - "frame.number": "4404", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1322", - "udp.dstport": "5353", - "udp.port": "1322", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000853e", - "udp.checksum.status": "2", - "udp.stream": "100" - }, - "mdns": { - "dns.id": "0x00000279", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=633", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:49.930719000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494809.930719000", - "frame.time_delta": "2.293376000", - "frame.time_delta_displayed": "2.293376000", - "frame.time_relative": "1218.470033000", - "frame.number": "4405", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.160" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:49.931116000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494809.931116000", - "frame.time_delta": "0.000397000", - "frame.time_delta_displayed": "0.000397000", - "frame.time_relative": "1218.470430000", - "frame.number": "4406", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "00:17:88:69:ee:e4", - "arp.src.proto_ipv4": "192.168.0.160", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:52.637068000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494812.637068000", - "frame.time_delta": "2.705952000", - "frame.time_delta_displayed": "2.705952000", - "frame.time_relative": "1221.176382000", - "frame.number": "4407", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001e4a", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b9a6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000167d", - "udp.checksum.status": "2", - "udp.stream": "98" - }, - "mdns": { - "dns.id": "0x00000279", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=633", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:52.637943000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494812.637943000", - "frame.time_delta": "0.000875000", - "frame.time_delta_displayed": "0.000875000", - "frame.time_relative": "1221.177257000", - "frame.number": "4408", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001e4b", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009aa1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f778", - "udp.checksum.status": "2", - "udp.stream": "99" - }, - "mdns": { - "dns.id": "0x00000279", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=633", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:52.638418000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494812.638418000", - "frame.time_delta": "0.000475000", - "frame.time_delta_displayed": "0.000475000", - "frame.time_relative": "1221.177732000", - "frame.number": "4409", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1322", - "udp.dstport": "5353", - "udp.port": "1322", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000853e", - "udp.checksum.status": "2", - "udp.stream": "100" - }, - "mdns": { - "dns.id": "0x00000279", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=633", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:54.110351000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494814.110351000", - "frame.time_delta": "1.471933000", - "frame.time_delta_displayed": "1.471933000", - "frame.time_relative": "1222.649665000", - "frame.number": "4410", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x0000dac1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ee95", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:54.163193000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494814.163193000", - "frame.time_delta": "0.052842000", - "frame.time_delta_displayed": "0.052842000", - "frame.time_relative": "1222.702507000", - "frame.number": "4411", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x0000dac4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ee92", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:54.216133000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494814.216133000", - "frame.time_delta": "0.052940000", - "frame.time_delta_displayed": "0.052940000", - "frame.time_relative": "1222.755447000", - "frame.number": "4412", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x0000dac6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ee87", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:54.269017000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494814.269017000", - "frame.time_delta": "0.052884000", - "frame.time_delta_displayed": "0.052884000", - "frame.time_relative": "1222.808331000", - "frame.number": "4413", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x0000dac7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ee86", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:54.321837000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494814.321837000", - "frame.time_delta": "0.052820000", - "frame.time_delta_displayed": "0.052820000", - "frame.time_relative": "1222.861151000", - "frame.number": "4414", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x0000dacc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ee87", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:54.374478000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494814.374478000", - "frame.time_delta": "0.052641000", - "frame.time_delta_displayed": "0.052641000", - "frame.time_relative": "1222.913792000", - "frame.number": "4415", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x0000dacf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ee84", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:55.354537000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494815.354537000", - "frame.time_delta": "0.980059000", - "frame.time_delta_displayed": "0.980059000", - "frame.time_relative": "1223.893851000", - "frame.number": "4416", - "frame.len": "80", - "frame.cap_len": "80", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "66", - "ip.id": "0x00000b64", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ed5e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "46", - "udp.checksum": "0x00006438", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "26:00:00:54:42:52:4b:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:00:c4:28:e4:42:89:cd:f2:14:6f:00:00:00:46:0c", - "data.len": "38" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:57.678875000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494817.678875000", - "frame.time_delta": "2.324338000", - "frame.time_delta_displayed": "2.324338000", - "frame.time_relative": "1226.218189000", - "frame.number": "4417", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001e53", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009a99", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f778", - "udp.checksum.status": "2", - "udp.stream": "99" - }, - "mdns": { - "dns.id": "0x00000279", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=633", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:57.679052000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494817.679052000", - "frame.time_delta": "0.000177000", - "frame.time_delta_displayed": "0.000177000", - "frame.time_relative": "1226.218366000", - "frame.number": "4418", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001e52", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b99e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000167d", - "udp.checksum.status": "2", - "udp.stream": "98" - }, - "mdns": { - "dns.id": "0x00000279", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=633", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:57.679202000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494817.679202000", - "frame.time_delta": "0.000150000", - "frame.time_delta_displayed": "0.000150000", - "frame.time_relative": "1226.218516000", - "frame.number": "4419", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1322", - "udp.dstport": "5353", - "udp.port": "1322", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000853e", - "udp.checksum.status": "2", - "udp.stream": "100" - }, - "mdns": { - "dns.id": "0x00000279", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=633", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:58.093497000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494818.093497000", - "frame.time_delta": "0.414295000", - "frame.time_delta_displayed": "0.414295000", - "frame.time_relative": "1226.632811000", - "frame.number": "4420", - "frame.len": "115", - "frame.cap_len": "115", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "101", - "ip.id": "0x00009619", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007735", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "49", - "tcp.seq": "57841", - "tcp.nxtseq": "57890", - "tcp.ack": "12689", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000018b4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:90:17:a7:9f:8a:f0", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2527255, TSecr 2812250864": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2527255", - "tcp.options.timestamp.tsecr": "2812250864" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "49", - "tcp.analysis.push_bytes_sent": "49" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "44", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:ce:7a:3e:29:55:aa:52:ef:a0:5a:2b:89:dc:9e:43:07:fd:e5:fa:51:76:ff:df:18:84:fc:c6:ae:7a:6d:44:b5:40:d1:fe:4d:25" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:58.154263000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494818.154263000", - "frame.time_delta": "0.060766000", - "frame.time_delta_displayed": "0.060766000", - "frame.time_relative": "1226.693577000", - "frame.number": "4421", - "frame.len": "121", - "frame.cap_len": "121", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "107", - "ip.id": "0x00002d1a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000382e", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "55", - "tcp.seq": "12689", - "tcp.nxtseq": "12744", - "tcp.ack": "57890", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000237d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9f:a9:46:00:26:90:17", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812258630, TSecr 2527255": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812258630", - "tcp.options.timestamp.tsecr": "2527255" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4420", - "tcp.analysis.ack_rtt": "0.060766000", - "tcp.analysis.bytes_in_flight": "55", - "tcp.analysis.push_bytes_sent": "55" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "50", - "ssl.app_data": "34:cd:34:17:47:48:0e:8a:f6:ff:46:43:ea:ee:fe:f6:22:1d:35:41:65:e8:6c:39:a2:38:1f:42:67:a5:31:3d:ef:51:38:3a:7e:4c:47:c2:b6:5f:af:07:25:c8:d4:78:03:eb" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:58.154770000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494818.154770000", - "frame.time_delta": "0.000507000", - "frame.time_delta_displayed": "0.000507000", - "frame.time_relative": "1226.694084000", - "frame.number": "4422", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000961a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007765", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "57890", - "tcp.ack": "12744", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00005a4e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:90:1d:a7:9f:a9:46", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2527261, TSecr 2812258630": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2527261", - "tcp.options.timestamp.tsecr": "2812258630" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4421", - "tcp.analysis.ack_rtt": "0.000507000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:06:58.962482000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494818.962482000", - "frame.time_delta": "0.807712000", - "frame.time_delta_displayed": "0.807712000", - "frame.time_relative": "1227.501796000", - "frame.number": "4423", - "frame.len": "136", - "frame.cap_len": "136", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "122", - "ip.id": "0x00005aa1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00007eb8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "102", - "udp.checksum": "0x0000302a", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000003", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", - "dns.qry.name.len": "70", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:03.160205000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494823.160205000", - "frame.time_delta": "4.197723000", - "frame.time_delta_displayed": "4.197723000", - "frame.time_relative": "1231.699519000", - "frame.number": "4424", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.242" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:03.160650000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494823.160650000", - "frame.time_delta": "0.000445000", - "frame.time_delta_displayed": "0.000445000", - "frame.time_relative": "1231.699964000", - "frame.number": "4425", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "d0:52:a8:a3:60:0f", - "arp.src.proto_ipv4": "192.168.0.242", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:06.590856000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494826.590856000", - "frame.time_delta": "3.430206000", - "frame.time_delta_displayed": "3.430206000", - "frame.time_relative": "1235.130170000", - "frame.number": "4426", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005d15", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x00005ad4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:07.406047000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494827.406047000", - "frame.time_delta": "0.815191000", - "frame.time_delta_displayed": "0.815191000", - "frame.time_relative": "1235.945361000", - "frame.number": "4427", - "frame.len": "130", - "frame.cap_len": "130", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "116", - "ip.id": "0x00000b66", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ed2a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "96", - "udp.checksum": "0x00008ac1", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:2d:44:91:20:11:8c:cd:f2:14:6b:00:00:00:78:27:e3:e3:14:2e:34:21:00:00:ff:ff:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", - "data.len": "88" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:07.637341000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494827.637341000", - "frame.time_delta": "0.231294000", - "frame.time_delta_displayed": "0.231294000", - "frame.time_relative": "1236.176655000", - "frame.number": "4428", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001e6b", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b985", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000157c", - "udp.checksum.status": "2", - "udp.stream": "98" - }, - "mdns": { - "dns.id": "0x0000027a", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=634", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:07.637877000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494827.637877000", - "frame.time_delta": "0.000536000", - "frame.time_delta_displayed": "0.000536000", - "frame.time_relative": "1236.177191000", - "frame.number": "4429", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001e6c", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009a80", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f677", - "udp.checksum.status": "2", - "udp.stream": "99" - }, - "mdns": { - "dns.id": "0x0000027a", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=634", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:07.638502000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494827.638502000", - "frame.time_delta": "0.000625000", - "frame.time_delta_displayed": "0.000625000", - "frame.time_relative": "1236.177816000", - "frame.number": "4430", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1322", - "udp.dstport": "5353", - "udp.port": "1322", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000843d", - "udp.checksum.status": "2", - "udp.stream": "100" - }, - "mdns": { - "dns.id": "0x0000027a", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=634", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:12.643891000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494832.643891000", - "frame.time_delta": "5.005389000", - "frame.time_delta_displayed": "5.005389000", - "frame.time_relative": "1241.183205000", - "frame.number": "4431", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001e81", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b96f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000157c", - "udp.checksum.status": "2", - "udp.stream": "98" - }, - "mdns": { - "dns.id": "0x0000027a", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=634", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:12.644277000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494832.644277000", - "frame.time_delta": "0.000386000", - "frame.time_delta_displayed": "0.000386000", - "frame.time_relative": "1241.183591000", - "frame.number": "4432", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001e82", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009a6a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f677", - "udp.checksum.status": "2", - "udp.stream": "99" - }, - "mdns": { - "dns.id": "0x0000027a", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=634", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:12.644685000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494832.644685000", - "frame.time_delta": "0.000408000", - "frame.time_delta_displayed": "0.000408000", - "frame.time_relative": "1241.183999000", - "frame.number": "4433", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1322", - "udp.dstport": "5353", - "udp.port": "1322", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000843d", - "udp.checksum.status": "2", - "udp.stream": "100" - }, - "mdns": { - "dns.id": "0x0000027a", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=634", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:14.919566000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494834.919566000", - "frame.time_delta": "2.274881000", - "frame.time_delta_displayed": "2.274881000", - "frame.time_relative": "1243.458880000", - "frame.number": "4434", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005809", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a688", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "4917", - "tcp.ack": "469", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f1b6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive": "", - "_ws.expert.message": "TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:15.062948000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494835.062948000", - "frame.time_delta": "0.143382000", - "frame.time_delta_displayed": "0.143382000", - "frame.time_relative": "1243.602262000", - "frame.number": "4435", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000ff2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fd9f", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "469", - "tcp.ack": "4918", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000fc2b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive_ack": "", - "_ws.expert.message": "ACK to a TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:17.638057000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494837.638057000", - "frame.time_delta": "2.575109000", - "frame.time_delta_displayed": "2.575109000", - "frame.time_relative": "1246.177371000", - "frame.number": "4436", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001e83", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b96d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000157c", - "udp.checksum.status": "2", - "udp.stream": "98" - }, - "mdns": { - "dns.id": "0x0000027a", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=634", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:17.638469000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494837.638469000", - "frame.time_delta": "0.000412000", - "frame.time_delta_displayed": "0.000412000", - "frame.time_relative": "1246.177783000", - "frame.number": "4437", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001e84", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009a68", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f677", - "udp.checksum.status": "2", - "udp.stream": "99" - }, - "mdns": { - "dns.id": "0x0000027a", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=634", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:17.639049000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494837.639049000", - "frame.time_delta": "0.000580000", - "frame.time_delta_displayed": "0.000580000", - "frame.time_relative": "1246.178363000", - "frame.number": "4438", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1322", - "udp.dstport": "5353", - "udp.port": "1322", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000843d", - "udp.checksum.status": "2", - "udp.stream": "100" - }, - "mdns": { - "dns.id": "0x0000027a", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=634", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:18.917677000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494838.917677000", - "frame.time_delta": "1.278628000", - "frame.time_delta_displayed": "1.278628000", - "frame.time_relative": "1247.456991000", - "frame.number": "4439", - "frame.len": "136", - "frame.cap_len": "136", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "122", - "ip.id": "0x00005e64", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00007af5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "102", - "udp.checksum": "0x0000302a", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000003", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", - "dns.qry.name.len": "70", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:19.790976000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494839.790976000", - "frame.time_delta": "0.873299000", - "frame.time_delta_displayed": "0.873299000", - "frame.time_relative": "1248.330290000", - "frame.number": "4440", - "frame.len": "20", - "frame.cap_len": "20", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:llc" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.len": "6" - }, - "llc": { - "llc.dsap": "0x00000000", - "llc.dsap_tree": { - "llc.dsap.sap": "0", - "llc.dsap.ig": "0" - }, - "llc.ssap": "0x00000001", - "llc.ssap_tree": { - "llc.ssap.sap": "0", - "llc.ssap.cr": "1" - }, - "llc.control": "0x000000af", - "llc.control_tree": { - "llc.control.u_modifier_resp": "0x0000002b", - "llc.control.ftype": "0x00000003" - } - }, - "basicxid": { - "basicxid.llc.xid.format": "0x00000081", - "basicxid.llc.xid.types": "0x00000001", - "basicxid.llc.xid.wsize": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:20.043359000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494840.043359000", - "frame.time_delta": "0.252383000", - "frame.time_delta_displayed": "0.252383000", - "frame.time_relative": "1248.582673000", - "frame.number": "4441", - "frame.len": "350", - "frame.cap_len": "350", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:bootp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "336", - "ip.id": "0x00000000", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ba9d", - "ip.checksum.status": "2", - "ip.src": "0.0.0.0", - "ip.addr": "0.0.0.0", - "ip.src_host": "0.0.0.0", - "ip.host": "0.0.0.0", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "68", - "udp.dstport": "67", - "udp.port": "68", - "udp.port": "67", - "udp.length": "316", - "udp.checksum": "0x00004f9e", - "udp.checksum.status": "2", - "udp.stream": "3" - }, - "bootp": { - "bootp.type": "1", - "bootp.hw.type": "0x00000001", - "bootp.hw.len": "6", - "bootp.hops": "0", - "bootp.id": "0xabcd0001", - "bootp.secs": "0", - "bootp.flags": "0x00000000", - "bootp.flags_tree": { - "bootp.flags.bc": "0", - "bootp.flags.reserved": "0x00000000" - }, - "bootp.ip.client": "0.0.0.0", - "bootp.ip.your": "0.0.0.0", - "bootp.ip.server": "0.0.0.0", - "bootp.ip.relay": "0.0.0.0", - "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", - "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", - "bootp.server": "", - "bootp.file": "", - "bootp.dhcp": "1", - "bootp.cookie": "99.130.83.99", - "bootp.option.type": "53", - "bootp.option.type_tree": { - "bootp.option.length": "1", - "bootp.option.value": "01", - "bootp.option.dhcp": "1" - }, - "bootp.option.type": "12", - "bootp.option.type_tree": { - "bootp.option.length": "14", - "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", - "bootp.option.hostname": "USR-WIFI232-G2" - }, - "bootp.option.type": "57", - "bootp.option.type_tree": { - "bootp.option.length": "2", - "bootp.option.value": "05:dc", - "bootp.option.dhcp_max_message_size": "1500" - }, - "bootp.option.type": "55", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "01:03:1c:06", - "bootp.option.request_list_item": "1", - "bootp.option.request_list_item": "3", - "bootp.option.request_list_item": "28", - "bootp.option.request_list_item": "6" - }, - "bootp.option.type": "0", - "bootp.option.type_tree": { - "bootp.option.end": "255" - }, - "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:20.070170000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494840.070170000", - "frame.time_delta": "0.026811000", - "frame.time_delta_displayed": "0.026811000", - "frame.time_relative": "1248.609484000", - "frame.number": "4442", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.160" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:20.070571000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494840.070571000", - "frame.time_delta": "0.000401000", - "frame.time_delta_displayed": "0.000401000", - "frame.time_relative": "1248.609885000", - "frame.number": "4443", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "00:17:88:69:ee:e4", - "arp.src.proto_ipv4": "192.168.0.160", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:20.082953000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494840.082953000", - "frame.time_delta": "0.012382000", - "frame.time_delta_displayed": "0.012382000", - "frame.time_relative": "1248.622267000", - "frame.number": "4444", - "frame.len": "350", - "frame.cap_len": "350", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:bootp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "336", - "ip.id": "0x00000001", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ba9c", - "ip.checksum.status": "2", - "ip.src": "0.0.0.0", - "ip.addr": "0.0.0.0", - "ip.src_host": "0.0.0.0", - "ip.host": "0.0.0.0", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "68", - "udp.dstport": "67", - "udp.port": "68", - "udp.port": "67", - "udp.length": "316", - "udp.checksum": "0x000080b3", - "udp.checksum.status": "2", - "udp.stream": "3" - }, - "bootp": { - "bootp.type": "1", - "bootp.hw.type": "0x00000001", - "bootp.hw.len": "6", - "bootp.hops": "0", - "bootp.id": "0xabcd0002", - "bootp.secs": "0", - "bootp.flags": "0x00000000", - "bootp.flags_tree": { - "bootp.flags.bc": "0", - "bootp.flags.reserved": "0x00000000" - }, - "bootp.ip.client": "0.0.0.0", - "bootp.ip.your": "0.0.0.0", - "bootp.ip.server": "0.0.0.0", - "bootp.ip.relay": "0.0.0.0", - "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", - "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", - "bootp.server": "", - "bootp.file": "", - "bootp.dhcp": "1", - "bootp.cookie": "99.130.83.99", - "bootp.option.type": "53", - "bootp.option.type_tree": { - "bootp.option.length": "1", - "bootp.option.value": "03", - "bootp.option.dhcp": "3" - }, - "bootp.option.type": "12", - "bootp.option.type_tree": { - "bootp.option.length": "14", - "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", - "bootp.option.hostname": "USR-WIFI232-G2" - }, - "bootp.option.type": "57", - "bootp.option.type_tree": { - "bootp.option.length": "2", - "bootp.option.value": "05:dc", - "bootp.option.dhcp_max_message_size": "1500" - }, - "bootp.option.type": "50", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "c0:a8:00:72", - "bootp.option.requested_ip_address": "192.168.0.114" - }, - "bootp.option.type": "54", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "c0:a8:00:01", - "bootp.option.dhcp_server_id": "192.168.0.1" - }, - "bootp.option.type": "55", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "01:03:1c:06", - "bootp.option.request_list_item": "1", - "bootp.option.request_list_item": "3", - "bootp.option.request_list_item": "28", - "bootp.option.request_list_item": "6" - }, - "bootp.option.type": "0", - "bootp.option.type_tree": { - "bootp.option.end": "255" - }, - "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:20.097710000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494840.097710000", - "frame.time_delta": "0.014757000", - "frame.time_delta_displayed": "0.014757000", - "frame.time_relative": "1248.637024000", - "frame.number": "4445", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", - "arp.src.proto_ipv4": "0.0.0.0", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.114" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:20.458693000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494840.458693000", - "frame.time_delta": "0.360983000", - "frame.time_delta_displayed": "0.360983000", - "frame.time_relative": "1248.998007000", - "frame.number": "4446", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", - "arp.src.proto_ipv4": "0.0.0.0", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.114" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:25.174638000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494845.174638000", - "frame.time_delta": "4.715945000", - "frame.time_delta_displayed": "4.715945000", - "frame.time_relative": "1253.713952000", - "frame.number": "4447", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", - "arp.src.proto_ipv4": "192.168.0.114", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:26.131853000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494846.131853000", - "frame.time_delta": "0.957215000", - "frame.time_delta_displayed": "0.957215000", - "frame.time_relative": "1254.671167000", - "frame.number": "4448", - "frame.len": "264", - "frame.cap_len": "264", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "250", - "ip.id": "0x00002d1b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000379e", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "198", - "tcp.seq": "12744", - "tcp.nxtseq": "12942", - "tcp.ack": "57890", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00009e9d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9f:c4:99:00:26:90:1d", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812265625, TSecr 2527261": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812265625", - "tcp.options.timestamp.tsecr": "2527261" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "198", - "tcp.analysis.push_bytes_sent": "198" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "193", - "ssl.app_data": "34:cd:34:17:47:48:0e:8b:c5:ce:37:49:44:e1:fa:ec:ee:c7:79:8d:38:c4:bd:b4:dc:98:fe:28:96:0b:3a:b4:95:e8:b0:34:53:8c:58:2d:13:2d:76:e4:9a:bc:b9:b5:5e:66:7b:a1:d5:b5:7b:7c:b9:7a:cb:43:05:e3:e8:ca:3d:2d:a6:54:2b:07:fd:88:6e:7c:2f:36:31:44:15:28:95:8a:3c:fa:f9:ab:9e:fc:52:c3:77:e0:32:12:d7:e8:91:b5:b7:fc:29:8e:d4:ea:6a:a3:eb:8c:67:b2:27:e6:3c:23:8d:4b:07:80:76:e6:38:04:fe:85:3d:f3:ed:14:56:81:f6:93:3a:3c:b7:b2:a6:80:ae:e4:67:ee:3d:b1:68:df:06:93:bc:d9:3b:0e:ce:09:56:a3:c6:66:5c:57:63:08:37:ad:37:71:9d:99:a5:a1:2f:c3:97:48:6e:74:cf:1e:95:28:6f:cf:25:b7:73:5f:9d:f2:9e:05:4f:a5:d2" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:26.132338000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494846.132338000", - "frame.time_delta": "0.000485000", - "frame.time_delta_displayed": "0.000485000", - "frame.time_relative": "1254.671652000", - "frame.number": "4449", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000961b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007764", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "57890", - "tcp.ack": "12942", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00003347", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:9b:0b:a7:9f:c4:99", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2530059, TSecr 2812265625": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2530059", - "tcp.options.timestamp.tsecr": "2812265625" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4448", - "tcp.analysis.ack_rtt": "0.000485000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:26.140612000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494846.140612000", - "frame.time_delta": "0.008274000", - "frame.time_delta_displayed": "0.008274000", - "frame.time_relative": "1254.679926000", - "frame.number": "4450", - "frame.len": "119", - "frame.cap_len": "119", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "105", - "ip.id": "0x0000961c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000772e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "53", - "tcp.seq": "57890", - "tcp.nxtseq": "57943", - "tcp.ack": "12942", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000039b5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:9b:0c:a7:9f:c4:99", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2530060, TSecr 2812265625": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2530060", - "tcp.options.timestamp.tsecr": "2812265625" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "53", - "tcp.analysis.push_bytes_sent": "53" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "48", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:cf:bc:a3:a8:49:a7:3c:c5:1e:94:d4:17:65:c1:17:98:4b:80:e2:6c:de:75:29:3c:7d:6a:dd:8a:55:ae:21:e7:c0:de:08:d5:46:c9:1d:b5:53" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:26.238302000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494846.238302000", - "frame.time_delta": "0.097690000", - "frame.time_delta_displayed": "0.097690000", - "frame.time_relative": "1254.777616000", - "frame.number": "4451", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d1c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003863", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "12942", - "tcp.ack": "57943", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000033e5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9f:c4:b4:00:26:9b:0c", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812265652, TSecr 2530060": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812265652", - "tcp.options.timestamp.tsecr": "2530060" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4450", - "tcp.analysis.ack_rtt": "0.097690000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:26.238909000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494846.238909000", - "frame.time_delta": "0.000607000", - "frame.time_delta_displayed": "0.000607000", - "frame.time_relative": "1254.778223000", - "frame.number": "4452", - "frame.len": "1440", - "frame.cap_len": "1440", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1426", - "ip.id": "0x0000961d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007204", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "1374", - "tcp.seq": "57943", - "tcp.nxtseq": "59317", - "tcp.ack": "12942", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00002286", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:9b:16:a7:9f:c4:b4", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2530070, TSecr 2812265652": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2530070", - "tcp.options.timestamp.tsecr": "2812265652" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "1374", - "tcp.analysis.push_bytes_sent": "1374" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:d0:21:9f:45:5e:67:02:f1:e1:a1:b6:b4:c3:d0:19:99:6a:d0:6b:6e:0f:67:91:53:16:40:57:5b:2c:c6:80:34:2e:35:aa:b9:38:98:48:19:2a:7f" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "96", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:d1:16:af:2d:6c:b0:a9:ba:a0:ca:48:95:7f:06:3f:ba:e8:b8:71:75:6a:e3:fd:3c:01:ff:30:aa:6b:e8:ba:f4:d5:f4:6f:90:f6:20:07:e1:84:d0:3c:03:7b:85:b3:d8:69:34:6d:18:7c:e3:ae:24:56:02:6c:7d:7d:2e:56:ac:7f:52:cc:47:de:62:75:2c:6e:dd:e3:2c:f0:11:c5:cf:9d:ba:f9:3a:85:37:12:a3:e7" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "1078", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:d2:d1:00:5d:cb:52:9d:6e:28:cd:cd:a6:4d:9f:35:be:0a:02:e2:b0:eb:7d:3e:79:c1:22:79:bf:01:e1:3e:7f:b0:e9:d8:26:7f:b5:bd:43:90:58:49:7e:3f:28:7e:86:de:ab:72:f4:89:06:3d:22:34:a4:89:c5:90:5f:86:b1:60:6c:a9:0e:f9:60:af:04:3c:53:42:ba:52:41:ae:af:a0:b1:11:54:d7:b2:ca:3e:f6:f8:14:d9:50:97:d4:1a:c5:5f:15:f0:66:bf:6a:2d:bb:01:2a:28:21:a7:89:04:6a:fa:b7:12:7e:34:97:e8:96:4e:6d:5b:bf:6e:b1:58:b6:59:6c:04:65:74:3f:79:ed:aa:2e:63:5f:93:af:1f:e2:de:b2:68:84:b8:01:e8:7b:ed:d6:f4:92:bc:29:fd:a4:d8:fd:c7:06:4e:12:80:b7:b1:76:f3:3c:0d:da:9e:ca:6d:de:1b:a2:36:2b:b4:f5:d5:66:ca:46:8b:ed:38:11:8d:fb:c4:42:89:8f:84:09:3d:72:5d:e3:65:dc:8d:a3:7f:2f:ed:bd:0e:f6:10:1f:80:46:e2:f9:99:b1:c0:5c:60:6f:72:02:31:87:28:0b:90:86:3a:1a:9b:65:44:e7:1f:d9:8c:73:eb:ba:eb:f3:fc:9b:27:f2:5e:51:78:83:5e:ad:56:ac:6b:1c:98:6a:f8:1c:95:31:79:3d:c6:9c:39:16:ce:31:88:66:b7:a1:af:c4:22:b1:df:5e:77:4f:fc:d7:79:d5:cf:c6:8a:1f:cd:31:ef:df:d0:dc:78:f2:44:43:5c:dc:56:90:3a:42:1e:31:a9:29:91:8d:80:f9:f4:21:23:10:2f:bc:9e:0c:b9:8f:9b:11:4e:fe:02:a7:06:9c:2b:55:98:fb:eb:29:28:d9:d1:5e:6e:5e:e6:d6:48:da:a3:88:a3:b6:07:9f:cc:28:3b:bc:f9:1d:23:90:8f:3c:37:5d:fe:d9:3e:89:33:76:21:18:f8:bb:31:21:48:3f:b9:29:51:4c:62:8d:4c:c1:5f:03:4c:d4:42:bc:6a:25:cf:16:9d:95:e6:13:f3:fe:80:c1:47:89:ed:a2:de:c5:54:cb:dd:d8:93:41:70:8d:fc:1c:09:8e:8e:82:fe:55:11:14:64:0a:17:a2:68:c9:d9:fb:ae:77:d5:33:5e:d3:91:df:ce:8b:10:6b:9f:d5:fc:21:d4:3d:a5:8c:b0:18:24:52:5f:74:da:28:23:46:95:f9:1c:89:f8:be:b6:af:d3:09:1e:53:b1:dc:52:c3:dc:83:9f:06:45:35:29:bc:bd:76:4f:c9:c1:3f:9e:bd:e1:76:4f:96:d1:03:16:38:6d:b2:ab:73:7a:30:b5:6f:a7:29:22:7b:95:47:ae:cd:00:68:aa:85:3d:d5:66:25:0d:02:ae:97:15:0b:55:f0:cc:fe:03:01:b3:c0:73:70:3b:f1:a0:10:a3:d8:18:ff:41:79:3d:8e:58:d7:e8:d5:e4:f2:f8:9e:78:ee:93:f1:c5:2b:8e:a1:c6:3c:f2:ac:1b:26:a0:a8:dc:f1:4f:a7:16:62:ae:a0:18:12:f2:e3:06:d8:80:25:7f:67:e8:65:cb:de:fb:11:71:04:d5:c7:dd:b5:eb:26:fe:d0:03:84:ca:30:04:4f:08:ec:06:c4:4f:07:c3:57:49:e0:39:8f:c1:61:c4:91:cc:40:f0:b6:5b:27:08:37:02:4b:7e:32:06:b1:f0:8d:b5:1a:cd:f7:77:c1:19:e8:4a:c1:4a:ea:2a:98:a0:39:12:8d:10:12:7c:e8:c1:12:f9:77:9c:a4:d8:e6:00:13:df:a6:24:10:b0:a9:28:6a:cc:ff:0e:8f:92:a9:32:e6:2f:a2:e0:f0:e5:e9:b1:42:19:c9:bc:6f:59:bd:21:7f:d3:c6:b2:04:01:a6:c3:e9:f3:ed:42:bb:f0:59:9b:95:30:78:b9:a6:2a:4a:cf:1b:44:2b:69:9e:5e:60:e1:f5:4e:2c:6c:6d:39:29:d4:85:06:74:be:2b:84:c3:e0:7e:cc:79:88:cb:bc:30:ee:6a:f7:df:8e:58:96:b8:2b:7d:be:f4:99:62:49:e4:28:20:2a:34:96:a5:90:70:5c:1b:4d:97:0f:f7:d3:ba:7e:19:2f:97:7f:a7:47:0f:ec:f8:d3:77:fe:2f:9f:5b:90:67:5e:cf:06:05:f1:39:bf:bc:3d:a2:cb:91:e1:5b:22:2a:ce:72:dc:09:b5:78:17:32:34:f1:77:04:54:bb:04:b5:98:0c:5b:36:3a:4c:1d:bd:21:9b:53:6b:b5:00:da:73:23:ad:be:af:64:ef:f5:6f:4e:bc:fb:a5:f6:8a:61:e0:f7:b5:8e:9d:d1:7d:57:85:94:41:bf:59:75:b6:52:85:e2:bc:21:51:07:c6:d1:3d:10:2f:29:05:75:bb:9a:bb:43:66:74:d3:22:0a:01:ce:db:07:be:64:e8:54:1e:c3:8b:e2:a5:4a:2b:8a:10:92:c3:a9:10:59:48:4f:0e:7d:38:9b:28:c4:9e:34:a1:25:8e:43:58:6f:2f:ae:f2:8d:43:e8:e0:d5:92:1c:ce:4e:ae:ce:03:6e:85:bd:ab:67:11:43:41:dd:19:6f:77:4b:88:61:c1:79:c1:17:25:46:2d:11:0f:9d:33:e6:b3:a9:4e:0b:9a:9a:56:01:42:8e:97:c9:f3:ed:7b:78:6f:47:a4:d4:b8:5d:65:15:6e:45:66:ff:eb:81:c8:56:fe:aa:e1:c7:49:d1:cb:40:2b:65:fe:04:4c:66:55:80:e4:a4:44:d8:cc:3e:c0:90:fd:e9" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "131", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:d3:1b:2d:75:89:fa:9d:71:4b:bc:a5:94:51:08:28:9f:97:4c:08:e7:05:98:1b:81:32:80:cc:8a:02:1d:82:4a:ff:b5:4e:1e:36:67:7b:43:a7:ff:57:2c:b3:70:31:6e:34:4e:65:ea:fa:66:92:7d:19:1d:47:b8:39:b3:fb:31:a1:3a:7c:3a:5f:05:64:f3:4c:87:19:22:7a:3a:81:4c:1a:52:78:20:45:47:1c:33:80:4d:01:a0:64:59:ed:dc:11:ed:66:c9:97:d3:28:9a:5a:6a:48:ab:7c:a1:07:79:9d:00:20:be:a2:05:9f:07:3f:42:f3:b2" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:26.299408000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494846.299408000", - "frame.time_delta": "0.060499000", - "frame.time_delta_displayed": "0.060499000", - "frame.time_relative": "1254.838722000", - "frame.number": "4453", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d1d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003862", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "12942", - "tcp.ack": "59317", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00002e6e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9f:c4:c3:00:26:9b:16", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812265667, TSecr 2530070": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812265667", - "tcp.options.timestamp.tsecr": "2530070" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4452", - "tcp.analysis.ack_rtt": "0.060499000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:26.565534000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494846.565534000", - "frame.time_delta": "0.266126000", - "frame.time_delta_displayed": "0.266126000", - "frame.time_relative": "1255.104848000", - "frame.number": "4454", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "106", - "ip.id": "0x0000961e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000772b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "54", - "tcp.seq": "59317", - "tcp.nxtseq": "59371", - "tcp.ack": "12942", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000e535", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:9b:36:a7:9f:c4:c3", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2530102, TSecr 2812265667": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2530102", - "tcp.options.timestamp.tsecr": "2812265667" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "54", - "tcp.analysis.push_bytes_sent": "54" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:d4:56:6b:96:3c:48:70:57:f9:2e:c0:d2:be:0b:4f:29:a2:8b:58:d2:ea:18:b9:4d:88:ef:74:91:de:4e:51:6c:b0:da:ac:2c:25:4c:83:e1:ba:d1" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:26.625685000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494846.625685000", - "frame.time_delta": "0.060151000", - "frame.time_delta_displayed": "0.060151000", - "frame.time_relative": "1255.164999000", - "frame.number": "4455", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d1e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003861", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "12942", - "tcp.ack": "59371", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00002dc7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9f:c5:14:00:26:9b:36", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812265748, TSecr 2530102": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812265748", - "tcp.options.timestamp.tsecr": "2530102" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4454", - "tcp.analysis.ack_rtt": "0.060151000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:27.028573000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494847.028573000", - "frame.time_delta": "0.402888000", - "frame.time_delta_displayed": "0.402888000", - "frame.time_relative": "1255.567887000", - "frame.number": "4456", - "frame.len": "83", - "frame.cap_len": "83", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "69", - "ip.id": "0x00006279", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00007715", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "49", - "udp.checksum": "0x0000edf6", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_smartthings._tcp.local", - "dns.qry.name.len": "23", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:27.035410000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494847.035410000", - "frame.time_delta": "0.006837000", - "frame.time_delta_displayed": "0.006837000", - "frame.time_relative": "1255.574724000", - "frame.number": "4457", - "frame.len": "211", - "frame.cap_len": "211", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "197", - "ip.id": "0x0000604d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00007844", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "177", - "udp.checksum": "0x00009320", - "udp.checksum.status": "2", - "udp.stream": "45" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00008400", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "1", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.recavail": "0", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "0", - "dns.count.answers": "4", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Answers": { - "_smartthings._tcp.local: type PTR, class IN, D052A8A1D7EE0001._smartthings._tcp.local": { - "dns.resp.name": "_smartthings._tcp.local", - "dns.resp.type": "12", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "4500", - "dns.resp.len": "19", - "dns.ptr.domain_name": "D052A8A1D7EE0001._smartthings._tcp.local" - }, - "D052A8A1D7EE0001._smartthings._tcp.local: type TXT, class IN, cache flush": { - "dns.resp.name": "D052A8A1D7EE0001._smartthings._tcp.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "1", - "dns.resp.ttl": "4500", - "dns.resp.len": "38", - "dns.txt.length": "6", - "dns.txt": "path=\/", - "dns.txt.length": "19", - "dns.txt": "id=D052A8A1D7EE0001", - "dns.txt.length": "10", - "dns.txt": "type=hubv2" - }, - "D052A8A1D7EE0001._smartthings._tcp.local: type SRV, class IN, cache flush, priority 0, weight 0, port 8081, target D052A8A1D7EE0001.local": { - "dns.srv.service": "D052A8A1D7EE0001", - "dns.srv.proto": "_smartthings", - "dns.srv.name": "_tcp.local", - "dns.resp.type": "33", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "1", - "dns.resp.ttl": "120", - "dns.resp.len": "25", - "dns.srv.priority": "0", - "dns.srv.weight": "0", - "dns.srv.port": "8081", - "dns.srv.target": "D052A8A1D7EE0001.local" - }, - "D052A8A1D7EE0001.local: type A, class IN, cache flush, addr 192.168.0.242": { - "dns.resp.name": "D052A8A1D7EE0001.local", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "1", - "dns.resp.ttl": "120", - "dns.resp.len": "4", - "dns.a": "192.168.0.242" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:27.255621000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494847.255621000", - "frame.time_delta": "0.220211000", - "frame.time_delta_displayed": "0.220211000", - "frame.time_relative": "1255.794935000", - "frame.number": "4458", - "frame.len": "83", - "frame.cap_len": "83", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "69", - "ip.id": "0x000062b8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000076d6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "49", - "udp.checksum": "0x0000edf6", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_smartthings._tcp.local", - "dns.qry.name.len": "23", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:27.475677000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494847.475677000", - "frame.time_delta": "0.220056000", - "frame.time_delta_displayed": "0.220056000", - "frame.time_relative": "1256.014991000", - "frame.number": "4459", - "frame.len": "83", - "frame.cap_len": "83", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "69", - "ip.id": "0x000062c3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000076cb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "49", - "udp.checksum": "0x0000edf6", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_smartthings._tcp.local", - "dns.qry.name.len": "23", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:27.638452000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494847.638452000", - "frame.time_delta": "0.162775000", - "frame.time_delta_displayed": "0.162775000", - "frame.time_relative": "1256.177766000", - "frame.number": "4460", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001ee2", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b90e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000147b", - "udp.checksum.status": "2", - "udp.stream": "98" - }, - "mdns": { - "dns.id": "0x0000027b", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=635", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:27.638984000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494847.638984000", - "frame.time_delta": "0.000532000", - "frame.time_delta_displayed": "0.000532000", - "frame.time_relative": "1256.178298000", - "frame.number": "4461", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001ee3", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009a09", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f576", - "udp.checksum.status": "2", - "udp.stream": "99" - }, - "mdns": { - "dns.id": "0x0000027b", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=635", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:27.639606000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494847.639606000", - "frame.time_delta": "0.000622000", - "frame.time_delta_displayed": "0.000622000", - "frame.time_relative": "1256.178920000", - "frame.number": "4462", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1322", - "udp.dstport": "5353", - "udp.port": "1322", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000833c", - "udp.checksum.status": "2", - "udp.stream": "100" - }, - "mdns": { - "dns.id": "0x0000027b", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=635", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:28.898551000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494848.898551000", - "frame.time_delta": "1.258945000", - "frame.time_delta_displayed": "1.258945000", - "frame.time_relative": "1257.437865000", - "frame.number": "4463", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "3c:ef:8c:6f:79:5a", - "eth.src_tree": { - "eth.src_resolved": "Zhejiang_6f:79:5a", - "eth.addr": "3c:ef:8c:6f:79:5a", - "eth.addr_resolved": "Zhejiang_6f:79:5a", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.isgratuitous": "1", - "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", - "arp.src.proto_ipv4": "192.168.0.71", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.71" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:30.435687000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494850.435687000", - "frame.time_delta": "1.537136000", - "frame.time_delta_displayed": "1.537136000", - "frame.time_relative": "1258.975001000", - "frame.number": "4464", - "frame.len": "168", - "frame.cap_len": "168", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "154", - "ip.id": "0x00002100", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e744", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "52117", - "udp.dstport": "1900", - "udp.port": "52117", - "udp.port": "1900", - "udp.length": "134", - "udp.checksum": "0x00004d48", - "udp.checksum.status": "2", - "udp.stream": "10" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "11", - "http.prev_request_in": "4083" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:30.813175000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494850.813175000", - "frame.time_delta": "0.377488000", - "frame.time_delta_displayed": "0.377488000", - "frame.time_relative": "1259.352489000", - "frame.number": "4465", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000eeb7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000c893", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "305", - "udp.checksum": "0x0000f985", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "61", - "http.prev_response_in": "4139" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:30.816964000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494850.816964000", - "frame.time_delta": "0.003789000", - "frame.time_delta_displayed": "0.003789000", - "frame.time_relative": "1259.356278000", - "frame.number": "4466", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001aac", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005dbb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54640", - "tcp.dstport": "80", - "tcp.port": "54640", - "tcp.port": "80", - "tcp.stream": "171", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x00000090", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:30.817494000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494850.817494000", - "frame.time_delta": "0.000530000", - "frame.time_delta_displayed": "0.000530000", - "frame.time_relative": "1259.356808000", - "frame.number": "4467", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54640", - "tcp.port": "80", - "tcp.port": "54640", - "tcp.stream": "171", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000ee2f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4466", - "tcp.analysis.ack_rtt": "0.000530000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:30.820745000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494850.820745000", - "frame.time_delta": "0.003251000", - "frame.time_delta_displayed": "0.003251000", - "frame.time_relative": "1259.360059000", - "frame.number": "4468", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001aad", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005dc6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54640", - "tcp.dstport": "80", - "tcp.port": "54640", - "tcp.port": "80", - "tcp.stream": "171", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000a00e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4467", - "tcp.analysis.ack_rtt": "0.003251000", - "tcp.analysis.initial_rtt": "0.003781000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:30.821405000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494850.821405000", - "frame.time_delta": "0.000660000", - "frame.time_delta_displayed": "0.000660000", - "frame.time_relative": "1259.360719000", - "frame.number": "4469", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001aae", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005d1e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54640", - "tcp.dstport": "80", - "tcp.port": "54640", - "tcp.port": "80", - "tcp.stream": "171", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000b587", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003781000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:30.821887000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494850.821887000", - "frame.time_delta": "0.000482000", - "frame.time_delta_displayed": "0.000482000", - "frame.time_relative": "1259.361201000", - "frame.number": "4470", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000281e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009055", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54640", - "tcp.port": "80", - "tcp.port": "54640", - "tcp.stream": "171", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000919f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4469", - "tcp.analysis.ack_rtt": "0.000482000", - "tcp.analysis.initial_rtt": "0.003781000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:30.822475000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494850.822475000", - "frame.time_delta": "0.000588000", - "frame.time_delta_displayed": "0.000588000", - "frame.time_relative": "1259.361789000", - "frame.number": "4471", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000281f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009043", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54640", - "tcp.port": "80", - "tcp.port": "54640", - "tcp.stream": "171", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000d1c0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003781000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:30.822979000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494850.822979000", - "frame.time_delta": "0.000504000", - "frame.time_delta_displayed": "0.000504000", - "frame.time_relative": "1259.362293000", - "frame.number": "4472", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00002820", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008c70", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54640", - "tcp.port": "80", - "tcp.port": "54640", - "tcp.stream": "171", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000242a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003781000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "4471", - "tcp.segment": "4472", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001574000", - "http.request_in": "4469", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:30.826803000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494850.826803000", - "frame.time_delta": "0.003824000", - "frame.time_delta_displayed": "0.003824000", - "frame.time_relative": "1259.366117000", - "frame.number": "4473", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001aaf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005dc4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54640", - "tcp.dstport": "80", - "tcp.port": "54640", - "tcp.port": "80", - "tcp.stream": "171", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00009b76", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4472", - "tcp.analysis.ack_rtt": "0.003824000", - "tcp.analysis.initial_rtt": "0.003781000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:30.827483000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494850.827483000", - "frame.time_delta": "0.000680000", - "frame.time_delta_displayed": "0.000680000", - "frame.time_relative": "1259.366797000", - "frame.number": "4474", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001ab0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005dc3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54640", - "tcp.dstport": "80", - "tcp.port": "54640", - "tcp.port": "80", - "tcp.stream": "171", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00009b75", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:30.827917000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494850.827917000", - "frame.time_delta": "0.000434000", - "frame.time_delta_displayed": "0.000434000", - "frame.time_relative": "1259.367231000", - "frame.number": "4475", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000b203", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000670", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54640", - "tcp.port": "80", - "tcp.port": "54640", - "tcp.stream": "171", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00008da9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4474", - "tcp.analysis.ack_rtt": "0.000434000", - "tcp.analysis.initial_rtt": "0.003781000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:30.866083000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494850.866083000", - "frame.time_delta": "0.038166000", - "frame.time_delta_displayed": "0.038166000", - "frame.time_relative": "1259.405397000", - "frame.number": "4476", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000eeb9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000c888", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "314", - "udp.checksum": "0x00000771", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "62", - "http.prev_response_in": "4465" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:30.878777000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494850.878777000", - "frame.time_delta": "0.012694000", - "frame.time_delta_displayed": "0.012694000", - "frame.time_relative": "1259.418091000", - "frame.number": "4477", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001ab1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005db6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54641", - "tcp.dstport": "80", - "tcp.port": "54641", - "tcp.port": "80", - "tcp.stream": "172", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x0000a322", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:30.879320000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494850.879320000", - "frame.time_delta": "0.000543000", - "frame.time_delta_displayed": "0.000543000", - "frame.time_relative": "1259.418634000", - "frame.number": "4478", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54641", - "tcp.port": "80", - "tcp.port": "54641", - "tcp.stream": "172", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000dd2b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4477", - "tcp.analysis.ack_rtt": "0.000543000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:30.882347000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494850.882347000", - "frame.time_delta": "0.003027000", - "frame.time_delta_displayed": "0.003027000", - "frame.time_relative": "1259.421661000", - "frame.number": "4479", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001ab2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005dc1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54641", - "tcp.dstport": "80", - "tcp.port": "54641", - "tcp.port": "80", - "tcp.stream": "172", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00008f0a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4478", - "tcp.analysis.ack_rtt": "0.003027000", - "tcp.analysis.initial_rtt": "0.003570000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:30.882977000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494850.882977000", - "frame.time_delta": "0.000630000", - "frame.time_delta_displayed": "0.000630000", - "frame.time_relative": "1259.422291000", - "frame.number": "4480", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001ab3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005d19", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54641", - "tcp.dstport": "80", - "tcp.port": "54641", - "tcp.port": "80", - "tcp.stream": "172", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000a483", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003570000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:30.883471000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494850.883471000", - "frame.time_delta": "0.000494000", - "frame.time_delta_displayed": "0.000494000", - "frame.time_relative": "1259.422785000", - "frame.number": "4481", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000f5b7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000c2bb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54641", - "tcp.port": "80", - "tcp.port": "54641", - "tcp.stream": "172", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000809b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4480", - "tcp.analysis.ack_rtt": "0.000494000", - "tcp.analysis.initial_rtt": "0.003570000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:30.884117000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494850.884117000", - "frame.time_delta": "0.000646000", - "frame.time_delta_displayed": "0.000646000", - "frame.time_relative": "1259.423431000", - "frame.number": "4482", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000f5b8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000c2a9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54641", - "tcp.port": "80", - "tcp.port": "54641", - "tcp.stream": "172", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000c0bc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003570000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:30.884519000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494850.884519000", - "frame.time_delta": "0.000402000", - "frame.time_delta_displayed": "0.000402000", - "frame.time_relative": "1259.423833000", - "frame.number": "4483", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000f5b9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000bed6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54641", - "tcp.port": "80", - "tcp.port": "54641", - "tcp.stream": "172", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00001326", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003570000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "4482", - "tcp.segment": "4483", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001542000", - "http.request_in": "4480", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:30.887351000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494850.887351000", - "frame.time_delta": "0.002832000", - "frame.time_delta_displayed": "0.002832000", - "frame.time_relative": "1259.426665000", - "frame.number": "4484", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001ab4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005dbf", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54641", - "tcp.dstport": "80", - "tcp.port": "54641", - "tcp.port": "80", - "tcp.stream": "172", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00008a72", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4483", - "tcp.analysis.ack_rtt": "0.002832000", - "tcp.analysis.initial_rtt": "0.003570000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:30.887952000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494850.887952000", - "frame.time_delta": "0.000601000", - "frame.time_delta_displayed": "0.000601000", - "frame.time_relative": "1259.427266000", - "frame.number": "4485", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001ab5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005dbe", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54641", - "tcp.dstport": "80", - "tcp.port": "54641", - "tcp.port": "80", - "tcp.stream": "172", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00008a71", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:30.888400000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494850.888400000", - "frame.time_delta": "0.000448000", - "frame.time_delta_displayed": "0.000448000", - "frame.time_relative": "1259.427714000", - "frame.number": "4486", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000b209", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000066a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54641", - "tcp.port": "80", - "tcp.port": "54641", - "tcp.stream": "172", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00007ca5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4485", - "tcp.analysis.ack_rtt": "0.000448000", - "tcp.analysis.initial_rtt": "0.003570000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:30.918952000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494850.918952000", - "frame.time_delta": "0.030552000", - "frame.time_delta_displayed": "0.030552000", - "frame.time_relative": "1259.458266000", - "frame.number": "4487", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000eebb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000c88c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "308", - "udp.checksum": "0x00002afb", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "63", - "http.prev_response_in": "4476" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:30.982655000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494850.982655000", - "frame.time_delta": "0.063703000", - "frame.time_delta_displayed": "0.063703000", - "frame.time_relative": "1259.521969000", - "frame.number": "4488", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001ab6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005db1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54643", - "tcp.dstport": "80", - "tcp.port": "54643", - "tcp.port": "80", - "tcp.stream": "173", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x000070b1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:30.983191000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494850.983191000", - "frame.time_delta": "0.000536000", - "frame.time_delta_displayed": "0.000536000", - "frame.time_relative": "1259.522505000", - "frame.number": "4489", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54643", - "tcp.port": "80", - "tcp.port": "54643", - "tcp.stream": "173", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000e40a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4488", - "tcp.analysis.ack_rtt": "0.000536000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:30.986039000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494850.986039000", - "frame.time_delta": "0.002848000", - "frame.time_delta_displayed": "0.002848000", - "frame.time_relative": "1259.525353000", - "frame.number": "4490", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001ab7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005dbc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54643", - "tcp.dstport": "80", - "tcp.port": "54643", - "tcp.port": "80", - "tcp.stream": "173", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000095e9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4489", - "tcp.analysis.ack_rtt": "0.002848000", - "tcp.analysis.initial_rtt": "0.003384000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:30.986639000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494850.986639000", - "frame.time_delta": "0.000600000", - "frame.time_delta_displayed": "0.000600000", - "frame.time_relative": "1259.525953000", - "frame.number": "4491", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001ab8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005d14", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54643", - "tcp.dstport": "80", - "tcp.port": "54643", - "tcp.port": "80", - "tcp.stream": "173", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000ab62", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003384000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:30.987099000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494850.987099000", - "frame.time_delta": "0.000460000", - "frame.time_delta_displayed": "0.000460000", - "frame.time_relative": "1259.526413000", - "frame.number": "4492", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000952d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00002346", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54643", - "tcp.port": "80", - "tcp.port": "54643", - "tcp.stream": "173", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000877a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4491", - "tcp.analysis.ack_rtt": "0.000460000", - "tcp.analysis.initial_rtt": "0.003384000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:30.987770000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494850.987770000", - "frame.time_delta": "0.000671000", - "frame.time_delta_displayed": "0.000671000", - "frame.time_relative": "1259.527084000", - "frame.number": "4493", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000952e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00002334", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54643", - "tcp.port": "80", - "tcp.port": "54643", - "tcp.stream": "173", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000c79b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003384000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:30.988129000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494850.988129000", - "frame.time_delta": "0.000359000", - "frame.time_delta_displayed": "0.000359000", - "frame.time_relative": "1259.527443000", - "frame.number": "4494", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000952f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001f61", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54643", - "tcp.port": "80", - "tcp.port": "54643", - "tcp.stream": "173", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00001a05", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003384000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "4493", - "tcp.segment": "4494", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001490000", - "http.request_in": "4491", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:30.989614000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494850.989614000", - "frame.time_delta": "0.001485000", - "frame.time_delta_displayed": "0.001485000", - "frame.time_relative": "1259.528928000", - "frame.number": "4495", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00009530", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001f60", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54643", - "tcp.port": "80", - "tcp.port": "54643", - "tcp.stream": "173", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00001a05", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003384000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.out_of_order": "", - "_ws.expert.message": "This frame is a (suspected) out-of-order segment", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - } - } - }, - "_ws.malformed": { - "_ws.expert": { - "_ws.malformed.reassembly": "", - "_ws.expert.message": "New fragment overlaps old data (retransmission?)", - "_ws.expert.severity": "8388608", - "_ws.expert.group": "117440512" - }, - "_ws.malformed": "Malformed Packet" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:30.990184000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494850.990184000", - "frame.time_delta": "0.000570000", - "frame.time_delta_displayed": "0.000570000", - "frame.time_relative": "1259.529498000", - "frame.number": "4496", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001ab9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005dba", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54643", - "tcp.dstport": "80", - "tcp.port": "54643", - "tcp.port": "80", - "tcp.stream": "173", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00009151", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4494", - "tcp.analysis.ack_rtt": "0.002055000", - "tcp.analysis.initial_rtt": "0.003384000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:30.990845000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494850.990845000", - "frame.time_delta": "0.000661000", - "frame.time_delta_displayed": "0.000661000", - "frame.time_relative": "1259.530159000", - "frame.number": "4497", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001aba", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005db9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54643", - "tcp.dstport": "80", - "tcp.port": "54643", - "tcp.port": "80", - "tcp.stream": "173", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00009150", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:30.991238000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494850.991238000", - "frame.time_delta": "0.000393000", - "frame.time_delta_displayed": "0.000393000", - "frame.time_relative": "1259.530552000", - "frame.number": "4498", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000b20d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000666", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54643", - "tcp.port": "80", - "tcp.port": "54643", - "tcp.stream": "173", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00008384", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4497", - "tcp.analysis.ack_rtt": "0.000393000", - "tcp.analysis.initial_rtt": "0.003384000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:30.993020000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494850.993020000", - "frame.time_delta": "0.001782000", - "frame.time_delta_displayed": "0.001782000", - "frame.time_relative": "1259.532334000", - "frame.number": "4499", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001abb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005dac", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54643", - "tcp.dstport": "80", - "tcp.port": "54643", - "tcp.port": "80", - "tcp.stream": "173", - "tcp.len": "0", - "tcp.seq": "169", - "tcp.ack": "1014", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00002c3c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:05:0a:49:de:cb:ae:49:de:cf:91", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "SACK: 18-1013": { - "tcp.option_kind": "5", - "tcp.option_len": "10", - "tcp.options.sack": "1", - "tcp.options.sack_le": "18", - "tcp.options.sack_re": "1013", - "tcp.options.sack.count": "1" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003384000", - "tcp.analysis.flags": { - "tcp.analysis.duplicate_ack": "" - }, - "tcp.analysis.duplicate_ack_num": "1", - "tcp.analysis.duplicate_ack_frame": "4496", - "tcp.analysis.duplicate_ack_frame_tree": { - "_ws.expert": { - "tcp.analysis.duplicate_ack": "", - "_ws.expert.message": "Duplicate ACK (#1)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:31.140454000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494851.140454000", - "frame.time_delta": "0.147434000", - "frame.time_delta_displayed": "0.147434000", - "frame.time_relative": "1259.679768000", - "frame.number": "4500", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.242" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:31.140844000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494851.140844000", - "frame.time_delta": "0.000390000", - "frame.time_delta_displayed": "0.000390000", - "frame.time_relative": "1259.680158000", - "frame.number": "4501", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "d0:52:a8:a3:60:0f", - "arp.src.proto_ipv4": "192.168.0.242", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:31.866478000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494851.866478000", - "frame.time_delta": "0.725634000", - "frame.time_delta_displayed": "0.725634000", - "frame.time_relative": "1260.405792000", - "frame.number": "4502", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000eecf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000c87b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "305", - "udp.checksum": "0x0000f985", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "64", - "http.prev_response_in": "4487" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:31.883281000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494851.883281000", - "frame.time_delta": "0.016803000", - "frame.time_delta_displayed": "0.016803000", - "frame.time_relative": "1260.422595000", - "frame.number": "4503", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001abc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005dab", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54645", - "tcp.dstport": "80", - "tcp.port": "54645", - "tcp.port": "80", - "tcp.stream": "174", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x00000f2c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:31.883846000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494851.883846000", - "frame.time_delta": "0.000565000", - "frame.time_delta_displayed": "0.000565000", - "frame.time_relative": "1260.423160000", - "frame.number": "4504", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54645", - "tcp.port": "80", - "tcp.port": "54645", - "tcp.stream": "174", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00008a0c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4503", - "tcp.analysis.ack_rtt": "0.000565000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:31.886163000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494851.886163000", - "frame.time_delta": "0.002317000", - "frame.time_delta_displayed": "0.002317000", - "frame.time_relative": "1260.425477000", - "frame.number": "4505", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001abd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005db6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54645", - "tcp.dstport": "80", - "tcp.port": "54645", - "tcp.port": "80", - "tcp.stream": "174", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00003beb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4504", - "tcp.analysis.ack_rtt": "0.002317000", - "tcp.analysis.initial_rtt": "0.002882000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:31.886739000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494851.886739000", - "frame.time_delta": "0.000576000", - "frame.time_delta_displayed": "0.000576000", - "frame.time_relative": "1260.426053000", - "frame.number": "4506", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001abe", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005d0e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54645", - "tcp.dstport": "80", - "tcp.port": "54645", - "tcp.port": "80", - "tcp.stream": "174", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00005164", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002882000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:31.887209000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494851.887209000", - "frame.time_delta": "0.000470000", - "frame.time_delta_displayed": "0.000470000", - "frame.time_relative": "1260.426523000", - "frame.number": "4507", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001e41", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009a32", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54645", - "tcp.port": "80", - "tcp.port": "54645", - "tcp.stream": "174", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00002d7c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4506", - "tcp.analysis.ack_rtt": "0.000470000", - "tcp.analysis.initial_rtt": "0.002882000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:31.887807000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494851.887807000", - "frame.time_delta": "0.000598000", - "frame.time_delta_displayed": "0.000598000", - "frame.time_relative": "1260.427121000", - "frame.number": "4508", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00001e42", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009a20", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54645", - "tcp.port": "80", - "tcp.port": "54645", - "tcp.stream": "174", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00006d9d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002882000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:31.888245000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494851.888245000", - "frame.time_delta": "0.000438000", - "frame.time_delta_displayed": "0.000438000", - "frame.time_relative": "1260.427559000", - "frame.number": "4509", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00001e43", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000964d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54645", - "tcp.port": "80", - "tcp.port": "54645", - "tcp.stream": "174", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000c006", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002882000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "4508", - "tcp.segment": "4509", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001506000", - "http.request_in": "4506", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:31.889635000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494851.889635000", - "frame.time_delta": "0.001390000", - "frame.time_delta_displayed": "0.001390000", - "frame.time_relative": "1260.428949000", - "frame.number": "4510", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00001e44", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000964c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54645", - "tcp.port": "80", - "tcp.port": "54645", - "tcp.stream": "174", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000c006", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002882000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.out_of_order": "", - "_ws.expert.message": "This frame is a (suspected) out-of-order segment", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - } - } - }, - "_ws.malformed": { - "_ws.expert": { - "_ws.malformed.reassembly": "", - "_ws.expert.message": "New fragment overlaps old data (retransmission?)", - "_ws.expert.severity": "8388608", - "_ws.expert.group": "117440512" - }, - "_ws.malformed": "Malformed Packet" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:31.890409000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494851.890409000", - "frame.time_delta": "0.000774000", - "frame.time_delta_displayed": "0.000774000", - "frame.time_relative": "1260.429723000", - "frame.number": "4511", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001abf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005db4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54645", - "tcp.dstport": "80", - "tcp.port": "54645", - "tcp.port": "80", - "tcp.stream": "174", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00003753", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4509", - "tcp.analysis.ack_rtt": "0.002164000", - "tcp.analysis.initial_rtt": "0.002882000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:31.891046000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494851.891046000", - "frame.time_delta": "0.000637000", - "frame.time_delta_displayed": "0.000637000", - "frame.time_relative": "1260.430360000", - "frame.number": "4512", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001ac0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005db3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54645", - "tcp.dstport": "80", - "tcp.port": "54645", - "tcp.port": "80", - "tcp.stream": "174", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00003752", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:31.891481000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494851.891481000", - "frame.time_delta": "0.000435000", - "frame.time_delta_displayed": "0.000435000", - "frame.time_relative": "1260.430795000", - "frame.number": "4513", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000b245", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000062e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54645", - "tcp.port": "80", - "tcp.port": "54645", - "tcp.stream": "174", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00002986", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4512", - "tcp.analysis.ack_rtt": "0.000435000", - "tcp.analysis.initial_rtt": "0.002882000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:31.892770000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494851.892770000", - "frame.time_delta": "0.001289000", - "frame.time_delta_displayed": "0.001289000", - "frame.time_relative": "1260.432084000", - "frame.number": "4514", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001ac1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005da6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54645", - "tcp.dstport": "80", - "tcp.port": "54645", - "tcp.port": "80", - "tcp.stream": "174", - "tcp.len": "0", - "tcp.seq": "169", - "tcp.ack": "1014", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000e14b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:05:0a:cc:a9:41:5c:cc:a9:45:3f", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "SACK: 18-1013": { - "tcp.option_kind": "5", - "tcp.option_len": "10", - "tcp.options.sack": "1", - "tcp.options.sack_le": "18", - "tcp.options.sack_re": "1013", - "tcp.options.sack.count": "1" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002882000", - "tcp.analysis.flags": { - "tcp.analysis.duplicate_ack": "" - }, - "tcp.analysis.duplicate_ack_num": "1", - "tcp.analysis.duplicate_ack_frame": "4511", - "tcp.analysis.duplicate_ack_frame_tree": { - "_ws.expert": { - "tcp.analysis.duplicate_ack": "", - "_ws.expert.message": "Duplicate ACK (#1)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:31.920285000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494851.920285000", - "frame.time_delta": "0.027515000", - "frame.time_delta_displayed": "0.027515000", - "frame.time_relative": "1260.459599000", - "frame.number": "4515", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000eed2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000c86f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "314", - "udp.checksum": "0x00000771", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "65", - "http.prev_response_in": "4502" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:31.941715000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494851.941715000", - "frame.time_delta": "0.021430000", - "frame.time_delta_displayed": "0.021430000", - "frame.time_relative": "1260.481029000", - "frame.number": "4516", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001ac2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005da5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54646", - "tcp.dstport": "80", - "tcp.port": "54646", - "tcp.port": "80", - "tcp.stream": "175", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x0000125a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:31.942279000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494851.942279000", - "frame.time_delta": "0.000564000", - "frame.time_delta_displayed": "0.000564000", - "frame.time_relative": "1260.481593000", - "frame.number": "4517", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54646", - "tcp.port": "80", - "tcp.port": "54646", - "tcp.stream": "175", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x000099cb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4516", - "tcp.analysis.ack_rtt": "0.000564000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:31.945943000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494851.945943000", - "frame.time_delta": "0.003664000", - "frame.time_delta_displayed": "0.003664000", - "frame.time_relative": "1260.485257000", - "frame.number": "4518", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001ac3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005db0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54646", - "tcp.dstport": "80", - "tcp.port": "54646", - "tcp.port": "80", - "tcp.stream": "175", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00004baa", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4517", - "tcp.analysis.ack_rtt": "0.003664000", - "tcp.analysis.initial_rtt": "0.004228000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:31.946640000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494851.946640000", - "frame.time_delta": "0.000697000", - "frame.time_delta_displayed": "0.000697000", - "frame.time_relative": "1260.485954000", - "frame.number": "4519", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001ac4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005d08", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54646", - "tcp.dstport": "80", - "tcp.port": "54646", - "tcp.port": "80", - "tcp.stream": "175", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00006123", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004228000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:31.947161000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494851.947161000", - "frame.time_delta": "0.000521000", - "frame.time_delta_displayed": "0.000521000", - "frame.time_relative": "1260.486475000", - "frame.number": "4520", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002e6a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008a09", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54646", - "tcp.port": "80", - "tcp.port": "54646", - "tcp.stream": "175", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00003d3b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4519", - "tcp.analysis.ack_rtt": "0.000521000", - "tcp.analysis.initial_rtt": "0.004228000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:31.947734000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494851.947734000", - "frame.time_delta": "0.000573000", - "frame.time_delta_displayed": "0.000573000", - "frame.time_relative": "1260.487048000", - "frame.number": "4521", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00002e6b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000089f7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54646", - "tcp.port": "80", - "tcp.port": "54646", - "tcp.stream": "175", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00007d5c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004228000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:31.948159000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494851.948159000", - "frame.time_delta": "0.000425000", - "frame.time_delta_displayed": "0.000425000", - "frame.time_relative": "1260.487473000", - "frame.number": "4522", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00002e6c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008624", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54646", - "tcp.port": "80", - "tcp.port": "54646", - "tcp.stream": "175", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000cfc5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004228000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "4521", - "tcp.segment": "4522", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001519000", - "http.request_in": "4519", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:31.949643000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494851.949643000", - "frame.time_delta": "0.001484000", - "frame.time_delta_displayed": "0.001484000", - "frame.time_relative": "1260.488957000", - "frame.number": "4523", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00002e6d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008623", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54646", - "tcp.port": "80", - "tcp.port": "54646", - "tcp.stream": "175", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000cfc5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004228000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.out_of_order": "", - "_ws.expert.message": "This frame is a (suspected) out-of-order segment", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - } - } - }, - "_ws.malformed": { - "_ws.expert": { - "_ws.malformed.reassembly": "", - "_ws.expert.message": "New fragment overlaps old data (retransmission?)", - "_ws.expert.severity": "8388608", - "_ws.expert.group": "117440512" - }, - "_ws.malformed": "Malformed Packet" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:31.955396000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494851.955396000", - "frame.time_delta": "0.005753000", - "frame.time_delta_displayed": "0.005753000", - "frame.time_relative": "1260.494710000", - "frame.number": "4524", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001ac5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005da2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54646", - "tcp.dstport": "80", - "tcp.port": "54646", - "tcp.port": "80", - "tcp.stream": "175", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00000a2e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:05:0a:8f:e9:71:8b:8f:e9:75:6e", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "SACK: 18-1013": { - "tcp.option_kind": "5", - "tcp.option_len": "10", - "tcp.options.sack": "1", - "tcp.options.sack_le": "18", - "tcp.options.sack_re": "1013", - "tcp.options.sack.count": "1" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4522", - "tcp.analysis.ack_rtt": "0.007237000", - "tcp.analysis.initial_rtt": "0.004228000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:31.956042000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494851.956042000", - "frame.time_delta": "0.000646000", - "frame.time_delta_displayed": "0.000646000", - "frame.time_relative": "1260.495356000", - "frame.number": "4525", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001ac6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005dad", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54646", - "tcp.dstport": "80", - "tcp.port": "54646", - "tcp.port": "80", - "tcp.stream": "175", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00004711", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:31.956484000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494851.956484000", - "frame.time_delta": "0.000442000", - "frame.time_delta_displayed": "0.000442000", - "frame.time_relative": "1260.495798000", - "frame.number": "4526", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000b246", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000062d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54646", - "tcp.port": "80", - "tcp.port": "54646", - "tcp.stream": "175", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00003945", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4525", - "tcp.analysis.ack_rtt": "0.000442000", - "tcp.analysis.initial_rtt": "0.004228000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:31.973489000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494851.973489000", - "frame.time_delta": "0.017005000", - "frame.time_delta_displayed": "0.017005000", - "frame.time_relative": "1260.512803000", - "frame.number": "4527", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000eed5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000c872", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "308", - "udp.checksum": "0x00002afb", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "66", - "http.prev_response_in": "4515" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:31.976736000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494851.976736000", - "frame.time_delta": "0.003247000", - "frame.time_delta_displayed": "0.003247000", - "frame.time_relative": "1260.516050000", - "frame.number": "4528", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001ac7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005da0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54647", - "tcp.dstport": "80", - "tcp.port": "54647", - "tcp.port": "80", - "tcp.stream": "176", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x00006a5e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:31.977275000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494851.977275000", - "frame.time_delta": "0.000539000", - "frame.time_delta_displayed": "0.000539000", - "frame.time_relative": "1260.516589000", - "frame.number": "4529", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54647", - "tcp.port": "80", - "tcp.port": "54647", - "tcp.stream": "176", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00008ec0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4528", - "tcp.analysis.ack_rtt": "0.000539000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:31.980341000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494851.980341000", - "frame.time_delta": "0.003066000", - "frame.time_delta_displayed": "0.003066000", - "frame.time_relative": "1260.519655000", - "frame.number": "4530", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001ac8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005dab", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54647", - "tcp.dstport": "80", - "tcp.port": "54647", - "tcp.port": "80", - "tcp.stream": "176", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000409f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4529", - "tcp.analysis.ack_rtt": "0.003066000", - "tcp.analysis.initial_rtt": "0.003605000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:31.980878000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494851.980878000", - "frame.time_delta": "0.000537000", - "frame.time_delta_displayed": "0.000537000", - "frame.time_relative": "1260.520192000", - "frame.number": "4531", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001ac9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005d03", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54647", - "tcp.dstport": "80", - "tcp.port": "54647", - "tcp.port": "80", - "tcp.stream": "176", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00005618", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003605000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:31.981355000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494851.981355000", - "frame.time_delta": "0.000477000", - "frame.time_delta_displayed": "0.000477000", - "frame.time_relative": "1260.520669000", - "frame.number": "4532", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000065e1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005292", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54647", - "tcp.port": "80", - "tcp.port": "54647", - "tcp.stream": "176", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00003230", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4531", - "tcp.analysis.ack_rtt": "0.000477000", - "tcp.analysis.initial_rtt": "0.003605000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:31.982010000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494851.982010000", - "frame.time_delta": "0.000655000", - "frame.time_delta_displayed": "0.000655000", - "frame.time_relative": "1260.521324000", - "frame.number": "4533", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x000065e2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005280", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54647", - "tcp.port": "80", - "tcp.port": "54647", - "tcp.stream": "176", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00007251", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003605000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:31.982367000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494851.982367000", - "frame.time_delta": "0.000357000", - "frame.time_delta_displayed": "0.000357000", - "frame.time_relative": "1260.521681000", - "frame.number": "4534", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x000065e3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004ead", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54647", - "tcp.port": "80", - "tcp.port": "54647", - "tcp.stream": "176", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000c4ba", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003605000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "4533", - "tcp.segment": "4534", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001489000", - "http.request_in": "4531", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:31.984468000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494851.984468000", - "frame.time_delta": "0.002101000", - "frame.time_delta_displayed": "0.002101000", - "frame.time_relative": "1260.523782000", - "frame.number": "4535", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001aca", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005da9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54647", - "tcp.dstport": "80", - "tcp.port": "54647", - "tcp.port": "80", - "tcp.stream": "176", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00003c07", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4534", - "tcp.analysis.ack_rtt": "0.002101000", - "tcp.analysis.initial_rtt": "0.003605000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:31.985076000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494851.985076000", - "frame.time_delta": "0.000608000", - "frame.time_delta_displayed": "0.000608000", - "frame.time_relative": "1260.524390000", - "frame.number": "4536", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001acb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005da8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54647", - "tcp.dstport": "80", - "tcp.port": "54647", - "tcp.port": "80", - "tcp.stream": "176", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00003c06", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:31.985504000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494851.985504000", - "frame.time_delta": "0.000428000", - "frame.time_delta_displayed": "0.000428000", - "frame.time_relative": "1260.524818000", - "frame.number": "4537", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000b247", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000062c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54647", - "tcp.port": "80", - "tcp.port": "54647", - "tcp.stream": "176", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00002e3a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4536", - "tcp.analysis.ack_rtt": "0.000428000", - "tcp.analysis.initial_rtt": "0.003605000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:32.641163000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494852.641163000", - "frame.time_delta": "0.655659000", - "frame.time_delta_displayed": "0.655659000", - "frame.time_relative": "1261.180477000", - "frame.number": "4538", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001f02", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b8ee", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000147b", - "udp.checksum.status": "2", - "udp.stream": "98" - }, - "mdns": { - "dns.id": "0x0000027b", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=635", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:32.641558000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494852.641558000", - "frame.time_delta": "0.000395000", - "frame.time_delta_displayed": "0.000395000", - "frame.time_relative": "1261.180872000", - "frame.number": "4539", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001f03", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000099e9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f576", - "udp.checksum.status": "2", - "udp.stream": "99" - }, - "mdns": { - "dns.id": "0x0000027b", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=635", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:32.642045000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494852.642045000", - "frame.time_delta": "0.000487000", - "frame.time_delta_displayed": "0.000487000", - "frame.time_relative": "1261.181359000", - "frame.number": "4540", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1322", - "udp.dstport": "5353", - "udp.port": "1322", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000833c", - "udp.checksum.status": "2", - "udp.stream": "100" - }, - "mdns": { - "dns.id": "0x0000027b", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=635", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:36.593233000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494856.593233000", - "frame.time_delta": "3.951188000", - "frame.time_delta_displayed": "3.951188000", - "frame.time_relative": "1265.132547000", - "frame.number": "4541", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005d3c", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x00005aad", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:36.680082000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494856.680082000", - "frame.time_delta": "0.086849000", - "frame.time_delta_displayed": "0.086849000", - "frame.time_relative": "1265.219396000", - "frame.number": "4542", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x00002101", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e713", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "51761", - "udp.dstport": "1900", - "udp.port": "51761", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x0000802c", - "udp.checksum.status": "2", - "udp.stream": "106" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:37.348991000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494857.348991000", - "frame.time_delta": "0.668909000", - "frame.time_delta_displayed": "0.668909000", - "frame.time_relative": "1265.888305000", - "frame.number": "4543", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000ef35", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000c815", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "51761", - "udp.port": "1900", - "udp.port": "51761", - "udp.length": "305", - "udp.checksum": "0x0000fae9", - "udp.checksum.status": "2", - "udp.stream": "107" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:37.401845000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494857.401845000", - "frame.time_delta": "0.052854000", - "frame.time_delta_displayed": "0.052854000", - "frame.time_relative": "1265.941159000", - "frame.number": "4544", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000ef39", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000c808", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "51761", - "udp.port": "1900", - "udp.port": "51761", - "udp.length": "314", - "udp.checksum": "0x000008d5", - "udp.checksum.status": "2", - "udp.stream": "107" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "2", - "http.prev_response_in": "4543" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:37.454636000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494857.454636000", - "frame.time_delta": "0.052791000", - "frame.time_delta_displayed": "0.052791000", - "frame.time_relative": "1265.993950000", - "frame.number": "4545", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000ef3e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000c809", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "51761", - "udp.port": "1900", - "udp.port": "51761", - "udp.length": "308", - "udp.checksum": "0x00002c5f", - "udp.checksum.status": "2", - "udp.stream": "107" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "3", - "http.prev_response_in": "4544" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:37.641420000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494857.641420000", - "frame.time_delta": "0.186784000", - "frame.time_delta_displayed": "0.186784000", - "frame.time_relative": "1266.180734000", - "frame.number": "4546", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001f0f", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b8e1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000147b", - "udp.checksum.status": "2", - "udp.stream": "98" - }, - "mdns": { - "dns.id": "0x0000027b", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=635", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:37.641924000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494857.641924000", - "frame.time_delta": "0.000504000", - "frame.time_delta_displayed": "0.000504000", - "frame.time_relative": "1266.181238000", - "frame.number": "4547", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001f10", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000099dc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f576", - "udp.checksum.status": "2", - "udp.stream": "99" - }, - "mdns": { - "dns.id": "0x0000027b", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=635", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:37.642431000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494857.642431000", - "frame.time_delta": "0.000507000", - "frame.time_delta_displayed": "0.000507000", - "frame.time_relative": "1266.181745000", - "frame.number": "4548", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1322", - "udp.dstport": "5353", - "udp.port": "1322", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000833c", - "udp.checksum.status": "2", - "udp.stream": "100" - }, - "mdns": { - "dns.id": "0x0000027b", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=635", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:37.680775000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494857.680775000", - "frame.time_delta": "0.038344000", - "frame.time_delta_displayed": "0.038344000", - "frame.time_relative": "1266.220089000", - "frame.number": "4549", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x00002102", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e712", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "51761", - "udp.dstport": "1900", - "udp.port": "51761", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x0000802c", - "udp.checksum.status": "2", - "udp.stream": "106" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "2", - "http.prev_request_in": "4542" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:38.401437000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494858.401437000", - "frame.time_delta": "0.720662000", - "frame.time_delta_displayed": "0.720662000", - "frame.time_relative": "1266.940751000", - "frame.number": "4550", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000ef93", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000c7b7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "51761", - "udp.port": "1900", - "udp.port": "51761", - "udp.length": "305", - "udp.checksum": "0x0000fae9", - "udp.checksum.status": "2", - "udp.stream": "107" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "4", - "http.prev_response_in": "4545" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:38.459252000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494858.459252000", - "frame.time_delta": "0.057815000", - "frame.time_delta_displayed": "0.057815000", - "frame.time_relative": "1266.998566000", - "frame.number": "4551", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000ef96", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000c7ab", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "51761", - "udp.port": "1900", - "udp.port": "51761", - "udp.length": "314", - "udp.checksum": "0x000008d5", - "udp.checksum.status": "2", - "udp.stream": "107" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "5", - "http.prev_response_in": "4550" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:38.512040000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494858.512040000", - "frame.time_delta": "0.052788000", - "frame.time_delta_displayed": "0.052788000", - "frame.time_relative": "1267.051354000", - "frame.number": "4552", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000ef97", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000c7b0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "51761", - "udp.port": "1900", - "udp.port": "51761", - "udp.length": "308", - "udp.checksum": "0x00002c5f", - "udp.checksum.status": "2", - "udp.stream": "107" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "6", - "http.prev_response_in": "4551" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:38.681959000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494858.681959000", - "frame.time_delta": "0.169919000", - "frame.time_delta_displayed": "0.169919000", - "frame.time_relative": "1267.221273000", - "frame.number": "4553", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x00002103", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e711", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "51761", - "udp.dstport": "1900", - "udp.port": "51761", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x0000802c", - "udp.checksum.status": "2", - "udp.stream": "106" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "3", - "http.prev_request_in": "4549" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:38.691247000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494858.691247000", - "frame.time_delta": "0.009288000", - "frame.time_delta_displayed": "0.009288000", - "frame.time_relative": "1267.230561000", - "frame.number": "4554", - "frame.len": "411", - "frame.cap_len": "411", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "397", - "ip.id": "0x0000961f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007607", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "345", - "tcp.seq": "59371", - "tcp.nxtseq": "59716", - "tcp.ack": "12942", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00007f96", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:9f:f3:a7:9f:c5:14", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2531315, TSecr 2812265748": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2531315", - "tcp.options.timestamp.tsecr": "2812265748" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "345", - "tcp.analysis.push_bytes_sent": "345" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "340", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:d5:e7:96:13:26:86:fe:53:42:5d:35:ef:eb:8a:7f:0c:d9:04:a3:53:7b:2e:80:e0:60:e2:b9:a5:ce:20:83:1d:16:ae:9e:db:8b:a8:8a:9b:8f:4c:31:13:20:6f:96:88:43:96:c4:35:e8:d2:77:26:34:e6:a3:58:d8:8a:ea:6b:97:04:97:a8:ab:2c:56:93:83:c3:f0:dd:ad:9d:92:55:7a:45:fa:ef:8e:f6:ec:be:f4:e4:fe:86:4d:19:9d:a0:27:0f:1b:ef:54:ae:61:e8:8a:60:72:29:54:48:c7:0c:8a:41:c5:6a:4a:c5:71:37:ff:e3:b4:ca:ef:62:f6:73:76:81:4d:ac:3e:ec:4d:73:df:2e:81:7e:b6:ca:2a:79:ef:8f:c8:68:b7:6d:7d:3e:3e:10:0c:61:14:8f:54:40:65:c1:1d:9b:0b:5d:3d:c5:b7:45:8f:cf:70:97:5d:89:1a:6c:f8:9b:bd:48:54:2c:b9:d1:fc:aa:c4:14:a9:42:80:35:98:eb:35:4a:9f:8f:0c:0d:58:47:8e:17:d6:8a:a0:88:60:95:9e:35:43:84:43:88:5f:53:e7:39:37:88:f9:5a:b1:1e:dd:56:b3:a2:6a:51:df:04:95:38:65:11:02:89:b7:85:4c:5f:41:e1:70:bc:c4:08:ca:9b:8f:51:09:75:74:f6:19:bd:88:e4:6e:21:04:61:1f:28:1d:fb:ab:75:c7:63:9a:39:19:e6:57:bd:57:e8:0c:fa:b7:5a:ff:40:bc:c2:79:ca:b3:74:86:22:87:ea:8f:fa:89:cd:14:25:b4:29:fb:ec:46:03:80:5d:19:e4:3e:e6:90:fa:6e:a4:2d:03:ac:10:76:f7:7d:cf:bb:be:7c" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:38.751720000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494858.751720000", - "frame.time_delta": "0.060473000", - "frame.time_delta_displayed": "0.060473000", - "frame.time_relative": "1267.291034000", - "frame.number": "4555", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d1f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003860", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "12942", - "tcp.ack": "59716", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00001bd9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9f:d0:ec:00:26:9f:f3", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812268780, TSecr 2531315": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812268780", - "tcp.options.timestamp.tsecr": "2531315" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4554", - "tcp.analysis.ack_rtt": "0.060473000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:38.752454000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494858.752454000", - "frame.time_delta": "0.000734000", - "frame.time_delta_displayed": "0.000734000", - "frame.time_relative": "1267.291768000", - "frame.number": "4556", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002d20", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003830", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "12942", - "tcp.nxtseq": "12989", - "tcp.ack": "59716", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000177f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9f:d0:ec:00:26:9f:f3", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812268780, TSecr 2531315": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812268780", - "tcp.options.timestamp.tsecr": "2531315" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:8c:6a:61:f2:d2:3b:9d:ea:49:12:3c:2b:57:bb:fa:84:3d:31:33:11:9c:2c:22:6a:7e:20:70:35:3a:8e:51:18:1d:8a:97" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:38.786090000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494858.786090000", - "frame.time_delta": "0.033636000", - "frame.time_delta_displayed": "0.033636000", - "frame.time_relative": "1267.325404000", - "frame.number": "4557", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00009620", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000775f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "59716", - "tcp.ack": "12989", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00001ab1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:9f:fd:a7:9f:d0:ec", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2531325, TSecr 2812268780": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2531325", - "tcp.options.timestamp.tsecr": "2812268780" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4556", - "tcp.analysis.ack_rtt": "0.033636000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:38.941275000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494858.941275000", - "frame.time_delta": "0.155185000", - "frame.time_delta_displayed": "0.155185000", - "frame.time_relative": "1267.480589000", - "frame.number": "4558", - "frame.len": "136", - "frame.cap_len": "136", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "122", - "ip.id": "0x00006a47", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00006f12", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "102", - "udp.checksum": "0x0000302a", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000003", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", - "dns.qry.name.len": "70", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:39.038161000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494859.038161000", - "frame.time_delta": "0.096886000", - "frame.time_delta_displayed": "0.096886000", - "frame.time_relative": "1267.577475000", - "frame.number": "4559", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000efbd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000c78d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "51761", - "udp.port": "1900", - "udp.port": "51761", - "udp.length": "305", - "udp.checksum": "0x0000fae9", - "udp.checksum.status": "2", - "udp.stream": "107" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "7", - "http.prev_response_in": "4552" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:39.090938000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494859.090938000", - "frame.time_delta": "0.052777000", - "frame.time_delta_displayed": "0.052777000", - "frame.time_relative": "1267.630252000", - "frame.number": "4560", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000efbe", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000c783", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "51761", - "udp.port": "1900", - "udp.port": "51761", - "udp.length": "314", - "udp.checksum": "0x000008d5", - "udp.checksum.status": "2", - "udp.stream": "107" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "8", - "http.prev_response_in": "4559" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:39.143653000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494859.143653000", - "frame.time_delta": "0.052715000", - "frame.time_delta_displayed": "0.052715000", - "frame.time_relative": "1267.682967000", - "frame.number": "4561", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000efc0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000c787", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "51761", - "udp.port": "1900", - "udp.port": "51761", - "udp.length": "308", - "udp.checksum": "0x00002c5f", - "udp.checksum.status": "2", - "udp.stream": "107" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "9", - "http.prev_response_in": "4560" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:39.682425000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494859.682425000", - "frame.time_delta": "0.538772000", - "frame.time_delta_displayed": "0.538772000", - "frame.time_relative": "1268.221739000", - "frame.number": "4562", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x00002104", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e710", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "51761", - "udp.dstport": "1900", - "udp.port": "51761", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x0000802c", - "udp.checksum.status": "2", - "udp.stream": "106" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "4", - "http.prev_request_in": "4553" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:40.091049000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494860.091049000", - "frame.time_delta": "0.408624000", - "frame.time_delta_displayed": "0.408624000", - "frame.time_relative": "1268.630363000", - "frame.number": "4563", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000eff2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000c758", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "51761", - "udp.port": "1900", - "udp.port": "51761", - "udp.length": "305", - "udp.checksum": "0x0000fae9", - "udp.checksum.status": "2", - "udp.stream": "107" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "10", - "http.prev_response_in": "4561" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:40.143891000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494860.143891000", - "frame.time_delta": "0.052842000", - "frame.time_delta_displayed": "0.052842000", - "frame.time_relative": "1268.683205000", - "frame.number": "4564", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000eff7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000c74a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "51761", - "udp.port": "1900", - "udp.port": "51761", - "udp.length": "314", - "udp.checksum": "0x000008d5", - "udp.checksum.status": "2", - "udp.stream": "107" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "11", - "http.prev_response_in": "4563" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:40.196600000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494860.196600000", - "frame.time_delta": "0.052709000", - "frame.time_delta_displayed": "0.052709000", - "frame.time_relative": "1268.735914000", - "frame.number": "4565", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000effb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000c74c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "51761", - "udp.port": "1900", - "udp.port": "51761", - "udp.length": "308", - "udp.checksum": "0x00002c5f", - "udp.checksum.status": "2", - "udp.stream": "107" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "12", - "http.prev_response_in": "4564" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:40.205062000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494860.205062000", - "frame.time_delta": "0.008462000", - "frame.time_delta_displayed": "0.008462000", - "frame.time_relative": "1268.744376000", - "frame.number": "4566", - "frame.len": "92", - "frame.cap_len": "92", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "78", - "ip.id": "0x00000b69", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ed4d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "58", - "udp.checksum": "0x00005c3b", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "32:00:00:54:42:52:4b:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:00:04:97:19:b4:93:cd:f2:14:0d:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:24:12", - "data.len": "50" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:40.401531000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494860.401531000", - "frame.time_delta": "0.196469000", - "frame.time_delta_displayed": "0.196469000", - "frame.time_relative": "1268.940845000", - "frame.number": "4567", - "frame.len": "1323", - "frame.cap_len": "1323", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1309", - "ip.id": "0x00009621", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007275", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "1257", - "tcp.seq": "59716", - "tcp.nxtseq": "60973", - "tcp.ack": "12989", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00003019", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:a0:9e:a7:9f:d0:ec", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2531486, TSecr 2812268780": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2531486", - "tcp.options.timestamp.tsecr": "2812268780" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "1257", - "tcp.analysis.push_bytes_sent": "1257" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "1252", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:d6:a0:66:cc:5e:f1:ec:72:67:cf:e4:f0:0c:ab:19:bc:2a:79:97:06:80:1c:46:7b:b8:93:fb:ce:3c:45:e3:c8:e3:a5:b8:5d:0a:93:46:3a:45:0e:de:ea:e5:95:25:e4:58:25:40:8b:8e:7b:f9:b3:c6:90:a4:d4:95:1a:dd:9b:d0:1a:f4:87:b3:94:16:f6:3b:86:a0:1c:08:d4:7f:fc:b4:70:1c:b2:9e:11:5d:c1:ff:cf:f0:31:61:c1:08:f2:e3:c8:3f:95:02:aa:4f:92:7d:f5:6f:c3:dc:a7:b7:a5:8f:e6:3d:76:09:93:19:b5:5a:99:a1:13:6f:b4:cf:5e:8e:40:13:cf:69:82:5f:85:cf:a1:8f:39:2a:80:76:f3:6d:cc:02:4a:b5:11:8f:6a:42:ec:a7:5b:42:59:14:27:86:63:e4:7b:eb:8f:ee:f7:97:19:d0:1e:21:b6:98:87:dd:be:29:ef:dd:7b:13:6d:27:fc:ec:9f:56:36:2d:2d:83:4c:4e:ec:ef:24:86:6c:99:ea:b1:b7:b6:f7:f0:a9:35:fc:cf:7b:0c:71:21:fa:64:a1:74:8d:5c:35:68:cd:59:bc:1e:0a:e5:3a:67:f4:a2:cd:63:34:ef:ab:d9:f2:78:65:10:e7:2d:12:1d:a2:78:ba:33:52:7f:db:f9:6f:41:5c:15:58:1b:6e:a3:08:f6:db:58:b7:2d:76:91:1d:ae:a7:83:0f:f1:02:b6:68:60:91:99:28:1c:d6:fd:0d:f3:d2:9a:e2:7c:00:dc:f5:43:ec:07:e6:5f:14:a6:7f:f9:7e:f6:15:f7:38:d2:05:53:a1:8c:83:34:24:4e:a3:3c:dd:2b:e5:e3:3f:97:27:bc:e2:8e:52:30:2f:29:5c:62:df:62:a1:03:05:e7:ea:6d:bc:b6:f2:af:80:5e:5e:59:a3:76:96:1b:26:1e:9f:fd:52:20:62:d6:bf:8c:e0:d5:21:b7:81:95:af:82:75:70:dd:5e:4e:b7:03:bb:05:13:38:fc:cb:37:4d:42:38:e6:a7:47:9b:67:87:96:e8:ae:c0:fe:d6:a1:8d:fd:46:b8:4c:ed:0e:91:2e:c7:5d:69:fa:00:10:d2:21:42:ce:03:4b:ec:4c:3f:b5:93:33:bb:59:c0:76:0d:c1:47:11:14:e3:f9:c5:31:9e:f4:13:09:51:05:2d:57:56:da:96:f6:72:c1:82:34:30:51:88:df:39:13:55:b6:14:32:2f:0f:d6:52:a1:10:4d:ff:be:be:6d:0c:2b:fe:ed:f5:00:d5:7f:10:d1:c3:ff:14:26:47:fe:00:b4:67:50:89:58:04:9c:40:54:c6:01:6f:ce:b0:03:a1:83:96:cc:3d:3e:e3:37:ee:e4:30:69:41:c2:89:ad:20:84:14:47:3d:61:47:83:9c:15:2a:c8:76:0d:c4:bc:ba:4c:aa:1c:41:5a:66:51:b2:38:cc:10:50:68:2a:05:f1:47:96:0c:35:ab:db:63:9e:0d:1b:03:d2:43:16:38:98:1f:66:c1:be:aa:5c:fd:34:03:14:1f:b6:82:17:e1:d1:04:fe:3c:aa:4f:4e:50:d3:70:da:e4:90:72:f0:70:50:38:9f:51:52:a2:ee:02:39:e8:3c:4c:79:e6:7c:ea:2a:61:3b:e6:01:2d:af:95:78:4a:2a:f6:22:04:b4:84:e6:60:d5:e6:b9:c6:4d:79:8a:08:fb:02:9c:80:af:2c:37:f9:5f:55:dc:e8:95:a8:7d:56:54:9e:18:41:91:5f:cf:95:d6:2f:dd:c1:57:c3:56:b0:b0:8e:7b:46:8c:99:fc:9d:fa:08:e6:0a:43:5a:22:23:79:cb:c6:80:61:05:ad:1a:20:e9:31:6c:38:87:89:99:83:1e:8b:b7:e5:93:2d:02:19:64:84:7d:74:0c:c9:3e:36:40:e8:bb:54:5e:96:d2:8d:f0:09:7b:d1:91:4a:96:a0:34:b2:bc:17:22:e9:af:71:61:bc:96:75:5c:85:be:90:b6:8d:82:07:bc:c0:93:16:e9:1c:da:0f:a3:ee:75:89:2d:c6:20:6a:6e:10:48:0a:e6:c5:45:6a:b4:24:73:8b:4d:71:fa:76:5c:25:65:eb:a8:29:59:78:ef:9f:72:bc:e0:d5:fa:9b:54:31:57:55:5d:4b:26:4d:68:6f:e9:9c:e5:49:c6:41:eb:4b:85:bb:8b:07:1b:9d:00:04:65:5c:3a:04:6f:a1:a1:2e:63:25:ba:dc:ce:aa:22:d4:13:50:bf:eb:77:cc:47:ca:8d:23:65:ab:e7:03:61:11:10:d1:4c:7d:48:35:aa:8e:6e:6a:e0:eb:fa:b7:6c:16:8f:2e:b5:75:54:46:a5:ba:1d:4f:ee:9b:f3:85:f4:50:77:1f:55:54:ce:9c:b4:cd:3f:fe:a4:74:c7:4b:da:09:6d:97:c3:b9:b8:c2:4f:91:2c:77:13:f6:5b:91:5d:1b:0f:0a:54:79:57:7a:6b:5b:5e:fc:c9:a7:1f:d4:14:42:d6:fd:fb:0d:31:41:d2:98:17:80:48:bc:34:c7:a4:00:aa:77:e2:d5:8e:02:df:71:b7:e8:51:ec:71:6a:cf:3b:cc:f5:b6:68:e0:2b:7c:cc:b5:89:72:a3:fb:4c:38:f2:84:ad:f2:5a:79:ff:49:e3:b8:a6:3b:f0:69:5d:42:a1:42:49:9c:5a:2b:5d:89:a1:55:1b:29:a0:4f:1e:64:98:0b:d3:ee:81:54:66:a6:8a:5d:93:a2:54:0e:b4:31:c1:81:33:36:40:ec:fc:bd:99:42:9e:26:0e:27:93:d2:7f:b1:a0:24:0c:c4:cc:57:04:a3:d6:50:ae:79:6c:8b:47:22:9e:5d:d2:1e:86:a1:22:6a:f7:cf:0a:a0:61:37:a6:aa:35:c1:8a:e5:cc:2a:9f:46:40:be:9d:0d:1a:93:5b:c6:89:69:ab:44:c0:6e:0c:05:c5:85:3f:ca:b1:d3:39:1f:9d:4c:16:48:2a:27:8d:0e:d6:7c:d3:11:0e:ba:ec:2b:dc:17:f1:68:dc:d6:0d:0d:16:20:32:03:a0:47:d2:ee:e2:42:59:f6:53:d7:c0:ec:6b:e8:8c:cf:14:e6:89:8e:71:b1:34:a8:a4:ed:b4:91:16:32:a0:b4:a6:aa:7e:85:14:2b:f7:41:d8:d6:29:ef:87:9b:fe:c3:50:24:09:5e:22:af:ab:7a:70:fc:7b:1e:e0:40:ec:31:d5:1b:7e:16:4f:ba:69:cf:b0:57:2e:3e:61:8a:b9:e3:fd:e3:88:c4:3d" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:40.407118000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494860.407118000", - "frame.time_delta": "0.005587000", - "frame.time_delta_displayed": "0.005587000", - "frame.time_relative": "1268.946432000", - "frame.number": "4568", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000f009", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000c741", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "51761", - "udp.port": "1900", - "udp.port": "51761", - "udp.length": "305", - "udp.checksum": "0x0000fae9", - "udp.checksum.status": "2", - "udp.stream": "107" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "13", - "http.prev_response_in": "4565" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:40.459529000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494860.459529000", - "frame.time_delta": "0.052411000", - "frame.time_delta_displayed": "0.052411000", - "frame.time_relative": "1268.998843000", - "frame.number": "4569", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000f00b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000c736", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "51761", - "udp.port": "1900", - "udp.port": "51761", - "udp.length": "314", - "udp.checksum": "0x000008d5", - "udp.checksum.status": "2", - "udp.stream": "107" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "14", - "http.prev_response_in": "4568" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:40.498272000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494860.498272000", - "frame.time_delta": "0.038743000", - "frame.time_delta_displayed": "0.038743000", - "frame.time_relative": "1269.037586000", - "frame.number": "4570", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d21", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000385e", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "12989", - "tcp.ack": "60973", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00001461", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9f:d2:a1:00:26:a0:9e", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812269217, TSecr 2531486": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812269217", - "tcp.options.timestamp.tsecr": "2531486" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4567", - "tcp.analysis.ack_rtt": "0.096741000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:40.512275000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494860.512275000", - "frame.time_delta": "0.014003000", - "frame.time_delta_displayed": "0.014003000", - "frame.time_relative": "1269.051589000", - "frame.number": "4571", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000f011", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000c736", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "51761", - "udp.port": "1900", - "udp.port": "51761", - "udp.length": "308", - "udp.checksum": "0x00002c5f", - "udp.checksum.status": "2", - "udp.stream": "107" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "15", - "http.prev_response_in": "4569" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:41.459014000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494861.459014000", - "frame.time_delta": "0.946739000", - "frame.time_delta_displayed": "0.946739000", - "frame.time_relative": "1269.998328000", - "frame.number": "4572", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000f064", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000c6e6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "51761", - "udp.port": "1900", - "udp.port": "51761", - "udp.length": "305", - "udp.checksum": "0x0000fae9", - "udp.checksum.status": "2", - "udp.stream": "107" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "16", - "http.prev_response_in": "4571" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:41.511834000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494861.511834000", - "frame.time_delta": "0.052820000", - "frame.time_delta_displayed": "0.052820000", - "frame.time_relative": "1270.051148000", - "frame.number": "4573", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000f068", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000c6d9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "51761", - "udp.port": "1900", - "udp.port": "51761", - "udp.length": "314", - "udp.checksum": "0x000008d5", - "udp.checksum.status": "2", - "udp.stream": "107" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "17", - "http.prev_response_in": "4572" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:41.564636000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494861.564636000", - "frame.time_delta": "0.052802000", - "frame.time_delta_displayed": "0.052802000", - "frame.time_relative": "1270.103950000", - "frame.number": "4574", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000f069", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000c6de", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "51761", - "udp.port": "1900", - "udp.port": "51761", - "udp.length": "308", - "udp.checksum": "0x00002c5f", - "udp.checksum.status": "2", - "udp.stream": "107" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "18", - "http.prev_response_in": "4573" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:42.143734000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494862.143734000", - "frame.time_delta": "0.579098000", - "frame.time_delta_displayed": "0.579098000", - "frame.time_relative": "1270.683048000", - "frame.number": "4575", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000f07a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000c6d0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "51761", - "udp.port": "1900", - "udp.port": "51761", - "udp.length": "305", - "udp.checksum": "0x0000fae9", - "udp.checksum.status": "2", - "udp.stream": "107" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "19", - "http.prev_response_in": "4574" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:42.196519000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494862.196519000", - "frame.time_delta": "0.052785000", - "frame.time_delta_displayed": "0.052785000", - "frame.time_relative": "1270.735833000", - "frame.number": "4576", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000f07d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000c6c4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "51761", - "udp.port": "1900", - "udp.port": "51761", - "udp.length": "314", - "udp.checksum": "0x000008d5", - "udp.checksum.status": "2", - "udp.stream": "107" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "20", - "http.prev_response_in": "4575" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:42.249395000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494862.249395000", - "frame.time_delta": "0.052876000", - "frame.time_delta_displayed": "0.052876000", - "frame.time_relative": "1270.788709000", - "frame.number": "4577", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000f07f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000c6c8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "51761", - "udp.port": "1900", - "udp.port": "51761", - "udp.length": "308", - "udp.checksum": "0x00002c5f", - "udp.checksum.status": "2", - "udp.stream": "107" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "21", - "http.prev_response_in": "4576" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:43.196068000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494863.196068000", - "frame.time_delta": "0.946673000", - "frame.time_delta_displayed": "0.946673000", - "frame.time_relative": "1271.735382000", - "frame.number": "4578", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000f0aa", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000c6a0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "51761", - "udp.port": "1900", - "udp.port": "51761", - "udp.length": "305", - "udp.checksum": "0x0000fae9", - "udp.checksum.status": "2", - "udp.stream": "107" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "22", - "http.prev_response_in": "4577" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:43.248808000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494863.248808000", - "frame.time_delta": "0.052740000", - "frame.time_delta_displayed": "0.052740000", - "frame.time_relative": "1271.788122000", - "frame.number": "4579", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000f0ac", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000c695", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "51761", - "udp.port": "1900", - "udp.port": "51761", - "udp.length": "314", - "udp.checksum": "0x000008d5", - "udp.checksum.status": "2", - "udp.stream": "107" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "23", - "http.prev_response_in": "4578" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:43.301612000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494863.301612000", - "frame.time_delta": "0.052804000", - "frame.time_delta_displayed": "0.052804000", - "frame.time_relative": "1271.840926000", - "frame.number": "4580", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000f0ae", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000c699", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "51761", - "udp.port": "1900", - "udp.port": "51761", - "udp.length": "308", - "udp.checksum": "0x00002c5f", - "udp.checksum.status": "2", - "udp.stream": "107" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "24", - "http.prev_response_in": "4579" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:45.059535000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494865.059535000", - "frame.time_delta": "1.757923000", - "frame.time_delta_displayed": "1.757923000", - "frame.time_relative": "1273.598849000", - "frame.number": "4581", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000580a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a687", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "4917", - "tcp.ack": "469", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f1b6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive": "", - "_ws.expert.message": "TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:45.203053000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494865.203053000", - "frame.time_delta": "0.143518000", - "frame.time_delta_displayed": "0.143518000", - "frame.time_relative": "1273.742367000", - "frame.number": "4582", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000ff3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fd9e", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "469", - "tcp.ack": "4918", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000fc2b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive_ack": "", - "_ws.expert.message": "ACK to a TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:47.406841000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494867.406841000", - "frame.time_delta": "2.203788000", - "frame.time_delta_displayed": "2.203788000", - "frame.time_relative": "1275.946155000", - "frame.number": "4583", - "frame.len": "62", - "frame.cap_len": "62", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_02", - "eth.addr": "33:33:00:00:00:02", - "eth.addr_resolved": "IPv6mcast_02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "8", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "::", - "ipv6.addr": "::", - "ipv6.src_host": "::", - "ipv6.host": "::", - "ipv6.dst": "ff02::2", - "ipv6.addr": "ff02::2", - "ipv6.dst_host": "ff02::2", - "ipv6.host": "ff02::2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "133", - "icmpv6.code": "0", - "icmpv6.checksum": "0x00007bb8", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:47.409234000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494867.409234000", - "frame.time_delta": "0.002393000", - "frame.time_delta_displayed": "0.002393000", - "frame.time_relative": "1275.948548000", - "frame.number": "4584", - "frame.len": "174", - "frame.cap_len": "174", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:01", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01", - "eth.addr": "33:33:00:00:00:01", - "eth.addr_resolved": "IPv6mcast_01", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00016898", - "ipv6.plen": "120", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "fe80::b2b9:8aff:fe73:698e", - "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.dst": "ff02::1", - "ipv6.addr": "ff02::1", - "ipv6.dst_host": "ff02::1", - "ipv6.host": "ff02::1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "134", - "icmpv6.code": "0", - "icmpv6.checksum": "0x00006442", - "icmpv6.checksum.status": "1", - "icmpv6.nd.ra.cur_hop_limit": "64", - "icmpv6.nd.ra.flag": "0x000000c0", - "icmpv6.nd.ra.flag_tree": { - "icmpv6.nd.ra.flag.m": "1", - "icmpv6.nd.ra.flag.o": "1", - "icmpv6.nd.ra.flag.h": "0", - "icmpv6.nd.ra.flag.prf": "0", - "icmpv6.nd.ra.flag.p": "0", - "icmpv6.nd.ra.flag.rsv": "0" - }, - "icmpv6.nd.ra.router_lifetime": "0", - "icmpv6.nd.ra.reachable_time": "0", - "icmpv6.nd.ra.retrans_timer": "0", - "icmpv6.opt": { - "icmpv6.opt.type": "1", - "icmpv6.opt.length": "1", - "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", - "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "5", - "icmpv6.opt.length": "1", - "icmpv6.opt.reserved": "", - "icmpv6.opt.mtu": "1500" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "3", - "icmpv6.opt.length": "4", - "icmpv6.opt.prefix.length": "64", - "icmpv6.opt.prefix.flag": "0x000000c0", - "icmpv6.opt.prefix.flag_tree": { - "icmpv6.opt.prefix.flag.l": "1", - "icmpv6.opt.prefix.flag.a": "1", - "icmpv6.opt.prefix.flag.r": "0", - "icmpv6.opt.prefix.flag.reserved": "0" - }, - "icmpv6.opt.prefix.valid_lifetime": "4294967295", - "icmpv6.opt.prefix.preferred_lifetime": "4294967295", - "icmpv6.opt.reserved": "", - "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "24", - "icmpv6.opt.length": "3", - "icmpv6.opt.prefix.length": "48", - "icmpv6.opt.route_info.flag": "0x00000000", - "icmpv6.opt.route_info.flag_tree": { - "icmpv6.opt.route_info.flag.route_preference": "0", - "icmpv6.opt.route_info.flag.reserved": "0" - }, - "icmpv6.opt.route_lifetime": "4294967295", - "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "25", - "icmpv6.opt.length": "3", - "icmpv6.opt.reserved": "", - "icmpv6.opt.rdnss.lifetime": "6000", - "icmpv6.opt.rdnss": "fd1e:4e89:3b7b::1" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "7", - "icmpv6.opt.length": "1", - "icmpv6.opt.reserved": "", - "icmpv6.opt.advertisement_interval": "600000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:47.413880000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494867.413880000", - "frame.time_delta": "0.004646000", - "frame.time_delta_displayed": "0.004646000", - "frame.time_relative": "1275.953194000", - "frame.number": "4585", - "frame.len": "150", - "frame.cap_len": "150", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "96", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000b490", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "4", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::fb" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:47.463887000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494867.463887000", - "frame.time_delta": "0.050007000", - "frame.time_delta_displayed": "0.050007000", - "frame.time_relative": "1276.003201000", - "frame.number": "4586", - "frame.len": "150", - "frame.cap_len": "150", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "96", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000b590", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "4", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::fb" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:47.483287000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494867.483287000", - "frame.time_delta": "0.019400000", - "frame.time_delta_displayed": "0.019400000", - "frame.time_relative": "1276.022601000", - "frame.number": "4587", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" - }, - "eth": { - "eth.dst": "33:33:00:01:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:02", - "eth.addr": "33:33:00:01:00:02", - "eth.addr_resolved": "IPv6mcast_01:00:02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "66", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::1:2", - "ipv6.addr": "ff02::1:2", - "ipv6.dst_host": "ff02::1:2", - "ipv6.host": "ff02::1:2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "546", - "udp.dstport": "547", - "udp.port": "546", - "udp.port": "547", - "udp.length": "66", - "udp.checksum": "0x00005b08", - "udp.checksum.status": "2", - "udp.stream": "15" - }, - "dhcpv6": { - "dhcpv6.msgtype": "1", - "dhcpv6.xid": "0x0077c15d", - "Elapsed time": { - "dhcpv6.option.type": "8", - "dhcpv6.option.length": "2", - "dhcpv6.option.value": "00:00", - "dhcpv6.elapsed_time": "0" - }, - "Rapid Commit": { - "dhcpv6.option.type": "14", - "dhcpv6.option.length": "0" - }, - "Client Identifier": { - "dhcpv6.option.type": "1", - "dhcpv6.option.length": "14", - "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.type": "1", - "dhcpv6.duidllt.hwtype": "1", - "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", - "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" - }, - "Identity Association for Non-temporary Address": { - "dhcpv6.option.type": "3", - "dhcpv6.option.length": "12", - "dhcpv6.option.value": "30:bf:34:7e:00:00:00:00:00:00:00:00", - "dhcpv6.iaid": "30bf347e", - "dhcpv6.iaid.t1": "0", - "dhcpv6.iaid.t2": "0" - }, - "Option Request": { - "dhcpv6.option.type": "6", - "dhcpv6.option.length": "6", - "dhcpv6.option.value": "00:17:00:18:00:1f", - "dhcpv6.requested_option_code": "23", - "dhcpv6.requested_option_code": "24", - "dhcpv6.requested_option_code": "31" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:47.484368000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494867.484368000", - "frame.time_delta": "0.001081000", - "frame.time_delta_displayed": "0.001081000", - "frame.time_relative": "1276.023682000", - "frame.number": "4588", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:ff:bf:34:7e", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_ff:bf:34:7e", - "eth.addr": "33:33:ff:bf:34:7e", - "eth.addr_resolved": "IPv6mcast_ff:bf:34:7e", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "32", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "fe80::b2b9:8aff:fe73:698e", - "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.dst": "ff02::1:ffbf:347e", - "ipv6.addr": "ff02::1:ffbf:347e", - "ipv6.dst_host": "ff02::1:ffbf:347e", - "ipv6.host": "ff02::1:ffbf:347e", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "135", - "icmpv6.code": "0", - "icmpv6.checksum": "0x00007df7", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00:00:00", - "icmpv6.nd.ns.target_address": "fe80::1ab4:30ff:febf:347e", - "icmpv6.opt": { - "icmpv6.opt.type": "1", - "icmpv6.opt.length": "1", - "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", - "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:47.642691000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494867.642691000", - "frame.time_delta": "0.158323000", - "frame.time_delta_displayed": "0.158323000", - "frame.time_relative": "1276.182005000", - "frame.number": "4589", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001f24", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b8cc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000137a", - "udp.checksum.status": "2", - "udp.stream": "98" - }, - "mdns": { - "dns.id": "0x0000027c", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=636", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:47.643047000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494867.643047000", - "frame.time_delta": "0.000356000", - "frame.time_delta_displayed": "0.000356000", - "frame.time_relative": "1276.182361000", - "frame.number": "4590", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001f25", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000099c7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f475", - "udp.checksum.status": "2", - "udp.stream": "99" - }, - "mdns": { - "dns.id": "0x0000027c", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=636", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:47.645295000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494867.645295000", - "frame.time_delta": "0.002248000", - "frame.time_delta_displayed": "0.002248000", - "frame.time_relative": "1276.184609000", - "frame.number": "4591", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1322", - "udp.dstport": "5353", - "udp.port": "1322", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000823b", - "udp.checksum.status": "2", - "udp.stream": "100" - }, - "mdns": { - "dns.id": "0x0000027c", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=636", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:47.683949000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494867.683949000", - "frame.time_delta": "0.038654000", - "frame.time_delta_displayed": "0.038654000", - "frame.time_relative": "1276.223263000", - "frame.number": "4592", - "frame.len": "158", - "frame.cap_len": "158", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" - }, - "eth": { - "eth.dst": "33:33:00:01:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:02", - "eth.addr": "33:33:00:01:00:02", - "eth.addr_resolved": "IPv6mcast_01:00:02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "104", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::1:2", - "ipv6.addr": "ff02::1:2", - "ipv6.dst_host": "ff02::1:2", - "ipv6.host": "ff02::1:2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "546", - "udp.dstport": "547", - "udp.port": "546", - "udp.port": "547", - "udp.length": "104", - "udp.checksum": "0x00003356", - "udp.checksum.status": "2", - "udp.stream": "15" - }, - "dhcpv6": { - "dhcpv6.msgtype": "3", - "dhcpv6.xid": "0x0036de88", - "Elapsed time": { - "dhcpv6.option.type": "8", - "dhcpv6.option.length": "2", - "dhcpv6.option.value": "00:00", - "dhcpv6.elapsed_time": "0" - }, - "Server Identifier": { - "dhcpv6.option.type": "2", - "dhcpv6.option.length": "10", - "dhcpv6.option.value": "00:03:00:01:b0:b9:8a:73:69:8e", - "dhcpv6.duid.bytes": "00:03:00:01:b0:b9:8a:73:69:8e", - "dhcpv6.duid.type": "3", - "dhcpv6.duidll.hwtype": "1", - "dhcpv6.duidll.link_layer_addr": "b0:b9:8a:73:69:8e" - }, - "Client Identifier": { - "dhcpv6.option.type": "1", - "dhcpv6.option.length": "14", - "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.type": "1", - "dhcpv6.duidllt.hwtype": "1", - "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", - "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" - }, - "Identity Association for Non-temporary Address": { - "dhcpv6.option.type": "3", - "dhcpv6.option.length": "40", - "dhcpv6.option.value": "30:bf:34:7e:00:00:54:60:00:00:87:00:00:05:00:18:fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", - "dhcpv6.iaid": "30bf347e", - "dhcpv6.iaid.t1": "21600", - "dhcpv6.iaid.t2": "34560", - "IA Address": { - "dhcpv6.option.type": "5", - "dhcpv6.option.length": "24", - "dhcpv6.option.value": "fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", - "dhcpv6.iaaddr.ip": "fd1e:4e89:3b7b::101", - "dhcpv6.iaaddr.pref_lifetime": "0", - "dhcpv6.iaaddr.valid_lifetime": "0" - } - }, - "Option Request": { - "dhcpv6.option.type": "6", - "dhcpv6.option.length": "6", - "dhcpv6.option.value": "00:17:00:18:00:1f", - "dhcpv6.requested_option_code": "23", - "dhcpv6.requested_option_code": "24", - "dhcpv6.requested_option_code": "31" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:47.704160000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494867.704160000", - "frame.time_delta": "0.020211000", - "frame.time_delta_displayed": "0.020211000", - "frame.time_relative": "1276.243474000", - "frame.number": "4593", - "frame.len": "78", - "frame.cap_len": "78", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:ff:00:01:01", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_ff:00:01:01", - "eth.addr": "33:33:ff:00:01:01", - "eth.addr_resolved": "IPv6mcast_ff:00:01:01", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "24", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "::", - "ipv6.addr": "::", - "ipv6.src_host": "::", - "ipv6.host": "::", - "ipv6.dst": "ff02::1:ff00:101", - "ipv6.addr": "ff02::1:ff00:101", - "ipv6.dst_host": "ff02::1:ff00:101", - "ipv6.host": "ff02::1:ff00:101", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "135", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000f182", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00:00:00", - "icmpv6.nd.ns.target_address": "fd1e:4e89:3b7b::101" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:47.721372000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494867.721372000", - "frame.time_delta": "0.017212000", - "frame.time_delta_displayed": "0.017212000", - "frame.time_relative": "1276.260686000", - "frame.number": "4594", - "frame.len": "110", - "frame.cap_len": "110", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "56", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000effa", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "2", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:48.725506000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494868.725506000", - "frame.time_delta": "1.004134000", - "frame.time_delta_displayed": "1.004134000", - "frame.time_relative": "1277.264820000", - "frame.number": "4595", - "frame.len": "62", - "frame.cap_len": "62", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_02", - "eth.addr": "33:33:00:00:00:02", - "eth.addr_resolved": "IPv6mcast_02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "8", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "::", - "ipv6.addr": "::", - "ipv6.src_host": "::", - "ipv6.host": "::", - "ipv6.dst": "ff02::2", - "ipv6.addr": "ff02::2", - "ipv6.dst_host": "ff02::2", - "ipv6.host": "ff02::2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "133", - "icmpv6.code": "0", - "icmpv6.checksum": "0x00007bb8", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:48.727880000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494868.727880000", - "frame.time_delta": "0.002374000", - "frame.time_delta_displayed": "0.002374000", - "frame.time_relative": "1277.267194000", - "frame.number": "4596", - "frame.len": "174", - "frame.cap_len": "174", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:01", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01", - "eth.addr": "33:33:00:00:00:01", - "eth.addr_resolved": "IPv6mcast_01", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00016898", - "ipv6.plen": "120", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "fe80::b2b9:8aff:fe73:698e", - "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.dst": "ff02::1", - "ipv6.addr": "ff02::1", - "ipv6.dst_host": "ff02::1", - "ipv6.host": "ff02::1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "134", - "icmpv6.code": "0", - "icmpv6.checksum": "0x00006442", - "icmpv6.checksum.status": "1", - "icmpv6.nd.ra.cur_hop_limit": "64", - "icmpv6.nd.ra.flag": "0x000000c0", - "icmpv6.nd.ra.flag_tree": { - "icmpv6.nd.ra.flag.m": "1", - "icmpv6.nd.ra.flag.o": "1", - "icmpv6.nd.ra.flag.h": "0", - "icmpv6.nd.ra.flag.prf": "0", - "icmpv6.nd.ra.flag.p": "0", - "icmpv6.nd.ra.flag.rsv": "0" - }, - "icmpv6.nd.ra.router_lifetime": "0", - "icmpv6.nd.ra.reachable_time": "0", - "icmpv6.nd.ra.retrans_timer": "0", - "icmpv6.opt": { - "icmpv6.opt.type": "1", - "icmpv6.opt.length": "1", - "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", - "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "5", - "icmpv6.opt.length": "1", - "icmpv6.opt.reserved": "", - "icmpv6.opt.mtu": "1500" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "3", - "icmpv6.opt.length": "4", - "icmpv6.opt.prefix.length": "64", - "icmpv6.opt.prefix.flag": "0x000000c0", - "icmpv6.opt.prefix.flag_tree": { - "icmpv6.opt.prefix.flag.l": "1", - "icmpv6.opt.prefix.flag.a": "1", - "icmpv6.opt.prefix.flag.r": "0", - "icmpv6.opt.prefix.flag.reserved": "0" - }, - "icmpv6.opt.prefix.valid_lifetime": "4294967295", - "icmpv6.opt.prefix.preferred_lifetime": "4294967295", - "icmpv6.opt.reserved": "", - "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "24", - "icmpv6.opt.length": "3", - "icmpv6.opt.prefix.length": "48", - "icmpv6.opt.route_info.flag": "0x00000000", - "icmpv6.opt.route_info.flag_tree": { - "icmpv6.opt.route_info.flag.route_preference": "0", - "icmpv6.opt.route_info.flag.reserved": "0" - }, - "icmpv6.opt.route_lifetime": "4294967295", - "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "25", - "icmpv6.opt.length": "3", - "icmpv6.opt.reserved": "", - "icmpv6.opt.rdnss.lifetime": "6000", - "icmpv6.opt.rdnss": "fd1e:4e89:3b7b::1" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "7", - "icmpv6.opt.length": "1", - "icmpv6.opt.reserved": "", - "icmpv6.opt.advertisement_interval": "600000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:48.731568000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494868.731568000", - "frame.time_delta": "0.003688000", - "frame.time_delta_displayed": "0.003688000", - "frame.time_relative": "1277.270882000", - "frame.number": "4597", - "frame.len": "150", - "frame.cap_len": "150", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "96", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000b490", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "4", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::fb" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:48.775903000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494868.775903000", - "frame.time_delta": "0.044335000", - "frame.time_delta_displayed": "0.044335000", - "frame.time_relative": "1277.315217000", - "frame.number": "4598", - "frame.len": "150", - "frame.cap_len": "150", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "96", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000b490", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "4", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::fb" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:48.902265000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494868.902265000", - "frame.time_delta": "0.126362000", - "frame.time_delta_displayed": "0.126362000", - "frame.time_relative": "1277.441579000", - "frame.number": "4599", - "frame.len": "90", - "frame.cap_len": "90", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "36", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000f315", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "1", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:49.410737000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494869.410737000", - "frame.time_delta": "0.508472000", - "frame.time_delta_displayed": "0.508472000", - "frame.time_relative": "1277.950051000", - "frame.number": "4600", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" - }, - "eth": { - "eth.dst": "33:33:00:01:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:02", - "eth.addr": "33:33:00:01:00:02", - "eth.addr_resolved": "IPv6mcast_01:00:02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "66", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::1:2", - "ipv6.addr": "ff02::1:2", - "ipv6.dst_host": "ff02::1:2", - "ipv6.host": "ff02::1:2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "546", - "udp.dstport": "547", - "udp.port": "546", - "udp.port": "547", - "udp.length": "66", - "udp.checksum": "0x000052c3", - "udp.checksum.status": "2", - "udp.stream": "15" - }, - "dhcpv6": { - "dhcpv6.msgtype": "1", - "dhcpv6.xid": "0x00d1c948", - "Elapsed time": { - "dhcpv6.option.type": "8", - "dhcpv6.option.length": "2", - "dhcpv6.option.value": "00:00", - "dhcpv6.elapsed_time": "0" - }, - "Rapid Commit": { - "dhcpv6.option.type": "14", - "dhcpv6.option.length": "0" - }, - "Client Identifier": { - "dhcpv6.option.type": "1", - "dhcpv6.option.length": "14", - "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.type": "1", - "dhcpv6.duidllt.hwtype": "1", - "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", - "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" - }, - "Identity Association for Non-temporary Address": { - "dhcpv6.option.type": "3", - "dhcpv6.option.length": "12", - "dhcpv6.option.value": "30:bf:34:7e:00:00:00:00:00:00:00:00", - "dhcpv6.iaid": "30bf347e", - "dhcpv6.iaid.t1": "0", - "dhcpv6.iaid.t2": "0" - }, - "Option Request": { - "dhcpv6.option.type": "6", - "dhcpv6.option.length": "6", - "dhcpv6.option.value": "00:17:00:18:00:1f", - "dhcpv6.requested_option_code": "23", - "dhcpv6.requested_option_code": "24", - "dhcpv6.requested_option_code": "31" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:49.428319000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494869.428319000", - "frame.time_delta": "0.017582000", - "frame.time_delta_displayed": "0.017582000", - "frame.time_relative": "1277.967633000", - "frame.number": "4601", - "frame.len": "158", - "frame.cap_len": "158", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" - }, - "eth": { - "eth.dst": "33:33:00:01:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:02", - "eth.addr": "33:33:00:01:00:02", - "eth.addr_resolved": "IPv6mcast_01:00:02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "104", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::1:2", - "ipv6.addr": "ff02::1:2", - "ipv6.dst_host": "ff02::1:2", - "ipv6.host": "ff02::1:2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "546", - "udp.dstport": "547", - "udp.port": "546", - "udp.port": "547", - "udp.length": "104", - "udp.checksum": "0x00009bd5", - "udp.checksum.status": "2", - "udp.stream": "15" - }, - "dhcpv6": { - "dhcpv6.msgtype": "3", - "dhcpv6.xid": "0x008775b8", - "Elapsed time": { - "dhcpv6.option.type": "8", - "dhcpv6.option.length": "2", - "dhcpv6.option.value": "00:00", - "dhcpv6.elapsed_time": "0" - }, - "Server Identifier": { - "dhcpv6.option.type": "2", - "dhcpv6.option.length": "10", - "dhcpv6.option.value": "00:03:00:01:b0:b9:8a:73:69:8e", - "dhcpv6.duid.bytes": "00:03:00:01:b0:b9:8a:73:69:8e", - "dhcpv6.duid.type": "3", - "dhcpv6.duidll.hwtype": "1", - "dhcpv6.duidll.link_layer_addr": "b0:b9:8a:73:69:8e" - }, - "Client Identifier": { - "dhcpv6.option.type": "1", - "dhcpv6.option.length": "14", - "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.type": "1", - "dhcpv6.duidllt.hwtype": "1", - "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", - "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" - }, - "Identity Association for Non-temporary Address": { - "dhcpv6.option.type": "3", - "dhcpv6.option.length": "40", - "dhcpv6.option.value": "30:bf:34:7e:00:00:54:60:00:00:87:00:00:05:00:18:fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", - "dhcpv6.iaid": "30bf347e", - "dhcpv6.iaid.t1": "21600", - "dhcpv6.iaid.t2": "34560", - "IA Address": { - "dhcpv6.option.type": "5", - "dhcpv6.option.length": "24", - "dhcpv6.option.value": "fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", - "dhcpv6.iaaddr.ip": "fd1e:4e89:3b7b::101", - "dhcpv6.iaaddr.pref_lifetime": "0", - "dhcpv6.iaaddr.valid_lifetime": "0" - } - }, - "Option Request": { - "dhcpv6.option.type": "6", - "dhcpv6.option.length": "6", - "dhcpv6.option.value": "00:17:00:18:00:1f", - "dhcpv6.requested_option_code": "23", - "dhcpv6.requested_option_code": "24", - "dhcpv6.requested_option_code": "31" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:49.475642000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494869.475642000", - "frame.time_delta": "0.047323000", - "frame.time_delta_displayed": "0.047323000", - "frame.time_relative": "1278.014956000", - "frame.number": "4602", - "frame.len": "78", - "frame.cap_len": "78", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:ff:00:01:01", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_ff:00:01:01", - "eth.addr": "33:33:ff:00:01:01", - "eth.addr_resolved": "IPv6mcast_ff:00:01:01", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "24", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "::", - "ipv6.addr": "::", - "ipv6.src_host": "::", - "ipv6.host": "::", - "ipv6.dst": "ff02::1:ff00:101", - "ipv6.addr": "ff02::1:ff00:101", - "ipv6.dst_host": "ff02::1:ff00:101", - "ipv6.host": "ff02::1:ff00:101", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "135", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000f182", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00:00:00", - "icmpv6.nd.ns.target_address": "fd1e:4e89:3b7b::101" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:49.490768000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494869.490768000", - "frame.time_delta": "0.015126000", - "frame.time_delta_displayed": "0.015126000", - "frame.time_relative": "1278.030082000", - "frame.number": "4603", - "frame.len": "110", - "frame.cap_len": "110", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "56", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000effa", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "2", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:50.069461000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494870.069461000", - "frame.time_delta": "0.578693000", - "frame.time_delta_displayed": "0.578693000", - "frame.time_relative": "1278.608775000", - "frame.number": "4604", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "00:17:88:69:ee:e4", - "arp.src.proto_ipv4": "192.168.0.160", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:50.069632000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494870.069632000", - "frame.time_delta": "0.000171000", - "frame.time_delta_displayed": "0.000171000", - "frame.time_relative": "1278.608946000", - "frame.number": "4605", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:17:88:69:ee:e4", - "arp.dst.proto_ipv4": "192.168.0.160" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:52.641879000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494872.641879000", - "frame.time_delta": "2.572247000", - "frame.time_delta_displayed": "2.572247000", - "frame.time_relative": "1281.181193000", - "frame.number": "4606", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001f26", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b8ca", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000137a", - "udp.checksum.status": "2", - "udp.stream": "98" - }, - "mdns": { - "dns.id": "0x0000027c", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=636", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:52.642494000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494872.642494000", - "frame.time_delta": "0.000615000", - "frame.time_delta_displayed": "0.000615000", - "frame.time_relative": "1281.181808000", - "frame.number": "4607", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001f27", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000099c5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f475", - "udp.checksum.status": "2", - "udp.stream": "99" - }, - "mdns": { - "dns.id": "0x0000027c", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=636", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:52.643032000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494872.643032000", - "frame.time_delta": "0.000538000", - "frame.time_delta_displayed": "0.000538000", - "frame.time_relative": "1281.182346000", - "frame.number": "4608", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1322", - "udp.dstport": "5353", - "udp.port": "1322", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000823b", - "udp.checksum.status": "2", - "udp.stream": "100" - }, - "mdns": { - "dns.id": "0x0000027c", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=636", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:55.162631000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494875.162631000", - "frame.time_delta": "2.519599000", - "frame.time_delta_displayed": "2.519599000", - "frame.time_relative": "1283.701945000", - "frame.number": "4609", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x0000e24b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000e70b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:55.215493000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494875.215493000", - "frame.time_delta": "0.052862000", - "frame.time_delta_displayed": "0.052862000", - "frame.time_relative": "1283.754807000", - "frame.number": "4610", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x0000e24f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000e707", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:55.268400000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494875.268400000", - "frame.time_delta": "0.052907000", - "frame.time_delta_displayed": "0.052907000", - "frame.time_relative": "1283.807714000", - "frame.number": "4611", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x0000e253", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000e6fa", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:55.321235000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494875.321235000", - "frame.time_delta": "0.052835000", - "frame.time_delta_displayed": "0.052835000", - "frame.time_relative": "1283.860549000", - "frame.number": "4612", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x0000e256", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000e6f7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:55.374109000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494875.374109000", - "frame.time_delta": "0.052874000", - "frame.time_delta_displayed": "0.052874000", - "frame.time_relative": "1283.913423000", - "frame.number": "4613", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x0000e257", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000e6fc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:55.426915000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494875.426915000", - "frame.time_delta": "0.052806000", - "frame.time_delta_displayed": "0.052806000", - "frame.time_relative": "1283.966229000", - "frame.number": "4614", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x0000e25a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000e6f9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:56.868288000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494876.868288000", - "frame.time_delta": "1.441373000", - "frame.time_delta_displayed": "1.441373000", - "frame.time_relative": "1285.407602000", - "frame.number": "4615", - "frame.len": "418", - "frame.cap_len": "418", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "404", - "ip.id": "0x00009622", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000075fd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "352", - "tcp.seq": "60973", - "tcp.nxtseq": "61325", - "tcp.ack": "12989", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00008c31", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:a7:0d:a7:9f:d2:a1", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2533133, TSecr 2812269217": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2533133", - "tcp.options.timestamp.tsecr": "2812269217" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "352", - "tcp.analysis.push_bytes_sent": "352" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "347", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:d7:ce:81:9e:f1:6c:fa:a4:52:b9:9f:14:47:b3:9d:e5:4c:f7:d5:b7:a0:bd:c8:76:8d:cd:42:51:c8:e3:3d:ec:46:81:53:c2:10:87:cf:2c:31:58:84:f7:bf:0f:54:a9:be:28:0a:d2:6d:fc:15:1a:55:ba:26:09:3a:1d:7d:49:34:44:ed:e2:0a:68:b2:c0:de:9e:83:78:f9:12:26:3d:09:27:58:80:c2:8f:70:4f:a7:c2:18:cf:f8:37:a0:a4:2b:3c:94:de:ae:92:7c:7d:7e:7f:46:a1:25:d2:88:cc:14:54:0e:f7:b1:52:4a:30:9c:44:31:63:15:b3:b9:05:f9:39:5e:4f:7f:f2:2e:6b:85:c0:63:06:ef:d7:63:f7:bc:2a:8d:6f:c4:76:a1:db:03:61:23:e3:c3:29:ce:a0:f8:9b:0b:00:17:25:46:f4:62:d3:b7:d1:b5:d3:0f:01:46:fb:46:07:24:74:0a:d7:4e:4a:cb:0c:bb:f7:0e:cf:5a:93:58:e1:c6:f1:fe:9c:ff:e9:91:62:73:b5:15:e2:cf:de:55:e5:e4:65:e4:e9:4d:45:77:15:08:7a:4e:67:4c:e7:a0:d1:a8:c5:52:80:0d:bd:b8:bf:f3:7a:c9:af:a9:04:4c:86:d6:ac:54:b6:3f:3e:37:8e:f4:88:fd:71:45:93:67:bd:ee:62:15:b7:18:81:f0:a8:31:65:31:d8:92:d3:57:4e:b5:8f:9e:5c:f1:9e:61:64:88:e0:b4:54:a5:54:5a:40:21:c2:8e:44:6d:f1:6d:8d:a2:68:d4:a7:b7:24:e4:e5:35:dd:d6:92:c5:7c:d4:ca:02:ba:75:1a:f4:16:6d:1c:77:fb:0d:4f:16:c1:0d:e7:7e:a5:e6:bc:03:38:64:4c" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:56.928546000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494876.928546000", - "frame.time_delta": "0.060258000", - "frame.time_delta_displayed": "0.060258000", - "frame.time_relative": "1285.467860000", - "frame.number": "4616", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d22", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000385d", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "12989", - "tcp.ack": "61325", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000fc86", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9f:e2:ac:00:26:a7:0d", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812273324, TSecr 2533133": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812273324", - "tcp.options.timestamp.tsecr": "2533133" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4615", - "tcp.analysis.ack_rtt": "0.060258000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:56.929202000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494876.929202000", - "frame.time_delta": "0.000656000", - "frame.time_delta_displayed": "0.000656000", - "frame.time_relative": "1285.468516000", - "frame.number": "4617", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002d23", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000382d", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "12989", - "tcp.nxtseq": "13036", - "tcp.ack": "61325", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000020ab", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:9f:e2:ac:00:26:a7:0d", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812273324, TSecr 2533133": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812273324", - "tcp.options.timestamp.tsecr": "2533133" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:8d:70:9d:bb:f2:0a:8e:64:a2:b5:cb:95:23:94:3f:60:46:68:10:8a:6b:08:65:a6:d1:cb:23:81:0e:94:cf:b8:6e:cc:84" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:56.929604000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494876.929604000", - "frame.time_delta": "0.000402000", - "frame.time_delta_displayed": "0.000402000", - "frame.time_relative": "1285.468918000", - "frame.number": "4618", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00009623", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000775c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "61325", - "tcp.ack": "13036", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000fb62", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:a7:13:a7:9f:e2:ac", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2533139, TSecr 2812273324": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2533139", - "tcp.options.timestamp.tsecr": "2812273324" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4617", - "tcp.analysis.ack_rtt": "0.000402000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:57.642145000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494877.642145000", - "frame.time_delta": "0.712541000", - "frame.time_delta_displayed": "0.712541000", - "frame.time_relative": "1286.181459000", - "frame.number": "4619", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001f28", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b8c8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000137a", - "udp.checksum.status": "2", - "udp.stream": "98" - }, - "mdns": { - "dns.id": "0x0000027c", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=636", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:57.642682000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494877.642682000", - "frame.time_delta": "0.000537000", - "frame.time_delta_displayed": "0.000537000", - "frame.time_relative": "1286.181996000", - "frame.number": "4620", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001f29", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000099c3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f475", - "udp.checksum.status": "2", - "udp.stream": "99" - }, - "mdns": { - "dns.id": "0x0000027c", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=636", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:57.643291000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494877.643291000", - "frame.time_delta": "0.000609000", - "frame.time_delta_displayed": "0.000609000", - "frame.time_relative": "1286.182605000", - "frame.number": "4621", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1322", - "udp.dstport": "5353", - "udp.port": "1322", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000823b", - "udp.checksum.status": "2", - "udp.stream": "100" - }, - "mdns": { - "dns.id": "0x0000027c", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=636", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:07:58.975905000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494878.975905000", - "frame.time_delta": "1.332614000", - "frame.time_delta_displayed": "1.332614000", - "frame.time_relative": "1287.515219000", - "frame.number": "4622", - "frame.len": "136", - "frame.cap_len": "136", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "122", - "ip.id": "0x0000786c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000060ed", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "102", - "udp.checksum": "0x0000302a", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000003", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", - "dns.qry.name.len": "70", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:01.930724000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494881.930724000", - "frame.time_delta": "2.954819000", - "frame.time_delta_displayed": "2.954819000", - "frame.time_relative": "1290.470038000", - "frame.number": "4623", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.242" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:01.931109000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494881.931109000", - "frame.time_delta": "0.000385000", - "frame.time_delta_displayed": "0.000385000", - "frame.time_relative": "1290.470423000", - "frame.number": "4624", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "d0:52:a8:a3:60:0f", - "arp.src.proto_ipv4": "192.168.0.242", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:04.153621000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494884.153621000", - "frame.time_delta": "2.222512000", - "frame.time_delta_displayed": "2.222512000", - "frame.time_relative": "1292.692935000", - "frame.number": "4625", - "frame.len": "94", - "frame.cap_len": "94", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "80", - "ip.id": "0x0000580b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a65e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "40", - "tcp.seq": "4918", - "tcp.nxtseq": "4958", - "tcp.ack": "469", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00004936", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "40", - "tcp.analysis.push_bytes_sent": "2880" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "35", - "ssl.app_data": "c1:4c:bc:6e:d4:4e:36:e8:10:e9:dc:06:3d:b8:f8:7f:85:ee:d8:1f:66:b3:9a:20:51:6d:82:61:5f:d6:b5:40:d2:87:86" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:04.299480000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494884.299480000", - "frame.time_delta": "0.145859000", - "frame.time_delta_displayed": "0.145859000", - "frame.time_relative": "1292.838794000", - "frame.number": "4626", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000ff4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fd9d", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "469", - "tcp.ack": "4958", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000fc03", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4625", - "tcp.analysis.ack_rtt": "0.145859000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:04.299567000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494884.299567000", - "frame.time_delta": "0.000087000", - "frame.time_delta_displayed": "0.000087000", - "frame.time_relative": "1292.838881000", - "frame.number": "4627", - "frame.len": "90", - "frame.cap_len": "90", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "76", - "ip.id": "0x00000ff5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fd78", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "36", - "tcp.seq": "469", - "tcp.nxtseq": "505", - "tcp.ack": "4958", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000a327", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "36", - "tcp.analysis.push_bytes_sent": "36" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "31", - "ssl.app_data": "54:26:79:5a:1e:3d:fa:6d:3b:45:e6:c3:fb:74:16:70:ba:03:0d:d4:84:96:53:d9:50:01:f8:ef:d2:cb:d7" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:04.339496000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494884.339496000", - "frame.time_delta": "0.039929000", - "frame.time_delta_displayed": "0.039929000", - "frame.time_relative": "1292.878810000", - "frame.number": "4628", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000580c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a685", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "4958", - "tcp.ack": "505", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f169", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4627", - "tcp.analysis.ack_rtt": "0.039929000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:04.912275000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494884.912275000", - "frame.time_delta": "0.572779000", - "frame.time_delta_displayed": "0.572779000", - "frame.time_relative": "1293.451589000", - "frame.number": "4629", - "frame.len": "174", - "frame.cap_len": "174", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:01", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01", - "eth.addr": "33:33:00:00:00:01", - "eth.addr_resolved": "IPv6mcast_01", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00016898", - "ipv6.plen": "120", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "fe80::b2b9:8aff:fe73:698e", - "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.dst": "ff02::1", - "ipv6.addr": "ff02::1", - "ipv6.dst_host": "ff02::1", - "ipv6.host": "ff02::1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "134", - "icmpv6.code": "0", - "icmpv6.checksum": "0x00006442", - "icmpv6.checksum.status": "1", - "icmpv6.nd.ra.cur_hop_limit": "64", - "icmpv6.nd.ra.flag": "0x000000c0", - "icmpv6.nd.ra.flag_tree": { - "icmpv6.nd.ra.flag.m": "1", - "icmpv6.nd.ra.flag.o": "1", - "icmpv6.nd.ra.flag.h": "0", - "icmpv6.nd.ra.flag.prf": "0", - "icmpv6.nd.ra.flag.p": "0", - "icmpv6.nd.ra.flag.rsv": "0" - }, - "icmpv6.nd.ra.router_lifetime": "0", - "icmpv6.nd.ra.reachable_time": "0", - "icmpv6.nd.ra.retrans_timer": "0", - "icmpv6.opt": { - "icmpv6.opt.type": "1", - "icmpv6.opt.length": "1", - "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", - "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "5", - "icmpv6.opt.length": "1", - "icmpv6.opt.reserved": "", - "icmpv6.opt.mtu": "1500" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "3", - "icmpv6.opt.length": "4", - "icmpv6.opt.prefix.length": "64", - "icmpv6.opt.prefix.flag": "0x000000c0", - "icmpv6.opt.prefix.flag_tree": { - "icmpv6.opt.prefix.flag.l": "1", - "icmpv6.opt.prefix.flag.a": "1", - "icmpv6.opt.prefix.flag.r": "0", - "icmpv6.opt.prefix.flag.reserved": "0" - }, - "icmpv6.opt.prefix.valid_lifetime": "4294967295", - "icmpv6.opt.prefix.preferred_lifetime": "4294967295", - "icmpv6.opt.reserved": "", - "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "24", - "icmpv6.opt.length": "3", - "icmpv6.opt.prefix.length": "48", - "icmpv6.opt.route_info.flag": "0x00000000", - "icmpv6.opt.route_info.flag_tree": { - "icmpv6.opt.route_info.flag.route_preference": "0", - "icmpv6.opt.route_info.flag.reserved": "0" - }, - "icmpv6.opt.route_lifetime": "4294967295", - "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "25", - "icmpv6.opt.length": "3", - "icmpv6.opt.reserved": "", - "icmpv6.opt.rdnss.lifetime": "6000", - "icmpv6.opt.rdnss": "fd1e:4e89:3b7b::1" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "7", - "icmpv6.opt.length": "1", - "icmpv6.opt.reserved": "", - "icmpv6.opt.advertisement_interval": "600000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:06.595866000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494886.595866000", - "frame.time_delta": "1.683591000", - "frame.time_delta_displayed": "1.683591000", - "frame.time_relative": "1295.135180000", - "frame.number": "4630", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005d43", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x00005aa6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:07.642747000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494887.642747000", - "frame.time_delta": "1.046881000", - "frame.time_delta_displayed": "1.046881000", - "frame.time_relative": "1296.182061000", - "frame.number": "4631", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001f2d", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b8c3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00001279", - "udp.checksum.status": "2", - "udp.stream": "98" - }, - "mdns": { - "dns.id": "0x0000027d", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=637", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:07.643277000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494887.643277000", - "frame.time_delta": "0.000530000", - "frame.time_delta_displayed": "0.000530000", - "frame.time_relative": "1296.182591000", - "frame.number": "4632", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001f2e", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000099be", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f374", - "udp.checksum.status": "2", - "udp.stream": "99" - }, - "mdns": { - "dns.id": "0x0000027d", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=637", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:07.643878000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494887.643878000", - "frame.time_delta": "0.000601000", - "frame.time_delta_displayed": "0.000601000", - "frame.time_relative": "1296.183192000", - "frame.number": "4633", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1322", - "udp.dstport": "5353", - "udp.port": "1322", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000813a", - "udp.checksum.status": "2", - "udp.stream": "100" - }, - "mdns": { - "dns.id": "0x0000027d", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=637", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:09.300195000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494889.300195000", - "frame.time_delta": "1.656317000", - "frame.time_delta_displayed": "1.656317000", - "frame.time_relative": "1297.839509000", - "frame.number": "4634", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.160" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:09.300651000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494889.300651000", - "frame.time_delta": "0.000456000", - "frame.time_delta_displayed": "0.000456000", - "frame.time_relative": "1297.839965000", - "frame.number": "4635", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "00:17:88:69:ee:e4", - "arp.src.proto_ipv4": "192.168.0.160", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:12.643357000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494892.643357000", - "frame.time_delta": "3.342706000", - "frame.time_delta_displayed": "3.342706000", - "frame.time_relative": "1301.182671000", - "frame.number": "4636", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001f32", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b8be", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00001279", - "udp.checksum.status": "2", - "udp.stream": "98" - }, - "mdns": { - "dns.id": "0x0000027d", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=637", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:12.643674000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494892.643674000", - "frame.time_delta": "0.000317000", - "frame.time_delta_displayed": "0.000317000", - "frame.time_relative": "1301.182988000", - "frame.number": "4637", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001f33", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000099b9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f374", - "udp.checksum.status": "2", - "udp.stream": "99" - }, - "mdns": { - "dns.id": "0x0000027d", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=637", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:12.644252000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494892.644252000", - "frame.time_delta": "0.000578000", - "frame.time_delta_displayed": "0.000578000", - "frame.time_relative": "1301.183566000", - "frame.number": "4638", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1322", - "udp.dstport": "5353", - "udp.port": "1322", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000813a", - "udp.checksum.status": "2", - "udp.stream": "100" - }, - "mdns": { - "dns.id": "0x0000027d", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=637", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:15.037538000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494895.037538000", - "frame.time_delta": "2.393286000", - "frame.time_delta_displayed": "2.393286000", - "frame.time_relative": "1303.576852000", - "frame.number": "4639", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:igmp:igmp" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_16", - "eth.addr": "01:00:5e:00:00:16", - "eth.addr_resolved": "IPv4mcast_16", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "24", - "ip.dsfield": "0x000000c0", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "48", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "2", - "ip.checksum": "0x000042dc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.22", - "ip.addr": "224.0.0.22", - "ip.dst_host": "224.0.0.22", - "ip.host": "224.0.0.22", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "Options: (4 bytes), Router Alert": { - "Router Alert (4 bytes): Router shall examine packet (0)": { - "ip.opt.type": "148", - "ip.opt.type_tree": { - "ip.opt.type.copy": "1", - "ip.opt.type.class": "0", - "ip.opt.type.number": "20" - }, - "ip.opt.len": "4", - "ip.opt.ra": "0" - } - } - }, - "igmp": { - "igmp.version": "3", - "igmp.type": "0x00000022", - "igmp.reserved": "00", - "igmp.checksum": "0x0000fa02", - "igmp.checksum.status": "1", - "igmp.reserved": "00:00", - "igmp.num_grp_recs": "1", - "Group Record : 224.0.0.251 Change To Include Mode": { - "igmp.record_type": "3", - "igmp.aux_data_len": "0", - "igmp.num_src": "0", - "igmp.maddr": "224.0.0.251" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:17.644220000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494897.644220000", - "frame.time_delta": "2.606682000", - "frame.time_delta_displayed": "2.606682000", - "frame.time_relative": "1306.183534000", - "frame.number": "4640", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001f34", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b8bc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00001279", - "udp.checksum.status": "2", - "udp.stream": "98" - }, - "mdns": { - "dns.id": "0x0000027d", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=637", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:17.644578000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494897.644578000", - "frame.time_delta": "0.000358000", - "frame.time_delta_displayed": "0.000358000", - "frame.time_relative": "1306.183892000", - "frame.number": "4641", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001f35", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000099b7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f374", - "udp.checksum.status": "2", - "udp.stream": "99" - }, - "mdns": { - "dns.id": "0x0000027d", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=637", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:17.644991000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494897.644991000", - "frame.time_delta": "0.000413000", - "frame.time_delta_displayed": "0.000413000", - "frame.time_relative": "1306.184305000", - "frame.number": "4642", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1322", - "udp.dstport": "5353", - "udp.port": "1322", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000813a", - "udp.checksum.status": "2", - "udp.stream": "100" - }, - "mdns": { - "dns.id": "0x0000027d", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=637", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:25.354827000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494905.354827000", - "frame.time_delta": "7.709836000", - "frame.time_delta_displayed": "7.709836000", - "frame.time_relative": "1313.894141000", - "frame.number": "4643", - "frame.len": "92", - "frame.cap_len": "92", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "78", - "ip.id": "0x00000b6b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ed4b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "58", - "udp.checksum": "0x0000851f", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "32:00:00:54:42:52:4b:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:00:44:a8:30:37:9e:cd:f2:14:11:00:00:00:e2:86:01:3d:28:35:02:00:86:a0:01:00:00:00", - "data.len": "50" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:27.644050000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494907.644050000", - "frame.time_delta": "2.289223000", - "frame.time_delta_displayed": "2.289223000", - "frame.time_relative": "1316.183364000", - "frame.number": "4644", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001f38", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b8b8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00001178", - "udp.checksum.status": "2", - "udp.stream": "98" - }, - "mdns": { - "dns.id": "0x0000027e", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=638", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:27.644499000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494907.644499000", - "frame.time_delta": "0.000449000", - "frame.time_delta_displayed": "0.000449000", - "frame.time_relative": "1316.183813000", - "frame.number": "4645", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001f39", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000099b3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f273", - "udp.checksum.status": "2", - "udp.stream": "99" - }, - "mdns": { - "dns.id": "0x0000027e", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=638", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:27.645031000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494907.645031000", - "frame.time_delta": "0.000532000", - "frame.time_delta_displayed": "0.000532000", - "frame.time_relative": "1316.184345000", - "frame.number": "4646", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1322", - "udp.dstport": "5353", - "udp.port": "1322", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00008039", - "udp.checksum.status": "2", - "udp.stream": "100" - }, - "mdns": { - "dns.id": "0x0000027e", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=638", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:27.955714000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494907.955714000", - "frame.time_delta": "0.310683000", - "frame.time_delta_displayed": "0.310683000", - "frame.time_relative": "1316.495028000", - "frame.number": "4647", - "frame.len": "115", - "frame.cap_len": "115", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "101", - "ip.id": "0x00009624", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000772a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "49", - "tcp.seq": "61325", - "tcp.nxtseq": "61374", - "tcp.ack": "13036", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00007d2d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:b3:32:a7:9f:e2:ac", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2536242, TSecr 2812273324": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2536242", - "tcp.options.timestamp.tsecr": "2812273324" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "49", - "tcp.analysis.push_bytes_sent": "49" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "44", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:d8:fb:d8:20:97:12:b3:0e:3b:69:d5:1b:40:53:f4:d6:23:e2:5b:13:86:39:f6:7d:56:0b:c2:8e:1e:3f:33:10:e9:ca:fd:6d:e2" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:28.016395000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494908.016395000", - "frame.time_delta": "0.060681000", - "frame.time_delta_displayed": "0.060681000", - "frame.time_relative": "1316.555709000", - "frame.number": "4648", - "frame.len": "121", - "frame.cap_len": "121", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "107", - "ip.id": "0x00002d24", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003824", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "55", - "tcp.seq": "13036", - "tcp.nxtseq": "13091", - "tcp.ack": "61374", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000c018", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:01:08:00:26:b3:32", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812281096, TSecr 2536242": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812281096", - "tcp.options.timestamp.tsecr": "2536242" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4647", - "tcp.analysis.ack_rtt": "0.060681000", - "tcp.analysis.bytes_in_flight": "55", - "tcp.analysis.push_bytes_sent": "55" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "50", - "ssl.app_data": "34:cd:34:17:47:48:0e:8e:7d:4f:3c:b9:d1:7c:2f:8c:15:7a:be:3d:84:15:00:d9:6c:24:76:21:a2:5d:ab:83:16:b4:c7:a1:5a:ef:d2:60:0d:80:a7:0f:43:d7:e4:5a:5f:c3" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:28.016898000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494908.016898000", - "frame.time_delta": "0.000503000", - "frame.time_delta_displayed": "0.000503000", - "frame.time_relative": "1316.556212000", - "frame.number": "4649", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00009625", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000775a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "61374", - "tcp.ack": "13091", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000d079", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:b3:38:a7:a0:01:08", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2536248, TSecr 2812281096": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2536248", - "tcp.options.timestamp.tsecr": "2812281096" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4648", - "tcp.analysis.ack_rtt": "0.000503000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:28.852238000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494908.852238000", - "frame.time_delta": "0.835340000", - "frame.time_delta_displayed": "0.835340000", - "frame.time_relative": "1317.391552000", - "frame.number": "4650", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "3c:ef:8c:6f:79:5a", - "eth.src_tree": { - "eth.src_resolved": "Zhejiang_6f:79:5a", - "eth.addr": "3c:ef:8c:6f:79:5a", - "eth.addr_resolved": "Zhejiang_6f:79:5a", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.isgratuitous": "1", - "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", - "arp.src.proto_ipv4": "192.168.0.71", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.71" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:32.644146000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494912.644146000", - "frame.time_delta": "3.791908000", - "frame.time_delta_displayed": "3.791908000", - "frame.time_relative": "1321.183460000", - "frame.number": "4651", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001f3a", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b8b6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00001178", - "udp.checksum.status": "2", - "udp.stream": "98" - }, - "mdns": { - "dns.id": "0x0000027e", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=638", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:32.644662000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494912.644662000", - "frame.time_delta": "0.000516000", - "frame.time_delta_displayed": "0.000516000", - "frame.time_relative": "1321.183976000", - "frame.number": "4652", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001f3b", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000099b1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f273", - "udp.checksum.status": "2", - "udp.stream": "99" - }, - "mdns": { - "dns.id": "0x0000027e", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=638", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:32.645294000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494912.645294000", - "frame.time_delta": "0.000632000", - "frame.time_delta_displayed": "0.000632000", - "frame.time_relative": "1321.184608000", - "frame.number": "4653", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1322", - "udp.dstport": "5353", - "udp.port": "1322", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00008039", - "udp.checksum.status": "2", - "udp.stream": "100" - }, - "mdns": { - "dns.id": "0x0000027e", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=638", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:34.339466000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494914.339466000", - "frame.time_delta": "1.694172000", - "frame.time_delta_displayed": "1.694172000", - "frame.time_relative": "1322.878780000", - "frame.number": "4654", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000580d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a684", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "4957", - "tcp.ack": "505", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f16a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive": "", - "_ws.expert.message": "TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:34.482715000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494914.482715000", - "frame.time_delta": "0.143249000", - "frame.time_delta_displayed": "0.143249000", - "frame.time_relative": "1323.022029000", - "frame.number": "4655", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000ff6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fd9b", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "505", - "tcp.ack": "4958", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000fbdf", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive_ack": "", - "_ws.expert.message": "ACK to a TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:36.616220000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494916.616220000", - "frame.time_delta": "2.133505000", - "frame.time_delta_displayed": "2.133505000", - "frame.time_relative": "1325.155534000", - "frame.number": "4656", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005d4a", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x00005a9f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:37.644315000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494917.644315000", - "frame.time_delta": "1.028095000", - "frame.time_delta_displayed": "1.028095000", - "frame.time_relative": "1326.183629000", - "frame.number": "4657", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001f3c", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b8b4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00001178", - "udp.checksum.status": "2", - "udp.stream": "98" - }, - "mdns": { - "dns.id": "0x0000027e", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=638", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:37.644765000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494917.644765000", - "frame.time_delta": "0.000450000", - "frame.time_delta_displayed": "0.000450000", - "frame.time_relative": "1326.184079000", - "frame.number": "4658", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001f3d", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000099af", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f273", - "udp.checksum.status": "2", - "udp.stream": "99" - }, - "mdns": { - "dns.id": "0x0000027e", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=638", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:37.645441000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494917.645441000", - "frame.time_delta": "0.000676000", - "frame.time_delta_displayed": "0.000676000", - "frame.time_relative": "1326.184755000", - "frame.number": "4659", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1322", - "udp.dstport": "5353", - "udp.port": "1322", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00008039", - "udp.checksum.status": "2", - "udp.stream": "100" - }, - "mdns": { - "dns.id": "0x0000027e", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=638", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:43.625161000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494923.625161000", - "frame.time_delta": "5.979720000", - "frame.time_delta_displayed": "5.979720000", - "frame.time_relative": "1332.164475000", - "frame.number": "4660", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:igmp:igmp" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_16", - "eth.addr": "01:00:5e:00:00:16", - "eth.addr_resolved": "IPv4mcast_16", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "24", - "ip.dsfield": "0x000000c0", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "48", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "2", - "ip.checksum": "0x000042dc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.22", - "ip.addr": "224.0.0.22", - "ip.dst_host": "224.0.0.22", - "ip.host": "224.0.0.22", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "Options: (4 bytes), Router Alert": { - "Router Alert (4 bytes): Router shall examine packet (0)": { - "ip.opt.type": "148", - "ip.opt.type_tree": { - "ip.opt.type.copy": "1", - "ip.opt.type.class": "0", - "ip.opt.type.number": "20" - }, - "ip.opt.len": "4", - "ip.opt.ra": "0" - } - } - }, - "igmp": { - "igmp.version": "3", - "igmp.type": "0x00000022", - "igmp.reserved": "00", - "igmp.checksum": "0x0000fa02", - "igmp.checksum.status": "1", - "igmp.reserved": "00:00", - "igmp.num_grp_recs": "1", - "Group Record : 224.0.0.251 Change To Include Mode": { - "igmp.record_type": "3", - "igmp.aux_data_len": "0", - "igmp.num_src": "0", - "igmp.maddr": "224.0.0.251" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:43.904564000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494923.904564000", - "frame.time_delta": "0.279403000", - "frame.time_delta_displayed": "0.279403000", - "frame.time_relative": "1332.443878000", - "frame.number": "4661", - "frame.len": "136", - "frame.cap_len": "136", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "122", - "ip.id": "0x00008f71", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000049e8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "102", - "udp.checksum": "0x0000302b", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000001", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", - "dns.qry.name.len": "70", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:43.904795000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494923.904795000", - "frame.time_delta": "0.000231000", - "frame.time_delta_displayed": "0.000231000", - "frame.time_relative": "1332.444109000", - "frame.number": "4662", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:igmp:igmp" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_16", - "eth.addr": "01:00:5e:00:00:16", - "eth.addr_resolved": "IPv4mcast_16", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "24", - "ip.dsfield": "0x000000c0", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "48", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "2", - "ip.checksum": "0x000042dc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.22", - "ip.addr": "224.0.0.22", - "ip.dst_host": "224.0.0.22", - "ip.host": "224.0.0.22", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "Options: (4 bytes), Router Alert": { - "Router Alert (4 bytes): Router shall examine packet (0)": { - "ip.opt.type": "148", - "ip.opt.type_tree": { - "ip.opt.type.copy": "1", - "ip.opt.type.class": "0", - "ip.opt.type.number": "20" - }, - "ip.opt.len": "4", - "ip.opt.ra": "0" - } - } - }, - "igmp": { - "igmp.version": "3", - "igmp.type": "0x00000022", - "igmp.reserved": "00", - "igmp.checksum": "0x0000f902", - "igmp.checksum.status": "1", - "igmp.reserved": "00:00", - "igmp.num_grp_recs": "1", - "Group Record : 224.0.0.251 Change To Exclude Mode": { - "igmp.record_type": "4", - "igmp.aux_data_len": "0", - "igmp.num_src": "0", - "igmp.maddr": "224.0.0.251" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:43.919872000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494923.919872000", - "frame.time_delta": "0.015077000", - "frame.time_delta_displayed": "0.015077000", - "frame.time_relative": "1332.459186000", - "frame.number": "4663", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:igmp:igmp" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_16", - "eth.addr": "01:00:5e:00:00:16", - "eth.addr_resolved": "IPv4mcast_16", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "24", - "ip.dsfield": "0x000000c0", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "48", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "2", - "ip.checksum": "0x000042dc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.22", - "ip.addr": "224.0.0.22", - "ip.dst_host": "224.0.0.22", - "ip.host": "224.0.0.22", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "Options: (4 bytes), Router Alert": { - "Router Alert (4 bytes): Router shall examine packet (0)": { - "ip.opt.type": "148", - "ip.opt.type_tree": { - "ip.opt.type.copy": "1", - "ip.opt.type.class": "0", - "ip.opt.type.number": "20" - }, - "ip.opt.len": "4", - "ip.opt.ra": "0" - } - } - }, - "igmp": { - "igmp.version": "3", - "igmp.type": "0x00000022", - "igmp.reserved": "00", - "igmp.checksum": "0x0000f902", - "igmp.checksum.status": "1", - "igmp.reserved": "00:00", - "igmp.num_grp_recs": "1", - "Group Record : 224.0.0.251 Change To Exclude Mode": { - "igmp.record_type": "4", - "igmp.aux_data_len": "0", - "igmp.num_src": "0", - "igmp.maddr": "224.0.0.251" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:43.919975000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494923.919975000", - "frame.time_delta": "0.000103000", - "frame.time_delta_displayed": "0.000103000", - "frame.time_relative": "1332.459289000", - "frame.number": "4664", - "frame.len": "136", - "frame.cap_len": "136", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "122", - "ip.id": "0x00008f73", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000049e6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "102", - "udp.checksum": "0x0000302b", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000001", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", - "dns.qry.name.len": "70", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:44.191329000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494924.191329000", - "frame.time_delta": "0.271354000", - "frame.time_delta_displayed": "0.271354000", - "frame.time_relative": "1332.730643000", - "frame.number": "4665", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "60:57:18:8e:aa:94", - "arp.src.proto_ipv4": "192.168.0.108", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:44.383876000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494924.383876000", - "frame.time_delta": "0.192547000", - "frame.time_delta_displayed": "0.192547000", - "frame.time_relative": "1332.923190000", - "frame.number": "4666", - "frame.len": "88", - "frame.cap_len": "88", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "74", - "ip.id": "0x00008fd8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000049b1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "54", - "udp.checksum": "0x0000fd7d", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_services._dns-sd._udp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_services._dns-sd._udp.local", - "dns.qry.name.len": "28", - "dns.count.labels": "4", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:44.384035000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494924.384035000", - "frame.time_delta": "0.000159000", - "frame.time_delta_displayed": "0.000159000", - "frame.time_relative": "1332.923349000", - "frame.number": "4667", - "frame.len": "83", - "frame.cap_len": "83", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "69", - "ip.id": "0x00008fd9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000049b5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "49", - "udp.checksum": "0x0000edf6", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_smartthings._tcp.local", - "dns.qry.name.len": "23", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:44.384181000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494924.384181000", - "frame.time_delta": "0.000146000", - "frame.time_delta_displayed": "0.000146000", - "frame.time_relative": "1332.923495000", - "frame.number": "4668", - "frame.len": "83", - "frame.cap_len": "83", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "69", - "ip.id": "0x00008fda", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000049b4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "49", - "udp.checksum": "0x0000edf6", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_smartthings._tcp.local", - "dns.qry.name.len": "23", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:44.402053000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494924.402053000", - "frame.time_delta": "0.017872000", - "frame.time_delta_displayed": "0.017872000", - "frame.time_relative": "1332.941367000", - "frame.number": "4669", - "frame.len": "211", - "frame.cap_len": "211", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "197", - "ip.id": "0x00006ab4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00006ddd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "177", - "udp.checksum": "0x00009320", - "udp.checksum.status": "2", - "udp.stream": "45" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00008400", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "1", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.recavail": "0", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "0", - "dns.count.answers": "4", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Answers": { - "_smartthings._tcp.local: type PTR, class IN, D052A8A1D7EE0001._smartthings._tcp.local": { - "dns.resp.name": "_smartthings._tcp.local", - "dns.resp.type": "12", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "4500", - "dns.resp.len": "19", - "dns.ptr.domain_name": "D052A8A1D7EE0001._smartthings._tcp.local" - }, - "D052A8A1D7EE0001._smartthings._tcp.local: type TXT, class IN, cache flush": { - "dns.resp.name": "D052A8A1D7EE0001._smartthings._tcp.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "1", - "dns.resp.ttl": "4500", - "dns.resp.len": "38", - "dns.txt.length": "6", - "dns.txt": "path=\/", - "dns.txt.length": "19", - "dns.txt": "id=D052A8A1D7EE0001", - "dns.txt.length": "10", - "dns.txt": "type=hubv2" - }, - "D052A8A1D7EE0001._smartthings._tcp.local: type SRV, class IN, cache flush, priority 0, weight 0, port 8081, target D052A8A1D7EE0001.local": { - "dns.srv.service": "D052A8A1D7EE0001", - "dns.srv.proto": "_smartthings", - "dns.srv.name": "_tcp.local", - "dns.resp.type": "33", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "1", - "dns.resp.ttl": "120", - "dns.resp.len": "25", - "dns.srv.priority": "0", - "dns.srv.weight": "0", - "dns.srv.port": "8081", - "dns.srv.target": "D052A8A1D7EE0001.local" - }, - "D052A8A1D7EE0001.local: type A, class IN, cache flush, addr 192.168.0.242": { - "dns.resp.name": "D052A8A1D7EE0001.local", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "1", - "dns.resp.ttl": "120", - "dns.resp.len": "4", - "dns.a": "192.168.0.242" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:44.577615000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494924.577615000", - "frame.time_delta": "0.175562000", - "frame.time_delta_displayed": "0.175562000", - "frame.time_relative": "1333.116929000", - "frame.number": "4670", - "frame.len": "107", - "frame.cap_len": "107", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "3c:ef:8c:6f:79:5a", - "eth.src_tree": { - "eth.src_resolved": "Zhejiang_6f:79:5a", - "eth.addr": "3c:ef:8c:6f:79:5a", - "eth.addr_resolved": "Zhejiang_6f:79:5a", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "93", - "ip.id": "0x000066b7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000072ed", - "ip.checksum.status": "2", - "ip.src": "192.168.0.71", - "ip.addr": "192.168.0.71", - "ip.src_host": "192.168.0.71", - "ip.host": "192.168.0.71", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "73", - "udp.checksum": "0x0000791d", - "udp.checksum.status": "2", - "udp.stream": "46" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00008400", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "1", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.recavail": "0", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "0", - "dns.count.answers": "1", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Answers": { - "_services._dns-sd._udp.local: type PTR, class IN, _http._tcp.local": { - "dns.resp.name": "_services._dns-sd._udp.local", - "dns.resp.type": "12", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "4500", - "dns.resp.len": "13", - "dns.ptr.domain_name": "_http._tcp.local" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:44.634183000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494924.634183000", - "frame.time_delta": "0.056568000", - "frame.time_delta_displayed": "0.056568000", - "frame.time_relative": "1333.173497000", - "frame.number": "4671", - "frame.len": "114", - "frame.cap_len": "114", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "74:da:38:0d:05:55", - "eth.src_tree": { - "eth.src_resolved": "EdimaxTe_0d:05:55", - "eth.addr": "74:da:38:0d:05:55", - "eth.addr_resolved": "EdimaxTe_0d:05:55", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "100", - "ip.id": "0x0000caa6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00000ec7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.119", - "ip.addr": "192.168.0.119", - "ip.src_host": "192.168.0.119", - "ip.host": "192.168.0.119", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "80", - "udp.checksum": "0x00004200", - "udp.checksum.status": "2", - "udp.stream": "47" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00008400", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "1", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.recavail": "0", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "0", - "dns.count.answers": "1", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Answers": { - "_services._dns-sd._udp.local: type PTR, class IN, _workstation._tcp.local": { - "dns.resp.name": "_services._dns-sd._udp.local", - "dns.resp.type": "12", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "4500", - "dns.resp.len": "20", - "dns.ptr.domain_name": "_workstation._tcp.local" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:44.649804000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494924.649804000", - "frame.time_delta": "0.015621000", - "frame.time_delta_displayed": "0.015621000", - "frame.time_relative": "1333.189118000", - "frame.number": "4672", - "frame.len": "88", - "frame.cap_len": "88", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "74", - "ip.id": "0x00008fdf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000049aa", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "54", - "udp.checksum": "0x0000fd7d", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_services._dns-sd._udp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_services._dns-sd._udp.local", - "dns.qry.name.len": "28", - "dns.count.labels": "4", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:44.650035000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494924.650035000", - "frame.time_delta": "0.000231000", - "frame.time_delta_displayed": "0.000231000", - "frame.time_relative": "1333.189349000", - "frame.number": "4673", - "frame.len": "83", - "frame.cap_len": "83", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "69", - "ip.id": "0x00008fe0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000049ae", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "49", - "udp.checksum": "0x0000edf6", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_smartthings._tcp.local", - "dns.qry.name.len": "23", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:44.650177000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494924.650177000", - "frame.time_delta": "0.000142000", - "frame.time_delta_displayed": "0.000142000", - "frame.time_relative": "1333.189491000", - "frame.number": "4674", - "frame.len": "83", - "frame.cap_len": "83", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "69", - "ip.id": "0x00008fe1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000049ad", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "49", - "udp.checksum": "0x0000edf6", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_smartthings._tcp.local", - "dns.qry.name.len": "23", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:44.650726000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494924.650726000", - "frame.time_delta": "0.000549000", - "frame.time_delta_displayed": "0.000549000", - "frame.time_relative": "1333.190040000", - "frame.number": "4675", - "frame.len": "108", - "frame.cap_len": "108", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "90:8d:78:e3:81:0c", - "eth.src_tree": { - "eth.src_resolved": "D-LinkIn_e3:81:0c", - "eth.addr": "90:8d:78:e3:81:0c", - "eth.addr_resolved": "D-LinkIn_e3:81:0c", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "94", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000d8fa", - "ip.checksum.status": "2", - "ip.src": "192.168.0.240", - "ip.addr": "192.168.0.240", - "ip.src_host": "192.168.0.240", - "ip.host": "192.168.0.240", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "74", - "udp.checksum": "0x00009b02", - "udp.checksum.status": "2", - "udp.stream": "49" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00008400", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "1", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.recavail": "0", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "0", - "dns.count.answers": "1", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Answers": { - "_services._dns-sd._udp.local: type PTR, class IN, _dhnap._tcp.local": { - "dns.resp.name": "_services._dns-sd._udp.local", - "dns.resp.type": "12", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "4500", - "dns.resp.len": "14", - "dns.ptr.domain_name": "_dhnap._tcp.local" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:44.655392000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494924.655392000", - "frame.time_delta": "0.004666000", - "frame.time_delta_displayed": "0.004666000", - "frame.time_relative": "1333.194706000", - "frame.number": "4676", - "frame.len": "108", - "frame.cap_len": "108", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "c4:12:f5:e3:dc:17", - "eth.src_tree": { - "eth.src_resolved": "D-LinkIn_e3:dc:17", - "eth.addr": "c4:12:f5:e3:dc:17", - "eth.addr_resolved": "D-LinkIn_e3:dc:17", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "94", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000d963", - "ip.checksum.status": "2", - "ip.src": "192.168.0.135", - "ip.addr": "192.168.0.135", - "ip.src_host": "192.168.0.135", - "ip.host": "192.168.0.135", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "74", - "udp.checksum": "0x00009b6b", - "udp.checksum.status": "2", - "udp.stream": "48" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00008400", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "1", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.recavail": "0", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "0", - "dns.count.answers": "1", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Answers": { - "_services._dns-sd._udp.local: type PTR, class IN, _dhnap._tcp.local": { - "dns.resp.name": "_services._dns-sd._udp.local", - "dns.resp.type": "12", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "4500", - "dns.resp.len": "14", - "dns.ptr.domain_name": "_dhnap._tcp.local" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:44.683512000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494924.683512000", - "frame.time_delta": "0.028120000", - "frame.time_delta_displayed": "0.028120000", - "frame.time_relative": "1333.222826000", - "frame.number": "4677", - "frame.len": "108", - "frame.cap_len": "108", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "c4:12:f5:de:38:20", - "eth.src_tree": { - "eth.src_resolved": "D-LinkIn_de:38:20", - "eth.addr": "c4:12:f5:de:38:20", - "eth.addr_resolved": "D-LinkIn_de:38:20", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "94", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000d995", - "ip.checksum.status": "2", - "ip.src": "192.168.0.85", - "ip.addr": "192.168.0.85", - "ip.src_host": "192.168.0.85", - "ip.host": "192.168.0.85", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "74", - "udp.checksum": "0x00009b9d", - "udp.checksum.status": "2", - "udp.stream": "50" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00008400", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "1", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.recavail": "0", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "0", - "dns.count.answers": "1", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Answers": { - "_services._dns-sd._udp.local: type PTR, class IN, _dhnap._tcp.local": { - "dns.resp.name": "_services._dns-sd._udp.local", - "dns.resp.type": "12", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "4500", - "dns.resp.len": "14", - "dns.ptr.domain_name": "_dhnap._tcp.local" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:44.837108000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494924.837108000", - "frame.time_delta": "0.153596000", - "frame.time_delta_displayed": "0.153596000", - "frame.time_relative": "1333.376422000", - "frame.number": "4678", - "frame.len": "83", - "frame.cap_len": "83", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "69", - "ip.id": "0x00008feb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000049a3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "49", - "udp.checksum": "0x0000edf6", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_smartthings._tcp.local", - "dns.qry.name.len": "23", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:44.837265000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494924.837265000", - "frame.time_delta": "0.000157000", - "frame.time_delta_displayed": "0.000157000", - "frame.time_relative": "1333.376579000", - "frame.number": "4679", - "frame.len": "88", - "frame.cap_len": "88", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "74", - "ip.id": "0x00008fec", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000499d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "54", - "udp.checksum": "0x0000fd7d", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_services._dns-sd._udp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_services._dns-sd._udp.local", - "dns.qry.name.len": "28", - "dns.count.labels": "4", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:44.838923000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494924.838923000", - "frame.time_delta": "0.001658000", - "frame.time_delta_displayed": "0.001658000", - "frame.time_relative": "1333.378237000", - "frame.number": "4680", - "frame.len": "83", - "frame.cap_len": "83", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "69", - "ip.id": "0x00008fed", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000049a1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "49", - "udp.checksum": "0x0000edf6", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_smartthings._tcp.local", - "dns.qry.name.len": "23", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:44.935518000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494924.935518000", - "frame.time_delta": "0.096595000", - "frame.time_delta_displayed": "0.096595000", - "frame.time_relative": "1333.474832000", - "frame.number": "4681", - "frame.len": "136", - "frame.cap_len": "136", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "122", - "ip.id": "0x00008ffe", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000495b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "102", - "udp.checksum": "0x0000302b", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000002", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", - "dns.qry.name.len": "70", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:45.183538000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494925.183538000", - "frame.time_delta": "0.248020000", - "frame.time_delta_displayed": "0.248020000", - "frame.time_relative": "1333.722852000", - "frame.number": "4682", - "frame.len": "95", - "frame.cap_len": "95", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "81", - "ip.id": "0x00009010", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00004972", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "61", - "udp.checksum": "0x0000e855", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "1", - "dns.count.add_rr": "0", - "Queries": { - "192-168-0-117.local: type ANY, class IN, \"QM\" question": { - "dns.qry.name": "192-168-0-117.local", - "dns.qry.name.len": "19", - "dns.count.labels": "2", - "dns.qry.type": "255", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - }, - "Authoritative nameservers": { - "192-168-0-117.local: type A, class IN, addr 192.168.0.117": { - "dns.resp.name": "192-168-0-117.local", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "3599", - "dns.resp.len": "4", - "dns.a": "192.168.0.117" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:46.035268000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494926.035268000", - "frame.time_delta": "0.851730000", - "frame.time_delta_displayed": "0.851730000", - "frame.time_relative": "1334.574582000", - "frame.number": "4683", - "frame.len": "136", - "frame.cap_len": "136", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "122", - "ip.id": "0x00009038", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00004921", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "102", - "udp.checksum": "0x0000302a", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000003", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", - "dns.qry.name.len": "70", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:46.220553000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494926.220553000", - "frame.time_delta": "0.185285000", - "frame.time_delta_displayed": "0.185285000", - "frame.time_relative": "1334.759867000", - "frame.number": "4684", - "frame.len": "95", - "frame.cap_len": "95", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "81", - "ip.id": "0x0000907f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00004903", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "61", - "udp.checksum": "0x0000e755", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "1", - "dns.count.add_rr": "0", - "Queries": { - "192-168-0-117.local: type ANY, class IN, \"QM\" question": { - "dns.qry.name": "192-168-0-117.local", - "dns.qry.name.len": "19", - "dns.count.labels": "2", - "dns.qry.type": "255", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - }, - "Authoritative nameservers": { - "192-168-0-117.local: type A, class IN, addr 192.168.0.117": { - "dns.resp.name": "192-168-0-117.local", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "3600", - "dns.resp.len": "4", - "dns.a": "192.168.0.117" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:47.161021000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494927.161021000", - "frame.time_delta": "0.940468000", - "frame.time_delta_displayed": "0.940468000", - "frame.time_relative": "1335.700335000", - "frame.number": "4685", - "frame.len": "95", - "frame.cap_len": "95", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "81", - "ip.id": "0x000090ae", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000048d4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "61", - "udp.checksum": "0x0000e755", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "1", - "dns.count.add_rr": "0", - "Queries": { - "192-168-0-117.local: type ANY, class IN, \"QM\" question": { - "dns.qry.name": "192-168-0-117.local", - "dns.qry.name.len": "19", - "dns.count.labels": "2", - "dns.qry.type": "255", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - }, - "Authoritative nameservers": { - "192-168-0-117.local: type A, class IN, addr 192.168.0.117": { - "dns.resp.name": "192-168-0-117.local", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "3600", - "dns.resp.len": "4", - "dns.a": "192.168.0.117" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:48.058349000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494928.058349000", - "frame.time_delta": "0.897328000", - "frame.time_delta_displayed": "0.897328000", - "frame.time_relative": "1336.597663000", - "frame.number": "4686", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:igmp:igmp" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_16", - "eth.addr": "01:00:5e:00:00:16", - "eth.addr_resolved": "IPv4mcast_16", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "24", - "ip.dsfield": "0x000000c0", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "48", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "2", - "ip.checksum": "0x000042dc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.22", - "ip.addr": "224.0.0.22", - "ip.dst_host": "224.0.0.22", - "ip.host": "224.0.0.22", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "Options: (4 bytes), Router Alert": { - "Router Alert (4 bytes): Router shall examine packet (0)": { - "ip.opt.type": "148", - "ip.opt.type_tree": { - "ip.opt.type.copy": "1", - "ip.opt.type.class": "0", - "ip.opt.type.number": "20" - }, - "ip.opt.len": "4", - "ip.opt.ra": "0" - } - } - }, - "igmp": { - "igmp.version": "3", - "igmp.type": "0x00000022", - "igmp.reserved": "00", - "igmp.checksum": "0x0000f902", - "igmp.checksum.status": "1", - "igmp.reserved": "00:00", - "igmp.num_grp_recs": "1", - "Group Record : 224.0.0.251 Change To Exclude Mode": { - "igmp.record_type": "4", - "igmp.aux_data_len": "0", - "igmp.num_src": "0", - "igmp.maddr": "224.0.0.251" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:48.196358000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494928.196358000", - "frame.time_delta": "0.138009000", - "frame.time_delta_displayed": "0.138009000", - "frame.time_relative": "1336.735672000", - "frame.number": "4687", - "frame.len": "89", - "frame.cap_len": "89", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "75", - "ip.id": "0x000090cf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000048b9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "55", - "udp.checksum": "0x00006fa3", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.response_to": "4685", - "dns.time": "1.035337000", - "dns.id": "0x00000000", - "dns.flags": "0x00008400", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "1", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.recavail": "0", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "0", - "dns.count.answers": "1", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Answers": { - "192-168-0-117.local: type A, class IN, cache flush, addr 192.168.0.117": { - "dns.resp.name": "192-168-0-117.local", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "1", - "dns.resp.ttl": "3600", - "dns.resp.len": "4", - "dns.a": "192.168.0.117" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:48.252447000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494928.252447000", - "frame.time_delta": "0.056089000", - "frame.time_delta_displayed": "0.056089000", - "frame.time_relative": "1336.791761000", - "frame.number": "4688", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x0000ec9f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000dcb7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:48.305332000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494928.305332000", - "frame.time_delta": "0.052885000", - "frame.time_delta_displayed": "0.052885000", - "frame.time_relative": "1336.844646000", - "frame.number": "4689", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x0000eca2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000dcb4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:48.358168000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494928.358168000", - "frame.time_delta": "0.052836000", - "frame.time_delta_displayed": "0.052836000", - "frame.time_relative": "1336.897482000", - "frame.number": "4690", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x0000eca4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000dca9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:48.411079000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494928.411079000", - "frame.time_delta": "0.052911000", - "frame.time_delta_displayed": "0.052911000", - "frame.time_relative": "1336.950393000", - "frame.number": "4691", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x0000eca7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000dca6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:48.463923000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494928.463923000", - "frame.time_delta": "0.052844000", - "frame.time_delta_displayed": "0.052844000", - "frame.time_relative": "1337.003237000", - "frame.number": "4692", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x0000ecaa", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000dca9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:48.516782000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494928.516782000", - "frame.time_delta": "0.052859000", - "frame.time_delta_displayed": "0.052859000", - "frame.time_relative": "1337.056096000", - "frame.number": "4693", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x0000ecaf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000dca4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:49.163906000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494929.163906000", - "frame.time_delta": "0.647124000", - "frame.time_delta_displayed": "0.647124000", - "frame.time_relative": "1337.703220000", - "frame.number": "4694", - "frame.len": "89", - "frame.cap_len": "89", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "75", - "ip.id": "0x000090ff", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00004889", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "55", - "udp.checksum": "0x00006fa3", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.response_to": "4685", - "dns.time": "2.002885000", - "dns.id": "0x00000000", - "dns.flags": "0x00008400", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "1", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.recavail": "0", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "0", - "dns.count.answers": "1", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Answers": { - "192-168-0-117.local: type A, class IN, cache flush, addr 192.168.0.117": { - "dns.resp.name": "192-168-0-117.local", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "1", - "dns.resp.ttl": "3600", - "dns.resp.len": "4", - "dns.a": "192.168.0.117" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:49.711472000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494929.711472000", - "frame.time_delta": "0.547566000", - "frame.time_delta_displayed": "0.547566000", - "frame.time_relative": "1338.250786000", - "frame.number": "4695", - "frame.len": "145", - "frame.cap_len": "145", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "131", - "ip.id": "0x00002d25", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000380b", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "79", - "tcp.seq": "13091", - "tcp.nxtseq": "13170", - "tcp.ack": "61374", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00000a6e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:16:38:00:26:b3:38", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812286520, TSecr 2536248": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812286520", - "tcp.options.timestamp.tsecr": "2536248" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "79", - "tcp.analysis.push_bytes_sent": "79" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "74", - "ssl.app_data": "34:cd:34:17:47:48:0e:8f:e5:72:b9:68:de:7c:0f:4e:51:e4:01:0c:9a:e8:99:3e:3a:8b:da:dd:45:8e:e5:a9:a0:b6:26:19:97:d0:b6:5e:11:34:59:41:9b:e7:17:d5:70:37:ef:5a:58:ea:e0:11:ba:54:c8:4f:e7:05:57:61:b8:1a:13:57:fe:2a:c2:f8:43:d1" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:49.712036000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494929.712036000", - "frame.time_delta": "0.000564000", - "frame.time_delta_displayed": "0.000564000", - "frame.time_relative": "1338.251350000", - "frame.number": "4696", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00009626", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007759", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "61374", - "tcp.ack": "13170", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000b281", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:bb:b1:a7:a0:16:38", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2538417, TSecr 2812286520": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2538417", - "tcp.options.timestamp.tsecr": "2812286520" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4695", - "tcp.analysis.ack_rtt": "0.000564000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:49.715723000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494929.715723000", - "frame.time_delta": "0.003687000", - "frame.time_delta_displayed": "0.003687000", - "frame.time_relative": "1338.255037000", - "frame.number": "4697", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00009627", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007729", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "61374", - "tcp.nxtseq": "61421", - "tcp.ack": "13170", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000e9df", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:bb:b2:a7:a0:16:38", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2538418, TSecr 2812286520": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2538418", - "tcp.options.timestamp.tsecr": "2812286520" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:d9:6d:dd:70:fc:8c:4b:a7:b3:54:6d:5e:95:22:71:21:fa:f1:b4:45:aa:ca:75:13:ea:90:f4:e9:eb:05:43:b7:52:f1:72" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:49.814356000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494929.814356000", - "frame.time_delta": "0.098633000", - "frame.time_delta_displayed": "0.098633000", - "frame.time_relative": "1338.353670000", - "frame.number": "4698", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d26", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003859", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "13170", - "tcp.ack": "61421", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000b326", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:16:52:00:26:bb:b2", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812286546, TSecr 2538418": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812286546", - "tcp.options.timestamp.tsecr": "2538418" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4697", - "tcp.analysis.ack_rtt": "0.098633000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:49.889370000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494929.889370000", - "frame.time_delta": "0.075014000", - "frame.time_delta_displayed": "0.075014000", - "frame.time_relative": "1338.428684000", - "frame.number": "4699", - "frame.len": "409", - "frame.cap_len": "409", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "395", - "ip.id": "0x00009628", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007600", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "343", - "tcp.seq": "61421", - "tcp.nxtseq": "61764", - "tcp.ack": "13170", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00004b40", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:bb:c3:a7:a0:16:52", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2538435, TSecr 2812286546": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2538435", - "tcp.options.timestamp.tsecr": "2812286546" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "343", - "tcp.analysis.push_bytes_sent": "343" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "338", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:da:9d:64:e7:8e:1c:4f:85:f1:fc:8c:a8:b3:b8:68:4e:de:27:eb:fb:0a:d6:35:3d:2d:98:6e:46:a5:c5:ad:6c:b5:85:71:f6:00:1e:f9:58:bc:b9:1d:e6:41:a6:b0:62:12:09:7d:35:76:fd:af:7e:19:92:99:12:0c:48:97:e1:7e:2a:f5:ad:07:38:a9:f4:32:8f:7e:77:ba:c2:cf:1a:01:53:bb:ba:d4:0c:9c:eb:71:a9:c9:f2:b1:37:63:8d:7c:1e:dd:04:91:06:a5:4a:c5:b4:21:5d:28:5f:bf:ea:6b:cf:4c:9b:7f:c7:62:10:d1:5a:70:de:25:f7:cc:6c:46:b6:f1:26:b4:d3:1c:bf:57:a0:14:c8:72:2f:0d:e6:92:32:7f:48:a4:6e:ce:65:13:ff:e3:0b:ca:e9:74:e7:95:6a:33:00:b0:ff:2c:06:7e:44:dc:a1:31:27:41:92:2b:a2:1a:65:0b:fd:6a:a1:85:82:c9:1a:26:1f:30:6c:be:06:2a:a1:5a:2e:6d:6d:62:58:61:93:b2:01:e3:6c:22:d0:9e:88:6f:04:92:1c:10:be:18:f9:dd:e5:01:00:68:1f:18:23:23:04:8f:3a:c9:39:a6:49:0f:35:98:1c:59:26:00:2f:8a:95:dc:f6:51:fa:19:4c:b7:a1:e0:76:27:86:24:d2:34:00:72:c8:92:8b:27:61:4a:76:ef:1f:ff:39:21:cb:63:11:74:29:20:64:20:2e:b3:a0:83:13:e3:04:a3:06:bf:34:e6:be:09:4d:ce:6e:09:62:47:f7:be:2e:91:93:da:2c:6c:67:68:16:08:d5:0e:a4:44:c9:a5:23:9b:1b:49:38:62:d4:38:a5:f3" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:49.950297000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494929.950297000", - "frame.time_delta": "0.060927000", - "frame.time_delta_displayed": "0.060927000", - "frame.time_relative": "1338.489611000", - "frame.number": "4700", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d27", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003858", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "13170", - "tcp.ack": "61764", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000b19d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:16:73:00:26:bb:c3", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812286579, TSecr 2538435": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812286579", - "tcp.options.timestamp.tsecr": "2538435" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4699", - "tcp.analysis.ack_rtt": "0.060927000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:49.950820000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494929.950820000", - "frame.time_delta": "0.000523000", - "frame.time_delta_displayed": "0.000523000", - "frame.time_relative": "1338.490134000", - "frame.number": "4701", - "frame.len": "411", - "frame.cap_len": "411", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "397", - "ip.id": "0x00009629", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000075fd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "345", - "tcp.seq": "61764", - "tcp.nxtseq": "62109", - "tcp.ack": "13170", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000cc7c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:bb:c9:a7:a0:16:73", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2538441, TSecr 2812286579": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2538441", - "tcp.options.timestamp.tsecr": "2812286579" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "345", - "tcp.analysis.push_bytes_sent": "345" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "340", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:db:b9:b2:9f:60:9f:13:3b:25:02:ac:29:43:ec:a7:40:f2:2d:e9:84:b1:e9:14:bd:62:8b:97:a2:6b:cf:b0:65:cf:28:87:1b:38:6f:6b:01:c3:15:26:c6:06:13:5b:4c:2a:93:fd:49:89:01:17:a2:22:dd:00:5c:77:35:b9:82:78:60:2d:0c:6c:b3:60:63:24:d2:27:da:d3:5a:42:99:ac:ef:cd:14:1f:46:4f:8c:fd:52:f2:bf:f6:90:82:7c:27:f3:6d:57:68:8e:10:b3:72:49:3f:71:48:fb:26:86:b0:b1:1c:10:9c:1e:ea:84:20:32:5a:fd:26:6e:cd:9c:0c:ab:cf:07:96:0e:14:03:53:99:fa:75:0e:e2:fb:68:99:45:3a:69:54:e7:88:82:c9:07:e6:d5:e1:13:80:ca:f8:1d:9b:01:a2:93:96:45:80:bb:93:7b:5e:49:3c:4c:ce:07:ba:a5:26:79:54:b5:87:aa:cf:19:4d:17:96:9f:30:5d:5f:bb:68:e9:05:78:65:78:3b:4e:98:f7:08:f0:72:63:2d:74:0c:ab:24:9e:ec:c7:b3:5d:8e:08:1b:50:40:fd:ec:58:ca:0b:40:b0:de:00:af:45:24:d0:67:97:70:0b:3f:71:fa:23:b1:e0:37:b7:1c:97:6e:d2:e8:37:5e:23:0e:3c:11:2d:1e:08:02:46:0b:f0:29:23:ee:72:83:a3:58:bf:5e:40:ed:8a:3d:0b:0e:30:6f:e8:96:15:e5:05:1f:3b:29:bc:0d:a2:3a:5b:fc:ad:02:9c:14:a3:46:05:1c:23:53:a0:40:74:a6:f7:17:ee:52:00:35:88:1b:f8:60:95:38:39:e3:b7:c3:b2:37:7c:23" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:49.950950000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494929.950950000", - "frame.time_delta": "0.000130000", - "frame.time_delta_displayed": "0.000130000", - "frame.time_relative": "1338.490264000", - "frame.number": "4702", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002d28", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003828", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "13170", - "tcp.nxtseq": "13217", - "tcp.ack": "61764", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00004c1c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:16:74:00:26:bb:c3", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812286580, TSecr 2538435": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812286580", - "tcp.options.timestamp.tsecr": "2538435" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:90:3d:a1:84:00:6e:e1:17:bf:1f:3b:5b:11:55:15:6d:7e:c6:2f:f4:4b:f8:a7:da:41:79:91:ac:5b:41:14:c4:1b:49:bf" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:49.983053000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494929.983053000", - "frame.time_delta": "0.032103000", - "frame.time_delta_displayed": "0.032103000", - "frame.time_relative": "1338.522367000", - "frame.number": "4703", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000962a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007755", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "62109", - "tcp.ack": "13217", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000af1b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:bb:cd:a7:a0:16:74", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2538445, TSecr 2812286580": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2538445", - "tcp.options.timestamp.tsecr": "2812286580" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4702", - "tcp.analysis.ack_rtt": "0.032103000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:50.011622000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494930.011622000", - "frame.time_delta": "0.028569000", - "frame.time_delta_displayed": "0.028569000", - "frame.time_relative": "1338.550936000", - "frame.number": "4704", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002d29", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003827", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "13217", - "tcp.nxtseq": "13264", - "tcp.ack": "62109", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000010c4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:16:83:00:26:bb:c9", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812286595, TSecr 2538441": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812286595", - "tcp.options.timestamp.tsecr": "2538441" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4701", - "tcp.analysis.ack_rtt": "0.060802000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:91:ce:b4:6c:03:f7:87:fc:89:50:8c:93:f2:b7:db:a0:55:9a:14:e4:19:99:a9:44:69:b0:fb:fa:45:fb:00:58:a9:7b:f5" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:50.012114000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494930.012114000", - "frame.time_delta": "0.000492000", - "frame.time_delta_displayed": "0.000492000", - "frame.time_relative": "1338.551428000", - "frame.number": "4705", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000962b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007754", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "62109", - "tcp.ack": "13264", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000aedb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:bb:cf:a7:a0:16:83", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2538447, TSecr 2812286595": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2538447", - "tcp.options.timestamp.tsecr": "2812286595" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4704", - "tcp.analysis.ack_rtt": "0.000492000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:52.645275000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494932.645275000", - "frame.time_delta": "2.633161000", - "frame.time_delta_displayed": "2.633161000", - "frame.time_relative": "1341.184589000", - "frame.number": "4706", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001f41", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b8af", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00001077", - "udp.checksum.status": "2", - "udp.stream": "98" - }, - "mdns": { - "dns.id": "0x0000027f", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=639", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:52.645807000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494932.645807000", - "frame.time_delta": "0.000532000", - "frame.time_delta_displayed": "0.000532000", - "frame.time_relative": "1341.185121000", - "frame.number": "4707", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001f42", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000099aa", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f172", - "udp.checksum.status": "2", - "udp.stream": "99" - }, - "mdns": { - "dns.id": "0x0000027f", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=639", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:52.646425000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494932.646425000", - "frame.time_delta": "0.000618000", - "frame.time_delta_displayed": "0.000618000", - "frame.time_relative": "1341.185739000", - "frame.number": "4708", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1322", - "udp.dstport": "5353", - "udp.port": "1322", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00007f38", - "udp.checksum.status": "2", - "udp.stream": "100" - }, - "mdns": { - "dns.id": "0x0000027f", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=639", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:54.721156000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494934.721156000", - "frame.time_delta": "2.074731000", - "frame.time_delta_displayed": "2.074731000", - "frame.time_relative": "1343.260470000", - "frame.number": "4709", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.242" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:54.721692000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494934.721692000", - "frame.time_delta": "0.000536000", - "frame.time_delta_displayed": "0.000536000", - "frame.time_relative": "1343.261006000", - "frame.number": "4710", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "d0:52:a8:a3:60:0f", - "arp.src.proto_ipv4": "192.168.0.242", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:57.645550000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494937.645550000", - "frame.time_delta": "2.923858000", - "frame.time_delta_displayed": "2.923858000", - "frame.time_relative": "1346.184864000", - "frame.number": "4711", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001f43", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b8ad", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00001077", - "udp.checksum.status": "2", - "udp.stream": "98" - }, - "mdns": { - "dns.id": "0x0000027f", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=639", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:57.646063000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494937.646063000", - "frame.time_delta": "0.000513000", - "frame.time_delta_displayed": "0.000513000", - "frame.time_relative": "1346.185377000", - "frame.number": "4712", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001f44", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000099a8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f172", - "udp.checksum.status": "2", - "udp.stream": "99" - }, - "mdns": { - "dns.id": "0x0000027f", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=639", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:08:57.646671000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494937.646671000", - "frame.time_delta": "0.000608000", - "frame.time_delta_displayed": "0.000608000", - "frame.time_relative": "1346.185985000", - "frame.number": "4713", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1322", - "udp.dstport": "5353", - "udp.port": "1322", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00007f38", - "udp.checksum.status": "2", - "udp.stream": "100" - }, - "mdns": { - "dns.id": "0x0000027f", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=639", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:01.707386000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494941.707386000", - "frame.time_delta": "4.060715000", - "frame.time_delta_displayed": "4.060715000", - "frame.time_relative": "1350.246700000", - "frame.number": "4714", - "frame.len": "20", - "frame.cap_len": "20", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:llc" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.len": "6" - }, - "llc": { - "llc.dsap": "0x00000000", - "llc.dsap_tree": { - "llc.dsap.sap": "0", - "llc.dsap.ig": "0" - }, - "llc.ssap": "0x00000001", - "llc.ssap_tree": { - "llc.ssap.sap": "0", - "llc.ssap.cr": "1" - }, - "llc.control": "0x000000af", - "llc.control_tree": { - "llc.control.u_modifier_resp": "0x0000002b", - "llc.control.ftype": "0x00000003" - } - }, - "basicxid": { - "basicxid.llc.xid.format": "0x00000081", - "basicxid.llc.xid.types": "0x00000001", - "basicxid.llc.xid.wsize": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:01.929347000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494941.929347000", - "frame.time_delta": "0.221961000", - "frame.time_delta_displayed": "0.221961000", - "frame.time_relative": "1350.468661000", - "frame.number": "4715", - "frame.len": "350", - "frame.cap_len": "350", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:bootp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "336", - "ip.id": "0x00000000", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ba9d", - "ip.checksum.status": "2", - "ip.src": "0.0.0.0", - "ip.addr": "0.0.0.0", - "ip.src_host": "0.0.0.0", - "ip.host": "0.0.0.0", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "68", - "udp.dstport": "67", - "udp.port": "68", - "udp.port": "67", - "udp.length": "316", - "udp.checksum": "0x00004f9e", - "udp.checksum.status": "2", - "udp.stream": "3" - }, - "bootp": { - "bootp.type": "1", - "bootp.hw.type": "0x00000001", - "bootp.hw.len": "6", - "bootp.hops": "0", - "bootp.id": "0xabcd0001", - "bootp.secs": "0", - "bootp.flags": "0x00000000", - "bootp.flags_tree": { - "bootp.flags.bc": "0", - "bootp.flags.reserved": "0x00000000" - }, - "bootp.ip.client": "0.0.0.0", - "bootp.ip.your": "0.0.0.0", - "bootp.ip.server": "0.0.0.0", - "bootp.ip.relay": "0.0.0.0", - "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", - "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", - "bootp.server": "", - "bootp.file": "", - "bootp.dhcp": "1", - "bootp.cookie": "99.130.83.99", - "bootp.option.type": "53", - "bootp.option.type_tree": { - "bootp.option.length": "1", - "bootp.option.value": "01", - "bootp.option.dhcp": "1" - }, - "bootp.option.type": "12", - "bootp.option.type_tree": { - "bootp.option.length": "14", - "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", - "bootp.option.hostname": "USR-WIFI232-G2" - }, - "bootp.option.type": "57", - "bootp.option.type_tree": { - "bootp.option.length": "2", - "bootp.option.value": "05:dc", - "bootp.option.dhcp_max_message_size": "1500" - }, - "bootp.option.type": "55", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "01:03:1c:06", - "bootp.option.request_list_item": "1", - "bootp.option.request_list_item": "3", - "bootp.option.request_list_item": "28", - "bootp.option.request_list_item": "6" - }, - "bootp.option.type": "0", - "bootp.option.type_tree": { - "bootp.option.end": "255" - }, - "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:01.969093000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494941.969093000", - "frame.time_delta": "0.039746000", - "frame.time_delta_displayed": "0.039746000", - "frame.time_relative": "1350.508407000", - "frame.number": "4716", - "frame.len": "350", - "frame.cap_len": "350", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:bootp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "336", - "ip.id": "0x00000001", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ba9c", - "ip.checksum.status": "2", - "ip.src": "0.0.0.0", - "ip.addr": "0.0.0.0", - "ip.src_host": "0.0.0.0", - "ip.host": "0.0.0.0", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "68", - "udp.dstport": "67", - "udp.port": "68", - "udp.port": "67", - "udp.length": "316", - "udp.checksum": "0x000080b3", - "udp.checksum.status": "2", - "udp.stream": "3" - }, - "bootp": { - "bootp.type": "1", - "bootp.hw.type": "0x00000001", - "bootp.hw.len": "6", - "bootp.hops": "0", - "bootp.id": "0xabcd0002", - "bootp.secs": "0", - "bootp.flags": "0x00000000", - "bootp.flags_tree": { - "bootp.flags.bc": "0", - "bootp.flags.reserved": "0x00000000" - }, - "bootp.ip.client": "0.0.0.0", - "bootp.ip.your": "0.0.0.0", - "bootp.ip.server": "0.0.0.0", - "bootp.ip.relay": "0.0.0.0", - "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", - "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", - "bootp.server": "", - "bootp.file": "", - "bootp.dhcp": "1", - "bootp.cookie": "99.130.83.99", - "bootp.option.type": "53", - "bootp.option.type_tree": { - "bootp.option.length": "1", - "bootp.option.value": "03", - "bootp.option.dhcp": "3" - }, - "bootp.option.type": "12", - "bootp.option.type_tree": { - "bootp.option.length": "14", - "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", - "bootp.option.hostname": "USR-WIFI232-G2" - }, - "bootp.option.type": "57", - "bootp.option.type_tree": { - "bootp.option.length": "2", - "bootp.option.value": "05:dc", - "bootp.option.dhcp_max_message_size": "1500" - }, - "bootp.option.type": "50", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "c0:a8:00:72", - "bootp.option.requested_ip_address": "192.168.0.114" - }, - "bootp.option.type": "54", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "c0:a8:00:01", - "bootp.option.dhcp_server_id": "192.168.0.1" - }, - "bootp.option.type": "55", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "01:03:1c:06", - "bootp.option.request_list_item": "1", - "bootp.option.request_list_item": "3", - "bootp.option.request_list_item": "28", - "bootp.option.request_list_item": "6" - }, - "bootp.option.type": "0", - "bootp.option.type_tree": { - "bootp.option.end": "255" - }, - "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:01.990314000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494941.990314000", - "frame.time_delta": "0.021221000", - "frame.time_delta_displayed": "0.021221000", - "frame.time_relative": "1350.529628000", - "frame.number": "4717", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", - "arp.src.proto_ipv4": "0.0.0.0", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.114" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:02.075010000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494942.075010000", - "frame.time_delta": "0.084696000", - "frame.time_delta_displayed": "0.084696000", - "frame.time_relative": "1350.614324000", - "frame.number": "4718", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", - "arp.src.proto_ipv4": "0.0.0.0", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.114" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:02.645676000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494942.645676000", - "frame.time_delta": "0.570666000", - "frame.time_delta_displayed": "0.570666000", - "frame.time_relative": "1351.184990000", - "frame.number": "4719", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001f45", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b8ab", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00001077", - "udp.checksum.status": "2", - "udp.stream": "98" - }, - "mdns": { - "dns.id": "0x0000027f", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=639", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:02.646175000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494942.646175000", - "frame.time_delta": "0.000499000", - "frame.time_delta_displayed": "0.000499000", - "frame.time_relative": "1351.185489000", - "frame.number": "4720", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001f46", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000099a6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f172", - "udp.checksum.status": "2", - "udp.stream": "99" - }, - "mdns": { - "dns.id": "0x0000027f", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=639", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:02.647281000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494942.647281000", - "frame.time_delta": "0.001106000", - "frame.time_delta_displayed": "0.001106000", - "frame.time_relative": "1351.186595000", - "frame.number": "4721", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1322", - "udp.dstport": "5353", - "udp.port": "1322", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00007f38", - "udp.checksum.status": "2", - "udp.stream": "100" - }, - "mdns": { - "dns.id": "0x0000027f", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=639", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:04.479427000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494944.479427000", - "frame.time_delta": "1.832146000", - "frame.time_delta_displayed": "1.832146000", - "frame.time_relative": "1353.018741000", - "frame.number": "4722", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000580e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a683", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "4957", - "tcp.ack": "505", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f16a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive": "", - "_ws.expert.message": "TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:04.629337000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494944.629337000", - "frame.time_delta": "0.149910000", - "frame.time_delta_displayed": "0.149910000", - "frame.time_relative": "1353.168651000", - "frame.number": "4723", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000ff7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fd9a", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "505", - "tcp.ack": "4958", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000fbdf", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive_ack": "", - "_ws.expert.message": "ACK to a TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:05.927404000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494945.927404000", - "frame.time_delta": "1.298067000", - "frame.time_delta_displayed": "1.298067000", - "frame.time_relative": "1354.466718000", - "frame.number": "4724", - "frame.len": "136", - "frame.cap_len": "136", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "122", - "ip.id": "0x0000a484", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000034d5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "102", - "udp.checksum": "0x0000302a", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000003", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", - "dns.qry.name.len": "70", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:06.626382000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494946.626382000", - "frame.time_delta": "0.698978000", - "frame.time_delta_displayed": "0.698978000", - "frame.time_relative": "1355.165696000", - "frame.number": "4725", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005d51", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x00005a98", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:07.174018000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494947.174018000", - "frame.time_delta": "0.547636000", - "frame.time_delta_displayed": "0.547636000", - "frame.time_relative": "1355.713332000", - "frame.number": "4726", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", - "arp.src.proto_ipv4": "192.168.0.114", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:09.489355000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494949.489355000", - "frame.time_delta": "2.315337000", - "frame.time_delta_displayed": "2.315337000", - "frame.time_relative": "1358.028669000", - "frame.number": "4727", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "00:17:88:69:ee:e4", - "arp.src.proto_ipv4": "192.168.0.160", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:09.489535000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494949.489535000", - "frame.time_delta": "0.000180000", - "frame.time_delta_displayed": "0.000180000", - "frame.time_relative": "1358.028849000", - "frame.number": "4728", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:17:88:69:ee:e4", - "arp.dst.proto_ipv4": "192.168.0.160" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:10.203846000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494950.203846000", - "frame.time_delta": "0.714311000", - "frame.time_delta_displayed": "0.714311000", - "frame.time_relative": "1358.743160000", - "frame.number": "4729", - "frame.len": "82", - "frame.cap_len": "82", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "68", - "ip.id": "0x00000b75", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ed4b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "48", - "udp.checksum": "0x00004e4f", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "28:00:00:54:42:52:4b:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:00:44:a7:25:a7:a8:cd:f2:14:96:01:00:00:52:0d:00:00", - "data.len": "40" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:15.677795000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494955.677795000", - "frame.time_delta": "5.473949000", - "frame.time_delta_displayed": "5.473949000", - "frame.time_relative": "1364.217109000", - "frame.number": "4730", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "60:57:18:8e:aa:94", - "arp.src.proto_ipv4": "192.168.0.108", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:21.035981000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494961.035981000", - "frame.time_delta": "5.358186000", - "frame.time_delta_displayed": "5.358186000", - "frame.time_relative": "1369.575295000", - "frame.number": "4731", - "frame.len": "115", - "frame.cap_len": "115", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "101", - "ip.id": "0x0000962c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007722", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "49", - "tcp.seq": "62109", - "tcp.nxtseq": "62158", - "tcp.ack": "13264", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000e9dd", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:c7:ee:a7:a0:16:83", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2541550, TSecr 2812286595": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2541550", - "tcp.options.timestamp.tsecr": "2812286595" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "49", - "tcp.analysis.push_bytes_sent": "49" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "44", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:dc:40:a5:bc:88:5d:d0:05:ca:92:7c:11:03:3a:fe:bc:12:68:29:e2:56:57:be:f7:2c:d9:c2:78:7b:5e:b9:c0:d7:a3:6d:da:d8" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:21.096705000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494961.096705000", - "frame.time_delta": "0.060724000", - "frame.time_delta_displayed": "0.060724000", - "frame.time_relative": "1369.636019000", - "frame.number": "4732", - "frame.len": "121", - "frame.cap_len": "121", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "107", - "ip.id": "0x00002d2a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000381e", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "55", - "tcp.seq": "13264", - "tcp.nxtseq": "13319", - "tcp.ack": "62158", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000054f7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:34:de:00:26:c7:ee", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812294366, TSecr 2541550": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812294366", - "tcp.options.timestamp.tsecr": "2541550" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4731", - "tcp.analysis.ack_rtt": "0.060724000", - "tcp.analysis.bytes_in_flight": "55", - "tcp.analysis.push_bytes_sent": "55" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "50", - "ssl.app_data": "34:cd:34:17:47:48:0e:92:2b:86:db:1e:4e:9f:5e:e7:36:f5:49:60:16:fb:29:e9:53:43:5d:5c:bc:d8:87:b9:2f:5d:8c:d5:e3:89:54:53:aa:bb:1f:bd:b4:c5:97:04:b2:3a" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:21.097240000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494961.097240000", - "frame.time_delta": "0.000535000", - "frame.time_delta_displayed": "0.000535000", - "frame.time_relative": "1369.636554000", - "frame.number": "4733", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000962d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007752", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "62158", - "tcp.ack": "13319", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000083f3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:c7:f4:a7:a0:34:de", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2541556, TSecr 2812294366": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2541556", - "tcp.options.timestamp.tsecr": "2812294366" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4732", - "tcp.analysis.ack_rtt": "0.000535000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:24.212281000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494964.212281000", - "frame.time_delta": "3.115041000", - "frame.time_delta_displayed": "3.115041000", - "frame.time_relative": "1372.751595000", - "frame.number": "4734", - "frame.len": "407", - "frame.cap_len": "407", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "393", - "ip.id": "0x0000962e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000075fc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "341", - "tcp.seq": "62158", - "tcp.nxtseq": "62499", - "tcp.ack": "13319", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00009db5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:c9:2c:a7:a0:34:de", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2541868, TSecr 2812294366": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2541868", - "tcp.options.timestamp.tsecr": "2812294366" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "341", - "tcp.analysis.push_bytes_sent": "341" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "336", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:dd:fa:0f:45:07:33:34:8e:a5:e6:d2:dc:fe:92:49:3d:a1:2d:00:67:a6:27:2a:72:38:8d:f2:02:ce:7b:8e:ff:25:91:c1:30:af:4c:74:ec:48:39:54:dc:92:fd:f7:47:d5:4b:94:76:5e:2c:25:12:9b:f6:77:47:c5:d3:eb:09:0c:16:f2:f9:31:f1:2a:d8:f7:68:02:64:e5:7e:76:d3:df:a0:81:03:90:eb:fe:e2:dd:d4:6a:d8:01:55:ee:ea:21:e3:c7:c2:90:dc:e2:4b:2b:88:ef:f7:e4:97:ed:f3:7d:1d:10:bc:61:5e:79:54:05:13:12:17:cf:6d:f3:14:ae:6a:1f:9e:67:cb:5b:34:60:15:4b:b8:1c:39:78:7f:c1:ea:d8:a8:47:54:f8:e4:24:53:05:a7:04:92:d7:b5:40:57:82:bb:84:4f:18:9b:6f:53:79:73:fa:e6:8c:c1:69:47:4f:3b:67:d9:fa:de:32:53:ba:c1:d4:e7:bb:66:e7:3c:e9:85:d3:ad:52:84:28:94:e1:fd:b3:19:30:1b:d0:4a:fc:c7:8d:b3:06:2d:27:dc:a2:bd:be:dd:3f:42:f2:6f:ed:7e:fb:7a:bd:3a:7d:6f:9d:1f:18:98:34:5b:8c:4d:bf:43:48:69:69:12:1a:ed:e2:3d:99:40:7d:bf:24:03:76:c2:cd:95:22:45:3a:62:22:ac:0e:ba:3c:0b:95:7d:36:d6:53:8b:a2:0e:26:72:2e:58:63:5e:df:4e:20:63:4b:25:a6:3e:56:26:3c:48:e1:57:1c:75:9e:43:eb:1f:09:b9:66:03:58:c8:bf:d5:b5:70:f8:fb:20:84:72:63:f0:28:94:f1:a5:5e:a7" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:24.275166000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494964.275166000", - "frame.time_delta": "0.062885000", - "frame.time_delta_displayed": "0.062885000", - "frame.time_relative": "1372.814480000", - "frame.number": "4735", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002d2b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003825", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "13319", - "tcp.nxtseq": "13366", - "tcp.ack": "62499", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00006a3f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:37:f8:00:26:c9:2c", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812295160, TSecr 2541868": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812295160", - "tcp.options.timestamp.tsecr": "2541868" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4734", - "tcp.analysis.ack_rtt": "0.062885000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:93:68:61:8c:53:c7:6e:cd:33:91:e6:0e:5d:a3:57:eb:2a:c7:50:09:96:a3:0e:36:1a:a4:51:1b:f0:22:ea:e7:59:d6:5d" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:24.275607000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494964.275607000", - "frame.time_delta": "0.000441000", - "frame.time_delta_displayed": "0.000441000", - "frame.time_relative": "1372.814921000", - "frame.number": "4736", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000962f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007750", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "62499", - "tcp.ack": "13366", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00007e17", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:c9:32:a7:a0:37:f8", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2541874, TSecr 2812295160": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2541874", - "tcp.options.timestamp.tsecr": "2812295160" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4735", - "tcp.analysis.ack_rtt": "0.000441000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:26.218290000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494966.218290000", - "frame.time_delta": "1.942683000", - "frame.time_delta_displayed": "1.942683000", - "frame.time_relative": "1374.757604000", - "frame.number": "4737", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:igmp:igmp" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_16", - "eth.addr": "01:00:5e:00:00:16", - "eth.addr_resolved": "IPv4mcast_16", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "24", - "ip.dsfield": "0x000000c0", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "48", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "2", - "ip.checksum": "0x000042dc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.22", - "ip.addr": "224.0.0.22", - "ip.dst_host": "224.0.0.22", - "ip.host": "224.0.0.22", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "Options: (4 bytes), Router Alert": { - "Router Alert (4 bytes): Router shall examine packet (0)": { - "ip.opt.type": "148", - "ip.opt.type_tree": { - "ip.opt.type.copy": "1", - "ip.opt.type.class": "0", - "ip.opt.type.number": "20" - }, - "ip.opt.len": "4", - "ip.opt.ra": "0" - } - } - }, - "igmp": { - "igmp.version": "3", - "igmp.type": "0x00000022", - "igmp.reserved": "00", - "igmp.checksum": "0x0000fa02", - "igmp.checksum.status": "1", - "igmp.reserved": "00:00", - "igmp.num_grp_recs": "1", - "Group Record : 224.0.0.251 Change To Include Mode": { - "igmp.record_type": "3", - "igmp.aux_data_len": "0", - "igmp.num_src": "0", - "igmp.maddr": "224.0.0.251" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:26.702544000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494966.702544000", - "frame.time_delta": "0.484254000", - "frame.time_delta_displayed": "0.484254000", - "frame.time_relative": "1375.241858000", - "frame.number": "4738", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "60:f1:89:96:45:f6", - "arp.src.proto_ipv4": "192.168.0.86", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:27.007957000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494967.007957000", - "frame.time_delta": "0.305413000", - "frame.time_delta_displayed": "0.305413000", - "frame.time_relative": "1375.547271000", - "frame.number": "4739", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:igmp:igmp" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_16", - "eth.addr": "01:00:5e:00:00:16", - "eth.addr_resolved": "IPv4mcast_16", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "24", - "ip.dsfield": "0x000000c0", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "48", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "2", - "ip.checksum": "0x000042dc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.22", - "ip.addr": "224.0.0.22", - "ip.dst_host": "224.0.0.22", - "ip.host": "224.0.0.22", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "Options: (4 bytes), Router Alert": { - "Router Alert (4 bytes): Router shall examine packet (0)": { - "ip.opt.type": "148", - "ip.opt.type_tree": { - "ip.opt.type.copy": "1", - "ip.opt.type.class": "0", - "ip.opt.type.number": "20" - }, - "ip.opt.len": "4", - "ip.opt.ra": "0" - } - } - }, - "igmp": { - "igmp.version": "3", - "igmp.type": "0x00000022", - "igmp.reserved": "00", - "igmp.checksum": "0x0000f902", - "igmp.checksum.status": "1", - "igmp.reserved": "00:00", - "igmp.num_grp_recs": "1", - "Group Record : 224.0.0.251 Change To Exclude Mode": { - "igmp.record_type": "4", - "igmp.aux_data_len": "0", - "igmp.num_src": "0", - "igmp.maddr": "224.0.0.251" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:27.014983000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494967.014983000", - "frame.time_delta": "0.007026000", - "frame.time_delta_displayed": "0.007026000", - "frame.time_relative": "1375.554297000", - "frame.number": "4740", - "frame.len": "136", - "frame.cap_len": "136", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "122", - "ip.id": "0x0000ba85", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00001ed4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "102", - "udp.checksum": "0x0000302b", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000001", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", - "dns.qry.name.len": "70", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:27.031559000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494967.031559000", - "frame.time_delta": "0.016576000", - "frame.time_delta_displayed": "0.016576000", - "frame.time_relative": "1375.570873000", - "frame.number": "4741", - "frame.len": "136", - "frame.cap_len": "136", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "122", - "ip.id": "0x0000ba87", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00001ed2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "102", - "udp.checksum": "0x0000302b", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000001", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", - "dns.qry.name.len": "70", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:27.237119000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494967.237119000", - "frame.time_delta": "0.205560000", - "frame.time_delta_displayed": "0.205560000", - "frame.time_relative": "1375.776433000", - "frame.number": "4742", - "frame.len": "83", - "frame.cap_len": "83", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "69", - "ip.id": "0x0000ba9e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00001ef0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "49", - "udp.checksum": "0x0000edf6", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_smartthings._tcp.local", - "dns.qry.name.len": "23", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:27.237285000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494967.237285000", - "frame.time_delta": "0.000166000", - "frame.time_delta_displayed": "0.000166000", - "frame.time_relative": "1375.776599000", - "frame.number": "4743", - "frame.len": "88", - "frame.cap_len": "88", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "74", - "ip.id": "0x0000ba9f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00001eea", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "54", - "udp.checksum": "0x0000fd7d", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_services._dns-sd._udp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_services._dns-sd._udp.local", - "dns.qry.name.len": "28", - "dns.count.labels": "4", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:27.237427000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494967.237427000", - "frame.time_delta": "0.000142000", - "frame.time_delta_displayed": "0.000142000", - "frame.time_relative": "1375.776741000", - "frame.number": "4744", - "frame.len": "83", - "frame.cap_len": "83", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "69", - "ip.id": "0x0000baa0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00001eee", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "49", - "udp.checksum": "0x0000edf6", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_smartthings._tcp.local", - "dns.qry.name.len": "23", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:27.243112000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494967.243112000", - "frame.time_delta": "0.005685000", - "frame.time_delta_displayed": "0.005685000", - "frame.time_relative": "1375.782426000", - "frame.number": "4745", - "frame.len": "211", - "frame.cap_len": "211", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "197", - "ip.id": "0x0000755a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00006337", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "177", - "udp.checksum": "0x00009320", - "udp.checksum.status": "2", - "udp.stream": "45" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00008400", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "1", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.recavail": "0", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "0", - "dns.count.answers": "4", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Answers": { - "_smartthings._tcp.local: type PTR, class IN, D052A8A1D7EE0001._smartthings._tcp.local": { - "dns.resp.name": "_smartthings._tcp.local", - "dns.resp.type": "12", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "4500", - "dns.resp.len": "19", - "dns.ptr.domain_name": "D052A8A1D7EE0001._smartthings._tcp.local" - }, - "D052A8A1D7EE0001._smartthings._tcp.local: type TXT, class IN, cache flush": { - "dns.resp.name": "D052A8A1D7EE0001._smartthings._tcp.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "1", - "dns.resp.ttl": "4500", - "dns.resp.len": "38", - "dns.txt.length": "6", - "dns.txt": "path=\/", - "dns.txt.length": "19", - "dns.txt": "id=D052A8A1D7EE0001", - "dns.txt.length": "10", - "dns.txt": "type=hubv2" - }, - "D052A8A1D7EE0001._smartthings._tcp.local: type SRV, class IN, cache flush, priority 0, weight 0, port 8081, target D052A8A1D7EE0001.local": { - "dns.srv.service": "D052A8A1D7EE0001", - "dns.srv.proto": "_smartthings", - "dns.srv.name": "_tcp.local", - "dns.resp.type": "33", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "1", - "dns.resp.ttl": "120", - "dns.resp.len": "25", - "dns.srv.priority": "0", - "dns.srv.weight": "0", - "dns.srv.port": "8081", - "dns.srv.target": "D052A8A1D7EE0001.local" - }, - "D052A8A1D7EE0001.local: type A, class IN, cache flush, addr 192.168.0.242": { - "dns.resp.name": "D052A8A1D7EE0001.local", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "1", - "dns.resp.ttl": "120", - "dns.resp.len": "4", - "dns.a": "192.168.0.242" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:27.261271000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494967.261271000", - "frame.time_delta": "0.018159000", - "frame.time_delta_displayed": "0.018159000", - "frame.time_relative": "1375.800585000", - "frame.number": "4746", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:igmp:igmp" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_16", - "eth.addr": "01:00:5e:00:00:16", - "eth.addr_resolved": "IPv4mcast_16", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "24", - "ip.dsfield": "0x000000c0", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "48", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "2", - "ip.checksum": "0x000042dc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.22", - "ip.addr": "224.0.0.22", - "ip.dst_host": "224.0.0.22", - "ip.host": "224.0.0.22", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "Options: (4 bytes), Router Alert": { - "Router Alert (4 bytes): Router shall examine packet (0)": { - "ip.opt.type": "148", - "ip.opt.type_tree": { - "ip.opt.type.copy": "1", - "ip.opt.type.class": "0", - "ip.opt.type.number": "20" - }, - "ip.opt.len": "4", - "ip.opt.ra": "0" - } - } - }, - "igmp": { - "igmp.version": "3", - "igmp.type": "0x00000022", - "igmp.reserved": "00", - "igmp.checksum": "0x0000f902", - "igmp.checksum.status": "1", - "igmp.reserved": "00:00", - "igmp.num_grp_recs": "1", - "Group Record : 224.0.0.251 Change To Exclude Mode": { - "igmp.record_type": "4", - "igmp.aux_data_len": "0", - "igmp.num_src": "0", - "igmp.maddr": "224.0.0.251" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:27.413237000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494967.413237000", - "frame.time_delta": "0.151966000", - "frame.time_delta_displayed": "0.151966000", - "frame.time_relative": "1375.952551000", - "frame.number": "4747", - "frame.len": "108", - "frame.cap_len": "108", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "90:8d:78:e3:81:0c", - "eth.src_tree": { - "eth.src_resolved": "D-LinkIn_e3:81:0c", - "eth.addr": "90:8d:78:e3:81:0c", - "eth.addr_resolved": "D-LinkIn_e3:81:0c", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "94", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000d8fa", - "ip.checksum.status": "2", - "ip.src": "192.168.0.240", - "ip.addr": "192.168.0.240", - "ip.src_host": "192.168.0.240", - "ip.host": "192.168.0.240", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "74", - "udp.checksum": "0x00009b02", - "udp.checksum.status": "2", - "udp.stream": "49" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00008400", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "1", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.recavail": "0", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "0", - "dns.count.answers": "1", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Answers": { - "_services._dns-sd._udp.local: type PTR, class IN, _dhnap._tcp.local": { - "dns.resp.name": "_services._dns-sd._udp.local", - "dns.resp.type": "12", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "4500", - "dns.resp.len": "14", - "dns.ptr.domain_name": "_dhnap._tcp.local" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:27.432783000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494967.432783000", - "frame.time_delta": "0.019546000", - "frame.time_delta_displayed": "0.019546000", - "frame.time_relative": "1375.972097000", - "frame.number": "4748", - "frame.len": "108", - "frame.cap_len": "108", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "c4:12:f5:de:38:20", - "eth.src_tree": { - "eth.src_resolved": "D-LinkIn_de:38:20", - "eth.addr": "c4:12:f5:de:38:20", - "eth.addr_resolved": "D-LinkIn_de:38:20", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "94", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000d995", - "ip.checksum.status": "2", - "ip.src": "192.168.0.85", - "ip.addr": "192.168.0.85", - "ip.src_host": "192.168.0.85", - "ip.host": "192.168.0.85", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "74", - "udp.checksum": "0x00009b9d", - "udp.checksum.status": "2", - "udp.stream": "50" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00008400", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "1", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.recavail": "0", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "0", - "dns.count.answers": "1", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Answers": { - "_services._dns-sd._udp.local: type PTR, class IN, _dhnap._tcp.local": { - "dns.resp.name": "_services._dns-sd._udp.local", - "dns.resp.type": "12", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "4500", - "dns.resp.len": "14", - "dns.ptr.domain_name": "_dhnap._tcp.local" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:27.450807000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494967.450807000", - "frame.time_delta": "0.018024000", - "frame.time_delta_displayed": "0.018024000", - "frame.time_relative": "1375.990121000", - "frame.number": "4749", - "frame.len": "107", - "frame.cap_len": "107", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "3c:ef:8c:6f:79:5a", - "eth.src_tree": { - "eth.src_resolved": "Zhejiang_6f:79:5a", - "eth.addr": "3c:ef:8c:6f:79:5a", - "eth.addr_resolved": "Zhejiang_6f:79:5a", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "93", - "ip.id": "0x00006960", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00007044", - "ip.checksum.status": "2", - "ip.src": "192.168.0.71", - "ip.addr": "192.168.0.71", - "ip.src_host": "192.168.0.71", - "ip.host": "192.168.0.71", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "73", - "udp.checksum": "0x0000791d", - "udp.checksum.status": "2", - "udp.stream": "46" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00008400", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "1", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.recavail": "0", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "0", - "dns.count.answers": "1", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Answers": { - "_services._dns-sd._udp.local: type PTR, class IN, _http._tcp.local": { - "dns.resp.name": "_services._dns-sd._udp.local", - "dns.resp.type": "12", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "4500", - "dns.resp.len": "13", - "dns.ptr.domain_name": "_http._tcp.local" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:27.457107000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494967.457107000", - "frame.time_delta": "0.006300000", - "frame.time_delta_displayed": "0.006300000", - "frame.time_relative": "1375.996421000", - "frame.number": "4750", - "frame.len": "83", - "frame.cap_len": "83", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "69", - "ip.id": "0x0000babc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00001ed2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "49", - "udp.checksum": "0x0000edf6", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_smartthings._tcp.local", - "dns.qry.name.len": "23", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:27.457230000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494967.457230000", - "frame.time_delta": "0.000123000", - "frame.time_delta_displayed": "0.000123000", - "frame.time_relative": "1375.996544000", - "frame.number": "4751", - "frame.len": "83", - "frame.cap_len": "83", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "69", - "ip.id": "0x0000babd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00001ed1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "49", - "udp.checksum": "0x0000edf6", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_smartthings._tcp.local", - "dns.qry.name.len": "23", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:27.458331000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494967.458331000", - "frame.time_delta": "0.001101000", - "frame.time_delta_displayed": "0.001101000", - "frame.time_relative": "1375.997645000", - "frame.number": "4752", - "frame.len": "88", - "frame.cap_len": "88", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "74", - "ip.id": "0x0000babe", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00001ecb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "54", - "udp.checksum": "0x0000fd7d", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_services._dns-sd._udp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_services._dns-sd._udp.local", - "dns.qry.name.len": "28", - "dns.count.labels": "4", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:27.466658000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494967.466658000", - "frame.time_delta": "0.008327000", - "frame.time_delta_displayed": "0.008327000", - "frame.time_relative": "1376.005972000", - "frame.number": "4753", - "frame.len": "108", - "frame.cap_len": "108", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "c4:12:f5:e3:dc:17", - "eth.src_tree": { - "eth.src_resolved": "D-LinkIn_e3:dc:17", - "eth.addr": "c4:12:f5:e3:dc:17", - "eth.addr_resolved": "D-LinkIn_e3:dc:17", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "94", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000d963", - "ip.checksum.status": "2", - "ip.src": "192.168.0.135", - "ip.addr": "192.168.0.135", - "ip.src_host": "192.168.0.135", - "ip.host": "192.168.0.135", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "74", - "udp.checksum": "0x00009b6b", - "udp.checksum.status": "2", - "udp.stream": "48" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00008400", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "1", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.recavail": "0", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "0", - "dns.count.answers": "1", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Answers": { - "_services._dns-sd._udp.local: type PTR, class IN, _dhnap._tcp.local": { - "dns.resp.name": "_services._dns-sd._udp.local", - "dns.resp.type": "12", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "4500", - "dns.resp.len": "14", - "dns.ptr.domain_name": "_dhnap._tcp.local" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:27.518830000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494967.518830000", - "frame.time_delta": "0.052172000", - "frame.time_delta_displayed": "0.052172000", - "frame.time_relative": "1376.058144000", - "frame.number": "4754", - "frame.len": "114", - "frame.cap_len": "114", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "74:da:38:0d:05:55", - "eth.src_tree": { - "eth.src_resolved": "EdimaxTe_0d:05:55", - "eth.addr": "74:da:38:0d:05:55", - "eth.addr_resolved": "EdimaxTe_0d:05:55", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "100", - "ip.id": "0x0000d2fb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00000672", - "ip.checksum.status": "2", - "ip.src": "192.168.0.119", - "ip.addr": "192.168.0.119", - "ip.src_host": "192.168.0.119", - "ip.host": "192.168.0.119", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "80", - "udp.checksum": "0x00004200", - "udp.checksum.status": "2", - "udp.stream": "47" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00008400", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "1", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.recavail": "0", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "0", - "dns.count.answers": "1", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Answers": { - "_services._dns-sd._udp.local: type PTR, class IN, _workstation._tcp.local": { - "dns.resp.name": "_services._dns-sd._udp.local", - "dns.resp.type": "12", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "4500", - "dns.resp.len": "20", - "dns.ptr.domain_name": "_workstation._tcp.local" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:27.647212000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494967.647212000", - "frame.time_delta": "0.128382000", - "frame.time_delta_displayed": "0.128382000", - "frame.time_relative": "1376.186526000", - "frame.number": "4755", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001f49", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b8a7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00001975", - "udp.checksum.status": "2", - "udp.stream": "98" - }, - "mdns": { - "dns.id": "0x00000280", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=640", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:27.647755000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494967.647755000", - "frame.time_delta": "0.000543000", - "frame.time_delta_displayed": "0.000543000", - "frame.time_relative": "1376.187069000", - "frame.number": "4756", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001f4a", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000099a2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000fa70", - "udp.checksum.status": "2", - "udp.stream": "99" - }, - "mdns": { - "dns.id": "0x00000280", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=640", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:27.648608000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494967.648608000", - "frame.time_delta": "0.000853000", - "frame.time_delta_displayed": "0.000853000", - "frame.time_relative": "1376.187922000", - "frame.number": "4757", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1322", - "udp.dstport": "5353", - "udp.port": "1322", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00008836", - "udp.checksum.status": "2", - "udp.stream": "100" - }, - "mdns": { - "dns.id": "0x00000280", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=640", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:27.686069000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494967.686069000", - "frame.time_delta": "0.037461000", - "frame.time_delta_displayed": "0.037461000", - "frame.time_relative": "1376.225383000", - "frame.number": "4758", - "frame.len": "88", - "frame.cap_len": "88", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "74", - "ip.id": "0x0000bae9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00001ea0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "54", - "udp.checksum": "0x0000fd7d", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_services._dns-sd._udp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_services._dns-sd._udp.local", - "dns.qry.name.len": "28", - "dns.count.labels": "4", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:27.689259000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494967.689259000", - "frame.time_delta": "0.003190000", - "frame.time_delta_displayed": "0.003190000", - "frame.time_relative": "1376.228573000", - "frame.number": "4759", - "frame.len": "83", - "frame.cap_len": "83", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "69", - "ip.id": "0x0000baea", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00001ea4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "49", - "udp.checksum": "0x0000edf6", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_smartthings._tcp.local", - "dns.qry.name.len": "23", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:27.689404000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494967.689404000", - "frame.time_delta": "0.000145000", - "frame.time_delta_displayed": "0.000145000", - "frame.time_relative": "1376.228718000", - "frame.number": "4760", - "frame.len": "83", - "frame.cap_len": "83", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "69", - "ip.id": "0x0000baeb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00001ea3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "49", - "udp.checksum": "0x0000edf6", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_smartthings._tcp.local", - "dns.qry.name.len": "23", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:28.011339000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494968.011339000", - "frame.time_delta": "0.321935000", - "frame.time_delta_displayed": "0.321935000", - "frame.time_relative": "1376.550653000", - "frame.number": "4761", - "frame.len": "95", - "frame.cap_len": "95", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "81", - "ip.id": "0x0000bb45", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00001e3d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "61", - "udp.checksum": "0x0000e755", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "1", - "dns.count.add_rr": "0", - "Queries": { - "192-168-0-117.local: type ANY, class IN, \"QM\" question": { - "dns.qry.name": "192-168-0-117.local", - "dns.qry.name.len": "19", - "dns.count.labels": "2", - "dns.qry.type": "255", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - }, - "Authoritative nameservers": { - "192-168-0-117.local: type A, class IN, addr 192.168.0.117": { - "dns.resp.name": "192-168-0-117.local", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "3600", - "dns.resp.len": "4", - "dns.a": "192.168.0.117" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:28.033544000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494968.033544000", - "frame.time_delta": "0.022205000", - "frame.time_delta_displayed": "0.022205000", - "frame.time_relative": "1376.572858000", - "frame.number": "4762", - "frame.len": "136", - "frame.cap_len": "136", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "122", - "ip.id": "0x0000bb47", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00001e12", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "102", - "udp.checksum": "0x0000302b", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000002", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", - "dns.qry.name.len": "70", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:28.852173000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494968.852173000", - "frame.time_delta": "0.818629000", - "frame.time_delta_displayed": "0.818629000", - "frame.time_relative": "1377.391487000", - "frame.number": "4763", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "3c:ef:8c:6f:79:5a", - "eth.src_tree": { - "eth.src_resolved": "Zhejiang_6f:79:5a", - "eth.addr": "3c:ef:8c:6f:79:5a", - "eth.addr_resolved": "Zhejiang_6f:79:5a", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.isgratuitous": "1", - "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", - "arp.src.proto_ipv4": "192.168.0.71", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.71" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:29.060866000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494969.060866000", - "frame.time_delta": "0.208693000", - "frame.time_delta_displayed": "0.208693000", - "frame.time_relative": "1377.600180000", - "frame.number": "4764", - "frame.len": "95", - "frame.cap_len": "95", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "81", - "ip.id": "0x0000bbf7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00001d8b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "61", - "udp.checksum": "0x0000e755", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "1", - "dns.count.add_rr": "0", - "Queries": { - "192-168-0-117.local: type ANY, class IN, \"QM\" question": { - "dns.qry.name": "192-168-0-117.local", - "dns.qry.name.len": "19", - "dns.count.labels": "2", - "dns.qry.type": "255", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - }, - "Authoritative nameservers": { - "192-168-0-117.local: type A, class IN, addr 192.168.0.117": { - "dns.resp.name": "192-168-0-117.local", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "3600", - "dns.resp.len": "4", - "dns.a": "192.168.0.117" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:29.061030000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494969.061030000", - "frame.time_delta": "0.000164000", - "frame.time_delta_displayed": "0.000164000", - "frame.time_relative": "1377.600344000", - "frame.number": "4765", - "frame.len": "136", - "frame.cap_len": "136", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "122", - "ip.id": "0x0000bbfc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00001d5d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "102", - "udp.checksum": "0x0000302a", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000003", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", - "dns.qry.name.len": "70", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:29.598933000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494969.598933000", - "frame.time_delta": "0.537903000", - "frame.time_delta_displayed": "0.537903000", - "frame.time_relative": "1378.138247000", - "frame.number": "4766", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "3c:ef:8c:6f:79:5a", - "eth.src_tree": { - "eth.src_resolved": "Zhejiang_6f:79:5a", - "eth.addr": "3c:ef:8c:6f:79:5a", - "eth.addr_resolved": "Zhejiang_6f:79:5a", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.isgratuitous": "1", - "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", - "arp.src.proto_ipv4": "192.168.0.71", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.71" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:30.066966000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494970.066966000", - "frame.time_delta": "0.468033000", - "frame.time_delta_displayed": "0.468033000", - "frame.time_relative": "1378.606280000", - "frame.number": "4767", - "frame.len": "95", - "frame.cap_len": "95", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "81", - "ip.id": "0x0000bd09", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00001c79", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "61", - "udp.checksum": "0x0000e855", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "1", - "dns.count.add_rr": "0", - "Queries": { - "192-168-0-117.local: type ANY, class IN, \"QM\" question": { - "dns.qry.name": "192-168-0-117.local", - "dns.qry.name.len": "19", - "dns.count.labels": "2", - "dns.qry.type": "255", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - }, - "Authoritative nameservers": { - "192-168-0-117.local: type A, class IN, addr 192.168.0.117": { - "dns.resp.name": "192-168-0-117.local", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "3599", - "dns.resp.len": "4", - "dns.a": "192.168.0.117" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:30.434263000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494970.434263000", - "frame.time_delta": "0.367297000", - "frame.time_delta_displayed": "0.367297000", - "frame.time_relative": "1378.973577000", - "frame.number": "4768", - "frame.len": "168", - "frame.cap_len": "168", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "154", - "ip.id": "0x00002105", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e73f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "52117", - "udp.dstport": "1900", - "udp.port": "52117", - "udp.port": "1900", - "udp.length": "134", - "udp.checksum": "0x00004d48", - "udp.checksum.status": "2", - "udp.stream": "10" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "12", - "http.prev_request_in": "4464" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:30.852580000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494970.852580000", - "frame.time_delta": "0.418317000", - "frame.time_delta_displayed": "0.418317000", - "frame.time_relative": "1379.391894000", - "frame.number": "4769", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000f8e0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000be6a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "305", - "udp.checksum": "0x0000f985", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "67", - "http.prev_response_in": "4527" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:30.856463000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494970.856463000", - "frame.time_delta": "0.003883000", - "frame.time_delta_displayed": "0.003883000", - "frame.time_relative": "1379.395777000", - "frame.number": "4770", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001ae4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005d83", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54663", - "tcp.dstport": "80", - "tcp.port": "54663", - "tcp.port": "80", - "tcp.stream": "177", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x0000a749", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:30.856993000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494970.856993000", - "frame.time_delta": "0.000530000", - "frame.time_delta_displayed": "0.000530000", - "frame.time_relative": "1379.396307000", - "frame.number": "4771", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54663", - "tcp.port": "80", - "tcp.port": "54663", - "tcp.stream": "177", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x000052a6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4770", - "tcp.analysis.ack_rtt": "0.000530000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:30.862189000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494970.862189000", - "frame.time_delta": "0.005196000", - "frame.time_delta_displayed": "0.005196000", - "frame.time_relative": "1379.401503000", - "frame.number": "4772", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001ae5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005d8e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54663", - "tcp.dstport": "80", - "tcp.port": "54663", - "tcp.port": "80", - "tcp.stream": "177", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00000485", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4771", - "tcp.analysis.ack_rtt": "0.005196000", - "tcp.analysis.initial_rtt": "0.005726000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:30.862758000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494970.862758000", - "frame.time_delta": "0.000569000", - "frame.time_delta_displayed": "0.000569000", - "frame.time_relative": "1379.402072000", - "frame.number": "4773", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001ae6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005ce6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54663", - "tcp.dstport": "80", - "tcp.port": "54663", - "tcp.port": "80", - "tcp.stream": "177", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000019fe", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005726000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:30.863519000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494970.863519000", - "frame.time_delta": "0.000761000", - "frame.time_delta_displayed": "0.000761000", - "frame.time_relative": "1379.402833000", - "frame.number": "4774", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000047a1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000070d2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54663", - "tcp.port": "80", - "tcp.port": "54663", - "tcp.stream": "177", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000f615", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4773", - "tcp.analysis.ack_rtt": "0.000761000", - "tcp.analysis.initial_rtt": "0.005726000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:30.864107000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494970.864107000", - "frame.time_delta": "0.000588000", - "frame.time_delta_displayed": "0.000588000", - "frame.time_relative": "1379.403421000", - "frame.number": "4775", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x000047a2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000070c0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54663", - "tcp.port": "80", - "tcp.port": "54663", - "tcp.stream": "177", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00003637", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005726000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:30.864459000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494970.864459000", - "frame.time_delta": "0.000352000", - "frame.time_delta_displayed": "0.000352000", - "frame.time_relative": "1379.403773000", - "frame.number": "4776", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x000047a3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006ced", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54663", - "tcp.port": "80", - "tcp.port": "54663", - "tcp.stream": "177", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000088a0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005726000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "4775", - "tcp.segment": "4776", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001701000", - "http.request_in": "4773", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:30.866796000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494970.866796000", - "frame.time_delta": "0.002337000", - "frame.time_delta_displayed": "0.002337000", - "frame.time_relative": "1379.406110000", - "frame.number": "4777", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001ae7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005d8c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54663", - "tcp.dstport": "80", - "tcp.port": "54663", - "tcp.port": "80", - "tcp.stream": "177", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000ffec", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4776", - "tcp.analysis.ack_rtt": "0.002337000", - "tcp.analysis.initial_rtt": "0.005726000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:30.867395000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494970.867395000", - "frame.time_delta": "0.000599000", - "frame.time_delta_displayed": "0.000599000", - "frame.time_relative": "1379.406709000", - "frame.number": "4778", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001ae8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005d8b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54663", - "tcp.dstport": "80", - "tcp.port": "54663", - "tcp.port": "80", - "tcp.stream": "177", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000ffeb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:30.867840000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494970.867840000", - "frame.time_delta": "0.000445000", - "frame.time_delta_displayed": "0.000445000", - "frame.time_relative": "1379.407154000", - "frame.number": "4779", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000db12", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000dd60", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54663", - "tcp.port": "80", - "tcp.port": "54663", - "tcp.stream": "177", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000f21f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4778", - "tcp.analysis.ack_rtt": "0.000445000", - "tcp.analysis.initial_rtt": "0.005726000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:30.906628000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494970.906628000", - "frame.time_delta": "0.038788000", - "frame.time_delta_displayed": "0.038788000", - "frame.time_relative": "1379.445942000", - "frame.number": "4780", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000f8e1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000be60", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "314", - "udp.checksum": "0x00000771", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "68", - "http.prev_response_in": "4769" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:30.910025000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494970.910025000", - "frame.time_delta": "0.003397000", - "frame.time_delta_displayed": "0.003397000", - "frame.time_relative": "1379.449339000", - "frame.number": "4781", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001ae9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005d7e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54664", - "tcp.dstport": "80", - "tcp.port": "54664", - "tcp.port": "80", - "tcp.stream": "178", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x0000835c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:30.910561000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494970.910561000", - "frame.time_delta": "0.000536000", - "frame.time_delta_displayed": "0.000536000", - "frame.time_relative": "1379.449875000", - "frame.number": "4782", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54664", - "tcp.port": "80", - "tcp.port": "54664", - "tcp.stream": "178", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000980d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4781", - "tcp.analysis.ack_rtt": "0.000536000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:30.913547000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494970.913547000", - "frame.time_delta": "0.002986000", - "frame.time_delta_displayed": "0.002986000", - "frame.time_relative": "1379.452861000", - "frame.number": "4783", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001aea", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005d89", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54664", - "tcp.dstport": "80", - "tcp.port": "54664", - "tcp.port": "80", - "tcp.stream": "178", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000049ec", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4782", - "tcp.analysis.ack_rtt": "0.002986000", - "tcp.analysis.initial_rtt": "0.003522000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:30.914189000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494970.914189000", - "frame.time_delta": "0.000642000", - "frame.time_delta_displayed": "0.000642000", - "frame.time_relative": "1379.453503000", - "frame.number": "4784", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001aeb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005ce1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54664", - "tcp.dstport": "80", - "tcp.port": "54664", - "tcp.port": "80", - "tcp.stream": "178", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00005f65", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003522000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:30.914669000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494970.914669000", - "frame.time_delta": "0.000480000", - "frame.time_delta_displayed": "0.000480000", - "frame.time_relative": "1379.453983000", - "frame.number": "4785", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00004978", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006efb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54664", - "tcp.port": "80", - "tcp.port": "54664", - "tcp.stream": "178", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00003b7d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4784", - "tcp.analysis.ack_rtt": "0.000480000", - "tcp.analysis.initial_rtt": "0.003522000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:30.915263000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494970.915263000", - "frame.time_delta": "0.000594000", - "frame.time_delta_displayed": "0.000594000", - "frame.time_relative": "1379.454577000", - "frame.number": "4786", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00004979", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006ee9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54664", - "tcp.port": "80", - "tcp.port": "54664", - "tcp.stream": "178", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00007b9e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003522000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:30.915618000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494970.915618000", - "frame.time_delta": "0.000355000", - "frame.time_delta_displayed": "0.000355000", - "frame.time_relative": "1379.454932000", - "frame.number": "4787", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000497a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006b16", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54664", - "tcp.port": "80", - "tcp.port": "54664", - "tcp.stream": "178", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000ce07", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003522000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "4786", - "tcp.segment": "4787", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001429000", - "http.request_in": "4784", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:30.918278000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494970.918278000", - "frame.time_delta": "0.002660000", - "frame.time_delta_displayed": "0.002660000", - "frame.time_relative": "1379.457592000", - "frame.number": "4788", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001aec", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005d87", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54664", - "tcp.dstport": "80", - "tcp.port": "54664", - "tcp.port": "80", - "tcp.stream": "178", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00004554", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4787", - "tcp.analysis.ack_rtt": "0.002660000", - "tcp.analysis.initial_rtt": "0.003522000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:30.918951000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494970.918951000", - "frame.time_delta": "0.000673000", - "frame.time_delta_displayed": "0.000673000", - "frame.time_relative": "1379.458265000", - "frame.number": "4789", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001aed", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005d86", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54664", - "tcp.dstport": "80", - "tcp.port": "54664", - "tcp.port": "80", - "tcp.stream": "178", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00004553", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:30.919430000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494970.919430000", - "frame.time_delta": "0.000479000", - "frame.time_delta_displayed": "0.000479000", - "frame.time_relative": "1379.458744000", - "frame.number": "4790", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000db13", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000dd5f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54664", - "tcp.port": "80", - "tcp.port": "54664", - "tcp.stream": "178", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00003787", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4789", - "tcp.analysis.ack_rtt": "0.000479000", - "tcp.analysis.initial_rtt": "0.003522000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:30.959568000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494970.959568000", - "frame.time_delta": "0.040138000", - "frame.time_delta_displayed": "0.040138000", - "frame.time_relative": "1379.498882000", - "frame.number": "4791", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000f8e5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000be62", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "308", - "udp.checksum": "0x00002afb", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "69", - "http.prev_response_in": "4780" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:30.969405000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494970.969405000", - "frame.time_delta": "0.009837000", - "frame.time_delta_displayed": "0.009837000", - "frame.time_relative": "1379.508719000", - "frame.number": "4792", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001aee", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005d79", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54665", - "tcp.dstport": "80", - "tcp.port": "54665", - "tcp.port": "80", - "tcp.stream": "179", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x00007d4e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:30.969946000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494970.969946000", - "frame.time_delta": "0.000541000", - "frame.time_delta_displayed": "0.000541000", - "frame.time_relative": "1379.509260000", - "frame.number": "4793", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54665", - "tcp.port": "80", - "tcp.port": "54665", - "tcp.stream": "179", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000bf48", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4792", - "tcp.analysis.ack_rtt": "0.000541000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:30.972936000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494970.972936000", - "frame.time_delta": "0.002990000", - "frame.time_delta_displayed": "0.002990000", - "frame.time_relative": "1379.512250000", - "frame.number": "4794", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001aef", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005d84", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54665", - "tcp.dstport": "80", - "tcp.port": "54665", - "tcp.port": "80", - "tcp.stream": "179", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00007127", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4793", - "tcp.analysis.ack_rtt": "0.002990000", - "tcp.analysis.initial_rtt": "0.003531000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:30.973537000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494970.973537000", - "frame.time_delta": "0.000601000", - "frame.time_delta_displayed": "0.000601000", - "frame.time_relative": "1379.512851000", - "frame.number": "4795", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001af0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005cdc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54665", - "tcp.dstport": "80", - "tcp.port": "54665", - "tcp.port": "80", - "tcp.stream": "179", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000086a0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003531000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:30.974017000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494970.974017000", - "frame.time_delta": "0.000480000", - "frame.time_delta_displayed": "0.000480000", - "frame.time_relative": "1379.513331000", - "frame.number": "4796", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000b523", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000350", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54665", - "tcp.port": "80", - "tcp.port": "54665", - "tcp.stream": "179", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000062b8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4795", - "tcp.analysis.ack_rtt": "0.000480000", - "tcp.analysis.initial_rtt": "0.003531000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:30.974586000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494970.974586000", - "frame.time_delta": "0.000569000", - "frame.time_delta_displayed": "0.000569000", - "frame.time_relative": "1379.513900000", - "frame.number": "4797", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000b524", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000033e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54665", - "tcp.port": "80", - "tcp.port": "54665", - "tcp.stream": "179", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000a2d9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003531000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:30.974934000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494970.974934000", - "frame.time_delta": "0.000348000", - "frame.time_delta_displayed": "0.000348000", - "frame.time_relative": "1379.514248000", - "frame.number": "4798", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000b525", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ff6a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54665", - "tcp.port": "80", - "tcp.port": "54665", - "tcp.stream": "179", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000f542", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003531000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "4797", - "tcp.segment": "4798", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001397000", - "http.request_in": "4795", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:30.977197000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494970.977197000", - "frame.time_delta": "0.002263000", - "frame.time_delta_displayed": "0.002263000", - "frame.time_relative": "1379.516511000", - "frame.number": "4799", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001af1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005d82", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54665", - "tcp.dstport": "80", - "tcp.port": "54665", - "tcp.port": "80", - "tcp.stream": "179", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00006c8f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4798", - "tcp.analysis.ack_rtt": "0.002263000", - "tcp.analysis.initial_rtt": "0.003531000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:30.977782000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494970.977782000", - "frame.time_delta": "0.000585000", - "frame.time_delta_displayed": "0.000585000", - "frame.time_relative": "1379.517096000", - "frame.number": "4800", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001af2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005d81", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54665", - "tcp.dstport": "80", - "tcp.port": "54665", - "tcp.port": "80", - "tcp.stream": "179", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00006c8e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:30.978214000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494970.978214000", - "frame.time_delta": "0.000432000", - "frame.time_delta_displayed": "0.000432000", - "frame.time_relative": "1379.517528000", - "frame.number": "4801", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000db18", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000dd5a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54665", - "tcp.port": "80", - "tcp.port": "54665", - "tcp.stream": "179", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00005ec2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4800", - "tcp.analysis.ack_rtt": "0.000432000", - "tcp.analysis.initial_rtt": "0.003531000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:31.086680000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494971.086680000", - "frame.time_delta": "0.108466000", - "frame.time_delta_displayed": "0.108466000", - "frame.time_relative": "1379.625994000", - "frame.number": "4802", - "frame.len": "89", - "frame.cap_len": "89", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "75", - "ip.id": "0x0000bd63", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00001c25", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "55", - "udp.checksum": "0x000070a3", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.response_to": "4767", - "dns.time": "1.019714000", - "dns.id": "0x00000000", - "dns.flags": "0x00008400", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "1", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.recavail": "0", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "0", - "dns.count.answers": "1", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Answers": { - "192-168-0-117.local: type A, class IN, cache flush, addr 192.168.0.117": { - "dns.resp.name": "192-168-0-117.local", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "1", - "dns.resp.ttl": "3599", - "dns.resp.len": "4", - "dns.a": "192.168.0.117" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:31.906207000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494971.906207000", - "frame.time_delta": "0.819527000", - "frame.time_delta_displayed": "0.819527000", - "frame.time_relative": "1380.445521000", - "frame.number": "4803", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000f928", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000be22", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "305", - "udp.checksum": "0x0000f985", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "70", - "http.prev_response_in": "4791" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:31.930587000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494971.930587000", - "frame.time_delta": "0.024380000", - "frame.time_delta_displayed": "0.024380000", - "frame.time_relative": "1380.469901000", - "frame.number": "4804", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001af3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005d74", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54666", - "tcp.dstport": "80", - "tcp.port": "54666", - "tcp.port": "80", - "tcp.stream": "180", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x0000d745", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:31.931154000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494971.931154000", - "frame.time_delta": "0.000567000", - "frame.time_delta_displayed": "0.000567000", - "frame.time_relative": "1380.470468000", - "frame.number": "4805", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54666", - "tcp.port": "80", - "tcp.port": "54666", - "tcp.stream": "180", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00003b19", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4804", - "tcp.analysis.ack_rtt": "0.000567000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:31.934073000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494971.934073000", - "frame.time_delta": "0.002919000", - "frame.time_delta_displayed": "0.002919000", - "frame.time_relative": "1380.473387000", - "frame.number": "4806", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001af4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005d7f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54666", - "tcp.dstport": "80", - "tcp.port": "54666", - "tcp.port": "80", - "tcp.stream": "180", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000ecf7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4805", - "tcp.analysis.ack_rtt": "0.002919000", - "tcp.analysis.initial_rtt": "0.003486000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:31.934747000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494971.934747000", - "frame.time_delta": "0.000674000", - "frame.time_delta_displayed": "0.000674000", - "frame.time_relative": "1380.474061000", - "frame.number": "4807", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001af5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005cd7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54666", - "tcp.dstport": "80", - "tcp.port": "54666", - "tcp.port": "80", - "tcp.stream": "180", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00000271", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003486000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:31.935240000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494971.935240000", - "frame.time_delta": "0.000493000", - "frame.time_delta_displayed": "0.000493000", - "frame.time_relative": "1380.474554000", - "frame.number": "4808", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000de4b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000da27", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54666", - "tcp.port": "80", - "tcp.port": "54666", - "tcp.stream": "180", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000de88", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4807", - "tcp.analysis.ack_rtt": "0.000493000", - "tcp.analysis.initial_rtt": "0.003486000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:31.935815000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494971.935815000", - "frame.time_delta": "0.000575000", - "frame.time_delta_displayed": "0.000575000", - "frame.time_relative": "1380.475129000", - "frame.number": "4809", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000de4c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000da15", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54666", - "tcp.port": "80", - "tcp.port": "54666", - "tcp.stream": "180", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00001eaa", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003486000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:31.936177000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494971.936177000", - "frame.time_delta": "0.000362000", - "frame.time_delta_displayed": "0.000362000", - "frame.time_relative": "1380.475491000", - "frame.number": "4810", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000de4d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d642", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54666", - "tcp.port": "80", - "tcp.port": "54666", - "tcp.stream": "180", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00007113", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003486000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "4809", - "tcp.segment": "4810", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001430000", - "http.request_in": "4807", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:31.939173000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494971.939173000", - "frame.time_delta": "0.002996000", - "frame.time_delta_displayed": "0.002996000", - "frame.time_relative": "1380.478487000", - "frame.number": "4811", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001af6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005d7d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54666", - "tcp.dstport": "80", - "tcp.port": "54666", - "tcp.port": "80", - "tcp.stream": "180", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000e85f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4810", - "tcp.analysis.ack_rtt": "0.002996000", - "tcp.analysis.initial_rtt": "0.003486000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:31.939475000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494971.939475000", - "frame.time_delta": "0.000302000", - "frame.time_delta_displayed": "0.000302000", - "frame.time_relative": "1380.478789000", - "frame.number": "4812", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000de4e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d641", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54666", - "tcp.port": "80", - "tcp.port": "54666", - "tcp.stream": "180", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00007113", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003486000", - "tcp.analysis.bytes_in_flight": "996", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.out_of_order": "", - "_ws.expert.message": "This frame is a (suspected) out-of-order segment", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - } - } - }, - "_ws.malformed": { - "_ws.expert": { - "_ws.malformed.reassembly": "", - "_ws.expert.message": "New fragment overlaps old data (retransmission?)", - "_ws.expert.severity": "8388608", - "_ws.expert.group": "117440512" - }, - "_ws.malformed": "Malformed Packet" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:31.940382000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494971.940382000", - "frame.time_delta": "0.000907000", - "frame.time_delta_displayed": "0.000907000", - "frame.time_relative": "1380.479696000", - "frame.number": "4813", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001af7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005d7c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54666", - "tcp.dstport": "80", - "tcp.port": "54666", - "tcp.port": "80", - "tcp.stream": "180", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000e85e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4812", - "tcp.analysis.ack_rtt": "0.000907000", - "tcp.analysis.initial_rtt": "0.003486000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:31.940824000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494971.940824000", - "frame.time_delta": "0.000442000", - "frame.time_delta_displayed": "0.000442000", - "frame.time_relative": "1380.480138000", - "frame.number": "4814", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000db3b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000dd37", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54666", - "tcp.port": "80", - "tcp.port": "54666", - "tcp.stream": "180", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000da92", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4813", - "tcp.analysis.ack_rtt": "0.000442000", - "tcp.analysis.initial_rtt": "0.003486000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:31.943095000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494971.943095000", - "frame.time_delta": "0.002271000", - "frame.time_delta_displayed": "0.002271000", - "frame.time_relative": "1380.482409000", - "frame.number": "4815", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001af8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005d6f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54666", - "tcp.dstport": "80", - "tcp.port": "54666", - "tcp.port": "80", - "tcp.stream": "180", - "tcp.len": "0", - "tcp.seq": "169", - "tcp.ack": "1014", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000643e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:05:0a:d1:5d:53:b5:d1:5d:57:98", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "SACK: 18-1013": { - "tcp.option_kind": "5", - "tcp.option_len": "10", - "tcp.options.sack": "1", - "tcp.options.sack_le": "18", - "tcp.options.sack_re": "1013", - "tcp.options.sack.count": "1" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003486000", - "tcp.analysis.flags": { - "tcp.analysis.duplicate_ack": "" - }, - "tcp.analysis.duplicate_ack_num": "1", - "tcp.analysis.duplicate_ack_frame": "4811", - "tcp.analysis.duplicate_ack_frame_tree": { - "_ws.expert": { - "tcp.analysis.duplicate_ack": "", - "_ws.expert.message": "Duplicate ACK (#1)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:31.948089000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494971.948089000", - "frame.time_delta": "0.004994000", - "frame.time_delta_displayed": "0.004994000", - "frame.time_relative": "1380.487403000", - "frame.number": "4816", - "frame.len": "417", - "frame.cap_len": "417", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "403", - "ip.id": "0x00009630", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000075f0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "351", - "tcp.seq": "62499", - "tcp.nxtseq": "62850", - "tcp.ack": "13366", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00004cfb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:cc:31:a7:a0:37:f8", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2542641, TSecr 2812295160": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2542641", - "tcp.options.timestamp.tsecr": "2812295160" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "351", - "tcp.analysis.push_bytes_sent": "351" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "346", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:de:38:b3:1a:c9:02:2a:98:8c:74:44:60:11:d5:1b:99:78:07:13:f0:37:67:15:fe:a5:df:6d:65:97:2d:5d:da:d3:2a:7f:2f:71:8e:65:6d:ce:75:07:ef:7b:cd:22:7f:db:da:14:26:85:d0:b5:48:0f:71:da:5d:cb:51:93:6b:45:9f:42:81:0e:1c:f8:71:72:25:78:a7:bd:a9:5f:1b:29:8a:a3:75:78:e1:bb:03:e4:67:8c:2a:89:2d:26:0d:d5:8b:03:ca:2f:e4:cd:ed:67:35:9b:39:0d:e1:0e:01:a5:06:83:23:e8:0b:d1:e7:f9:a5:4d:fc:ec:32:7f:83:64:c3:e4:62:69:48:0f:72:2d:14:ac:a9:3d:aa:83:25:bf:19:f2:a7:36:e2:a4:e8:82:c3:b4:16:16:b3:b3:ee:49:cc:76:74:20:af:13:21:42:3f:b2:dc:60:cd:7b:2b:e4:5e:d9:f8:7c:0e:a6:f9:6c:f2:19:bd:26:1a:87:6b:8a:19:77:ce:9c:0c:2f:86:b3:11:e2:8e:32:41:23:89:95:07:76:4a:0f:d8:58:07:7d:e5:f5:73:4f:ec:e9:2b:64:1b:a5:7f:d8:5e:df:f6:08:36:d6:d7:35:d9:db:98:c9:3e:dc:7b:34:eb:7d:0b:b2:8a:db:b1:8b:72:97:57:e0:5d:e8:27:92:c6:cb:52:d7:2b:69:01:d4:94:4c:a3:e3:69:b9:62:3b:79:86:0d:6b:96:1b:a6:a0:d8:55:c9:ba:1b:ad:ec:0f:a1:00:bf:4a:04:af:dc:a2:c8:fd:fa:d3:bc:8e:71:63:3f:c7:94:cf:0b:42:fc:67:ec:16:44:22:93:23:d1:57:ad:23:80:6e:bf:1c:07:43:9c:c8:80:cf:51:2e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:31.959092000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494971.959092000", - "frame.time_delta": "0.011003000", - "frame.time_delta_displayed": "0.011003000", - "frame.time_relative": "1380.498406000", - "frame.number": "4817", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000f92d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000be14", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "314", - "udp.checksum": "0x00000771", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "71", - "http.prev_response_in": "4803" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:31.989999000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494971.989999000", - "frame.time_delta": "0.030907000", - "frame.time_delta_displayed": "0.030907000", - "frame.time_relative": "1380.529313000", - "frame.number": "4818", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001af9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005d6e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54667", - "tcp.dstport": "80", - "tcp.port": "54667", - "tcp.port": "80", - "tcp.stream": "181", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x00000619", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:31.990551000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494971.990551000", - "frame.time_delta": "0.000552000", - "frame.time_delta_displayed": "0.000552000", - "frame.time_relative": "1380.529865000", - "frame.number": "4819", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54667", - "tcp.port": "80", - "tcp.port": "54667", - "tcp.stream": "181", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00007f0a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4818", - "tcp.analysis.ack_rtt": "0.000552000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:31.993517000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494971.993517000", - "frame.time_delta": "0.002966000", - "frame.time_delta_displayed": "0.002966000", - "frame.time_relative": "1380.532831000", - "frame.number": "4820", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001afa", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005d79", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54667", - "tcp.dstport": "80", - "tcp.port": "54667", - "tcp.port": "80", - "tcp.stream": "181", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000030e9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4819", - "tcp.analysis.ack_rtt": "0.002966000", - "tcp.analysis.initial_rtt": "0.003518000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:31.994084000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494971.994084000", - "frame.time_delta": "0.000567000", - "frame.time_delta_displayed": "0.000567000", - "frame.time_relative": "1380.533398000", - "frame.number": "4821", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001afb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005cd1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54667", - "tcp.dstport": "80", - "tcp.port": "54667", - "tcp.port": "80", - "tcp.stream": "181", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00004662", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003518000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:31.994562000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494971.994562000", - "frame.time_delta": "0.000478000", - "frame.time_delta_displayed": "0.000478000", - "frame.time_relative": "1380.533876000", - "frame.number": "4822", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000c58d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f2e5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54667", - "tcp.port": "80", - "tcp.port": "54667", - "tcp.stream": "181", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000227a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4821", - "tcp.analysis.ack_rtt": "0.000478000", - "tcp.analysis.initial_rtt": "0.003518000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:31.995211000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494971.995211000", - "frame.time_delta": "0.000649000", - "frame.time_delta_displayed": "0.000649000", - "frame.time_relative": "1380.534525000", - "frame.number": "4823", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000c58e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f2d3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54667", - "tcp.port": "80", - "tcp.port": "54667", - "tcp.stream": "181", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000629b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003518000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:31.995659000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494971.995659000", - "frame.time_delta": "0.000448000", - "frame.time_delta_displayed": "0.000448000", - "frame.time_relative": "1380.534973000", - "frame.number": "4824", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000c58f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ef00", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54667", - "tcp.port": "80", - "tcp.port": "54667", - "tcp.stream": "181", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000b504", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003518000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "4823", - "tcp.segment": "4824", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001575000", - "http.request_in": "4821", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:31.998864000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494971.998864000", - "frame.time_delta": "0.003205000", - "frame.time_delta_displayed": "0.003205000", - "frame.time_relative": "1380.538178000", - "frame.number": "4825", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001afc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005d77", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54667", - "tcp.dstport": "80", - "tcp.port": "54667", - "tcp.port": "80", - "tcp.stream": "181", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00002c51", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4824", - "tcp.analysis.ack_rtt": "0.003205000", - "tcp.analysis.initial_rtt": "0.003518000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:31.999429000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494971.999429000", - "frame.time_delta": "0.000565000", - "frame.time_delta_displayed": "0.000565000", - "frame.time_relative": "1380.538743000", - "frame.number": "4826", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001afd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005d76", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54667", - "tcp.dstport": "80", - "tcp.port": "54667", - "tcp.port": "80", - "tcp.stream": "181", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00002c50", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:31.999888000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494971.999888000", - "frame.time_delta": "0.000459000", - "frame.time_delta_displayed": "0.000459000", - "frame.time_relative": "1380.539202000", - "frame.number": "4827", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000db41", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000dd31", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54667", - "tcp.port": "80", - "tcp.port": "54667", - "tcp.stream": "181", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00001e84", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4826", - "tcp.analysis.ack_rtt": "0.000459000", - "tcp.analysis.initial_rtt": "0.003518000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:32.009068000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494972.009068000", - "frame.time_delta": "0.009180000", - "frame.time_delta_displayed": "0.009180000", - "frame.time_relative": "1380.548382000", - "frame.number": "4828", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002d2c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003824", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "13366", - "tcp.nxtseq": "13413", - "tcp.ack": "62850", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00002d42", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:3f:86:00:26:cc:31", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812297094, TSecr 2542641": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812297094", - "tcp.options.timestamp.tsecr": "2542641" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4816", - "tcp.analysis.ack_rtt": "0.060979000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:94:e8:2e:86:9f:7f:d4:bc:d4:e7:35:1f:3f:76:15:08:55:4e:5a:19:fe:b8:04:5f:d0:d0:f0:0b:23:c4:ee:5b:b5:32:04" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:32.009504000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494972.009504000", - "frame.time_delta": "0.000436000", - "frame.time_delta_displayed": "0.000436000", - "frame.time_relative": "1380.548818000", - "frame.number": "4829", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00009631", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000774e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "62850", - "tcp.ack": "13413", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000071f6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:cc:37:a7:a0:3f:86", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2542647, TSecr 2812297094": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2542647", - "tcp.options.timestamp.tsecr": "2812297094" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4828", - "tcp.analysis.ack_rtt": "0.000436000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:32.012281000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494972.012281000", - "frame.time_delta": "0.002777000", - "frame.time_delta_displayed": "0.002777000", - "frame.time_relative": "1380.551595000", - "frame.number": "4830", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000f92f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000be18", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "308", - "udp.checksum": "0x00002afb", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "72", - "http.prev_response_in": "4817" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:32.016203000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494972.016203000", - "frame.time_delta": "0.003922000", - "frame.time_delta_displayed": "0.003922000", - "frame.time_relative": "1380.555517000", - "frame.number": "4831", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001afe", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005d69", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54668", - "tcp.dstport": "80", - "tcp.port": "54668", - "tcp.port": "80", - "tcp.stream": "182", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x000080ec", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:32.016752000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494972.016752000", - "frame.time_delta": "0.000549000", - "frame.time_delta_displayed": "0.000549000", - "frame.time_relative": "1380.556066000", - "frame.number": "4832", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54668", - "tcp.port": "80", - "tcp.port": "54668", - "tcp.stream": "182", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00001100", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4831", - "tcp.analysis.ack_rtt": "0.000549000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:32.019279000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494972.019279000", - "frame.time_delta": "0.002527000", - "frame.time_delta_displayed": "0.002527000", - "frame.time_relative": "1380.558593000", - "frame.number": "4833", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001aff", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005d74", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54668", - "tcp.dstport": "80", - "tcp.port": "54668", - "tcp.port": "80", - "tcp.stream": "182", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000c2de", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4832", - "tcp.analysis.ack_rtt": "0.002527000", - "tcp.analysis.initial_rtt": "0.003076000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:32.019888000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494972.019888000", - "frame.time_delta": "0.000609000", - "frame.time_delta_displayed": "0.000609000", - "frame.time_relative": "1380.559202000", - "frame.number": "4834", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001b00", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005ccc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54668", - "tcp.dstport": "80", - "tcp.port": "54668", - "tcp.port": "80", - "tcp.stream": "182", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000d857", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003076000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:32.020380000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494972.020380000", - "frame.time_delta": "0.000492000", - "frame.time_delta_displayed": "0.000492000", - "frame.time_relative": "1380.559694000", - "frame.number": "4835", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000001ac", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b6c7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54668", - "tcp.port": "80", - "tcp.port": "54668", - "tcp.stream": "182", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000b46f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4834", - "tcp.analysis.ack_rtt": "0.000492000", - "tcp.analysis.initial_rtt": "0.003076000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:32.020952000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494972.020952000", - "frame.time_delta": "0.000572000", - "frame.time_delta_displayed": "0.000572000", - "frame.time_relative": "1380.560266000", - "frame.number": "4836", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x000001ad", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b6b5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54668", - "tcp.port": "80", - "tcp.port": "54668", - "tcp.stream": "182", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000f490", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003076000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:32.021306000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494972.021306000", - "frame.time_delta": "0.000354000", - "frame.time_delta_displayed": "0.000354000", - "frame.time_relative": "1380.560620000", - "frame.number": "4837", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x000001ae", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b2e2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54668", - "tcp.port": "80", - "tcp.port": "54668", - "tcp.stream": "182", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000046fa", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003076000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "4836", - "tcp.segment": "4837", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001418000", - "http.request_in": "4834", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:32.024183000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494972.024183000", - "frame.time_delta": "0.002877000", - "frame.time_delta_displayed": "0.002877000", - "frame.time_relative": "1380.563497000", - "frame.number": "4838", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001b01", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005d72", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54668", - "tcp.dstport": "80", - "tcp.port": "54668", - "tcp.port": "80", - "tcp.stream": "182", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000be46", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4837", - "tcp.analysis.ack_rtt": "0.002877000", - "tcp.analysis.initial_rtt": "0.003076000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:32.024788000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494972.024788000", - "frame.time_delta": "0.000605000", - "frame.time_delta_displayed": "0.000605000", - "frame.time_relative": "1380.564102000", - "frame.number": "4839", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001b02", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005d71", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54668", - "tcp.dstport": "80", - "tcp.port": "54668", - "tcp.port": "80", - "tcp.stream": "182", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000be45", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:32.025232000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494972.025232000", - "frame.time_delta": "0.000444000", - "frame.time_delta_displayed": "0.000444000", - "frame.time_relative": "1380.564546000", - "frame.number": "4840", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000db42", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000dd30", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54668", - "tcp.port": "80", - "tcp.port": "54668", - "tcp.stream": "182", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000b079", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4839", - "tcp.analysis.ack_rtt": "0.000444000", - "tcp.analysis.initial_rtt": "0.003076000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:32.056774000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494972.056774000", - "frame.time_delta": "0.031542000", - "frame.time_delta_displayed": "0.031542000", - "frame.time_relative": "1380.596088000", - "frame.number": "4841", - "frame.len": "89", - "frame.cap_len": "89", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "75", - "ip.id": "0x0000bd8b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00001bfd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "55", - "udp.checksum": "0x000070a3", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.response_to": "4767", - "dns.time": "1.989808000", - "dns.id": "0x00000000", - "dns.flags": "0x00008400", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "1", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.recavail": "0", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "0", - "dns.count.answers": "1", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Answers": { - "192-168-0-117.local: type A, class IN, cache flush, addr 192.168.0.117": { - "dns.resp.name": "192-168-0-117.local", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "1", - "dns.resp.ttl": "3599", - "dns.resp.len": "4", - "dns.a": "192.168.0.117" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:32.647517000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494972.647517000", - "frame.time_delta": "0.590743000", - "frame.time_delta_displayed": "0.590743000", - "frame.time_relative": "1381.186831000", - "frame.number": "4842", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001f4b", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b8a5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00001975", - "udp.checksum.status": "2", - "udp.stream": "98" - }, - "mdns": { - "dns.id": "0x00000280", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=640", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:32.648034000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494972.648034000", - "frame.time_delta": "0.000517000", - "frame.time_delta_displayed": "0.000517000", - "frame.time_relative": "1381.187348000", - "frame.number": "4843", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001f4c", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000099a0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000fa70", - "udp.checksum.status": "2", - "udp.stream": "99" - }, - "mdns": { - "dns.id": "0x00000280", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=640", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:32.648650000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494972.648650000", - "frame.time_delta": "0.000616000", - "frame.time_delta_displayed": "0.000616000", - "frame.time_relative": "1381.187964000", - "frame.number": "4844", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1322", - "udp.dstport": "5353", - "udp.port": "1322", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00008836", - "udp.checksum.status": "2", - "udp.stream": "100" - }, - "mdns": { - "dns.id": "0x00000280", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=640", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:34.629377000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494974.629377000", - "frame.time_delta": "1.980727000", - "frame.time_delta_displayed": "1.980727000", - "frame.time_relative": "1383.168691000", - "frame.number": "4845", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000580f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a682", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "4957", - "tcp.ack": "505", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f16a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive": "", - "_ws.expert.message": "TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:34.772346000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494974.772346000", - "frame.time_delta": "0.142969000", - "frame.time_delta_displayed": "0.142969000", - "frame.time_relative": "1383.311660000", - "frame.number": "4846", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000ff8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fd99", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "505", - "tcp.ack": "4958", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000fbdf", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive_ack": "", - "_ws.expert.message": "ACK to a TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:36.620404000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494976.620404000", - "frame.time_delta": "1.848058000", - "frame.time_delta_displayed": "1.848058000", - "frame.time_relative": "1385.159718000", - "frame.number": "4847", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005d72", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x00005a77", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:36.679514000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494976.679514000", - "frame.time_delta": "0.059110000", - "frame.time_delta_displayed": "0.059110000", - "frame.time_relative": "1385.218828000", - "frame.number": "4848", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x00002106", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e70e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57311", - "udp.dstport": "1900", - "udp.port": "57311", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x00006a7e", - "udp.checksum.status": "2", - "udp.stream": "108" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:37.020225000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494977.020225000", - "frame.time_delta": "0.340711000", - "frame.time_delta_displayed": "0.340711000", - "frame.time_relative": "1385.559539000", - "frame.number": "4849", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.242" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:37.020666000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494977.020666000", - "frame.time_delta": "0.000441000", - "frame.time_delta_displayed": "0.000441000", - "frame.time_relative": "1385.559980000", - "frame.number": "4850", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "d0:52:a8:a3:60:0f", - "arp.src.proto_ipv4": "192.168.0.242", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:37.334689000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494977.334689000", - "frame.time_delta": "0.314023000", - "frame.time_delta_displayed": "0.314023000", - "frame.time_relative": "1385.874003000", - "frame.number": "4851", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000fa70", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000bcda", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "57311", - "udp.port": "1900", - "udp.port": "57311", - "udp.length": "305", - "udp.checksum": "0x0000e53b", - "udp.checksum.status": "2", - "udp.stream": "109" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:37.387495000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494977.387495000", - "frame.time_delta": "0.052806000", - "frame.time_delta_displayed": "0.052806000", - "frame.time_relative": "1385.926809000", - "frame.number": "4852", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000fa75", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000bccc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "57311", - "udp.port": "1900", - "udp.port": "57311", - "udp.length": "314", - "udp.checksum": "0x0000f326", - "udp.checksum.status": "2", - "udp.stream": "109" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "2", - "http.prev_response_in": "4851" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:37.440292000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494977.440292000", - "frame.time_delta": "0.052797000", - "frame.time_delta_displayed": "0.052797000", - "frame.time_relative": "1385.979606000", - "frame.number": "4853", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000fa76", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000bcd1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "57311", - "udp.port": "1900", - "udp.port": "57311", - "udp.length": "308", - "udp.checksum": "0x000016b1", - "udp.checksum.status": "2", - "udp.stream": "109" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "3", - "http.prev_response_in": "4852" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:37.647801000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494977.647801000", - "frame.time_delta": "0.207509000", - "frame.time_delta_displayed": "0.207509000", - "frame.time_relative": "1386.187115000", - "frame.number": "4854", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001f50", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b8a0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00001975", - "udp.checksum.status": "2", - "udp.stream": "98" - }, - "mdns": { - "dns.id": "0x00000280", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=640", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:37.648316000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494977.648316000", - "frame.time_delta": "0.000515000", - "frame.time_delta_displayed": "0.000515000", - "frame.time_relative": "1386.187630000", - "frame.number": "4855", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001f51", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000999b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000fa70", - "udp.checksum.status": "2", - "udp.stream": "99" - }, - "mdns": { - "dns.id": "0x00000280", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=640", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:37.648935000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494977.648935000", - "frame.time_delta": "0.000619000", - "frame.time_delta_displayed": "0.000619000", - "frame.time_relative": "1386.188249000", - "frame.number": "4856", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1322", - "udp.dstport": "5353", - "udp.port": "1322", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00008836", - "udp.checksum.status": "2", - "udp.stream": "100" - }, - "mdns": { - "dns.id": "0x00000280", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=640", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:37.679886000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494977.679886000", - "frame.time_delta": "0.030951000", - "frame.time_delta_displayed": "0.030951000", - "frame.time_relative": "1386.219200000", - "frame.number": "4857", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x00002107", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e70d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57311", - "udp.dstport": "1900", - "udp.port": "57311", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x00006a7e", - "udp.checksum.status": "2", - "udp.stream": "108" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "2", - "http.prev_request_in": "4848" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:38.387835000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494978.387835000", - "frame.time_delta": "0.707949000", - "frame.time_delta_displayed": "0.707949000", - "frame.time_relative": "1386.927149000", - "frame.number": "4858", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000fa8d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000bcbd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "57311", - "udp.port": "1900", - "udp.port": "57311", - "udp.length": "305", - "udp.checksum": "0x0000e53b", - "udp.checksum.status": "2", - "udp.stream": "109" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "4", - "http.prev_response_in": "4853" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:38.440418000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494978.440418000", - "frame.time_delta": "0.052583000", - "frame.time_delta_displayed": "0.052583000", - "frame.time_relative": "1386.979732000", - "frame.number": "4859", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000fa93", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000bcae", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "57311", - "udp.port": "1900", - "udp.port": "57311", - "udp.length": "314", - "udp.checksum": "0x0000f326", - "udp.checksum.status": "2", - "udp.stream": "109" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "5", - "http.prev_response_in": "4858" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:38.493168000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494978.493168000", - "frame.time_delta": "0.052750000", - "frame.time_delta_displayed": "0.052750000", - "frame.time_relative": "1387.032482000", - "frame.number": "4860", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000fa98", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000bcaf", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "57311", - "udp.port": "1900", - "udp.port": "57311", - "udp.length": "308", - "udp.checksum": "0x000016b1", - "udp.checksum.status": "2", - "udp.stream": "109" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "6", - "http.prev_response_in": "4859" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:38.680918000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494978.680918000", - "frame.time_delta": "0.187750000", - "frame.time_delta_displayed": "0.187750000", - "frame.time_relative": "1387.220232000", - "frame.number": "4861", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x00002108", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e70c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57311", - "udp.dstport": "1900", - "udp.port": "57311", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x00006a7e", - "udp.checksum.status": "2", - "udp.stream": "108" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "3", - "http.prev_request_in": "4857" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:39.018727000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494979.018727000", - "frame.time_delta": "0.337809000", - "frame.time_delta_displayed": "0.337809000", - "frame.time_relative": "1387.558041000", - "frame.number": "4862", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000fab2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000bc98", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "57311", - "udp.port": "1900", - "udp.port": "57311", - "udp.length": "305", - "udp.checksum": "0x0000e53b", - "udp.checksum.status": "2", - "udp.stream": "109" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "7", - "http.prev_response_in": "4860" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:39.071465000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494979.071465000", - "frame.time_delta": "0.052738000", - "frame.time_delta_displayed": "0.052738000", - "frame.time_relative": "1387.610779000", - "frame.number": "4863", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000fab7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000bc8a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "57311", - "udp.port": "1900", - "udp.port": "57311", - "udp.length": "314", - "udp.checksum": "0x0000f326", - "udp.checksum.status": "2", - "udp.stream": "109" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "8", - "http.prev_response_in": "4862" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:39.124135000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494979.124135000", - "frame.time_delta": "0.052670000", - "frame.time_delta_displayed": "0.052670000", - "frame.time_relative": "1387.663449000", - "frame.number": "4864", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000fabb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000bc8c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "57311", - "udp.port": "1900", - "udp.port": "57311", - "udp.length": "308", - "udp.checksum": "0x000016b1", - "udp.checksum.status": "2", - "udp.stream": "109" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "9", - "http.prev_response_in": "4863" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:39.681967000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494979.681967000", - "frame.time_delta": "0.557832000", - "frame.time_delta_displayed": "0.557832000", - "frame.time_relative": "1388.221281000", - "frame.number": "4865", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x00002109", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e70b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57311", - "udp.dstport": "1900", - "udp.port": "57311", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x00006a7e", - "udp.checksum.status": "2", - "udp.stream": "108" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "4", - "http.prev_request_in": "4861" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:39.780450000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494979.780450000", - "frame.time_delta": "0.098483000", - "frame.time_delta_displayed": "0.098483000", - "frame.time_relative": "1388.319764000", - "frame.number": "4866", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.160" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:39.780929000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494979.780929000", - "frame.time_delta": "0.000479000", - "frame.time_delta_displayed": "0.000479000", - "frame.time_relative": "1388.320243000", - "frame.number": "4867", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "00:17:88:69:ee:e4", - "arp.src.proto_ipv4": "192.168.0.160", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:40.070929000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494980.070929000", - "frame.time_delta": "0.290000000", - "frame.time_delta_displayed": "0.290000000", - "frame.time_relative": "1388.610243000", - "frame.number": "4868", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000fafa", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000bc50", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "57311", - "udp.port": "1900", - "udp.port": "57311", - "udp.length": "305", - "udp.checksum": "0x0000e53b", - "udp.checksum.status": "2", - "udp.stream": "109" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "10", - "http.prev_response_in": "4864" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:40.123785000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494980.123785000", - "frame.time_delta": "0.052856000", - "frame.time_delta_displayed": "0.052856000", - "frame.time_relative": "1388.663099000", - "frame.number": "4869", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000fafc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000bc45", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "57311", - "udp.port": "1900", - "udp.port": "57311", - "udp.length": "314", - "udp.checksum": "0x0000f326", - "udp.checksum.status": "2", - "udp.stream": "109" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "11", - "http.prev_response_in": "4868" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:40.176618000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494980.176618000", - "frame.time_delta": "0.052833000", - "frame.time_delta_displayed": "0.052833000", - "frame.time_relative": "1388.715932000", - "frame.number": "4870", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000fb01", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000bc46", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "57311", - "udp.port": "1900", - "udp.port": "57311", - "udp.length": "308", - "udp.checksum": "0x000016b1", - "udp.checksum.status": "2", - "udp.stream": "109" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "12", - "http.prev_response_in": "4869" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:40.387185000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494980.387185000", - "frame.time_delta": "0.210567000", - "frame.time_delta_displayed": "0.210567000", - "frame.time_relative": "1388.926499000", - "frame.number": "4871", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000fb05", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000bc45", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "57311", - "udp.port": "1900", - "udp.port": "57311", - "udp.length": "305", - "udp.checksum": "0x0000e53b", - "udp.checksum.status": "2", - "udp.stream": "109" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "13", - "http.prev_response_in": "4870" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:40.439996000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494980.439996000", - "frame.time_delta": "0.052811000", - "frame.time_delta_displayed": "0.052811000", - "frame.time_relative": "1388.979310000", - "frame.number": "4872", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000fb08", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000bc39", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "57311", - "udp.port": "1900", - "udp.port": "57311", - "udp.length": "314", - "udp.checksum": "0x0000f326", - "udp.checksum.status": "2", - "udp.stream": "109" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "14", - "http.prev_response_in": "4871" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:40.492798000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494980.492798000", - "frame.time_delta": "0.052802000", - "frame.time_delta_displayed": "0.052802000", - "frame.time_relative": "1389.032112000", - "frame.number": "4873", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000fb0d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000bc3a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "57311", - "udp.port": "1900", - "udp.port": "57311", - "udp.length": "308", - "udp.checksum": "0x000016b1", - "udp.checksum.status": "2", - "udp.stream": "109" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "15", - "http.prev_response_in": "4872" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:41.439119000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494981.439119000", - "frame.time_delta": "0.946321000", - "frame.time_delta_displayed": "0.946321000", - "frame.time_relative": "1389.978433000", - "frame.number": "4874", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000fb5c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000bbee", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "57311", - "udp.port": "1900", - "udp.port": "57311", - "udp.length": "305", - "udp.checksum": "0x0000e53b", - "udp.checksum.status": "2", - "udp.stream": "109" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "16", - "http.prev_response_in": "4873" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:41.491963000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494981.491963000", - "frame.time_delta": "0.052844000", - "frame.time_delta_displayed": "0.052844000", - "frame.time_relative": "1390.031277000", - "frame.number": "4875", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000fb61", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000bbe0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "57311", - "udp.port": "1900", - "udp.port": "57311", - "udp.length": "314", - "udp.checksum": "0x0000f326", - "udp.checksum.status": "2", - "udp.stream": "109" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "17", - "http.prev_response_in": "4874" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:41.544687000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494981.544687000", - "frame.time_delta": "0.052724000", - "frame.time_delta_displayed": "0.052724000", - "frame.time_relative": "1390.084001000", - "frame.number": "4876", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000fb64", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000bbe3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "57311", - "udp.port": "1900", - "udp.port": "57311", - "udp.length": "308", - "udp.checksum": "0x000016b1", - "udp.checksum.status": "2", - "udp.stream": "109" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "18", - "http.prev_response_in": "4875" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:42.123452000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494982.123452000", - "frame.time_delta": "0.578765000", - "frame.time_delta_displayed": "0.578765000", - "frame.time_relative": "1390.662766000", - "frame.number": "4877", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000fb8d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000bbbd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "57311", - "udp.port": "1900", - "udp.port": "57311", - "udp.length": "305", - "udp.checksum": "0x0000e53b", - "udp.checksum.status": "2", - "udp.stream": "109" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "19", - "http.prev_response_in": "4876" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:42.176313000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494982.176313000", - "frame.time_delta": "0.052861000", - "frame.time_delta_displayed": "0.052861000", - "frame.time_relative": "1390.715627000", - "frame.number": "4878", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000fb91", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000bbb0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "57311", - "udp.port": "1900", - "udp.port": "57311", - "udp.length": "314", - "udp.checksum": "0x0000f326", - "udp.checksum.status": "2", - "udp.stream": "109" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "20", - "http.prev_response_in": "4877" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:42.229442000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494982.229442000", - "frame.time_delta": "0.053129000", - "frame.time_delta_displayed": "0.053129000", - "frame.time_relative": "1390.768756000", - "frame.number": "4879", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000fb97", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000bbb0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "57311", - "udp.port": "1900", - "udp.port": "57311", - "udp.length": "308", - "udp.checksum": "0x000016b1", - "udp.checksum.status": "2", - "udp.stream": "109" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "21", - "http.prev_response_in": "4878" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:43.176247000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494983.176247000", - "frame.time_delta": "0.946805000", - "frame.time_delta_displayed": "0.946805000", - "frame.time_relative": "1391.715561000", - "frame.number": "4880", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000fbaa", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000bba0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "57311", - "udp.port": "1900", - "udp.port": "57311", - "udp.length": "305", - "udp.checksum": "0x0000e53b", - "udp.checksum.status": "2", - "udp.stream": "109" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "22", - "http.prev_response_in": "4879" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:43.229003000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494983.229003000", - "frame.time_delta": "0.052756000", - "frame.time_delta_displayed": "0.052756000", - "frame.time_relative": "1391.768317000", - "frame.number": "4881", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000fbae", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000bb93", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "57311", - "udp.port": "1900", - "udp.port": "57311", - "udp.length": "314", - "udp.checksum": "0x0000f326", - "udp.checksum.status": "2", - "udp.stream": "109" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "23", - "http.prev_response_in": "4880" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:43.231703000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494983.231703000", - "frame.time_delta": "0.002700000", - "frame.time_delta_displayed": "0.002700000", - "frame.time_relative": "1391.771017000", - "frame.number": "4882", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "50:c7:bf:59:d5:84", - "eth.src_tree": { - "eth.src_resolved": "Tp-LinkT_59:d5:84", - "eth.addr": "50:c7:bf:59:d5:84", - "eth.addr_resolved": "Tp-LinkT_59:d5:84", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "50:c7:bf:59:d5:84", - "arp.src.proto_ipv4": "192.168.0.221", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:43.281709000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494983.281709000", - "frame.time_delta": "0.050006000", - "frame.time_delta_displayed": "0.050006000", - "frame.time_relative": "1391.821023000", - "frame.number": "4883", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000fbb4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000bb93", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "57311", - "udp.port": "1900", - "udp.port": "57311", - "udp.length": "308", - "udp.checksum": "0x000016b1", - "udp.checksum.status": "2", - "udp.stream": "109" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "24", - "http.prev_response_in": "4881" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:49.137325000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494989.137325000", - "frame.time_delta": "5.855616000", - "frame.time_delta_displayed": "5.855616000", - "frame.time_relative": "1397.676639000", - "frame.number": "4884", - "frame.len": "136", - "frame.cap_len": "136", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "122", - "ip.id": "0x0000c36a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000015ef", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "102", - "udp.checksum": "0x0000302a", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000003", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", - "dns.qry.name.len": "70", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:49.293672000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494989.293672000", - "frame.time_delta": "0.156347000", - "frame.time_delta_displayed": "0.156347000", - "frame.time_relative": "1397.832986000", - "frame.number": "4885", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x000000d7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000c880", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:49.346598000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494989.346598000", - "frame.time_delta": "0.052926000", - "frame.time_delta_displayed": "0.052926000", - "frame.time_relative": "1397.885912000", - "frame.number": "4886", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x000000d9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000c87e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:49.399437000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494989.399437000", - "frame.time_delta": "0.052839000", - "frame.time_delta_displayed": "0.052839000", - "frame.time_relative": "1397.938751000", - "frame.number": "4887", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x000000dc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000c872", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:49.452320000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494989.452320000", - "frame.time_delta": "0.052883000", - "frame.time_delta_displayed": "0.052883000", - "frame.time_relative": "1397.991634000", - "frame.number": "4888", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x000000e0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000c86e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:49.505146000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494989.505146000", - "frame.time_delta": "0.052826000", - "frame.time_delta_displayed": "0.052826000", - "frame.time_relative": "1398.044460000", - "frame.number": "4889", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x000000e2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000c872", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:49.558011000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494989.558011000", - "frame.time_delta": "0.052865000", - "frame.time_delta_displayed": "0.052865000", - "frame.time_relative": "1398.097325000", - "frame.number": "4890", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x000000e6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000c86e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:50.512202000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494990.512202000", - "frame.time_delta": "0.954191000", - "frame.time_delta_displayed": "0.954191000", - "frame.time_relative": "1399.051516000", - "frame.number": "4891", - "frame.len": "92", - "frame.cap_len": "92", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:nbns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "78", - "ip.id": "0x00005d73", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x00005a70", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "137", - "udp.dstport": "137", - "udp.port": "137", - "udp.port": "137", - "udp.length": "58", - "udp.checksum": "0x0000a424", - "udp.checksum.status": "2", - "udp.stream": "28" - }, - "nbns": { - "nbns.id": "0x00009619", - "nbns.flags": "0x00000110", - "nbns.flags_tree": { - "nbns.flags.response": "0", - "nbns.flags.opcode": "0", - "nbns.flags.truncated": "0", - "nbns.flags.recdesired": "1", - "nbns.flags.broadcast": "1" - }, - "nbns.count.queries": "1", - "nbns.count.answers": "0", - "nbns.count.auth_rr": "0", - "nbns.count.add_rr": "0", - "Queries": { - "WPAD<00>: type NB, class IN": { - "nbns.name": "WPAD<00>", - "nbns.type": "32", - "nbns.class": "1" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:50.513204000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494990.513204000", - "frame.time_delta": "0.001002000", - "frame.time_delta_displayed": "0.001002000", - "frame.time_relative": "1399.052518000", - "frame.number": "4892", - "frame.len": "84", - "frame.cap_len": "84", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:llmnr" - }, - "eth": { - "eth.dst": "33:33:00:01:00:03", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:03", - "eth.addr": "33:33:00:01:00:03", - "eth.addr_resolved": "IPv6mcast_01:00:03", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x000d917e", - "ipv6.plen": "30", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::790f:988f:49cf:68ba", - "ipv6.addr": "fe80::790f:988f:49cf:68ba", - "ipv6.src_host": "fe80::790f:988f:49cf:68ba", - "ipv6.host": "fe80::790f:988f:49cf:68ba", - "ipv6.dst": "ff02::1:3", - "ipv6.addr": "ff02::1:3", - "ipv6.dst_host": "ff02::1:3", - "ipv6.host": "ff02::1:3", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "64488", - "udp.dstport": "5355", - "udp.port": "64488", - "udp.port": "5355", - "udp.length": "30", - "udp.checksum": "0x0000e6da", - "udp.checksum.status": "2", - "udp.stream": "110" - }, - "llmnr": { - "dns.id": "0x00006d77", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.conflict": "0", - "dns.flags.truncated": "0", - "dns.flags.tentative": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "wpad: type A, class IN": { - "dns.qry.name": "wpad", - "dns.qry.name.len": "4", - "dns.count.labels": "1", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:50.513883000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494990.513883000", - "frame.time_delta": "0.000679000", - "frame.time_delta_displayed": "0.000679000", - "frame.time_relative": "1399.053197000", - "frame.number": "4893", - "frame.len": "64", - "frame.cap_len": "64", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:llmnr" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fc", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fc", - "eth.addr": "01:00:5e:00:00:fc", - "eth.addr_resolved": "IPv4mcast_fc", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "50", - "ip.id": "0x0000057a", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x00001231", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "224.0.0.252", - "ip.addr": "224.0.0.252", - "ip.dst_host": "224.0.0.252", - "ip.host": "224.0.0.252", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "64488", - "udp.dstport": "5355", - "udp.port": "64488", - "udp.port": "5355", - "udp.length": "30", - "udp.checksum": "0x0000067a", - "udp.checksum.status": "2", - "udp.stream": "111" - }, - "llmnr": { - "dns.id": "0x00006d77", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.conflict": "0", - "dns.flags.truncated": "0", - "dns.flags.tentative": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "wpad: type A, class IN": { - "dns.qry.name": "wpad", - "dns.qry.name.len": "4", - "dns.count.labels": "1", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:50.514507000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494990.514507000", - "frame.time_delta": "0.000624000", - "frame.time_delta_displayed": "0.000624000", - "frame.time_relative": "1399.053821000", - "frame.number": "4894", - "frame.len": "84", - "frame.cap_len": "84", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:llmnr" - }, - "eth": { - "eth.dst": "33:33:00:01:00:03", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:03", - "eth.addr": "33:33:00:01:00:03", - "eth.addr_resolved": "IPv6mcast_01:00:03", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00049158", - "ipv6.plen": "30", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::790f:988f:49cf:68ba", - "ipv6.addr": "fe80::790f:988f:49cf:68ba", - "ipv6.src_host": "fe80::790f:988f:49cf:68ba", - "ipv6.host": "fe80::790f:988f:49cf:68ba", - "ipv6.dst": "ff02::1:3", - "ipv6.addr": "ff02::1:3", - "ipv6.dst_host": "ff02::1:3", - "ipv6.host": "ff02::1:3", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "60720", - "udp.dstport": "5355", - "udp.port": "60720", - "udp.port": "5355", - "udp.length": "30", - "udp.checksum": "0x0000b87f", - "udp.checksum.status": "2", - "udp.stream": "112" - }, - "llmnr": { - "dns.id": "0x0000aa6f", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.conflict": "0", - "dns.flags.truncated": "0", - "dns.flags.tentative": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "wpad: type AAAA, class IN": { - "dns.qry.name": "wpad", - "dns.qry.name.len": "4", - "dns.count.labels": "1", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:50.515080000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494990.515080000", - "frame.time_delta": "0.000573000", - "frame.time_delta_displayed": "0.000573000", - "frame.time_relative": "1399.054394000", - "frame.number": "4895", - "frame.len": "64", - "frame.cap_len": "64", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:llmnr" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fc", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fc", - "eth.addr": "01:00:5e:00:00:fc", - "eth.addr_resolved": "IPv4mcast_fc", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "50", - "ip.id": "0x0000057b", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x00001230", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "224.0.0.252", - "ip.addr": "224.0.0.252", - "ip.dst_host": "224.0.0.252", - "ip.host": "224.0.0.252", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "60720", - "udp.dstport": "5355", - "udp.port": "60720", - "udp.port": "5355", - "udp.length": "30", - "udp.checksum": "0x0000d81e", - "udp.checksum.status": "2", - "udp.stream": "113" - }, - "llmnr": { - "dns.id": "0x0000aa6f", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.conflict": "0", - "dns.flags.truncated": "0", - "dns.flags.tentative": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "wpad: type AAAA, class IN": { - "dns.qry.name": "wpad", - "dns.qry.name.len": "4", - "dns.count.labels": "1", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:50.924719000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494990.924719000", - "frame.time_delta": "0.409639000", - "frame.time_delta_displayed": "0.409639000", - "frame.time_relative": "1399.464033000", - "frame.number": "4896", - "frame.len": "84", - "frame.cap_len": "84", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:llmnr" - }, - "eth": { - "eth.dst": "33:33:00:01:00:03", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:03", - "eth.addr": "33:33:00:01:00:03", - "eth.addr_resolved": "IPv6mcast_01:00:03", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x000d917e", - "ipv6.plen": "30", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::790f:988f:49cf:68ba", - "ipv6.addr": "fe80::790f:988f:49cf:68ba", - "ipv6.src_host": "fe80::790f:988f:49cf:68ba", - "ipv6.host": "fe80::790f:988f:49cf:68ba", - "ipv6.dst": "ff02::1:3", - "ipv6.addr": "ff02::1:3", - "ipv6.dst_host": "ff02::1:3", - "ipv6.host": "ff02::1:3", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "64488", - "udp.dstport": "5355", - "udp.port": "64488", - "udp.port": "5355", - "udp.length": "30", - "udp.checksum": "0x0000e6da", - "udp.checksum.status": "2", - "udp.stream": "110" - }, - "llmnr": { - "dns.id": "0x00006d77", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.conflict": "0", - "dns.flags.truncated": "0", - "dns.flags.tentative": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "wpad: type A, class IN": { - "dns.qry.name": "wpad", - "dns.qry.name.len": "4", - "dns.count.labels": "1", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:50.925344000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494990.925344000", - "frame.time_delta": "0.000625000", - "frame.time_delta_displayed": "0.000625000", - "frame.time_relative": "1399.464658000", - "frame.number": "4897", - "frame.len": "64", - "frame.cap_len": "64", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:llmnr" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fc", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fc", - "eth.addr": "01:00:5e:00:00:fc", - "eth.addr_resolved": "IPv4mcast_fc", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "50", - "ip.id": "0x0000057c", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000122f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "224.0.0.252", - "ip.addr": "224.0.0.252", - "ip.dst_host": "224.0.0.252", - "ip.host": "224.0.0.252", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "64488", - "udp.dstport": "5355", - "udp.port": "64488", - "udp.port": "5355", - "udp.length": "30", - "udp.checksum": "0x0000067a", - "udp.checksum.status": "2", - "udp.stream": "111" - }, - "llmnr": { - "dns.id": "0x00006d77", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.conflict": "0", - "dns.flags.truncated": "0", - "dns.flags.tentative": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "wpad: type A, class IN": { - "dns.qry.name": "wpad", - "dns.qry.name.len": "4", - "dns.count.labels": "1", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:50.925940000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494990.925940000", - "frame.time_delta": "0.000596000", - "frame.time_delta_displayed": "0.000596000", - "frame.time_relative": "1399.465254000", - "frame.number": "4898", - "frame.len": "84", - "frame.cap_len": "84", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:llmnr" - }, - "eth": { - "eth.dst": "33:33:00:01:00:03", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:03", - "eth.addr": "33:33:00:01:00:03", - "eth.addr_resolved": "IPv6mcast_01:00:03", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00049158", - "ipv6.plen": "30", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::790f:988f:49cf:68ba", - "ipv6.addr": "fe80::790f:988f:49cf:68ba", - "ipv6.src_host": "fe80::790f:988f:49cf:68ba", - "ipv6.host": "fe80::790f:988f:49cf:68ba", - "ipv6.dst": "ff02::1:3", - "ipv6.addr": "ff02::1:3", - "ipv6.dst_host": "ff02::1:3", - "ipv6.host": "ff02::1:3", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "60720", - "udp.dstport": "5355", - "udp.port": "60720", - "udp.port": "5355", - "udp.length": "30", - "udp.checksum": "0x0000b87f", - "udp.checksum.status": "2", - "udp.stream": "112" - }, - "llmnr": { - "dns.id": "0x0000aa6f", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.conflict": "0", - "dns.flags.truncated": "0", - "dns.flags.tentative": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "wpad: type AAAA, class IN": { - "dns.qry.name": "wpad", - "dns.qry.name.len": "4", - "dns.count.labels": "1", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:50.928466000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494990.928466000", - "frame.time_delta": "0.002526000", - "frame.time_delta_displayed": "0.002526000", - "frame.time_relative": "1399.467780000", - "frame.number": "4899", - "frame.len": "64", - "frame.cap_len": "64", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:llmnr" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fc", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fc", - "eth.addr": "01:00:5e:00:00:fc", - "eth.addr_resolved": "IPv4mcast_fc", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "50", - "ip.id": "0x0000057d", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000122e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "224.0.0.252", - "ip.addr": "224.0.0.252", - "ip.dst_host": "224.0.0.252", - "ip.host": "224.0.0.252", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "60720", - "udp.dstport": "5355", - "udp.port": "60720", - "udp.port": "5355", - "udp.length": "30", - "udp.checksum": "0x0000d81e", - "udp.checksum.status": "2", - "udp.stream": "113" - }, - "llmnr": { - "dns.id": "0x0000aa6f", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.conflict": "0", - "dns.flags.truncated": "0", - "dns.flags.tentative": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "wpad: type AAAA, class IN": { - "dns.qry.name": "wpad", - "dns.qry.name.len": "4", - "dns.count.labels": "1", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:51.262401000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494991.262401000", - "frame.time_delta": "0.333935000", - "frame.time_delta_displayed": "0.333935000", - "frame.time_relative": "1399.801715000", - "frame.number": "4900", - "frame.len": "92", - "frame.cap_len": "92", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:nbns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "78", - "ip.id": "0x00005d74", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x00005a6f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "137", - "udp.dstport": "137", - "udp.port": "137", - "udp.port": "137", - "udp.length": "58", - "udp.checksum": "0x0000a424", - "udp.checksum.status": "2", - "udp.stream": "28" - }, - "nbns": { - "nbns.id": "0x00009619", - "nbns.flags": "0x00000110", - "nbns.flags_tree": { - "nbns.flags.response": "0", - "nbns.flags.opcode": "0", - "nbns.flags.truncated": "0", - "nbns.flags.recdesired": "1", - "nbns.flags.broadcast": "1" - }, - "nbns.count.queries": "1", - "nbns.count.answers": "0", - "nbns.count.auth_rr": "0", - "nbns.count.add_rr": "0", - "Queries": { - "WPAD<00>: type NB, class IN": { - "nbns.name": "WPAD<00>", - "nbns.type": "32", - "nbns.class": "1" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:52.012910000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494992.012910000", - "frame.time_delta": "0.750509000", - "frame.time_delta_displayed": "0.750509000", - "frame.time_relative": "1400.552224000", - "frame.number": "4901", - "frame.len": "92", - "frame.cap_len": "92", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:nbns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "78", - "ip.id": "0x00005d82", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x00005a61", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "137", - "udp.dstport": "137", - "udp.port": "137", - "udp.port": "137", - "udp.length": "58", - "udp.checksum": "0x0000a424", - "udp.checksum.status": "2", - "udp.stream": "28" - }, - "nbns": { - "nbns.id": "0x00009619", - "nbns.flags": "0x00000110", - "nbns.flags_tree": { - "nbns.flags.response": "0", - "nbns.flags.opcode": "0", - "nbns.flags.truncated": "0", - "nbns.flags.recdesired": "1", - "nbns.flags.broadcast": "1" - }, - "nbns.count.queries": "1", - "nbns.count.answers": "0", - "nbns.count.auth_rr": "0", - "nbns.count.add_rr": "0", - "Queries": { - "WPAD<00>: type NB, class IN": { - "nbns.name": "WPAD<00>", - "nbns.type": "32", - "nbns.class": "1" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:52.483895000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494992.483895000", - "frame.time_delta": "0.470985000", - "frame.time_delta_displayed": "0.470985000", - "frame.time_relative": "1401.023209000", - "frame.number": "4902", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "60:57:18:8e:aa:94", - "arp.src.proto_ipv4": "192.168.0.108", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:09:58.744745000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509494998.744745000", - "frame.time_delta": "6.260850000", - "frame.time_delta_displayed": "6.260850000", - "frame.time_relative": "1407.284059000", - "frame.number": "4903", - "frame.len": "142", - "frame.cap_len": "142", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:adwin_config" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "128", - "ip.id": "0x00000b79", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ed0b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "108", - "udp.checksum": "0x000068d8", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "adwin_config": { - "adwin_config.command": "1409286244", - "adwin_config.version": "1380667970", - "adwin_config.mac": "d0:73:d5:02:41:da", - "adwin_config.unused": "", - "adwin_config.server_ip": "88.70.73.76", - "adwin_config.unused": "", - "adwin_config.netmask": "244.91.70.68", - "adwin_config.unused": "", - "adwin_config.gateway": "0.0.0.59", - "adwin_config.unused": "", - "adwin_config.dhcp": "1", - "adwin_config.port": "351456691", - "adwin_config.password": "", - "adwin_config.bootloader": "0", - "adwin_config.unused": "", - "adwin_config.description": "", - "adwin_config.date": "", - "adwin_config.revision": "", - "adwin_config.processor_type_raw": "", - "adwin_config.processor_type": "Unknown", - "adwin_config.system_type_raw": "", - "adwin_config.system_type": "Unknown" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:03.027425000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495003.027425000", - "frame.time_delta": "4.282680000", - "frame.time_delta_displayed": "4.282680000", - "frame.time_relative": "1411.566739000", - "frame.number": "4904", - "frame.len": "115", - "frame.cap_len": "115", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "101", - "ip.id": "0x00009632", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000771c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "49", - "tcp.seq": "62850", - "tcp.nxtseq": "62899", - "tcp.ack": "13413", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00005bde", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:d8:55:a7:a0:3f:86", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2545749, TSecr 2812297094": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2545749", - "tcp.options.timestamp.tsecr": "2812297094" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "49", - "tcp.analysis.push_bytes_sent": "49" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "44", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:df:7a:47:92:c6:27:f8:24:cd:ef:cc:5a:e8:5c:c4:74:93:3a:b7:e5:a1:36:1e:bb:8f:cd:1a:e3:0f:03:19:5d:30:26:e2:e0:ea" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:03.088310000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495003.088310000", - "frame.time_delta": "0.060885000", - "frame.time_delta_displayed": "0.060885000", - "frame.time_relative": "1411.627624000", - "frame.number": "4905", - "frame.len": "121", - "frame.cap_len": "121", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "107", - "ip.id": "0x00002d2d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000381b", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "55", - "tcp.seq": "13413", - "tcp.nxtseq": "13468", - "tcp.ack": "62899", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000bb25", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:5d:e0:00:26:d8:55", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812304864, TSecr 2545749": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812304864", - "tcp.options.timestamp.tsecr": "2545749" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4904", - "tcp.analysis.ack_rtt": "0.060885000", - "tcp.analysis.bytes_in_flight": "55", - "tcp.analysis.push_bytes_sent": "55" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "50", - "ssl.app_data": "34:cd:34:17:47:48:0e:95:1e:30:a6:51:a5:b0:4a:68:28:bf:0c:f3:47:34:d0:d2:3c:9b:10:22:14:73:6e:8e:cf:6c:f0:cc:d3:78:28:fa:1b:ca:d4:03:ec:36:b9:03:f1:b6" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:03.088818000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495003.088818000", - "frame.time_delta": "0.000508000", - "frame.time_delta_displayed": "0.000508000", - "frame.time_relative": "1411.628132000", - "frame.number": "4906", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00009633", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000774c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "62899", - "tcp.ack": "13468", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00004710", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:d8:5b:a7:a0:5d:e0", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2545755, TSecr 2812304864": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2545755", - "tcp.options.timestamp.tsecr": "2812304864" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4905", - "tcp.analysis.ack_rtt": "0.000508000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:03.648699000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495003.648699000", - "frame.time_delta": "0.559881000", - "frame.time_delta_displayed": "0.559881000", - "frame.time_relative": "1412.188013000", - "frame.number": "4907", - "frame.len": "722", - "frame.cap_len": "722", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "708", - "ip.id": "0x00009634", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000074bb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "656", - "tcp.seq": "62899", - "tcp.nxtseq": "63555", - "tcp.ack": "13468", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00002346", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:d8:93:a7:a0:5d:e0", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2545811, TSecr 2812304864": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2545811", - "tcp.options.timestamp.tsecr": "2812304864" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "656", - "tcp.analysis.push_bytes_sent": "656" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "651", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:e0:86:5e:f5:54:fe:d7:26:1b:24:a2:c4:d3:c9:d6:4d:c4:ce:11:fe:f6:75:15:f1:64:de:30:1f:38:83:2d:87:78:4d:81:04:0a:cd:94:b7:e9:e8:7d:06:8f:43:7f:42:89:38:de:eb:b7:73:37:d6:ed:e5:13:d2:00:52:aa:82:4a:1e:13:18:3b:b4:6c:aa:b8:f4:b2:b0:2d:c5:22:7c:55:0b:8f:3e:ea:e7:85:ec:33:a7:a8:1e:8b:43:51:7f:12:21:64:90:da:ad:f6:69:86:97:54:61:f2:3a:4a:01:8e:07:e7:ac:14:d5:58:53:e2:35:e3:2a:24:b7:56:fe:f0:b1:91:f7:d0:78:5c:14:1f:35:71:0c:aa:4c:93:fe:7b:1b:a5:d6:5c:4f:b2:01:b4:62:80:ba:1b:70:e3:20:f9:e7:d8:35:81:d0:f0:d5:35:32:43:19:ed:3a:c0:1b:39:1a:79:50:5b:72:85:ef:d4:79:02:37:8a:50:a9:15:d3:b6:81:66:76:90:58:1c:32:e6:7b:e6:2b:42:3b:84:9f:d9:ed:8a:62:b5:27:e3:34:d5:2e:b1:ea:15:d4:fc:15:95:b4:e9:d2:55:e2:42:51:45:87:68:5b:f7:9a:c2:15:8e:65:aa:21:96:6e:ae:55:33:f7:78:b4:b9:dc:18:0d:7f:d1:72:ce:9c:8b:e9:df:7e:13:d1:00:d8:30:9e:f3:74:49:73:37:fb:ea:cd:37:91:d1:4a:7a:cc:b4:58:35:52:71:ed:90:78:bf:a8:12:c2:e6:07:d2:b0:3b:96:cf:5b:eb:51:40:17:41:98:02:db:02:26:df:45:40:92:31:db:12:d0:86:64:3d:45:a4:89:80:ff:43:0a:2f:13:c6:eb:79:8d:da:35:7b:18:2e:05:03:5d:ee:0a:32:be:9f:63:5c:63:49:8d:5d:75:66:b9:94:a4:0e:f8:2f:53:12:d2:a0:63:21:ca:cd:85:6c:f4:3e:d1:63:2e:88:e5:e2:83:7f:fe:87:03:4e:fb:42:d2:aa:1e:73:46:b2:16:38:c5:66:a2:86:75:1f:c5:3d:43:8c:75:70:56:6b:67:f7:26:7c:47:f5:5b:48:d3:1a:81:5a:44:d5:65:41:ea:63:64:4a:ce:1a:28:55:57:94:5d:bf:a5:ab:2e:30:2b:26:eb:13:f3:40:b0:97:5c:93:12:47:e4:dd:7e:5e:ed:2e:a8:51:96:78:b5:cf:4e:30:db:d8:14:b0:39:65:9c:b5:75:8f:5c:37:39:19:a8:ec:5b:39:be:2d:ba:93:fd:6b:af:58:3d:d9:70:52:47:84:21:41:3b:54:9f:5a:26:00:9e:8d:99:3d:42:3d:30:05:90:88:ea:87:1d:92:a2:20:40:0a:f6:89:c1:4f:c9:b6:48:66:7a:dd:f0:51:68:1d:62:07:05:c4:aa:b0:09:1d:ba:36:ff:91:b4:65:dc:6d:29:b2:53:ba:bb:38:2c:54:28:94:1c:10:e7:8e:59:c7:f8:5d:c4:15:14:55:ea:e7:14:18:fe:b9:df:48:33:7f:b4:c3:71:c2:72:19:ba:44:44:94:d9:f8:e4:96:16:2f:e0:6d:5b:95:04:14:59:33:54:dc:6c:46:cc:6a:d1:fe:19:c2:87:fc:cc:c0:c0:57:e9:fb:16:e7:62:a7:aa:e0:7d:89:74" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:03.710038000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495003.710038000", - "frame.time_delta": "0.061339000", - "frame.time_delta_displayed": "0.061339000", - "frame.time_relative": "1412.249352000", - "frame.number": "4908", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002d2e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003822", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "13468", - "tcp.nxtseq": "13515", - "tcp.ack": "63555", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00009a37", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:5e:7b:00:26:d8:93", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812305019, TSecr 2545811": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812305019", - "tcp.options.timestamp.tsecr": "2545811" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4907", - "tcp.analysis.ack_rtt": "0.061339000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:96:73:c3:95:da:c0:58:5e:e2:1f:e7:87:f0:6c:ae:2f:1f:5e:41:a8:b3:97:16:43:3f:4c:84:ee:2b:f0:39:59:1d:99:d2" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:03.710480000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495003.710480000", - "frame.time_delta": "0.000442000", - "frame.time_delta_displayed": "0.000442000", - "frame.time_relative": "1412.249794000", - "frame.number": "4909", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00009635", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000774a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "63555", - "tcp.ack": "13515", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00004377", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:d8:9a:a7:a0:5e:7b", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2545818, TSecr 2812305019": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2545818", - "tcp.options.timestamp.tsecr": "2812305019" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4908", - "tcp.analysis.ack_rtt": "0.000442000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:03.710721000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495003.710721000", - "frame.time_delta": "0.000241000", - "frame.time_delta_displayed": "0.000241000", - "frame.time_relative": "1412.250035000", - "frame.number": "4910", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002d2f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003821", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "13515", - "tcp.nxtseq": "13562", - "tcp.ack": "63555", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00007ee6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:5e:7c:00:26:d8:93", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812305020, TSecr 2545811": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812305020", - "tcp.options.timestamp.tsecr": "2545811" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:97:21:ac:88:4e:f0:67:d9:0c:d7:f8:38:e7:19:52:64:d9:12:fa:90:b3:5b:6d:7a:45:17:97:16:09:4e:65:7c:af:18:2d" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:03.711148000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495003.711148000", - "frame.time_delta": "0.000427000", - "frame.time_delta_displayed": "0.000427000", - "frame.time_relative": "1412.250462000", - "frame.number": "4911", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00009636", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007749", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "63555", - "tcp.ack": "13562", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00004347", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:d8:9a:a7:a0:5e:7c", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2545818, TSecr 2812305020": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2545818", - "tcp.options.timestamp.tsecr": "2812305020" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4910", - "tcp.analysis.ack_rtt": "0.000427000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:04.482858000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495004.482858000", - "frame.time_delta": "0.771710000", - "frame.time_delta_displayed": "0.771710000", - "frame.time_relative": "1413.022172000", - "frame.number": "4912", - "frame.len": "94", - "frame.cap_len": "94", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "80", - "ip.id": "0x00005810", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a659", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "40", - "tcp.seq": "4958", - "tcp.nxtseq": "4998", - "tcp.ack": "505", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000071d0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "40", - "tcp.analysis.push_bytes_sent": "40" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "35", - "ssl.app_data": "c1:4c:bc:6e:d4:4e:36:e9:fd:4d:45:47:ee:a0:69:2c:d4:68:68:9c:69:8c:fb:b5:b6:ab:da:82:d5:ab:21:1c:18:ae:00" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:04.626477000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495004.626477000", - "frame.time_delta": "0.143619000", - "frame.time_delta_displayed": "0.143619000", - "frame.time_relative": "1413.165791000", - "frame.number": "4913", - "frame.len": "90", - "frame.cap_len": "90", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "76", - "ip.id": "0x00000ff9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fd74", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "36", - "tcp.seq": "505", - "tcp.nxtseq": "541", - "tcp.ack": "4998", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000046cc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4912", - "tcp.analysis.ack_rtt": "0.143619000", - "tcp.analysis.bytes_in_flight": "36", - "tcp.analysis.push_bytes_sent": "36" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "31", - "ssl.app_data": "54:26:79:5a:1e:3d:fa:6e:9c:16:0e:9c:54:78:26:de:db:05:aa:7f:eb:c9:83:10:8e:f6:a7:cf:7e:1f:07" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:04.626998000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495004.626998000", - "frame.time_delta": "0.000521000", - "frame.time_delta_displayed": "0.000521000", - "frame.time_relative": "1413.166312000", - "frame.number": "4914", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005811", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a680", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "4998", - "tcp.ack": "541", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f11d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "4913", - "tcp.analysis.ack_rtt": "0.000521000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:06.621934000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495006.621934000", - "frame.time_delta": "1.994936000", - "frame.time_delta_displayed": "1.994936000", - "frame.time_relative": "1415.161248000", - "frame.number": "4915", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005d96", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x00005a53", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:09.128415000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495009.128415000", - "frame.time_delta": "2.506481000", - "frame.time_delta_displayed": "2.506481000", - "frame.time_relative": "1417.667729000", - "frame.number": "4916", - "frame.len": "136", - "frame.cap_len": "136", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "122", - "ip.id": "0x0000cace", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00000e8b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "102", - "udp.checksum": "0x0000302a", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000003", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", - "dns.qry.name.len": "70", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:22.650463000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495022.650463000", - "frame.time_delta": "13.522048000", - "frame.time_delta_displayed": "13.522048000", - "frame.time_relative": "1431.189777000", - "frame.number": "4917", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001f57", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b899", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00001874", - "udp.checksum.status": "2", - "udp.stream": "98" - }, - "mdns": { - "dns.id": "0x00000281", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=641", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:22.650872000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495022.650872000", - "frame.time_delta": "0.000409000", - "frame.time_delta_displayed": "0.000409000", - "frame.time_relative": "1431.190186000", - "frame.number": "4918", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001f58", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009994", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f96f", - "udp.checksum.status": "2", - "udp.stream": "99" - }, - "mdns": { - "dns.id": "0x00000281", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=641", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:22.651488000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495022.651488000", - "frame.time_delta": "0.000616000", - "frame.time_delta_displayed": "0.000616000", - "frame.time_relative": "1431.190802000", - "frame.number": "4919", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1322", - "udp.dstport": "5353", - "udp.port": "1322", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00008735", - "udp.checksum.status": "2", - "udp.stream": "100" - }, - "mdns": { - "dns.id": "0x00000281", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=641", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:27.650621000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495027.650621000", - "frame.time_delta": "4.999133000", - "frame.time_delta_displayed": "4.999133000", - "frame.time_relative": "1436.189935000", - "frame.number": "4920", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001f59", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b897", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00001874", - "udp.checksum.status": "2", - "udp.stream": "98" - }, - "mdns": { - "dns.id": "0x00000281", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=641", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:27.651147000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495027.651147000", - "frame.time_delta": "0.000526000", - "frame.time_delta_displayed": "0.000526000", - "frame.time_relative": "1436.190461000", - "frame.number": "4921", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001f5a", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009992", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f96f", - "udp.checksum.status": "2", - "udp.stream": "99" - }, - "mdns": { - "dns.id": "0x00000281", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=641", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:27.651769000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495027.651769000", - "frame.time_delta": "0.000622000", - "frame.time_delta_displayed": "0.000622000", - "frame.time_relative": "1436.191083000", - "frame.number": "4922", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1322", - "udp.dstport": "5353", - "udp.port": "1322", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00008735", - "udp.checksum.status": "2", - "udp.stream": "100" - }, - "mdns": { - "dns.id": "0x00000281", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=641", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:28.852920000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495028.852920000", - "frame.time_delta": "1.201151000", - "frame.time_delta_displayed": "1.201151000", - "frame.time_relative": "1437.392234000", - "frame.number": "4923", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "3c:ef:8c:6f:79:5a", - "eth.src_tree": { - "eth.src_resolved": "Zhejiang_6f:79:5a", - "eth.addr": "3c:ef:8c:6f:79:5a", - "eth.addr_resolved": "Zhejiang_6f:79:5a", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.isgratuitous": "1", - "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", - "arp.src.proto_ipv4": "192.168.0.71", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.71" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:29.110923000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495029.110923000", - "frame.time_delta": "0.258003000", - "frame.time_delta_displayed": "0.258003000", - "frame.time_relative": "1437.650237000", - "frame.number": "4924", - "frame.len": "136", - "frame.cap_len": "136", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "122", - "ip.id": "0x0000d026", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00000933", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "102", - "udp.checksum": "0x0000302a", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000003", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", - "dns.qry.name.len": "70", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:32.650909000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495032.650909000", - "frame.time_delta": "3.539986000", - "frame.time_delta_displayed": "3.539986000", - "frame.time_relative": "1441.190223000", - "frame.number": "4925", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001f5b", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b895", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00001874", - "udp.checksum.status": "2", - "udp.stream": "98" - }, - "mdns": { - "dns.id": "0x00000281", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=641", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:32.651427000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495032.651427000", - "frame.time_delta": "0.000518000", - "frame.time_delta_displayed": "0.000518000", - "frame.time_relative": "1441.190741000", - "frame.number": "4926", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001f5c", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009990", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f96f", - "udp.checksum.status": "2", - "udp.stream": "99" - }, - "mdns": { - "dns.id": "0x00000281", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=641", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:32.652059000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495032.652059000", - "frame.time_delta": "0.000632000", - "frame.time_delta_displayed": "0.000632000", - "frame.time_relative": "1441.191373000", - "frame.number": "4927", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1322", - "udp.dstport": "5353", - "udp.port": "1322", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00008735", - "udp.checksum.status": "2", - "udp.stream": "100" - }, - "mdns": { - "dns.id": "0x00000281", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=641", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:34.659291000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495034.659291000", - "frame.time_delta": "2.007232000", - "frame.time_delta_displayed": "2.007232000", - "frame.time_relative": "1443.198605000", - "frame.number": "4928", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005812", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a67f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "4997", - "tcp.ack": "541", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f11e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive": "", - "_ws.expert.message": "TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:34.739212000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495034.739212000", - "frame.time_delta": "0.079921000", - "frame.time_delta_displayed": "0.079921000", - "frame.time_relative": "1443.278526000", - "frame.number": "4929", - "frame.len": "115", - "frame.cap_len": "115", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "101", - "ip.id": "0x00009637", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007717", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "49", - "tcp.seq": "63555", - "tcp.nxtseq": "63604", - "tcp.ack": "13562", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00007dd5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:e4:b9:a7:a0:5e:7c", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2548921, TSecr 2812305020": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2548921", - "tcp.options.timestamp.tsecr": "2812305020" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "49", - "tcp.analysis.push_bytes_sent": "49" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "44", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:e1:d0:cf:8d:2a:b2:70:06:c4:b6:1b:7e:55:cd:15:c7:60:ea:48:75:48:11:68:7f:95:f6:96:14:49:b0:cc:a3:e5:0b:a8:bc:f5" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:34.800467000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495034.800467000", - "frame.time_delta": "0.061255000", - "frame.time_delta_displayed": "0.061255000", - "frame.time_relative": "1443.339781000", - "frame.number": "4930", - "frame.len": "121", - "frame.cap_len": "121", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "107", - "ip.id": "0x00002d30", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003818", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "55", - "tcp.seq": "13562", - "tcp.nxtseq": "13617", - "tcp.ack": "63604", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f482", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:7c:d8:00:26:e4:b9", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812312792, TSecr 2548921": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812312792", - "tcp.options.timestamp.tsecr": "2548921" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4929", - "tcp.analysis.ack_rtt": "0.061255000", - "tcp.analysis.bytes_in_flight": "55", - "tcp.analysis.push_bytes_sent": "55" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "50", - "ssl.app_data": "34:cd:34:17:47:48:0e:98:b3:fc:91:24:2f:69:c7:f7:04:9e:84:e8:3f:30:77:97:39:34:a8:03:6b:18:9c:4b:81:3c:0f:46:3a:78:6b:9f:f6:25:23:db:59:b2:00:d0:f5:89" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:34.800971000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495034.800971000", - "frame.time_delta": "0.000504000", - "frame.time_delta_displayed": "0.000504000", - "frame.time_relative": "1443.340285000", - "frame.number": "4931", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00009638", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007747", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "63604", - "tcp.ack": "13617", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000185e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:e4:bf:a7:a0:7c:d8", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2548927, TSecr 2812312792": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2548927", - "tcp.options.timestamp.tsecr": "2812312792" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4930", - "tcp.analysis.ack_rtt": "0.000504000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:34.802371000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495034.802371000", - "frame.time_delta": "0.001400000", - "frame.time_delta_displayed": "0.001400000", - "frame.time_relative": "1443.341685000", - "frame.number": "4932", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000ffa", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fd97", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "541", - "tcp.ack": "4998", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000fb93", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive_ack": "", - "_ws.expert.message": "ACK to a TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:36.631831000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495036.631831000", - "frame.time_delta": "1.829460000", - "frame.time_delta_displayed": "1.829460000", - "frame.time_relative": "1445.171145000", - "frame.number": "4933", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005da5", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x00005a44", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:37.243462000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495037.243462000", - "frame.time_delta": "0.611631000", - "frame.time_delta_displayed": "0.611631000", - "frame.time_relative": "1445.782776000", - "frame.number": "4934", - "frame.len": "83", - "frame.cap_len": "83", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "69", - "ip.id": "0x0000d1e6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000007a8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "49", - "udp.checksum": "0x0000edf6", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_smartthings._tcp.local", - "dns.qry.name.len": "23", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:37.254446000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495037.254446000", - "frame.time_delta": "0.010984000", - "frame.time_delta_displayed": "0.010984000", - "frame.time_relative": "1445.793760000", - "frame.number": "4935", - "frame.len": "211", - "frame.cap_len": "211", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "197", - "ip.id": "0x000086d6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000051bb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "177", - "udp.checksum": "0x00009320", - "udp.checksum.status": "2", - "udp.stream": "45" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00008400", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "1", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.recavail": "0", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "0", - "dns.count.answers": "4", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Answers": { - "_smartthings._tcp.local: type PTR, class IN, D052A8A1D7EE0001._smartthings._tcp.local": { - "dns.resp.name": "_smartthings._tcp.local", - "dns.resp.type": "12", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "4500", - "dns.resp.len": "19", - "dns.ptr.domain_name": "D052A8A1D7EE0001._smartthings._tcp.local" - }, - "D052A8A1D7EE0001._smartthings._tcp.local: type TXT, class IN, cache flush": { - "dns.resp.name": "D052A8A1D7EE0001._smartthings._tcp.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "1", - "dns.resp.ttl": "4500", - "dns.resp.len": "38", - "dns.txt.length": "6", - "dns.txt": "path=\/", - "dns.txt.length": "19", - "dns.txt": "id=D052A8A1D7EE0001", - "dns.txt.length": "10", - "dns.txt": "type=hubv2" - }, - "D052A8A1D7EE0001._smartthings._tcp.local: type SRV, class IN, cache flush, priority 0, weight 0, port 8081, target D052A8A1D7EE0001.local": { - "dns.srv.service": "D052A8A1D7EE0001", - "dns.srv.proto": "_smartthings", - "dns.srv.name": "_tcp.local", - "dns.resp.type": "33", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "1", - "dns.resp.ttl": "120", - "dns.resp.len": "25", - "dns.srv.priority": "0", - "dns.srv.weight": "0", - "dns.srv.port": "8081", - "dns.srv.target": "D052A8A1D7EE0001.local" - }, - "D052A8A1D7EE0001.local: type A, class IN, cache flush, addr 192.168.0.242": { - "dns.resp.name": "D052A8A1D7EE0001.local", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "1", - "dns.resp.ttl": "120", - "dns.resp.len": "4", - "dns.a": "192.168.0.242" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:37.464985000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495037.464985000", - "frame.time_delta": "0.210539000", - "frame.time_delta_displayed": "0.210539000", - "frame.time_relative": "1446.004299000", - "frame.number": "4936", - "frame.len": "83", - "frame.cap_len": "83", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "69", - "ip.id": "0x0000d1ee", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000007a0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "49", - "udp.checksum": "0x0000edf6", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_smartthings._tcp.local", - "dns.qry.name.len": "23", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:37.693891000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495037.693891000", - "frame.time_delta": "0.228906000", - "frame.time_delta_displayed": "0.228906000", - "frame.time_relative": "1446.233205000", - "frame.number": "4937", - "frame.len": "83", - "frame.cap_len": "83", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "69", - "ip.id": "0x0000d217", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00000777", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "49", - "udp.checksum": "0x0000edf6", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_smartthings._tcp.local", - "dns.qry.name.len": "23", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:39.810229000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495039.810229000", - "frame.time_delta": "2.116338000", - "frame.time_delta_displayed": "2.116338000", - "frame.time_relative": "1448.349543000", - "frame.number": "4938", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.160" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:39.810703000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495039.810703000", - "frame.time_delta": "0.000474000", - "frame.time_delta_displayed": "0.000474000", - "frame.time_relative": "1448.350017000", - "frame.number": "4939", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.242" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:39.810888000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495039.810888000", - "frame.time_delta": "0.000185000", - "frame.time_delta_displayed": "0.000185000", - "frame.time_relative": "1448.350202000", - "frame.number": "4940", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "00:17:88:69:ee:e4", - "arp.src.proto_ipv4": "192.168.0.160", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:39.810900000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495039.810900000", - "frame.time_delta": "0.000012000", - "frame.time_delta_displayed": "0.000012000", - "frame.time_relative": "1448.350214000", - "frame.number": "4941", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "d0:52:a8:a3:60:0f", - "arp.src.proto_ipv4": "192.168.0.242", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:40.203183000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495040.203183000", - "frame.time_delta": "0.392283000", - "frame.time_delta_displayed": "0.392283000", - "frame.time_relative": "1448.742497000", - "frame.number": "4942", - "frame.len": "134", - "frame.cap_len": "134", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:adwin_config" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "120", - "ip.id": "0x00000b7c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ed10", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "100", - "udp.checksum": "0x00005267", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "adwin_config": { - "adwin_config.pattern": "0x5c000054", - "adwin_config.version": "1112689490", - "adwin_config.scan_id": "0xd073d502", - "adwin_config.status": "0x41da0000", - "adwin_config.timeout": "1279870552", - "adwin_config.filename": "V2", - "adwin_config.mac": "02:d3:af:c3:9f:42", - "adwin_config.unused": "" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:42.493618000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495042.493618000", - "frame.time_delta": "2.290435000", - "frame.time_delta_displayed": "2.290435000", - "frame.time_relative": "1451.032932000", - "frame.number": "4943", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x00001095", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000b8c2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:42.546439000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495042.546439000", - "frame.time_delta": "0.052821000", - "frame.time_delta_displayed": "0.052821000", - "frame.time_relative": "1451.085753000", - "frame.number": "4944", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x0000109a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000b8bd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:42.599354000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495042.599354000", - "frame.time_delta": "0.052915000", - "frame.time_delta_displayed": "0.052915000", - "frame.time_relative": "1451.138668000", - "frame.number": "4945", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x0000109b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000b8b3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:42.652464000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495042.652464000", - "frame.time_delta": "0.053110000", - "frame.time_delta_displayed": "0.053110000", - "frame.time_relative": "1451.191778000", - "frame.number": "4946", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x000010a0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000b8ae", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:42.705402000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495042.705402000", - "frame.time_delta": "0.052938000", - "frame.time_delta_displayed": "0.052938000", - "frame.time_relative": "1451.244716000", - "frame.number": "4947", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x000010a1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000b8b3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:42.757833000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495042.757833000", - "frame.time_delta": "0.052431000", - "frame.time_delta_displayed": "0.052431000", - "frame.time_relative": "1451.297147000", - "frame.number": "4948", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x000010a4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000b8b0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:43.857050000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495043.857050000", - "frame.time_delta": "1.099217000", - "frame.time_delta_displayed": "1.099217000", - "frame.time_relative": "1452.396364000", - "frame.number": "4949", - "frame.len": "20", - "frame.cap_len": "20", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:llc" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.len": "6" - }, - "llc": { - "llc.dsap": "0x00000000", - "llc.dsap_tree": { - "llc.dsap.sap": "0", - "llc.dsap.ig": "0" - }, - "llc.ssap": "0x00000001", - "llc.ssap_tree": { - "llc.ssap.sap": "0", - "llc.ssap.cr": "1" - }, - "llc.control": "0x000000af", - "llc.control_tree": { - "llc.control.u_modifier_resp": "0x0000002b", - "llc.control.ftype": "0x00000003" - } - }, - "basicxid": { - "basicxid.llc.xid.format": "0x00000081", - "basicxid.llc.xid.types": "0x00000001", - "basicxid.llc.xid.wsize": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:44.109041000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495044.109041000", - "frame.time_delta": "0.251991000", - "frame.time_delta_displayed": "0.251991000", - "frame.time_relative": "1452.648355000", - "frame.number": "4950", - "frame.len": "350", - "frame.cap_len": "350", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:bootp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "336", - "ip.id": "0x00000000", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ba9d", - "ip.checksum.status": "2", - "ip.src": "0.0.0.0", - "ip.addr": "0.0.0.0", - "ip.src_host": "0.0.0.0", - "ip.host": "0.0.0.0", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "68", - "udp.dstport": "67", - "udp.port": "68", - "udp.port": "67", - "udp.length": "316", - "udp.checksum": "0x00004f9e", - "udp.checksum.status": "2", - "udp.stream": "3" - }, - "bootp": { - "bootp.type": "1", - "bootp.hw.type": "0x00000001", - "bootp.hw.len": "6", - "bootp.hops": "0", - "bootp.id": "0xabcd0001", - "bootp.secs": "0", - "bootp.flags": "0x00000000", - "bootp.flags_tree": { - "bootp.flags.bc": "0", - "bootp.flags.reserved": "0x00000000" - }, - "bootp.ip.client": "0.0.0.0", - "bootp.ip.your": "0.0.0.0", - "bootp.ip.server": "0.0.0.0", - "bootp.ip.relay": "0.0.0.0", - "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", - "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", - "bootp.server": "", - "bootp.file": "", - "bootp.dhcp": "1", - "bootp.cookie": "99.130.83.99", - "bootp.option.type": "53", - "bootp.option.type_tree": { - "bootp.option.length": "1", - "bootp.option.value": "01", - "bootp.option.dhcp": "1" - }, - "bootp.option.type": "12", - "bootp.option.type_tree": { - "bootp.option.length": "14", - "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", - "bootp.option.hostname": "USR-WIFI232-G2" - }, - "bootp.option.type": "57", - "bootp.option.type_tree": { - "bootp.option.length": "2", - "bootp.option.value": "05:dc", - "bootp.option.dhcp_max_message_size": "1500" - }, - "bootp.option.type": "55", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "01:03:1c:06", - "bootp.option.request_list_item": "1", - "bootp.option.request_list_item": "3", - "bootp.option.request_list_item": "28", - "bootp.option.request_list_item": "6" - }, - "bootp.option.type": "0", - "bootp.option.type_tree": { - "bootp.option.end": "255" - }, - "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:44.133070000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495044.133070000", - "frame.time_delta": "0.024029000", - "frame.time_delta_displayed": "0.024029000", - "frame.time_relative": "1452.672384000", - "frame.number": "4951", - "frame.len": "350", - "frame.cap_len": "350", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:bootp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "336", - "ip.id": "0x00000001", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ba9c", - "ip.checksum.status": "2", - "ip.src": "0.0.0.0", - "ip.addr": "0.0.0.0", - "ip.src_host": "0.0.0.0", - "ip.host": "0.0.0.0", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "68", - "udp.dstport": "67", - "udp.port": "68", - "udp.port": "67", - "udp.length": "316", - "udp.checksum": "0x000080b3", - "udp.checksum.status": "2", - "udp.stream": "3" - }, - "bootp": { - "bootp.type": "1", - "bootp.hw.type": "0x00000001", - "bootp.hw.len": "6", - "bootp.hops": "0", - "bootp.id": "0xabcd0002", - "bootp.secs": "0", - "bootp.flags": "0x00000000", - "bootp.flags_tree": { - "bootp.flags.bc": "0", - "bootp.flags.reserved": "0x00000000" - }, - "bootp.ip.client": "0.0.0.0", - "bootp.ip.your": "0.0.0.0", - "bootp.ip.server": "0.0.0.0", - "bootp.ip.relay": "0.0.0.0", - "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", - "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", - "bootp.server": "", - "bootp.file": "", - "bootp.dhcp": "1", - "bootp.cookie": "99.130.83.99", - "bootp.option.type": "53", - "bootp.option.type_tree": { - "bootp.option.length": "1", - "bootp.option.value": "03", - "bootp.option.dhcp": "3" - }, - "bootp.option.type": "12", - "bootp.option.type_tree": { - "bootp.option.length": "14", - "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", - "bootp.option.hostname": "USR-WIFI232-G2" - }, - "bootp.option.type": "57", - "bootp.option.type_tree": { - "bootp.option.length": "2", - "bootp.option.value": "05:dc", - "bootp.option.dhcp_max_message_size": "1500" - }, - "bootp.option.type": "50", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "c0:a8:00:72", - "bootp.option.requested_ip_address": "192.168.0.114" - }, - "bootp.option.type": "54", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "c0:a8:00:01", - "bootp.option.dhcp_server_id": "192.168.0.1" - }, - "bootp.option.type": "55", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "01:03:1c:06", - "bootp.option.request_list_item": "1", - "bootp.option.request_list_item": "3", - "bootp.option.request_list_item": "28", - "bootp.option.request_list_item": "6" - }, - "bootp.option.type": "0", - "bootp.option.type_tree": { - "bootp.option.end": "255" - }, - "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:44.163409000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495044.163409000", - "frame.time_delta": "0.030339000", - "frame.time_delta_displayed": "0.030339000", - "frame.time_relative": "1452.702723000", - "frame.number": "4952", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", - "arp.src.proto_ipv4": "0.0.0.0", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.114" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:44.439306000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495044.439306000", - "frame.time_delta": "0.275897000", - "frame.time_delta_displayed": "0.275897000", - "frame.time_relative": "1452.978620000", - "frame.number": "4953", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", - "arp.src.proto_ipv4": "0.0.0.0", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.114" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:49.079778000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495049.079778000", - "frame.time_delta": "4.640472000", - "frame.time_delta_displayed": "4.640472000", - "frame.time_relative": "1457.619092000", - "frame.number": "4954", - "frame.len": "146", - "frame.cap_len": "146", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "132", - "ip.id": "0x00002d31", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037fe", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "80", - "tcp.seq": "13617", - "tcp.nxtseq": "13697", - "tcp.ack": "63604", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00006325", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:8a:ca:00:26:e4:bf", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812316362, TSecr 2548927": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812316362", - "tcp.options.timestamp.tsecr": "2548927" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "80", - "tcp.analysis.push_bytes_sent": "80" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "75", - "ssl.app_data": "34:cd:34:17:47:48:0e:99:84:00:23:e4:52:68:d0:2e:56:75:d6:47:41:b3:69:54:b3:5a:43:63:56:8b:8c:8b:1f:69:41:f8:a4:d9:1d:b3:47:79:32:01:0f:30:2c:ac:f1:78:c4:be:80:39:7c:da:6e:a0:be:d0:b4:26:28:1a:58:1a:f4:dc:f6:f6:ea:6f:45:c6:95" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:49.080255000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495049.080255000", - "frame.time_delta": "0.000477000", - "frame.time_delta_displayed": "0.000477000", - "frame.time_relative": "1457.619569000", - "frame.number": "4955", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00009639", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007746", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "63604", - "tcp.ack": "13697", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00000488", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:ea:53:a7:a0:8a:ca", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2550355, TSecr 2812316362": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2550355", - "tcp.options.timestamp.tsecr": "2812316362" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4954", - "tcp.analysis.ack_rtt": "0.000477000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:49.085946000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495049.085946000", - "frame.time_delta": "0.005691000", - "frame.time_delta_displayed": "0.005691000", - "frame.time_relative": "1457.625260000", - "frame.number": "4956", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x0000963a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007716", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "63604", - "tcp.nxtseq": "63651", - "tcp.ack": "13697", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00005e9c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:ea:53:a7:a0:8a:ca", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2550355, TSecr 2812316362": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2550355", - "tcp.options.timestamp.tsecr": "2812316362" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:e2:23:7b:62:b9:fd:03:5f:45:99:da:f9:cd:40:ff:ac:da:06:ad:05:eb:de:1d:12:5c:63:d9:11:30:a5:a5:3f:ec:d8:15" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:49.141741000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495049.141741000", - "frame.time_delta": "0.055795000", - "frame.time_delta_displayed": "0.055795000", - "frame.time_relative": "1457.681055000", - "frame.number": "4957", - "frame.len": "136", - "frame.cap_len": "136", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "122", - "ip.id": "0x0000d710", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00000249", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "102", - "udp.checksum": "0x0000302a", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000003", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", - "dns.qry.name.len": "70", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:49.168769000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495049.168769000", - "frame.time_delta": "0.027028000", - "frame.time_delta_displayed": "0.027028000", - "frame.time_relative": "1457.708083000", - "frame.number": "4958", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", - "arp.src.proto_ipv4": "192.168.0.114", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:49.186294000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495049.186294000", - "frame.time_delta": "0.017525000", - "frame.time_delta_displayed": "0.017525000", - "frame.time_relative": "1457.725608000", - "frame.number": "4959", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d32", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000384d", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "13697", - "tcp.ack": "63651", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000052d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:8a:e5:00:26:ea:53", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812316389, TSecr 2550355": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812316389", - "tcp.options.timestamp.tsecr": "2550355" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4956", - "tcp.analysis.ack_rtt": "0.100348000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:51.080900000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495051.080900000", - "frame.time_delta": "1.894606000", - "frame.time_delta_displayed": "1.894606000", - "frame.time_relative": "1459.620214000", - "frame.number": "4960", - "frame.len": "146", - "frame.cap_len": "146", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "132", - "ip.id": "0x00002d33", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037fc", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "80", - "tcp.seq": "13697", - "tcp.nxtseq": "13777", - "tcp.ack": "63651", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000e0c3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:8c:be:00:26:ea:53", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812316862, TSecr 2550355": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812316862", - "tcp.options.timestamp.tsecr": "2550355" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "80", - "tcp.analysis.push_bytes_sent": "80" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "75", - "ssl.app_data": "34:cd:34:17:47:48:0e:9a:64:f1:7c:c7:d8:67:96:80:09:bd:f4:46:af:67:a2:36:c7:95:10:7b:90:e2:1e:17:2e:dc:ca:d9:42:cb:0b:34:07:ed:d0:82:e5:a7:c1:eb:6d:71:a6:18:cb:f8:77:e8:2b:82:2e:83:d8:23:00:98:6a:fe:d7:f9:9c:b9:9b:93:27:7d:5a" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:51.085903000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495051.085903000", - "frame.time_delta": "0.005003000", - "frame.time_delta_displayed": "0.005003000", - "frame.time_relative": "1459.625217000", - "frame.number": "4961", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x0000963b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007715", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "63651", - "tcp.nxtseq": "63698", - "tcp.ack": "13777", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00002b41", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:eb:1b:a7:a0:8c:be", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2550555, TSecr 2812316862": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2550555", - "tcp.options.timestamp.tsecr": "2812316862" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4960", - "tcp.analysis.ack_rtt": "0.005003000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:e3:cb:27:e6:ea:15:a0:3b:14:a0:65:d6:ac:a0:c2:d9:b4:af:5a:11:4d:2d:fa:c7:b6:df:18:22:28:4f:65:fd:8f:bb:12" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:51.146106000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495051.146106000", - "frame.time_delta": "0.060203000", - "frame.time_delta_displayed": "0.060203000", - "frame.time_relative": "1459.685420000", - "frame.number": "4962", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d34", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000384b", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "13777", - "tcp.ack": "63698", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000001fd", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:8c:ce:00:26:eb:1b", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812316878, TSecr 2550555": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812316878", - "tcp.options.timestamp.tsecr": "2550555" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4961", - "tcp.analysis.ack_rtt": "0.060203000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:52.132874000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495052.132874000", - "frame.time_delta": "0.986768000", - "frame.time_delta_displayed": "0.986768000", - "frame.time_relative": "1460.672188000", - "frame.number": "4963", - "frame.len": "122", - "frame.cap_len": "122", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "108", - "ip.id": "0x0000963c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000770b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "56", - "tcp.seq": "63698", - "tcp.nxtseq": "63754", - "tcp.ack": "13777", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00006127", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:eb:84:a7:a0:8c:ce", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2550660, TSecr 2812316878": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2550660", - "tcp.options.timestamp.tsecr": "2812316878" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "56", - "tcp.analysis.push_bytes_sent": "56" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "51", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:e4:74:fa:ce:63:be:ac:58:56:b4:65:53:b7:ae:c0:8c:fe:1a:07:2c:9b:06:2c:50:82:bf:c8:17:c3:ad:fa:4f:5a:60:bd:16:47:59:8b:44:4d:a5:65:52" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:52.193133000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495052.193133000", - "frame.time_delta": "0.060259000", - "frame.time_delta_displayed": "0.060259000", - "frame.time_relative": "1460.732447000", - "frame.number": "4964", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d35", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000384a", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "13777", - "tcp.ack": "63754", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00000056", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:8d:d4:00:26:eb:84", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812317140, TSecr 2550660": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812317140", - "tcp.options.timestamp.tsecr": "2550660" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4963", - "tcp.analysis.ack_rtt": "0.060259000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:52.193580000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495052.193580000", - "frame.time_delta": "0.000447000", - "frame.time_delta_displayed": "0.000447000", - "frame.time_relative": "1460.732894000", - "frame.number": "4965", - "frame.len": "415", - "frame.cap_len": "415", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "401", - "ip.id": "0x0000963d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000075e5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "349", - "tcp.seq": "63754", - "tcp.nxtseq": "64103", - "tcp.ack": "13777", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00005ef6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:eb:8a:a7:a0:8d:d4", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2550666, TSecr 2812317140": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2550666", - "tcp.options.timestamp.tsecr": "2812317140" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "349", - "tcp.analysis.push_bytes_sent": "349" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "344", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:e5:b6:34:a6:2e:b9:9b:26:6a:80:c9:95:f0:0d:fb:3f:be:b0:d1:05:6c:f1:b5:7f:d1:c8:61:e5:20:60:94:88:57:31:b8:ba:6a:7a:31:38:08:18:c0:29:eb:79:ab:97:b0:b9:98:fa:7b:9f:9c:38:d6:85:0b:0a:6d:b6:a8:ff:af:7f:35:76:37:4d:af:54:dc:2a:f1:72:f9:0e:3c:71:85:b8:9a:66:4f:5b:c6:19:d0:ec:f0:71:64:9f:e3:0e:8d:52:9c:ea:a2:4e:a2:e5:3c:7d:49:87:cf:26:22:a3:8b:ac:39:20:a5:74:5e:15:a5:02:6d:a5:54:88:33:4f:32:3d:ab:52:a8:40:67:0b:98:f6:19:95:c3:fb:4e:bf:3a:52:35:08:7c:d1:22:2e:31:40:a5:e0:4a:01:ea:8d:b9:1f:8c:35:a0:70:93:b0:25:5c:85:a2:d5:30:3a:50:95:d0:b8:04:9d:c8:78:4d:26:1f:02:d2:3d:67:f6:90:60:24:23:00:07:a2:ad:d9:11:ad:a5:25:da:d4:3c:3a:97:3d:8d:46:5d:e2:b2:de:07:6e:9f:ce:26:58:69:0d:dd:c0:8a:fa:b8:4a:62:b4:75:c4:3c:d2:cc:68:8a:f8:8d:33:31:7c:7c:33:fc:8f:8c:6d:9a:5d:1a:00:8d:5d:4a:91:f5:a2:b5:27:86:4e:a7:4d:94:d9:a5:07:17:cf:6a:2a:07:28:b1:86:8a:1c:0e:ad:9f:8f:cc:19:66:ee:b7:63:dd:73:04:ec:cb:90:82:5c:4f:bf:9b:59:05:1a:7d:36:0e:31:9e:0d:b9:d7:41:ac:c2:65:52:cc:02:97:28:3d:bf:27:50:72:b4:53:8d:4f:1b:73:d5:b4:8d:77:40" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:52.195295000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495052.195295000", - "frame.time_delta": "0.001715000", - "frame.time_delta_displayed": "0.001715000", - "frame.time_relative": "1460.734609000", - "frame.number": "4966", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002d36", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000381a", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "13777", - "tcp.nxtseq": "13824", - "tcp.ack": "63754", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000702c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:8d:d5:00:26:eb:84", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812317141, TSecr 2550660": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812317141", - "tcp.options.timestamp.tsecr": "2550660" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:9b:06:b4:af:6b:28:b4:13:3b:19:d4:43:50:06:72:d6:c1:eb:ac:72:81:7a:24:34:a7:29:6d:08:fb:c8:3a:6a:54:91:2b" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:52.227919000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495052.227919000", - "frame.time_delta": "0.032624000", - "frame.time_delta_displayed": "0.032624000", - "frame.time_relative": "1460.767233000", - "frame.number": "4967", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000963e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007741", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "64103", - "tcp.ack": "13824", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000fdcf", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:eb:8e:a7:a0:8d:d5", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2550670, TSecr 2812317141": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2550670", - "tcp.options.timestamp.tsecr": "2812317141" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4966", - "tcp.analysis.ack_rtt": "0.032624000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:52.254467000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495052.254467000", - "frame.time_delta": "0.026548000", - "frame.time_delta_displayed": "0.026548000", - "frame.time_relative": "1460.793781000", - "frame.number": "4968", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002d37", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003819", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "13824", - "tcp.nxtseq": "13871", - "tcp.ack": "64103", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00006fe4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:8d:e4:00:26:eb:8a", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812317156, TSecr 2550666": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812317156", - "tcp.options.timestamp.tsecr": "2550666" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4965", - "tcp.analysis.ack_rtt": "0.060887000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:9c:de:66:38:9d:b0:19:41:30:8e:37:74:bd:59:be:bb:23:9e:de:83:e2:a9:19:2c:ae:c2:83:75:ca:88:68:31:b5:cb:67" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:52.254896000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495052.254896000", - "frame.time_delta": "0.000429000", - "frame.time_delta_displayed": "0.000429000", - "frame.time_relative": "1460.794210000", - "frame.number": "4969", - "frame.len": "122", - "frame.cap_len": "122", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "108", - "ip.id": "0x0000963f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007708", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "56", - "tcp.seq": "64103", - "tcp.nxtseq": "64159", - "tcp.ack": "13871", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000db41", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:eb:90:a7:a0:8d:e4", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2550672, TSecr 2812317156": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2550672", - "tcp.options.timestamp.tsecr": "2812317156" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4968", - "tcp.analysis.ack_rtt": "0.000429000", - "tcp.analysis.bytes_in_flight": "56", - "tcp.analysis.push_bytes_sent": "56" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "51", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:e6:cd:51:4a:7d:ec:e4:56:49:2c:d3:0d:34:cd:b9:82:06:ab:54:e5:52:bb:e8:b1:b2:7a:31:fa:0d:5b:83:c0:26:d7:03:ca:15:59:2b:7f:a6:57:55:a9" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:52.316254000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495052.316254000", - "frame.time_delta": "0.061358000", - "frame.time_delta_displayed": "0.061358000", - "frame.time_relative": "1460.855568000", - "frame.number": "4970", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002d38", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003818", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "13871", - "tcp.nxtseq": "13918", - "tcp.ack": "64159", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000064d5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:8d:f3:00:26:eb:90", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812317171, TSecr 2550672": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812317171", - "tcp.options.timestamp.tsecr": "2550672" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4969", - "tcp.analysis.ack_rtt": "0.061358000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:9d:be:a0:bf:cf:77:1a:9c:66:bd:4a:31:cc:da:5e:f8:58:69:c0:e8:98:8f:80:29:bf:7d:37:16:a8:e9:91:f5:85:97:3a" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:52.347975000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495052.347975000", - "frame.time_delta": "0.031721000", - "frame.time_delta_displayed": "0.031721000", - "frame.time_relative": "1460.887289000", - "frame.number": "4971", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00009640", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000773f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "64159", - "tcp.ack": "13918", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000fd0f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:eb:9a:a7:a0:8d:f3", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2550682, TSecr 2812317171": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2550682", - "tcp.options.timestamp.tsecr": "2812317171" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4970", - "tcp.analysis.ack_rtt": "0.031721000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:53.049148000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495053.049148000", - "frame.time_delta": "0.701173000", - "frame.time_delta_displayed": "0.701173000", - "frame.time_relative": "1461.588462000", - "frame.number": "4972", - "frame.len": "415", - "frame.cap_len": "415", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "401", - "ip.id": "0x00009641", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000075e1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "349", - "tcp.seq": "64159", - "tcp.nxtseq": "64508", - "tcp.ack": "13918", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f3e2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:eb:e0:a7:a0:8d:f3", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2550752, TSecr 2812317171": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2550752", - "tcp.options.timestamp.tsecr": "2812317171" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "349", - "tcp.analysis.push_bytes_sent": "349" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "344", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:e7:7a:85:0e:6d:c7:ed:fd:b0:4b:20:60:24:c3:9a:78:79:52:6e:29:53:5b:55:50:30:03:1a:f4:c9:5d:7a:4f:6d:c3:14:f9:4c:52:64:2e:3a:3f:a4:fa:9f:a4:2d:b6:2c:46:18:44:3a:9b:e9:9e:ed:1b:e3:0d:6d:73:f2:1f:25:1e:58:2f:cc:98:ed:d6:92:e7:e5:2c:4a:8b:ef:3a:87:8c:47:cc:9f:2f:f4:10:03:20:07:3d:05:f8:ee:b2:c4:6e:9a:0d:62:b1:dc:72:a2:fe:e1:42:8b:3c:28:1d:09:ab:c9:02:e2:14:17:19:00:77:c1:ae:05:85:f2:66:14:a3:be:58:39:b8:fd:c3:d9:a4:9f:f8:ea:75:6a:53:29:66:c4:c0:5e:23:50:db:dd:cb:f4:3e:76:71:b1:86:32:f0:cc:07:c7:79:6e:23:8c:2b:81:e7:f3:56:c8:cd:09:e5:45:fe:5d:19:70:14:25:15:d4:bc:a2:c5:fa:7b:91:c6:54:c0:ed:39:3c:86:b2:1a:d2:3c:75:f8:b7:69:78:b9:4c:74:da:ab:d8:01:09:8b:6f:87:14:c6:b1:52:33:ef:e4:fd:4e:ae:36:97:9d:de:4f:a9:38:f0:6c:71:c5:8a:47:ed:fd:4b:e8:70:af:21:ee:af:6a:12:47:3c:87:c3:07:fc:3c:49:36:91:71:3a:6b:52:69:d3:79:b3:9e:82:26:95:73:f6:b1:a7:60:8a:41:9a:08:48:59:34:b6:db:6d:79:d1:95:ce:38:a6:43:6b:76:22:2e:c4:58:76:47:bb:e2:3a:77:17:34:4a:3e:1c:b7:37:18:de:73:ed:1a:36:5b:cc:c4:7c:94:6d:7d:aa:97:f0:1e:4b:72:06" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:53.082700000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495053.082700000", - "frame.time_delta": "0.033552000", - "frame.time_delta_displayed": "0.033552000", - "frame.time_relative": "1461.622014000", - "frame.number": "4973", - "frame.len": "146", - "frame.cap_len": "146", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "132", - "ip.id": "0x00002d39", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037f6", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "80", - "tcp.seq": "13918", - "tcp.nxtseq": "13998", - "tcp.ack": "64159", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00004d6d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:8e:b3:00:26:eb:9a", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812317363, TSecr 2550682": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812317363", - "tcp.options.timestamp.tsecr": "2550682" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "80", - "tcp.analysis.push_bytes_sent": "80" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "75", - "ssl.app_data": "34:cd:34:17:47:48:0e:9e:57:f8:85:4b:a9:46:d1:b8:21:bf:37:eb:12:78:5e:4c:94:17:4b:2e:e3:e7:e3:84:7b:e4:1f:72:fa:a2:c8:32:24:4e:f1:f9:6d:e9:37:e0:09:2e:14:77:15:cb:c3:31:79:e3:6e:06:b2:03:9e:7f:6b:1c:fe:17:b1:11:fd:f8:ba:8d:d2" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:53.083127000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495053.083127000", - "frame.time_delta": "0.000427000", - "frame.time_delta_displayed": "0.000427000", - "frame.time_relative": "1461.622441000", - "frame.number": "4974", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00009642", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000773d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "64508", - "tcp.ack": "13998", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000fa59", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:eb:e3:a7:a0:8e:b3", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2550755, TSecr 2812317363": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2550755", - "tcp.options.timestamp.tsecr": "2812317363" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4973", - "tcp.analysis.ack_rtt": "0.000427000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:53.110074000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495053.110074000", - "frame.time_delta": "0.026947000", - "frame.time_delta_displayed": "0.026947000", - "frame.time_relative": "1461.649388000", - "frame.number": "4975", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002d3a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003816", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "13998", - "tcp.nxtseq": "14045", - "tcp.ack": "64508", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000fbc5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:8e:b9:00:26:eb:e0", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812317369, TSecr 2550752": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812317369", - "tcp.options.timestamp.tsecr": "2550752" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4972", - "tcp.analysis.ack_rtt": "0.060926000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:9f:de:67:6d:6b:ab:7c:56:e0:d2:6b:00:ba:72:17:0f:3f:fe:c4:43:56:62:ba:52:f2:48:c5:71:a1:04:7a:7a:36:b3:63" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:53.110274000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495053.110274000", - "frame.time_delta": "0.000200000", - "frame.time_delta_displayed": "0.000200000", - "frame.time_relative": "1461.649588000", - "frame.number": "4976", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00009643", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000770d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "64508", - "tcp.nxtseq": "64555", - "tcp.ack": "14045", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000041b5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:eb:e6:a7:a0:8e:b9", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2550758, TSecr 2812317369": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2550758", - "tcp.options.timestamp.tsecr": "2812317369" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4975", - "tcp.analysis.ack_rtt": "0.000200000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:e8:7a:9f:9e:c1:08:6d:cc:58:22:ae:ef:1b:3b:b8:ac:68:19:c2:b5:6c:14:d5:2a:1a:cb:ea:71:de:6a:44:7c:62:fa:2f" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:53.210329000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495053.210329000", - "frame.time_delta": "0.100055000", - "frame.time_delta_displayed": "0.100055000", - "frame.time_relative": "1461.749643000", - "frame.number": "4977", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d3b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003844", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "14045", - "tcp.ack": "64555", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000fac7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:8e:d3:00:26:eb:e6", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812317395, TSecr 2550758": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812317395", - "tcp.options.timestamp.tsecr": "2550758" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4976", - "tcp.analysis.ack_rtt": "0.100055000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:53.234460000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495053.234460000", - "frame.time_delta": "0.024131000", - "frame.time_delta_displayed": "0.024131000", - "frame.time_relative": "1461.773774000", - "frame.number": "4978", - "frame.len": "416", - "frame.cap_len": "416", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "402", - "ip.id": "0x00009644", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000075dd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "350", - "tcp.seq": "64555", - "tcp.nxtseq": "64905", - "tcp.ack": "14045", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000ac00", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:eb:f2:a7:a0:8e:d3", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2550770, TSecr 2812317395": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2550770", - "tcp.options.timestamp.tsecr": "2812317395" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "350", - "tcp.analysis.push_bytes_sent": "350" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "345", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:e9:1d:b0:1d:c1:5d:54:44:4e:93:17:91:2c:56:cd:6f:ef:5f:59:f1:11:86:2c:1d:67:05:cd:ba:65:0b:09:d7:79:28:c6:89:4d:25:8b:d4:80:f6:6d:ce:ca:ad:d3:50:81:33:59:2b:9e:f2:d1:94:b8:97:54:09:4b:d8:6d:c9:21:4a:04:81:44:0d:fc:a5:b0:44:dd:b4:f0:f6:f1:e3:2d:11:8e:19:fb:a5:8d:68:29:cb:94:79:ba:f0:43:7f:1c:22:c3:72:0c:2e:5e:09:f1:5c:a9:a1:34:aa:9b:7e:72:1e:b2:64:20:80:ee:9a:6f:85:39:ee:83:b0:df:0e:f3:03:b1:98:27:99:c7:93:eb:8c:98:a1:3e:42:e7:85:b8:6a:d3:40:7c:38:39:cf:5c:72:b1:19:88:e1:97:14:1a:48:c7:8c:bf:01:44:75:aa:7b:bb:bd:d9:a3:79:74:79:b7:8d:26:68:95:eb:20:54:62:d6:d0:9b:a0:57:6c:91:81:c6:95:54:ae:e9:69:84:07:1d:d9:dc:ea:09:b9:3b:3e:e5:35:b1:8b:34:d6:59:f8:f8:54:cc:97:f4:e3:86:eb:21:cb:b6:3f:bb:c8:ba:85:7d:77:5c:35:53:b9:45:16:47:1a:9a:ea:5f:e0:21:f6:a4:4d:7e:15:11:70:a2:b5:54:8d:e9:2f:ca:c2:9f:29:26:f8:82:80:d4:df:73:64:cc:56:f3:d8:82:58:0b:46:ff:41:06:ea:30:27:ca:4f:c7:5f:8b:b3:12:56:f2:8f:1a:1a:dc:1a:8d:cf:5f:03:1d:61:cd:87:01:4b:8e:12:9a:9e:56:6b:2e:49:06:85:bf:9b:26:47:aa:4d:91:68:1a:ac:9b:76:de:d4:66:de" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:53.294715000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495053.294715000", - "frame.time_delta": "0.060255000", - "frame.time_delta_displayed": "0.060255000", - "frame.time_relative": "1461.834029000", - "frame.number": "4979", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d3c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003843", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "14045", - "tcp.ack": "64905", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f948", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:8e:e8:00:26:eb:f2", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812317416, TSecr 2550770": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812317416", - "tcp.options.timestamp.tsecr": "2550770" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4978", - "tcp.analysis.ack_rtt": "0.060255000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:53.295213000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495053.295213000", - "frame.time_delta": "0.000498000", - "frame.time_delta_displayed": "0.000498000", - "frame.time_relative": "1461.834527000", - "frame.number": "4980", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002d3d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003813", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "14045", - "tcp.nxtseq": "14092", - "tcp.ack": "64905", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000a26c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:8e:e8:00:26:eb:f2", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812317416, TSecr 2550770": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812317416", - "tcp.options.timestamp.tsecr": "2550770" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:a0:48:e3:b2:a0:7d:23:82:79:cf:2f:78:13:1b:c8:f4:de:5f:d8:fa:ba:84:f6:86:4a:a0:07:8c:be:13:dc:a7:80:42:43" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:53.337913000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495053.337913000", - "frame.time_delta": "0.042700000", - "frame.time_delta_displayed": "0.042700000", - "frame.time_relative": "1461.877227000", - "frame.number": "4981", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00009645", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000773a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "64905", - "tcp.ack": "14092", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f81f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:eb:fd:a7:a0:8e:e8", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2550781, TSecr 2812317416": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2550781", - "tcp.options.timestamp.tsecr": "2812317416" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4980", - "tcp.analysis.ack_rtt": "0.042700000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:54.146372000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495054.146372000", - "frame.time_delta": "0.808459000", - "frame.time_delta_displayed": "0.808459000", - "frame.time_relative": "1462.685686000", - "frame.number": "4982", - "frame.len": "134", - "frame.cap_len": "134", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "120", - "ip.id": "0x00009646", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000076f5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "68", - "tcp.seq": "64905", - "tcp.nxtseq": "64973", - "tcp.ack": "14092", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000042fc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:ec:4d:a7:a0:8e:e8", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2550861, TSecr 2812317416": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2550861", - "tcp.options.timestamp.tsecr": "2812317416" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "68", - "tcp.analysis.push_bytes_sent": "68" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "63", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:ea:af:6a:1c:34:3f:d2:3a:f5:b8:a9:a6:2a:06:cd:ac:e3:64:e1:9f:b7:13:2f:99:72:7a:d8:d8:d8:50:45:56:90:c6:c8:95:39:f1:25:1e:4f:8e:ef:c7:a7:a2:77:93:86:de:d4:9b:b8:76:6d:79" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:54.207429000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495054.207429000", - "frame.time_delta": "0.061057000", - "frame.time_delta_displayed": "0.061057000", - "frame.time_relative": "1462.746743000", - "frame.number": "4983", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002d3e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003812", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "14092", - "tcp.nxtseq": "14139", - "tcp.ack": "64973", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000ea77", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:8f:cc:00:26:ec:4d", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812317644, TSecr 2550861": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812317644", - "tcp.options.timestamp.tsecr": "2550861" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4982", - "tcp.analysis.ack_rtt": "0.061057000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:a1:3e:9d:12:c3:7c:75:04:28:ff:2a:c3:f1:5b:e6:0e:84:00:29:b4:b1:46:f0:7f:30:ff:a2:06:56:86:aa:42:1a:dc:bc" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:54.207880000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495054.207880000", - "frame.time_delta": "0.000451000", - "frame.time_delta_displayed": "0.000451000", - "frame.time_relative": "1462.747194000", - "frame.number": "4984", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00009647", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007738", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "64973", - "tcp.ack": "14139", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f671", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:ec:54:a7:a0:8f:cc", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2550868, TSecr 2812317644": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2550868", - "tcp.options.timestamp.tsecr": "2812317644" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4983", - "tcp.analysis.ack_rtt": "0.000451000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:55.083855000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495055.083855000", - "frame.time_delta": "0.875975000", - "frame.time_delta_displayed": "0.875975000", - "frame.time_relative": "1463.623169000", - "frame.number": "4985", - "frame.len": "172", - "frame.cap_len": "172", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "158", - "ip.id": "0x00002d3f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037d6", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "106", - "tcp.seq": "14139", - "tcp.nxtseq": "14245", - "tcp.ack": "64973", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000a0ae", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:90:a7:00:26:ec:54", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812317863, TSecr 2550868": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812317863", - "tcp.options.timestamp.tsecr": "2550868" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "106", - "tcp.analysis.push_bytes_sent": "106" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "101", - "ssl.app_data": "34:cd:34:17:47:48:0e:a2:1d:11:d0:bd:94:86:85:54:3a:32:84:f0:ff:84:6e:95:d7:af:d1:7c:33:91:09:df:f6:84:d0:8e:94:70:59:f9:a2:15:82:f0:b1:80:06:ca:67:9b:85:24:8a:97:84:da:4a:46:05:5e:6e:20:f2:6d:93:ce:8b:0f:8c:9a:81:e5:35:ad:62:f9:57:18:fb:9c:e4:d1:47:ae:3c:c5:72:83:b2:6d:a8:91:db:ac:46:e7:6d:f6:6d:42:fb" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:55.084337000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495055.084337000", - "frame.time_delta": "0.000482000", - "frame.time_delta_displayed": "0.000482000", - "frame.time_relative": "1463.623651000", - "frame.number": "4986", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00009648", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007737", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "64973", - "tcp.ack": "14245", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f4d5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:ec:ab:a7:a0:90:a7", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2550955, TSecr 2812317863": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2550955", - "tcp.options.timestamp.tsecr": "2812317863" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4985", - "tcp.analysis.ack_rtt": "0.000482000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:55.091680000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495055.091680000", - "frame.time_delta": "0.007343000", - "frame.time_delta_displayed": "0.007343000", - "frame.time_relative": "1463.630994000", - "frame.number": "4987", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00009649", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007707", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "64973", - "tcp.nxtseq": "65020", - "tcp.ack": "14245", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00002247", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:ec:ac:a7:a0:90:a7", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2550956, TSecr 2812317863": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2550956", - "tcp.options.timestamp.tsecr": "2812317863" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:eb:7c:5e:16:69:58:2b:ca:80:f8:88:13:4b:3e:05:0d:23:8f:7b:2b:9f:a3:fb:44:e0:63:79:50:63:14:78:f2:9b:ca:8f" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:55.190424000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495055.190424000", - "frame.time_delta": "0.098744000", - "frame.time_delta_displayed": "0.098744000", - "frame.time_relative": "1463.729738000", - "frame.number": "4988", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d40", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000383f", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "14245", - "tcp.ack": "65020", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f579", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:90:c2:00:26:ec:ac", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812317890, TSecr 2550956": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812317890", - "tcp.options.timestamp.tsecr": "2550956" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4987", - "tcp.analysis.ack_rtt": "0.098744000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:56.148058000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495056.148058000", - "frame.time_delta": "0.957634000", - "frame.time_delta_displayed": "0.957634000", - "frame.time_relative": "1464.687372000", - "frame.number": "4989", - "frame.len": "131", - "frame.cap_len": "131", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "117", - "ip.id": "0x0000964a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000076f4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "65", - "tcp.seq": "65020", - "tcp.nxtseq": "65085", - "tcp.ack": "14245", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000080f2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:ed:16:a7:a0:90:c2", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2551062, TSecr 2812317890": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2551062", - "tcp.options.timestamp.tsecr": "2812317890" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "65", - "tcp.analysis.push_bytes_sent": "65" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "60", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:ec:46:7e:52:cc:cd:77:18:7e:88:f6:b0:32:7d:15:a6:77:36:57:bc:21:fc:9b:76:53:6d:8e:c7:fa:bf:44:7d:6d:14:57:a7:2e:a9:99:f0:dd:dd:ad:8e:9f:6a:ac:38:e6:b4:ed:f6:0e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:56.208162000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495056.208162000", - "frame.time_delta": "0.060104000", - "frame.time_delta_displayed": "0.060104000", - "frame.time_relative": "1464.747476000", - "frame.number": "4990", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d41", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000383e", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "14245", - "tcp.ack": "65085", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f3d0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:91:c0:00:26:ed:16", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812318144, TSecr 2551062": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812318144", - "tcp.options.timestamp.tsecr": "2551062" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4989", - "tcp.analysis.ack_rtt": "0.060104000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:56.209047000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495056.209047000", - "frame.time_delta": "0.000885000", - "frame.time_delta_displayed": "0.000885000", - "frame.time_relative": "1464.748361000", - "frame.number": "4991", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002d42", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000380e", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "14245", - "tcp.nxtseq": "14292", - "tcp.ack": "65085", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000655b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:91:c0:00:26:ed:16", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812318144, TSecr 2551062": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812318144", - "tcp.options.timestamp.tsecr": "2551062" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:a3:dd:04:3f:b2:ac:20:49:e6:4e:81:25:82:e8:c1:24:63:34:ef:4e:cf:3c:b8:aa:c4:2e:c7:b2:ed:79:ae:7d:60:a4:94" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:56.247771000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495056.247771000", - "frame.time_delta": "0.038724000", - "frame.time_delta_displayed": "0.038724000", - "frame.time_relative": "1464.787085000", - "frame.number": "4992", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000964b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007734", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "65085", - "tcp.ack": "14292", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f2a8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:ed:20:a7:a0:91:c0", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2551072, TSecr 2812318144": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2551072", - "tcp.options.timestamp.tsecr": "2812318144" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4991", - "tcp.analysis.ack_rtt": "0.038724000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:57.084072000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495057.084072000", - "frame.time_delta": "0.836301000", - "frame.time_delta_displayed": "0.836301000", - "frame.time_relative": "1465.623386000", - "frame.number": "4993", - "frame.len": "137", - "frame.cap_len": "137", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "123", - "ip.id": "0x00002d43", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037f5", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "71", - "tcp.seq": "14292", - "tcp.nxtseq": "14363", - "tcp.ack": "65085", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000aaf0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:92:9b:00:26:ed:20", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812318363, TSecr 2551072": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812318363", - "tcp.options.timestamp.tsecr": "2551072" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "71", - "tcp.analysis.push_bytes_sent": "71" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "66", - "ssl.app_data": "34:cd:34:17:47:48:0e:a4:7e:75:27:f9:1c:f8:af:0c:12:7a:10:89:00:7c:2b:41:b6:71:d8:db:71:06:a8:05:8e:c0:a1:c8:1a:67:8b:32:35:b4:ad:79:b1:0d:7d:b0:5c:1b:f8:14:a3:bb:7f:9f:1f:5b:b7:45:48:ae:93:b4:3e:ef" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:57.084557000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495057.084557000", - "frame.time_delta": "0.000485000", - "frame.time_delta_displayed": "0.000485000", - "frame.time_relative": "1465.623871000", - "frame.number": "4994", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000964c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007733", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "65085", - "tcp.ack": "14363", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f133", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:ed:73:a7:a0:92:9b", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2551155, TSecr 2812318363": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2551155", - "tcp.options.timestamp.tsecr": "2812318363" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4993", - "tcp.analysis.ack_rtt": "0.000485000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:57.088608000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495057.088608000", - "frame.time_delta": "0.004051000", - "frame.time_delta_displayed": "0.004051000", - "frame.time_relative": "1465.627922000", - "frame.number": "4995", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x0000964d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007703", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "65085", - "tcp.nxtseq": "65132", - "tcp.ack": "14363", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000ccef", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:ed:74:a7:a0:92:9b", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2551156, TSecr 2812318363": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2551156", - "tcp.options.timestamp.tsecr": "2812318363" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:ed:36:e3:bc:b1:68:c0:b3:da:20:d9:f0:51:14:75:51:b3:06:3b:09:e7:02:61:9b:a8:cf:67:dc:2a:3c:d6:a9:30:23:ee" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:57.186350000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495057.186350000", - "frame.time_delta": "0.097742000", - "frame.time_delta_displayed": "0.097742000", - "frame.time_relative": "1465.725664000", - "frame.number": "4996", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d44", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000383b", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "14363", - "tcp.ack": "65132", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f1d8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:92:b5:00:26:ed:74", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812318389, TSecr 2551156": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812318389", - "tcp.options.timestamp.tsecr": "2551156" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4995", - "tcp.analysis.ack_rtt": "0.097742000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:57.284543000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495057.284543000", - "frame.time_delta": "0.098193000", - "frame.time_delta_displayed": "0.098193000", - "frame.time_relative": "1465.823857000", - "frame.number": "4997", - "frame.len": "131", - "frame.cap_len": "131", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "117", - "ip.id": "0x00002d45", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037f9", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "65", - "tcp.seq": "14363", - "tcp.nxtseq": "14428", - "tcp.ack": "65132", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00005fc3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:92:cd:00:26:ed:74", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812318413, TSecr 2551156": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812318413", - "tcp.options.timestamp.tsecr": "2551156" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "65", - "tcp.analysis.push_bytes_sent": "65" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "60", - "ssl.app_data": "34:cd:34:17:47:48:0e:a5:1f:b5:76:e6:dc:9f:79:e3:5a:77:e6:a5:a9:e7:01:c4:91:c9:22:37:98:70:95:54:aa:0d:68:d8:3e:29:cc:ee:f1:67:a8:c8:63:d8:2d:c1:48:1d:cc:9c:1d:6c:1f:f8:00:1b:9a:ba" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:57.288454000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495057.288454000", - "frame.time_delta": "0.003911000", - "frame.time_delta_displayed": "0.003911000", - "frame.time_relative": "1465.827768000", - "frame.number": "4998", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x0000964e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007702", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "65132", - "tcp.nxtseq": "65179", - "tcp.ack": "14428", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000a5c6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:ed:88:a7:a0:92:cd", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2551176, TSecr 2812318413": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2551176", - "tcp.options.timestamp.tsecr": "2812318413" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4997", - "tcp.analysis.ack_rtt": "0.003911000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:ee:e5:18:83:fd:dd:ae:04:b2:48:72:6f:4b:1b:6c:da:44:68:5e:0c:f2:68:7d:d8:4e:91:35:96:ee:93:f1:03:13:f0:30" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:57.348698000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495057.348698000", - "frame.time_delta": "0.060244000", - "frame.time_delta_displayed": "0.060244000", - "frame.time_relative": "1465.888012000", - "frame.number": "4999", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d46", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003839", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "14428", - "tcp.ack": "65179", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f12c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:92:dd:00:26:ed:88", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812318429, TSecr 2551176": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812318429", - "tcp.options.timestamp.tsecr": "2551176" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "4998", - "tcp.analysis.ack_rtt": "0.060244000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:58.178058000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495058.178058000", - "frame.time_delta": "0.829360000", - "frame.time_delta_displayed": "0.829360000", - "frame.time_relative": "1466.717372000", - "frame.number": "5000", - "frame.len": "130", - "frame.cap_len": "130", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "116", - "ip.id": "0x0000964f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000076f0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "64", - "tcp.seq": "65179", - "tcp.nxtseq": "65243", - "tcp.ack": "14428", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000643e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:ed:e1:a7:a0:92:dd", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2551265, TSecr 2812318429": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2551265", - "tcp.options.timestamp.tsecr": "2812318429" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "64", - "tcp.analysis.push_bytes_sent": "64" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "59", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:ef:4c:d1:3c:5a:91:fa:de:1f:f5:a6:74:6b:21:b4:c7:eb:d0:ea:6e:50:fc:99:6f:28:c4:72:63:38:ee:0e:48:a9:33:8c:47:ef:fa:5d:69:59:8b:d2:1f:78:a1:b4:c4:14:fe:e9:f8" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:58.238310000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495058.238310000", - "frame.time_delta": "0.060252000", - "frame.time_delta_displayed": "0.060252000", - "frame.time_relative": "1466.777624000", - "frame.number": "5001", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d47", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003838", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "14428", - "tcp.ack": "65243", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000efb5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:93:bb:00:26:ed:e1", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812318651, TSecr 2551265": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812318651", - "tcp.options.timestamp.tsecr": "2551265" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5000", - "tcp.analysis.ack_rtt": "0.060252000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:58.238767000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495058.238767000", - "frame.time_delta": "0.000457000", - "frame.time_delta_displayed": "0.000457000", - "frame.time_relative": "1466.778081000", - "frame.number": "5002", - "frame.len": "409", - "frame.cap_len": "409", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "395", - "ip.id": "0x00009650", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000075d8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "343", - "tcp.seq": "65243", - "tcp.nxtseq": "65586", - "tcp.ack": "14428", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00001d0b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:ed:e7:a7:a0:93:bb", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2551271, TSecr 2812318651": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2551271", - "tcp.options.timestamp.tsecr": "2812318651" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "343", - "tcp.analysis.push_bytes_sent": "343" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "338", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:f0:31:09:1a:bd:d2:0a:36:0a:e4:33:eb:e6:d0:ca:e2:a6:b8:ff:28:92:59:05:5a:7b:32:eb:f6:e2:3a:49:ff:95:9c:c4:7a:d8:b0:7e:cc:7b:99:76:fb:5b:e3:0b:a7:85:51:c4:48:36:fd:0c:bd:05:e0:2a:77:97:91:40:fa:e6:a8:80:97:e5:ac:ab:21:f5:f4:11:fa:4d:22:de:e5:12:6b:b3:c3:24:11:f6:3f:fe:53:73:1a:c7:a8:49:10:6a:28:fe:d3:c9:e6:cb:66:ea:73:22:6a:c9:21:af:36:03:1e:05:d3:2c:52:c3:38:e5:56:61:b2:4b:f4:61:bc:98:eb:d3:74:b9:8c:39:f2:ee:6a:ea:f7:62:54:b4:b4:93:ef:a1:6c:4c:65:71:9a:dd:c9:a7:3f:a0:08:2b:6d:68:66:5c:a3:77:9d:ac:53:8a:e4:22:f1:d2:e7:8a:4e:4e:f2:01:2b:9e:6f:96:20:7c:d3:20:b0:de:da:f8:44:fa:52:b2:6c:89:eb:c1:3c:e7:9b:99:13:11:16:31:f1:ab:e1:b5:9e:03:d6:d3:6c:f0:8a:ff:5d:9b:94:6a:74:b7:b4:61:8b:7e:83:b3:46:cf:15:a6:0e:63:a8:65:6c:d4:6c:4c:68:be:9e:cb:36:4f:50:91:b1:bc:d5:7b:bf:8c:2c:0e:15:e4:dc:0d:11:69:e9:ce:6f:d8:38:7d:79:df:5e:86:d6:5c:8c:e9:d2:a3:2f:b0:64:8f:3e:ef:2e:7f:03:f6:e5:f9:01:87:e0:4e:b6:40:2d:cd:1e:b9:e9:db:a3:a0:7b:f8:58:86:78:fa:3c:d7:98:da:1a:02:68:de:18:e5:1e:d9:7a:51:a1:83:96:0a" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:58.239081000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495058.239081000", - "frame.time_delta": "0.000314000", - "frame.time_delta_displayed": "0.000314000", - "frame.time_relative": "1466.778395000", - "frame.number": "5003", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002d48", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003808", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "14428", - "tcp.nxtseq": "14475", - "tcp.ack": "65243", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000002b1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:93:bc:00:26:ed:e1", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812318652, TSecr 2551265": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812318652", - "tcp.options.timestamp.tsecr": "2551265" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:a6:7f:c9:aa:4e:92:0d:c3:7a:90:72:48:e6:9d:1c:26:4f:24:a3:db:57:05:d9:ce:e7:3b:2b:f7:16:e5:7c:93:c6:6e:2f" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:58.277713000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495058.277713000", - "frame.time_delta": "0.038632000", - "frame.time_delta_displayed": "0.038632000", - "frame.time_relative": "1466.817027000", - "frame.number": "5004", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00009651", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000772e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "65586", - "tcp.ack": "14475", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000ed35", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:ed:eb:a7:a0:93:bc", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2551275, TSecr 2812318652": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2551275", - "tcp.options.timestamp.tsecr": "2812318652" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5003", - "tcp.analysis.ack_rtt": "0.038632000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:58.299544000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495058.299544000", - "frame.time_delta": "0.021831000", - "frame.time_delta_displayed": "0.021831000", - "frame.time_relative": "1466.838858000", - "frame.number": "5005", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002d49", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003807", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "14475", - "tcp.nxtseq": "14522", - "tcp.ack": "65586", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00005d43", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:93:cb:00:26:ed:e7", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812318667, TSecr 2551271": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812318667", - "tcp.options.timestamp.tsecr": "2551271" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5002", - "tcp.analysis.ack_rtt": "0.060777000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:a7:68:23:93:7c:f8:f0:e4:80:9b:66:88:1f:22:68:bf:8c:08:a2:e7:75:76:a5:d5:90:bc:2f:df:af:16:28:02:53:0e:43" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:10:58.300042000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495058.300042000", - "frame.time_delta": "0.000498000", - "frame.time_delta_displayed": "0.000498000", - "frame.time_relative": "1466.839356000", - "frame.number": "5006", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00009652", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000772d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "65586", - "tcp.ack": "14522", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000ecf5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:ed:ed:a7:a0:93:cb", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2551277, TSecr 2812318667": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2551277", - "tcp.options.timestamp.tsecr": "2812318667" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5005", - "tcp.analysis.ack_rtt": "0.000498000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:04.799253000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495064.799253000", - "frame.time_delta": "6.499211000", - "frame.time_delta_displayed": "6.499211000", - "frame.time_relative": "1473.338567000", - "frame.number": "5007", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005813", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a67e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "4997", - "tcp.ack": "541", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f11e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive": "", - "_ws.expert.message": "TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:04.942596000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495064.942596000", - "frame.time_delta": "0.143343000", - "frame.time_delta_displayed": "0.143343000", - "frame.time_relative": "1473.481910000", - "frame.number": "5008", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000ffb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fd96", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "541", - "tcp.ack": "4998", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000fb93", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive_ack": "", - "_ws.expert.message": "ACK to a TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:06.043235000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495066.043235000", - "frame.time_delta": "1.100639000", - "frame.time_delta_displayed": "1.100639000", - "frame.time_relative": "1474.582549000", - "frame.number": "5009", - "frame.len": "318", - "frame.cap_len": "318", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:data-text-lines" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "304", - "ip.id": "0x00003b09", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "46", - "ip.proto": "6", - "ip.checksum": "0x000058c0", - "ip.checksum.status": "2", - "ip.src": "54.241.191.237", - "ip.addr": "54.241.191.237", - "ip.src_host": "54.241.191.237", - "ip.host": "54.241.191.237", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.src_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.src_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.src_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49775", - "tcp.port": "80", - "tcp.port": "49775", - "tcp.stream": "170", - "tcp.len": "264", - "tcp.seq": "1", - "tcp.nxtseq": "265", - "tcp.ack": "258", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "30016", - "tcp.window_size": "30016", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x000095bd", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.018629000", - "tcp.analysis.bytes_in_flight": "264", - "tcp.analysis.push_bytes_sent": "264" - } - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.date": "Wed, 01 Nov 2017 00:11:06 GMT", - "http.response.line": "Date: Wed, 01 Nov 2017 00:11:06 GMT\r\n", - "http.content_type": "text\/javascript; charset=\"UTF-8\"", - "http.response.line": "Content-Type: text\/javascript; charset=\"UTF-8\"\r\n", - "http.content_length_header": "24", - "http.content_length_header_tree": { - "http.content_length": "24" - }, - "http.response.line": "Content-Length: 24\r\n", - "http.connection": "keep-alive", - "http.response.line": "Connection: keep-alive\r\n", - "http.cache_control": "no-cache", - "http.response.line": "Cache-Control: no-cache\r\n", - "http.response.line": "Access-Control-Allow-Origin: *\r\n", - "http.response.line": "Access-Control-Allow-Methods: GET\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "280.037377000", - "http.request_in": "4380", - "http.file_data": "[[],\"15094945528362978\"]" - }, - "data-text-lines": { - "[[],\"15094945528362978\"]": "" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:06.075695000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495066.075695000", - "frame.time_delta": "0.032460000", - "frame.time_delta_displayed": "0.032460000", - "frame.time_relative": "1474.615009000", - "frame.number": "5010", - "frame.len": "345", - "frame.cap_len": "345", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "331", - "ip.id": "0x00002d4a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000371e", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "279", - "tcp.seq": "14522", - "tcp.nxtseq": "14801", - "tcp.ack": "65586", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000faa6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:9b:63:00:26:ed:ed", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812320611, TSecr 2551277": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812320611", - "tcp.options.timestamp.tsecr": "2551277" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "279", - "tcp.analysis.push_bytes_sent": "279" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "274", - "ssl.app_data": "34:cd:34:17:47:48:0e:a8:94:7c:05:80:91:8a:ef:0d:76:3e:df:d9:c7:37:5f:30:b9:8d:aa:39:0a:e0:8f:a1:6a:0c:92:9e:55:00:eb:5b:a5:a8:5a:c5:ea:86:dc:67:03:be:6a:1c:3e:59:78:33:bd:d7:cc:b7:a3:75:60:ba:1d:c0:fb:a1:d8:e4:4f:08:5e:ee:7d:04:dd:79:8b:b9:15:fb:bd:ab:d5:ec:f2:a4:41:e2:01:3c:38:1c:80:8c:26:1e:49:ed:fa:5b:0e:01:9c:e7:f0:61:db:07:d6:4f:c1:40:f6:12:96:a6:54:3f:c9:64:89:66:00:e4:00:17:d0:a5:d6:89:1a:82:54:fc:1c:6f:35:99:81:4d:6f:c0:9a:8a:21:ea:f9:3c:c8:35:cd:85:bb:7d:a2:7d:22:fa:51:c7:8f:08:3d:5c:89:73:f2:c8:ff:6b:4d:f3:c4:40:cd:ec:97:4f:0a:ac:4b:44:eb:6d:94:e4:b5:21:09:20:68:af:7f:2d:80:57:a1:c0:4e:1c:3b:10:61:f8:04:75:8c:e0:8c:9c:08:bb:e7:a1:49:7d:9a:da:34:18:2a:df:36:9d:6b:be:7b:5a:4c:c2:39:fc:e2:de:60:8c:1e:99:de:ea:57:e4:0b:53:f0:70:0e:cc:1e:47:0b:0d:fd:bd:8b:9b:6c:ab:e3:05:f7:0c:ac:ab:aa:d4:39:52:2c:b0:9a:11" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:06.076244000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495066.076244000", - "frame.time_delta": "0.000549000", - "frame.time_delta_displayed": "0.000549000", - "frame.time_relative": "1474.615558000", - "frame.number": "5011", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00009653", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000772c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "65586", - "tcp.ack": "14801", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000e13d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:f0:f6:a7:a0:9b:63", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2552054, TSecr 2812320611": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2552054", - "tcp.options.timestamp.tsecr": "2812320611" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5010", - "tcp.analysis.ack_rtt": "0.000549000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:06.076935000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495066.076935000", - "frame.time_delta": "0.000691000", - "frame.time_delta_displayed": "0.000691000", - "frame.time_relative": "1474.616249000", - "frame.number": "5012", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000104a", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x0000f386", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.241.191.237", - "ip.addr": "54.241.191.237", - "ip.dst_host": "54.241.191.237", - "ip.host": "54.241.191.237", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49775", - "tcp.dstport": "80", - "tcp.port": "49775", - "tcp.port": "80", - "tcp.stream": "170", - "tcp.len": "0", - "tcp.seq": "258", - "tcp.ack": "265", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "5336", - "tcp.window_size": "5336", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000e03f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5009", - "tcp.analysis.ack_rtt": "0.033700000", - "tcp.analysis.initial_rtt": "0.018629000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:06.089573000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495066.089573000", - "frame.time_delta": "0.012638000", - "frame.time_delta_displayed": "0.012638000", - "frame.time_relative": "1474.628887000", - "frame.number": "5013", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00003b0a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "46", - "ip.proto": "6", - "ip.checksum": "0x000059c7", - "ip.checksum.status": "2", - "ip.src": "54.241.191.237", - "ip.addr": "54.241.191.237", - "ip.src_host": "54.241.191.237", - "ip.host": "54.241.191.237", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.src_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.src_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.src_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49775", - "tcp.port": "80", - "tcp.port": "49775", - "tcp.stream": "170", - "tcp.len": "0", - "tcp.seq": "265", - "tcp.ack": "259", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "30016", - "tcp.window_size": "30016", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00007fd6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5012", - "tcp.analysis.ack_rtt": "0.012638000", - "tcp.analysis.initial_rtt": "0.018629000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:06.092836000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495066.092836000", - "frame.time_delta": "0.003263000", - "frame.time_delta_displayed": "0.003263000", - "frame.time_relative": "1474.632150000", - "frame.number": "5014", - "frame.len": "119", - "frame.cap_len": "119", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "105", - "ip.id": "0x00009654", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000076f6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "53", - "tcp.seq": "65586", - "tcp.nxtseq": "65639", - "tcp.ack": "14801", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00007108", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:f0:f8:a7:a0:9b:63", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2552056, TSecr 2812320611": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2552056", - "tcp.options.timestamp.tsecr": "2812320611" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "53", - "tcp.analysis.push_bytes_sent": "53" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "48", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:f1:85:7c:c6:ae:c8:44:8f:61:fe:d5:40:fb:5a:cf:96:3a:dd:fe:70:8e:98:a3:8c:f0:37:07:ee:88:51:da:e7:dc:e1:46:f4:3d:58:66:ff:77" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:06.094889000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495066.094889000", - "frame.time_delta": "0.002053000", - "frame.time_delta_displayed": "0.002053000", - "frame.time_relative": "1474.634203000", - "frame.number": "5015", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000104b", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x0000f385", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.241.191.237", - "ip.addr": "54.241.191.237", - "ip.dst_host": "54.241.191.237", - "ip.host": "54.241.191.237", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49775", - "tcp.dstport": "80", - "tcp.port": "49775", - "tcp.port": "80", - "tcp.stream": "170", - "tcp.len": "0", - "tcp.seq": "259", - "tcp.ack": "266", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5335", - "tcp.window_size": "5335", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000e03f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5013", - "tcp.analysis.ack_rtt": "0.005316000", - "tcp.analysis.initial_rtt": "0.018629000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:06.190625000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495066.190625000", - "frame.time_delta": "0.095736000", - "frame.time_delta_displayed": "0.095736000", - "frame.time_relative": "1474.729939000", - "frame.number": "5016", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d4b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003834", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "14801", - "tcp.ack": "65639", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000e1d8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:9b:80:00:26:f0:f8", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812320640, TSecr 2552056": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812320640", - "tcp.options.timestamp.tsecr": "2552056" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5014", - "tcp.analysis.ack_rtt": "0.097789000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:06.191163000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495066.191163000", - "frame.time_delta": "0.000538000", - "frame.time_delta_displayed": "0.000538000", - "frame.time_relative": "1474.730477000", - "frame.number": "5017", - "frame.len": "726", - "frame.cap_len": "726", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "712", - "ip.id": "0x00009655", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007496", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "660", - "tcp.seq": "65639", - "tcp.nxtseq": "66299", - "tcp.ack": "14801", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000564b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:f1:02:a7:a0:9b:80", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2552066, TSecr 2812320640": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2552066", - "tcp.options.timestamp.tsecr": "2812320640" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "660", - "tcp.analysis.push_bytes_sent": "660" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:f2:25:62:59:9c:df:ab:21:11:ce:51:9d:8d:7f:e7:1b:ba:c9:63:3e:f2:09:cc:b4:14:b0:7b:e5:2f:90:1d:d9:51:34:24:35:1e:71:6c:a3:01:d8" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "96", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:f3:84:49:0f:8e:81:aa:19:bd:49:bb:28:1f:f9:c4:98:d3:4f:aa:d9:a8:d4:3e:9b:a8:39:f5:76:0c:11:10:22:0b:30:bd:e2:44:a6:a0:66:b4:1f:21:2c:fa:f4:b6:eb:06:02:2e:c6:6c:0f:86:5f:d9:36:22:f3:d0:2c:c0:ba:d9:53:e7:78:a7:5d:ee:f2:8c:f9:58:2e:3b:84:d8:c1:61:db:22:e0:08:bc:77:3f:5e" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "500", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:f4:82:0f:73:c2:2f:c8:a4:ae:42:f2:f6:ed:2e:06:e3:d8:5c:58:4e:d8:b4:14:bf:22:82:0c:3d:e9:c2:84:fc:1b:84:63:c1:53:21:4c:b6:7b:fb:92:b2:8f:e9:9f:2a:3a:a4:42:0d:f5:11:ad:88:ef:cf:61:ae:c4:a1:53:9d:4d:92:1f:0b:f1:d4:7d:04:b6:b4:55:eb:4e:0f:09:fc:a4:21:e2:7a:b4:f7:c7:0f:e8:bf:78:17:e4:15:57:e5:3b:58:cf:66:7b:4b:85:75:72:10:b5:3b:9d:aa:8c:9d:73:f3:e7:7a:66:d1:24:64:a5:c9:30:b3:1d:5d:29:0e:a6:3e:87:1a:63:a3:2f:e0:9c:94:56:51:97:33:98:9d:80:38:ea:3c:04:ae:9b:45:09:fa:55:c0:88:3b:50:8e:42:d1:6a:a3:00:25:9f:93:ce:5e:e9:ec:a2:e8:19:2d:39:fb:f0:35:4e:73:4c:f8:13:91:e9:75:8e:4e:91:87:48:09:1b:52:a9:e0:e4:59:fb:c3:e9:82:3d:6f:70:9b:5b:78:f1:91:dc:62:e5:b5:9b:2e:f3:3a:18:3b:c9:0d:3b:94:4c:3c:d3:7a:6c:a2:37:ba:41:94:85:e8:8b:9d:eb:47:4e:aa:11:67:03:98:60:9d:55:c8:ad:fc:e3:96:ec:f1:23:6b:3b:9a:95:f6:ba:20:b0:5f:be:d3:14:4e:36:0f:60:a1:43:9e:02:f1:d4:74:1c:75:19:17:06:a8:0b:48:c2:47:1b:d0:6f:30:4f:8f:f4:d8:7a:8c:44:c7:43:b7:5d:dd:0a:37:95:0d:e8:ed:1c:42:55:1b:3f:34:ab:4e:14:1a:c5:66:d0:5c:c2:f3:a3:d6:08:4d:77:e0:94:fc:2b:f0:ef:05:fc:82:37:6e:2b:cd:44:c1:03:c4:c7:2d:2e:27:8a:4c:e7:5d:e6:38:7c:30:ff:33:be:d7:3e:10:26:10:e7:a6:dd:2f:e3:31:f4:bd:e1:ec:5a:b2:bd:ba:01:16:db:a8:8b:91:34:98:3e:1d:10:92:a4:0a:36:c1:bc:0e:8a:04:8e:ed:95:15:b5:b5:61:92:0e:31:94:fc:c1:c3:88:74:ca:9e:83:2b:6e:87:5f:8f:73:e5:90:80:a5:86:d6:ba:60:5d:b0:ad:f9:95:58:00:36:85:da:bc:99:15:4b:8d:b7:ae:08:7b:f9:0a:69:63:24:e8:54:7a:46:c4:4c:df:5b:90:06:15:33:92:fd:c8:1f:a8:fa:3d:be:0e:98:62:c7:da:ef:30:af:36:e6" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:06.251719000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495066.251719000", - "frame.time_delta": "0.060556000", - "frame.time_delta_displayed": "0.060556000", - "frame.time_relative": "1474.791033000", - "frame.number": "5018", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d4c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003833", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "14801", - "tcp.ack": "66299", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000df2b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:9b:8f:00:26:f1:02", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812320655, TSecr 2552066": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812320655", - "tcp.options.timestamp.tsecr": "2552066" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5017", - "tcp.analysis.ack_rtt": "0.060556000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:06.481910000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495066.481910000", - "frame.time_delta": "0.230191000", - "frame.time_delta_displayed": "0.230191000", - "frame.time_relative": "1475.021224000", - "frame.number": "5019", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "106", - "ip.id": "0x00009656", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000076f3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "54", - "tcp.seq": "66299", - "tcp.nxtseq": "66353", - "tcp.ack": "14801", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000a626", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:f1:1f:a7:a0:9b:8f", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2552095, TSecr 2812320655": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2552095", - "tcp.options.timestamp.tsecr": "2812320655" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "54", - "tcp.analysis.push_bytes_sent": "54" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:f5:a7:bd:1d:de:be:6b:8f:d2:bd:31:d6:34:45:12:af:15:01:e6:4e:32:45:7c:84:3a:75:2b:5a:ed:dc:b2:22:7c:fc:15:eb:b7:44:97:9b:56:4e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:06.542036000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495066.542036000", - "frame.time_delta": "0.060126000", - "frame.time_delta_displayed": "0.060126000", - "frame.time_relative": "1475.081350000", - "frame.number": "5020", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d4d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003832", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "14801", - "tcp.ack": "66353", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000de90", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:9b:d7:00:26:f1:1f", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812320727, TSecr 2552095": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812320727", - "tcp.options.timestamp.tsecr": "2552095" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5019", - "tcp.analysis.ack_rtt": "0.060126000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:06.633456000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495066.633456000", - "frame.time_delta": "0.091420000", - "frame.time_delta_displayed": "0.091420000", - "frame.time_relative": "1475.172770000", - "frame.number": "5021", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005dac", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x00005a3d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:07.084030000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495067.084030000", - "frame.time_delta": "0.450574000", - "frame.time_delta_displayed": "0.450574000", - "frame.time_relative": "1475.623344000", - "frame.number": "5022", - "frame.len": "77", - "frame.cap_len": "77", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "63", - "ip.id": "0x0000104c", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00002998", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "49153", - "udp.dstport": "53", - "udp.port": "49153", - "udp.port": "53", - "udp.length": "43", - "udp.checksum": "0x0000ae31", - "udp.checksum.status": "2", - "udp.stream": "14" - }, - "dns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "pubsub.pubnub.com: type A, class IN": { - "dns.qry.name": "pubsub.pubnub.com", - "dns.qry.name.len": "17", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:07.085855000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495067.085855000", - "frame.time_delta": "0.001825000", - "frame.time_delta_displayed": "0.001825000", - "frame.time_relative": "1475.625169000", - "frame.number": "5023", - "frame.len": "540", - "frame.cap_len": "540", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "526", - "ip.id": "0x0000d828", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000deec", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "49153", - "udp.port": "53", - "udp.port": "49153", - "udp.length": "506", - "udp.checksum": "0x000083d5", - "udp.checksum.status": "2", - "udp.stream": "14" - }, - "dns": { - "dns.response_to": "5022", - "dns.time": "0.001825000", - "dns.id": "0x00000000", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "2", - "dns.count.auth_rr": "8", - "dns.count.add_rr": "11", - "Queries": { - "pubsub.pubnub.com: type A, class IN": { - "dns.qry.name": "pubsub.pubnub.com", - "dns.qry.name.len": "17", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "pubsub.pubnub.com: type A, class IN, addr 54.219.189.240": { - "dns.resp.name": "pubsub.pubnub.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "86", - "dns.resp.len": "4", - "dns.a": "54.219.189.240" - }, - "pubsub.pubnub.com: type A, class IN, addr 54.241.191.232": { - "dns.resp.name": "pubsub.pubnub.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "86", - "dns.resp.len": "4", - "dns.a": "54.241.191.232" - } - }, - "Authoritative nameservers": { - "pubnub.com: type NS, class IN, ns ns-1979.awsdns-55.co.uk": { - "dns.resp.name": "pubnub.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "52492", - "dns.resp.len": "25", - "dns.ns": "ns-1979.awsdns-55.co.uk" - }, - "pubnub.com: type NS, class IN, ns ns3.p19.dynect.net": { - "dns.resp.name": "pubnub.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "52492", - "dns.resp.len": "20", - "dns.ns": "ns3.p19.dynect.net" - }, - "pubnub.com: type NS, class IN, ns ns-1127.awsdns-12.org": { - "dns.resp.name": "pubnub.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "52492", - "dns.resp.len": "23", - "dns.ns": "ns-1127.awsdns-12.org" - }, - "pubnub.com: type NS, class IN, ns ns4.p19.dynect.net": { - "dns.resp.name": "pubnub.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "52492", - "dns.resp.len": "6", - "dns.ns": "ns4.p19.dynect.net" - }, - "pubnub.com: type NS, class IN, ns ns2.p19.dynect.net": { - "dns.resp.name": "pubnub.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "52492", - "dns.resp.len": "6", - "dns.ns": "ns2.p19.dynect.net" - }, - "pubnub.com: type NS, class IN, ns ns1.p19.dynect.net": { - "dns.resp.name": "pubnub.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "52492", - "dns.resp.len": "6", - "dns.ns": "ns1.p19.dynect.net" - }, - "pubnub.com: type NS, class IN, ns ns-22.awsdns-02.com": { - "dns.resp.name": "pubnub.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "52492", - "dns.resp.len": "18", - "dns.ns": "ns-22.awsdns-02.com" - }, - "pubnub.com: type NS, class IN, ns ns-907.awsdns-49.net": { - "dns.resp.name": "pubnub.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "52492", - "dns.resp.len": "19", - "dns.ns": "ns-907.awsdns-49.net" - } - }, - "Additional records": { - "ns1.p19.dynect.net: type A, class IN, addr 208.78.70.19": { - "dns.resp.name": "ns1.p19.dynect.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "4783", - "dns.resp.len": "4", - "dns.a": "208.78.70.19" - }, - "ns2.p19.dynect.net: type A, class IN, addr 204.13.250.19": { - "dns.resp.name": "ns2.p19.dynect.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "56743", - "dns.resp.len": "4", - "dns.a": "204.13.250.19" - }, - "ns3.p19.dynect.net: type A, class IN, addr 208.78.71.19": { - "dns.resp.name": "ns3.p19.dynect.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3053", - "dns.resp.len": "4", - "dns.a": "208.78.71.19" - }, - "ns4.p19.dynect.net: type A, class IN, addr 204.13.251.19": { - "dns.resp.name": "ns4.p19.dynect.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "56744", - "dns.resp.len": "4", - "dns.a": "204.13.251.19" - }, - "ns-22.awsdns-02.com: type A, class IN, addr 205.251.192.22": { - "dns.resp.name": "ns-22.awsdns-02.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "57485", - "dns.resp.len": "4", - "dns.a": "205.251.192.22" - }, - "ns-907.awsdns-49.net: type A, class IN, addr 205.251.195.139": { - "dns.resp.name": "ns-907.awsdns-49.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "57593", - "dns.resp.len": "4", - "dns.a": "205.251.195.139" - }, - "ns-1127.awsdns-12.org: type A, class IN, addr 205.251.196.103": { - "dns.resp.name": "ns-1127.awsdns-12.org", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "57135", - "dns.resp.len": "4", - "dns.a": "205.251.196.103" - }, - "ns-1979.awsdns-55.co.uk: type A, class IN, addr 205.251.199.187": { - "dns.resp.name": "ns-1979.awsdns-55.co.uk", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "56936", - "dns.resp.len": "4", - "dns.a": "205.251.199.187" - }, - "ns1.p19.dynect.net: type AAAA, class IN, addr 2001:500:90:1::19": { - "dns.resp.name": "ns1.p19.dynect.net", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "257", - "dns.resp.len": "16", - "dns.aaaa": "2001:500:90:1::19" - }, - "ns3.p19.dynect.net: type AAAA, class IN, addr 2001:500:94:1::19": { - "dns.resp.name": "ns3.p19.dynect.net", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "257", - "dns.resp.len": "16", - "dns.aaaa": "2001:500:94:1::19" - }, - "ns-22.awsdns-02.com: type AAAA, class IN, addr 2600:9000:5300:1600::1": { - "dns.resp.name": "ns-22.awsdns-02.com", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "57485", - "dns.resp.len": "16", - "dns.aaaa": "2600:9000:5300:1600::1" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:07.092792000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495067.092792000", - "frame.time_delta": "0.006937000", - "frame.time_delta_displayed": "0.006937000", - "frame.time_relative": "1475.632106000", - "frame.number": "5024", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "44", - "ip.id": "0x0000104d", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x0000f592", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.219.189.240", - "ip.addr": "54.219.189.240", - "ip.dst_host": "54.219.189.240", - "ip.host": "54.219.189.240", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49776", - "tcp.dstport": "80", - "tcp.port": "49776", - "tcp.port": "80", - "tcp.stream": "183", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "24", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "5600", - "tcp.window_size": "5600", - "tcp.checksum": "0x00008a6f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:78", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1400" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:07.105499000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495067.105499000", - "frame.time_delta": "0.012707000", - "frame.time_delta_displayed": "0.012707000", - "frame.time_relative": "1475.644813000", - "frame.number": "5025", - "frame.len": "58", - "frame.cap_len": "58", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "44", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "47", - "ip.proto": "6", - "ip.checksum": "0x000095e0", - "ip.checksum.status": "2", - "ip.src": "54.219.189.240", - "ip.addr": "54.219.189.240", - "ip.src_host": "54.219.189.240", - "ip.host": "54.219.189.240", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.src_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.src_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.src_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49776", - "tcp.port": "80", - "tcp.port": "49776", - "tcp.stream": "183", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "24", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "14600", - "tcp.window_size": "14600", - "tcp.checksum": "0x0000f773", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5024", - "tcp.analysis.ack_rtt": "0.012707000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:07.110697000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495067.110697000", - "frame.time_delta": "0.005198000", - "frame.time_delta_displayed": "0.005198000", - "frame.time_relative": "1475.650011000", - "frame.number": "5026", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000104e", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x0000f595", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.219.189.240", - "ip.addr": "54.219.189.240", - "ip.dst_host": "54.219.189.240", - "ip.host": "54.219.189.240", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49776", - "tcp.dstport": "80", - "tcp.port": "49776", - "tcp.port": "80", - "tcp.stream": "183", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5600", - "tcp.window_size": "5600", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00003259", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5025", - "tcp.analysis.ack_rtt": "0.005198000", - "tcp.analysis.initial_rtt": "0.017905000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:07.129932000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495067.129932000", - "frame.time_delta": "0.019235000", - "frame.time_delta_displayed": "0.019235000", - "frame.time_relative": "1475.669246000", - "frame.number": "5027", - "frame.len": "69", - "frame.cap_len": "69", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "55", - "ip.id": "0x0000104f", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x0000f585", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.219.189.240", - "ip.addr": "54.219.189.240", - "ip.dst_host": "54.219.189.240", - "ip.host": "54.219.189.240", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49776", - "tcp.dstport": "80", - "tcp.port": "49776", - "tcp.port": "80", - "tcp.stream": "183", - "tcp.len": "15", - "tcp.seq": "1", - "tcp.nxtseq": "16", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5600", - "tcp.window_size": "5600", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00007ad4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.017905000", - "tcp.analysis.bytes_in_flight": "15", - "tcp.analysis.push_bytes_sent": "15" - }, - "tcp.segment_data": "47:45:54:20:2f:73:75:62:73:63:72:69:62:65:2f" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:07.142381000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495067.142381000", - "frame.time_delta": "0.012449000", - "frame.time_delta_displayed": "0.012449000", - "frame.time_relative": "1475.681695000", - "frame.number": "5028", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00006429", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "47", - "ip.proto": "6", - "ip.checksum": "0x000031bb", - "ip.checksum.status": "2", - "ip.src": "54.219.189.240", - "ip.addr": "54.219.189.240", - "ip.src_host": "54.219.189.240", - "ip.host": "54.219.189.240", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.src_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.src_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.src_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49776", - "tcp.port": "80", - "tcp.port": "49776", - "tcp.stream": "183", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "16", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "14600", - "tcp.window_size": "14600", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00000f22", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5027", - "tcp.analysis.ack_rtt": "0.012449000", - "tcp.analysis.initial_rtt": "0.017905000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:07.147511000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495067.147511000", - "frame.time_delta": "0.005130000", - "frame.time_delta_displayed": "0.005130000", - "frame.time_relative": "1475.686825000", - "frame.number": "5029", - "frame.len": "296", - "frame.cap_len": "296", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "282", - "ip.id": "0x00001050", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x0000f4a1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.219.189.240", - "ip.addr": "54.219.189.240", - "ip.dst_host": "54.219.189.240", - "ip.host": "54.219.189.240", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49776", - "tcp.dstport": "80", - "tcp.port": "49776", - "tcp.port": "80", - "tcp.stream": "183", - "tcp.len": "242", - "tcp.seq": "16", - "tcp.nxtseq": "258", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5600", - "tcp.window_size": "5600", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000b167", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.017905000", - "tcp.analysis.bytes_in_flight": "242", - "tcp.analysis.push_bytes_sent": "242" - }, - "tcp.segment_data": "73:75:62:2d:63:2d:62:35:62:35:65:61:61:65:2d:38:63:64:39:2d:31:31:65:33:2d:61:35:36:62:2d:30:32:65:65:32:64:64:61:62:37:66:65:2f:63:68:61:6e:6e:65:6c:5f:39:62:63:34:31:61:63:34:2d:37:39:61:36:2d:34:35:65:31:2d:39:37:64:32:2d:34:62:30:65:31:64:62:65:35:39:32:33:2f:30:2f:31:35:30:39:34:39:34:35:35:32:38:33:36:32:39:37:38:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:70:75:62:73:75:62:2e:70:75:62:6e:75:62:2e:63:6f:6d:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:6c:77:73:6f:63:6b:65:74:73:2f:30:2e:31:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:6b:65:65:70:2d:61:6c:69:76:65:0d:0a:43:61:63:68:65:2d:43:6f:6e:74:72:6f:6c:3a:20:6e:6f:2d:63:61:63:68:65:2c:20:6e:6f:2d:73:74:6f:72:65:2c:20:6d:61:78:2d:61:67:65:3d:30:0d:0a:0d:0a" - }, - "tcp.segments": { - "tcp.segment": "5027", - "tcp.segment": "5029", - "tcp.segment.count": "2", - "tcp.reassembled.length": "257", - "tcp.reassembled.data": "47:45:54:20:2f:73:75:62:73:63:72:69:62:65:2f:73:75:62:2d:63:2d:62:35:62:35:65:61:61:65:2d:38:63:64:39:2d:31:31:65:33:2d:61:35:36:62:2d:30:32:65:65:32:64:64:61:62:37:66:65:2f:63:68:61:6e:6e:65:6c:5f:39:62:63:34:31:61:63:34:2d:37:39:61:36:2d:34:35:65:31:2d:39:37:64:32:2d:34:62:30:65:31:64:62:65:35:39:32:33:2f:30:2f:31:35:30:39:34:39:34:35:35:32:38:33:36:32:39:37:38:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:70:75:62:73:75:62:2e:70:75:62:6e:75:62:2e:63:6f:6d:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:6c:77:73:6f:63:6b:65:74:73:2f:30:2e:31:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:6b:65:65:70:2d:61:6c:69:76:65:0d:0a:43:61:63:68:65:2d:43:6f:6e:74:72:6f:6c:3a:20:6e:6f:2d:63:61:63:68:65:2c:20:6e:6f:2d:73:74:6f:72:65:2c:20:6d:61:78:2d:61:67:65:3d:30:0d:0a:0d:0a" - }, - "http": { - "GET \/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094945528362978 HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094945528362978 HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094945528362978", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "pubsub.pubnub.com", - "http.request.line": "Host: pubsub.pubnub.com\r\n", - "http.user_agent": "lwsockets\/0.1", - "http.request.line": "User-Agent: lwsockets\/0.1\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.cache_control": "no-cache, no-store, max-age=0", - "http.request.line": "Cache-Control: no-cache, no-store, max-age=0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/pubsub.pubnub.com\/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094945528362978", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:07.161038000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495067.161038000", - "frame.time_delta": "0.013527000", - "frame.time_delta_displayed": "0.013527000", - "frame.time_relative": "1475.700352000", - "frame.number": "5030", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000642a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "47", - "ip.proto": "6", - "ip.checksum": "0x000031ba", - "ip.checksum.status": "2", - "ip.src": "54.219.189.240", - "ip.addr": "54.219.189.240", - "ip.src_host": "54.219.189.240", - "ip.host": "54.219.189.240", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.src_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.src_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.src_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49776", - "tcp.port": "80", - "tcp.port": "49776", - "tcp.stream": "183", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "258", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "15544", - "tcp.window_size": "15544", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00000a80", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5029", - "tcp.analysis.ack_rtt": "0.013527000", - "tcp.analysis.initial_rtt": "0.017905000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:09.244603000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495069.244603000", - "frame.time_delta": "2.083565000", - "frame.time_delta_displayed": "2.083565000", - "frame.time_relative": "1477.783917000", - "frame.number": "5031", - "frame.len": "136", - "frame.cap_len": "136", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "122", - "ip.id": "0x0000e93b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000f01d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "102", - "udp.checksum": "0x0000302a", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000003", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", - "dns.qry.name.len": "70", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:09.809184000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495069.809184000", - "frame.time_delta": "0.564581000", - "frame.time_delta_displayed": "0.564581000", - "frame.time_relative": "1478.348498000", - "frame.number": "5032", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "00:17:88:69:ee:e4", - "arp.src.proto_ipv4": "192.168.0.160", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:09.809310000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495069.809310000", - "frame.time_delta": "0.000126000", - "frame.time_delta_displayed": "0.000126000", - "frame.time_relative": "1478.348624000", - "frame.number": "5033", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:17:88:69:ee:e4", - "arp.dst.proto_ipv4": "192.168.0.160" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:10.813580000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495070.813580000", - "frame.time_delta": "1.004270000", - "frame.time_delta_displayed": "1.004270000", - "frame.time_relative": "1479.352894000", - "frame.number": "5034", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x0000b7c8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000000f2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "39612", - "udp.dstport": "53", - "udp.port": "39612", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x00001b56", - "udp.checksum.status": "2", - "udp.stream": "114" - }, - "dns": { - "dns.id": "0x00000f2b", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:10.814178000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495070.814178000", - "frame.time_delta": "0.000598000", - "frame.time_delta_displayed": "0.000598000", - "frame.time_relative": "1479.353492000", - "frame.number": "5035", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x00009140", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000277a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "39612", - "udp.port": "53", - "udp.port": "39612", - "udp.length": "45", - "udp.checksum": "0x00008230", - "udp.checksum.status": "2", - "udp.stream": "114" - }, - "dns": { - "dns.response_to": "5034", - "dns.time": "0.000598000", - "dns.id": "0x00000f2b", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:10.814982000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495070.814982000", - "frame.time_delta": "0.000804000", - "frame.time_delta_displayed": "0.000804000", - "frame.time_relative": "1479.354296000", - "frame.number": "5036", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x0000b7c9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000000f1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56942", - "udp.dstport": "53", - "udp.port": "56942", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x0000f2a2", - "udp.checksum.status": "2", - "udp.stream": "115" - }, - "dns": { - "dns.id": "0x00000f2c", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:10.815500000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495070.815500000", - "frame.time_delta": "0.000518000", - "frame.time_delta_displayed": "0.000518000", - "frame.time_relative": "1479.354814000", - "frame.number": "5037", - "frame.len": "95", - "frame.cap_len": "95", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "81", - "ip.id": "0x00009141", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00002769", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "56942", - "udp.port": "53", - "udp.port": "56942", - "udp.length": "61", - "udp.checksum": "0x00008240", - "udp.checksum.status": "2", - "udp.stream": "115" - }, - "dns": { - "dns.response_to": "5036", - "dns.time": "0.000518000", - "dns.id": "0x00000f2c", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "1", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { - "dns.resp.name": "dcp.cpp.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2307", - "dns.resp.len": "4", - "dns.a": "5.79.62.93" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:10.816621000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495070.816621000", - "frame.time_delta": "0.001121000", - "frame.time_delta_displayed": "0.001121000", - "frame.time_relative": "1479.355935000", - "frame.number": "5038", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00006ad7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000caf8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35304", - "tcp.dstport": "80", - "tcp.port": "35304", - "tcp.port": "80", - "tcp.stream": "184", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00007ab3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:10.953701000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495070.953701000", - "frame.time_delta": "0.137080000", - "frame.time_delta_displayed": "0.137080000", - "frame.time_relative": "1479.493015000", - "frame.number": "5039", - "frame.len": "62", - "frame.cap_len": "62", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "48", - "ip.id": "0x000073d9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x000016fa", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35304", - "tcp.port": "80", - "tcp.port": "35304", - "tcp.stream": "184", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "28", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "4140", - "tcp.window_size": "4140", - "tcp.checksum": "0x0000b575", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:64:04:02:00:00", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1380" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "End of Option List (EOL)": { - "tcp.options.type": "0", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "0" - } - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5038", - "tcp.analysis.ack_rtt": "0.137080000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:10.954233000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495070.954233000", - "frame.time_delta": "0.000532000", - "frame.time_delta_displayed": "0.000532000", - "frame.time_relative": "1479.493547000", - "frame.number": "5040", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00006ad8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000cb03", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35304", - "tcp.dstport": "80", - "tcp.port": "35304", - "tcp.port": "80", - "tcp.stream": "184", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00007f04", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5039", - "tcp.analysis.ack_rtt": "0.000532000", - "tcp.analysis.initial_rtt": "0.137612000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:10.954247000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495070.954247000", - "frame.time_delta": "0.000014000", - "frame.time_delta_displayed": "0.000014000", - "frame.time_relative": "1479.493561000", - "frame.number": "5041", - "frame.len": "654", - "frame.cap_len": "654", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "640", - "ip.id": "0x00006ad9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000c8aa", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35304", - "tcp.dstport": "80", - "tcp.port": "35304", - "tcp.port": "80", - "tcp.stream": "184", - "tcp.len": "600", - "tcp.seq": "1", - "tcp.nxtseq": "601", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00003540", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.137612000", - "tcp.analysis.bytes_in_flight": "600", - "tcp.analysis.push_bytes_sent": "600" - }, - "tcp.segment_data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:39:33:22:2c:20:4e:6f:6e:63:65:3d:22:32:5a:66:53:39:50:4c:49:48:36:79:37:49:4e:55:49:65:39:52:68:2b:77:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:46:47:50:30:57:61:47:51:6d:39:73:6f:76:75:45:77:5a:55:6d:31:78:41:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:11.093709000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495071.093709000", - "frame.time_delta": "0.139462000", - "frame.time_delta_displayed": "0.139462000", - "frame.time_relative": "1479.633023000", - "frame.number": "5042", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000b31d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x0000d7bd", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35304", - "tcp.port": "80", - "tcp.port": "35304", - "tcp.stream": "184", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "601", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4740", - "tcp.window_size": "4740", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000dc38", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5041", - "tcp.analysis.ack_rtt": "0.139462000", - "tcp.analysis.initial_rtt": "0.137612000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:11.094329000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495071.094329000", - "frame.time_delta": "0.000620000", - "frame.time_delta_displayed": "0.000620000", - "frame.time_relative": "1479.633643000", - "frame.number": "5043", - "frame.len": "1302", - "frame.cap_len": "1302", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:media" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1288", - "ip.id": "0x00006ada", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000c621", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35304", - "tcp.dstport": "80", - "tcp.port": "35304", - "tcp.port": "80", - "tcp.stream": "184", - "tcp.len": "1248", - "tcp.seq": "601", - "tcp.nxtseq": "1849", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000489b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.137612000", - "tcp.analysis.bytes_in_flight": "1248", - "tcp.analysis.push_bytes_sent": "1248" - }, - "tcp.segment_data": "6e:6c:1f:c5:34:6b:0c:99:0b:bc:fe:e4:f9:eb:f5:11:fc:0e:7f:6f:b6:cd:20:e4:c9:d7:a3:ff:ce:ab:c9:13:0e:b9:2e:1c:4b:89:37:4e:a7:fb:00:06:94:2e:79:af:7d:e7:a5:8b:bc:ed:8d:07:cb:27:d1:00:ad:c8:f5:ff:15:d7:81:7f:ae:e0:45:a8:17:51:96:6b:96:c4:53:fd:49:33:08:7e:93:79:fc:16:45:21:cd:23:7c:70:05:b7:ed:7a:63:d7:f6:5f:5b:01:62:a8:10:4a:00:67:90:11:2a:f3:59:84:09:42:e7:91:40:67:14:aa:cf:7c:4c:8e:4f:77:2d:cf:41:8a:3b:07:cf:1b:86:88:b1:5c:cb:27:e6:e2:5a:72:ca:88:d6:03:77:ec:e6:fd:94:2c:ba:87:91:7c:ba:00:fa:5d:26:53:29:d0:76:20:25:ec:b9:4f:9e:fe:6f:12:aa:24:55:97:5d:86:56:87:1f:f1:c7:cf:70:04:87:29:e2:8b:ba:3f:49:46:d2:f2:36:64:2e:d4:72:c6:2c:38:36:28:9c:00:37:68:f7:66:1e:b9:f5:83:02:66:9c:3e:76:cc:fe:d7:4b:b7:72:17:cd:c1:91:7a:6f:af:d0:03:a6:96:11:92:fb:8a:86:ad:e5:12:65:49:32:cb:9a:00:af:cc:a9:c8:50:16:86:d3:72:15:f9:33:3f:76:52:9e:e0:39:6a:1e:0c:16:76:59:f7:1c:c5:10:62:41:18:43:f9:19:58:7b:78:ca:2e:84:5b:14:3f:b1:a0:54:7b:15:f2:21:4a:ff:75:e8:1f:ba:61:db:ec:53:58:c5:cd:2f:bc:94:f4:88:87:fc:0f:80:7e:70:66:bc:ce:21:b9:2f:24:bc:f2:72:0a:b5:1c:21:0b:4f:41:97:0d:25:30:04:fe:e1:89:b7:b5:df:80:60:56:30:89:5f:04:32:eb:51:9f:a7:5d:7f:65:f0:9d:41:a2:3a:32:ed:9a:ad:4d:e7:34:8c:73:2f:91:6a:55:a0:9c:57:65:1f:cb:e8:e7:a4:77:2e:4b:3f:bc:f9:49:d6:3e:e8:14:96:19:1f:84:0a:bf:d4:8d:74:a3:d1:5e:5a:b7:ff:72:12:ce:7b:a9:c2:89:0d:95:2d:95:0f:e4:58:ab:3b:33:26:32:aa:6a:17:c4:5b:98:6a:c6:d7:05:1f:1d:38:7b:7b:13:d0:95:db:35:51:d3:56:df:d1:8f:59:fd:32:e9:ab:73:7a:e8:42:91:f2:88:58:0a:d4:56:ab:04:6f:ea:5c:7e:da:12:34:59:50:a9:bc:81:fd:cd:46:ca:48:77:4a:e8:03:e4:83:d6:cf:dd:71:6a:aa:4d:cc:06:bc:d3:f1:09:3c:75:9f:b3:76:67:17:7e:ff:f6:41:46:fa:1b:f0:cf:0d:09:61:0f:62:c6:61:e5:78:d2:40:41:b1:c8:53:02:59:1b:50:ce:43:6b:60:85:a1:0f:97:48:df:20:ef:52:5a:8a:7b:d3:6d:ea:e8:13:53:00:ad:a8:a1:1c:b4:f4:a7:97:ef:79:bf:dc:ba:cd:c3:3e:47:3e:45:fa:84:f2:03:2e:34:8a:91:44:d1:95:df:bd:bb:e3:12:1f:bc:04:ff:56:0f:d1:bc:12:70:fc:89:f0:90:05:ec:2b:c0:33:9c:9b:1f:bc:2e:bb:20:34:51:50:0a:35:91:1a:01:20:fb:2f:e1:79:83:00:64:97:d2:51:f3:a1:3c:41:b4:43:20:cf:b5:04:f7:20:27:50:c8:4e:7d:f3:e1:09:4e:69:70:d3:62:89:b9:d6:a3:72:16:06:9f:97:93:0b:36:2b:f8:92:44:65:c9:b8:9e:bf:22:19:1e:14:bc:58:7a:00:d4:cd:e2:4f:c3:8f:5f:85:e2:11:23:11:c0:e3:80:7d:83:21:63:c4:1c:d1:41:6f:65:52:0b:ea:c9:82:57:75:d8:77:b1:ec:35:9c:df:00:67:fd:a3:48:84:a2:2b:f2:59:57:28:15:13:2d:5d:e1:3f:30:56:e0:e9:bf:1d:f1:c8:b9:63:bb:21:e0:3c:01:71:cb:65:bf:2b:13:e2:cd:fb:4c:bc:0a:5a:74:70:7a:57:44:c7:86:88:7d:17:5c:84:42:93:25:2d:19:4a:13:b2:da:71:eb:29:39:5e:38:5d:2a:00:b4:5e:4d:15:60:ee:96:e9:01:dd:a8:bf:ce:6e:e0:d0:c9:94:a7:62:52:7a:fb:f5:14:6b:18:27:59:ca:69:6b:25:f4:dd:0d:4c:9c:86:8a:4c:4b:cc:52:d0:a0:d6:80:11:98:a5:8c:2d:fe:85:d2:e0:2c:4b:2d:19:e9:4b:34:be:c9:a8:a5:a3:7f:bd:b2:b2:be:ca:ed:33:db:17:62:ae:6c:63:94:6d:16:23:b4:c7:0d:62:6b:25:60:1d:82:86:dd:24:9e:82:d7:42:f4:a3:6a:cb:5d:f6:67:11:ac:fd:95:19:51:1f:e4:d7:fa:81:0a:e8:6b:26:56:1c:f8:27:1c:1d:60:be:42:c2:98:6a:b5:44:07:3c:60:4e:eb:53:dc:ce:e5:c1:cf:1e:2f:fb:45:e0:91:ca:96:8f:35:86:f9:df:dd:d0:fc:9e:e3:ba:99:56:7e:7b:d1:0b:c1:a6:ad:62:24:d5:35:0b:14:ed:14:13:ce:84:34:2b:5f:56:4b:1f:86:a2:67:b3:8c:c9:7a:7f:ce:b3:04:4b:7a:92:15:70:09:ea:53:96:b0:8d:b1:93:f9:6c:8e:55:a5:92:59:b0:4d:c8:19:59:2b:e9:df:13:45:1b:bd:dd:b4:4f:a7:32:71:8b:e3:5c:8e:cf:a2:d2:8e:3d:51:fe:29:8b:ac:b2:f3:4d:76:33:e8:e6:07:66:8d:ad:45:3e:22:78:9c:a4:64:e4:db:7c:2d:ca:62:58:06:17:66:fb:43:92:20:6b:12:8d:9d:11:10:be:2f:56:59:93:08:68:57:9f:c1:1f:66:ca:b4:43:39:10:26:ba:82:0c:44:96:1e:6e:ad:99:f3:09:a6:ac:58:06:b3:91:fc:0a:d3:03:bc:c8:fa:2e:11:43:96:65:18:fd:3c:54:4e:b7:f8:57:d9:73:cc:c7:b3:b4:82:6d:c8:de:24:b6:ee:78:0e:b7:5f:11:8f:8f:e8:07:e1:2c:cf:82:47:d6:fe:95:5a:aa:c7:79:43:2f:2c:ca:3e:6e:b3:f3:62:6d:44:31:29:34:f8:68:13:9c:06:a1:5a:39:26:2c:03:70:cf" - }, - "tcp.segments": { - "tcp.segment": "5041", - "tcp.segment": "5043", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1848", - "tcp.reassembled.data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:39:33:22:2c:20:4e:6f:6e:63:65:3d:22:32:5a:66:53:39:50:4c:49:48:36:79:37:49:4e:55:49:65:39:52:68:2b:77:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:46:47:50:30:57:61:47:51:6d:39:73:6f:76:75:45:77:5a:55:6d:31:78:41:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a:6e:6c:1f:c5:34:6b:0c:99:0b:bc:fe:e4:f9:eb:f5:11:fc:0e:7f:6f:b6:cd:20:e4:c9:d7:a3:ff:ce:ab:c9:13:0e:b9:2e:1c:4b:89:37:4e:a7:fb:00:06:94:2e:79:af:7d:e7:a5:8b:bc:ed:8d:07:cb:27:d1:00:ad:c8:f5:ff:15:d7:81:7f:ae:e0:45:a8:17:51:96:6b:96:c4:53:fd:49:33:08:7e:93:79:fc:16:45:21:cd:23:7c:70:05:b7:ed:7a:63:d7:f6:5f:5b:01:62:a8:10:4a:00:67:90:11:2a:f3:59:84:09:42:e7:91:40:67:14:aa:cf:7c:4c:8e:4f:77:2d:cf:41:8a:3b:07:cf:1b:86:88:b1:5c:cb:27:e6:e2:5a:72:ca:88:d6:03:77:ec:e6:fd:94:2c:ba:87:91:7c:ba:00:fa:5d:26:53:29:d0:76:20:25:ec:b9:4f:9e:fe:6f:12:aa:24:55:97:5d:86:56:87:1f:f1:c7:cf:70:04:87:29:e2:8b:ba:3f:49:46:d2:f2:36:64:2e:d4:72:c6:2c:38:36:28:9c:00:37:68:f7:66:1e:b9:f5:83:02:66:9c:3e:76:cc:fe:d7:4b:b7:72:17:cd:c1:91:7a:6f:af:d0:03:a6:96:11:92:fb:8a:86:ad:e5:12:65:49:32:cb:9a:00:af:cc:a9:c8:50:16:86:d3:72:15:f9:33:3f:76:52:9e:e0:39:6a:1e:0c:16:76:59:f7:1c:c5:10:62:41:18:43:f9:19:58:7b:78:ca:2e:84:5b:14:3f:b1:a0:54:7b:15:f2:21:4a:ff:75:e8:1f:ba:61:db:ec:53:58:c5:cd:2f:bc:94:f4:88:87:fc:0f:80:7e:70:66:bc:ce:21:b9:2f:24:bc:f2:72:0a:b5:1c:21:0b:4f:41:97:0d:25:30:04:fe:e1:89:b7:b5:df:80:60:56:30:89:5f:04:32:eb:51:9f:a7:5d:7f:65:f0:9d:41:a2:3a:32:ed:9a:ad:4d:e7:34:8c:73:2f:91:6a:55:a0:9c:57:65:1f:cb:e8:e7:a4:77:2e:4b:3f:bc:f9:49:d6:3e:e8:14:96:19:1f:84:0a:bf:d4:8d:74:a3:d1:5e:5a:b7:ff:72:12:ce:7b:a9:c2:89:0d:95:2d:95:0f:e4:58:ab:3b:33:26:32:aa:6a:17:c4:5b:98:6a:c6:d7:05:1f:1d:38:7b:7b:13:d0:95:db:35:51:d3:56:df:d1:8f:59:fd:32:e9:ab:73:7a:e8:42:91:f2:88:58:0a:d4:56:ab:04:6f:ea:5c:7e:da:12:34:59:50:a9:bc:81:fd:cd:46:ca:48:77:4a:e8:03:e4:83:d6:cf:dd:71:6a:aa:4d:cc:06:bc:d3:f1:09:3c:75:9f:b3:76:67:17:7e:ff:f6:41:46:fa:1b:f0:cf:0d:09:61:0f:62:c6:61:e5:78:d2:40:41:b1:c8:53:02:59:1b:50:ce:43:6b:60:85:a1:0f:97:48:df:20:ef:52:5a:8a:7b:d3:6d:ea:e8:13:53:00:ad:a8:a1:1c:b4:f4:a7:97:ef:79:bf:dc:ba:cd:c3:3e:47:3e:45:fa:84:f2:03:2e:34:8a:91:44:d1:95:df:bd:bb:e3:12:1f:bc:04:ff:56:0f:d1:bc:12:70:fc:89:f0:90:05:ec:2b:c0:33:9c:9b:1f:bc:2e:bb:20:34:51:50:0a:35:91:1a:01:20:fb:2f:e1:79:83:00:64:97:d2:51:f3:a1:3c:41:b4:43:20:cf:b5:04:f7:20:27:50:c8:4e:7d:f3:e1:09:4e:69:70:d3:62:89:b9:d6:a3:72:16:06:9f:97:93:0b:36:2b:f8:92:44:65:c9:b8:9e:bf:22:19:1e:14:bc:58:7a:00:d4:cd:e2:4f:c3:8f:5f:85:e2:11:23:11:c0:e3:80:7d:83:21:63:c4:1c:d1:41:6f:65:52:0b:ea:c9:82:57:75:d8:77:b1:ec:35:9c:df:00:67:fd:a3:48:84:a2:2b:f2:59:57:28:15:13:2d:5d:e1:3f:30:56:e0:e9:bf:1d:f1:c8:b9:63:bb:21:e0:3c:01:71:cb:65:bf:2b:13:e2:cd:fb:4c:bc:0a:5a:74:70:7a:57:44:c7:86:88:7d:17:5c:84:42:93:25:2d:19:4a:13:b2:da:71:eb:29:39:5e:38:5d:2a:00:b4:5e:4d:15:60:ee:96:e9:01:dd:a8:bf:ce:6e:e0:d0:c9:94:a7:62:52:7a:fb:f5:14:6b:18:27:59:ca:69:6b:25:f4:dd:0d:4c:9c:86:8a:4c:4b:cc:52:d0:a0:d6:80:11:98:a5:8c:2d:fe:85:d2:e0:2c:4b:2d:19:e9:4b:34:be:c9:a8:a5:a3:7f:bd:b2:b2:be:ca:ed:33:db:17:62:ae:6c:63:94:6d:16:23:b4:c7:0d:62:6b:25:60:1d:82:86:dd:24:9e:82:d7:42:f4:a3:6a:cb:5d:f6:67:11:ac:fd:95:19:51:1f:e4:d7:fa:81:0a:e8:6b:26:56:1c:f8:27:1c:1d:60:be:42:c2:98:6a:b5:44:07:3c:60:4e:eb:53:dc:ce:e5:c1:cf:1e:2f:fb:45:e0:91:ca:96:8f:35:86:f9:df:dd:d0:fc:9e:e3:ba:99:56:7e:7b:d1:0b:c1:a6:ad:62:24:d5:35:0b:14:ed:14:13:ce:84:34:2b:5f:56:4b:1f:86:a2:67:b3:8c:c9:7a:7f:ce:b3:04:4b:7a:92:15:70:09:ea:53:96:b0:8d:b1:93:f9:6c:8e:55:a5:92:59:b0:4d:c8:19:59:2b:e9:df:13:45:1b:bd:dd:b4:4f:a7:32:71:8b:e3:5c:8e:cf:a2:d2:8e:3d:51:fe:29:8b:ac:b2:f3:4d:76:33:e8:e6:07:66:8d:ad:45:3e:22:78:9c:a4:64:e4:db:7c:2d:ca:62:58:06:17:66:fb:43:92:20:6b:12:8d:9d:11:10:be:2f:56:59:93:08:68:57:9f:c1:1f:66:ca:b4:43:39:10:26:ba:82:0c:44:96:1e:6e:ad:99:f3:09:a6:ac:58:06:b3:91:fc:0a:d3:03:bc:c8:fa:2e:11:43:96:65:18:fd:3c:54:4e:b7:f8:57:d9:73:cc:c7:b3:b4:82:6d:c8:de:24:b6:ee:78:0e:b7:5f:11:8f:8f:e8:07:e1:2c:cf:82:47:d6:fe:95:5a:aa:c7:79:43:2f:2c:ca:3e:6e:b3:f3:62:6d:44:31:29:34:f8:68:13:9c:06:a1:5a:39:26:2c:03:70:cf" - }, - "http": { - "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "POST", - "http.request.uri": "\/DcpRequestHandler\/index.ashx", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "dcp.cpp.philips.com:80", - "http.request.line": "Host: dcp.cpp.philips.com:80\r\n", - "http.authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"193\", Nonce=\"2ZfS9PLIH6y7INUIe9Rh+w==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"FGP0WaGQm9sovuEwZUm1xA==\"", - "http.request.line": "Authorization: CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"193\", Nonce=\"2ZfS9PLIH6y7INUIe9Rh+w==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"FGP0WaGQm9sovuEwZUm1xA==\"\r\n", - "http.content_length_header": "1248 ", - "http.content_length_header_tree": { - "http.content_length": "1248" - }, - "http.request.line": "Content-Length: 1248 \r\n", - "http.content_type": "application\/CB-Encrypted; cipher=AES", - "http.request.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", - "http.connection": "close", - "http.request.line": "Connection: close\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/dcp.cpp.philips.com:80\/DcpRequestHandler\/index.ashx", - "http.request": "1", - "http.request_number": "1", - "http.file_data": "nl\u001f\u00ef\u00bf\u00bd4k\f\u00ef\u00bf\u00bd\u000b\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0011\u00ef\u00bf\u00bd\u000e\u007fo\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd \u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0013\u000e\u00ef\u00bf\u00bd.\u001cK\u00ef\u00bf\u00bd7N\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd" - }, - "media": { - "media.type": "6e:6c:1f:c5:34:6b:0c:99:0b:bc:fe:e4:f9:eb:f5:11:fc:0e:7f:6f:b6:cd:20:e4:c9:d7:a3:ff:ce:ab:c9:13:0e:b9:2e:1c:4b:89:37:4e:a7:fb:00:06:94:2e:79:af:7d:e7:a5:8b:bc:ed:8d:07:cb:27:d1:00:ad:c8:f5:ff:15:d7:81:7f:ae:e0:45:a8:17:51:96:6b:96:c4:53:fd:49:33:08:7e:93:79:fc:16:45:21:cd:23:7c:70:05:b7:ed:7a:63:d7:f6:5f:5b:01:62:a8:10:4a:00:67:90:11:2a:f3:59:84:09:42:e7:91:40:67:14:aa:cf:7c:4c:8e:4f:77:2d:cf:41:8a:3b:07:cf:1b:86:88:b1:5c:cb:27:e6:e2:5a:72:ca:88:d6:03:77:ec:e6:fd:94:2c:ba:87:91:7c:ba:00:fa:5d:26:53:29:d0:76:20:25:ec:b9:4f:9e:fe:6f:12:aa:24:55:97:5d:86:56:87:1f:f1:c7:cf:70:04:87:29:e2:8b:ba:3f:49:46:d2:f2:36:64:2e:d4:72:c6:2c:38:36:28:9c:00:37:68:f7:66:1e:b9:f5:83:02:66:9c:3e:76:cc:fe:d7:4b:b7:72:17:cd:c1:91:7a:6f:af:d0:03:a6:96:11:92:fb:8a:86:ad:e5:12:65:49:32:cb:9a:00:af:cc:a9:c8:50:16:86:d3:72:15:f9:33:3f:76:52:9e:e0:39:6a:1e:0c:16:76:59:f7:1c:c5:10:62:41:18:43:f9:19:58:7b:78:ca:2e:84:5b:14:3f:b1:a0:54:7b:15:f2:21:4a:ff:75:e8:1f:ba:61:db:ec:53:58:c5:cd:2f:bc:94:f4:88:87:fc:0f:80:7e:70:66:bc:ce:21:b9:2f:24:bc:f2:72:0a:b5:1c:21:0b:4f:41:97:0d:25:30:04:fe:e1:89:b7:b5:df:80:60:56:30:89:5f:04:32:eb:51:9f:a7:5d:7f:65:f0:9d:41:a2:3a:32:ed:9a:ad:4d:e7:34:8c:73:2f:91:6a:55:a0:9c:57:65:1f:cb:e8:e7:a4:77:2e:4b:3f:bc:f9:49:d6:3e:e8:14:96:19:1f:84:0a:bf:d4:8d:74:a3:d1:5e:5a:b7:ff:72:12:ce:7b:a9:c2:89:0d:95:2d:95:0f:e4:58:ab:3b:33:26:32:aa:6a:17:c4:5b:98:6a:c6:d7:05:1f:1d:38:7b:7b:13:d0:95:db:35:51:d3:56:df:d1:8f:59:fd:32:e9:ab:73:7a:e8:42:91:f2:88:58:0a:d4:56:ab:04:6f:ea:5c:7e:da:12:34:59:50:a9:bc:81:fd:cd:46:ca:48:77:4a:e8:03:e4:83:d6:cf:dd:71:6a:aa:4d:cc:06:bc:d3:f1:09:3c:75:9f:b3:76:67:17:7e:ff:f6:41:46:fa:1b:f0:cf:0d:09:61:0f:62:c6:61:e5:78:d2:40:41:b1:c8:53:02:59:1b:50:ce:43:6b:60:85:a1:0f:97:48:df:20:ef:52:5a:8a:7b:d3:6d:ea:e8:13:53:00:ad:a8:a1:1c:b4:f4:a7:97:ef:79:bf:dc:ba:cd:c3:3e:47:3e:45:fa:84:f2:03:2e:34:8a:91:44:d1:95:df:bd:bb:e3:12:1f:bc:04:ff:56:0f:d1:bc:12:70:fc:89:f0:90:05:ec:2b:c0:33:9c:9b:1f:bc:2e:bb:20:34:51:50:0a:35:91:1a:01:20:fb:2f:e1:79:83:00:64:97:d2:51:f3:a1:3c:41:b4:43:20:cf:b5:04:f7:20:27:50:c8:4e:7d:f3:e1:09:4e:69:70:d3:62:89:b9:d6:a3:72:16:06:9f:97:93:0b:36:2b:f8:92:44:65:c9:b8:9e:bf:22:19:1e:14:bc:58:7a:00:d4:cd:e2:4f:c3:8f:5f:85:e2:11:23:11:c0:e3:80:7d:83:21:63:c4:1c:d1:41:6f:65:52:0b:ea:c9:82:57:75:d8:77:b1:ec:35:9c:df:00:67:fd:a3:48:84:a2:2b:f2:59:57:28:15:13:2d:5d:e1:3f:30:56:e0:e9:bf:1d:f1:c8:b9:63:bb:21:e0:3c:01:71:cb:65:bf:2b:13:e2:cd:fb:4c:bc:0a:5a:74:70:7a:57:44:c7:86:88:7d:17:5c:84:42:93:25:2d:19:4a:13:b2:da:71:eb:29:39:5e:38:5d:2a:00:b4:5e:4d:15:60:ee:96:e9:01:dd:a8:bf:ce:6e:e0:d0:c9:94:a7:62:52:7a:fb:f5:14:6b:18:27:59:ca:69:6b:25:f4:dd:0d:4c:9c:86:8a:4c:4b:cc:52:d0:a0:d6:80:11:98:a5:8c:2d:fe:85:d2:e0:2c:4b:2d:19:e9:4b:34:be:c9:a8:a5:a3:7f:bd:b2:b2:be:ca:ed:33:db:17:62:ae:6c:63:94:6d:16:23:b4:c7:0d:62:6b:25:60:1d:82:86:dd:24:9e:82:d7:42:f4:a3:6a:cb:5d:f6:67:11:ac:fd:95:19:51:1f:e4:d7:fa:81:0a:e8:6b:26:56:1c:f8:27:1c:1d:60:be:42:c2:98:6a:b5:44:07:3c:60:4e:eb:53:dc:ce:e5:c1:cf:1e:2f:fb:45:e0:91:ca:96:8f:35:86:f9:df:dd:d0:fc:9e:e3:ba:99:56:7e:7b:d1:0b:c1:a6:ad:62:24:d5:35:0b:14:ed:14:13:ce:84:34:2b:5f:56:4b:1f:86:a2:67:b3:8c:c9:7a:7f:ce:b3:04:4b:7a:92:15:70:09:ea:53:96:b0:8d:b1:93:f9:6c:8e:55:a5:92:59:b0:4d:c8:19:59:2b:e9:df:13:45:1b:bd:dd:b4:4f:a7:32:71:8b:e3:5c:8e:cf:a2:d2:8e:3d:51:fe:29:8b:ac:b2:f3:4d:76:33:e8:e6:07:66:8d:ad:45:3e:22:78:9c:a4:64:e4:db:7c:2d:ca:62:58:06:17:66:fb:43:92:20:6b:12:8d:9d:11:10:be:2f:56:59:93:08:68:57:9f:c1:1f:66:ca:b4:43:39:10:26:ba:82:0c:44:96:1e:6e:ad:99:f3:09:a6:ac:58:06:b3:91:fc:0a:d3:03:bc:c8:fa:2e:11:43:96:65:18:fd:3c:54:4e:b7:f8:57:d9:73:cc:c7:b3:b4:82:6d:c8:de:24:b6:ee:78:0e:b7:5f:11:8f:8f:e8:07:e1:2c:cf:82:47:d6:fe:95:5a:aa:c7:79:43:2f:2c:ca:3e:6e:b3:f3:62:6d:44:31:29:34:f8:68:13:9c:06:a1:5a:39:26:2c:03:70:cf" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:11.231487000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495071.231487000", - "frame.time_delta": "0.137158000", - "frame.time_delta_displayed": "0.137158000", - "frame.time_relative": "1479.770801000", - "frame.number": "5044", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000f01e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x00009abc", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35304", - "tcp.port": "80", - "tcp.port": "35304", - "tcp.stream": "184", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1849", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000d278", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5043", - "tcp.analysis.ack_rtt": "0.137158000", - "tcp.analysis.initial_rtt": "0.137612000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:11.234947000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495071.234947000", - "frame.time_delta": "0.003460000", - "frame.time_delta_displayed": "0.003460000", - "frame.time_relative": "1479.774261000", - "frame.number": "5045", - "frame.len": "1434", - "frame.cap_len": "1434", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1420", - "ip.id": "0x0000f0eb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x0000948b", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35304", - "tcp.port": "80", - "tcp.port": "35304", - "tcp.stream": "184", - "tcp.len": "1380", - "tcp.seq": "1", - "tcp.nxtseq": "1381", - "tcp.ack": "1849", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00000a73", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.137612000", - "tcp.analysis.bytes_in_flight": "1380", - "tcp.analysis.push_bytes_sent": "1380" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:34:30:31:20:55:6e:61:75:74:68:6f:72:69:7a:65:64:0d:0a:43:61:63:68:65:2d:43:6f:6e:74:72:6f:6c:3a:20:70:72:69:76:61:74:65:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:74:65:78:74:2f:68:74:6d:6c:0d:0a:53:65:72:76:65:72:3a:20:4d:69:63:72:6f:73:6f:66:74:2d:49:49:53:2f:37:2e:35:0d:0a:57:57:57:2d:41:75:74:68:65:6e:74:69:63:61:74:65:3a:20:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:52:65:6e:65:77:4e:6f:6e:63:65:3d:22:54:72:75:65:22:2c:20:4e:6f:6e:63:65:3d:22:62:56:47:32:5a:46:77:56:78:67:36:39:49:4e:55:49:47:4f:4f:67:58:41:3d:3d:22:0d:0a:58:2d:41:73:70:4e:65:74:2d:56:65:72:73:69:6f:6e:3a:20:34:2e:30:2e:33:30:33:31:39:0d:0a:58:2d:50:6f:77:65:72:65:64:2d:42:79:3a:20:41:53:50:2e:4e:45:54:0d:0a:44:61:74:65:3a:20:57:65:64:2c:20:30:31:20:4e:6f:76:20:32:30:31:37:20:30:30:3a:31:31:3a:31:30:20:47:4d:54:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:39:33:0d:0a:0d:0a:3c:21:44:4f:43:54:59:50:45:20:68:74:6d:6c:20:50:55:42:4c:49:43:20:22:2d:2f:2f:57:33:43:2f:2f:44:54:44:20:58:48:54:4d:4c:20:31:2e:30:20:53:74:72:69:63:74:2f:2f:45:4e:22:20:22:68:74:74:70:3a:2f:2f:77:77:77:2e:77:33:2e:6f:72:67:2f:54:52:2f:78:68:74:6d:6c:31:2f:44:54:44:2f:78:68:74:6d:6c:31:2d:73:74:72:69:63:74:2e:64:74:64:22:3e:0d:0a:3c:68:74:6d:6c:20:78:6d:6c:6e:73:3d:22:68:74:74:70:3a:2f:2f:77:77:77:2e:77:33:2e:6f:72:67:2f:31:39:39:39:2f:78:68:74:6d:6c:22:3e:0d:0a:3c:68:65:61:64:3e:0d:0a:3c:6d:65:74:61:20:68:74:74:70:2d:65:71:75:69:76:3d:22:43:6f:6e:74:65:6e:74:2d:54:79:70:65:22:20:63:6f:6e:74:65:6e:74:3d:22:74:65:78:74:2f:68:74:6d:6c:3b:20:63:68:61:72:73:65:74:3d:69:73:6f:2d:38:38:35:39:2d:31:22:2f:3e:0d:0a:3c:74:69:74:6c:65:3e:34:30:31:20:2d:20:55:6e:61:75:74:68:6f:72:69:7a:65:64:3a:20:41:63:63:65:73:73:20:69:73:20:64:65:6e:69:65:64:20:64:75:65:20:74:6f:20:69:6e:76:61:6c:69:64:20:63:72:65:64:65:6e:74:69:61:6c:73:2e:3c:2f:74:69:74:6c:65:3e:0d:0a:3c:73:74:79:6c:65:20:74:79:70:65:3d:22:74:65:78:74:2f:63:73:73:22:3e:0d:0a:3c:21:2d:2d:0d:0a:62:6f:64:79:7b:6d:61:72:67:69:6e:3a:30:3b:66:6f:6e:74:2d:73:69:7a:65:3a:2e:37:65:6d:3b:66:6f:6e:74:2d:66:61:6d:69:6c:79:3a:56:65:72:64:61:6e:61:2c:20:41:72:69:61:6c:2c:20:48:65:6c:76:65:74:69:63:61:2c:20:73:61:6e:73:2d:73:65:72:69:66:3b:62:61:63:6b:67:72:6f:75:6e:64:3a:23:45:45:45:45:45:45:3b:7d:0d:0a:66:69:65:6c:64:73:65:74:7b:70:61:64:64:69:6e:67:3a:30:20:31:35:70:78:20:31:30:70:78:20:31:35:70:78:3b:7d:20:0d:0a:68:31:7b:66:6f:6e:74:2d:73:69:7a:65:3a:32:2e:34:65:6d:3b:6d:61:72:67:69:6e:3a:30:3b:63:6f:6c:6f:72:3a:23:46:46:46:3b:7d:0d:0a:68:32:7b:66:6f:6e:74:2d:73:69:7a:65:3a:31:2e:37:65:6d:3b:6d:61:72:67:69:6e:3a:30:3b:63:6f:6c:6f:72:3a:23:43:43:30:30:30:30:3b:7d:20:0d:0a:68:33:7b:66:6f:6e:74:2d:73:69:7a:65:3a:31:2e:32:65:6d:3b:6d:61:72:67:69:6e:3a:31:30:70:78:20:30:20:30:20:30:3b:63:6f:6c:6f:72:3a:23:30:30:30:30:30:30:3b:7d:20:0d:0a:23:68:65:61:64:65:72:7b:77:69:64:74:68:3a:39:36:25:3b:6d:61:72:67:69:6e:3a:30:20:30:20:30:20:30:3b:70:61:64:64:69:6e:67:3a:36:70:78:20:32:25:20:36:70:78:20:32:25:3b:66:6f:6e:74:2d:66:61:6d:69:6c:79:3a:22:74:72:65:62:75:63:68:65:74:20:4d:53:22:2c:20:56:65:72:64:61:6e:61:2c:20:73:61:6e:73:2d:73:65:72:69:66:3b:63:6f:6c:6f:72:3a:23:46:46:46:3b:0d:0a:62:61:63:6b:67:72:6f:75:6e:64:2d:63:6f:6c:6f:72:3a:23:35:35:35:35:35:35:3b:7d:0d:0a:23:63:6f:6e:74:65:6e:74:7b:6d:61:72:67:69:6e:3a:30:20:30:20:30:20:32:25:3b:70:6f:73:69:74:69:6f:6e:3a:72:65:6c:61:74:69:76:65:3b:7d:0d:0a:2e:63:6f:6e:74:65:6e:74:2d:63:6f:6e:74:61:69:6e:65:72:7b:62:61:63:6b:67:72:6f:75:6e:64:3a:23:46:46:46:3b:77:69:64:74:68:3a:39:36:25:3b:6d:61:72:67:69:6e:2d:74:6f:70:3a:38:70:78:3b:70:61:64:64:69:6e:67:3a:31:30:70:78:3b:70:6f:73:69:74:69:6f:6e:3a:72:65:6c:61:74:69:76:65:3b:7d:0d:0a:2d:2d:3e:0d:0a:3c:2f:73:74:79:6c:65:3e:0d:0a:3c:2f:68:65:61:64:3e:0d:0a:3c:62:6f:64:79:3e:0d:0a:3c:64:69:76:20:69:64:3d:22:68:65:61:64:65:72:22:3e:3c:68:31:3e:53:65:72:76:65:72:20:45:72:72:6f:72:3c:2f:68:31:3e:3c:2f:64:69:76:3e:0d:0a:3c:64:69:76:20:69:64:3d:22:63:6f:6e:74:65:6e:74:22:3e:0d:0a:20:3c:64:69:76:20:63:6c:61:73:73:3d:22:63:6f:6e:74:65:6e:74:2d:63:6f:6e:74:61:69:6e:65:72:22:3e:3c:66:69:65:6c:64:73" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:11.234968000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495071.234968000", - "frame.time_delta": "0.000021000", - "frame.time_delta_displayed": "0.000021000", - "frame.time_relative": "1479.774282000", - "frame.number": "5046", - "frame.len": "134", - "frame.cap_len": "134", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "120", - "ip.id": "0x0000f0ec", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x0000999e", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35304", - "tcp.port": "80", - "tcp.port": "35304", - "tcp.stream": "184", - "tcp.len": "80", - "tcp.seq": "1381", - "tcp.nxtseq": "1461", - "tcp.ack": "1849", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000055f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.137612000", - "tcp.analysis.bytes_in_flight": "1460", - "tcp.analysis.push_bytes_sent": "1460" - }, - "tcp.segment_data": "65:74:3e:0d:0a:20:20:3c:68:32:3e:34:30:31:20:2d:20:55:6e:61:75:74:68:6f:72:69:7a:65:64:3a:20:41:63:63:65:73:73:20:69:73:20:64:65:6e:69:65:64:20:64:75:65:20:74:6f:20:69:6e:76:61:6c:69:64:20:63:72:65:64:65:6e:74:69:61:6c:73:2e:3c:2f:68:32:3e" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:11.235044000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495071.235044000", - "frame.time_delta": "0.000076000", - "frame.time_delta_displayed": "0.000076000", - "frame.time_relative": "1479.774358000", - "frame.number": "5047", - "frame.len": "213", - "frame.cap_len": "213", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:data-text-lines" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "199", - "ip.id": "0x0000f0ed", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x0000994e", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35304", - "tcp.port": "80", - "tcp.port": "35304", - "tcp.stream": "184", - "tcp.len": "159", - "tcp.seq": "1461", - "tcp.nxtseq": "1620", - "tcp.ack": "1849", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x000066f7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.137612000", - "tcp.analysis.bytes_in_flight": "1619", - "tcp.analysis.push_bytes_sent": "159" - }, - "tcp.segment_data": "0d:0a:20:20:3c:68:33:3e:59:6f:75:20:64:6f:20:6e:6f:74:20:68:61:76:65:20:70:65:72:6d:69:73:73:69:6f:6e:20:74:6f:20:76:69:65:77:20:74:68:69:73:20:64:69:72:65:63:74:6f:72:79:20:6f:72:20:70:61:67:65:20:75:73:69:6e:67:20:74:68:65:20:63:72:65:64:65:6e:74:69:61:6c:73:20:74:68:61:74:20:79:6f:75:20:73:75:70:70:6c:69:65:64:2e:3c:2f:68:33:3e:0d:0a:20:3c:2f:66:69:65:6c:64:73:65:74:3e:3c:2f:64:69:76:3e:0d:0a:3c:2f:64:69:76:3e:0d:0a:3c:2f:62:6f:64:79:3e:0d:0a:3c:2f:68:74:6d:6c:3e:0d:0a" - }, - "tcp.segments": { - "tcp.segment": "5045", - "tcp.segment": "5046", - "tcp.segment": "5047", - "tcp.segment.count": "3", - "tcp.reassembled.length": "1619", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:34:30:31:20:55:6e:61:75:74:68:6f:72:69:7a:65:64:0d:0a:43:61:63:68:65:2d:43:6f:6e:74:72:6f:6c:3a:20:70:72:69:76:61:74:65:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:74:65:78:74:2f:68:74:6d:6c:0d:0a:53:65:72:76:65:72:3a:20:4d:69:63:72:6f:73:6f:66:74:2d:49:49:53:2f:37:2e:35:0d:0a:57:57:57:2d:41:75:74:68:65:6e:74:69:63:61:74:65:3a:20:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:52:65:6e:65:77:4e:6f:6e:63:65:3d:22:54:72:75:65:22:2c:20:4e:6f:6e:63:65:3d:22:62:56:47:32:5a:46:77:56:78:67:36:39:49:4e:55:49:47:4f:4f:67:58:41:3d:3d:22:0d:0a:58:2d:41:73:70:4e:65:74:2d:56:65:72:73:69:6f:6e:3a:20:34:2e:30:2e:33:30:33:31:39:0d:0a:58:2d:50:6f:77:65:72:65:64:2d:42:79:3a:20:41:53:50:2e:4e:45:54:0d:0a:44:61:74:65:3a:20:57:65:64:2c:20:30:31:20:4e:6f:76:20:32:30:31:37:20:30:30:3a:31:31:3a:31:30:20:47:4d:54:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:39:33:0d:0a:0d:0a:3c:21:44:4f:43:54:59:50:45:20:68:74:6d:6c:20:50:55:42:4c:49:43:20:22:2d:2f:2f:57:33:43:2f:2f:44:54:44:20:58:48:54:4d:4c:20:31:2e:30:20:53:74:72:69:63:74:2f:2f:45:4e:22:20:22:68:74:74:70:3a:2f:2f:77:77:77:2e:77:33:2e:6f:72:67:2f:54:52:2f:78:68:74:6d:6c:31:2f:44:54:44:2f:78:68:74:6d:6c:31:2d:73:74:72:69:63:74:2e:64:74:64:22:3e:0d:0a:3c:68:74:6d:6c:20:78:6d:6c:6e:73:3d:22:68:74:74:70:3a:2f:2f:77:77:77:2e:77:33:2e:6f:72:67:2f:31:39:39:39:2f:78:68:74:6d:6c:22:3e:0d:0a:3c:68:65:61:64:3e:0d:0a:3c:6d:65:74:61:20:68:74:74:70:2d:65:71:75:69:76:3d:22:43:6f:6e:74:65:6e:74:2d:54:79:70:65:22:20:63:6f:6e:74:65:6e:74:3d:22:74:65:78:74:2f:68:74:6d:6c:3b:20:63:68:61:72:73:65:74:3d:69:73:6f:2d:38:38:35:39:2d:31:22:2f:3e:0d:0a:3c:74:69:74:6c:65:3e:34:30:31:20:2d:20:55:6e:61:75:74:68:6f:72:69:7a:65:64:3a:20:41:63:63:65:73:73:20:69:73:20:64:65:6e:69:65:64:20:64:75:65:20:74:6f:20:69:6e:76:61:6c:69:64:20:63:72:65:64:65:6e:74:69:61:6c:73:2e:3c:2f:74:69:74:6c:65:3e:0d:0a:3c:73:74:79:6c:65:20:74:79:70:65:3d:22:74:65:78:74:2f:63:73:73:22:3e:0d:0a:3c:21:2d:2d:0d:0a:62:6f:64:79:7b:6d:61:72:67:69:6e:3a:30:3b:66:6f:6e:74:2d:73:69:7a:65:3a:2e:37:65:6d:3b:66:6f:6e:74:2d:66:61:6d:69:6c:79:3a:56:65:72:64:61:6e:61:2c:20:41:72:69:61:6c:2c:20:48:65:6c:76:65:74:69:63:61:2c:20:73:61:6e:73:2d:73:65:72:69:66:3b:62:61:63:6b:67:72:6f:75:6e:64:3a:23:45:45:45:45:45:45:3b:7d:0d:0a:66:69:65:6c:64:73:65:74:7b:70:61:64:64:69:6e:67:3a:30:20:31:35:70:78:20:31:30:70:78:20:31:35:70:78:3b:7d:20:0d:0a:68:31:7b:66:6f:6e:74:2d:73:69:7a:65:3a:32:2e:34:65:6d:3b:6d:61:72:67:69:6e:3a:30:3b:63:6f:6c:6f:72:3a:23:46:46:46:3b:7d:0d:0a:68:32:7b:66:6f:6e:74:2d:73:69:7a:65:3a:31:2e:37:65:6d:3b:6d:61:72:67:69:6e:3a:30:3b:63:6f:6c:6f:72:3a:23:43:43:30:30:30:30:3b:7d:20:0d:0a:68:33:7b:66:6f:6e:74:2d:73:69:7a:65:3a:31:2e:32:65:6d:3b:6d:61:72:67:69:6e:3a:31:30:70:78:20:30:20:30:20:30:3b:63:6f:6c:6f:72:3a:23:30:30:30:30:30:30:3b:7d:20:0d:0a:23:68:65:61:64:65:72:7b:77:69:64:74:68:3a:39:36:25:3b:6d:61:72:67:69:6e:3a:30:20:30:20:30:20:30:3b:70:61:64:64:69:6e:67:3a:36:70:78:20:32:25:20:36:70:78:20:32:25:3b:66:6f:6e:74:2d:66:61:6d:69:6c:79:3a:22:74:72:65:62:75:63:68:65:74:20:4d:53:22:2c:20:56:65:72:64:61:6e:61:2c:20:73:61:6e:73:2d:73:65:72:69:66:3b:63:6f:6c:6f:72:3a:23:46:46:46:3b:0d:0a:62:61:63:6b:67:72:6f:75:6e:64:2d:63:6f:6c:6f:72:3a:23:35:35:35:35:35:35:3b:7d:0d:0a:23:63:6f:6e:74:65:6e:74:7b:6d:61:72:67:69:6e:3a:30:20:30:20:30:20:32:25:3b:70:6f:73:69:74:69:6f:6e:3a:72:65:6c:61:74:69:76:65:3b:7d:0d:0a:2e:63:6f:6e:74:65:6e:74:2d:63:6f:6e:74:61:69:6e:65:72:7b:62:61:63:6b:67:72:6f:75:6e:64:3a:23:46:46:46:3b:77:69:64:74:68:3a:39:36:25:3b:6d:61:72:67:69:6e:2d:74:6f:70:3a:38:70:78:3b:70:61:64:64:69:6e:67:3a:31:30:70:78:3b:70:6f:73:69:74:69:6f:6e:3a:72:65:6c:61:74:69:76:65:3b:7d:0d:0a:2d:2d:3e:0d:0a:3c:2f:73:74:79:6c:65:3e:0d:0a:3c:2f:68:65:61:64:3e:0d:0a:3c:62:6f:64:79:3e:0d:0a:3c:64:69:76:20:69:64:3d:22:68:65:61:64:65:72:22:3e:3c:68:31:3e:53:65:72:76:65:72:20:45:72:72:6f:72:3c:2f:68:31:3e:3c:2f:64:69:76:3e:0d:0a:3c:64:69:76:20:69:64:3d:22:63:6f:6e:74:65:6e:74:22:3e:0d:0a:20:3c:64:69:76:20:63:6c:61:73:73:3d:22:63:6f:6e:74:65:6e:74:2d:63:6f:6e:74:61:69:6e:65:72:22:3e:3c:66:69:65:6c:64:73:65:74:3e:0d:0a:20:20:3c:68:32:3e:34:30:31:20:2d:20:55:6e:61:75:74:68:6f:72:69:7a:65:64:3a:20:41:63:63:65:73:73:20:69:73:20:64:65:6e:69:65:64:20:64:75:65:20:74:6f:20:69:6e:76:61:6c:69:64:20:63:72:65:64:65:6e:74:69:61:6c:73:2e:3c:2f:68:32:3e:0d:0a:20:20:3c:68:33:3e:59:6f:75:20:64:6f:20:6e:6f:74:20:68:61:76:65:20:70:65:72:6d:69:73:73:69:6f:6e:20:74:6f:20:76:69:65:77:20:74:68:69:73:20:64:69:72:65:63:74:6f:72:79:20:6f:72:20:70:61:67:65:20:75:73:69:6e:67:20:74:68:65:20:63:72:65:64:65:6e:74:69:61:6c:73:20:74:68:61:74:20:79:6f:75:20:73:75:70:70:6c:69:65:64:2e:3c:2f:68:33:3e:0d:0a:20:3c:2f:66:69:65:6c:64:73:65:74:3e:3c:2f:64:69:76:3e:0d:0a:3c:2f:64:69:76:3e:0d:0a:3c:2f:62:6f:64:79:3e:0d:0a:3c:2f:68:74:6d:6c:3e:0d:0a" - }, - "http": { - "HTTP\/1.1 401 Unauthorized\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 401 Unauthorized\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "401", - "http.response.phrase": "Unauthorized" - }, - "http.cache_control": "private", - "http.response.line": "Cache-Control: private\r\n", - "http.content_type": "text\/html", - "http.response.line": "Content-Type: text\/html\r\n", - "http.server": "Microsoft-IIS\/7.5", - "http.response.line": "Server: Microsoft-IIS\/7.5\r\n", - "http.www_authenticate": "CBAuth Type=\"SSO\", RenewNonce=\"True\", Nonce=\"bVG2ZFwVxg69INUIGOOgXA==\"", - "http.response.line": "WWW-Authenticate: CBAuth Type=\"SSO\", RenewNonce=\"True\", Nonce=\"bVG2ZFwVxg69INUIGOOgXA==\"\r\n", - "http.response.line": "X-AspNet-Version: 4.0.30319\r\n", - "http.response.line": "X-Powered-By: ASP.NET\r\n", - "http.date": "Wed, 01 Nov 2017 00:11:10 GMT", - "http.response.line": "Date: Wed, 01 Nov 2017 00:11:10 GMT\r\n", - "http.connection": "close", - "http.response.line": "Connection: close\r\n", - "http.content_length_header": "1293", - "http.content_length_header_tree": { - "http.content_length": "1293" - }, - "http.response.line": "Content-Length: 1293\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.140715000", - "http.request_in": "5043", - "http.file_data": "<!DOCTYPE html PUBLIC \"-\/\/W3C\/\/DTD XHTML 1.0 Strict\/\/EN\" \"http:\/\/www.w3.org\/TR\/xhtml1\/DTD\/xhtml1-strict.dtd\">\r\n<html xmlns=\"http:\/\/www.w3.org\/1999\/xhtml\">\r\n<head>\r\n<meta http-equiv=\"Content-Type\" content=\"text\/html; charset=iso-8859-1\"\/>\r\n<title>401 - Unauthorized: Access is denied due to invalid credentials.<\/title>\r\n<style type=\"text\/css\">\r\n<!--\r\nbody{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}\r\nfieldset{padding:0 15px 10px 15px;} \r\nh1{font-size:2.4em;margin:0;color:#FFF;}\r\nh2{font-size:1.7em;margin:0;color:#CC0000;} \r\nh3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} \r\n#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:\"trebuchet MS\", Verdana, sans-serif;color:#FFF;\r\nbackground-color:#555555;}\r\n#content{margin:0 0 0 2%;position:relative;}\r\n.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}\r\n-->\r\n<\/style>\r\n<\/head>\r\n<body>\r\n<div id=\"header\"><h1>Server Error<\/h1><\/div>\r\n<div id=\"content\">\r\n <div class=\"content-container\"><fieldset>\r\n <h2>401 - Unauthorized: Access is denied due to invalid credentials.<\/h2>\r\n <h3>You do not have permission to view this directory or page using the credentials that you supplied.<\/h3>\r\n <\/fieldset><\/div>\r\n<\/div>\r\n<\/body>\r\n<\/html>\r\n" - }, - "data-text-lines": { - "<!DOCTYPE html PUBLIC \"-\/\/W3C\/\/DTD XHTML 1.0 Strict\/\/EN\" \"http:\/\/www.w3.org\/TR\/xhtml1\/DTD\/xhtml1-strict.dtd\">\\r\\n": "", - "<html xmlns=\"http:\/\/www.w3.org\/1999\/xhtml\">\\r\\n": "", - "<head>\\r\\n": "", - "<meta http-equiv=\"Content-Type\" content=\"text\/html; charset=iso-8859-1\"\/>\\r\\n": "", - "<title>401 - Unauthorized: Access is denied due to invalid credentials.<\/title>\\r\\n": "", - "<style type=\"text\/css\">\\r\\n": "", - "<!--\\r\\n": "", - "body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}\\r\\n": "", - "fieldset{padding:0 15px 10px 15px;} \\r\\n": "", - "h1{font-size:2.4em;margin:0;color:#FFF;}\\r\\n": "", - "h2{font-size:1.7em;margin:0;color:#CC0000;} \\r\\n": "", - "h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} \\r\\n": "", - "#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:\"trebuchet MS\", Verdana, sans-serif;color:#FFF;\\r\\n": "", - "background-color:#555555;}\\r\\n": "", - "#content{margin:0 0 0 2%;position:relative;}\\r\\n": "", - ".content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}\\r\\n": "", - "-->\\r\\n": "", - "<\/style>\\r\\n": "", - "<\/head>\\r\\n": "", - "<body>\\r\\n": "", - "<div id=\"header\"><h1>Server Error<\/h1><\/div>\\r\\n": "", - "<div id=\"content\">\\r\\n": "", - " <div class=\"content-container\"><fieldset>\\r\\n": "", - " <h2>401 - Unauthorized: Access is denied due to invalid credentials.<\/h2>\\r\\n": "", - " <h3>You do not have permission to view this directory or page using the credentials that you supplied.<\/h3>\\r\\n": "", - " <\/fieldset><\/div>\\r\\n": "", - "<\/div>\\r\\n": "", - "<\/body>\\r\\n": "", - "<\/html>\\r\\n": "" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:11.235120000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495071.235120000", - "frame.time_delta": "0.000076000", - "frame.time_delta_displayed": "0.000076000", - "frame.time_relative": "1479.774434000", - "frame.number": "5048", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000f0ef", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x000099eb", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35304", - "tcp.port": "80", - "tcp.port": "35304", - "tcp.stream": "184", - "tcp.len": "0", - "tcp.seq": "1620", - "tcp.ack": "1849", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000cc24", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:11.235567000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495071.235567000", - "frame.time_delta": "0.000447000", - "frame.time_delta_displayed": "0.000447000", - "frame.time_relative": "1479.774881000", - "frame.number": "5049", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00006adb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000cb00", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35304", - "tcp.dstport": "80", - "tcp.port": "35304", - "tcp.port": "80", - "tcp.stream": "184", - "tcp.len": "0", - "tcp.seq": "1849", - "tcp.ack": "1381", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "31740", - "tcp.window_size": "31740", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000687c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5045", - "tcp.analysis.ack_rtt": "0.000620000", - "tcp.analysis.initial_rtt": "0.137612000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:11.235580000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495071.235580000", - "frame.time_delta": "0.000013000", - "frame.time_delta_displayed": "0.000013000", - "frame.time_relative": "1479.774894000", - "frame.number": "5050", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00006adc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000caff", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35304", - "tcp.dstport": "80", - "tcp.port": "35304", - "tcp.port": "80", - "tcp.stream": "184", - "tcp.len": "0", - "tcp.seq": "1849", - "tcp.ack": "1461", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "31740", - "tcp.window_size": "31740", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000682c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5046", - "tcp.analysis.ack_rtt": "0.000612000", - "tcp.analysis.initial_rtt": "0.137612000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:11.235589000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495071.235589000", - "frame.time_delta": "0.000009000", - "frame.time_delta_displayed": "0.000009000", - "frame.time_relative": "1479.774903000", - "frame.number": "5051", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00006add", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000cafe", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35304", - "tcp.dstport": "80", - "tcp.port": "35304", - "tcp.port": "80", - "tcp.stream": "184", - "tcp.len": "0", - "tcp.seq": "1849", - "tcp.ack": "1620", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "31740", - "tcp.window_size": "31740", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000678d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5047", - "tcp.analysis.ack_rtt": "0.000545000", - "tcp.analysis.initial_rtt": "0.137612000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:11.235866000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495071.235866000", - "frame.time_delta": "0.000277000", - "frame.time_delta_displayed": "0.000277000", - "frame.time_relative": "1479.775180000", - "frame.number": "5052", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00006ade", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000cafd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35304", - "tcp.dstport": "80", - "tcp.port": "35304", - "tcp.port": "80", - "tcp.stream": "184", - "tcp.len": "0", - "tcp.seq": "1849", - "tcp.ack": "1621", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "31740", - "tcp.window_size": "31740", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000678b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5048", - "tcp.analysis.ack_rtt": "0.000746000", - "tcp.analysis.initial_rtt": "0.137612000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:11.236845000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495071.236845000", - "frame.time_delta": "0.000979000", - "frame.time_delta_displayed": "0.000979000", - "frame.time_relative": "1479.776159000", - "frame.number": "5053", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x0000b7d7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000000e3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "40699", - "udp.dstport": "53", - "udp.port": "40699", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x00001715", - "udp.checksum.status": "2", - "udp.stream": "116" - }, - "dns": { - "dns.id": "0x00000f2d", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:11.237374000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495071.237374000", - "frame.time_delta": "0.000529000", - "frame.time_delta_displayed": "0.000529000", - "frame.time_relative": "1479.776688000", - "frame.number": "5054", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x00009152", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00002768", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "40699", - "udp.port": "53", - "udp.port": "40699", - "udp.length": "45", - "udp.checksum": "0x00008230", - "udp.checksum.status": "2", - "udp.stream": "116" - }, - "dns": { - "dns.response_to": "5053", - "dns.time": "0.000529000", - "dns.id": "0x00000f2d", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:11.238177000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495071.238177000", - "frame.time_delta": "0.000803000", - "frame.time_delta_displayed": "0.000803000", - "frame.time_relative": "1479.777491000", - "frame.number": "5055", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x0000b7d8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000000e2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "51969", - "udp.dstport": "53", - "udp.port": "51969", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x0000060e", - "udp.checksum.status": "2", - "udp.stream": "117" - }, - "dns": { - "dns.id": "0x00000f2e", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:11.238670000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495071.238670000", - "frame.time_delta": "0.000493000", - "frame.time_delta_displayed": "0.000493000", - "frame.time_relative": "1479.777984000", - "frame.number": "5056", - "frame.len": "95", - "frame.cap_len": "95", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "81", - "ip.id": "0x00009153", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00002757", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "51969", - "udp.port": "53", - "udp.port": "51969", - "udp.length": "61", - "udp.checksum": "0x00008240", - "udp.checksum.status": "2", - "udp.stream": "117" - }, - "dns": { - "dns.response_to": "5055", - "dns.time": "0.000493000", - "dns.id": "0x00000f2e", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "1", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { - "dns.resp.name": "dcp.cpp.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2306", - "dns.resp.len": "4", - "dns.a": "5.79.62.93" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:11.239456000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495071.239456000", - "frame.time_delta": "0.000786000", - "frame.time_delta_displayed": "0.000786000", - "frame.time_relative": "1479.778770000", - "frame.number": "5057", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000218d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001443", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35305", - "tcp.dstport": "80", - "tcp.port": "35305", - "tcp.port": "80", - "tcp.stream": "185", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000b57c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:11.372410000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495071.372410000", - "frame.time_delta": "0.132954000", - "frame.time_delta_displayed": "0.132954000", - "frame.time_relative": "1479.911724000", - "frame.number": "5058", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002c99", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x00005e42", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35304", - "tcp.port": "80", - "tcp.port": "35304", - "tcp.stream": "184", - "tcp.len": "0", - "tcp.seq": "1621", - "tcp.ack": "1850", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000cc23", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5052", - "tcp.analysis.ack_rtt": "0.136544000", - "tcp.analysis.initial_rtt": "0.137612000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:11.374883000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495071.374883000", - "frame.time_delta": "0.002473000", - "frame.time_delta_displayed": "0.002473000", - "frame.time_relative": "1479.914197000", - "frame.number": "5059", - "frame.len": "62", - "frame.cap_len": "62", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "48", - "ip.id": "0x0000c7b8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x0000c31a", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35305", - "tcp.port": "80", - "tcp.port": "35305", - "tcp.stream": "185", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "28", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "4140", - "tcp.window_size": "4140", - "tcp.checksum": "0x00001a3a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:64:04:02:00:00", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1380" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "End of Option List (EOL)": { - "tcp.options.type": "0", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "0" - } - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5057", - "tcp.analysis.ack_rtt": "0.135427000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:11.375389000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495071.375389000", - "frame.time_delta": "0.000506000", - "frame.time_delta_displayed": "0.000506000", - "frame.time_relative": "1479.914703000", - "frame.number": "5060", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000218e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000144e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35305", - "tcp.dstport": "80", - "tcp.port": "35305", - "tcp.port": "80", - "tcp.stream": "185", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000e3c8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5059", - "tcp.analysis.ack_rtt": "0.000506000", - "tcp.analysis.initial_rtt": "0.135933000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:11.375403000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495071.375403000", - "frame.time_delta": "0.000014000", - "frame.time_delta_displayed": "0.000014000", - "frame.time_relative": "1479.914717000", - "frame.number": "5061", - "frame.len": "654", - "frame.cap_len": "654", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "640", - "ip.id": "0x0000218f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000011f5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35305", - "tcp.dstport": "80", - "tcp.port": "35305", - "tcp.port": "80", - "tcp.stream": "185", - "tcp.len": "600", - "tcp.seq": "1", - "tcp.nxtseq": "601", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000e919", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.135933000", - "tcp.analysis.bytes_in_flight": "600", - "tcp.analysis.push_bytes_sent": "600" - }, - "tcp.segment_data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:39:34:22:2c:20:4e:6f:6e:63:65:3d:22:62:56:47:32:5a:46:77:56:78:67:36:39:49:4e:55:49:47:4f:4f:67:58:41:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:32:71:45:38:75:53:7a:6b:4d:63:4c:77:66:43:45:36:36:31:51:52:38:41:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:11.511575000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495071.511575000", - "frame.time_delta": "0.136172000", - "frame.time_delta_displayed": "0.136172000", - "frame.time_relative": "1480.050889000", - "frame.number": "5062", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000003f5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x000086e6", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35305", - "tcp.port": "80", - "tcp.port": "35305", - "tcp.stream": "185", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "601", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4740", - "tcp.window_size": "4740", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x000040fd", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5061", - "tcp.analysis.ack_rtt": "0.136172000", - "tcp.analysis.initial_rtt": "0.135933000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:11.512200000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495071.512200000", - "frame.time_delta": "0.000625000", - "frame.time_delta_displayed": "0.000625000", - "frame.time_relative": "1480.051514000", - "frame.number": "5063", - "frame.len": "1302", - "frame.cap_len": "1302", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:media" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1288", - "ip.id": "0x00002190", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000f6c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35305", - "tcp.dstport": "80", - "tcp.port": "35305", - "tcp.port": "80", - "tcp.stream": "185", - "tcp.len": "1248", - "tcp.seq": "601", - "tcp.nxtseq": "1849", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x000034b0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.135933000", - "tcp.analysis.bytes_in_flight": "1248", - "tcp.analysis.push_bytes_sent": "1248" - }, - "tcp.segment_data": "60:1c:db:16:a0:58:ce:ea:5e:1d:a2:bd:26:a5:4d:65:09:cc:df:36:c3:4e:db:f2:2c:0a:48:6c:17:97:04:32:e2:20:da:be:25:12:de:34:47:3c:fc:0a:97:5e:eb:4c:63:9f:99:73:92:b2:8c:05:d0:d3:46:df:47:d2:ec:9e:19:ce:f8:1a:84:ee:89:19:bd:aa:00:58:e4:c0:2a:42:51:6f:42:80:26:7a:4b:9e:3d:0f:18:eb:20:24:6a:79:16:4e:81:e2:8c:9d:b4:f5:14:74:fe:59:15:16:d3:ea:41:55:05:00:c6:40:4b:51:a0:fb:53:26:0d:06:27:9c:11:ec:25:82:44:8d:3b:36:66:f0:05:6c:ac:c0:d9:82:5c:cd:a9:04:3e:b8:5d:07:3e:f1:55:d3:54:35:88:d8:c0:fd:84:44:4b:9c:07:65:7d:ac:43:e5:7e:9b:25:2a:72:39:ad:b6:f6:1a:c4:db:69:44:8b:23:dd:ca:78:8a:5f:5f:16:7f:c1:c9:df:92:f4:6f:38:7d:c6:d9:30:52:f9:3f:40:4c:a7:2c:d4:35:ba:f5:6f:0b:6a:b3:b0:cf:b6:91:bb:af:e2:3c:d8:fa:4f:5b:72:22:25:98:99:68:93:f9:ac:ba:97:2d:a7:b1:03:d0:d1:6c:8f:d6:69:20:9c:71:f8:f4:17:5d:7b:dd:41:3b:2b:7d:de:ea:bc:11:15:73:3f:17:4b:65:c1:12:e3:85:4f:a9:05:7e:f6:ce:09:45:ec:06:d7:3f:1a:bf:87:05:1a:c2:95:db:69:1d:26:a9:54:9e:d8:47:2a:6c:ed:39:a1:d9:f7:a7:cb:ab:97:67:f0:79:62:c3:1f:e7:bf:46:b0:cd:d7:3a:53:50:d3:5e:52:6b:26:2c:0f:ed:5c:dc:c6:92:4b:35:d4:49:5f:c9:d0:fc:1a:57:00:0e:d2:d0:e1:8d:ab:1e:48:59:b8:c2:8e:ff:76:2d:3c:c7:e4:23:99:19:ae:18:5a:ef:2d:be:30:9f:d7:55:01:1c:12:d9:48:df:fb:76:66:0e:15:32:96:85:51:a7:36:d6:99:fd:4d:98:62:f5:e7:05:ee:e9:97:a6:10:1d:10:a5:65:cf:23:bb:22:8d:9b:c7:f0:8e:a2:65:3a:11:a3:4d:bf:d0:4c:08:97:2b:90:35:ae:38:26:8e:ba:25:09:ef:cb:e0:3a:a7:2c:09:2f:24:c3:0c:dd:ea:f2:e6:ff:4d:b8:31:6a:71:86:8c:9d:ed:48:ea:69:fc:02:bf:25:a4:7f:d0:7f:19:4d:90:a4:d8:b8:81:a5:6e:66:79:c6:65:05:14:53:47:74:15:7d:cb:e2:56:2a:03:4b:0d:13:b1:00:b1:07:ba:61:fe:c7:d2:0f:9d:37:ff:08:59:79:33:c6:94:69:38:83:16:35:5e:7a:fe:af:96:55:96:b3:0c:67:2e:e8:42:7c:8e:de:98:ea:30:a4:91:47:f3:b3:ba:65:45:52:a0:3a:a9:79:71:5c:4f:cb:3e:c1:6f:7f:a2:8b:de:35:84:13:d9:8b:d0:b7:20:fc:ba:de:4f:ee:a3:06:fc:a0:25:47:fa:e2:d9:8d:83:e3:3b:75:8c:99:ea:76:a5:8c:e7:eb:26:48:2f:91:1e:5d:58:36:50:75:f8:9f:4c:3d:5f:f4:db:be:b4:cf:02:bd:ae:25:26:be:d0:80:bf:66:9f:a8:b7:8f:c6:00:1e:4d:ba:36:3e:01:55:c2:ac:b6:68:cc:97:a2:8c:e4:ab:6c:04:28:71:a7:ac:08:0e:69:5a:f8:64:a7:22:34:88:25:a1:41:cd:4c:74:49:f7:05:4f:32:e3:f7:01:38:0e:2d:76:80:9a:a4:2f:a6:70:f2:56:41:cc:43:c9:6e:21:d2:db:83:13:9f:30:48:09:68:36:64:3d:e7:0f:14:26:c2:0e:b3:8b:89:98:99:67:c6:7a:ae:41:4b:d0:fa:d8:68:64:0a:8e:36:05:bf:b3:1a:5c:12:d7:a8:52:6a:a8:64:b4:da:f0:bb:c0:c5:1f:b2:55:43:98:69:a0:c2:1a:ac:76:33:12:fc:7c:2a:67:05:bf:f1:c3:48:0c:23:ba:b2:d8:a8:1b:f6:d0:07:ea:d4:de:84:02:fc:0d:da:96:fb:0a:e2:3c:e2:61:0d:43:a1:c0:dc:a9:70:e9:9e:83:a7:ea:c3:6a:96:4a:5b:66:05:23:f6:0d:b9:6c:08:41:fe:6f:01:7d:0a:fb:73:5f:34:27:1d:e9:20:1d:1e:c1:7d:ea:e9:95:4c:e2:8b:c4:58:f6:39:20:cb:2e:62:1d:ae:92:60:96:0f:ef:f7:c4:e8:ce:46:4c:8f:0a:85:0a:d3:3f:d0:4a:0f:3e:94:5a:7d:ce:3c:ec:c2:61:2d:7e:31:d2:15:f4:51:e8:52:58:37:de:ed:d4:c2:95:a0:57:33:65:34:1e:db:47:f6:28:69:6f:ba:8c:aa:ef:a1:d9:57:15:72:d4:9b:cd:e4:16:3d:47:12:8e:b2:c3:ab:94:87:e1:e4:75:d7:52:93:b6:36:9f:3b:5d:fe:b2:0a:99:18:b1:2a:85:e5:fd:1a:1b:5d:f4:f0:ed:2b:a2:45:39:b5:2d:96:7f:7e:b6:b9:83:f4:ee:0f:45:59:94:2d:ec:98:c2:f2:8b:04:2b:4e:ea:26:51:4c:93:5b:76:66:5c:cc:cc:93:f5:c0:ba:92:f5:04:76:33:74:7a:5f:7b:ce:59:08:72:a9:79:b0:8c:19:e2:b8:43:ed:be:2d:95:18:7e:91:1b:fb:5c:b9:b6:cc:0d:e2:9c:9f:76:53:76:7c:ff:ee:1b:fc:2d:05:9a:2e:b4:11:1b:64:05:9f:1b:6f:37:36:4f:29:ea:7c:7b:69:0f:84:57:0a:8e:f8:54:85:e3:36:82:c8:ef:1a:e2:5e:bf:8b:6c:0e:d4:f2:6c:8c:7b:5f:a9:69:7c:12:e0:8d:de:41:eb:c6:49:82:1e:c6:7e:59:98:36:33:25:4f:6f:2c:34:86:3c:2f:38:5a:2d:c1:ec:47:0a:67:1f:37:4a:95:77:5e:c5:58:64:bf:52:bb:b4:cf:f6:a7:48:ce:a6:d0:5d:6f:6f:06:30:71:d7:06:34:3a:02:3c:d7:71:e1:f1:3e:ba:25:74:1f:57:ba:5f:7f:1d:1c:9f:47:3e:9e:66:18:0d:6f:93:a8:70:35:ad:bc:f2:f5:03:8f:11:ba:2c:3a:da:b6:22:a4:02:87:99:d6:79:fc:4e:b7:2f:c4:70:5d:29:12:b5:e9" - }, - "tcp.segments": { - "tcp.segment": "5061", - "tcp.segment": "5063", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1848", - "tcp.reassembled.data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:39:34:22:2c:20:4e:6f:6e:63:65:3d:22:62:56:47:32:5a:46:77:56:78:67:36:39:49:4e:55:49:47:4f:4f:67:58:41:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:32:71:45:38:75:53:7a:6b:4d:63:4c:77:66:43:45:36:36:31:51:52:38:41:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a:60:1c:db:16:a0:58:ce:ea:5e:1d:a2:bd:26:a5:4d:65:09:cc:df:36:c3:4e:db:f2:2c:0a:48:6c:17:97:04:32:e2:20:da:be:25:12:de:34:47:3c:fc:0a:97:5e:eb:4c:63:9f:99:73:92:b2:8c:05:d0:d3:46:df:47:d2:ec:9e:19:ce:f8:1a:84:ee:89:19:bd:aa:00:58:e4:c0:2a:42:51:6f:42:80:26:7a:4b:9e:3d:0f:18:eb:20:24:6a:79:16:4e:81:e2:8c:9d:b4:f5:14:74:fe:59:15:16:d3:ea:41:55:05:00:c6:40:4b:51:a0:fb:53:26:0d:06:27:9c:11:ec:25:82:44:8d:3b:36:66:f0:05:6c:ac:c0:d9:82:5c:cd:a9:04:3e:b8:5d:07:3e:f1:55:d3:54:35:88:d8:c0:fd:84:44:4b:9c:07:65:7d:ac:43:e5:7e:9b:25:2a:72:39:ad:b6:f6:1a:c4:db:69:44:8b:23:dd:ca:78:8a:5f:5f:16:7f:c1:c9:df:92:f4:6f:38:7d:c6:d9:30:52:f9:3f:40:4c:a7:2c:d4:35:ba:f5:6f:0b:6a:b3:b0:cf:b6:91:bb:af:e2:3c:d8:fa:4f:5b:72:22:25:98:99:68:93:f9:ac:ba:97:2d:a7:b1:03:d0:d1:6c:8f:d6:69:20:9c:71:f8:f4:17:5d:7b:dd:41:3b:2b:7d:de:ea:bc:11:15:73:3f:17:4b:65:c1:12:e3:85:4f:a9:05:7e:f6:ce:09:45:ec:06:d7:3f:1a:bf:87:05:1a:c2:95:db:69:1d:26:a9:54:9e:d8:47:2a:6c:ed:39:a1:d9:f7:a7:cb:ab:97:67:f0:79:62:c3:1f:e7:bf:46:b0:cd:d7:3a:53:50:d3:5e:52:6b:26:2c:0f:ed:5c:dc:c6:92:4b:35:d4:49:5f:c9:d0:fc:1a:57:00:0e:d2:d0:e1:8d:ab:1e:48:59:b8:c2:8e:ff:76:2d:3c:c7:e4:23:99:19:ae:18:5a:ef:2d:be:30:9f:d7:55:01:1c:12:d9:48:df:fb:76:66:0e:15:32:96:85:51:a7:36:d6:99:fd:4d:98:62:f5:e7:05:ee:e9:97:a6:10:1d:10:a5:65:cf:23:bb:22:8d:9b:c7:f0:8e:a2:65:3a:11:a3:4d:bf:d0:4c:08:97:2b:90:35:ae:38:26:8e:ba:25:09:ef:cb:e0:3a:a7:2c:09:2f:24:c3:0c:dd:ea:f2:e6:ff:4d:b8:31:6a:71:86:8c:9d:ed:48:ea:69:fc:02:bf:25:a4:7f:d0:7f:19:4d:90:a4:d8:b8:81:a5:6e:66:79:c6:65:05:14:53:47:74:15:7d:cb:e2:56:2a:03:4b:0d:13:b1:00:b1:07:ba:61:fe:c7:d2:0f:9d:37:ff:08:59:79:33:c6:94:69:38:83:16:35:5e:7a:fe:af:96:55:96:b3:0c:67:2e:e8:42:7c:8e:de:98:ea:30:a4:91:47:f3:b3:ba:65:45:52:a0:3a:a9:79:71:5c:4f:cb:3e:c1:6f:7f:a2:8b:de:35:84:13:d9:8b:d0:b7:20:fc:ba:de:4f:ee:a3:06:fc:a0:25:47:fa:e2:d9:8d:83:e3:3b:75:8c:99:ea:76:a5:8c:e7:eb:26:48:2f:91:1e:5d:58:36:50:75:f8:9f:4c:3d:5f:f4:db:be:b4:cf:02:bd:ae:25:26:be:d0:80:bf:66:9f:a8:b7:8f:c6:00:1e:4d:ba:36:3e:01:55:c2:ac:b6:68:cc:97:a2:8c:e4:ab:6c:04:28:71:a7:ac:08:0e:69:5a:f8:64:a7:22:34:88:25:a1:41:cd:4c:74:49:f7:05:4f:32:e3:f7:01:38:0e:2d:76:80:9a:a4:2f:a6:70:f2:56:41:cc:43:c9:6e:21:d2:db:83:13:9f:30:48:09:68:36:64:3d:e7:0f:14:26:c2:0e:b3:8b:89:98:99:67:c6:7a:ae:41:4b:d0:fa:d8:68:64:0a:8e:36:05:bf:b3:1a:5c:12:d7:a8:52:6a:a8:64:b4:da:f0:bb:c0:c5:1f:b2:55:43:98:69:a0:c2:1a:ac:76:33:12:fc:7c:2a:67:05:bf:f1:c3:48:0c:23:ba:b2:d8:a8:1b:f6:d0:07:ea:d4:de:84:02:fc:0d:da:96:fb:0a:e2:3c:e2:61:0d:43:a1:c0:dc:a9:70:e9:9e:83:a7:ea:c3:6a:96:4a:5b:66:05:23:f6:0d:b9:6c:08:41:fe:6f:01:7d:0a:fb:73:5f:34:27:1d:e9:20:1d:1e:c1:7d:ea:e9:95:4c:e2:8b:c4:58:f6:39:20:cb:2e:62:1d:ae:92:60:96:0f:ef:f7:c4:e8:ce:46:4c:8f:0a:85:0a:d3:3f:d0:4a:0f:3e:94:5a:7d:ce:3c:ec:c2:61:2d:7e:31:d2:15:f4:51:e8:52:58:37:de:ed:d4:c2:95:a0:57:33:65:34:1e:db:47:f6:28:69:6f:ba:8c:aa:ef:a1:d9:57:15:72:d4:9b:cd:e4:16:3d:47:12:8e:b2:c3:ab:94:87:e1:e4:75:d7:52:93:b6:36:9f:3b:5d:fe:b2:0a:99:18:b1:2a:85:e5:fd:1a:1b:5d:f4:f0:ed:2b:a2:45:39:b5:2d:96:7f:7e:b6:b9:83:f4:ee:0f:45:59:94:2d:ec:98:c2:f2:8b:04:2b:4e:ea:26:51:4c:93:5b:76:66:5c:cc:cc:93:f5:c0:ba:92:f5:04:76:33:74:7a:5f:7b:ce:59:08:72:a9:79:b0:8c:19:e2:b8:43:ed:be:2d:95:18:7e:91:1b:fb:5c:b9:b6:cc:0d:e2:9c:9f:76:53:76:7c:ff:ee:1b:fc:2d:05:9a:2e:b4:11:1b:64:05:9f:1b:6f:37:36:4f:29:ea:7c:7b:69:0f:84:57:0a:8e:f8:54:85:e3:36:82:c8:ef:1a:e2:5e:bf:8b:6c:0e:d4:f2:6c:8c:7b:5f:a9:69:7c:12:e0:8d:de:41:eb:c6:49:82:1e:c6:7e:59:98:36:33:25:4f:6f:2c:34:86:3c:2f:38:5a:2d:c1:ec:47:0a:67:1f:37:4a:95:77:5e:c5:58:64:bf:52:bb:b4:cf:f6:a7:48:ce:a6:d0:5d:6f:6f:06:30:71:d7:06:34:3a:02:3c:d7:71:e1:f1:3e:ba:25:74:1f:57:ba:5f:7f:1d:1c:9f:47:3e:9e:66:18:0d:6f:93:a8:70:35:ad:bc:f2:f5:03:8f:11:ba:2c:3a:da:b6:22:a4:02:87:99:d6:79:fc:4e:b7:2f:c4:70:5d:29:12:b5:e9" - }, - "http": { - "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "POST", - "http.request.uri": "\/DcpRequestHandler\/index.ashx", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "dcp.cpp.philips.com:80", - "http.request.line": "Host: dcp.cpp.philips.com:80\r\n", - "http.authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"194\", Nonce=\"bVG2ZFwVxg69INUIGOOgXA==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"2qE8uSzkMcLwfCE661QR8A==\"", - "http.request.line": "Authorization: CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"194\", Nonce=\"bVG2ZFwVxg69INUIGOOgXA==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"2qE8uSzkMcLwfCE661QR8A==\"\r\n", - "http.content_length_header": "1248 ", - "http.content_length_header_tree": { - "http.content_length": "1248" - }, - "http.request.line": "Content-Length: 1248 \r\n", - "http.content_type": "application\/CB-Encrypted; cipher=AES", - "http.request.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", - "http.connection": "close", - "http.request.line": "Connection: close\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/dcp.cpp.philips.com:80\/DcpRequestHandler\/index.ashx", - "http.request": "1", - "http.request_number": "1", - "http.file_data": "`\u001c\u00ef\u00bf\u00bd\u0016\u00ef\u00bf\u00bdX\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd^\u001d\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd&\u00ef\u00bf\u00bdMe\t\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd6\u00ef\u00bf\u00bdN\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd,\nHl\u0017\u00ef\u00bf\u00bd\u00042\u00ef\u00bf\u00bd \u00ef\u00bf\u00bd\u00ef\u00bf\u00bd%\u0012\u00ef\u00bf\u00bd4G<\u00ef\u00bf\u00bd\n\u00ef\u00bf\u00bd^\u00ef\u00bf\u00bdLc\u00ef\u00bf\u00bd\u00ef\u00bf\u00bds\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0005\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdF\u00ef\u00bf\u00bdG\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0019\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001a\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0019\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd" - }, - "media": { - "media.type": "60:1c:db:16:a0:58:ce:ea:5e:1d:a2:bd:26:a5:4d:65:09:cc:df:36:c3:4e:db:f2:2c:0a:48:6c:17:97:04:32:e2:20:da:be:25:12:de:34:47:3c:fc:0a:97:5e:eb:4c:63:9f:99:73:92:b2:8c:05:d0:d3:46:df:47:d2:ec:9e:19:ce:f8:1a:84:ee:89:19:bd:aa:00:58:e4:c0:2a:42:51:6f:42:80:26:7a:4b:9e:3d:0f:18:eb:20:24:6a:79:16:4e:81:e2:8c:9d:b4:f5:14:74:fe:59:15:16:d3:ea:41:55:05:00:c6:40:4b:51:a0:fb:53:26:0d:06:27:9c:11:ec:25:82:44:8d:3b:36:66:f0:05:6c:ac:c0:d9:82:5c:cd:a9:04:3e:b8:5d:07:3e:f1:55:d3:54:35:88:d8:c0:fd:84:44:4b:9c:07:65:7d:ac:43:e5:7e:9b:25:2a:72:39:ad:b6:f6:1a:c4:db:69:44:8b:23:dd:ca:78:8a:5f:5f:16:7f:c1:c9:df:92:f4:6f:38:7d:c6:d9:30:52:f9:3f:40:4c:a7:2c:d4:35:ba:f5:6f:0b:6a:b3:b0:cf:b6:91:bb:af:e2:3c:d8:fa:4f:5b:72:22:25:98:99:68:93:f9:ac:ba:97:2d:a7:b1:03:d0:d1:6c:8f:d6:69:20:9c:71:f8:f4:17:5d:7b:dd:41:3b:2b:7d:de:ea:bc:11:15:73:3f:17:4b:65:c1:12:e3:85:4f:a9:05:7e:f6:ce:09:45:ec:06:d7:3f:1a:bf:87:05:1a:c2:95:db:69:1d:26:a9:54:9e:d8:47:2a:6c:ed:39:a1:d9:f7:a7:cb:ab:97:67:f0:79:62:c3:1f:e7:bf:46:b0:cd:d7:3a:53:50:d3:5e:52:6b:26:2c:0f:ed:5c:dc:c6:92:4b:35:d4:49:5f:c9:d0:fc:1a:57:00:0e:d2:d0:e1:8d:ab:1e:48:59:b8:c2:8e:ff:76:2d:3c:c7:e4:23:99:19:ae:18:5a:ef:2d:be:30:9f:d7:55:01:1c:12:d9:48:df:fb:76:66:0e:15:32:96:85:51:a7:36:d6:99:fd:4d:98:62:f5:e7:05:ee:e9:97:a6:10:1d:10:a5:65:cf:23:bb:22:8d:9b:c7:f0:8e:a2:65:3a:11:a3:4d:bf:d0:4c:08:97:2b:90:35:ae:38:26:8e:ba:25:09:ef:cb:e0:3a:a7:2c:09:2f:24:c3:0c:dd:ea:f2:e6:ff:4d:b8:31:6a:71:86:8c:9d:ed:48:ea:69:fc:02:bf:25:a4:7f:d0:7f:19:4d:90:a4:d8:b8:81:a5:6e:66:79:c6:65:05:14:53:47:74:15:7d:cb:e2:56:2a:03:4b:0d:13:b1:00:b1:07:ba:61:fe:c7:d2:0f:9d:37:ff:08:59:79:33:c6:94:69:38:83:16:35:5e:7a:fe:af:96:55:96:b3:0c:67:2e:e8:42:7c:8e:de:98:ea:30:a4:91:47:f3:b3:ba:65:45:52:a0:3a:a9:79:71:5c:4f:cb:3e:c1:6f:7f:a2:8b:de:35:84:13:d9:8b:d0:b7:20:fc:ba:de:4f:ee:a3:06:fc:a0:25:47:fa:e2:d9:8d:83:e3:3b:75:8c:99:ea:76:a5:8c:e7:eb:26:48:2f:91:1e:5d:58:36:50:75:f8:9f:4c:3d:5f:f4:db:be:b4:cf:02:bd:ae:25:26:be:d0:80:bf:66:9f:a8:b7:8f:c6:00:1e:4d:ba:36:3e:01:55:c2:ac:b6:68:cc:97:a2:8c:e4:ab:6c:04:28:71:a7:ac:08:0e:69:5a:f8:64:a7:22:34:88:25:a1:41:cd:4c:74:49:f7:05:4f:32:e3:f7:01:38:0e:2d:76:80:9a:a4:2f:a6:70:f2:56:41:cc:43:c9:6e:21:d2:db:83:13:9f:30:48:09:68:36:64:3d:e7:0f:14:26:c2:0e:b3:8b:89:98:99:67:c6:7a:ae:41:4b:d0:fa:d8:68:64:0a:8e:36:05:bf:b3:1a:5c:12:d7:a8:52:6a:a8:64:b4:da:f0:bb:c0:c5:1f:b2:55:43:98:69:a0:c2:1a:ac:76:33:12:fc:7c:2a:67:05:bf:f1:c3:48:0c:23:ba:b2:d8:a8:1b:f6:d0:07:ea:d4:de:84:02:fc:0d:da:96:fb:0a:e2:3c:e2:61:0d:43:a1:c0:dc:a9:70:e9:9e:83:a7:ea:c3:6a:96:4a:5b:66:05:23:f6:0d:b9:6c:08:41:fe:6f:01:7d:0a:fb:73:5f:34:27:1d:e9:20:1d:1e:c1:7d:ea:e9:95:4c:e2:8b:c4:58:f6:39:20:cb:2e:62:1d:ae:92:60:96:0f:ef:f7:c4:e8:ce:46:4c:8f:0a:85:0a:d3:3f:d0:4a:0f:3e:94:5a:7d:ce:3c:ec:c2:61:2d:7e:31:d2:15:f4:51:e8:52:58:37:de:ed:d4:c2:95:a0:57:33:65:34:1e:db:47:f6:28:69:6f:ba:8c:aa:ef:a1:d9:57:15:72:d4:9b:cd:e4:16:3d:47:12:8e:b2:c3:ab:94:87:e1:e4:75:d7:52:93:b6:36:9f:3b:5d:fe:b2:0a:99:18:b1:2a:85:e5:fd:1a:1b:5d:f4:f0:ed:2b:a2:45:39:b5:2d:96:7f:7e:b6:b9:83:f4:ee:0f:45:59:94:2d:ec:98:c2:f2:8b:04:2b:4e:ea:26:51:4c:93:5b:76:66:5c:cc:cc:93:f5:c0:ba:92:f5:04:76:33:74:7a:5f:7b:ce:59:08:72:a9:79:b0:8c:19:e2:b8:43:ed:be:2d:95:18:7e:91:1b:fb:5c:b9:b6:cc:0d:e2:9c:9f:76:53:76:7c:ff:ee:1b:fc:2d:05:9a:2e:b4:11:1b:64:05:9f:1b:6f:37:36:4f:29:ea:7c:7b:69:0f:84:57:0a:8e:f8:54:85:e3:36:82:c8:ef:1a:e2:5e:bf:8b:6c:0e:d4:f2:6c:8c:7b:5f:a9:69:7c:12:e0:8d:de:41:eb:c6:49:82:1e:c6:7e:59:98:36:33:25:4f:6f:2c:34:86:3c:2f:38:5a:2d:c1:ec:47:0a:67:1f:37:4a:95:77:5e:c5:58:64:bf:52:bb:b4:cf:f6:a7:48:ce:a6:d0:5d:6f:6f:06:30:71:d7:06:34:3a:02:3c:d7:71:e1:f1:3e:ba:25:74:1f:57:ba:5f:7f:1d:1c:9f:47:3e:9e:66:18:0d:6f:93:a8:70:35:ad:bc:f2:f5:03:8f:11:ba:2c:3a:da:b6:22:a4:02:87:99:d6:79:fc:4e:b7:2f:c4:70:5d:29:12:b5:e9" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:11.649165000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495071.649165000", - "frame.time_delta": "0.136965000", - "frame.time_delta_displayed": "0.136965000", - "frame.time_relative": "1480.188479000", - "frame.number": "5064", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00003f05", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x00004bd6", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35305", - "tcp.port": "80", - "tcp.port": "35305", - "tcp.stream": "185", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1849", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000373d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5063", - "tcp.analysis.ack_rtt": "0.136965000", - "tcp.analysis.initial_rtt": "0.135933000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:11.673777000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495071.673777000", - "frame.time_delta": "0.024612000", - "frame.time_delta_displayed": "0.024612000", - "frame.time_relative": "1480.213091000", - "frame.number": "5065", - "frame.len": "925", - "frame.cap_len": "925", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:media" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "911", - "ip.id": "0x0000493e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x00003e36", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35305", - "tcp.port": "80", - "tcp.port": "35305", - "tcp.stream": "185", - "tcp.len": "871", - "tcp.seq": "1", - "tcp.nxtseq": "872", - "tcp.ack": "1849", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00007d8f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.135933000", - "tcp.analysis.bytes_in_flight": "871", - "tcp.analysis.push_bytes_sent": "871" - } - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.cache_control": "private", - "http.response.line": "Cache-Control: private\r\n", - "http.content_length_header": "560", - "http.content_length_header_tree": { - "http.content_length": "560" - }, - "http.response.line": "Content-Length: 560\r\n", - "http.content_type": "application\/CB-Encrypted; cipher=AES", - "http.response.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", - "http.server": "Microsoft-IIS\/7.5", - "http.response.line": "Server: Microsoft-IIS\/7.5\r\n", - "http.www_authenticate": "CBAuth Nonce=\"wD61ydoCCg+9INUIKpgyvg==\"", - "http.response.line": "WWW-Authenticate: CBAuth Nonce=\"wD61ydoCCg+9INUIKpgyvg==\"\r\n", - "http.response.line": "X-AspNet-Version: 4.0.30319\r\n", - "http.response.line": "X-Powered-By: ASP.NET\r\n", - "http.date": "Wed, 01 Nov 2017 00:11:11 GMT", - "http.response.line": "Date: Wed, 01 Nov 2017 00:11:11 GMT\r\n", - "http.connection": "close", - "http.response.line": "Connection: close\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.161577000", - "http.request_in": "5063", - "http.file_data": "`\u001c\u00ef\u00bf\u00bd\u0016\u00ef\u00bf\u00bdX\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd^\u001d\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd&\u00ef\u00bf\u00bdMe\t\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd6\u00ef\u00bf\u00bdN\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd,\nHl\u0017\u00ef\u00bf\u00bd\u00042\u00ef\u00bf\u00bd9.\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd0\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdds\u00ef\u00bf\u00bd5]DG\u00ef\u00bf\u00bd8\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdO-\u00ef\u00bf\u00bd9\u00ef\u00bf\u00bdQ\u001b\u00ef\u00bf\u00bdF}\u00ef\u00bf\u00bdM\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd \u00ef\u00bf\u00bdb\u00ef\u00bf\u00bd#\u00ef\u00bf\u00bdf0Im\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdSq\u00ef\u00bf\u00bde\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdyp\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0002\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001c\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0010\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd+f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd6\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd@\u00ef\u00bf\u00bdo\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd" - }, - "media": { - "media.type": "60:1c:db:16:a0:58:ce:ea:5e:1d:a2:bd:26:a5:4d:65:09:cc:df:36:c3:4e:db:f2:2c:0a:48:6c:17:97:04:32:d0:39:2e:f2:ee:ec:30:bf:88:64:73:a1:35:5d:44:47:d5:38:f1:9b:4f:2d:d2:39:a2:51:1b:aa:46:7d:f1:4d:ac:de:de:84:d6:20:b1:62:b4:23:d2:66:30:49:6d:cc:e1:53:71:93:65:d3:bd:ee:cb:f4:79:70:8b:fb:02:ec:88:1c:fb:ca:10:cb:ca:9a:2b:66:b7:94:36:b8:fd:40:9c:6f:c4:ff:ba:64:d3:bd:00:9b:9d:3b:e8:bd:23:8a:68:ee:08:87:da:af:35:c7:52:42:8d:51:00:fd:71:c2:2e:7c:1a:1d:59:8e:f2:57:85:51:94:bb:ba:38:08:38:0f:6c:45:2e:5f:12:d2:be:dc:aa:73:b0:53:07:9d:74:0b:c8:ac:5d:1e:9c:ae:34:44:ad:86:cb:27:76:bb:78:47:7d:78:4d:2d:e0:5f:83:e6:8d:6a:6f:d9:54:25:d8:c7:cf:32:46:55:b3:67:59:7d:21:80:74:78:42:70:90:65:3e:c5:76:0b:46:1a:bb:13:7e:52:20:c1:13:37:56:d1:3a:0c:6a:a4:20:f9:71:4e:b7:57:5a:db:32:0a:16:e5:de:57:44:53:4f:ec:08:38:1b:f2:b2:47:f2:d2:c1:4d:dd:82:ec:85:d0:1b:e7:92:ea:02:e7:13:d3:be:1e:dc:d4:49:7d:9a:d0:d9:52:0e:46:08:ca:cd:68:83:c6:d9:6c:8f:64:e1:2f:43:05:99:50:32:b0:6a:6a:08:f7:e1:a0:6b:57:43:0b:94:a5:7f:7b:d8:47:14:11:51:86:fd:9a:9f:2a:17:c3:af:a8:6b:2d:65:a3:11:a9:ee:0e:4e:75:ba:fe:d0:ea:c1:50:a9:57:55:a5:45:d8:2c:0e:14:ce:af:22:91:8e:a6:9f:d9:14:69:55:eb:5c:af:bf:ae:a5:03:76:e0:e7:aa:e2:ea:38:25:1a:42:9e:86:1a:4a:dc:42:52:d2:f2:c8:f5:0c:f7:de:6e:ba:12:96:44:2f:4a:5f:de:ed:62:6c:c4:c1:a7:66:fe:f5:34:49:6f:2b:c2:2e:b2:f8:c2:6d:33:ca:cf:f7:31:42:b4:0f:06:aa:eb:28:2f:df:7d:60:9d:5a:c4:38:af:76:9e:20:e8:17:29:69:2e:31:cd:29:c3:70:65:c3:be:a4:44:4d:c7:bb:bd:c2:b8:ea:61:93:f6:88:24:55:b7:cb:07:41:5f:e5:c5:53:e8:db:97:06:5c:7a:df:c1:79:5a:19:84:f9:12:77:87:f1:bb:a4:f0:88:f2:6e:6c:70:f7:2e:3f:b7:16:25:72:6b:0a:ce:38:d7:83:2f:fe:b8:a5:36:46:48:01:6e:68:95:f8:4a:d5:10:b7:e4:ea:20:87:a9:a9:27" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:11.673865000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495071.673865000", - "frame.time_delta": "0.000088000", - "frame.time_delta_displayed": "0.000088000", - "frame.time_relative": "1480.213179000", - "frame.number": "5066", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00004940", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x0000419b", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35305", - "tcp.port": "80", - "tcp.port": "35305", - "tcp.stream": "185", - "tcp.len": "0", - "tcp.seq": "872", - "tcp.ack": "1849", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x000033d5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:11.674339000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495071.674339000", - "frame.time_delta": "0.000474000", - "frame.time_delta_displayed": "0.000474000", - "frame.time_relative": "1480.213653000", - "frame.number": "5067", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002191", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000144b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35305", - "tcp.dstport": "80", - "tcp.port": "35305", - "tcp.port": "80", - "tcp.stream": "185", - "tcp.len": "0", - "tcp.seq": "1849", - "tcp.ack": "872", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "30485", - "tcp.window_size": "30485", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000d424", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5065", - "tcp.analysis.ack_rtt": "0.000562000", - "tcp.analysis.initial_rtt": "0.135933000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:11.675122000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495071.675122000", - "frame.time_delta": "0.000783000", - "frame.time_delta_displayed": "0.000783000", - "frame.time_relative": "1480.214436000", - "frame.number": "5068", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002192", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000144a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35305", - "tcp.dstport": "80", - "tcp.port": "35305", - "tcp.port": "80", - "tcp.stream": "185", - "tcp.len": "0", - "tcp.seq": "1849", - "tcp.ack": "873", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "30485", - "tcp.window_size": "30485", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000d422", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5066", - "tcp.analysis.ack_rtt": "0.001257000", - "tcp.analysis.initial_rtt": "0.135933000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:11.810365000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495071.810365000", - "frame.time_delta": "0.135243000", - "frame.time_delta_displayed": "0.135243000", - "frame.time_relative": "1480.349679000", - "frame.number": "5069", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00008338", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x000007a3", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35305", - "tcp.port": "80", - "tcp.port": "35305", - "tcp.stream": "185", - "tcp.len": "0", - "tcp.seq": "873", - "tcp.ack": "1850", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x000033d4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5068", - "tcp.analysis.ack_rtt": "0.135243000", - "tcp.analysis.initial_rtt": "0.135933000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:12.812419000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495072.812419000", - "frame.time_delta": "1.002054000", - "frame.time_delta_displayed": "1.002054000", - "frame.time_relative": "1481.351733000", - "frame.number": "5070", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x0000b81f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000009b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "43179", - "udp.dstport": "53", - "udp.port": "43179", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x00000d63", - "udp.checksum.status": "2", - "udp.stream": "118" - }, - "dns": { - "dns.id": "0x00000f2f", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:12.813029000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495072.813029000", - "frame.time_delta": "0.000610000", - "frame.time_delta_displayed": "0.000610000", - "frame.time_relative": "1481.352343000", - "frame.number": "5071", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x000091ca", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000026f0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "43179", - "udp.port": "53", - "udp.port": "43179", - "udp.length": "45", - "udp.checksum": "0x00008230", - "udp.checksum.status": "2", - "udp.stream": "118" - }, - "dns": { - "dns.response_to": "5070", - "dns.time": "0.000610000", - "dns.id": "0x00000f2f", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:12.815055000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495072.815055000", - "frame.time_delta": "0.002026000", - "frame.time_delta_displayed": "0.002026000", - "frame.time_relative": "1481.354369000", - "frame.number": "5072", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x0000b820", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000009a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "39114", - "udp.dstport": "53", - "udp.port": "39114", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x00003843", - "udp.checksum.status": "2", - "udp.stream": "119" - }, - "dns": { - "dns.id": "0x00000f30", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:12.815601000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495072.815601000", - "frame.time_delta": "0.000546000", - "frame.time_delta_displayed": "0.000546000", - "frame.time_relative": "1481.354915000", - "frame.number": "5073", - "frame.len": "95", - "frame.cap_len": "95", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "81", - "ip.id": "0x000091cb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000026df", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "39114", - "udp.port": "53", - "udp.port": "39114", - "udp.length": "61", - "udp.checksum": "0x00008240", - "udp.checksum.status": "2", - "udp.stream": "119" - }, - "dns": { - "dns.response_to": "5072", - "dns.time": "0.000546000", - "dns.id": "0x00000f30", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "1", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { - "dns.resp.name": "dcp.cpp.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2305", - "dns.resp.len": "4", - "dns.a": "5.79.62.93" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:12.816652000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495072.816652000", - "frame.time_delta": "0.001051000", - "frame.time_delta_displayed": "0.001051000", - "frame.time_relative": "1481.355966000", - "frame.number": "5074", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00007ec1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b70e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35306", - "tcp.dstport": "80", - "tcp.port": "35306", - "tcp.port": "80", - "tcp.stream": "186", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000d9fa", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:12.952226000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495072.952226000", - "frame.time_delta": "0.135574000", - "frame.time_delta_displayed": "0.135574000", - "frame.time_relative": "1481.491540000", - "frame.number": "5075", - "frame.len": "62", - "frame.cap_len": "62", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "48", - "ip.id": "0x0000b13c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x0000d996", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35306", - "tcp.port": "80", - "tcp.port": "35306", - "tcp.stream": "186", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "28", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "4140", - "tcp.window_size": "4140", - "tcp.checksum": "0x0000c21f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:64:04:02:00:00", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1380" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "End of Option List (EOL)": { - "tcp.options.type": "0", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "0" - } - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5074", - "tcp.analysis.ack_rtt": "0.135574000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:12.952762000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495072.952762000", - "frame.time_delta": "0.000536000", - "frame.time_delta_displayed": "0.000536000", - "frame.time_relative": "1481.492076000", - "frame.number": "5076", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00007ec2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b719", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35306", - "tcp.dstport": "80", - "tcp.port": "35306", - "tcp.port": "80", - "tcp.stream": "186", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00008bae", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5075", - "tcp.analysis.ack_rtt": "0.000536000", - "tcp.analysis.initial_rtt": "0.136110000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:12.953302000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495072.953302000", - "frame.time_delta": "0.000540000", - "frame.time_delta_displayed": "0.000540000", - "frame.time_relative": "1481.492616000", - "frame.number": "5077", - "frame.len": "654", - "frame.cap_len": "654", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "640", - "ip.id": "0x00007ec3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b4c0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35306", - "tcp.dstport": "80", - "tcp.port": "35306", - "tcp.port": "80", - "tcp.stream": "186", - "tcp.len": "600", - "tcp.seq": "1", - "tcp.nxtseq": "601", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000b469", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.136110000", - "tcp.analysis.bytes_in_flight": "600", - "tcp.analysis.push_bytes_sent": "600" - }, - "tcp.segment_data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:39:35:22:2c:20:4e:6f:6e:63:65:3d:22:77:44:36:31:79:64:6f:43:43:67:2b:39:49:4e:55:49:4b:70:67:79:76:67:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:69:59:6c:41:71:2b:69:6b:72:65:6f:4c:35:4d:59:64:50:64:58:7a:6a:51:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:13.091041000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495073.091041000", - "frame.time_delta": "0.137739000", - "frame.time_delta_displayed": "0.137739000", - "frame.time_relative": "1481.630355000", - "frame.number": "5078", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e898", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x0000a242", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35306", - "tcp.port": "80", - "tcp.port": "35306", - "tcp.stream": "186", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "601", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4740", - "tcp.window_size": "4740", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000e8e2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5077", - "tcp.analysis.ack_rtt": "0.137739000", - "tcp.analysis.initial_rtt": "0.136110000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:13.091669000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495073.091669000", - "frame.time_delta": "0.000628000", - "frame.time_delta_displayed": "0.000628000", - "frame.time_relative": "1481.630983000", - "frame.number": "5079", - "frame.len": "1302", - "frame.cap_len": "1302", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:media" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1288", - "ip.id": "0x00007ec4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b237", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35306", - "tcp.dstport": "80", - "tcp.port": "35306", - "tcp.port": "80", - "tcp.stream": "186", - "tcp.len": "1248", - "tcp.seq": "601", - "tcp.nxtseq": "1849", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000f904", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.136110000", - "tcp.analysis.bytes_in_flight": "1248", - "tcp.analysis.push_bytes_sent": "1248" - }, - "tcp.segment_data": "80:24:d3:8c:ac:6d:af:d4:97:d3:d1:27:a1:35:fa:58:44:1d:93:fa:8f:b7:b7:58:62:47:9d:2e:22:28:e1:80:7b:23:5e:b3:8b:54:b0:16:13:cb:5f:76:37:fe:8d:e1:9e:87:f0:42:e7:76:e8:2e:3f:14:b6:22:88:1f:1c:79:ec:fe:22:a9:59:4c:12:97:31:67:7d:73:7e:af:34:dd:06:ee:2e:35:c1:e7:aa:42:79:9f:1c:09:41:e5:47:96:91:85:c5:b6:6c:09:bc:0b:d6:da:f1:c8:15:1e:57:ee:7e:c8:b4:ab:65:d5:69:85:62:17:a9:4c:cc:6b:5a:04:d7:d4:f6:79:52:41:28:0c:ec:6a:25:fe:fa:c4:ad:1b:30:a0:cd:2c:40:6e:9c:c6:ff:fb:0a:79:54:71:32:de:45:ce:17:a7:e8:2d:5b:67:4e:cc:5d:31:6a:b7:2a:86:03:6b:2a:d6:a3:e3:49:7f:9d:49:d1:98:0b:70:e9:14:19:e6:89:e0:0e:ed:6a:3a:bb:8e:ea:08:7f:8d:c9:5d:49:41:0c:4b:93:5b:4e:74:93:6e:57:76:de:43:98:b3:a4:8f:56:0f:ac:ad:c8:1d:c9:cd:20:bd:d7:6a:14:9b:84:d3:d9:57:c2:cb:77:ad:74:69:70:3d:d3:e5:58:3d:6d:89:44:85:fe:27:2b:17:70:5f:80:d9:0a:e8:d6:06:6e:f9:80:47:11:cb:2e:95:66:8d:df:b9:8b:6e:93:e8:94:56:50:ce:47:69:76:30:dd:84:30:a1:7b:bc:5f:35:0e:70:de:75:1e:96:bc:13:7b:b5:06:8f:b4:f4:51:e0:1d:58:ef:03:05:94:25:82:3e:8c:f3:64:ee:9d:60:38:6a:bd:0b:ab:1d:19:f9:a3:cc:0b:6d:0d:f8:79:20:1e:0c:14:9d:39:a6:26:6c:00:e2:c9:05:a7:e2:70:86:2d:93:9f:67:8d:b4:d8:a5:a8:1e:e2:de:7d:7f:d0:b8:ea:c7:8b:4c:c5:7d:e8:83:07:db:8c:35:a5:c2:6b:ad:bf:43:db:13:09:d4:42:a4:56:b0:5b:6b:f3:82:82:65:42:3d:a6:e1:bf:ce:4a:8b:1f:af:45:9c:1c:ac:7b:78:cd:d0:6d:1b:3b:ab:ad:7a:7f:7b:6e:a6:bf:e5:59:8d:e7:15:34:f1:12:d9:8f:b6:fc:d5:f4:07:e1:63:40:3a:d6:bd:bf:bf:e7:c8:18:2b:20:be:11:c8:2f:b7:eb:99:df:9d:2f:f7:39:cd:bc:5e:51:2c:d7:09:99:e0:77:69:02:a2:cb:02:66:c8:8a:10:5a:0e:42:2c:eb:21:af:3d:55:49:98:04:12:d5:f7:61:55:73:a4:6d:52:af:d7:58:68:82:44:4b:4d:d2:ac:90:95:db:31:9e:44:ec:0b:ed:73:9c:97:41:a9:18:4b:1f:3c:31:13:21:86:21:34:73:64:84:cd:03:05:59:32:0a:fe:3a:98:fa:a7:7b:9b:c9:68:11:47:15:f6:7a:d6:f4:9f:9f:70:75:06:2b:52:3e:3b:b2:09:e5:7a:67:04:e0:06:1b:80:cf:3f:d9:f7:e1:a7:e4:e1:d9:3b:07:19:35:3f:ab:9f:52:46:8c:66:8a:8c:fd:60:8c:78:c1:e5:54:19:13:fa:38:71:37:9e:40:4f:7a:d1:47:04:45:4a:d1:e4:2a:d4:f1:46:f9:15:e4:ee:d5:9f:9b:d8:14:02:71:80:fe:67:b2:14:df:68:ac:b8:ac:9b:30:2c:a0:40:69:83:ca:c7:9e:36:4a:8c:74:a6:f3:10:cc:2a:d9:55:65:01:58:02:aa:7b:c3:43:9c:a6:9d:7f:33:b6:83:f1:f0:74:4f:e4:78:4a:2a:9a:10:cf:a1:4c:06:08:dc:db:11:8f:0d:20:42:07:99:b8:c8:89:4b:45:71:5d:74:ca:e0:25:c3:2a:57:31:aa:06:0c:87:be:1d:b7:76:7c:3c:90:4a:31:00:78:9f:ce:74:4f:9c:e1:87:cc:7f:31:77:a4:b8:f1:f0:85:d7:12:b5:b8:94:26:ea:bc:00:ca:ff:08:a3:3a:be:7b:ea:80:51:e5:30:aa:25:3f:6e:68:e3:a6:0f:19:32:3c:d6:e3:af:57:74:21:b1:bb:e4:28:cd:78:d6:9f:6f:5b:1e:46:8c:48:86:42:29:56:d4:35:ec:8c:5c:ea:89:e0:26:e0:1f:e8:46:da:32:99:01:63:9e:00:87:7e:52:7e:2d:b0:2e:de:fd:9c:68:67:13:48:7c:c6:02:c4:58:06:f7:cb:ba:71:81:26:a7:35:22:6c:aa:26:46:5a:1e:49:0c:5d:9d:a5:dc:46:e6:48:45:72:38:07:5c:f4:01:c3:36:ca:67:0d:05:bd:46:af:34:a6:3d:21:aa:ee:2f:ff:6e:f3:d9:c5:1e:76:88:da:64:25:de:e1:14:a3:76:e5:04:c7:3d:2d:de:92:f4:ad:ba:b4:72:62:44:75:7d:e2:3c:4c:73:8d:28:ae:d0:a3:73:24:32:50:bf:05:75:12:c4:f2:ed:0f:9a:62:d8:ec:d4:64:f9:b3:7a:cf:5f:6d:10:ed:9e:e0:58:03:ee:ee:87:23:bf:d5:d8:87:d6:68:fb:e5:e0:6f:8c:0b:cd:75:ce:d7:66:2c:1c:4b:2b:ff:ce:71:1b:68:79:8e:47:83:01:9f:38:ad:1e:74:6a:93:c2:79:1d:2c:69:e0:ca:99:fd:52:e2:88:35:62:32:20:9f:51:e0:e5:b9:f5:35:d2:95:23:d5:83:5f:19:3b:32:65:0f:94:42:48:e4:54:89:98:e2:7a:04:d8:4f:a8:de:f1:db:d3:1f:e4:3d:d8:55:ce:8b:be:fa:12:6c:f1:6f:ce:ff:67:55:93:16:69:b7:4b:b8:1b:f7:1f:76:a7:2a:c6:9d:8c:96:bf:e3:35:33:c1:91:09:d5:62:7c:4d:40:ca:09:16:16:25:4a:8c:77:4b:71:ee:1a:5a:9a:93:0d:7f:7f:df:eb:5f:04:55:d0:56:3b:98:2d:35:15:1c:3c:61:c1:61:b0:2d:22:fa:89:6e:cc:1a:25:3b:b3:ff:7b:2a:39:e0:ef:01:ba:a6:67:ee:7f:30:c6:30:6a:8c:ec:66:81:ca:64:b8:3d:d7:5e:d8:8e:50:8b:e8:02:fb:07:0f:81:b1:af:eb:f5:70:e5:85:69:30:f1:99:21:66:19:41:31:d1:6b:0d:b9:5f:af:f8:3d:f5:9b:d6:dc:4f:3a:59:e0:04:e9:82" - }, - "tcp.segments": { - "tcp.segment": "5077", - "tcp.segment": "5079", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1848", - "tcp.reassembled.data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:39:35:22:2c:20:4e:6f:6e:63:65:3d:22:77:44:36:31:79:64:6f:43:43:67:2b:39:49:4e:55:49:4b:70:67:79:76:67:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:69:59:6c:41:71:2b:69:6b:72:65:6f:4c:35:4d:59:64:50:64:58:7a:6a:51:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a:80:24:d3:8c:ac:6d:af:d4:97:d3:d1:27:a1:35:fa:58:44:1d:93:fa:8f:b7:b7:58:62:47:9d:2e:22:28:e1:80:7b:23:5e:b3:8b:54:b0:16:13:cb:5f:76:37:fe:8d:e1:9e:87:f0:42:e7:76:e8:2e:3f:14:b6:22:88:1f:1c:79:ec:fe:22:a9:59:4c:12:97:31:67:7d:73:7e:af:34:dd:06:ee:2e:35:c1:e7:aa:42:79:9f:1c:09:41:e5:47:96:91:85:c5:b6:6c:09:bc:0b:d6:da:f1:c8:15:1e:57:ee:7e:c8:b4:ab:65:d5:69:85:62:17:a9:4c:cc:6b:5a:04:d7:d4:f6:79:52:41:28:0c:ec:6a:25:fe:fa:c4:ad:1b:30:a0:cd:2c:40:6e:9c:c6:ff:fb:0a:79:54:71:32:de:45:ce:17:a7:e8:2d:5b:67:4e:cc:5d:31:6a:b7:2a:86:03:6b:2a:d6:a3:e3:49:7f:9d:49:d1:98:0b:70:e9:14:19:e6:89:e0:0e:ed:6a:3a:bb:8e:ea:08:7f:8d:c9:5d:49:41:0c:4b:93:5b:4e:74:93:6e:57:76:de:43:98:b3:a4:8f:56:0f:ac:ad:c8:1d:c9:cd:20:bd:d7:6a:14:9b:84:d3:d9:57:c2:cb:77:ad:74:69:70:3d:d3:e5:58:3d:6d:89:44:85:fe:27:2b:17:70:5f:80:d9:0a:e8:d6:06:6e:f9:80:47:11:cb:2e:95:66:8d:df:b9:8b:6e:93:e8:94:56:50:ce:47:69:76:30:dd:84:30:a1:7b:bc:5f:35:0e:70:de:75:1e:96:bc:13:7b:b5:06:8f:b4:f4:51:e0:1d:58:ef:03:05:94:25:82:3e:8c:f3:64:ee:9d:60:38:6a:bd:0b:ab:1d:19:f9:a3:cc:0b:6d:0d:f8:79:20:1e:0c:14:9d:39:a6:26:6c:00:e2:c9:05:a7:e2:70:86:2d:93:9f:67:8d:b4:d8:a5:a8:1e:e2:de:7d:7f:d0:b8:ea:c7:8b:4c:c5:7d:e8:83:07:db:8c:35:a5:c2:6b:ad:bf:43:db:13:09:d4:42:a4:56:b0:5b:6b:f3:82:82:65:42:3d:a6:e1:bf:ce:4a:8b:1f:af:45:9c:1c:ac:7b:78:cd:d0:6d:1b:3b:ab:ad:7a:7f:7b:6e:a6:bf:e5:59:8d:e7:15:34:f1:12:d9:8f:b6:fc:d5:f4:07:e1:63:40:3a:d6:bd:bf:bf:e7:c8:18:2b:20:be:11:c8:2f:b7:eb:99:df:9d:2f:f7:39:cd:bc:5e:51:2c:d7:09:99:e0:77:69:02:a2:cb:02:66:c8:8a:10:5a:0e:42:2c:eb:21:af:3d:55:49:98:04:12:d5:f7:61:55:73:a4:6d:52:af:d7:58:68:82:44:4b:4d:d2:ac:90:95:db:31:9e:44:ec:0b:ed:73:9c:97:41:a9:18:4b:1f:3c:31:13:21:86:21:34:73:64:84:cd:03:05:59:32:0a:fe:3a:98:fa:a7:7b:9b:c9:68:11:47:15:f6:7a:d6:f4:9f:9f:70:75:06:2b:52:3e:3b:b2:09:e5:7a:67:04:e0:06:1b:80:cf:3f:d9:f7:e1:a7:e4:e1:d9:3b:07:19:35:3f:ab:9f:52:46:8c:66:8a:8c:fd:60:8c:78:c1:e5:54:19:13:fa:38:71:37:9e:40:4f:7a:d1:47:04:45:4a:d1:e4:2a:d4:f1:46:f9:15:e4:ee:d5:9f:9b:d8:14:02:71:80:fe:67:b2:14:df:68:ac:b8:ac:9b:30:2c:a0:40:69:83:ca:c7:9e:36:4a:8c:74:a6:f3:10:cc:2a:d9:55:65:01:58:02:aa:7b:c3:43:9c:a6:9d:7f:33:b6:83:f1:f0:74:4f:e4:78:4a:2a:9a:10:cf:a1:4c:06:08:dc:db:11:8f:0d:20:42:07:99:b8:c8:89:4b:45:71:5d:74:ca:e0:25:c3:2a:57:31:aa:06:0c:87:be:1d:b7:76:7c:3c:90:4a:31:00:78:9f:ce:74:4f:9c:e1:87:cc:7f:31:77:a4:b8:f1:f0:85:d7:12:b5:b8:94:26:ea:bc:00:ca:ff:08:a3:3a:be:7b:ea:80:51:e5:30:aa:25:3f:6e:68:e3:a6:0f:19:32:3c:d6:e3:af:57:74:21:b1:bb:e4:28:cd:78:d6:9f:6f:5b:1e:46:8c:48:86:42:29:56:d4:35:ec:8c:5c:ea:89:e0:26:e0:1f:e8:46:da:32:99:01:63:9e:00:87:7e:52:7e:2d:b0:2e:de:fd:9c:68:67:13:48:7c:c6:02:c4:58:06:f7:cb:ba:71:81:26:a7:35:22:6c:aa:26:46:5a:1e:49:0c:5d:9d:a5:dc:46:e6:48:45:72:38:07:5c:f4:01:c3:36:ca:67:0d:05:bd:46:af:34:a6:3d:21:aa:ee:2f:ff:6e:f3:d9:c5:1e:76:88:da:64:25:de:e1:14:a3:76:e5:04:c7:3d:2d:de:92:f4:ad:ba:b4:72:62:44:75:7d:e2:3c:4c:73:8d:28:ae:d0:a3:73:24:32:50:bf:05:75:12:c4:f2:ed:0f:9a:62:d8:ec:d4:64:f9:b3:7a:cf:5f:6d:10:ed:9e:e0:58:03:ee:ee:87:23:bf:d5:d8:87:d6:68:fb:e5:e0:6f:8c:0b:cd:75:ce:d7:66:2c:1c:4b:2b:ff:ce:71:1b:68:79:8e:47:83:01:9f:38:ad:1e:74:6a:93:c2:79:1d:2c:69:e0:ca:99:fd:52:e2:88:35:62:32:20:9f:51:e0:e5:b9:f5:35:d2:95:23:d5:83:5f:19:3b:32:65:0f:94:42:48:e4:54:89:98:e2:7a:04:d8:4f:a8:de:f1:db:d3:1f:e4:3d:d8:55:ce:8b:be:fa:12:6c:f1:6f:ce:ff:67:55:93:16:69:b7:4b:b8:1b:f7:1f:76:a7:2a:c6:9d:8c:96:bf:e3:35:33:c1:91:09:d5:62:7c:4d:40:ca:09:16:16:25:4a:8c:77:4b:71:ee:1a:5a:9a:93:0d:7f:7f:df:eb:5f:04:55:d0:56:3b:98:2d:35:15:1c:3c:61:c1:61:b0:2d:22:fa:89:6e:cc:1a:25:3b:b3:ff:7b:2a:39:e0:ef:01:ba:a6:67:ee:7f:30:c6:30:6a:8c:ec:66:81:ca:64:b8:3d:d7:5e:d8:8e:50:8b:e8:02:fb:07:0f:81:b1:af:eb:f5:70:e5:85:69:30:f1:99:21:66:19:41:31:d1:6b:0d:b9:5f:af:f8:3d:f5:9b:d6:dc:4f:3a:59:e0:04:e9:82" - }, - "http": { - "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "POST", - "http.request.uri": "\/DcpRequestHandler\/index.ashx", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "dcp.cpp.philips.com:80", - "http.request.line": "Host: dcp.cpp.philips.com:80\r\n", - "http.authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"195\", Nonce=\"wD61ydoCCg+9INUIKpgyvg==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"iYlAq+ikreoL5MYdPdXzjQ==\"", - "http.request.line": "Authorization: CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"195\", Nonce=\"wD61ydoCCg+9INUIKpgyvg==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"iYlAq+ikreoL5MYdPdXzjQ==\"\r\n", - "http.content_length_header": "1248 ", - "http.content_length_header_tree": { - "http.content_length": "1248" - }, - "http.request.line": "Content-Length: 1248 \r\n", - "http.content_type": "application\/CB-Encrypted; cipher=AES", - "http.request.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", - "http.connection": "close", - "http.request.line": "Connection: close\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/dcp.cpp.philips.com:80\/DcpRequestHandler\/index.ashx", - "http.request": "1", - "http.request_number": "1", - "http.file_data": "\u00ef\u00bf\u00bd$\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdm\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd'\u00ef\u00bf\u00bd5\u00ef\u00bf\u00bdXD\u001d\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdXbG\u00ef\u00bf\u00bd.\"(\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd{#^\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdT\u00ef\u00bf\u00bd\u0016\u0013\u00ef\u00bf\u00bd_v7\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdB\u00ef\u00bf\u00bdv\u00ef\u00bf\u00bd.?\u0014\u00ef\u00bf\u00bd\"\u00ef\u00bf\u00bd\u001f\u001cy\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\"\u00ef\u00bf\u00bdYL\u0012\u00ef\u00bf\u00bd1g}s~\u00ef\u00bf\u00bd4\u00ef\u00bf\u00bd\u0006\u00ef\u00bf\u00bd.5\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdBy\u00ef\u00bf\u00bd\u001c\tA\u00ef\u00bf\u00bdG\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdl\t\u00ef\u00bf\u00bd\u000b\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0015\u001eW\u00ef\u00bf\u00bd~\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bde\u00ef\u00bf\u00bdi\u00ef\u00bf\u00bdb\u0017\u00ef\u00bf\u00bdL\u00ef\u00bf\u00bdkZ\u0004\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdyRA(\f\u00ef\u00bf\u00bdj%\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001b0\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd,@n\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\nyTq2\u00ef\u00bf\u00bdE\u00ef\u00bf\u00bd\u0017\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd-[gN\u00ef\u00bf\u00bd]1j\u00ef\u00bf\u00bd*\u00ef\u00bf\u00bd\u0003k*\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdI\u007f\u00ef\u00bf\u00bdI\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u000bp\u00ef\u00bf\u00bd\u0014\u0019\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u000e\u00ef\u00bf\u00bdj:\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\b\u007f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd]IA\fK\u00ef\u00bf\u00bd[Nt\u00ef\u00bf\u00bdnWv\u00ef\u00bf\u00bdC\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdV\u000f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001d\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd \u00ef\u00bf\u00bd\u00ef\u00bf\u00bdj\u0014\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdW\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdw\u00ef\u00bf\u00bdtip=\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdX=m\u00ef\u00bf\u00bdD\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd'+\u0017p_\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\n\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0006n\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdG\u0011\u00ef\u00bf\u00bd.\u00ef\u00bf\u00bdf\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdn\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdVP\u00ef\u00bf\u00bdGiv0\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd0\u00ef\u00bf\u00bd{\u00ef\u00bf\u00bd_5\u000ep\u00ef\u00bf\u00bdu\u001e\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0013{\u00ef\u00bf\u00bd\u0006\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdQ\u00ef\u00bf\u00bd\u001dX\u00ef\u00bf\u00bd\u0003\u0005\u00ef\u00bf\u00bd%\u00ef\u00bf\u00bd>\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd`8j\u00ef\u00bf\u00bd\u000b\u00ef\u00bf\u00bd\u001d\u0019\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u000bm\r\u00ef\u00bf\u00bdy \u001e\f\u0014\u00ef\u00bf\u00bd9\u00ef\u00bf\u00bd&l" - }, - "media": { - "media.type": "80:24:d3:8c:ac:6d:af:d4:97:d3:d1:27:a1:35:fa:58:44:1d:93:fa:8f:b7:b7:58:62:47:9d:2e:22:28:e1:80:7b:23:5e:b3:8b:54:b0:16:13:cb:5f:76:37:fe:8d:e1:9e:87:f0:42:e7:76:e8:2e:3f:14:b6:22:88:1f:1c:79:ec:fe:22:a9:59:4c:12:97:31:67:7d:73:7e:af:34:dd:06:ee:2e:35:c1:e7:aa:42:79:9f:1c:09:41:e5:47:96:91:85:c5:b6:6c:09:bc:0b:d6:da:f1:c8:15:1e:57:ee:7e:c8:b4:ab:65:d5:69:85:62:17:a9:4c:cc:6b:5a:04:d7:d4:f6:79:52:41:28:0c:ec:6a:25:fe:fa:c4:ad:1b:30:a0:cd:2c:40:6e:9c:c6:ff:fb:0a:79:54:71:32:de:45:ce:17:a7:e8:2d:5b:67:4e:cc:5d:31:6a:b7:2a:86:03:6b:2a:d6:a3:e3:49:7f:9d:49:d1:98:0b:70:e9:14:19:e6:89:e0:0e:ed:6a:3a:bb:8e:ea:08:7f:8d:c9:5d:49:41:0c:4b:93:5b:4e:74:93:6e:57:76:de:43:98:b3:a4:8f:56:0f:ac:ad:c8:1d:c9:cd:20:bd:d7:6a:14:9b:84:d3:d9:57:c2:cb:77:ad:74:69:70:3d:d3:e5:58:3d:6d:89:44:85:fe:27:2b:17:70:5f:80:d9:0a:e8:d6:06:6e:f9:80:47:11:cb:2e:95:66:8d:df:b9:8b:6e:93:e8:94:56:50:ce:47:69:76:30:dd:84:30:a1:7b:bc:5f:35:0e:70:de:75:1e:96:bc:13:7b:b5:06:8f:b4:f4:51:e0:1d:58:ef:03:05:94:25:82:3e:8c:f3:64:ee:9d:60:38:6a:bd:0b:ab:1d:19:f9:a3:cc:0b:6d:0d:f8:79:20:1e:0c:14:9d:39:a6:26:6c:00:e2:c9:05:a7:e2:70:86:2d:93:9f:67:8d:b4:d8:a5:a8:1e:e2:de:7d:7f:d0:b8:ea:c7:8b:4c:c5:7d:e8:83:07:db:8c:35:a5:c2:6b:ad:bf:43:db:13:09:d4:42:a4:56:b0:5b:6b:f3:82:82:65:42:3d:a6:e1:bf:ce:4a:8b:1f:af:45:9c:1c:ac:7b:78:cd:d0:6d:1b:3b:ab:ad:7a:7f:7b:6e:a6:bf:e5:59:8d:e7:15:34:f1:12:d9:8f:b6:fc:d5:f4:07:e1:63:40:3a:d6:bd:bf:bf:e7:c8:18:2b:20:be:11:c8:2f:b7:eb:99:df:9d:2f:f7:39:cd:bc:5e:51:2c:d7:09:99:e0:77:69:02:a2:cb:02:66:c8:8a:10:5a:0e:42:2c:eb:21:af:3d:55:49:98:04:12:d5:f7:61:55:73:a4:6d:52:af:d7:58:68:82:44:4b:4d:d2:ac:90:95:db:31:9e:44:ec:0b:ed:73:9c:97:41:a9:18:4b:1f:3c:31:13:21:86:21:34:73:64:84:cd:03:05:59:32:0a:fe:3a:98:fa:a7:7b:9b:c9:68:11:47:15:f6:7a:d6:f4:9f:9f:70:75:06:2b:52:3e:3b:b2:09:e5:7a:67:04:e0:06:1b:80:cf:3f:d9:f7:e1:a7:e4:e1:d9:3b:07:19:35:3f:ab:9f:52:46:8c:66:8a:8c:fd:60:8c:78:c1:e5:54:19:13:fa:38:71:37:9e:40:4f:7a:d1:47:04:45:4a:d1:e4:2a:d4:f1:46:f9:15:e4:ee:d5:9f:9b:d8:14:02:71:80:fe:67:b2:14:df:68:ac:b8:ac:9b:30:2c:a0:40:69:83:ca:c7:9e:36:4a:8c:74:a6:f3:10:cc:2a:d9:55:65:01:58:02:aa:7b:c3:43:9c:a6:9d:7f:33:b6:83:f1:f0:74:4f:e4:78:4a:2a:9a:10:cf:a1:4c:06:08:dc:db:11:8f:0d:20:42:07:99:b8:c8:89:4b:45:71:5d:74:ca:e0:25:c3:2a:57:31:aa:06:0c:87:be:1d:b7:76:7c:3c:90:4a:31:00:78:9f:ce:74:4f:9c:e1:87:cc:7f:31:77:a4:b8:f1:f0:85:d7:12:b5:b8:94:26:ea:bc:00:ca:ff:08:a3:3a:be:7b:ea:80:51:e5:30:aa:25:3f:6e:68:e3:a6:0f:19:32:3c:d6:e3:af:57:74:21:b1:bb:e4:28:cd:78:d6:9f:6f:5b:1e:46:8c:48:86:42:29:56:d4:35:ec:8c:5c:ea:89:e0:26:e0:1f:e8:46:da:32:99:01:63:9e:00:87:7e:52:7e:2d:b0:2e:de:fd:9c:68:67:13:48:7c:c6:02:c4:58:06:f7:cb:ba:71:81:26:a7:35:22:6c:aa:26:46:5a:1e:49:0c:5d:9d:a5:dc:46:e6:48:45:72:38:07:5c:f4:01:c3:36:ca:67:0d:05:bd:46:af:34:a6:3d:21:aa:ee:2f:ff:6e:f3:d9:c5:1e:76:88:da:64:25:de:e1:14:a3:76:e5:04:c7:3d:2d:de:92:f4:ad:ba:b4:72:62:44:75:7d:e2:3c:4c:73:8d:28:ae:d0:a3:73:24:32:50:bf:05:75:12:c4:f2:ed:0f:9a:62:d8:ec:d4:64:f9:b3:7a:cf:5f:6d:10:ed:9e:e0:58:03:ee:ee:87:23:bf:d5:d8:87:d6:68:fb:e5:e0:6f:8c:0b:cd:75:ce:d7:66:2c:1c:4b:2b:ff:ce:71:1b:68:79:8e:47:83:01:9f:38:ad:1e:74:6a:93:c2:79:1d:2c:69:e0:ca:99:fd:52:e2:88:35:62:32:20:9f:51:e0:e5:b9:f5:35:d2:95:23:d5:83:5f:19:3b:32:65:0f:94:42:48:e4:54:89:98:e2:7a:04:d8:4f:a8:de:f1:db:d3:1f:e4:3d:d8:55:ce:8b:be:fa:12:6c:f1:6f:ce:ff:67:55:93:16:69:b7:4b:b8:1b:f7:1f:76:a7:2a:c6:9d:8c:96:bf:e3:35:33:c1:91:09:d5:62:7c:4d:40:ca:09:16:16:25:4a:8c:77:4b:71:ee:1a:5a:9a:93:0d:7f:7f:df:eb:5f:04:55:d0:56:3b:98:2d:35:15:1c:3c:61:c1:61:b0:2d:22:fa:89:6e:cc:1a:25:3b:b3:ff:7b:2a:39:e0:ef:01:ba:a6:67:ee:7f:30:c6:30:6a:8c:ec:66:81:ca:64:b8:3d:d7:5e:d8:8e:50:8b:e8:02:fb:07:0f:81:b1:af:eb:f5:70:e5:85:69:30:f1:99:21:66:19:41:31:d1:6b:0d:b9:5f:af:f8:3d:f5:9b:d6:dc:4f:3a:59:e0:04:e9:82" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:13.227442000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495073.227442000", - "frame.time_delta": "0.135773000", - "frame.time_delta_displayed": "0.135773000", - "frame.time_relative": "1481.766756000", - "frame.number": "5080", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002069", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x00006a72", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35306", - "tcp.port": "80", - "tcp.port": "35306", - "tcp.stream": "186", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1849", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000df22", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5079", - "tcp.analysis.ack_rtt": "0.135773000", - "tcp.analysis.initial_rtt": "0.136110000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:13.258123000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495073.258123000", - "frame.time_delta": "0.030681000", - "frame.time_delta_displayed": "0.030681000", - "frame.time_relative": "1481.797437000", - "frame.number": "5081", - "frame.len": "925", - "frame.cap_len": "925", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:media" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "911", - "ip.id": "0x00002d97", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x000059dd", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35306", - "tcp.port": "80", - "tcp.port": "35306", - "tcp.stream": "186", - "tcp.len": "871", - "tcp.seq": "1", - "tcp.nxtseq": "872", - "tcp.ack": "1849", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000cbbc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.136110000", - "tcp.analysis.bytes_in_flight": "871", - "tcp.analysis.push_bytes_sent": "871" - } - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.cache_control": "private", - "http.response.line": "Cache-Control: private\r\n", - "http.content_length_header": "560", - "http.content_length_header_tree": { - "http.content_length": "560" - }, - "http.response.line": "Content-Length: 560\r\n", - "http.content_type": "application\/CB-Encrypted; cipher=AES", - "http.response.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", - "http.server": "Microsoft-IIS\/7.5", - "http.response.line": "Server: Microsoft-IIS\/7.5\r\n", - "http.www_authenticate": "CBAuth Nonce=\"lZYmtsAo+Q+9INUIsAqH5g==\"", - "http.response.line": "WWW-Authenticate: CBAuth Nonce=\"lZYmtsAo+Q+9INUIsAqH5g==\"\r\n", - "http.response.line": "X-AspNet-Version: 4.0.30319\r\n", - "http.response.line": "X-Powered-By: ASP.NET\r\n", - "http.date": "Wed, 01 Nov 2017 00:11:12 GMT", - "http.response.line": "Date: Wed, 01 Nov 2017 00:11:12 GMT\r\n", - "http.connection": "close", - "http.response.line": "Connection: close\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.166454000", - "http.request_in": "5079", - "http.file_data": "\u00ef\u00bf\u00bd$\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdm\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd'\u00ef\u00bf\u00bd5\u00ef\u00bf\u00bdXD\u001d\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdXbG\u00ef\u00bf\u00bd.\"(\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0014\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd" - }, - "media": { - "media.type": "80:24:d3:8c:ac:6d:af:d4:97:d3:d1:27:a1:35:fa:58:44:1d:93:fa:8f:b7:b7:58:62:47:9d:2e:22:28:e1:80:d4:14:dc:ab:00:f5:9b:d7:2e:71:fe:0c:6c:18:a5:69:6e:1b:0a:e4:c3:e8:05:8a:69:a6:fe:47:87:19:9d:2f:2c:5a:20:0e:bb:ac:b3:78:09:9d:4f:db:15:65:e0:c4:85:13:8f:e9:15:06:fc:6c:94:6c:63:ae:ff:23:43:d8:65:0f:2c:9d:c7:a9:4e:01:ac:2d:84:58:b2:8f:e9:27:93:45:e5:fc:86:7e:d6:65:48:10:34:4e:0d:bc:10:b1:da:b6:9a:7b:0c:54:ec:43:ca:51:89:94:ea:e8:25:bb:41:c1:b2:33:a8:02:14:12:9d:d9:f1:92:c6:37:a1:55:a1:cc:39:ce:01:60:55:7b:88:f0:c8:cd:ab:e5:35:99:56:d3:5b:2b:2b:9d:4c:3e:8d:04:93:17:d0:35:cb:c3:55:3f:42:b2:15:1f:9a:85:16:f9:ca:73:e0:86:4d:fb:81:19:3b:98:6e:94:fb:93:dc:fb:6b:b4:7f:75:55:25:a0:fd:bf:28:94:20:3b:f7:b2:2a:90:56:07:2d:fe:8a:47:8b:e1:ed:18:cf:9b:1f:39:d5:2d:b0:6c:99:4a:c4:4a:e3:b1:c1:1c:12:4b:b5:52:58:a6:0c:2c:8e:78:18:df:31:3f:8e:35:17:bf:d3:17:41:08:5f:0b:19:17:cf:6f:cd:78:76:34:9a:62:c5:d8:83:2f:02:d4:ee:6e:ad:52:fa:e4:b0:0d:57:af:3f:c3:e6:50:2d:fc:61:7a:51:19:26:66:6b:9b:4d:90:6e:1e:48:c9:e6:df:5a:04:68:e6:70:a0:af:da:60:5f:31:87:cb:91:73:fb:b7:03:6d:d8:7f:fa:52:26:af:d6:bd:65:9e:c5:34:b5:a1:12:f2:dc:96:b3:6c:88:73:44:98:79:c7:c2:5b:0b:3f:90:94:e5:5d:f7:25:db:92:02:84:11:cb:55:06:c9:0c:46:0e:8c:17:78:fa:66:60:25:74:bb:3f:70:ee:c8:f9:c6:bf:23:97:b0:87:de:04:9a:c8:81:3c:21:36:84:83:6a:2d:b3:e0:27:34:61:33:00:c8:09:46:9c:a1:d2:08:6a:0b:12:05:38:e9:a0:05:07:b4:c1:0e:28:a6:9e:9b:ff:43:2d:cd:c5:ea:4f:0b:3e:0e:26:20:a4:20:7c:72:a0:d5:0d:b0:c8:5e:a1:45:96:05:d2:a9:f0:ed:56:09:db:23:eb:4e:15:4b:cb:46:22:6e:3d:45:44:cd:9e:04:45:7f:98:09:e0:80:39:1d:5c:13:fc:9b:7f:a9:3c:1f:89:11:b9:05:20:54:d8:cd:d0:0f:8e:e1:32:4b:c0:d3:e7:04:87:30:d8:f1:cd:cc:4c:be:40:bf:f6:69:b0:1e:02:68" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:13.258214000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495073.258214000", - "frame.time_delta": "0.000091000", - "frame.time_delta_displayed": "0.000091000", - "frame.time_relative": "1481.797528000", - "frame.number": "5082", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002d99", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x00005d42", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35306", - "tcp.port": "80", - "tcp.port": "35306", - "tcp.stream": "186", - "tcp.len": "0", - "tcp.seq": "872", - "tcp.ack": "1849", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000dbba", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:13.258701000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495073.258701000", - "frame.time_delta": "0.000487000", - "frame.time_delta_displayed": "0.000487000", - "frame.time_relative": "1481.798015000", - "frame.number": "5083", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00007ec5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b716", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35306", - "tcp.dstport": "80", - "tcp.port": "35306", - "tcp.port": "80", - "tcp.stream": "186", - "tcp.len": "0", - "tcp.seq": "1849", - "tcp.ack": "872", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "30485", - "tcp.window_size": "30485", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00007c0a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5081", - "tcp.analysis.ack_rtt": "0.000578000", - "tcp.analysis.initial_rtt": "0.136110000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:13.259385000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495073.259385000", - "frame.time_delta": "0.000684000", - "frame.time_delta_displayed": "0.000684000", - "frame.time_relative": "1481.798699000", - "frame.number": "5084", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00007ec6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b715", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35306", - "tcp.dstport": "80", - "tcp.port": "35306", - "tcp.port": "80", - "tcp.stream": "186", - "tcp.len": "0", - "tcp.seq": "1849", - "tcp.ack": "873", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "30485", - "tcp.window_size": "30485", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00007c08", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5082", - "tcp.analysis.ack_rtt": "0.001171000", - "tcp.analysis.initial_rtt": "0.136110000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:13.394836000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495073.394836000", - "frame.time_delta": "0.135451000", - "frame.time_delta_displayed": "0.135451000", - "frame.time_relative": "1481.934150000", - "frame.number": "5085", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000065c0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x0000251b", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35306", - "tcp.port": "80", - "tcp.port": "35306", - "tcp.stream": "186", - "tcp.len": "0", - "tcp.seq": "873", - "tcp.ack": "1850", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000dbb9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5084", - "tcp.analysis.ack_rtt": "0.135451000", - "tcp.analysis.initial_rtt": "0.136110000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:14.817640000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495074.817640000", - "frame.time_delta": "1.422804000", - "frame.time_delta_displayed": "1.422804000", - "frame.time_relative": "1483.356954000", - "frame.number": "5086", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x0000b84a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00000070", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "35508", - "udp.dstport": "53", - "udp.port": "35508", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x00002b58", - "udp.checksum.status": "2", - "udp.stream": "120" - }, - "dns": { - "dns.id": "0x00000f31", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:14.818193000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495074.818193000", - "frame.time_delta": "0.000553000", - "frame.time_delta_displayed": "0.000553000", - "frame.time_relative": "1483.357507000", - "frame.number": "5087", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x000091d7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000026e3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "35508", - "udp.port": "53", - "udp.port": "35508", - "udp.length": "45", - "udp.checksum": "0x00008230", - "udp.checksum.status": "2", - "udp.stream": "120" - }, - "dns": { - "dns.response_to": "5086", - "dns.time": "0.000553000", - "dns.id": "0x00000f31", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:14.818973000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495074.818973000", - "frame.time_delta": "0.000780000", - "frame.time_delta_displayed": "0.000780000", - "frame.time_relative": "1483.358287000", - "frame.number": "5088", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x0000b84b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000006f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "51660", - "udp.dstport": "53", - "udp.port": "51660", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x0000073f", - "udp.checksum.status": "2", - "udp.stream": "121" - }, - "dns": { - "dns.id": "0x00000f32", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:14.819376000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495074.819376000", - "frame.time_delta": "0.000403000", - "frame.time_delta_displayed": "0.000403000", - "frame.time_relative": "1483.358690000", - "frame.number": "5089", - "frame.len": "95", - "frame.cap_len": "95", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "81", - "ip.id": "0x000091d8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000026d2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "51660", - "udp.port": "53", - "udp.port": "51660", - "udp.length": "61", - "udp.checksum": "0x00008240", - "udp.checksum.status": "2", - "udp.stream": "121" - }, - "dns": { - "dns.response_to": "5088", - "dns.time": "0.000403000", - "dns.id": "0x00000f32", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "1", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { - "dns.resp.name": "dcp.cpp.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2303", - "dns.resp.len": "4", - "dns.a": "5.79.62.93" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:14.820415000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495074.820415000", - "frame.time_delta": "0.001039000", - "frame.time_delta_displayed": "0.001039000", - "frame.time_relative": "1483.359729000", - "frame.number": "5090", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000554a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e085", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35307", - "tcp.dstport": "80", - "tcp.port": "35307", - "tcp.port": "80", - "tcp.stream": "187", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000b37a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:14.956076000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495074.956076000", - "frame.time_delta": "0.135661000", - "frame.time_delta_displayed": "0.135661000", - "frame.time_relative": "1483.495390000", - "frame.number": "5091", - "frame.len": "62", - "frame.cap_len": "62", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "48", - "ip.id": "0x00007d8d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x00000d46", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35307", - "tcp.port": "80", - "tcp.port": "35307", - "tcp.stream": "187", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "28", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "4140", - "tcp.window_size": "4140", - "tcp.checksum": "0x00002b77", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:64:04:02:00:00", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1380" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "End of Option List (EOL)": { - "tcp.options.type": "0", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "0" - } - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5090", - "tcp.analysis.ack_rtt": "0.135661000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:14.956618000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495074.956618000", - "frame.time_delta": "0.000542000", - "frame.time_delta_displayed": "0.000542000", - "frame.time_relative": "1483.495932000", - "frame.number": "5092", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000554b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e090", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35307", - "tcp.dstport": "80", - "tcp.port": "35307", - "tcp.port": "80", - "tcp.stream": "187", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000f505", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5091", - "tcp.analysis.ack_rtt": "0.000542000", - "tcp.analysis.initial_rtt": "0.136203000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:14.956631000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495074.956631000", - "frame.time_delta": "0.000013000", - "frame.time_delta_displayed": "0.000013000", - "frame.time_relative": "1483.495945000", - "frame.number": "5093", - "frame.len": "654", - "frame.cap_len": "654", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "640", - "ip.id": "0x0000554c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000de37", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35307", - "tcp.dstport": "80", - "tcp.port": "35307", - "tcp.port": "80", - "tcp.stream": "187", - "tcp.len": "600", - "tcp.seq": "1", - "tcp.nxtseq": "601", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000c8d8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.136203000", - "tcp.analysis.bytes_in_flight": "600", - "tcp.analysis.push_bytes_sent": "600" - }, - "tcp.segment_data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:39:36:22:2c:20:4e:6f:6e:63:65:3d:22:6c:5a:59:6d:74:73:41:6f:2b:51:2b:39:49:4e:55:49:73:41:71:48:35:67:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:71:37:67:57:54:36:61:55:4c:45:76:43:32:68:43:5a:64:6f:33:59:6c:67:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:15.093125000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495075.093125000", - "frame.time_delta": "0.136494000", - "frame.time_delta_displayed": "0.136494000", - "frame.time_relative": "1483.632439000", - "frame.number": "5094", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000b8d3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x0000d207", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35307", - "tcp.port": "80", - "tcp.port": "35307", - "tcp.stream": "187", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "601", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4740", - "tcp.window_size": "4740", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000523a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5093", - "tcp.analysis.ack_rtt": "0.136494000", - "tcp.analysis.initial_rtt": "0.136203000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:15.093753000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495075.093753000", - "frame.time_delta": "0.000628000", - "frame.time_delta_displayed": "0.000628000", - "frame.time_relative": "1483.633067000", - "frame.number": "5095", - "frame.len": "1302", - "frame.cap_len": "1302", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:media" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1288", - "ip.id": "0x0000554d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000dbae", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35307", - "tcp.dstport": "80", - "tcp.port": "35307", - "tcp.port": "80", - "tcp.stream": "187", - "tcp.len": "1248", - "tcp.seq": "601", - "tcp.nxtseq": "1849", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00008ec3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.136203000", - "tcp.analysis.bytes_in_flight": "1248", - "tcp.analysis.push_bytes_sent": "1248" - }, - "tcp.segment_data": "d2:1b:6d:bc:fd:dd:25:a5:2b:e2:bd:ff:cb:be:a9:d2:74:1a:c5:af:64:f9:21:3d:1f:a0:43:5e:c4:e6:9b:cd:f9:fe:e4:1f:fa:9a:32:68:4b:b1:01:48:35:c1:2a:3c:5a:47:bd:11:b7:3a:6d:a7:26:ce:ee:87:b7:51:e5:50:90:1e:26:57:a8:e0:7d:74:2e:d7:22:d4:ac:28:3c:c9:02:b8:6b:81:ec:76:59:bd:29:a1:d7:e1:4d:38:cd:04:4e:c4:19:7e:18:fd:56:3f:51:7b:2a:b1:cc:a4:ec:ed:96:b6:7d:a5:e0:c0:3f:43:54:1f:da:e1:3b:d3:b1:4e:c8:54:76:7d:ea:71:09:48:ac:f4:2a:00:a5:71:93:23:e0:ed:e4:e9:b4:37:ab:5f:44:a0:19:b4:b9:aa:51:bd:fa:51:d9:ce:9e:39:ab:00:0a:26:fd:6b:3c:84:10:8f:79:1a:96:b4:2a:d2:e5:41:14:99:ea:95:c1:31:0b:c6:c0:25:f7:24:06:9b:3d:b0:b0:04:20:17:3f:50:30:bd:03:02:83:13:7c:5a:c9:57:85:46:21:34:4f:12:6e:35:de:ef:7d:23:12:18:ae:6c:67:eb:58:4a:77:a2:73:d1:fa:b2:61:7f:c3:7b:78:85:4f:b1:be:8c:2a:47:03:75:cd:17:00:b5:dc:bd:ad:56:3e:e8:30:be:e7:ab:7a:1c:73:01:6e:7a:0e:4c:6c:16:00:48:9e:4b:e6:2e:b6:58:59:a0:ea:f3:3b:fa:eb:96:16:3d:2c:07:5f:01:49:ab:c1:a5:b4:8b:36:ea:15:81:a0:79:a1:6e:66:3d:ce:f9:14:10:fc:55:23:66:c0:ae:ca:67:ca:69:dc:6e:fc:6e:29:db:be:d5:77:de:2b:d0:11:ce:92:87:1e:15:9e:06:44:65:07:cd:cf:52:e6:6f:e7:2e:12:5b:e5:5f:cd:b0:40:4a:00:1a:23:90:2c:64:b5:73:ce:43:d4:3f:11:da:c9:fb:6e:c4:e0:c3:f9:87:34:de:0f:c6:75:ff:ee:79:63:a5:b7:63:05:40:84:05:d0:f7:1e:9d:e6:3c:03:61:b1:21:20:1e:8f:2a:26:bd:b4:d5:5b:bf:8c:ce:d0:5a:c9:17:f4:66:f5:a6:47:5f:33:ad:b4:9d:ea:93:ba:5b:30:3b:65:14:14:d2:86:06:3b:a8:dc:41:ee:eb:32:f9:e4:37:2b:1d:89:32:3f:c0:e5:56:47:ad:aa:6d:1e:14:72:cd:6a:0b:2f:ca:29:0d:08:25:4d:5e:43:7a:ad:ed:86:52:ea:ec:84:c3:f4:77:f8:db:04:e6:2f:d6:bd:13:40:c9:db:14:73:63:21:e0:24:c2:52:a0:e2:59:1f:b8:d2:d2:be:a8:ad:ab:75:59:53:05:fd:28:e2:a9:d9:9a:0a:78:6a:66:e2:5c:e3:a8:9c:d1:4f:54:ff:f2:48:9a:b4:79:93:3f:b0:72:23:73:11:b1:2c:91:4b:7d:62:d9:45:67:d3:5f:ca:cb:7d:cb:d1:04:70:74:e0:08:7a:4c:0e:24:a9:43:42:db:5d:9a:50:8c:24:6a:5b:a3:27:02:f6:2e:b8:74:19:b7:84:a2:f1:a6:f8:1c:d4:6f:c3:fc:e6:0a:da:3b:8a:23:6b:c7:38:1d:74:8f:e2:73:f3:a2:bf:d6:81:56:b1:a4:de:9a:12:c3:f0:71:e4:3f:44:a0:02:64:a6:71:b5:0d:3d:92:ec:b0:92:f0:ee:d7:fb:f9:64:3c:09:36:6e:13:c4:9d:79:95:09:f0:66:b3:ed:fb:da:7c:81:6d:77:de:db:da:87:21:39:cf:1e:68:c8:a6:6f:3c:ce:cf:73:ac:1d:d9:14:be:80:a9:33:11:39:9b:25:29:27:6d:7f:93:8c:8a:90:44:71:5e:82:3b:63:cd:62:e3:ad:bf:a7:f3:01:8a:5d:42:6c:b4:96:e0:41:40:fb:84:9f:13:7b:67:b3:71:66:17:9d:a6:ef:f8:d4:44:4c:95:a0:be:2a:75:f6:60:7e:73:12:34:c1:da:57:39:3f:ba:46:e1:e6:9f:de:25:db:a0:36:0b:ef:0a:97:6b:65:57:d7:98:4b:79:5c:ac:0e:23:90:c8:34:38:fd:88:1b:4a:18:7a:31:2e:94:0c:c4:4f:d0:bd:1b:12:3e:75:29:77:5d:5a:33:04:84:72:47:c7:ff:42:3e:ef:9d:19:83:9e:ad:52:19:98:62:8c:eb:6a:d2:3d:c3:25:00:c5:db:99:c1:3a:7d:22:36:c9:6f:7f:3c:37:0f:21:a3:b7:40:85:d7:11:6b:f3:5d:a2:58:1f:d9:ff:63:06:a1:91:bc:79:23:85:eb:e4:01:2f:46:3b:b7:c6:32:02:c8:8c:fe:7a:9c:ac:ab:a8:63:cb:07:17:bc:9d:24:a4:6a:7a:87:25:4a:a8:3a:d8:c3:59:39:c9:dc:36:77:b1:2f:84:fd:70:07:39:1c:7e:b4:8f:23:38:52:a7:a5:1e:30:50:5b:66:5b:bf:3e:37:f0:21:4f:cc:94:af:76:a5:a3:61:40:4f:0f:f4:78:7f:94:01:75:eb:e9:91:d1:81:53:37:5c:9d:b0:29:e1:4a:cf:09:83:19:56:e3:44:81:57:72:0b:14:f9:6b:80:22:9f:fa:a1:b1:7c:56:00:d4:0e:8f:18:78:8d:2a:42:ae:b7:5b:1e:0a:61:9d:bc:a0:f9:07:12:fc:f6:61:36:94:9f:62:9a:df:cf:cb:a9:ce:f5:15:69:ac:3a:b2:fe:ae:08:4f:2f:ce:d4:7b:73:13:41:1f:4f:32:c7:59:25:94:b6:e5:ab:dd:5f:fb:f7:85:f6:ec:18:a3:ab:68:2f:96:11:62:53:22:31:30:44:a6:76:d6:26:48:ad:12:75:96:e5:6b:27:c4:05:ed:5b:3f:65:48:d0:d5:8b:79:84:02:30:e4:5d:9c:48:6b:3e:ac:19:39:91:2e:5d:79:d5:9e:81:50:69:da:45:ee:65:10:7a:98:fa:49:18:24:25:8f:1d:d4:04:d7:45:db:00:64:78:02:b2:cc:e9:db:78:a7:77:e9:26:cd:ce:ea:3e:dc:f3:47:a7:06:27:47:fb:f3:76:9c:52:61:8c:31:c6:7b:11:e8:9a:7c:21:d1:a9:18:4f:83:9a:58:2d:cb:c8:9d:90:f9:3a:8b:d5:59:81:f6:39:24:9a:ad:ab:d3:9a:83:d6:cf:00:1f:f6:02:64:b2:9f:32:d6:21:1a:a5:50:b5:e7:2b" - }, - "tcp.segments": { - "tcp.segment": "5093", - "tcp.segment": "5095", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1848", - "tcp.reassembled.data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:39:36:22:2c:20:4e:6f:6e:63:65:3d:22:6c:5a:59:6d:74:73:41:6f:2b:51:2b:39:49:4e:55:49:73:41:71:48:35:67:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:71:37:67:57:54:36:61:55:4c:45:76:43:32:68:43:5a:64:6f:33:59:6c:67:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a:d2:1b:6d:bc:fd:dd:25:a5:2b:e2:bd:ff:cb:be:a9:d2:74:1a:c5:af:64:f9:21:3d:1f:a0:43:5e:c4:e6:9b:cd:f9:fe:e4:1f:fa:9a:32:68:4b:b1:01:48:35:c1:2a:3c:5a:47:bd:11:b7:3a:6d:a7:26:ce:ee:87:b7:51:e5:50:90:1e:26:57:a8:e0:7d:74:2e:d7:22:d4:ac:28:3c:c9:02:b8:6b:81:ec:76:59:bd:29:a1:d7:e1:4d:38:cd:04:4e:c4:19:7e:18:fd:56:3f:51:7b:2a:b1:cc:a4:ec:ed:96:b6:7d:a5:e0:c0:3f:43:54:1f:da:e1:3b:d3:b1:4e:c8:54:76:7d:ea:71:09:48:ac:f4:2a:00:a5:71:93:23:e0:ed:e4:e9:b4:37:ab:5f:44:a0:19:b4:b9:aa:51:bd:fa:51:d9:ce:9e:39:ab:00:0a:26:fd:6b:3c:84:10:8f:79:1a:96:b4:2a:d2:e5:41:14:99:ea:95:c1:31:0b:c6:c0:25:f7:24:06:9b:3d:b0:b0:04:20:17:3f:50:30:bd:03:02:83:13:7c:5a:c9:57:85:46:21:34:4f:12:6e:35:de:ef:7d:23:12:18:ae:6c:67:eb:58:4a:77:a2:73:d1:fa:b2:61:7f:c3:7b:78:85:4f:b1:be:8c:2a:47:03:75:cd:17:00:b5:dc:bd:ad:56:3e:e8:30:be:e7:ab:7a:1c:73:01:6e:7a:0e:4c:6c:16:00:48:9e:4b:e6:2e:b6:58:59:a0:ea:f3:3b:fa:eb:96:16:3d:2c:07:5f:01:49:ab:c1:a5:b4:8b:36:ea:15:81:a0:79:a1:6e:66:3d:ce:f9:14:10:fc:55:23:66:c0:ae:ca:67:ca:69:dc:6e:fc:6e:29:db:be:d5:77:de:2b:d0:11:ce:92:87:1e:15:9e:06:44:65:07:cd:cf:52:e6:6f:e7:2e:12:5b:e5:5f:cd:b0:40:4a:00:1a:23:90:2c:64:b5:73:ce:43:d4:3f:11:da:c9:fb:6e:c4:e0:c3:f9:87:34:de:0f:c6:75:ff:ee:79:63:a5:b7:63:05:40:84:05:d0:f7:1e:9d:e6:3c:03:61:b1:21:20:1e:8f:2a:26:bd:b4:d5:5b:bf:8c:ce:d0:5a:c9:17:f4:66:f5:a6:47:5f:33:ad:b4:9d:ea:93:ba:5b:30:3b:65:14:14:d2:86:06:3b:a8:dc:41:ee:eb:32:f9:e4:37:2b:1d:89:32:3f:c0:e5:56:47:ad:aa:6d:1e:14:72:cd:6a:0b:2f:ca:29:0d:08:25:4d:5e:43:7a:ad:ed:86:52:ea:ec:84:c3:f4:77:f8:db:04:e6:2f:d6:bd:13:40:c9:db:14:73:63:21:e0:24:c2:52:a0:e2:59:1f:b8:d2:d2:be:a8:ad:ab:75:59:53:05:fd:28:e2:a9:d9:9a:0a:78:6a:66:e2:5c:e3:a8:9c:d1:4f:54:ff:f2:48:9a:b4:79:93:3f:b0:72:23:73:11:b1:2c:91:4b:7d:62:d9:45:67:d3:5f:ca:cb:7d:cb:d1:04:70:74:e0:08:7a:4c:0e:24:a9:43:42:db:5d:9a:50:8c:24:6a:5b:a3:27:02:f6:2e:b8:74:19:b7:84:a2:f1:a6:f8:1c:d4:6f:c3:fc:e6:0a:da:3b:8a:23:6b:c7:38:1d:74:8f:e2:73:f3:a2:bf:d6:81:56:b1:a4:de:9a:12:c3:f0:71:e4:3f:44:a0:02:64:a6:71:b5:0d:3d:92:ec:b0:92:f0:ee:d7:fb:f9:64:3c:09:36:6e:13:c4:9d:79:95:09:f0:66:b3:ed:fb:da:7c:81:6d:77:de:db:da:87:21:39:cf:1e:68:c8:a6:6f:3c:ce:cf:73:ac:1d:d9:14:be:80:a9:33:11:39:9b:25:29:27:6d:7f:93:8c:8a:90:44:71:5e:82:3b:63:cd:62:e3:ad:bf:a7:f3:01:8a:5d:42:6c:b4:96:e0:41:40:fb:84:9f:13:7b:67:b3:71:66:17:9d:a6:ef:f8:d4:44:4c:95:a0:be:2a:75:f6:60:7e:73:12:34:c1:da:57:39:3f:ba:46:e1:e6:9f:de:25:db:a0:36:0b:ef:0a:97:6b:65:57:d7:98:4b:79:5c:ac:0e:23:90:c8:34:38:fd:88:1b:4a:18:7a:31:2e:94:0c:c4:4f:d0:bd:1b:12:3e:75:29:77:5d:5a:33:04:84:72:47:c7:ff:42:3e:ef:9d:19:83:9e:ad:52:19:98:62:8c:eb:6a:d2:3d:c3:25:00:c5:db:99:c1:3a:7d:22:36:c9:6f:7f:3c:37:0f:21:a3:b7:40:85:d7:11:6b:f3:5d:a2:58:1f:d9:ff:63:06:a1:91:bc:79:23:85:eb:e4:01:2f:46:3b:b7:c6:32:02:c8:8c:fe:7a:9c:ac:ab:a8:63:cb:07:17:bc:9d:24:a4:6a:7a:87:25:4a:a8:3a:d8:c3:59:39:c9:dc:36:77:b1:2f:84:fd:70:07:39:1c:7e:b4:8f:23:38:52:a7:a5:1e:30:50:5b:66:5b:bf:3e:37:f0:21:4f:cc:94:af:76:a5:a3:61:40:4f:0f:f4:78:7f:94:01:75:eb:e9:91:d1:81:53:37:5c:9d:b0:29:e1:4a:cf:09:83:19:56:e3:44:81:57:72:0b:14:f9:6b:80:22:9f:fa:a1:b1:7c:56:00:d4:0e:8f:18:78:8d:2a:42:ae:b7:5b:1e:0a:61:9d:bc:a0:f9:07:12:fc:f6:61:36:94:9f:62:9a:df:cf:cb:a9:ce:f5:15:69:ac:3a:b2:fe:ae:08:4f:2f:ce:d4:7b:73:13:41:1f:4f:32:c7:59:25:94:b6:e5:ab:dd:5f:fb:f7:85:f6:ec:18:a3:ab:68:2f:96:11:62:53:22:31:30:44:a6:76:d6:26:48:ad:12:75:96:e5:6b:27:c4:05:ed:5b:3f:65:48:d0:d5:8b:79:84:02:30:e4:5d:9c:48:6b:3e:ac:19:39:91:2e:5d:79:d5:9e:81:50:69:da:45:ee:65:10:7a:98:fa:49:18:24:25:8f:1d:d4:04:d7:45:db:00:64:78:02:b2:cc:e9:db:78:a7:77:e9:26:cd:ce:ea:3e:dc:f3:47:a7:06:27:47:fb:f3:76:9c:52:61:8c:31:c6:7b:11:e8:9a:7c:21:d1:a9:18:4f:83:9a:58:2d:cb:c8:9d:90:f9:3a:8b:d5:59:81:f6:39:24:9a:ad:ab:d3:9a:83:d6:cf:00:1f:f6:02:64:b2:9f:32:d6:21:1a:a5:50:b5:e7:2b" - }, - "http": { - "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "POST", - "http.request.uri": "\/DcpRequestHandler\/index.ashx", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "dcp.cpp.philips.com:80", - "http.request.line": "Host: dcp.cpp.philips.com:80\r\n", - "http.authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"196\", Nonce=\"lZYmtsAo+Q+9INUIsAqH5g==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"q7gWT6aULEvC2hCZdo3Ylg==\"", - "http.request.line": "Authorization: CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"196\", Nonce=\"lZYmtsAo+Q+9INUIsAqH5g==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"q7gWT6aULEvC2hCZdo3Ylg==\"\r\n", - "http.content_length_header": "1248 ", - "http.content_length_header_tree": { - "http.content_length": "1248" - }, - "http.request.line": "Content-Length: 1248 \r\n", - "http.content_type": "application\/CB-Encrypted; cipher=AES", - "http.request.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", - "http.connection": "close", - "http.request.line": "Connection: close\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/dcp.cpp.philips.com:80\/DcpRequestHandler\/index.ashx", - "http.request": "1", - "http.request_number": "1", - "http.file_data": "\u00ef\u00bf\u00bd\u001bm\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd%\u00ef\u00bf\u00bd+\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdt\u001a\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdd\u00ef\u00bf\u00bd!=\u001f\u00ef\u00bf\u00bdC^\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd2hK\u00ef\u00bf\u00bd\u0001H5\u00ef\u00bf\u00bd*<ZG\u00ef\u00bf\u00bd\u0011\u00ef\u00bf\u00bd:m\u00ef\u00bf\u00bd&\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdQ\u00ef\u00bf\u00bdP\u00ef\u00bf\u00bd\u001e&W\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd}t.\u00ef\u00bf\u00bd\"\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd(<\u00ef\u00bf\u00bd\u0002\u00ef\u00bf\u00bdk\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdvY\u00ef\u00bf\u00bd)\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdM8\u00ef\u00bf\u00bd\u0004N\u00ef\u00bf\u00bd\u0019~\u0018\u00ef\u00bf\u00bdV?Q{*\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd}\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd?CT\u001f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd;\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdN\u00ef\u00bf\u00bdTv}\u00ef\u00bf\u00bdq\tH\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd*" - }, - "media": { - "media.type": "d2:1b:6d:bc:fd:dd:25:a5:2b:e2:bd:ff:cb:be:a9:d2:74:1a:c5:af:64:f9:21:3d:1f:a0:43:5e:c4:e6:9b:cd:f9:fe:e4:1f:fa:9a:32:68:4b:b1:01:48:35:c1:2a:3c:5a:47:bd:11:b7:3a:6d:a7:26:ce:ee:87:b7:51:e5:50:90:1e:26:57:a8:e0:7d:74:2e:d7:22:d4:ac:28:3c:c9:02:b8:6b:81:ec:76:59:bd:29:a1:d7:e1:4d:38:cd:04:4e:c4:19:7e:18:fd:56:3f:51:7b:2a:b1:cc:a4:ec:ed:96:b6:7d:a5:e0:c0:3f:43:54:1f:da:e1:3b:d3:b1:4e:c8:54:76:7d:ea:71:09:48:ac:f4:2a:00:a5:71:93:23:e0:ed:e4:e9:b4:37:ab:5f:44:a0:19:b4:b9:aa:51:bd:fa:51:d9:ce:9e:39:ab:00:0a:26:fd:6b:3c:84:10:8f:79:1a:96:b4:2a:d2:e5:41:14:99:ea:95:c1:31:0b:c6:c0:25:f7:24:06:9b:3d:b0:b0:04:20:17:3f:50:30:bd:03:02:83:13:7c:5a:c9:57:85:46:21:34:4f:12:6e:35:de:ef:7d:23:12:18:ae:6c:67:eb:58:4a:77:a2:73:d1:fa:b2:61:7f:c3:7b:78:85:4f:b1:be:8c:2a:47:03:75:cd:17:00:b5:dc:bd:ad:56:3e:e8:30:be:e7:ab:7a:1c:73:01:6e:7a:0e:4c:6c:16:00:48:9e:4b:e6:2e:b6:58:59:a0:ea:f3:3b:fa:eb:96:16:3d:2c:07:5f:01:49:ab:c1:a5:b4:8b:36:ea:15:81:a0:79:a1:6e:66:3d:ce:f9:14:10:fc:55:23:66:c0:ae:ca:67:ca:69:dc:6e:fc:6e:29:db:be:d5:77:de:2b:d0:11:ce:92:87:1e:15:9e:06:44:65:07:cd:cf:52:e6:6f:e7:2e:12:5b:e5:5f:cd:b0:40:4a:00:1a:23:90:2c:64:b5:73:ce:43:d4:3f:11:da:c9:fb:6e:c4:e0:c3:f9:87:34:de:0f:c6:75:ff:ee:79:63:a5:b7:63:05:40:84:05:d0:f7:1e:9d:e6:3c:03:61:b1:21:20:1e:8f:2a:26:bd:b4:d5:5b:bf:8c:ce:d0:5a:c9:17:f4:66:f5:a6:47:5f:33:ad:b4:9d:ea:93:ba:5b:30:3b:65:14:14:d2:86:06:3b:a8:dc:41:ee:eb:32:f9:e4:37:2b:1d:89:32:3f:c0:e5:56:47:ad:aa:6d:1e:14:72:cd:6a:0b:2f:ca:29:0d:08:25:4d:5e:43:7a:ad:ed:86:52:ea:ec:84:c3:f4:77:f8:db:04:e6:2f:d6:bd:13:40:c9:db:14:73:63:21:e0:24:c2:52:a0:e2:59:1f:b8:d2:d2:be:a8:ad:ab:75:59:53:05:fd:28:e2:a9:d9:9a:0a:78:6a:66:e2:5c:e3:a8:9c:d1:4f:54:ff:f2:48:9a:b4:79:93:3f:b0:72:23:73:11:b1:2c:91:4b:7d:62:d9:45:67:d3:5f:ca:cb:7d:cb:d1:04:70:74:e0:08:7a:4c:0e:24:a9:43:42:db:5d:9a:50:8c:24:6a:5b:a3:27:02:f6:2e:b8:74:19:b7:84:a2:f1:a6:f8:1c:d4:6f:c3:fc:e6:0a:da:3b:8a:23:6b:c7:38:1d:74:8f:e2:73:f3:a2:bf:d6:81:56:b1:a4:de:9a:12:c3:f0:71:e4:3f:44:a0:02:64:a6:71:b5:0d:3d:92:ec:b0:92:f0:ee:d7:fb:f9:64:3c:09:36:6e:13:c4:9d:79:95:09:f0:66:b3:ed:fb:da:7c:81:6d:77:de:db:da:87:21:39:cf:1e:68:c8:a6:6f:3c:ce:cf:73:ac:1d:d9:14:be:80:a9:33:11:39:9b:25:29:27:6d:7f:93:8c:8a:90:44:71:5e:82:3b:63:cd:62:e3:ad:bf:a7:f3:01:8a:5d:42:6c:b4:96:e0:41:40:fb:84:9f:13:7b:67:b3:71:66:17:9d:a6:ef:f8:d4:44:4c:95:a0:be:2a:75:f6:60:7e:73:12:34:c1:da:57:39:3f:ba:46:e1:e6:9f:de:25:db:a0:36:0b:ef:0a:97:6b:65:57:d7:98:4b:79:5c:ac:0e:23:90:c8:34:38:fd:88:1b:4a:18:7a:31:2e:94:0c:c4:4f:d0:bd:1b:12:3e:75:29:77:5d:5a:33:04:84:72:47:c7:ff:42:3e:ef:9d:19:83:9e:ad:52:19:98:62:8c:eb:6a:d2:3d:c3:25:00:c5:db:99:c1:3a:7d:22:36:c9:6f:7f:3c:37:0f:21:a3:b7:40:85:d7:11:6b:f3:5d:a2:58:1f:d9:ff:63:06:a1:91:bc:79:23:85:eb:e4:01:2f:46:3b:b7:c6:32:02:c8:8c:fe:7a:9c:ac:ab:a8:63:cb:07:17:bc:9d:24:a4:6a:7a:87:25:4a:a8:3a:d8:c3:59:39:c9:dc:36:77:b1:2f:84:fd:70:07:39:1c:7e:b4:8f:23:38:52:a7:a5:1e:30:50:5b:66:5b:bf:3e:37:f0:21:4f:cc:94:af:76:a5:a3:61:40:4f:0f:f4:78:7f:94:01:75:eb:e9:91:d1:81:53:37:5c:9d:b0:29:e1:4a:cf:09:83:19:56:e3:44:81:57:72:0b:14:f9:6b:80:22:9f:fa:a1:b1:7c:56:00:d4:0e:8f:18:78:8d:2a:42:ae:b7:5b:1e:0a:61:9d:bc:a0:f9:07:12:fc:f6:61:36:94:9f:62:9a:df:cf:cb:a9:ce:f5:15:69:ac:3a:b2:fe:ae:08:4f:2f:ce:d4:7b:73:13:41:1f:4f:32:c7:59:25:94:b6:e5:ab:dd:5f:fb:f7:85:f6:ec:18:a3:ab:68:2f:96:11:62:53:22:31:30:44:a6:76:d6:26:48:ad:12:75:96:e5:6b:27:c4:05:ed:5b:3f:65:48:d0:d5:8b:79:84:02:30:e4:5d:9c:48:6b:3e:ac:19:39:91:2e:5d:79:d5:9e:81:50:69:da:45:ee:65:10:7a:98:fa:49:18:24:25:8f:1d:d4:04:d7:45:db:00:64:78:02:b2:cc:e9:db:78:a7:77:e9:26:cd:ce:ea:3e:dc:f3:47:a7:06:27:47:fb:f3:76:9c:52:61:8c:31:c6:7b:11:e8:9a:7c:21:d1:a9:18:4f:83:9a:58:2d:cb:c8:9d:90:f9:3a:8b:d5:59:81:f6:39:24:9a:ad:ab:d3:9a:83:d6:cf:00:1f:f6:02:64:b2:9f:32:d6:21:1a:a5:50:b5:e7:2b" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:15.229733000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495075.229733000", - "frame.time_delta": "0.135980000", - "frame.time_delta_displayed": "0.135980000", - "frame.time_relative": "1483.769047000", - "frame.number": "5096", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000f212", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x000098c8", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35307", - "tcp.port": "80", - "tcp.port": "35307", - "tcp.stream": "187", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1849", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000487a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5095", - "tcp.analysis.ack_rtt": "0.135980000", - "tcp.analysis.initial_rtt": "0.136203000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:15.268515000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495075.268515000", - "frame.time_delta": "0.038782000", - "frame.time_delta_displayed": "0.038782000", - "frame.time_relative": "1483.807829000", - "frame.number": "5097", - "frame.len": "925", - "frame.cap_len": "925", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:media" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "911", - "ip.id": "0x000001a4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x000085d0", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35307", - "tcp.port": "80", - "tcp.port": "35307", - "tcp.stream": "187", - "tcp.len": "871", - "tcp.seq": "1", - "tcp.nxtseq": "872", - "tcp.ack": "1849", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00007f95", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.136203000", - "tcp.analysis.bytes_in_flight": "871", - "tcp.analysis.push_bytes_sent": "871" - } - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.cache_control": "private", - "http.response.line": "Cache-Control: private\r\n", - "http.content_length_header": "560", - "http.content_length_header_tree": { - "http.content_length": "560" - }, - "http.response.line": "Content-Length: 560\r\n", - "http.content_type": "application\/CB-Encrypted; cipher=AES", - "http.response.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", - "http.server": "Microsoft-IIS\/7.5", - "http.response.line": "Server: Microsoft-IIS\/7.5\r\n", - "http.www_authenticate": "CBAuth Nonce=\"yD9CZboPLxG9INUIPNnxbw==\"", - "http.response.line": "WWW-Authenticate: CBAuth Nonce=\"yD9CZboPLxG9INUIPNnxbw==\"\r\n", - "http.response.line": "X-AspNet-Version: 4.0.30319\r\n", - "http.response.line": "X-Powered-By: ASP.NET\r\n", - "http.date": "Wed, 01 Nov 2017 00:11:14 GMT", - "http.response.line": "Date: Wed, 01 Nov 2017 00:11:14 GMT\r\n", - "http.connection": "close", - "http.response.line": "Connection: close\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.174762000", - "http.request_in": "5095", - "http.file_data": "\u00ef\u00bf\u00bd\u001bm\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd%\u00ef\u00bf\u00bd+\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdt\u001a\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdd\u00ef\u00bf\u00bd!=\u001f\u00ef\u00bf\u00bdC^\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd^\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdI\u0016\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001b\r\u00ef\u00bf\u00bdEh\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0014\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdr\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd1\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdy\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdt\u007fn\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdbA+\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd;\u00ef\u00bf\u00bd`}\u00ef\u00bf\u00bd{\ra)\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\f\u0011\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u000e\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd[\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u000b\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001a\u00ef\u00bf\u00bd{\u00ef\u00bf\u00bd(\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdc\u00ef\u00bf\u00bd!\u0006\u001ah\u0011\u00ef\u00bf\u00bd=j^\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd" - }, - "media": { - "media.type": "d2:1b:6d:bc:fd:dd:25:a5:2b:e2:bd:ff:cb:be:a9:d2:74:1a:c5:af:64:f9:21:3d:1f:a0:43:5e:c4:e6:9b:cd:5e:8d:ad:49:16:8d:96:1b:0d:e7:45:68:db:a1:0c:bb:f3:14:ee:9a:a2:72:f3:ea:31:9c:f3:84:fe:fa:79:f5:b3:bb:74:7f:6e:89:a8:62:41:2b:eb:cf:3b:b4:60:7d:9a:7b:0d:61:29:96:a2:0c:11:83:bf:91:0e:ef:f8:b4:8a:5b:e2:8b:0b:ee:b1:1a:db:7b:b4:28:d6:ca:63:bb:21:06:1a:68:11:ee:3d:6a:5e:d0:d4:00:95:09:3f:15:6c:76:90:ce:3d:b6:36:97:e6:ae:d5:c2:7a:19:b6:bc:9f:f5:c2:16:73:a3:60:8b:23:97:95:1a:e9:40:c3:03:bd:c1:d7:db:64:46:d2:f1:84:a4:07:af:dd:4e:a8:71:4f:d3:0d:d2:d2:bf:af:36:8e:ee:69:b6:ba:6c:2f:f5:31:5e:fb:aa:97:99:65:a9:09:59:b4:5d:29:e1:f0:9d:69:b7:44:f7:5b:f3:44:6c:e9:b5:12:b0:f5:16:d6:dc:de:55:a5:18:51:09:fd:b5:dd:ba:7b:a6:62:ea:a6:cb:e2:70:44:17:8f:4e:59:4a:a9:eb:c0:cc:19:6d:e2:e9:21:e8:8b:66:32:94:da:aa:9a:19:3b:b1:56:08:3f:25:2b:24:37:a6:5b:33:93:a3:94:19:45:50:af:9e:4e:ed:b8:7b:dc:dd:75:cb:51:9d:97:5b:e0:0a:72:15:4c:ee:5c:f3:01:53:66:d1:d0:64:9a:30:cb:f0:c2:3e:5e:f0:9b:ee:74:bb:e8:8f:6e:54:8f:ec:fb:e7:61:b2:aa:f0:40:b3:ea:7a:43:fa:f4:71:4a:e4:1b:29:79:b2:4c:a7:d0:46:7a:9e:39:f3:ea:36:e8:6c:bc:a3:46:b0:91:d2:94:45:08:de:96:6c:55:e0:ae:c2:ae:ca:b1:a7:4c:43:88:c5:c2:7f:4a:51:8e:97:78:41:ed:75:4e:9d:27:f6:f7:cd:37:92:a0:5b:ff:35:18:14:a9:50:bf:c9:fe:dd:e2:68:0b:32:af:c8:23:ae:77:d6:7a:d8:87:c1:ad:5a:73:2b:98:07:93:68:1e:4d:89:94:d4:b4:b2:eb:e0:6c:48:0c:d7:d6:af:fb:f4:2c:b2:e8:97:a4:f4:8f:c4:3d:e6:b6:71:1d:85:f1:22:93:25:5d:8d:61:1f:9b:0a:9e:95:a5:55:01:d1:1a:c2:40:53:ee:91:e4:24:78:a3:bc:bc:47:ca:cb:58:6e:8b:d7:13:35:cd:0c:68:7c:7a:01:42:be:ba:07:c3:7c:cb:f6:25:a8:c4:52:cb:f1:c1:9e:b2:56:17:8f:09:30:cb:18:00:a9:45:a0:f3:57:5d:25:9d:2f:ee:d5:fc:61:d8:17:15:eb:12:65:09:7f:6e:da" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:15.268606000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495075.268606000", - "frame.time_delta": "0.000091000", - "frame.time_delta_displayed": "0.000091000", - "frame.time_relative": "1483.807920000", - "frame.number": "5098", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000001a6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x00008935", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35307", - "tcp.port": "80", - "tcp.port": "35307", - "tcp.stream": "187", - "tcp.len": "0", - "tcp.seq": "872", - "tcp.ack": "1849", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00004512", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:15.269088000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495075.269088000", - "frame.time_delta": "0.000482000", - "frame.time_delta_displayed": "0.000482000", - "frame.time_relative": "1483.808402000", - "frame.number": "5099", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000554e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e08d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35307", - "tcp.dstport": "80", - "tcp.port": "35307", - "tcp.port": "80", - "tcp.stream": "187", - "tcp.len": "0", - "tcp.seq": "1849", - "tcp.ack": "872", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "30485", - "tcp.window_size": "30485", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000e561", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5097", - "tcp.analysis.ack_rtt": "0.000573000", - "tcp.analysis.initial_rtt": "0.136203000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:15.269821000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495075.269821000", - "frame.time_delta": "0.000733000", - "frame.time_delta_displayed": "0.000733000", - "frame.time_relative": "1483.809135000", - "frame.number": "5100", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000554f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e08c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35307", - "tcp.dstport": "80", - "tcp.port": "35307", - "tcp.port": "80", - "tcp.stream": "187", - "tcp.len": "0", - "tcp.seq": "1849", - "tcp.ack": "873", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "30485", - "tcp.window_size": "30485", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000e55f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5098", - "tcp.analysis.ack_rtt": "0.001215000", - "tcp.analysis.initial_rtt": "0.136203000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:15.405472000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495075.405472000", - "frame.time_delta": "0.135651000", - "frame.time_delta_displayed": "0.135651000", - "frame.time_relative": "1483.944786000", - "frame.number": "5101", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00003ca0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x00004e3b", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35307", - "tcp.port": "80", - "tcp.port": "35307", - "tcp.stream": "187", - "tcp.len": "0", - "tcp.seq": "873", - "tcp.ack": "1850", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00004511", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5100", - "tcp.analysis.ack_rtt": "0.135651000", - "tcp.analysis.initial_rtt": "0.136203000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:16.520157000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495076.520157000", - "frame.time_delta": "1.114685000", - "frame.time_delta_displayed": "1.114685000", - "frame.time_relative": "1485.059471000", - "frame.number": "5102", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.160" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:16.520556000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495076.520556000", - "frame.time_delta": "0.000399000", - "frame.time_delta_displayed": "0.000399000", - "frame.time_relative": "1485.059870000", - "frame.number": "5103", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "00:17:88:69:ee:e4", - "arp.src.proto_ipv4": "192.168.0.160", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:17.653983000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495077.653983000", - "frame.time_delta": "1.133427000", - "frame.time_delta_displayed": "1.133427000", - "frame.time_relative": "1486.193297000", - "frame.number": "5104", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001f60", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b890", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00001773", - "udp.checksum.status": "2", - "udp.stream": "98" - }, - "mdns": { - "dns.id": "0x00000282", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=642", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:17.654557000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495077.654557000", - "frame.time_delta": "0.000574000", - "frame.time_delta_displayed": "0.000574000", - "frame.time_relative": "1486.193871000", - "frame.number": "5105", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001f61", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000998b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f86e", - "udp.checksum.status": "2", - "udp.stream": "99" - }, - "mdns": { - "dns.id": "0x00000282", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=642", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:17.654931000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495077.654931000", - "frame.time_delta": "0.000374000", - "frame.time_delta_displayed": "0.000374000", - "frame.time_relative": "1486.194245000", - "frame.number": "5106", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1322", - "udp.dstport": "5353", - "udp.port": "1322", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00008634", - "udp.checksum.status": "2", - "udp.stream": "100" - }, - "mdns": { - "dns.id": "0x00000282", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=642", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:19.158161000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495079.158161000", - "frame.time_delta": "1.503230000", - "frame.time_delta_displayed": "1.503230000", - "frame.time_relative": "1487.697475000", - "frame.number": "5107", - "frame.len": "345", - "frame.cap_len": "345", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "331", - "ip.id": "0x00002d4e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000371a", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "279", - "tcp.seq": "14801", - "tcp.nxtseq": "15080", - "tcp.ack": "66353", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00000781", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:a8:29:00:26:f1:1f", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812323881, TSecr 2552095": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812323881", - "tcp.options.timestamp.tsecr": "2552095" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "279", - "tcp.analysis.push_bytes_sent": "279" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "274", - "ssl.app_data": "34:cd:34:17:47:48:0e:a9:75:75:1f:c9:07:93:75:8b:1c:fa:3a:66:86:51:0f:e6:4d:39:37:81:50:27:3e:57:c1:b4:80:21:5f:38:8d:92:7c:bc:ad:1d:f3:4e:c3:dd:55:2e:75:6d:5c:b5:7d:eb:c9:a1:d9:13:5d:77:ec:c2:9e:59:11:f2:b3:48:d1:e6:15:aa:77:14:88:08:65:3f:f3:01:51:2e:13:16:3f:a8:9c:08:9d:a2:b0:74:be:36:cf:a3:19:b9:dc:b5:c8:e4:e0:35:a4:98:28:f8:32:c4:01:23:7a:c9:71:7d:25:78:c2:3f:a7:7f:ab:c7:80:89:5a:34:43:d5:1f:84:06:47:9a:24:5d:81:5b:25:eb:ec:f6:2f:aa:03:fd:02:88:49:3e:ee:72:98:e1:47:7d:a7:39:06:f8:2a:b0:4e:fb:6f:8e:84:b2:68:9f:7d:bd:47:fb:2b:bf:f4:2f:be:24:0c:a0:17:fd:62:19:e6:1c:58:1b:22:9c:2f:9c:ef:66:48:c3:b8:80:2c:64:0a:fe:bb:e7:5e:9c:62:8f:8b:0b:b9:63:ba:ca:18:06:96:2e:80:c1:96:7a:c9:b5:54:de:f3:a8:0f:a7:31:09:24:39:e7:66:58:c7:e2:c1:62:48:6c:7e:c3:d4:d9:d3:de:75:8e:04:f0:71:61:3a:48:e7:10:51:7d:81:60:c1:db:58:00:ea:2b" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:19.165688000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495079.165688000", - "frame.time_delta": "0.007527000", - "frame.time_delta_displayed": "0.007527000", - "frame.time_relative": "1487.705002000", - "frame.number": "5108", - "frame.len": "119", - "frame.cap_len": "119", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "105", - "ip.id": "0x00009657", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000076f3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "53", - "tcp.seq": "66353", - "tcp.nxtseq": "66406", - "tcp.ack": "15080", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00006680", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:f6:13:a7:a0:a8:29", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2553363, TSecr 2812323881": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2553363", - "tcp.options.timestamp.tsecr": "2812323881" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5107", - "tcp.analysis.ack_rtt": "0.007527000", - "tcp.analysis.bytes_in_flight": "53", - "tcp.analysis.push_bytes_sent": "53" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "48", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:f6:e7:79:94:61:5f:a7:96:de:1f:00:30:30:f4:d5:8f:17:ad:57:d4:02:f8:64:18:02:d0:88:b4:e8:19:fe:61:c8:be:5f:a9:42:83:ed:a2:5f" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:19.226032000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495079.226032000", - "frame.time_delta": "0.060344000", - "frame.time_delta_displayed": "0.060344000", - "frame.time_relative": "1487.765346000", - "frame.number": "5109", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d4f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003830", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "15080", - "tcp.ack": "66406", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000cbed", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:a8:3a:00:26:f6:13", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812323898, TSecr 2553363": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812323898", - "tcp.options.timestamp.tsecr": "2553363" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5108", - "tcp.analysis.ack_rtt": "0.060344000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:19.226706000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495079.226706000", - "frame.time_delta": "0.000674000", - "frame.time_delta_displayed": "0.000674000", - "frame.time_relative": "1487.766020000", - "frame.number": "5110", - "frame.len": "726", - "frame.cap_len": "726", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "712", - "ip.id": "0x00009658", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007493", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "660", - "tcp.seq": "66406", - "tcp.nxtseq": "67066", - "tcp.ack": "15080", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000b6c7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:f6:19:a7:a0:a8:3a", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2553369, TSecr 2812323898": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2553369", - "tcp.options.timestamp.tsecr": "2812323898" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "660", - "tcp.analysis.push_bytes_sent": "660" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:f7:cf:f9:7b:35:53:86:39:49:43:e6:d1:28:0b:b9:ff:af:5b:6a:97:e7:22:8c:de:b5:b7:4b:dd:f5:52:f3:62:cd:13:7b:1c:f9:47:c9:0d:31:d8" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "96", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:f8:67:35:f5:19:e1:28:df:2e:16:d8:98:87:bd:cf:d2:a1:c1:50:17:c6:86:dd:12:de:e4:ae:2f:49:b7:cd:68:e2:f8:aa:be:77:8c:98:cc:46:6d:fa:88:c6:99:02:60:d8:68:09:52:f0:f4:0f:d8:34:bb:bc:34:0f:51:db:30:d2:02:1e:d2:81:54:3f:f8:3e:05:63:53:aa:b2:d1:ca:75:f2:a0:e3:d8:21:aa:f6:f7" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "500", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:f9:67:7a:38:90:07:78:3c:b4:b7:ca:44:0d:ed:1c:76:f6:d4:d5:17:55:1c:ed:f8:ff:a0:f9:67:64:33:66:7d:66:de:af:04:f3:38:80:1f:fc:62:49:68:48:8c:3f:ac:e0:d8:95:cf:ed:a4:ee:13:81:34:2d:9a:b4:c9:c3:fc:44:96:33:40:d6:e4:f7:f6:cc:b5:08:42:6f:97:ca:6e:62:19:da:05:9a:06:ec:9b:b3:22:13:af:09:1c:a6:9c:6b:ff:b3:0b:e2:2b:7b:f3:b7:69:28:00:5b:c1:70:6d:7f:23:a9:bd:20:c7:e3:56:61:fe:ea:62:6c:e5:9b:d3:1e:13:72:d9:09:75:3c:b7:33:2c:b4:c3:d9:bf:85:18:46:15:20:4c:ef:92:b7:40:21:e5:6c:dd:87:cd:25:a9:31:24:33:f4:79:a6:5d:0c:4d:c7:60:83:2b:c6:74:b0:4f:1e:37:01:64:fd:90:65:54:1b:e9:54:67:e2:98:91:48:00:9f:18:69:13:f2:db:d0:75:0b:17:0f:cb:95:ba:44:fb:b1:38:90:8b:a5:14:da:d0:7d:42:8d:8b:c9:f4:39:e2:78:47:c9:40:88:55:5e:e3:39:a9:08:ac:67:36:75:5d:dc:3a:aa:d8:51:4e:1d:60:71:13:cd:58:2e:c9:a7:2c:82:f2:41:ba:5e:69:50:4e:08:b2:62:87:c3:71:db:3e:52:58:1f:f3:2b:8d:93:16:67:63:d4:85:dc:14:b1:cf:ea:83:8e:46:d4:1d:60:aa:86:98:ac:33:0f:7f:85:46:8b:1c:9a:b7:1b:78:e0:31:39:aa:cc:40:6c:e0:3d:96:8b:53:f7:30:37:bd:19:c1:6f:cd:3f:73:1d:23:06:ae:89:7f:5b:aa:c0:6d:bb:5c:55:ff:f2:55:57:13:9c:5b:63:fd:70:41:d8:69:9f:ff:1c:a3:19:03:89:50:84:79:54:26:8b:ae:b7:df:85:d5:be:8f:9b:59:36:96:03:72:4d:00:ec:7e:e9:00:c3:a7:09:4d:e1:92:03:5d:38:cf:ae:5a:a9:35:73:b2:57:92:d3:fc:cc:f8:c6:32:36:1f:55:43:85:af:eb:b9:52:e3:7d:5b:a1:c8:c5:2c:29:a8:b1:d0:d8:46:a9:8d:b3:c4:27:f6:cb:8f:28:89:57:07:22:18:3b:b8:a0:88:8c:24:c4:88:cd:3a:39:00:44:bc:1b:01:33:67:ee:c0:88:52:ef:66:5e:58:99:43:52:68:f5:a7:b9:78:69:b1:f7:b7:c5:af:32" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:19.286800000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495079.286800000", - "frame.time_delta": "0.060094000", - "frame.time_delta_displayed": "0.060094000", - "frame.time_relative": "1487.826114000", - "frame.number": "5111", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d50", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000382f", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "15080", - "tcp.ack": "67066", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000c943", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:a8:4a:00:26:f6:19", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812323914, TSecr 2553369": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812323914", - "tcp.options.timestamp.tsecr": "2553369" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5110", - "tcp.analysis.ack_rtt": "0.060094000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:19.566963000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495079.566963000", - "frame.time_delta": "0.280163000", - "frame.time_delta_displayed": "0.280163000", - "frame.time_relative": "1488.106277000", - "frame.number": "5112", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "106", - "ip.id": "0x00009659", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000076f0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "54", - "tcp.seq": "67066", - "tcp.nxtseq": "67120", - "tcp.ack": "15080", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000006db", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:f6:3c:a7:a0:a8:4a", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2553404, TSecr 2812323914": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2553404", - "tcp.options.timestamp.tsecr": "2812323914" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "54", - "tcp.analysis.push_bytes_sent": "54" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:fa:6a:96:74:3b:6d:fc:d8:18:cd:b1:53:b3:33:22:52:a9:86:02:04:99:cd:34:8e:76:96:12:9c:ef:8d:a3:64:b7:1d:56:cc:17:98:08:71:8d:2d" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:19.627108000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495079.627108000", - "frame.time_delta": "0.060145000", - "frame.time_delta_displayed": "0.060145000", - "frame.time_relative": "1488.166422000", - "frame.number": "5113", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d51", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000382e", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "15080", - "tcp.ack": "67120", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000c895", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:a8:9f:00:26:f6:3c", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812323999, TSecr 2553404": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812323999", - "tcp.options.timestamp.tsecr": "2553404" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5112", - "tcp.analysis.ack_rtt": "0.060145000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:22.653730000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495082.653730000", - "frame.time_delta": "3.026622000", - "frame.time_delta_displayed": "3.026622000", - "frame.time_relative": "1491.193044000", - "frame.number": "5114", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001f64", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b88c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00001773", - "udp.checksum.status": "2", - "udp.stream": "98" - }, - "mdns": { - "dns.id": "0x00000282", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=642", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:22.654662000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495082.654662000", - "frame.time_delta": "0.000932000", - "frame.time_delta_displayed": "0.000932000", - "frame.time_relative": "1491.193976000", - "frame.number": "5115", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001f65", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009987", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f86e", - "udp.checksum.status": "2", - "udp.stream": "99" - }, - "mdns": { - "dns.id": "0x00000282", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=642", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:22.655193000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495082.655193000", - "frame.time_delta": "0.000531000", - "frame.time_delta_displayed": "0.000531000", - "frame.time_relative": "1491.194507000", - "frame.number": "5116", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1322", - "udp.dstport": "5353", - "udp.port": "1322", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00008634", - "udp.checksum.status": "2", - "udp.stream": "100" - }, - "mdns": { - "dns.id": "0x00000282", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=642", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:24.160187000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495084.160187000", - "frame.time_delta": "1.504994000", - "frame.time_delta_displayed": "1.504994000", - "frame.time_relative": "1492.699501000", - "frame.number": "5117", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.242" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:24.160619000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495084.160619000", - "frame.time_delta": "0.000432000", - "frame.time_delta_displayed": "0.000432000", - "frame.time_relative": "1492.699933000", - "frame.number": "5118", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "d0:52:a8:a3:60:0f", - "arp.src.proto_ipv4": "192.168.0.242", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:24.832852000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495084.832852000", - "frame.time_delta": "0.672233000", - "frame.time_delta_displayed": "0.672233000", - "frame.time_relative": "1493.372166000", - "frame.number": "5119", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x0000b8f5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000ffc4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "35550", - "udp.dstport": "53", - "udp.port": "35550", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x00002b2c", - "udp.checksum.status": "2", - "udp.stream": "122" - }, - "dns": { - "dns.id": "0x00000f33", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:24.833710000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495084.833710000", - "frame.time_delta": "0.000858000", - "frame.time_delta_displayed": "0.000858000", - "frame.time_relative": "1493.373024000", - "frame.number": "5120", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x00009425", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00002495", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "35550", - "udp.port": "53", - "udp.port": "35550", - "udp.length": "45", - "udp.checksum": "0x00008230", - "udp.checksum.status": "2", - "udp.stream": "122" - }, - "dns": { - "dns.response_to": "5119", - "dns.time": "0.000858000", - "dns.id": "0x00000f33", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:24.834522000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495084.834522000", - "frame.time_delta": "0.000812000", - "frame.time_delta_displayed": "0.000812000", - "frame.time_relative": "1493.373836000", - "frame.number": "5121", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x0000b8f6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000ffc3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "47757", - "udp.dstport": "53", - "udp.port": "47757", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x0000167c", - "udp.checksum.status": "2", - "udp.stream": "123" - }, - "dns": { - "dns.id": "0x00000f34", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:24.835057000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495084.835057000", - "frame.time_delta": "0.000535000", - "frame.time_delta_displayed": "0.000535000", - "frame.time_relative": "1493.374371000", - "frame.number": "5122", - "frame.len": "95", - "frame.cap_len": "95", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "81", - "ip.id": "0x00009426", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00002484", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "47757", - "udp.port": "53", - "udp.port": "47757", - "udp.length": "61", - "udp.checksum": "0x00008240", - "udp.checksum.status": "2", - "udp.stream": "123" - }, - "dns": { - "dns.response_to": "5121", - "dns.time": "0.000535000", - "dns.id": "0x00000f34", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "1", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { - "dns.resp.name": "dcp.cpp.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2293", - "dns.resp.len": "4", - "dns.a": "5.79.62.93" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:24.836050000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495084.836050000", - "frame.time_delta": "0.000993000", - "frame.time_delta_displayed": "0.000993000", - "frame.time_relative": "1493.375364000", - "frame.number": "5123", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000092d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00002ca3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35308", - "tcp.dstport": "80", - "tcp.port": "35308", - "tcp.port": "80", - "tcp.stream": "188", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000138c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:24.972293000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495084.972293000", - "frame.time_delta": "0.136243000", - "frame.time_delta_displayed": "0.136243000", - "frame.time_relative": "1493.511607000", - "frame.number": "5124", - "frame.len": "62", - "frame.cap_len": "62", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "48", - "ip.id": "0x00002339", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x0000679a", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35308", - "tcp.port": "80", - "tcp.port": "35308", - "tcp.stream": "188", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "28", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "4140", - "tcp.window_size": "4140", - "tcp.checksum": "0x000084f9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:64:04:02:00:00", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1380" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "End of Option List (EOL)": { - "tcp.options.type": "0", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "0" - } - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5123", - "tcp.analysis.ack_rtt": "0.136243000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:24.972828000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495084.972828000", - "frame.time_delta": "0.000535000", - "frame.time_delta_displayed": "0.000535000", - "frame.time_relative": "1493.512142000", - "frame.number": "5125", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000092e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00002cae", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35308", - "tcp.dstport": "80", - "tcp.port": "35308", - "tcp.port": "80", - "tcp.stream": "188", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00004e88", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5124", - "tcp.analysis.ack_rtt": "0.000535000", - "tcp.analysis.initial_rtt": "0.136778000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:24.972842000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495084.972842000", - "frame.time_delta": "0.000014000", - "frame.time_delta_displayed": "0.000014000", - "frame.time_relative": "1493.512156000", - "frame.number": "5126", - "frame.len": "654", - "frame.cap_len": "654", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "640", - "ip.id": "0x0000092f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00002a55", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35308", - "tcp.dstport": "80", - "tcp.port": "35308", - "tcp.port": "80", - "tcp.stream": "188", - "tcp.len": "600", - "tcp.seq": "1", - "tcp.nxtseq": "601", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000ed5e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.136778000", - "tcp.analysis.bytes_in_flight": "600", - "tcp.analysis.push_bytes_sent": "600" - }, - "tcp.segment_data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:39:37:22:2c:20:4e:6f:6e:63:65:3d:22:79:44:39:43:5a:62:6f:50:4c:78:47:39:49:4e:55:49:50:4e:6e:78:62:77:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:51:37:51:42:4e:77:56:44:6e:4e:56:74:66:6a:4a:76:33:32:54:30:76:51:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:25.110395000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495085.110395000", - "frame.time_delta": "0.137553000", - "frame.time_delta_displayed": "0.137553000", - "frame.time_relative": "1493.649709000", - "frame.number": "5127", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005e49", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x00002c92", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35308", - "tcp.port": "80", - "tcp.port": "35308", - "tcp.stream": "188", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "601", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4740", - "tcp.window_size": "4740", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000abbc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5126", - "tcp.analysis.ack_rtt": "0.137553000", - "tcp.analysis.initial_rtt": "0.136778000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:25.111023000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495085.111023000", - "frame.time_delta": "0.000628000", - "frame.time_delta_displayed": "0.000628000", - "frame.time_relative": "1493.650337000", - "frame.number": "5128", - "frame.len": "1302", - "frame.cap_len": "1302", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:media" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1288", - "ip.id": "0x00000930", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000027cc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35308", - "tcp.dstport": "80", - "tcp.port": "35308", - "tcp.port": "80", - "tcp.stream": "188", - "tcp.len": "1248", - "tcp.seq": "601", - "tcp.nxtseq": "1849", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00000332", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.136778000", - "tcp.analysis.bytes_in_flight": "1248", - "tcp.analysis.push_bytes_sent": "1248" - }, - "tcp.segment_data": "be:83:67:a5:4d:0f:66:cc:36:bf:0e:07:83:15:8d:77:d3:1d:42:d5:ee:c2:53:d0:d0:50:fd:c4:59:1a:80:c7:a4:10:58:15:29:6c:72:cd:2f:65:2a:78:9c:06:ad:1d:0f:7f:f6:3e:ee:95:53:e1:9f:85:4b:db:5a:27:9a:b2:8d:99:4d:76:78:bf:fc:73:05:1e:ae:17:9f:0c:c7:d9:67:16:e5:2b:79:5e:3b:e4:c5:be:06:00:9e:75:a6:47:5f:f2:7c:c9:c1:b6:b3:dc:2c:e0:cc:ff:27:1d:73:39:72:dd:b9:f9:e1:d7:5d:14:3e:3e:c1:2d:4f:17:4d:10:61:2a:33:dc:18:98:54:2f:74:d2:0e:33:03:a8:c9:fa:84:94:6b:72:48:df:a0:b9:cd:5b:35:34:cb:7c:fc:ac:c5:d4:2f:60:f7:95:4c:9a:0f:98:62:c7:08:a2:29:cb:e0:f1:0c:e9:c0:af:1e:2d:7e:37:e3:64:fb:7f:d0:4d:ff:3b:0a:2c:31:08:65:1b:17:65:26:d0:1d:57:68:0a:8b:81:d6:9f:84:b1:7e:63:d4:50:49:cf:71:78:39:53:a1:80:9d:4f:ac:08:56:d9:3e:38:92:e0:03:15:d6:ba:6f:aa:0e:26:fc:5d:a6:20:9a:fe:eb:a1:50:83:40:00:68:c0:16:af:dc:57:7d:2c:25:18:27:ac:01:47:1b:7f:a7:a8:77:4f:fc:87:c4:41:92:31:a7:49:87:9b:01:a1:6d:c1:ab:ae:f9:3e:c5:14:9f:e7:69:fd:0f:6a:36:7a:46:4c:40:bd:70:ad:65:4c:b3:93:50:db:c5:4d:e8:fe:c5:86:fa:ee:f0:c8:e3:3e:9c:2c:c5:06:7a:9b:8a:a8:e0:40:bf:44:1e:04:82:58:bf:a9:21:88:59:44:b3:fa:d7:88:5c:cf:3f:be:ed:82:39:33:7b:cc:1f:a1:fb:9a:ab:14:f9:fb:b9:d1:cd:d8:29:48:20:ca:bf:0f:73:2b:b3:23:4e:1b:35:22:36:93:7e:77:87:a1:35:7c:25:91:6c:13:cd:50:03:03:3f:b6:0a:40:d1:a6:62:fc:d1:f9:d3:8d:90:7d:7c:1b:5a:0a:ca:ef:ac:93:d4:c3:9a:87:48:2c:9d:b6:8f:f9:09:fc:9e:68:08:48:e1:0a:4b:21:76:72:29:d6:38:b2:79:06:4d:2e:fc:06:25:29:7e:80:bb:a0:94:f0:e9:dd:91:1d:de:58:1d:b1:27:a3:34:cf:be:5e:20:7c:83:db:4e:f1:7e:a0:34:00:92:56:8e:5c:11:a1:32:b9:bf:59:86:ec:6d:11:85:8c:a8:a4:13:f6:1a:09:6c:7d:43:81:8c:cb:07:22:ae:72:ed:e5:1d:02:82:9b:35:01:a2:a7:87:cd:03:91:4e:19:43:df:7f:bd:7a:c3:ea:0b:6a:87:2a:ce:65:a6:ce:bc:ce:18:f9:98:78:b9:01:ab:9c:50:ba:d0:4c:6f:13:b3:a9:ed:82:d9:f8:ac:74:2d:be:d2:c1:40:a7:11:af:70:d8:15:2d:73:dc:6b:c3:9e:83:c8:d9:f9:f9:9c:33:33:bf:0f:90:0c:20:1a:39:fa:8b:a1:27:9b:e0:68:8c:bf:2e:d8:be:8f:41:9c:1a:45:30:05:91:95:47:93:12:5a:c3:fb:b9:16:b5:3e:00:03:92:bf:75:03:66:68:2a:1c:89:78:29:8e:f8:b6:23:a8:84:f1:d2:9b:11:76:01:29:73:ed:92:5b:1e:3f:31:98:46:a9:b3:32:95:70:fb:2a:9e:9a:1e:50:9e:bf:2f:49:97:56:31:eb:d6:aa:4c:49:e3:87:38:96:6a:80:e8:55:b1:8a:1a:74:24:34:e4:31:79:56:8f:a4:3e:da:4d:31:71:b8:d1:8e:d8:18:47:8f:f3:1f:ec:93:00:31:7e:c3:d6:56:81:5f:b5:6a:83:fc:04:4a:78:bd:20:6e:ea:13:69:d1:bb:6f:f9:09:eb:0f:71:52:00:bd:ce:56:ae:83:4b:cd:67:1a:6a:25:e9:ca:28:9a:5d:5b:40:f6:2c:38:de:4e:d4:e4:a2:1a:31:2f:3f:70:6c:8e:03:9e:e1:ca:ea:6a:bb:c7:6d:9b:89:ac:9a:ca:36:7d:88:5b:94:84:8c:18:ad:d5:42:4a:93:a5:8b:35:42:1c:5c:7d:1b:a4:1b:f6:53:7d:24:84:57:29:9f:d9:34:f0:8c:c3:4e:a5:7c:c8:f5:2b:21:ad:ff:70:86:ab:fd:78:e4:2c:64:c8:4f:6b:28:d6:bc:34:98:e9:b1:b4:95:27:1d:6a:46:33:64:16:75:21:be:12:c7:e8:46:97:b3:e9:79:62:e8:cf:1a:29:3f:8c:d3:b5:11:aa:35:6e:8d:55:d5:9f:ab:5d:db:11:7e:b9:ad:2a:18:9c:4e:a9:72:4a:8d:ad:15:a7:06:a6:cc:b6:43:41:22:5b:9c:fe:fc:41:4c:0c:1a:5e:30:49:e2:32:5d:81:19:24:c1:b8:93:82:23:96:bc:04:71:ee:60:fb:61:be:e8:00:f9:45:9b:62:56:a4:b0:8b:8c:6d:e3:b4:8f:26:ee:e0:4e:19:55:60:0e:5a:01:a8:d7:ec:e9:79:a1:a4:48:e4:90:72:2c:a3:3f:4e:55:c6:8f:81:f0:99:08:ad:52:08:de:d3:db:4f:5e:ad:4e:0b:98:a0:81:9e:46:3c:2b:8f:10:ff:f5:2f:47:39:9a:4e:f3:3d:e0:ed:40:5c:7b:67:c3:0a:67:70:99:9c:c6:ab:ad:e9:1f:e0:14:aa:d7:50:4d:f8:25:56:91:9f:41:fb:cb:51:f2:8d:c9:57:46:ea:26:16:2e:8a:1a:6f:9f:3c:ed:2e:f1:58:20:c6:cc:92:6e:48:37:b2:fc:98:ad:b3:64:77:e5:ea:da:32:4f:c3:7b:26:f8:82:18:bb:7c:98:53:17:65:fa:0c:ab:ef:61:00:32:84:09:cc:2c:97:b0:3c:a0:20:60:47:b5:4d:2f:76:a6:4c:f2:23:06:2b:49:2c:19:42:44:ce:ae:82:81:9f:04:0a:c2:7e:ef:ff:6e:88:18:bc:33:74:d8:11:3a:64:bd:8f:74:cf:45:ce:4a:30:84:10:e7:21:c5:7e:1c:10:99:78:d7:e6:5d:ad:79:02:e7:ca:6e:14:50:42:25:0b:08:0d:af:94:b5:55:bf:73:54:27:c6:ab:9e:ee:b8:0a:81:b9:cb:22:38:02:4a:3c:69:a5:5e:b2:f9:9a:30:5d:9a:31:13" - }, - "tcp.segments": { - "tcp.segment": "5126", - "tcp.segment": "5128", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1848", - "tcp.reassembled.data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:39:37:22:2c:20:4e:6f:6e:63:65:3d:22:79:44:39:43:5a:62:6f:50:4c:78:47:39:49:4e:55:49:50:4e:6e:78:62:77:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:51:37:51:42:4e:77:56:44:6e:4e:56:74:66:6a:4a:76:33:32:54:30:76:51:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a:be:83:67:a5:4d:0f:66:cc:36:bf:0e:07:83:15:8d:77:d3:1d:42:d5:ee:c2:53:d0:d0:50:fd:c4:59:1a:80:c7:a4:10:58:15:29:6c:72:cd:2f:65:2a:78:9c:06:ad:1d:0f:7f:f6:3e:ee:95:53:e1:9f:85:4b:db:5a:27:9a:b2:8d:99:4d:76:78:bf:fc:73:05:1e:ae:17:9f:0c:c7:d9:67:16:e5:2b:79:5e:3b:e4:c5:be:06:00:9e:75:a6:47:5f:f2:7c:c9:c1:b6:b3:dc:2c:e0:cc:ff:27:1d:73:39:72:dd:b9:f9:e1:d7:5d:14:3e:3e:c1:2d:4f:17:4d:10:61:2a:33:dc:18:98:54:2f:74:d2:0e:33:03:a8:c9:fa:84:94:6b:72:48:df:a0:b9:cd:5b:35:34:cb:7c:fc:ac:c5:d4:2f:60:f7:95:4c:9a:0f:98:62:c7:08:a2:29:cb:e0:f1:0c:e9:c0:af:1e:2d:7e:37:e3:64:fb:7f:d0:4d:ff:3b:0a:2c:31:08:65:1b:17:65:26:d0:1d:57:68:0a:8b:81:d6:9f:84:b1:7e:63:d4:50:49:cf:71:78:39:53:a1:80:9d:4f:ac:08:56:d9:3e:38:92:e0:03:15:d6:ba:6f:aa:0e:26:fc:5d:a6:20:9a:fe:eb:a1:50:83:40:00:68:c0:16:af:dc:57:7d:2c:25:18:27:ac:01:47:1b:7f:a7:a8:77:4f:fc:87:c4:41:92:31:a7:49:87:9b:01:a1:6d:c1:ab:ae:f9:3e:c5:14:9f:e7:69:fd:0f:6a:36:7a:46:4c:40:bd:70:ad:65:4c:b3:93:50:db:c5:4d:e8:fe:c5:86:fa:ee:f0:c8:e3:3e:9c:2c:c5:06:7a:9b:8a:a8:e0:40:bf:44:1e:04:82:58:bf:a9:21:88:59:44:b3:fa:d7:88:5c:cf:3f:be:ed:82:39:33:7b:cc:1f:a1:fb:9a:ab:14:f9:fb:b9:d1:cd:d8:29:48:20:ca:bf:0f:73:2b:b3:23:4e:1b:35:22:36:93:7e:77:87:a1:35:7c:25:91:6c:13:cd:50:03:03:3f:b6:0a:40:d1:a6:62:fc:d1:f9:d3:8d:90:7d:7c:1b:5a:0a:ca:ef:ac:93:d4:c3:9a:87:48:2c:9d:b6:8f:f9:09:fc:9e:68:08:48:e1:0a:4b:21:76:72:29:d6:38:b2:79:06:4d:2e:fc:06:25:29:7e:80:bb:a0:94:f0:e9:dd:91:1d:de:58:1d:b1:27:a3:34:cf:be:5e:20:7c:83:db:4e:f1:7e:a0:34:00:92:56:8e:5c:11:a1:32:b9:bf:59:86:ec:6d:11:85:8c:a8:a4:13:f6:1a:09:6c:7d:43:81:8c:cb:07:22:ae:72:ed:e5:1d:02:82:9b:35:01:a2:a7:87:cd:03:91:4e:19:43:df:7f:bd:7a:c3:ea:0b:6a:87:2a:ce:65:a6:ce:bc:ce:18:f9:98:78:b9:01:ab:9c:50:ba:d0:4c:6f:13:b3:a9:ed:82:d9:f8:ac:74:2d:be:d2:c1:40:a7:11:af:70:d8:15:2d:73:dc:6b:c3:9e:83:c8:d9:f9:f9:9c:33:33:bf:0f:90:0c:20:1a:39:fa:8b:a1:27:9b:e0:68:8c:bf:2e:d8:be:8f:41:9c:1a:45:30:05:91:95:47:93:12:5a:c3:fb:b9:16:b5:3e:00:03:92:bf:75:03:66:68:2a:1c:89:78:29:8e:f8:b6:23:a8:84:f1:d2:9b:11:76:01:29:73:ed:92:5b:1e:3f:31:98:46:a9:b3:32:95:70:fb:2a:9e:9a:1e:50:9e:bf:2f:49:97:56:31:eb:d6:aa:4c:49:e3:87:38:96:6a:80:e8:55:b1:8a:1a:74:24:34:e4:31:79:56:8f:a4:3e:da:4d:31:71:b8:d1:8e:d8:18:47:8f:f3:1f:ec:93:00:31:7e:c3:d6:56:81:5f:b5:6a:83:fc:04:4a:78:bd:20:6e:ea:13:69:d1:bb:6f:f9:09:eb:0f:71:52:00:bd:ce:56:ae:83:4b:cd:67:1a:6a:25:e9:ca:28:9a:5d:5b:40:f6:2c:38:de:4e:d4:e4:a2:1a:31:2f:3f:70:6c:8e:03:9e:e1:ca:ea:6a:bb:c7:6d:9b:89:ac:9a:ca:36:7d:88:5b:94:84:8c:18:ad:d5:42:4a:93:a5:8b:35:42:1c:5c:7d:1b:a4:1b:f6:53:7d:24:84:57:29:9f:d9:34:f0:8c:c3:4e:a5:7c:c8:f5:2b:21:ad:ff:70:86:ab:fd:78:e4:2c:64:c8:4f:6b:28:d6:bc:34:98:e9:b1:b4:95:27:1d:6a:46:33:64:16:75:21:be:12:c7:e8:46:97:b3:e9:79:62:e8:cf:1a:29:3f:8c:d3:b5:11:aa:35:6e:8d:55:d5:9f:ab:5d:db:11:7e:b9:ad:2a:18:9c:4e:a9:72:4a:8d:ad:15:a7:06:a6:cc:b6:43:41:22:5b:9c:fe:fc:41:4c:0c:1a:5e:30:49:e2:32:5d:81:19:24:c1:b8:93:82:23:96:bc:04:71:ee:60:fb:61:be:e8:00:f9:45:9b:62:56:a4:b0:8b:8c:6d:e3:b4:8f:26:ee:e0:4e:19:55:60:0e:5a:01:a8:d7:ec:e9:79:a1:a4:48:e4:90:72:2c:a3:3f:4e:55:c6:8f:81:f0:99:08:ad:52:08:de:d3:db:4f:5e:ad:4e:0b:98:a0:81:9e:46:3c:2b:8f:10:ff:f5:2f:47:39:9a:4e:f3:3d:e0:ed:40:5c:7b:67:c3:0a:67:70:99:9c:c6:ab:ad:e9:1f:e0:14:aa:d7:50:4d:f8:25:56:91:9f:41:fb:cb:51:f2:8d:c9:57:46:ea:26:16:2e:8a:1a:6f:9f:3c:ed:2e:f1:58:20:c6:cc:92:6e:48:37:b2:fc:98:ad:b3:64:77:e5:ea:da:32:4f:c3:7b:26:f8:82:18:bb:7c:98:53:17:65:fa:0c:ab:ef:61:00:32:84:09:cc:2c:97:b0:3c:a0:20:60:47:b5:4d:2f:76:a6:4c:f2:23:06:2b:49:2c:19:42:44:ce:ae:82:81:9f:04:0a:c2:7e:ef:ff:6e:88:18:bc:33:74:d8:11:3a:64:bd:8f:74:cf:45:ce:4a:30:84:10:e7:21:c5:7e:1c:10:99:78:d7:e6:5d:ad:79:02:e7:ca:6e:14:50:42:25:0b:08:0d:af:94:b5:55:bf:73:54:27:c6:ab:9e:ee:b8:0a:81:b9:cb:22:38:02:4a:3c:69:a5:5e:b2:f9:9a:30:5d:9a:31:13" - }, - "http": { - "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "POST", - "http.request.uri": "\/DcpRequestHandler\/index.ashx", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "dcp.cpp.philips.com:80", - "http.request.line": "Host: dcp.cpp.philips.com:80\r\n", - "http.authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"197\", Nonce=\"yD9CZboPLxG9INUIPNnxbw==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"Q7QBNwVDnNVtfjJv32T0vQ==\"", - "http.request.line": "Authorization: CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"197\", Nonce=\"yD9CZboPLxG9INUIPNnxbw==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"Q7QBNwVDnNVtfjJv32T0vQ==\"\r\n", - "http.content_length_header": "1248 ", - "http.content_length_header_tree": { - "http.content_length": "1248" - }, - "http.request.line": "Content-Length: 1248 \r\n", - "http.content_type": "application\/CB-Encrypted; cipher=AES", - "http.request.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", - "http.connection": "close", - "http.request.line": "Connection: close\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/dcp.cpp.philips.com:80\/DcpRequestHandler\/index.ashx", - "http.request": "1", - "http.request_number": "1", - "http.file_data": "\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdg\u00ef\u00bf\u00bdM\u000ff\u00ef\u00bf\u00bd6\u00ef\u00bf\u00bd\u000e\u0007\u00ef\u00bf\u00bd\u0015\u00ef\u00bf\u00bdw\u00ef\u00bf\u00bd\u001dB\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdS\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdP\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdY\u001a\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0010X\u0015)lr\u00ef\u00bf\u00bd\/e*x\u00ef\u00bf\u00bd\u0006\u00ef\u00bf\u00bd\u001d\u000f\u007f\u00ef\u00bf\u00bd>\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdS\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdK\u00ef\u00bf\u00bdZ'\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdMvx\u00ef\u00bf\u00bd\u00ef\u00bf\u00bds\u0005\u001e\u00ef\u00bf\u00bd\u0017\u00ef\u00bf\u00bd\f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdg\u0016\u00ef\u00bf\u00bd+y^;\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0006" - }, - "media": { - "media.type": "be:83:67:a5:4d:0f:66:cc:36:bf:0e:07:83:15:8d:77:d3:1d:42:d5:ee:c2:53:d0:d0:50:fd:c4:59:1a:80:c7:a4:10:58:15:29:6c:72:cd:2f:65:2a:78:9c:06:ad:1d:0f:7f:f6:3e:ee:95:53:e1:9f:85:4b:db:5a:27:9a:b2:8d:99:4d:76:78:bf:fc:73:05:1e:ae:17:9f:0c:c7:d9:67:16:e5:2b:79:5e:3b:e4:c5:be:06:00:9e:75:a6:47:5f:f2:7c:c9:c1:b6:b3:dc:2c:e0:cc:ff:27:1d:73:39:72:dd:b9:f9:e1:d7:5d:14:3e:3e:c1:2d:4f:17:4d:10:61:2a:33:dc:18:98:54:2f:74:d2:0e:33:03:a8:c9:fa:84:94:6b:72:48:df:a0:b9:cd:5b:35:34:cb:7c:fc:ac:c5:d4:2f:60:f7:95:4c:9a:0f:98:62:c7:08:a2:29:cb:e0:f1:0c:e9:c0:af:1e:2d:7e:37:e3:64:fb:7f:d0:4d:ff:3b:0a:2c:31:08:65:1b:17:65:26:d0:1d:57:68:0a:8b:81:d6:9f:84:b1:7e:63:d4:50:49:cf:71:78:39:53:a1:80:9d:4f:ac:08:56:d9:3e:38:92:e0:03:15:d6:ba:6f:aa:0e:26:fc:5d:a6:20:9a:fe:eb:a1:50:83:40:00:68:c0:16:af:dc:57:7d:2c:25:18:27:ac:01:47:1b:7f:a7:a8:77:4f:fc:87:c4:41:92:31:a7:49:87:9b:01:a1:6d:c1:ab:ae:f9:3e:c5:14:9f:e7:69:fd:0f:6a:36:7a:46:4c:40:bd:70:ad:65:4c:b3:93:50:db:c5:4d:e8:fe:c5:86:fa:ee:f0:c8:e3:3e:9c:2c:c5:06:7a:9b:8a:a8:e0:40:bf:44:1e:04:82:58:bf:a9:21:88:59:44:b3:fa:d7:88:5c:cf:3f:be:ed:82:39:33:7b:cc:1f:a1:fb:9a:ab:14:f9:fb:b9:d1:cd:d8:29:48:20:ca:bf:0f:73:2b:b3:23:4e:1b:35:22:36:93:7e:77:87:a1:35:7c:25:91:6c:13:cd:50:03:03:3f:b6:0a:40:d1:a6:62:fc:d1:f9:d3:8d:90:7d:7c:1b:5a:0a:ca:ef:ac:93:d4:c3:9a:87:48:2c:9d:b6:8f:f9:09:fc:9e:68:08:48:e1:0a:4b:21:76:72:29:d6:38:b2:79:06:4d:2e:fc:06:25:29:7e:80:bb:a0:94:f0:e9:dd:91:1d:de:58:1d:b1:27:a3:34:cf:be:5e:20:7c:83:db:4e:f1:7e:a0:34:00:92:56:8e:5c:11:a1:32:b9:bf:59:86:ec:6d:11:85:8c:a8:a4:13:f6:1a:09:6c:7d:43:81:8c:cb:07:22:ae:72:ed:e5:1d:02:82:9b:35:01:a2:a7:87:cd:03:91:4e:19:43:df:7f:bd:7a:c3:ea:0b:6a:87:2a:ce:65:a6:ce:bc:ce:18:f9:98:78:b9:01:ab:9c:50:ba:d0:4c:6f:13:b3:a9:ed:82:d9:f8:ac:74:2d:be:d2:c1:40:a7:11:af:70:d8:15:2d:73:dc:6b:c3:9e:83:c8:d9:f9:f9:9c:33:33:bf:0f:90:0c:20:1a:39:fa:8b:a1:27:9b:e0:68:8c:bf:2e:d8:be:8f:41:9c:1a:45:30:05:91:95:47:93:12:5a:c3:fb:b9:16:b5:3e:00:03:92:bf:75:03:66:68:2a:1c:89:78:29:8e:f8:b6:23:a8:84:f1:d2:9b:11:76:01:29:73:ed:92:5b:1e:3f:31:98:46:a9:b3:32:95:70:fb:2a:9e:9a:1e:50:9e:bf:2f:49:97:56:31:eb:d6:aa:4c:49:e3:87:38:96:6a:80:e8:55:b1:8a:1a:74:24:34:e4:31:79:56:8f:a4:3e:da:4d:31:71:b8:d1:8e:d8:18:47:8f:f3:1f:ec:93:00:31:7e:c3:d6:56:81:5f:b5:6a:83:fc:04:4a:78:bd:20:6e:ea:13:69:d1:bb:6f:f9:09:eb:0f:71:52:00:bd:ce:56:ae:83:4b:cd:67:1a:6a:25:e9:ca:28:9a:5d:5b:40:f6:2c:38:de:4e:d4:e4:a2:1a:31:2f:3f:70:6c:8e:03:9e:e1:ca:ea:6a:bb:c7:6d:9b:89:ac:9a:ca:36:7d:88:5b:94:84:8c:18:ad:d5:42:4a:93:a5:8b:35:42:1c:5c:7d:1b:a4:1b:f6:53:7d:24:84:57:29:9f:d9:34:f0:8c:c3:4e:a5:7c:c8:f5:2b:21:ad:ff:70:86:ab:fd:78:e4:2c:64:c8:4f:6b:28:d6:bc:34:98:e9:b1:b4:95:27:1d:6a:46:33:64:16:75:21:be:12:c7:e8:46:97:b3:e9:79:62:e8:cf:1a:29:3f:8c:d3:b5:11:aa:35:6e:8d:55:d5:9f:ab:5d:db:11:7e:b9:ad:2a:18:9c:4e:a9:72:4a:8d:ad:15:a7:06:a6:cc:b6:43:41:22:5b:9c:fe:fc:41:4c:0c:1a:5e:30:49:e2:32:5d:81:19:24:c1:b8:93:82:23:96:bc:04:71:ee:60:fb:61:be:e8:00:f9:45:9b:62:56:a4:b0:8b:8c:6d:e3:b4:8f:26:ee:e0:4e:19:55:60:0e:5a:01:a8:d7:ec:e9:79:a1:a4:48:e4:90:72:2c:a3:3f:4e:55:c6:8f:81:f0:99:08:ad:52:08:de:d3:db:4f:5e:ad:4e:0b:98:a0:81:9e:46:3c:2b:8f:10:ff:f5:2f:47:39:9a:4e:f3:3d:e0:ed:40:5c:7b:67:c3:0a:67:70:99:9c:c6:ab:ad:e9:1f:e0:14:aa:d7:50:4d:f8:25:56:91:9f:41:fb:cb:51:f2:8d:c9:57:46:ea:26:16:2e:8a:1a:6f:9f:3c:ed:2e:f1:58:20:c6:cc:92:6e:48:37:b2:fc:98:ad:b3:64:77:e5:ea:da:32:4f:c3:7b:26:f8:82:18:bb:7c:98:53:17:65:fa:0c:ab:ef:61:00:32:84:09:cc:2c:97:b0:3c:a0:20:60:47:b5:4d:2f:76:a6:4c:f2:23:06:2b:49:2c:19:42:44:ce:ae:82:81:9f:04:0a:c2:7e:ef:ff:6e:88:18:bc:33:74:d8:11:3a:64:bd:8f:74:cf:45:ce:4a:30:84:10:e7:21:c5:7e:1c:10:99:78:d7:e6:5d:ad:79:02:e7:ca:6e:14:50:42:25:0b:08:0d:af:94:b5:55:bf:73:54:27:c6:ab:9e:ee:b8:0a:81:b9:cb:22:38:02:4a:3c:69:a5:5e:b2:f9:9a:30:5d:9a:31:13" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:25.247437000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495085.247437000", - "frame.time_delta": "0.136414000", - "frame.time_delta_displayed": "0.136414000", - "frame.time_relative": "1493.786751000", - "frame.number": "5129", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000094a7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x0000f633", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35308", - "tcp.port": "80", - "tcp.port": "35308", - "tcp.stream": "188", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1849", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000a1fc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5128", - "tcp.analysis.ack_rtt": "0.136414000", - "tcp.analysis.initial_rtt": "0.136778000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:25.370807000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495085.370807000", - "frame.time_delta": "0.123370000", - "frame.time_delta_displayed": "0.123370000", - "frame.time_relative": "1493.910121000", - "frame.number": "5130", - "frame.len": "925", - "frame.cap_len": "925", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:media" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "911", - "ip.id": "0x0000c801", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x0000bf72", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35308", - "tcp.port": "80", - "tcp.port": "35308", - "tcp.stream": "188", - "tcp.len": "871", - "tcp.seq": "1", - "tcp.nxtseq": "872", - "tcp.ack": "1849", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000a55d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.136778000", - "tcp.analysis.bytes_in_flight": "871", - "tcp.analysis.push_bytes_sent": "871" - } - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.cache_control": "private", - "http.response.line": "Cache-Control: private\r\n", - "http.content_length_header": "560", - "http.content_length_header_tree": { - "http.content_length": "560" - }, - "http.response.line": "Content-Length: 560\r\n", - "http.content_type": "application\/CB-Encrypted; cipher=AES", - "http.response.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", - "http.server": "Microsoft-IIS\/7.5", - "http.response.line": "Server: Microsoft-IIS\/7.5\r\n", - "http.www_authenticate": "CBAuth Nonce=\"rQDslO2oIxe9INUImx2QNg==\"", - "http.response.line": "WWW-Authenticate: CBAuth Nonce=\"rQDslO2oIxe9INUImx2QNg==\"\r\n", - "http.response.line": "X-AspNet-Version: 4.0.30319\r\n", - "http.response.line": "X-Powered-By: ASP.NET\r\n", - "http.date": "Wed, 01 Nov 2017 00:11:24 GMT", - "http.response.line": "Date: Wed, 01 Nov 2017 00:11:24 GMT\r\n", - "http.connection": "close", - "http.response.line": "Connection: close\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.259784000", - "http.request_in": "5128", - "http.file_data": "\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdg\u00ef\u00bf\u00bdM\u000ff\u00ef\u00bf\u00bd6\u00ef\u00bf\u00bd\u000e\u0007\u00ef\u00bf\u00bd\u0015\u00ef\u00bf\u00bdw\u00ef\u00bf\u00bd\u001dB\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdS\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdP\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdY\u001a\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0014\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdAX5\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd5b\u001e\u00ef\u00bf\u00bdO\u00ef\u00bf\u00bd\u0013\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001a+{\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00167`\u00ef\u00bf\u00bd+\u00ef\u00bf\u00bd3\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdSe\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdF\u0001\u00ef\u00bf\u00bdv\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdT\u00ef\u00bf\u00bd:U\b\u00ef\u00bf\u00bdv\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdF\u00ef\u00bf\u00bd[QK\u00ef\u00bf\u00bdy\u00ef\u00bf\u00bdG&\u00ef\u00bf\u00bdlps\u00ef\u00bf\u00bd#\u00ef\u00bf\u00bdXV\u007f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdb\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdv\u00ef\u00bf\u00bd'\u00ef\u00bf\u00bd#\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdl\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001br<n\u00ef\u00bf\u00bdnOv\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0005\u00ef\u00bf\u00bd\u0002\u0010@\u00ef\u00bf\u00bd9\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0004\u00ef\u00bf\u00bd\u0012\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd)\u00ef\u00bf\u00bdY\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0011o\u00ef\u00bf\u00bd\u001d\u00ef\u00bf\u00bd*\u00ef\u00bf\u00bd5-\u00ef\u00bf\u00bd\u0011\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u000b\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdk;\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd|\u00ef\u00bf\u00bd4!|+\u00ef\u00bf\u00bdfnEX\u001d\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd*\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd{\u00ef\u00bf\u00bdcWjz\u00ef\u00bf\u00bd<\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdP\u00ef\u00bf\u00bdd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdo\u000b\u00ef\u00bf\u00bd\u0013\u00ef\u00bf\u00bdCJ\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdIM\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdT\u00ef\u00bf\u00bd\u0002\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0002\u00ef\u00bf\u00bdA[\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0005\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\b\u00ef\u00bf\u00bd!$\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd8\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdHAMS\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdZ\u00ef\u00bf\u00bd\u0005\u00ef\u00bf\u00bd" - }, - "media": { - "media.type": "be:83:67:a5:4d:0f:66:cc:36:bf:0e:07:83:15:8d:77:d3:1d:42:d5:ee:c2:53:d0:d0:50:fd:c4:59:1a:80:c7:e6:df:d8:14:a3:8f:41:58:35:d0:a2:85:ec:35:62:1e:cc:4f:cd:13:99:99:1a:2b:7b:b4:9b:16:37:60:fa:2b:e5:33:a9:e9:c0:53:65:89:b7:e1:46:01:bd:76:f9:a0:db:54:81:3a:55:08:88:76:8a:dc:46:b0:5b:51:4b:92:79:f4:47:26:fd:6c:70:73:ec:23:9d:58:56:7f:d6:ca:ef:ba:d8:62:ed:f0:ef:76:81:27:bf:23:f7:96:d9:6c:c2:b2:1b:72:3c:6e:da:6e:4f:76:98:d3:05:fc:02:10:40:e9:39:d4:c9:04:89:12:89:b5:29:f1:59:d2:b3:b5:b4:11:6f:cf:1d:8c:2a:ee:35:2d:8a:11:95:94:9b:0b:dd:e0:f6:6b:3b:fe:d6:7c:8e:34:21:7c:2b:90:66:6e:45:58:1d:d3:8d:2a:9c:cf:7b:af:63:57:6a:7a:96:3c:82:ee:50:9c:64:b2:bf:6f:0b:a4:13:f5:43:4a:b9:b8:b0:e8:49:4d:ec:e4:db:e9:f9:54:b9:02:82:a6:02:8f:41:5b:e9:99:05:b0:9e:08:88:21:24:a2:b1:38:ad:a5:48:41:4d:53:f9:fd:5a:c1:05:8a:00:95:9e:89:a2:00:ab:16:8f:ca:fc:a7:c9:6f:06:18:b4:e8:4f:ce:6a:02:5f:b9:bd:87:13:0f:9e:0d:4b:46:ba:fd:ad:8a:bc:82:9b:c7:89:89:8c:e1:01:67:ab:1d:bc:1f:21:56:54:f8:95:43:c4:f7:20:b4:f3:bc:03:bb:67:69:c3:b3:07:85:47:bc:94:b1:00:f5:3a:5e:b5:df:2e:2a:64:91:fc:f8:13:a5:a1:36:f8:ff:75:3d:fc:a1:d9:4c:ae:55:26:2c:d6:30:9e:b2:6a:1c:14:db:a5:b2:ee:e0:0e:24:f6:5d:c4:a9:34:1e:d8:a8:50:eb:b4:62:49:35:91:1d:b1:b9:4c:d0:71:37:c7:16:69:8d:e3:17:1e:6a:9b:9e:24:9b:0c:ef:88:0c:22:a0:59:17:26:e9:0b:bb:e6:d8:2a:98:95:e4:02:5a:e3:c6:06:4a:cc:7d:e2:f7:e7:98:89:de:81:3f:4a:bf:19:11:55:c8:ca:0f:75:bb:3e:55:86:e8:33:e1:84:29:62:35:e2:e6:f6:8c:84:6c:df:c4:ee:1d:64:a1:e3:a8:a8:aa:dd:b9:7a:20:9d:16:9c:31:39:ed:22:08:49:ca:5b:cc:d7:d8:73:7f:6e:c2:36:01:92:ef:13:84:72:8b:2d:80:26:ab:02:33:c0:7d:07:5d:9b:38:24:42:4a:3f:fa:2e:40:5a:65:c1:dd:44:37:1e:d2:c7:b1:5f:6f:ef:6a:78:56:01:36:14:8a:f7:23:5d:8c:ee" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:25.370900000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495085.370900000", - "frame.time_delta": "0.000093000", - "frame.time_delta_displayed": "0.000093000", - "frame.time_relative": "1493.910214000", - "frame.number": "5131", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000c803", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x0000c2d7", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35308", - "tcp.port": "80", - "tcp.port": "35308", - "tcp.stream": "188", - "tcp.len": "0", - "tcp.seq": "872", - "tcp.ack": "1849", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00009e94", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:25.371383000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495085.371383000", - "frame.time_delta": "0.000483000", - "frame.time_delta_displayed": "0.000483000", - "frame.time_relative": "1493.910697000", - "frame.number": "5132", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000931", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00002cab", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35308", - "tcp.dstport": "80", - "tcp.port": "35308", - "tcp.port": "80", - "tcp.stream": "188", - "tcp.len": "0", - "tcp.seq": "1849", - "tcp.ack": "872", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "30485", - "tcp.window_size": "30485", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00003ee4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5130", - "tcp.analysis.ack_rtt": "0.000576000", - "tcp.analysis.initial_rtt": "0.136778000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:25.372408000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495085.372408000", - "frame.time_delta": "0.001025000", - "frame.time_delta_displayed": "0.001025000", - "frame.time_relative": "1493.911722000", - "frame.number": "5133", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000932", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00002caa", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35308", - "tcp.dstport": "80", - "tcp.port": "35308", - "tcp.port": "80", - "tcp.stream": "188", - "tcp.len": "0", - "tcp.seq": "1849", - "tcp.ack": "873", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "30485", - "tcp.window_size": "30485", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00003ee2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5131", - "tcp.analysis.ack_rtt": "0.001508000", - "tcp.analysis.initial_rtt": "0.136778000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:25.402597000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495085.402597000", - "frame.time_delta": "0.030189000", - "frame.time_delta_displayed": "0.030189000", - "frame.time_relative": "1493.941911000", - "frame.number": "5134", - "frame.len": "134", - "frame.cap_len": "134", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:adwin_config" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "120", - "ip.id": "0x00000b7e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ed0e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "100", - "udp.checksum": "0x00001917", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "adwin_config": { - "adwin_config.pattern": "0x5c000054", - "adwin_config.version": "1112689490", - "adwin_config.scan_id": "0xd073d502", - "adwin_config.status": "0x41da0000", - "adwin_config.timeout": "1279870552", - "adwin_config.filename": "V2", - "adwin_config.mac": "fc:de:8e:3a:f3:96", - "adwin_config.unused": "" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:25.508270000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495085.508270000", - "frame.time_delta": "0.105673000", - "frame.time_delta_displayed": "0.105673000", - "frame.time_relative": "1494.047584000", - "frame.number": "5135", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000059a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x00008541", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35308", - "tcp.port": "80", - "tcp.port": "35308", - "tcp.stream": "188", - "tcp.len": "0", - "tcp.seq": "873", - "tcp.ack": "1850", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00009e93", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5133", - "tcp.analysis.ack_rtt": "0.135862000", - "tcp.analysis.initial_rtt": "0.136778000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:26.830942000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495086.830942000", - "frame.time_delta": "1.322672000", - "frame.time_delta_displayed": "1.322672000", - "frame.time_relative": "1495.370256000", - "frame.number": "5136", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x0000b945", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000ff74", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "36771", - "udp.dstport": "53", - "udp.port": "36771", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x00002665", - "udp.checksum.status": "2", - "udp.stream": "124" - }, - "dns": { - "dns.id": "0x00000f35", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:26.831550000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495086.831550000", - "frame.time_delta": "0.000608000", - "frame.time_delta_displayed": "0.000608000", - "frame.time_relative": "1495.370864000", - "frame.number": "5137", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x000094e9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000023d1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "36771", - "udp.port": "53", - "udp.port": "36771", - "udp.length": "45", - "udp.checksum": "0x00008230", - "udp.checksum.status": "2", - "udp.stream": "124" - }, - "dns": { - "dns.response_to": "5136", - "dns.time": "0.000608000", - "dns.id": "0x00000f35", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:26.832333000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495086.832333000", - "frame.time_delta": "0.000783000", - "frame.time_delta_displayed": "0.000783000", - "frame.time_relative": "1495.371647000", - "frame.number": "5138", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x0000b946", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000ff73", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "38144", - "udp.dstport": "53", - "udp.port": "38144", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x00003c07", - "udp.checksum.status": "2", - "udp.stream": "125" - }, - "dns": { - "dns.id": "0x00000f36", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:26.832881000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495086.832881000", - "frame.time_delta": "0.000548000", - "frame.time_delta_displayed": "0.000548000", - "frame.time_relative": "1495.372195000", - "frame.number": "5139", - "frame.len": "95", - "frame.cap_len": "95", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "81", - "ip.id": "0x000094ea", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000023c0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "38144", - "udp.port": "53", - "udp.port": "38144", - "udp.length": "61", - "udp.checksum": "0x00008240", - "udp.checksum.status": "2", - "udp.stream": "125" - }, - "dns": { - "dns.response_to": "5138", - "dns.time": "0.000548000", - "dns.id": "0x00000f36", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "1", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { - "dns.resp.name": "dcp.cpp.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2291", - "dns.resp.len": "4", - "dns.a": "5.79.62.93" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:26.834272000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495086.834272000", - "frame.time_delta": "0.001391000", - "frame.time_delta_displayed": "0.001391000", - "frame.time_relative": "1495.373586000", - "frame.number": "5140", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000f609", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003fc6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35309", - "tcp.dstport": "80", - "tcp.port": "35309", - "tcp.port": "80", - "tcp.stream": "189", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000b4f4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:26.971464000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495086.971464000", - "frame.time_delta": "0.137192000", - "frame.time_delta_displayed": "0.137192000", - "frame.time_relative": "1495.510778000", - "frame.number": "5141", - "frame.len": "62", - "frame.cap_len": "62", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "48", - "ip.id": "0x000037ce", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x00005305", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35309", - "tcp.port": "80", - "tcp.port": "35309", - "tcp.stream": "189", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "28", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "4140", - "tcp.window_size": "4140", - "tcp.checksum": "0x0000145c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:64:04:02:00:00", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1380" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "End of Option List (EOL)": { - "tcp.options.type": "0", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "0" - } - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5140", - "tcp.analysis.ack_rtt": "0.137192000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:26.972000000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495086.972000000", - "frame.time_delta": "0.000536000", - "frame.time_delta_displayed": "0.000536000", - "frame.time_relative": "1495.511314000", - "frame.number": "5142", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000f60a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003fd1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35309", - "tcp.dstport": "80", - "tcp.port": "35309", - "tcp.port": "80", - "tcp.stream": "189", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000ddea", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5141", - "tcp.analysis.ack_rtt": "0.000536000", - "tcp.analysis.initial_rtt": "0.137728000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:26.972015000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495086.972015000", - "frame.time_delta": "0.000015000", - "frame.time_delta_displayed": "0.000015000", - "frame.time_relative": "1495.511329000", - "frame.number": "5143", - "frame.len": "654", - "frame.cap_len": "654", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "640", - "ip.id": "0x0000f60b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003d78", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35309", - "tcp.dstport": "80", - "tcp.port": "35309", - "tcp.port": "80", - "tcp.stream": "189", - "tcp.len": "600", - "tcp.seq": "1", - "tcp.nxtseq": "601", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000c7bd", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.137728000", - "tcp.analysis.bytes_in_flight": "600", - "tcp.analysis.push_bytes_sent": "600" - }, - "tcp.segment_data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:39:38:22:2c:20:4e:6f:6e:63:65:3d:22:72:51:44:73:6c:4f:32:6f:49:78:65:39:49:4e:55:49:6d:78:32:51:4e:67:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:61:4b:6e:33:57:4e:4e:5a:4a:42:4e:57:31:33:4f:34:63:57:64:6c:58:67:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:27.110044000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495087.110044000", - "frame.time_delta": "0.138029000", - "frame.time_delta_displayed": "0.138029000", - "frame.time_relative": "1495.649358000", - "frame.number": "5144", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000074f6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x000015e5", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35309", - "tcp.port": "80", - "tcp.port": "35309", - "tcp.stream": "189", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "601", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4740", - "tcp.window_size": "4740", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00003b1f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5143", - "tcp.analysis.ack_rtt": "0.138029000", - "tcp.analysis.initial_rtt": "0.137728000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:27.110666000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495087.110666000", - "frame.time_delta": "0.000622000", - "frame.time_delta_displayed": "0.000622000", - "frame.time_relative": "1495.649980000", - "frame.number": "5145", - "frame.len": "1302", - "frame.cap_len": "1302", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:media" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1288", - "ip.id": "0x0000f60c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003aef", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35309", - "tcp.dstport": "80", - "tcp.port": "35309", - "tcp.port": "80", - "tcp.stream": "189", - "tcp.len": "1248", - "tcp.seq": "601", - "tcp.nxtseq": "1849", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00005d2b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.137728000", - "tcp.analysis.bytes_in_flight": "1248", - "tcp.analysis.push_bytes_sent": "1248" - }, - "tcp.segment_data": "19:00:9b:9f:ed:68:dd:ae:c8:d4:19:21:89:79:a6:3b:80:ae:a8:d9:ff:d4:e4:1a:48:eb:1e:dd:37:14:09:cf:fb:a0:3d:76:98:54:78:29:1b:a1:3b:25:e8:59:1d:89:4e:d5:f4:8b:74:24:d5:6c:9c:c4:49:f6:ad:22:99:c3:90:28:7c:71:3a:d4:4d:16:0e:c0:d5:2b:40:2d:73:9f:8a:21:12:80:0a:47:a2:4d:9b:ca:0d:56:a8:d5:f5:c1:2f:40:f6:f1:a1:51:d6:86:10:03:31:1b:00:ff:56:54:20:49:08:cf:3b:05:e1:21:bc:77:11:2e:9b:5e:2a:df:29:7a:7c:d4:3f:f6:ee:30:28:4a:7d:25:6c:60:b5:94:91:90:4f:ab:1d:03:6d:12:29:f7:c1:b5:ea:c7:98:3d:e3:e8:35:8a:cb:24:ba:63:57:97:bc:98:9b:bf:11:bc:f4:46:52:d1:5c:10:49:d2:f7:4d:9a:f7:5e:03:4b:ef:03:3e:b1:3f:c9:b4:b3:11:13:43:05:2f:cd:3b:54:4e:bf:49:33:01:13:2a:ae:ac:1b:cc:0c:1e:05:97:8d:f9:96:7b:19:87:a8:5c:fe:3e:8a:f6:01:6a:85:c0:bd:88:4a:a8:d7:ac:b0:86:d0:ec:64:aa:8e:16:bc:83:bb:ae:a2:fa:d1:88:f8:ca:d0:a5:c3:95:b6:40:a2:96:e4:50:2a:fe:54:80:b0:61:6d:90:f9:51:b8:c3:ab:f5:59:6a:bb:e4:66:0d:5f:f4:ae:0e:3e:28:c0:8b:a6:49:c0:87:27:7a:5d:1a:f5:b8:b9:e3:81:ff:e2:f4:87:e5:4b:be:d7:3a:2b:32:40:e1:a3:cc:2a:75:33:d1:8c:e6:1c:61:43:96:a7:84:f2:fa:39:73:4a:51:6b:51:d9:5b:bc:ec:59:a5:50:bd:a2:26:42:6b:ea:70:3b:68:2f:77:78:b8:b2:99:ea:51:2f:1e:7b:1c:63:4b:7f:a9:26:95:77:1b:f4:c1:04:94:e1:9a:9d:ac:3d:fe:4a:41:d6:2b:29:20:68:b0:c8:1b:b6:1c:86:6b:74:48:b0:0b:47:55:7a:60:30:42:07:05:f1:dc:fb:a7:fd:9d:e7:eb:cf:5a:e3:f4:2d:b5:b4:a8:56:e7:64:51:39:73:6c:92:b1:c1:83:f3:a2:04:0d:da:03:43:9c:5b:20:c5:7f:68:1f:43:3e:c7:c6:0e:84:e2:f8:90:fd:e6:44:6b:1e:16:18:ae:66:5b:43:b5:0e:02:9e:25:35:9d:50:60:79:a5:49:ee:17:cf:2e:0c:76:5e:74:a2:8f:7f:4d:d6:5e:07:be:1d:7e:d9:7f:91:c1:ac:51:ba:3f:ef:55:8c:43:42:33:04:ee:d5:ad:a0:12:3f:86:9b:95:4c:e5:c9:a8:8e:d4:d5:2a:a1:ae:06:2c:4e:37:91:bd:f6:9b:66:79:ed:16:a4:4b:12:26:2f:37:f7:c3:cf:b9:72:aa:fb:9e:ad:e5:90:14:02:8b:e5:70:c0:12:bc:40:1f:04:a3:6f:5a:77:ef:59:d6:2a:0f:45:a0:af:48:06:cb:fd:8a:20:a1:00:1a:91:07:3b:5a:a2:69:12:a3:89:ae:64:84:e5:41:63:b4:40:ea:61:5a:2b:57:b7:eb:dc:49:5a:0c:c0:cd:f5:bb:67:df:13:57:b7:e0:3c:be:1c:cb:3c:6a:90:e1:c8:72:e3:85:a4:ec:46:37:d7:13:f0:01:46:18:25:ad:eb:d6:1f:e0:77:f8:ae:fa:c1:28:3d:26:fb:e2:bd:4b:55:a7:58:de:f3:c6:e0:90:f4:52:90:05:41:0c:b4:2f:a4:c5:1c:ee:80:af:03:7f:ec:40:3a:3d:bd:e4:75:a2:04:2d:56:52:5e:e3:e4:85:fd:48:0b:1b:bc:3d:aa:a5:9b:76:ad:45:c6:62:ef:7b:9a:f6:a6:e7:d3:45:72:f2:e8:a3:f2:3e:89:15:46:8b:5a:70:4a:d8:78:87:84:b5:01:95:86:0c:fa:d2:d9:21:1f:da:b0:13:e9:47:dc:70:a2:b4:73:f0:a7:69:0e:96:4c:c5:13:01:76:dd:c2:ad:94:09:92:94:11:86:f7:c5:96:c2:29:db:93:2d:9c:38:9a:49:83:37:07:fe:9a:e2:b6:39:17:af:62:2c:e6:4d:ea:82:43:fd:1f:4b:da:44:f6:54:c0:59:bd:79:40:a5:36:91:5d:91:a7:2c:31:62:e5:a3:c7:c6:62:93:d5:a7:90:db:f7:4a:6c:00:89:a3:bb:0f:0e:2f:fe:7e:7f:ab:08:a7:21:f9:fd:cb:07:3c:6a:dd:45:89:c5:47:ba:fc:50:8c:80:f8:6f:22:5d:c7:ab:16:32:3d:b7:b2:9e:4a:74:2b:09:f2:fc:d2:6b:fb:db:b1:03:e6:59:e0:b4:49:01:80:cf:11:83:7b:33:53:f4:90:ea:3b:6a:b5:d6:39:e5:cf:d0:bf:42:28:18:bd:10:68:a1:09:8f:00:59:25:67:4c:f6:a4:7a:77:5d:52:0a:14:a2:df:44:e0:2e:d1:de:59:ce:18:8e:8a:de:0e:d8:50:1c:f9:fd:9d:58:a2:11:df:a5:69:f0:a2:ff:ab:1b:f4:c0:f3:2a:b9:af:e2:49:d2:2c:4f:25:2b:94:9b:89:bc:4c:99:b8:8a:bf:9e:92:4e:aa:37:01:e1:60:03:3c:dd:9f:78:94:00:02:bf:78:86:d6:55:22:cc:78:a6:77:f7:07:c3:83:77:e1:5a:d9:52:1e:17:bc:c8:64:4e:89:d3:ef:e5:10:ea:fd:f2:62:33:12:d4:5b:6c:68:4f:8f:5f:dc:86:d2:f5:96:a1:bb:dd:8e:08:bf:c9:e0:a4:12:c6:46:3c:40:d1:86:a2:af:20:0b:8b:cc:0a:c0:8e:d2:5c:45:b1:32:43:63:ff:fa:26:54:d3:d7:ea:8f:24:e7:9a:1f:11:ea:b4:7b:ba:bd:2b:a6:07:d2:8d:45:5e:e5:8e:27:2f:e6:27:23:0a:2d:42:94:3a:47:33:33:82:77:27:91:75:68:13:38:61:7f:85:33:0c:f8:58:b5:1e:89:01:ac:06:4d:25:fc:3e:f3:eb:e1:94:08:4f:a4:86:cf:b8:c9:e5:df:41:46:9d:99:19:61:3c:9b:32:47:41:27:92:86:ae:dd:d9:c2:ef:0a:9d:d9:27:dc:e0:ca:3d:13:fb:7d:40:2c:2d:e7:c9:73:ce:15:1b:3b:ef:c8:7e:24:e2:14:46:14:cd:fd:26:71:66:fa:95" - }, - "tcp.segments": { - "tcp.segment": "5143", - "tcp.segment": "5145", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1848", - "tcp.reassembled.data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:39:38:22:2c:20:4e:6f:6e:63:65:3d:22:72:51:44:73:6c:4f:32:6f:49:78:65:39:49:4e:55:49:6d:78:32:51:4e:67:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:61:4b:6e:33:57:4e:4e:5a:4a:42:4e:57:31:33:4f:34:63:57:64:6c:58:67:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a:19:00:9b:9f:ed:68:dd:ae:c8:d4:19:21:89:79:a6:3b:80:ae:a8:d9:ff:d4:e4:1a:48:eb:1e:dd:37:14:09:cf:fb:a0:3d:76:98:54:78:29:1b:a1:3b:25:e8:59:1d:89:4e:d5:f4:8b:74:24:d5:6c:9c:c4:49:f6:ad:22:99:c3:90:28:7c:71:3a:d4:4d:16:0e:c0:d5:2b:40:2d:73:9f:8a:21:12:80:0a:47:a2:4d:9b:ca:0d:56:a8:d5:f5:c1:2f:40:f6:f1:a1:51:d6:86:10:03:31:1b:00:ff:56:54:20:49:08:cf:3b:05:e1:21:bc:77:11:2e:9b:5e:2a:df:29:7a:7c:d4:3f:f6:ee:30:28:4a:7d:25:6c:60:b5:94:91:90:4f:ab:1d:03:6d:12:29:f7:c1:b5:ea:c7:98:3d:e3:e8:35:8a:cb:24:ba:63:57:97:bc:98:9b:bf:11:bc:f4:46:52:d1:5c:10:49:d2:f7:4d:9a:f7:5e:03:4b:ef:03:3e:b1:3f:c9:b4:b3:11:13:43:05:2f:cd:3b:54:4e:bf:49:33:01:13:2a:ae:ac:1b:cc:0c:1e:05:97:8d:f9:96:7b:19:87:a8:5c:fe:3e:8a:f6:01:6a:85:c0:bd:88:4a:a8:d7:ac:b0:86:d0:ec:64:aa:8e:16:bc:83:bb:ae:a2:fa:d1:88:f8:ca:d0:a5:c3:95:b6:40:a2:96:e4:50:2a:fe:54:80:b0:61:6d:90:f9:51:b8:c3:ab:f5:59:6a:bb:e4:66:0d:5f:f4:ae:0e:3e:28:c0:8b:a6:49:c0:87:27:7a:5d:1a:f5:b8:b9:e3:81:ff:e2:f4:87:e5:4b:be:d7:3a:2b:32:40:e1:a3:cc:2a:75:33:d1:8c:e6:1c:61:43:96:a7:84:f2:fa:39:73:4a:51:6b:51:d9:5b:bc:ec:59:a5:50:bd:a2:26:42:6b:ea:70:3b:68:2f:77:78:b8:b2:99:ea:51:2f:1e:7b:1c:63:4b:7f:a9:26:95:77:1b:f4:c1:04:94:e1:9a:9d:ac:3d:fe:4a:41:d6:2b:29:20:68:b0:c8:1b:b6:1c:86:6b:74:48:b0:0b:47:55:7a:60:30:42:07:05:f1:dc:fb:a7:fd:9d:e7:eb:cf:5a:e3:f4:2d:b5:b4:a8:56:e7:64:51:39:73:6c:92:b1:c1:83:f3:a2:04:0d:da:03:43:9c:5b:20:c5:7f:68:1f:43:3e:c7:c6:0e:84:e2:f8:90:fd:e6:44:6b:1e:16:18:ae:66:5b:43:b5:0e:02:9e:25:35:9d:50:60:79:a5:49:ee:17:cf:2e:0c:76:5e:74:a2:8f:7f:4d:d6:5e:07:be:1d:7e:d9:7f:91:c1:ac:51:ba:3f:ef:55:8c:43:42:33:04:ee:d5:ad:a0:12:3f:86:9b:95:4c:e5:c9:a8:8e:d4:d5:2a:a1:ae:06:2c:4e:37:91:bd:f6:9b:66:79:ed:16:a4:4b:12:26:2f:37:f7:c3:cf:b9:72:aa:fb:9e:ad:e5:90:14:02:8b:e5:70:c0:12:bc:40:1f:04:a3:6f:5a:77:ef:59:d6:2a:0f:45:a0:af:48:06:cb:fd:8a:20:a1:00:1a:91:07:3b:5a:a2:69:12:a3:89:ae:64:84:e5:41:63:b4:40:ea:61:5a:2b:57:b7:eb:dc:49:5a:0c:c0:cd:f5:bb:67:df:13:57:b7:e0:3c:be:1c:cb:3c:6a:90:e1:c8:72:e3:85:a4:ec:46:37:d7:13:f0:01:46:18:25:ad:eb:d6:1f:e0:77:f8:ae:fa:c1:28:3d:26:fb:e2:bd:4b:55:a7:58:de:f3:c6:e0:90:f4:52:90:05:41:0c:b4:2f:a4:c5:1c:ee:80:af:03:7f:ec:40:3a:3d:bd:e4:75:a2:04:2d:56:52:5e:e3:e4:85:fd:48:0b:1b:bc:3d:aa:a5:9b:76:ad:45:c6:62:ef:7b:9a:f6:a6:e7:d3:45:72:f2:e8:a3:f2:3e:89:15:46:8b:5a:70:4a:d8:78:87:84:b5:01:95:86:0c:fa:d2:d9:21:1f:da:b0:13:e9:47:dc:70:a2:b4:73:f0:a7:69:0e:96:4c:c5:13:01:76:dd:c2:ad:94:09:92:94:11:86:f7:c5:96:c2:29:db:93:2d:9c:38:9a:49:83:37:07:fe:9a:e2:b6:39:17:af:62:2c:e6:4d:ea:82:43:fd:1f:4b:da:44:f6:54:c0:59:bd:79:40:a5:36:91:5d:91:a7:2c:31:62:e5:a3:c7:c6:62:93:d5:a7:90:db:f7:4a:6c:00:89:a3:bb:0f:0e:2f:fe:7e:7f:ab:08:a7:21:f9:fd:cb:07:3c:6a:dd:45:89:c5:47:ba:fc:50:8c:80:f8:6f:22:5d:c7:ab:16:32:3d:b7:b2:9e:4a:74:2b:09:f2:fc:d2:6b:fb:db:b1:03:e6:59:e0:b4:49:01:80:cf:11:83:7b:33:53:f4:90:ea:3b:6a:b5:d6:39:e5:cf:d0:bf:42:28:18:bd:10:68:a1:09:8f:00:59:25:67:4c:f6:a4:7a:77:5d:52:0a:14:a2:df:44:e0:2e:d1:de:59:ce:18:8e:8a:de:0e:d8:50:1c:f9:fd:9d:58:a2:11:df:a5:69:f0:a2:ff:ab:1b:f4:c0:f3:2a:b9:af:e2:49:d2:2c:4f:25:2b:94:9b:89:bc:4c:99:b8:8a:bf:9e:92:4e:aa:37:01:e1:60:03:3c:dd:9f:78:94:00:02:bf:78:86:d6:55:22:cc:78:a6:77:f7:07:c3:83:77:e1:5a:d9:52:1e:17:bc:c8:64:4e:89:d3:ef:e5:10:ea:fd:f2:62:33:12:d4:5b:6c:68:4f:8f:5f:dc:86:d2:f5:96:a1:bb:dd:8e:08:bf:c9:e0:a4:12:c6:46:3c:40:d1:86:a2:af:20:0b:8b:cc:0a:c0:8e:d2:5c:45:b1:32:43:63:ff:fa:26:54:d3:d7:ea:8f:24:e7:9a:1f:11:ea:b4:7b:ba:bd:2b:a6:07:d2:8d:45:5e:e5:8e:27:2f:e6:27:23:0a:2d:42:94:3a:47:33:33:82:77:27:91:75:68:13:38:61:7f:85:33:0c:f8:58:b5:1e:89:01:ac:06:4d:25:fc:3e:f3:eb:e1:94:08:4f:a4:86:cf:b8:c9:e5:df:41:46:9d:99:19:61:3c:9b:32:47:41:27:92:86:ae:dd:d9:c2:ef:0a:9d:d9:27:dc:e0:ca:3d:13:fb:7d:40:2c:2d:e7:c9:73:ce:15:1b:3b:ef:c8:7e:24:e2:14:46:14:cd:fd:26:71:66:fa:95" - }, - "http": { - "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "POST", - "http.request.uri": "\/DcpRequestHandler\/index.ashx", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "dcp.cpp.philips.com:80", - "http.request.line": "Host: dcp.cpp.philips.com:80\r\n", - "http.authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"198\", Nonce=\"rQDslO2oIxe9INUImx2QNg==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"aKn3WNNZJBNW13O4cWdlXg==\"", - "http.request.line": "Authorization: CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"198\", Nonce=\"rQDslO2oIxe9INUImx2QNg==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"aKn3WNNZJBNW13O4cWdlXg==\"\r\n", - "http.content_length_header": "1248 ", - "http.content_length_header_tree": { - "http.content_length": "1248" - }, - "http.request.line": "Content-Length: 1248 \r\n", - "http.content_type": "application\/CB-Encrypted; cipher=AES", - "http.request.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", - "http.connection": "close", - "http.request.line": "Connection: close\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/dcp.cpp.philips.com:80\/DcpRequestHandler\/index.ashx", - "http.request": "1", - "http.request_number": "1", - "http.file_data": "\u0019" - }, - "media": { - "media.type": "19:00:9b:9f:ed:68:dd:ae:c8:d4:19:21:89:79:a6:3b:80:ae:a8:d9:ff:d4:e4:1a:48:eb:1e:dd:37:14:09:cf:fb:a0:3d:76:98:54:78:29:1b:a1:3b:25:e8:59:1d:89:4e:d5:f4:8b:74:24:d5:6c:9c:c4:49:f6:ad:22:99:c3:90:28:7c:71:3a:d4:4d:16:0e:c0:d5:2b:40:2d:73:9f:8a:21:12:80:0a:47:a2:4d:9b:ca:0d:56:a8:d5:f5:c1:2f:40:f6:f1:a1:51:d6:86:10:03:31:1b:00:ff:56:54:20:49:08:cf:3b:05:e1:21:bc:77:11:2e:9b:5e:2a:df:29:7a:7c:d4:3f:f6:ee:30:28:4a:7d:25:6c:60:b5:94:91:90:4f:ab:1d:03:6d:12:29:f7:c1:b5:ea:c7:98:3d:e3:e8:35:8a:cb:24:ba:63:57:97:bc:98:9b:bf:11:bc:f4:46:52:d1:5c:10:49:d2:f7:4d:9a:f7:5e:03:4b:ef:03:3e:b1:3f:c9:b4:b3:11:13:43:05:2f:cd:3b:54:4e:bf:49:33:01:13:2a:ae:ac:1b:cc:0c:1e:05:97:8d:f9:96:7b:19:87:a8:5c:fe:3e:8a:f6:01:6a:85:c0:bd:88:4a:a8:d7:ac:b0:86:d0:ec:64:aa:8e:16:bc:83:bb:ae:a2:fa:d1:88:f8:ca:d0:a5:c3:95:b6:40:a2:96:e4:50:2a:fe:54:80:b0:61:6d:90:f9:51:b8:c3:ab:f5:59:6a:bb:e4:66:0d:5f:f4:ae:0e:3e:28:c0:8b:a6:49:c0:87:27:7a:5d:1a:f5:b8:b9:e3:81:ff:e2:f4:87:e5:4b:be:d7:3a:2b:32:40:e1:a3:cc:2a:75:33:d1:8c:e6:1c:61:43:96:a7:84:f2:fa:39:73:4a:51:6b:51:d9:5b:bc:ec:59:a5:50:bd:a2:26:42:6b:ea:70:3b:68:2f:77:78:b8:b2:99:ea:51:2f:1e:7b:1c:63:4b:7f:a9:26:95:77:1b:f4:c1:04:94:e1:9a:9d:ac:3d:fe:4a:41:d6:2b:29:20:68:b0:c8:1b:b6:1c:86:6b:74:48:b0:0b:47:55:7a:60:30:42:07:05:f1:dc:fb:a7:fd:9d:e7:eb:cf:5a:e3:f4:2d:b5:b4:a8:56:e7:64:51:39:73:6c:92:b1:c1:83:f3:a2:04:0d:da:03:43:9c:5b:20:c5:7f:68:1f:43:3e:c7:c6:0e:84:e2:f8:90:fd:e6:44:6b:1e:16:18:ae:66:5b:43:b5:0e:02:9e:25:35:9d:50:60:79:a5:49:ee:17:cf:2e:0c:76:5e:74:a2:8f:7f:4d:d6:5e:07:be:1d:7e:d9:7f:91:c1:ac:51:ba:3f:ef:55:8c:43:42:33:04:ee:d5:ad:a0:12:3f:86:9b:95:4c:e5:c9:a8:8e:d4:d5:2a:a1:ae:06:2c:4e:37:91:bd:f6:9b:66:79:ed:16:a4:4b:12:26:2f:37:f7:c3:cf:b9:72:aa:fb:9e:ad:e5:90:14:02:8b:e5:70:c0:12:bc:40:1f:04:a3:6f:5a:77:ef:59:d6:2a:0f:45:a0:af:48:06:cb:fd:8a:20:a1:00:1a:91:07:3b:5a:a2:69:12:a3:89:ae:64:84:e5:41:63:b4:40:ea:61:5a:2b:57:b7:eb:dc:49:5a:0c:c0:cd:f5:bb:67:df:13:57:b7:e0:3c:be:1c:cb:3c:6a:90:e1:c8:72:e3:85:a4:ec:46:37:d7:13:f0:01:46:18:25:ad:eb:d6:1f:e0:77:f8:ae:fa:c1:28:3d:26:fb:e2:bd:4b:55:a7:58:de:f3:c6:e0:90:f4:52:90:05:41:0c:b4:2f:a4:c5:1c:ee:80:af:03:7f:ec:40:3a:3d:bd:e4:75:a2:04:2d:56:52:5e:e3:e4:85:fd:48:0b:1b:bc:3d:aa:a5:9b:76:ad:45:c6:62:ef:7b:9a:f6:a6:e7:d3:45:72:f2:e8:a3:f2:3e:89:15:46:8b:5a:70:4a:d8:78:87:84:b5:01:95:86:0c:fa:d2:d9:21:1f:da:b0:13:e9:47:dc:70:a2:b4:73:f0:a7:69:0e:96:4c:c5:13:01:76:dd:c2:ad:94:09:92:94:11:86:f7:c5:96:c2:29:db:93:2d:9c:38:9a:49:83:37:07:fe:9a:e2:b6:39:17:af:62:2c:e6:4d:ea:82:43:fd:1f:4b:da:44:f6:54:c0:59:bd:79:40:a5:36:91:5d:91:a7:2c:31:62:e5:a3:c7:c6:62:93:d5:a7:90:db:f7:4a:6c:00:89:a3:bb:0f:0e:2f:fe:7e:7f:ab:08:a7:21:f9:fd:cb:07:3c:6a:dd:45:89:c5:47:ba:fc:50:8c:80:f8:6f:22:5d:c7:ab:16:32:3d:b7:b2:9e:4a:74:2b:09:f2:fc:d2:6b:fb:db:b1:03:e6:59:e0:b4:49:01:80:cf:11:83:7b:33:53:f4:90:ea:3b:6a:b5:d6:39:e5:cf:d0:bf:42:28:18:bd:10:68:a1:09:8f:00:59:25:67:4c:f6:a4:7a:77:5d:52:0a:14:a2:df:44:e0:2e:d1:de:59:ce:18:8e:8a:de:0e:d8:50:1c:f9:fd:9d:58:a2:11:df:a5:69:f0:a2:ff:ab:1b:f4:c0:f3:2a:b9:af:e2:49:d2:2c:4f:25:2b:94:9b:89:bc:4c:99:b8:8a:bf:9e:92:4e:aa:37:01:e1:60:03:3c:dd:9f:78:94:00:02:bf:78:86:d6:55:22:cc:78:a6:77:f7:07:c3:83:77:e1:5a:d9:52:1e:17:bc:c8:64:4e:89:d3:ef:e5:10:ea:fd:f2:62:33:12:d4:5b:6c:68:4f:8f:5f:dc:86:d2:f5:96:a1:bb:dd:8e:08:bf:c9:e0:a4:12:c6:46:3c:40:d1:86:a2:af:20:0b:8b:cc:0a:c0:8e:d2:5c:45:b1:32:43:63:ff:fa:26:54:d3:d7:ea:8f:24:e7:9a:1f:11:ea:b4:7b:ba:bd:2b:a6:07:d2:8d:45:5e:e5:8e:27:2f:e6:27:23:0a:2d:42:94:3a:47:33:33:82:77:27:91:75:68:13:38:61:7f:85:33:0c:f8:58:b5:1e:89:01:ac:06:4d:25:fc:3e:f3:eb:e1:94:08:4f:a4:86:cf:b8:c9:e5:df:41:46:9d:99:19:61:3c:9b:32:47:41:27:92:86:ae:dd:d9:c2:ef:0a:9d:d9:27:dc:e0:ca:3d:13:fb:7d:40:2c:2d:e7:c9:73:ce:15:1b:3b:ef:c8:7e:24:e2:14:46:14:cd:fd:26:71:66:fa:95" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:27.248083000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495087.248083000", - "frame.time_delta": "0.137417000", - "frame.time_delta_displayed": "0.137417000", - "frame.time_relative": "1495.787397000", - "frame.number": "5146", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000b3c6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x0000d714", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35309", - "tcp.port": "80", - "tcp.port": "35309", - "tcp.stream": "189", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1849", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000315f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5145", - "tcp.analysis.ack_rtt": "0.137417000", - "tcp.analysis.initial_rtt": "0.137728000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:27.270690000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495087.270690000", - "frame.time_delta": "0.022607000", - "frame.time_delta_displayed": "0.022607000", - "frame.time_relative": "1495.810004000", - "frame.number": "5147", - "frame.len": "925", - "frame.cap_len": "925", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:media" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "911", - "ip.id": "0x0000bd86", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x0000c9ed", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35309", - "tcp.port": "80", - "tcp.port": "35309", - "tcp.stream": "189", - "tcp.len": "871", - "tcp.seq": "1", - "tcp.nxtseq": "872", - "tcp.ack": "1849", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00001be7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.137728000", - "tcp.analysis.bytes_in_flight": "871", - "tcp.analysis.push_bytes_sent": "871" - } - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.cache_control": "private", - "http.response.line": "Cache-Control: private\r\n", - "http.content_length_header": "560", - "http.content_length_header_tree": { - "http.content_length": "560" - }, - "http.response.line": "Content-Length: 560\r\n", - "http.content_type": "application\/CB-Encrypted; cipher=AES", - "http.response.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", - "http.server": "Microsoft-IIS\/7.5", - "http.response.line": "Server: Microsoft-IIS\/7.5\r\n", - "http.www_authenticate": "CBAuth Nonce=\"kDkZX21ZVBi9INUIdxegJQ==\"", - "http.response.line": "WWW-Authenticate: CBAuth Nonce=\"kDkZX21ZVBi9INUIdxegJQ==\"\r\n", - "http.response.line": "X-AspNet-Version: 4.0.30319\r\n", - "http.response.line": "X-Powered-By: ASP.NET\r\n", - "http.date": "Wed, 01 Nov 2017 00:11:26 GMT", - "http.response.line": "Date: Wed, 01 Nov 2017 00:11:26 GMT\r\n", - "http.connection": "close", - "http.response.line": "Connection: close\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.160024000", - "http.request_in": "5145", - "http.file_data": "\u0019" - }, - "media": { - "media.type": "19:00:9b:9f:ed:68:dd:ae:c8:d4:19:21:89:79:a6:3b:80:ae:a8:d9:ff:d4:e4:1a:48:eb:1e:dd:37:14:09:cf:5e:eb:b1:5b:3e:b1:cc:56:ca:8a:e1:00:f8:e1:4e:dc:ba:c8:38:b4:7a:1a:d2:41:c3:45:4b:c4:d2:42:06:ab:e9:30:8d:1a:c4:ff:8f:9c:e3:54:33:75:42:e3:9e:42:c8:e1:6b:d3:47:b4:fc:25:5d:c6:b3:9c:a7:5b:f5:6b:81:23:28:98:a5:16:e3:72:37:18:bb:78:47:8e:59:21:27:2f:49:4f:6e:b5:13:cf:43:ef:38:50:08:17:92:ba:9b:26:fe:14:b7:a8:d8:34:99:01:39:7a:34:84:6d:85:a0:69:d6:b8:c0:50:25:ae:99:4d:ff:03:e6:df:1d:8b:d6:4f:60:82:93:f1:b9:da:37:6a:c2:4d:46:6e:56:60:55:55:6c:aa:dd:e6:d9:bf:5c:64:15:0b:a8:d7:e3:50:22:72:ee:59:7e:86:d5:ab:89:cc:15:22:5d:9f:df:d1:23:65:2a:b8:84:e4:49:cb:b5:5f:0e:6f:f0:93:a1:f5:cb:62:af:69:2a:c5:7c:d2:ad:bf:14:cc:ad:dc:dd:fc:65:da:ac:4f:2f:a9:d0:e4:3a:b5:7d:6b:fa:e2:78:63:b8:94:81:d7:26:12:d0:9d:e6:59:26:56:15:50:41:39:3d:d6:b0:6d:53:57:b7:e4:2d:51:0c:47:4c:09:3a:da:30:10:0d:1c:67:f3:fc:7b:67:cb:bf:f6:63:e8:c8:ee:c4:1d:1d:ad:f8:7f:b9:5c:fe:34:ac:56:56:52:b2:5e:af:4c:80:3a:70:f8:9d:e1:2f:28:8c:62:cf:03:ef:fa:d1:c8:9d:cb:25:d0:a8:3c:2b:c9:57:4e:d3:68:21:1b:d5:92:f5:59:0b:a7:98:25:ed:0f:c9:6a:71:b9:7d:a2:e9:73:fe:ec:63:37:a0:6c:51:f2:ca:91:14:f8:13:dc:56:7d:68:7d:20:1d:ab:bf:78:8d:e9:d3:ca:11:65:5f:29:59:6a:cf:99:68:91:5a:8b:97:cc:b6:10:33:89:7e:a6:56:a5:e0:92:1d:28:00:a1:6d:d5:a2:a4:a0:0d:1f:1d:e6:72:aa:f7:ef:70:e9:0a:61:e8:a5:da:71:d0:ac:71:dc:36:0b:f8:9b:5c:d8:8e:e3:8b:71:e9:72:7e:85:a5:c4:48:6f:75:36:e0:47:71:77:df:48:e4:b5:2a:6b:dd:4c:dc:91:f0:9f:37:f3:61:7f:86:81:1c:e0:e9:20:cd:03:07:f0:88:b9:0e:36:50:bb:ce:0f:de:38:dc:36:9d:58:f7:0f:d8:fe:0c:5f:a6:50:e3:2f:fc:6b:5c:dc:c1:b3:65:08:64:95:39:1f:a5:e9:af:2b:a1:80:52:ad:9e:5c:de:63:8c:50:e3:70:da:52:e6:a1:dd:0e:29:e9" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:27.270779000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495087.270779000", - "frame.time_delta": "0.000089000", - "frame.time_delta_displayed": "0.000089000", - "frame.time_relative": "1495.810093000", - "frame.number": "5148", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000bd88", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x0000cd52", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35309", - "tcp.port": "80", - "tcp.port": "35309", - "tcp.stream": "189", - "tcp.len": "0", - "tcp.seq": "872", - "tcp.ack": "1849", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00002df7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:27.271267000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495087.271267000", - "frame.time_delta": "0.000488000", - "frame.time_delta_displayed": "0.000488000", - "frame.time_relative": "1495.810581000", - "frame.number": "5149", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000f60d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003fce", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35309", - "tcp.dstport": "80", - "tcp.port": "35309", - "tcp.port": "80", - "tcp.stream": "189", - "tcp.len": "0", - "tcp.seq": "1849", - "tcp.ack": "872", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "30485", - "tcp.window_size": "30485", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000ce46", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5147", - "tcp.analysis.ack_rtt": "0.000577000", - "tcp.analysis.initial_rtt": "0.137728000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:27.272128000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495087.272128000", - "frame.time_delta": "0.000861000", - "frame.time_delta_displayed": "0.000861000", - "frame.time_relative": "1495.811442000", - "frame.number": "5150", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000f60e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003fcd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35309", - "tcp.dstport": "80", - "tcp.port": "35309", - "tcp.port": "80", - "tcp.stream": "189", - "tcp.len": "0", - "tcp.seq": "1849", - "tcp.ack": "873", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "30485", - "tcp.window_size": "30485", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000ce44", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5148", - "tcp.analysis.ack_rtt": "0.001349000", - "tcp.analysis.initial_rtt": "0.137728000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:27.409328000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495087.409328000", - "frame.time_delta": "0.137200000", - "frame.time_delta_displayed": "0.137200000", - "frame.time_relative": "1495.948642000", - "frame.number": "5151", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000fb46", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x00008f94", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35309", - "tcp.port": "80", - "tcp.port": "35309", - "tcp.stream": "189", - "tcp.len": "0", - "tcp.seq": "873", - "tcp.ack": "1850", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00002df6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5150", - "tcp.analysis.ack_rtt": "0.137200000", - "tcp.analysis.initial_rtt": "0.137728000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:27.653987000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495087.653987000", - "frame.time_delta": "0.244659000", - "frame.time_delta_displayed": "0.244659000", - "frame.time_relative": "1496.193301000", - "frame.number": "5152", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001f66", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b88a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00001773", - "udp.checksum.status": "2", - "udp.stream": "98" - }, - "mdns": { - "dns.id": "0x00000282", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=642", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:27.654521000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495087.654521000", - "frame.time_delta": "0.000534000", - "frame.time_delta_displayed": "0.000534000", - "frame.time_relative": "1496.193835000", - "frame.number": "5153", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001f67", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009985", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f86e", - "udp.checksum.status": "2", - "udp.stream": "99" - }, - "mdns": { - "dns.id": "0x00000282", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=642", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:27.655131000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495087.655131000", - "frame.time_delta": "0.000610000", - "frame.time_delta_displayed": "0.000610000", - "frame.time_relative": "1496.194445000", - "frame.number": "5154", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1322", - "udp.dstport": "5353", - "udp.port": "1322", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00008634", - "udp.checksum.status": "2", - "udp.stream": "100" - }, - "mdns": { - "dns.id": "0x00000282", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=642", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:28.252861000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495088.252861000", - "frame.time_delta": "0.597730000", - "frame.time_delta_displayed": "0.597730000", - "frame.time_relative": "1496.792175000", - "frame.number": "5155", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00003f29", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00007938", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "51455", - "udp.dstport": "53", - "udp.port": "51455", - "udp.port": "53", - "udp.length": "52", - "udp.checksum": "0x0000289a", - "udp.checksum.status": "2", - "udp.stream": "126" - }, - "dns": { - "dns.id": "0x00002502", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "fw-update2.smartthings.com: type A, class IN": { - "dns.qry.name": "fw-update2.smartthings.com", - "dns.qry.name.len": "26", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:28.252866000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495088.252866000", - "frame.time_delta": "0.000005000", - "frame.time_delta_displayed": "0.000005000", - "frame.time_relative": "1496.792180000", - "frame.number": "5156", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00003f2a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00007937", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "51455", - "udp.dstport": "53", - "udp.port": "51455", - "udp.port": "53", - "udp.length": "52", - "udp.checksum": "0x000073af", - "udp.checksum.status": "2", - "udp.stream": "126" - }, - "dns": { - "dns.id": "0x0000d9d1", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "fw-update2.smartthings.com: type AAAA, class IN": { - "dns.qry.name": "fw-update2.smartthings.com", - "dns.qry.name.len": "26", - "dns.count.labels": "3", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:28.253679000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495088.253679000", - "frame.time_delta": "0.000813000", - "frame.time_delta_displayed": "0.000813000", - "frame.time_relative": "1496.792993000", - "frame.number": "5157", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00000e01", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000aa60", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "51455", - "udp.port": "53", - "udp.port": "51455", - "udp.length": "52", - "udp.checksum": "0x00008289", - "udp.checksum.status": "2", - "udp.stream": "126" - }, - "dns": { - "dns.response_to": "5156", - "dns.time": "0.000813000", - "dns.id": "0x0000d9d1", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "fw-update2.smartthings.com: type AAAA, class IN": { - "dns.qry.name": "fw-update2.smartthings.com", - "dns.qry.name.len": "26", - "dns.count.labels": "3", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:28.267611000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495088.267611000", - "frame.time_delta": "0.013932000", - "frame.time_delta_displayed": "0.013932000", - "frame.time_relative": "1496.806925000", - "frame.number": "5158", - "frame.len": "447", - "frame.cap_len": "447", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "433", - "ip.id": "0x00000e02", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000a8f6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "51455", - "udp.port": "53", - "udp.port": "51455", - "udp.length": "413", - "udp.checksum": "0x000083f2", - "udp.checksum.status": "2", - "udp.stream": "126" - }, - "dns": { - "dns.response_to": "5155", - "dns.time": "0.014750000", - "dns.id": "0x00002502", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "3", - "dns.count.auth_rr": "4", - "dns.count.add_rr": "8", - "Queries": { - "fw-update2.smartthings.com: type A, class IN": { - "dns.qry.name": "fw-update2.smartthings.com", - "dns.qry.name.len": "26", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "fw-update2.smartthings.com: type A, class IN, addr 52.70.238.171": { - "dns.resp.name": "fw-update2.smartthings.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "60", - "dns.resp.len": "4", - "dns.a": "52.70.238.171" - }, - "fw-update2.smartthings.com: type A, class IN, addr 52.4.156.100": { - "dns.resp.name": "fw-update2.smartthings.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "60", - "dns.resp.len": "4", - "dns.a": "52.4.156.100" - }, - "fw-update2.smartthings.com: type A, class IN, addr 34.231.50.247": { - "dns.resp.name": "fw-update2.smartthings.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "60", - "dns.resp.len": "4", - "dns.a": "34.231.50.247" - } - }, - "Authoritative nameservers": { - "smartthings.com: type NS, class IN, ns ns-779.awsdns-33.net": { - "dns.resp.name": "smartthings.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "9774", - "dns.resp.len": "22", - "dns.ns": "ns-779.awsdns-33.net" - }, - "smartthings.com: type NS, class IN, ns ns-1610.awsdns-09.co.uk": { - "dns.resp.name": "smartthings.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "9774", - "dns.resp.len": "25", - "dns.ns": "ns-1610.awsdns-09.co.uk" - }, - "smartthings.com: type NS, class IN, ns ns-442.awsdns-55.com": { - "dns.resp.name": "smartthings.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "9774", - "dns.resp.len": "19", - "dns.ns": "ns-442.awsdns-55.com" - }, - "smartthings.com: type NS, class IN, ns ns-1275.awsdns-31.org": { - "dns.resp.name": "smartthings.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "9774", - "dns.resp.len": "23", - "dns.ns": "ns-1275.awsdns-31.org" - } - }, - "Additional records": { - "ns-442.awsdns-55.com: type A, class IN, addr 205.251.193.186": { - "dns.resp.name": "ns-442.awsdns-55.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "138840", - "dns.resp.len": "4", - "dns.a": "205.251.193.186" - }, - "ns-779.awsdns-33.net: type A, class IN, addr 205.251.195.11": { - "dns.resp.name": "ns-779.awsdns-33.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "10460", - "dns.resp.len": "4", - "dns.a": "205.251.195.11" - }, - "ns-1275.awsdns-31.org: type A, class IN, addr 205.251.196.251": { - "dns.resp.name": "ns-1275.awsdns-31.org", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "6753", - "dns.resp.len": "4", - "dns.a": "205.251.196.251" - }, - "ns-1610.awsdns-09.co.uk: type A, class IN, addr 205.251.198.74": { - "dns.resp.name": "ns-1610.awsdns-09.co.uk", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "15355", - "dns.resp.len": "4", - "dns.a": "205.251.198.74" - }, - "ns-442.awsdns-55.com: type AAAA, class IN, addr 2600:9000:5301:ba00::1": { - "dns.resp.name": "ns-442.awsdns-55.com", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "138840", - "dns.resp.len": "16", - "dns.aaaa": "2600:9000:5301:ba00::1" - }, - "ns-779.awsdns-33.net: type AAAA, class IN, addr 2600:9000:5303:b00::1": { - "dns.resp.name": "ns-779.awsdns-33.net", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "10460", - "dns.resp.len": "16", - "dns.aaaa": "2600:9000:5303:b00::1" - }, - "ns-1275.awsdns-31.org: type AAAA, class IN, addr 2600:9000:5304:fb00::1": { - "dns.resp.name": "ns-1275.awsdns-31.org", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "6753", - "dns.resp.len": "16", - "dns.aaaa": "2600:9000:5304:fb00::1" - }, - "ns-1610.awsdns-09.co.uk: type AAAA, class IN, addr 2600:9000:5306:4a00::1": { - "dns.resp.name": "ns-1610.awsdns-09.co.uk", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "15355", - "dns.resp.len": "16", - "dns.aaaa": "2600:9000:5306:4a00::1" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:28.268690000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495088.268690000", - "frame.time_delta": "0.001079000", - "frame.time_delta_displayed": "0.001079000", - "frame.time_relative": "1496.808004000", - "frame.number": "5159", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x00009baa", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ba85", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "52.70.238.171", - "ip.addr": "52.70.238.171", - "ip.dst_host": "52.70.238.171", - "ip.host": "52.70.238.171", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.dst_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.dst_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.dst_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - } - }, - "tcp": { - "tcp.srcport": "34281", - "tcp.dstport": "443", - "tcp.port": "34281", - "tcp.port": "443", - "tcp.stream": "190", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 443", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "14600", - "tcp.window_size": "14600", - "tcp.checksum": "0x0000af9c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:26:f9:a2:00:00:00:00:01:03:03:06", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 2554274, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2554274", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 6 (multiply by 64)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "6", - "tcp.options.wscale.multiplier": "64" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:28.343056000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495088.343056000", - "frame.time_delta": "0.074366000", - "frame.time_delta_displayed": "0.074366000", - "frame.time_relative": "1496.882370000", - "frame.number": "5160", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "231", - "ip.proto": "6", - "ip.checksum": "0x0000af2f", - "ip.checksum.status": "2", - "ip.src": "52.70.238.171", - "ip.addr": "52.70.238.171", - "ip.src_host": "52.70.238.171", - "ip.host": "52.70.238.171", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.src_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.src_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.src_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "34281", - "tcp.port": "443", - "tcp.port": "34281", - "tcp.stream": "190", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 443", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "26847", - "tcp.window_size": "26847", - "tcp.checksum": "0x0000c0c0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:4b:47:fe:f5:00:26:f9:a2:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 1263009525, TSecr 2554274": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "1263009525", - "tcp.options.timestamp.tsecr": "2554274" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5159", - "tcp.analysis.ack_rtt": "0.074366000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:28.343519000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495088.343519000", - "frame.time_delta": "0.000463000", - "frame.time_delta_displayed": "0.000463000", - "frame.time_relative": "1496.882833000", - "frame.number": "5161", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00009bab", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ba8c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "52.70.238.171", - "ip.addr": "52.70.238.171", - "ip.dst_host": "52.70.238.171", - "ip.host": "52.70.238.171", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.dst_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.dst_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.dst_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - } - }, - "tcp": { - "tcp.srcport": "34281", - "tcp.dstport": "443", - "tcp.port": "34281", - "tcp.port": "443", - "tcp.stream": "190", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "229", - "tcp.window_size": "14656", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x00005781", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:f9:a9:4b:47:fe:f5", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2554281, TSecr 1263009525": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2554281", - "tcp.options.timestamp.tsecr": "1263009525" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5160", - "tcp.analysis.ack_rtt": "0.000463000", - "tcp.analysis.initial_rtt": "0.074829000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:28.345704000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495088.345704000", - "frame.time_delta": "0.002185000", - "frame.time_delta_displayed": "0.002185000", - "frame.time_relative": "1496.885018000", - "frame.number": "5162", - "frame.len": "373", - "frame.cap_len": "373", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "359", - "ip.id": "0x00009bac", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b958", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "52.70.238.171", - "ip.addr": "52.70.238.171", - "ip.dst_host": "52.70.238.171", - "ip.host": "52.70.238.171", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.dst_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.dst_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.dst_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - } - }, - "tcp": { - "tcp.srcport": "34281", - "tcp.dstport": "443", - "tcp.port": "34281", - "tcp.port": "443", - "tcp.stream": "190", - "tcp.len": "307", - "tcp.seq": "1", - "tcp.nxtseq": "308", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "229", - "tcp.window_size": "14656", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x000014b5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:f9:a9:4b:47:fe:f5", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2554281, TSecr 1263009525": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2554281", - "tcp.options.timestamp.tsecr": "1263009525" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.074829000", - "tcp.analysis.bytes_in_flight": "307", - "tcp.analysis.push_bytes_sent": "307" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "22", - "ssl.record.version": "0x00000301", - "ssl.record.length": "302", - "ssl.handshake": { - "ssl.handshake.type": "1", - "ssl.handshake.length": "298", - "ssl.handshake.version": "0x00000303", - "Random": { - "ssl.handshake.random_time": "Jun 8, 1974 06:10:04.000000000 PDT", - "ssl.handshake.random": "69:20:23:8d:16:d0:be:40:8c:9f:d0:86:e3:7f:a6:df:9a:35:b8:ee:68:f2:77:f3:e1:04:70:23" - }, - "ssl.handshake.session_id_length": "0", - "ssl.handshake.cipher_suites_length": "148", - "ssl.handshake.ciphersuites": { - "ssl.handshake.ciphersuite": "49200", - "ssl.handshake.ciphersuite": "49196", - "ssl.handshake.ciphersuite": "49192", - "ssl.handshake.ciphersuite": "49188", - "ssl.handshake.ciphersuite": "49172", - "ssl.handshake.ciphersuite": "49162", - "ssl.handshake.ciphersuite": "163", - "ssl.handshake.ciphersuite": "159", - "ssl.handshake.ciphersuite": "107", - "ssl.handshake.ciphersuite": "106", - "ssl.handshake.ciphersuite": "57", - "ssl.handshake.ciphersuite": "56", - "ssl.handshake.ciphersuite": "136", - "ssl.handshake.ciphersuite": "135", - "ssl.handshake.ciphersuite": "49202", - "ssl.handshake.ciphersuite": "49198", - "ssl.handshake.ciphersuite": "49194", - "ssl.handshake.ciphersuite": "49190", - "ssl.handshake.ciphersuite": "49167", - "ssl.handshake.ciphersuite": "49157", - "ssl.handshake.ciphersuite": "157", - "ssl.handshake.ciphersuite": "61", - "ssl.handshake.ciphersuite": "53", - "ssl.handshake.ciphersuite": "132", - "ssl.handshake.ciphersuite": "49199", - "ssl.handshake.ciphersuite": "49195", - "ssl.handshake.ciphersuite": "49191", - "ssl.handshake.ciphersuite": "49187", - "ssl.handshake.ciphersuite": "49171", - "ssl.handshake.ciphersuite": "49161", - "ssl.handshake.ciphersuite": "162", - "ssl.handshake.ciphersuite": "158", - "ssl.handshake.ciphersuite": "103", - "ssl.handshake.ciphersuite": "64", - "ssl.handshake.ciphersuite": "51", - "ssl.handshake.ciphersuite": "50", - "ssl.handshake.ciphersuite": "154", - "ssl.handshake.ciphersuite": "153", - "ssl.handshake.ciphersuite": "69", - "ssl.handshake.ciphersuite": "68", - "ssl.handshake.ciphersuite": "49201", - "ssl.handshake.ciphersuite": "49197", - "ssl.handshake.ciphersuite": "49193", - "ssl.handshake.ciphersuite": "49189", - "ssl.handshake.ciphersuite": "49166", - "ssl.handshake.ciphersuite": "49156", - "ssl.handshake.ciphersuite": "156", - "ssl.handshake.ciphersuite": "60", - "ssl.handshake.ciphersuite": "47", - "ssl.handshake.ciphersuite": "150", - "ssl.handshake.ciphersuite": "65", - "ssl.handshake.ciphersuite": "7", - "ssl.handshake.ciphersuite": "49169", - "ssl.handshake.ciphersuite": "49159", - "ssl.handshake.ciphersuite": "49164", - "ssl.handshake.ciphersuite": "49154", - "ssl.handshake.ciphersuite": "5", - "ssl.handshake.ciphersuite": "4", - "ssl.handshake.ciphersuite": "49170", - "ssl.handshake.ciphersuite": "49160", - "ssl.handshake.ciphersuite": "22", - "ssl.handshake.ciphersuite": "19", - "ssl.handshake.ciphersuite": "49165", - "ssl.handshake.ciphersuite": "49155", - "ssl.handshake.ciphersuite": "10", - "ssl.handshake.ciphersuite": "21", - "ssl.handshake.ciphersuite": "18", - "ssl.handshake.ciphersuite": "9", - "ssl.handshake.ciphersuite": "20", - "ssl.handshake.ciphersuite": "17", - "ssl.handshake.ciphersuite": "8", - "ssl.handshake.ciphersuite": "6", - "ssl.handshake.ciphersuite": "3", - "ssl.handshake.ciphersuite": "255" - }, - "ssl.handshake.comp_methods_length": "1", - "ssl.handshake.comp_methods": { - "ssl.handshake.comp_method": "0" - }, - "ssl.handshake.extensions_length": "109", - "Extension: ec_point_formats": { - "ssl.handshake.extension.type": "0x0000000b", - "ssl.handshake.extension.len": "4", - "ssl.handshake.extensions_ec_point_formats_length": "3", - "ssl.handshake.extensions_elliptic_curves": { - "ssl.handshake.extensions_ec_point_format": "0", - "ssl.handshake.extensions_ec_point_format": "1", - "ssl.handshake.extensions_ec_point_format": "2" - } - }, - "Extension: elliptic_curves": { - "ssl.handshake.extension.type": "0x0000000a", - "ssl.handshake.extension.len": "52", - "ssl.handshake.extensions_elliptic_curves_length": "50", - "ssl.handshake.extensions_elliptic_curves": { - "ssl.handshake.extensions_elliptic_curve": "0x0000000e", - "ssl.handshake.extensions_elliptic_curve": "0x0000000d", - "ssl.handshake.extensions_elliptic_curve": "0x00000019", - "ssl.handshake.extensions_elliptic_curve": "0x0000000b", - "ssl.handshake.extensions_elliptic_curve": "0x0000000c", - "ssl.handshake.extensions_elliptic_curve": "0x00000018", - "ssl.handshake.extensions_elliptic_curve": "0x00000009", - "ssl.handshake.extensions_elliptic_curve": "0x0000000a", - "ssl.handshake.extensions_elliptic_curve": "0x00000016", - "ssl.handshake.extensions_elliptic_curve": "0x00000017", - "ssl.handshake.extensions_elliptic_curve": "0x00000008", - "ssl.handshake.extensions_elliptic_curve": "0x00000006", - "ssl.handshake.extensions_elliptic_curve": "0x00000007", - "ssl.handshake.extensions_elliptic_curve": "0x00000014", - "ssl.handshake.extensions_elliptic_curve": "0x00000015", - "ssl.handshake.extensions_elliptic_curve": "0x00000004", - "ssl.handshake.extensions_elliptic_curve": "0x00000005", - "ssl.handshake.extensions_elliptic_curve": "0x00000012", - "ssl.handshake.extensions_elliptic_curve": "0x00000013", - "ssl.handshake.extensions_elliptic_curve": "0x00000001", - "ssl.handshake.extensions_elliptic_curve": "0x00000002", - "ssl.handshake.extensions_elliptic_curve": "0x00000003", - "ssl.handshake.extensions_elliptic_curve": "0x0000000f", - "ssl.handshake.extensions_elliptic_curve": "0x00000010", - "ssl.handshake.extensions_elliptic_curve": "0x00000011" - } - }, - "Extension: SessionTicket TLS": { - "ssl.handshake.extension.type": "0x00000023", - "ssl.handshake.extension.len": "0", - "ssl.handshake.extension.data": "" - }, - "Extension: signature_algorithms": { - "ssl.handshake.extension.type": "0x0000000d", - "ssl.handshake.extension.len": "32", - "ssl.handshake.sig_hash_alg_len": "30", - "ssl.handshake.sig_hash_algs": { - "ssl.handshake.sig_hash_alg": "0x00000601", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "6", - "ssl.handshake.sig_hash_sig": "1" - }, - "ssl.handshake.sig_hash_alg": "0x00000602", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "6", - "ssl.handshake.sig_hash_sig": "2" - }, - "ssl.handshake.sig_hash_alg": "0x00000603", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "6", - "ssl.handshake.sig_hash_sig": "3" - }, - "ssl.handshake.sig_hash_alg": "0x00000501", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "5", - "ssl.handshake.sig_hash_sig": "1" - }, - "ssl.handshake.sig_hash_alg": "0x00000502", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "5", - "ssl.handshake.sig_hash_sig": "2" - }, - "ssl.handshake.sig_hash_alg": "0x00000503", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "5", - "ssl.handshake.sig_hash_sig": "3" - }, - "ssl.handshake.sig_hash_alg": "0x00000401", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "4", - "ssl.handshake.sig_hash_sig": "1" - }, - "ssl.handshake.sig_hash_alg": "0x00000402", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "4", - "ssl.handshake.sig_hash_sig": "2" - }, - "ssl.handshake.sig_hash_alg": "0x00000403", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "4", - "ssl.handshake.sig_hash_sig": "3" - }, - "ssl.handshake.sig_hash_alg": "0x00000301", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "3", - "ssl.handshake.sig_hash_sig": "1" - }, - "ssl.handshake.sig_hash_alg": "0x00000302", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "3", - "ssl.handshake.sig_hash_sig": "2" - }, - "ssl.handshake.sig_hash_alg": "0x00000303", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "3", - "ssl.handshake.sig_hash_sig": "3" - }, - "ssl.handshake.sig_hash_alg": "0x00000201", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "2", - "ssl.handshake.sig_hash_sig": "1" - }, - "ssl.handshake.sig_hash_alg": "0x00000202", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "2", - "ssl.handshake.sig_hash_sig": "2" - }, - "ssl.handshake.sig_hash_alg": "0x00000203", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "2", - "ssl.handshake.sig_hash_sig": "3" - } - } - }, - "Extension: Heartbeat": { - "ssl.handshake.extension.type": "0x0000000f", - "ssl.handshake.extension.len": "1", - "ssl.handshake.extension.heartbeat.mode": "1" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:28.420209000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495088.420209000", - "frame.time_delta": "0.074505000", - "frame.time_delta_displayed": "0.074505000", - "frame.time_relative": "1496.959523000", - "frame.number": "5163", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000d6a7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "231", - "ip.proto": "6", - "ip.checksum": "0x0000d88f", - "ip.checksum.status": "2", - "ip.src": "52.70.238.171", - "ip.addr": "52.70.238.171", - "ip.src_host": "52.70.238.171", - "ip.host": "52.70.238.171", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.src_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.src_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.src_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "34281", - "tcp.port": "443", - "tcp.port": "34281", - "tcp.stream": "190", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "308", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "110", - "tcp.window_size": "28160", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000056b2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:4b:47:ff:08:00:26:f9:a9", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 1263009544, TSecr 2554281": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "1263009544", - "tcp.options.timestamp.tsecr": "2554281" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5162", - "tcp.analysis.ack_rtt": "0.074505000", - "tcp.analysis.initial_rtt": "0.074829000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:28.421620000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495088.421620000", - "frame.time_delta": "0.001411000", - "frame.time_delta_displayed": "0.001411000", - "frame.time_relative": "1496.960934000", - "frame.number": "5164", - "frame.len": "1514", - "frame.cap_len": "1514", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1500", - "ip.id": "0x0000d6a8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "231", - "ip.proto": "6", - "ip.checksum": "0x0000d2e6", - "ip.checksum.status": "2", - "ip.src": "52.70.238.171", - "ip.addr": "52.70.238.171", - "ip.src_host": "52.70.238.171", - "ip.host": "52.70.238.171", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.src_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.src_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.src_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "34281", - "tcp.port": "443", - "tcp.port": "34281", - "tcp.stream": "190", - "tcp.len": "1448", - "tcp.seq": "1", - "tcp.nxtseq": "1449", - "tcp.ack": "308", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "110", - "tcp.window_size": "28160", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000dc6e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:4b:47:ff:08:00:26:f9:a9", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 1263009544, TSecr 2554281": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "1263009544", - "tcp.options.timestamp.tsecr": "2554281" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.074829000", - "tcp.analysis.bytes_in_flight": "1448", - "tcp.analysis.push_bytes_sent": "1448" - }, - "tcp.segment_data": "16:03:03:05:49:0b:00:05:45:00:05:42:00:03:09:30:82:03:05:30:82:02:6e:a0:03:02:01:02:02:01:00:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:34:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:34:34:5a:30:5f:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:10:30:0e:06:03:55:04:03:13:07:53:54:46:57:53:52:56:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:c9:56:e8:6d:ec:56:0a:e8:a6:09:dc:50:d1:72:66:6d:16:64:1c:fa:f4:df:ab:ee:e5:89:6f:90:1c:78:63:3a:cd:18:c9:a0:0a:c2:c9:09:99:15:ce:93:87:44:31:dc:56:53:c4:1d:bd:6a:6a:96:2d:97:e8:16:59:4c:b6:13:6d:a7:e6:e1:1e:51:8f:7a:40:d9:eb:47:f6:88:3f:04:7a:a2:3a:49:ae:c4:fb:fe:f3:b6:72:59:38:60:5e:cf:12:0d:db:15:fe:f5:c9:0c:89:b1:91:59:69:d0:4a:1c:0a:86:4d:6f:66:19:22:eb:57:e3:c8:8f:b7:f6:4d:8b:02:03:01:00:01:a3:81:d3:30:81:d0:30:09:06:03:55:1d:13:04:02:30:00:30:2c:06:09:60:86:48:01:86:f8:42:01:0d:04:1f:16:1d:4f:70:65:6e:53:53:4c:20:47:65:6e:65:72:61:74:65:64:20:43:65:72:74:69:66:69:63:61:74:65:30:1d:06:03:55:1d:0e:04:16:04:14:01:07:04:ee:a6:17:33:cc:2d:e5:e1:56:cd:43:0f:b2:71:42:05:02:30:76:06:03:55:1d:23:04:6f:30:6d:a1:60:a4:5e:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:82:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:0f:26:11:8e:c5:ab:4b:39:27:63:dc:70:73:ad:5b:c3:b1:83:2e:2d:8d:93:d4:2a:6e:70:9a:38:75:cc:0c:c4:0d:13:ae:b5:72:2f:15:bf:44:17:4a:3d:c2:8b:15:3d:87:ce:90:01:e6:20:b4:55:04:15:30:3f:ac:1b:78:f8:ff:c0:64:74:c2:29:96:f3:5f:be:a1:59:6e:24:e4:0f:4b:08:71:22:83:e6:9a:ce:7f:64:11:05:4c:33:40:04:42:a4:bf:b0:e8:e5:50:2b:0f:7b:20:ec:53:4e:da:b4:e5:8f:3c:d1:bb:ab:95:e6:16:7a:9a:72:e5:e6:53:79:00:02:33:30:82:02:2f:30:82:01:98:02:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:33:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:33:34:5a:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:eb:7c:8a:c0:0c:30:96:1b:ea:91:46:ea:ed:6b:41:f5:f0:f6:0a:16:a7:f3:cd:25:e9:4a:2c:9b:b4:66:58:54:22:a2:ad:5a:31:51:fe:85:9a:52:f5:e0:b8:45:2e:05:75:5e:fd:39:35:35:11:62:26:19:f8:7b:7d:8d:aa:73:b4:24:ab:c3:b1:08:c5:81:f1:1f:a8:3a:e6:13:ce:42:d4:67:59:3c:50:1d:6b:a2:f9:87:11:24:b5:ca:e0:cc:23:54:af:1a:9d:60:21:8e:41:4c:f9:00:4f:8e:2e:48:be:60:61:25:8a:bb:e5:16:ac:c0:01:fe:bf:6c:ee:7f:02:03:01:00:01:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:48:44:84:f7:d5:c5:67:7f:cb:ea:65:30:ba:64:5c:53:a1:6d:22:f4:de:32:75:b0:cc:53:3d:29:00:14:5a:78:1c:40:a5:2d:4e:7e:fa:c8:d6:22:c3:3e:56:3f:33:22:0b:7a:23:02:e5:75:49:94:70:27:b4:a4:a4:48:5f:77:a2:09:78:90:0e:0d:41:6d:26:a7:9f:9b:e0:16:4f:9c:16:98:14:5e:99:67:f1:cb:ff:5d:b2:7e:bf:b3:fd:c3:b3:d5:fb:3a:fe:78:2d:df:5a:6f:db:e3:3a:b0:93:6f:ed:c8:ee:58:a4:f6:95:5e:43:48:37:1e" - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "22", - "ssl.record.version": "0x00000303", - "ssl.record.length": "89", - "ssl.handshake": { - "ssl.handshake.type": "2", - "ssl.handshake.length": "85", - "ssl.handshake.version": "0x00000303", - "Random": { - "ssl.handshake.random_time": "Aug 25, 2073 01:24:02.000000000 PDT", - "ssl.handshake.random": "a2:96:cd:57:0c:21:27:6e:90:d5:85:40:2e:a7:1d:53:4d:fe:81:cb:dc:ef:df:66:0d:4a:17:6e" - }, - "ssl.handshake.session_id_length": "32", - "ssl.handshake.session_id": "b6:7a:c7:d1:f6:b0:5c:ac:98:7a:ae:96:9b:6c:92:c1:c4:a4:0b:32:47:2c:8a:b7:7a:d5:74:3b:8c:eb:00:dc", - "ssl.handshake.ciphersuite": "49199", - "ssl.handshake.comp_method": "0", - "ssl.handshake.extensions_length": "13", - "Extension: renegotiation_info": { - "ssl.handshake.extension.type": "0x0000ff01", - "ssl.handshake.extension.len": "1", - "Renegotiation Info extension": { - "ssl.handshake.extensions_reneg_info_len": "0" - } - }, - "Extension: ec_point_formats": { - "ssl.handshake.extension.type": "0x0000000b", - "ssl.handshake.extension.len": "4", - "ssl.handshake.extensions_ec_point_formats_length": "3", - "ssl.handshake.extensions_elliptic_curves": { - "ssl.handshake.extensions_ec_point_format": "0", - "ssl.handshake.extensions_ec_point_format": "1", - "ssl.handshake.extensions_ec_point_format": "2" - } - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:28.421695000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495088.421695000", - "frame.time_delta": "0.000075000", - "frame.time_delta_displayed": "0.000075000", - "frame.time_relative": "1496.961009000", - "frame.number": "5165", - "frame.len": "289", - "frame.cap_len": "289", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl:pkcs-1:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:pkcs-1:x509ce:ns_cert_exts:x509ce:x509ce:x509sat:x509sat:x509sat:x509sat:x509sat:pkcs-1:pkcs-1:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:pkcs-1:pkcs-1:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "275", - "ip.id": "0x0000d6a9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "231", - "ip.proto": "6", - "ip.checksum": "0x0000d7ae", - "ip.checksum.status": "2", - "ip.src": "52.70.238.171", - "ip.addr": "52.70.238.171", - "ip.src_host": "52.70.238.171", - "ip.host": "52.70.238.171", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.src_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.src_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.src_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "34281", - "tcp.port": "443", - "tcp.port": "34281", - "tcp.stream": "190", - "tcp.len": "223", - "tcp.seq": "1449", - "tcp.nxtseq": "1672", - "tcp.ack": "308", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "110", - "tcp.window_size": "28160", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00001d70", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:4b:47:ff:09:00:26:f9:a9", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 1263009545, TSecr 2554281": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "1263009545", - "tcp.options.timestamp.tsecr": "2554281" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.074829000", - "tcp.analysis.bytes_in_flight": "1671", - "tcp.analysis.push_bytes_sent": "1671" - }, - "tcp.segment_data": "3a:cd:63:9f" - }, - "tcp.segments": { - "tcp.segment": "5164", - "tcp.segment": "5165", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1358", - "tcp.reassembled.data": "16:03:03:05:49:0b:00:05:45:00:05:42:00:03:09:30:82:03:05:30:82:02:6e:a0:03:02:01:02:02:01:00:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:34:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:34:34:5a:30:5f:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:10:30:0e:06:03:55:04:03:13:07:53:54:46:57:53:52:56:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:c9:56:e8:6d:ec:56:0a:e8:a6:09:dc:50:d1:72:66:6d:16:64:1c:fa:f4:df:ab:ee:e5:89:6f:90:1c:78:63:3a:cd:18:c9:a0:0a:c2:c9:09:99:15:ce:93:87:44:31:dc:56:53:c4:1d:bd:6a:6a:96:2d:97:e8:16:59:4c:b6:13:6d:a7:e6:e1:1e:51:8f:7a:40:d9:eb:47:f6:88:3f:04:7a:a2:3a:49:ae:c4:fb:fe:f3:b6:72:59:38:60:5e:cf:12:0d:db:15:fe:f5:c9:0c:89:b1:91:59:69:d0:4a:1c:0a:86:4d:6f:66:19:22:eb:57:e3:c8:8f:b7:f6:4d:8b:02:03:01:00:01:a3:81:d3:30:81:d0:30:09:06:03:55:1d:13:04:02:30:00:30:2c:06:09:60:86:48:01:86:f8:42:01:0d:04:1f:16:1d:4f:70:65:6e:53:53:4c:20:47:65:6e:65:72:61:74:65:64:20:43:65:72:74:69:66:69:63:61:74:65:30:1d:06:03:55:1d:0e:04:16:04:14:01:07:04:ee:a6:17:33:cc:2d:e5:e1:56:cd:43:0f:b2:71:42:05:02:30:76:06:03:55:1d:23:04:6f:30:6d:a1:60:a4:5e:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:82:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:0f:26:11:8e:c5:ab:4b:39:27:63:dc:70:73:ad:5b:c3:b1:83:2e:2d:8d:93:d4:2a:6e:70:9a:38:75:cc:0c:c4:0d:13:ae:b5:72:2f:15:bf:44:17:4a:3d:c2:8b:15:3d:87:ce:90:01:e6:20:b4:55:04:15:30:3f:ac:1b:78:f8:ff:c0:64:74:c2:29:96:f3:5f:be:a1:59:6e:24:e4:0f:4b:08:71:22:83:e6:9a:ce:7f:64:11:05:4c:33:40:04:42:a4:bf:b0:e8:e5:50:2b:0f:7b:20:ec:53:4e:da:b4:e5:8f:3c:d1:bb:ab:95:e6:16:7a:9a:72:e5:e6:53:79:00:02:33:30:82:02:2f:30:82:01:98:02:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:33:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:33:34:5a:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:eb:7c:8a:c0:0c:30:96:1b:ea:91:46:ea:ed:6b:41:f5:f0:f6:0a:16:a7:f3:cd:25:e9:4a:2c:9b:b4:66:58:54:22:a2:ad:5a:31:51:fe:85:9a:52:f5:e0:b8:45:2e:05:75:5e:fd:39:35:35:11:62:26:19:f8:7b:7d:8d:aa:73:b4:24:ab:c3:b1:08:c5:81:f1:1f:a8:3a:e6:13:ce:42:d4:67:59:3c:50:1d:6b:a2:f9:87:11:24:b5:ca:e0:cc:23:54:af:1a:9d:60:21:8e:41:4c:f9:00:4f:8e:2e:48:be:60:61:25:8a:bb:e5:16:ac:c0:01:fe:bf:6c:ee:7f:02:03:01:00:01:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:48:44:84:f7:d5:c5:67:7f:cb:ea:65:30:ba:64:5c:53:a1:6d:22:f4:de:32:75:b0:cc:53:3d:29:00:14:5a:78:1c:40:a5:2d:4e:7e:fa:c8:d6:22:c3:3e:56:3f:33:22:0b:7a:23:02:e5:75:49:94:70:27:b4:a4:a4:48:5f:77:a2:09:78:90:0e:0d:41:6d:26:a7:9f:9b:e0:16:4f:9c:16:98:14:5e:99:67:f1:cb:ff:5d:b2:7e:bf:b3:fd:c3:b3:d5:fb:3a:fe:78:2d:df:5a:6f:db:e3:3a:b0:93:6f:ed:c8:ee:58:a4:f6:95:5e:43:48:37:1e:3a:cd:63:9f" - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "22", - "ssl.record.version": "0x00000303", - "ssl.record.length": "1353", - "ssl.handshake": { - "ssl.handshake.type": "11", - "ssl.handshake.length": "1349", - "ssl.handshake.certificates_length": "1346", - "ssl.handshake.certificates": { - "ssl.handshake.certificate_length": "777", - "ssl.handshake.certificate": "30:82:03:05:30:82:02:6e:a0:03:02:01:02:02:01:00:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:34:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:34:34:5a:30:5f:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:10:30:0e:06:03:55:04:03:13:07:53:54:46:57:53:52:56:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:c9:56:e8:6d:ec:56:0a:e8:a6:09:dc:50:d1:72:66:6d:16:64:1c:fa:f4:df:ab:ee:e5:89:6f:90:1c:78:63:3a:cd:18:c9:a0:0a:c2:c9:09:99:15:ce:93:87:44:31:dc:56:53:c4:1d:bd:6a:6a:96:2d:97:e8:16:59:4c:b6:13:6d:a7:e6:e1:1e:51:8f:7a:40:d9:eb:47:f6:88:3f:04:7a:a2:3a:49:ae:c4:fb:fe:f3:b6:72:59:38:60:5e:cf:12:0d:db:15:fe:f5:c9:0c:89:b1:91:59:69:d0:4a:1c:0a:86:4d:6f:66:19:22:eb:57:e3:c8:8f:b7:f6:4d:8b:02:03:01:00:01:a3:81:d3:30:81:d0:30:09:06:03:55:1d:13:04:02:30:00:30:2c:06:09:60:86:48:01:86:f8:42:01:0d:04:1f:16:1d:4f:70:65:6e:53:53:4c:20:47:65:6e:65:72:61:74:65:64:20:43:65:72:74:69:66:69:63:61:74:65:30:1d:06:03:55:1d:0e:04:16:04:14:01:07:04:ee:a6:17:33:cc:2d:e5:e1:56:cd:43:0f:b2:71:42:05:02:30:76:06:03:55:1d:23:04:6f:30:6d:a1:60:a4:5e:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:82:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:0f:26:11:8e:c5:ab:4b:39:27:63:dc:70:73:ad:5b:c3:b1:83:2e:2d:8d:93:d4:2a:6e:70:9a:38:75:cc:0c:c4:0d:13:ae:b5:72:2f:15:bf:44:17:4a:3d:c2:8b:15:3d:87:ce:90:01:e6:20:b4:55:04:15:30:3f:ac:1b:78:f8:ff:c0:64:74:c2:29:96:f3:5f:be:a1:59:6e:24:e4:0f:4b:08:71:22:83:e6:9a:ce:7f:64:11:05:4c:33:40:04:42:a4:bf:b0:e8:e5:50:2b:0f:7b:20:ec:53:4e:da:b4:e5:8f:3c:d1:bb:ab:95:e6:16:7a:9a:72:e5:e6:53:79", - "ssl.handshake.certificate_tree": { - "x509af.signedCertificate_element": { - "x509af.version": "2", - "x509af.serialNumber": "0", - "x509af.signature_element": { - "x509af.algorithm.id": "1.2.840.113549.1.1.5" - }, - "x509af.issuer": "0", - "x509af.issuer_tree": { - "x509if.rdnSequence": "5", - "x509if.rdnSequence_tree": { - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.6", - "x509sat.CountryName": "US" - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.8", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "Minnesota" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.10", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "SmartThings" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.11", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "SmartThings" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.3", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "STCA" - } - } - } - } - }, - "x509af.validity_element": { - "x509af.notBefore": "0", - "x509af.notBefore_tree": { - "x509af.utcTime": "15-03-05 21:25:44 (UTC)" - }, - "x509af.notAfter": "0", - "x509af.notAfter_tree": { - "x509af.utcTime": "25-03-02 21:25:44 (UTC)" - } - }, - "x509af.subject": "0", - "x509af.subject_tree": { - "x509af.rdnSequence": "5", - "x509af.rdnSequence_tree": { - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.6", - "x509sat.CountryName": "US" - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.8", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "Minnesota" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.10", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "SmartThings" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.11", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "SmartThings" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.3", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "STFWSRV" - } - } - } - } - }, - "x509af.subjectPublicKeyInfo_element": { - "x509af.algorithm_element": { - "x509af.algorithm.id": "1.2.840.113549.1.1.1" - }, - "x509af.subjectPublicKey": "30:81:89:02:81:81:00:c9:56:e8:6d:ec:56:0a:e8:a6:09:dc:50:d1:72:66:6d:16:64:1c:fa:f4:df:ab:ee:e5:89:6f:90:1c:78:63:3a:cd:18:c9:a0:0a:c2:c9:09:99:15:ce:93:87:44:31:dc:56:53:c4:1d:bd:6a:6a:96:2d:97:e8:16:59:4c:b6:13:6d:a7:e6:e1:1e:51:8f:7a:40:d9:eb:47:f6:88:3f:04:7a:a2:3a:49:ae:c4:fb:fe:f3:b6:72:59:38:60:5e:cf:12:0d:db:15:fe:f5:c9:0c:89:b1:91:59:69:d0:4a:1c:0a:86:4d:6f:66:19:22:eb:57:e3:c8:8f:b7:f6:4d:8b:02:03:01:00:01", - "x509af.subjectPublicKey_tree": { - "pkcs1.modulus": "00:c9:56:e8:6d:ec:56:0a:e8:a6:09:dc:50:d1:72:66:6d:16:64:1c:fa:f4:df:ab:ee:e5:89:6f:90:1c:78:63:3a:cd:18:c9:a0:0a:c2:c9:09:99:15:ce:93:87:44:31:dc:56:53:c4:1d:bd:6a:6a:96:2d:97:e8:16:59:4c:b6:13:6d:a7:e6:e1:1e:51:8f:7a:40:d9:eb:47:f6:88:3f:04:7a:a2:3a:49:ae:c4:fb:fe:f3:b6:72:59:38:60:5e:cf:12:0d:db:15:fe:f5:c9:0c:89:b1:91:59:69:d0:4a:1c:0a:86:4d:6f:66:19:22:eb:57:e3:c8:8f:b7:f6:4d:8b", - "pkcs1.publicExponent": "65537" - } - }, - "x509af.extensions": "4", - "x509af.extensions_tree": { - "x509af.Extension_element": { - "x509af.extension.id": "2.5.29.19", - "x509ce.BasicConstraintsSyntax_element": "" - }, - "x509af.Extension_element": { - "x509af.extension.id": "2.16.840.1.113730.1.13", - "ns_cert_exts.Comment": "OpenSSL Generated Certificate" - }, - "x509af.Extension_element": { - "x509af.extension.id": "2.5.29.14", - "x509ce.SubjectKeyIdentifier": "01:07:04:ee:a6:17:33:cc:2d:e5:e1:56:cd:43:0f:b2:71:42:05:02" - }, - "x509af.Extension_element": { - "x509af.extension.id": "2.5.29.35", - "x509ce.AuthorityKeyIdentifier_element": { - "x509ce.authorityCertIssuer": "1", - "x509ce.authorityCertIssuer_tree": { - "x509ce.GeneralName": "4", - "x509ce.GeneralName_tree": { - "x509ce.directoryName": "0", - "x509ce.directoryName_tree": { - "x509if.rdnSequence": "5", - "x509if.rdnSequence_tree": { - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.6", - "x509sat.CountryName": "US" - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.8", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "Minnesota" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.10", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "SmartThings" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.11", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "SmartThings" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.3", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "STCA" - } - } - } - } - } - } - }, - "x509ce.authorityCertSerialNumber": "-2877719464742176835" - } - } - } - }, - "x509af.algorithmIdentifier_element": { - "x509af.algorithm.id": "1.2.840.113549.1.1.5" - }, - "ber.bitstring.padding": "0", - "x509af.encrypted": "0f:26:11:8e:c5:ab:4b:39:27:63:dc:70:73:ad:5b:c3:b1:83:2e:2d:8d:93:d4:2a:6e:70:9a:38:75:cc:0c:c4:0d:13:ae:b5:72:2f:15:bf:44:17:4a:3d:c2:8b:15:3d:87:ce:90:01:e6:20:b4:55:04:15:30:3f:ac:1b:78:f8:ff:c0:64:74:c2:29:96:f3:5f:be:a1:59:6e:24:e4:0f:4b:08:71:22:83:e6:9a:ce:7f:64:11:05:4c:33:40:04:42:a4:bf:b0:e8:e5:50:2b:0f:7b:20:ec:53:4e:da:b4:e5:8f:3c:d1:bb:ab:95:e6:16:7a:9a:72:e5:e6:53:79" - }, - "ssl.handshake.certificate_length": "563", - "ssl.handshake.certificate": "30:82:02:2f:30:82:01:98:02:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:33:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:33:34:5a:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:eb:7c:8a:c0:0c:30:96:1b:ea:91:46:ea:ed:6b:41:f5:f0:f6:0a:16:a7:f3:cd:25:e9:4a:2c:9b:b4:66:58:54:22:a2:ad:5a:31:51:fe:85:9a:52:f5:e0:b8:45:2e:05:75:5e:fd:39:35:35:11:62:26:19:f8:7b:7d:8d:aa:73:b4:24:ab:c3:b1:08:c5:81:f1:1f:a8:3a:e6:13:ce:42:d4:67:59:3c:50:1d:6b:a2:f9:87:11:24:b5:ca:e0:cc:23:54:af:1a:9d:60:21:8e:41:4c:f9:00:4f:8e:2e:48:be:60:61:25:8a:bb:e5:16:ac:c0:01:fe:bf:6c:ee:7f:02:03:01:00:01:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:48:44:84:f7:d5:c5:67:7f:cb:ea:65:30:ba:64:5c:53:a1:6d:22:f4:de:32:75:b0:cc:53:3d:29:00:14:5a:78:1c:40:a5:2d:4e:7e:fa:c8:d6:22:c3:3e:56:3f:33:22:0b:7a:23:02:e5:75:49:94:70:27:b4:a4:a4:48:5f:77:a2:09:78:90:0e:0d:41:6d:26:a7:9f:9b:e0:16:4f:9c:16:98:14:5e:99:67:f1:cb:ff:5d:b2:7e:bf:b3:fd:c3:b3:d5:fb:3a:fe:78:2d:df:5a:6f:db:e3:3a:b0:93:6f:ed:c8:ee:58:a4:f6:95:5e:43:48:37:1e:3a:cd:63:9f", - "ssl.handshake.certificate_tree": { - "x509af.signedCertificate_element": { - "x509af.serialNumber": "-2877719464742176835", - "x509af.signature_element": { - "x509af.algorithm.id": "1.2.840.113549.1.1.5" - }, - "x509af.issuer": "0", - "x509af.issuer_tree": { - "x509if.rdnSequence": "5", - "x509if.rdnSequence_tree": { - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.6", - "x509sat.CountryName": "US" - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.8", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "Minnesota" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.10", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "SmartThings" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.11", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "SmartThings" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.3", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "STCA" - } - } - } - } - }, - "x509af.validity_element": { - "x509af.notBefore": "0", - "x509af.notBefore_tree": { - "x509af.utcTime": "15-03-05 21:25:34 (UTC)" - }, - "x509af.notAfter": "0", - "x509af.notAfter_tree": { - "x509af.utcTime": "25-03-02 21:25:34 (UTC)" - } - }, - "x509af.subject": "0", - "x509af.subject_tree": { - "x509af.rdnSequence": "5", - "x509af.rdnSequence_tree": { - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.6", - "x509sat.CountryName": "US" - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.8", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "Minnesota" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.10", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "SmartThings" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.11", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "SmartThings" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.3", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "STCA" - } - } - } - } - }, - "x509af.subjectPublicKeyInfo_element": { - "x509af.algorithm_element": { - "x509af.algorithm.id": "1.2.840.113549.1.1.1" - }, - "x509af.subjectPublicKey": "30:81:89:02:81:81:00:eb:7c:8a:c0:0c:30:96:1b:ea:91:46:ea:ed:6b:41:f5:f0:f6:0a:16:a7:f3:cd:25:e9:4a:2c:9b:b4:66:58:54:22:a2:ad:5a:31:51:fe:85:9a:52:f5:e0:b8:45:2e:05:75:5e:fd:39:35:35:11:62:26:19:f8:7b:7d:8d:aa:73:b4:24:ab:c3:b1:08:c5:81:f1:1f:a8:3a:e6:13:ce:42:d4:67:59:3c:50:1d:6b:a2:f9:87:11:24:b5:ca:e0:cc:23:54:af:1a:9d:60:21:8e:41:4c:f9:00:4f:8e:2e:48:be:60:61:25:8a:bb:e5:16:ac:c0:01:fe:bf:6c:ee:7f:02:03:01:00:01", - "x509af.subjectPublicKey_tree": { - "pkcs1.modulus": "00:eb:7c:8a:c0:0c:30:96:1b:ea:91:46:ea:ed:6b:41:f5:f0:f6:0a:16:a7:f3:cd:25:e9:4a:2c:9b:b4:66:58:54:22:a2:ad:5a:31:51:fe:85:9a:52:f5:e0:b8:45:2e:05:75:5e:fd:39:35:35:11:62:26:19:f8:7b:7d:8d:aa:73:b4:24:ab:c3:b1:08:c5:81:f1:1f:a8:3a:e6:13:ce:42:d4:67:59:3c:50:1d:6b:a2:f9:87:11:24:b5:ca:e0:cc:23:54:af:1a:9d:60:21:8e:41:4c:f9:00:4f:8e:2e:48:be:60:61:25:8a:bb:e5:16:ac:c0:01:fe:bf:6c:ee:7f", - "pkcs1.publicExponent": "65537" - } - } - }, - "x509af.algorithmIdentifier_element": { - "x509af.algorithm.id": "1.2.840.113549.1.1.5" - }, - "ber.bitstring.padding": "0", - "x509af.encrypted": "48:44:84:f7:d5:c5:67:7f:cb:ea:65:30:ba:64:5c:53:a1:6d:22:f4:de:32:75:b0:cc:53:3d:29:00:14:5a:78:1c:40:a5:2d:4e:7e:fa:c8:d6:22:c3:3e:56:3f:33:22:0b:7a:23:02:e5:75:49:94:70:27:b4:a4:a4:48:5f:77:a2:09:78:90:0e:0d:41:6d:26:a7:9f:9b:e0:16:4f:9c:16:98:14:5e:99:67:f1:cb:ff:5d:b2:7e:bf:b3:fd:c3:b3:d5:fb:3a:fe:78:2d:df:5a:6f:db:e3:3a:b0:93:6f:ed:c8:ee:58:a4:f6:95:5e:43:48:37:1e:3a:cd:63:9f" - } - } - } - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "22", - "ssl.record.version": "0x00000303", - "ssl.record.length": "205", - "ssl.handshake": { - "ssl.handshake.type": "12", - "ssl.handshake.length": "201", - "EC Diffie-Hellman Server Params": { - "ssl.handshake.server_curve_type": "0x00000003", - "ssl.handshake.server_named_curve": "0x00000017", - "ssl.handshake.server_point_len": "65", - "ssl.handshake.server_point": "04:39:db:5a:15:a1:b7:78:06:65:8c:21:57:a6:18:4d:b4:f4:52:00:dd:0e:e1:76:53:b8:53:32:55:7d:fa:19:fa:b3:23:55:db:59:40:e7:15:16:76:29:03:b7:94:ff:71:ad:df:d3:71:dd:13:bf:ed:e4:24:b8:67:ef:47:d8:dc", - "ssl.handshake.sig_hash_alg": "0x00000601", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "6", - "ssl.handshake.sig_hash_sig": "1" - }, - "ssl.handshake.sig_len": "128", - "ssl.handshake.sig": "18:4a:e6:20:69:31:c3:fe:ed:17:2d:22:10:21:98:3d:41:13:bb:a7:30:46:6b:af:d7:c2:06:08:89:e0:e5:d5:d4:82:cc:9e:d5:45:3d:ef:96:66:ab:c8:33:1b:b0:8f:05:02:9e:47:c7:e7:fe:73:0a:df:71:12:73:49:36:8f:61:44:32:7b:c6:9d:84:ac:3e:be:d6:87:6a:88:b2:b6:08:1f:1a:a4:89:ea:7e:6d:ef:a4:05:81:87:be:3c:eb:c7:64:cb:40:0e:4a:cb:2b:94:26:c3:c2:53:42:2f:32:48:5d:8b:f1:c0:61:38:9e:ed:9b:dd:c1:0f:81:75:22" - } - } - }, - "ssl.record": { - "ssl.record.content_type": "22", - "ssl.record.version": "0x00000303", - "ssl.record.length": "4", - "ssl.handshake": { - "ssl.handshake.type": "14", - "ssl.handshake.length": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:28.422281000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495088.422281000", - "frame.time_delta": "0.000586000", - "frame.time_delta_displayed": "0.000586000", - "frame.time_relative": "1496.961595000", - "frame.number": "5166", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00009bad", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ba8a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "52.70.238.171", - "ip.addr": "52.70.238.171", - "ip.dst_host": "52.70.238.171", - "ip.host": "52.70.238.171", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.dst_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.dst_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.dst_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - } - }, - "tcp": { - "tcp.srcport": "34281", - "tcp.dstport": "443", - "tcp.port": "34281", - "tcp.port": "443", - "tcp.stream": "190", - "tcp.len": "0", - "tcp.seq": "308", - "tcp.ack": "1449", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "274", - "tcp.window_size": "17536", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000505e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:f9:b1:4b:47:ff:08", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2554289, TSecr 1263009544": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2554289", - "tcp.options.timestamp.tsecr": "1263009544" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5164", - "tcp.analysis.ack_rtt": "0.000661000", - "tcp.analysis.initial_rtt": "0.074829000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:28.422294000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495088.422294000", - "frame.time_delta": "0.000013000", - "frame.time_delta_displayed": "0.000013000", - "frame.time_relative": "1496.961608000", - "frame.number": "5167", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00009bae", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ba89", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "52.70.238.171", - "ip.addr": "52.70.238.171", - "ip.dst_host": "52.70.238.171", - "ip.host": "52.70.238.171", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.dst_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.dst_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.dst_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - } - }, - "tcp": { - "tcp.srcport": "34281", - "tcp.dstport": "443", - "tcp.port": "34281", - "tcp.port": "443", - "tcp.stream": "190", - "tcp.len": "0", - "tcp.seq": "308", - "tcp.ack": "1672", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "319", - "tcp.window_size": "20416", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x00004f51", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:f9:b1:4b:47:ff:09", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2554289, TSecr 1263009545": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2554289", - "tcp.options.timestamp.tsecr": "1263009545" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5165", - "tcp.analysis.ack_rtt": "0.000599000", - "tcp.analysis.initial_rtt": "0.074829000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:28.451144000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495088.451144000", - "frame.time_delta": "0.028850000", - "frame.time_delta_displayed": "0.028850000", - "frame.time_relative": "1496.990458000", - "frame.number": "5168", - "frame.len": "192", - "frame.cap_len": "192", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "178", - "ip.id": "0x00009baf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ba0a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "52.70.238.171", - "ip.addr": "52.70.238.171", - "ip.dst_host": "52.70.238.171", - "ip.host": "52.70.238.171", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.dst_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.dst_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.dst_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - } - }, - "tcp": { - "tcp.srcport": "34281", - "tcp.dstport": "443", - "tcp.port": "34281", - "tcp.port": "443", - "tcp.stream": "190", - "tcp.len": "126", - "tcp.seq": "308", - "tcp.nxtseq": "434", - "tcp.ack": "1672", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "319", - "tcp.window_size": "20416", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x00003545", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:f9:b4:4b:47:ff:09", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2554292, TSecr 1263009545": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2554292", - "tcp.options.timestamp.tsecr": "1263009545" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.074829000", - "tcp.analysis.bytes_in_flight": "126", - "tcp.analysis.push_bytes_sent": "126" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "22", - "ssl.record.version": "0x00000303", - "ssl.record.length": "70", - "ssl.handshake": { - "ssl.handshake.type": "16", - "ssl.handshake.length": "66", - "EC Diffie-Hellman Client Params": { - "ssl.handshake.client_point_len": "65", - "ssl.handshake.client_point": "04:18:0d:5b:95:8c:a4:67:f6:63:86:d7:d0:93:64:66:2b:e1:2e:ad:19:52:4c:44:89:f7:3e:a4:cf:13:46:d3:83:2c:8a:ad:ed:4a:1a:6c:6a:c9:61:79:33:ba:74:15:a3:61:b9:19:89:67:af:bb:da:76:49:71:32:2d:82:f1:52" - } - } - }, - "ssl.record": { - "ssl.record.content_type": "20", - "ssl.record.version": "0x00000303", - "ssl.record.length": "1", - "ssl.change_cipher_spec": "" - }, - "ssl.record": { - "ssl.record.content_type": "22", - "ssl.record.version": "0x00000303", - "ssl.record.length": "40", - "ssl.handshake": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:28.525918000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495088.525918000", - "frame.time_delta": "0.074774000", - "frame.time_delta_displayed": "0.074774000", - "frame.time_relative": "1497.065232000", - "frame.number": "5169", - "frame.len": "117", - "frame.cap_len": "117", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "103", - "ip.id": "0x0000d6aa", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "231", - "ip.proto": "6", - "ip.checksum": "0x0000d859", - "ip.checksum.status": "2", - "ip.src": "52.70.238.171", - "ip.addr": "52.70.238.171", - "ip.src_host": "52.70.238.171", - "ip.host": "52.70.238.171", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.src_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.src_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.src_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "34281", - "tcp.port": "443", - "tcp.port": "34281", - "tcp.stream": "190", - "tcp.len": "51", - "tcp.seq": "1672", - "tcp.nxtseq": "1723", - "tcp.ack": "434", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "110", - "tcp.window_size": "28160", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000041b5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:4b:47:ff:23:00:26:f9:b4", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 1263009571, TSecr 2554292": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "1263009571", - "tcp.options.timestamp.tsecr": "2554292" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5168", - "tcp.analysis.ack_rtt": "0.074774000", - "tcp.analysis.initial_rtt": "0.074829000", - "tcp.analysis.bytes_in_flight": "51", - "tcp.analysis.push_bytes_sent": "51" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "20", - "ssl.record.version": "0x00000303", - "ssl.record.length": "1", - "ssl.change_cipher_spec": "" - }, - "ssl.record": { - "ssl.record.content_type": "22", - "ssl.record.version": "0x00000303", - "ssl.record.length": "40", - "ssl.handshake": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:28.526961000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495088.526961000", - "frame.time_delta": "0.001043000", - "frame.time_delta_displayed": "0.001043000", - "frame.time_relative": "1497.066275000", - "frame.number": "5170", - "frame.len": "135", - "frame.cap_len": "135", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "121", - "ip.id": "0x00009bb0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ba42", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "52.70.238.171", - "ip.addr": "52.70.238.171", - "ip.dst_host": "52.70.238.171", - "ip.host": "52.70.238.171", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.dst_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.dst_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.dst_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - } - }, - "tcp": { - "tcp.srcport": "34281", - "tcp.dstport": "443", - "tcp.port": "34281", - "tcp.port": "443", - "tcp.stream": "190", - "tcp.len": "69", - "tcp.seq": "434", - "tcp.nxtseq": "503", - "tcp.ack": "1723", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "319", - "tcp.window_size": "20416", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000bff4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:f9:bc:4b:47:ff:23", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2554300, TSecr 1263009571": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2554300", - "tcp.options.timestamp.tsecr": "1263009571" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5169", - "tcp.analysis.ack_rtt": "0.001043000", - "tcp.analysis.initial_rtt": "0.074829000", - "tcp.analysis.bytes_in_flight": "69", - "tcp.analysis.push_bytes_sent": "69" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "64", - "ssl.app_data": "ca:da:22:45:7b:33:bb:7f:76:a6:02:2e:1e:3d:87:17:30:0b:53:0c:6e:0d:20:08:95:ce:06:1c:58:6d:ed:30:3a:a5:df:54:93:62:db:9e:42:cc:a1:64:04:0f:b3:5a:30:4e:ba:fb:93:b2:ce:ea:65:98:71:ed:f6:3f:c1:3e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:28.602307000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495088.602307000", - "frame.time_delta": "0.075346000", - "frame.time_delta_displayed": "0.075346000", - "frame.time_relative": "1497.141621000", - "frame.number": "5171", - "frame.len": "135", - "frame.cap_len": "135", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "121", - "ip.id": "0x0000d6ab", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "231", - "ip.proto": "6", - "ip.checksum": "0x0000d846", - "ip.checksum.status": "2", - "ip.src": "52.70.238.171", - "ip.addr": "52.70.238.171", - "ip.src_host": "52.70.238.171", - "ip.host": "52.70.238.171", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.src_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.src_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.src_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "34281", - "tcp.port": "443", - "tcp.port": "34281", - "tcp.stream": "190", - "tcp.len": "69", - "tcp.seq": "1723", - "tcp.nxtseq": "1792", - "tcp.ack": "503", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "110", - "tcp.window_size": "28160", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000304f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:4b:47:ff:36:00:26:f9:bc", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 1263009590, TSecr 2554300": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "1263009590", - "tcp.options.timestamp.tsecr": "2554300" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5170", - "tcp.analysis.ack_rtt": "0.075346000", - "tcp.analysis.initial_rtt": "0.074829000", - "tcp.analysis.bytes_in_flight": "69", - "tcp.analysis.push_bytes_sent": "69" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "64", - "ssl.app_data": "4a:22:63:df:b7:10:67:bc:be:f6:ff:75:78:98:b7:59:20:9e:f8:a9:1b:94:7e:d2:ba:19:02:a3:84:9d:8a:fe:6b:5b:64:56:39:ee:ae:be:87:d9:72:17:2a:13:78:84:00:cb:7b:f8:69:d4:5d:ad:6e:c2:25:f1:82:87:69:27" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:28.603267000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495088.603267000", - "frame.time_delta": "0.000960000", - "frame.time_delta_displayed": "0.000960000", - "frame.time_relative": "1497.142581000", - "frame.number": "5172", - "frame.len": "555", - "frame.cap_len": "555", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "541", - "ip.id": "0x00009bb1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b89d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "52.70.238.171", - "ip.addr": "52.70.238.171", - "ip.dst_host": "52.70.238.171", - "ip.host": "52.70.238.171", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.dst_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.dst_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.dst_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - } - }, - "tcp": { - "tcp.srcport": "34281", - "tcp.dstport": "443", - "tcp.port": "34281", - "tcp.port": "443", - "tcp.stream": "190", - "tcp.len": "489", - "tcp.seq": "503", - "tcp.nxtseq": "992", - "tcp.ack": "1792", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "319", - "tcp.window_size": "20416", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x00003356", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:f9:c3:4b:47:ff:36", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2554307, TSecr 1263009590": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2554307", - "tcp.options.timestamp.tsecr": "1263009590" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5171", - "tcp.analysis.ack_rtt": "0.000960000", - "tcp.analysis.initial_rtt": "0.074829000", - "tcp.analysis.bytes_in_flight": "489", - "tcp.analysis.push_bytes_sent": "489" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "484", - "ssl.app_data": "ca:da:22:45:7b:33:bb:80:74:97:3e:41:70:ba:aa:eb:a1:5f:e6:63:40:eb:94:aa:74:eb:f8:ce:71:b3:8e:c6:4b:b5:03:0a:74:8d:22:55:ea:8a:85:cb:39:85:98:f9:82:f9:ad:38:ed:8b:57:88:6c:ce:df:d8:02:c4:12:63:db:8b:20:fc:1e:e4:e1:71:97:58:ab:77:5d:65:bc:7a:a0:e2:85:8a:14:d7:52:f6:60:35:c5:9f:eb:12:b4:ee:1d:89:6e:25:68:d0:8b:60:34:14:55:c7:d2:11:2f:b1:75:ac:cd:f3:27:ac:6f:75:55:09:7f:36:ac:9c:7f:49:91:32:19:94:99:a4:d3:9e:f2:18:8f:8c:56:7d:97:55:98:81:eb:1c:28:24:c2:9d:64:27:38:17:dd:44:5b:8c:94:4f:16:1b:a6:99:e7:86:48:2a:44:b2:9a:1f:1e:ff:35:9a:90:85:e7:dc:7c:81:a6:81:af:91:bc:b8:21:22:d7:de:f7:b1:4e:40:02:1d:91:1a:b9:4c:42:38:5b:81:74:95:f5:b1:0e:a7:b7:0a:b9:3f:9d:41:19:0d:fe:9f:ef:c0:d0:d5:a1:0f:ae:64:bb:41:85:02:3e:33:e2:d4:5d:58:49:c2:57:64:1c:0e:ad:d3:19:b8:15:e5:17:68:0c:e5:30:95:cc:df:a5:2c:35:bb:d7:fb:22:46:e2:44:37:5c:35:a9:6b:b8:b7:46:6e:e3:94:8e:35:50:78:15:fc:5d:3b:88:d5:8a:1a:07:a0:c5:19:63:38:3d:08:8b:be:ac:cf:db:0d:6f:90:31:1c:56:cb:49:63:e2:8e:f7:ca:91:47:0a:d0:2e:76:b9:0f:eb:82:f8:47:64:e8:26:c3:73:b5:3c:25:b5:ac:1e:fe:7e:9e:20:8b:19:8d:35:18:e1:8a:a3:77:82:fd:0a:dd:94:84:15:27:c4:c4:72:1c:2c:9e:a2:c1:57:31:46:e9:4d:bc:9e:2f:44:25:11:22:4c:cd:2d:04:35:b0:a3:45:86:be:99:1b:a8:85:e6:30:f8:df:f4:6a:7a:b8:c0:31:3a:95:5b:8c:fd:87:d7:b5:40:fb:d4:6f:cf:fc:7a:95:39:89:07:5c:5e:f3:e2:df:f8:90:17:37:55:ee:09:4c:3f:48:64:d6:20:d6:bd:cd:7f:a4:6a:4a:8b:e7:88:1d:1d:1e:38:d5:ab:28:15:f2:9a:8a:5e:a7:cd:2a:36:01:57:2a:e1:87:30:b0:1f:bb:21:0f:f0" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:28.678805000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495088.678805000", - "frame.time_delta": "0.075538000", - "frame.time_delta_displayed": "0.075538000", - "frame.time_relative": "1497.218119000", - "frame.number": "5173", - "frame.len": "141", - "frame.cap_len": "141", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "127", - "ip.id": "0x0000d6ac", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "231", - "ip.proto": "6", - "ip.checksum": "0x0000d83f", - "ip.checksum.status": "2", - "ip.src": "52.70.238.171", - "ip.addr": "52.70.238.171", - "ip.src_host": "52.70.238.171", - "ip.host": "52.70.238.171", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.src_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.src_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.src_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "34281", - "tcp.port": "443", - "tcp.port": "34281", - "tcp.stream": "190", - "tcp.len": "75", - "tcp.seq": "1792", - "tcp.nxtseq": "1867", - "tcp.ack": "992", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "114", - "tcp.window_size": "29184", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000021af", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:4b:47:ff:49:00:26:f9:c3", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 1263009609, TSecr 2554307": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "1263009609", - "tcp.options.timestamp.tsecr": "2554307" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5172", - "tcp.analysis.ack_rtt": "0.075538000", - "tcp.analysis.initial_rtt": "0.074829000", - "tcp.analysis.bytes_in_flight": "75", - "tcp.analysis.push_bytes_sent": "75" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "70", - "ssl.app_data": "4a:22:63:df:b7:10:67:bd:26:ed:98:d0:0c:2b:dd:b1:d2:ce:fa:76:c5:58:10:e6:69:c2:df:1a:c8:ca:43:e5:71:66:4a:bc:f0:78:53:ec:b3:32:83:b9:70:97:b1:2f:03:38:18:ca:b2:fd:27:25:9c:21:ec:aa:3f:98:da:4f:f9:43:d0:42:77:b2" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:28.679547000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495088.679547000", - "frame.time_delta": "0.000742000", - "frame.time_delta_displayed": "0.000742000", - "frame.time_relative": "1497.218861000", - "frame.number": "5174", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00009bb2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ba85", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "52.70.238.171", - "ip.addr": "52.70.238.171", - "ip.dst_host": "52.70.238.171", - "ip.host": "52.70.238.171", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.dst_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.dst_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.dst_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - } - }, - "tcp": { - "tcp.srcport": "34281", - "tcp.dstport": "443", - "tcp.port": "34281", - "tcp.port": "443", - "tcp.stream": "190", - "tcp.len": "0", - "tcp.seq": "992", - "tcp.ack": "1867", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "319", - "tcp.window_size": "20416", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x00004b87", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:f9:cb:4b:47:ff:49", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2554315, TSecr 1263009609": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2554315", - "tcp.options.timestamp.tsecr": "1263009609" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5173", - "tcp.analysis.ack_rtt": "0.000742000", - "tcp.analysis.initial_rtt": "0.074829000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:28.754075000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495088.754075000", - "frame.time_delta": "0.074528000", - "frame.time_delta_displayed": "0.074528000", - "frame.time_relative": "1497.293389000", - "frame.number": "5175", - "frame.len": "97", - "frame.cap_len": "97", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "83", - "ip.id": "0x0000d6ad", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "231", - "ip.proto": "6", - "ip.checksum": "0x0000d86a", - "ip.checksum.status": "2", - "ip.src": "52.70.238.171", - "ip.addr": "52.70.238.171", - "ip.src_host": "52.70.238.171", - "ip.host": "52.70.238.171", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.src_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.src_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.src_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "34281", - "tcp.port": "443", - "tcp.port": "34281", - "tcp.stream": "190", - "tcp.len": "31", - "tcp.seq": "1867", - "tcp.nxtseq": "1898", - "tcp.ack": "993", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "114", - "tcp.window_size": "29184", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000ab7c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:4b:47:ff:5c:00:26:f9:cb", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 1263009628, TSecr 2554315": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "1263009628", - "tcp.options.timestamp.tsecr": "2554315" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5174", - "tcp.analysis.ack_rtt": "0.074528000", - "tcp.analysis.initial_rtt": "0.074829000", - "tcp.analysis.bytes_in_flight": "31", - "tcp.analysis.push_bytes_sent": "31" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "21", - "ssl.record.version": "0x00000303", - "ssl.record.length": "26", - "ssl.alert_message": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:28.754160000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495088.754160000", - "frame.time_delta": "0.000085000", - "frame.time_delta_displayed": "0.000085000", - "frame.time_relative": "1497.293474000", - "frame.number": "5176", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000d6ae", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "231", - "ip.proto": "6", - "ip.checksum": "0x0000d888", - "ip.checksum.status": "2", - "ip.src": "52.70.238.171", - "ip.addr": "52.70.238.171", - "ip.src_host": "52.70.238.171", - "ip.host": "52.70.238.171", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.src_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.src_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.src_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "34281", - "tcp.port": "443", - "tcp.port": "34281", - "tcp.stream": "190", - "tcp.len": "0", - "tcp.seq": "1898", - "tcp.ack": "993", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "114", - "tcp.window_size": "29184", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00004c21", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:4b:47:ff:5c:00:26:f9:cb", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 1263009628, TSecr 2554315": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "1263009628", - "tcp.options.timestamp.tsecr": "2554315" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:28.754588000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495088.754588000", - "frame.time_delta": "0.000428000", - "frame.time_delta_displayed": "0.000428000", - "frame.time_relative": "1497.293902000", - "frame.number": "5177", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000070a0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e5a3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "52.70.238.171", - "ip.addr": "52.70.238.171", - "ip.dst_host": "52.70.238.171", - "ip.host": "52.70.238.171", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.dst_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.dst_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.dst_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - } - }, - "tcp": { - "tcp.srcport": "34281", - "tcp.dstport": "443", - "tcp.port": "34281", - "tcp.port": "443", - "tcp.stream": "190", - "tcp.len": "0", - "tcp.seq": "993", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000466c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:28.754600000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495088.754600000", - "frame.time_delta": "0.000012000", - "frame.time_delta_displayed": "0.000012000", - "frame.time_relative": "1497.293914000", - "frame.number": "5178", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000070a1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e5a2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "52.70.238.171", - "ip.addr": "52.70.238.171", - "ip.dst_host": "52.70.238.171", - "ip.host": "52.70.238.171", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.dst_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.dst_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.dst_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - } - }, - "tcp": { - "tcp.srcport": "34281", - "tcp.dstport": "443", - "tcp.port": "34281", - "tcp.port": "443", - "tcp.stream": "190", - "tcp.len": "0", - "tcp.seq": "993", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000466c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:28.837028000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495088.837028000", - "frame.time_delta": "0.082428000", - "frame.time_delta_displayed": "0.082428000", - "frame.time_relative": "1497.376342000", - "frame.number": "5179", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x0000b98f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000ff2a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "41160", - "udp.dstport": "53", - "udp.port": "41160", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x0000153e", - "udp.checksum.status": "2", - "udp.stream": "127" - }, - "dns": { - "dns.id": "0x00000f37", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:28.837619000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495088.837619000", - "frame.time_delta": "0.000591000", - "frame.time_delta_displayed": "0.000591000", - "frame.time_relative": "1497.376933000", - "frame.number": "5180", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x000095a7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00002313", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "41160", - "udp.port": "53", - "udp.port": "41160", - "udp.length": "45", - "udp.checksum": "0x00008230", - "udp.checksum.status": "2", - "udp.stream": "127" - }, - "dns": { - "dns.response_to": "5179", - "dns.time": "0.000591000", - "dns.id": "0x00000f37", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:28.838420000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495088.838420000", - "frame.time_delta": "0.000801000", - "frame.time_delta_displayed": "0.000801000", - "frame.time_relative": "1497.377734000", - "frame.number": "5181", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x0000b990", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000ff29", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "50227", - "udp.dstport": "53", - "udp.port": "50227", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x00000cd2", - "udp.checksum.status": "2", - "udp.stream": "128" - }, - "dns": { - "dns.id": "0x00000f38", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:28.838943000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495088.838943000", - "frame.time_delta": "0.000523000", - "frame.time_delta_displayed": "0.000523000", - "frame.time_relative": "1497.378257000", - "frame.number": "5182", - "frame.len": "95", - "frame.cap_len": "95", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "81", - "ip.id": "0x000095a8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00002302", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "50227", - "udp.port": "53", - "udp.port": "50227", - "udp.length": "61", - "udp.checksum": "0x00008240", - "udp.checksum.status": "2", - "udp.stream": "128" - }, - "dns": { - "dns.response_to": "5181", - "dns.time": "0.000523000", - "dns.id": "0x00000f38", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "1", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { - "dns.resp.name": "dcp.cpp.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2289", - "dns.resp.len": "4", - "dns.a": "5.79.62.93" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:28.839916000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495088.839916000", - "frame.time_delta": "0.000973000", - "frame.time_delta_displayed": "0.000973000", - "frame.time_relative": "1497.379230000", - "frame.number": "5183", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000f02d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000045a2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35310", - "tcp.dstport": "80", - "tcp.port": "35310", - "tcp.port": "80", - "tcp.stream": "191", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000b692", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:28.853581000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495088.853581000", - "frame.time_delta": "0.013665000", - "frame.time_delta_displayed": "0.013665000", - "frame.time_relative": "1497.392895000", - "frame.number": "5184", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "3c:ef:8c:6f:79:5a", - "eth.src_tree": { - "eth.src_resolved": "Zhejiang_6f:79:5a", - "eth.addr": "3c:ef:8c:6f:79:5a", - "eth.addr_resolved": "Zhejiang_6f:79:5a", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.isgratuitous": "1", - "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", - "arp.src.proto_ipv4": "192.168.0.71", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.71" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:28.975590000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495088.975590000", - "frame.time_delta": "0.122009000", - "frame.time_delta_displayed": "0.122009000", - "frame.time_relative": "1497.514904000", - "frame.number": "5185", - "frame.len": "62", - "frame.cap_len": "62", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "48", - "ip.id": "0x000049e2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x000040f1", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35310", - "tcp.port": "80", - "tcp.port": "35310", - "tcp.stream": "191", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "28", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "4140", - "tcp.window_size": "4140", - "tcp.checksum": "0x000011b1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:64:04:02:00:00", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1380" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "End of Option List (EOL)": { - "tcp.options.type": "0", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "0" - } - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5183", - "tcp.analysis.ack_rtt": "0.135674000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:28.976150000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495088.976150000", - "frame.time_delta": "0.000560000", - "frame.time_delta_displayed": "0.000560000", - "frame.time_relative": "1497.515464000", - "frame.number": "5186", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000f02e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000045ad", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35310", - "tcp.dstport": "80", - "tcp.port": "35310", - "tcp.port": "80", - "tcp.stream": "191", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000db3f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5185", - "tcp.analysis.ack_rtt": "0.000560000", - "tcp.analysis.initial_rtt": "0.136234000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:28.976657000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495088.976657000", - "frame.time_delta": "0.000507000", - "frame.time_delta_displayed": "0.000507000", - "frame.time_relative": "1497.515971000", - "frame.number": "5187", - "frame.len": "654", - "frame.cap_len": "654", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "640", - "ip.id": "0x0000f02f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004354", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35310", - "tcp.dstport": "80", - "tcp.port": "35310", - "tcp.port": "80", - "tcp.stream": "191", - "tcp.len": "600", - "tcp.seq": "1", - "tcp.nxtseq": "601", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00000282", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.136234000", - "tcp.analysis.bytes_in_flight": "600", - "tcp.analysis.push_bytes_sent": "600" - }, - "tcp.segment_data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:39:39:22:2c:20:4e:6f:6e:63:65:3d:22:6b:44:6b:5a:58:32:31:5a:56:42:69:39:49:4e:55:49:64:78:65:67:4a:51:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:6a:2f:6e:70:73:62:74:69:31:6b:74:56:6a:55:43:31:65:49:69:32:4d:41:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:29.112964000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495089.112964000", - "frame.time_delta": "0.136307000", - "frame.time_delta_displayed": "0.136307000", - "frame.time_relative": "1497.652278000", - "frame.number": "5188", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000855e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x0000057d", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35310", - "tcp.port": "80", - "tcp.port": "35310", - "tcp.stream": "191", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "601", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4740", - "tcp.window_size": "4740", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00003874", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5187", - "tcp.analysis.ack_rtt": "0.136307000", - "tcp.analysis.initial_rtt": "0.136234000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:29.113597000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495089.113597000", - "frame.time_delta": "0.000633000", - "frame.time_delta_displayed": "0.000633000", - "frame.time_relative": "1497.652911000", - "frame.number": "5189", - "frame.len": "1302", - "frame.cap_len": "1302", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:media" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1288", - "ip.id": "0x0000f030", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000040cb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35310", - "tcp.dstport": "80", - "tcp.port": "35310", - "tcp.port": "80", - "tcp.stream": "191", - "tcp.len": "1248", - "tcp.seq": "601", - "tcp.nxtseq": "1849", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000c6bd", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.136234000", - "tcp.analysis.bytes_in_flight": "1248", - "tcp.analysis.push_bytes_sent": "1248" - }, - "tcp.segment_data": "ef:c9:8a:03:97:88:9f:e9:c1:bf:37:c2:b7:d5:3a:4b:b4:f7:f0:49:64:a7:28:bf:01:24:a5:e9:d4:0c:eb:e8:34:d0:7a:54:bf:1d:de:7f:1b:0e:a8:c8:0e:02:45:f9:eb:c2:d6:37:8c:4c:e2:22:0c:d9:0d:8e:76:3f:e3:02:2e:9a:80:61:c0:8e:01:07:fc:1a:64:c4:26:ca:4d:3f:14:8c:c8:35:fd:98:f4:73:b7:8a:47:b8:1c:3f:c3:08:51:62:2a:c8:3d:19:f7:a5:bb:ec:20:2f:bc:56:45:39:f0:25:d2:9b:5e:49:0d:ea:cc:29:b9:2c:fe:3b:2e:50:b5:16:66:55:10:d7:e8:d4:ec:11:ff:e9:7d:63:e0:4e:fa:ec:fb:70:2a:ed:f3:31:c7:2e:af:8a:4d:91:e5:56:87:8c:1b:a7:6a:8c:d9:7f:dd:fc:f2:df:c1:7a:e8:b0:5a:29:f9:fa:80:e4:3f:5c:ee:dc:93:7b:e8:b2:e0:29:b3:d8:1c:40:af:59:1d:92:21:71:5e:1c:df:9f:2d:43:3e:d5:d4:ec:f3:98:98:89:41:20:81:84:c9:f4:2f:e2:80:23:71:ee:7c:df:1e:e9:1b:10:8b:5b:66:21:5c:3e:27:b2:ae:45:2e:fa:00:23:e5:98:b3:7e:db:e0:d5:3e:86:9d:22:4c:87:32:4f:52:76:e4:6d:1a:63:9c:3a:d4:76:59:fc:dc:63:7c:d5:44:30:72:45:22:48:3f:0e:e1:86:e8:91:df:9a:e0:0e:da:2b:d0:d8:ce:2c:4d:46:a9:d7:dd:76:68:e1:56:da:98:93:7f:40:05:7c:30:e1:f8:0c:5c:0c:d2:d8:70:f1:54:64:b1:4b:cb:68:12:0b:95:0d:2b:fb:11:28:56:9e:ff:89:79:75:1d:c9:e8:e1:d5:11:3b:a6:1c:95:59:85:f2:75:03:23:11:ee:0e:cd:8d:21:57:ae:f5:98:6b:b4:31:ec:fc:76:ad:d3:b3:6c:d9:2c:f4:ad:d6:59:13:ab:df:f7:93:f3:42:42:d8:dd:11:2c:6d:d0:59:9f:83:5e:a2:84:87:f3:ac:6f:19:61:e9:f9:ff:90:02:a1:c5:95:43:3f:8d:f2:32:39:de:e2:83:ab:08:d9:57:e8:bc:36:cd:3c:a4:ef:b3:80:f9:02:01:83:f1:8f:da:81:13:7b:3e:aa:bc:21:98:b3:d6:29:c4:c3:91:7f:63:2a:9b:91:f0:07:cb:70:e8:bc:81:8e:bc:84:d2:d0:94:46:cc:09:13:51:e1:be:f9:d8:34:36:56:22:d9:f8:63:4f:2c:8e:80:f1:88:44:07:47:97:ec:d3:72:69:f6:bf:3e:05:5b:0c:b1:bd:b7:50:cf:d5:c1:72:c1:3a:c0:d9:23:d6:c8:b0:a8:5f:10:83:8d:8a:2c:9c:42:4a:af:58:4b:f3:1e:79:95:b9:82:ca:d6:6f:f3:3c:1c:a1:7e:8e:28:c8:52:0a:e7:ca:a8:d1:84:a1:5b:49:d9:fe:50:e3:37:77:ce:7e:3d:f9:54:ac:08:31:0e:59:62:00:a2:31:29:1a:45:25:be:54:9e:1b:f4:3c:a0:df:5f:10:a2:ab:6a:eb:b3:5e:f2:7e:ab:77:0a:23:a6:e0:fc:91:33:b8:31:3b:2f:ef:19:c8:e7:a3:6e:54:69:5d:b3:a6:f2:ba:23:34:a5:f2:61:3c:ca:09:59:62:1f:77:34:16:00:e1:74:7c:ec:3f:97:d9:e5:05:02:5a:9e:0e:30:92:d2:dd:ca:9c:7a:6c:14:7c:be:3d:7c:71:ed:eb:97:e4:b8:a3:84:3e:2e:d1:8b:b9:6a:67:3f:e8:a6:09:4f:6b:be:65:bf:77:bb:38:cd:99:e5:ab:ce:7f:48:43:52:0c:f4:b5:e1:e9:49:fe:13:85:5d:3a:99:aa:47:7d:20:8b:f5:7a:f5:3c:2a:95:23:f0:83:22:df:ec:b3:b2:72:a6:6f:1c:8c:da:b8:60:4b:c9:5b:db:54:c6:7e:0a:7a:4f:be:d1:cc:05:0f:4a:2c:c4:16:2b:82:d2:5e:cc:ab:19:eb:9b:da:7e:11:91:5b:56:1c:e8:1c:53:76:9c:49:2b:58:21:29:1a:e9:ec:4d:79:f9:c4:32:73:3f:89:c3:cd:79:8f:1f:aa:0e:d9:f1:12:fe:a1:7b:32:b4:74:6a:f6:44:51:42:e3:b7:e2:42:48:e9:5d:c9:64:56:9d:1d:71:9b:11:8b:de:69:d4:1d:55:bc:9a:d8:9e:73:4b:21:7d:d8:79:fe:14:f1:29:c3:d0:39:bd:7c:69:a8:44:69:f2:c7:73:6d:a6:13:c4:5a:e5:40:3a:47:02:3b:e9:38:0e:2c:29:61:3c:0a:25:3f:c9:4c:20:04:c4:da:05:2c:0a:42:74:df:13:4a:59:de:ce:a1:43:4f:e8:55:46:17:00:70:19:95:60:23:e2:d3:c3:cf:17:91:9b:a3:f4:b7:d8:0c:48:f9:c6:4b:4a:91:d2:0a:04:84:77:ca:a4:06:af:44:ca:7a:b5:94:43:cd:c5:8f:06:7e:1c:c7:04:3c:ed:ac:9f:99:c6:55:a9:a6:d1:70:78:76:30:55:ef:17:db:44:63:61:36:59:e3:bc:15:85:b8:61:60:48:7f:ff:f6:71:ea:c4:ef:24:58:d8:46:8b:65:e8:97:de:a8:8f:bf:8a:e5:50:d7:41:5c:0d:4d:94:6e:38:48:ff:98:af:ac:ab:b0:92:df:01:a7:ad:61:6e:40:7b:e5:b2:f9:23:06:40:74:4c:a4:23:c5:d9:74:d5:79:ac:67:ca:f2:73:f4:42:74:65:c7:02:7a:63:3d:ba:a7:b2:5a:28:06:cf:c2:92:68:1c:d5:68:b3:0a:2b:c2:84:81:a0:1e:c1:2e:a8:01:75:e9:80:c2:c8:e6:97:4a:cc:51:cd:f1:ee:96:f7:ed:76:52:fe:e1:4f:2f:f0:b5:68:c6:e6:d0:36:14:c6:35:5c:c2:02:96:2b:9e:26:63:fe:0c:20:dd:a4:d5:e5:d7:2d:0d:5d:e8:c9:e9:a8:31:9d:23:45:81:4a:a5:73:01:41:82:77:ec:1c:20:7a:e5:db:1e:af:87:0e:55:ef:b3:66:61:99:02:20:59:31:af:64:57:68:c3:43:ba:1b:42:25:83:14:cb:a4:35:df:b2:92:9d:f1:ba:86:d1:e3:8a:4f:80:38:bc:97:68:ca:52:3f:40:44:a8:3a:61:78:65:8a:d4:d6:0f:e6:88:cc:4f:b0:a1:a2:97:ac" - }, - "tcp.segments": { - "tcp.segment": "5187", - "tcp.segment": "5189", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1848", - "tcp.reassembled.data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:31:39:39:22:2c:20:4e:6f:6e:63:65:3d:22:6b:44:6b:5a:58:32:31:5a:56:42:69:39:49:4e:55:49:64:78:65:67:4a:51:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:6a:2f:6e:70:73:62:74:69:31:6b:74:56:6a:55:43:31:65:49:69:32:4d:41:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:34:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a:ef:c9:8a:03:97:88:9f:e9:c1:bf:37:c2:b7:d5:3a:4b:b4:f7:f0:49:64:a7:28:bf:01:24:a5:e9:d4:0c:eb:e8:34:d0:7a:54:bf:1d:de:7f:1b:0e:a8:c8:0e:02:45:f9:eb:c2:d6:37:8c:4c:e2:22:0c:d9:0d:8e:76:3f:e3:02:2e:9a:80:61:c0:8e:01:07:fc:1a:64:c4:26:ca:4d:3f:14:8c:c8:35:fd:98:f4:73:b7:8a:47:b8:1c:3f:c3:08:51:62:2a:c8:3d:19:f7:a5:bb:ec:20:2f:bc:56:45:39:f0:25:d2:9b:5e:49:0d:ea:cc:29:b9:2c:fe:3b:2e:50:b5:16:66:55:10:d7:e8:d4:ec:11:ff:e9:7d:63:e0:4e:fa:ec:fb:70:2a:ed:f3:31:c7:2e:af:8a:4d:91:e5:56:87:8c:1b:a7:6a:8c:d9:7f:dd:fc:f2:df:c1:7a:e8:b0:5a:29:f9:fa:80:e4:3f:5c:ee:dc:93:7b:e8:b2:e0:29:b3:d8:1c:40:af:59:1d:92:21:71:5e:1c:df:9f:2d:43:3e:d5:d4:ec:f3:98:98:89:41:20:81:84:c9:f4:2f:e2:80:23:71:ee:7c:df:1e:e9:1b:10:8b:5b:66:21:5c:3e:27:b2:ae:45:2e:fa:00:23:e5:98:b3:7e:db:e0:d5:3e:86:9d:22:4c:87:32:4f:52:76:e4:6d:1a:63:9c:3a:d4:76:59:fc:dc:63:7c:d5:44:30:72:45:22:48:3f:0e:e1:86:e8:91:df:9a:e0:0e:da:2b:d0:d8:ce:2c:4d:46:a9:d7:dd:76:68:e1:56:da:98:93:7f:40:05:7c:30:e1:f8:0c:5c:0c:d2:d8:70:f1:54:64:b1:4b:cb:68:12:0b:95:0d:2b:fb:11:28:56:9e:ff:89:79:75:1d:c9:e8:e1:d5:11:3b:a6:1c:95:59:85:f2:75:03:23:11:ee:0e:cd:8d:21:57:ae:f5:98:6b:b4:31:ec:fc:76:ad:d3:b3:6c:d9:2c:f4:ad:d6:59:13:ab:df:f7:93:f3:42:42:d8:dd:11:2c:6d:d0:59:9f:83:5e:a2:84:87:f3:ac:6f:19:61:e9:f9:ff:90:02:a1:c5:95:43:3f:8d:f2:32:39:de:e2:83:ab:08:d9:57:e8:bc:36:cd:3c:a4:ef:b3:80:f9:02:01:83:f1:8f:da:81:13:7b:3e:aa:bc:21:98:b3:d6:29:c4:c3:91:7f:63:2a:9b:91:f0:07:cb:70:e8:bc:81:8e:bc:84:d2:d0:94:46:cc:09:13:51:e1:be:f9:d8:34:36:56:22:d9:f8:63:4f:2c:8e:80:f1:88:44:07:47:97:ec:d3:72:69:f6:bf:3e:05:5b:0c:b1:bd:b7:50:cf:d5:c1:72:c1:3a:c0:d9:23:d6:c8:b0:a8:5f:10:83:8d:8a:2c:9c:42:4a:af:58:4b:f3:1e:79:95:b9:82:ca:d6:6f:f3:3c:1c:a1:7e:8e:28:c8:52:0a:e7:ca:a8:d1:84:a1:5b:49:d9:fe:50:e3:37:77:ce:7e:3d:f9:54:ac:08:31:0e:59:62:00:a2:31:29:1a:45:25:be:54:9e:1b:f4:3c:a0:df:5f:10:a2:ab:6a:eb:b3:5e:f2:7e:ab:77:0a:23:a6:e0:fc:91:33:b8:31:3b:2f:ef:19:c8:e7:a3:6e:54:69:5d:b3:a6:f2:ba:23:34:a5:f2:61:3c:ca:09:59:62:1f:77:34:16:00:e1:74:7c:ec:3f:97:d9:e5:05:02:5a:9e:0e:30:92:d2:dd:ca:9c:7a:6c:14:7c:be:3d:7c:71:ed:eb:97:e4:b8:a3:84:3e:2e:d1:8b:b9:6a:67:3f:e8:a6:09:4f:6b:be:65:bf:77:bb:38:cd:99:e5:ab:ce:7f:48:43:52:0c:f4:b5:e1:e9:49:fe:13:85:5d:3a:99:aa:47:7d:20:8b:f5:7a:f5:3c:2a:95:23:f0:83:22:df:ec:b3:b2:72:a6:6f:1c:8c:da:b8:60:4b:c9:5b:db:54:c6:7e:0a:7a:4f:be:d1:cc:05:0f:4a:2c:c4:16:2b:82:d2:5e:cc:ab:19:eb:9b:da:7e:11:91:5b:56:1c:e8:1c:53:76:9c:49:2b:58:21:29:1a:e9:ec:4d:79:f9:c4:32:73:3f:89:c3:cd:79:8f:1f:aa:0e:d9:f1:12:fe:a1:7b:32:b4:74:6a:f6:44:51:42:e3:b7:e2:42:48:e9:5d:c9:64:56:9d:1d:71:9b:11:8b:de:69:d4:1d:55:bc:9a:d8:9e:73:4b:21:7d:d8:79:fe:14:f1:29:c3:d0:39:bd:7c:69:a8:44:69:f2:c7:73:6d:a6:13:c4:5a:e5:40:3a:47:02:3b:e9:38:0e:2c:29:61:3c:0a:25:3f:c9:4c:20:04:c4:da:05:2c:0a:42:74:df:13:4a:59:de:ce:a1:43:4f:e8:55:46:17:00:70:19:95:60:23:e2:d3:c3:cf:17:91:9b:a3:f4:b7:d8:0c:48:f9:c6:4b:4a:91:d2:0a:04:84:77:ca:a4:06:af:44:ca:7a:b5:94:43:cd:c5:8f:06:7e:1c:c7:04:3c:ed:ac:9f:99:c6:55:a9:a6:d1:70:78:76:30:55:ef:17:db:44:63:61:36:59:e3:bc:15:85:b8:61:60:48:7f:ff:f6:71:ea:c4:ef:24:58:d8:46:8b:65:e8:97:de:a8:8f:bf:8a:e5:50:d7:41:5c:0d:4d:94:6e:38:48:ff:98:af:ac:ab:b0:92:df:01:a7:ad:61:6e:40:7b:e5:b2:f9:23:06:40:74:4c:a4:23:c5:d9:74:d5:79:ac:67:ca:f2:73:f4:42:74:65:c7:02:7a:63:3d:ba:a7:b2:5a:28:06:cf:c2:92:68:1c:d5:68:b3:0a:2b:c2:84:81:a0:1e:c1:2e:a8:01:75:e9:80:c2:c8:e6:97:4a:cc:51:cd:f1:ee:96:f7:ed:76:52:fe:e1:4f:2f:f0:b5:68:c6:e6:d0:36:14:c6:35:5c:c2:02:96:2b:9e:26:63:fe:0c:20:dd:a4:d5:e5:d7:2d:0d:5d:e8:c9:e9:a8:31:9d:23:45:81:4a:a5:73:01:41:82:77:ec:1c:20:7a:e5:db:1e:af:87:0e:55:ef:b3:66:61:99:02:20:59:31:af:64:57:68:c3:43:ba:1b:42:25:83:14:cb:a4:35:df:b2:92:9d:f1:ba:86:d1:e3:8a:4f:80:38:bc:97:68:ca:52:3f:40:44:a8:3a:61:78:65:8a:d4:d6:0f:e6:88:cc:4f:b0:a1:a2:97:ac" - }, - "http": { - "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "POST", - "http.request.uri": "\/DcpRequestHandler\/index.ashx", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "dcp.cpp.philips.com:80", - "http.request.line": "Host: dcp.cpp.philips.com:80\r\n", - "http.authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"199\", Nonce=\"kDkZX21ZVBi9INUIdxegJQ==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"j\/npsbti1ktVjUC1eIi2MA==\"", - "http.request.line": "Authorization: CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"199\", Nonce=\"kDkZX21ZVBi9INUIdxegJQ==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"j\/npsbti1ktVjUC1eIi2MA==\"\r\n", - "http.content_length_header": "1248 ", - "http.content_length_header_tree": { - "http.content_length": "1248" - }, - "http.request.line": "Content-Length: 1248 \r\n", - "http.content_type": "application\/CB-Encrypted; cipher=AES", - "http.request.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", - "http.connection": "close", - "http.request.line": "Connection: close\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/dcp.cpp.philips.com:80\/DcpRequestHandler\/index.ashx", - "http.request": "1", - "http.request_number": "1", - "http.file_data": "\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0003\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd7\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd:K\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdId\u00ef\u00bf\u00bd(\u00ef\u00bf\u00bd\u0001$\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd4\u00ef\u00bf\u00bdzT\u00ef\u00bf\u00bd\u001d\u00ef\u00bf\u00bd\u007f\u001b\u000e\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u000e\u0002E\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd7\u00ef\u00bf\u00bdL\u00ef\u00bf\u00bd\"\f\u00ef\u00bf\u00bd\r\u00ef\u00bf\u00bdv?\u00ef\u00bf\u00bd\u0002.\u00ef\u00bf\u00bd\u00ef\u00bf\u00bda\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0001\u0007\u00ef\u00bf\u00bd\u001ad\u00ef\u00bf\u00bd&\u00ef\u00bf\u00bdM?\u0014\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd5\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bds\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdG\u00ef\u00bf\u00bd\u001c?\u00ef\u00bf\u00bd\bQb*\u00ef\u00bf\u00bd=\u0019\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd \/\u00ef\u00bf\u00bdVE9\u00ef\u00bf\u00bd%\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd^I\r\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd)\u00ef\u00bf\u00bd,\u00ef\u00bf\u00bd;.P\u00ef\u00bf\u00bd\u0016fU\u0010\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0011\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd}c\u00ef\u00bf\u00bdN\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdp*\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd1\u00ef\u00bf\u00bd.\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdM\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdV\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001b\u00ef\u00bf\u00bdj\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u007f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdz\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdZ)\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd?\\\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd{\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd)\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001c@\u00ef\u00bf\u00bdY\u001d\u00ef\u00bf\u00bd!q^\u001c\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd-C>\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdA \u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\/\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd#q\u00ef\u00bf\u00bd|\u00ef\u00bf\u00bd\u001e\u00ef\u00bf\u00bd\u001b\u0010\u00ef\u00bf\u00bd[f!\\>'\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdE.\u00ef\u00bf\u00bd" - }, - "media": { - "media.type": "ef:c9:8a:03:97:88:9f:e9:c1:bf:37:c2:b7:d5:3a:4b:b4:f7:f0:49:64:a7:28:bf:01:24:a5:e9:d4:0c:eb:e8:34:d0:7a:54:bf:1d:de:7f:1b:0e:a8:c8:0e:02:45:f9:eb:c2:d6:37:8c:4c:e2:22:0c:d9:0d:8e:76:3f:e3:02:2e:9a:80:61:c0:8e:01:07:fc:1a:64:c4:26:ca:4d:3f:14:8c:c8:35:fd:98:f4:73:b7:8a:47:b8:1c:3f:c3:08:51:62:2a:c8:3d:19:f7:a5:bb:ec:20:2f:bc:56:45:39:f0:25:d2:9b:5e:49:0d:ea:cc:29:b9:2c:fe:3b:2e:50:b5:16:66:55:10:d7:e8:d4:ec:11:ff:e9:7d:63:e0:4e:fa:ec:fb:70:2a:ed:f3:31:c7:2e:af:8a:4d:91:e5:56:87:8c:1b:a7:6a:8c:d9:7f:dd:fc:f2:df:c1:7a:e8:b0:5a:29:f9:fa:80:e4:3f:5c:ee:dc:93:7b:e8:b2:e0:29:b3:d8:1c:40:af:59:1d:92:21:71:5e:1c:df:9f:2d:43:3e:d5:d4:ec:f3:98:98:89:41:20:81:84:c9:f4:2f:e2:80:23:71:ee:7c:df:1e:e9:1b:10:8b:5b:66:21:5c:3e:27:b2:ae:45:2e:fa:00:23:e5:98:b3:7e:db:e0:d5:3e:86:9d:22:4c:87:32:4f:52:76:e4:6d:1a:63:9c:3a:d4:76:59:fc:dc:63:7c:d5:44:30:72:45:22:48:3f:0e:e1:86:e8:91:df:9a:e0:0e:da:2b:d0:d8:ce:2c:4d:46:a9:d7:dd:76:68:e1:56:da:98:93:7f:40:05:7c:30:e1:f8:0c:5c:0c:d2:d8:70:f1:54:64:b1:4b:cb:68:12:0b:95:0d:2b:fb:11:28:56:9e:ff:89:79:75:1d:c9:e8:e1:d5:11:3b:a6:1c:95:59:85:f2:75:03:23:11:ee:0e:cd:8d:21:57:ae:f5:98:6b:b4:31:ec:fc:76:ad:d3:b3:6c:d9:2c:f4:ad:d6:59:13:ab:df:f7:93:f3:42:42:d8:dd:11:2c:6d:d0:59:9f:83:5e:a2:84:87:f3:ac:6f:19:61:e9:f9:ff:90:02:a1:c5:95:43:3f:8d:f2:32:39:de:e2:83:ab:08:d9:57:e8:bc:36:cd:3c:a4:ef:b3:80:f9:02:01:83:f1:8f:da:81:13:7b:3e:aa:bc:21:98:b3:d6:29:c4:c3:91:7f:63:2a:9b:91:f0:07:cb:70:e8:bc:81:8e:bc:84:d2:d0:94:46:cc:09:13:51:e1:be:f9:d8:34:36:56:22:d9:f8:63:4f:2c:8e:80:f1:88:44:07:47:97:ec:d3:72:69:f6:bf:3e:05:5b:0c:b1:bd:b7:50:cf:d5:c1:72:c1:3a:c0:d9:23:d6:c8:b0:a8:5f:10:83:8d:8a:2c:9c:42:4a:af:58:4b:f3:1e:79:95:b9:82:ca:d6:6f:f3:3c:1c:a1:7e:8e:28:c8:52:0a:e7:ca:a8:d1:84:a1:5b:49:d9:fe:50:e3:37:77:ce:7e:3d:f9:54:ac:08:31:0e:59:62:00:a2:31:29:1a:45:25:be:54:9e:1b:f4:3c:a0:df:5f:10:a2:ab:6a:eb:b3:5e:f2:7e:ab:77:0a:23:a6:e0:fc:91:33:b8:31:3b:2f:ef:19:c8:e7:a3:6e:54:69:5d:b3:a6:f2:ba:23:34:a5:f2:61:3c:ca:09:59:62:1f:77:34:16:00:e1:74:7c:ec:3f:97:d9:e5:05:02:5a:9e:0e:30:92:d2:dd:ca:9c:7a:6c:14:7c:be:3d:7c:71:ed:eb:97:e4:b8:a3:84:3e:2e:d1:8b:b9:6a:67:3f:e8:a6:09:4f:6b:be:65:bf:77:bb:38:cd:99:e5:ab:ce:7f:48:43:52:0c:f4:b5:e1:e9:49:fe:13:85:5d:3a:99:aa:47:7d:20:8b:f5:7a:f5:3c:2a:95:23:f0:83:22:df:ec:b3:b2:72:a6:6f:1c:8c:da:b8:60:4b:c9:5b:db:54:c6:7e:0a:7a:4f:be:d1:cc:05:0f:4a:2c:c4:16:2b:82:d2:5e:cc:ab:19:eb:9b:da:7e:11:91:5b:56:1c:e8:1c:53:76:9c:49:2b:58:21:29:1a:e9:ec:4d:79:f9:c4:32:73:3f:89:c3:cd:79:8f:1f:aa:0e:d9:f1:12:fe:a1:7b:32:b4:74:6a:f6:44:51:42:e3:b7:e2:42:48:e9:5d:c9:64:56:9d:1d:71:9b:11:8b:de:69:d4:1d:55:bc:9a:d8:9e:73:4b:21:7d:d8:79:fe:14:f1:29:c3:d0:39:bd:7c:69:a8:44:69:f2:c7:73:6d:a6:13:c4:5a:e5:40:3a:47:02:3b:e9:38:0e:2c:29:61:3c:0a:25:3f:c9:4c:20:04:c4:da:05:2c:0a:42:74:df:13:4a:59:de:ce:a1:43:4f:e8:55:46:17:00:70:19:95:60:23:e2:d3:c3:cf:17:91:9b:a3:f4:b7:d8:0c:48:f9:c6:4b:4a:91:d2:0a:04:84:77:ca:a4:06:af:44:ca:7a:b5:94:43:cd:c5:8f:06:7e:1c:c7:04:3c:ed:ac:9f:99:c6:55:a9:a6:d1:70:78:76:30:55:ef:17:db:44:63:61:36:59:e3:bc:15:85:b8:61:60:48:7f:ff:f6:71:ea:c4:ef:24:58:d8:46:8b:65:e8:97:de:a8:8f:bf:8a:e5:50:d7:41:5c:0d:4d:94:6e:38:48:ff:98:af:ac:ab:b0:92:df:01:a7:ad:61:6e:40:7b:e5:b2:f9:23:06:40:74:4c:a4:23:c5:d9:74:d5:79:ac:67:ca:f2:73:f4:42:74:65:c7:02:7a:63:3d:ba:a7:b2:5a:28:06:cf:c2:92:68:1c:d5:68:b3:0a:2b:c2:84:81:a0:1e:c1:2e:a8:01:75:e9:80:c2:c8:e6:97:4a:cc:51:cd:f1:ee:96:f7:ed:76:52:fe:e1:4f:2f:f0:b5:68:c6:e6:d0:36:14:c6:35:5c:c2:02:96:2b:9e:26:63:fe:0c:20:dd:a4:d5:e5:d7:2d:0d:5d:e8:c9:e9:a8:31:9d:23:45:81:4a:a5:73:01:41:82:77:ec:1c:20:7a:e5:db:1e:af:87:0e:55:ef:b3:66:61:99:02:20:59:31:af:64:57:68:c3:43:ba:1b:42:25:83:14:cb:a4:35:df:b2:92:9d:f1:ba:86:d1:e3:8a:4f:80:38:bc:97:68:ca:52:3f:40:44:a8:3a:61:78:65:8a:d4:d6:0f:e6:88:cc:4f:b0:a1:a2:97:ac" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:29.199453000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495089.199453000", - "frame.time_delta": "0.085856000", - "frame.time_delta_displayed": "0.085856000", - "frame.time_relative": "1497.738767000", - "frame.number": "5190", - "frame.len": "136", - "frame.cap_len": "136", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "122", - "ip.id": "0x0000f44a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000e50e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "102", - "udp.checksum": "0x0000302a", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000003", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", - "dns.qry.name.len": "70", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:29.249915000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495089.249915000", - "frame.time_delta": "0.050462000", - "frame.time_delta_displayed": "0.050462000", - "frame.time_relative": "1497.789229000", - "frame.number": "5191", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000c1cb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x0000c90f", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35310", - "tcp.port": "80", - "tcp.port": "35310", - "tcp.stream": "191", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1849", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00002eb4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5189", - "tcp.analysis.ack_rtt": "0.136318000", - "tcp.analysis.initial_rtt": "0.136234000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:29.273382000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495089.273382000", - "frame.time_delta": "0.023467000", - "frame.time_delta_displayed": "0.023467000", - "frame.time_relative": "1497.812696000", - "frame.number": "5192", - "frame.len": "925", - "frame.cap_len": "925", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:media" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "911", - "ip.id": "0x0000cba4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x0000bbcf", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35310", - "tcp.port": "80", - "tcp.port": "35310", - "tcp.stream": "191", - "tcp.len": "871", - "tcp.seq": "1", - "tcp.nxtseq": "872", - "tcp.ack": "1849", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000ffdd", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.136234000", - "tcp.analysis.bytes_in_flight": "871", - "tcp.analysis.push_bytes_sent": "871" - } - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.cache_control": "private", - "http.response.line": "Cache-Control: private\r\n", - "http.content_length_header": "560", - "http.content_length_header_tree": { - "http.content_length": "560" - }, - "http.response.line": "Content-Length: 560\r\n", - "http.content_type": "application\/CB-Encrypted; cipher=AES", - "http.response.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", - "http.server": "Microsoft-IIS\/7.5", - "http.response.line": "Server: Microsoft-IIS\/7.5\r\n", - "http.www_authenticate": "CBAuth Nonce=\"Q5UCcvzThhm9INUIe1noSg==\"", - "http.response.line": "WWW-Authenticate: CBAuth Nonce=\"Q5UCcvzThhm9INUIe1noSg==\"\r\n", - "http.response.line": "X-AspNet-Version: 4.0.30319\r\n", - "http.response.line": "X-Powered-By: ASP.NET\r\n", - "http.date": "Wed, 01 Nov 2017 00:11:28 GMT", - "http.response.line": "Date: Wed, 01 Nov 2017 00:11:28 GMT\r\n", - "http.connection": "close", - "http.response.line": "Connection: close\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.159785000", - "http.request_in": "5189", - "http.file_data": "\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0003\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd7\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd:K\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdId\u00ef\u00bf\u00bd(\u00ef\u00bf\u00bd\u0001$\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd^q\u00ef\u00bf\u00bdU\u0019\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdXT6\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd>\u00ef\u00bf\u00bdN\u00ef\u00bf\u00bdc\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0003\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd:\"`A~\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd(\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001e9f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd~k\u0001\u001f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bde(\u001c6#-tR4\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd5\u00ef\u00bf\u00bd\f\u00ef\u00bf\u00bdg\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001cl\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdP\u0018I\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd[\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0012\u00ef\u00bf\u00bdv\u00ef\u00bf\u00bd$\u00ef\u00bf\u00bdw\u00ef\u00bf\u00bda\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd{y\fe\u00ef\u00bf\u00bd\u0002\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd{,\u00ef\u00bf\u00bd?ys\u00ef\u00bf\u00bdd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0016`\u00ef\u00bf\u00bd\u0005\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdW\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0018z\u00ef\u00bf\u00bd\u0019bl\u00ef\u00bf\u00bd-e\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd9\t!>_\u00ef\u00bf\u00bd\fR\u00ef\u00bf\u00bd\u00ef\u00bf\u00bde\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd:\u007f\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdN\u00ef\u00bf\u00bd\u001b\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001fX\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\/\u00ef\u00bf\u00bd6\u00ef\u00bf\u00bd\u001d\u00ef\u00bf\u00bd\u0004\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdV\u00ef\u00bf\u00bd\b\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0006\u000e\u001a\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdF\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdX!\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdw\u00ef\u00bf\u00bd3\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd~\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0011\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdI\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd<\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0003*\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00153\u0018H\u000f\u00ef\u00bf\u00bd\u0002\u00ef\u00bf\u00bdE\u0015\u000b\u0016G\u00ef\u00bf\u00bd\u007fgZ\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bda\u0005a\u0013\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u000b\u001b\u00ef\u00bf\u00bdu\u00ef\u00bf\u00bdA\u0005pK6]zdXI\u00ef\u00bf\u00bd" - }, - "media": { - "media.type": "ef:c9:8a:03:97:88:9f:e9:c1:bf:37:c2:b7:d5:3a:4b:b4:f7:f0:49:64:a7:28:bf:01:24:a5:e9:d4:0c:eb:e8:89:5e:71:cc:55:19:f3:da:87:9f:58:54:36:dc:87:3e:bd:4e:ee:63:ec:ca:e6:f0:83:03:eb:88:80:90:3a:22:60:41:7e:8d:e7:28:ba:90:1e:39:66:dc:9d:7e:6b:01:1f:d8:b0:65:28:1c:36:23:2d:74:52:34:c5:92:35:88:0c:fb:67:a5:f5:96:1c:6c:bb:8d:50:18:49:fc:c9:5b:d5:bd:12:d7:76:92:24:a5:77:eb:61:b5:81:7b:79:0c:65:91:02:c1:ed:86:7b:2c:d4:3f:79:73:85:64:8e:fa:16:60:be:05:ab:e2:82:57:a3:d3:ec:a9:9b:c1:18:7a:e9:19:62:6c:c0:2d:65:ef:91:39:09:21:3e:5f:b7:0c:52:cc:a3:65:e7:d4:3a:7f:b1:b0:4e:82:1b:af:cd:cd:1f:58:89:fd:e3:2f:b3:36:9f:1d:ee:04:88:d2:56:ae:08:f9:ba:06:0e:1a:a7:88:46:8b:c3:fc:9f:f8:d4:88:58:21:e3:94:77:9f:33:81:da:80:8b:9b:80:7e:fe:ee:11:ed:a2:49:ef:cd:b1:3c:ce:97:c1:9a:03:2a:a3:fb:94:15:33:18:48:0f:e9:02:db:45:15:0b:16:47:d4:7f:67:5a:c7:eb:ec:de:61:05:61:13:d4:d7:df:d2:0b:1b:9b:75:ee:41:05:70:4b:36:5d:7a:64:58:49:b0:00:42:ba:3d:d7:ad:9d:50:c6:be:40:c1:b2:8f:d9:3a:8d:30:aa:09:d7:07:e6:0c:ad:d4:9d:29:cd:db:35:73:4c:b2:e4:53:33:10:73:46:06:79:09:43:f4:b4:68:88:a2:06:07:0a:3a:9d:e6:4f:25:c8:c8:07:df:89:33:7c:68:41:9f:fd:12:db:1a:4e:de:76:74:a7:5a:e2:99:69:fe:f9:9f:dc:71:aa:ed:ad:5d:9d:73:1a:ce:bf:37:b9:5b:9d:be:53:aa:64:0e:fc:8c:85:5a:40:dc:e3:2e:c9:7d:48:e8:d9:2e:95:c3:c4:04:7e:8e:cd:28:44:59:2b:a0:17:10:6a:e2:15:f5:c4:75:a7:39:df:13:7b:6b:3e:fd:c4:61:b6:d3:ac:dd:19:ea:a6:01:27:cc:fd:5b:04:63:60:2e:24:8c:52:97:aa:6c:ce:fb:73:0b:05:f8:67:e0:91:29:70:7f:ec:a2:4c:6a:96:bb:77:16:8e:bf:c2:e7:b1:81:59:0c:1e:86:ca:fa:26:64:70:5d:09:15:27:8d:5d:50:89:c7:99:1f:da:60:d3:be:1c:3f:b0:d0:c4:07:c7:48:56:b9:e5:a6:f2:0e:37:80:d3:c2:91:00:23:d9:0a:29:b4:97:c2:b0:99:29:1b:35:bb:aa:29:6f:6b:a7:dd" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:29.273472000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495089.273472000", - "frame.time_delta": "0.000090000", - "frame.time_delta_displayed": "0.000090000", - "frame.time_relative": "1497.812786000", - "frame.number": "5193", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000cba6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x0000bf34", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35310", - "tcp.port": "80", - "tcp.port": "35310", - "tcp.stream": "191", - "tcp.len": "0", - "tcp.seq": "872", - "tcp.ack": "1849", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00002b4c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:29.273962000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495089.273962000", - "frame.time_delta": "0.000490000", - "frame.time_delta_displayed": "0.000490000", - "frame.time_relative": "1497.813276000", - "frame.number": "5194", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000f031", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000045aa", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35310", - "tcp.dstport": "80", - "tcp.port": "35310", - "tcp.port": "80", - "tcp.stream": "191", - "tcp.len": "0", - "tcp.seq": "1849", - "tcp.ack": "872", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "30485", - "tcp.window_size": "30485", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000cb9b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5192", - "tcp.analysis.ack_rtt": "0.000580000", - "tcp.analysis.initial_rtt": "0.136234000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:29.274628000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495089.274628000", - "frame.time_delta": "0.000666000", - "frame.time_delta_displayed": "0.000666000", - "frame.time_relative": "1497.813942000", - "frame.number": "5195", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000f032", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000045a9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35310", - "tcp.dstport": "80", - "tcp.port": "35310", - "tcp.port": "80", - "tcp.stream": "191", - "tcp.len": "0", - "tcp.seq": "1849", - "tcp.ack": "873", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "30485", - "tcp.window_size": "30485", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000cb99", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5193", - "tcp.analysis.ack_rtt": "0.001156000", - "tcp.analysis.initial_rtt": "0.136234000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:29.410382000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495089.410382000", - "frame.time_delta": "0.135754000", - "frame.time_delta_displayed": "0.135754000", - "frame.time_relative": "1497.949696000", - "frame.number": "5196", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000a49", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x00008092", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35310", - "tcp.port": "80", - "tcp.port": "35310", - "tcp.stream": "191", - "tcp.len": "0", - "tcp.seq": "873", - "tcp.ack": "1850", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5988", - "tcp.window_size": "5988", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00002b4b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5195", - "tcp.analysis.ack_rtt": "0.135754000", - "tcp.analysis.initial_rtt": "0.136234000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:30.433072000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495090.433072000", - "frame.time_delta": "1.022690000", - "frame.time_delta_displayed": "1.022690000", - "frame.time_relative": "1498.972386000", - "frame.number": "5197", - "frame.len": "168", - "frame.cap_len": "168", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "154", - "ip.id": "0x0000210a", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e73a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "52117", - "udp.dstport": "1900", - "udp.port": "52117", - "udp.port": "1900", - "udp.length": "134", - "udp.checksum": "0x00004d48", - "udp.checksum.status": "2", - "udp.stream": "10" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "13", - "http.prev_request_in": "4768" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:30.833108000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495090.833108000", - "frame.time_delta": "0.400036000", - "frame.time_delta_displayed": "0.400036000", - "frame.time_relative": "1499.372422000", - "frame.number": "5198", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x000016ac", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000a09f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "305", - "udp.checksum": "0x0000f985", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "73", - "http.prev_response_in": "4830" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:30.836750000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495090.836750000", - "frame.time_delta": "0.003642000", - "frame.time_delta_displayed": "0.003642000", - "frame.time_relative": "1499.376064000", - "frame.number": "5199", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001b43", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005d24", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54674", - "tcp.dstport": "80", - "tcp.port": "54674", - "tcp.port": "80", - "tcp.stream": "192", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x0000ffe1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:30.837312000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495090.837312000", - "frame.time_delta": "0.000562000", - "frame.time_delta_displayed": "0.000562000", - "frame.time_relative": "1499.376626000", - "frame.number": "5200", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54674", - "tcp.port": "80", - "tcp.port": "54674", - "tcp.stream": "192", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x000015d9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5199", - "tcp.analysis.ack_rtt": "0.000562000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:30.840233000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495090.840233000", - "frame.time_delta": "0.002921000", - "frame.time_delta_displayed": "0.002921000", - "frame.time_relative": "1499.379547000", - "frame.number": "5201", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001b44", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005d2f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54674", - "tcp.dstport": "80", - "tcp.port": "54674", - "tcp.port": "80", - "tcp.stream": "192", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000c7b7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5200", - "tcp.analysis.ack_rtt": "0.002921000", - "tcp.analysis.initial_rtt": "0.003483000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:30.840790000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495090.840790000", - "frame.time_delta": "0.000557000", - "frame.time_delta_displayed": "0.000557000", - "frame.time_relative": "1499.380104000", - "frame.number": "5202", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001b45", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005c87", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54674", - "tcp.dstport": "80", - "tcp.port": "54674", - "tcp.port": "80", - "tcp.stream": "192", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000dd30", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003483000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:30.841272000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495090.841272000", - "frame.time_delta": "0.000482000", - "frame.time_delta_displayed": "0.000482000", - "frame.time_relative": "1499.380586000", - "frame.number": "5203", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000cb08", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ed6a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54674", - "tcp.port": "80", - "tcp.port": "54674", - "tcp.stream": "192", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000b948", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5202", - "tcp.analysis.ack_rtt": "0.000482000", - "tcp.analysis.initial_rtt": "0.003483000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:30.841869000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495090.841869000", - "frame.time_delta": "0.000597000", - "frame.time_delta_displayed": "0.000597000", - "frame.time_relative": "1499.381183000", - "frame.number": "5204", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000cb09", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ed58", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54674", - "tcp.port": "80", - "tcp.port": "54674", - "tcp.stream": "192", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000f969", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003483000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:30.842297000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495090.842297000", - "frame.time_delta": "0.000428000", - "frame.time_delta_displayed": "0.000428000", - "frame.time_relative": "1499.381611000", - "frame.number": "5205", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000cb0a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e985", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54674", - "tcp.port": "80", - "tcp.port": "54674", - "tcp.stream": "192", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00004bd3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003483000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "5204", - "tcp.segment": "5205", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001507000", - "http.request_in": "5202", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:30.845243000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495090.845243000", - "frame.time_delta": "0.002946000", - "frame.time_delta_displayed": "0.002946000", - "frame.time_relative": "1499.384557000", - "frame.number": "5206", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001b46", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005d2d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54674", - "tcp.dstport": "80", - "tcp.port": "54674", - "tcp.port": "80", - "tcp.stream": "192", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000c31f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5205", - "tcp.analysis.ack_rtt": "0.002946000", - "tcp.analysis.initial_rtt": "0.003483000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:30.845910000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495090.845910000", - "frame.time_delta": "0.000667000", - "frame.time_delta_displayed": "0.000667000", - "frame.time_relative": "1499.385224000", - "frame.number": "5207", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001b47", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005d2c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54674", - "tcp.dstport": "80", - "tcp.port": "54674", - "tcp.port": "80", - "tcp.stream": "192", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000c31e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:30.846365000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495090.846365000", - "frame.time_delta": "0.000455000", - "frame.time_delta_displayed": "0.000455000", - "frame.time_relative": "1499.385679000", - "frame.number": "5208", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000011d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b756", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54674", - "tcp.port": "80", - "tcp.port": "54674", - "tcp.stream": "192", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000b552", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5207", - "tcp.analysis.ack_rtt": "0.000455000", - "tcp.analysis.initial_rtt": "0.003483000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:30.886065000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495090.886065000", - "frame.time_delta": "0.039700000", - "frame.time_delta_displayed": "0.039700000", - "frame.time_relative": "1499.425379000", - "frame.number": "5209", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x000016b1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000a091", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "314", - "udp.checksum": "0x00000771", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "74", - "http.prev_response_in": "5198" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:30.896604000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495090.896604000", - "frame.time_delta": "0.010539000", - "frame.time_delta_displayed": "0.010539000", - "frame.time_relative": "1499.435918000", - "frame.number": "5210", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001b48", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005d1f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54675", - "tcp.dstport": "80", - "tcp.port": "54675", - "tcp.port": "80", - "tcp.stream": "193", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x00006229", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:30.897146000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495090.897146000", - "frame.time_delta": "0.000542000", - "frame.time_delta_displayed": "0.000542000", - "frame.time_relative": "1499.436460000", - "frame.number": "5211", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54675", - "tcp.port": "80", - "tcp.port": "54675", - "tcp.stream": "193", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000dca8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5210", - "tcp.analysis.ack_rtt": "0.000542000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:30.899536000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495090.899536000", - "frame.time_delta": "0.002390000", - "frame.time_delta_displayed": "0.002390000", - "frame.time_relative": "1499.438850000", - "frame.number": "5212", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001b49", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005d2a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54675", - "tcp.dstport": "80", - "tcp.port": "54675", - "tcp.port": "80", - "tcp.stream": "193", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00008e87", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5211", - "tcp.analysis.ack_rtt": "0.002390000", - "tcp.analysis.initial_rtt": "0.002932000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:30.900257000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495090.900257000", - "frame.time_delta": "0.000721000", - "frame.time_delta_displayed": "0.000721000", - "frame.time_relative": "1499.439571000", - "frame.number": "5213", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001b4a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005c82", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54675", - "tcp.dstport": "80", - "tcp.port": "54675", - "tcp.port": "80", - "tcp.stream": "193", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000a400", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002932000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:30.900735000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495090.900735000", - "frame.time_delta": "0.000478000", - "frame.time_delta_displayed": "0.000478000", - "frame.time_relative": "1499.440049000", - "frame.number": "5214", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e4a1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d3d1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54675", - "tcp.port": "80", - "tcp.port": "54675", - "tcp.stream": "193", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00008018", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5213", - "tcp.analysis.ack_rtt": "0.000478000", - "tcp.analysis.initial_rtt": "0.002932000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:30.901382000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495090.901382000", - "frame.time_delta": "0.000647000", - "frame.time_delta_displayed": "0.000647000", - "frame.time_relative": "1499.440696000", - "frame.number": "5215", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000e4a2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d3bf", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54675", - "tcp.port": "80", - "tcp.port": "54675", - "tcp.stream": "193", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000c039", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002932000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:30.901733000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495090.901733000", - "frame.time_delta": "0.000351000", - "frame.time_delta_displayed": "0.000351000", - "frame.time_relative": "1499.441047000", - "frame.number": "5216", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000e4a3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000cfec", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54675", - "tcp.port": "80", - "tcp.port": "54675", - "tcp.stream": "193", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000012a3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002932000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "5215", - "tcp.segment": "5216", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001476000", - "http.request_in": "5213", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:30.904568000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495090.904568000", - "frame.time_delta": "0.002835000", - "frame.time_delta_displayed": "0.002835000", - "frame.time_relative": "1499.443882000", - "frame.number": "5217", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001b4b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005d28", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54675", - "tcp.dstport": "80", - "tcp.port": "54675", - "tcp.port": "80", - "tcp.stream": "193", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000089ef", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5216", - "tcp.analysis.ack_rtt": "0.002835000", - "tcp.analysis.initial_rtt": "0.002932000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:30.905216000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495090.905216000", - "frame.time_delta": "0.000648000", - "frame.time_delta_displayed": "0.000648000", - "frame.time_relative": "1499.444530000", - "frame.number": "5218", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001b4c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005d27", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54675", - "tcp.dstport": "80", - "tcp.port": "54675", - "tcp.port": "80", - "tcp.stream": "193", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000089ee", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:30.905629000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495090.905629000", - "frame.time_delta": "0.000413000", - "frame.time_delta_displayed": "0.000413000", - "frame.time_relative": "1499.444943000", - "frame.number": "5219", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000122", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b751", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54675", - "tcp.port": "80", - "tcp.port": "54675", - "tcp.stream": "193", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00007c22", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5218", - "tcp.analysis.ack_rtt": "0.000413000", - "tcp.analysis.initial_rtt": "0.002932000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:30.938888000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495090.938888000", - "frame.time_delta": "0.033259000", - "frame.time_delta_displayed": "0.033259000", - "frame.time_relative": "1499.478202000", - "frame.number": "5220", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x000016b2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000a096", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "308", - "udp.checksum": "0x00002afb", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "75", - "http.prev_response_in": "5209" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:30.942235000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495090.942235000", - "frame.time_delta": "0.003347000", - "frame.time_delta_displayed": "0.003347000", - "frame.time_relative": "1499.481549000", - "frame.number": "5221", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001b4d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005d1a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54676", - "tcp.dstport": "80", - "tcp.port": "54676", - "tcp.port": "80", - "tcp.stream": "194", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x0000b3ab", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:30.942770000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495090.942770000", - "frame.time_delta": "0.000535000", - "frame.time_delta_displayed": "0.000535000", - "frame.time_relative": "1499.482084000", - "frame.number": "5222", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54676", - "tcp.port": "80", - "tcp.port": "54676", - "tcp.stream": "194", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000e60a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5221", - "tcp.analysis.ack_rtt": "0.000535000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:30.945435000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495090.945435000", - "frame.time_delta": "0.002665000", - "frame.time_delta_displayed": "0.002665000", - "frame.time_relative": "1499.484749000", - "frame.number": "5223", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001b4e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005d25", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54676", - "tcp.dstport": "80", - "tcp.port": "54676", - "tcp.port": "80", - "tcp.stream": "194", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000097e9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5222", - "tcp.analysis.ack_rtt": "0.002665000", - "tcp.analysis.initial_rtt": "0.003200000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:30.946060000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495090.946060000", - "frame.time_delta": "0.000625000", - "frame.time_delta_displayed": "0.000625000", - "frame.time_relative": "1499.485374000", - "frame.number": "5224", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001b4f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005c7d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54676", - "tcp.dstport": "80", - "tcp.port": "54676", - "tcp.port": "80", - "tcp.stream": "194", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000ad62", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003200000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:30.946541000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495090.946541000", - "frame.time_delta": "0.000481000", - "frame.time_delta_displayed": "0.000481000", - "frame.time_relative": "1499.485855000", - "frame.number": "5225", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00009b43", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001d30", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54676", - "tcp.port": "80", - "tcp.port": "54676", - "tcp.stream": "194", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000897a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5224", - "tcp.analysis.ack_rtt": "0.000481000", - "tcp.analysis.initial_rtt": "0.003200000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:30.947111000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495090.947111000", - "frame.time_delta": "0.000570000", - "frame.time_delta_displayed": "0.000570000", - "frame.time_relative": "1499.486425000", - "frame.number": "5226", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00009b44", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001d1e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54676", - "tcp.port": "80", - "tcp.port": "54676", - "tcp.stream": "194", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000c99b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003200000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:30.947458000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495090.947458000", - "frame.time_delta": "0.000347000", - "frame.time_delta_displayed": "0.000347000", - "frame.time_relative": "1499.486772000", - "frame.number": "5227", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00009b45", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000194b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54676", - "tcp.port": "80", - "tcp.port": "54676", - "tcp.stream": "194", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00001c05", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003200000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "5226", - "tcp.segment": "5227", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001398000", - "http.request_in": "5224", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:30.949285000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495090.949285000", - "frame.time_delta": "0.001827000", - "frame.time_delta_displayed": "0.001827000", - "frame.time_relative": "1499.488599000", - "frame.number": "5228", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00009b46", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000194a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54676", - "tcp.port": "80", - "tcp.port": "54676", - "tcp.stream": "194", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00001c05", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003200000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.out_of_order": "", - "_ws.expert.message": "This frame is a (suspected) out-of-order segment", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - } - } - }, - "_ws.malformed": { - "_ws.expert": { - "_ws.malformed.reassembly": "", - "_ws.expert.message": "New fragment overlaps old data (retransmission?)", - "_ws.expert.severity": "8388608", - "_ws.expert.group": "117440512" - }, - "_ws.malformed": "Malformed Packet" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:30.949733000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495090.949733000", - "frame.time_delta": "0.000448000", - "frame.time_delta_displayed": "0.000448000", - "frame.time_relative": "1499.489047000", - "frame.number": "5229", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001b50", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005d23", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54676", - "tcp.dstport": "80", - "tcp.port": "54676", - "tcp.port": "80", - "tcp.stream": "194", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00009351", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5227", - "tcp.analysis.ack_rtt": "0.002275000", - "tcp.analysis.initial_rtt": "0.003200000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:30.950314000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495090.950314000", - "frame.time_delta": "0.000581000", - "frame.time_delta_displayed": "0.000581000", - "frame.time_relative": "1499.489628000", - "frame.number": "5230", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001b51", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005d22", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54676", - "tcp.dstport": "80", - "tcp.port": "54676", - "tcp.port": "80", - "tcp.stream": "194", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00009350", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:30.950745000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495090.950745000", - "frame.time_delta": "0.000431000", - "frame.time_delta_displayed": "0.000431000", - "frame.time_relative": "1499.490059000", - "frame.number": "5231", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000127", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b74c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54676", - "tcp.port": "80", - "tcp.port": "54676", - "tcp.stream": "194", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00008584", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5230", - "tcp.analysis.ack_rtt": "0.000431000", - "tcp.analysis.initial_rtt": "0.003200000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:30.952196000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495090.952196000", - "frame.time_delta": "0.001451000", - "frame.time_delta_displayed": "0.001451000", - "frame.time_relative": "1499.491510000", - "frame.number": "5232", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001b52", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005d15", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54676", - "tcp.dstport": "80", - "tcp.port": "54676", - "tcp.port": "80", - "tcp.stream": "194", - "tcp.len": "0", - "tcp.seq": "169", - "tcp.ack": "1014", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000ac47", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:05:0a:2f:47:27:40:2f:47:2b:23", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "SACK: 18-1013": { - "tcp.option_kind": "5", - "tcp.option_len": "10", - "tcp.options.sack": "1", - "tcp.options.sack_le": "18", - "tcp.options.sack_re": "1013", - "tcp.options.sack.count": "1" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003200000", - "tcp.analysis.flags": { - "tcp.analysis.duplicate_ack": "" - }, - "tcp.analysis.duplicate_ack_num": "1", - "tcp.analysis.duplicate_ack_frame": "5229", - "tcp.analysis.duplicate_ack_frame_tree": { - "_ws.expert": { - "tcp.analysis.duplicate_ack": "", - "_ws.expert.message": "Duplicate ACK (#1)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:31.885930000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495091.885930000", - "frame.time_delta": "0.933734000", - "frame.time_delta_displayed": "0.933734000", - "frame.time_relative": "1500.425244000", - "frame.number": "5233", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x000016e9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000a062", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "305", - "udp.checksum": "0x0000f985", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "76", - "http.prev_response_in": "5220" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:31.889629000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495091.889629000", - "frame.time_delta": "0.003699000", - "frame.time_delta_displayed": "0.003699000", - "frame.time_relative": "1500.428943000", - "frame.number": "5234", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001b53", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005d14", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54677", - "tcp.dstport": "80", - "tcp.port": "54677", - "tcp.port": "80", - "tcp.stream": "195", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x000092c5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:31.890331000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495091.890331000", - "frame.time_delta": "0.000702000", - "frame.time_delta_displayed": "0.000702000", - "frame.time_relative": "1500.429645000", - "frame.number": "5235", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54677", - "tcp.port": "80", - "tcp.port": "54677", - "tcp.stream": "195", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000db26", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5234", - "tcp.analysis.ack_rtt": "0.000702000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:31.893113000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495091.893113000", - "frame.time_delta": "0.002782000", - "frame.time_delta_displayed": "0.002782000", - "frame.time_relative": "1500.432427000", - "frame.number": "5236", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001b54", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005d1f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54677", - "tcp.dstport": "80", - "tcp.port": "54677", - "tcp.port": "80", - "tcp.stream": "195", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00008d05", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5235", - "tcp.analysis.ack_rtt": "0.002782000", - "tcp.analysis.initial_rtt": "0.003484000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:31.893720000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495091.893720000", - "frame.time_delta": "0.000607000", - "frame.time_delta_displayed": "0.000607000", - "frame.time_relative": "1500.433034000", - "frame.number": "5237", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001b55", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005c77", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54677", - "tcp.dstport": "80", - "tcp.port": "54677", - "tcp.port": "80", - "tcp.stream": "195", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000a27e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003484000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:31.894196000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495091.894196000", - "frame.time_delta": "0.000476000", - "frame.time_delta_displayed": "0.000476000", - "frame.time_relative": "1500.433510000", - "frame.number": "5238", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00006f2a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004949", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54677", - "tcp.port": "80", - "tcp.port": "54677", - "tcp.stream": "195", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00007e96", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5237", - "tcp.analysis.ack_rtt": "0.000476000", - "tcp.analysis.initial_rtt": "0.003484000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:31.894913000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495091.894913000", - "frame.time_delta": "0.000717000", - "frame.time_delta_displayed": "0.000717000", - "frame.time_relative": "1500.434227000", - "frame.number": "5239", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00006f2b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004937", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54677", - "tcp.port": "80", - "tcp.port": "54677", - "tcp.stream": "195", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000beb7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003484000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:31.894924000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495091.894924000", - "frame.time_delta": "0.000011000", - "frame.time_delta_displayed": "0.000011000", - "frame.time_relative": "1500.434238000", - "frame.number": "5240", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00006f2c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004564", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54677", - "tcp.port": "80", - "tcp.port": "54677", - "tcp.stream": "195", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00001121", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003484000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "5239", - "tcp.segment": "5240", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001204000", - "http.request_in": "5237", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:31.899286000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495091.899286000", - "frame.time_delta": "0.004362000", - "frame.time_delta_displayed": "0.004362000", - "frame.time_relative": "1500.438600000", - "frame.number": "5241", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00006f2d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004563", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54677", - "tcp.port": "80", - "tcp.port": "54677", - "tcp.stream": "195", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00001121", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003484000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.retransmission": "", - "_ws.expert.message": "This frame is a (suspected) retransmission", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - }, - "tcp.analysis.rto": "0.004362000", - "tcp.analysis.rto_frame": "5240" - } - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:31.899871000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495091.899871000", - "frame.time_delta": "0.000585000", - "frame.time_delta_displayed": "0.000585000", - "frame.time_relative": "1500.439185000", - "frame.number": "5242", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001b56", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005d1d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54677", - "tcp.dstport": "80", - "tcp.port": "54677", - "tcp.port": "80", - "tcp.stream": "195", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000886d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5240", - "tcp.analysis.ack_rtt": "0.004947000", - "tcp.analysis.initial_rtt": "0.003484000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:31.900474000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495091.900474000", - "frame.time_delta": "0.000603000", - "frame.time_delta_displayed": "0.000603000", - "frame.time_relative": "1500.439788000", - "frame.number": "5243", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001b57", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005d1c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54677", - "tcp.dstport": "80", - "tcp.port": "54677", - "tcp.port": "80", - "tcp.stream": "195", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000886c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:31.900903000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495091.900903000", - "frame.time_delta": "0.000429000", - "frame.time_delta_displayed": "0.000429000", - "frame.time_relative": "1500.440217000", - "frame.number": "5244", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000015c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b717", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54677", - "tcp.port": "80", - "tcp.port": "54677", - "tcp.stream": "195", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00007aa0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5243", - "tcp.analysis.ack_rtt": "0.000429000", - "tcp.analysis.initial_rtt": "0.003484000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:31.902838000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495091.902838000", - "frame.time_delta": "0.001935000", - "frame.time_delta_displayed": "0.001935000", - "frame.time_relative": "1500.442152000", - "frame.number": "5245", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001b58", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005d0f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54677", - "tcp.dstport": "80", - "tcp.port": "54677", - "tcp.port": "80", - "tcp.stream": "195", - "tcp.len": "0", - "tcp.seq": "169", - "tcp.ack": "1014", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000cd67", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:05:0a:6c:92:d3:f2:6c:92:d7:d5", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "SACK: 18-1013": { - "tcp.option_kind": "5", - "tcp.option_len": "10", - "tcp.options.sack": "1", - "tcp.options.sack_le": "18", - "tcp.options.sack_re": "1013", - "tcp.options.sack.count": "1" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003484000", - "tcp.analysis.flags": { - "tcp.analysis.duplicate_ack": "" - }, - "tcp.analysis.duplicate_ack_num": "1", - "tcp.analysis.duplicate_ack_frame": "5242", - "tcp.analysis.duplicate_ack_frame_tree": { - "_ws.expert": { - "tcp.analysis.duplicate_ack": "", - "_ws.expert.message": "Duplicate ACK (#1)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:31.938891000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495091.938891000", - "frame.time_delta": "0.036053000", - "frame.time_delta_displayed": "0.036053000", - "frame.time_relative": "1500.478205000", - "frame.number": "5246", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x000016ed", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000a055", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "314", - "udp.checksum": "0x00000771", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "77", - "http.prev_response_in": "5233" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:31.942608000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495091.942608000", - "frame.time_delta": "0.003717000", - "frame.time_delta_displayed": "0.003717000", - "frame.time_relative": "1500.481922000", - "frame.number": "5247", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001b59", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005d0e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54678", - "tcp.dstport": "80", - "tcp.port": "54678", - "tcp.port": "80", - "tcp.stream": "196", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x00001b15", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:31.943147000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495091.943147000", - "frame.time_delta": "0.000539000", - "frame.time_delta_displayed": "0.000539000", - "frame.time_relative": "1500.482461000", - "frame.number": "5248", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54678", - "tcp.port": "80", - "tcp.port": "54678", - "tcp.stream": "196", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000c5d9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5247", - "tcp.analysis.ack_rtt": "0.000539000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:31.945695000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495091.945695000", - "frame.time_delta": "0.002548000", - "frame.time_delta_displayed": "0.002548000", - "frame.time_relative": "1500.485009000", - "frame.number": "5249", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001b5a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005d19", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54678", - "tcp.dstport": "80", - "tcp.port": "54678", - "tcp.port": "80", - "tcp.stream": "196", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000077b8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5248", - "tcp.analysis.ack_rtt": "0.002548000", - "tcp.analysis.initial_rtt": "0.003087000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:31.946862000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495091.946862000", - "frame.time_delta": "0.001167000", - "frame.time_delta_displayed": "0.001167000", - "frame.time_relative": "1500.486176000", - "frame.number": "5250", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001b5b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005c71", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54678", - "tcp.dstport": "80", - "tcp.port": "54678", - "tcp.port": "80", - "tcp.stream": "196", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00008d31", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003087000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:31.947343000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495091.947343000", - "frame.time_delta": "0.000481000", - "frame.time_delta_displayed": "0.000481000", - "frame.time_relative": "1500.486657000", - "frame.number": "5251", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005ccb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005ba8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54678", - "tcp.port": "80", - "tcp.port": "54678", - "tcp.stream": "196", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00006949", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5250", - "tcp.analysis.ack_rtt": "0.000481000", - "tcp.analysis.initial_rtt": "0.003087000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:31.947928000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495091.947928000", - "frame.time_delta": "0.000585000", - "frame.time_delta_displayed": "0.000585000", - "frame.time_relative": "1500.487242000", - "frame.number": "5252", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00005ccc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005b96", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54678", - "tcp.port": "80", - "tcp.port": "54678", - "tcp.stream": "196", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000a96a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003087000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:31.948279000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495091.948279000", - "frame.time_delta": "0.000351000", - "frame.time_delta_displayed": "0.000351000", - "frame.time_relative": "1500.487593000", - "frame.number": "5253", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00005ccd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000057c3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54678", - "tcp.port": "80", - "tcp.port": "54678", - "tcp.stream": "196", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000fbd3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003087000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "5252", - "tcp.segment": "5253", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001417000", - "http.request_in": "5250", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:31.949293000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495091.949293000", - "frame.time_delta": "0.001014000", - "frame.time_delta_displayed": "0.001014000", - "frame.time_relative": "1500.488607000", - "frame.number": "5254", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00005cce", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000057c2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54678", - "tcp.port": "80", - "tcp.port": "54678", - "tcp.stream": "196", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000fbd3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003087000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.out_of_order": "", - "_ws.expert.message": "This frame is a (suspected) out-of-order segment", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - } - } - }, - "_ws.malformed": { - "_ws.expert": { - "_ws.malformed.reassembly": "", - "_ws.expert.message": "New fragment overlaps old data (retransmission?)", - "_ws.expert.severity": "8388608", - "_ws.expert.group": "117440512" - }, - "_ws.malformed": "Malformed Packet" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:31.951972000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495091.951972000", - "frame.time_delta": "0.002679000", - "frame.time_delta_displayed": "0.002679000", - "frame.time_relative": "1500.491286000", - "frame.number": "5255", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001b5c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005d17", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54678", - "tcp.dstport": "80", - "tcp.port": "54678", - "tcp.port": "80", - "tcp.stream": "196", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00007320", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5253", - "tcp.analysis.ack_rtt": "0.003693000", - "tcp.analysis.initial_rtt": "0.003087000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:31.952606000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495091.952606000", - "frame.time_delta": "0.000634000", - "frame.time_delta_displayed": "0.000634000", - "frame.time_relative": "1500.491920000", - "frame.number": "5256", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001b5d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005d16", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54678", - "tcp.dstport": "80", - "tcp.port": "54678", - "tcp.port": "80", - "tcp.stream": "196", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000731f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:31.953049000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495091.953049000", - "frame.time_delta": "0.000443000", - "frame.time_delta_displayed": "0.000443000", - "frame.time_relative": "1500.492363000", - "frame.number": "5257", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000160", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b713", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54678", - "tcp.port": "80", - "tcp.port": "54678", - "tcp.stream": "196", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00006553", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5256", - "tcp.analysis.ack_rtt": "0.000443000", - "tcp.analysis.initial_rtt": "0.003087000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:31.954732000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495091.954732000", - "frame.time_delta": "0.001683000", - "frame.time_delta_displayed": "0.001683000", - "frame.time_relative": "1500.494046000", - "frame.number": "5258", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001b5e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005d09", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54678", - "tcp.dstport": "80", - "tcp.port": "54678", - "tcp.port": "80", - "tcp.stream": "196", - "tcp.len": "0", - "tcp.seq": "169", - "tcp.ack": "1014", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00007ce1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:05:0a:fd:f4:e0:2c:fd:f4:e4:0f", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "SACK: 18-1013": { - "tcp.option_kind": "5", - "tcp.option_len": "10", - "tcp.options.sack": "1", - "tcp.options.sack_le": "18", - "tcp.options.sack_re": "1013", - "tcp.options.sack.count": "1" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003087000", - "tcp.analysis.flags": { - "tcp.analysis.duplicate_ack": "" - }, - "tcp.analysis.duplicate_ack_num": "1", - "tcp.analysis.duplicate_ack_frame": "5255", - "tcp.analysis.duplicate_ack_frame_tree": { - "_ws.expert": { - "tcp.analysis.duplicate_ack": "", - "_ws.expert.message": "Duplicate ACK (#1)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:31.991769000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495091.991769000", - "frame.time_delta": "0.037037000", - "frame.time_delta_displayed": "0.037037000", - "frame.time_relative": "1500.531083000", - "frame.number": "5259", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x000016ee", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000a05a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "308", - "udp.checksum": "0x00002afb", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "78", - "http.prev_response_in": "5246" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:32.003347000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495092.003347000", - "frame.time_delta": "0.011578000", - "frame.time_delta_displayed": "0.011578000", - "frame.time_relative": "1500.542661000", - "frame.number": "5260", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001b5f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005d08", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54679", - "tcp.dstport": "80", - "tcp.port": "54679", - "tcp.port": "80", - "tcp.stream": "197", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x000030bc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:32.003896000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495092.003896000", - "frame.time_delta": "0.000549000", - "frame.time_delta_displayed": "0.000549000", - "frame.time_relative": "1500.543210000", - "frame.number": "5261", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54679", - "tcp.port": "80", - "tcp.port": "54679", - "tcp.stream": "197", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000777f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5260", - "tcp.analysis.ack_rtt": "0.000549000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:32.007527000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495092.007527000", - "frame.time_delta": "0.003631000", - "frame.time_delta_displayed": "0.003631000", - "frame.time_relative": "1500.546841000", - "frame.number": "5262", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001b60", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005d13", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54679", - "tcp.dstport": "80", - "tcp.port": "54679", - "tcp.port": "80", - "tcp.stream": "197", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000295e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5261", - "tcp.analysis.ack_rtt": "0.003631000", - "tcp.analysis.initial_rtt": "0.004180000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:32.008154000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495092.008154000", - "frame.time_delta": "0.000627000", - "frame.time_delta_displayed": "0.000627000", - "frame.time_relative": "1500.547468000", - "frame.number": "5263", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001b61", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005c6b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54679", - "tcp.dstport": "80", - "tcp.port": "54679", - "tcp.port": "80", - "tcp.stream": "197", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00003ed7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004180000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:32.008646000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495092.008646000", - "frame.time_delta": "0.000492000", - "frame.time_delta_displayed": "0.000492000", - "frame.time_relative": "1500.547960000", - "frame.number": "5264", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000f431", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000c441", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54679", - "tcp.port": "80", - "tcp.port": "54679", - "tcp.stream": "197", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00001aef", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5263", - "tcp.analysis.ack_rtt": "0.000492000", - "tcp.analysis.initial_rtt": "0.004180000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:32.009291000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495092.009291000", - "frame.time_delta": "0.000645000", - "frame.time_delta_displayed": "0.000645000", - "frame.time_relative": "1500.548605000", - "frame.number": "5265", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000f432", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000c42f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54679", - "tcp.port": "80", - "tcp.port": "54679", - "tcp.stream": "197", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00005b10", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004180000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:32.009719000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495092.009719000", - "frame.time_delta": "0.000428000", - "frame.time_delta_displayed": "0.000428000", - "frame.time_relative": "1500.549033000", - "frame.number": "5266", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000f433", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000c05c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54679", - "tcp.port": "80", - "tcp.port": "54679", - "tcp.stream": "197", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000ad79", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004180000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "5265", - "tcp.segment": "5266", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001565000", - "http.request_in": "5263", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:32.012061000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495092.012061000", - "frame.time_delta": "0.002342000", - "frame.time_delta_displayed": "0.002342000", - "frame.time_relative": "1500.551375000", - "frame.number": "5267", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001b62", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005d11", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54679", - "tcp.dstport": "80", - "tcp.port": "54679", - "tcp.port": "80", - "tcp.stream": "197", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000024c6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5266", - "tcp.analysis.ack_rtt": "0.002342000", - "tcp.analysis.initial_rtt": "0.004180000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:32.012686000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495092.012686000", - "frame.time_delta": "0.000625000", - "frame.time_delta_displayed": "0.000625000", - "frame.time_relative": "1500.552000000", - "frame.number": "5268", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001b63", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005d10", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54679", - "tcp.dstport": "80", - "tcp.port": "54679", - "tcp.port": "80", - "tcp.stream": "197", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000024c5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:32.013140000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495092.013140000", - "frame.time_delta": "0.000454000", - "frame.time_delta_displayed": "0.000454000", - "frame.time_relative": "1500.552454000", - "frame.number": "5269", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000161", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b712", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54679", - "tcp.port": "80", - "tcp.port": "54679", - "tcp.stream": "197", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000016f9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5268", - "tcp.analysis.ack_rtt": "0.000454000", - "tcp.analysis.initial_rtt": "0.004180000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:34.939207000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495094.939207000", - "frame.time_delta": "2.926067000", - "frame.time_delta_displayed": "2.926067000", - "frame.time_relative": "1503.478521000", - "frame.number": "5270", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005814", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a67d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "4997", - "tcp.ack": "541", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f11e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive": "", - "_ws.expert.message": "TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:35.082663000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495095.082663000", - "frame.time_delta": "0.143456000", - "frame.time_delta_displayed": "0.143456000", - "frame.time_relative": "1503.621977000", - "frame.number": "5271", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000ffc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fd95", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "541", - "tcp.ack": "4998", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000fb93", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive_ack": "", - "_ws.expert.message": "ACK to a TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:36.189825000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495096.189825000", - "frame.time_delta": "1.107162000", - "frame.time_delta_displayed": "1.107162000", - "frame.time_relative": "1504.729139000", - "frame.number": "5272", - "frame.len": "1325", - "frame.cap_len": "1325", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1311", - "ip.id": "0x0000965a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000723a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "1259", - "tcp.seq": "67120", - "tcp.nxtseq": "68379", - "tcp.ack": "15080", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00009a41", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:fc:ba:a7:a0:a8:9f", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2555066, TSecr 2812323999": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2555066", - "tcp.options.timestamp.tsecr": "2812323999" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "1259", - "tcp.analysis.push_bytes_sent": "1259" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "1254", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:fb:e3:ba:91:19:1f:86:fd:d9:ef:b9:b1:ae:30:33:cd:35:a1:bb:45:7b:c1:ba:0a:3c:9f:7f:04:d9:a4:70:40:22:61:68:f5:08:b5:2e:53:0b:a9:d1:fe:6d:2b:0f:d7:db:38:b0:a5:18:9d:9e:da:ce:42:45:83:8f:56:ad:b6:2c:09:6e:b6:51:eb:e4:a5:67:36:9e:94:89:e2:4d:b8:e7:18:ca:4e:8d:31:84:2f:b9:a1:02:9f:07:b0:1e:78:63:d3:61:b9:fa:3f:74:a8:cc:db:c5:cc:c3:40:c8:43:70:40:c3:e8:c6:21:8a:a8:dc:09:27:ad:e6:7c:19:3e:b8:4c:34:26:fc:37:5b:09:48:d0:55:3a:05:77:73:0b:49:54:e7:68:b2:10:bb:1a:39:dd:98:8d:b5:b3:18:06:f1:19:c9:90:e0:e8:c0:3a:0d:ca:43:3f:3e:cb:24:29:af:8d:7a:07:0e:d1:ce:e9:a4:31:88:50:ce:cf:a1:f9:ea:62:86:2d:8e:29:3f:57:2c:32:4e:f9:29:68:3f:d1:71:38:27:36:8c:e9:66:f7:87:63:75:94:84:22:66:74:4f:32:30:79:de:b3:e9:bb:73:fd:98:c3:ef:dd:e4:23:34:7a:fc:14:ed:9a:5a:fd:73:b6:b1:56:61:ab:b8:e6:f6:dc:fa:ad:3e:a4:cf:aa:79:9d:7e:ec:31:1f:5a:72:c5:57:b2:a9:6b:76:84:8c:cc:e0:f9:a8:76:c2:a5:f3:cf:aa:71:35:8c:e6:fa:92:86:f9:53:bf:47:71:99:0f:18:4d:97:ca:ca:6f:5b:5e:6a:f1:e5:3a:4c:27:ee:26:16:ca:a8:42:00:de:e9:b5:88:4e:cb:2b:39:8c:a1:e9:c0:a0:d9:31:cf:51:78:72:95:df:45:5e:ba:29:cf:67:f8:c3:d9:07:5e:ce:96:46:73:17:5a:96:e9:b7:f4:23:17:db:32:bb:00:63:20:f0:0a:63:a9:83:98:fc:d9:8b:c1:d2:c1:5c:cc:61:84:a5:14:4d:b4:61:9f:94:ee:0f:dc:71:d9:1c:5d:54:4e:2a:ba:c7:ac:47:42:a9:eb:32:7f:ad:1f:06:4e:22:dc:e1:70:17:f8:fa:17:f3:74:b4:2a:e5:f3:8e:61:8a:83:8b:ee:33:98:7c:58:b4:13:52:4d:e4:a4:c6:3f:45:19:d6:6b:47:e9:a9:c5:5d:b8:46:1c:ba:95:a5:09:56:fb:af:b3:ac:5a:16:27:34:aa:d5:07:a9:63:8e:61:0f:f1:e0:75:64:66:2a:17:69:bd:7e:bc:d6:e9:0b:5d:33:46:32:32:51:7d:84:58:15:e4:63:16:a6:70:df:64:02:e5:f7:de:2a:fd:45:5f:05:80:9a:cf:e5:c0:72:53:1e:e2:a4:9c:27:b5:60:51:e8:b7:b7:f2:58:c9:04:27:f8:d6:c0:c7:9a:1a:cf:2f:5e:bd:0d:e2:ff:21:b5:54:a1:32:f3:3b:9d:26:07:58:b0:4f:66:a6:af:07:43:13:26:ab:2b:22:ba:f3:e2:00:65:d7:4b:71:ff:9b:11:eb:0b:3b:2c:db:b3:ae:38:21:39:fa:bd:2f:b5:d0:b3:52:9d:13:91:d5:46:c3:b9:9c:1d:3f:0a:03:90:8f:24:6d:2c:91:2d:82:9d:66:9b:94:c2:21:2d:e7:db:20:95:44:c7:1c:f7:cf:52:3d:f5:bc:7a:44:b5:78:49:a1:70:4f:93:2e:90:fd:8a:c5:de:ee:6d:4f:2b:0d:14:0b:e6:17:9f:75:c1:32:27:42:6c:d2:5d:c3:03:a7:46:6e:db:49:73:48:d0:1f:dd:f2:f1:c5:39:79:3e:ef:1d:d9:b0:88:34:c1:ac:66:cc:ae:7f:2f:af:66:b1:df:c2:c2:0d:89:8a:f0:99:46:30:1c:7a:1e:c8:e3:9f:91:ef:76:84:c3:cd:87:5d:eb:10:ec:77:7e:f0:32:17:a2:5a:f7:00:47:3a:5e:92:79:1f:3e:42:99:29:c3:30:1c:a8:16:af:b6:99:79:4d:01:8a:34:e7:cd:85:ac:32:f1:a7:9b:ec:83:16:7b:78:dd:12:d6:6b:d9:6c:b7:af:c6:87:17:09:1a:de:e0:be:94:0d:f9:c1:1e:f3:02:49:a4:ea:fe:2a:ae:23:30:1a:3a:8b:92:8d:b2:b8:53:c4:ef:c6:fd:57:00:94:09:f4:d1:d9:f6:10:08:7d:39:a1:7f:2a:e2:70:54:dd:7f:58:83:59:4b:e5:48:c2:e0:fe:02:cb:55:e7:b8:ff:99:b0:e4:02:5d:8c:1b:7b:cb:1d:16:42:f3:42:a2:8a:9e:d2:bb:4b:e2:32:c5:21:80:4f:4a:ba:0f:0d:71:5b:c9:4c:2b:e2:4b:fa:2e:07:ba:ac:e0:54:a3:b9:0d:3d:53:b0:e8:52:4f:76:d3:e7:ae:26:22:b7:23:31:d8:86:ee:57:7d:08:4b:fb:24:4f:fd:2b:b6:ac:f7:dc:20:46:ad:35:9b:3c:94:5e:e6:b3:d1:82:2f:fd:10:ee:dd:51:01:d7:92:93:65:30:52:94:80:2e:f8:cf:63:d4:0e:90:1d:38:53:25:da:89:14:4b:c0:ca:16:0b:5c:2c:f9:65:7a:ad:35:cf:b7:e3:ab:9b:c8:20:71:b8:be:cb:f1:84:47:b6:8d:d0:13:14:af:5a:c6:1c:93:48:e9:8e:58:82:b7:d2:fb:94:b9:c3:c6:a1:7c:f4:f1:13:98:06:fb:60:59:dc:e5:73:64:8b:39:5e:5f:dd:17:f2:51:57:34:0c:05:bd:39:76:0b:f8:e9:7e:45:bc:3d:e7:68:f7:f3:c2:37:14:49:0f:fe:1e:c1:64:92:ce:44:ca:6f:f2:5e:cb:9a:5a:21:52:e2:5e:9b:ba:8b:d6:56:b0:5b:86:17:ba:c4:5a:f7:c0:ae:bf:ba:e7:56:89:f2:58:a0:4e:bb:28:d2:79:ce:1f:a8:7a:3f:34:c5:30:27:60:07:ba:89:c1:6a:c7:bb:b1:29:76:a3:8d:96:5d:6a:fb:f0:51:c1:2b:08:a2:97:8f:ed:09:2c:aa:47:58:02:e9:ca:e1:0a:42:9a:d9:bf:a0:01:e6:8f:0d:5e:2e:a9:90:c4:65:e5:c6:ee:50:14:1f:c9:eb:ef:fb:e7:54:91:c2:53:c0:89:fd:c0:f3:9b:23:1e:f5:5e:1b:5d:30:30:98:6f:45:bc:82:7c:45:51:a7:2b:7c:71:bc:94:6b:d9:19:64:9f:5c:49:8c:ac:20:df:9e:6f:4d:02:37" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:36.250156000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495096.250156000", - "frame.time_delta": "0.060331000", - "frame.time_delta_displayed": "0.060331000", - "frame.time_relative": "1504.789470000", - "frame.number": "5273", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d52", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000382d", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "15080", - "tcp.ack": "68379", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000acf1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:b8:da:00:26:fc:ba", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812328154, TSecr 2555066": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812328154", - "tcp.options.timestamp.tsecr": "2555066" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5272", - "tcp.analysis.ack_rtt": "0.060331000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:36.635698000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495096.635698000", - "frame.time_delta": "0.385542000", - "frame.time_delta_displayed": "0.385542000", - "frame.time_relative": "1505.175012000", - "frame.number": "5274", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005dd4", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x00005a15", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:36.678828000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495096.678828000", - "frame.time_delta": "0.043130000", - "frame.time_delta_displayed": "0.043130000", - "frame.time_relative": "1505.218142000", - "frame.number": "5275", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x0000210b", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e709", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "59440", - "udp.dstport": "1900", - "udp.port": "59440", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x0000622d", - "udp.checksum.status": "2", - "udp.stream": "129" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:37.270753000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495097.270753000", - "frame.time_delta": "0.591925000", - "frame.time_delta_displayed": "0.591925000", - "frame.time_relative": "1505.810067000", - "frame.number": "5276", - "frame.len": "622", - "frame.cap_len": "622", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "608", - "ip.id": "0x00002d53", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003600", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "556", - "tcp.seq": "15080", - "tcp.nxtseq": "15636", - "tcp.ack": "68379", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000dc30", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:b9:d9:00:26:fc:ba", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812328409, TSecr 2555066": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812328409", - "tcp.options.timestamp.tsecr": "2555066" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "556", - "tcp.analysis.push_bytes_sent": "556" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "551", - "ssl.app_data": "34:cd:34:17:47:48:0e:aa:88:a9:c7:44:fc:dd:41:3b:12:35:ee:3a:a7:89:16:fb:e4:73:59:d9:20:de:7f:83:4f:30:39:8b:2b:e5:99:1f:b8:69:a6:d8:73:2b:4e:e9:c3:7f:44:7d:cc:f7:a9:d4:5a:69:a6:f2:c6:eb:f0:c6:32:fb:52:af:f4:c0:de:1b:11:c3:73:52:d7:14:e5:e8:37:d1:92:88:da:b7:85:7e:85:78:26:58:81:31:85:00:b8:d3:8b:38:a0:dc:cb:94:5e:6d:c7:b4:9e:f0:dd:67:8b:9b:4d:e3:46:0a:5c:c1:ac:fd:0d:7f:08:5c:17:7e:f5:1c:c9:49:ff:b1:96:d6:e7:e7:fd:61:33:45:7c:5a:59:92:d5:c1:c7:4d:62:0f:79:76:cc:d6:a1:e0:6c:06:99:34:13:51:83:90:13:d1:20:de:e9:f8:71:bd:ad:f0:af:9d:de:92:4d:68:de:f9:88:55:57:e0:64:f5:a3:6d:e5:54:ce:3f:d0:c0:54:dd:e1:d8:8c:93:9a:fc:45:9f:7e:b5:84:be:f3:13:38:07:91:e1:9d:f6:82:ee:ac:36:31:93:8e:4e:fb:ec:4e:98:5f:47:25:3e:4f:92:77:ac:59:f6:78:d1:07:68:37:6c:48:a2:d3:f1:c8:2b:db:48:28:05:bd:2c:54:c5:bd:35:a2:f8:37:af:ba:14:0b:c3:02:85:9d:f8:b5:04:6d:bd:a4:d7:69:4c:e1:a3:f3:a7:57:f7:da:0f:d6:70:a1:e5:2b:f2:69:4e:e1:b3:12:f3:5a:22:4c:cd:ee:2e:fa:ad:5b:ef:1b:de:21:93:b6:d4:49:9e:cc:79:53:60:ce:69:84:46:be:15:54:71:20:db:2a:00:f8:a0:d3:ce:c0:64:76:4a:aa:65:46:ea:59:0f:40:a9:76:22:ed:39:6c:32:87:75:d1:91:d8:c4:9b:93:21:70:f2:6d:2e:d7:2c:5d:21:d9:fe:e2:e5:e0:31:2c:bc:93:31:3d:1c:61:56:00:91:99:60:07:28:0e:13:9c:b6:f2:a8:d7:53:33:11:8d:ba:17:2f:c0:88:f4:a4:e0:c0:cb:ba:73:46:e7:40:5a:9a:d4:0c:24:0d:6a:2d:61:88:9b:87:cd:2b:58:b1:fd:f1:14:3a:19:a7:23:f5:90:f7:50:df:f7:61:f6:c7:92:b5:87:44:c6:e3:cd:78:15:ec:52:60:f2:49:38:51:07:af:40:2b:5f:41:d3:7b:63:a5:9d:05:9f:64:5d:55:76:80:5d:b7:98:7e:45:56:b7:fd:64:0d:35:b0:20:ae:82:26:40:41:a0:3c:5e:81:a3:fe:1e:9a:ef:60:3e:23:05:d3:53:73:a1:d5:8e:27:1d:ee:b5:97:04:30:fa:64:3c:6c:59:ff:b7:a6:75:80:4c:20:e9:65:37:4d:4e:56" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:37.305600000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495097.305600000", - "frame.time_delta": "0.034847000", - "frame.time_delta_displayed": "0.034847000", - "frame.time_relative": "1505.844914000", - "frame.number": "5277", - "frame.len": "119", - "frame.cap_len": "119", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "105", - "ip.id": "0x0000965b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000076ef", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "53", - "tcp.seq": "68379", - "tcp.nxtseq": "68432", - "tcp.ack": "15636", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00000641", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:fd:29:a7:a0:b9:d9", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2555177, TSecr 2812328409": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2555177", - "tcp.options.timestamp.tsecr": "2812328409" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5276", - "tcp.analysis.ack_rtt": "0.034847000", - "tcp.analysis.bytes_in_flight": "53", - "tcp.analysis.push_bytes_sent": "53" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "48", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:fc:0c:d3:62:d1:c8:73:dc:fc:c3:cc:9c:1e:f9:e0:0f:d6:fa:19:0f:f0:b5:32:82:09:eb:dd:d8:d4:6b:b3:51:72:3b:0c:0e:a7:40:68:fd:ad" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:37.308469000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495097.308469000", - "frame.time_delta": "0.002869000", - "frame.time_delta_displayed": "0.002869000", - "frame.time_relative": "1505.847783000", - "frame.number": "5278", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "94:10:3e:36:60:09", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x000046d4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000070c4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.dst_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "36190", - "tcp.dstport": "49153", - "tcp.port": "36190", - "tcp.port": "49153", - "tcp.stream": "198", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 49153", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "14600", - "tcp.window_size": "14600", - "tcp.checksum": "0x00006f53", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:26:fd:2a:00:00:00:00:01:03:03:06", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 2555178, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2555178", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 6 (multiply by 64)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "6", - "tcp.options.wscale.multiplier": "64" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:37.314768000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495097.314768000", - "frame.time_delta": "0.006299000", - "frame.time_delta_displayed": "0.006299000", - "frame.time_relative": "1505.854082000", - "frame.number": "5279", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "94:10:3e:36:60:09", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "94:10:3e:36:60:09", - "arp.src.proto_ipv4": "192.168.0.225", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.242" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:37.315184000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495097.315184000", - "frame.time_delta": "0.000416000", - "frame.time_delta_displayed": "0.000416000", - "frame.time_relative": "1505.854498000", - "frame.number": "5280", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "94:10:3e:36:60:09", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "d0:52:a8:a3:60:0f", - "arp.src.proto_ipv4": "192.168.0.242", - "arp.dst.hw_mac": "94:10:3e:36:60:09", - "arp.dst.proto_ipv4": "192.168.0.225" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:37.321893000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495097.321893000", - "frame.time_delta": "0.006709000", - "frame.time_delta_displayed": "0.006709000", - "frame.time_relative": "1505.861207000", - "frame.number": "5281", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "94:10:3e:36:60:09", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b7a0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.src_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "49153", - "tcp.dstport": "36190", - "tcp.port": "49153", - "tcp.port": "36190", - "tcp.stream": "198", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 49153", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "5840", - "tcp.window_size": "5840", - "tcp.checksum": "0x0000d9b2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:01", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 1 (multiply by 2)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "1", - "tcp.options.wscale.multiplier": "2" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5278", - "tcp.analysis.ack_rtt": "0.013424000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:37.322403000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495097.322403000", - "frame.time_delta": "0.000510000", - "frame.time_delta_displayed": "0.000510000", - "frame.time_relative": "1505.861717000", - "frame.number": "5282", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "94:10:3e:36:60:09", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000046d5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000070d7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.dst_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "36190", - "tcp.dstport": "49153", - "tcp.port": "36190", - "tcp.port": "49153", - "tcp.stream": "198", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "229", - "tcp.window_size": "14656", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000306a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5281", - "tcp.analysis.ack_rtt": "0.000510000", - "tcp.analysis.initial_rtt": "0.013934000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:37.335349000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495097.335349000", - "frame.time_delta": "0.012946000", - "frame.time_delta_displayed": "0.012946000", - "frame.time_relative": "1505.874663000", - "frame.number": "5283", - "frame.len": "558", - "frame.cap_len": "558", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "94:10:3e:36:60:09", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "544", - "ip.id": "0x000046d6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006ede", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.dst_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "36190", - "tcp.dstport": "49153", - "tcp.port": "36190", - "tcp.port": "49153", - "tcp.stream": "198", - "tcp.len": "504", - "tcp.seq": "1", - "tcp.nxtseq": "505", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "229", - "tcp.window_size": "14656", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x00007933", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.013934000", - "tcp.analysis.bytes_in_flight": "504", - "tcp.analysis.push_bytes_sent": "504" - } - }, - "http": { - "POST \/upnp\/control\/basicevent1 HTTP\/1.1\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "POST \/upnp\/control\/basicevent1 HTTP\/1.1\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "POST", - "http.request.uri": "\/upnp\/control\/basicevent1", - "http.request.version": "HTTP\/1.1" - }, - "http.request.line": "SOAPAction: \"urn:Belkin:service:basicevent:1#SetBinaryState\"\n", - "http.host": "192.168.0.225:49153", - "http.request.line": "Host: 192.168.0.225:49153\n", - "http.content_type": "text\/xml", - "http.request.line": "Content-Type: text\/xml\n", - "http.content_length_header": "333", - "http.content_length_header_tree": { - "http.content_length": "333" - }, - "http.request.line": "Content-Length: 333\n", - "\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.225:49153\/upnp\/control\/basicevent1", - "http.request": "1", - "http.request_number": "1", - "http.file_data": "<?xml version=\"1.0\"?>\n<SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\" SOAP-ENV:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\">\n<SOAP-ENV:Body>\n <m:SetBinaryState xmlns:m=\"urn:Belkin:service:basicevent:1\">\n<BinaryState>0<\/BinaryState>\n <\/m:SetBinaryState>\n<\/SOAP-ENV:Body>\n<\/SOAP-ENV:Envelope>" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\"?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "?>": "" - }, - "xml.tag": "<SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\" SOAP-ENV:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\">", - "xml.tag_tree": { - "xml.attribute": "xmlns:SOAP-ENV=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\"", - "xml.attribute": "SOAP-ENV:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\"", - "xml.tag": "<SOAP-ENV:Body>", - "xml.tag_tree": { - "xml.tag": "<m:SetBinaryState xmlns:m=\"urn:Belkin:service:basicevent:1\">", - "xml.tag_tree": { - "xml.attribute": "xmlns:m=\"urn:Belkin:service:basicevent:1\"", - "xml.tag": "<BinaryState>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/BinaryState>": "" - }, - "<\/m:SetBinaryState>": "" - }, - "<\/SOAP-ENV:Body>": "" - }, - "<\/SOAP-ENV:Envelope>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:37.337382000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495097.337382000", - "frame.time_delta": "0.002033000", - "frame.time_delta_displayed": "0.002033000", - "frame.time_relative": "1505.876696000", - "frame.number": "5284", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "94:10:3e:36:60:09", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00006d8d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004a1f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.src_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "49153", - "tcp.dstport": "36190", - "tcp.port": "49153", - "tcp.port": "36190", - "tcp.stream": "198", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "505", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3456", - "tcp.window_size": "6912", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x000021d7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5283", - "tcp.analysis.ack_rtt": "0.002033000", - "tcp.analysis.initial_rtt": "0.013934000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:37.365793000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495097.365793000", - "frame.time_delta": "0.028411000", - "frame.time_delta_displayed": "0.028411000", - "frame.time_relative": "1505.905107000", - "frame.number": "5285", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d54", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000382b", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "15636", - "tcp.ack": "68432", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000a90a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:b9:f1:00:26:fd:29", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812328433, TSecr 2555177": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812328433", - "tcp.options.timestamp.tsecr": "2555177" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5277", - "tcp.analysis.ack_rtt": "0.060193000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:37.366314000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495097.366314000", - "frame.time_delta": "0.000521000", - "frame.time_delta_displayed": "0.000521000", - "frame.time_relative": "1505.905628000", - "frame.number": "5286", - "frame.len": "174", - "frame.cap_len": "174", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "160", - "ip.id": "0x0000965c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000076b7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "108", - "tcp.seq": "68432", - "tcp.nxtseq": "68540", - "tcp.ack": "15636", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000977c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:fd:30:a7:a0:b9:f1", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2555184, TSecr 2812328433": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2555184", - "tcp.options.timestamp.tsecr": "2812328433" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "108", - "tcp.analysis.push_bytes_sent": "108" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:fd:68:86:b7:eb:d8:57:8f:7e:f1:89:71:fc:5a:23:9d:a7:24:1f:3b:3d:60:9b:0d:39:5e:a3:89:c3:89:fb:4a:c0:24:50:70:6b:42:9c:bc:ba:e8" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:fe:13:1c:ca:75:82:91:d6:37:f5:16:e5:59:28:30:af:a7:3e:29:98:ba:24:e9:e4:a1:e3:63:ff:b8:c6:f9:50:31:6c:fa:0f:17:90:7b:fd:1d:2b" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:37.367359000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495097.367359000", - "frame.time_delta": "0.001045000", - "frame.time_delta_displayed": "0.001045000", - "frame.time_relative": "1505.906673000", - "frame.number": "5287", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00001837", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009f14", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "59440", - "udp.port": "1900", - "udp.port": "59440", - "udp.length": "305", - "udp.checksum": "0x0000dcea", - "udp.checksum.status": "2", - "udp.stream": "130" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:37.368416000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495097.368416000", - "frame.time_delta": "0.001057000", - "frame.time_delta_displayed": "0.001057000", - "frame.time_relative": "1505.907730000", - "frame.number": "5288", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "94:10:3e:36:60:09", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x00006d8e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000495e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.src_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "49153", - "tcp.dstport": "36190", - "tcp.port": "49153", - "tcp.port": "36190", - "tcp.stream": "198", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "505", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3456", - "tcp.window_size": "6912", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x00002ad8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.013934000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:4f:4e:54:45:4e:54:2d:4c:45:4e:47:54:48:3a:20:33:37:36:0d:0a:43:4f:4e:54:45:4e:54:2d:54:59:50:45:3a:20:74:65:78:74:2f:78:6d:6c:3b:20:63:68:61:72:73:65:74:3d:22:75:74:66:2d:38:22:0d:0a:44:41:54:45:3a:20:57:65:64:2c:20:30:31:20:4e:6f:76:20:32:30:31:37:20:30:30:3a:31:31:3a:33:37:20:47:4d:54:0d:0a:45:58:54:3a:0d:0a:53:45:52:56:45:52:3a:20:55:6e:73:70:65:63:69:66:69:65:64:2c:20:55:50:6e:50:2f:31:2e:30:2c:20:55:6e:73:70:65:63:69:66:69:65:64:0d:0a:58:2d:55:73:65:72:2d:41:67:65:6e:74:3a:20:72:65:64:73:6f:6e:69:63:0d:0a:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:37.368824000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495097.368824000", - "frame.time_delta": "0.000408000", - "frame.time_delta_displayed": "0.000408000", - "frame.time_relative": "1505.908138000", - "frame.number": "5289", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "94:10:3e:36:60:09", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000046d7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000070d5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.dst_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "36190", - "tcp.dstport": "49153", - "tcp.port": "36190", - "tcp.port": "49153", - "tcp.stream": "198", - "tcp.len": "0", - "tcp.seq": "505", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "245", - "tcp.window_size": "15680", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x00002da2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5288", - "tcp.analysis.ack_rtt": "0.000408000", - "tcp.analysis.initial_rtt": "0.013934000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:37.369823000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495097.369823000", - "frame.time_delta": "0.000999000", - "frame.time_delta_displayed": "0.000999000", - "frame.time_relative": "1505.909137000", - "frame.number": "5290", - "frame.len": "430", - "frame.cap_len": "430", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "94:10:3e:36:60:09", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "416", - "ip.id": "0x00006d8f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000048a5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.src_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "49153", - "tcp.dstport": "36190", - "tcp.port": "49153", - "tcp.port": "36190", - "tcp.stream": "198", - "tcp.len": "376", - "tcp.seq": "193", - "tcp.nxtseq": "570", - "tcp.ack": "505", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3456", - "tcp.window_size": "6912", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x000023f5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.013934000", - "tcp.analysis.bytes_in_flight": "377", - "tcp.analysis.push_bytes_sent": "376" - }, - "tcp.segment_data": "3c:73:3a:45:6e:76:65:6c:6f:70:65:20:78:6d:6c:6e:73:3a:73:3d:22:68:74:74:70:3a:2f:2f:73:63:68:65:6d:61:73:2e:78:6d:6c:73:6f:61:70:2e:6f:72:67:2f:73:6f:61:70:2f:65:6e:76:65:6c:6f:70:65:2f:22:20:73:3a:65:6e:63:6f:64:69:6e:67:53:74:79:6c:65:3d:22:68:74:74:70:3a:2f:2f:73:63:68:65:6d:61:73:2e:78:6d:6c:73:6f:61:70:2e:6f:72:67:2f:73:6f:61:70:2f:65:6e:63:6f:64:69:6e:67:2f:22:3e:3c:73:3a:42:6f:64:79:3e:0a:3c:75:3a:53:65:74:42:69:6e:61:72:79:53:74:61:74:65:52:65:73:70:6f:6e:73:65:20:78:6d:6c:6e:73:3a:75:3d:22:75:72:6e:3a:42:65:6c:6b:69:6e:3a:73:65:72:76:69:63:65:3a:62:61:73:69:63:65:76:65:6e:74:3a:31:22:3e:0d:0a:3c:42:69:6e:61:72:79:53:74:61:74:65:3e:30:3c:2f:42:69:6e:61:72:79:53:74:61:74:65:3e:0d:0a:3c:43:6f:75:6e:74:64:6f:77:6e:45:6e:64:54:69:6d:65:3e:30:3c:2f:43:6f:75:6e:74:64:6f:77:6e:45:6e:64:54:69:6d:65:3e:0d:0a:3c:64:65:76:69:63:65:43:75:72:72:65:6e:74:54:69:6d:65:3e:31:35:30:39:34:39:35:30:39:37:3c:2f:64:65:76:69:63:65:43:75:72:72:65:6e:74:54:69:6d:65:3e:0d:0a:3c:2f:75:3a:53:65:74:42:69:6e:61:72:79:53:74:61:74:65:52:65:73:70:6f:6e:73:65:3e:0d:0a:3c:2f:73:3a:42:6f:64:79:3e:20:3c:2f:73:3a:45:6e:76:65:6c:6f:70:65:3e" - }, - "tcp.segments": { - "tcp.segment": "5288", - "tcp.segment": "5290", - "tcp.segment.count": "2", - "tcp.reassembled.length": "568", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:4f:4e:54:45:4e:54:2d:4c:45:4e:47:54:48:3a:20:33:37:36:0d:0a:43:4f:4e:54:45:4e:54:2d:54:59:50:45:3a:20:74:65:78:74:2f:78:6d:6c:3b:20:63:68:61:72:73:65:74:3d:22:75:74:66:2d:38:22:0d:0a:44:41:54:45:3a:20:57:65:64:2c:20:30:31:20:4e:6f:76:20:32:30:31:37:20:30:30:3a:31:31:3a:33:37:20:47:4d:54:0d:0a:45:58:54:3a:0d:0a:53:45:52:56:45:52:3a:20:55:6e:73:70:65:63:69:66:69:65:64:2c:20:55:50:6e:50:2f:31:2e:30:2c:20:55:6e:73:70:65:63:69:66:69:65:64:0d:0a:58:2d:55:73:65:72:2d:41:67:65:6e:74:3a:20:72:65:64:73:6f:6e:69:63:0d:0a:0d:0a:3c:73:3a:45:6e:76:65:6c:6f:70:65:20:78:6d:6c:6e:73:3a:73:3d:22:68:74:74:70:3a:2f:2f:73:63:68:65:6d:61:73:2e:78:6d:6c:73:6f:61:70:2e:6f:72:67:2f:73:6f:61:70:2f:65:6e:76:65:6c:6f:70:65:2f:22:20:73:3a:65:6e:63:6f:64:69:6e:67:53:74:79:6c:65:3d:22:68:74:74:70:3a:2f:2f:73:63:68:65:6d:61:73:2e:78:6d:6c:73:6f:61:70:2e:6f:72:67:2f:73:6f:61:70:2f:65:6e:63:6f:64:69:6e:67:2f:22:3e:3c:73:3a:42:6f:64:79:3e:0a:3c:75:3a:53:65:74:42:69:6e:61:72:79:53:74:61:74:65:52:65:73:70:6f:6e:73:65:20:78:6d:6c:6e:73:3a:75:3d:22:75:72:6e:3a:42:65:6c:6b:69:6e:3a:73:65:72:76:69:63:65:3a:62:61:73:69:63:65:76:65:6e:74:3a:31:22:3e:0d:0a:3c:42:69:6e:61:72:79:53:74:61:74:65:3e:30:3c:2f:42:69:6e:61:72:79:53:74:61:74:65:3e:0d:0a:3c:43:6f:75:6e:74:64:6f:77:6e:45:6e:64:54:69:6d:65:3e:30:3c:2f:43:6f:75:6e:74:64:6f:77:6e:45:6e:64:54:69:6d:65:3e:0d:0a:3c:64:65:76:69:63:65:43:75:72:72:65:6e:74:54:69:6d:65:3e:31:35:30:39:34:39:35:30:39:37:3c:2f:64:65:76:69:63:65:43:75:72:72:65:6e:74:54:69:6d:65:3e:0d:0a:3c:2f:75:3a:53:65:74:42:69:6e:61:72:79:53:74:61:74:65:52:65:73:70:6f:6e:73:65:3e:0d:0a:3c:2f:73:3a:42:6f:64:79:3e:20:3c:2f:73:3a:45:6e:76:65:6c:6f:70:65:3e" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_length_header": "376", - "http.content_length_header_tree": { - "http.content_length": "376" - }, - "http.response.line": "CONTENT-LENGTH: 376\r\n", - "http.content_type": "text\/xml; charset=\"utf-8\"", - "http.response.line": "CONTENT-TYPE: text\/xml; charset=\"utf-8\"\r\n", - "http.date": "Wed, 01 Nov 2017 00:11:37 GMT", - "http.response.line": "DATE: Wed, 01 Nov 2017 00:11:37 GMT\r\n", - "http.response.line": "EXT:\r\n", - "http.server": "Unspecified, UPnP\/1.0, Unspecified", - "http.response.line": "SERVER: Unspecified, UPnP\/1.0, Unspecified\r\n", - "http.response.line": "X-User-Agent: redsonic\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.034474000", - "http.request_in": "5283", - "http.file_data": "<s:Envelope xmlns:s=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\" s:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\"><s:Body>\n<u:SetBinaryStateResponse xmlns:u=\"urn:Belkin:service:basicevent:1\">\r\n<BinaryState>0<\/BinaryState>\r\n<CountdownEndTime>0<\/CountdownEndTime>\r\n<deviceCurrentTime>1509495097<\/deviceCurrentTime>\r\n<\/u:SetBinaryStateResponse>\r\n<\/s:Body> <\/s:Envelope>" - }, - "xml": { - "xml.tag": "<s:Envelope xmlns:s=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\" s:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\">", - "xml.tag_tree": { - "xml.attribute": "xmlns:s=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\"", - "xml.attribute": "s:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\"", - "xml.tag": "<s:Body>", - "xml.tag_tree": { - "xml.tag": "<u:SetBinaryStateResponse xmlns:u=\"urn:Belkin:service:basicevent:1\">", - "xml.tag_tree": { - "xml.attribute": "xmlns:u=\"urn:Belkin:service:basicevent:1\"", - "xml.tag": "<BinaryState>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/BinaryState>": "" - }, - "xml.tag": "<CountdownEndTime>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/CountdownEndTime>": "" - }, - "xml.tag": "<deviceCurrentTime>", - "xml.tag_tree": { - "xml.cdata": "1509495097", - "<\/deviceCurrentTime>": "" - }, - "<\/u:SetBinaryStateResponse>": "" - }, - "<\/s:Body>": "" - }, - "<\/s:Envelope>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:37.406060000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495097.406060000", - "frame.time_delta": "0.036237000", - "frame.time_delta_displayed": "0.036237000", - "frame.time_relative": "1505.945374000", - "frame.number": "5291", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "94:10:3e:36:60:09", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000046d8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000070d4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.dst_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "36190", - "tcp.dstport": "49153", - "tcp.port": "36190", - "tcp.port": "49153", - "tcp.stream": "198", - "tcp.len": "0", - "tcp.seq": "505", - "tcp.ack": "570", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "262", - "tcp.window_size": "16768", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x00002c18", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5290", - "tcp.analysis.ack_rtt": "0.036237000", - "tcp.analysis.initial_rtt": "0.013934000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:37.420146000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495097.420146000", - "frame.time_delta": "0.014086000", - "frame.time_delta_displayed": "0.014086000", - "frame.time_relative": "1505.959460000", - "frame.number": "5292", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00001838", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009f0a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "59440", - "udp.port": "1900", - "udp.port": "59440", - "udp.length": "314", - "udp.checksum": "0x0000ead5", - "udp.checksum.status": "2", - "udp.stream": "130" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "2", - "http.prev_response_in": "5287" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:37.426710000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495097.426710000", - "frame.time_delta": "0.006564000", - "frame.time_delta_displayed": "0.006564000", - "frame.time_relative": "1505.966024000", - "frame.number": "5293", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d55", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000382a", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "15636", - "tcp.ack": "68540", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000a887", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:ba:01:00:26:fd:30", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812328449, TSecr 2555184": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812328449", - "tcp.options.timestamp.tsecr": "2555184" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5286", - "tcp.analysis.ack_rtt": "0.060396000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:37.427257000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495097.427257000", - "frame.time_delta": "0.000547000", - "frame.time_delta_displayed": "0.000547000", - "frame.time_relative": "1505.966571000", - "frame.number": "5294", - "frame.len": "752", - "frame.cap_len": "752", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "738", - "ip.id": "0x0000965d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007474", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "686", - "tcp.seq": "68540", - "tcp.nxtseq": "69226", - "tcp.ack": "15636", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f7af", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:fd:36:a7:a0:ba:01", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2555190, TSecr 2812328449": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2555190", - "tcp.options.timestamp.tsecr": "2812328449" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "686", - "tcp.analysis.push_bytes_sent": "686" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "246", - "ssl.app_data": "13:6b:24:d2:9f:7e:45:ff:54:d6:47:5b:66:4b:8f:d8:6c:80:3b:fe:76:59:df:9f:e8:f7:21:b5:c7:0e:5f:25:85:30:74:fb:26:7b:59:c6:56:3b:3a:16:d6:25:2f:64:8a:dc:5a:dc:be:cd:5a:22:eb:67:9f:c3:47:50:9a:be:45:cc:c6:2c:dd:51:4e:15:04:a6:2a:f1:e8:b1:bf:a5:6b:5b:6f:82:37:5f:88:64:9e:17:87:b8:a2:a7:dd:5b:4b:b6:03:57:27:5e:68:b3:d9:12:37:1d:84:ed:54:fa:5f:cb:50:a7:3a:c7:86:00:0d:ef:9b:9d:e8:2d:68:de:c7:df:e8:ba:7d:aa:dc:df:5a:d7:6f:57:ee:d1:7c:3a:69:4d:85:ba:13:71:e7:f3:54:0e:dd:89:4b:fc:f1:ed:c4:63:23:39:9f:87:dd:61:19:a6:8b:14:4f:99:ed:df:0f:ad:84:e7:2c:dd:7d:e6:e4:a4:2d:9c:c8:b2:7e:03:17:52:d1:9a:8b:1d:06:ef:fd:52:b2:c9:6a:20:c0:49:3f:65:c6:06:8d:cf:32:0c:bb:b8:2b:16:ed:58:e3:db:50:8a:ee:a7:a1:d1:33:d3:6b:8d:0d:33:68:c4:0b:74:e2:25:64:77:d8:6b" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "430", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:00:37:b0:1e:1b:fd:e9:e3:63:cd:31:bf:f9:75:f0:7e:ce:75:88:1d:fd:d8:5b:dd:c6:b8:74:7b:ad:1f:63:83:e3:30:c7:d7:00:e4:ba:a0:13:4c:c7:98:30:66:25:5b:9f:c2:78:89:1a:0e:7a:30:4c:3d:23:58:e4:58:c9:dc:85:bf:25:a5:21:f4:12:3c:4a:b7:f7:08:0c:47:e1:8c:c0:ae:c0:ff:12:8a:b5:35:74:ab:2d:20:59:21:57:9a:c3:12:75:8a:2a:44:fc:4c:86:84:49:be:1e:53:cc:e3:34:48:af:4c:d7:4d:60:86:29:8a:7c:35:73:4e:61:99:5d:bc:58:8e:1a:1b:a8:40:5f:49:2b:5a:53:31:16:f4:f0:d3:da:44:6e:7d:2c:4d:bb:22:ab:f6:06:9c:b2:c7:26:ae:56:27:5a:17:2c:1f:4b:d1:8e:d9:e9:30:36:64:98:3c:ca:0a:27:e4:bc:e2:b2:dc:27:ad:10:ae:98:18:12:ce:9f:4c:fa:e0:18:28:ff:df:29:c7:71:c8:61:b5:50:21:f0:8d:d9:48:01:de:6d:e0:44:32:cf:ac:30:1a:d3:43:c7:9e:cc:ac:97:6d:b9:ff:5d:af:00:77:83:ff:0f:38:0a:bf:df:17:e4:f5:9f:d2:c3:f6:c3:df:16:8b:17:24:64:6c:c6:5d:aa:f8:38:0d:17:32:87:bd:21:dd:09:16:e2:fb:96:a3:53:c1:a9:37:44:b6:be:8e:bd:a8:a2:59:a3:01:30:e8:f8:96:e4:43:72:7c:a4:82:7d:0c:65:42:4c:4f:b3:34:3e:6c:ca:22:50:e3:cd:58:36:fb:01:bc:86:19:52:72:b1:50:6f:1d:f6:90:62:1e:ee:8c:d7:0e:7a:ab:48:b0:74:9a:f0:4e:6e:e1:87:9d:51:94:aa:26:06:03:74:cc:bb:e5:42:a1:3b:9f:a1:e8:c3:b7:d3:47:a9:a3:20:2b:c0:d7:46:70:d3:11:fd:e7:05:89:d9:b8:4f:2c:72:8f:15:36:44:3f:84:74:dd:9c:79:01:d9:43:68:34:1f:dd:fb:fa:75:bd:ab:7a:4e:8d:56:39:16:cc:d0:f3:c2:f6:2e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:37.472939000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495097.472939000", - "frame.time_delta": "0.045682000", - "frame.time_delta_displayed": "0.045682000", - "frame.time_relative": "1506.012253000", - "frame.number": "5295", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000183c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009f0c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "59440", - "udp.port": "1900", - "udp.port": "59440", - "udp.length": "308", - "udp.checksum": "0x00000e60", - "udp.checksum.status": "2", - "udp.stream": "130" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "3", - "http.prev_response_in": "5292" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:37.487686000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495097.487686000", - "frame.time_delta": "0.014747000", - "frame.time_delta_displayed": "0.014747000", - "frame.time_relative": "1506.027000000", - "frame.number": "5296", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d56", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003829", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "15636", - "tcp.ack": "69226", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000a5c4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:ba:10:00:26:fd:36", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812328464, TSecr 2555190": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812328464", - "tcp.options.timestamp.tsecr": "2555190" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5294", - "tcp.analysis.ack_rtt": "0.060429000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:37.488713000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495097.488713000", - "frame.time_delta": "0.001027000", - "frame.time_delta_displayed": "0.001027000", - "frame.time_relative": "1506.028027000", - "frame.number": "5297", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002d57", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037f9", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "15636", - "tcp.nxtseq": "15683", - "tcp.ack": "69226", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00009bb2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:ba:10:00:26:fd:36", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812328464, TSecr 2555190": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812328464", - "tcp.options.timestamp.tsecr": "2555190" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:ab:d1:48:0b:29:d4:a6:8a:a1:b4:16:44:43:23:03:86:d3:ee:9a:75:3a:bd:ea:d9:4b:d8:be:79:9f:7b:84:c7:d7:aa:3c" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:37.492326000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495097.492326000", - "frame.time_delta": "0.003613000", - "frame.time_delta_displayed": "0.003613000", - "frame.time_relative": "1506.031640000", - "frame.number": "5298", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x0000965e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000076f2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "69226", - "tcp.nxtseq": "69273", - "tcp.ack": "15683", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00002f56", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:fd:3c:a7:a0:ba:10", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2555196, TSecr 2812328464": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2555196", - "tcp.options.timestamp.tsecr": "2812328464" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5297", - "tcp.analysis.ack_rtt": "0.003613000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:01:eb:72:69:e0:ed:36:27:13:e8:cf:7b:a7:f0:08:2f:26:99:35:88:88:43:74:e4:23:4e:14:5e:7b:bc:80:9f:6f:b3:59" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:37.516921000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495097.516921000", - "frame.time_delta": "0.024595000", - "frame.time_delta_displayed": "0.024595000", - "frame.time_relative": "1506.056235000", - "frame.number": "5299", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "94:10:3e:36:60:09", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000046d9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000070d3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.dst_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "36190", - "tcp.dstport": "49153", - "tcp.port": "36190", - "tcp.port": "49153", - "tcp.stream": "198", - "tcp.len": "0", - "tcp.seq": "505", - "tcp.ack": "570", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "262", - "tcp.window_size": "16768", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x00002c17", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:37.518702000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495097.518702000", - "frame.time_delta": "0.001781000", - "frame.time_delta_displayed": "0.001781000", - "frame.time_relative": "1506.058016000", - "frame.number": "5300", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "94:10:3e:36:60:09", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b7ac", - "ip.checksum.status": "2", - "ip.src": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.src_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "49153", - "tcp.dstport": "36190", - "tcp.port": "49153", - "tcp.port": "36190", - "tcp.stream": "198", - "tcp.len": "0", - "tcp.seq": "570", - "tcp.ack": "506", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3456", - "tcp.window_size": "6912", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x00001f9d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5299", - "tcp.analysis.ack_rtt": "0.001781000", - "tcp.analysis.initial_rtt": "0.013934000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:37.590512000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495097.590512000", - "frame.time_delta": "0.071810000", - "frame.time_delta_displayed": "0.071810000", - "frame.time_relative": "1506.129826000", - "frame.number": "5301", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d58", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003827", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "15683", - "tcp.ack": "69273", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000a546", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:ba:2a:00:26:fd:3c", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812328490, TSecr 2555196": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812328490", - "tcp.options.timestamp.tsecr": "2555196" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5298", - "tcp.analysis.ack_rtt": "0.098186000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:37.591009000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495097.591009000", - "frame.time_delta": "0.000497000", - "frame.time_delta_displayed": "0.000497000", - "frame.time_relative": "1506.130323000", - "frame.number": "5302", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "106", - "ip.id": "0x0000965f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000076ea", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "54", - "tcp.seq": "69273", - "tcp.nxtseq": "69327", - "tcp.ack": "15683", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000438e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:fd:46:a7:a0:ba:2a", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2555206, TSecr 2812328490": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2555206", - "tcp.options.timestamp.tsecr": "2812328490" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "54", - "tcp.analysis.push_bytes_sent": "54" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:02:d6:49:5f:d8:b1:1c:42:48:d5:21:ec:ce:9f:f3:b1:d7:46:95:78:6b:cc:71:76:a7:cd:0c:1d:34:72:b5:9d:c6:48:56:7f:11:77:d8:d0:fc:16" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:37.651755000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495097.651755000", - "frame.time_delta": "0.060746000", - "frame.time_delta_displayed": "0.060746000", - "frame.time_relative": "1506.191069000", - "frame.number": "5303", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d59", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003826", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "15683", - "tcp.ack": "69327", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000a4f7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:ba:39:00:26:fd:46", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812328505, TSecr 2555206": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812328505", - "tcp.options.timestamp.tsecr": "2555206" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5302", - "tcp.analysis.ack_rtt": "0.060746000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:37.679515000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495097.679515000", - "frame.time_delta": "0.027760000", - "frame.time_delta_displayed": "0.027760000", - "frame.time_relative": "1506.218829000", - "frame.number": "5304", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x0000210c", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e708", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "59440", - "udp.dstport": "1900", - "udp.port": "59440", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x0000622d", - "udp.checksum.status": "2", - "udp.stream": "129" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "2", - "http.prev_request_in": "5275" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:38.095060000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495098.095060000", - "frame.time_delta": "0.415545000", - "frame.time_delta_displayed": "0.415545000", - "frame.time_relative": "1506.634374000", - "frame.number": "5305", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "94:10:3e:36:60:09", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x000041ee", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000075b2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.src_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "4983", - "tcp.dstport": "39500", - "tcp.port": "4983", - "tcp.port": "39500", - "tcp.stream": "199", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 39500", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "5840", - "tcp.window_size": "5840", - "tcp.checksum": "0x00006c0f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:01", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 1 (multiply by 2)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "1", - "tcp.options.wscale.multiplier": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:38.095558000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495098.095558000", - "frame.time_delta": "0.000498000", - "frame.time_delta_displayed": "0.000498000", - "frame.time_relative": "1506.634872000", - "frame.number": "5306", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "94:10:3e:36:60:09", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b7a0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.dst_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "39500", - "tcp.dstport": "4983", - "tcp.port": "39500", - "tcp.port": "4983", - "tcp.stream": "199", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 39500", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "14600", - "tcp.window_size": "14600", - "tcp.checksum": "0x000078cf", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:06", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 6 (multiply by 64)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "6", - "tcp.options.wscale.multiplier": "64" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5305", - "tcp.analysis.ack_rtt": "0.000498000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:38.097600000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495098.097600000", - "frame.time_delta": "0.002042000", - "frame.time_delta_displayed": "0.002042000", - "frame.time_relative": "1506.636914000", - "frame.number": "5307", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "94:10:3e:36:60:09", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000041ef", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000075bd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.src_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "4983", - "tcp.dstport": "39500", - "tcp.port": "4983", - "tcp.port": "39500", - "tcp.stream": "199", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "2920", - "tcp.window_size": "5840", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x0000e740", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5306", - "tcp.analysis.ack_rtt": "0.002042000", - "tcp.analysis.initial_rtt": "0.002540000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:38.098510000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495098.098510000", - "frame.time_delta": "0.000910000", - "frame.time_delta_displayed": "0.000910000", - "frame.time_relative": "1506.637824000", - "frame.number": "5308", - "frame.len": "258", - "frame.cap_len": "258", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "94:10:3e:36:60:09", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "244", - "ip.id": "0x000041f0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000074f0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.src_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "4983", - "tcp.dstport": "39500", - "tcp.port": "4983", - "tcp.port": "39500", - "tcp.stream": "199", - "tcp.len": "204", - "tcp.seq": "1", - "tcp.nxtseq": "205", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "2920", - "tcp.window_size": "5840", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x0000b3f2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002540000", - "tcp.analysis.bytes_in_flight": "204", - "tcp.analysis.push_bytes_sent": "204" - }, - "tcp.segment_data": "4e:4f:54:49:46:59:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:4f:53:54:3a:20:31:39:32:2e:31:36:38:2e:30:2e:32:34:32:3a:33:39:35:30:30:0d:0a:43:4f:4e:54:45:4e:54:2d:54:59:50:45:3a:20:74:65:78:74:2f:78:6d:6c:3b:20:63:68:61:72:73:65:74:3d:22:75:74:66:2d:38:22:0d:0a:43:4f:4e:54:45:4e:54:2d:4c:45:4e:47:54:48:3a:20:31:33:32:0d:0a:4e:54:3a:20:75:70:6e:70:3a:65:76:65:6e:74:0d:0a:4e:54:53:3a:20:75:70:6e:70:3a:70:72:6f:70:63:68:61:6e:67:65:0d:0a:53:49:44:3a:20:75:75:69:64:3a:37:63:63:64:39:66:33:38:2d:31:64:64:32:2d:31:31:62:32:2d:62:64:62:64:2d:38:32:36:39:32:65:66:62:30:64:37:65:0d:0a:53:45:51:3a:20:32:0d:0a:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:38.098954000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495098.098954000", - "frame.time_delta": "0.000444000", - "frame.time_delta_displayed": "0.000444000", - "frame.time_relative": "1506.638268000", - "frame.number": "5309", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "94:10:3e:36:60:09", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00008ade", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00002cce", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.dst_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "39500", - "tcp.dstport": "4983", - "tcp.port": "39500", - "tcp.port": "4983", - "tcp.stream": "199", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "205", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "245", - "tcp.window_size": "15680", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000f0e7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5308", - "tcp.analysis.ack_rtt": "0.000444000", - "tcp.analysis.initial_rtt": "0.002540000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:38.100764000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495098.100764000", - "frame.time_delta": "0.001810000", - "frame.time_delta_displayed": "0.001810000", - "frame.time_relative": "1506.640078000", - "frame.number": "5310", - "frame.len": "187", - "frame.cap_len": "187", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml:http:data" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "94:10:3e:36:60:09", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "173", - "ip.id": "0x000041f1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007536", - "ip.checksum.status": "2", - "ip.src": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.src_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "4983", - "tcp.dstport": "39500", - "tcp.port": "4983", - "tcp.port": "39500", - "tcp.stream": "199", - "tcp.len": "133", - "tcp.seq": "205", - "tcp.nxtseq": "338", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "2920", - "tcp.window_size": "5840", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x0000421c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002540000", - "tcp.analysis.bytes_in_flight": "133", - "tcp.analysis.push_bytes_sent": "133" - }, - "tcp.segment_data": "3c:65:3a:70:72:6f:70:65:72:74:79:73:65:74:20:78:6d:6c:6e:73:3a:65:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:65:76:65:6e:74:2d:31:2d:30:22:3e:0a:3c:65:3a:70:72:6f:70:65:72:74:79:3e:0a:3c:42:69:6e:61:72:79:53:74:61:74:65:3e:30:3c:2f:42:69:6e:61:72:79:53:74:61:74:65:3e:0a:3c:2f:65:3a:70:72:6f:70:65:72:74:79:3e:0a:3c:2f:65:3a:70:72:6f:70:65:72:74:79:73:65:74:3e:0a:0a:0d" - }, - "tcp.segments": { - "tcp.segment": "5308", - "tcp.segment": "5310", - "tcp.segment.count": "2", - "tcp.reassembled.length": "336", - "tcp.reassembled.data": "4e:4f:54:49:46:59:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:4f:53:54:3a:20:31:39:32:2e:31:36:38:2e:30:2e:32:34:32:3a:33:39:35:30:30:0d:0a:43:4f:4e:54:45:4e:54:2d:54:59:50:45:3a:20:74:65:78:74:2f:78:6d:6c:3b:20:63:68:61:72:73:65:74:3d:22:75:74:66:2d:38:22:0d:0a:43:4f:4e:54:45:4e:54:2d:4c:45:4e:47:54:48:3a:20:31:33:32:0d:0a:4e:54:3a:20:75:70:6e:70:3a:65:76:65:6e:74:0d:0a:4e:54:53:3a:20:75:70:6e:70:3a:70:72:6f:70:63:68:61:6e:67:65:0d:0a:53:49:44:3a:20:75:75:69:64:3a:37:63:63:64:39:66:33:38:2d:31:64:64:32:2d:31:31:62:32:2d:62:64:62:64:2d:38:32:36:39:32:65:66:62:30:64:37:65:0d:0a:53:45:51:3a:20:32:0d:0a:0d:0a:3c:65:3a:70:72:6f:70:65:72:74:79:73:65:74:20:78:6d:6c:6e:73:3a:65:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:65:76:65:6e:74:2d:31:2d:30:22:3e:0a:3c:65:3a:70:72:6f:70:65:72:74:79:3e:0a:3c:42:69:6e:61:72:79:53:74:61:74:65:3e:30:3c:2f:42:69:6e:61:72:79:53:74:61:74:65:3e:0a:3c:2f:65:3a:70:72:6f:70:65:72:74:79:3e:0a:3c:2f:65:3a:70:72:6f:70:65:72:74:79:73:65:74:3e:0a:0a:0d" - }, - "http": { - "NOTIFY \/ HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY \/ HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "\/", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.242:39500", - "http.content_type": "text\/xml; charset=\"utf-8\"", - "http.content_length_header": "132", - "http.content_length_header_tree": { - "http.content_length": "132" - }, - "http.unknown_header": "NT: upnp:event\\r\\n", - "http.unknown_header": "NTS: upnp:propchange\\r\\n", - "http.unknown_header": "SID: uuid:7ccd9f38-1dd2-11b2-bdbd-82692efb0d7e\\r\\n", - "http.unknown_header": "SEQ: 2\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.242:39500\/", - "http.notification": "1", - "http.file_data": "<e:propertyset xmlns:e=\"urn:schemas-upnp-org:event-1-0\">\n<e:property>\n<BinaryState>0<\/BinaryState>\n<\/e:property>\n<\/e:propertyset>\n\n\r" - }, - "xml": { - "xml.tag": "<e:propertyset xmlns:e=\"urn:schemas-upnp-org:event-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns:e=\"urn:schemas-upnp-org:event-1-0\"", - "xml.tag": "<e:property>", - "xml.tag_tree": { - "xml.tag": "<BinaryState>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/BinaryState>": "" - }, - "<\/e:property>": "" - }, - "<\/e:propertyset>": "" - } - }, - "http": { - "data": { - "data.data": "0a", - "data.len": "1" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:38.101209000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495098.101209000", - "frame.time_delta": "0.000445000", - "frame.time_delta_displayed": "0.000445000", - "frame.time_relative": "1506.640523000", - "frame.number": "5311", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "94:10:3e:36:60:09", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00008adf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00002ccd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.dst_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "39500", - "tcp.dstport": "4983", - "tcp.port": "39500", - "tcp.port": "4983", - "tcp.stream": "199", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "338", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "262", - "tcp.window_size": "16768", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000f051", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5310", - "tcp.analysis.ack_rtt": "0.000445000", - "tcp.analysis.initial_rtt": "0.002540000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:38.170807000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495098.170807000", - "frame.time_delta": "0.069598000", - "frame.time_delta_displayed": "0.069598000", - "frame.time_relative": "1506.710121000", - "frame.number": "5312", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "106", - "ip.id": "0x00009660", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000076e9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "54", - "tcp.seq": "69327", - "tcp.nxtseq": "69381", - "tcp.ack": "15683", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000c271", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:fd:80:a7:a0:ba:39", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2555264, TSecr 2812328505": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2555264", - "tcp.options.timestamp.tsecr": "2812328505" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "54", - "tcp.analysis.push_bytes_sent": "54" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:03:14:11:a9:31:63:ec:3d:93:23:53:d7:0e:c9:45:1f:1a:56:86:7c:d7:67:e5:71:30:38:a1:a6:dc:18:e3:9d:55:2e:67:5c:10:da:46:14:6a:01" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:38.231023000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495098.231023000", - "frame.time_delta": "0.060216000", - "frame.time_delta_displayed": "0.060216000", - "frame.time_relative": "1506.770337000", - "frame.number": "5313", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d5a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003825", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "15683", - "tcp.ack": "69381", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000a3f6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:ba:ca:00:26:fd:80", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812328650, TSecr 2555264": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812328650", - "tcp.options.timestamp.tsecr": "2555264" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5312", - "tcp.analysis.ack_rtt": "0.060216000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:38.231545000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495098.231545000", - "frame.time_delta": "0.000522000", - "frame.time_delta_displayed": "0.000522000", - "frame.time_relative": "1506.770859000", - "frame.number": "5314", - "frame.len": "462", - "frame.cap_len": "462", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "448", - "ip.id": "0x00009661", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007592", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "396", - "tcp.seq": "69381", - "tcp.nxtseq": "69777", - "tcp.ack": "15683", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00003e41", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:fd:86:a7:a0:ba:ca", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2555270, TSecr 2812328650": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2555270", - "tcp.options.timestamp.tsecr": "2812328650" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "396", - "tcp.analysis.push_bytes_sent": "396" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "391", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:04:2f:aa:ab:60:2e:0e:c2:d7:cf:ee:b8:1b:55:df:b2:c1:6e:e6:6b:4b:56:a9:7a:5d:f6:3e:a9:d6:6b:57:03:ec:4a:e9:5e:01:3a:60:6d:6b:9b:c2:3f:28:d3:d8:0f:d2:3b:46:09:78:8d:fc:73:5b:4e:ee:82:29:51:cf:ff:64:f7:5a:ce:ad:cc:f4:7d:58:dd:5c:8e:29:d4:86:2c:cf:b8:e6:0b:74:80:da:5a:49:b6:05:60:fa:c0:6e:58:52:16:22:28:34:e4:87:c5:93:28:dd:be:3c:64:ad:71:60:21:ac:33:67:1b:83:57:96:b7:fa:29:c7:18:76:86:dc:22:11:8f:0a:0f:6c:d8:13:40:f1:74:8b:1e:75:e4:ee:3a:a0:cf:45:94:46:8e:68:ce:9a:00:16:34:0d:56:aa:07:ce:63:28:5a:97:2a:7c:56:4e:ef:3a:0d:54:81:20:3b:2f:76:13:86:b7:2e:20:e7:17:f0:1d:1a:14:42:f0:02:9a:c8:57:33:fb:d7:e6:d1:76:c3:4f:a1:dc:0d:fb:49:38:ca:5b:78:4c:33:6f:04:c5:08:8e:8c:cf:a6:c4:4d:3c:a7:ac:ad:6e:71:d8:f9:ad:72:5a:bf:b6:cc:c7:9d:ff:de:cb:65:fa:bf:19:2a:d6:92:2f:e7:a7:f7:95:1d:b3:6e:ce:d0:92:4e:25:61:07:06:c7:a4:85:c5:00:e4:2a:a2:d2:2c:2d:c6:90:3d:cb:fc:0c:d2:40:f4:ad:0d:32:a6:04:9b:ca:11:e2:a2:45:b5:97:a8:8f:5f:16:dc:41:35:af:2b:5c:91:a4:fb:ac:93:36:d1:59:36:58:df:1f:fb:a3:5a:cd:f6:11:0c:84:37:73:25:3c:6c:08:a9:6e:70:88:f3:18:dd:21:67:62:65:41:70:1e:72:62:40:4d:c9:e7:70:94:e4:7c:77:e1:09:d0:56:39:68:47:c8:30:b8:00:47:30:8d:9d:d3:0a:3d:64:df:62:08" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:38.292413000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495098.292413000", - "frame.time_delta": "0.060868000", - "frame.time_delta_displayed": "0.060868000", - "frame.time_relative": "1506.831727000", - "frame.number": "5315", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d5b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003824", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "15683", - "tcp.ack": "69777", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000a255", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:ba:d9:00:26:fd:86", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812328665, TSecr 2555270": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812328665", - "tcp.options.timestamp.tsecr": "2555270" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5314", - "tcp.analysis.ack_rtt": "0.060868000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:38.293206000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495098.293206000", - "frame.time_delta": "0.000793000", - "frame.time_delta_displayed": "0.000793000", - "frame.time_relative": "1506.832520000", - "frame.number": "5316", - "frame.len": "151", - "frame.cap_len": "151", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "137", - "ip.id": "0x00002d5c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037ce", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "85", - "tcp.seq": "15683", - "tcp.nxtseq": "15768", - "tcp.ack": "69777", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00005f4d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:ba:d9:00:26:fd:86", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812328665, TSecr 2555270": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812328665", - "tcp.options.timestamp.tsecr": "2555270" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "85", - "tcp.analysis.push_bytes_sent": "85" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "80", - "ssl.app_data": "34:cd:34:17:47:48:0e:ac:3a:cc:ee:55:79:b4:6e:67:8c:a2:f8:18:75:16:6a:9d:c6:9d:ed:26:8c:5c:0b:3b:79:d3:1b:93:31:86:5e:00:b3:a1:1d:e2:e3:e4:e6:0b:56:24:d0:4a:9e:c3:0c:6b:26:8e:fa:55:1c:20:e2:aa:86:17:c9:4b:ba:04:09:f9:57:74:3b:19:d8:88:f7:cf" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:38.297689000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495098.297689000", - "frame.time_delta": "0.004483000", - "frame.time_delta_displayed": "0.004483000", - "frame.time_relative": "1506.837003000", - "frame.number": "5317", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00009662", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000076ee", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "69777", - "tcp.nxtseq": "69824", - "tcp.ack": "15768", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000e0cc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:fd:8d:a7:a0:ba:d9", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2555277, TSecr 2812328665": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2555277", - "tcp.options.timestamp.tsecr": "2812328665" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5316", - "tcp.analysis.ack_rtt": "0.004483000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:05:ae:29:66:87:cb:2f:23:96:f4:a2:38:62:42:5b:8b:8d:cd:6f:02:4b:01:07:c3:64:9c:9f:6c:41:95:10:81:66:33:d7" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:38.308989000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495098.308989000", - "frame.time_delta": "0.011300000", - "frame.time_delta_displayed": "0.011300000", - "frame.time_relative": "1506.848303000", - "frame.number": "5318", - "frame.len": "92", - "frame.cap_len": "92", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "94:10:3e:36:60:09", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "78", - "ip.id": "0x00008ae0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00002ca6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.dst_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "39500", - "tcp.dstport": "4983", - "tcp.port": "39500", - "tcp.port": "4983", - "tcp.stream": "199", - "tcp.len": "38", - "tcp.seq": "1", - "tcp.nxtseq": "39", - "tcp.ack": "338", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "262", - "tcp.window_size": "16768", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000fcdc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002540000", - "tcp.analysis.bytes_in_flight": "38", - "tcp.analysis.push_bytes_sent": "38" - } - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.connection": "close", - "http.response.line": "Connection: close\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:38.311325000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495098.311325000", - "frame.time_delta": "0.002336000", - "frame.time_delta_displayed": "0.002336000", - "frame.time_relative": "1506.850639000", - "frame.number": "5319", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "94:10:3e:36:60:09", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000041f2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000075ba", - "ip.checksum.status": "2", - "ip.src": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.src_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "4983", - "tcp.dstport": "39500", - "tcp.port": "4983", - "tcp.port": "39500", - "tcp.stream": "199", - "tcp.len": "0", - "tcp.seq": "338", - "tcp.ack": "39", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "2920", - "tcp.window_size": "5840", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x0000e5c9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5318", - "tcp.analysis.ack_rtt": "0.002336000", - "tcp.analysis.initial_rtt": "0.002540000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:38.312152000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495098.312152000", - "frame.time_delta": "0.000827000", - "frame.time_delta_displayed": "0.000827000", - "frame.time_relative": "1506.851466000", - "frame.number": "5320", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "94:10:3e:36:60:09", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000041f3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000075b9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.src_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "4983", - "tcp.dstport": "39500", - "tcp.port": "4983", - "tcp.port": "39500", - "tcp.stream": "199", - "tcp.len": "0", - "tcp.seq": "338", - "tcp.ack": "39", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "2920", - "tcp.window_size": "5840", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x0000e5c8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:38.312803000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495098.312803000", - "frame.time_delta": "0.000651000", - "frame.time_delta_displayed": "0.000651000", - "frame.time_relative": "1506.852117000", - "frame.number": "5321", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "94:10:3e:36:60:09", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00008ae1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00002ccb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.dst_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "39500", - "tcp.dstport": "4983", - "tcp.port": "39500", - "tcp.port": "4983", - "tcp.stream": "199", - "tcp.len": "0", - "tcp.seq": "39", - "tcp.ack": "339", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "262", - "tcp.window_size": "16768", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000f029", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5320", - "tcp.analysis.ack_rtt": "0.000651000", - "tcp.analysis.initial_rtt": "0.002540000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:38.315262000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495098.315262000", - "frame.time_delta": "0.002459000", - "frame.time_delta_displayed": "0.002459000", - "frame.time_relative": "1506.854576000", - "frame.number": "5322", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "94:10:3e:36:60:09", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000041f4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000075b8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.src_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "4983", - "tcp.dstport": "39500", - "tcp.port": "4983", - "tcp.port": "39500", - "tcp.stream": "199", - "tcp.len": "0", - "tcp.seq": "339", - "tcp.ack": "40", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "2920", - "tcp.window_size": "5840", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x0000e5c7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5321", - "tcp.analysis.ack_rtt": "0.002459000", - "tcp.analysis.initial_rtt": "0.002540000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:38.358532000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495098.358532000", - "frame.time_delta": "0.043270000", - "frame.time_delta_displayed": "0.043270000", - "frame.time_relative": "1506.897846000", - "frame.number": "5323", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002d5d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037f3", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "15768", - "tcp.nxtseq": "15815", - "tcp.ack": "69824", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000e9c8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:ba:ea:00:26:fd:8d", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812328682, TSecr 2555277": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812328682", - "tcp.options.timestamp.tsecr": "2555277" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5317", - "tcp.analysis.ack_rtt": "0.060843000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:ad:3c:17:23:9d:06:39:27:2b:98:22:d9:75:65:50:39:ac:7d:37:16:04:b3:8c:7b:b0:40:08:0c:8f:08:e4:9e:00:a3:f7" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:38.359022000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495098.359022000", - "frame.time_delta": "0.000490000", - "frame.time_delta_displayed": "0.000490000", - "frame.time_relative": "1506.898336000", - "frame.number": "5324", - "frame.len": "174", - "frame.cap_len": "174", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "160", - "ip.id": "0x00009663", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000076b0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "108", - "tcp.seq": "69824", - "tcp.nxtseq": "69932", - "tcp.ack": "15815", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000d15e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:fd:93:a7:a0:ba:ea", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2555283, TSecr 2812328682": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2555283", - "tcp.options.timestamp.tsecr": "2812328682" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5323", - "tcp.analysis.ack_rtt": "0.000490000", - "tcp.analysis.bytes_in_flight": "108", - "tcp.analysis.push_bytes_sent": "108" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:06:ad:b6:c2:3f:34:d4:9e:19:df:72:72:75:81:1e:fe:26:d8:19:0c:f3:f2:1f:8a:ab:b2:f9:21:39:a3:10:fb:ab:fc:8f:59:e2:6a:60:a1:5a:06" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:07:96:eb:88:21:6c:92:2e:95:8f:7d:80:6f:48:95:b2:a8:74:5e:a8:c2:51:11:e2:5d:4f:86:5d:73:7d:16:94:92:7a:97:82:09:31:2d:f0:4a:3d" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:38.419922000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495098.419922000", - "frame.time_delta": "0.060900000", - "frame.time_delta_displayed": "0.060900000", - "frame.time_relative": "1506.959236000", - "frame.number": "5325", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00001840", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009f0b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "59440", - "udp.port": "1900", - "udp.port": "59440", - "udp.length": "305", - "udp.checksum": "0x0000dcea", - "udp.checksum.status": "2", - "udp.stream": "130" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "4", - "http.prev_response_in": "5295" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:38.458318000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495098.458318000", - "frame.time_delta": "0.038396000", - "frame.time_delta_displayed": "0.038396000", - "frame.time_relative": "1506.997632000", - "frame.number": "5326", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d5e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003821", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "15815", - "tcp.ack": "69932", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000a0ff", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:bb:03:00:26:fd:93", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812328707, TSecr 2555283": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812328707", - "tcp.options.timestamp.tsecr": "2555283" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5324", - "tcp.analysis.ack_rtt": "0.099296000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:38.458803000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495098.458803000", - "frame.time_delta": "0.000485000", - "frame.time_delta_displayed": "0.000485000", - "frame.time_relative": "1506.998117000", - "frame.number": "5327", - "frame.len": "115", - "frame.cap_len": "115", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "101", - "ip.id": "0x00009664", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000076ea", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "49", - "tcp.seq": "69932", - "tcp.nxtseq": "69981", - "tcp.ack": "15815", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00000d26", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:fd:9d:a7:a0:bb:03", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2555293, TSecr 2812328707": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2555293", - "tcp.options.timestamp.tsecr": "2812328707" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "49", - "tcp.analysis.push_bytes_sent": "49" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "44", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:08:0e:04:42:84:b3:ec:fd:bd:fa:35:02:10:57:22:07:71:14:f1:e0:3e:82:6f:db:3b:23:10:45:45:4f:45:ba:97:ee:35:76:38" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:38.472632000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495098.472632000", - "frame.time_delta": "0.013829000", - "frame.time_delta_displayed": "0.013829000", - "frame.time_relative": "1507.011946000", - "frame.number": "5328", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00001845", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009efd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "59440", - "udp.port": "1900", - "udp.port": "59440", - "udp.length": "314", - "udp.checksum": "0x0000ead5", - "udp.checksum.status": "2", - "udp.stream": "130" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "5", - "http.prev_response_in": "5325" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:38.519014000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495098.519014000", - "frame.time_delta": "0.046382000", - "frame.time_delta_displayed": "0.046382000", - "frame.time_relative": "1507.058328000", - "frame.number": "5329", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d5f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003820", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "15815", - "tcp.ack": "69981", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000a0b5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:bb:12:00:26:fd:9d", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812328722, TSecr 2555293": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812328722", - "tcp.options.timestamp.tsecr": "2555293" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5327", - "tcp.analysis.ack_rtt": "0.060211000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:38.525410000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495098.525410000", - "frame.time_delta": "0.006396000", - "frame.time_delta_displayed": "0.006396000", - "frame.time_relative": "1507.064724000", - "frame.number": "5330", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00001849", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009eff", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "59440", - "udp.port": "1900", - "udp.port": "59440", - "udp.length": "308", - "udp.checksum": "0x00000e60", - "udp.checksum.status": "2", - "udp.stream": "130" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "6", - "http.prev_response_in": "5328" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:38.683495000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495098.683495000", - "frame.time_delta": "0.158085000", - "frame.time_delta_displayed": "0.158085000", - "frame.time_relative": "1507.222809000", - "frame.number": "5331", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x0000210d", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e707", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "59440", - "udp.dstport": "1900", - "udp.port": "59440", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x0000622d", - "udp.checksum.status": "2", - "udp.stream": "129" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "3", - "http.prev_request_in": "5304" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:39.056598000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495099.056598000", - "frame.time_delta": "0.373103000", - "frame.time_delta_displayed": "0.373103000", - "frame.time_relative": "1507.595912000", - "frame.number": "5332", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00001860", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009eeb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "59440", - "udp.port": "1900", - "udp.port": "59440", - "udp.length": "305", - "udp.checksum": "0x0000dcea", - "udp.checksum.status": "2", - "udp.stream": "130" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "7", - "http.prev_response_in": "5330" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:39.109313000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495099.109313000", - "frame.time_delta": "0.052715000", - "frame.time_delta_displayed": "0.052715000", - "frame.time_relative": "1507.648627000", - "frame.number": "5333", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00001863", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009edf", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "59440", - "udp.port": "1900", - "udp.port": "59440", - "udp.length": "314", - "udp.checksum": "0x0000ead5", - "udp.checksum.status": "2", - "udp.stream": "130" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "8", - "http.prev_response_in": "5332" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:39.162191000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495099.162191000", - "frame.time_delta": "0.052878000", - "frame.time_delta_displayed": "0.052878000", - "frame.time_relative": "1507.701505000", - "frame.number": "5334", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00001868", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009ee0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "59440", - "udp.port": "1900", - "udp.port": "59440", - "udp.length": "308", - "udp.checksum": "0x00000e60", - "udp.checksum.status": "2", - "udp.stream": "130" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "9", - "http.prev_response_in": "5333" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:39.680270000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495099.680270000", - "frame.time_delta": "0.518079000", - "frame.time_delta_displayed": "0.518079000", - "frame.time_relative": "1508.219584000", - "frame.number": "5335", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x0000210e", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e706", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "59440", - "udp.dstport": "1900", - "udp.port": "59440", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x0000622d", - "udp.checksum.status": "2", - "udp.stream": "129" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "4", - "http.prev_request_in": "5331" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:40.108720000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495100.108720000", - "frame.time_delta": "0.428450000", - "frame.time_delta_displayed": "0.428450000", - "frame.time_relative": "1508.648034000", - "frame.number": "5336", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00001878", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009ed3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "59440", - "udp.port": "1900", - "udp.port": "59440", - "udp.length": "305", - "udp.checksum": "0x0000dcea", - "udp.checksum.status": "2", - "udp.stream": "130" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "10", - "http.prev_response_in": "5334" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:40.161540000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495100.161540000", - "frame.time_delta": "0.052820000", - "frame.time_delta_displayed": "0.052820000", - "frame.time_relative": "1508.700854000", - "frame.number": "5337", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000187c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009ec6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "59440", - "udp.port": "1900", - "udp.port": "59440", - "udp.length": "314", - "udp.checksum": "0x0000ead5", - "udp.checksum.status": "2", - "udp.stream": "130" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "11", - "http.prev_response_in": "5336" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:40.214322000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495100.214322000", - "frame.time_delta": "0.052782000", - "frame.time_delta_displayed": "0.052782000", - "frame.time_relative": "1508.753636000", - "frame.number": "5338", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00001880", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009ec8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "59440", - "udp.port": "1900", - "udp.port": "59440", - "udp.length": "308", - "udp.checksum": "0x00000e60", - "udp.checksum.status": "2", - "udp.stream": "130" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "12", - "http.prev_response_in": "5337" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:40.477851000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495100.477851000", - "frame.time_delta": "0.263529000", - "frame.time_delta_displayed": "0.263529000", - "frame.time_relative": "1509.017165000", - "frame.number": "5339", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000188d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009ebe", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "59440", - "udp.port": "1900", - "udp.port": "59440", - "udp.length": "305", - "udp.checksum": "0x0000dcea", - "udp.checksum.status": "2", - "udp.stream": "130" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "13", - "http.prev_response_in": "5338" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:40.530818000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495100.530818000", - "frame.time_delta": "0.052967000", - "frame.time_delta_displayed": "0.052967000", - "frame.time_relative": "1509.070132000", - "frame.number": "5340", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00001890", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009eb2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "59440", - "udp.port": "1900", - "udp.port": "59440", - "udp.length": "314", - "udp.checksum": "0x0000ead5", - "udp.checksum.status": "2", - "udp.stream": "130" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "14", - "http.prev_response_in": "5339" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:40.583399000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495100.583399000", - "frame.time_delta": "0.052581000", - "frame.time_delta_displayed": "0.052581000", - "frame.time_relative": "1509.122713000", - "frame.number": "5341", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00001892", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009eb6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "59440", - "udp.port": "1900", - "udp.port": "59440", - "udp.length": "308", - "udp.checksum": "0x00000e60", - "udp.checksum.status": "2", - "udp.stream": "130" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "15", - "http.prev_response_in": "5340" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:41.529534000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495101.529534000", - "frame.time_delta": "0.946135000", - "frame.time_delta_displayed": "0.946135000", - "frame.time_relative": "1510.068848000", - "frame.number": "5342", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x000018de", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009e6d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "59440", - "udp.port": "1900", - "udp.port": "59440", - "udp.length": "305", - "udp.checksum": "0x0000dcea", - "udp.checksum.status": "2", - "udp.stream": "130" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "16", - "http.prev_response_in": "5341" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:41.582551000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495101.582551000", - "frame.time_delta": "0.053017000", - "frame.time_delta_displayed": "0.053017000", - "frame.time_relative": "1510.121865000", - "frame.number": "5343", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x000018e0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009e62", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "59440", - "udp.port": "1900", - "udp.port": "59440", - "udp.length": "314", - "udp.checksum": "0x0000ead5", - "udp.checksum.status": "2", - "udp.stream": "130" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "17", - "http.prev_response_in": "5342" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:41.635370000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495101.635370000", - "frame.time_delta": "0.052819000", - "frame.time_delta_displayed": "0.052819000", - "frame.time_relative": "1510.174684000", - "frame.number": "5344", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x000018e2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009e66", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "59440", - "udp.port": "1900", - "udp.port": "59440", - "udp.length": "308", - "udp.checksum": "0x00000e60", - "udp.checksum.status": "2", - "udp.stream": "130" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "18", - "http.prev_response_in": "5343" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:42.319226000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495102.319226000", - "frame.time_delta": "0.683856000", - "frame.time_delta_displayed": "0.683856000", - "frame.time_relative": "1510.858540000", - "frame.number": "5345", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x000018eb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009e60", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "59440", - "udp.port": "1900", - "udp.port": "59440", - "udp.length": "305", - "udp.checksum": "0x0000dcea", - "udp.checksum.status": "2", - "udp.stream": "130" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "19", - "http.prev_response_in": "5344" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:42.372012000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495102.372012000", - "frame.time_delta": "0.052786000", - "frame.time_delta_displayed": "0.052786000", - "frame.time_relative": "1510.911326000", - "frame.number": "5346", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x000018ec", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009e56", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "59440", - "udp.port": "1900", - "udp.port": "59440", - "udp.length": "314", - "udp.checksum": "0x0000ead5", - "udp.checksum.status": "2", - "udp.stream": "130" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "20", - "http.prev_response_in": "5345" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:42.424861000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495102.424861000", - "frame.time_delta": "0.052849000", - "frame.time_delta_displayed": "0.052849000", - "frame.time_relative": "1510.964175000", - "frame.number": "5347", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x000018f1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009e57", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "59440", - "udp.port": "1900", - "udp.port": "59440", - "udp.length": "308", - "udp.checksum": "0x00000e60", - "udp.checksum.status": "2", - "udp.stream": "130" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "21", - "http.prev_response_in": "5346" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:43.376289000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495103.376289000", - "frame.time_delta": "0.951428000", - "frame.time_delta_displayed": "0.951428000", - "frame.time_relative": "1511.915603000", - "frame.number": "5348", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x000018f9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009e52", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "59440", - "udp.port": "1900", - "udp.port": "59440", - "udp.length": "305", - "udp.checksum": "0x0000dcea", - "udp.checksum.status": "2", - "udp.stream": "130" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "22", - "http.prev_response_in": "5347" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:43.429032000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495103.429032000", - "frame.time_delta": "0.052743000", - "frame.time_delta_displayed": "0.052743000", - "frame.time_relative": "1511.968346000", - "frame.number": "5349", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x000018fb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009e47", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "59440", - "udp.port": "1900", - "udp.port": "59440", - "udp.length": "314", - "udp.checksum": "0x0000ead5", - "udp.checksum.status": "2", - "udp.stream": "130" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "23", - "http.prev_response_in": "5348" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:43.481815000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495103.481815000", - "frame.time_delta": "0.052783000", - "frame.time_delta_displayed": "0.052783000", - "frame.time_relative": "1512.021129000", - "frame.number": "5350", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x000018fe", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009e4a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "59440", - "udp.port": "1900", - "udp.port": "59440", - "udp.length": "308", - "udp.checksum": "0x00000e60", - "udp.checksum.status": "2", - "udp.stream": "130" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "24", - "http.prev_response_in": "5349" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:43.692594000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495103.692594000", - "frame.time_delta": "0.210779000", - "frame.time_delta_displayed": "0.210779000", - "frame.time_relative": "1512.231908000", - "frame.number": "5351", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x00001536", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000b421", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:43.711463000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495103.711463000", - "frame.time_delta": "0.018869000", - "frame.time_delta_displayed": "0.018869000", - "frame.time_relative": "1512.250777000", - "frame.number": "5352", - "frame.len": "213", - "frame.cap_len": "213", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "199", - "ip.id": "0x00009665", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007687", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "147", - "tcp.seq": "69981", - "tcp.nxtseq": "70128", - "tcp.ack": "15815", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00005e64", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:ff:aa:a7:a0:bb:12", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2555818, TSecr 2812328722": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2555818", - "tcp.options.timestamp.tsecr": "2812328722" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "147", - "tcp.analysis.push_bytes_sent": "147" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "142", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:09:51:66:79:7a:1a:68:cb:4a:79:5f:4c:11:84:62:65:a9:5d:8c:2e:f5:46:5e:ac:54:f0:6f:ff:ea:3e:07:65:b1:e3:b6:2f:cf:7b:a0:ec:8c:60:e3:8e:0b:6a:82:37:ab:7d:6d:94:d6:1b:5f:b6:9a:6e:78:8b:f1:70:43:14:12:56:59:3b:63:8f:48:16:f0:e6:57:cb:36:30:7f:a0:51:0e:ce:4c:88:32:4e:c0:e4:04:fb:8c:40:1c:5a:d0:17:74:02:28:f5:50:74:1e:25:e0:ef:e9:e3:9b:50:88:34:c3:42:09:b0:51:49:e6:8f:5d:99:fb:75:27:d0:e3:7f:47:0d:51:fd:33:00" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:43.745494000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495103.745494000", - "frame.time_delta": "0.034031000", - "frame.time_delta_displayed": "0.034031000", - "frame.time_relative": "1512.284808000", - "frame.number": "5353", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x0000153a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000b41d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:43.771586000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495103.771586000", - "frame.time_delta": "0.026092000", - "frame.time_delta_displayed": "0.026092000", - "frame.time_relative": "1512.310900000", - "frame.number": "5354", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d60", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000381f", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "15815", - "tcp.ack": "70128", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000098f4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:c0:33:00:26:ff:aa", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812330035, TSecr 2555818": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812330035", - "tcp.options.timestamp.tsecr": "2555818" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5352", - "tcp.analysis.ack_rtt": "0.060123000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:43.798365000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495103.798365000", - "frame.time_delta": "0.026779000", - "frame.time_delta_displayed": "0.026779000", - "frame.time_relative": "1512.337679000", - "frame.number": "5355", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x0000153f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000b40f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:43.827383000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495103.827383000", - "frame.time_delta": "0.029018000", - "frame.time_delta_displayed": "0.029018000", - "frame.time_relative": "1512.366697000", - "frame.number": "5356", - "frame.len": "196", - "frame.cap_len": "196", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "182", - "ip.id": "0x00009666", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007697", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "130", - "tcp.seq": "70128", - "tcp.nxtseq": "70258", - "tcp.ack": "15815", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00007f61", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:26:ff:b6:a7:a0:c0:33", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2555830, TSecr 2812330035": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2555830", - "tcp.options.timestamp.tsecr": "2812330035" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "130", - "tcp.analysis.push_bytes_sent": "130" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "125", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:0a:8f:63:d0:e0:fe:6d:bb:f6:7f:53:1f:8b:01:de:ed:1c:fc:ea:90:74:5a:7c:72:87:30:b2:ae:7b:c2:e9:d2:f0:be:96:02:3e:92:eb:13:be:1b:34:8b:34:2d:5b:99:18:6b:de:f4:d0:69:55:7a:a4:80:a5:b4:13:ce:c8:3f:a7:bf:98:db:fa:a1:29:a2:ab:f7:a3:ab:56:18:73:83:2a:a9:2f:fb:56:04:ed:4c:69:0f:74:6e:23:45:a0:65:25:64:0b:42:97:40:d3:4b:d3:85:15:8d:54:b6:b8:f0:b4:8f:b3:5d:8f:02" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:43.851277000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495103.851277000", - "frame.time_delta": "0.023894000", - "frame.time_delta_displayed": "0.023894000", - "frame.time_relative": "1512.390591000", - "frame.number": "5357", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x00001540", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000b40e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:43.887571000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495103.887571000", - "frame.time_delta": "0.036294000", - "frame.time_delta_displayed": "0.036294000", - "frame.time_relative": "1512.426885000", - "frame.number": "5358", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d61", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000381e", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "15815", - "tcp.ack": "70258", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00009849", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:c0:50:00:26:ff:b6", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812330064, TSecr 2555830": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812330064", - "tcp.options.timestamp.tsecr": "2555830" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5356", - "tcp.analysis.ack_rtt": "0.060188000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:43.904165000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495103.904165000", - "frame.time_delta": "0.016594000", - "frame.time_delta_displayed": "0.016594000", - "frame.time_relative": "1512.443479000", - "frame.number": "5359", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x00001541", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000b413", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:43.957113000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495103.957113000", - "frame.time_delta": "0.052948000", - "frame.time_delta_displayed": "0.052948000", - "frame.time_relative": "1512.496427000", - "frame.number": "5360", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x00001544", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000b410", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:47.337093000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495107.337093000", - "frame.time_delta": "3.379980000", - "frame.time_delta_displayed": "3.379980000", - "frame.time_relative": "1515.876407000", - "frame.number": "5361", - "frame.len": "83", - "frame.cap_len": "83", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "69", - "ip.id": "0x0000fa19", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000df74", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "49", - "udp.checksum": "0x0000edf6", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_smartthings._tcp.local", - "dns.qry.name.len": "23", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:47.344847000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495107.344847000", - "frame.time_delta": "0.007754000", - "frame.time_delta_displayed": "0.007754000", - "frame.time_relative": "1515.884161000", - "frame.number": "5362", - "frame.len": "211", - "frame.cap_len": "211", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "197", - "ip.id": "0x0000972c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00004165", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "177", - "udp.checksum": "0x00009320", - "udp.checksum.status": "2", - "udp.stream": "45" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00008400", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "1", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.recavail": "0", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "0", - "dns.count.answers": "4", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Answers": { - "_smartthings._tcp.local: type PTR, class IN, D052A8A1D7EE0001._smartthings._tcp.local": { - "dns.resp.name": "_smartthings._tcp.local", - "dns.resp.type": "12", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "4500", - "dns.resp.len": "19", - "dns.ptr.domain_name": "D052A8A1D7EE0001._smartthings._tcp.local" - }, - "D052A8A1D7EE0001._smartthings._tcp.local: type TXT, class IN, cache flush": { - "dns.resp.name": "D052A8A1D7EE0001._smartthings._tcp.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "1", - "dns.resp.ttl": "4500", - "dns.resp.len": "38", - "dns.txt.length": "6", - "dns.txt": "path=\/", - "dns.txt.length": "19", - "dns.txt": "id=D052A8A1D7EE0001", - "dns.txt.length": "10", - "dns.txt": "type=hubv2" - }, - "D052A8A1D7EE0001._smartthings._tcp.local: type SRV, class IN, cache flush, priority 0, weight 0, port 8081, target D052A8A1D7EE0001.local": { - "dns.srv.service": "D052A8A1D7EE0001", - "dns.srv.proto": "_smartthings", - "dns.srv.name": "_tcp.local", - "dns.resp.type": "33", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "1", - "dns.resp.ttl": "120", - "dns.resp.len": "25", - "dns.srv.priority": "0", - "dns.srv.weight": "0", - "dns.srv.port": "8081", - "dns.srv.target": "D052A8A1D7EE0001.local" - }, - "D052A8A1D7EE0001.local: type A, class IN, cache flush, addr 192.168.0.242": { - "dns.resp.name": "D052A8A1D7EE0001.local", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "1", - "dns.resp.ttl": "120", - "dns.resp.len": "4", - "dns.a": "192.168.0.242" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:47.471493000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495107.471493000", - "frame.time_delta": "0.126646000", - "frame.time_delta_displayed": "0.126646000", - "frame.time_relative": "1516.010807000", - "frame.number": "5363", - "frame.len": "83", - "frame.cap_len": "83", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "69", - "ip.id": "0x0000fa3f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000df4e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "49", - "udp.checksum": "0x0000edf6", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_smartthings._tcp.local", - "dns.qry.name.len": "23", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:47.699423000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495107.699423000", - "frame.time_delta": "0.227930000", - "frame.time_delta_displayed": "0.227930000", - "frame.time_relative": "1516.238737000", - "frame.number": "5364", - "frame.len": "83", - "frame.cap_len": "83", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "69", - "ip.id": "0x0000fa67", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000df26", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "49", - "udp.checksum": "0x0000edf6", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_smartthings._tcp.local", - "dns.qry.name.len": "23", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:47.984755000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495107.984755000", - "frame.time_delta": "0.285332000", - "frame.time_delta_displayed": "0.285332000", - "frame.time_relative": "1516.524069000", - "frame.number": "5365", - "frame.len": "621", - "frame.cap_len": "621", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "607", - "ip.id": "0x00002d62", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000035f2", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "555", - "tcp.seq": "15815", - "tcp.nxtseq": "16370", - "tcp.ack": "70258", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00009626", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:c4:50:00:26:ff:b6", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812331088, TSecr 2555830": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812331088", - "tcp.options.timestamp.tsecr": "2555830" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "555", - "tcp.analysis.push_bytes_sent": "555" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "550", - "ssl.app_data": "34:cd:34:17:47:48:0e:ae:fd:c4:d8:a8:20:78:28:95:ed:8b:7e:92:62:1d:82:2c:f7:ee:8e:67:be:e5:39:f5:58:db:85:d6:91:5f:0e:89:bf:6c:43:3e:a5:c5:8d:66:3e:c1:4e:cc:71:20:4d:23:b6:67:d7:af:90:16:27:09:3d:73:5f:42:75:d7:bf:0c:9a:fe:56:f8:9c:be:b5:6c:35:a1:23:07:70:96:6f:e1:29:db:45:8d:96:6c:31:27:c3:8b:b7:d9:f5:12:b3:a9:31:a3:a4:6a:64:94:e2:b2:f3:ef:be:ad:7b:95:51:74:e2:3e:ec:8b:8a:98:1d:e6:50:53:7e:3c:ca:b0:f1:93:29:77:68:82:05:f7:88:42:34:a1:b9:61:d1:f3:86:ae:32:e2:7c:47:4d:79:4b:35:61:fa:eb:71:91:65:71:ce:94:81:d7:b4:d2:e4:67:50:2b:b5:1f:38:79:dd:0a:b5:fd:b2:90:1c:11:8a:5d:8c:02:ec:a9:2c:77:ca:85:00:f9:42:a8:81:7b:3f:37:0c:38:26:14:a0:03:aa:87:e0:29:5d:1f:5b:95:ed:f0:56:d1:71:ac:75:3c:75:b3:e5:95:00:e2:83:1a:83:4b:0b:ff:8d:b5:53:b3:7d:2d:90:11:3b:e8:75:5e:43:2d:e3:86:36:be:71:8f:a8:e3:f5:6f:20:b0:09:e5:bb:69:cf:c8:3b:eb:7e:80:11:82:5f:fa:1e:52:fc:45:e0:2a:42:33:3d:ec:90:af:d1:af:90:43:b6:54:57:75:98:44:dc:71:40:94:b3:97:bb:43:d3:ae:dc:b4:65:59:85:85:55:c1:e1:2e:20:16:9c:bb:ac:ea:df:18:0c:8d:99:01:b2:4e:3c:9d:73:9d:8d:39:21:08:41:3d:0a:5b:a2:3f:5c:0e:d7:b6:f9:6e:27:2d:cd:2a:5a:56:6f:94:b6:37:f9:39:a7:1a:9d:eb:78:ba:62:72:7d:2a:87:1a:4f:69:2f:3f:cd:04:34:c2:be:7b:40:62:fe:80:b9:6e:88:f8:d2:8b:91:3b:e6:67:5c:de:b8:38:e5:79:33:c5:c3:67:fc:3d:aa:78:17:27:1e:df:ee:f8:41:71:dd:c2:e5:ef:3f:cb:de:2e:e1:2e:09:88:02:93:7a:1e:64:d8:e5:b6:b7:65:00:57:47:79:11:43:79:19:33:cf:1d:90:a5:7b:ec:25:09:80:26:00:c9:01:f4:fc:16:78:a1:a2:9b:5f:7e:61:14:aa:cd:c4:7c:a3:b3:7c:27:23:89:e0:34:30:4b:e8:e8:b8:a5:f9:b6:21:d5:5f:52:45:bf:ab:65:2d:d1:c5:9c:0a:3e:4b:e8:a9:7e:86:db:db:a5:4e:31:ea:b9:3d:87:6f:72:44:fb:3b:57:d8:22:07:ab:3a:93:42:58:a9:c6:c8:fc:10:8f" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:48.015602000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495108.015602000", - "frame.time_delta": "0.030847000", - "frame.time_delta_displayed": "0.030847000", - "frame.time_relative": "1516.554916000", - "frame.number": "5366", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00009667", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007718", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "70258", - "tcp.ack": "16370", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00008f8c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:01:59:a7:a0:c4:50", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2556249, TSecr 2812331088": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2556249", - "tcp.options.timestamp.tsecr": "2812331088" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5365", - "tcp.analysis.ack_rtt": "0.030847000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:48.019723000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495108.019723000", - "frame.time_delta": "0.004121000", - "frame.time_delta_displayed": "0.004121000", - "frame.time_relative": "1516.559037000", - "frame.number": "5367", - "frame.len": "119", - "frame.cap_len": "119", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "105", - "ip.id": "0x00009668", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000076e2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "53", - "tcp.seq": "70258", - "tcp.nxtseq": "70311", - "tcp.ack": "16370", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000bbef", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:01:59:a7:a0:c4:50", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2556249, TSecr 2812331088": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2556249", - "tcp.options.timestamp.tsecr": "2812331088" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "53", - "tcp.analysis.push_bytes_sent": "53" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "48", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:0b:86:89:97:63:90:7d:3b:15:a2:7d:37:14:04:db:26:93:07:0e:ff:df:9d:de:34:b1:cd:f3:1e:29:90:29:a5:9e:bb:eb:f9:1b:b5:19:ea:bd" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:48.022479000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495108.022479000", - "frame.time_delta": "0.002756000", - "frame.time_delta_displayed": "0.002756000", - "frame.time_relative": "1516.561793000", - "frame.number": "5368", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "14:91:82:25:10:77", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x0000e261", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d5d6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.dst_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "36194", - "tcp.dstport": "49154", - "tcp.port": "36194", - "tcp.port": "49154", - "tcp.stream": "200", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 49154", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "14600", - "tcp.window_size": "14600", - "tcp.checksum": "0x00003e3b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:27:01:59:00:00:00:00:01:03:03:06", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 2556249, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2556249", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 6 (multiply by 64)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "6", - "tcp.options.wscale.multiplier": "64" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:48.032731000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495108.032731000", - "frame.time_delta": "0.010252000", - "frame.time_delta_displayed": "0.010252000", - "frame.time_relative": "1516.572045000", - "frame.number": "5369", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "14:91:82:25:10:77", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "14:91:82:25:10:77", - "arp.src.proto_ipv4": "192.168.0.65", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.242" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:48.033169000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495108.033169000", - "frame.time_delta": "0.000438000", - "frame.time_delta_displayed": "0.000438000", - "frame.time_relative": "1516.572483000", - "frame.number": "5370", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "14:91:82:25:10:77", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "d0:52:a8:a3:60:0f", - "arp.src.proto_ipv4": "192.168.0.242", - "arp.dst.hw_mac": "14:91:82:25:10:77", - "arp.dst.proto_ipv4": "192.168.0.65" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:48.068376000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495108.068376000", - "frame.time_delta": "0.035207000", - "frame.time_delta_displayed": "0.035207000", - "frame.time_relative": "1516.607690000", - "frame.number": "5371", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "14:91:82:25:10:77", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b840", - "ip.checksum.status": "2", - "ip.src": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.src_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "49154", - "tcp.dstport": "36194", - "tcp.port": "49154", - "tcp.port": "36194", - "tcp.stream": "200", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 49154", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "5840", - "tcp.window_size": "5840", - "tcp.checksum": "0x000032cb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:01", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 1 (multiply by 2)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "1", - "tcp.options.wscale.multiplier": "2" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5368", - "tcp.analysis.ack_rtt": "0.045897000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:48.068869000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495108.068869000", - "frame.time_delta": "0.000493000", - "frame.time_delta_displayed": "0.000493000", - "frame.time_relative": "1516.608183000", - "frame.number": "5372", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "14:91:82:25:10:77", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e262", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d5e9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.dst_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "36194", - "tcp.dstport": "49154", - "tcp.port": "36194", - "tcp.port": "49154", - "tcp.stream": "200", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "229", - "tcp.window_size": "14656", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x00008982", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5371", - "tcp.analysis.ack_rtt": "0.000493000", - "tcp.analysis.initial_rtt": "0.046390000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:48.079845000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495108.079845000", - "frame.time_delta": "0.010976000", - "frame.time_delta_displayed": "0.010976000", - "frame.time_relative": "1516.619159000", - "frame.number": "5373", - "frame.len": "557", - "frame.cap_len": "557", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "14:91:82:25:10:77", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "543", - "ip.id": "0x0000e263", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d3f1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.dst_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "36194", - "tcp.dstport": "49154", - "tcp.port": "36194", - "tcp.port": "49154", - "tcp.stream": "200", - "tcp.len": "503", - "tcp.seq": "1", - "tcp.nxtseq": "504", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "229", - "tcp.window_size": "14656", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000c18a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.046390000", - "tcp.analysis.bytes_in_flight": "503", - "tcp.analysis.push_bytes_sent": "503" - } - }, - "http": { - "POST \/upnp\/control\/basicevent1 HTTP\/1.1\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "POST \/upnp\/control\/basicevent1 HTTP\/1.1\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "POST", - "http.request.uri": "\/upnp\/control\/basicevent1", - "http.request.version": "HTTP\/1.1" - }, - "http.request.line": "SOAPAction: \"urn:Belkin:service:basicevent:1#SetBinaryState\"\n", - "http.host": "192.168.0.65:49154", - "http.request.line": "Host: 192.168.0.65:49154\n", - "http.content_type": "text\/xml", - "http.request.line": "Content-Type: text\/xml\n", - "http.content_length_header": "333", - "http.content_length_header_tree": { - "http.content_length": "333" - }, - "http.request.line": "Content-Length: 333\n", - "\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.65:49154\/upnp\/control\/basicevent1", - "http.request": "1", - "http.request_number": "1", - "http.file_data": "<?xml version=\"1.0\"?>\n<SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\" SOAP-ENV:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\">\n<SOAP-ENV:Body>\n <m:SetBinaryState xmlns:m=\"urn:Belkin:service:basicevent:1\">\n<BinaryState>0<\/BinaryState>\n <\/m:SetBinaryState>\n<\/SOAP-ENV:Body>\n<\/SOAP-ENV:Envelope>" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\"?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "?>": "" - }, - "xml.tag": "<SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\" SOAP-ENV:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\">", - "xml.tag_tree": { - "xml.attribute": "xmlns:SOAP-ENV=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\"", - "xml.attribute": "SOAP-ENV:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\"", - "xml.tag": "<SOAP-ENV:Body>", - "xml.tag_tree": { - "xml.tag": "<m:SetBinaryState xmlns:m=\"urn:Belkin:service:basicevent:1\">", - "xml.tag_tree": { - "xml.attribute": "xmlns:m=\"urn:Belkin:service:basicevent:1\"", - "xml.tag": "<BinaryState>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/BinaryState>": "" - }, - "<\/m:SetBinaryState>": "" - }, - "<\/SOAP-ENV:Body>": "" - }, - "<\/SOAP-ENV:Envelope>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:48.080055000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495108.080055000", - "frame.time_delta": "0.000210000", - "frame.time_delta_displayed": "0.000210000", - "frame.time_relative": "1516.619369000", - "frame.number": "5374", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d63", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000381c", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "16370", - "tcp.ack": "70311", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000902e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:c4:68:00:27:01:59", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812331112, TSecr 2556249": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812331112", - "tcp.options.timestamp.tsecr": "2556249" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5367", - "tcp.analysis.ack_rtt": "0.060332000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:48.080513000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495108.080513000", - "frame.time_delta": "0.000458000", - "frame.time_delta_displayed": "0.000458000", - "frame.time_relative": "1516.619827000", - "frame.number": "5375", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "106", - "ip.id": "0x00009669", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000076e0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "54", - "tcp.seq": "70311", - "tcp.nxtseq": "70365", - "tcp.ack": "16370", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00009eb0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:01:5f:a7:a0:c4:68", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2556255, TSecr 2812331112": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2556255", - "tcp.options.timestamp.tsecr": "2812331112" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "54", - "tcp.analysis.push_bytes_sent": "54" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:0c:ad:09:dd:1a:3d:df:f7:58:f4:be:d0:2c:12:6c:f1:8d:e1:7f:38:d0:fd:b1:33:46:16:0d:ce:9e:d2:1e:ee:6c:b6:d0:7b:44:7a:60:3d:a4:c7" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:48.087700000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495108.087700000", - "frame.time_delta": "0.007187000", - "frame.time_delta_displayed": "0.007187000", - "frame.time_relative": "1516.627014000", - "frame.number": "5376", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "14:91:82:25:10:77", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000c146", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f705", - "ip.checksum.status": "2", - "ip.src": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.src_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "49154", - "tcp.dstport": "36194", - "tcp.port": "49154", - "tcp.port": "36194", - "tcp.stream": "200", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "504", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3456", - "tcp.window_size": "6912", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x00007af0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5373", - "tcp.analysis.ack_rtt": "0.007855000", - "tcp.analysis.initial_rtt": "0.046390000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:48.119849000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495108.119849000", - "frame.time_delta": "0.032149000", - "frame.time_delta_displayed": "0.032149000", - "frame.time_relative": "1516.659163000", - "frame.number": "5377", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "14:91:82:25:10:77", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x0000c147", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f644", - "ip.checksum.status": "2", - "ip.src": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.src_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "49154", - "tcp.dstport": "36194", - "tcp.port": "49154", - "tcp.port": "36194", - "tcp.stream": "200", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "504", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3456", - "tcp.window_size": "6912", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x000087f5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.046390000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:4f:4e:54:45:4e:54:2d:4c:45:4e:47:54:48:3a:20:34:32:30:0d:0a:43:4f:4e:54:45:4e:54:2d:54:59:50:45:3a:20:74:65:78:74:2f:78:6d:6c:3b:20:63:68:61:72:73:65:74:3d:22:75:74:66:2d:38:22:0d:0a:44:41:54:45:3a:20:57:65:64:2c:20:30:31:20:4e:6f:76:20:32:30:31:37:20:30:30:3a:31:31:3a:34:38:20:47:4d:54:0d:0a:45:58:54:3a:0d:0a:53:45:52:56:45:52:3a:20:55:6e:73:70:65:63:69:66:69:65:64:2c:20:55:50:6e:50:2f:31:2e:30:2c:20:55:6e:73:70:65:63:69:66:69:65:64:0d:0a:58:2d:55:73:65:72:2d:41:67:65:6e:74:3a:20:72:65:64:73:6f:6e:69:63:0d:0a:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:48.120015000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495108.120015000", - "frame.time_delta": "0.000166000", - "frame.time_delta_displayed": "0.000166000", - "frame.time_relative": "1516.659329000", - "frame.number": "5378", - "frame.len": "474", - "frame.cap_len": "474", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "14:91:82:25:10:77", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "460", - "ip.id": "0x0000c148", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f55f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.src_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "49154", - "tcp.dstport": "36194", - "tcp.port": "49154", - "tcp.port": "36194", - "tcp.stream": "200", - "tcp.len": "420", - "tcp.seq": "193", - "tcp.nxtseq": "614", - "tcp.ack": "504", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3456", - "tcp.window_size": "6912", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x0000ba4f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.046390000", - "tcp.analysis.bytes_in_flight": "613", - "tcp.analysis.push_bytes_sent": "420" - }, - "tcp.segment_data": "3c:73:3a:45:6e:76:65:6c:6f:70:65:20:78:6d:6c:6e:73:3a:73:3d:22:68:74:74:70:3a:2f:2f:73:63:68:65:6d:61:73:2e:78:6d:6c:73:6f:61:70:2e:6f:72:67:2f:73:6f:61:70:2f:65:6e:76:65:6c:6f:70:65:2f:22:20:73:3a:65:6e:63:6f:64:69:6e:67:53:74:79:6c:65:3d:22:68:74:74:70:3a:2f:2f:73:63:68:65:6d:61:73:2e:78:6d:6c:73:6f:61:70:2e:6f:72:67:2f:73:6f:61:70:2f:65:6e:63:6f:64:69:6e:67:2f:22:3e:3c:73:3a:42:6f:64:79:3e:0a:3c:75:3a:53:65:74:42:69:6e:61:72:79:53:74:61:74:65:52:65:73:70:6f:6e:73:65:20:78:6d:6c:6e:73:3a:75:3d:22:75:72:6e:3a:42:65:6c:6b:69:6e:3a:73:65:72:76:69:63:65:3a:62:61:73:69:63:65:76:65:6e:74:3a:31:22:3e:0d:0a:3c:42:69:6e:61:72:79:53:74:61:74:65:3e:30:7c:31:35:30:39:34:39:34:35:30:36:7c:30:7c:30:7c:31:34:33:32:30:7c:31:32:30:39:36:30:30:7c:31:35:7c:30:7c:30:7c:34:38:36:30:30:35:31:3c:2f:42:69:6e:61:72:79:53:74:61:74:65:3e:0d:0a:3c:43:6f:75:6e:74:64:6f:77:6e:45:6e:64:54:69:6d:65:3e:30:3c:2f:43:6f:75:6e:74:64:6f:77:6e:45:6e:64:54:69:6d:65:3e:0d:0a:3c:64:65:76:69:63:65:43:75:72:72:65:6e:74:54:69:6d:65:3e:31:35:30:39:34:39:35:31:30:38:3c:2f:64:65:76:69:63:65:43:75:72:72:65:6e:74:54:69:6d:65:3e:0d:0a:3c:2f:75:3a:53:65:74:42:69:6e:61:72:79:53:74:61:74:65:52:65:73:70:6f:6e:73:65:3e:0d:0a:3c:2f:73:3a:42:6f:64:79:3e:20:3c:2f:73:3a:45:6e:76:65:6c:6f:70:65:3e" - }, - "tcp.segments": { - "tcp.segment": "5377", - "tcp.segment": "5378", - "tcp.segment.count": "2", - "tcp.reassembled.length": "612", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:4f:4e:54:45:4e:54:2d:4c:45:4e:47:54:48:3a:20:34:32:30:0d:0a:43:4f:4e:54:45:4e:54:2d:54:59:50:45:3a:20:74:65:78:74:2f:78:6d:6c:3b:20:63:68:61:72:73:65:74:3d:22:75:74:66:2d:38:22:0d:0a:44:41:54:45:3a:20:57:65:64:2c:20:30:31:20:4e:6f:76:20:32:30:31:37:20:30:30:3a:31:31:3a:34:38:20:47:4d:54:0d:0a:45:58:54:3a:0d:0a:53:45:52:56:45:52:3a:20:55:6e:73:70:65:63:69:66:69:65:64:2c:20:55:50:6e:50:2f:31:2e:30:2c:20:55:6e:73:70:65:63:69:66:69:65:64:0d:0a:58:2d:55:73:65:72:2d:41:67:65:6e:74:3a:20:72:65:64:73:6f:6e:69:63:0d:0a:0d:0a:3c:73:3a:45:6e:76:65:6c:6f:70:65:20:78:6d:6c:6e:73:3a:73:3d:22:68:74:74:70:3a:2f:2f:73:63:68:65:6d:61:73:2e:78:6d:6c:73:6f:61:70:2e:6f:72:67:2f:73:6f:61:70:2f:65:6e:76:65:6c:6f:70:65:2f:22:20:73:3a:65:6e:63:6f:64:69:6e:67:53:74:79:6c:65:3d:22:68:74:74:70:3a:2f:2f:73:63:68:65:6d:61:73:2e:78:6d:6c:73:6f:61:70:2e:6f:72:67:2f:73:6f:61:70:2f:65:6e:63:6f:64:69:6e:67:2f:22:3e:3c:73:3a:42:6f:64:79:3e:0a:3c:75:3a:53:65:74:42:69:6e:61:72:79:53:74:61:74:65:52:65:73:70:6f:6e:73:65:20:78:6d:6c:6e:73:3a:75:3d:22:75:72:6e:3a:42:65:6c:6b:69:6e:3a:73:65:72:76:69:63:65:3a:62:61:73:69:63:65:76:65:6e:74:3a:31:22:3e:0d:0a:3c:42:69:6e:61:72:79:53:74:61:74:65:3e:30:7c:31:35:30:39:34:39:34:35:30:36:7c:30:7c:30:7c:31:34:33:32:30:7c:31:32:30:39:36:30:30:7c:31:35:7c:30:7c:30:7c:34:38:36:30:30:35:31:3c:2f:42:69:6e:61:72:79:53:74:61:74:65:3e:0d:0a:3c:43:6f:75:6e:74:64:6f:77:6e:45:6e:64:54:69:6d:65:3e:30:3c:2f:43:6f:75:6e:74:64:6f:77:6e:45:6e:64:54:69:6d:65:3e:0d:0a:3c:64:65:76:69:63:65:43:75:72:72:65:6e:74:54:69:6d:65:3e:31:35:30:39:34:39:35:31:30:38:3c:2f:64:65:76:69:63:65:43:75:72:72:65:6e:74:54:69:6d:65:3e:0d:0a:3c:2f:75:3a:53:65:74:42:69:6e:61:72:79:53:74:61:74:65:52:65:73:70:6f:6e:73:65:3e:0d:0a:3c:2f:73:3a:42:6f:64:79:3e:20:3c:2f:73:3a:45:6e:76:65:6c:6f:70:65:3e" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_length_header": "420", - "http.content_length_header_tree": { - "http.content_length": "420" - }, - "http.response.line": "CONTENT-LENGTH: 420\r\n", - "http.content_type": "text\/xml; charset=\"utf-8\"", - "http.response.line": "CONTENT-TYPE: text\/xml; charset=\"utf-8\"\r\n", - "http.date": "Wed, 01 Nov 2017 00:11:48 GMT", - "http.response.line": "DATE: Wed, 01 Nov 2017 00:11:48 GMT\r\n", - "http.response.line": "EXT:\r\n", - "http.server": "Unspecified, UPnP\/1.0, Unspecified", - "http.response.line": "SERVER: Unspecified, UPnP\/1.0, Unspecified\r\n", - "http.response.line": "X-User-Agent: redsonic\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.040170000", - "http.request_in": "5373", - "http.file_data": "<s:Envelope xmlns:s=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\" s:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\"><s:Body>\n<u:SetBinaryStateResponse xmlns:u=\"urn:Belkin:service:basicevent:1\">\r\n<BinaryState>0|1509494506|0|0|14320|1209600|15|0|0|4860051<\/BinaryState>\r\n<CountdownEndTime>0<\/CountdownEndTime>\r\n<deviceCurrentTime>1509495108<\/deviceCurrentTime>\r\n<\/u:SetBinaryStateResponse>\r\n<\/s:Body> <\/s:Envelope>" - }, - "xml": { - "xml.tag": "<s:Envelope xmlns:s=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\" s:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\">", - "xml.tag_tree": { - "xml.attribute": "xmlns:s=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\"", - "xml.attribute": "s:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\"", - "xml.tag": "<s:Body>", - "xml.tag_tree": { - "xml.tag": "<u:SetBinaryStateResponse xmlns:u=\"urn:Belkin:service:basicevent:1\">", - "xml.tag_tree": { - "xml.attribute": "xmlns:u=\"urn:Belkin:service:basicevent:1\"", - "xml.tag": "<BinaryState>", - "xml.tag_tree": { - "xml.cdata": "0|1509494506|0|0|14320|1209600|15|0|0|4860051", - "<\/BinaryState>": "" - }, - "xml.tag": "<CountdownEndTime>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/CountdownEndTime>": "" - }, - "xml.tag": "<deviceCurrentTime>", - "xml.tag_tree": { - "xml.cdata": "1509495108", - "<\/deviceCurrentTime>": "" - }, - "<\/u:SetBinaryStateResponse>": "" - }, - "<\/s:Body>": "" - }, - "<\/s:Envelope>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:48.120346000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495108.120346000", - "frame.time_delta": "0.000331000", - "frame.time_delta_displayed": "0.000331000", - "frame.time_relative": "1516.659660000", - "frame.number": "5379", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "14:91:82:25:10:77", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e264", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d5e7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.dst_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "36194", - "tcp.dstport": "49154", - "tcp.port": "36194", - "tcp.port": "49154", - "tcp.stream": "200", - "tcp.len": "0", - "tcp.seq": "504", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "245", - "tcp.window_size": "15680", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x000086bb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5377", - "tcp.analysis.ack_rtt": "0.000497000", - "tcp.analysis.initial_rtt": "0.046390000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:48.141022000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495108.141022000", - "frame.time_delta": "0.020676000", - "frame.time_delta_displayed": "0.020676000", - "frame.time_relative": "1516.680336000", - "frame.number": "5380", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d64", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000381b", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "16370", - "tcp.ack": "70365", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00008fe3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:c4:77:00:27:01:5f", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812331127, TSecr 2556255": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812331127", - "tcp.options.timestamp.tsecr": "2556255" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5375", - "tcp.analysis.ack_rtt": "0.060509000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:48.141581000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495108.141581000", - "frame.time_delta": "0.000559000", - "frame.time_delta_displayed": "0.000559000", - "frame.time_relative": "1516.680895000", - "frame.number": "5381", - "frame.len": "791", - "frame.cap_len": "791", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "777", - "ip.id": "0x0000966a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007440", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "725", - "tcp.seq": "70365", - "tcp.nxtseq": "71090", - "tcp.ack": "16370", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00000be1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:01:65:a7:a0:c4:77", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2556261, TSecr 2812331127": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2556261", - "tcp.options.timestamp.tsecr": "2812331127" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "725", - "tcp.analysis.push_bytes_sent": "725" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:0d:a8:2e:d5:3d:9a:08:8c:49:0b:99:d5:57:5d:cb:dc:cf:9d:c9:00:98:ca:4b:53:7c:8f:b5:e8:f0:ba:46:19:88:4f:c1:8c:eb:57:6c:f2:b5:55" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "666", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:0e:a5:4c:90:9a:14:fb:ff:17:b9:9d:64:21:30:8f:a2:42:3c:1c:51:7d:c0:70:b0:da:f6:a9:ba:8a:d8:41:11:b2:c0:59:3c:4c:ed:a3:6d:9c:f2:98:cc:8e:72:0c:66:2a:4b:db:64:bc:84:3e:b0:d0:48:7e:7c:05:1d:28:1c:94:32:1a:32:df:ae:a3:cb:76:b5:ce:54:3e:8a:66:b5:73:65:34:cb:fc:83:27:3b:f5:b6:06:c5:dc:44:31:ee:74:83:bb:01:7f:f8:82:02:00:f3:75:f4:54:da:73:ea:d5:80:75:c6:75:e7:c6:44:eb:75:99:51:ae:aa:58:8d:d2:f1:cf:64:a1:d2:cb:33:1e:36:4b:e9:db:5f:44:7b:e1:c5:4f:5c:fb:59:cc:e9:d4:ee:4a:9f:cd:64:51:20:02:58:a7:3c:dd:11:50:2c:db:e2:93:a0:71:10:3e:10:77:20:4e:c6:f5:94:68:73:90:2a:c3:c1:5c:d5:8a:3d:52:b1:4e:96:4c:52:aa:21:ba:24:ea:54:c5:12:43:d9:15:14:56:c9:87:43:e7:dd:ad:70:e3:c8:30:42:72:e1:db:4e:79:ee:ad:f6:49:f9:af:a0:1e:c9:e6:49:3d:ab:05:a5:09:9a:95:c3:5c:f2:54:ad:b9:15:d6:1b:73:b5:b5:3a:cb:e0:54:a8:a4:e8:c0:92:ba:a7:55:64:53:09:de:ae:bb:57:ff:24:68:86:6b:ce:0c:2d:22:27:f3:b1:43:ce:2e:62:fa:55:ba:cc:1d:fa:56:36:1f:d5:b9:94:a1:97:c4:f4:69:73:98:ea:f5:74:fd:14:3c:57:bb:32:a8:18:6e:52:1f:f1:49:64:9f:6f:ba:d2:1c:4d:0c:56:d9:a1:33:c6:01:de:d7:44:af:75:76:3a:e1:3e:14:d4:98:dc:f1:af:d3:8c:02:be:b2:16:0d:89:e6:64:29:c3:6a:e3:b0:e7:cb:d0:98:3e:02:a2:b8:06:b9:f6:ca:66:b1:dd:39:3e:6c:67:23:eb:8d:d0:e9:88:61:e0:97:d2:de:8d:ea:d0:43:30:6b:b0:80:a8:d9:9a:f8:91:92:b8:11:f5:40:3a:44:e5:58:fa:b7:0d:8c:39:69:2f:d2:0c:56:2e:72:c0:24:39:48:b7:7a:c3:da:4c:af:c0:19:4d:3c:2d:18:67:60:77:3b:5d:1a:40:0f:7f:30:aa:43:44:91:ba:18:70:d1:b8:4a:38:e1:81:de:e3:85:d8:18:03:21:06:08:4a:d0:e3:4e:8b:5d:a2:0b:fd:59:03:e2:cc:b8:21:89:69:5a:0c:c7:67:25:63:e7:a7:f2:c5:72:d1:c6:09:b1:28:99:42:9f:f6:65:81:6e:03:af:8d:3c:c4:4d:ab:2b:e5:af:d6:75:2e:45:91:ba:ac:63:26:46:71:29:78:61:25:f4:ba:59:6e:90:8e:ed:64:4e:49:1f:27:b0:d2:fe:33:e9:0f:89:4f:a4:ad:b5:c1:49:81:94:05:76:9c:fe:c2:f2:a4:86:61:8e:c8:67:98:9a:ec:34:2d:91:0b:40:35:e4:63:fd:92:59:b0:67:f0:5e:ca:25:5f:e5:7d:f0:d1:f7:2c:49:f5:7f:44:33:d3:1e:83:3e:3e:62:8a:85:fb:b1:d0:0c:4d:9e:10:88:d3:f5:1f:0a:34:ad:fb:76:63:c9:09:26:10:5f:ad:bb:8c:17:6c:04:da:bb:40:8f" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:48.155574000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495108.155574000", - "frame.time_delta": "0.013993000", - "frame.time_delta_displayed": "0.013993000", - "frame.time_relative": "1516.694888000", - "frame.number": "5382", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "14:91:82:25:10:77", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e265", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d5e6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.dst_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "36194", - "tcp.dstport": "49154", - "tcp.port": "36194", - "tcp.port": "49154", - "tcp.stream": "200", - "tcp.len": "0", - "tcp.seq": "504", - "tcp.ack": "614", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "262", - "tcp.window_size": "16768", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x00008505", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5378", - "tcp.analysis.ack_rtt": "0.035559000", - "tcp.analysis.initial_rtt": "0.046390000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:48.201826000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495108.201826000", - "frame.time_delta": "0.046252000", - "frame.time_delta_displayed": "0.046252000", - "frame.time_relative": "1516.741140000", - "frame.number": "5383", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d65", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000381a", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "16370", - "tcp.ack": "71090", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00008cf9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:c4:86:00:27:01:65", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812331142, TSecr 2556261": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812331142", - "tcp.options.timestamp.tsecr": "2556261" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5381", - "tcp.analysis.ack_rtt": "0.060245000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:48.203199000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495108.203199000", - "frame.time_delta": "0.001373000", - "frame.time_delta_displayed": "0.001373000", - "frame.time_relative": "1516.742513000", - "frame.number": "5384", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002d66", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037ea", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "16370", - "tcp.nxtseq": "16417", - "tcp.ack": "71090", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000c8c4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:c4:87:00:27:01:65", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812331143, TSecr 2556261": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812331143", - "tcp.options.timestamp.tsecr": "2556261" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:af:07:38:8e:93:1a:26:18:0d:85:0b:02:99:46:db:43:8b:87:9d:18:d7:3e:80:d0:c1:7e:9a:01:73:c5:0b:15:4c:56:7e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:48.203629000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495108.203629000", - "frame.time_delta": "0.000430000", - "frame.time_delta_displayed": "0.000430000", - "frame.time_relative": "1516.742943000", - "frame.number": "5385", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000966b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007714", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "71090", - "tcp.ack": "16417", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00008bd4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:01:6b:a7:a0:c4:87", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2556267, TSecr 2812331143": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2556267", - "tcp.options.timestamp.tsecr": "2812331143" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5384", - "tcp.analysis.ack_rtt": "0.000430000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:48.207076000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495108.207076000", - "frame.time_delta": "0.003447000", - "frame.time_delta_displayed": "0.003447000", - "frame.time_relative": "1516.746390000", - "frame.number": "5386", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x0000966c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000076e4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "71090", - "tcp.nxtseq": "71137", - "tcp.ack": "16417", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000fab0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:01:6c:a7:a0:c4:87", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2556268, TSecr 2812331143": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2556268", - "tcp.options.timestamp.tsecr": "2812331143" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:0f:00:39:49:cb:e7:52:7d:b3:bb:7d:0f:f0:6c:61:f4:74:bb:9c:f0:f3:9a:6d:9f:ad:2a:57:31:d7:8d:89:62:5a:bc:74" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:48.227536000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495108.227536000", - "frame.time_delta": "0.020460000", - "frame.time_delta_displayed": "0.020460000", - "frame.time_relative": "1516.766850000", - "frame.number": "5387", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "14:91:82:25:10:77", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e266", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d5e5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.dst_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "36194", - "tcp.dstport": "49154", - "tcp.port": "36194", - "tcp.port": "49154", - "tcp.stream": "200", - "tcp.len": "0", - "tcp.seq": "504", - "tcp.ack": "614", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "262", - "tcp.window_size": "16768", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x00008504", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:48.229772000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495108.229772000", - "frame.time_delta": "0.002236000", - "frame.time_delta_displayed": "0.002236000", - "frame.time_relative": "1516.769086000", - "frame.number": "5388", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "14:91:82:25:10:77", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b84c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.src_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "49154", - "tcp.dstport": "36194", - "tcp.port": "49154", - "tcp.port": "36194", - "tcp.stream": "200", - "tcp.len": "0", - "tcp.seq": "614", - "tcp.ack": "505", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3456", - "tcp.window_size": "6912", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x0000788a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5387", - "tcp.analysis.ack_rtt": "0.002236000", - "tcp.analysis.initial_rtt": "0.046390000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:48.306524000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495108.306524000", - "frame.time_delta": "0.076752000", - "frame.time_delta_displayed": "0.076752000", - "frame.time_relative": "1516.845838000", - "frame.number": "5389", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d67", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003818", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "16417", - "tcp.ack": "71137", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00008c79", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:c4:a1:00:27:01:6c", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812331169, TSecr 2556268": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812331169", - "tcp.options.timestamp.tsecr": "2556268" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5386", - "tcp.analysis.ack_rtt": "0.099448000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:48.307016000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495108.307016000", - "frame.time_delta": "0.000492000", - "frame.time_delta_displayed": "0.000492000", - "frame.time_relative": "1516.846330000", - "frame.number": "5390", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "106", - "ip.id": "0x0000966d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000076dc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "54", - "tcp.seq": "71137", - "tcp.nxtseq": "71191", - "tcp.ack": "16417", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000fd19", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:01:76:a7:a0:c4:a1", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2556278, TSecr 2812331169": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2556278", - "tcp.options.timestamp.tsecr": "2812331169" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "54", - "tcp.analysis.push_bytes_sent": "54" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:10:75:4c:b1:ba:91:a2:6e:ce:2e:4b:25:14:07:de:41:dc:57:dd:1c:25:28:e2:e0:af:e4:70:48:11:56:53:5c:22:9b:e3:d4:11:b5:9c:2a:c6:96" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:48.367370000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495108.367370000", - "frame.time_delta": "0.060354000", - "frame.time_delta_displayed": "0.060354000", - "frame.time_relative": "1516.906684000", - "frame.number": "5391", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d68", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003817", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "16417", - "tcp.ack": "71191", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00008c2a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:c4:b0:00:27:01:76", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812331184, TSecr 2556278": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812331184", - "tcp.options.timestamp.tsecr": "2556278" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5390", - "tcp.analysis.ack_rtt": "0.060354000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:49.339316000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495109.339316000", - "frame.time_delta": "0.971946000", - "frame.time_delta_displayed": "0.971946000", - "frame.time_relative": "1517.878630000", - "frame.number": "5392", - "frame.len": "136", - "frame.cap_len": "136", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "122", - "ip.id": "0x0000faeb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000de6d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "102", - "udp.checksum": "0x0000302a", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000003", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", - "dns.qry.name.len": "70", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:49.402816000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495109.402816000", - "frame.time_delta": "0.063500000", - "frame.time_delta_displayed": "0.063500000", - "frame.time_relative": "1517.942130000", - "frame.number": "5393", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "14:91:82:25:10:77", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00004b42", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006cfe", - "ip.checksum.status": "2", - "ip.src": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.src_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "4131", - "tcp.dstport": "39500", - "tcp.port": "4131", - "tcp.port": "39500", - "tcp.stream": "201", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 39500", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "5840", - "tcp.window_size": "5840", - "tcp.checksum": "0x00004c8c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:01", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 1 (multiply by 2)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "1", - "tcp.options.wscale.multiplier": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:49.403312000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495109.403312000", - "frame.time_delta": "0.000496000", - "frame.time_delta_displayed": "0.000496000", - "frame.time_relative": "1517.942626000", - "frame.number": "5394", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "14:91:82:25:10:77", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b840", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.dst_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "39500", - "tcp.dstport": "4131", - "tcp.port": "39500", - "tcp.port": "4131", - "tcp.stream": "201", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 39500", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "14600", - "tcp.window_size": "14600", - "tcp.checksum": "0x00004b20", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:06", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 6 (multiply by 64)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "6", - "tcp.options.wscale.multiplier": "64" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5393", - "tcp.analysis.ack_rtt": "0.000496000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:49.405301000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495109.405301000", - "frame.time_delta": "0.001989000", - "frame.time_delta_displayed": "0.001989000", - "frame.time_relative": "1517.944615000", - "frame.number": "5395", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "14:91:82:25:10:77", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00004b43", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006d09", - "ip.checksum.status": "2", - "ip.src": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.src_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "4131", - "tcp.dstport": "39500", - "tcp.port": "4131", - "tcp.port": "39500", - "tcp.stream": "201", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "2920", - "tcp.window_size": "5840", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x0000b991", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5394", - "tcp.analysis.ack_rtt": "0.001989000", - "tcp.analysis.initial_rtt": "0.002485000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:49.408945000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495109.408945000", - "frame.time_delta": "0.003644000", - "frame.time_delta_displayed": "0.003644000", - "frame.time_relative": "1517.948259000", - "frame.number": "5396", - "frame.len": "258", - "frame.cap_len": "258", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "14:91:82:25:10:77", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "244", - "ip.id": "0x00004b44", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006c3c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.src_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "4131", - "tcp.dstport": "39500", - "tcp.port": "4131", - "tcp.port": "39500", - "tcp.stream": "201", - "tcp.len": "204", - "tcp.seq": "1", - "tcp.nxtseq": "205", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "2920", - "tcp.window_size": "5840", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x00002e2e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002485000", - "tcp.analysis.bytes_in_flight": "204", - "tcp.analysis.push_bytes_sent": "204" - }, - "tcp.segment_data": "4e:4f:54:49:46:59:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:4f:53:54:3a:20:31:39:32:2e:31:36:38:2e:30:2e:32:34:32:3a:33:39:35:30:30:0d:0a:43:4f:4e:54:45:4e:54:2d:54:59:50:45:3a:20:74:65:78:74:2f:78:6d:6c:3b:20:63:68:61:72:73:65:74:3d:22:75:74:66:2d:38:22:0d:0a:43:4f:4e:54:45:4e:54:2d:4c:45:4e:47:54:48:3a:20:31:37:36:0d:0a:4e:54:3a:20:75:70:6e:70:3a:65:76:65:6e:74:0d:0a:4e:54:53:3a:20:75:70:6e:70:3a:70:72:6f:70:63:68:61:6e:67:65:0d:0a:53:49:44:3a:20:75:75:69:64:3a:38:36:65:65:36:38:36:34:2d:31:64:64:32:2d:31:31:62:32:2d:62:65:35:62:2d:62:30:65:66:32:36:30:30:36:38:61:61:0d:0a:53:45:51:3a:20:34:0d:0a:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:49.409414000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495109.409414000", - "frame.time_delta": "0.000469000", - "frame.time_delta_displayed": "0.000469000", - "frame.time_relative": "1517.948728000", - "frame.number": "5397", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "14:91:82:25:10:77", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000c6a6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f1a5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.dst_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "39500", - "tcp.dstport": "4131", - "tcp.port": "39500", - "tcp.port": "4131", - "tcp.stream": "201", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "205", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "245", - "tcp.window_size": "15680", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000c338", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5396", - "tcp.analysis.ack_rtt": "0.000469000", - "tcp.analysis.initial_rtt": "0.002485000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:49.415361000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495109.415361000", - "frame.time_delta": "0.005947000", - "frame.time_delta_displayed": "0.005947000", - "frame.time_relative": "1517.954675000", - "frame.number": "5398", - "frame.len": "231", - "frame.cap_len": "231", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml:http:data" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "14:91:82:25:10:77", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "217", - "ip.id": "0x00004b45", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006c56", - "ip.checksum.status": "2", - "ip.src": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.src_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "4131", - "tcp.dstport": "39500", - "tcp.port": "4131", - "tcp.port": "39500", - "tcp.stream": "201", - "tcp.len": "177", - "tcp.seq": "205", - "tcp.nxtseq": "382", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "2920", - "tcp.window_size": "5840", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x00008574", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002485000", - "tcp.analysis.bytes_in_flight": "177", - "tcp.analysis.push_bytes_sent": "177" - }, - "tcp.segment_data": "3c:65:3a:70:72:6f:70:65:72:74:79:73:65:74:20:78:6d:6c:6e:73:3a:65:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:65:76:65:6e:74:2d:31:2d:30:22:3e:0a:3c:65:3a:70:72:6f:70:65:72:74:79:3e:0a:3c:42:69:6e:61:72:79:53:74:61:74:65:3e:30:7c:31:35:30:39:34:39:35:31:30:38:7c:30:7c:30:7c:31:34:33:32:30:7c:31:32:30:39:36:30:30:7c:31:35:7c:30:7c:30:7c:34:38:36:30:30:35:31:3c:2f:42:69:6e:61:72:79:53:74:61:74:65:3e:0a:3c:2f:65:3a:70:72:6f:70:65:72:74:79:3e:0a:3c:2f:65:3a:70:72:6f:70:65:72:74:79:73:65:74:3e:0a:0a:0d" - }, - "tcp.segments": { - "tcp.segment": "5396", - "tcp.segment": "5398", - "tcp.segment.count": "2", - "tcp.reassembled.length": "380", - "tcp.reassembled.data": "4e:4f:54:49:46:59:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:4f:53:54:3a:20:31:39:32:2e:31:36:38:2e:30:2e:32:34:32:3a:33:39:35:30:30:0d:0a:43:4f:4e:54:45:4e:54:2d:54:59:50:45:3a:20:74:65:78:74:2f:78:6d:6c:3b:20:63:68:61:72:73:65:74:3d:22:75:74:66:2d:38:22:0d:0a:43:4f:4e:54:45:4e:54:2d:4c:45:4e:47:54:48:3a:20:31:37:36:0d:0a:4e:54:3a:20:75:70:6e:70:3a:65:76:65:6e:74:0d:0a:4e:54:53:3a:20:75:70:6e:70:3a:70:72:6f:70:63:68:61:6e:67:65:0d:0a:53:49:44:3a:20:75:75:69:64:3a:38:36:65:65:36:38:36:34:2d:31:64:64:32:2d:31:31:62:32:2d:62:65:35:62:2d:62:30:65:66:32:36:30:30:36:38:61:61:0d:0a:53:45:51:3a:20:34:0d:0a:0d:0a:3c:65:3a:70:72:6f:70:65:72:74:79:73:65:74:20:78:6d:6c:6e:73:3a:65:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:65:76:65:6e:74:2d:31:2d:30:22:3e:0a:3c:65:3a:70:72:6f:70:65:72:74:79:3e:0a:3c:42:69:6e:61:72:79:53:74:61:74:65:3e:30:7c:31:35:30:39:34:39:35:31:30:38:7c:30:7c:30:7c:31:34:33:32:30:7c:31:32:30:39:36:30:30:7c:31:35:7c:30:7c:30:7c:34:38:36:30:30:35:31:3c:2f:42:69:6e:61:72:79:53:74:61:74:65:3e:0a:3c:2f:65:3a:70:72:6f:70:65:72:74:79:3e:0a:3c:2f:65:3a:70:72:6f:70:65:72:74:79:73:65:74:3e:0a:0a:0d" - }, - "http": { - "NOTIFY \/ HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY \/ HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "\/", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.242:39500", - "http.content_type": "text\/xml; charset=\"utf-8\"", - "http.content_length_header": "176", - "http.content_length_header_tree": { - "http.content_length": "176" - }, - "http.unknown_header": "NT: upnp:event\\r\\n", - "http.unknown_header": "NTS: upnp:propchange\\r\\n", - "http.unknown_header": "SID: uuid:86ee6864-1dd2-11b2-be5b-b0ef260068aa\\r\\n", - "http.unknown_header": "SEQ: 4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.242:39500\/", - "http.notification": "1", - "http.file_data": "<e:propertyset xmlns:e=\"urn:schemas-upnp-org:event-1-0\">\n<e:property>\n<BinaryState>0|1509495108|0|0|14320|1209600|15|0|0|4860051<\/BinaryState>\n<\/e:property>\n<\/e:propertyset>\n\n\r" - }, - "xml": { - "xml.tag": "<e:propertyset xmlns:e=\"urn:schemas-upnp-org:event-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns:e=\"urn:schemas-upnp-org:event-1-0\"", - "xml.tag": "<e:property>", - "xml.tag_tree": { - "xml.tag": "<BinaryState>", - "xml.tag_tree": { - "xml.cdata": "0|1509495108|0|0|14320|1209600|15|0|0|4860051", - "<\/BinaryState>": "" - }, - "<\/e:property>": "" - }, - "<\/e:propertyset>": "" - } - }, - "http": { - "data": { - "data.data": "0a", - "data.len": "1" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:49.415819000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495109.415819000", - "frame.time_delta": "0.000458000", - "frame.time_delta_displayed": "0.000458000", - "frame.time_relative": "1517.955133000", - "frame.number": "5399", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "14:91:82:25:10:77", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000c6a7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f1a4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.dst_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "39500", - "tcp.dstport": "4131", - "tcp.port": "39500", - "tcp.port": "4131", - "tcp.stream": "201", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "382", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "262", - "tcp.window_size": "16768", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000c276", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5398", - "tcp.analysis.ack_rtt": "0.000458000", - "tcp.analysis.initial_rtt": "0.002485000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:49.429674000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495109.429674000", - "frame.time_delta": "0.013855000", - "frame.time_delta_displayed": "0.013855000", - "frame.time_relative": "1517.968988000", - "frame.number": "5400", - "frame.len": "531", - "frame.cap_len": "531", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "517", - "ip.id": "0x0000966e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007540", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "465", - "tcp.seq": "71191", - "tcp.nxtseq": "71656", - "tcp.ack": "16417", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000bc60", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:01:e6:a7:a0:c4:b0", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2556390, TSecr 2812331184": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2556390", - "tcp.options.timestamp.tsecr": "2812331184" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "465", - "tcp.analysis.push_bytes_sent": "465" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "460", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:11:6a:d3:86:cf:98:f5:e1:62:89:8d:14:35:6c:09:ef:70:c9:32:7d:e5:51:ea:b6:a4:e9:03:6d:34:12:02:aa:b3:d7:fc:95:e9:e7:2d:15:02:fc:90:99:e2:be:07:48:2c:6a:dc:4d:c1:67:bf:65:82:c2:8a:c1:1d:1d:8a:f0:85:d9:59:f6:e5:61:97:1b:ac:52:28:36:63:8e:9e:82:03:ad:f7:12:b5:8e:fd:a1:2e:78:f2:ff:01:69:6a:39:e9:2e:43:18:47:ba:69:04:e2:bf:78:d6:39:12:8c:54:93:b4:23:3e:ff:f9:4e:66:68:96:cc:4e:38:4f:85:76:d0:53:cd:03:e2:93:24:84:ce:29:3b:15:6e:53:44:78:c0:d7:43:82:75:72:a8:64:65:f1:da:0e:51:42:b6:35:47:ef:74:40:69:3e:da:10:47:2e:62:9f:5d:ae:df:57:bb:c7:12:ac:1e:b3:c9:1d:02:5c:64:c9:18:6f:63:44:82:06:66:ff:8a:42:7b:82:73:17:d6:78:d4:87:75:a1:11:e5:95:dc:80:4f:16:ae:c0:7e:d3:9f:d4:cb:83:69:c7:ad:78:97:8e:29:ca:72:3c:43:34:c2:20:0e:9a:2a:54:2b:ac:83:9b:03:78:bf:dc:c8:78:dc:e8:dd:0a:a8:62:da:89:3a:10:dd:ae:96:ec:32:1c:8a:57:40:73:ce:b1:30:dc:c7:a4:69:f3:e3:04:4f:1c:3d:ce:40:28:e4:cf:6f:e2:2a:13:eb:5d:54:ef:5c:54:e1:b6:45:d9:32:6b:4e:5d:e9:89:4d:51:6e:50:74:84:49:0b:55:40:01:e4:e9:78:62:7e:93:c4:37:c6:1a:1c:7c:23:71:c7:39:52:1f:5b:06:bc:70:8a:1c:10:33:70:12:14:e9:2d:6a:56:e8:6d:22:53:1e:a6:bb:80:ee:50:bb:03:11:59:99:fa:f7:8f:21:f4:a9:9f:e6:1f:78:b2:05:c7:2b:ea:be:62:65:94:bb:bc:29:e8:42:8c:aa:29:90:28:72:e3:f6:e8:3b:8b:e1:1d:13:62:34:f7:3e:b2:16:af:a9:32:12:b5:f1:50:71:a3:80:12:6e:34:9f:17:6e:4b:e1:4e:a9:9f:78:5f:fd:7e:00:33:5a:52:b7:2e:90:81:06:fa:d1:d1:12:fc:41:d9" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:49.489886000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495109.489886000", - "frame.time_delta": "0.060212000", - "frame.time_delta_displayed": "0.060212000", - "frame.time_relative": "1518.029200000", - "frame.number": "5401", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d69", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003816", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "16417", - "tcp.ack": "71656", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000088d1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:c5:c8:00:27:01:e6", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812331464, TSecr 2556390": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812331464", - "tcp.options.timestamp.tsecr": "2556390" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5400", - "tcp.analysis.ack_rtt": "0.060212000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:49.490670000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495109.490670000", - "frame.time_delta": "0.000784000", - "frame.time_delta_displayed": "0.000784000", - "frame.time_relative": "1518.029984000", - "frame.number": "5402", - "frame.len": "151", - "frame.cap_len": "151", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "137", - "ip.id": "0x00002d6a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037c0", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "85", - "tcp.seq": "16417", - "tcp.nxtseq": "16502", - "tcp.ack": "71656", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000bb17", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:c5:c9:00:27:01:e6", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812331465, TSecr 2556390": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812331465", - "tcp.options.timestamp.tsecr": "2556390" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "85", - "tcp.analysis.push_bytes_sent": "85" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "80", - "ssl.app_data": "34:cd:34:17:47:48:0e:b0:79:ab:ea:ac:56:ba:53:7b:89:41:8d:dc:a6:bd:61:7d:fb:13:c1:ce:55:fa:e0:b5:76:54:78:8d:91:c9:6c:be:6e:c1:2f:9f:ef:e8:c0:ce:4e:19:4c:ea:3d:c3:86:29:90:b7:32:66:05:0d:e0:b0:b9:80:8a:39:71:e3:c1:10:e4:52:78:9e:24:21:3b:fd" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:49.495406000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495109.495406000", - "frame.time_delta": "0.004736000", - "frame.time_delta_displayed": "0.004736000", - "frame.time_relative": "1518.034720000", - "frame.number": "5403", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x0000966f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000076e1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "71656", - "tcp.nxtseq": "71703", - "tcp.ack": "16502", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000064e5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:01:ec:a7:a0:c5:c9", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2556396, TSecr 2812331465": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2556396", - "tcp.options.timestamp.tsecr": "2812331465" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5402", - "tcp.analysis.ack_rtt": "0.004736000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:12:51:53:f2:b5:ee:8d:25:22:90:4e:73:46:e1:cc:89:55:35:08:2e:a5:4f:3c:6a:4f:e8:56:14:89:d9:b4:3d:de:50:f3" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:49.500922000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495109.500922000", - "frame.time_delta": "0.005516000", - "frame.time_delta_displayed": "0.005516000", - "frame.time_relative": "1518.040236000", - "frame.number": "5404", - "frame.len": "92", - "frame.cap_len": "92", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "14:91:82:25:10:77", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "78", - "ip.id": "0x0000c6a8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f17d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.dst_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "39500", - "tcp.dstport": "4131", - "tcp.port": "39500", - "tcp.port": "4131", - "tcp.stream": "201", - "tcp.len": "38", - "tcp.seq": "1", - "tcp.nxtseq": "39", - "tcp.ack": "382", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "262", - "tcp.window_size": "16768", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000cf01", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002485000", - "tcp.analysis.bytes_in_flight": "38", - "tcp.analysis.push_bytes_sent": "38" - } - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.connection": "close", - "http.response.line": "Connection: close\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:49.503163000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495109.503163000", - "frame.time_delta": "0.002241000", - "frame.time_delta_displayed": "0.002241000", - "frame.time_relative": "1518.042477000", - "frame.number": "5405", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "14:91:82:25:10:77", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00004b46", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006d06", - "ip.checksum.status": "2", - "ip.src": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.src_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "4131", - "tcp.dstport": "39500", - "tcp.port": "4131", - "tcp.port": "39500", - "tcp.stream": "201", - "tcp.len": "0", - "tcp.seq": "382", - "tcp.ack": "39", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "2920", - "tcp.window_size": "5840", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x0000b7ee", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5404", - "tcp.analysis.ack_rtt": "0.002241000", - "tcp.analysis.initial_rtt": "0.002485000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:49.505532000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495109.505532000", - "frame.time_delta": "0.002369000", - "frame.time_delta_displayed": "0.002369000", - "frame.time_relative": "1518.044846000", - "frame.number": "5406", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "14:91:82:25:10:77", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00004b47", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006d05", - "ip.checksum.status": "2", - "ip.src": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.src_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "4131", - "tcp.dstport": "39500", - "tcp.port": "4131", - "tcp.port": "39500", - "tcp.stream": "201", - "tcp.len": "0", - "tcp.seq": "382", - "tcp.ack": "39", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "2920", - "tcp.window_size": "5840", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x0000b7ed", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:49.506206000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495109.506206000", - "frame.time_delta": "0.000674000", - "frame.time_delta_displayed": "0.000674000", - "frame.time_relative": "1518.045520000", - "frame.number": "5407", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "14:91:82:25:10:77", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000c6a9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f1a2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.dst_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "39500", - "tcp.dstport": "4131", - "tcp.port": "39500", - "tcp.port": "4131", - "tcp.stream": "201", - "tcp.len": "0", - "tcp.seq": "39", - "tcp.ack": "383", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "262", - "tcp.window_size": "16768", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000c24e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5406", - "tcp.analysis.ack_rtt": "0.000674000", - "tcp.analysis.initial_rtt": "0.002485000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:49.515029000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495109.515029000", - "frame.time_delta": "0.008823000", - "frame.time_delta_displayed": "0.008823000", - "frame.time_relative": "1518.054343000", - "frame.number": "5408", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "14:91:82:25:10:77", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00004b48", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006d04", - "ip.checksum.status": "2", - "ip.src": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.src_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "4131", - "tcp.dstport": "39500", - "tcp.port": "4131", - "tcp.port": "39500", - "tcp.stream": "201", - "tcp.len": "0", - "tcp.seq": "383", - "tcp.ack": "40", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "2920", - "tcp.window_size": "5840", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x0000b7ec", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5407", - "tcp.analysis.ack_rtt": "0.008823000", - "tcp.analysis.initial_rtt": "0.002485000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:49.556407000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495109.556407000", - "frame.time_delta": "0.041378000", - "frame.time_delta_displayed": "0.041378000", - "frame.time_relative": "1518.095721000", - "frame.number": "5409", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002d6b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037e5", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "16502", - "tcp.nxtseq": "16549", - "tcp.ack": "71703", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00007222", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:c5:d9:00:27:01:ec", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812331481, TSecr 2556396": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812331481", - "tcp.options.timestamp.tsecr": "2556396" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5403", - "tcp.analysis.ack_rtt": "0.061001000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:b1:2e:4f:9d:b7:58:44:b6:3c:c8:2d:41:5e:de:c2:0f:67:bc:ac:99:d6:f8:6c:b6:21:f7:08:42:d2:37:ff:f2:1a:df:ae" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:49.556841000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495109.556841000", - "frame.time_delta": "0.000434000", - "frame.time_delta_displayed": "0.000434000", - "frame.time_relative": "1518.096155000", - "frame.number": "5410", - "frame.len": "174", - "frame.cap_len": "174", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "160", - "ip.id": "0x00009670", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000076a3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "108", - "tcp.seq": "71703", - "tcp.nxtseq": "71811", - "tcp.ack": "16549", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000243c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:01:f3:a7:a0:c5:d9", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2556403, TSecr 2812331481": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2556403", - "tcp.options.timestamp.tsecr": "2812331481" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5409", - "tcp.analysis.ack_rtt": "0.000434000", - "tcp.analysis.bytes_in_flight": "108", - "tcp.analysis.push_bytes_sent": "108" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:13:3b:71:45:a9:3e:9e:3f:a8:96:f0:7e:e0:9e:8c:fc:5c:b3:99:db:cc:39:35:8a:16:2a:17:39:4a:f0:f1:c2:23:4d:f1:a1:5f:6d:e1:be:a1:c0" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:14:4d:0e:3c:69:fa:08:ad:08:38:5b:aa:c0:d4:4a:1b:67:76:67:2a:4a:75:9f:cd:c5:29:30:d9:c4:6e:6e:4b:69:27:ba:00:2c:bc:47:bc:a9:e5" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:49.654273000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495109.654273000", - "frame.time_delta": "0.097432000", - "frame.time_delta_displayed": "0.097432000", - "frame.time_relative": "1518.193587000", - "frame.number": "5411", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d6c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003813", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "16549", - "tcp.ack": "71811", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000877b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:c5:f2:00:27:01:f3", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812331506, TSecr 2556403": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812331506", - "tcp.options.timestamp.tsecr": "2556403" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5410", - "tcp.analysis.ack_rtt": "0.097432000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:49.654756000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495109.654756000", - "frame.time_delta": "0.000483000", - "frame.time_delta_displayed": "0.000483000", - "frame.time_relative": "1518.194070000", - "frame.number": "5412", - "frame.len": "115", - "frame.cap_len": "115", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "101", - "ip.id": "0x00009671", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000076dd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "49", - "tcp.seq": "71811", - "tcp.nxtseq": "71860", - "tcp.ack": "16549", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00008fb6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:01:fc:a7:a0:c5:f2", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2556412, TSecr 2812331506": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2556412", - "tcp.options.timestamp.tsecr": "2812331506" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "49", - "tcp.analysis.push_bytes_sent": "49" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "44", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:15:01:92:02:0e:50:1e:88:68:a1:2d:94:d9:e9:87:b5:16:47:be:ac:32:50:28:bb:f7:f4:0d:33:e7:b8:7b:ff:1b:aa:99:37:db" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:11:49.715075000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495109.715075000", - "frame.time_delta": "0.060319000", - "frame.time_delta_displayed": "0.060319000", - "frame.time_relative": "1518.254389000", - "frame.number": "5413", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d6d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003812", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "16549", - "tcp.ack": "71860", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00008732", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:c6:01:00:27:01:fc", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812331521, TSecr 2556412": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812331521", - "tcp.options.timestamp.tsecr": "2556412" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5412", - "tcp.analysis.ack_rtt": "0.060319000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:04.356743000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495124.356743000", - "frame.time_delta": "14.641668000", - "frame.time_delta_displayed": "14.641668000", - "frame.time_relative": "1532.896057000", - "frame.number": "5414", - "frame.len": "94", - "frame.cap_len": "94", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "80", - "ip.id": "0x00005815", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a654", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "40", - "tcp.seq": "4998", - "tcp.nxtseq": "5038", - "tcp.ack": "541", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00003829", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "40", - "tcp.analysis.push_bytes_sent": "40" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "35", - "ssl.app_data": "c1:4c:bc:6e:d4:4e:36:ea:bd:1f:d5:d4:0c:d5:96:63:c2:1d:f2:a7:2d:2c:b2:e0:5b:b3:66:7f:e5:e6:fa:0f:b0:5d:1b" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:04.500152000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495124.500152000", - "frame.time_delta": "0.143409000", - "frame.time_delta_displayed": "0.143409000", - "frame.time_relative": "1533.039466000", - "frame.number": "5415", - "frame.len": "90", - "frame.cap_len": "90", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "76", - "ip.id": "0x00000ffd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fd70", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "36", - "tcp.seq": "541", - "tcp.nxtseq": "577", - "tcp.ack": "5038", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000e0d0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5414", - "tcp.analysis.ack_rtt": "0.143409000", - "tcp.analysis.bytes_in_flight": "36", - "tcp.analysis.push_bytes_sent": "36" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "31", - "ssl.app_data": "54:26:79:5a:1e:3d:fa:6f:27:d8:a3:55:31:e9:1e:3d:bc:24:4f:9e:8d:d8:86:53:19:0f:f1:77:c2:e8:7d" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:04.500672000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495124.500672000", - "frame.time_delta": "0.000520000", - "frame.time_delta_displayed": "0.000520000", - "frame.time_relative": "1533.039986000", - "frame.number": "5416", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005816", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a67b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "5038", - "tcp.ack": "577", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f0d1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5415", - "tcp.analysis.ack_rtt": "0.000520000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:06.639388000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495126.639388000", - "frame.time_delta": "2.138716000", - "frame.time_delta_displayed": "2.138716000", - "frame.time_relative": "1535.178702000", - "frame.number": "5417", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005ddb", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x00005a0e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:07.402986000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495127.402986000", - "frame.time_delta": "0.763598000", - "frame.time_delta_displayed": "0.763598000", - "frame.time_relative": "1535.942300000", - "frame.number": "5418", - "frame.len": "130", - "frame.cap_len": "130", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "116", - "ip.id": "0x00000b81", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ed0f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "96", - "udp.checksum": "0x00003c28", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:33:84:4c:e9:e8:d1:cd:f2:14:6b:00:00:00:78:27:e3:e3:14:2e:34:21:00:00:ff:ff:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", - "data.len": "88" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:09.269067000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495129.269067000", - "frame.time_delta": "1.866081000", - "frame.time_delta_displayed": "1.866081000", - "frame.time_relative": "1537.808381000", - "frame.number": "5419", - "frame.len": "136", - "frame.cap_len": "136", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "122", - "ip.id": "0x0000ff81", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000d9d7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "102", - "udp.checksum": "0x0000302a", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000003", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", - "dns.qry.name.len": "70", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:09.510119000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495129.510119000", - "frame.time_delta": "0.241052000", - "frame.time_delta_displayed": "0.241052000", - "frame.time_relative": "1538.049433000", - "frame.number": "5420", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.160" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:09.510517000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495129.510517000", - "frame.time_delta": "0.000398000", - "frame.time_delta_displayed": "0.000398000", - "frame.time_relative": "1538.049831000", - "frame.number": "5421", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "00:17:88:69:ee:e4", - "arp.src.proto_ipv4": "192.168.0.160", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:10.203031000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495130.203031000", - "frame.time_delta": "0.692514000", - "frame.time_delta_displayed": "0.692514000", - "frame.time_relative": "1538.742345000", - "frame.number": "5422", - "frame.len": "134", - "frame.cap_len": "134", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:adwin_config" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "120", - "ip.id": "0x00000b83", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ed09", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "100", - "udp.checksum": "0x0000de15", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "adwin_config": { - "adwin_config.pattern": "0x5c000054", - "adwin_config.version": "1112689490", - "adwin_config.scan_id": "0xd073d502", - "adwin_config.status": "0x41da0000", - "adwin_config.timeout": "1279870552", - "adwin_config.filename": "V2", - "adwin_config.mac": "9f:36:19:4e:7a:42", - "adwin_config.unused": "" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:12.656531000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495132.656531000", - "frame.time_delta": "2.453500000", - "frame.time_delta_displayed": "2.453500000", - "frame.time_relative": "1541.195845000", - "frame.number": "5423", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001f76", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b87a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00001672", - "udp.checksum.status": "2", - "udp.stream": "98" - }, - "mdns": { - "dns.id": "0x00000283", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=643", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:12.657049000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495132.657049000", - "frame.time_delta": "0.000518000", - "frame.time_delta_displayed": "0.000518000", - "frame.time_relative": "1541.196363000", - "frame.number": "5424", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001f77", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009975", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f76d", - "udp.checksum.status": "2", - "udp.stream": "99" - }, - "mdns": { - "dns.id": "0x00000283", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=643", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:12.657687000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495132.657687000", - "frame.time_delta": "0.000638000", - "frame.time_delta_displayed": "0.000638000", - "frame.time_relative": "1541.197001000", - "frame.number": "5425", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1322", - "udp.dstport": "5353", - "udp.port": "1322", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00008533", - "udp.checksum.status": "2", - "udp.stream": "100" - }, - "mdns": { - "dns.id": "0x00000283", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=643", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:17.656841000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495137.656841000", - "frame.time_delta": "4.999154000", - "frame.time_delta_displayed": "4.999154000", - "frame.time_relative": "1546.196155000", - "frame.number": "5426", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001f78", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b878", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00001672", - "udp.checksum.status": "2", - "udp.stream": "98" - }, - "mdns": { - "dns.id": "0x00000283", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=643", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:17.657342000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495137.657342000", - "frame.time_delta": "0.000501000", - "frame.time_delta_displayed": "0.000501000", - "frame.time_relative": "1546.196656000", - "frame.number": "5427", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001f79", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009973", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f76d", - "udp.checksum.status": "2", - "udp.stream": "99" - }, - "mdns": { - "dns.id": "0x00000283", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=643", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:17.657960000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495137.657960000", - "frame.time_delta": "0.000618000", - "frame.time_delta_displayed": "0.000618000", - "frame.time_relative": "1546.197274000", - "frame.number": "5428", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1322", - "udp.dstport": "5353", - "udp.port": "1322", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00008533", - "udp.checksum.status": "2", - "udp.stream": "100" - }, - "mdns": { - "dns.id": "0x00000283", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=643", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:18.802091000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495138.802091000", - "frame.time_delta": "1.144131000", - "frame.time_delta_displayed": "1.144131000", - "frame.time_relative": "1547.341405000", - "frame.number": "5429", - "frame.len": "130", - "frame.cap_len": "130", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "116", - "ip.id": "0x00000b85", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ed0b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "96", - "udp.checksum": "0x00000a90", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:34:44:3c:58:90:d4:cd:f2:14:6b:00:00:00:78:27:e3:e3:14:2e:34:21:00:00:ff:ff:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", - "data.len": "88" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:18.901575000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495138.901575000", - "frame.time_delta": "0.099484000", - "frame.time_delta_displayed": "0.099484000", - "frame.time_relative": "1547.440889000", - "frame.number": "5430", - "frame.len": "78", - "frame.cap_len": "78", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "64", - "ip.id": "0x00000b87", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ed3d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "44", - "udp.checksum": "0x00005393", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "24:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:35:84:5f:5d:96:d4:cd:f2:14:2d:00:00:00", - "data.len": "36" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:19.005814000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495139.005814000", - "frame.time_delta": "0.104239000", - "frame.time_delta_displayed": "0.104239000", - "frame.time_relative": "1547.545128000", - "frame.number": "5431", - "frame.len": "130", - "frame.cap_len": "130", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "116", - "ip.id": "0x00000b89", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ed07", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "96", - "udp.checksum": "0x00007323", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:36:44:fe:43:9c:d4:cd:f2:14:6b:00:00:00:78:27:e3:e3:14:2e:34:21:00:00:ab:9c:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", - "data.len": "88" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:20.574555000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495140.574555000", - "frame.time_delta": "1.568741000", - "frame.time_delta_displayed": "1.568741000", - "frame.time_relative": "1549.113869000", - "frame.number": "5432", - "frame.len": "115", - "frame.cap_len": "115", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "101", - "ip.id": "0x00009672", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000076dc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "49", - "tcp.seq": "71860", - "tcp.nxtseq": "71909", - "tcp.ack": "16549", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000087eb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:0e:11:a7:a0:c6:01", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2559505, TSecr 2812331521": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2559505", - "tcp.options.timestamp.tsecr": "2812331521" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "49", - "tcp.analysis.push_bytes_sent": "49" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "44", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:16:dd:05:90:c0:40:84:b5:a4:61:53:aa:88:91:60:30:c6:f4:ef:cc:51:cf:cd:11:7c:78:72:ae:1c:7a:1c:23:b1:d0:3b:7f:c3" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:20.636633000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495140.636633000", - "frame.time_delta": "0.062078000", - "frame.time_delta_displayed": "0.062078000", - "frame.time_relative": "1549.175947000", - "frame.number": "5433", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d6e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003811", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "16549", - "tcp.ack": "71909", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00005cba", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:e4:33:00:27:0e:11", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812339251, TSecr 2559505": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812339251", - "tcp.options.timestamp.tsecr": "2559505" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5432", - "tcp.analysis.ack_rtt": "0.062078000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:20.637261000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495140.637261000", - "frame.time_delta": "0.000628000", - "frame.time_delta_displayed": "0.000628000", - "frame.time_relative": "1549.176575000", - "frame.number": "5434", - "frame.len": "121", - "frame.cap_len": "121", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "107", - "ip.id": "0x00002d6f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037d9", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "55", - "tcp.seq": "16549", - "tcp.nxtseq": "16604", - "tcp.ack": "71909", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00000b49", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:e4:33:00:27:0e:11", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812339251, TSecr 2559505": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812339251", - "tcp.options.timestamp.tsecr": "2559505" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "55", - "tcp.analysis.push_bytes_sent": "55" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "50", - "ssl.app_data": "34:cd:34:17:47:48:0e:b2:61:61:cb:1d:a6:f4:25:d7:c4:99:51:56:0f:e9:aa:3d:9b:ef:f9:55:6f:20:d1:d7:0d:e8:53:03:58:ae:3b:2e:7b:85:c3:4e:07:5c:bb:c0:d9:cd" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:20.674224000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495140.674224000", - "frame.time_delta": "0.036963000", - "frame.time_delta_displayed": "0.036963000", - "frame.time_relative": "1549.213538000", - "frame.number": "5435", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00009673", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000770c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "71909", - "tcp.ack": "16604", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00005b8a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:0e:1b:a7:a0:e4:33", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2559515, TSecr 2812339251": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2559515", - "tcp.options.timestamp.tsecr": "2812339251" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5434", - "tcp.analysis.ack_rtt": "0.036963000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:22.657108000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495142.657108000", - "frame.time_delta": "1.982884000", - "frame.time_delta_displayed": "1.982884000", - "frame.time_relative": "1551.196422000", - "frame.number": "5436", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001f7c", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b874", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00001672", - "udp.checksum.status": "2", - "udp.stream": "98" - }, - "mdns": { - "dns.id": "0x00000283", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=643", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:22.657852000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495142.657852000", - "frame.time_delta": "0.000744000", - "frame.time_delta_displayed": "0.000744000", - "frame.time_relative": "1551.197166000", - "frame.number": "5437", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001f7d", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000996f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f76d", - "udp.checksum.status": "2", - "udp.stream": "99" - }, - "mdns": { - "dns.id": "0x00000283", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=643", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:22.658286000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495142.658286000", - "frame.time_delta": "0.000434000", - "frame.time_delta_displayed": "0.000434000", - "frame.time_relative": "1551.197600000", - "frame.number": "5438", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1322", - "udp.dstport": "5353", - "udp.port": "1322", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00008533", - "udp.checksum.status": "2", - "udp.stream": "100" - }, - "mdns": { - "dns.id": "0x00000283", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=643", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:25.626990000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495145.626990000", - "frame.time_delta": "2.968704000", - "frame.time_delta_displayed": "2.968704000", - "frame.time_relative": "1554.166304000", - "frame.number": "5439", - "frame.len": "20", - "frame.cap_len": "20", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:llc" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.len": "6" - }, - "llc": { - "llc.dsap": "0x00000000", - "llc.dsap_tree": { - "llc.dsap.sap": "0", - "llc.dsap.ig": "0" - }, - "llc.ssap": "0x00000001", - "llc.ssap_tree": { - "llc.ssap.sap": "0", - "llc.ssap.cr": "1" - }, - "llc.control": "0x000000af", - "llc.control_tree": { - "llc.control.u_modifier_resp": "0x0000002b", - "llc.control.ftype": "0x00000003" - } - }, - "basicxid": { - "basicxid.llc.xid.format": "0x00000081", - "basicxid.llc.xid.types": "0x00000001", - "basicxid.llc.xid.wsize": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:25.640225000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495145.640225000", - "frame.time_delta": "0.013235000", - "frame.time_delta_displayed": "0.013235000", - "frame.time_relative": "1554.179539000", - "frame.number": "5440", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.242" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:25.640669000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495145.640669000", - "frame.time_delta": "0.000444000", - "frame.time_delta_displayed": "0.000444000", - "frame.time_relative": "1554.179983000", - "frame.number": "5441", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "d0:52:a8:a3:60:0f", - "arp.src.proto_ipv4": "192.168.0.242", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:25.890959000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495145.890959000", - "frame.time_delta": "0.250290000", - "frame.time_delta_displayed": "0.250290000", - "frame.time_relative": "1554.430273000", - "frame.number": "5442", - "frame.len": "350", - "frame.cap_len": "350", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:bootp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "336", - "ip.id": "0x00000000", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ba9d", - "ip.checksum.status": "2", - "ip.src": "0.0.0.0", - "ip.addr": "0.0.0.0", - "ip.src_host": "0.0.0.0", - "ip.host": "0.0.0.0", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "68", - "udp.dstport": "67", - "udp.port": "68", - "udp.port": "67", - "udp.length": "316", - "udp.checksum": "0x00004f9e", - "udp.checksum.status": "2", - "udp.stream": "3" - }, - "bootp": { - "bootp.type": "1", - "bootp.hw.type": "0x00000001", - "bootp.hw.len": "6", - "bootp.hops": "0", - "bootp.id": "0xabcd0001", - "bootp.secs": "0", - "bootp.flags": "0x00000000", - "bootp.flags_tree": { - "bootp.flags.bc": "0", - "bootp.flags.reserved": "0x00000000" - }, - "bootp.ip.client": "0.0.0.0", - "bootp.ip.your": "0.0.0.0", - "bootp.ip.server": "0.0.0.0", - "bootp.ip.relay": "0.0.0.0", - "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", - "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", - "bootp.server": "", - "bootp.file": "", - "bootp.dhcp": "1", - "bootp.cookie": "99.130.83.99", - "bootp.option.type": "53", - "bootp.option.type_tree": { - "bootp.option.length": "1", - "bootp.option.value": "01", - "bootp.option.dhcp": "1" - }, - "bootp.option.type": "12", - "bootp.option.type_tree": { - "bootp.option.length": "14", - "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", - "bootp.option.hostname": "USR-WIFI232-G2" - }, - "bootp.option.type": "57", - "bootp.option.type_tree": { - "bootp.option.length": "2", - "bootp.option.value": "05:dc", - "bootp.option.dhcp_max_message_size": "1500" - }, - "bootp.option.type": "55", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "01:03:1c:06", - "bootp.option.request_list_item": "1", - "bootp.option.request_list_item": "3", - "bootp.option.request_list_item": "28", - "bootp.option.request_list_item": "6" - }, - "bootp.option.type": "0", - "bootp.option.type_tree": { - "bootp.option.end": "255" - }, - "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:25.911177000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495145.911177000", - "frame.time_delta": "0.020218000", - "frame.time_delta_displayed": "0.020218000", - "frame.time_relative": "1554.450491000", - "frame.number": "5443", - "frame.len": "350", - "frame.cap_len": "350", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:bootp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "336", - "ip.id": "0x00000001", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ba9c", - "ip.checksum.status": "2", - "ip.src": "0.0.0.0", - "ip.addr": "0.0.0.0", - "ip.src_host": "0.0.0.0", - "ip.host": "0.0.0.0", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "68", - "udp.dstport": "67", - "udp.port": "68", - "udp.port": "67", - "udp.length": "316", - "udp.checksum": "0x000080b3", - "udp.checksum.status": "2", - "udp.stream": "3" - }, - "bootp": { - "bootp.type": "1", - "bootp.hw.type": "0x00000001", - "bootp.hw.len": "6", - "bootp.hops": "0", - "bootp.id": "0xabcd0002", - "bootp.secs": "0", - "bootp.flags": "0x00000000", - "bootp.flags_tree": { - "bootp.flags.bc": "0", - "bootp.flags.reserved": "0x00000000" - }, - "bootp.ip.client": "0.0.0.0", - "bootp.ip.your": "0.0.0.0", - "bootp.ip.server": "0.0.0.0", - "bootp.ip.relay": "0.0.0.0", - "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", - "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", - "bootp.server": "", - "bootp.file": "", - "bootp.dhcp": "1", - "bootp.cookie": "99.130.83.99", - "bootp.option.type": "53", - "bootp.option.type_tree": { - "bootp.option.length": "1", - "bootp.option.value": "03", - "bootp.option.dhcp": "3" - }, - "bootp.option.type": "12", - "bootp.option.type_tree": { - "bootp.option.length": "14", - "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", - "bootp.option.hostname": "USR-WIFI232-G2" - }, - "bootp.option.type": "57", - "bootp.option.type_tree": { - "bootp.option.length": "2", - "bootp.option.value": "05:dc", - "bootp.option.dhcp_max_message_size": "1500" - }, - "bootp.option.type": "50", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "c0:a8:00:72", - "bootp.option.requested_ip_address": "192.168.0.114" - }, - "bootp.option.type": "54", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "c0:a8:00:01", - "bootp.option.dhcp_server_id": "192.168.0.1" - }, - "bootp.option.type": "55", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "01:03:1c:06", - "bootp.option.request_list_item": "1", - "bootp.option.request_list_item": "3", - "bootp.option.request_list_item": "28", - "bootp.option.request_list_item": "6" - }, - "bootp.option.type": "0", - "bootp.option.type_tree": { - "bootp.option.end": "255" - }, - "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:25.971991000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495145.971991000", - "frame.time_delta": "0.060814000", - "frame.time_delta_displayed": "0.060814000", - "frame.time_relative": "1554.511305000", - "frame.number": "5444", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", - "arp.src.proto_ipv4": "0.0.0.0", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.114" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:26.055692000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495146.055692000", - "frame.time_delta": "0.083701000", - "frame.time_delta_displayed": "0.083701000", - "frame.time_relative": "1554.595006000", - "frame.number": "5445", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", - "arp.src.proto_ipv4": "0.0.0.0", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.114" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:26.082881000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495146.082881000", - "frame.time_delta": "0.027189000", - "frame.time_delta_displayed": "0.027189000", - "frame.time_relative": "1554.622195000", - "frame.number": "5446", - "frame.len": "264", - "frame.cap_len": "264", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "250", - "ip.id": "0x00002d70", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003749", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "198", - "tcp.seq": "16604", - "tcp.nxtseq": "16802", - "tcp.ack": "71909", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00000fcb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:e9:85:00:27:0e:1b", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812340613, TSecr 2559515": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812340613", - "tcp.options.timestamp.tsecr": "2559515" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "198", - "tcp.analysis.push_bytes_sent": "198" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "193", - "ssl.app_data": "34:cd:34:17:47:48:0e:b3:07:09:39:2a:22:b6:fe:73:f4:8d:5a:2b:07:6d:37:6f:d6:f2:9d:c5:70:bb:3b:6c:da:5f:da:f2:82:d5:7b:42:39:01:80:04:f2:c2:69:2d:01:ea:ac:94:f5:cc:1c:90:30:2c:59:2f:ae:2e:14:f0:56:f6:07:08:d2:6f:c0:f9:fd:7c:6a:52:7a:6b:d9:7c:4a:19:95:41:f9:c0:39:26:28:7b:72:72:e9:a0:88:84:ae:e3:2c:3e:eb:14:da:5d:97:41:8e:27:7c:01:4d:59:64:ab:fb:0e:bf:96:ba:6f:18:5c:7c:6b:63:33:90:97:bd:15:ff:42:65:e3:01:ed:f5:71:7e:0e:dc:3b:a7:65:e8:1b:58:aa:28:f1:99:06:0d:81:71:42:77:c2:d2:d1:a2:f5:ee:aa:0e:d6:a7:22:19:54:03:63:1c:0f:26:08:eb:0e:74:1d:e0:a6:d7:03:6d:64:91:64:67:38:6b:3f:b2" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:26.083398000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495146.083398000", - "frame.time_delta": "0.000517000", - "frame.time_delta_displayed": "0.000517000", - "frame.time_relative": "1554.622712000", - "frame.number": "5447", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00009674", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000770b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "71909", - "tcp.ack": "16802", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00005356", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:10:37:a7:a0:e9:85", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2560055, TSecr 2812340613": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2560055", - "tcp.options.timestamp.tsecr": "2812340613" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5446", - "tcp.analysis.ack_rtt": "0.000517000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:26.099725000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495146.099725000", - "frame.time_delta": "0.016327000", - "frame.time_delta_displayed": "0.016327000", - "frame.time_relative": "1554.639039000", - "frame.number": "5448", - "frame.len": "119", - "frame.cap_len": "119", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "105", - "ip.id": "0x00009675", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000076d5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "53", - "tcp.seq": "71909", - "tcp.nxtseq": "71962", - "tcp.ack": "16802", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000e112", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:10:39:a7:a0:e9:85", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2560057, TSecr 2812340613": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2560057", - "tcp.options.timestamp.tsecr": "2812340613" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "53", - "tcp.analysis.push_bytes_sent": "53" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "48", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:17:bb:7b:5d:7c:11:30:d4:11:75:1a:be:dc:33:54:99:00:c9:0a:38:29:fe:57:4a:31:2b:7d:d8:eb:01:9d:e2:08:a7:b2:0d:38:12:74:eb:a3" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:26.198310000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495146.198310000", - "frame.time_delta": "0.098585000", - "frame.time_delta_displayed": "0.098585000", - "frame.time_relative": "1554.737624000", - "frame.number": "5449", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d71", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000380e", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "16802", - "tcp.ack": "71962", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000053f1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:e9:a2:00:27:10:39", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812340642, TSecr 2560057": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812340642", - "tcp.options.timestamp.tsecr": "2560057" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5448", - "tcp.analysis.ack_rtt": "0.098585000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:26.198934000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495146.198934000", - "frame.time_delta": "0.000624000", - "frame.time_delta_displayed": "0.000624000", - "frame.time_relative": "1554.738248000", - "frame.number": "5450", - "frame.len": "1413", - "frame.cap_len": "1413", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1399", - "ip.id": "0x00009676", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000071c6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "1347", - "tcp.seq": "71962", - "tcp.nxtseq": "73309", - "tcp.ack": "16802", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000a611", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:10:43:a7:a0:e9:a2", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2560067, TSecr 2812340642": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2560067", - "tcp.options.timestamp.tsecr": "2812340642" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "1347", - "tcp.analysis.push_bytes_sent": "1347" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "121", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:18:86:fc:64:01:2e:fb:9b:3e:45:a3:a2:04:29:f3:2a:b0:fc:c0:6d:91:14:c2:76:90:ea:62:e1:d0:c5:2e:f9:f4:77:f5:ac:49:5c:af:20:2d:55:e9:31:d4:a3:82:b2:a7:da:10:d9:40:a8:b2:57:a9:fe:96:e8:70:5b:fb:b6:20:21:06:da:2d:f0:fd:41:87:4a:61:c7:84:57:e7:6e:02:86:76:5c:7f:cd:7b:d5:23:22:7d:3c:b2:df:40:56:ca:a5:06:b2:23:a7:98:e7:ec:89:01:7a:e3:a8:7f:c4:f5:38" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "1078", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:19:52:8c:8e:52:23:8c:43:d7:39:36:1f:85:7c:6a:be:ab:a4:16:d6:48:66:d2:7a:b2:e8:d8:76:0a:12:11:f5:ef:ee:e2:71:c1:1d:c4:9b:6b:df:e7:f4:90:7b:c0:ba:01:ee:fa:aa:d2:ee:2e:39:ba:3d:fc:fc:c6:39:33:76:f8:eb:3a:e8:96:15:56:30:49:b4:19:4d:71:5f:b1:fa:c6:5e:99:c0:88:21:0c:e5:51:8c:b7:ef:b7:e9:6f:d7:a2:10:fa:a5:24:24:9c:38:f2:e2:7c:76:d3:42:36:f2:0b:06:b8:5e:27:78:46:7f:a1:b9:79:1d:13:e6:9d:f8:dd:a6:71:77:b9:90:98:89:6f:27:e5:28:09:22:67:81:b6:d8:2d:98:8b:67:e1:64:06:c7:1b:58:4f:05:ba:ed:5f:25:c5:61:48:11:94:b7:61:d3:6f:0a:92:39:a4:2e:35:55:08:3e:48:8f:6f:f5:a5:8b:7f:d4:37:d0:0e:da:93:8c:1f:15:5f:ef:9b:31:61:11:a3:dc:20:50:7e:25:62:03:57:44:25:e7:58:b8:c0:ac:86:01:e5:ea:c8:a6:bb:e2:21:6c:84:3e:bc:37:6c:77:07:09:28:8c:f1:49:be:cf:16:98:17:9f:a1:d9:00:c8:df:1b:f9:79:de:23:8e:35:79:78:ba:a4:29:60:7b:25:ef:cd:33:56:1f:92:bb:22:86:f0:dd:02:93:e4:3b:45:da:0f:2c:4a:e0:03:13:f3:82:7d:56:b7:db:24:e0:95:c7:27:9f:11:ae:b6:9a:01:a9:d2:80:09:22:9a:a7:78:ae:e1:b1:17:77:f8:4a:e6:a0:b5:65:47:77:47:5a:aa:20:01:48:d4:39:c7:df:17:76:cc:59:3b:d2:c2:03:ca:a8:aa:1d:04:0f:be:cd:ad:4e:83:40:5f:74:cf:d3:21:51:92:7e:de:7b:d7:50:07:2b:ad:7a:cf:6d:fd:80:98:1a:85:e8:4c:90:88:94:54:98:43:63:ad:38:d7:10:3e:78:89:fa:58:9a:d0:32:70:79:65:9d:f6:eb:72:0e:ba:af:5f:25:80:63:a2:31:67:48:6a:72:be:bb:4a:21:a0:f7:cf:bd:2f:06:28:a2:50:e8:55:fc:53:0c:81:11:1d:81:7d:1c:c5:84:40:d0:05:52:77:57:d8:df:35:7e:2d:3f:59:da:42:79:9b:cf:3c:3e:de:89:51:72:0f:e6:3c:55:8d:e2:a6:2b:18:37:cd:86:f1:54:d4:05:0f:4a:2c:f0:81:87:97:6b:b5:b9:ae:d5:8a:55:44:7e:ca:1e:6b:54:7b:4b:33:b6:00:92:11:52:ec:c3:7e:e0:33:3c:6a:77:40:ff:27:00:d1:90:2b:e1:df:5f:b9:67:63:7b:9a:73:79:17:94:0a:95:29:b6:81:f1:78:e0:f6:af:2f:ad:22:fc:74:8c:49:63:c4:c7:1f:c4:58:58:52:62:ef:10:89:e4:0a:ff:aa:d5:95:b1:f2:6d:75:ed:9f:a9:da:9b:6d:ea:9e:3b:5e:c4:af:a5:77:e3:7d:29:18:41:d3:22:07:47:bb:d1:b8:29:5d:c4:09:a6:5b:4e:9a:e3:43:02:ce:5f:97:81:97:f1:d0:b7:7f:4b:f6:91:72:59:60:bc:86:19:6a:72:70:32:d8:f7:a9:b2:de:65:ab:1c:46:a6:13:22:87:b2:6f:5d:1a:0f:e8:ec:df:10:90:7b:34:dd:16:b4:50:23:c7:88:db:4e:db:48:e1:0e:5d:8c:fa:74:34:1a:f4:54:57:16:7a:58:73:b0:50:fe:78:35:b4:86:41:40:7f:0c:cc:52:51:b8:73:91:f5:34:30:ae:f3:2f:3f:b5:4b:f2:77:6c:1d:42:2c:4f:01:e4:b3:ab:03:fb:0d:d9:f8:79:b0:e1:18:ca:f4:6e:5e:1e:37:09:1c:a7:27:df:62:a8:fd:2a:85:6d:3f:cf:e2:76:d7:ed:83:06:9f:92:fb:98:36:b3:89:ca:02:a5:56:d2:e3:49:50:1c:c4:71:bc:10:65:f7:ba:7c:ea:94:98:e1:8b:66:17:96:ac:d9:f3:00:0e:ab:03:48:95:2c:7b:eb:f1:13:1b:4f:58:df:fd:bb:bf:a4:81:ca:2e:ef:98:b5:37:82:d9:51:2d:0b:c3:98:01:76:05:c0:bf:9a:c0:d0:b2:82:8d:2d:fb:f6:fb:ef:7f:98:a5:91:b2:72:e2:34:b3:1b:cc:28:a5:b0:aa:ad:88:88:63:c3:fe:08:9e:67:28:71:ff:8a:96:ca:30:d7:78:92:7e:30:e5:cf:97:87:cf:df:13:89:8d:01:bd:b9:18:20:d5:dd:6e:be:0f:02:da:8c:28:57:69:62:d3:ba:0e:b5:b9:c6:64:c2:a4:08:8e:83:7e:42:c5:9c:06:89:1b:cf:47:f6:10:42:60:1e:f6:0a:47:79:9f:69:12:5e:1e:eb:06:83:8d:a6:29:82:33:f0:49:91:ac:e3:7b:5c:ef:4a:a5:ee:8a:c2:59:fb:50:c5:b3:20:e2:0c:70:c7:c8:96:39:2d:79:72:f2:2e:df:ba:c7:75:53:5c:ff:28:bf:3b:c2:c1:6c:72:1d:d7:92:22:4c:b2:3a:b1:a7:50:56:2b:f8:2a:b9:30:7e:09:af:24:ad:c7:17:e3:11:c1:1b:c7:7a:b0:bf:bf:4f:71:9d:63:d5:72:c4:e4:d2:53:1f:ba:ef:20:86:16:ed:c7:45:78:ba:e4:94:8f:10:e1:66:13:d4:5b:4c:14:c7:9a:ec:de:46:53:07:b3:28:4d:5b" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "133", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:1a:f9:8a:41:9e:59:41:79:4f:88:42:61:70:7b:b4:db:59:c6:ab:71:f4:58:ca:58:0a:d4:da:a4:79:56:e9:eb:e4:1a:3c:d1:08:40:a3:b1:4d:f8:e1:36:23:f6:2d:03:43:ab:d1:12:44:57:85:07:db:66:ec:a9:23:6f:f4:f3:f2:73:71:72:51:71:c2:b5:e2:5e:2b:d1:82:6e:9c:16:f7:6e:12:ee:c6:9a:55:91:09:75:d8:f2:9b:62:7b:43:e3:13:bc:ac:6a:51:6a:1a:d0:a7:05:28:40:ca:62:d5:a6:7d:be:38:0d:0e:b1:9b:42:4f:2f:3c:a0:59" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:26.259319000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495146.259319000", - "frame.time_delta": "0.060385000", - "frame.time_delta_displayed": "0.060385000", - "frame.time_relative": "1554.798633000", - "frame.number": "5451", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d72", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000380d", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "16802", - "tcp.ack": "73309", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00004e95", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:e9:b1:00:27:10:43", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812340657, TSecr 2560067": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812340657", - "tcp.options.timestamp.tsecr": "2560067" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5450", - "tcp.analysis.ack_rtt": "0.060385000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:26.517656000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495146.517656000", - "frame.time_delta": "0.258337000", - "frame.time_delta_displayed": "0.258337000", - "frame.time_relative": "1555.056970000", - "frame.number": "5452", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "106", - "ip.id": "0x00009677", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000076d2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "54", - "tcp.seq": "73309", - "tcp.nxtseq": "73363", - "tcp.ack": "16802", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000080e2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:10:63:a7:a0:e9:b1", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2560099, TSecr 2812340657": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2560099", - "tcp.options.timestamp.tsecr": "2812340657" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "54", - "tcp.analysis.push_bytes_sent": "54" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:1b:5b:a6:f0:4c:05:12:b6:40:76:6c:62:b8:37:13:8c:61:09:d7:2c:b2:06:2c:53:29:95:91:9e:f8:0f:fd:e2:c8:83:66:2a:9c:db:06:15:92:4b" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:26.577840000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495146.577840000", - "frame.time_delta": "0.060184000", - "frame.time_delta_displayed": "0.060184000", - "frame.time_relative": "1555.117154000", - "frame.number": "5453", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d73", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000380c", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "16802", - "tcp.ack": "73363", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00004df0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:ea:00:00:27:10:63", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812340736, TSecr 2560099": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812340736", - "tcp.options.timestamp.tsecr": "2560099" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5452", - "tcp.analysis.ack_rtt": "0.060184000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:28.851314000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495148.851314000", - "frame.time_delta": "2.273474000", - "frame.time_delta_displayed": "2.273474000", - "frame.time_relative": "1557.390628000", - "frame.number": "5454", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "3c:ef:8c:6f:79:5a", - "eth.src_tree": { - "eth.src_resolved": "Zhejiang_6f:79:5a", - "eth.addr": "3c:ef:8c:6f:79:5a", - "eth.addr_resolved": "Zhejiang_6f:79:5a", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.isgratuitous": "1", - "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", - "arp.src.proto_ipv4": "192.168.0.71", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.71" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:29.273493000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495149.273493000", - "frame.time_delta": "0.422179000", - "frame.time_delta_displayed": "0.422179000", - "frame.time_relative": "1557.812807000", - "frame.number": "5455", - "frame.len": "136", - "frame.cap_len": "136", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "122", - "ip.id": "0x00000b04", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ce55", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "102", - "udp.checksum": "0x0000302a", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000003", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", - "dns.qry.name.len": "70", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:30.092719000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495150.092719000", - "frame.time_delta": "0.819226000", - "frame.time_delta_displayed": "0.819226000", - "frame.time_relative": "1558.632033000", - "frame.number": "5456", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "60:57:18:8e:aa:94", - "arp.src.proto_ipv4": "192.168.0.108", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:31.162451000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495151.162451000", - "frame.time_delta": "1.069732000", - "frame.time_delta_displayed": "1.069732000", - "frame.time_relative": "1559.701765000", - "frame.number": "5457", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", - "arp.src.proto_ipv4": "192.168.0.114", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:34.579107000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495154.579107000", - "frame.time_delta": "3.416656000", - "frame.time_delta_displayed": "3.416656000", - "frame.time_relative": "1563.118421000", - "frame.number": "5458", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005817", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a67a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "5037", - "tcp.ack": "577", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f0d2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive": "", - "_ws.expert.message": "TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:34.788792000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495154.788792000", - "frame.time_delta": "0.209685000", - "frame.time_delta_displayed": "0.209685000", - "frame.time_relative": "1563.328106000", - "frame.number": "5459", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000ffe", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fd93", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "577", - "tcp.ack": "5038", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000fb47", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive_ack": "", - "_ws.expert.message": "ACK to a TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:34.825427000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495154.825427000", - "frame.time_delta": "0.036635000", - "frame.time_delta_displayed": "0.036635000", - "frame.time_relative": "1563.364741000", - "frame.number": "5460", - "frame.len": "1325", - "frame.cap_len": "1325", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1311", - "ip.id": "0x00009678", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000721c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "1259", - "tcp.seq": "73363", - "tcp.nxtseq": "74622", - "tcp.ack": "16802", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000415a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:13:a2:a7:a0:ea:00", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2560930, TSecr 2812340736": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2560930", - "tcp.options.timestamp.tsecr": "2812340736" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "1259", - "tcp.analysis.push_bytes_sent": "1259" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "1254", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:1c:bc:da:9d:cf:69:f8:0a:0b:9c:9b:71:72:e4:6c:6a:28:71:de:dc:bc:76:27:ed:08:b5:3e:f1:f0:c8:32:a6:7f:55:10:6b:da:9c:0d:24:40:18:f0:f3:be:c9:af:55:db:78:9f:f9:9b:42:bb:13:b4:68:94:34:e6:56:e7:b8:53:94:f5:c1:92:09:53:d7:d3:dd:82:52:36:2d:db:49:00:a1:51:1f:6b:c2:0c:de:41:53:27:5d:7b:b6:ba:ac:9d:c9:06:a0:84:1d:dc:13:be:4b:3e:b7:f4:3d:94:5b:3b:6a:04:fa:3b:77:b6:78:4d:5a:36:f1:b2:9a:e7:a6:54:7e:ac:71:0e:f8:ba:f7:29:a3:53:0c:33:08:b8:50:d8:07:8b:62:09:5c:b4:df:a7:bc:20:3a:25:58:ae:ad:59:9b:0f:d6:ad:ca:99:8a:85:00:39:7a:d5:db:81:c8:a9:93:8e:ba:52:89:c4:2d:dc:d4:b2:18:c3:0a:15:53:cd:3b:dd:ae:71:ae:ba:d0:93:03:88:0a:51:12:16:2f:8b:ff:54:da:a4:42:98:4d:c5:00:dc:c9:3a:39:95:c1:dc:0e:ba:6c:22:ed:7d:01:2f:25:03:0d:f3:ff:4d:43:f8:40:ba:d0:0c:1c:bc:93:22:d3:c9:f6:06:a9:e8:25:e2:33:29:e9:37:6d:31:05:93:48:66:ee:24:3d:fd:3e:7d:c3:96:f1:d8:00:49:fa:04:0a:19:10:0f:fd:a1:0e:f7:4b:92:08:b7:0f:63:c1:ff:76:37:6d:56:41:5a:ad:22:6c:30:6d:24:02:57:4d:02:6f:4a:0a:ac:ff:62:5c:bf:e3:d9:f5:2c:57:c8:0c:81:55:92:98:a4:63:2c:29:e3:d9:b8:5d:a4:6f:fd:2a:db:31:87:c3:c5:0b:1d:5d:0e:48:1f:2d:78:25:bc:d1:70:4d:16:44:62:9b:9e:2a:d9:b2:f6:29:08:8f:d4:37:18:ee:d3:93:44:76:db:eb:5d:f0:24:fe:f6:cb:f8:24:5a:fa:fd:3e:18:05:2a:8c:dd:4c:6c:3c:e7:3b:3b:b6:3a:b3:69:97:57:ad:eb:e2:c9:a5:01:fc:a2:fa:d2:0b:65:2d:1f:80:79:e9:67:75:b0:f2:d5:27:bd:42:fc:88:35:98:84:cd:29:8d:52:24:95:78:12:5c:90:ea:3a:c5:a2:d6:a7:70:92:40:fc:32:c7:f3:0b:15:29:4c:32:e0:d3:f4:e6:b7:cc:99:a2:90:50:6f:51:3b:6a:72:a3:6f:aa:18:61:7e:b7:49:3e:b4:19:f1:63:6a:11:44:ad:dd:c2:fa:1b:df:c7:34:0b:15:91:7a:dd:c2:69:ae:fc:ee:1d:87:4c:ef:3c:7f:d5:b5:dc:d3:fb:88:88:83:3c:71:53:2f:c1:1b:0f:a7:76:70:66:46:ad:f9:11:6d:46:2e:02:15:d6:15:c4:af:fb:8c:76:ff:87:dc:b7:b6:b9:5f:7d:41:b3:2f:8f:f0:6f:bd:dd:9b:b7:7d:a6:db:9c:e0:7c:20:cb:eb:06:b8:61:08:a1:80:c9:08:1f:76:ca:58:50:62:f2:ba:78:ef:41:7d:f5:ed:b1:b8:c0:00:f8:c8:ea:b6:e8:8e:df:1a:5a:c7:d5:4c:8e:e5:b9:40:0d:eb:07:5e:7d:b2:be:8c:df:e9:42:82:29:aa:96:b6:28:ee:6e:19:3e:80:87:a8:42:2b:c0:0e:42:4a:c0:05:5a:c3:22:8c:44:c4:27:f0:ca:90:fc:5a:97:14:ee:78:a6:fd:a9:c9:77:86:84:54:cb:96:72:7f:b2:0d:c0:86:d6:e2:62:a5:09:95:f5:30:69:ab:4b:4b:c5:37:9b:5c:e0:4c:9c:f6:ec:8f:91:99:b1:c1:4e:f2:e5:de:23:de:f7:63:35:9a:b4:fc:01:94:80:ea:6f:d3:c1:e8:01:e7:2a:55:b9:0a:e3:7a:01:75:36:c2:cc:67:e6:e0:a7:d3:f5:67:55:68:24:e9:45:0b:6b:90:52:b8:ab:cd:6d:d2:26:c9:fa:13:59:06:b9:19:a6:fe:e1:c8:f6:61:3d:6c:6d:fb:51:af:45:30:b6:1e:6f:13:c1:26:07:f0:f8:c1:10:2f:2b:17:7e:78:1c:3d:45:ff:bf:2d:87:1a:af:47:f6:da:15:68:e0:c6:71:3b:f6:80:08:3b:19:23:b0:b5:2b:a6:35:01:96:fe:97:12:ed:20:87:97:e1:ce:8d:80:ec:c5:59:b6:48:c9:1b:6c:db:6f:ea:5e:21:ab:93:40:15:b2:de:65:bb:b4:2c:cd:d1:96:f4:c9:ad:c6:a6:31:b5:ec:90:0e:cf:6a:dc:5d:39:98:d3:36:72:59:ea:15:4e:0e:e5:7f:b8:e6:59:6a:92:c8:2e:33:a8:70:e3:d0:ce:4a:19:44:41:00:26:79:fc:c6:87:3e:37:f1:fd:63:c0:4e:93:fc:05:bc:f2:6c:37:47:ed:4b:8e:4f:ed:f4:f5:24:40:73:d6:5c:cb:2b:c4:1d:96:85:1a:61:46:06:2e:7a:eb:b7:3c:02:6c:74:1c:9b:5d:7a:93:d7:27:ad:79:8e:e0:b7:24:5b:dc:96:bd:d6:39:b2:30:99:2b:c9:79:eb:80:1c:04:52:2e:08:b8:81:82:04:72:e8:00:4d:e5:4c:fd:db:85:d2:92:d3:10:f3:d0:5a:fa:a1:2f:0e:3e:8e:b3:20:18:8c:53:3b:82:32:bb:74:47:41:7b:c5:48:33:3f:f9:08:2a:a4:e3:94:70:a1:37:a7:00:83:61:df:9f:69:a6:93:11:8d:e5:dc:2e:5b:87:ba:fa:0f:95:63:bb:a5:93:a9:03:4c:29:ef:6a:e2:a8:fa:54:5b:f8:36:f2:f6:76:34:67:72:20:46:cf:a6:fc:4b:31:b4:45:53:94:57:15:ea:89:42:48:01:6a:14:f4:06:ae:35:8c:a4:06:8f:20:5d:73:e6:0d:d3:ac:5d:ef:6f:09:a0:3f:d8:f1:ef:1c:6c:3b:83:cc:b6:de:f4:8d:51:f7:e4:82:b1:f5:db:9e:ad:57:b5:9d:3a:99:3e:2e:ec:2c:8c:6f:33:a9:ee:bc:19:28:c3:47:af:a1:b5:66:e8:30:bf:d3:f2:be:e2:e4:1e:19:e2:b3:73:75:5a:ea:43:06:c0:c1:eb:4c:cc:56:c8:40:8d:ff:a4:72:3c:e6:28:82:95:d1:92:80:2b:1f:a4:a2:87:45:fe:dd:64:5d:14:e7:6b:2b:0c:48:11:89:b1:3e:66:75:f7" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:34.885607000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495154.885607000", - "frame.time_delta": "0.060180000", - "frame.time_delta_displayed": "0.060180000", - "frame.time_relative": "1563.424921000", - "frame.number": "5461", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d74", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000380b", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "16802", - "tcp.ack": "74622", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00003da9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:f2:1d:00:27:13:a2", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812342813, TSecr 2560930": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812342813", - "tcp.options.timestamp.tsecr": "2560930" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5460", - "tcp.analysis.ack_rtt": "0.060180000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:36.639416000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495156.639416000", - "frame.time_delta": "1.753809000", - "frame.time_delta_displayed": "1.753809000", - "frame.time_relative": "1565.178730000", - "frame.number": "5462", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005de3", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x00005a06", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:36.782403000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495156.782403000", - "frame.time_delta": "0.142987000", - "frame.time_delta_displayed": "0.142987000", - "frame.time_relative": "1565.321717000", - "frame.number": "5463", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x00001b14", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ae43", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:36.869583000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495156.869583000", - "frame.time_delta": "0.087180000", - "frame.time_delta_displayed": "0.087180000", - "frame.time_relative": "1565.408897000", - "frame.number": "5464", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x00001b16", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ae41", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:36.888098000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495156.888098000", - "frame.time_delta": "0.018515000", - "frame.time_delta_displayed": "0.018515000", - "frame.time_relative": "1565.427412000", - "frame.number": "5465", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x00001b19", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ae35", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:36.940561000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495156.940561000", - "frame.time_delta": "0.052463000", - "frame.time_delta_displayed": "0.052463000", - "frame.time_relative": "1565.479875000", - "frame.number": "5466", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x00001b1e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ae30", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:36.993549000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495156.993549000", - "frame.time_delta": "0.052988000", - "frame.time_delta_displayed": "0.052988000", - "frame.time_relative": "1565.532863000", - "frame.number": "5467", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x00001b20", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ae34", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:37.046367000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495157.046367000", - "frame.time_delta": "0.052818000", - "frame.time_delta_displayed": "0.052818000", - "frame.time_relative": "1565.585681000", - "frame.number": "5468", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x00001b22", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ae32", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:38.974551000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495158.974551000", - "frame.time_delta": "1.928184000", - "frame.time_delta_displayed": "1.928184000", - "frame.time_relative": "1567.513865000", - "frame.number": "5469", - "frame.len": "145", - "frame.cap_len": "145", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "131", - "ip.id": "0x00002d75", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037bb", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "79", - "tcp.seq": "16802", - "tcp.nxtseq": "16881", - "tcp.ack": "74622", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000e514", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:f6:1c:00:27:13:a2", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812343836, TSecr 2560930": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812343836", - "tcp.options.timestamp.tsecr": "2560930" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "79", - "tcp.analysis.push_bytes_sent": "79" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "74", - "ssl.app_data": "34:cd:34:17:47:48:0e:b4:10:49:25:1b:33:9e:37:70:e7:ea:09:33:f6:05:1c:06:33:78:9d:d4:bb:09:db:c5:c5:4f:d2:f9:b1:63:cb:83:35:be:53:78:09:37:a6:7d:af:70:b4:38:11:5e:7b:1a:57:9e:f4:5e:0e:78:ce:ca:6e:b9:b9:48:cf:ba:7c:bc:94:5e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:38.978354000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495158.978354000", - "frame.time_delta": "0.003803000", - "frame.time_delta_displayed": "0.003803000", - "frame.time_relative": "1567.517668000", - "frame.number": "5470", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00009679", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000076d7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "74622", - "tcp.nxtseq": "74669", - "tcp.ack": "16881", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00006842", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:15:41:a7:a0:f6:1c", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2561345, TSecr 2812343836": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2561345", - "tcp.options.timestamp.tsecr": "2812343836" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5469", - "tcp.analysis.ack_rtt": "0.003803000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:1d:50:46:5b:ea:39:17:71:4f:b7:32:60:98:08:9f:cd:56:c4:c7:f3:a4:dc:b0:ab:9e:1c:e8:0d:6a:97:c7:69:01:82:81" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:39.038687000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495159.038687000", - "frame.time_delta": "0.060333000", - "frame.time_delta_displayed": "0.060333000", - "frame.time_relative": "1567.578001000", - "frame.number": "5471", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d76", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003809", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "16881", - "tcp.ack": "74669", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000377d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:f6:2c:00:27:15:41", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812343852, TSecr 2561345": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812343852", - "tcp.options.timestamp.tsecr": "2561345" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5470", - "tcp.analysis.ack_rtt": "0.060333000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:39.127740000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495159.127740000", - "frame.time_delta": "0.089053000", - "frame.time_delta_displayed": "0.089053000", - "frame.time_relative": "1567.667054000", - "frame.number": "5472", - "frame.len": "408", - "frame.cap_len": "408", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "394", - "ip.id": "0x0000967a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000075af", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "342", - "tcp.seq": "74669", - "tcp.nxtseq": "75011", - "tcp.ack": "16881", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000bfec", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:15:50:a7:a0:f6:2c", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2561360, TSecr 2812343852": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2561360", - "tcp.options.timestamp.tsecr": "2812343852" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "342", - "tcp.analysis.push_bytes_sent": "342" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "337", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:1e:28:e4:58:b4:09:0e:85:67:70:f1:13:ac:31:63:a2:45:fa:eb:f5:75:5c:b9:36:89:a4:95:87:e7:a4:3d:02:1f:4f:c2:22:93:0d:0e:f9:3d:a6:37:63:db:0a:99:30:e8:b0:f9:bf:b2:76:08:22:bb:87:a7:cf:47:b0:75:99:d9:31:3f:be:d2:a8:87:33:66:b9:4b:6c:ac:86:89:ee:d9:9f:32:f5:fd:a4:85:b8:16:37:de:e8:14:c7:a7:4b:58:f2:5f:6b:45:21:dc:e3:38:57:cd:80:0f:99:df:9a:7c:10:41:66:d0:9a:29:88:77:9b:19:58:55:80:f5:22:d9:5d:0f:68:7c:6c:4a:a3:fd:fc:d9:22:4d:a4:7c:56:21:0a:0e:0c:2e:bc:d6:f6:e7:8a:ce:96:1d:03:2a:f5:20:50:8c:26:d3:b5:10:08:13:8c:5f:e8:c0:2c:91:4f:66:ee:ef:42:f7:0d:8e:3d:5e:1e:0b:95:a0:99:3e:25:76:5b:22:76:1d:3f:77:d4:b2:0b:16:ff:f4:91:dd:07:c4:be:29:53:db:71:bd:e4:96:5e:0c:a4:21:b8:75:fe:e5:76:33:bd:41:9f:84:6d:a6:2e:02:52:e3:2d:4d:ce:04:75:68:28:27:78:95:61:3b:13:a9:2c:82:da:f2:92:82:49:67:01:26:ea:6c:ac:19:05:03:e9:57:0d:b2:b3:fb:bc:d6:ff:61:51:1a:54:91:33:a1:c6:21:6e:1d:a7:0f:43:53:15:a9:5b:41:9a:34:a4:69:b3:16:2c:a7:fc:fa:c9:f0:95:1f:30:e4:51:eb:04:53:b1:93:77:c0:8b:bd:b5:30:e0:63:dd:16:da:96:8f" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:39.187943000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495159.187943000", - "frame.time_delta": "0.060203000", - "frame.time_delta_displayed": "0.060203000", - "frame.time_relative": "1567.727257000", - "frame.number": "5473", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d77", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003808", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "16881", - "tcp.ack": "75011", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000035f3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:f6:51:00:27:15:50", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812343889, TSecr 2561360": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812343889", - "tcp.options.timestamp.tsecr": "2561360" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5472", - "tcp.analysis.ack_rtt": "0.060203000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:39.188404000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495159.188404000", - "frame.time_delta": "0.000461000", - "frame.time_delta_displayed": "0.000461000", - "frame.time_relative": "1567.727718000", - "frame.number": "5474", - "frame.len": "410", - "frame.cap_len": "410", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "396", - "ip.id": "0x0000967b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000075ac", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "344", - "tcp.seq": "75011", - "tcp.nxtseq": "75355", - "tcp.ack": "16881", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000e7c3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:15:56:a7:a0:f6:51", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2561366, TSecr 2812343889": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2561366", - "tcp.options.timestamp.tsecr": "2812343889" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "344", - "tcp.analysis.push_bytes_sent": "344" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "339", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:1f:99:15:45:58:41:fe:a7:8e:68:3e:ad:13:90:31:6c:f1:bd:c3:4d:82:1b:2f:20:2c:13:08:cc:cc:70:80:81:3f:a3:66:a3:a0:bb:1d:22:7f:57:2c:89:0b:dc:4f:06:c5:19:ad:a9:39:59:17:15:60:c1:28:51:6b:5f:2c:bf:25:58:77:c4:b2:0e:8c:63:ae:f3:dd:4c:24:c3:be:9c:52:18:91:07:f0:6f:ed:76:28:5a:76:55:e3:ad:53:96:e8:7f:e5:1f:33:ed:98:7b:72:9f:d2:16:7a:b6:cd:c8:1e:c6:b4:8d:25:7e:28:75:89:5b:19:01:d3:e4:a5:d4:78:fd:33:cb:ba:2c:14:a5:10:52:d4:62:17:b8:3c:96:54:4a:3c:21:32:a0:4b:d6:5b:00:46:29:98:d6:6e:88:0d:10:98:c9:fa:49:5a:ba:50:87:18:48:1d:c5:20:3c:40:ad:9f:0d:03:43:fd:b6:09:08:2b:a2:86:50:61:5b:e2:47:28:8c:20:34:fd:1d:da:a1:3c:96:64:44:ec:d1:e0:55:6d:00:ea:7b:e0:13:16:24:b6:68:de:1b:e0:cd:58:b5:80:f5:e8:53:46:a9:61:23:64:e2:cc:db:9f:55:48:44:96:29:61:80:bc:27:ed:c5:7d:56:93:a8:3b:9d:bd:3a:a9:87:8a:1f:3c:06:fd:2d:e3:e3:d4:9c:29:70:74:3a:7c:df:0f:c8:3c:b2:2f:30:85:0a:3c:53:c0:bc:fc:08:23:cd:6c:ce:e0:e8:1b:a1:57:08:df:90:4b:d9:e0:15:2c:bf:80:01:74:a7:3a:51:6e:3e:d7:ea:b7:7f:c2:8d:94:d1:30:59:3a:6c:f0:16:64:90" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:39.188640000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495159.188640000", - "frame.time_delta": "0.000236000", - "frame.time_delta_displayed": "0.000236000", - "frame.time_relative": "1567.727954000", - "frame.number": "5475", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002d78", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037d8", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "16881", - "tcp.nxtseq": "16928", - "tcp.ack": "75011", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000c285", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:f6:51:00:27:15:50", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812343889, TSecr 2561360": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812343889", - "tcp.options.timestamp.tsecr": "2561360" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:b5:ed:64:ae:cd:68:5f:a7:e5:7c:11:d7:e3:56:01:7f:1b:88:b2:ef:67:a4:c1:3b:88:2e:fb:be:f1:e3:48:cc:43:a8:e5" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:39.223400000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495159.223400000", - "frame.time_delta": "0.034760000", - "frame.time_delta_displayed": "0.034760000", - "frame.time_relative": "1567.762714000", - "frame.number": "5476", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000967c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007703", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "75355", - "tcp.ack": "16928", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00003373", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:15:5a:a7:a0:f6:51", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2561370, TSecr 2812343889": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2561370", - "tcp.options.timestamp.tsecr": "2812343889" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5475", - "tcp.analysis.ack_rtt": "0.034760000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:39.250335000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495159.250335000", - "frame.time_delta": "0.026935000", - "frame.time_delta_displayed": "0.026935000", - "frame.time_relative": "1567.789649000", - "frame.number": "5477", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002d79", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037d7", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "16928", - "tcp.nxtseq": "16975", - "tcp.ack": "75355", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000243b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a0:f6:60:00:27:15:56", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812343904, TSecr 2561366": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812343904", - "tcp.options.timestamp.tsecr": "2561366" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5474", - "tcp.analysis.ack_rtt": "0.061931000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:b6:13:ce:8c:4f:c3:d1:c1:e2:94:1e:7b:4b:88:13:a7:99:78:3d:8d:b8:b1:02:ab:4f:8f:2f:47:29:6b:a8:bb:a6:5e:0f" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:39.250824000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495159.250824000", - "frame.time_delta": "0.000489000", - "frame.time_delta_displayed": "0.000489000", - "frame.time_relative": "1567.790138000", - "frame.number": "5478", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000967d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007702", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "75355", - "tcp.ack": "16975", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00003333", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:15:5c:a7:a0:f6:60", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2561372, TSecr 2812343904": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2561372", - "tcp.options.timestamp.tsecr": "2812343904" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5477", - "tcp.analysis.ack_rtt": "0.000489000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:48.139453000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495168.139453000", - "frame.time_delta": "8.888629000", - "frame.time_delta_displayed": "8.888629000", - "frame.time_relative": "1576.678767000", - "frame.number": "5479", - "frame.len": "62", - "frame.cap_len": "62", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_02", - "eth.addr": "33:33:00:00:00:02", - "eth.addr_resolved": "IPv6mcast_02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "8", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "::", - "ipv6.addr": "::", - "ipv6.src_host": "::", - "ipv6.host": "::", - "ipv6.dst": "ff02::2", - "ipv6.addr": "ff02::2", - "ipv6.dst_host": "ff02::2", - "ipv6.host": "ff02::2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "133", - "icmpv6.code": "0", - "icmpv6.checksum": "0x00007bb8", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:48.142262000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495168.142262000", - "frame.time_delta": "0.002809000", - "frame.time_delta_displayed": "0.002809000", - "frame.time_relative": "1576.681576000", - "frame.number": "5480", - "frame.len": "174", - "frame.cap_len": "174", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:01", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01", - "eth.addr": "33:33:00:00:00:01", - "eth.addr_resolved": "IPv6mcast_01", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00016898", - "ipv6.plen": "120", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "fe80::b2b9:8aff:fe73:698e", - "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.dst": "ff02::1", - "ipv6.addr": "ff02::1", - "ipv6.dst_host": "ff02::1", - "ipv6.host": "ff02::1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "134", - "icmpv6.code": "0", - "icmpv6.checksum": "0x00006442", - "icmpv6.checksum.status": "1", - "icmpv6.nd.ra.cur_hop_limit": "64", - "icmpv6.nd.ra.flag": "0x000000c0", - "icmpv6.nd.ra.flag_tree": { - "icmpv6.nd.ra.flag.m": "1", - "icmpv6.nd.ra.flag.o": "1", - "icmpv6.nd.ra.flag.h": "0", - "icmpv6.nd.ra.flag.prf": "0", - "icmpv6.nd.ra.flag.p": "0", - "icmpv6.nd.ra.flag.rsv": "0" - }, - "icmpv6.nd.ra.router_lifetime": "0", - "icmpv6.nd.ra.reachable_time": "0", - "icmpv6.nd.ra.retrans_timer": "0", - "icmpv6.opt": { - "icmpv6.opt.type": "1", - "icmpv6.opt.length": "1", - "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", - "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "5", - "icmpv6.opt.length": "1", - "icmpv6.opt.reserved": "", - "icmpv6.opt.mtu": "1500" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "3", - "icmpv6.opt.length": "4", - "icmpv6.opt.prefix.length": "64", - "icmpv6.opt.prefix.flag": "0x000000c0", - "icmpv6.opt.prefix.flag_tree": { - "icmpv6.opt.prefix.flag.l": "1", - "icmpv6.opt.prefix.flag.a": "1", - "icmpv6.opt.prefix.flag.r": "0", - "icmpv6.opt.prefix.flag.reserved": "0" - }, - "icmpv6.opt.prefix.valid_lifetime": "4294967295", - "icmpv6.opt.prefix.preferred_lifetime": "4294967295", - "icmpv6.opt.reserved": "", - "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "24", - "icmpv6.opt.length": "3", - "icmpv6.opt.prefix.length": "48", - "icmpv6.opt.route_info.flag": "0x00000000", - "icmpv6.opt.route_info.flag_tree": { - "icmpv6.opt.route_info.flag.route_preference": "0", - "icmpv6.opt.route_info.flag.reserved": "0" - }, - "icmpv6.opt.route_lifetime": "4294967295", - "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "25", - "icmpv6.opt.length": "3", - "icmpv6.opt.reserved": "", - "icmpv6.opt.rdnss.lifetime": "6000", - "icmpv6.opt.rdnss": "fd1e:4e89:3b7b::1" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "7", - "icmpv6.opt.length": "1", - "icmpv6.opt.reserved": "", - "icmpv6.opt.advertisement_interval": "600000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:48.150447000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495168.150447000", - "frame.time_delta": "0.008185000", - "frame.time_delta_displayed": "0.008185000", - "frame.time_relative": "1576.689761000", - "frame.number": "5481", - "frame.len": "150", - "frame.cap_len": "150", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "96", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000b490", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "4", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::fb" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:48.320901000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495168.320901000", - "frame.time_delta": "0.170454000", - "frame.time_delta_displayed": "0.170454000", - "frame.time_relative": "1576.860215000", - "frame.number": "5482", - "frame.len": "150", - "frame.cap_len": "150", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "96", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000b590", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "4", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::fb" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:48.701048000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495168.701048000", - "frame.time_delta": "0.380147000", - "frame.time_delta_displayed": "0.380147000", - "frame.time_relative": "1577.240362000", - "frame.number": "5483", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" - }, - "eth": { - "eth.dst": "33:33:00:01:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:02", - "eth.addr": "33:33:00:01:00:02", - "eth.addr_resolved": "IPv6mcast_01:00:02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "66", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::1:2", - "ipv6.addr": "ff02::1:2", - "ipv6.dst_host": "ff02::1:2", - "ipv6.host": "ff02::1:2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "546", - "udp.dstport": "547", - "udp.port": "546", - "udp.port": "547", - "udp.length": "66", - "udp.checksum": "0x00002458", - "udp.checksum.status": "2", - "udp.stream": "15" - }, - "dhcpv6": { - "dhcpv6.msgtype": "1", - "dhcpv6.xid": "0x0060f824", - "Elapsed time": { - "dhcpv6.option.type": "8", - "dhcpv6.option.length": "2", - "dhcpv6.option.value": "00:00", - "dhcpv6.elapsed_time": "0" - }, - "Rapid Commit": { - "dhcpv6.option.type": "14", - "dhcpv6.option.length": "0" - }, - "Client Identifier": { - "dhcpv6.option.type": "1", - "dhcpv6.option.length": "14", - "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.type": "1", - "dhcpv6.duidllt.hwtype": "1", - "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", - "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" - }, - "Identity Association for Non-temporary Address": { - "dhcpv6.option.type": "3", - "dhcpv6.option.length": "12", - "dhcpv6.option.value": "30:bf:34:7e:00:00:00:00:00:00:00:00", - "dhcpv6.iaid": "30bf347e", - "dhcpv6.iaid.t1": "0", - "dhcpv6.iaid.t2": "0" - }, - "Option Request": { - "dhcpv6.option.type": "6", - "dhcpv6.option.length": "6", - "dhcpv6.option.value": "00:17:00:18:00:1f", - "dhcpv6.requested_option_code": "23", - "dhcpv6.requested_option_code": "24", - "dhcpv6.requested_option_code": "31" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:48.711106000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495168.711106000", - "frame.time_delta": "0.010058000", - "frame.time_delta_displayed": "0.010058000", - "frame.time_relative": "1577.250420000", - "frame.number": "5484", - "frame.len": "158", - "frame.cap_len": "158", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" - }, - "eth": { - "eth.dst": "33:33:00:01:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:02", - "eth.addr": "33:33:00:01:00:02", - "eth.addr_resolved": "IPv6mcast_01:00:02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "104", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::1:2", - "ipv6.addr": "ff02::1:2", - "ipv6.dst_host": "ff02::1:2", - "ipv6.host": "ff02::1:2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "546", - "udp.dstport": "547", - "udp.port": "546", - "udp.port": "547", - "udp.length": "104", - "udp.checksum": "0x000052c9", - "udp.checksum.status": "2", - "udp.stream": "15" - }, - "dhcpv6": { - "dhcpv6.msgtype": "3", - "dhcpv6.xid": "0x000cbf3f", - "Elapsed time": { - "dhcpv6.option.type": "8", - "dhcpv6.option.length": "2", - "dhcpv6.option.value": "00:00", - "dhcpv6.elapsed_time": "0" - }, - "Server Identifier": { - "dhcpv6.option.type": "2", - "dhcpv6.option.length": "10", - "dhcpv6.option.value": "00:03:00:01:b0:b9:8a:73:69:8e", - "dhcpv6.duid.bytes": "00:03:00:01:b0:b9:8a:73:69:8e", - "dhcpv6.duid.type": "3", - "dhcpv6.duidll.hwtype": "1", - "dhcpv6.duidll.link_layer_addr": "b0:b9:8a:73:69:8e" - }, - "Client Identifier": { - "dhcpv6.option.type": "1", - "dhcpv6.option.length": "14", - "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.type": "1", - "dhcpv6.duidllt.hwtype": "1", - "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", - "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" - }, - "Identity Association for Non-temporary Address": { - "dhcpv6.option.type": "3", - "dhcpv6.option.length": "40", - "dhcpv6.option.value": "30:bf:34:7e:00:00:54:60:00:00:87:00:00:05:00:18:fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", - "dhcpv6.iaid": "30bf347e", - "dhcpv6.iaid.t1": "21600", - "dhcpv6.iaid.t2": "34560", - "IA Address": { - "dhcpv6.option.type": "5", - "dhcpv6.option.length": "24", - "dhcpv6.option.value": "fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", - "dhcpv6.iaaddr.ip": "fd1e:4e89:3b7b::101", - "dhcpv6.iaaddr.pref_lifetime": "0", - "dhcpv6.iaaddr.valid_lifetime": "0" - } - }, - "Option Request": { - "dhcpv6.option.type": "6", - "dhcpv6.option.length": "6", - "dhcpv6.option.value": "00:17:00:18:00:1f", - "dhcpv6.requested_option_code": "23", - "dhcpv6.requested_option_code": "24", - "dhcpv6.requested_option_code": "31" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:48.721656000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495168.721656000", - "frame.time_delta": "0.010550000", - "frame.time_delta_displayed": "0.010550000", - "frame.time_relative": "1577.260970000", - "frame.number": "5485", - "frame.len": "78", - "frame.cap_len": "78", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:ff:00:01:01", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_ff:00:01:01", - "eth.addr": "33:33:ff:00:01:01", - "eth.addr_resolved": "IPv6mcast_ff:00:01:01", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "24", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "::", - "ipv6.addr": "::", - "ipv6.src_host": "::", - "ipv6.host": "::", - "ipv6.dst": "ff02::1:ff00:101", - "ipv6.addr": "ff02::1:ff00:101", - "ipv6.dst_host": "ff02::1:ff00:101", - "ipv6.host": "ff02::1:ff00:101", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "135", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000f182", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00:00:00", - "icmpv6.nd.ns.target_address": "fd1e:4e89:3b7b::101" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:48.740628000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495168.740628000", - "frame.time_delta": "0.018972000", - "frame.time_delta_displayed": "0.018972000", - "frame.time_relative": "1577.279942000", - "frame.number": "5486", - "frame.len": "110", - "frame.cap_len": "110", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "56", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000effa", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "2", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:49.314204000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495169.314204000", - "frame.time_delta": "0.573576000", - "frame.time_delta_displayed": "0.573576000", - "frame.time_relative": "1577.853518000", - "frame.number": "5487", - "frame.len": "136", - "frame.cap_len": "136", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "122", - "ip.id": "0x00001f89", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000b9d0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "102", - "udp.checksum": "0x0000302a", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000003", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", - "dns.qry.name.len": "70", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:49.741064000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495169.741064000", - "frame.time_delta": "0.426860000", - "frame.time_delta_displayed": "0.426860000", - "frame.time_relative": "1578.280378000", - "frame.number": "5488", - "frame.len": "62", - "frame.cap_len": "62", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_02", - "eth.addr": "33:33:00:00:00:02", - "eth.addr_resolved": "IPv6mcast_02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "8", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "::", - "ipv6.addr": "::", - "ipv6.src_host": "::", - "ipv6.host": "::", - "ipv6.dst": "ff02::2", - "ipv6.addr": "ff02::2", - "ipv6.dst_host": "ff02::2", - "ipv6.host": "ff02::2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "133", - "icmpv6.code": "0", - "icmpv6.checksum": "0x00007bb8", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:49.743578000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495169.743578000", - "frame.time_delta": "0.002514000", - "frame.time_delta_displayed": "0.002514000", - "frame.time_relative": "1578.282892000", - "frame.number": "5489", - "frame.len": "174", - "frame.cap_len": "174", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:01", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01", - "eth.addr": "33:33:00:00:00:01", - "eth.addr_resolved": "IPv6mcast_01", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00016898", - "ipv6.plen": "120", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "fe80::b2b9:8aff:fe73:698e", - "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.dst": "ff02::1", - "ipv6.addr": "ff02::1", - "ipv6.dst_host": "ff02::1", - "ipv6.host": "ff02::1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "134", - "icmpv6.code": "0", - "icmpv6.checksum": "0x00006442", - "icmpv6.checksum.status": "1", - "icmpv6.nd.ra.cur_hop_limit": "64", - "icmpv6.nd.ra.flag": "0x000000c0", - "icmpv6.nd.ra.flag_tree": { - "icmpv6.nd.ra.flag.m": "1", - "icmpv6.nd.ra.flag.o": "1", - "icmpv6.nd.ra.flag.h": "0", - "icmpv6.nd.ra.flag.prf": "0", - "icmpv6.nd.ra.flag.p": "0", - "icmpv6.nd.ra.flag.rsv": "0" - }, - "icmpv6.nd.ra.router_lifetime": "0", - "icmpv6.nd.ra.reachable_time": "0", - "icmpv6.nd.ra.retrans_timer": "0", - "icmpv6.opt": { - "icmpv6.opt.type": "1", - "icmpv6.opt.length": "1", - "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", - "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "5", - "icmpv6.opt.length": "1", - "icmpv6.opt.reserved": "", - "icmpv6.opt.mtu": "1500" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "3", - "icmpv6.opt.length": "4", - "icmpv6.opt.prefix.length": "64", - "icmpv6.opt.prefix.flag": "0x000000c0", - "icmpv6.opt.prefix.flag_tree": { - "icmpv6.opt.prefix.flag.l": "1", - "icmpv6.opt.prefix.flag.a": "1", - "icmpv6.opt.prefix.flag.r": "0", - "icmpv6.opt.prefix.flag.reserved": "0" - }, - "icmpv6.opt.prefix.valid_lifetime": "4294967295", - "icmpv6.opt.prefix.preferred_lifetime": "4294967295", - "icmpv6.opt.reserved": "", - "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "24", - "icmpv6.opt.length": "3", - "icmpv6.opt.prefix.length": "48", - "icmpv6.opt.route_info.flag": "0x00000000", - "icmpv6.opt.route_info.flag_tree": { - "icmpv6.opt.route_info.flag.route_preference": "0", - "icmpv6.opt.route_info.flag.reserved": "0" - }, - "icmpv6.opt.route_lifetime": "4294967295", - "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "25", - "icmpv6.opt.length": "3", - "icmpv6.opt.reserved": "", - "icmpv6.opt.rdnss.lifetime": "6000", - "icmpv6.opt.rdnss": "fd1e:4e89:3b7b::1" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "7", - "icmpv6.opt.length": "1", - "icmpv6.opt.reserved": "", - "icmpv6.opt.advertisement_interval": "600000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:49.752594000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495169.752594000", - "frame.time_delta": "0.009016000", - "frame.time_delta_displayed": "0.009016000", - "frame.time_relative": "1578.291908000", - "frame.number": "5490", - "frame.len": "150", - "frame.cap_len": "150", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "96", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000b490", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "4", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::fb" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:49.960923000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495169.960923000", - "frame.time_delta": "0.208329000", - "frame.time_delta_displayed": "0.208329000", - "frame.time_relative": "1578.500237000", - "frame.number": "5491", - "frame.len": "150", - "frame.cap_len": "150", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "96", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000b590", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "4", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::fb" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:50.158248000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495170.158248000", - "frame.time_delta": "0.197325000", - "frame.time_delta_displayed": "0.197325000", - "frame.time_relative": "1578.697562000", - "frame.number": "5492", - "frame.len": "171", - "frame.cap_len": "171", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "157", - "ip.id": "0x0000973b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000311c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "3942", - "udp.dstport": "1900", - "udp.port": "3942", - "udp.port": "1900", - "udp.length": "137", - "udp.checksum": "0x00007fb2", - "udp.checksum.status": "2", - "udp.stream": "37" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.request.line": "ST: urn:schemas-upnp-org:device:MediaRenderer:1\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "16", - "http.prev_request_in": "999" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:50.158412000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495170.158412000", - "frame.time_delta": "0.000164000", - "frame.time_delta_displayed": "0.000164000", - "frame.time_relative": "1578.697726000", - "frame.number": "5493", - "frame.len": "171", - "frame.cap_len": "171", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "157", - "ip.id": "0x0000973c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000311b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "3942", - "udp.dstport": "1900", - "udp.port": "3942", - "udp.port": "1900", - "udp.length": "137", - "udp.checksum": "0x00007fb2", - "udp.checksum.status": "2", - "udp.stream": "37" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.request.line": "ST: urn:schemas-upnp-org:device:MediaRenderer:1\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "17", - "http.prev_request_in": "5492" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:50.159393000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495170.159393000", - "frame.time_delta": "0.000981000", - "frame.time_delta_displayed": "0.000981000", - "frame.time_relative": "1578.698707000", - "frame.number": "5494", - "frame.len": "171", - "frame.cap_len": "171", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "157", - "ip.id": "0x0000973d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000311a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "3942", - "udp.dstport": "1900", - "udp.port": "3942", - "udp.port": "1900", - "udp.length": "137", - "udp.checksum": "0x00007fb2", - "udp.checksum.status": "2", - "udp.stream": "37" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.request.line": "ST: urn:schemas-upnp-org:device:MediaRenderer:1\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "18", - "http.prev_request_in": "5493" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:50.159535000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495170.159535000", - "frame.time_delta": "0.000142000", - "frame.time_delta_displayed": "0.000142000", - "frame.time_relative": "1578.698849000", - "frame.number": "5495", - "frame.len": "171", - "frame.cap_len": "171", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "157", - "ip.id": "0x0000973e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x00003119", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "3942", - "udp.dstport": "1900", - "udp.port": "3942", - "udp.port": "1900", - "udp.length": "137", - "udp.checksum": "0x00007fb2", - "udp.checksum.status": "2", - "udp.stream": "37" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.request.line": "ST: urn:schemas-upnp-org:device:MediaRenderer:1\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "19", - "http.prev_request_in": "5494" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:50.159676000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495170.159676000", - "frame.time_delta": "0.000141000", - "frame.time_delta_displayed": "0.000141000", - "frame.time_relative": "1578.698990000", - "frame.number": "5496", - "frame.len": "171", - "frame.cap_len": "171", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "157", - "ip.id": "0x0000973f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x00003118", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "3942", - "udp.dstport": "1900", - "udp.port": "3942", - "udp.port": "1900", - "udp.length": "137", - "udp.checksum": "0x00007fb2", - "udp.checksum.status": "2", - "udp.stream": "37" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.request.line": "ST: urn:schemas-upnp-org:device:MediaRenderer:1\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "20", - "http.prev_request_in": "5495" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:50.159820000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495170.159820000", - "frame.time_delta": "0.000144000", - "frame.time_delta_displayed": "0.000144000", - "frame.time_relative": "1578.699134000", - "frame.number": "5497", - "frame.len": "169", - "frame.cap_len": "169", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "155", - "ip.id": "0x00009740", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x00003119", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "3942", - "udp.dstport": "1900", - "udp.port": "3942", - "udp.port": "1900", - "udp.length": "135", - "udp.checksum": "0x0000e016", - "udp.checksum.status": "2", - "udp.stream": "37" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.request.line": "ST: urn:schemas-upnp-org:device:MediaServer:1\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "21", - "http.prev_request_in": "5496" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:50.160074000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495170.160074000", - "frame.time_delta": "0.000254000", - "frame.time_delta_displayed": "0.000254000", - "frame.time_relative": "1578.699388000", - "frame.number": "5498", - "frame.len": "169", - "frame.cap_len": "169", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "155", - "ip.id": "0x00009741", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x00003118", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "3942", - "udp.dstport": "1900", - "udp.port": "3942", - "udp.port": "1900", - "udp.length": "135", - "udp.checksum": "0x0000e016", - "udp.checksum.status": "2", - "udp.stream": "37" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.request.line": "ST: urn:schemas-upnp-org:device:MediaServer:1\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "22", - "http.prev_request_in": "5497" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:50.160227000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495170.160227000", - "frame.time_delta": "0.000153000", - "frame.time_delta_displayed": "0.000153000", - "frame.time_relative": "1578.699541000", - "frame.number": "5499", - "frame.len": "169", - "frame.cap_len": "169", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "155", - "ip.id": "0x00009742", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x00003117", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "3942", - "udp.dstport": "1900", - "udp.port": "3942", - "udp.port": "1900", - "udp.length": "135", - "udp.checksum": "0x0000e016", - "udp.checksum.status": "2", - "udp.stream": "37" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.request.line": "ST: urn:schemas-upnp-org:device:MediaServer:1\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "23", - "http.prev_request_in": "5498" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:50.160369000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495170.160369000", - "frame.time_delta": "0.000142000", - "frame.time_delta_displayed": "0.000142000", - "frame.time_relative": "1578.699683000", - "frame.number": "5500", - "frame.len": "169", - "frame.cap_len": "169", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "155", - "ip.id": "0x00009743", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x00003116", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "3942", - "udp.dstport": "1900", - "udp.port": "3942", - "udp.port": "1900", - "udp.length": "135", - "udp.checksum": "0x0000e016", - "udp.checksum.status": "2", - "udp.stream": "37" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.request.line": "ST: urn:schemas-upnp-org:device:MediaServer:1\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "24", - "http.prev_request_in": "5499" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:50.160523000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495170.160523000", - "frame.time_delta": "0.000154000", - "frame.time_delta_displayed": "0.000154000", - "frame.time_relative": "1578.699837000", - "frame.number": "5501", - "frame.len": "169", - "frame.cap_len": "169", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "155", - "ip.id": "0x00009744", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x00003115", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "3942", - "udp.dstport": "1900", - "udp.port": "3942", - "udp.port": "1900", - "udp.length": "135", - "udp.checksum": "0x0000e016", - "udp.checksum.status": "2", - "udp.stream": "37" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.request.line": "ST: urn:schemas-upnp-org:device:MediaServer:1\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "25", - "http.prev_request_in": "5500" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:50.160720000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495170.160720000", - "frame.time_delta": "0.000197000", - "frame.time_delta_displayed": "0.000197000", - "frame.time_relative": "1578.700034000", - "frame.number": "5502", - "frame.len": "166", - "frame.cap_len": "166", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "152", - "ip.id": "0x00009745", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x00003117", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "3942", - "udp.dstport": "1900", - "udp.port": "3942", - "udp.port": "1900", - "udp.length": "132", - "udp.checksum": "0x00005fa7", - "udp.checksum.status": "2", - "udp.stream": "37" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.request.line": "ST: urn:samsung.com:device:ScreenSharing:1\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "26", - "http.prev_request_in": "5501" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:50.160865000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495170.160865000", - "frame.time_delta": "0.000145000", - "frame.time_delta_displayed": "0.000145000", - "frame.time_relative": "1578.700179000", - "frame.number": "5503", - "frame.len": "166", - "frame.cap_len": "166", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "152", - "ip.id": "0x00009746", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x00003116", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "3942", - "udp.dstport": "1900", - "udp.port": "3942", - "udp.port": "1900", - "udp.length": "132", - "udp.checksum": "0x00005fa7", - "udp.checksum.status": "2", - "udp.stream": "37" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.request.line": "ST: urn:samsung.com:device:ScreenSharing:1\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "27", - "http.prev_request_in": "5502" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:50.161057000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495170.161057000", - "frame.time_delta": "0.000192000", - "frame.time_delta_displayed": "0.000192000", - "frame.time_relative": "1578.700371000", - "frame.number": "5504", - "frame.len": "166", - "frame.cap_len": "166", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "152", - "ip.id": "0x00009747", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x00003115", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "3942", - "udp.dstport": "1900", - "udp.port": "3942", - "udp.port": "1900", - "udp.length": "132", - "udp.checksum": "0x00005fa7", - "udp.checksum.status": "2", - "udp.stream": "37" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.request.line": "ST: urn:samsung.com:device:ScreenSharing:1\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "28", - "http.prev_request_in": "5503" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:50.161199000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495170.161199000", - "frame.time_delta": "0.000142000", - "frame.time_delta_displayed": "0.000142000", - "frame.time_relative": "1578.700513000", - "frame.number": "5505", - "frame.len": "166", - "frame.cap_len": "166", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "152", - "ip.id": "0x00009748", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x00003114", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "3942", - "udp.dstport": "1900", - "udp.port": "3942", - "udp.port": "1900", - "udp.length": "132", - "udp.checksum": "0x00005fa7", - "udp.checksum.status": "2", - "udp.stream": "37" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.request.line": "ST: urn:samsung.com:device:ScreenSharing:1\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "29", - "http.prev_request_in": "5504" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:50.161459000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495170.161459000", - "frame.time_delta": "0.000260000", - "frame.time_delta_displayed": "0.000260000", - "frame.time_relative": "1578.700773000", - "frame.number": "5506", - "frame.len": "166", - "frame.cap_len": "166", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "152", - "ip.id": "0x00009749", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x00003113", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "3942", - "udp.dstport": "1900", - "udp.port": "3942", - "udp.port": "1900", - "udp.length": "132", - "udp.checksum": "0x00005fa7", - "udp.checksum.status": "2", - "udp.stream": "37" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.request.line": "ST: urn:samsung.com:device:ScreenSharing:1\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "30", - "http.prev_request_in": "5505" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:50.167554000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495170.167554000", - "frame.time_delta": "0.006095000", - "frame.time_delta_displayed": "0.006095000", - "frame.time_relative": "1578.706868000", - "frame.number": "5507", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:igmp:igmp" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_16", - "eth.addr": "01:00:5e:00:00:16", - "eth.addr_resolved": "IPv4mcast_16", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "24", - "ip.dsfield": "0x000000c0", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "48", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "2", - "ip.checksum": "0x000042fb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "224.0.0.22", - "ip.addr": "224.0.0.22", - "ip.dst_host": "224.0.0.22", - "ip.host": "224.0.0.22", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "Options: (4 bytes), Router Alert": { - "Router Alert (4 bytes): Router shall examine packet (0)": { - "ip.opt.type": "148", - "ip.opt.type_tree": { - "ip.opt.type.copy": "1", - "ip.opt.type.class": "0", - "ip.opt.type.number": "20" - }, - "ip.opt.len": "4", - "ip.opt.ra": "0" - } - } - }, - "igmp": { - "igmp.version": "3", - "igmp.type": "0x00000022", - "igmp.reserved": "00", - "igmp.checksum": "0x0000ea03", - "igmp.checksum.status": "1", - "igmp.reserved": "00:00", - "igmp.num_grp_recs": "1", - "Group Record : 239.255.255.250 Change To Exclude Mode": { - "igmp.record_type": "4", - "igmp.aux_data_len": "0", - "igmp.num_src": "0", - "igmp.maddr": "239.255.255.250" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:50.193617000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495170.193617000", - "frame.time_delta": "0.026063000", - "frame.time_delta_displayed": "0.026063000", - "frame.time_relative": "1578.732931000", - "frame.number": "5508", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" - }, - "eth": { - "eth.dst": "33:33:00:01:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:02", - "eth.addr": "33:33:00:01:00:02", - "eth.addr_resolved": "IPv6mcast_01:00:02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "66", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::1:2", - "ipv6.addr": "ff02::1:2", - "ipv6.dst_host": "ff02::1:2", - "ipv6.host": "ff02::1:2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "546", - "udp.dstport": "547", - "udp.port": "546", - "udp.port": "547", - "udp.length": "66", - "udp.checksum": "0x00002e92", - "udp.checksum.status": "2", - "udp.stream": "15" - }, - "dhcpv6": { - "dhcpv6.msgtype": "1", - "dhcpv6.xid": "0x0029ee21", - "Elapsed time": { - "dhcpv6.option.type": "8", - "dhcpv6.option.length": "2", - "dhcpv6.option.value": "00:00", - "dhcpv6.elapsed_time": "0" - }, - "Rapid Commit": { - "dhcpv6.option.type": "14", - "dhcpv6.option.length": "0" - }, - "Client Identifier": { - "dhcpv6.option.type": "1", - "dhcpv6.option.length": "14", - "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.type": "1", - "dhcpv6.duidllt.hwtype": "1", - "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", - "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" - }, - "Identity Association for Non-temporary Address": { - "dhcpv6.option.type": "3", - "dhcpv6.option.length": "12", - "dhcpv6.option.value": "30:bf:34:7e:00:00:00:00:00:00:00:00", - "dhcpv6.iaid": "30bf347e", - "dhcpv6.iaid.t1": "0", - "dhcpv6.iaid.t2": "0" - }, - "Option Request": { - "dhcpv6.option.type": "6", - "dhcpv6.option.length": "6", - "dhcpv6.option.value": "00:17:00:18:00:1f", - "dhcpv6.requested_option_code": "23", - "dhcpv6.requested_option_code": "24", - "dhcpv6.requested_option_code": "31" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:50.200649000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495170.200649000", - "frame.time_delta": "0.007032000", - "frame.time_delta_displayed": "0.007032000", - "frame.time_relative": "1578.739963000", - "frame.number": "5509", - "frame.len": "158", - "frame.cap_len": "158", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" - }, - "eth": { - "eth.dst": "33:33:00:01:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:02", - "eth.addr": "33:33:00:01:00:02", - "eth.addr_resolved": "IPv6mcast_01:00:02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "104", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::1:2", - "ipv6.addr": "ff02::1:2", - "ipv6.dst_host": "ff02::1:2", - "ipv6.host": "ff02::1:2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "546", - "udp.dstport": "547", - "udp.port": "546", - "udp.port": "547", - "udp.length": "104", - "udp.checksum": "0x0000f36e", - "udp.checksum.status": "2", - "udp.stream": "15" - }, - "dhcpv6": { - "dhcpv6.msgtype": "3", - "dhcpv6.xid": "0x00b61df0", - "Elapsed time": { - "dhcpv6.option.type": "8", - "dhcpv6.option.length": "2", - "dhcpv6.option.value": "00:00", - "dhcpv6.elapsed_time": "0" - }, - "Server Identifier": { - "dhcpv6.option.type": "2", - "dhcpv6.option.length": "10", - "dhcpv6.option.value": "00:03:00:01:b0:b9:8a:73:69:8e", - "dhcpv6.duid.bytes": "00:03:00:01:b0:b9:8a:73:69:8e", - "dhcpv6.duid.type": "3", - "dhcpv6.duidll.hwtype": "1", - "dhcpv6.duidll.link_layer_addr": "b0:b9:8a:73:69:8e" - }, - "Client Identifier": { - "dhcpv6.option.type": "1", - "dhcpv6.option.length": "14", - "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.type": "1", - "dhcpv6.duidllt.hwtype": "1", - "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", - "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" - }, - "Identity Association for Non-temporary Address": { - "dhcpv6.option.type": "3", - "dhcpv6.option.length": "40", - "dhcpv6.option.value": "30:bf:34:7e:00:00:54:60:00:00:87:00:00:05:00:18:fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", - "dhcpv6.iaid": "30bf347e", - "dhcpv6.iaid.t1": "21600", - "dhcpv6.iaid.t2": "34560", - "IA Address": { - "dhcpv6.option.type": "5", - "dhcpv6.option.length": "24", - "dhcpv6.option.value": "fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", - "dhcpv6.iaaddr.ip": "fd1e:4e89:3b7b::101", - "dhcpv6.iaaddr.pref_lifetime": "0", - "dhcpv6.iaaddr.valid_lifetime": "0" - } - }, - "Option Request": { - "dhcpv6.option.type": "6", - "dhcpv6.option.length": "6", - "dhcpv6.option.value": "00:17:00:18:00:1f", - "dhcpv6.requested_option_code": "23", - "dhcpv6.requested_option_code": "24", - "dhcpv6.requested_option_code": "31" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:50.209508000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495170.209508000", - "frame.time_delta": "0.008859000", - "frame.time_delta_displayed": "0.008859000", - "frame.time_relative": "1578.748822000", - "frame.number": "5510", - "frame.len": "78", - "frame.cap_len": "78", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:ff:00:01:01", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_ff:00:01:01", - "eth.addr": "33:33:ff:00:01:01", - "eth.addr_resolved": "IPv6mcast_ff:00:01:01", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "24", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "::", - "ipv6.addr": "::", - "ipv6.src_host": "::", - "ipv6.host": "::", - "ipv6.dst": "ff02::1:ff00:101", - "ipv6.addr": "ff02::1:ff00:101", - "ipv6.dst_host": "ff02::1:ff00:101", - "ipv6.host": "ff02::1:ff00:101", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "135", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000f182", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00:00:00", - "icmpv6.nd.ns.target_address": "fd1e:4e89:3b7b::101" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:50.221093000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495170.221093000", - "frame.time_delta": "0.011585000", - "frame.time_delta_displayed": "0.011585000", - "frame.time_relative": "1578.760407000", - "frame.number": "5511", - "frame.len": "110", - "frame.cap_len": "110", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "56", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000effa", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "2", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:50.274622000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495170.274622000", - "frame.time_delta": "0.053529000", - "frame.time_delta_displayed": "0.053529000", - "frame.time_relative": "1578.813936000", - "frame.number": "5512", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00002907", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008e5a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "91", - "http.prev_response_in": "1884" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:50.327458000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495170.327458000", - "frame.time_delta": "0.052836000", - "frame.time_delta_displayed": "0.052836000", - "frame.time_relative": "1578.866772000", - "frame.number": "5513", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000290c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008e4c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "92", - "http.prev_response_in": "5512" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:50.380293000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495170.380293000", - "frame.time_delta": "0.052835000", - "frame.time_delta_displayed": "0.052835000", - "frame.time_relative": "1578.919607000", - "frame.number": "5514", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00002911", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008e4d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "93", - "http.prev_response_in": "5513" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:50.393355000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495170.393355000", - "frame.time_delta": "0.013062000", - "frame.time_delta_displayed": "0.013062000", - "frame.time_relative": "1578.932669000", - "frame.number": "5515", - "frame.len": "62", - "frame.cap_len": "62", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:igmp:igmp" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_16", - "eth.addr": "01:00:5e:00:00:16", - "eth.addr_resolved": "IPv4mcast_16", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "24", - "ip.dsfield": "0x000000c0", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "48", - "ip.dsfield.ecn": "0" - }, - "ip.len": "48", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "2", - "ip.checksum": "0x000042f3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "224.0.0.22", - "ip.addr": "224.0.0.22", - "ip.dst_host": "224.0.0.22", - "ip.host": "224.0.0.22", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "Options: (4 bytes), Router Alert": { - "Router Alert (4 bytes): Router shall examine packet (0)": { - "ip.opt.type": "148", - "ip.opt.type_tree": { - "ip.opt.type.copy": "1", - "ip.opt.type.class": "0", - "ip.opt.type.number": "20" - }, - "ip.opt.len": "4", - "ip.opt.ra": "0" - } - } - }, - "igmp": { - "igmp.version": "3", - "igmp.type": "0x00000022", - "igmp.reserved": "00", - "igmp.checksum": "0x00000507", - "igmp.checksum.status": "1", - "igmp.reserved": "00:00", - "igmp.num_grp_recs": "2", - "Group Record : 224.0.0.251 Change To Exclude Mode": { - "igmp.record_type": "4", - "igmp.aux_data_len": "0", - "igmp.num_src": "0", - "igmp.maddr": "224.0.0.251" - }, - "Group Record : 239.255.255.250 Change To Exclude Mode": { - "igmp.record_type": "4", - "igmp.aux_data_len": "0", - "igmp.num_src": "0", - "igmp.maddr": "239.255.255.250" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:50.394590000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495170.394590000", - "frame.time_delta": "0.001235000", - "frame.time_delta_displayed": "0.001235000", - "frame.time_relative": "1578.933904000", - "frame.number": "5516", - "frame.len": "103", - "frame.cap_len": "103", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "89", - "ip.id": "0x00003cb0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00009ce9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "69", - "udp.checksum": "0x00000e5b", - "udp.checksum.status": "2", - "udp.stream": "38" - }, - "mdns": { - "dns.id": "0x00000001", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_FFACD959._sub._googlecast._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_FFACD959._sub._googlecast._tcp.local", - "dns.qry.name.len": "37", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:50.407948000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495170.407948000", - "frame.time_delta": "0.013358000", - "frame.time_delta_displayed": "0.013358000", - "frame.time_relative": "1578.947262000", - "frame.number": "5517", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x0000ee51", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ca23", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47508", - "tcp.dstport": "80", - "tcp.port": "47508", - "tcp.port": "80", - "tcp.stream": "202", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x0000a7c1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:5f:2d:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 941869, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "941869", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:50.408518000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495170.408518000", - "frame.time_delta": "0.000570000", - "frame.time_delta_displayed": "0.000570000", - "frame.time_relative": "1578.947832000", - "frame.number": "5518", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47508", - "tcp.port": "80", - "tcp.port": "47508", - "tcp.stream": "202", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000b329", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5517", - "tcp.analysis.ack_rtt": "0.000570000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:50.413398000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495170.413398000", - "frame.time_delta": "0.004880000", - "frame.time_delta_displayed": "0.004880000", - "frame.time_relative": "1578.952712000", - "frame.number": "5519", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000ee52", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ca36", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47508", - "tcp.dstport": "80", - "tcp.port": "47508", - "tcp.port": "80", - "tcp.stream": "202", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000064b1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5518", - "tcp.analysis.ack_rtt": "0.004880000", - "tcp.analysis.initial_rtt": "0.005450000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:50.414299000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495170.414299000", - "frame.time_delta": "0.000901000", - "frame.time_delta_displayed": "0.000901000", - "frame.time_relative": "1578.953613000", - "frame.number": "5520", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x0000ee53", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000c975", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47508", - "tcp.dstport": "80", - "tcp.port": "47508", - "tcp.port": "80", - "tcp.stream": "202", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000c42b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005450000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:50.414791000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495170.414791000", - "frame.time_delta": "0.000492000", - "frame.time_delta_displayed": "0.000492000", - "frame.time_relative": "1578.954105000", - "frame.number": "5521", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00008019", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003870", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47508", - "tcp.port": "80", - "tcp.port": "47508", - "tcp.stream": "202", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00005680", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5520", - "tcp.analysis.ack_rtt": "0.000492000", - "tcp.analysis.initial_rtt": "0.005450000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:50.415468000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495170.415468000", - "frame.time_delta": "0.000677000", - "frame.time_delta_displayed": "0.000677000", - "frame.time_relative": "1578.954782000", - "frame.number": "5522", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000801a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000385e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47508", - "tcp.port": "80", - "tcp.port": "47508", - "tcp.stream": "202", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000096a1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005450000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:50.415896000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495170.415896000", - "frame.time_delta": "0.000428000", - "frame.time_delta_displayed": "0.000428000", - "frame.time_relative": "1578.955210000", - "frame.number": "5523", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000801b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000348b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47508", - "tcp.port": "80", - "tcp.port": "47508", - "tcp.stream": "202", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000e90a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005450000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "5522", - "tcp.segment": "5523", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001597000", - "http.request_in": "5520", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:50.419361000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495170.419361000", - "frame.time_delta": "0.003465000", - "frame.time_delta_displayed": "0.003465000", - "frame.time_relative": "1578.958675000", - "frame.number": "5524", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000ee54", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ca34", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47508", - "tcp.dstport": "80", - "tcp.port": "47508", - "tcp.port": "80", - "tcp.stream": "202", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000063e0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5522", - "tcp.analysis.ack_rtt": "0.003893000", - "tcp.analysis.initial_rtt": "0.005450000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:50.420033000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495170.420033000", - "frame.time_delta": "0.000672000", - "frame.time_delta_displayed": "0.000672000", - "frame.time_relative": "1578.959347000", - "frame.number": "5525", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000ee55", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ca33", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47508", - "tcp.dstport": "80", - "tcp.port": "47508", - "tcp.port": "80", - "tcp.stream": "202", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00005ff5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5523", - "tcp.analysis.ack_rtt": "0.004137000", - "tcp.analysis.initial_rtt": "0.005450000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:50.421027000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495170.421027000", - "frame.time_delta": "0.000994000", - "frame.time_delta_displayed": "0.000994000", - "frame.time_relative": "1578.960341000", - "frame.number": "5526", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000ee56", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ca32", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47508", - "tcp.dstport": "80", - "tcp.port": "47508", - "tcp.port": "80", - "tcp.stream": "202", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00005ff4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:50.421470000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495170.421470000", - "frame.time_delta": "0.000443000", - "frame.time_delta_displayed": "0.000443000", - "frame.time_relative": "1578.960784000", - "frame.number": "5527", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000ba0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ace9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47508", - "tcp.port": "80", - "tcp.port": "47508", - "tcp.stream": "202", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000528a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5526", - "tcp.analysis.ack_rtt": "0.000443000", - "tcp.analysis.initial_rtt": "0.005450000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:50.424093000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495170.424093000", - "frame.time_delta": "0.002623000", - "frame.time_delta_displayed": "0.002623000", - "frame.time_relative": "1578.963407000", - "frame.number": "5528", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000135a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a52f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47508", - "tcp.dstport": "80", - "tcp.port": "47508", - "tcp.port": "80", - "tcp.stream": "202", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00006e1c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:50.849433000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495170.849433000", - "frame.time_delta": "0.425340000", - "frame.time_delta_displayed": "0.425340000", - "frame.time_relative": "1579.388747000", - "frame.number": "5529", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:igmp:igmp" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_16", - "eth.addr": "01:00:5e:00:00:16", - "eth.addr_resolved": "IPv4mcast_16", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "24", - "ip.dsfield": "0x000000c0", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "48", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "2", - "ip.checksum": "0x000042fb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "224.0.0.22", - "ip.addr": "224.0.0.22", - "ip.dst_host": "224.0.0.22", - "ip.host": "224.0.0.22", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "Options: (4 bytes), Router Alert": { - "Router Alert (4 bytes): Router shall examine packet (0)": { - "ip.opt.type": "148", - "ip.opt.type_tree": { - "ip.opt.type.copy": "1", - "ip.opt.type.class": "0", - "ip.opt.type.number": "20" - }, - "ip.opt.len": "4", - "ip.opt.ra": "0" - } - } - }, - "igmp": { - "igmp.version": "3", - "igmp.type": "0x00000022", - "igmp.reserved": "00", - "igmp.checksum": "0x0000f902", - "igmp.checksum.status": "1", - "igmp.reserved": "00:00", - "igmp.num_grp_recs": "1", - "Group Record : 224.0.0.251 Change To Exclude Mode": { - "igmp.record_type": "4", - "igmp.aux_data_len": "0", - "igmp.num_src": "0", - "igmp.maddr": "224.0.0.251" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:51.223151000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495171.223151000", - "frame.time_delta": "0.373718000", - "frame.time_delta_displayed": "0.373718000", - "frame.time_relative": "1579.762465000", - "frame.number": "5530", - "frame.len": "62", - "frame.cap_len": "62", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_02", - "eth.addr": "33:33:00:00:00:02", - "eth.addr_resolved": "IPv6mcast_02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "8", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "::", - "ipv6.addr": "::", - "ipv6.src_host": "::", - "ipv6.host": "::", - "ipv6.dst": "ff02::2", - "ipv6.addr": "ff02::2", - "ipv6.dst_host": "ff02::2", - "ipv6.host": "ff02::2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "133", - "icmpv6.code": "0", - "icmpv6.checksum": "0x00007bb8", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:51.225422000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495171.225422000", - "frame.time_delta": "0.002271000", - "frame.time_delta_displayed": "0.002271000", - "frame.time_relative": "1579.764736000", - "frame.number": "5531", - "frame.len": "174", - "frame.cap_len": "174", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:01", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01", - "eth.addr": "33:33:00:00:00:01", - "eth.addr_resolved": "IPv6mcast_01", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00016898", - "ipv6.plen": "120", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "fe80::b2b9:8aff:fe73:698e", - "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.dst": "ff02::1", - "ipv6.addr": "ff02::1", - "ipv6.dst_host": "ff02::1", - "ipv6.host": "ff02::1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "134", - "icmpv6.code": "0", - "icmpv6.checksum": "0x00006442", - "icmpv6.checksum.status": "1", - "icmpv6.nd.ra.cur_hop_limit": "64", - "icmpv6.nd.ra.flag": "0x000000c0", - "icmpv6.nd.ra.flag_tree": { - "icmpv6.nd.ra.flag.m": "1", - "icmpv6.nd.ra.flag.o": "1", - "icmpv6.nd.ra.flag.h": "0", - "icmpv6.nd.ra.flag.prf": "0", - "icmpv6.nd.ra.flag.p": "0", - "icmpv6.nd.ra.flag.rsv": "0" - }, - "icmpv6.nd.ra.router_lifetime": "0", - "icmpv6.nd.ra.reachable_time": "0", - "icmpv6.nd.ra.retrans_timer": "0", - "icmpv6.opt": { - "icmpv6.opt.type": "1", - "icmpv6.opt.length": "1", - "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", - "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "5", - "icmpv6.opt.length": "1", - "icmpv6.opt.reserved": "", - "icmpv6.opt.mtu": "1500" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "3", - "icmpv6.opt.length": "4", - "icmpv6.opt.prefix.length": "64", - "icmpv6.opt.prefix.flag": "0x000000c0", - "icmpv6.opt.prefix.flag_tree": { - "icmpv6.opt.prefix.flag.l": "1", - "icmpv6.opt.prefix.flag.a": "1", - "icmpv6.opt.prefix.flag.r": "0", - "icmpv6.opt.prefix.flag.reserved": "0" - }, - "icmpv6.opt.prefix.valid_lifetime": "4294967295", - "icmpv6.opt.prefix.preferred_lifetime": "4294967295", - "icmpv6.opt.reserved": "", - "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "24", - "icmpv6.opt.length": "3", - "icmpv6.opt.prefix.length": "48", - "icmpv6.opt.route_info.flag": "0x00000000", - "icmpv6.opt.route_info.flag_tree": { - "icmpv6.opt.route_info.flag.route_preference": "0", - "icmpv6.opt.route_info.flag.reserved": "0" - }, - "icmpv6.opt.route_lifetime": "4294967295", - "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "25", - "icmpv6.opt.length": "3", - "icmpv6.opt.reserved": "", - "icmpv6.opt.rdnss.lifetime": "6000", - "icmpv6.opt.rdnss": "fd1e:4e89:3b7b::1" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "7", - "icmpv6.opt.length": "1", - "icmpv6.opt.reserved": "", - "icmpv6.opt.advertisement_interval": "600000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:51.229960000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495171.229960000", - "frame.time_delta": "0.004538000", - "frame.time_delta_displayed": "0.004538000", - "frame.time_relative": "1579.769274000", - "frame.number": "5532", - "frame.len": "150", - "frame.cap_len": "150", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "96", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000b490", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "4", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::fb" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:51.313261000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495171.313261000", - "frame.time_delta": "0.083301000", - "frame.time_delta_displayed": "0.083301000", - "frame.time_relative": "1579.852575000", - "frame.number": "5533", - "frame.len": "103", - "frame.cap_len": "103", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "89", - "ip.id": "0x00003ccd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00009ccc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "69", - "udp.checksum": "0x00000f5a", - "udp.checksum.status": "2", - "udp.stream": "38" - }, - "mdns": { - "dns.id": "0x00000002", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_FFACD959._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_FFACD959._sub._googlecast._tcp.local", - "dns.qry.name.len": "37", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:51.326718000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495171.326718000", - "frame.time_delta": "0.013457000", - "frame.time_delta_displayed": "0.013457000", - "frame.time_relative": "1579.866032000", - "frame.number": "5534", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00002952", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008e0f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "94", - "http.prev_response_in": "5514" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:51.333159000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495171.333159000", - "frame.time_delta": "0.006441000", - "frame.time_delta_displayed": "0.006441000", - "frame.time_relative": "1579.872473000", - "frame.number": "5535", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x00004d84", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006af1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47512", - "tcp.dstport": "80", - "tcp.port": "47512", - "tcp.port": "80", - "tcp.stream": "203", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x000033c1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:5f:89:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 941961, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "941961", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:51.333701000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495171.333701000", - "frame.time_delta": "0.000542000", - "frame.time_delta_displayed": "0.000542000", - "frame.time_relative": "1579.873015000", - "frame.number": "5536", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47512", - "tcp.port": "80", - "tcp.port": "47512", - "tcp.stream": "203", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000a4bd", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5535", - "tcp.analysis.ack_rtt": "0.000542000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:51.336598000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495171.336598000", - "frame.time_delta": "0.002897000", - "frame.time_delta_displayed": "0.002897000", - "frame.time_relative": "1579.875912000", - "frame.number": "5537", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00004d85", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006b04", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47512", - "tcp.dstport": "80", - "tcp.port": "47512", - "tcp.port": "80", - "tcp.stream": "203", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00005645", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5536", - "tcp.analysis.ack_rtt": "0.002897000", - "tcp.analysis.initial_rtt": "0.003439000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:51.336719000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495171.336719000", - "frame.time_delta": "0.000121000", - "frame.time_delta_displayed": "0.000121000", - "frame.time_relative": "1579.876033000", - "frame.number": "5538", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x00004d86", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006a43", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47512", - "tcp.dstport": "80", - "tcp.port": "47512", - "tcp.port": "80", - "tcp.stream": "203", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000b5bf", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003439000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:51.337175000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495171.337175000", - "frame.time_delta": "0.000456000", - "frame.time_delta_displayed": "0.000456000", - "frame.time_relative": "1579.876489000", - "frame.number": "5539", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001028", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a861", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47512", - "tcp.port": "80", - "tcp.port": "47512", - "tcp.stream": "203", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00004814", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5538", - "tcp.analysis.ack_rtt": "0.000456000", - "tcp.analysis.initial_rtt": "0.003439000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:51.337889000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495171.337889000", - "frame.time_delta": "0.000714000", - "frame.time_delta_displayed": "0.000714000", - "frame.time_relative": "1579.877203000", - "frame.number": "5540", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00001029", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a84f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47512", - "tcp.port": "80", - "tcp.port": "47512", - "tcp.stream": "203", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00008835", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003439000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:51.338314000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495171.338314000", - "frame.time_delta": "0.000425000", - "frame.time_delta_displayed": "0.000425000", - "frame.time_relative": "1579.877628000", - "frame.number": "5541", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000102a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a47c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47512", - "tcp.port": "80", - "tcp.port": "47512", - "tcp.stream": "203", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000da9e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003439000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "5540", - "tcp.segment": "5541", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001595000", - "http.request_in": "5538", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:51.339169000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495171.339169000", - "frame.time_delta": "0.000855000", - "frame.time_delta_displayed": "0.000855000", - "frame.time_relative": "1579.878483000", - "frame.number": "5542", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000102b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a47b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47512", - "tcp.port": "80", - "tcp.port": "47512", - "tcp.stream": "203", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000da9e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003439000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.out_of_order": "", - "_ws.expert.message": "This frame is a (suspected) out-of-order segment", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - } - } - }, - "_ws.malformed": { - "_ws.expert": { - "_ws.malformed.reassembly": "", - "_ws.expert.message": "New fragment overlaps old data (retransmission?)", - "_ws.expert.severity": "8388608", - "_ws.expert.group": "117440512" - }, - "_ws.malformed": "Malformed Packet" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:51.340509000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495171.340509000", - "frame.time_delta": "0.001340000", - "frame.time_delta_displayed": "0.001340000", - "frame.time_relative": "1579.879823000", - "frame.number": "5543", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00004d87", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006b02", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47512", - "tcp.dstport": "80", - "tcp.port": "47512", - "tcp.port": "80", - "tcp.stream": "203", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00005574", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5540", - "tcp.analysis.ack_rtt": "0.002620000", - "tcp.analysis.initial_rtt": "0.003439000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:51.419409000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495171.419409000", - "frame.time_delta": "0.078900000", - "frame.time_delta_displayed": "0.078900000", - "frame.time_relative": "1579.958723000", - "frame.number": "5544", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00004d88", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006b01", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47512", - "tcp.dstport": "80", - "tcp.port": "47512", - "tcp.port": "80", - "tcp.stream": "203", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00005189", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5541", - "tcp.analysis.ack_rtt": "0.081095000", - "tcp.analysis.initial_rtt": "0.003439000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:51.419457000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495171.419457000", - "frame.time_delta": "0.000048000", - "frame.time_delta_displayed": "0.000048000", - "frame.time_relative": "1579.958771000", - "frame.number": "5545", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00004d89", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006af4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47512", - "tcp.dstport": "80", - "tcp.port": "47512", - "tcp.port": "80", - "tcp.stream": "203", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000d04a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:05:0a:d7:94:cc:0c:d7:94:cf:f0", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "SACK: 18-1014": { - "tcp.option_kind": "5", - "tcp.option_len": "10", - "tcp.options.sack": "1", - "tcp.options.sack_le": "18", - "tcp.options.sack_re": "1014", - "tcp.options.sack.count": "1" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003439000", - "tcp.analysis.flags": { - "tcp.analysis.duplicate_ack": "" - }, - "tcp.analysis.duplicate_ack_num": "1", - "tcp.analysis.duplicate_ack_frame": "5544", - "tcp.analysis.duplicate_ack_frame_tree": { - "_ws.expert": { - "tcp.analysis.duplicate_ack": "", - "_ws.expert.message": "Duplicate ACK (#1)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:51.419495000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495171.419495000", - "frame.time_delta": "0.000038000", - "frame.time_delta_displayed": "0.000038000", - "frame.time_relative": "1579.958809000", - "frame.number": "5546", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00004d8a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006aff", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47512", - "tcp.dstport": "80", - "tcp.port": "47512", - "tcp.port": "80", - "tcp.stream": "203", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00005188", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:51.419342000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495171.419342000", - "frame.time_delta": "-0.000153000", - "frame.time_delta_displayed": "-0.000153000", - "frame.time_relative": "1579.958656000", - "frame.number": "5547", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00002953", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008e05", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "95", - "http.prev_response_in": "5534" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:51.423605000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495171.423605000", - "frame.time_delta": "0.004263000", - "frame.time_delta_displayed": "0.004263000", - "frame.time_relative": "1579.962919000", - "frame.number": "5548", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000bb5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000acd4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47512", - "tcp.port": "80", - "tcp.port": "47512", - "tcp.stream": "203", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000441e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5546", - "tcp.analysis.ack_rtt": "0.004110000", - "tcp.analysis.initial_rtt": "0.003439000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:51.433806000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495171.433806000", - "frame.time_delta": "0.010201000", - "frame.time_delta_displayed": "0.010201000", - "frame.time_relative": "1579.973120000", - "frame.number": "5549", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00002956", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008e08", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "96", - "http.prev_response_in": "5547" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:51.463820000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495171.463820000", - "frame.time_delta": "0.030014000", - "frame.time_delta_displayed": "0.030014000", - "frame.time_relative": "1580.003134000", - "frame.number": "5550", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001382", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a507", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47512", - "tcp.dstport": "80", - "tcp.port": "47512", - "tcp.port": "80", - "tcp.stream": "203", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000fa77", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:51.473089000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495171.473089000", - "frame.time_delta": "0.009269000", - "frame.time_delta_displayed": "0.009269000", - "frame.time_relative": "1580.012403000", - "frame.number": "5551", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x0000ca08", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ee6c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47513", - "tcp.dstport": "80", - "tcp.port": "47513", - "tcp.port": "80", - "tcp.stream": "204", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x00009942", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:5f:97:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 941975, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "941975", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:51.473623000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495171.473623000", - "frame.time_delta": "0.000534000", - "frame.time_delta_displayed": "0.000534000", - "frame.time_relative": "1580.012937000", - "frame.number": "5552", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47513", - "tcp.port": "80", - "tcp.port": "47513", - "tcp.stream": "204", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000416a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5551", - "tcp.analysis.ack_rtt": "0.000534000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:51.479989000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495171.479989000", - "frame.time_delta": "0.006366000", - "frame.time_delta_displayed": "0.006366000", - "frame.time_relative": "1580.019303000", - "frame.number": "5553", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000ca09", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ee7f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47513", - "tcp.dstport": "80", - "tcp.port": "47513", - "tcp.port": "80", - "tcp.stream": "204", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000f2f1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5552", - "tcp.analysis.ack_rtt": "0.006366000", - "tcp.analysis.initial_rtt": "0.006900000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:51.480336000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495171.480336000", - "frame.time_delta": "0.000347000", - "frame.time_delta_displayed": "0.000347000", - "frame.time_relative": "1580.019650000", - "frame.number": "5554", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x0000ca0a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000edbe", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47513", - "tcp.dstport": "80", - "tcp.port": "47513", - "tcp.port": "80", - "tcp.stream": "204", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000526c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.006900000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:51.480813000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495171.480813000", - "frame.time_delta": "0.000477000", - "frame.time_delta_displayed": "0.000477000", - "frame.time_relative": "1580.020127000", - "frame.number": "5555", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000bba5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000fce3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47513", - "tcp.port": "80", - "tcp.port": "47513", - "tcp.stream": "204", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000e4c0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5554", - "tcp.analysis.ack_rtt": "0.000477000", - "tcp.analysis.initial_rtt": "0.006900000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:51.481485000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495171.481485000", - "frame.time_delta": "0.000672000", - "frame.time_delta_displayed": "0.000672000", - "frame.time_relative": "1580.020799000", - "frame.number": "5556", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000bba6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000fcd1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47513", - "tcp.port": "80", - "tcp.port": "47513", - "tcp.stream": "204", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000024e2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.006900000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:51.481839000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495171.481839000", - "frame.time_delta": "0.000354000", - "frame.time_delta_displayed": "0.000354000", - "frame.time_relative": "1580.021153000", - "frame.number": "5557", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000bba7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f8fe", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47513", - "tcp.port": "80", - "tcp.port": "47513", - "tcp.stream": "204", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000774b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.006900000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "5556", - "tcp.segment": "5557", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001503000", - "http.request_in": "5554", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:51.484708000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495171.484708000", - "frame.time_delta": "0.002869000", - "frame.time_delta_displayed": "0.002869000", - "frame.time_relative": "1580.024022000", - "frame.number": "5558", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000ca0b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ee7d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47513", - "tcp.dstport": "80", - "tcp.port": "47513", - "tcp.port": "80", - "tcp.stream": "204", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000f220", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5556", - "tcp.analysis.ack_rtt": "0.003223000", - "tcp.analysis.initial_rtt": "0.006900000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:51.484818000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495171.484818000", - "frame.time_delta": "0.000110000", - "frame.time_delta_displayed": "0.000110000", - "frame.time_relative": "1580.024132000", - "frame.number": "5559", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000ca0c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ee7c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47513", - "tcp.dstport": "80", - "tcp.port": "47513", - "tcp.port": "80", - "tcp.stream": "204", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000ee35", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5557", - "tcp.analysis.ack_rtt": "0.002979000", - "tcp.analysis.initial_rtt": "0.006900000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:51.485342000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495171.485342000", - "frame.time_delta": "0.000524000", - "frame.time_delta_displayed": "0.000524000", - "frame.time_relative": "1580.024656000", - "frame.number": "5560", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000ca0d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ee7b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47513", - "tcp.dstport": "80", - "tcp.port": "47513", - "tcp.port": "80", - "tcp.stream": "204", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000ee34", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:51.485747000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495171.485747000", - "frame.time_delta": "0.000405000", - "frame.time_delta_displayed": "0.000405000", - "frame.time_relative": "1580.025061000", - "frame.number": "5561", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000bb6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000acd3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47513", - "tcp.port": "80", - "tcp.port": "47513", - "tcp.stream": "204", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000e0ca", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5560", - "tcp.analysis.ack_rtt": "0.000405000", - "tcp.analysis.initial_rtt": "0.006900000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:51.491007000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495171.491007000", - "frame.time_delta": "0.005260000", - "frame.time_delta_displayed": "0.005260000", - "frame.time_relative": "1580.030321000", - "frame.number": "5562", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001385", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a504", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47513", - "tcp.dstport": "80", - "tcp.port": "47513", - "tcp.port": "80", - "tcp.stream": "204", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00006007", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:51.600957000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495171.600957000", - "frame.time_delta": "0.109950000", - "frame.time_delta_displayed": "0.109950000", - "frame.time_relative": "1580.140271000", - "frame.number": "5563", - "frame.len": "150", - "frame.cap_len": "150", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "96", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000b590", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "4", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::fb" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:51.908353000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495171.908353000", - "frame.time_delta": "0.307396000", - "frame.time_delta_displayed": "0.307396000", - "frame.time_relative": "1580.447667000", - "frame.number": "5564", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00002963", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008dfe", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "97", - "http.prev_response_in": "5549" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:51.961178000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495171.961178000", - "frame.time_delta": "0.052825000", - "frame.time_delta_displayed": "0.052825000", - "frame.time_relative": "1580.500492000", - "frame.number": "5565", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00002965", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008df3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "98", - "http.prev_response_in": "5564" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:52.013987000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495172.013987000", - "frame.time_delta": "0.052809000", - "frame.time_delta_displayed": "0.052809000", - "frame.time_relative": "1580.553301000", - "frame.number": "5566", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00002969", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008df5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "99", - "http.prev_response_in": "5565" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:52.030577000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495172.030577000", - "frame.time_delta": "0.016590000", - "frame.time_delta_displayed": "0.016590000", - "frame.time_relative": "1580.569891000", - "frame.number": "5567", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" - }, - "eth": { - "eth.dst": "33:33:00:01:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:02", - "eth.addr": "33:33:00:01:00:02", - "eth.addr_resolved": "IPv6mcast_01:00:02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "66", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::1:2", - "ipv6.addr": "ff02::1:2", - "ipv6.dst_host": "ff02::1:2", - "ipv6.host": "ff02::1:2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "546", - "udp.dstport": "547", - "udp.port": "546", - "udp.port": "547", - "udp.length": "66", - "udp.checksum": "0x00002883", - "udp.checksum.status": "2", - "udp.stream": "15" - }, - "dhcpv6": { - "dhcpv6.msgtype": "1", - "dhcpv6.xid": "0x004ef40b", - "Elapsed time": { - "dhcpv6.option.type": "8", - "dhcpv6.option.length": "2", - "dhcpv6.option.value": "00:00", - "dhcpv6.elapsed_time": "0" - }, - "Rapid Commit": { - "dhcpv6.option.type": "14", - "dhcpv6.option.length": "0" - }, - "Client Identifier": { - "dhcpv6.option.type": "1", - "dhcpv6.option.length": "14", - "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.type": "1", - "dhcpv6.duidllt.hwtype": "1", - "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", - "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" - }, - "Identity Association for Non-temporary Address": { - "dhcpv6.option.type": "3", - "dhcpv6.option.length": "12", - "dhcpv6.option.value": "30:bf:34:7e:00:00:00:00:00:00:00:00", - "dhcpv6.iaid": "30bf347e", - "dhcpv6.iaid.t1": "0", - "dhcpv6.iaid.t2": "0" - }, - "Option Request": { - "dhcpv6.option.type": "6", - "dhcpv6.option.length": "6", - "dhcpv6.option.value": "00:17:00:18:00:1f", - "dhcpv6.requested_option_code": "23", - "dhcpv6.requested_option_code": "24", - "dhcpv6.requested_option_code": "31" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:52.036903000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495172.036903000", - "frame.time_delta": "0.006326000", - "frame.time_delta_displayed": "0.006326000", - "frame.time_relative": "1580.576217000", - "frame.number": "5568", - "frame.len": "158", - "frame.cap_len": "158", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" - }, - "eth": { - "eth.dst": "33:33:00:01:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:02", - "eth.addr": "33:33:00:01:00:02", - "eth.addr_resolved": "IPv6mcast_01:00:02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "104", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::1:2", - "ipv6.addr": "ff02::1:2", - "ipv6.dst_host": "ff02::1:2", - "ipv6.host": "ff02::1:2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "546", - "udp.dstport": "547", - "udp.port": "546", - "udp.port": "547", - "udp.length": "104", - "udp.checksum": "0x0000156f", - "udp.checksum.status": "2", - "udp.stream": "15" - }, - "dhcpv6": { - "dhcpv6.msgtype": "3", - "dhcpv6.xid": "0x00cdfbd8", - "Elapsed time": { - "dhcpv6.option.type": "8", - "dhcpv6.option.length": "2", - "dhcpv6.option.value": "00:00", - "dhcpv6.elapsed_time": "0" - }, - "Server Identifier": { - "dhcpv6.option.type": "2", - "dhcpv6.option.length": "10", - "dhcpv6.option.value": "00:03:00:01:b0:b9:8a:73:69:8e", - "dhcpv6.duid.bytes": "00:03:00:01:b0:b9:8a:73:69:8e", - "dhcpv6.duid.type": "3", - "dhcpv6.duidll.hwtype": "1", - "dhcpv6.duidll.link_layer_addr": "b0:b9:8a:73:69:8e" - }, - "Client Identifier": { - "dhcpv6.option.type": "1", - "dhcpv6.option.length": "14", - "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.type": "1", - "dhcpv6.duidllt.hwtype": "1", - "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", - "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" - }, - "Identity Association for Non-temporary Address": { - "dhcpv6.option.type": "3", - "dhcpv6.option.length": "40", - "dhcpv6.option.value": "30:bf:34:7e:00:00:54:60:00:00:87:00:00:05:00:18:fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", - "dhcpv6.iaid": "30bf347e", - "dhcpv6.iaid.t1": "21600", - "dhcpv6.iaid.t2": "34560", - "IA Address": { - "dhcpv6.option.type": "5", - "dhcpv6.option.length": "24", - "dhcpv6.option.value": "fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", - "dhcpv6.iaaddr.ip": "fd1e:4e89:3b7b::101", - "dhcpv6.iaaddr.pref_lifetime": "0", - "dhcpv6.iaaddr.valid_lifetime": "0" - } - }, - "Option Request": { - "dhcpv6.option.type": "6", - "dhcpv6.option.length": "6", - "dhcpv6.option.value": "00:17:00:18:00:1f", - "dhcpv6.requested_option_code": "23", - "dhcpv6.requested_option_code": "24", - "dhcpv6.requested_option_code": "31" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:52.045872000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495172.045872000", - "frame.time_delta": "0.008969000", - "frame.time_delta_displayed": "0.008969000", - "frame.time_relative": "1580.585186000", - "frame.number": "5569", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x00009fbd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000018b8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47517", - "tcp.dstport": "80", - "tcp.port": "47517", - "tcp.port": "80", - "tcp.stream": "205", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x0000534b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:5f:d0:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 942032, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "942032", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:52.046456000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495172.046456000", - "frame.time_delta": "0.000584000", - "frame.time_delta_displayed": "0.000584000", - "frame.time_relative": "1580.585770000", - "frame.number": "5570", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47517", - "tcp.port": "80", - "tcp.port": "47517", - "tcp.stream": "205", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00007f1b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5569", - "tcp.analysis.ack_rtt": "0.000584000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:52.053849000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495172.053849000", - "frame.time_delta": "0.007393000", - "frame.time_delta_displayed": "0.007393000", - "frame.time_relative": "1580.593163000", - "frame.number": "5571", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00009fbe", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000018cb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47517", - "tcp.dstport": "80", - "tcp.port": "47517", - "tcp.port": "80", - "tcp.stream": "205", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000030a3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5570", - "tcp.analysis.ack_rtt": "0.007393000", - "tcp.analysis.initial_rtt": "0.007977000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:52.053902000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495172.053902000", - "frame.time_delta": "0.000053000", - "frame.time_delta_displayed": "0.000053000", - "frame.time_relative": "1580.593216000", - "frame.number": "5572", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x00009fbf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000180a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47517", - "tcp.dstport": "80", - "tcp.port": "47517", - "tcp.port": "80", - "tcp.stream": "205", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000901d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.007977000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:52.054421000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495172.054421000", - "frame.time_delta": "0.000519000", - "frame.time_delta_displayed": "0.000519000", - "frame.time_relative": "1580.593735000", - "frame.number": "5573", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000ad7a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000b0f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47517", - "tcp.port": "80", - "tcp.port": "47517", - "tcp.stream": "205", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00002272", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5572", - "tcp.analysis.ack_rtt": "0.000519000", - "tcp.analysis.initial_rtt": "0.007977000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:52.055200000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495172.055200000", - "frame.time_delta": "0.000779000", - "frame.time_delta_displayed": "0.000779000", - "frame.time_relative": "1580.594514000", - "frame.number": "5574", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000ad7b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000afd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47517", - "tcp.port": "80", - "tcp.port": "47517", - "tcp.stream": "205", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00006293", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.007977000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:52.055647000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495172.055647000", - "frame.time_delta": "0.000447000", - "frame.time_delta_displayed": "0.000447000", - "frame.time_relative": "1580.594961000", - "frame.number": "5575", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000ad7c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000072a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47517", - "tcp.port": "80", - "tcp.port": "47517", - "tcp.stream": "205", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000b4fc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.007977000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "5574", - "tcp.segment": "5575", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001745000", - "http.request_in": "5572", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:52.056177000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495172.056177000", - "frame.time_delta": "0.000530000", - "frame.time_delta_displayed": "0.000530000", - "frame.time_relative": "1580.595491000", - "frame.number": "5576", - "frame.len": "78", - "frame.cap_len": "78", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:ff:00:01:01", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_ff:00:01:01", - "eth.addr": "33:33:ff:00:01:01", - "eth.addr_resolved": "IPv6mcast_ff:00:01:01", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "24", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "::", - "ipv6.addr": "::", - "ipv6.src_host": "::", - "ipv6.host": "::", - "ipv6.dst": "ff02::1:ff00:101", - "ipv6.addr": "ff02::1:ff00:101", - "ipv6.dst_host": "ff02::1:ff00:101", - "ipv6.host": "ff02::1:ff00:101", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "135", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000f182", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00:00:00", - "icmpv6.nd.ns.target_address": "fd1e:4e89:3b7b::101" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:52.059939000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495172.059939000", - "frame.time_delta": "0.003762000", - "frame.time_delta_displayed": "0.003762000", - "frame.time_relative": "1580.599253000", - "frame.number": "5577", - "frame.len": "110", - "frame.cap_len": "110", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "56", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000effa", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "2", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:52.060407000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495172.060407000", - "frame.time_delta": "0.000468000", - "frame.time_delta_displayed": "0.000468000", - "frame.time_relative": "1580.599721000", - "frame.number": "5578", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00009fc0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000018c9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47517", - "tcp.dstport": "80", - "tcp.port": "47517", - "tcp.port": "80", - "tcp.stream": "205", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00002fd2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5574", - "tcp.analysis.ack_rtt": "0.005207000", - "tcp.analysis.initial_rtt": "0.007977000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:52.060743000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495172.060743000", - "frame.time_delta": "0.000336000", - "frame.time_delta_displayed": "0.000336000", - "frame.time_relative": "1580.600057000", - "frame.number": "5579", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00009fc1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000018c8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47517", - "tcp.dstport": "80", - "tcp.port": "47517", - "tcp.port": "80", - "tcp.stream": "205", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00002be7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5575", - "tcp.analysis.ack_rtt": "0.005096000", - "tcp.analysis.initial_rtt": "0.007977000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:52.064033000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495172.064033000", - "frame.time_delta": "0.003290000", - "frame.time_delta_displayed": "0.003290000", - "frame.time_relative": "1580.603347000", - "frame.number": "5580", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00009fc2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000018c7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47517", - "tcp.dstport": "80", - "tcp.port": "47517", - "tcp.port": "80", - "tcp.stream": "205", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00002be6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:52.064515000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495172.064515000", - "frame.time_delta": "0.000482000", - "frame.time_delta_displayed": "0.000482000", - "frame.time_relative": "1580.603829000", - "frame.number": "5581", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000bc3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000acc6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47517", - "tcp.port": "80", - "tcp.port": "47517", - "tcp.stream": "205", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00001e7c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5580", - "tcp.analysis.ack_rtt": "0.000482000", - "tcp.analysis.initial_rtt": "0.007977000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:52.069756000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495172.069756000", - "frame.time_delta": "0.005241000", - "frame.time_delta_displayed": "0.005241000", - "frame.time_relative": "1580.609070000", - "frame.number": "5582", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000013b1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a4d8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47517", - "tcp.dstport": "80", - "tcp.port": "47517", - "tcp.port": "80", - "tcp.stream": "205", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00001a49", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:52.413307000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495172.413307000", - "frame.time_delta": "0.343551000", - "frame.time_delta_displayed": "0.343551000", - "frame.time_relative": "1580.952621000", - "frame.number": "5583", - "frame.len": "103", - "frame.cap_len": "103", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "89", - "ip.id": "0x00003ce5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00009cb4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "69", - "udp.checksum": "0x00000f59", - "udp.checksum.status": "2", - "udp.stream": "38" - }, - "mdns": { - "dns.id": "0x00000003", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_FFACD959._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_FFACD959._sub._googlecast._tcp.local", - "dns.qry.name.len": "37", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:52.960655000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495172.960655000", - "frame.time_delta": "0.547348000", - "frame.time_delta_displayed": "0.547348000", - "frame.time_relative": "1581.499969000", - "frame.number": "5584", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x000029ad", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008db4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "100", - "http.prev_response_in": "5566" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:52.982639000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495172.982639000", - "frame.time_delta": "0.021984000", - "frame.time_delta_displayed": "0.021984000", - "frame.time_relative": "1581.521953000", - "frame.number": "5585", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x0000c050", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f824", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47522", - "tcp.dstport": "80", - "tcp.port": "47522", - "tcp.port": "80", - "tcp.stream": "206", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x0000deb5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:60:2e:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 942126, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "942126", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:52.983203000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495172.983203000", - "frame.time_delta": "0.000564000", - "frame.time_delta_displayed": "0.000564000", - "frame.time_relative": "1581.522517000", - "frame.number": "5586", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47522", - "tcp.port": "80", - "tcp.port": "47522", - "tcp.stream": "206", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00004fb9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5585", - "tcp.analysis.ack_rtt": "0.000564000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:52.986205000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495172.986205000", - "frame.time_delta": "0.003002000", - "frame.time_delta_displayed": "0.003002000", - "frame.time_relative": "1581.525519000", - "frame.number": "5587", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000c051", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f837", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47522", - "tcp.dstport": "80", - "tcp.port": "47522", - "tcp.port": "80", - "tcp.stream": "206", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00000141", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5586", - "tcp.analysis.ack_rtt": "0.003002000", - "tcp.analysis.initial_rtt": "0.003566000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:52.986352000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495172.986352000", - "frame.time_delta": "0.000147000", - "frame.time_delta_displayed": "0.000147000", - "frame.time_relative": "1581.525666000", - "frame.number": "5588", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x0000c052", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f776", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47522", - "tcp.dstport": "80", - "tcp.port": "47522", - "tcp.port": "80", - "tcp.stream": "206", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000060bb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003566000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:52.986798000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495172.986798000", - "frame.time_delta": "0.000446000", - "frame.time_delta_displayed": "0.000446000", - "frame.time_relative": "1581.526112000", - "frame.number": "5589", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000a38", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ae51", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47522", - "tcp.port": "80", - "tcp.port": "47522", - "tcp.stream": "206", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000f30f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5588", - "tcp.analysis.ack_rtt": "0.000446000", - "tcp.analysis.initial_rtt": "0.003566000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:52.987548000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495172.987548000", - "frame.time_delta": "0.000750000", - "frame.time_delta_displayed": "0.000750000", - "frame.time_relative": "1581.526862000", - "frame.number": "5590", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00000a39", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ae3f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47522", - "tcp.port": "80", - "tcp.port": "47522", - "tcp.stream": "206", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00003331", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003566000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:52.987940000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495172.987940000", - "frame.time_delta": "0.000392000", - "frame.time_delta_displayed": "0.000392000", - "frame.time_relative": "1581.527254000", - "frame.number": "5591", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00000a3a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000aa6c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47522", - "tcp.port": "80", - "tcp.port": "47522", - "tcp.stream": "206", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000859a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003566000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "5590", - "tcp.segment": "5591", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001588000", - "http.request_in": "5588", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:52.989205000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495172.989205000", - "frame.time_delta": "0.001265000", - "frame.time_delta_displayed": "0.001265000", - "frame.time_relative": "1581.528519000", - "frame.number": "5592", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00000a3b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000aa6b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47522", - "tcp.port": "80", - "tcp.port": "47522", - "tcp.stream": "206", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000859a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003566000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.out_of_order": "", - "_ws.expert.message": "This frame is a (suspected) out-of-order segment", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - } - } - }, - "_ws.malformed": { - "_ws.expert": { - "_ws.malformed.reassembly": "", - "_ws.expert.message": "New fragment overlaps old data (retransmission?)", - "_ws.expert.severity": "8388608", - "_ws.expert.group": "117440512" - }, - "_ws.malformed": "Malformed Packet" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:52.991662000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495172.991662000", - "frame.time_delta": "0.002457000", - "frame.time_delta_displayed": "0.002457000", - "frame.time_relative": "1581.530976000", - "frame.number": "5593", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000c053", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f835", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47522", - "tcp.dstport": "80", - "tcp.port": "47522", - "tcp.port": "80", - "tcp.stream": "206", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00000070", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5590", - "tcp.analysis.ack_rtt": "0.004114000", - "tcp.analysis.initial_rtt": "0.003566000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:52.991712000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495172.991712000", - "frame.time_delta": "0.000050000", - "frame.time_delta_displayed": "0.000050000", - "frame.time_relative": "1581.531026000", - "frame.number": "5594", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000c054", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f834", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47522", - "tcp.dstport": "80", - "tcp.port": "47522", - "tcp.port": "80", - "tcp.stream": "206", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000fc84", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5591", - "tcp.analysis.ack_rtt": "0.003772000", - "tcp.analysis.initial_rtt": "0.003566000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:52.993592000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495172.993592000", - "frame.time_delta": "0.001880000", - "frame.time_delta_displayed": "0.001880000", - "frame.time_relative": "1581.532906000", - "frame.number": "5595", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000c055", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f833", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47522", - "tcp.dstport": "80", - "tcp.port": "47522", - "tcp.port": "80", - "tcp.stream": "206", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000fc83", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:52.994046000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495172.994046000", - "frame.time_delta": "0.000454000", - "frame.time_delta_displayed": "0.000454000", - "frame.time_relative": "1581.533360000", - "frame.number": "5596", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000c15", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ac74", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47522", - "tcp.port": "80", - "tcp.port": "47522", - "tcp.stream": "206", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000ef19", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5595", - "tcp.analysis.ack_rtt": "0.000454000", - "tcp.analysis.initial_rtt": "0.003566000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:52.999472000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495172.999472000", - "frame.time_delta": "0.005426000", - "frame.time_delta_displayed": "0.005426000", - "frame.time_relative": "1581.538786000", - "frame.number": "5597", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000013cd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a4bc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47522", - "tcp.dstport": "80", - "tcp.port": "47522", - "tcp.port": "80", - "tcp.stream": "206", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000a612", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:53.000758000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495173.000758000", - "frame.time_delta": "0.001286000", - "frame.time_delta_displayed": "0.001286000", - "frame.time_relative": "1581.540072000", - "frame.number": "5598", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000013ce", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a4bb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47522", - "tcp.dstport": "80", - "tcp.port": "47522", - "tcp.port": "80", - "tcp.stream": "206", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000a611", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:53.014650000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495173.014650000", - "frame.time_delta": "0.013892000", - "frame.time_delta_displayed": "0.013892000", - "frame.time_relative": "1581.553964000", - "frame.number": "5599", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x000029ae", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008daa", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "101", - "http.prev_response_in": "5584" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:53.067420000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495173.067420000", - "frame.time_delta": "0.052770000", - "frame.time_delta_displayed": "0.052770000", - "frame.time_relative": "1581.606734000", - "frame.number": "5600", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x000029b2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008dac", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "102", - "http.prev_response_in": "5599" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:53.076249000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495173.076249000", - "frame.time_delta": "0.008829000", - "frame.time_delta_displayed": "0.008829000", - "frame.time_relative": "1581.615563000", - "frame.number": "5601", - "frame.len": "130", - "frame.cap_len": "130", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "76", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000b6ac", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "3", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::fb" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:53.077772000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495173.077772000", - "frame.time_delta": "0.001523000", - "frame.time_delta_displayed": "0.001523000", - "frame.time_relative": "1581.617086000", - "frame.number": "5602", - "frame.len": "62", - "frame.cap_len": "62", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_02", - "eth.addr": "33:33:00:00:00:02", - "eth.addr_resolved": "IPv6mcast_02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "8", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "::", - "ipv6.addr": "::", - "ipv6.src_host": "::", - "ipv6.host": "::", - "ipv6.dst": "ff02::2", - "ipv6.addr": "ff02::2", - "ipv6.dst_host": "ff02::2", - "ipv6.host": "ff02::2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "133", - "icmpv6.code": "0", - "icmpv6.checksum": "0x00007bb8", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:53.080018000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495173.080018000", - "frame.time_delta": "0.002246000", - "frame.time_delta_displayed": "0.002246000", - "frame.time_relative": "1581.619332000", - "frame.number": "5603", - "frame.len": "174", - "frame.cap_len": "174", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:01", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01", - "eth.addr": "33:33:00:00:00:01", - "eth.addr_resolved": "IPv6mcast_01", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00016898", - "ipv6.plen": "120", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "fe80::b2b9:8aff:fe73:698e", - "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.dst": "ff02::1", - "ipv6.addr": "ff02::1", - "ipv6.dst_host": "ff02::1", - "ipv6.host": "ff02::1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "134", - "icmpv6.code": "0", - "icmpv6.checksum": "0x00006442", - "icmpv6.checksum.status": "1", - "icmpv6.nd.ra.cur_hop_limit": "64", - "icmpv6.nd.ra.flag": "0x000000c0", - "icmpv6.nd.ra.flag_tree": { - "icmpv6.nd.ra.flag.m": "1", - "icmpv6.nd.ra.flag.o": "1", - "icmpv6.nd.ra.flag.h": "0", - "icmpv6.nd.ra.flag.prf": "0", - "icmpv6.nd.ra.flag.p": "0", - "icmpv6.nd.ra.flag.rsv": "0" - }, - "icmpv6.nd.ra.router_lifetime": "0", - "icmpv6.nd.ra.reachable_time": "0", - "icmpv6.nd.ra.retrans_timer": "0", - "icmpv6.opt": { - "icmpv6.opt.type": "1", - "icmpv6.opt.length": "1", - "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", - "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "5", - "icmpv6.opt.length": "1", - "icmpv6.opt.reserved": "", - "icmpv6.opt.mtu": "1500" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "3", - "icmpv6.opt.length": "4", - "icmpv6.opt.prefix.length": "64", - "icmpv6.opt.prefix.flag": "0x000000c0", - "icmpv6.opt.prefix.flag_tree": { - "icmpv6.opt.prefix.flag.l": "1", - "icmpv6.opt.prefix.flag.a": "1", - "icmpv6.opt.prefix.flag.r": "0", - "icmpv6.opt.prefix.flag.reserved": "0" - }, - "icmpv6.opt.prefix.valid_lifetime": "4294967295", - "icmpv6.opt.prefix.preferred_lifetime": "4294967295", - "icmpv6.opt.reserved": "", - "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "24", - "icmpv6.opt.length": "3", - "icmpv6.opt.prefix.length": "48", - "icmpv6.opt.route_info.flag": "0x00000000", - "icmpv6.opt.route_info.flag_tree": { - "icmpv6.opt.route_info.flag.route_preference": "0", - "icmpv6.opt.route_info.flag.reserved": "0" - }, - "icmpv6.opt.route_lifetime": "4294967295", - "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "25", - "icmpv6.opt.length": "3", - "icmpv6.opt.reserved": "", - "icmpv6.opt.rdnss.lifetime": "6000", - "icmpv6.opt.rdnss": "fd1e:4e89:3b7b::1" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "7", - "icmpv6.opt.length": "1", - "icmpv6.opt.reserved": "", - "icmpv6.opt.advertisement_interval": "600000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:53.091552000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495173.091552000", - "frame.time_delta": "0.011534000", - "frame.time_delta_displayed": "0.011534000", - "frame.time_relative": "1581.630866000", - "frame.number": "5604", - "frame.len": "150", - "frame.cap_len": "150", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "96", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000b490", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "4", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::fb" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:53.166743000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495173.166743000", - "frame.time_delta": "0.075191000", - "frame.time_delta_displayed": "0.075191000", - "frame.time_relative": "1581.706057000", - "frame.number": "5605", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x00002e98", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000089dd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47524", - "tcp.dstport": "80", - "tcp.port": "47524", - "tcp.port": "80", - "tcp.stream": "207", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x0000b1ae", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:60:32:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 942130, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "942130", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:53.167324000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495173.167324000", - "frame.time_delta": "0.000581000", - "frame.time_delta_displayed": "0.000581000", - "frame.time_relative": "1581.706638000", - "frame.number": "5606", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47524", - "tcp.port": "80", - "tcp.port": "47524", - "tcp.stream": "207", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x000037ef", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5605", - "tcp.analysis.ack_rtt": "0.000581000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:53.171246000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495173.171246000", - "frame.time_delta": "0.003922000", - "frame.time_delta_displayed": "0.003922000", - "frame.time_relative": "1581.710560000", - "frame.number": "5607", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002e99", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000089f0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47524", - "tcp.dstport": "80", - "tcp.port": "47524", - "tcp.port": "80", - "tcp.stream": "207", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000e976", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5606", - "tcp.analysis.ack_rtt": "0.003922000", - "tcp.analysis.initial_rtt": "0.004503000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:53.171924000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495173.171924000", - "frame.time_delta": "0.000678000", - "frame.time_delta_displayed": "0.000678000", - "frame.time_relative": "1581.711238000", - "frame.number": "5608", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x00002e9a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000892f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47524", - "tcp.dstport": "80", - "tcp.port": "47524", - "tcp.port": "80", - "tcp.stream": "207", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000048f1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004503000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:53.172393000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495173.172393000", - "frame.time_delta": "0.000469000", - "frame.time_delta_displayed": "0.000469000", - "frame.time_relative": "1581.711707000", - "frame.number": "5609", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000a4d8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000013b1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47524", - "tcp.port": "80", - "tcp.port": "47524", - "tcp.stream": "207", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000db45", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5608", - "tcp.analysis.ack_rtt": "0.000469000", - "tcp.analysis.initial_rtt": "0.004503000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:53.173063000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495173.173063000", - "frame.time_delta": "0.000670000", - "frame.time_delta_displayed": "0.000670000", - "frame.time_relative": "1581.712377000", - "frame.number": "5610", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000a4d9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000139f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47524", - "tcp.port": "80", - "tcp.port": "47524", - "tcp.stream": "207", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00001b67", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004503000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:53.173419000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495173.173419000", - "frame.time_delta": "0.000356000", - "frame.time_delta_displayed": "0.000356000", - "frame.time_relative": "1581.712733000", - "frame.number": "5611", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000a4da", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000fcc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47524", - "tcp.port": "80", - "tcp.port": "47524", - "tcp.stream": "207", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00006dd0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004503000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "5610", - "tcp.segment": "5611", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001495000", - "http.request_in": "5608", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:53.177243000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495173.177243000", - "frame.time_delta": "0.003824000", - "frame.time_delta_displayed": "0.003824000", - "frame.time_relative": "1581.716557000", - "frame.number": "5612", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002e9b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000089ee", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47524", - "tcp.dstport": "80", - "tcp.port": "47524", - "tcp.port": "80", - "tcp.stream": "207", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000e8a5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5610", - "tcp.analysis.ack_rtt": "0.004180000", - "tcp.analysis.initial_rtt": "0.004503000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:53.177361000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495173.177361000", - "frame.time_delta": "0.000118000", - "frame.time_delta_displayed": "0.000118000", - "frame.time_relative": "1581.716675000", - "frame.number": "5613", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002e9c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000089ed", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47524", - "tcp.dstport": "80", - "tcp.port": "47524", - "tcp.port": "80", - "tcp.stream": "207", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000e4ba", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5611", - "tcp.analysis.ack_rtt": "0.003942000", - "tcp.analysis.initial_rtt": "0.004503000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:53.184023000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495173.184023000", - "frame.time_delta": "0.006662000", - "frame.time_delta_displayed": "0.006662000", - "frame.time_relative": "1581.723337000", - "frame.number": "5614", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002e9d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000089ec", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47524", - "tcp.dstport": "80", - "tcp.port": "47524", - "tcp.port": "80", - "tcp.stream": "207", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000e4b9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:53.184511000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495173.184511000", - "frame.time_delta": "0.000488000", - "frame.time_delta_displayed": "0.000488000", - "frame.time_relative": "1581.723825000", - "frame.number": "5615", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000c1f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ac6a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47524", - "tcp.port": "80", - "tcp.port": "47524", - "tcp.stream": "207", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000d74f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5614", - "tcp.analysis.ack_rtt": "0.000488000", - "tcp.analysis.initial_rtt": "0.004503000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:53.188902000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495173.188902000", - "frame.time_delta": "0.004391000", - "frame.time_delta_displayed": "0.004391000", - "frame.time_relative": "1581.728216000", - "frame.number": "5616", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000013d4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a4b5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47524", - "tcp.dstport": "80", - "tcp.port": "47524", - "tcp.port": "80", - "tcp.stream": "207", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000790e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:53.232771000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495173.232771000", - "frame.time_delta": "0.043869000", - "frame.time_delta_displayed": "0.043869000", - "frame.time_relative": "1581.772085000", - "frame.number": "5617", - "frame.len": "90", - "frame.cap_len": "90", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "36", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000f315", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "1", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:53.254350000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495173.254350000", - "frame.time_delta": "0.021579000", - "frame.time_delta_displayed": "0.021579000", - "frame.time_relative": "1581.793664000", - "frame.number": "5618", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" - }, - "eth": { - "eth.dst": "33:33:00:01:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:02", - "eth.addr": "33:33:00:01:00:02", - "eth.addr_resolved": "IPv6mcast_01:00:02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "66", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::1:2", - "ipv6.addr": "ff02::1:2", - "ipv6.dst_host": "ff02::1:2", - "ipv6.host": "ff02::1:2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "546", - "udp.dstport": "547", - "udp.port": "546", - "udp.port": "547", - "udp.length": "66", - "udp.checksum": "0x00002524", - "udp.checksum.status": "2", - "udp.stream": "15" - }, - "dhcpv6": { - "dhcpv6.msgtype": "1", - "dhcpv6.xid": "0x0053f765", - "Elapsed time": { - "dhcpv6.option.type": "8", - "dhcpv6.option.length": "2", - "dhcpv6.option.value": "00:00", - "dhcpv6.elapsed_time": "0" - }, - "Rapid Commit": { - "dhcpv6.option.type": "14", - "dhcpv6.option.length": "0" - }, - "Client Identifier": { - "dhcpv6.option.type": "1", - "dhcpv6.option.length": "14", - "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.type": "1", - "dhcpv6.duidllt.hwtype": "1", - "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", - "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" - }, - "Identity Association for Non-temporary Address": { - "dhcpv6.option.type": "3", - "dhcpv6.option.length": "12", - "dhcpv6.option.value": "30:bf:34:7e:00:00:00:00:00:00:00:00", - "dhcpv6.iaid": "30bf347e", - "dhcpv6.iaid.t1": "0", - "dhcpv6.iaid.t2": "0" - }, - "Option Request": { - "dhcpv6.option.type": "6", - "dhcpv6.option.length": "6", - "dhcpv6.option.value": "00:17:00:18:00:1f", - "dhcpv6.requested_option_code": "23", - "dhcpv6.requested_option_code": "24", - "dhcpv6.requested_option_code": "31" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:53.266789000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495173.266789000", - "frame.time_delta": "0.012439000", - "frame.time_delta_displayed": "0.012439000", - "frame.time_relative": "1581.806103000", - "frame.number": "5619", - "frame.len": "158", - "frame.cap_len": "158", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" - }, - "eth": { - "eth.dst": "33:33:00:01:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:02", - "eth.addr": "33:33:00:01:00:02", - "eth.addr_resolved": "IPv6mcast_01:00:02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "104", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::1:2", - "ipv6.addr": "ff02::1:2", - "ipv6.dst_host": "ff02::1:2", - "ipv6.host": "ff02::1:2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "546", - "udp.dstport": "547", - "udp.port": "546", - "udp.port": "547", - "udp.length": "104", - "udp.checksum": "0x0000c71b", - "udp.checksum.status": "2", - "udp.stream": "15" - }, - "dhcpv6": { - "dhcpv6.msgtype": "3", - "dhcpv6.xid": "0x00f24a07", - "Elapsed time": { - "dhcpv6.option.type": "8", - "dhcpv6.option.length": "2", - "dhcpv6.option.value": "00:00", - "dhcpv6.elapsed_time": "0" - }, - "Server Identifier": { - "dhcpv6.option.type": "2", - "dhcpv6.option.length": "10", - "dhcpv6.option.value": "00:03:00:01:b0:b9:8a:73:69:8e", - "dhcpv6.duid.bytes": "00:03:00:01:b0:b9:8a:73:69:8e", - "dhcpv6.duid.type": "3", - "dhcpv6.duidll.hwtype": "1", - "dhcpv6.duidll.link_layer_addr": "b0:b9:8a:73:69:8e" - }, - "Client Identifier": { - "dhcpv6.option.type": "1", - "dhcpv6.option.length": "14", - "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.type": "1", - "dhcpv6.duidllt.hwtype": "1", - "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", - "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" - }, - "Identity Association for Non-temporary Address": { - "dhcpv6.option.type": "3", - "dhcpv6.option.length": "40", - "dhcpv6.option.value": "30:bf:34:7e:00:00:54:60:00:00:87:00:00:05:00:18:fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", - "dhcpv6.iaid": "30bf347e", - "dhcpv6.iaid.t1": "21600", - "dhcpv6.iaid.t2": "34560", - "IA Address": { - "dhcpv6.option.type": "5", - "dhcpv6.option.length": "24", - "dhcpv6.option.value": "fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", - "dhcpv6.iaaddr.ip": "fd1e:4e89:3b7b::101", - "dhcpv6.iaaddr.pref_lifetime": "0", - "dhcpv6.iaaddr.valid_lifetime": "0" - } - }, - "Option Request": { - "dhcpv6.option.type": "6", - "dhcpv6.option.length": "6", - "dhcpv6.option.value": "00:17:00:18:00:1f", - "dhcpv6.requested_option_code": "23", - "dhcpv6.requested_option_code": "24", - "dhcpv6.requested_option_code": "31" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:53.282635000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495173.282635000", - "frame.time_delta": "0.015846000", - "frame.time_delta_displayed": "0.015846000", - "frame.time_relative": "1581.821949000", - "frame.number": "5620", - "frame.len": "78", - "frame.cap_len": "78", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:ff:00:01:01", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_ff:00:01:01", - "eth.addr": "33:33:ff:00:01:01", - "eth.addr_resolved": "IPv6mcast_ff:00:01:01", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "24", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "::", - "ipv6.addr": "::", - "ipv6.src_host": "::", - "ipv6.host": "::", - "ipv6.dst": "ff02::1:ff00:101", - "ipv6.addr": "ff02::1:ff00:101", - "ipv6.dst_host": "ff02::1:ff00:101", - "ipv6.host": "ff02::1:ff00:101", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "135", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000f182", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00:00:00", - "icmpv6.nd.ns.target_address": "fd1e:4e89:3b7b::101" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:53.303498000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495173.303498000", - "frame.time_delta": "0.020863000", - "frame.time_delta_displayed": "0.020863000", - "frame.time_relative": "1581.842812000", - "frame.number": "5621", - "frame.len": "110", - "frame.cap_len": "110", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "56", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000effa", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "2", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:54.173154000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495174.173154000", - "frame.time_delta": "0.869656000", - "frame.time_delta_displayed": "0.869656000", - "frame.time_relative": "1582.712468000", - "frame.number": "5622", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00002a10", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008d51", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "103", - "http.prev_response_in": "5600" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:54.225960000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495174.225960000", - "frame.time_delta": "0.052806000", - "frame.time_delta_displayed": "0.052806000", - "frame.time_relative": "1582.765274000", - "frame.number": "5623", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00002a13", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008d45", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "104", - "http.prev_response_in": "5622" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:54.278704000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495174.278704000", - "frame.time_delta": "0.052744000", - "frame.time_delta_displayed": "0.052744000", - "frame.time_relative": "1582.818018000", - "frame.number": "5624", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00002a16", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008d48", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "105", - "http.prev_response_in": "5623" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:54.302833000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495174.302833000", - "frame.time_delta": "0.024129000", - "frame.time_delta_displayed": "0.024129000", - "frame.time_relative": "1582.842147000", - "frame.number": "5625", - "frame.len": "62", - "frame.cap_len": "62", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_02", - "eth.addr": "33:33:00:00:00:02", - "eth.addr_resolved": "IPv6mcast_02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "8", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "::", - "ipv6.addr": "::", - "ipv6.src_host": "::", - "ipv6.host": "::", - "ipv6.dst": "ff02::2", - "ipv6.addr": "ff02::2", - "ipv6.dst_host": "ff02::2", - "ipv6.host": "ff02::2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "133", - "icmpv6.code": "0", - "icmpv6.checksum": "0x00007bb8", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:54.305689000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495174.305689000", - "frame.time_delta": "0.002856000", - "frame.time_delta_displayed": "0.002856000", - "frame.time_relative": "1582.845003000", - "frame.number": "5626", - "frame.len": "174", - "frame.cap_len": "174", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:01", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01", - "eth.addr": "33:33:00:00:00:01", - "eth.addr_resolved": "IPv6mcast_01", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00016898", - "ipv6.plen": "120", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "fe80::b2b9:8aff:fe73:698e", - "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.dst": "ff02::1", - "ipv6.addr": "ff02::1", - "ipv6.dst_host": "ff02::1", - "ipv6.host": "ff02::1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "134", - "icmpv6.code": "0", - "icmpv6.checksum": "0x00006442", - "icmpv6.checksum.status": "1", - "icmpv6.nd.ra.cur_hop_limit": "64", - "icmpv6.nd.ra.flag": "0x000000c0", - "icmpv6.nd.ra.flag_tree": { - "icmpv6.nd.ra.flag.m": "1", - "icmpv6.nd.ra.flag.o": "1", - "icmpv6.nd.ra.flag.h": "0", - "icmpv6.nd.ra.flag.prf": "0", - "icmpv6.nd.ra.flag.p": "0", - "icmpv6.nd.ra.flag.rsv": "0" - }, - "icmpv6.nd.ra.router_lifetime": "0", - "icmpv6.nd.ra.reachable_time": "0", - "icmpv6.nd.ra.retrans_timer": "0", - "icmpv6.opt": { - "icmpv6.opt.type": "1", - "icmpv6.opt.length": "1", - "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", - "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "5", - "icmpv6.opt.length": "1", - "icmpv6.opt.reserved": "", - "icmpv6.opt.mtu": "1500" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "3", - "icmpv6.opt.length": "4", - "icmpv6.opt.prefix.length": "64", - "icmpv6.opt.prefix.flag": "0x000000c0", - "icmpv6.opt.prefix.flag_tree": { - "icmpv6.opt.prefix.flag.l": "1", - "icmpv6.opt.prefix.flag.a": "1", - "icmpv6.opt.prefix.flag.r": "0", - "icmpv6.opt.prefix.flag.reserved": "0" - }, - "icmpv6.opt.prefix.valid_lifetime": "4294967295", - "icmpv6.opt.prefix.preferred_lifetime": "4294967295", - "icmpv6.opt.reserved": "", - "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "24", - "icmpv6.opt.length": "3", - "icmpv6.opt.prefix.length": "48", - "icmpv6.opt.route_info.flag": "0x00000000", - "icmpv6.opt.route_info.flag_tree": { - "icmpv6.opt.route_info.flag.route_preference": "0", - "icmpv6.opt.route_info.flag.reserved": "0" - }, - "icmpv6.opt.route_lifetime": "4294967295", - "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "25", - "icmpv6.opt.length": "3", - "icmpv6.opt.reserved": "", - "icmpv6.opt.rdnss.lifetime": "6000", - "icmpv6.opt.rdnss": "fd1e:4e89:3b7b::1" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "7", - "icmpv6.opt.length": "1", - "icmpv6.opt.reserved": "", - "icmpv6.opt.advertisement_interval": "600000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:54.310299000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495174.310299000", - "frame.time_delta": "0.004610000", - "frame.time_delta_displayed": "0.004610000", - "frame.time_relative": "1582.849613000", - "frame.number": "5627", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x000004e7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b38e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47525", - "tcp.dstport": "80", - "tcp.port": "47525", - "tcp.port": "80", - "tcp.stream": "208", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x00003fa2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:60:b3:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 942259, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "942259", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:54.310886000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495174.310886000", - "frame.time_delta": "0.000587000", - "frame.time_delta_displayed": "0.000587000", - "frame.time_relative": "1582.850200000", - "frame.number": "5628", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47525", - "tcp.port": "80", - "tcp.port": "47525", - "tcp.stream": "208", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00003447", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5627", - "tcp.analysis.ack_rtt": "0.000587000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:54.311396000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495174.311396000", - "frame.time_delta": "0.000510000", - "frame.time_delta_displayed": "0.000510000", - "frame.time_relative": "1582.850710000", - "frame.number": "5629", - "frame.len": "150", - "frame.cap_len": "150", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "96", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000b490", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "4", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::fb" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:54.314553000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495174.314553000", - "frame.time_delta": "0.003157000", - "frame.time_delta_displayed": "0.003157000", - "frame.time_relative": "1582.853867000", - "frame.number": "5630", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000004e8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b3a1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47525", - "tcp.dstport": "80", - "tcp.port": "47525", - "tcp.port": "80", - "tcp.stream": "208", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000e5ce", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5628", - "tcp.analysis.ack_rtt": "0.003667000", - "tcp.analysis.initial_rtt": "0.004254000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:54.315287000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495174.315287000", - "frame.time_delta": "0.000734000", - "frame.time_delta_displayed": "0.000734000", - "frame.time_relative": "1582.854601000", - "frame.number": "5631", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x000004e9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b2e0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47525", - "tcp.dstport": "80", - "tcp.port": "47525", - "tcp.port": "80", - "tcp.stream": "208", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00004549", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004254000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:54.315816000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495174.315816000", - "frame.time_delta": "0.000529000", - "frame.time_delta_displayed": "0.000529000", - "frame.time_relative": "1582.855130000", - "frame.number": "5632", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00009860", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00002029", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47525", - "tcp.port": "80", - "tcp.port": "47525", - "tcp.stream": "208", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000d79d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5631", - "tcp.analysis.ack_rtt": "0.000529000", - "tcp.analysis.initial_rtt": "0.004254000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:54.316492000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495174.316492000", - "frame.time_delta": "0.000676000", - "frame.time_delta_displayed": "0.000676000", - "frame.time_relative": "1582.855806000", - "frame.number": "5633", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00009861", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00002017", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47525", - "tcp.port": "80", - "tcp.port": "47525", - "tcp.stream": "208", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000017bf", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004254000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:54.316916000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495174.316916000", - "frame.time_delta": "0.000424000", - "frame.time_delta_displayed": "0.000424000", - "frame.time_relative": "1582.856230000", - "frame.number": "5634", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00009862", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001c44", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47525", - "tcp.port": "80", - "tcp.port": "47525", - "tcp.stream": "208", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00006a28", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004254000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "5633", - "tcp.segment": "5634", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001629000", - "http.request_in": "5631", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:54.319286000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495174.319286000", - "frame.time_delta": "0.002370000", - "frame.time_delta_displayed": "0.002370000", - "frame.time_relative": "1582.858600000", - "frame.number": "5635", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00009863", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001c43", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47525", - "tcp.port": "80", - "tcp.port": "47525", - "tcp.stream": "208", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00006a28", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004254000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.out_of_order": "", - "_ws.expert.message": "This frame is a (suspected) out-of-order segment", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - } - } - }, - "_ws.malformed": { - "_ws.expert": { - "_ws.malformed.reassembly": "", - "_ws.expert.message": "New fragment overlaps old data (retransmission?)", - "_ws.expert.severity": "8388608", - "_ws.expert.group": "117440512" - }, - "_ws.malformed": "Malformed Packet" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:54.320311000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495174.320311000", - "frame.time_delta": "0.001025000", - "frame.time_delta_displayed": "0.001025000", - "frame.time_relative": "1582.859625000", - "frame.number": "5636", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000004ea", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b39f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47525", - "tcp.dstport": "80", - "tcp.port": "47525", - "tcp.port": "80", - "tcp.stream": "208", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000e4fd", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5633", - "tcp.analysis.ack_rtt": "0.003819000", - "tcp.analysis.initial_rtt": "0.004254000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:54.321628000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495174.321628000", - "frame.time_delta": "0.001317000", - "frame.time_delta_displayed": "0.001317000", - "frame.time_relative": "1582.860942000", - "frame.number": "5637", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000004eb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b39e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47525", - "tcp.dstport": "80", - "tcp.port": "47525", - "tcp.port": "80", - "tcp.stream": "208", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000e112", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5634", - "tcp.analysis.ack_rtt": "0.004712000", - "tcp.analysis.initial_rtt": "0.004254000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:54.322947000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495174.322947000", - "frame.time_delta": "0.001319000", - "frame.time_delta_displayed": "0.001319000", - "frame.time_relative": "1582.862261000", - "frame.number": "5638", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x000004ec", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b391", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47525", - "tcp.dstport": "80", - "tcp.port": "47525", - "tcp.port": "80", - "tcp.stream": "208", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000064d1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:05:0a:dc:74:44:ae:dc:74:48:92", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "SACK: 18-1014": { - "tcp.option_kind": "5", - "tcp.option_len": "10", - "tcp.options.sack": "1", - "tcp.options.sack_le": "18", - "tcp.options.sack_re": "1014", - "tcp.options.sack.count": "1" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004254000", - "tcp.analysis.flags": { - "tcp.analysis.duplicate_ack": "" - }, - "tcp.analysis.duplicate_ack_num": "1", - "tcp.analysis.duplicate_ack_frame": "5637", - "tcp.analysis.duplicate_ack_frame_tree": { - "_ws.expert": { - "tcp.analysis.duplicate_ack": "", - "_ws.expert.message": "Duplicate ACK (#1)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:54.324433000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495174.324433000", - "frame.time_delta": "0.001486000", - "frame.time_delta_displayed": "0.001486000", - "frame.time_relative": "1582.863747000", - "frame.number": "5639", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000004ed", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b39c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47525", - "tcp.dstport": "80", - "tcp.port": "47525", - "tcp.port": "80", - "tcp.stream": "208", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000e111", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:54.324862000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495174.324862000", - "frame.time_delta": "0.000429000", - "frame.time_delta_displayed": "0.000429000", - "frame.time_relative": "1582.864176000", - "frame.number": "5640", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000c38", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ac51", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47525", - "tcp.port": "80", - "tcp.port": "47525", - "tcp.stream": "208", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000d3a7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5639", - "tcp.analysis.ack_rtt": "0.000429000", - "tcp.analysis.initial_rtt": "0.004254000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:54.331430000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495174.331430000", - "frame.time_delta": "0.006568000", - "frame.time_delta_displayed": "0.006568000", - "frame.time_relative": "1582.870744000", - "frame.number": "5641", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001431", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a458", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47525", - "tcp.dstport": "80", - "tcp.port": "47525", - "tcp.port": "80", - "tcp.stream": "208", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00000783", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:54.461159000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495174.461159000", - "frame.time_delta": "0.129729000", - "frame.time_delta_displayed": "0.129729000", - "frame.time_relative": "1583.000473000", - "frame.number": "5642", - "frame.len": "150", - "frame.cap_len": "150", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "96", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000b590", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "4", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::fb" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:54.492553000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495174.492553000", - "frame.time_delta": "0.031394000", - "frame.time_delta_displayed": "0.031394000", - "frame.time_relative": "1583.031867000", - "frame.number": "5643", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:igmp:igmp" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_16", - "eth.addr": "01:00:5e:00:00:16", - "eth.addr_resolved": "IPv4mcast_16", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "24", - "ip.dsfield": "0x000000c0", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "48", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "2", - "ip.checksum": "0x000042fb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "224.0.0.22", - "ip.addr": "224.0.0.22", - "ip.dst_host": "224.0.0.22", - "ip.host": "224.0.0.22", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "Options: (4 bytes), Router Alert": { - "Router Alert (4 bytes): Router shall examine packet (0)": { - "ip.opt.type": "148", - "ip.opt.type_tree": { - "ip.opt.type.copy": "1", - "ip.opt.type.class": "0", - "ip.opt.type.number": "20" - }, - "ip.opt.len": "4", - "ip.opt.ra": "0" - } - } - }, - "igmp": { - "igmp.version": "3", - "igmp.type": "0x00000022", - "igmp.reserved": "00", - "igmp.checksum": "0x0000eb03", - "igmp.checksum.status": "1", - "igmp.reserved": "00:00", - "igmp.num_grp_recs": "1", - "Group Record : 239.255.255.250 Change To Include Mode": { - "igmp.record_type": "3", - "igmp.aux_data_len": "0", - "igmp.num_src": "0", - "igmp.maddr": "239.255.255.250" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:54.641036000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495174.641036000", - "frame.time_delta": "0.148483000", - "frame.time_delta_displayed": "0.148483000", - "frame.time_relative": "1583.180350000", - "frame.number": "5644", - "frame.len": "62", - "frame.cap_len": "62", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:igmp:igmp" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_16", - "eth.addr": "01:00:5e:00:00:16", - "eth.addr_resolved": "IPv4mcast_16", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "24", - "ip.dsfield": "0x000000c0", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "48", - "ip.dsfield.ecn": "0" - }, - "ip.len": "48", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "2", - "ip.checksum": "0x000042f3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "224.0.0.22", - "ip.addr": "224.0.0.22", - "ip.dst_host": "224.0.0.22", - "ip.host": "224.0.0.22", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "Options: (4 bytes), Router Alert": { - "Router Alert (4 bytes): Router shall examine packet (0)": { - "ip.opt.type": "148", - "ip.opt.type_tree": { - "ip.opt.type.copy": "1", - "ip.opt.type.class": "0", - "ip.opt.type.number": "20" - }, - "ip.opt.len": "4", - "ip.opt.ra": "0" - } - } - }, - "igmp": { - "igmp.version": "3", - "igmp.type": "0x00000022", - "igmp.reserved": "00", - "igmp.checksum": "0x00000707", - "igmp.checksum.status": "1", - "igmp.reserved": "00:00", - "igmp.num_grp_recs": "2", - "Group Record : 224.0.0.251 Change To Include Mode": { - "igmp.record_type": "3", - "igmp.aux_data_len": "0", - "igmp.num_src": "0", - "igmp.maddr": "224.0.0.251" - }, - "Group Record : 239.255.255.250 Change To Include Mode": { - "igmp.record_type": "3", - "igmp.aux_data_len": "0", - "igmp.num_src": "0", - "igmp.maddr": "239.255.255.250" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:54.918202000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495174.918202000", - "frame.time_delta": "0.277166000", - "frame.time_delta_displayed": "0.277166000", - "frame.time_relative": "1583.457516000", - "frame.number": "5645", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" - }, - "eth": { - "eth.dst": "33:33:00:01:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:02", - "eth.addr": "33:33:00:01:00:02", - "eth.addr_resolved": "IPv6mcast_01:00:02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "66", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::1:2", - "ipv6.addr": "ff02::1:2", - "ipv6.dst_host": "ff02::1:2", - "ipv6.host": "ff02::1:2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "546", - "udp.dstport": "547", - "udp.port": "546", - "udp.port": "547", - "udp.length": "66", - "udp.checksum": "0x00005238", - "udp.checksum.status": "2", - "udp.stream": "15" - }, - "dhcpv6": { - "dhcpv6.msgtype": "1", - "dhcpv6.xid": "0x00f5c9af", - "Elapsed time": { - "dhcpv6.option.type": "8", - "dhcpv6.option.length": "2", - "dhcpv6.option.value": "00:00", - "dhcpv6.elapsed_time": "0" - }, - "Rapid Commit": { - "dhcpv6.option.type": "14", - "dhcpv6.option.length": "0" - }, - "Client Identifier": { - "dhcpv6.option.type": "1", - "dhcpv6.option.length": "14", - "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.type": "1", - "dhcpv6.duidllt.hwtype": "1", - "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", - "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" - }, - "Identity Association for Non-temporary Address": { - "dhcpv6.option.type": "3", - "dhcpv6.option.length": "12", - "dhcpv6.option.value": "30:bf:34:7e:00:00:00:00:00:00:00:00", - "dhcpv6.iaid": "30bf347e", - "dhcpv6.iaid.t1": "0", - "dhcpv6.iaid.t2": "0" - }, - "Option Request": { - "dhcpv6.option.type": "6", - "dhcpv6.option.length": "6", - "dhcpv6.option.value": "00:17:00:18:00:1f", - "dhcpv6.requested_option_code": "23", - "dhcpv6.requested_option_code": "24", - "dhcpv6.requested_option_code": "31" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:54.936092000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495174.936092000", - "frame.time_delta": "0.017890000", - "frame.time_delta_displayed": "0.017890000", - "frame.time_relative": "1583.475406000", - "frame.number": "5646", - "frame.len": "158", - "frame.cap_len": "158", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" - }, - "eth": { - "eth.dst": "33:33:00:01:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:02", - "eth.addr": "33:33:00:01:00:02", - "eth.addr_resolved": "IPv6mcast_01:00:02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "104", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::1:2", - "ipv6.addr": "ff02::1:2", - "ipv6.dst_host": "ff02::1:2", - "ipv6.host": "ff02::1:2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "546", - "udp.dstport": "547", - "udp.port": "546", - "udp.port": "547", - "udp.length": "104", - "udp.checksum": "0x000056db", - "udp.checksum.status": "2", - "udp.stream": "15" - }, - "dhcpv6": { - "dhcpv6.msgtype": "3", - "dhcpv6.xid": "0x000cbb2d", - "Elapsed time": { - "dhcpv6.option.type": "8", - "dhcpv6.option.length": "2", - "dhcpv6.option.value": "00:00", - "dhcpv6.elapsed_time": "0" - }, - "Server Identifier": { - "dhcpv6.option.type": "2", - "dhcpv6.option.length": "10", - "dhcpv6.option.value": "00:03:00:01:b0:b9:8a:73:69:8e", - "dhcpv6.duid.bytes": "00:03:00:01:b0:b9:8a:73:69:8e", - "dhcpv6.duid.type": "3", - "dhcpv6.duidll.hwtype": "1", - "dhcpv6.duidll.link_layer_addr": "b0:b9:8a:73:69:8e" - }, - "Client Identifier": { - "dhcpv6.option.type": "1", - "dhcpv6.option.length": "14", - "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.type": "1", - "dhcpv6.duidllt.hwtype": "1", - "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", - "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" - }, - "Identity Association for Non-temporary Address": { - "dhcpv6.option.type": "3", - "dhcpv6.option.length": "40", - "dhcpv6.option.value": "30:bf:34:7e:00:00:54:60:00:00:87:00:00:05:00:18:fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", - "dhcpv6.iaid": "30bf347e", - "dhcpv6.iaid.t1": "21600", - "dhcpv6.iaid.t2": "34560", - "IA Address": { - "dhcpv6.option.type": "5", - "dhcpv6.option.length": "24", - "dhcpv6.option.value": "fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", - "dhcpv6.iaaddr.ip": "fd1e:4e89:3b7b::101", - "dhcpv6.iaaddr.pref_lifetime": "0", - "dhcpv6.iaaddr.valid_lifetime": "0" - } - }, - "Option Request": { - "dhcpv6.option.type": "6", - "dhcpv6.option.length": "6", - "dhcpv6.option.value": "00:17:00:18:00:1f", - "dhcpv6.requested_option_code": "23", - "dhcpv6.requested_option_code": "24", - "dhcpv6.requested_option_code": "31" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:54.955790000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495174.955790000", - "frame.time_delta": "0.019698000", - "frame.time_delta_displayed": "0.019698000", - "frame.time_relative": "1583.495104000", - "frame.number": "5647", - "frame.len": "78", - "frame.cap_len": "78", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:ff:00:01:01", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_ff:00:01:01", - "eth.addr": "33:33:ff:00:01:01", - "eth.addr_resolved": "IPv6mcast_ff:00:01:01", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "24", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "::", - "ipv6.addr": "::", - "ipv6.src_host": "::", - "ipv6.host": "::", - "ipv6.dst": "ff02::1:ff00:101", - "ipv6.addr": "ff02::1:ff00:101", - "ipv6.dst_host": "ff02::1:ff00:101", - "ipv6.host": "ff02::1:ff00:101", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "135", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000f182", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00:00:00", - "icmpv6.nd.ns.target_address": "fd1e:4e89:3b7b::101" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:54.972857000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495174.972857000", - "frame.time_delta": "0.017067000", - "frame.time_delta_displayed": "0.017067000", - "frame.time_relative": "1583.512171000", - "frame.number": "5648", - "frame.len": "110", - "frame.cap_len": "110", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "56", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000effa", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "2", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:55.227186000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495175.227186000", - "frame.time_delta": "0.254329000", - "frame.time_delta_displayed": "0.254329000", - "frame.time_relative": "1583.766500000", - "frame.number": "5649", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00002a63", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008cfe", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "106", - "http.prev_response_in": "5624" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:55.279994000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495175.279994000", - "frame.time_delta": "0.052808000", - "frame.time_delta_displayed": "0.052808000", - "frame.time_relative": "1583.819308000", - "frame.number": "5650", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00002a67", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008cf1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "107", - "http.prev_response_in": "5649" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:55.332839000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495175.332839000", - "frame.time_delta": "0.052845000", - "frame.time_delta_displayed": "0.052845000", - "frame.time_relative": "1583.872153000", - "frame.number": "5651", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00002a6b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008cf3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "108", - "http.prev_response_in": "5650" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:55.354274000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495175.354274000", - "frame.time_delta": "0.021435000", - "frame.time_delta_displayed": "0.021435000", - "frame.time_relative": "1583.893588000", - "frame.number": "5652", - "frame.len": "98", - "frame.cap_len": "98", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "84", - "ip.id": "0x00000b8c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ed24", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "64", - "udp.checksum": "0x000024f2", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "38:00:00:54:42:52:4b:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:00:04:33:b7:12:dd:cd:f2:14:0f:00:00:00:00:a6:d4:73:1a:21:e0:13:ff:c9:9a:3b:00:00:00:00:01:00:02:00", - "data.len": "56" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:55.384824000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495175.384824000", - "frame.time_delta": "0.030550000", - "frame.time_delta_displayed": "0.030550000", - "frame.time_relative": "1583.924138000", - "frame.number": "5653", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:igmp:igmp" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_16", - "eth.addr": "01:00:5e:00:00:16", - "eth.addr_resolved": "IPv4mcast_16", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "24", - "ip.dsfield": "0x000000c0", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "48", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "2", - "ip.checksum": "0x000042fb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "224.0.0.22", - "ip.addr": "224.0.0.22", - "ip.dst_host": "224.0.0.22", - "ip.host": "224.0.0.22", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "Options: (4 bytes), Router Alert": { - "Router Alert (4 bytes): Router shall examine packet (0)": { - "ip.opt.type": "148", - "ip.opt.type_tree": { - "ip.opt.type.copy": "1", - "ip.opt.type.class": "0", - "ip.opt.type.number": "20" - }, - "ip.opt.len": "4", - "ip.opt.ra": "0" - } - } - }, - "igmp": { - "igmp.version": "3", - "igmp.type": "0x00000022", - "igmp.reserved": "00", - "igmp.checksum": "0x0000fa02", - "igmp.checksum.status": "1", - "igmp.reserved": "00:00", - "igmp.num_grp_recs": "1", - "Group Record : 224.0.0.251 Change To Include Mode": { - "igmp.record_type": "3", - "igmp.aux_data_len": "0", - "igmp.num_src": "0", - "igmp.maddr": "224.0.0.251" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:55.389913000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495175.389913000", - "frame.time_delta": "0.005089000", - "frame.time_delta_displayed": "0.005089000", - "frame.time_relative": "1583.929227000", - "frame.number": "5654", - "frame.len": "367", - "frame.cap_len": "367", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:icmp:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x000000c0", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "48", - "ip.dsfield.ecn": "0" - }, - "ip.len": "353", - "ip.id": "0x00008020", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "1", - "ip.checksum": "0x00007675", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmp": { - "icmp.type": "3", - "icmp.code": "3", - "icmp.checksum": "0x00008086", - "icmp.checksum.status": "1", - "icmp.unused": "00:00:00:00", - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00002a63", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008cfe", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "109", - "http.prev_response_in": "5651" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:55.390297000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495175.390297000", - "frame.time_delta": "0.000384000", - "frame.time_delta_displayed": "0.000384000", - "frame.time_relative": "1583.929611000", - "frame.number": "5655", - "frame.len": "376", - "frame.cap_len": "376", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:icmp:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x000000c0", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "48", - "ip.dsfield.ecn": "0" - }, - "ip.len": "362", - "ip.id": "0x00008021", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "1", - "ip.checksum": "0x0000766b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmp": { - "icmp.type": "3", - "icmp.code": "3", - "icmp.checksum": "0x0000808f", - "icmp.checksum.status": "1", - "icmp.unused": "00:00:00:00", - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00002a67", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008cf1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "110", - "http.prev_response_in": "5654" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:55.390690000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495175.390690000", - "frame.time_delta": "0.000393000", - "frame.time_delta_displayed": "0.000393000", - "frame.time_relative": "1583.930004000", - "frame.number": "5656", - "frame.len": "370", - "frame.cap_len": "370", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:icmp:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x000000c0", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "48", - "ip.dsfield.ecn": "0" - }, - "ip.len": "356", - "ip.id": "0x00008022", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "1", - "ip.checksum": "0x00007670", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmp": { - "icmp.type": "3", - "icmp.code": "3", - "icmp.checksum": "0x00008089", - "icmp.checksum.status": "1", - "icmp.unused": "00:00:00:00", - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00002a6b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008cf3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "111", - "http.prev_response_in": "5655" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:55.701166000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495175.701166000", - "frame.time_delta": "0.310476000", - "frame.time_delta_displayed": "0.310476000", - "frame.time_relative": "1584.240480000", - "frame.number": "5657", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00002a84", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008cdd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "112", - "http.prev_response_in": "5656" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:55.753956000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495175.753956000", - "frame.time_delta": "0.052790000", - "frame.time_delta_displayed": "0.052790000", - "frame.time_relative": "1584.293270000", - "frame.number": "5658", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00002a85", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008cd3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "113", - "http.prev_response_in": "5657" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:55.806725000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495175.806725000", - "frame.time_delta": "0.052769000", - "frame.time_delta_displayed": "0.052769000", - "frame.time_relative": "1584.346039000", - "frame.number": "5659", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00002a8a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008cd4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "114", - "http.prev_response_in": "5658" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:56.753915000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495176.753915000", - "frame.time_delta": "0.947190000", - "frame.time_delta_displayed": "0.947190000", - "frame.time_relative": "1585.293229000", - "frame.number": "5660", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00002a8f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008cd2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "115", - "http.prev_response_in": "5659" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:56.806694000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495176.806694000", - "frame.time_delta": "0.052779000", - "frame.time_delta_displayed": "0.052779000", - "frame.time_relative": "1585.346008000", - "frame.number": "5661", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00002a91", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008cc7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "116", - "http.prev_response_in": "5660" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:56.859452000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495176.859452000", - "frame.time_delta": "0.052758000", - "frame.time_delta_displayed": "0.052758000", - "frame.time_relative": "1585.398766000", - "frame.number": "5662", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00002a93", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008ccb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "117", - "http.prev_response_in": "5661" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:57.151632000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495177.151632000", - "frame.time_delta": "0.292180000", - "frame.time_delta_displayed": "0.292180000", - "frame.time_relative": "1585.690946000", - "frame.number": "5663", - "frame.len": "407", - "frame.cap_len": "407", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "393", - "ip.id": "0x0000967e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000075ac", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "341", - "tcp.seq": "75355", - "tcp.nxtseq": "75696", - "tcp.ack": "16975", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000cb6e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:1c:5a:a7:a0:f6:60", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2563162, TSecr 2812343904": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2563162", - "tcp.options.timestamp.tsecr": "2812343904" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "341", - "tcp.analysis.push_bytes_sent": "341" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "336", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:20:6b:5c:da:21:ab:3e:48:49:24:e6:64:2d:d9:90:29:6b:cf:ea:9f:6a:e9:59:95:42:5d:57:43:44:75:88:e0:3f:4b:9c:1e:a1:83:15:e2:53:8b:cc:0d:65:f0:83:04:6b:73:72:4f:f0:11:97:81:6c:d8:1a:fe:7f:8e:f5:c7:d8:cf:cc:da:14:0a:45:48:9d:36:0a:9e:22:94:1b:2a:71:ac:f4:66:34:68:20:36:d1:74:0e:6e:70:4a:59:64:66:f4:05:40:13:e8:eb:eb:fb:13:ee:22:6c:bb:84:44:70:f1:a0:f7:52:8f:4f:06:6b:91:64:2f:cd:e3:7b:3b:00:7a:12:89:46:10:7c:d3:f4:e3:b6:10:7b:e2:ff:0f:14:ea:08:06:30:fa:40:af:f5:78:0d:4d:24:c0:5e:6d:28:a8:7a:61:07:b0:2f:60:aa:dd:99:9a:82:ca:96:c6:e7:88:32:b1:a5:26:71:aa:e9:87:59:55:84:7e:8e:c8:3c:7a:62:e3:d2:0c:e2:fc:10:50:ce:7e:d4:df:e4:5e:f3:a8:98:7f:92:31:20:1d:51:7c:19:3a:8d:41:ae:27:87:a3:82:36:fb:e7:f6:f8:5f:e4:8c:4c:d9:56:19:e0:de:68:56:12:2c:05:1d:94:24:1c:84:93:68:95:d9:47:7d:a8:22:1d:d9:83:5d:86:41:ca:13:37:43:46:c0:35:86:b2:5e:50:34:90:a5:9b:db:a0:ad:d1:e2:40:97:0a:12:7f:d0:f0:f3:5b:8e:55:ec:ef:ea:d4:dd:f4:ef:26:10:5f:f0:4b:b5:bf:46:9c:70:80:8f:45:24:7b:2f:32:5c:27:dc:e1:f5:8f:09:7e:2a" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:57.212787000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495177.212787000", - "frame.time_delta": "0.061155000", - "frame.time_delta_displayed": "0.061155000", - "frame.time_relative": "1585.752101000", - "frame.number": "5664", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002d7a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037d6", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "16975", - "tcp.nxtseq": "17022", - "tcp.ack": "75696", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00007aeb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:07:eb:00:27:1c:5a", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812348395, TSecr 2563162": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812348395", - "tcp.options.timestamp.tsecr": "2563162" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5663", - "tcp.analysis.ack_rtt": "0.061155000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:b7:17:6a:10:26:be:02:68:0b:f7:45:fa:50:0a:9f:79:ac:fb:d5:31:bd:4b:2b:ef:58:ee:99:e6:d7:90:38:70:83:5d:b1" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:57.213229000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495177.213229000", - "frame.time_delta": "0.000442000", - "frame.time_delta_displayed": "0.000442000", - "frame.time_relative": "1585.752543000", - "frame.number": "5665", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000967f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007700", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "75696", - "tcp.ack": "17022", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000191f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:1c:61:a7:a1:07:eb", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2563169, TSecr 2812348395": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2563169", - "tcp.options.timestamp.tsecr": "2812348395" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5664", - "tcp.analysis.ack_rtt": "0.000442000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:57.263795000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495177.263795000", - "frame.time_delta": "0.050566000", - "frame.time_delta_displayed": "0.050566000", - "frame.time_relative": "1585.803109000", - "frame.number": "5666", - "frame.len": "83", - "frame.cap_len": "83", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "69", - "ip.id": "0x0000216b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000b823", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "49", - "udp.checksum": "0x0000edf6", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_smartthings._tcp.local", - "dns.qry.name.len": "23", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:57.264907000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495177.264907000", - "frame.time_delta": "0.001112000", - "frame.time_delta_displayed": "0.001112000", - "frame.time_relative": "1585.804221000", - "frame.number": "5667", - "frame.len": "211", - "frame.cap_len": "211", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "197", - "ip.id": "0x0000a4fe", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00003393", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "177", - "udp.checksum": "0x00009320", - "udp.checksum.status": "2", - "udp.stream": "45" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00008400", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "1", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.recavail": "0", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "0", - "dns.count.answers": "4", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Answers": { - "_smartthings._tcp.local: type PTR, class IN, D052A8A1D7EE0001._smartthings._tcp.local": { - "dns.resp.name": "_smartthings._tcp.local", - "dns.resp.type": "12", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "4500", - "dns.resp.len": "19", - "dns.ptr.domain_name": "D052A8A1D7EE0001._smartthings._tcp.local" - }, - "D052A8A1D7EE0001._smartthings._tcp.local: type TXT, class IN, cache flush": { - "dns.resp.name": "D052A8A1D7EE0001._smartthings._tcp.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "1", - "dns.resp.ttl": "4500", - "dns.resp.len": "38", - "dns.txt.length": "6", - "dns.txt": "path=\/", - "dns.txt.length": "19", - "dns.txt": "id=D052A8A1D7EE0001", - "dns.txt.length": "10", - "dns.txt": "type=hubv2" - }, - "D052A8A1D7EE0001._smartthings._tcp.local: type SRV, class IN, cache flush, priority 0, weight 0, port 8081, target D052A8A1D7EE0001.local": { - "dns.srv.service": "D052A8A1D7EE0001", - "dns.srv.proto": "_smartthings", - "dns.srv.name": "_tcp.local", - "dns.resp.type": "33", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "1", - "dns.resp.ttl": "120", - "dns.resp.len": "25", - "dns.srv.priority": "0", - "dns.srv.weight": "0", - "dns.srv.port": "8081", - "dns.srv.target": "D052A8A1D7EE0001.local" - }, - "D052A8A1D7EE0001.local: type A, class IN, cache flush, addr 192.168.0.242": { - "dns.resp.name": "D052A8A1D7EE0001.local", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "1", - "dns.resp.ttl": "120", - "dns.resp.len": "4", - "dns.a": "192.168.0.242" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:57.489144000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495177.489144000", - "frame.time_delta": "0.224237000", - "frame.time_delta_displayed": "0.224237000", - "frame.time_relative": "1586.028458000", - "frame.number": "5668", - "frame.len": "83", - "frame.cap_len": "83", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "69", - "ip.id": "0x000021a5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000b7e9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "49", - "udp.checksum": "0x0000edf6", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_smartthings._tcp.local", - "dns.qry.name.len": "23", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:57.623523000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495177.623523000", - "frame.time_delta": "0.134379000", - "frame.time_delta_displayed": "0.134379000", - "frame.time_relative": "1586.162837000", - "frame.number": "5669", - "frame.len": "418", - "frame.cap_len": "418", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "404", - "ip.id": "0x00009680", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000759f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "352", - "tcp.seq": "75696", - "tcp.nxtseq": "76048", - "tcp.ack": "17022", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000c0cd", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:1c:8a:a7:a1:07:eb", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2563210, TSecr 2812348395": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2563210", - "tcp.options.timestamp.tsecr": "2812348395" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "352", - "tcp.analysis.push_bytes_sent": "352" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "347", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:21:1c:21:a5:17:b9:4c:f6:6b:60:17:09:c9:03:e5:18:f7:ec:d3:fc:77:84:9d:3e:c7:5c:0a:32:ce:6f:1a:41:86:84:b7:ab:12:31:57:ba:27:ec:8c:26:29:fc:fc:6f:ef:6a:a2:90:c1:ee:e4:cc:8c:2a:f7:82:23:46:d1:45:9a:64:3b:62:99:c5:3b:d8:62:e8:98:26:33:9b:7c:0b:2b:aa:d0:b0:1d:c3:7c:bc:42:02:92:ff:bf:12:5b:21:95:b8:40:11:27:6c:58:a8:1f:ef:b5:aa:52:7c:cb:ba:f1:c2:f3:f2:cf:fd:f7:c9:29:8b:34:9f:e8:09:79:0a:ee:74:f4:d1:13:28:ea:b1:ed:6b:a6:42:5f:5d:4c:05:69:23:02:c3:08:0c:4e:e2:1a:6f:e4:54:8f:b4:ad:49:a2:37:5d:99:ef:81:bf:a9:32:8a:dc:b1:2b:26:e1:5d:47:3a:a4:0a:33:dd:e1:d3:ed:ac:8f:c7:d9:51:49:78:87:94:2d:9f:07:94:0a:03:49:f8:bd:0f:db:e8:ab:0f:09:67:8b:0e:7a:77:77:20:9c:a1:8a:c5:d3:57:b3:cb:b0:f5:3d:91:d8:c0:1f:84:49:d6:ef:ed:5f:cb:4d:ea:37:df:90:f8:df:6d:49:95:a8:e3:b2:6f:5b:aa:2d:03:a8:3f:85:4f:e2:01:87:bd:b6:40:f8:f5:94:ef:c3:10:10:e0:e4:28:67:c0:90:f4:d1:9e:eb:df:7c:60:84:04:8a:f5:ce:52:96:76:72:06:71:c8:5f:eb:25:6f:bf:ec:08:16:23:f4:f7:74:0e:a1:9d:d6:ca:71:70:9a:71:ad:8d:21:06:36:97:53:35:5b:8b:ef:4d:8e:d5:66:cb:06:52:47:28:73" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:57.684248000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495177.684248000", - "frame.time_delta": "0.060725000", - "frame.time_delta_displayed": "0.060725000", - "frame.time_relative": "1586.223562000", - "frame.number": "5670", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002d7b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037d5", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "17022", - "tcp.nxtseq": "17069", - "tcp.ack": "76048", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000ebcf", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:08:61:00:27:1c:8a", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812348513, TSecr 2563210": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812348513", - "tcp.options.timestamp.tsecr": "2563210" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5669", - "tcp.analysis.ack_rtt": "0.060725000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:b8:7b:29:f8:4b:47:4e:a4:42:89:78:d3:91:da:4e:28:0d:1a:64:eb:1e:aa:21:33:96:7b:1d:7d:6b:24:56:f2:38:95:43" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:57.684642000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495177.684642000", - "frame.time_delta": "0.000394000", - "frame.time_delta_displayed": "0.000394000", - "frame.time_relative": "1586.223956000", - "frame.number": "5671", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00009681", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000076fe", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "76048", - "tcp.ack": "17069", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000016eb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:1c:90:a7:a1:08:61", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2563216, TSecr 2812348513": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2563216", - "tcp.options.timestamp.tsecr": "2812348513" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5670", - "tcp.analysis.ack_rtt": "0.000394000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:57.710892000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495177.710892000", - "frame.time_delta": "0.026250000", - "frame.time_delta_displayed": "0.026250000", - "frame.time_relative": "1586.250206000", - "frame.number": "5672", - "frame.len": "83", - "frame.cap_len": "83", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "69", - "ip.id": "0x000021bf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000b7cf", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "49", - "udp.checksum": "0x0000edf6", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_smartthings._tcp.local", - "dns.qry.name.len": "23", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:57.753316000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495177.753316000", - "frame.time_delta": "0.042424000", - "frame.time_delta_displayed": "0.042424000", - "frame.time_relative": "1586.292630000", - "frame.number": "5673", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00002ab9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008ca8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "118", - "http.prev_response_in": "5662" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:57.806154000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495177.806154000", - "frame.time_delta": "0.052838000", - "frame.time_delta_displayed": "0.052838000", - "frame.time_relative": "1586.345468000", - "frame.number": "5674", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00002abc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008c9c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "119", - "http.prev_response_in": "5673" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:57.858941000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495177.858941000", - "frame.time_delta": "0.052787000", - "frame.time_delta_displayed": "0.052787000", - "frame.time_relative": "1586.398255000", - "frame.number": "5675", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00002abd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008ca1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "120", - "http.prev_response_in": "5674" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:58.399178000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495178.399178000", - "frame.time_delta": "0.540237000", - "frame.time_delta_displayed": "0.540237000", - "frame.time_relative": "1586.938492000", - "frame.number": "5676", - "frame.len": "367", - "frame.cap_len": "367", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:icmp:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x000000c0", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "48", - "ip.dsfield.ecn": "0" - }, - "ip.len": "353", - "ip.id": "0x00008054", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "1", - "ip.checksum": "0x00007641", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmp": { - "icmp.type": "3", - "icmp.code": "3", - "icmp.checksum": "0x00008086", - "icmp.checksum.status": "1", - "icmp.unused": "00:00:00:00", - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00002a84", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008cdd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "121", - "http.prev_response_in": "5675" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:58.399283000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495178.399283000", - "frame.time_delta": "0.000105000", - "frame.time_delta_displayed": "0.000105000", - "frame.time_relative": "1586.938597000", - "frame.number": "5677", - "frame.len": "376", - "frame.cap_len": "376", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:icmp:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x000000c0", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "48", - "ip.dsfield.ecn": "0" - }, - "ip.len": "362", - "ip.id": "0x00008055", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "1", - "ip.checksum": "0x00007637", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmp": { - "icmp.type": "3", - "icmp.code": "3", - "icmp.checksum": "0x0000808f", - "icmp.checksum.status": "1", - "icmp.unused": "00:00:00:00", - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00002a85", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008cd3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "122", - "http.prev_response_in": "5676" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:58.399325000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495178.399325000", - "frame.time_delta": "0.000042000", - "frame.time_delta_displayed": "0.000042000", - "frame.time_relative": "1586.938639000", - "frame.number": "5678", - "frame.len": "370", - "frame.cap_len": "370", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:icmp:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x000000c0", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "48", - "ip.dsfield.ecn": "0" - }, - "ip.len": "356", - "ip.id": "0x00008056", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "1", - "ip.checksum": "0x0000763c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmp": { - "icmp.type": "3", - "icmp.code": "3", - "icmp.checksum": "0x00008089", - "icmp.checksum.status": "1", - "icmp.unused": "00:00:00:00", - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00002a8a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008cd4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "123", - "http.prev_response_in": "5677" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:58.400362000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495178.400362000", - "frame.time_delta": "0.001037000", - "frame.time_delta_displayed": "0.001037000", - "frame.time_relative": "1586.939676000", - "frame.number": "5679", - "frame.len": "367", - "frame.cap_len": "367", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:icmp:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x000000c0", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "48", - "ip.dsfield.ecn": "0" - }, - "ip.len": "353", - "ip.id": "0x00008057", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "1", - "ip.checksum": "0x0000763e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmp": { - "icmp.type": "3", - "icmp.code": "3", - "icmp.checksum": "0x00008086", - "icmp.checksum.status": "1", - "icmp.unused": "00:00:00:00", - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00002a8f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008cd2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "124", - "http.prev_response_in": "5678" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:58.400410000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495178.400410000", - "frame.time_delta": "0.000048000", - "frame.time_delta_displayed": "0.000048000", - "frame.time_relative": "1586.939724000", - "frame.number": "5680", - "frame.len": "376", - "frame.cap_len": "376", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:icmp:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x000000c0", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "48", - "ip.dsfield.ecn": "0" - }, - "ip.len": "362", - "ip.id": "0x00008058", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "1", - "ip.checksum": "0x00007634", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmp": { - "icmp.type": "3", - "icmp.code": "3", - "icmp.checksum": "0x0000808f", - "icmp.checksum.status": "1", - "icmp.unused": "00:00:00:00", - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00002a91", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008cc7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "125", - "http.prev_response_in": "5679" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:58.401125000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495178.401125000", - "frame.time_delta": "0.000715000", - "frame.time_delta_displayed": "0.000715000", - "frame.time_relative": "1586.940439000", - "frame.number": "5681", - "frame.len": "370", - "frame.cap_len": "370", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:icmp:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x000000c0", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "48", - "ip.dsfield.ecn": "0" - }, - "ip.len": "356", - "ip.id": "0x00008059", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "1", - "ip.checksum": "0x00007639", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmp": { - "icmp.type": "3", - "icmp.code": "3", - "icmp.checksum": "0x00008089", - "icmp.checksum.status": "1", - "icmp.unused": "00:00:00:00", - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00002a93", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008ccb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "126", - "http.prev_response_in": "5680" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:58.806064000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495178.806064000", - "frame.time_delta": "0.404939000", - "frame.time_delta_displayed": "0.404939000", - "frame.time_relative": "1587.345378000", - "frame.number": "5682", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00002ae9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008c78", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "127", - "http.prev_response_in": "5681" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:58.858878000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495178.858878000", - "frame.time_delta": "0.052814000", - "frame.time_delta_displayed": "0.052814000", - "frame.time_relative": "1587.398192000", - "frame.number": "5683", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00002aed", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008c6b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "128", - "http.prev_response_in": "5682" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:58.882368000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495178.882368000", - "frame.time_delta": "0.023490000", - "frame.time_delta_displayed": "0.023490000", - "frame.time_relative": "1587.421682000", - "frame.number": "5684", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "50:c7:bf:59:d5:84", - "eth.src_tree": { - "eth.src_resolved": "Tp-LinkT_59:d5:84", - "eth.addr": "50:c7:bf:59:d5:84", - "eth.addr_resolved": "Tp-LinkT_59:d5:84", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "50:c7:bf:59:d5:84", - "arp.src.proto_ipv4": "192.168.0.221", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:58.911749000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495178.911749000", - "frame.time_delta": "0.029381000", - "frame.time_delta_displayed": "0.029381000", - "frame.time_relative": "1587.451063000", - "frame.number": "5685", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00002af1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008c6d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "129", - "http.prev_response_in": "5683" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:59.558439000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495179.558439000", - "frame.time_delta": "0.646690000", - "frame.time_delta_displayed": "0.646690000", - "frame.time_relative": "1588.097753000", - "frame.number": "5686", - "frame.len": "367", - "frame.cap_len": "367", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:icmp:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x000000c0", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "48", - "ip.dsfield.ecn": "0" - }, - "ip.len": "353", - "ip.id": "0x0000808d", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "1", - "ip.checksum": "0x00007608", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmp": { - "icmp.type": "3", - "icmp.code": "3", - "icmp.checksum": "0x00008086", - "icmp.checksum.status": "1", - "icmp.unused": "00:00:00:00", - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00002ae9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008c78", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "130", - "http.prev_response_in": "5685" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:59.858029000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495179.858029000", - "frame.time_delta": "0.299590000", - "frame.time_delta_displayed": "0.299590000", - "frame.time_relative": "1588.397343000", - "frame.number": "5687", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00002af3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008c6e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "131", - "http.prev_response_in": "5686" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:59.910814000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495179.910814000", - "frame.time_delta": "0.052785000", - "frame.time_delta_displayed": "0.052785000", - "frame.time_relative": "1588.450128000", - "frame.number": "5688", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00002af8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008c60", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "132", - "http.prev_response_in": "5687" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:12:59.963599000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495179.963599000", - "frame.time_delta": "0.052785000", - "frame.time_delta_displayed": "0.052785000", - "frame.time_relative": "1588.502913000", - "frame.number": "5689", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00002afd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008c61", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "133", - "http.prev_response_in": "5688" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:00.158750000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495180.158750000", - "frame.time_delta": "0.195151000", - "frame.time_delta_displayed": "0.195151000", - "frame.time_relative": "1588.698064000", - "frame.number": "5690", - "frame.len": "78", - "frame.cap_len": "78", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "64", - "ip.id": "0x00001051", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00002992", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "49153", - "udp.dstport": "53", - "udp.port": "49153", - "udp.port": "53", - "udp.length": "44", - "udp.checksum": "0x0000f377", - "udp.checksum.status": "2", - "udp.stream": "14" - }, - "dns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "home.myblossom.com: type A, class IN": { - "dns.qry.name": "home.myblossom.com", - "dns.qry.name.len": "18", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:00.160632000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495180.160632000", - "frame.time_delta": "0.001882000", - "frame.time_delta_displayed": "0.001882000", - "frame.time_relative": "1588.699946000", - "frame.number": "5691", - "frame.len": "423", - "frame.cap_len": "423", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "409", - "ip.id": "0x0000daa5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000dce4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "49153", - "udp.port": "53", - "udp.port": "49153", - "udp.length": "389", - "udp.checksum": "0x00008360", - "udp.checksum.status": "2", - "udp.stream": "14" - }, - "dns": { - "dns.response_to": "5690", - "dns.time": "0.001882000", - "dns.id": "0x00000000", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "2", - "dns.count.auth_rr": "4", - "dns.count.add_rr": "8", - "Queries": { - "home.myblossom.com: type A, class IN": { - "dns.qry.name": "home.myblossom.com", - "dns.qry.name.len": "18", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "home.myblossom.com: type A, class IN, addr 54.153.31.0": { - "dns.resp.name": "home.myblossom.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2", - "dns.resp.len": "4", - "dns.a": "54.153.31.0" - }, - "home.myblossom.com: type A, class IN, addr 54.219.161.163": { - "dns.resp.name": "home.myblossom.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2", - "dns.resp.len": "4", - "dns.a": "54.219.161.163" - } - }, - "Authoritative nameservers": { - "myblossom.com: type NS, class IN, ns ns-477.awsdns-59.com": { - "dns.resp.name": "myblossom.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "57403", - "dns.resp.len": "19", - "dns.ns": "ns-477.awsdns-59.com" - }, - "myblossom.com: type NS, class IN, ns ns-540.awsdns-03.net": { - "dns.resp.name": "myblossom.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "57403", - "dns.resp.len": "22", - "dns.ns": "ns-540.awsdns-03.net" - }, - "myblossom.com: type NS, class IN, ns ns-1743.awsdns-25.co.uk": { - "dns.resp.name": "myblossom.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "57403", - "dns.resp.len": "25", - "dns.ns": "ns-1743.awsdns-25.co.uk" - }, - "myblossom.com: type NS, class IN, ns ns-1324.awsdns-37.org": { - "dns.resp.name": "myblossom.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "57403", - "dns.resp.len": "23", - "dns.ns": "ns-1324.awsdns-37.org" - } - }, - "Additional records": { - "ns-477.awsdns-59.com: type A, class IN, addr 205.251.193.221": { - "dns.resp.name": "ns-477.awsdns-59.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "100950", - "dns.resp.len": "4", - "dns.a": "205.251.193.221" - }, - "ns-540.awsdns-03.net: type A, class IN, addr 205.251.194.28": { - "dns.resp.name": "ns-540.awsdns-03.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "56937", - "dns.resp.len": "4", - "dns.a": "205.251.194.28" - }, - "ns-1324.awsdns-37.org: type A, class IN, addr 205.251.197.44": { - "dns.resp.name": "ns-1324.awsdns-37.org", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "57021", - "dns.resp.len": "4", - "dns.a": "205.251.197.44" - }, - "ns-1743.awsdns-25.co.uk: type A, class IN, addr 205.251.198.207": { - "dns.resp.name": "ns-1743.awsdns-25.co.uk", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "57347", - "dns.resp.len": "4", - "dns.a": "205.251.198.207" - }, - "ns-477.awsdns-59.com: type AAAA, class IN, addr 2600:9000:5301:dd00::1": { - "dns.resp.name": "ns-477.awsdns-59.com", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "100950", - "dns.resp.len": "16", - "dns.aaaa": "2600:9000:5301:dd00::1" - }, - "ns-540.awsdns-03.net: type AAAA, class IN, addr 2600:9000:5302:1c00::1": { - "dns.resp.name": "ns-540.awsdns-03.net", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "56937", - "dns.resp.len": "16", - "dns.aaaa": "2600:9000:5302:1c00::1" - }, - "ns-1324.awsdns-37.org: type AAAA, class IN, addr 2600:9000:5305:2c00::1": { - "dns.resp.name": "ns-1324.awsdns-37.org", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "57021", - "dns.resp.len": "16", - "dns.aaaa": "2600:9000:5305:2c00::1" - }, - "ns-1743.awsdns-25.co.uk: type AAAA, class IN, addr 2600:9000:5306:cf00::1": { - "dns.resp.name": "ns-1743.awsdns-25.co.uk", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "57347", - "dns.resp.len": "16", - "dns.aaaa": "2600:9000:5306:cf00::1" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:00.167580000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495180.167580000", - "frame.time_delta": "0.006948000", - "frame.time_delta_displayed": "0.006948000", - "frame.time_relative": "1588.706894000", - "frame.number": "5692", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "44", - "ip.id": "0x00001052", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x000094c0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.153.31.0", - "ip.addr": "54.153.31.0", - "ip.dst_host": "54.153.31.0", - "ip.host": "54.153.31.0", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49777", - "tcp.dstport": "80", - "tcp.port": "49777", - "tcp.port": "80", - "tcp.stream": "209", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "24", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "5600", - "tcp.window_size": "5600", - "tcp.checksum": "0x0000c14d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:78", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1400" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:00.181810000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495180.181810000", - "frame.time_delta": "0.014230000", - "frame.time_delta_displayed": "0.014230000", - "frame.time_relative": "1588.721124000", - "frame.number": "5693", - "frame.len": "58", - "frame.cap_len": "58", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "44", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "237", - "ip.proto": "6", - "ip.checksum": "0x00007712", - "ip.checksum.status": "2", - "ip.src": "54.153.31.0", - "ip.addr": "54.153.31.0", - "ip.src_host": "54.153.31.0", - "ip.host": "54.153.31.0", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.src_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.src_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.src_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49777", - "tcp.port": "80", - "tcp.port": "49777", - "tcp.stream": "209", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "24", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "26883", - "tcp.window_size": "26883", - "tcp.checksum": "0x00002af7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5692", - "tcp.analysis.ack_rtt": "0.014230000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:00.187594000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495180.187594000", - "frame.time_delta": "0.005784000", - "frame.time_delta_displayed": "0.005784000", - "frame.time_relative": "1588.726908000", - "frame.number": "5694", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001053", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x000094c3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.153.31.0", - "ip.addr": "54.153.31.0", - "ip.dst_host": "54.153.31.0", - "ip.host": "54.153.31.0", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49777", - "tcp.dstport": "80", - "tcp.port": "49777", - "tcp.port": "80", - "tcp.stream": "209", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5600", - "tcp.window_size": "5600", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x000095d7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5693", - "tcp.analysis.ack_rtt": "0.005784000", - "tcp.analysis.initial_rtt": "0.020014000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:00.666834000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495180.666834000", - "frame.time_delta": "0.479240000", - "frame.time_delta_displayed": "0.479240000", - "frame.time_relative": "1589.206148000", - "frame.number": "5695", - "frame.len": "179", - "frame.cap_len": "179", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "165", - "ip.id": "0x00001054", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x00009445", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.153.31.0", - "ip.addr": "54.153.31.0", - "ip.dst_host": "54.153.31.0", - "ip.host": "54.153.31.0", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49777", - "tcp.dstport": "80", - "tcp.port": "49777", - "tcp.port": "80", - "tcp.stream": "209", - "tcp.len": "125", - "tcp.seq": "1", - "tcp.nxtseq": "126", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5600", - "tcp.window_size": "5600", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00005423", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.020014000", - "tcp.analysis.bytes_in_flight": "125", - "tcp.analysis.push_bytes_sent": "125" - } - }, - "http": { - "GET \/api\/device\/v1\/9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/parameters\/ HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/api\/device\/v1\/9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/parameters\/ HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/api\/device\/v1\/9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/parameters\/", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "home.myblossom.com", - "http.request.line": "Host: home.myblossom.com\r\n", - "http.user_agent": "WMSDK", - "http.request.line": "User-Agent: WMSDK\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/home.myblossom.com\/api\/device\/v1\/9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/parameters\/", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:00.681437000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495180.681437000", - "frame.time_delta": "0.014603000", - "frame.time_delta_displayed": "0.014603000", - "frame.time_relative": "1589.220751000", - "frame.number": "5696", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000026e4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "237", - "ip.proto": "6", - "ip.checksum": "0x00005032", - "ip.checksum.status": "2", - "ip.src": "54.153.31.0", - "ip.addr": "54.153.31.0", - "ip.src_host": "54.153.31.0", - "ip.host": "54.153.31.0", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.src_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.src_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.src_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49777", - "tcp.port": "80", - "tcp.port": "49777", - "tcp.stream": "209", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "126", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "26883", - "tcp.window_size": "26883", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00004237", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5695", - "tcp.analysis.ack_rtt": "0.014603000", - "tcp.analysis.initial_rtt": "0.020014000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:00.710029000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495180.710029000", - "frame.time_delta": "0.028592000", - "frame.time_delta_displayed": "0.028592000", - "frame.time_relative": "1589.249343000", - "frame.number": "5697", - "frame.len": "485", - "frame.cap_len": "485", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:json" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "471", - "ip.id": "0x000026e5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "237", - "ip.proto": "6", - "ip.checksum": "0x00004e82", - "ip.checksum.status": "2", - "ip.src": "54.153.31.0", - "ip.addr": "54.153.31.0", - "ip.src_host": "54.153.31.0", - "ip.host": "54.153.31.0", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.src_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.src_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.src_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49777", - "tcp.port": "80", - "tcp.port": "49777", - "tcp.stream": "209", - "tcp.len": "431", - "tcp.seq": "1", - "tcp.nxtseq": "432", - "tcp.ack": "126", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "26883", - "tcp.window_size": "26883", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000584a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.020014000", - "tcp.analysis.bytes_in_flight": "431", - "tcp.analysis.push_bytes_sent": "431" - } - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.response.line": "Allow: GET, HEAD, OPTIONS\r\n", - "http.content_type": "application\/json", - "http.response.line": "Content-Type: application\/json\r\n", - "http.date": "Wed, 01 Nov 2017 00:13:00 GMT", - "http.response.line": "Date: Wed, 01 Nov 2017 00:13:00 GMT\r\n", - "http.server": "nginx\/1.4.6 (Ubuntu)", - "http.response.line": "Server: nginx\/1.4.6 (Ubuntu)\r\n", - "http.response.line": "Vary: Accept, Cookie\r\n", - "http.content_length_header": "219", - "http.content_length_header_tree": { - "http.content_length": "219" - }, - "http.response.line": "Content-Length: 219\r\n", - "http.connection": "keep-alive", - "http.response.line": "Connection: keep-alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.043195000", - "http.request_in": "5695", - "http.file_data": "{\"dim_level\":32,\"pn_keepalive\":0,\"ovc_trip\":350,\"dim_delay\":600,\"wave_boost\":1,\"uap_debug\":0,\"ota_freq\":3720,\"current_time\":\"2017-10-31T17:13:00.711666-07:00\",\"stats_freq\":3600,\"build\":2011,\"psr_switch\":0,\"opn_trip\":40}" - }, - "json": { - "json.object": { - "json.member": { - "json.value.number": "32", - "json.key": "dim_level" - }, - "json.member": { - "json.value.number": "0", - "json.key": "pn_keepalive" - }, - "json.member": { - "json.value.number": "350", - "json.key": "ovc_trip" - }, - "json.member": { - "json.value.number": "600", - "json.key": "dim_delay" - }, - "json.member": { - "json.value.number": "1", - "json.key": "wave_boost" - }, - "json.member": { - "json.value.number": "0", - "json.key": "uap_debug" - }, - "json.member": { - "json.value.number": "3720", - "json.key": "ota_freq" - }, - "json.member": { - "json.value.string": "2017-10-31T17:13:00.711666-07:00", - "json.key": "current_time" - }, - "json.member": { - "json.value.number": "3600", - "json.key": "stats_freq" - }, - "json.member": { - "json.value.number": "2011", - "json.key": "build" - }, - "json.member": { - "json.value.number": "0", - "json.key": "psr_switch" - }, - "json.member": { - "json.value.number": "40", - "json.key": "opn_trip" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:00.723275000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495180.723275000", - "frame.time_delta": "0.013246000", - "frame.time_delta_displayed": "0.013246000", - "frame.time_relative": "1589.262589000", - "frame.number": "5698", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001055", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x000094c1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.153.31.0", - "ip.addr": "54.153.31.0", - "ip.dst_host": "54.153.31.0", - "ip.host": "54.153.31.0", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49777", - "tcp.dstport": "80", - "tcp.port": "49777", - "tcp.port": "80", - "tcp.stream": "209", - "tcp.len": "0", - "tcp.seq": "126", - "tcp.ack": "432", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "5169", - "tcp.window_size": "5169", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00009559", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5697", - "tcp.analysis.ack_rtt": "0.013246000", - "tcp.analysis.initial_rtt": "0.020014000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:00.736544000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495180.736544000", - "frame.time_delta": "0.013269000", - "frame.time_delta_displayed": "0.013269000", - "frame.time_relative": "1589.275858000", - "frame.number": "5699", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000026e6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "237", - "ip.proto": "6", - "ip.checksum": "0x00005030", - "ip.checksum.status": "2", - "ip.src": "54.153.31.0", - "ip.addr": "54.153.31.0", - "ip.src_host": "54.153.31.0", - "ip.host": "54.153.31.0", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.src_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.src_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.src_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49777", - "tcp.port": "80", - "tcp.port": "49777", - "tcp.stream": "209", - "tcp.len": "0", - "tcp.seq": "432", - "tcp.ack": "127", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "26883", - "tcp.window_size": "26883", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00004086", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5698", - "tcp.analysis.ack_rtt": "0.013269000", - "tcp.analysis.initial_rtt": "0.020014000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:00.742309000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495180.742309000", - "frame.time_delta": "0.005765000", - "frame.time_delta_displayed": "0.005765000", - "frame.time_relative": "1589.281623000", - "frame.number": "5700", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001056", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x000094c0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.153.31.0", - "ip.addr": "54.153.31.0", - "ip.dst_host": "54.153.31.0", - "ip.host": "54.153.31.0", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49777", - "tcp.dstport": "80", - "tcp.port": "49777", - "tcp.port": "80", - "tcp.stream": "209", - "tcp.len": "0", - "tcp.seq": "127", - "tcp.ack": "433", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5168", - "tcp.window_size": "5168", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00009559", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5699", - "tcp.analysis.ack_rtt": "0.005765000", - "tcp.analysis.initial_rtt": "0.020014000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:00.910635000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495180.910635000", - "frame.time_delta": "0.168326000", - "frame.time_delta_displayed": "0.168326000", - "frame.time_relative": "1589.449949000", - "frame.number": "5701", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00002b4e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008c13", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "134", - "http.prev_response_in": "5689" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:00.968260000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495180.968260000", - "frame.time_delta": "0.057625000", - "frame.time_delta_displayed": "0.057625000", - "frame.time_relative": "1589.507574000", - "frame.number": "5702", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00002b53", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008c05", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "135", - "http.prev_response_in": "5701" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:01.021125000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495181.021125000", - "frame.time_delta": "0.052865000", - "frame.time_delta_displayed": "0.052865000", - "frame.time_relative": "1589.560439000", - "frame.number": "5703", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00002b56", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008c08", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "136", - "http.prev_response_in": "5702" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:01.264536000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495181.264536000", - "frame.time_delta": "0.243411000", - "frame.time_delta_displayed": "0.243411000", - "frame.time_relative": "1589.803850000", - "frame.number": "5704", - "frame.len": "367", - "frame.cap_len": "367", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:icmp:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x000000c0", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "48", - "ip.dsfield.ecn": "0" - }, - "ip.len": "353", - "ip.id": "0x000080ef", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "1", - "ip.checksum": "0x000075a6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmp": { - "icmp.type": "3", - "icmp.code": "3", - "icmp.checksum": "0x00008086", - "icmp.checksum.status": "1", - "icmp.unused": "00:00:00:00", - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00002b4e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008c13", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "137", - "http.prev_response_in": "5703" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:01.341184000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495181.341184000", - "frame.time_delta": "0.076648000", - "frame.time_delta_displayed": "0.076648000", - "frame.time_relative": "1589.880498000", - "frame.number": "5705", - "frame.len": "81", - "frame.cap_len": "81", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "67", - "ip.id": "0x00001057", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00002989", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "49153", - "udp.dstport": "53", - "udp.port": "49153", - "udp.port": "53", - "udp.length": "47", - "udp.checksum": "0x000036dd", - "udp.checksum.status": "2", - "udp.stream": "14" - }, - "dns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "updates.myblossom.com: type A, class IN": { - "dns.qry.name": "updates.myblossom.com", - "dns.qry.name.len": "21", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:01.355492000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495181.355492000", - "frame.time_delta": "0.014308000", - "frame.time_delta_displayed": "0.014308000", - "frame.time_relative": "1589.894806000", - "frame.number": "5706", - "frame.len": "410", - "frame.cap_len": "410", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "396", - "ip.id": "0x0000dad8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000dcbe", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "49153", - "udp.port": "53", - "udp.port": "49153", - "udp.length": "376", - "udp.checksum": "0x00008353", - "udp.checksum.status": "2", - "udp.stream": "14" - }, - "dns": { - "dns.response_to": "5705", - "dns.time": "0.014308000", - "dns.id": "0x00000000", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "1", - "dns.count.auth_rr": "4", - "dns.count.add_rr": "8", - "Queries": { - "updates.myblossom.com: type A, class IN": { - "dns.qry.name": "updates.myblossom.com", - "dns.qry.name.len": "21", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "updates.myblossom.com: type A, class IN, addr 52.219.24.27": { - "dns.resp.name": "updates.myblossom.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "5", - "dns.resp.len": "4", - "dns.a": "52.219.24.27" - } - }, - "Authoritative nameservers": { - "myblossom.com: type NS, class IN, ns ns-540.awsdns-03.net": { - "dns.resp.name": "myblossom.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "57402", - "dns.resp.len": "22", - "dns.ns": "ns-540.awsdns-03.net" - }, - "myblossom.com: type NS, class IN, ns ns-1324.awsdns-37.org": { - "dns.resp.name": "myblossom.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "57402", - "dns.resp.len": "23", - "dns.ns": "ns-1324.awsdns-37.org" - }, - "myblossom.com: type NS, class IN, ns ns-1743.awsdns-25.co.uk": { - "dns.resp.name": "myblossom.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "57402", - "dns.resp.len": "25", - "dns.ns": "ns-1743.awsdns-25.co.uk" - }, - "myblossom.com: type NS, class IN, ns ns-477.awsdns-59.com": { - "dns.resp.name": "myblossom.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "57402", - "dns.resp.len": "19", - "dns.ns": "ns-477.awsdns-59.com" - } - }, - "Additional records": { - "ns-477.awsdns-59.com: type A, class IN, addr 205.251.193.221": { - "dns.resp.name": "ns-477.awsdns-59.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "100949", - "dns.resp.len": "4", - "dns.a": "205.251.193.221" - }, - "ns-540.awsdns-03.net: type A, class IN, addr 205.251.194.28": { - "dns.resp.name": "ns-540.awsdns-03.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "56936", - "dns.resp.len": "4", - "dns.a": "205.251.194.28" - }, - "ns-1324.awsdns-37.org: type A, class IN, addr 205.251.197.44": { - "dns.resp.name": "ns-1324.awsdns-37.org", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "57020", - "dns.resp.len": "4", - "dns.a": "205.251.197.44" - }, - "ns-1743.awsdns-25.co.uk: type A, class IN, addr 205.251.198.207": { - "dns.resp.name": "ns-1743.awsdns-25.co.uk", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "57346", - "dns.resp.len": "4", - "dns.a": "205.251.198.207" - }, - "ns-477.awsdns-59.com: type AAAA, class IN, addr 2600:9000:5301:dd00::1": { - "dns.resp.name": "ns-477.awsdns-59.com", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "100949", - "dns.resp.len": "16", - "dns.aaaa": "2600:9000:5301:dd00::1" - }, - "ns-540.awsdns-03.net: type AAAA, class IN, addr 2600:9000:5302:1c00::1": { - "dns.resp.name": "ns-540.awsdns-03.net", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "56936", - "dns.resp.len": "16", - "dns.aaaa": "2600:9000:5302:1c00::1" - }, - "ns-1324.awsdns-37.org: type AAAA, class IN, addr 2600:9000:5305:2c00::1": { - "dns.resp.name": "ns-1324.awsdns-37.org", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "57020", - "dns.resp.len": "16", - "dns.aaaa": "2600:9000:5305:2c00::1" - }, - "ns-1743.awsdns-25.co.uk: type AAAA, class IN, addr 2600:9000:5306:cf00::1": { - "dns.resp.name": "ns-1743.awsdns-25.co.uk", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "57346", - "dns.resp.len": "16", - "dns.aaaa": "2600:9000:5306:cf00::1" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:01.362097000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495181.362097000", - "frame.time_delta": "0.006605000", - "frame.time_delta_displayed": "0.006605000", - "frame.time_relative": "1589.901411000", - "frame.number": "5707", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "44", - "ip.id": "0x00001058", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x00009d5d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "52.219.24.27", - "ip.addr": "52.219.24.27", - "ip.dst_host": "52.219.24.27", - "ip.host": "52.219.24.27", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Wilmington, DE, 39.564499, -75.597000": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Wilmington, DE", - "ip.geoip.city": "Wilmington, DE", - "ip.geoip.dst_lat": "39.564499", - "ip.geoip.lat": "39.564499", - "ip.geoip.dst_lon": "-75.597", - "ip.geoip.lon": "-75.597" - } - }, - "tcp": { - "tcp.srcport": "49778", - "tcp.dstport": "80", - "tcp.port": "49778", - "tcp.port": "80", - "tcp.stream": "210", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "24", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "5600", - "tcp.window_size": "5600", - "tcp.checksum": "0x00006198", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:78", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1400" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:01.374807000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495181.374807000", - "frame.time_delta": "0.012710000", - "frame.time_delta_displayed": "0.012710000", - "frame.time_relative": "1589.914121000", - "frame.number": "5708", - "frame.len": "58", - "frame.cap_len": "58", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "44", - "ip.id": "0x0000b874", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "44", - "ip.proto": "6", - "ip.checksum": "0x0000c841", - "ip.checksum.status": "2", - "ip.src": "52.219.24.27", - "ip.addr": "52.219.24.27", - "ip.src_host": "52.219.24.27", - "ip.host": "52.219.24.27", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, Wilmington, DE, 39.564499, -75.597000": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Wilmington, DE", - "ip.geoip.city": "Wilmington, DE", - "ip.geoip.src_lat": "39.564499", - "ip.geoip.lat": "39.564499", - "ip.geoip.src_lon": "-75.597", - "ip.geoip.lon": "-75.597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49778", - "tcp.port": "80", - "tcp.port": "49778", - "tcp.stream": "210", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "24", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "5600", - "tcp.window_size": "5600", - "tcp.checksum": "0x000044de", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:98", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1432" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5707", - "tcp.analysis.ack_rtt": "0.012710000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:01.379873000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495181.379873000", - "frame.time_delta": "0.005066000", - "frame.time_delta_displayed": "0.005066000", - "frame.time_relative": "1589.919187000", - "frame.number": "5709", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001059", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x00009d60", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "52.219.24.27", - "ip.addr": "52.219.24.27", - "ip.dst_host": "52.219.24.27", - "ip.host": "52.219.24.27", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Wilmington, DE, 39.564499, -75.597000": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Wilmington, DE", - "ip.geoip.city": "Wilmington, DE", - "ip.geoip.dst_lat": "39.564499", - "ip.geoip.lat": "39.564499", - "ip.geoip.dst_lon": "-75.597", - "ip.geoip.lon": "-75.597" - } - }, - "tcp": { - "tcp.srcport": "49778", - "tcp.dstport": "80", - "tcp.port": "49778", - "tcp.port": "80", - "tcp.stream": "210", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5600", - "tcp.window_size": "5600", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00005c7f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5708", - "tcp.analysis.ack_rtt": "0.005066000", - "tcp.analysis.initial_rtt": "0.017776000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:01.861290000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495181.861290000", - "frame.time_delta": "0.481417000", - "frame.time_delta_displayed": "0.481417000", - "frame.time_relative": "1590.400604000", - "frame.number": "5710", - "frame.len": "166", - "frame.cap_len": "166", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "152", - "ip.id": "0x0000105a", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x00009cef", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "52.219.24.27", - "ip.addr": "52.219.24.27", - "ip.dst_host": "52.219.24.27", - "ip.host": "52.219.24.27", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Wilmington, DE, 39.564499, -75.597000": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Wilmington, DE", - "ip.geoip.city": "Wilmington, DE", - "ip.geoip.dst_lat": "39.564499", - "ip.geoip.lat": "39.564499", - "ip.geoip.dst_lon": "-75.597", - "ip.geoip.lon": "-75.597" - } - }, - "tcp": { - "tcp.srcport": "49778", - "tcp.dstport": "80", - "tcp.port": "49778", - "tcp.port": "80", - "tcp.stream": "210", - "tcp.len": "112", - "tcp.seq": "1", - "tcp.nxtseq": "113", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5600", - "tcp.window_size": "5600", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x000018ca", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.017776000", - "tcp.analysis.bytes_in_flight": "112", - "tcp.analysis.push_bytes_sent": "112" - } - }, - "http": { - "GET \/firmware-check\/1\/2011.json?q=0.9.2011&c=ND4JQL HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/firmware-check\/1\/2011.json?q=0.9.2011&c=ND4JQL HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/firmware-check\/1\/2011.json?q=0.9.2011&c=ND4JQL", - "http.request.uri_tree": { - "http.request.uri.path": "\/firmware-check\/1\/2011.json", - "http.request.uri.query": "q=0.9.2011&c=ND4JQL", - "http.request.uri.query_tree": { - "http.request.uri.query.parameter": "q=0.9.2011", - "http.request.uri.query.parameter": "c=ND4JQL" - } - }, - "http.request.version": "HTTP\/1.1" - }, - "http.host": "updates.myblossom.com", - "http.request.line": "Host: updates.myblossom.com\r\n", - "http.user_agent": "WMSDK", - "http.request.line": "User-Agent: WMSDK\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/updates.myblossom.com\/firmware-check\/1\/2011.json?q=0.9.2011&c=ND4JQL", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:01.874060000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495181.874060000", - "frame.time_delta": "0.012770000", - "frame.time_delta_displayed": "0.012770000", - "frame.time_relative": "1590.413374000", - "frame.number": "5711", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000054b4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "236", - "ip.proto": "6", - "ip.checksum": "0x00002c05", - "ip.checksum.status": "2", - "ip.src": "52.219.24.27", - "ip.addr": "52.219.24.27", - "ip.src_host": "52.219.24.27", - "ip.host": "52.219.24.27", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, Wilmington, DE, 39.564499, -75.597000": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Wilmington, DE", - "ip.geoip.city": "Wilmington, DE", - "ip.geoip.src_lat": "39.564499", - "ip.geoip.lat": "39.564499", - "ip.geoip.src_lon": "-75.597", - "ip.geoip.lon": "-75.597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49778", - "tcp.port": "80", - "tcp.port": "49778", - "tcp.stream": "210", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "113", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "14600", - "tcp.window_size": "14600", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x000038e7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5710", - "tcp.analysis.ack_rtt": "0.012770000", - "tcp.analysis.initial_rtt": "0.017776000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:01.900450000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495181.900450000", - "frame.time_delta": "0.026390000", - "frame.time_delta_displayed": "0.026390000", - "frame.time_relative": "1590.439764000", - "frame.number": "5712", - "frame.len": "403", - "frame.cap_len": "403", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "389", - "ip.id": "0x000054b5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "236", - "ip.proto": "6", - "ip.checksum": "0x00002aa7", - "ip.checksum.status": "2", - "ip.src": "52.219.24.27", - "ip.addr": "52.219.24.27", - "ip.src_host": "52.219.24.27", - "ip.host": "52.219.24.27", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, Wilmington, DE, 39.564499, -75.597000": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Wilmington, DE", - "ip.geoip.city": "Wilmington, DE", - "ip.geoip.src_lat": "39.564499", - "ip.geoip.lat": "39.564499", - "ip.geoip.src_lon": "-75.597", - "ip.geoip.lon": "-75.597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49778", - "tcp.port": "80", - "tcp.port": "49778", - "tcp.stream": "210", - "tcp.len": "349", - "tcp.seq": "1", - "tcp.nxtseq": "350", - "tcp.ack": "113", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "14600", - "tcp.window_size": "14600", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00007a61", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.017776000", - "tcp.analysis.bytes_in_flight": "349", - "tcp.analysis.push_bytes_sent": "349" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:78:2d:61:6d:7a:2d:69:64:2d:32:3a:20:78:51:47:35:6d:6e:68:44:54:59:6a:54:73:54:50:41:37:4b:63:50:62:39:6c:36:39:51:4b:37:63:6e:6e:68:62:6e:63:78:41:4a:74:50:31:6f:6b:7a:46:2f:58:30:55:4b:30:59:34:41:4d:66:46:46:42:35:66:67:31:41:67:41:75:58:50:4c:4f:43:75:70:41:3d:0d:0a:78:2d:61:6d:7a:2d:72:65:71:75:65:73:74:2d:69:64:3a:20:34:37:46:31:32:31:34:46:36:38:44:35:38:45:45:39:0d:0a:44:61:74:65:3a:20:57:65:64:2c:20:30:31:20:4e:6f:76:20:32:30:31:37:20:30:30:3a:31:33:3a:30:32:20:47:4d:54:0d:0a:4c:61:73:74:2d:4d:6f:64:69:66:69:65:64:3a:20:53:61:74:2c:20:30:34:20:4a:75:6e:20:32:30:31:36:20:30:35:3a:33:35:3a:32:39:20:47:4d:54:0d:0a:45:54:61:67:3a:20:22:36:36:64:38:36:64:36:31:31:66:65:36:63:62:66:62:66:61:39:36:30:64:30:31:65:66:30:35:32:66:33:34:22:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:6f:63:74:65:74:2d:73:74:72:65:61:6d:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:39:39:0d:0a:53:65:72:76:65:72:3a:20:41:6d:61:7a:6f:6e:53:33:0d:0a:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:01.900511000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495181.900511000", - "frame.time_delta": "0.000061000", - "frame.time_delta_displayed": "0.000061000", - "frame.time_relative": "1590.439825000", - "frame.number": "5713", - "frame.len": "253", - "frame.cap_len": "253", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:media" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "239", - "ip.id": "0x000054b6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "236", - "ip.proto": "6", - "ip.checksum": "0x00002b3c", - "ip.checksum.status": "2", - "ip.src": "52.219.24.27", - "ip.addr": "52.219.24.27", - "ip.src_host": "52.219.24.27", - "ip.host": "52.219.24.27", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, Wilmington, DE, 39.564499, -75.597000": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Wilmington, DE", - "ip.geoip.city": "Wilmington, DE", - "ip.geoip.src_lat": "39.564499", - "ip.geoip.lat": "39.564499", - "ip.geoip.src_lon": "-75.597", - "ip.geoip.lon": "-75.597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49778", - "tcp.port": "80", - "tcp.port": "49778", - "tcp.stream": "210", - "tcp.len": "199", - "tcp.seq": "350", - "tcp.nxtseq": "549", - "tcp.ack": "113", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "14600", - "tcp.window_size": "14600", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00008640", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.017776000", - "tcp.analysis.bytes_in_flight": "548", - "tcp.analysis.push_bytes_sent": "199" - }, - "tcp.segment_data": "7b:0d:0a:20:20:22:62:75:69:6c:64:22:20:3a:20:20:20:32:30:31:31:2c:0d:0a:20:20:22:66:77:5f:75:72:6c:22:3a:20:22:68:74:74:70:3a:2f:2f:75:70:64:61:74:65:73:2e:6d:79:62:6c:6f:73:73:6f:6d:2e:63:6f:6d:2f:66:69:72:6d:77:61:72:65:2d:63:68:65:63:6b:2f:69:6d:61:67:65:73:2f:31:2f:66:77:2d:30:2e:39:2e:32:30:31:31:2e:62:69:6e:22:2c:0d:0a:20:20:22:66:74:66:73:5f:75:72:6c:22:3a:20:22:68:74:74:70:3a:2f:2f:75:70:64:61:74:65:73:2e:6d:79:62:6c:6f:73:73:6f:6d:2e:63:6f:6d:2f:66:69:72:6d:77:61:72:65:2d:63:68:65:63:6b:2f:69:6d:61:67:65:73:2f:31:2f:66:77:2d:30:2e:39:2e:32:30:31:31:2e:66:74:66:73:22:0d:0a:7d:0d:0a" - }, - "tcp.segments": { - "tcp.segment": "5712", - "tcp.segment": "5713", - "tcp.segment.count": "2", - "tcp.reassembled.length": "548", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:78:2d:61:6d:7a:2d:69:64:2d:32:3a:20:78:51:47:35:6d:6e:68:44:54:59:6a:54:73:54:50:41:37:4b:63:50:62:39:6c:36:39:51:4b:37:63:6e:6e:68:62:6e:63:78:41:4a:74:50:31:6f:6b:7a:46:2f:58:30:55:4b:30:59:34:41:4d:66:46:46:42:35:66:67:31:41:67:41:75:58:50:4c:4f:43:75:70:41:3d:0d:0a:78:2d:61:6d:7a:2d:72:65:71:75:65:73:74:2d:69:64:3a:20:34:37:46:31:32:31:34:46:36:38:44:35:38:45:45:39:0d:0a:44:61:74:65:3a:20:57:65:64:2c:20:30:31:20:4e:6f:76:20:32:30:31:37:20:30:30:3a:31:33:3a:30:32:20:47:4d:54:0d:0a:4c:61:73:74:2d:4d:6f:64:69:66:69:65:64:3a:20:53:61:74:2c:20:30:34:20:4a:75:6e:20:32:30:31:36:20:30:35:3a:33:35:3a:32:39:20:47:4d:54:0d:0a:45:54:61:67:3a:20:22:36:36:64:38:36:64:36:31:31:66:65:36:63:62:66:62:66:61:39:36:30:64:30:31:65:66:30:35:32:66:33:34:22:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:6f:63:74:65:74:2d:73:74:72:65:61:6d:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:39:39:0d:0a:53:65:72:76:65:72:3a:20:41:6d:61:7a:6f:6e:53:33:0d:0a:0d:0a:7b:0d:0a:20:20:22:62:75:69:6c:64:22:20:3a:20:20:20:32:30:31:31:2c:0d:0a:20:20:22:66:77:5f:75:72:6c:22:3a:20:22:68:74:74:70:3a:2f:2f:75:70:64:61:74:65:73:2e:6d:79:62:6c:6f:73:73:6f:6d:2e:63:6f:6d:2f:66:69:72:6d:77:61:72:65:2d:63:68:65:63:6b:2f:69:6d:61:67:65:73:2f:31:2f:66:77:2d:30:2e:39:2e:32:30:31:31:2e:62:69:6e:22:2c:0d:0a:20:20:22:66:74:66:73:5f:75:72:6c:22:3a:20:22:68:74:74:70:3a:2f:2f:75:70:64:61:74:65:73:2e:6d:79:62:6c:6f:73:73:6f:6d:2e:63:6f:6d:2f:66:69:72:6d:77:61:72:65:2d:63:68:65:63:6b:2f:69:6d:61:67:65:73:2f:31:2f:66:77:2d:30:2e:39:2e:32:30:31:31:2e:66:74:66:73:22:0d:0a:7d:0d:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.response.line": "x-amz-id-2: xQG5mnhDTYjTsTPA7KcPb9l69QK7cnnhbncxAJtP1okzF\/X0UK0Y4AMfFFB5fg1AgAuXPLOCupA=\r\n", - "http.response.line": "x-amz-request-id: 47F1214F68D58EE9\r\n", - "http.date": "Wed, 01 Nov 2017 00:13:02 GMT", - "http.response.line": "Date: Wed, 01 Nov 2017 00:13:02 GMT\r\n", - "http.last_modified": "Sat, 04 Jun 2016 05:35:29 GMT", - "http.response.line": "Last-Modified: Sat, 04 Jun 2016 05:35:29 GMT\r\n", - "http.response.line": "ETag: \"66d86d611fe6cbfbfa960d01ef052f34\"\r\n", - "http.content_type": "application\/octet-stream", - "http.response.line": "Content-Type: application\/octet-stream\r\n", - "http.content_length_header": "199", - "http.content_length_header_tree": { - "http.content_length": "199" - }, - "http.response.line": "Content-Length: 199\r\n", - "http.server": "AmazonS3", - "http.response.line": "Server: AmazonS3\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.039221000", - "http.request_in": "5710", - "http.file_data": "{\r\n \"build\" : 2011,\r\n \"fw_url\": \"http:\/\/updates.myblossom.com\/firmware-check\/images\/1\/fw-0.9.2011.bin\",\r\n \"ftfs_url\": \"http:\/\/updates.myblossom.com\/firmware-check\/images\/1\/fw-0.9.2011.ftfs\"\r\n}\r\n" - }, - "media": { - "media.type": "7b:0d:0a:20:20:22:62:75:69:6c:64:22:20:3a:20:20:20:32:30:31:31:2c:0d:0a:20:20:22:66:77:5f:75:72:6c:22:3a:20:22:68:74:74:70:3a:2f:2f:75:70:64:61:74:65:73:2e:6d:79:62:6c:6f:73:73:6f:6d:2e:63:6f:6d:2f:66:69:72:6d:77:61:72:65:2d:63:68:65:63:6b:2f:69:6d:61:67:65:73:2f:31:2f:66:77:2d:30:2e:39:2e:32:30:31:31:2e:62:69:6e:22:2c:0d:0a:20:20:22:66:74:66:73:5f:75:72:6c:22:3a:20:22:68:74:74:70:3a:2f:2f:75:70:64:61:74:65:73:2e:6d:79:62:6c:6f:73:73:6f:6d:2e:63:6f:6d:2f:66:69:72:6d:77:61:72:65:2d:63:68:65:63:6b:2f:69:6d:61:67:65:73:2f:31:2f:66:77:2d:30:2e:39:2e:32:30:31:31:2e:66:74:66:73:22:0d:0a:7d:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:01.906655000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495181.906655000", - "frame.time_delta": "0.006144000", - "frame.time_delta_displayed": "0.006144000", - "frame.time_relative": "1590.445969000", - "frame.number": "5714", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000105b", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x00009d5e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "52.219.24.27", - "ip.addr": "52.219.24.27", - "ip.dst_host": "52.219.24.27", - "ip.host": "52.219.24.27", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Wilmington, DE, 39.564499, -75.597000": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Wilmington, DE", - "ip.geoip.city": "Wilmington, DE", - "ip.geoip.dst_lat": "39.564499", - "ip.geoip.lat": "39.564499", - "ip.geoip.dst_lon": "-75.597", - "ip.geoip.lon": "-75.597" - } - }, - "tcp": { - "tcp.srcport": "49778", - "tcp.dstport": "80", - "tcp.port": "49778", - "tcp.port": "80", - "tcp.stream": "210", - "tcp.len": "0", - "tcp.seq": "113", - "tcp.ack": "549", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5052", - "tcp.window_size": "5052", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00005c0f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5713", - "tcp.analysis.ack_rtt": "0.006144000", - "tcp.analysis.initial_rtt": "0.017776000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:01.911689000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495181.911689000", - "frame.time_delta": "0.005034000", - "frame.time_delta_displayed": "0.005034000", - "frame.time_relative": "1590.451003000", - "frame.number": "5715", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000105c", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x00009d5d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "52.219.24.27", - "ip.addr": "52.219.24.27", - "ip.dst_host": "52.219.24.27", - "ip.host": "52.219.24.27", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Wilmington, DE, 39.564499, -75.597000": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Wilmington, DE", - "ip.geoip.city": "Wilmington, DE", - "ip.geoip.dst_lat": "39.564499", - "ip.geoip.lat": "39.564499", - "ip.geoip.dst_lon": "-75.597", - "ip.geoip.lon": "-75.597" - } - }, - "tcp": { - "tcp.srcport": "49778", - "tcp.dstport": "80", - "tcp.port": "49778", - "tcp.port": "80", - "tcp.stream": "210", - "tcp.len": "0", - "tcp.seq": "113", - "tcp.ack": "549", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "5052", - "tcp.window_size": "5052", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00005c0e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:01.923953000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495181.923953000", - "frame.time_delta": "0.012264000", - "frame.time_delta_displayed": "0.012264000", - "frame.time_relative": "1590.463267000", - "frame.number": "5716", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000054b7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "236", - "ip.proto": "6", - "ip.checksum": "0x00002c02", - "ip.checksum.status": "2", - "ip.src": "52.219.24.27", - "ip.addr": "52.219.24.27", - "ip.src_host": "52.219.24.27", - "ip.host": "52.219.24.27", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, Wilmington, DE, 39.564499, -75.597000": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Wilmington, DE", - "ip.geoip.city": "Wilmington, DE", - "ip.geoip.src_lat": "39.564499", - "ip.geoip.lat": "39.564499", - "ip.geoip.src_lon": "-75.597", - "ip.geoip.lon": "-75.597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49778", - "tcp.port": "80", - "tcp.port": "49778", - "tcp.stream": "210", - "tcp.len": "0", - "tcp.seq": "549", - "tcp.ack": "114", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "14600", - "tcp.window_size": "14600", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x000036c1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5715", - "tcp.analysis.ack_rtt": "0.012264000", - "tcp.analysis.initial_rtt": "0.017776000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:01.930627000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495181.930627000", - "frame.time_delta": "0.006674000", - "frame.time_delta_displayed": "0.006674000", - "frame.time_relative": "1590.469941000", - "frame.number": "5717", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000105d", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x00009d5c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "52.219.24.27", - "ip.addr": "52.219.24.27", - "ip.dst_host": "52.219.24.27", - "ip.host": "52.219.24.27", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Wilmington, DE, 39.564499, -75.597000": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Wilmington, DE", - "ip.geoip.city": "Wilmington, DE", - "ip.geoip.dst_lat": "39.564499", - "ip.geoip.lat": "39.564499", - "ip.geoip.dst_lon": "-75.597", - "ip.geoip.lon": "-75.597" - } - }, - "tcp": { - "tcp.srcport": "49778", - "tcp.dstport": "80", - "tcp.port": "49778", - "tcp.port": "80", - "tcp.stream": "210", - "tcp.len": "0", - "tcp.seq": "114", - "tcp.ack": "550", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5051", - "tcp.window_size": "5051", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00005c0e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5716", - "tcp.analysis.ack_rtt": "0.006674000", - "tcp.analysis.initial_rtt": "0.017776000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:02.073670000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495182.073670000", - "frame.time_delta": "0.143043000", - "frame.time_delta_displayed": "0.143043000", - "frame.time_relative": "1590.612984000", - "frame.number": "5718", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00002ba2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008bbf", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "138", - "http.prev_response_in": "5704" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:02.126527000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495182.126527000", - "frame.time_delta": "0.052857000", - "frame.time_delta_displayed": "0.052857000", - "frame.time_relative": "1590.665841000", - "frame.number": "5719", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00002ba3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008bb5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "139", - "http.prev_response_in": "5718" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:02.179443000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495182.179443000", - "frame.time_delta": "0.052916000", - "frame.time_delta_displayed": "0.052916000", - "frame.time_relative": "1590.718757000", - "frame.number": "5720", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00002ba9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008bb5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "140", - "http.prev_response_in": "5719" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:02.224213000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495182.224213000", - "frame.time_delta": "0.044770000", - "frame.time_delta_displayed": "0.044770000", - "frame.time_relative": "1590.763527000", - "frame.number": "5721", - "frame.len": "367", - "frame.cap_len": "367", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:icmp:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x000000c0", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "48", - "ip.dsfield.ecn": "0" - }, - "ip.len": "353", - "ip.id": "0x0000812c", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "1", - "ip.checksum": "0x00007569", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmp": { - "icmp.type": "3", - "icmp.code": "3", - "icmp.checksum": "0x00008086", - "icmp.checksum.status": "1", - "icmp.unused": "00:00:00:00", - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00002ba2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008bbf", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "141", - "http.prev_response_in": "5720" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:02.690193000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495182.690193000", - "frame.time_delta": "0.465980000", - "frame.time_delta_displayed": "0.465980000", - "frame.time_relative": "1591.229507000", - "frame.number": "5722", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.242" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:02.690626000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495182.690626000", - "frame.time_delta": "0.000433000", - "frame.time_delta_displayed": "0.000433000", - "frame.time_relative": "1591.229940000", - "frame.number": "5723", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "d0:52:a8:a3:60:0f", - "arp.src.proto_ipv4": "192.168.0.242", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:03.126295000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495183.126295000", - "frame.time_delta": "0.435669000", - "frame.time_delta_displayed": "0.435669000", - "frame.time_relative": "1591.665609000", - "frame.number": "5724", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00002bc6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008b9b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "142", - "http.prev_response_in": "5721" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:03.179154000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495183.179154000", - "frame.time_delta": "0.052859000", - "frame.time_delta_displayed": "0.052859000", - "frame.time_relative": "1591.718468000", - "frame.number": "5725", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00002bcc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008b8c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "143", - "http.prev_response_in": "5724" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:03.231886000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495183.231886000", - "frame.time_delta": "0.052732000", - "frame.time_delta_displayed": "0.052732000", - "frame.time_relative": "1591.771200000", - "frame.number": "5726", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00002bd1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008b8d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "144", - "http.prev_response_in": "5725" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:03.246279000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495183.246279000", - "frame.time_delta": "0.014393000", - "frame.time_delta_displayed": "0.014393000", - "frame.time_relative": "1591.785593000", - "frame.number": "5727", - "frame.len": "367", - "frame.cap_len": "367", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:icmp:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x000000c0", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "48", - "ip.dsfield.ecn": "0" - }, - "ip.len": "353", - "ip.id": "0x00008174", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "1", - "ip.checksum": "0x00007521", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmp": { - "icmp.type": "3", - "icmp.code": "3", - "icmp.checksum": "0x00008086", - "icmp.checksum.status": "1", - "icmp.unused": "00:00:00:00", - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00002bc6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008b9b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "145", - "http.prev_response_in": "5726" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:03.494976000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495183.494976000", - "frame.time_delta": "0.248697000", - "frame.time_delta_displayed": "0.248697000", - "frame.time_relative": "1592.034290000", - "frame.number": "5728", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00002bd2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008b8f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "146", - "http.prev_response_in": "5727" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:03.503402000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495183.503402000", - "frame.time_delta": "0.008426000", - "frame.time_delta_displayed": "0.008426000", - "frame.time_relative": "1592.042716000", - "frame.number": "5729", - "frame.len": "367", - "frame.cap_len": "367", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:icmp:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x000000c0", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "48", - "ip.dsfield.ecn": "0" - }, - "ip.len": "353", - "ip.id": "0x00008184", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "1", - "ip.checksum": "0x00007511", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmp": { - "icmp.type": "3", - "icmp.code": "3", - "icmp.checksum": "0x00008086", - "icmp.checksum.status": "1", - "icmp.unused": "00:00:00:00", - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00002bd2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008b8f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "147", - "http.prev_response_in": "5728" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:03.547761000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495183.547761000", - "frame.time_delta": "0.044359000", - "frame.time_delta_displayed": "0.044359000", - "frame.time_relative": "1592.087075000", - "frame.number": "5730", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00002bd3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008b85", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "148", - "http.prev_response_in": "5729" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:03.600549000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495183.600549000", - "frame.time_delta": "0.052788000", - "frame.time_delta_displayed": "0.052788000", - "frame.time_relative": "1592.139863000", - "frame.number": "5731", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00002bd8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008b86", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "149", - "http.prev_response_in": "5730" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:04.547893000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495184.547893000", - "frame.time_delta": "0.947344000", - "frame.time_delta_displayed": "0.947344000", - "frame.time_relative": "1593.087207000", - "frame.number": "5732", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00002c2b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008b36", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "150", - "http.prev_response_in": "5731" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:04.600729000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495184.600729000", - "frame.time_delta": "0.052836000", - "frame.time_delta_displayed": "0.052836000", - "frame.time_relative": "1593.140043000", - "frame.number": "5733", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00002c2d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008b2b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "151", - "http.prev_response_in": "5732" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:04.653521000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495184.653521000", - "frame.time_delta": "0.052792000", - "frame.time_delta_displayed": "0.052792000", - "frame.time_relative": "1593.192835000", - "frame.number": "5734", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00002c2f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008b2f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "152", - "http.prev_response_in": "5733" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:04.789068000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495184.789068000", - "frame.time_delta": "0.135547000", - "frame.time_delta_displayed": "0.135547000", - "frame.time_relative": "1593.328382000", - "frame.number": "5735", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005818", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a679", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "5037", - "tcp.ack": "577", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f0d2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive": "", - "_ws.expert.message": "TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:04.932248000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495184.932248000", - "frame.time_delta": "0.143180000", - "frame.time_delta_displayed": "0.143180000", - "frame.time_relative": "1593.471562000", - "frame.number": "5736", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000fff", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fd92", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "577", - "tcp.ack": "5038", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000fb47", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive_ack": "", - "_ws.expert.message": "ACK to a TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:05.170234000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495185.170234000", - "frame.time_delta": "0.237986000", - "frame.time_delta_displayed": "0.237986000", - "frame.time_relative": "1593.709548000", - "frame.number": "5737", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.120" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:05.175619000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495185.175619000", - "frame.time_delta": "0.005385000", - "frame.time_delta_displayed": "0.005385000", - "frame.time_relative": "1593.714933000", - "frame.number": "5738", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "e4:95:6e:b0:20:39", - "arp.src.proto_ipv4": "192.168.0.120", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:05.336790000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495185.336790000", - "frame.time_delta": "0.161171000", - "frame.time_delta_displayed": "0.161171000", - "frame.time_relative": "1593.876104000", - "frame.number": "5739", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00002c40", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008b21", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "153", - "http.prev_response_in": "5734" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:05.389812000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495185.389812000", - "frame.time_delta": "0.053022000", - "frame.time_delta_displayed": "0.053022000", - "frame.time_relative": "1593.929126000", - "frame.number": "5740", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00002c44", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008b14", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "154", - "http.prev_response_in": "5739" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:05.442618000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495185.442618000", - "frame.time_delta": "0.052806000", - "frame.time_delta_displayed": "0.052806000", - "frame.time_relative": "1593.981932000", - "frame.number": "5741", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00002c49", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008b15", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "155", - "http.prev_response_in": "5740" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:05.504354000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495185.504354000", - "frame.time_delta": "0.061736000", - "frame.time_delta_displayed": "0.061736000", - "frame.time_relative": "1594.043668000", - "frame.number": "5742", - "frame.len": "367", - "frame.cap_len": "367", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:icmp:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x000000c0", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "48", - "ip.dsfield.ecn": "0" - }, - "ip.len": "353", - "ip.id": "0x000081e2", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "1", - "ip.checksum": "0x000074b3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmp": { - "icmp.type": "3", - "icmp.code": "3", - "icmp.checksum": "0x00008086", - "icmp.checksum.status": "1", - "icmp.unused": "00:00:00:00", - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00002c2b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008b36", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "156", - "http.prev_response_in": "5741" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:05.504477000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495185.504477000", - "frame.time_delta": "0.000123000", - "frame.time_delta_displayed": "0.000123000", - "frame.time_relative": "1594.043791000", - "frame.number": "5743", - "frame.len": "376", - "frame.cap_len": "376", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:icmp:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x000000c0", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "48", - "ip.dsfield.ecn": "0" - }, - "ip.len": "362", - "ip.id": "0x000081e3", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "1", - "ip.checksum": "0x000074a9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmp": { - "icmp.type": "3", - "icmp.code": "3", - "icmp.checksum": "0x0000808f", - "icmp.checksum.status": "1", - "icmp.unused": "00:00:00:00", - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00002c2d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008b2b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "157", - "http.prev_response_in": "5742" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:05.610638000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495185.610638000", - "frame.time_delta": "0.106161000", - "frame.time_delta_displayed": "0.106161000", - "frame.time_relative": "1594.149952000", - "frame.number": "5744", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "60:f1:89:96:45:f6", - "arp.src.proto_ipv4": "192.168.0.86", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:06.389391000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495186.389391000", - "frame.time_delta": "0.778753000", - "frame.time_delta_displayed": "0.778753000", - "frame.time_relative": "1594.928705000", - "frame.number": "5745", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00002c4f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008b12", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "158", - "http.prev_response_in": "5743" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:06.442289000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495186.442289000", - "frame.time_delta": "0.052898000", - "frame.time_delta_displayed": "0.052898000", - "frame.time_relative": "1594.981603000", - "frame.number": "5746", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00002c52", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008b06", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "159", - "http.prev_response_in": "5745" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:06.495094000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495186.495094000", - "frame.time_delta": "0.052805000", - "frame.time_delta_displayed": "0.052805000", - "frame.time_relative": "1595.034408000", - "frame.number": "5747", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00002c56", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008b08", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "160", - "http.prev_response_in": "5746" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:06.642507000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495186.642507000", - "frame.time_delta": "0.147413000", - "frame.time_delta_displayed": "0.147413000", - "frame.time_relative": "1595.181821000", - "frame.number": "5748", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005dea", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x000059ff", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:07.026590000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495187.026590000", - "frame.time_delta": "0.384083000", - "frame.time_delta_displayed": "0.384083000", - "frame.time_relative": "1595.565904000", - "frame.number": "5749", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00002c66", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008afb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "161", - "http.prev_response_in": "5747" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:07.079287000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495187.079287000", - "frame.time_delta": "0.052697000", - "frame.time_delta_displayed": "0.052697000", - "frame.time_relative": "1595.618601000", - "frame.number": "5750", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00002c69", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008aef", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "162", - "http.prev_response_in": "5749" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:07.132071000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495187.132071000", - "frame.time_delta": "0.052784000", - "frame.time_delta_displayed": "0.052784000", - "frame.time_relative": "1595.671385000", - "frame.number": "5751", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00002c6b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008af3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "163", - "http.prev_response_in": "5750" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:07.196274000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495187.196274000", - "frame.time_delta": "0.064203000", - "frame.time_delta_displayed": "0.064203000", - "frame.time_relative": "1595.735588000", - "frame.number": "5752", - "frame.len": "367", - "frame.cap_len": "367", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:icmp:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x000000c0", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "48", - "ip.dsfield.ecn": "0" - }, - "ip.len": "353", - "ip.id": "0x00008216", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "1", - "ip.checksum": "0x0000747f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmp": { - "icmp.type": "3", - "icmp.code": "3", - "icmp.checksum": "0x00008086", - "icmp.checksum.status": "1", - "icmp.unused": "00:00:00:00", - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00002c4f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008b12", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "164", - "http.prev_response_in": "5751" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:07.659642000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495187.659642000", - "frame.time_delta": "0.463368000", - "frame.time_delta_displayed": "0.463368000", - "frame.time_relative": "1596.198956000", - "frame.number": "5753", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001f82", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b86e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00001571", - "udp.checksum.status": "2", - "udp.stream": "98" - }, - "mdns": { - "dns.id": "0x00000284", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=644", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:07.660190000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495187.660190000", - "frame.time_delta": "0.000548000", - "frame.time_delta_displayed": "0.000548000", - "frame.time_relative": "1596.199504000", - "frame.number": "5754", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001f83", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009969", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f66c", - "udp.checksum.status": "2", - "udp.stream": "99" - }, - "mdns": { - "dns.id": "0x00000284", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=644", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:07.660802000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495187.660802000", - "frame.time_delta": "0.000612000", - "frame.time_delta_displayed": "0.000612000", - "frame.time_relative": "1596.200116000", - "frame.number": "5755", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1322", - "udp.dstport": "5353", - "udp.port": "1322", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00008432", - "udp.checksum.status": "2", - "udp.stream": "100" - }, - "mdns": { - "dns.id": "0x00000284", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=644", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:08.078666000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495188.078666000", - "frame.time_delta": "0.417864000", - "frame.time_delta_displayed": "0.417864000", - "frame.time_relative": "1596.617980000", - "frame.number": "5756", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00002cb1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008ab0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "165", - "http.prev_response_in": "5752" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:08.131527000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495188.131527000", - "frame.time_delta": "0.052861000", - "frame.time_delta_displayed": "0.052861000", - "frame.time_relative": "1596.670841000", - "frame.number": "5757", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00002cb7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008aa1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "166", - "http.prev_response_in": "5756" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:08.162934000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495188.162934000", - "frame.time_delta": "0.031407000", - "frame.time_delta_displayed": "0.031407000", - "frame.time_relative": "1596.702248000", - "frame.number": "5758", - "frame.len": "367", - "frame.cap_len": "367", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:icmp:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x000000c0", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "48", - "ip.dsfield.ecn": "0" - }, - "ip.len": "353", - "ip.id": "0x0000822f", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "1", - "ip.checksum": "0x00007466", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmp": { - "icmp.type": "3", - "icmp.code": "3", - "icmp.checksum": "0x00008086", - "icmp.checksum.status": "1", - "icmp.unused": "00:00:00:00", - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00002cb1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008ab0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "167", - "http.prev_response_in": "5757" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:08.184306000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495188.184306000", - "frame.time_delta": "0.021372000", - "frame.time_delta_displayed": "0.021372000", - "frame.time_relative": "1596.723620000", - "frame.number": "5759", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00002cb8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008aa6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "168", - "http.prev_response_in": "5758" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:08.394866000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495188.394866000", - "frame.time_delta": "0.210560000", - "frame.time_delta_displayed": "0.210560000", - "frame.time_relative": "1596.934180000", - "frame.number": "5760", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00002ccb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008a96", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "169", - "http.prev_response_in": "5759" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:08.447754000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495188.447754000", - "frame.time_delta": "0.052888000", - "frame.time_delta_displayed": "0.052888000", - "frame.time_relative": "1596.987068000", - "frame.number": "5761", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00002cce", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008a8a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "170", - "http.prev_response_in": "5760" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:08.500539000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495188.500539000", - "frame.time_delta": "0.052785000", - "frame.time_delta_displayed": "0.052785000", - "frame.time_relative": "1597.039853000", - "frame.number": "5762", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00002cd1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008a8d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "171", - "http.prev_response_in": "5761" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:09.188771000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495189.188771000", - "frame.time_delta": "0.688232000", - "frame.time_delta_displayed": "0.688232000", - "frame.time_relative": "1597.728085000", - "frame.number": "5763", - "frame.len": "367", - "frame.cap_len": "367", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:icmp:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x000000c0", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "48", - "ip.dsfield.ecn": "0" - }, - "ip.len": "353", - "ip.id": "0x00008267", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "1", - "ip.checksum": "0x0000742e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmp": { - "icmp.type": "3", - "icmp.code": "3", - "icmp.checksum": "0x00008086", - "icmp.checksum.status": "1", - "icmp.unused": "00:00:00:00", - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00002ccb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008a96", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "172", - "http.prev_response_in": "5762" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:09.361397000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495189.361397000", - "frame.time_delta": "0.172626000", - "frame.time_delta_displayed": "0.172626000", - "frame.time_relative": "1597.900711000", - "frame.number": "5764", - "frame.len": "136", - "frame.cap_len": "136", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "122", - "ip.id": "0x000021fb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000b75e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "102", - "udp.checksum": "0x0000302a", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000003", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", - "dns.qry.name.len": "70", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:09.452287000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495189.452287000", - "frame.time_delta": "0.090890000", - "frame.time_delta_displayed": "0.090890000", - "frame.time_relative": "1597.991601000", - "frame.number": "5765", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00002d14", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008a4d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "173", - "http.prev_response_in": "5763" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:09.505101000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495189.505101000", - "frame.time_delta": "0.052814000", - "frame.time_delta_displayed": "0.052814000", - "frame.time_relative": "1598.044415000", - "frame.number": "5766", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00002d17", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008a41", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "174", - "http.prev_response_in": "5765" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:09.557863000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495189.557863000", - "frame.time_delta": "0.052762000", - "frame.time_delta_displayed": "0.052762000", - "frame.time_relative": "1598.097177000", - "frame.number": "5767", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00002d19", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008a45", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "175", - "http.prev_response_in": "5766" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:09.799042000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495189.799042000", - "frame.time_delta": "0.241179000", - "frame.time_delta_displayed": "0.241179000", - "frame.time_relative": "1598.338356000", - "frame.number": "5768", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "00:17:88:69:ee:e4", - "arp.src.proto_ipv4": "192.168.0.160", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:09.799242000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495189.799242000", - "frame.time_delta": "0.000200000", - "frame.time_delta_displayed": "0.000200000", - "frame.time_relative": "1598.338556000", - "frame.number": "5769", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:17:88:69:ee:e4", - "arp.dst.proto_ipv4": "192.168.0.160" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:10.136587000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495190.136587000", - "frame.time_delta": "0.337345000", - "frame.time_delta_displayed": "0.337345000", - "frame.time_relative": "1598.675901000", - "frame.number": "5770", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00002d1b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008a46", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "176", - "http.prev_response_in": "5767" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:10.189316000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495190.189316000", - "frame.time_delta": "0.052729000", - "frame.time_delta_displayed": "0.052729000", - "frame.time_relative": "1598.728630000", - "frame.number": "5771", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00002d1c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008a3c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "177", - "http.prev_response_in": "5770" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:10.242110000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495190.242110000", - "frame.time_delta": "0.052794000", - "frame.time_delta_displayed": "0.052794000", - "frame.time_relative": "1598.781424000", - "frame.number": "5772", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00002d1e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008a40", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "178", - "http.prev_response_in": "5771" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:11.095125000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495191.095125000", - "frame.time_delta": "0.853015000", - "frame.time_delta_displayed": "0.853015000", - "frame.time_relative": "1599.634439000", - "frame.number": "5773", - "frame.len": "367", - "frame.cap_len": "367", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:icmp:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x000000c0", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "48", - "ip.dsfield.ecn": "0" - }, - "ip.len": "353", - "ip.id": "0x0000830f", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "1", - "ip.checksum": "0x00007386", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmp": { - "icmp.type": "3", - "icmp.code": "3", - "icmp.checksum": "0x00008086", - "icmp.checksum.status": "1", - "icmp.unused": "00:00:00:00", - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00002d14", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008a4d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "179", - "http.prev_response_in": "5772" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:11.095245000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495191.095245000", - "frame.time_delta": "0.000120000", - "frame.time_delta_displayed": "0.000120000", - "frame.time_relative": "1599.634559000", - "frame.number": "5774", - "frame.len": "376", - "frame.cap_len": "376", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:icmp:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x000000c0", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "48", - "ip.dsfield.ecn": "0" - }, - "ip.len": "362", - "ip.id": "0x00008310", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "1", - "ip.checksum": "0x0000737c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmp": { - "icmp.type": "3", - "icmp.code": "3", - "icmp.checksum": "0x0000808f", - "icmp.checksum.status": "1", - "icmp.unused": "00:00:00:00", - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00002d17", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008a41", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "180", - "http.prev_response_in": "5773" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:11.141717000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495191.141717000", - "frame.time_delta": "0.046472000", - "frame.time_delta_displayed": "0.046472000", - "frame.time_relative": "1599.681031000", - "frame.number": "5775", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00002d49", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008a18", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "181", - "http.prev_response_in": "5774" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:11.194476000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495191.194476000", - "frame.time_delta": "0.052759000", - "frame.time_delta_displayed": "0.052759000", - "frame.time_relative": "1599.733790000", - "frame.number": "5776", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00002d4e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008a0a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "182", - "http.prev_response_in": "5775" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:11.247217000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495191.247217000", - "frame.time_delta": "0.052741000", - "frame.time_delta_displayed": "0.052741000", - "frame.time_relative": "1599.786531000", - "frame.number": "5777", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00002d53", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008a0b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "183", - "http.prev_response_in": "5776" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:11.510281000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495191.510281000", - "frame.time_delta": "0.263064000", - "frame.time_delta_displayed": "0.263064000", - "frame.time_relative": "1600.049595000", - "frame.number": "5778", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00002d5b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008a06", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "184", - "http.prev_response_in": "5777" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:11.563081000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495191.563081000", - "frame.time_delta": "0.052800000", - "frame.time_delta_displayed": "0.052800000", - "frame.time_relative": "1600.102395000", - "frame.number": "5779", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00002d5d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000089fb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "185", - "http.prev_response_in": "5778" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:11.615916000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495191.615916000", - "frame.time_delta": "0.052835000", - "frame.time_delta_displayed": "0.052835000", - "frame.time_relative": "1600.155230000", - "frame.number": "5780", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00002d5f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000089ff", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "186", - "http.prev_response_in": "5779" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:12.326073000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495192.326073000", - "frame.time_delta": "0.710157000", - "frame.time_delta_displayed": "0.710157000", - "frame.time_relative": "1600.865387000", - "frame.number": "5781", - "frame.len": "367", - "frame.cap_len": "367", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:icmp:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x000000c0", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "48", - "ip.dsfield.ecn": "0" - }, - "ip.len": "353", - "ip.id": "0x00008382", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "1", - "ip.checksum": "0x00007313", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmp": { - "icmp.type": "3", - "icmp.code": "3", - "icmp.checksum": "0x00008086", - "icmp.checksum.status": "1", - "icmp.unused": "00:00:00:00", - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00002d5b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008a06", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "187", - "http.prev_response_in": "5780" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:12.563374000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495192.563374000", - "frame.time_delta": "0.237301000", - "frame.time_delta_displayed": "0.237301000", - "frame.time_relative": "1601.102688000", - "frame.number": "5782", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00002d6e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000089f3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "188", - "http.prev_response_in": "5781" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:12.616170000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495192.616170000", - "frame.time_delta": "0.052796000", - "frame.time_delta_displayed": "0.052796000", - "frame.time_relative": "1601.155484000", - "frame.number": "5783", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00002d72", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000089e6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "189", - "http.prev_response_in": "5782" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:12.660824000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495192.660824000", - "frame.time_delta": "0.044654000", - "frame.time_delta_displayed": "0.044654000", - "frame.time_relative": "1601.200138000", - "frame.number": "5784", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001f84", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b86c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00001571", - "udp.checksum.status": "2", - "udp.stream": "98" - }, - "mdns": { - "dns.id": "0x00000284", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=644", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:12.661303000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495192.661303000", - "frame.time_delta": "0.000479000", - "frame.time_delta_displayed": "0.000479000", - "frame.time_relative": "1601.200617000", - "frame.number": "5785", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001f85", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009967", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f66c", - "udp.checksum.status": "2", - "udp.stream": "99" - }, - "mdns": { - "dns.id": "0x00000284", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=644", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:12.661817000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495192.661817000", - "frame.time_delta": "0.000514000", - "frame.time_delta_displayed": "0.000514000", - "frame.time_relative": "1601.201131000", - "frame.number": "5786", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1322", - "udp.dstport": "5353", - "udp.port": "1322", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00008432", - "udp.checksum.status": "2", - "udp.stream": "100" - }, - "mdns": { - "dns.id": "0x00000284", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=644", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:12.669120000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495192.669120000", - "frame.time_delta": "0.007303000", - "frame.time_delta_displayed": "0.007303000", - "frame.time_relative": "1601.208434000", - "frame.number": "5787", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00002d76", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000089e8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "190", - "http.prev_response_in": "5783" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:13.281942000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495193.281942000", - "frame.time_delta": "0.612822000", - "frame.time_delta_displayed": "0.612822000", - "frame.time_relative": "1601.821256000", - "frame.number": "5788", - "frame.len": "367", - "frame.cap_len": "367", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:icmp:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x000000c0", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "48", - "ip.dsfield.ecn": "0" - }, - "ip.len": "353", - "ip.id": "0x000083a4", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "1", - "ip.checksum": "0x000072f1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmp": { - "icmp.type": "3", - "icmp.code": "3", - "icmp.checksum": "0x00008086", - "icmp.checksum.status": "1", - "icmp.unused": "00:00:00:00", - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00002d6e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000089f3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "191", - "http.prev_response_in": "5787" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:13.352819000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495193.352819000", - "frame.time_delta": "0.070877000", - "frame.time_delta_displayed": "0.070877000", - "frame.time_relative": "1601.892133000", - "frame.number": "5789", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00002daa", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000089b7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "192", - "http.prev_response_in": "5788" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:13.405567000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495193.405567000", - "frame.time_delta": "0.052748000", - "frame.time_delta_displayed": "0.052748000", - "frame.time_relative": "1601.944881000", - "frame.number": "5790", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00002dad", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000089ab", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "193", - "http.prev_response_in": "5789" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:13.415691000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495193.415691000", - "frame.time_delta": "0.010124000", - "frame.time_delta_displayed": "0.010124000", - "frame.time_relative": "1601.955005000", - "frame.number": "5791", - "frame.len": "376", - "frame.cap_len": "376", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:icmp:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x000000c0", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "48", - "ip.dsfield.ecn": "0" - }, - "ip.len": "362", - "ip.id": "0x000083a5", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "1", - "ip.checksum": "0x000072e7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmp": { - "icmp.type": "3", - "icmp.code": "3", - "icmp.checksum": "0x0000808f", - "icmp.checksum.status": "1", - "icmp.unused": "00:00:00:00", - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00002dad", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000089ab", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "194", - "http.prev_response_in": "5790" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:13.458474000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495193.458474000", - "frame.time_delta": "0.042783000", - "frame.time_delta_displayed": "0.042783000", - "frame.time_relative": "1601.997788000", - "frame.number": "5792", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00002daf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000089af", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "195", - "http.prev_response_in": "5791" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:14.405202000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495194.405202000", - "frame.time_delta": "0.946728000", - "frame.time_delta_displayed": "0.946728000", - "frame.time_relative": "1602.944516000", - "frame.number": "5793", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00002db5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000089ac", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "196", - "http.prev_response_in": "5792" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:14.458102000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495194.458102000", - "frame.time_delta": "0.052900000", - "frame.time_delta_displayed": "0.052900000", - "frame.time_relative": "1602.997416000", - "frame.number": "5794", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00002db8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000089a0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "197", - "http.prev_response_in": "5793" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:14.511361000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495194.511361000", - "frame.time_delta": "0.053259000", - "frame.time_delta_displayed": "0.053259000", - "frame.time_relative": "1603.050675000", - "frame.number": "5795", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00002dbe", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000089a0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "198", - "http.prev_response_in": "5794" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:15.037400000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495195.037400000", - "frame.time_delta": "0.526039000", - "frame.time_delta_displayed": "0.526039000", - "frame.time_relative": "1603.576714000", - "frame.number": "5796", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00002dd8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008989", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "199", - "http.prev_response_in": "5795" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:15.090403000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495195.090403000", - "frame.time_delta": "0.053003000", - "frame.time_delta_displayed": "0.053003000", - "frame.time_relative": "1603.629717000", - "frame.number": "5797", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00002ddb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000897d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "200", - "http.prev_response_in": "5796" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:15.123446000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495195.123446000", - "frame.time_delta": "0.033043000", - "frame.time_delta_displayed": "0.033043000", - "frame.time_relative": "1603.662760000", - "frame.number": "5798", - "frame.len": "367", - "frame.cap_len": "367", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:icmp:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x000000c0", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "48", - "ip.dsfield.ecn": "0" - }, - "ip.len": "353", - "ip.id": "0x00008449", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "1", - "ip.checksum": "0x0000724c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmp": { - "icmp.type": "3", - "icmp.code": "3", - "icmp.checksum": "0x00008086", - "icmp.checksum.status": "1", - "icmp.unused": "00:00:00:00", - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00002db5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000089ac", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "201", - "http.prev_response_in": "5797" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:15.142979000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495195.142979000", - "frame.time_delta": "0.019533000", - "frame.time_delta_displayed": "0.019533000", - "frame.time_relative": "1603.682293000", - "frame.number": "5799", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00002de0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000897e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "202", - "http.prev_response_in": "5798" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:16.090016000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495196.090016000", - "frame.time_delta": "0.947037000", - "frame.time_delta_displayed": "0.947037000", - "frame.time_relative": "1604.629330000", - "frame.number": "5800", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00002df8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008969", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "203", - "http.prev_response_in": "5799" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:16.104360000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495196.104360000", - "frame.time_delta": "0.014344000", - "frame.time_delta_displayed": "0.014344000", - "frame.time_relative": "1604.643674000", - "frame.number": "5801", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "60:f1:89:96:45:f6", - "arp.src.proto_ipv4": "192.168.0.86", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.160" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:16.104740000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495196.104740000", - "frame.time_delta": "0.000380000", - "frame.time_delta_displayed": "0.000380000", - "frame.time_relative": "1604.644054000", - "frame.number": "5802", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "00:17:88:69:ee:e4", - "arp.src.proto_ipv4": "192.168.0.160", - "arp.dst.hw_mac": "60:f1:89:96:45:f6", - "arp.dst.proto_ipv4": "192.168.0.86" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:16.108920000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495196.108920000", - "frame.time_delta": "0.004180000", - "frame.time_delta_displayed": "0.004180000", - "frame.time_relative": "1604.648234000", - "frame.number": "5803", - "frame.len": "367", - "frame.cap_len": "367", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:icmp:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x000000c0", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "48", - "ip.dsfield.ecn": "0" - }, - "ip.len": "353", - "ip.id": "0x0000845f", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "1", - "ip.checksum": "0x00007236", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmp": { - "icmp.type": "3", - "icmp.code": "3", - "icmp.checksum": "0x00008086", - "icmp.checksum.status": "1", - "icmp.unused": "00:00:00:00", - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00002df8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008969", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "204", - "http.prev_response_in": "5800" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:16.142809000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495196.142809000", - "frame.time_delta": "0.033889000", - "frame.time_delta_displayed": "0.033889000", - "frame.time_relative": "1604.682123000", - "frame.number": "5804", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00002df9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000895f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "205", - "http.prev_response_in": "5803" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:16.195588000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495196.195588000", - "frame.time_delta": "0.052779000", - "frame.time_delta_displayed": "0.052779000", - "frame.time_relative": "1604.734902000", - "frame.number": "5805", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00002dfd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008961", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "206", - "http.prev_response_in": "5804" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:17.660213000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495197.660213000", - "frame.time_delta": "1.464625000", - "frame.time_delta_displayed": "1.464625000", - "frame.time_relative": "1606.199527000", - "frame.number": "5806", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001f86", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b86a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00001571", - "udp.checksum.status": "2", - "udp.stream": "98" - }, - "mdns": { - "dns.id": "0x00000284", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=644", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:17.660730000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495197.660730000", - "frame.time_delta": "0.000517000", - "frame.time_delta_displayed": "0.000517000", - "frame.time_relative": "1606.200044000", - "frame.number": "5807", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001f87", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009965", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f66c", - "udp.checksum.status": "2", - "udp.stream": "99" - }, - "mdns": { - "dns.id": "0x00000284", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=644", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:17.661340000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495197.661340000", - "frame.time_delta": "0.000610000", - "frame.time_delta_displayed": "0.000610000", - "frame.time_relative": "1606.200654000", - "frame.number": "5808", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1322", - "udp.dstport": "5353", - "udp.port": "1322", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00008432", - "udp.checksum.status": "2", - "udp.stream": "100" - }, - "mdns": { - "dns.id": "0x00000284", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=644", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:17.719841000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495197.719841000", - "frame.time_delta": "0.058501000", - "frame.time_delta_displayed": "0.058501000", - "frame.time_relative": "1606.259155000", - "frame.number": "5809", - "frame.len": "90", - "frame.cap_len": "90", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ntp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000010", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "4", - "ip.dsfield.ecn": "0" - }, - "ip.len": "76", - "ip.id": "0x000034a9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000d780", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "66.228.42.59", - "ip.addr": "66.228.42.59", - "ip.dst_host": "66.228.42.59", - "ip.host": "66.228.42.59", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS63949 Linode, LLC, Absecon, NJ, 39.489899, -74.477303": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS63949 Linode, LLC", - "ip.geoip.asnum": "AS63949 Linode, LLC", - "ip.geoip.dst_city": "Absecon, NJ", - "ip.geoip.city": "Absecon, NJ", - "ip.geoip.dst_lat": "39.489899", - "ip.geoip.lat": "39.489899", - "ip.geoip.dst_lon": "-74.477303", - "ip.geoip.lon": "-74.477303" - } - }, - "udp": { - "udp.srcport": "48446", - "udp.dstport": "123", - "udp.port": "48446", - "udp.port": "123", - "udp.length": "56", - "udp.checksum": "0x0000944a", - "udp.checksum.status": "2", - "udp.stream": "131" - }, - "ntp": { - "ntp.flags": "0x00000023", - "ntp.flags_tree": { - "ntp.flags.li": "0", - "ntp.flags.vn": "4", - "ntp.flags.mode": "3" - }, - "ntp.stratum": "0", - "ntp.ppoll": "0", - "ntp.precision": "0", - "ntp.rootdelay": "0", - "ntp.rootdispersion": "0", - "ntp.refid": "00:00:00:00", - "ntp.reftime": "Dec 31, 1969 16:00:00.000000000 PST", - "ntp.org": "Dec 31, 1969 16:00:00.000000000 PST", - "ntp.rec": "Dec 31, 1969 16:00:00.000000000 PST", - "ntp.xmt": "Jul 9, 2101 03:04:58.133193000 PDT" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:17.795676000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495197.795676000", - "frame.time_delta": "0.075835000", - "frame.time_delta_displayed": "0.075835000", - "frame.time_relative": "1606.334990000", - "frame.number": "5810", - "frame.len": "90", - "frame.cap_len": "90", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ntp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "76", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "46", - "ip.proto": "17", - "ip.checksum": "0x00001e3a", - "ip.checksum.status": "2", - "ip.src": "66.228.42.59", - "ip.addr": "66.228.42.59", - "ip.src_host": "66.228.42.59", - "ip.host": "66.228.42.59", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS63949 Linode, LLC, Absecon, NJ, 39.489899, -74.477303": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS63949 Linode, LLC", - "ip.geoip.asnum": "AS63949 Linode, LLC", - "ip.geoip.src_city": "Absecon, NJ", - "ip.geoip.city": "Absecon, NJ", - "ip.geoip.src_lat": "39.489899", - "ip.geoip.lat": "39.489899", - "ip.geoip.src_lon": "-74.477303", - "ip.geoip.lon": "-74.477303" - }, - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "123", - "udp.dstport": "48446", - "udp.port": "123", - "udp.port": "48446", - "udp.length": "56", - "udp.checksum": "0x0000297c", - "udp.checksum.status": "2", - "udp.stream": "131" - }, - "ntp": { - "ntp.flags": "0x00000024", - "ntp.flags_tree": { - "ntp.flags.li": "0", - "ntp.flags.vn": "4", - "ntp.flags.mode": "4" - }, - "ntp.stratum": "3", - "ntp.ppoll": "3", - "ntp.precision": "-20", - "ntp.rootdelay": "0.100082397460938", - "ntp.rootdispersion": "0.120086669921875", - "ntp.refid": "6d:e5:80:28", - "ntp.reftime": "Oct 31, 2017 16:45:52.723260000 PDT", - "ntp.org": "Jul 9, 2101 03:04:58.133193000 PDT", - "ntp.rec": "Oct 31, 2017 17:13:17.766888000 PDT", - "ntp.xmt": "Oct 31, 2017 17:13:17.766957000 PDT" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:19.257758000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495199.257758000", - "frame.time_delta": "1.462082000", - "frame.time_delta_displayed": "1.462082000", - "frame.time_relative": "1607.797072000", - "frame.number": "5811", - "frame.len": "76", - "frame.cap_len": "76", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "62", - "ip.id": "0x0000bce4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000fbd8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "43390", - "udp.dstport": "53", - "udp.port": "43390", - "udp.port": "53", - "udp.length": "42", - "udp.checksum": "0x0000a500", - "udp.checksum.status": "2", - "udp.stream": "132" - }, - "dns": { - "dns.id": "0x00000f39", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:19.264240000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495199.264240000", - "frame.time_delta": "0.006482000", - "frame.time_delta_displayed": "0.006482000", - "frame.time_relative": "1607.803554000", - "frame.number": "5812", - "frame.len": "513", - "frame.cap_len": "513", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "499", - "ip.id": "0x00009ea2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00001866", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "43390", - "udp.port": "53", - "udp.port": "43390", - "udp.length": "479", - "udp.checksum": "0x000083e2", - "udp.checksum.status": "2", - "udp.stream": "132" - }, - "dns": { - "dns.response_to": "5811", - "dns.time": "0.006482000", - "dns.id": "0x00000f39", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "4", - "dns.count.auth_rr": "9", - "dns.count.add_rr": "9", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { - "dns.resp.name": "www2.meethue.com", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "177", - "dns.resp.len": "41", - "dns.cname": "brands.lighting.philips.com.edgekey.net" - }, - "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { - "dns.resp.name": "brands.lighting.philips.com.edgekey.net", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "17652", - "dns.resp.len": "22", - "dns.cname": "e15361.b.akamaiedge.net" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.73": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "173.223.52.73" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.2": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "173.223.52.2" - } - }, - "Authoritative nameservers": { - "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2503", - "dns.resp.len": "6", - "dns.ns": "n2b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2503", - "dns.resp.len": "6", - "dns.ns": "n5b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2503", - "dns.resp.len": "6", - "dns.ns": "n7b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2503", - "dns.resp.len": "6", - "dns.ns": "n4b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2503", - "dns.resp.len": "6", - "dns.ns": "a0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2503", - "dns.resp.len": "6", - "dns.ns": "n1b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2503", - "dns.resp.len": "6", - "dns.ns": "n6b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2503", - "dns.resp.len": "6", - "dns.ns": "n0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2503", - "dns.resp.len": "6", - "dns.ns": "n3b.akamaiedge.net" - } - }, - "Additional records": { - "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { - "dns.resp.name": "n0b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1375", - "dns.resp.len": "4", - "dns.a": "88.221.81.192" - }, - "n1b.akamaiedge.net: type A, class IN, addr 165.254.137.96": { - "dns.resp.name": "n1b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1706", - "dns.resp.len": "4", - "dns.a": "165.254.137.96" - }, - "n2b.akamaiedge.net: type A, class IN, addr 165.254.137.96": { - "dns.resp.name": "n2b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "4490", - "dns.resp.len": "4", - "dns.a": "165.254.137.96" - }, - "n3b.akamaiedge.net: type A, class IN, addr 165.254.137.88": { - "dns.resp.name": "n3b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "682", - "dns.resp.len": "4", - "dns.a": "165.254.137.88" - }, - "n4b.akamaiedge.net: type A, class IN, addr 173.197.192.230": { - "dns.resp.name": "n4b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1017", - "dns.resp.len": "4", - "dns.a": "173.197.192.230" - }, - "n5b.akamaiedge.net: type A, class IN, addr 165.254.137.91": { - "dns.resp.name": "n5b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1504", - "dns.resp.len": "4", - "dns.a": "165.254.137.91" - }, - "n6b.akamaiedge.net: type A, class IN, addr 165.254.134.240": { - "dns.resp.name": "n6b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1293", - "dns.resp.len": "4", - "dns.a": "165.254.134.240" - }, - "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.239": { - "dns.resp.name": "n7b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "5259", - "dns.resp.len": "4", - "dns.a": "165.254.134.239" - }, - "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { - "dns.resp.name": "a0b.akamaiedge.net", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2514", - "dns.resp.len": "16", - "dns.aaaa": "2600:1480:e800::c0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:19.265088000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495199.265088000", - "frame.time_delta": "0.000848000", - "frame.time_delta_displayed": "0.000848000", - "frame.time_relative": "1607.804402000", - "frame.number": "5813", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000cd19", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ca39", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "173.223.52.73", - "ip.addr": "173.223.52.73", - "ip.dst_host": "173.223.52.73", - "ip.host": "173.223.52.73", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS20940 Akamai International B.V., Cambridge, MA, 42.362598, -71.084297": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS20940 Akamai International B.V.", - "ip.geoip.asnum": "AS20940 Akamai International B.V.", - "ip.geoip.dst_city": "Cambridge, MA", - "ip.geoip.city": "Cambridge, MA", - "ip.geoip.dst_lat": "42.362598", - "ip.geoip.lat": "42.362598", - "ip.geoip.dst_lon": "-71.084297", - "ip.geoip.lon": "-71.084297" - } - }, - "tcp": { - "tcp.srcport": "54164", - "tcp.dstport": "443", - "tcp.port": "54164", - "tcp.port": "443", - "tcp.stream": "211", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 443", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000dfc5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:19.268307000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495199.268307000", - "frame.time_delta": "0.003219000", - "frame.time_delta_displayed": "0.003219000", - "frame.time_relative": "1607.807621000", - "frame.number": "5814", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "56", - "ip.proto": "6", - "ip.checksum": "0x00009f53", - "ip.checksum.status": "2", - "ip.src": "173.223.52.73", - "ip.addr": "173.223.52.73", - "ip.src_host": "173.223.52.73", - "ip.host": "173.223.52.73", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS20940 Akamai International B.V., Cambridge, MA, 42.362598, -71.084297": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS20940 Akamai International B.V.", - "ip.geoip.asnum": "AS20940 Akamai International B.V.", - "ip.geoip.src_city": "Cambridge, MA", - "ip.geoip.city": "Cambridge, MA", - "ip.geoip.src_lat": "42.362598", - "ip.geoip.lat": "42.362598", - "ip.geoip.src_lon": "-71.084297", - "ip.geoip.lon": "-71.084297" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "54164", - "tcp.port": "443", - "tcp.port": "54164", - "tcp.stream": "211", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 443", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000a9f4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:05", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 5 (multiply by 32)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "5", - "tcp.options.wscale.multiplier": "32" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5813", - "tcp.analysis.ack_rtt": "0.003219000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:19.268800000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495199.268800000", - "frame.time_delta": "0.000493000", - "frame.time_delta_displayed": "0.000493000", - "frame.time_relative": "1607.808114000", - "frame.number": "5815", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000cd1a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ca44", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "173.223.52.73", - "ip.addr": "173.223.52.73", - "ip.dst_host": "173.223.52.73", - "ip.host": "173.223.52.73", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS20940 Akamai International B.V., Cambridge, MA, 42.362598, -71.084297": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS20940 Akamai International B.V.", - "ip.geoip.asnum": "AS20940 Akamai International B.V.", - "ip.geoip.dst_city": "Cambridge, MA", - "ip.geoip.city": "Cambridge, MA", - "ip.geoip.dst_lat": "42.362598", - "ip.geoip.lat": "42.362598", - "ip.geoip.dst_lon": "-71.084297", - "ip.geoip.lon": "-71.084297" - } - }, - "tcp": { - "tcp.srcport": "54164", - "tcp.dstport": "443", - "tcp.port": "54164", - "tcp.port": "443", - "tcp.stream": "211", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3650", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00004e93", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5814", - "tcp.analysis.ack_rtt": "0.000493000", - "tcp.analysis.initial_rtt": "0.003712000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:19.268812000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495199.268812000", - "frame.time_delta": "0.000012000", - "frame.time_delta_displayed": "0.000012000", - "frame.time_relative": "1607.808126000", - "frame.number": "5816", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000cd1b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ca43", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "173.223.52.73", - "ip.addr": "173.223.52.73", - "ip.dst_host": "173.223.52.73", - "ip.host": "173.223.52.73", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS20940 Akamai International B.V., Cambridge, MA, 42.362598, -71.084297": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS20940 Akamai International B.V.", - "ip.geoip.asnum": "AS20940 Akamai International B.V.", - "ip.geoip.dst_city": "Cambridge, MA", - "ip.geoip.city": "Cambridge, MA", - "ip.geoip.dst_lat": "42.362598", - "ip.geoip.lat": "42.362598", - "ip.geoip.dst_lon": "-71.084297", - "ip.geoip.lon": "-71.084297" - } - }, - "tcp": { - "tcp.srcport": "54164", - "tcp.dstport": "443", - "tcp.port": "54164", - "tcp.port": "443", - "tcp.stream": "211", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3650", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00004e92", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:19.270536000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495199.270536000", - "frame.time_delta": "0.001724000", - "frame.time_delta_displayed": "0.001724000", - "frame.time_relative": "1607.809850000", - "frame.number": "5817", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "56", - "ip.proto": "6", - "ip.checksum": "0x00009f53", - "ip.checksum.status": "2", - "ip.src": "173.223.52.73", - "ip.addr": "173.223.52.73", - "ip.src_host": "173.223.52.73", - "ip.host": "173.223.52.73", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS20940 Akamai International B.V., Cambridge, MA, 42.362598, -71.084297": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS20940 Akamai International B.V.", - "ip.geoip.asnum": "AS20940 Akamai International B.V.", - "ip.geoip.src_city": "Cambridge, MA", - "ip.geoip.city": "Cambridge, MA", - "ip.geoip.src_lat": "42.362598", - "ip.geoip.lat": "42.362598", - "ip.geoip.src_lon": "-71.084297", - "ip.geoip.lon": "-71.084297" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "54164", - "tcp.port": "443", - "tcp.port": "54164", - "tcp.stream": "211", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 443", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000a9f4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:05", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 5 (multiply by 32)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "5", - "tcp.options.wscale.multiplier": "32" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003712000", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.out_of_order": "", - "_ws.expert.message": "This frame is a (suspected) out-of-order segment", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:19.270990000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495199.270990000", - "frame.time_delta": "0.000454000", - "frame.time_delta_displayed": "0.000454000", - "frame.time_relative": "1607.810304000", - "frame.number": "5818", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000cd1c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ca42", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "173.223.52.73", - "ip.addr": "173.223.52.73", - "ip.dst_host": "173.223.52.73", - "ip.host": "173.223.52.73", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS20940 Akamai International B.V., Cambridge, MA, 42.362598, -71.084297": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS20940 Akamai International B.V.", - "ip.geoip.asnum": "AS20940 Akamai International B.V.", - "ip.geoip.dst_city": "Cambridge, MA", - "ip.geoip.city": "Cambridge, MA", - "ip.geoip.dst_lat": "42.362598", - "ip.geoip.lat": "42.362598", - "ip.geoip.dst_lon": "-71.084297", - "ip.geoip.lon": "-71.084297" - } - }, - "tcp": { - "tcp.srcport": "54164", - "tcp.dstport": "443", - "tcp.port": "54164", - "tcp.port": "443", - "tcp.stream": "211", - "tcp.len": "0", - "tcp.seq": "2", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3650", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00004e92", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5817", - "tcp.analysis.ack_rtt": "0.000454000", - "tcp.analysis.initial_rtt": "0.003712000", - "tcp.analysis.flags": { - "tcp.analysis.duplicate_ack": "" - }, - "tcp.analysis.duplicate_ack_num": "1", - "tcp.analysis.duplicate_ack_frame": "5815", - "tcp.analysis.duplicate_ack_frame_tree": { - "_ws.expert": { - "tcp.analysis.duplicate_ack": "", - "_ws.expert.message": "Duplicate ACK (#1)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:19.272027000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495199.272027000", - "frame.time_delta": "0.001037000", - "frame.time_delta_displayed": "0.001037000", - "frame.time_relative": "1607.811341000", - "frame.number": "5819", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000cc6d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "56", - "ip.proto": "6", - "ip.checksum": "0x0000d2f1", - "ip.checksum.status": "2", - "ip.src": "173.223.52.73", - "ip.addr": "173.223.52.73", - "ip.src_host": "173.223.52.73", - "ip.host": "173.223.52.73", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS20940 Akamai International B.V., Cambridge, MA, 42.362598, -71.084297": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS20940 Akamai International B.V.", - "ip.geoip.asnum": "AS20940 Akamai International B.V.", - "ip.geoip.src_city": "Cambridge, MA", - "ip.geoip.city": "Cambridge, MA", - "ip.geoip.src_lat": "42.362598", - "ip.geoip.lat": "42.362598", - "ip.geoip.src_lon": "-71.084297", - "ip.geoip.lon": "-71.084297" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "54164", - "tcp.port": "443", - "tcp.port": "54164", - "tcp.stream": "211", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "2", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "913", - "tcp.window_size": "29216", - "tcp.window_size_scalefactor": "32", - "tcp.checksum": "0x00005942", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5816", - "tcp.analysis.ack_rtt": "0.003215000", - "tcp.analysis.initial_rtt": "0.003712000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:19.272459000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495199.272459000", - "frame.time_delta": "0.000432000", - "frame.time_delta_displayed": "0.000432000", - "frame.time_relative": "1607.811773000", - "frame.number": "5820", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000cd1d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ca41", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "173.223.52.73", - "ip.addr": "173.223.52.73", - "ip.dst_host": "173.223.52.73", - "ip.host": "173.223.52.73", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS20940 Akamai International B.V., Cambridge, MA, 42.362598, -71.084297": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS20940 Akamai International B.V.", - "ip.geoip.asnum": "AS20940 Akamai International B.V.", - "ip.geoip.dst_city": "Cambridge, MA", - "ip.geoip.city": "Cambridge, MA", - "ip.geoip.dst_lat": "42.362598", - "ip.geoip.lat": "42.362598", - "ip.geoip.dst_lon": "-71.084297", - "ip.geoip.lon": "-71.084297" - } - }, - "tcp": { - "tcp.srcport": "54164", - "tcp.dstport": "443", - "tcp.port": "54164", - "tcp.port": "443", - "tcp.stream": "211", - "tcp.len": "0", - "tcp.seq": "2", - "tcp.ack": "2", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3650", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00004e91", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5819", - "tcp.analysis.ack_rtt": "0.000432000", - "tcp.analysis.initial_rtt": "0.003712000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:22.800196000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495202.800196000", - "frame.time_delta": "3.527737000", - "frame.time_delta_displayed": "3.527737000", - "frame.time_relative": "1611.339510000", - "frame.number": "5821", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.160" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:22.800612000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495202.800612000", - "frame.time_delta": "0.000416000", - "frame.time_delta_displayed": "0.000416000", - "frame.time_relative": "1611.339926000", - "frame.number": "5822", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "00:17:88:69:ee:e4", - "arp.src.proto_ipv4": "192.168.0.160", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:28.707060000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495208.707060000", - "frame.time_delta": "5.906448000", - "frame.time_delta_displayed": "5.906448000", - "frame.time_relative": "1617.246374000", - "frame.number": "5823", - "frame.len": "115", - "frame.cap_len": "115", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "101", - "ip.id": "0x00009682", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000076cc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "49", - "tcp.seq": "76048", - "tcp.nxtseq": "76097", - "tcp.ack": "17069", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000cca4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:28:ae:a7:a1:08:61", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2566318, TSecr 2812348513": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2566318", - "tcp.options.timestamp.tsecr": "2812348513" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "49", - "tcp.analysis.push_bytes_sent": "49" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "44", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:22:d9:44:c7:25:5d:a0:f9:ec:09:bd:05:0b:67:8c:a0:05:ef:05:84:32:28:ab:19:82:0a:99:fd:8f:79:10:4c:42:af:9b:8d:4a" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:28.767713000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495208.767713000", - "frame.time_delta": "0.060653000", - "frame.time_delta_displayed": "0.060653000", - "frame.time_relative": "1617.307027000", - "frame.number": "5824", - "frame.len": "121", - "frame.cap_len": "121", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "107", - "ip.id": "0x00002d7c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037cc", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "55", - "tcp.seq": "17069", - "tcp.nxtseq": "17124", - "tcp.ack": "76097", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00001596", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:26:bc:00:27:28:ae", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812356284, TSecr 2566318": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812356284", - "tcp.options.timestamp.tsecr": "2566318" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5823", - "tcp.analysis.ack_rtt": "0.060653000", - "tcp.analysis.bytes_in_flight": "55", - "tcp.analysis.push_bytes_sent": "55" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "50", - "ssl.app_data": "34:cd:34:17:47:48:0e:b9:0f:41:d9:54:0e:e3:38:28:a0:70:a9:77:d8:69:71:c2:76:31:7d:ec:67:5f:62:54:df:57:93:9a:13:e7:e4:f2:00:3d:4b:45:0f:63:be:93:91:d8" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:28.768209000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495208.768209000", - "frame.time_delta": "0.000496000", - "frame.time_delta_displayed": "0.000496000", - "frame.time_relative": "1617.307523000", - "frame.number": "5825", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00009683", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000076fc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "76097", - "tcp.ack": "17124", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000ec03", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:28:b4:a7:a1:26:bc", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2566324, TSecr 2812356284": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2566324", - "tcp.options.timestamp.tsecr": "2812356284" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5824", - "tcp.analysis.ack_rtt": "0.000496000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:28.898770000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495208.898770000", - "frame.time_delta": "0.130561000", - "frame.time_delta_displayed": "0.130561000", - "frame.time_relative": "1617.438084000", - "frame.number": "5826", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "3c:ef:8c:6f:79:5a", - "eth.src_tree": { - "eth.src_resolved": "Zhejiang_6f:79:5a", - "eth.addr": "3c:ef:8c:6f:79:5a", - "eth.addr_resolved": "Zhejiang_6f:79:5a", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.isgratuitous": "1", - "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", - "arp.src.proto_ipv4": "192.168.0.71", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.71" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:29.458859000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495209.458859000", - "frame.time_delta": "0.560089000", - "frame.time_delta_displayed": "0.560089000", - "frame.time_relative": "1617.998173000", - "frame.number": "5827", - "frame.len": "136", - "frame.cap_len": "136", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "122", - "ip.id": "0x00003918", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000a041", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "102", - "udp.checksum": "0x0000302a", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000003", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", - "dns.qry.name.len": "70", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:30.431433000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495210.431433000", - "frame.time_delta": "0.972574000", - "frame.time_delta_displayed": "0.972574000", - "frame.time_relative": "1618.970747000", - "frame.number": "5828", - "frame.len": "168", - "frame.cap_len": "168", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "154", - "ip.id": "0x0000210f", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e735", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "52117", - "udp.dstport": "1900", - "udp.port": "52117", - "udp.port": "1900", - "udp.length": "134", - "udp.checksum": "0x00004d48", - "udp.checksum.status": "2", - "udp.stream": "10" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "14", - "http.prev_request_in": "5197" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:30.901288000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495210.901288000", - "frame.time_delta": "0.469855000", - "frame.time_delta_displayed": "0.469855000", - "frame.time_relative": "1619.440602000", - "frame.number": "5829", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00002028", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009723", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "305", - "udp.checksum": "0x0000f985", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "79", - "http.prev_response_in": "5259" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:30.909220000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495210.909220000", - "frame.time_delta": "0.007932000", - "frame.time_delta_displayed": "0.007932000", - "frame.time_relative": "1619.448534000", - "frame.number": "5830", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001b81", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005ce6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54695", - "tcp.dstport": "80", - "tcp.port": "54695", - "tcp.port": "80", - "tcp.stream": "212", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x000021ad", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:30.909760000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495210.909760000", - "frame.time_delta": "0.000540000", - "frame.time_delta_displayed": "0.000540000", - "frame.time_relative": "1619.449074000", - "frame.number": "5831", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54695", - "tcp.port": "80", - "tcp.port": "54695", - "tcp.stream": "212", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000270c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5830", - "tcp.analysis.ack_rtt": "0.000540000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:30.988991000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495210.988991000", - "frame.time_delta": "0.079231000", - "frame.time_delta_displayed": "0.079231000", - "frame.time_relative": "1619.528305000", - "frame.number": "5832", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001b82", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005cf1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54695", - "tcp.dstport": "80", - "tcp.port": "54695", - "tcp.port": "80", - "tcp.stream": "212", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000d8ea", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5831", - "tcp.analysis.ack_rtt": "0.079231000", - "tcp.analysis.initial_rtt": "0.079771000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:30.989036000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495210.989036000", - "frame.time_delta": "0.000045000", - "frame.time_delta_displayed": "0.000045000", - "frame.time_relative": "1619.528350000", - "frame.number": "5833", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001b83", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005c49", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54695", - "tcp.dstport": "80", - "tcp.port": "54695", - "tcp.port": "80", - "tcp.stream": "212", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000ee63", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.079771000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:30.988925000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495210.988925000", - "frame.time_delta": "-0.000111000", - "frame.time_delta_displayed": "-0.000111000", - "frame.time_relative": "1619.528239000", - "frame.number": "5834", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000202c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009716", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "314", - "udp.checksum": "0x00000771", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "80", - "http.prev_response_in": "5829" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:30.989555000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495210.989555000", - "frame.time_delta": "0.000630000", - "frame.time_delta_displayed": "0.000630000", - "frame.time_relative": "1619.528869000", - "frame.number": "5835", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000004a7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b3cc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54695", - "tcp.port": "80", - "tcp.port": "54695", - "tcp.stream": "212", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000ca7b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5833", - "tcp.analysis.ack_rtt": "0.000519000", - "tcp.analysis.initial_rtt": "0.079771000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:30.990308000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495210.990308000", - "frame.time_delta": "0.000753000", - "frame.time_delta_displayed": "0.000753000", - "frame.time_relative": "1619.529622000", - "frame.number": "5836", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x000004a8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b3ba", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54695", - "tcp.port": "80", - "tcp.port": "54695", - "tcp.stream": "212", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00000a9d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.079771000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:30.990666000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495210.990666000", - "frame.time_delta": "0.000358000", - "frame.time_delta_displayed": "0.000358000", - "frame.time_relative": "1619.529980000", - "frame.number": "5837", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x000004a9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000afe7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54695", - "tcp.port": "80", - "tcp.port": "54695", - "tcp.stream": "212", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00005d06", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.079771000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "5836", - "tcp.segment": "5837", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001630000", - "http.request_in": "5833", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:30.993119000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495210.993119000", - "frame.time_delta": "0.002453000", - "frame.time_delta_displayed": "0.002453000", - "frame.time_relative": "1619.532433000", - "frame.number": "5838", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001b84", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005ce3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54696", - "tcp.dstport": "80", - "tcp.port": "54696", - "tcp.port": "80", - "tcp.stream": "213", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x000080df", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:30.993619000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495210.993619000", - "frame.time_delta": "0.000500000", - "frame.time_delta_displayed": "0.000500000", - "frame.time_relative": "1619.532933000", - "frame.number": "5839", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54696", - "tcp.port": "80", - "tcp.port": "54696", - "tcp.stream": "213", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00001f1c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5838", - "tcp.analysis.ack_rtt": "0.000500000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:30.993781000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495210.993781000", - "frame.time_delta": "0.000162000", - "frame.time_delta_displayed": "0.000162000", - "frame.time_relative": "1619.533095000", - "frame.number": "5840", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001b85", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005cee", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54695", - "tcp.dstport": "80", - "tcp.port": "54695", - "tcp.port": "80", - "tcp.stream": "212", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000d452", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5837", - "tcp.analysis.ack_rtt": "0.003115000", - "tcp.analysis.initial_rtt": "0.079771000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:30.995545000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495210.995545000", - "frame.time_delta": "0.001764000", - "frame.time_delta_displayed": "0.001764000", - "frame.time_relative": "1619.534859000", - "frame.number": "5841", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001b86", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005ced", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54695", - "tcp.dstport": "80", - "tcp.port": "54695", - "tcp.port": "80", - "tcp.stream": "212", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000d451", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:30.995959000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495210.995959000", - "frame.time_delta": "0.000414000", - "frame.time_delta_displayed": "0.000414000", - "frame.time_relative": "1619.535273000", - "frame.number": "5842", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000587", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b2ec", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54695", - "tcp.port": "80", - "tcp.port": "54695", - "tcp.stream": "212", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000c685", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5841", - "tcp.analysis.ack_rtt": "0.000414000", - "tcp.analysis.initial_rtt": "0.079771000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:30.996103000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495210.996103000", - "frame.time_delta": "0.000144000", - "frame.time_delta_displayed": "0.000144000", - "frame.time_relative": "1619.535417000", - "frame.number": "5843", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001b87", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005cec", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54696", - "tcp.dstport": "80", - "tcp.port": "54696", - "tcp.port": "80", - "tcp.stream": "213", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000d0fa", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5839", - "tcp.analysis.ack_rtt": "0.002484000", - "tcp.analysis.initial_rtt": "0.002984000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:30.996723000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495210.996723000", - "frame.time_delta": "0.000620000", - "frame.time_delta_displayed": "0.000620000", - "frame.time_relative": "1619.536037000", - "frame.number": "5844", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001b88", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005c44", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54696", - "tcp.dstport": "80", - "tcp.port": "54696", - "tcp.port": "80", - "tcp.stream": "213", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000e673", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002984000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:30.997122000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495210.997122000", - "frame.time_delta": "0.000399000", - "frame.time_delta_displayed": "0.000399000", - "frame.time_relative": "1619.536436000", - "frame.number": "5845", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00007de8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003a8b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54696", - "tcp.port": "80", - "tcp.port": "54696", - "tcp.stream": "213", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000c28b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5844", - "tcp.analysis.ack_rtt": "0.000399000", - "tcp.analysis.initial_rtt": "0.002984000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:31.012199000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495211.012199000", - "frame.time_delta": "0.015077000", - "frame.time_delta_displayed": "0.015077000", - "frame.time_relative": "1619.551513000", - "frame.number": "5846", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000202d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000971b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "308", - "udp.checksum": "0x00002afb", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "81", - "http.prev_response_in": "5834" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:31.013148000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495211.013148000", - "frame.time_delta": "0.000949000", - "frame.time_delta_displayed": "0.000949000", - "frame.time_relative": "1619.552462000", - "frame.number": "5847", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00007de9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003a79", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54696", - "tcp.port": "80", - "tcp.port": "54696", - "tcp.stream": "213", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000002ad", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002984000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:31.013510000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495211.013510000", - "frame.time_delta": "0.000362000", - "frame.time_delta_displayed": "0.000362000", - "frame.time_relative": "1619.552824000", - "frame.number": "5848", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00007dea", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000036a6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54696", - "tcp.port": "80", - "tcp.port": "54696", - "tcp.stream": "213", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00005516", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002984000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "5847", - "tcp.segment": "5848", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.016787000", - "http.request_in": "5844", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:31.015485000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495211.015485000", - "frame.time_delta": "0.001975000", - "frame.time_delta_displayed": "0.001975000", - "frame.time_relative": "1619.554799000", - "frame.number": "5849", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001b89", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005cde", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54697", - "tcp.dstport": "80", - "tcp.port": "54697", - "tcp.port": "80", - "tcp.stream": "214", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x0000be80", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:31.016021000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495211.016021000", - "frame.time_delta": "0.000536000", - "frame.time_delta_displayed": "0.000536000", - "frame.time_relative": "1619.555335000", - "frame.number": "5850", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54697", - "tcp.port": "80", - "tcp.port": "54697", - "tcp.stream": "214", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00006580", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5849", - "tcp.analysis.ack_rtt": "0.000536000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:31.018088000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495211.018088000", - "frame.time_delta": "0.002067000", - "frame.time_delta_displayed": "0.002067000", - "frame.time_relative": "1619.557402000", - "frame.number": "5851", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001b8a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005ce9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54696", - "tcp.dstport": "80", - "tcp.port": "54696", - "tcp.port": "80", - "tcp.stream": "213", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000cc62", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5848", - "tcp.analysis.ack_rtt": "0.004578000", - "tcp.analysis.initial_rtt": "0.002984000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:31.018726000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495211.018726000", - "frame.time_delta": "0.000638000", - "frame.time_delta_displayed": "0.000638000", - "frame.time_relative": "1619.558040000", - "frame.number": "5852", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001b8b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005ce8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54696", - "tcp.dstport": "80", - "tcp.port": "54696", - "tcp.port": "80", - "tcp.stream": "213", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000cc61", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:31.019137000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495211.019137000", - "frame.time_delta": "0.000411000", - "frame.time_delta_displayed": "0.000411000", - "frame.time_relative": "1619.558451000", - "frame.number": "5853", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000589", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b2ea", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54696", - "tcp.port": "80", - "tcp.port": "54696", - "tcp.stream": "213", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000be95", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5852", - "tcp.analysis.ack_rtt": "0.000411000", - "tcp.analysis.initial_rtt": "0.002984000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:31.019358000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495211.019358000", - "frame.time_delta": "0.000221000", - "frame.time_delta_displayed": "0.000221000", - "frame.time_relative": "1619.558672000", - "frame.number": "5854", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001b8c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005ce7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54697", - "tcp.dstport": "80", - "tcp.port": "54697", - "tcp.port": "80", - "tcp.stream": "214", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000175f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5850", - "tcp.analysis.ack_rtt": "0.003337000", - "tcp.analysis.initial_rtt": "0.003873000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:31.019949000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495211.019949000", - "frame.time_delta": "0.000591000", - "frame.time_delta_displayed": "0.000591000", - "frame.time_relative": "1619.559263000", - "frame.number": "5855", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001b8d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005c3f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54697", - "tcp.dstport": "80", - "tcp.port": "54697", - "tcp.port": "80", - "tcp.stream": "214", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00002cd8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003873000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:31.020368000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495211.020368000", - "frame.time_delta": "0.000419000", - "frame.time_delta_displayed": "0.000419000", - "frame.time_relative": "1619.559682000", - "frame.number": "5856", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000f33f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000c533", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54697", - "tcp.port": "80", - "tcp.port": "54697", - "tcp.stream": "214", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000008f0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5855", - "tcp.analysis.ack_rtt": "0.000419000", - "tcp.analysis.initial_rtt": "0.003873000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:31.024286000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495211.024286000", - "frame.time_delta": "0.003918000", - "frame.time_delta_displayed": "0.003918000", - "frame.time_relative": "1619.563600000", - "frame.number": "5857", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000f340", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000c521", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54697", - "tcp.port": "80", - "tcp.port": "54697", - "tcp.stream": "214", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00004911", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003873000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:31.024647000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495211.024647000", - "frame.time_delta": "0.000361000", - "frame.time_delta_displayed": "0.000361000", - "frame.time_relative": "1619.563961000", - "frame.number": "5858", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000f341", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000c14e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54697", - "tcp.port": "80", - "tcp.port": "54697", - "tcp.stream": "214", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00009b7a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003873000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "5857", - "tcp.segment": "5858", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.004698000", - "http.request_in": "5855", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:31.027976000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495211.027976000", - "frame.time_delta": "0.003329000", - "frame.time_delta_displayed": "0.003329000", - "frame.time_relative": "1619.567290000", - "frame.number": "5859", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001b8e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005ce5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54697", - "tcp.dstport": "80", - "tcp.port": "54697", - "tcp.port": "80", - "tcp.stream": "214", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000012c7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5858", - "tcp.analysis.ack_rtt": "0.003329000", - "tcp.analysis.initial_rtt": "0.003873000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:31.028601000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495211.028601000", - "frame.time_delta": "0.000625000", - "frame.time_delta_displayed": "0.000625000", - "frame.time_relative": "1619.567915000", - "frame.number": "5860", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001b8f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005ce4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54697", - "tcp.dstport": "80", - "tcp.port": "54697", - "tcp.port": "80", - "tcp.stream": "214", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000012c6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:31.029049000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495211.029049000", - "frame.time_delta": "0.000448000", - "frame.time_delta_displayed": "0.000448000", - "frame.time_relative": "1619.568363000", - "frame.number": "5861", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000058a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b2e9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54697", - "tcp.port": "80", - "tcp.port": "54697", - "tcp.stream": "214", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000004fa", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5860", - "tcp.analysis.ack_rtt": "0.000448000", - "tcp.analysis.initial_rtt": "0.003873000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:31.955885000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495211.955885000", - "frame.time_delta": "0.926836000", - "frame.time_delta_displayed": "0.926836000", - "frame.time_relative": "1620.495199000", - "frame.number": "5862", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00002036", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009715", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "305", - "udp.checksum": "0x0000f985", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "82", - "http.prev_response_in": "5846" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:31.959438000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495211.959438000", - "frame.time_delta": "0.003553000", - "frame.time_delta_displayed": "0.003553000", - "frame.time_relative": "1620.498752000", - "frame.number": "5863", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001b90", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005cd7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54698", - "tcp.dstport": "80", - "tcp.port": "54698", - "tcp.port": "80", - "tcp.stream": "215", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x000074da", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:31.959990000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495211.959990000", - "frame.time_delta": "0.000552000", - "frame.time_delta_displayed": "0.000552000", - "frame.time_relative": "1620.499304000", - "frame.number": "5864", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54698", - "tcp.port": "80", - "tcp.port": "54698", - "tcp.stream": "215", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000d924", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5863", - "tcp.analysis.ack_rtt": "0.000552000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:31.962966000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495211.962966000", - "frame.time_delta": "0.002976000", - "frame.time_delta_displayed": "0.002976000", - "frame.time_relative": "1620.502280000", - "frame.number": "5865", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001b91", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005ce2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54698", - "tcp.dstport": "80", - "tcp.port": "54698", - "tcp.port": "80", - "tcp.stream": "215", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00008b03", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5864", - "tcp.analysis.ack_rtt": "0.002976000", - "tcp.analysis.initial_rtt": "0.003528000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:31.963613000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495211.963613000", - "frame.time_delta": "0.000647000", - "frame.time_delta_displayed": "0.000647000", - "frame.time_relative": "1620.502927000", - "frame.number": "5866", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001b92", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005c3a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54698", - "tcp.dstport": "80", - "tcp.port": "54698", - "tcp.port": "80", - "tcp.stream": "215", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000a07c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003528000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:31.964100000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495211.964100000", - "frame.time_delta": "0.000487000", - "frame.time_delta_displayed": "0.000487000", - "frame.time_relative": "1620.503414000", - "frame.number": "5867", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00007660", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004213", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54698", - "tcp.port": "80", - "tcp.port": "54698", - "tcp.stream": "215", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00007c94", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5866", - "tcp.analysis.ack_rtt": "0.000487000", - "tcp.analysis.initial_rtt": "0.003528000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:31.964665000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495211.964665000", - "frame.time_delta": "0.000565000", - "frame.time_delta_displayed": "0.000565000", - "frame.time_relative": "1620.503979000", - "frame.number": "5868", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00007661", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004201", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54698", - "tcp.port": "80", - "tcp.port": "54698", - "tcp.stream": "215", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000bcb5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003528000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:31.965015000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495211.965015000", - "frame.time_delta": "0.000350000", - "frame.time_delta_displayed": "0.000350000", - "frame.time_relative": "1620.504329000", - "frame.number": "5869", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00007662", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003e2e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54698", - "tcp.port": "80", - "tcp.port": "54698", - "tcp.stream": "215", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00000f1f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003528000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "5868", - "tcp.segment": "5869", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001402000", - "http.request_in": "5866", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:31.967727000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495211.967727000", - "frame.time_delta": "0.002712000", - "frame.time_delta_displayed": "0.002712000", - "frame.time_relative": "1620.507041000", - "frame.number": "5870", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001b93", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005ce0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54698", - "tcp.dstport": "80", - "tcp.port": "54698", - "tcp.port": "80", - "tcp.stream": "215", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000866b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5869", - "tcp.analysis.ack_rtt": "0.002712000", - "tcp.analysis.initial_rtt": "0.003528000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:31.968313000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495211.968313000", - "frame.time_delta": "0.000586000", - "frame.time_delta_displayed": "0.000586000", - "frame.time_relative": "1620.507627000", - "frame.number": "5871", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001b94", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005cdf", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54698", - "tcp.dstport": "80", - "tcp.port": "54698", - "tcp.port": "80", - "tcp.stream": "215", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000866a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:31.968757000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495211.968757000", - "frame.time_delta": "0.000444000", - "frame.time_delta_displayed": "0.000444000", - "frame.time_relative": "1620.508071000", - "frame.number": "5872", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000005c0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b2b3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54698", - "tcp.port": "80", - "tcp.port": "54698", - "tcp.stream": "215", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000789e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5871", - "tcp.analysis.ack_rtt": "0.000444000", - "tcp.analysis.initial_rtt": "0.003528000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:32.008619000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495212.008619000", - "frame.time_delta": "0.039862000", - "frame.time_delta_displayed": "0.039862000", - "frame.time_relative": "1620.547933000", - "frame.number": "5873", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00002037", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000970b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "314", - "udp.checksum": "0x00000771", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "83", - "http.prev_response_in": "5862" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:32.015938000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495212.015938000", - "frame.time_delta": "0.007319000", - "frame.time_delta_displayed": "0.007319000", - "frame.time_relative": "1620.555252000", - "frame.number": "5874", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001b95", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005cd2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54699", - "tcp.dstport": "80", - "tcp.port": "54699", - "tcp.port": "80", - "tcp.stream": "216", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x0000e141", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:32.016505000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495212.016505000", - "frame.time_delta": "0.000567000", - "frame.time_delta_displayed": "0.000567000", - "frame.time_relative": "1620.555819000", - "frame.number": "5875", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54699", - "tcp.port": "80", - "tcp.port": "54699", - "tcp.stream": "216", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x000011e4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5874", - "tcp.analysis.ack_rtt": "0.000567000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:32.018840000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495212.018840000", - "frame.time_delta": "0.002335000", - "frame.time_delta_displayed": "0.002335000", - "frame.time_relative": "1620.558154000", - "frame.number": "5876", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001b96", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005cdd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54699", - "tcp.dstport": "80", - "tcp.port": "54699", - "tcp.port": "80", - "tcp.stream": "216", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000c3c2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5875", - "tcp.analysis.ack_rtt": "0.002335000", - "tcp.analysis.initial_rtt": "0.002902000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:32.019415000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495212.019415000", - "frame.time_delta": "0.000575000", - "frame.time_delta_displayed": "0.000575000", - "frame.time_relative": "1620.558729000", - "frame.number": "5877", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001b97", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005c35", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54699", - "tcp.dstport": "80", - "tcp.port": "54699", - "tcp.port": "80", - "tcp.stream": "216", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000d93b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002902000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:32.019911000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495212.019911000", - "frame.time_delta": "0.000496000", - "frame.time_delta_displayed": "0.000496000", - "frame.time_relative": "1620.559225000", - "frame.number": "5878", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005033", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006840", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54699", - "tcp.port": "80", - "tcp.port": "54699", - "tcp.stream": "216", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000b553", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5877", - "tcp.analysis.ack_rtt": "0.000496000", - "tcp.analysis.initial_rtt": "0.002902000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:32.020476000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495212.020476000", - "frame.time_delta": "0.000565000", - "frame.time_delta_displayed": "0.000565000", - "frame.time_relative": "1620.559790000", - "frame.number": "5879", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00005034", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000682e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54699", - "tcp.port": "80", - "tcp.port": "54699", - "tcp.stream": "216", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000f574", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002902000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:32.020913000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495212.020913000", - "frame.time_delta": "0.000437000", - "frame.time_delta_displayed": "0.000437000", - "frame.time_relative": "1620.560227000", - "frame.number": "5880", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00005035", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000645b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54699", - "tcp.port": "80", - "tcp.port": "54699", - "tcp.stream": "216", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000047de", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002902000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "5879", - "tcp.segment": "5880", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001498000", - "http.request_in": "5877", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:32.023877000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495212.023877000", - "frame.time_delta": "0.002964000", - "frame.time_delta_displayed": "0.002964000", - "frame.time_relative": "1620.563191000", - "frame.number": "5881", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001b98", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005cdb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54699", - "tcp.dstport": "80", - "tcp.port": "54699", - "tcp.port": "80", - "tcp.stream": "216", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000bf2a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5880", - "tcp.analysis.ack_rtt": "0.002964000", - "tcp.analysis.initial_rtt": "0.002902000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:32.024512000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495212.024512000", - "frame.time_delta": "0.000635000", - "frame.time_delta_displayed": "0.000635000", - "frame.time_relative": "1620.563826000", - "frame.number": "5882", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001b99", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005cda", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54699", - "tcp.dstport": "80", - "tcp.port": "54699", - "tcp.port": "80", - "tcp.stream": "216", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000bf29", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:32.024963000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495212.024963000", - "frame.time_delta": "0.000451000", - "frame.time_delta_displayed": "0.000451000", - "frame.time_relative": "1620.564277000", - "frame.number": "5883", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000005c6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b2ad", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54699", - "tcp.port": "80", - "tcp.port": "54699", - "tcp.stream": "216", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000b15d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5882", - "tcp.analysis.ack_rtt": "0.000451000", - "tcp.analysis.initial_rtt": "0.002902000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:32.061708000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495212.061708000", - "frame.time_delta": "0.036745000", - "frame.time_delta_displayed": "0.036745000", - "frame.time_relative": "1620.601022000", - "frame.number": "5884", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000203c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000970c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "308", - "udp.checksum": "0x00002afb", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "84", - "http.prev_response_in": "5873" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:32.076071000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495212.076071000", - "frame.time_delta": "0.014363000", - "frame.time_delta_displayed": "0.014363000", - "frame.time_relative": "1620.615385000", - "frame.number": "5885", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001b9a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005ccd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54700", - "tcp.dstport": "80", - "tcp.port": "54700", - "tcp.port": "80", - "tcp.stream": "217", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x000017ea", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:32.076619000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495212.076619000", - "frame.time_delta": "0.000548000", - "frame.time_delta_displayed": "0.000548000", - "frame.time_relative": "1620.615933000", - "frame.number": "5886", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54700", - "tcp.port": "80", - "tcp.port": "54700", - "tcp.stream": "217", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000fa9d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5885", - "tcp.analysis.ack_rtt": "0.000548000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:32.079187000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495212.079187000", - "frame.time_delta": "0.002568000", - "frame.time_delta_displayed": "0.002568000", - "frame.time_relative": "1620.618501000", - "frame.number": "5887", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001b9b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005cd8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54700", - "tcp.dstport": "80", - "tcp.port": "54700", - "tcp.port": "80", - "tcp.stream": "217", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000ac7c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5886", - "tcp.analysis.ack_rtt": "0.002568000", - "tcp.analysis.initial_rtt": "0.003116000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:32.079874000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495212.079874000", - "frame.time_delta": "0.000687000", - "frame.time_delta_displayed": "0.000687000", - "frame.time_relative": "1620.619188000", - "frame.number": "5888", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001b9c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005c30", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54700", - "tcp.dstport": "80", - "tcp.port": "54700", - "tcp.port": "80", - "tcp.stream": "217", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000c1f5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003116000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:32.080389000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495212.080389000", - "frame.time_delta": "0.000515000", - "frame.time_delta_displayed": "0.000515000", - "frame.time_relative": "1620.619703000", - "frame.number": "5889", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000eed9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000c999", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54700", - "tcp.port": "80", - "tcp.port": "54700", - "tcp.stream": "217", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00009e0d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5888", - "tcp.analysis.ack_rtt": "0.000515000", - "tcp.analysis.initial_rtt": "0.003116000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:32.080954000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495212.080954000", - "frame.time_delta": "0.000565000", - "frame.time_delta_displayed": "0.000565000", - "frame.time_relative": "1620.620268000", - "frame.number": "5890", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000eeda", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000c987", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54700", - "tcp.port": "80", - "tcp.port": "54700", - "tcp.stream": "217", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000de2e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003116000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:32.081353000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495212.081353000", - "frame.time_delta": "0.000399000", - "frame.time_delta_displayed": "0.000399000", - "frame.time_relative": "1620.620667000", - "frame.number": "5891", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000eedb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000c5b4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54700", - "tcp.port": "80", - "tcp.port": "54700", - "tcp.stream": "217", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00003098", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003116000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "5890", - "tcp.segment": "5891", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001479000", - "http.request_in": "5888", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:32.084316000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495212.084316000", - "frame.time_delta": "0.002963000", - "frame.time_delta_displayed": "0.002963000", - "frame.time_relative": "1620.623630000", - "frame.number": "5892", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001b9d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005cd6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54700", - "tcp.dstport": "80", - "tcp.port": "54700", - "tcp.port": "80", - "tcp.stream": "217", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000a7e4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5891", - "tcp.analysis.ack_rtt": "0.002963000", - "tcp.analysis.initial_rtt": "0.003116000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:32.084999000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495212.084999000", - "frame.time_delta": "0.000683000", - "frame.time_delta_displayed": "0.000683000", - "frame.time_relative": "1620.624313000", - "frame.number": "5893", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001b9e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005cd5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54700", - "tcp.dstport": "80", - "tcp.port": "54700", - "tcp.port": "80", - "tcp.stream": "217", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000a7e3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:32.085467000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495212.085467000", - "frame.time_delta": "0.000468000", - "frame.time_delta_displayed": "0.000468000", - "frame.time_relative": "1620.624781000", - "frame.number": "5894", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000005c8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b2ab", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54700", - "tcp.port": "80", - "tcp.port": "54700", - "tcp.stream": "217", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00009a17", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5893", - "tcp.analysis.ack_rtt": "0.000468000", - "tcp.analysis.initial_rtt": "0.003116000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:34.929010000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495214.929010000", - "frame.time_delta": "2.843543000", - "frame.time_delta_displayed": "2.843543000", - "frame.time_relative": "1623.468324000", - "frame.number": "5895", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005819", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a678", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "5037", - "tcp.ack": "577", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f0d2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive": "", - "_ws.expert.message": "TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:35.147451000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495215.147451000", - "frame.time_delta": "0.218441000", - "frame.time_delta_displayed": "0.218441000", - "frame.time_relative": "1623.686765000", - "frame.number": "5896", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fd91", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "577", - "tcp.ack": "5038", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000fb47", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive_ack": "", - "_ws.expert.message": "ACK to a TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:35.705366000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495215.705366000", - "frame.time_delta": "0.557915000", - "frame.time_delta_displayed": "0.557915000", - "frame.time_relative": "1624.244680000", - "frame.number": "5897", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "60:f1:89:96:45:f6", - "arp.src.proto_ipv4": "192.168.0.86", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:36.644556000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495216.644556000", - "frame.time_delta": "0.939190000", - "frame.time_delta_displayed": "0.939190000", - "frame.time_relative": "1625.183870000", - "frame.number": "5898", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005e0f", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x000059da", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:36.678136000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495216.678136000", - "frame.time_delta": "0.033580000", - "frame.time_delta_displayed": "0.033580000", - "frame.time_relative": "1625.217450000", - "frame.number": "5899", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x00002110", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e704", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "61381", - "udp.dstport": "1900", - "udp.port": "61381", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x00005a98", - "udp.checksum.status": "2", - "udp.stream": "133" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:37.335080000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495217.335080000", - "frame.time_delta": "0.656944000", - "frame.time_delta_displayed": "0.656944000", - "frame.time_relative": "1625.874394000", - "frame.number": "5900", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x000020b2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009699", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "61381", - "udp.port": "1900", - "udp.port": "61381", - "udp.length": "305", - "udp.checksum": "0x0000d555", - "udp.checksum.status": "2", - "udp.stream": "134" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:37.387888000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495217.387888000", - "frame.time_delta": "0.052808000", - "frame.time_delta_displayed": "0.052808000", - "frame.time_relative": "1625.927202000", - "frame.number": "5901", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x000020b3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000968f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "61381", - "udp.port": "1900", - "udp.port": "61381", - "udp.length": "314", - "udp.checksum": "0x0000e340", - "udp.checksum.status": "2", - "udp.stream": "134" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "2", - "http.prev_response_in": "5900" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:37.440726000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495217.440726000", - "frame.time_delta": "0.052838000", - "frame.time_delta_displayed": "0.052838000", - "frame.time_relative": "1625.980040000", - "frame.number": "5902", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x000020b9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000968f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "61381", - "udp.port": "1900", - "udp.port": "61381", - "udp.length": "308", - "udp.checksum": "0x000006cb", - "udp.checksum.status": "2", - "udp.stream": "134" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "3", - "http.prev_response_in": "5901" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:37.678733000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495217.678733000", - "frame.time_delta": "0.238007000", - "frame.time_delta_displayed": "0.238007000", - "frame.time_relative": "1626.218047000", - "frame.number": "5903", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x00002111", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e703", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "61381", - "udp.dstport": "1900", - "udp.port": "61381", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x00005a98", - "udp.checksum.status": "2", - "udp.stream": "133" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "2", - "http.prev_request_in": "5899" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:38.387782000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495218.387782000", - "frame.time_delta": "0.709049000", - "frame.time_delta_displayed": "0.709049000", - "frame.time_relative": "1626.927096000", - "frame.number": "5904", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000210e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000963d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "61381", - "udp.port": "1900", - "udp.port": "61381", - "udp.length": "305", - "udp.checksum": "0x0000d555", - "udp.checksum.status": "2", - "udp.stream": "134" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "4", - "http.prev_response_in": "5902" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:38.440640000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495218.440640000", - "frame.time_delta": "0.052858000", - "frame.time_delta_displayed": "0.052858000", - "frame.time_relative": "1626.979954000", - "frame.number": "5905", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00002113", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000962f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "61381", - "udp.port": "1900", - "udp.port": "61381", - "udp.length": "314", - "udp.checksum": "0x0000e340", - "udp.checksum.status": "2", - "udp.stream": "134" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "5", - "http.prev_response_in": "5904" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:38.493498000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495218.493498000", - "frame.time_delta": "0.052858000", - "frame.time_delta_displayed": "0.052858000", - "frame.time_relative": "1627.032812000", - "frame.number": "5906", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00002114", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009634", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "61381", - "udp.port": "1900", - "udp.port": "61381", - "udp.length": "308", - "udp.checksum": "0x000006cb", - "udp.checksum.status": "2", - "udp.stream": "134" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "6", - "http.prev_response_in": "5905" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:38.680036000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495218.680036000", - "frame.time_delta": "0.186538000", - "frame.time_delta_displayed": "0.186538000", - "frame.time_relative": "1627.219350000", - "frame.number": "5907", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x00002112", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e702", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "61381", - "udp.dstport": "1900", - "udp.port": "61381", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x00005a98", - "udp.checksum.status": "2", - "udp.stream": "133" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "3", - "http.prev_request_in": "5903" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:39.019584000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495219.019584000", - "frame.time_delta": "0.339548000", - "frame.time_delta_displayed": "0.339548000", - "frame.time_relative": "1627.558898000", - "frame.number": "5908", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000213f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000960c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "61381", - "udp.port": "1900", - "udp.port": "61381", - "udp.length": "305", - "udp.checksum": "0x0000d555", - "udp.checksum.status": "2", - "udp.stream": "134" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "7", - "http.prev_response_in": "5906" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:39.072440000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495219.072440000", - "frame.time_delta": "0.052856000", - "frame.time_delta_displayed": "0.052856000", - "frame.time_relative": "1627.611754000", - "frame.number": "5909", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00002143", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000095ff", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "61381", - "udp.port": "1900", - "udp.port": "61381", - "udp.length": "314", - "udp.checksum": "0x0000e340", - "udp.checksum.status": "2", - "udp.stream": "134" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "8", - "http.prev_response_in": "5908" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:39.125228000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495219.125228000", - "frame.time_delta": "0.052788000", - "frame.time_delta_displayed": "0.052788000", - "frame.time_relative": "1627.664542000", - "frame.number": "5910", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00002147", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009601", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "61381", - "udp.port": "1900", - "udp.port": "61381", - "udp.length": "308", - "udp.checksum": "0x000006cb", - "udp.checksum.status": "2", - "udp.stream": "134" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "9", - "http.prev_response_in": "5909" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:39.680958000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495219.680958000", - "frame.time_delta": "0.555730000", - "frame.time_delta_displayed": "0.555730000", - "frame.time_relative": "1628.220272000", - "frame.number": "5911", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x00002113", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e701", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "61381", - "udp.dstport": "1900", - "udp.port": "61381", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x00005a98", - "udp.checksum.status": "2", - "udp.stream": "133" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "4", - "http.prev_request_in": "5907" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:40.072170000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495220.072170000", - "frame.time_delta": "0.391212000", - "frame.time_delta_displayed": "0.391212000", - "frame.time_relative": "1628.611484000", - "frame.number": "5912", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000217e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000095cd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "61381", - "udp.port": "1900", - "udp.port": "61381", - "udp.length": "305", - "udp.checksum": "0x0000d555", - "udp.checksum.status": "2", - "udp.stream": "134" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "10", - "http.prev_response_in": "5910" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:40.124985000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495220.124985000", - "frame.time_delta": "0.052815000", - "frame.time_delta_displayed": "0.052815000", - "frame.time_relative": "1628.664299000", - "frame.number": "5913", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00002180", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000095c2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "61381", - "udp.port": "1900", - "udp.port": "61381", - "udp.length": "314", - "udp.checksum": "0x0000e340", - "udp.checksum.status": "2", - "udp.stream": "134" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "11", - "http.prev_response_in": "5912" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:40.177747000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495220.177747000", - "frame.time_delta": "0.052762000", - "frame.time_delta_displayed": "0.052762000", - "frame.time_relative": "1628.717061000", - "frame.number": "5914", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00002185", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000095c3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "61381", - "udp.port": "1900", - "udp.port": "61381", - "udp.length": "308", - "udp.checksum": "0x000006cb", - "udp.checksum.status": "2", - "udp.stream": "134" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "12", - "http.prev_response_in": "5913" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:40.203081000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495220.203081000", - "frame.time_delta": "0.025334000", - "frame.time_delta_displayed": "0.025334000", - "frame.time_relative": "1628.742395000", - "frame.number": "5915", - "frame.len": "98", - "frame.cap_len": "98", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "84", - "ip.id": "0x00000b92", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ed1e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "64", - "udp.checksum": "0x000036db", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "38:00:00:54:42:52:4b:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:00:c4:eb:49:89:e7:cd:f2:14:13:00:00:00:00:70:a6:c7:74:f0:da:13:00:00:00:00:00:00:00:00:01:00:02:00", - "data.len": "56" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:40.388208000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495220.388208000", - "frame.time_delta": "0.185127000", - "frame.time_delta_displayed": "0.185127000", - "frame.time_relative": "1628.927522000", - "frame.number": "5916", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00002193", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000095b8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "61381", - "udp.port": "1900", - "udp.port": "61381", - "udp.length": "305", - "udp.checksum": "0x0000d555", - "udp.checksum.status": "2", - "udp.stream": "134" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "13", - "http.prev_response_in": "5914" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:40.440969000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495220.440969000", - "frame.time_delta": "0.052761000", - "frame.time_delta_displayed": "0.052761000", - "frame.time_relative": "1628.980283000", - "frame.number": "5917", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00002199", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000095a9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "61381", - "udp.port": "1900", - "udp.port": "61381", - "udp.length": "314", - "udp.checksum": "0x0000e340", - "udp.checksum.status": "2", - "udp.stream": "134" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "14", - "http.prev_response_in": "5916" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:40.493787000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495220.493787000", - "frame.time_delta": "0.052818000", - "frame.time_delta_displayed": "0.052818000", - "frame.time_relative": "1629.033101000", - "frame.number": "5918", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000219a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000095ae", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "61381", - "udp.port": "1900", - "udp.port": "61381", - "udp.length": "308", - "udp.checksum": "0x000006cb", - "udp.checksum.status": "2", - "udp.stream": "134" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "15", - "http.prev_response_in": "5917" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:40.591046000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495220.591046000", - "frame.time_delta": "0.097259000", - "frame.time_delta_displayed": "0.097259000", - "frame.time_relative": "1629.130360000", - "frame.number": "5919", - "frame.len": "728", - "frame.cap_len": "728", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "714", - "ip.id": "0x00009684", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007465", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "662", - "tcp.seq": "76097", - "tcp.nxtseq": "76759", - "tcp.ack": "17124", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00005cb8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:2d:53:a7:a1:26:bc", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2567507, TSecr 2812356284": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2567507", - "tcp.options.timestamp.tsecr": "2812356284" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "662", - "tcp.analysis.push_bytes_sent": "662" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "657", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:23:15:d8:3f:fd:98:57:3f:52:2e:5c:30:2b:55:92:51:5f:ad:53:10:3b:ac:96:34:c3:a2:b1:b9:41:27:07:fc:c0:60:ce:ad:a8:bc:1b:8e:ae:a5:a2:55:56:73:d0:14:36:eb:3a:27:6f:9c:08:41:0a:20:cc:0f:dd:9b:d3:33:d2:62:3c:70:d4:a7:ff:82:78:5f:7c:61:f3:d9:6d:55:79:0b:69:3d:b0:56:fe:33:56:11:7b:1c:36:20:57:b3:1e:94:ce:6a:8f:fd:28:fd:f9:90:cd:31:76:93:6f:a4:f2:0b:95:07:7c:cc:f1:95:8c:7f:4e:5d:75:5d:d2:4f:2d:9a:6e:76:7c:e5:12:1d:13:35:47:30:0e:88:54:b7:74:33:3d:ad:29:35:3e:56:04:ea:8d:40:ca:92:74:28:c6:0d:d7:43:8e:5f:95:74:fd:11:ad:1c:43:82:0b:b9:d8:99:7e:6f:c8:ff:29:1b:6c:83:22:c6:9d:d9:3d:93:d2:b2:87:f9:06:e6:df:96:bb:58:1e:96:38:59:00:22:55:3f:2a:52:74:1c:70:08:f8:52:90:65:de:bf:b6:7d:cb:bf:00:9e:33:3e:2e:98:74:a4:ae:2a:4e:6a:ec:09:19:66:f0:e2:f3:2a:67:c8:09:14:ac:5f:fe:9e:f0:d6:fe:d0:62:c2:90:34:fe:e0:34:d7:c0:d9:36:13:f0:65:3e:94:b4:85:ab:e1:08:ae:fe:30:d2:b8:cf:d2:63:96:ea:d3:2a:59:8b:4a:8b:f2:72:4d:e6:76:82:45:d5:d3:96:f3:53:b3:68:32:9c:eb:a0:ba:3b:51:f5:29:5f:f7:b4:d8:9a:b8:65:47:d4:24:5c:d1:f4:26:94:8e:53:3a:02:15:6e:fd:30:e1:64:fb:e2:bd:f5:ab:be:68:d6:15:c1:89:4c:af:5d:ef:bf:fa:ab:bd:ce:65:79:94:73:49:00:9f:30:47:e8:97:6c:83:70:9a:2d:98:14:f5:95:fc:c7:9b:1a:93:b6:85:1b:d0:1f:96:26:82:85:b1:56:fe:85:e2:f8:e6:62:d7:0b:62:3c:2d:f6:20:ed:3d:01:7d:6a:34:f0:77:a5:d9:db:21:c9:38:0a:af:26:ae:14:f5:2d:cd:26:b8:b3:a3:e6:bd:b0:3c:96:ee:9e:70:3d:a3:6f:7b:d6:71:cb:0e:1c:6d:3f:23:65:4f:e8:ea:e1:d0:28:85:58:d8:ce:ab:eb:2e:33:23:67:38:7e:4d:57:9a:97:37:7e:35:50:f8:4c:7d:2b:4e:d9:1b:af:25:15:c3:84:65:76:3d:06:f2:a3:ba:17:f9:51:6b:9b:f0:3c:63:2d:e5:f2:00:6d:d6:74:64:aa:fd:72:bb:6d:af:ae:b5:47:8d:5f:21:84:fa:3f:e8:71:be:f7:91:c6:74:56:e3:ed:ee:24:0f:bb:5f:2f:9e:1f:78:62:ec:85:ac:92:f0:cd:97:8d:78:05:86:7e:c0:cc:95:e5:92:f6:28:a6:8a:01:2c:f1:b9:de:f7:16:2c:71:48:3e:9a:71:19:1a:98:cc:77:2c:e8:ec:ff:c0:14:89:de:95:87:66:39:94:b6:70:b7:5e:d7:39:2a:bf:59:7e:de:61:27:ce:3e:91:94:7c:10:6b:57:ef:b4:d4:38:86:2f:47:31:74:f1:86:36:19:c0:49:ac:c4:76:29:63:23:b4" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:40.652084000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495220.652084000", - "frame.time_delta": "0.061038000", - "frame.time_delta_displayed": "0.061038000", - "frame.time_relative": "1629.191398000", - "frame.number": "5920", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002d7d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037d3", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "17124", - "tcp.nxtseq": "17171", - "tcp.ack": "76759", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00004348", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:32:57:00:27:2d:53", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812359255, TSecr 2567507": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812359255", - "tcp.options.timestamp.tsecr": "2567507" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5919", - "tcp.analysis.ack_rtt": "0.061038000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:ba:af:2b:33:e7:e7:24:2f:00:38:83:b7:be:5a:0f:2a:2e:50:c2:2d:42:80:7d:36:05:02:08:47:e5:b8:79:a0:e8:9b:dd" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:40.652452000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495220.652452000", - "frame.time_delta": "0.000368000", - "frame.time_delta_displayed": "0.000368000", - "frame.time_relative": "1629.191766000", - "frame.number": "5921", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002d7e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037d2", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "17171", - "tcp.nxtseq": "17218", - "tcp.ack": "76759", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000ef1b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:32:57:00:27:2d:53", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812359255, TSecr 2567507": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812359255", - "tcp.options.timestamp.tsecr": "2567507" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "94", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:bb:de:6c:6f:3a:55:72:9a:d3:8f:fd:6f:3f:73:4d:d2:e4:54:b9:8b:52:7a:c7:77:ea:31:ed:98:25:b8:5b:15:52:f0:e3" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:40.652534000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495220.652534000", - "frame.time_delta": "0.000082000", - "frame.time_delta_displayed": "0.000082000", - "frame.time_relative": "1629.191848000", - "frame.number": "5922", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00009685", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000076fa", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "76759", - "tcp.ack": "17171", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000d8fe", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:2d:59:a7:a1:32:57", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2567513, TSecr 2812359255": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2567513", - "tcp.options.timestamp.tsecr": "2812359255" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5920", - "tcp.analysis.ack_rtt": "0.000450000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:40.652827000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495220.652827000", - "frame.time_delta": "0.000293000", - "frame.time_delta_displayed": "0.000293000", - "frame.time_relative": "1629.192141000", - "frame.number": "5923", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00009686", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000076f9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "76759", - "tcp.ack": "17218", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000d8cf", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:2d:59:a7:a1:32:57", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2567513, TSecr 2812359255": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2567513", - "tcp.options.timestamp.tsecr": "2812359255" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5921", - "tcp.analysis.ack_rtt": "0.000375000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:41.440426000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495221.440426000", - "frame.time_delta": "0.787599000", - "frame.time_delta_displayed": "0.787599000", - "frame.time_relative": "1629.979740000", - "frame.number": "5924", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x000021ea", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009561", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "61381", - "udp.port": "1900", - "udp.port": "61381", - "udp.length": "305", - "udp.checksum": "0x0000d555", - "udp.checksum.status": "2", - "udp.stream": "134" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "16", - "http.prev_response_in": "5918" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:41.493162000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495221.493162000", - "frame.time_delta": "0.052736000", - "frame.time_delta_displayed": "0.052736000", - "frame.time_relative": "1630.032476000", - "frame.number": "5925", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x000021ec", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009556", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "61381", - "udp.port": "1900", - "udp.port": "61381", - "udp.length": "314", - "udp.checksum": "0x0000e340", - "udp.checksum.status": "2", - "udp.stream": "134" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "17", - "http.prev_response_in": "5924" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:41.545977000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495221.545977000", - "frame.time_delta": "0.052815000", - "frame.time_delta_displayed": "0.052815000", - "frame.time_relative": "1630.085291000", - "frame.number": "5926", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x000021ee", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000955a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "61381", - "udp.port": "1900", - "udp.port": "61381", - "udp.length": "308", - "udp.checksum": "0x000006cb", - "udp.checksum.status": "2", - "udp.stream": "134" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "18", - "http.prev_response_in": "5925" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:42.124753000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495222.124753000", - "frame.time_delta": "0.578776000", - "frame.time_delta_displayed": "0.578776000", - "frame.time_relative": "1630.664067000", - "frame.number": "5927", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000220c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000953f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "61381", - "udp.port": "1900", - "udp.port": "61381", - "udp.length": "305", - "udp.checksum": "0x0000d555", - "udp.checksum.status": "2", - "udp.stream": "134" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "19", - "http.prev_response_in": "5926" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:42.177518000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495222.177518000", - "frame.time_delta": "0.052765000", - "frame.time_delta_displayed": "0.052765000", - "frame.time_relative": "1630.716832000", - "frame.number": "5928", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000220f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009533", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "61381", - "udp.port": "1900", - "udp.port": "61381", - "udp.length": "314", - "udp.checksum": "0x0000e340", - "udp.checksum.status": "2", - "udp.stream": "134" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "20", - "http.prev_response_in": "5927" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:42.230538000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495222.230538000", - "frame.time_delta": "0.053020000", - "frame.time_delta_displayed": "0.053020000", - "frame.time_relative": "1630.769852000", - "frame.number": "5929", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00002214", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009534", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "61381", - "udp.port": "1900", - "udp.port": "61381", - "udp.length": "308", - "udp.checksum": "0x000006cb", - "udp.checksum.status": "2", - "udp.stream": "134" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "21", - "http.prev_response_in": "5928" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:43.129651000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495223.129651000", - "frame.time_delta": "0.899113000", - "frame.time_delta_displayed": "0.899113000", - "frame.time_relative": "1631.668965000", - "frame.number": "5930", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000223f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000950c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "61381", - "udp.port": "1900", - "udp.port": "61381", - "udp.length": "305", - "udp.checksum": "0x0000d555", - "udp.checksum.status": "2", - "udp.stream": "134" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "22", - "http.prev_response_in": "5929" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:43.182426000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495223.182426000", - "frame.time_delta": "0.052775000", - "frame.time_delta_displayed": "0.052775000", - "frame.time_relative": "1631.721740000", - "frame.number": "5931", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00002240", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009502", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "61381", - "udp.port": "1900", - "udp.port": "61381", - "udp.length": "314", - "udp.checksum": "0x0000e340", - "udp.checksum.status": "2", - "udp.stream": "134" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "23", - "http.prev_response_in": "5930" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:43.235254000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495223.235254000", - "frame.time_delta": "0.052828000", - "frame.time_delta_displayed": "0.052828000", - "frame.time_relative": "1631.774568000", - "frame.number": "5932", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00002242", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009506", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "61381", - "udp.port": "1900", - "udp.port": "61381", - "udp.length": "308", - "udp.checksum": "0x000006cb", - "udp.checksum.status": "2", - "udp.stream": "134" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "24", - "http.prev_response_in": "5931" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:45.660395000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495225.660395000", - "frame.time_delta": "2.425141000", - "frame.time_delta_displayed": "2.425141000", - "frame.time_relative": "1634.199709000", - "frame.number": "5933", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.242" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:45.660831000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495225.660831000", - "frame.time_delta": "0.000436000", - "frame.time_delta_displayed": "0.000436000", - "frame.time_relative": "1634.200145000", - "frame.number": "5934", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "d0:52:a8:a3:60:0f", - "arp.src.proto_ipv4": "192.168.0.242", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:13:49.502801000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495229.502801000", - "frame.time_delta": "3.841970000", - "frame.time_delta_displayed": "3.841970000", - "frame.time_relative": "1638.042115000", - "frame.number": "5935", - "frame.len": "136", - "frame.cap_len": "136", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "122", - "ip.id": "0x0000451a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000943f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "102", - "udp.checksum": "0x0000302a", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000003", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", - "dns.qry.name.len": "70", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:02.662910000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495242.662910000", - "frame.time_delta": "13.160109000", - "frame.time_delta_displayed": "13.160109000", - "frame.time_relative": "1651.202224000", - "frame.number": "5936", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001f8d", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b863", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00001470", - "udp.checksum.status": "2", - "udp.stream": "98" - }, - "mdns": { - "dns.id": "0x00000285", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=645", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:02.663272000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495242.663272000", - "frame.time_delta": "0.000362000", - "frame.time_delta_displayed": "0.000362000", - "frame.time_relative": "1651.202586000", - "frame.number": "5937", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001f8e", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000995e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f56b", - "udp.checksum.status": "2", - "udp.stream": "99" - }, - "mdns": { - "dns.id": "0x00000285", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=645", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:02.664621000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495242.664621000", - "frame.time_delta": "0.001349000", - "frame.time_delta_displayed": "0.001349000", - "frame.time_relative": "1651.203935000", - "frame.number": "5938", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1322", - "udp.dstport": "5353", - "udp.port": "1322", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00008331", - "udp.checksum.status": "2", - "udp.stream": "100" - }, - "mdns": { - "dns.id": "0x00000285", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=645", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:03.161239000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495243.161239000", - "frame.time_delta": "0.496618000", - "frame.time_delta_displayed": "0.496618000", - "frame.time_relative": "1651.700553000", - "frame.number": "5939", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x00002918", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000a03f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:03.214151000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495243.214151000", - "frame.time_delta": "0.052912000", - "frame.time_delta_displayed": "0.052912000", - "frame.time_relative": "1651.753465000", - "frame.number": "5940", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x0000291a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000a03d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:03.267020000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495243.267020000", - "frame.time_delta": "0.052869000", - "frame.time_delta_displayed": "0.052869000", - "frame.time_relative": "1651.806334000", - "frame.number": "5941", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x0000291d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000a031", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:03.320114000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495243.320114000", - "frame.time_delta": "0.053094000", - "frame.time_delta_displayed": "0.053094000", - "frame.time_relative": "1651.859428000", - "frame.number": "5942", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x0000291f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000a02f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:03.373038000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495243.373038000", - "frame.time_delta": "0.052924000", - "frame.time_delta_displayed": "0.052924000", - "frame.time_relative": "1651.912352000", - "frame.number": "5943", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x00002920", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000a034", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:03.425867000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495243.425867000", - "frame.time_delta": "0.052829000", - "frame.time_delta_displayed": "0.052829000", - "frame.time_relative": "1651.965181000", - "frame.number": "5944", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x00002923", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000a031", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:04.183576000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495244.183576000", - "frame.time_delta": "0.757709000", - "frame.time_delta_displayed": "0.757709000", - "frame.time_relative": "1652.722890000", - "frame.number": "5945", - "frame.len": "94", - "frame.cap_len": "94", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "80", - "ip.id": "0x0000581a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a64f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "40", - "tcp.seq": "5038", - "tcp.nxtseq": "5078", - "tcp.ack": "577", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000facd", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "40", - "tcp.analysis.push_bytes_sent": "40" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "35", - "ssl.app_data": "c1:4c:bc:6e:d4:4e:36:eb:b0:de:5b:71:e1:8a:6e:82:c9:35:97:51:72:ca:31:20:a2:7f:6b:76:3b:f7:c9:63:b6:a2:1d" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:04.326851000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495244.326851000", - "frame.time_delta": "0.143275000", - "frame.time_delta_displayed": "0.143275000", - "frame.time_relative": "1652.866165000", - "frame.number": "5946", - "frame.len": "90", - "frame.cap_len": "90", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "76", - "ip.id": "0x00001001", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fd6c", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "36", - "tcp.seq": "577", - "tcp.nxtseq": "613", - "tcp.ack": "5078", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000007c2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5945", - "tcp.analysis.ack_rtt": "0.143275000", - "tcp.analysis.bytes_in_flight": "36", - "tcp.analysis.push_bytes_sent": "36" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "31", - "ssl.app_data": "54:26:79:5a:1e:3d:fa:70:b0:0d:f0:f3:99:d4:cc:39:6f:3c:35:74:11:1c:96:d0:f4:74:28:92:0f:d6:c8" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:04.327329000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495244.327329000", - "frame.time_delta": "0.000478000", - "frame.time_delta_displayed": "0.000478000", - "frame.time_relative": "1652.866643000", - "frame.number": "5947", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000581b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a676", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "5078", - "tcp.ack": "613", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f085", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "5946", - "tcp.analysis.ack_rtt": "0.000478000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:06.649376000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495246.649376000", - "frame.time_delta": "2.322047000", - "frame.time_delta_displayed": "2.322047000", - "frame.time_relative": "1655.188690000", - "frame.number": "5948", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005e16", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x000059d3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:07.355914000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495247.355914000", - "frame.time_delta": "0.706538000", - "frame.time_delta_displayed": "0.706538000", - "frame.time_relative": "1655.895228000", - "frame.number": "5949", - "frame.len": "83", - "frame.cap_len": "83", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "69", - "ip.id": "0x0000482d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00009161", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "49", - "udp.checksum": "0x0000edf6", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_smartthings._tcp.local", - "dns.qry.name.len": "23", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:07.367069000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495247.367069000", - "frame.time_delta": "0.011155000", - "frame.time_delta_displayed": "0.011155000", - "frame.time_relative": "1655.906383000", - "frame.number": "5950", - "frame.len": "211", - "frame.cap_len": "211", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "197", - "ip.id": "0x0000bb31", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00001d60", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "177", - "udp.checksum": "0x00009320", - "udp.checksum.status": "2", - "udp.stream": "45" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00008400", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "1", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.recavail": "0", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "0", - "dns.count.answers": "4", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Answers": { - "_smartthings._tcp.local: type PTR, class IN, D052A8A1D7EE0001._smartthings._tcp.local": { - "dns.resp.name": "_smartthings._tcp.local", - "dns.resp.type": "12", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "4500", - "dns.resp.len": "19", - "dns.ptr.domain_name": "D052A8A1D7EE0001._smartthings._tcp.local" - }, - "D052A8A1D7EE0001._smartthings._tcp.local: type TXT, class IN, cache flush": { - "dns.resp.name": "D052A8A1D7EE0001._smartthings._tcp.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "1", - "dns.resp.ttl": "4500", - "dns.resp.len": "38", - "dns.txt.length": "6", - "dns.txt": "path=\/", - "dns.txt.length": "19", - "dns.txt": "id=D052A8A1D7EE0001", - "dns.txt.length": "10", - "dns.txt": "type=hubv2" - }, - "D052A8A1D7EE0001._smartthings._tcp.local: type SRV, class IN, cache flush, priority 0, weight 0, port 8081, target D052A8A1D7EE0001.local": { - "dns.srv.service": "D052A8A1D7EE0001", - "dns.srv.proto": "_smartthings", - "dns.srv.name": "_tcp.local", - "dns.resp.type": "33", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "1", - "dns.resp.ttl": "120", - "dns.resp.len": "25", - "dns.srv.priority": "0", - "dns.srv.weight": "0", - "dns.srv.port": "8081", - "dns.srv.target": "D052A8A1D7EE0001.local" - }, - "D052A8A1D7EE0001.local: type A, class IN, cache flush, addr 192.168.0.242": { - "dns.resp.name": "D052A8A1D7EE0001.local", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "1", - "dns.resp.ttl": "120", - "dns.resp.len": "4", - "dns.a": "192.168.0.242" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:07.492572000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495247.492572000", - "frame.time_delta": "0.125503000", - "frame.time_delta_displayed": "0.125503000", - "frame.time_relative": "1656.031886000", - "frame.number": "5951", - "frame.len": "83", - "frame.cap_len": "83", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "69", - "ip.id": "0x0000483f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000914f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "49", - "udp.checksum": "0x0000edf6", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_smartthings._tcp.local", - "dns.qry.name.len": "23", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:07.663000000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495247.663000000", - "frame.time_delta": "0.170428000", - "frame.time_delta_displayed": "0.170428000", - "frame.time_relative": "1656.202314000", - "frame.number": "5952", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001f92", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b85e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00001470", - "udp.checksum.status": "2", - "udp.stream": "98" - }, - "mdns": { - "dns.id": "0x00000285", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=645", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:07.663522000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495247.663522000", - "frame.time_delta": "0.000522000", - "frame.time_delta_displayed": "0.000522000", - "frame.time_relative": "1656.202836000", - "frame.number": "5953", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001f93", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009959", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f56b", - "udp.checksum.status": "2", - "udp.stream": "99" - }, - "mdns": { - "dns.id": "0x00000285", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=645", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:07.665962000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495247.665962000", - "frame.time_delta": "0.002440000", - "frame.time_delta_displayed": "0.002440000", - "frame.time_relative": "1656.205276000", - "frame.number": "5954", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1322", - "udp.dstport": "5353", - "udp.port": "1322", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00008331", - "udp.checksum.status": "2", - "udp.stream": "100" - }, - "mdns": { - "dns.id": "0x00000285", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=645", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:07.717411000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495247.717411000", - "frame.time_delta": "0.051449000", - "frame.time_delta_displayed": "0.051449000", - "frame.time_relative": "1656.256725000", - "frame.number": "5955", - "frame.len": "83", - "frame.cap_len": "83", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "69", - "ip.id": "0x00004859", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00009135", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "49", - "udp.checksum": "0x0000edf6", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_smartthings._tcp.local", - "dns.qry.name.len": "23", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:07.721028000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495247.721028000", - "frame.time_delta": "0.003617000", - "frame.time_delta_displayed": "0.003617000", - "frame.time_relative": "1656.260342000", - "frame.number": "5956", - "frame.len": "20", - "frame.cap_len": "20", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:llc" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.len": "6" - }, - "llc": { - "llc.dsap": "0x00000000", - "llc.dsap_tree": { - "llc.dsap.sap": "0", - "llc.dsap.ig": "0" - }, - "llc.ssap": "0x00000001", - "llc.ssap_tree": { - "llc.ssap.sap": "0", - "llc.ssap.cr": "1" - }, - "llc.control": "0x000000af", - "llc.control_tree": { - "llc.control.u_modifier_resp": "0x0000002b", - "llc.control.ftype": "0x00000003" - } - }, - "basicxid": { - "basicxid.llc.xid.format": "0x00000081", - "basicxid.llc.xid.types": "0x00000001", - "basicxid.llc.xid.wsize": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:07.980489000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495247.980489000", - "frame.time_delta": "0.259461000", - "frame.time_delta_displayed": "0.259461000", - "frame.time_relative": "1656.519803000", - "frame.number": "5957", - "frame.len": "350", - "frame.cap_len": "350", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:bootp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "336", - "ip.id": "0x00000000", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ba9d", - "ip.checksum.status": "2", - "ip.src": "0.0.0.0", - "ip.addr": "0.0.0.0", - "ip.src_host": "0.0.0.0", - "ip.host": "0.0.0.0", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "68", - "udp.dstport": "67", - "udp.port": "68", - "udp.port": "67", - "udp.length": "316", - "udp.checksum": "0x00004f9e", - "udp.checksum.status": "2", - "udp.stream": "3" - }, - "bootp": { - "bootp.type": "1", - "bootp.hw.type": "0x00000001", - "bootp.hw.len": "6", - "bootp.hops": "0", - "bootp.id": "0xabcd0001", - "bootp.secs": "0", - "bootp.flags": "0x00000000", - "bootp.flags_tree": { - "bootp.flags.bc": "0", - "bootp.flags.reserved": "0x00000000" - }, - "bootp.ip.client": "0.0.0.0", - "bootp.ip.your": "0.0.0.0", - "bootp.ip.server": "0.0.0.0", - "bootp.ip.relay": "0.0.0.0", - "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", - "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", - "bootp.server": "", - "bootp.file": "", - "bootp.dhcp": "1", - "bootp.cookie": "99.130.83.99", - "bootp.option.type": "53", - "bootp.option.type_tree": { - "bootp.option.length": "1", - "bootp.option.value": "01", - "bootp.option.dhcp": "1" - }, - "bootp.option.type": "12", - "bootp.option.type_tree": { - "bootp.option.length": "14", - "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", - "bootp.option.hostname": "USR-WIFI232-G2" - }, - "bootp.option.type": "57", - "bootp.option.type_tree": { - "bootp.option.length": "2", - "bootp.option.value": "05:dc", - "bootp.option.dhcp_max_message_size": "1500" - }, - "bootp.option.type": "55", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "01:03:1c:06", - "bootp.option.request_list_item": "1", - "bootp.option.request_list_item": "3", - "bootp.option.request_list_item": "28", - "bootp.option.request_list_item": "6" - }, - "bootp.option.type": "0", - "bootp.option.type_tree": { - "bootp.option.end": "255" - }, - "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:08.004706000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495248.004706000", - "frame.time_delta": "0.024217000", - "frame.time_delta_displayed": "0.024217000", - "frame.time_relative": "1656.544020000", - "frame.number": "5958", - "frame.len": "350", - "frame.cap_len": "350", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:bootp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "336", - "ip.id": "0x00000001", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ba9c", - "ip.checksum.status": "2", - "ip.src": "0.0.0.0", - "ip.addr": "0.0.0.0", - "ip.src_host": "0.0.0.0", - "ip.host": "0.0.0.0", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "68", - "udp.dstport": "67", - "udp.port": "68", - "udp.port": "67", - "udp.length": "316", - "udp.checksum": "0x000080b3", - "udp.checksum.status": "2", - "udp.stream": "3" - }, - "bootp": { - "bootp.type": "1", - "bootp.hw.type": "0x00000001", - "bootp.hw.len": "6", - "bootp.hops": "0", - "bootp.id": "0xabcd0002", - "bootp.secs": "0", - "bootp.flags": "0x00000000", - "bootp.flags_tree": { - "bootp.flags.bc": "0", - "bootp.flags.reserved": "0x00000000" - }, - "bootp.ip.client": "0.0.0.0", - "bootp.ip.your": "0.0.0.0", - "bootp.ip.server": "0.0.0.0", - "bootp.ip.relay": "0.0.0.0", - "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", - "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", - "bootp.server": "", - "bootp.file": "", - "bootp.dhcp": "1", - "bootp.cookie": "99.130.83.99", - "bootp.option.type": "53", - "bootp.option.type_tree": { - "bootp.option.length": "1", - "bootp.option.value": "03", - "bootp.option.dhcp": "3" - }, - "bootp.option.type": "12", - "bootp.option.type_tree": { - "bootp.option.length": "14", - "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", - "bootp.option.hostname": "USR-WIFI232-G2" - }, - "bootp.option.type": "57", - "bootp.option.type_tree": { - "bootp.option.length": "2", - "bootp.option.value": "05:dc", - "bootp.option.dhcp_max_message_size": "1500" - }, - "bootp.option.type": "50", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "c0:a8:00:72", - "bootp.option.requested_ip_address": "192.168.0.114" - }, - "bootp.option.type": "54", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "c0:a8:00:01", - "bootp.option.dhcp_server_id": "192.168.0.1" - }, - "bootp.option.type": "55", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "01:03:1c:06", - "bootp.option.request_list_item": "1", - "bootp.option.request_list_item": "3", - "bootp.option.request_list_item": "28", - "bootp.option.request_list_item": "6" - }, - "bootp.option.type": "0", - "bootp.option.type_tree": { - "bootp.option.end": "255" - }, - "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:08.034690000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495248.034690000", - "frame.time_delta": "0.029984000", - "frame.time_delta_displayed": "0.029984000", - "frame.time_relative": "1656.574004000", - "frame.number": "5959", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", - "arp.src.proto_ipv4": "0.0.0.0", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.114" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:08.064724000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495248.064724000", - "frame.time_delta": "0.030034000", - "frame.time_delta_displayed": "0.030034000", - "frame.time_relative": "1656.604038000", - "frame.number": "5960", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", - "arp.src.proto_ipv4": "0.0.0.0", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.114" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:09.330933000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495249.330933000", - "frame.time_delta": "1.266209000", - "frame.time_delta_displayed": "1.266209000", - "frame.time_relative": "1657.870247000", - "frame.number": "5961", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.160" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:09.331332000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495249.331332000", - "frame.time_delta": "0.000399000", - "frame.time_delta_displayed": "0.000399000", - "frame.time_relative": "1657.870646000", - "frame.number": "5962", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "00:17:88:69:ee:e4", - "arp.src.proto_ipv4": "192.168.0.160", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:09.430558000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495249.430558000", - "frame.time_delta": "0.099226000", - "frame.time_delta_displayed": "0.099226000", - "frame.time_relative": "1657.969872000", - "frame.number": "5963", - "frame.len": "136", - "frame.cap_len": "136", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "122", - "ip.id": "0x000048ec", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000906d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "102", - "udp.checksum": "0x0000302a", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000003", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", - "dns.qry.name.len": "70", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:11.679266000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495251.679266000", - "frame.time_delta": "2.248708000", - "frame.time_delta_displayed": "2.248708000", - "frame.time_relative": "1660.218580000", - "frame.number": "5964", - "frame.len": "115", - "frame.cap_len": "115", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "101", - "ip.id": "0x00009687", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000076c7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "49", - "tcp.seq": "76759", - "tcp.nxtseq": "76808", - "tcp.ack": "17218", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000ca92", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:39:77:a7:a1:32:57", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2570615, TSecr 2812359255": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2570615", - "tcp.options.timestamp.tsecr": "2812359255" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "49", - "tcp.analysis.push_bytes_sent": "49" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "44", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:24:f6:98:83:7f:5c:c1:86:c1:e9:61:6c:ce:e5:38:7c:d2:de:75:b2:6a:04:78:7d:ac:31:2b:f9:72:a6:4c:bc:09:4c:7e:c2:8c" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:11.740271000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495251.740271000", - "frame.time_delta": "0.061005000", - "frame.time_delta_displayed": "0.061005000", - "frame.time_relative": "1660.279585000", - "frame.number": "5965", - "frame.len": "121", - "frame.cap_len": "121", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "107", - "ip.id": "0x00002d7f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037c9", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "55", - "tcp.seq": "17218", - "tcp.nxtseq": "17273", - "tcp.ack": "76808", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00004f53", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:50:b3:00:27:39:77", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812367027, TSecr 2570615": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812367027", - "tcp.options.timestamp.tsecr": "2570615" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5964", - "tcp.analysis.ack_rtt": "0.061005000", - "tcp.analysis.bytes_in_flight": "55", - "tcp.analysis.push_bytes_sent": "55" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "50", - "ssl.app_data": "34:cd:34:17:47:48:0e:bc:d8:01:21:1c:e9:55:27:c7:60:53:96:29:0a:11:87:96:7d:0b:50:cd:9e:77:79:f5:7f:63:ba:03:33:cc:66:a6:22:34:55:81:a8:0e:b2:ba:a0:2c" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:11.740841000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495251.740841000", - "frame.time_delta": "0.000570000", - "frame.time_delta_displayed": "0.000570000", - "frame.time_relative": "1660.280155000", - "frame.number": "5966", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00009688", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000076f7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "76808", - "tcp.ack": "17273", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000ade6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:39:7e:a7:a1:50:b3", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2570622, TSecr 2812367027": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2570622", - "tcp.options.timestamp.tsecr": "2812367027" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5965", - "tcp.analysis.ack_rtt": "0.000570000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:12.666361000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495252.666361000", - "frame.time_delta": "0.925520000", - "frame.time_delta_displayed": "0.925520000", - "frame.time_relative": "1661.205675000", - "frame.number": "5967", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001f94", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b85c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00001470", - "udp.checksum.status": "2", - "udp.stream": "98" - }, - "mdns": { - "dns.id": "0x00000285", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=645", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:12.666821000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495252.666821000", - "frame.time_delta": "0.000460000", - "frame.time_delta_displayed": "0.000460000", - "frame.time_relative": "1661.206135000", - "frame.number": "5968", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001f95", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009957", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f56b", - "udp.checksum.status": "2", - "udp.stream": "99" - }, - "mdns": { - "dns.id": "0x00000285", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=645", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:12.667340000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495252.667340000", - "frame.time_delta": "0.000519000", - "frame.time_delta_displayed": "0.000519000", - "frame.time_relative": "1661.206654000", - "frame.number": "5969", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1322", - "udp.dstport": "5353", - "udp.port": "1322", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00008331", - "udp.checksum.status": "2", - "udp.stream": "100" - }, - "mdns": { - "dns.id": "0x00000285", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=645", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:13.158380000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495253.158380000", - "frame.time_delta": "0.491040000", - "frame.time_delta_displayed": "0.491040000", - "frame.time_relative": "1661.697694000", - "frame.number": "5970", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", - "arp.src.proto_ipv4": "192.168.0.114", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:18.841870000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495258.841870000", - "frame.time_delta": "5.683490000", - "frame.time_delta_displayed": "5.683490000", - "frame.time_relative": "1667.381184000", - "frame.number": "5971", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:igmp:igmp" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_16", - "eth.addr": "01:00:5e:00:00:16", - "eth.addr_resolved": "IPv4mcast_16", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "24", - "ip.dsfield": "0x000000c0", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "48", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "2", - "ip.checksum": "0x000042dc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.22", - "ip.addr": "224.0.0.22", - "ip.dst_host": "224.0.0.22", - "ip.host": "224.0.0.22", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "Options: (4 bytes), Router Alert": { - "Router Alert (4 bytes): Router shall examine packet (0)": { - "ip.opt.type": "148", - "ip.opt.type_tree": { - "ip.opt.type.copy": "1", - "ip.opt.type.class": "0", - "ip.opt.type.number": "20" - }, - "ip.opt.len": "4", - "ip.opt.ra": "0" - } - } - }, - "igmp": { - "igmp.version": "3", - "igmp.type": "0x00000022", - "igmp.reserved": "00", - "igmp.checksum": "0x0000fa02", - "igmp.checksum.status": "1", - "igmp.reserved": "00:00", - "igmp.num_grp_recs": "1", - "Group Record : 224.0.0.251 Change To Include Mode": { - "igmp.record_type": "3", - "igmp.aux_data_len": "0", - "igmp.num_src": "0", - "igmp.maddr": "224.0.0.251" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:25.350920000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495265.350920000", - "frame.time_delta": "6.509050000", - "frame.time_delta_displayed": "6.509050000", - "frame.time_relative": "1673.890234000", - "frame.number": "5972", - "frame.len": "90", - "frame.cap_len": "90", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "76", - "ip.id": "0x00000b94", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ed24", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "56", - "udp.checksum": "0x0000c092", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "30:00:00:54:42:52:4b:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:00:04:fd:60:0c:f2:cd:f2:14:21:00:00:00:01:00:00:00:01:00:00:00:06:00:00:00", - "data.len": "48" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:26.559068000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495266.559068000", - "frame.time_delta": "1.208148000", - "frame.time_delta_displayed": "1.208148000", - "frame.time_relative": "1675.098382000", - "frame.number": "5973", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:igmp:igmp" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_16", - "eth.addr": "01:00:5e:00:00:16", - "eth.addr_resolved": "IPv4mcast_16", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "24", - "ip.dsfield": "0x000000c0", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "48", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "2", - "ip.checksum": "0x000042dc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.22", - "ip.addr": "224.0.0.22", - "ip.dst_host": "224.0.0.22", - "ip.host": "224.0.0.22", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "Options: (4 bytes), Router Alert": { - "Router Alert (4 bytes): Router shall examine packet (0)": { - "ip.opt.type": "148", - "ip.opt.type_tree": { - "ip.opt.type.copy": "1", - "ip.opt.type.class": "0", - "ip.opt.type.number": "20" - }, - "ip.opt.len": "4", - "ip.opt.ra": "0" - } - } - }, - "igmp": { - "igmp.version": "3", - "igmp.type": "0x00000022", - "igmp.reserved": "00", - "igmp.checksum": "0x0000fa02", - "igmp.checksum.status": "1", - "igmp.reserved": "00:00", - "igmp.num_grp_recs": "1", - "Group Record : 224.0.0.251 Change To Include Mode": { - "igmp.record_type": "3", - "igmp.aux_data_len": "0", - "igmp.num_src": "0", - "igmp.maddr": "224.0.0.251" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:28.851940000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495268.851940000", - "frame.time_delta": "2.292872000", - "frame.time_delta_displayed": "2.292872000", - "frame.time_relative": "1677.391254000", - "frame.number": "5974", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "3c:ef:8c:6f:79:5a", - "eth.src_tree": { - "eth.src_resolved": "Zhejiang_6f:79:5a", - "eth.addr": "3c:ef:8c:6f:79:5a", - "eth.addr_resolved": "Zhejiang_6f:79:5a", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.isgratuitous": "1", - "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", - "arp.src.proto_ipv4": "192.168.0.71", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.71" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:29.567763000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495269.567763000", - "frame.time_delta": "0.715823000", - "frame.time_delta_displayed": "0.715823000", - "frame.time_relative": "1678.107077000", - "frame.number": "5975", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "3c:ef:8c:6f:79:5a", - "eth.src_tree": { - "eth.src_resolved": "Zhejiang_6f:79:5a", - "eth.addr": "3c:ef:8c:6f:79:5a", - "eth.addr_resolved": "Zhejiang_6f:79:5a", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.isgratuitous": "1", - "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", - "arp.src.proto_ipv4": "192.168.0.71", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.71" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:30.188518000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495270.188518000", - "frame.time_delta": "0.620755000", - "frame.time_delta_displayed": "0.620755000", - "frame.time_relative": "1678.727832000", - "frame.number": "5976", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:igmp:igmp" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_16", - "eth.addr": "01:00:5e:00:00:16", - "eth.addr_resolved": "IPv4mcast_16", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "24", - "ip.dsfield": "0x000000c0", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "48", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "2", - "ip.checksum": "0x000042dc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.22", - "ip.addr": "224.0.0.22", - "ip.dst_host": "224.0.0.22", - "ip.host": "224.0.0.22", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "Options: (4 bytes), Router Alert": { - "Router Alert (4 bytes): Router shall examine packet (0)": { - "ip.opt.type": "148", - "ip.opt.type_tree": { - "ip.opt.type.copy": "1", - "ip.opt.type.class": "0", - "ip.opt.type.number": "20" - }, - "ip.opt.len": "4", - "ip.opt.ra": "0" - } - } - }, - "igmp": { - "igmp.version": "3", - "igmp.type": "0x00000022", - "igmp.reserved": "00", - "igmp.checksum": "0x0000f902", - "igmp.checksum.status": "1", - "igmp.reserved": "00:00", - "igmp.num_grp_recs": "1", - "Group Record : 224.0.0.251 Change To Exclude Mode": { - "igmp.record_type": "4", - "igmp.aux_data_len": "0", - "igmp.num_src": "0", - "igmp.maddr": "224.0.0.251" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:30.197528000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495270.197528000", - "frame.time_delta": "0.009010000", - "frame.time_delta_displayed": "0.009010000", - "frame.time_relative": "1678.736842000", - "frame.number": "5977", - "frame.len": "136", - "frame.cap_len": "136", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "122", - "ip.id": "0x000050b1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000088a8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "102", - "udp.checksum": "0x0000302b", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000001", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", - "dns.qry.name.len": "70", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:30.214998000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495270.214998000", - "frame.time_delta": "0.017470000", - "frame.time_delta_displayed": "0.017470000", - "frame.time_relative": "1678.754312000", - "frame.number": "5978", - "frame.len": "136", - "frame.cap_len": "136", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "122", - "ip.id": "0x000050b2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000088a7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "102", - "udp.checksum": "0x0000302b", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000001", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", - "dns.qry.name.len": "70", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:30.470297000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495270.470297000", - "frame.time_delta": "0.255299000", - "frame.time_delta_displayed": "0.255299000", - "frame.time_relative": "1679.009611000", - "frame.number": "5979", - "frame.len": "83", - "frame.cap_len": "83", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "69", - "ip.id": "0x000050cf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000088bf", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "49", - "udp.checksum": "0x0000edf6", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_smartthings._tcp.local", - "dns.qry.name.len": "23", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:30.470459000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495270.470459000", - "frame.time_delta": "0.000162000", - "frame.time_delta_displayed": "0.000162000", - "frame.time_relative": "1679.009773000", - "frame.number": "5980", - "frame.len": "88", - "frame.cap_len": "88", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "74", - "ip.id": "0x000050d0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000088b9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "54", - "udp.checksum": "0x0000fd7d", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_services._dns-sd._udp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_services._dns-sd._udp.local", - "dns.qry.name.len": "28", - "dns.count.labels": "4", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:30.470608000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495270.470608000", - "frame.time_delta": "0.000149000", - "frame.time_delta_displayed": "0.000149000", - "frame.time_relative": "1679.009922000", - "frame.number": "5981", - "frame.len": "83", - "frame.cap_len": "83", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "69", - "ip.id": "0x000050d1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000088bd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "49", - "udp.checksum": "0x0000edf6", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_smartthings._tcp.local", - "dns.qry.name.len": "23", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:30.473768000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495270.473768000", - "frame.time_delta": "0.003160000", - "frame.time_delta_displayed": "0.003160000", - "frame.time_relative": "1679.013082000", - "frame.number": "5982", - "frame.len": "211", - "frame.cap_len": "211", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "197", - "ip.id": "0x0000be7d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00001a14", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "177", - "udp.checksum": "0x00009320", - "udp.checksum.status": "2", - "udp.stream": "45" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00008400", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "1", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.recavail": "0", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "0", - "dns.count.answers": "4", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Answers": { - "_smartthings._tcp.local: type PTR, class IN, D052A8A1D7EE0001._smartthings._tcp.local": { - "dns.resp.name": "_smartthings._tcp.local", - "dns.resp.type": "12", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "4500", - "dns.resp.len": "19", - "dns.ptr.domain_name": "D052A8A1D7EE0001._smartthings._tcp.local" - }, - "D052A8A1D7EE0001._smartthings._tcp.local: type TXT, class IN, cache flush": { - "dns.resp.name": "D052A8A1D7EE0001._smartthings._tcp.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "1", - "dns.resp.ttl": "4500", - "dns.resp.len": "38", - "dns.txt.length": "6", - "dns.txt": "path=\/", - "dns.txt.length": "19", - "dns.txt": "id=D052A8A1D7EE0001", - "dns.txt.length": "10", - "dns.txt": "type=hubv2" - }, - "D052A8A1D7EE0001._smartthings._tcp.local: type SRV, class IN, cache flush, priority 0, weight 0, port 8081, target D052A8A1D7EE0001.local": { - "dns.srv.service": "D052A8A1D7EE0001", - "dns.srv.proto": "_smartthings", - "dns.srv.name": "_tcp.local", - "dns.resp.type": "33", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "1", - "dns.resp.ttl": "120", - "dns.resp.len": "25", - "dns.srv.priority": "0", - "dns.srv.weight": "0", - "dns.srv.port": "8081", - "dns.srv.target": "D052A8A1D7EE0001.local" - }, - "D052A8A1D7EE0001.local: type A, class IN, cache flush, addr 192.168.0.242": { - "dns.resp.name": "D052A8A1D7EE0001.local", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "1", - "dns.resp.ttl": "120", - "dns.resp.len": "4", - "dns.a": "192.168.0.242" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:30.487629000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495270.487629000", - "frame.time_delta": "0.013861000", - "frame.time_delta_displayed": "0.013861000", - "frame.time_relative": "1679.026943000", - "frame.number": "5983", - "frame.len": "107", - "frame.cap_len": "107", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "3c:ef:8c:6f:79:5a", - "eth.src_tree": { - "eth.src_resolved": "Zhejiang_6f:79:5a", - "eth.addr": "3c:ef:8c:6f:79:5a", - "eth.addr_resolved": "Zhejiang_6f:79:5a", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "93", - "ip.id": "0x0000883d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00005167", - "ip.checksum.status": "2", - "ip.src": "192.168.0.71", - "ip.addr": "192.168.0.71", - "ip.src_host": "192.168.0.71", - "ip.host": "192.168.0.71", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "73", - "udp.checksum": "0x0000791d", - "udp.checksum.status": "2", - "udp.stream": "46" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00008400", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "1", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.recavail": "0", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "0", - "dns.count.answers": "1", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Answers": { - "_services._dns-sd._udp.local: type PTR, class IN, _http._tcp.local": { - "dns.resp.name": "_services._dns-sd._udp.local", - "dns.resp.type": "12", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "4500", - "dns.resp.len": "13", - "dns.ptr.domain_name": "_http._tcp.local" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:30.514170000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495270.514170000", - "frame.time_delta": "0.026541000", - "frame.time_delta_displayed": "0.026541000", - "frame.time_relative": "1679.053484000", - "frame.number": "5984", - "frame.len": "108", - "frame.cap_len": "108", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "c4:12:f5:e3:dc:17", - "eth.src_tree": { - "eth.src_resolved": "D-LinkIn_e3:dc:17", - "eth.addr": "c4:12:f5:e3:dc:17", - "eth.addr_resolved": "D-LinkIn_e3:dc:17", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "94", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000d963", - "ip.checksum.status": "2", - "ip.src": "192.168.0.135", - "ip.addr": "192.168.0.135", - "ip.src_host": "192.168.0.135", - "ip.host": "192.168.0.135", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "74", - "udp.checksum": "0x00009b6b", - "udp.checksum.status": "2", - "udp.stream": "48" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00008400", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "1", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.recavail": "0", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "0", - "dns.count.answers": "1", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Answers": { - "_services._dns-sd._udp.local: type PTR, class IN, _dhnap._tcp.local": { - "dns.resp.name": "_services._dns-sd._udp.local", - "dns.resp.type": "12", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "4500", - "dns.resp.len": "14", - "dns.ptr.domain_name": "_dhnap._tcp.local" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:30.542638000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495270.542638000", - "frame.time_delta": "0.028468000", - "frame.time_delta_displayed": "0.028468000", - "frame.time_relative": "1679.081952000", - "frame.number": "5985", - "frame.len": "108", - "frame.cap_len": "108", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "90:8d:78:e3:81:0c", - "eth.src_tree": { - "eth.src_resolved": "D-LinkIn_e3:81:0c", - "eth.addr": "90:8d:78:e3:81:0c", - "eth.addr_resolved": "D-LinkIn_e3:81:0c", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "94", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000d8fa", - "ip.checksum.status": "2", - "ip.src": "192.168.0.240", - "ip.addr": "192.168.0.240", - "ip.src_host": "192.168.0.240", - "ip.host": "192.168.0.240", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "74", - "udp.checksum": "0x00009b02", - "udp.checksum.status": "2", - "udp.stream": "49" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00008400", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "1", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.recavail": "0", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "0", - "dns.count.answers": "1", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Answers": { - "_services._dns-sd._udp.local: type PTR, class IN, _dhnap._tcp.local": { - "dns.resp.name": "_services._dns-sd._udp.local", - "dns.resp.type": "12", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "4500", - "dns.resp.len": "14", - "dns.ptr.domain_name": "_dhnap._tcp.local" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:30.564499000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495270.564499000", - "frame.time_delta": "0.021861000", - "frame.time_delta_displayed": "0.021861000", - "frame.time_relative": "1679.103813000", - "frame.number": "5986", - "frame.len": "108", - "frame.cap_len": "108", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "c4:12:f5:de:38:20", - "eth.src_tree": { - "eth.src_resolved": "D-LinkIn_de:38:20", - "eth.addr": "c4:12:f5:de:38:20", - "eth.addr_resolved": "D-LinkIn_de:38:20", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "94", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000d995", - "ip.checksum.status": "2", - "ip.src": "192.168.0.85", - "ip.addr": "192.168.0.85", - "ip.src_host": "192.168.0.85", - "ip.host": "192.168.0.85", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "74", - "udp.checksum": "0x00009b9d", - "udp.checksum.status": "2", - "udp.stream": "50" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00008400", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "1", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.recavail": "0", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "0", - "dns.count.answers": "1", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Answers": { - "_services._dns-sd._udp.local: type PTR, class IN, _dhnap._tcp.local": { - "dns.resp.name": "_services._dns-sd._udp.local", - "dns.resp.type": "12", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "4500", - "dns.resp.len": "14", - "dns.ptr.domain_name": "_dhnap._tcp.local" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:30.567953000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495270.567953000", - "frame.time_delta": "0.003454000", - "frame.time_delta_displayed": "0.003454000", - "frame.time_relative": "1679.107267000", - "frame.number": "5987", - "frame.len": "114", - "frame.cap_len": "114", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "74:da:38:0d:05:55", - "eth.src_tree": { - "eth.src_resolved": "EdimaxTe_0d:05:55", - "eth.addr": "74:da:38:0d:05:55", - "eth.addr_resolved": "EdimaxTe_0d:05:55", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "100", - "ip.id": "0x0000e5f3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000f379", - "ip.checksum.status": "2", - "ip.src": "192.168.0.119", - "ip.addr": "192.168.0.119", - "ip.src_host": "192.168.0.119", - "ip.host": "192.168.0.119", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "80", - "udp.checksum": "0x00004200", - "udp.checksum.status": "2", - "udp.stream": "47" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00008400", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "1", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.recavail": "0", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "0", - "dns.count.answers": "1", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Answers": { - "_services._dns-sd._udp.local: type PTR, class IN, _workstation._tcp.local": { - "dns.resp.name": "_services._dns-sd._udp.local", - "dns.resp.type": "12", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "4500", - "dns.resp.len": "20", - "dns.ptr.domain_name": "_workstation._tcp.local" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:30.651920000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495270.651920000", - "frame.time_delta": "0.083967000", - "frame.time_delta_displayed": "0.083967000", - "frame.time_relative": "1679.191234000", - "frame.number": "5988", - "frame.len": "83", - "frame.cap_len": "83", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "69", - "ip.id": "0x000050ff", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000888f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "49", - "udp.checksum": "0x0000edf6", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_smartthings._tcp.local", - "dns.qry.name.len": "23", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:30.652077000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495270.652077000", - "frame.time_delta": "0.000157000", - "frame.time_delta_displayed": "0.000157000", - "frame.time_relative": "1679.191391000", - "frame.number": "5989", - "frame.len": "83", - "frame.cap_len": "83", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "69", - "ip.id": "0x00005100", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000888e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "49", - "udp.checksum": "0x0000edf6", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_smartthings._tcp.local", - "dns.qry.name.len": "23", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:30.652220000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495270.652220000", - "frame.time_delta": "0.000143000", - "frame.time_delta_displayed": "0.000143000", - "frame.time_relative": "1679.191534000", - "frame.number": "5990", - "frame.len": "88", - "frame.cap_len": "88", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "74", - "ip.id": "0x00005101", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00008888", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "54", - "udp.checksum": "0x0000fd7d", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_services._dns-sd._udp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_services._dns-sd._udp.local", - "dns.qry.name.len": "28", - "dns.count.labels": "4", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:30.886968000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495270.886968000", - "frame.time_delta": "0.234748000", - "frame.time_delta_displayed": "0.234748000", - "frame.time_relative": "1679.426282000", - "frame.number": "5991", - "frame.len": "83", - "frame.cap_len": "83", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "69", - "ip.id": "0x0000513a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00008854", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "49", - "udp.checksum": "0x0000edf6", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_smartthings._tcp.local", - "dns.qry.name.len": "23", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:30.887130000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495270.887130000", - "frame.time_delta": "0.000162000", - "frame.time_delta_displayed": "0.000162000", - "frame.time_relative": "1679.426444000", - "frame.number": "5992", - "frame.len": "88", - "frame.cap_len": "88", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "74", - "ip.id": "0x0000513b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000884e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "54", - "udp.checksum": "0x0000fd7d", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_services._dns-sd._udp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_services._dns-sd._udp.local", - "dns.qry.name.len": "28", - "dns.count.labels": "4", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:30.887277000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495270.887277000", - "frame.time_delta": "0.000147000", - "frame.time_delta_displayed": "0.000147000", - "frame.time_relative": "1679.426591000", - "frame.number": "5993", - "frame.len": "83", - "frame.cap_len": "83", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "69", - "ip.id": "0x0000513c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00008852", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "49", - "udp.checksum": "0x0000edf6", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_smartthings._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_smartthings._tcp.local", - "dns.qry.name.len": "23", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:31.182290000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495271.182290000", - "frame.time_delta": "0.295013000", - "frame.time_delta_displayed": "0.295013000", - "frame.time_relative": "1679.721604000", - "frame.number": "5994", - "frame.len": "114", - "frame.cap_len": "114", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "74:da:38:0d:05:55", - "eth.src_tree": { - "eth.src_resolved": "EdimaxTe_0d:05:55", - "eth.addr": "74:da:38:0d:05:55", - "eth.addr_resolved": "EdimaxTe_0d:05:55", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "100", - "ip.id": "0x0000e62e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000f33e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.119", - "ip.addr": "192.168.0.119", - "ip.src_host": "192.168.0.119", - "ip.host": "192.168.0.119", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "80", - "udp.checksum": "0x00004200", - "udp.checksum.status": "2", - "udp.stream": "47" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00008400", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "1", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.recavail": "0", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "0", - "dns.count.answers": "1", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Answers": { - "_services._dns-sd._udp.local: type PTR, class IN, _workstation._tcp.local": { - "dns.resp.name": "_services._dns-sd._udp.local", - "dns.resp.type": "12", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "4500", - "dns.resp.len": "20", - "dns.ptr.domain_name": "_workstation._tcp.local" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:31.202955000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495271.202955000", - "frame.time_delta": "0.020665000", - "frame.time_delta_displayed": "0.020665000", - "frame.time_relative": "1679.742269000", - "frame.number": "5995", - "frame.len": "95", - "frame.cap_len": "95", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "81", - "ip.id": "0x00005165", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000881d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "61", - "udp.checksum": "0x0000e755", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "1", - "dns.count.add_rr": "0", - "Queries": { - "192-168-0-117.local: type ANY, class IN, \"QM\" question": { - "dns.qry.name": "192-168-0-117.local", - "dns.qry.name.len": "19", - "dns.count.labels": "2", - "dns.qry.type": "255", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - }, - "Authoritative nameservers": { - "192-168-0-117.local: type A, class IN, addr 192.168.0.117": { - "dns.resp.name": "192-168-0-117.local", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "3600", - "dns.resp.len": "4", - "dns.a": "192.168.0.117" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:31.215468000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495271.215468000", - "frame.time_delta": "0.012513000", - "frame.time_delta_displayed": "0.012513000", - "frame.time_relative": "1679.754782000", - "frame.number": "5996", - "frame.len": "136", - "frame.cap_len": "136", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "122", - "ip.id": "0x00005167", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000087f2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "102", - "udp.checksum": "0x0000302b", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000002", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", - "dns.qry.name.len": "70", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:32.219147000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495272.219147000", - "frame.time_delta": "1.003679000", - "frame.time_delta_displayed": "1.003679000", - "frame.time_relative": "1680.758461000", - "frame.number": "5997", - "frame.len": "95", - "frame.cap_len": "95", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "81", - "ip.id": "0x000051d5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000087ad", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "61", - "udp.checksum": "0x0000e755", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "1", - "dns.count.add_rr": "0", - "Queries": { - "192-168-0-117.local: type ANY, class IN, \"QM\" question": { - "dns.qry.name": "192-168-0-117.local", - "dns.qry.name.len": "19", - "dns.count.labels": "2", - "dns.qry.type": "255", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - }, - "Authoritative nameservers": { - "192-168-0-117.local: type A, class IN, addr 192.168.0.117": { - "dns.resp.name": "192-168-0-117.local", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "3600", - "dns.resp.len": "4", - "dns.a": "192.168.0.117" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:32.219309000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495272.219309000", - "frame.time_delta": "0.000162000", - "frame.time_delta_displayed": "0.000162000", - "frame.time_relative": "1680.758623000", - "frame.number": "5998", - "frame.len": "136", - "frame.cap_len": "136", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "122", - "ip.id": "0x000051d9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00008780", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "102", - "udp.checksum": "0x0000302a", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000003", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local", - "dns.qry.name.len": "70", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:32.332612000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495272.332612000", - "frame.time_delta": "0.113303000", - "frame.time_delta_displayed": "0.113303000", - "frame.time_relative": "1680.871926000", - "frame.number": "5999", - "frame.len": "418", - "frame.cap_len": "418", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "404", - "ip.id": "0x00009689", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007596", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "352", - "tcp.seq": "76808", - "tcp.nxtseq": "77160", - "tcp.ack": "17273", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000002dd", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:41:89:a7:a1:50:b3", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2572681, TSecr 2812367027": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2572681", - "tcp.options.timestamp.tsecr": "2812367027" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "352", - "tcp.analysis.push_bytes_sent": "352" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "347", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:25:0c:78:33:5b:2a:31:99:c2:a8:58:30:3d:f1:62:a2:77:0f:f0:d3:b5:20:c8:c1:a6:7c:86:a9:72:79:40:04:42:bf:31:72:a1:d0:2e:3d:92:f1:7f:86:e0:bd:4d:e7:1a:6d:b8:98:66:b7:ed:3d:7e:b6:b6:11:29:ac:57:ce:26:3f:41:22:a8:62:b1:89:62:b0:fa:55:7c:d3:9b:5b:58:5a:6f:c8:59:9f:2a:10:27:0b:01:b6:e9:b7:d8:06:52:99:1a:15:5a:7a:14:81:d8:6c:26:c6:ae:e8:c5:f6:37:5d:d7:bb:52:f9:22:d9:f6:a1:ff:ee:ff:9c:cf:95:0b:3f:cd:80:0c:00:1d:4f:37:82:b1:17:53:c8:7e:8f:38:85:68:af:27:22:31:30:30:a9:29:95:48:97:3b:55:69:ff:95:ca:6a:d3:c6:5d:a1:08:8e:c1:bd:13:28:ae:c3:78:f6:a1:c6:5d:3e:58:ec:78:41:29:fb:15:f7:1d:1f:6b:6b:de:b4:b5:2c:88:2a:f1:67:9d:58:f9:38:ec:1c:68:ae:48:ef:cf:c1:30:b5:c4:b2:ae:aa:44:1e:3e:c3:04:d9:85:14:b8:92:c3:8f:66:50:d8:26:10:14:37:18:69:9a:26:64:b5:cc:01:26:04:a8:70:b6:f0:5e:74:60:8d:81:81:d7:a3:66:c8:4a:ca:3a:a6:6c:df:e7:f6:3c:a7:60:41:25:c2:21:93:6b:ef:1e:f3:38:e7:e7:d5:10:42:b0:3d:07:33:5b:49:5e:f4:9e:be:2b:e1:29:7c:ee:a9:75:a0:17:78:11:94:74:68:2c:66:fb:43:d1:bd:d4:34:9d:93:e7:aa:d2:09:4d:bc:09:35:62:7c:4d:10:53:05:bd:ba" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:32.393780000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495272.393780000", - "frame.time_delta": "0.061168000", - "frame.time_delta_displayed": "0.061168000", - "frame.time_relative": "1680.933094000", - "frame.number": "6000", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002d80", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037d0", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "17273", - "tcp.nxtseq": "17320", - "tcp.ack": "77160", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000068c7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:64:de:00:27:41:89", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812372190, TSecr 2572681": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812372190", - "tcp.options.timestamp.tsecr": "2572681" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "5999", - "tcp.analysis.ack_rtt": "0.061168000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:bd:17:27:d1:0d:7c:c8:85:32:99:90:e3:1d:9a:19:15:7f:cf:60:04:e1:81:28:d1:a1:be:8e:4f:03:cb:6d:42:0e:26:69" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:32.394214000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495272.394214000", - "frame.time_delta": "0.000434000", - "frame.time_delta_displayed": "0.000434000", - "frame.time_relative": "1680.933528000", - "frame.number": "6001", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000968a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000076f5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "77160", - "tcp.ack": "17320", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000901b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:41:8f:a7:a1:64:de", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2572687, TSecr 2812372190": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2572687", - "tcp.options.timestamp.tsecr": "2812372190" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "6000", - "tcp.analysis.ack_rtt": "0.000434000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:33.206232000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495273.206232000", - "frame.time_delta": "0.812018000", - "frame.time_delta_displayed": "0.812018000", - "frame.time_relative": "1681.745546000", - "frame.number": "6002", - "frame.len": "95", - "frame.cap_len": "95", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "81", - "ip.id": "0x0000528d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000086f5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "61", - "udp.checksum": "0x0000e855", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "1", - "dns.count.add_rr": "0", - "Queries": { - "192-168-0-117.local: type ANY, class IN, \"QM\" question": { - "dns.qry.name": "192-168-0-117.local", - "dns.qry.name.len": "19", - "dns.count.labels": "2", - "dns.qry.type": "255", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - }, - "Authoritative nameservers": { - "192-168-0-117.local: type A, class IN, addr 192.168.0.117": { - "dns.resp.name": "192-168-0-117.local", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "3599", - "dns.resp.len": "4", - "dns.a": "192.168.0.117" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:34.219793000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495274.219793000", - "frame.time_delta": "1.013561000", - "frame.time_delta_displayed": "1.013561000", - "frame.time_relative": "1682.759107000", - "frame.number": "6003", - "frame.len": "89", - "frame.cap_len": "89", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "75", - "ip.id": "0x00005345", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00008643", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "55", - "udp.checksum": "0x00006fa3", - "udp.checksum.status": "2", - "udp.stream": "0" - }, - "mdns": { - "dns.response_to": "6002", - "dns.time": "1.013561000", - "dns.id": "0x00000000", - "dns.flags": "0x00008400", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "1", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.recavail": "0", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "0", - "dns.count.answers": "1", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Answers": { - "192-168-0-117.local: type A, class IN, cache flush, addr 192.168.0.117": { - "dns.resp.name": "192-168-0-117.local", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "1", - "dns.resp.ttl": "3600", - "dns.resp.len": "4", - "dns.a": "192.168.0.117" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:34.338920000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495274.338920000", - "frame.time_delta": "0.119127000", - "frame.time_delta_displayed": "0.119127000", - "frame.time_relative": "1682.878234000", - "frame.number": "6004", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000581c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a675", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "5077", - "tcp.ack": "613", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f086", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive": "", - "_ws.expert.message": "TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:34.482106000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495274.482106000", - "frame.time_delta": "0.143186000", - "frame.time_delta_displayed": "0.143186000", - "frame.time_relative": "1683.021420000", - "frame.number": "6005", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001002", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fd8f", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "613", - "tcp.ack": "5078", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000fafb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive_ack": "", - "_ws.expert.message": "ACK to a TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:35.155829000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495275.155829000", - "frame.time_delta": "0.673723000", - "frame.time_delta_displayed": "0.673723000", - "frame.time_relative": "1683.695143000", - "frame.number": "6006", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:igmp:igmp" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_16", - "eth.addr": "01:00:5e:00:00:16", - "eth.addr_resolved": "IPv4mcast_16", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "24", - "ip.dsfield": "0x000000c0", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "48", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "2", - "ip.checksum": "0x000042dc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.22", - "ip.addr": "224.0.0.22", - "ip.dst_host": "224.0.0.22", - "ip.host": "224.0.0.22", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "Options: (4 bytes), Router Alert": { - "Router Alert (4 bytes): Router shall examine packet (0)": { - "ip.opt.type": "148", - "ip.opt.type_tree": { - "ip.opt.type.copy": "1", - "ip.opt.type.class": "0", - "ip.opt.type.number": "20" - }, - "ip.opt.len": "4", - "ip.opt.ra": "0" - } - } - }, - "igmp": { - "igmp.version": "3", - "igmp.type": "0x00000022", - "igmp.reserved": "00", - "igmp.checksum": "0x0000f902", - "igmp.checksum.status": "1", - "igmp.reserved": "00:00", - "igmp.num_grp_recs": "1", - "Group Record : 224.0.0.251 Change To Exclude Mode": { - "igmp.record_type": "4", - "igmp.aux_data_len": "0", - "igmp.num_src": "0", - "igmp.maddr": "224.0.0.251" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:36.651515000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495276.651515000", - "frame.time_delta": "1.495686000", - "frame.time_delta_displayed": "1.495686000", - "frame.time_relative": "1685.190829000", - "frame.number": "6007", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005e1d", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x000059cc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:37.400450000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495277.400450000", - "frame.time_delta": "0.748935000", - "frame.time_delta_displayed": "0.748935000", - "frame.time_relative": "1685.939764000", - "frame.number": "6008", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.242" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:37.400882000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495277.400882000", - "frame.time_delta": "0.000432000", - "frame.time_delta_displayed": "0.000432000", - "frame.time_relative": "1685.940196000", - "frame.number": "6009", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "d0:52:a8:a3:60:0f", - "arp.src.proto_ipv4": "192.168.0.242", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:44.013892000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495284.013892000", - "frame.time_delta": "6.613010000", - "frame.time_delta_displayed": "6.613010000", - "frame.time_relative": "1692.553206000", - "frame.number": "6010", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:igmp:igmp" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_16", - "eth.addr": "01:00:5e:00:00:16", - "eth.addr_resolved": "IPv4mcast_16", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "24", - "ip.dsfield": "0x000000c0", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "48", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "2", - "ip.checksum": "0x000042dc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.22", - "ip.addr": "224.0.0.22", - "ip.dst_host": "224.0.0.22", - "ip.host": "224.0.0.22", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "Options: (4 bytes), Router Alert": { - "Router Alert (4 bytes): Router shall examine packet (0)": { - "ip.opt.type": "148", - "ip.opt.type_tree": { - "ip.opt.type.copy": "1", - "ip.opt.type.class": "0", - "ip.opt.type.number": "20" - }, - "ip.opt.len": "4", - "ip.opt.ra": "0" - } - } - }, - "igmp": { - "igmp.version": "3", - "igmp.type": "0x00000022", - "igmp.reserved": "00", - "igmp.checksum": "0x0000fa02", - "igmp.checksum.status": "1", - "igmp.reserved": "00:00", - "igmp.num_grp_recs": "1", - "Group Record : 224.0.0.251 Change To Include Mode": { - "igmp.record_type": "3", - "igmp.aux_data_len": "0", - "igmp.num_src": "0", - "igmp.maddr": "224.0.0.251" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:52.551767000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495292.551767000", - "frame.time_delta": "8.537875000", - "frame.time_delta_displayed": "8.537875000", - "frame.time_relative": "1701.091081000", - "frame.number": "6011", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:igmp:igmp" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_16", - "eth.addr": "01:00:5e:00:00:16", - "eth.addr_resolved": "IPv4mcast_16", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "64:bc:0c:43:3f:40", - "eth.src_tree": { - "eth.src_resolved": "LgElectr_43:3f:40", - "eth.addr": "64:bc:0c:43:3f:40", - "eth.addr_resolved": "LgElectr_43:3f:40", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "24", - "ip.dsfield": "0x000000c0", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "48", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "2", - "ip.checksum": "0x000042dc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.117", - "ip.addr": "192.168.0.117", - "ip.src_host": "192.168.0.117", - "ip.host": "192.168.0.117", - "ip.dst": "224.0.0.22", - "ip.addr": "224.0.0.22", - "ip.dst_host": "224.0.0.22", - "ip.host": "224.0.0.22", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "Options: (4 bytes), Router Alert": { - "Router Alert (4 bytes): Router shall examine packet (0)": { - "ip.opt.type": "148", - "ip.opt.type_tree": { - "ip.opt.type.copy": "1", - "ip.opt.type.class": "0", - "ip.opt.type.number": "20" - }, - "ip.opt.len": "4", - "ip.opt.ra": "0" - } - } - }, - "igmp": { - "igmp.version": "3", - "igmp.type": "0x00000022", - "igmp.reserved": "00", - "igmp.checksum": "0x0000fa02", - "igmp.checksum.status": "1", - "igmp.reserved": "00:00", - "igmp.num_grp_recs": "1", - "Group Record : 224.0.0.251 Change To Include Mode": { - "igmp.record_type": "3", - "igmp.aux_data_len": "0", - "igmp.num_src": "0", - "igmp.maddr": "224.0.0.251" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:56.288756000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495296.288756000", - "frame.time_delta": "3.736989000", - "frame.time_delta_displayed": "3.736989000", - "frame.time_relative": "1704.828070000", - "frame.number": "6012", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x0000380d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000914a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:56.304177000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495296.304177000", - "frame.time_delta": "0.015421000", - "frame.time_delta_displayed": "0.015421000", - "frame.time_relative": "1704.843491000", - "frame.number": "6013", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x00003811", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00009146", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:56.357073000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495296.357073000", - "frame.time_delta": "0.052896000", - "frame.time_delta_displayed": "0.052896000", - "frame.time_relative": "1704.896387000", - "frame.number": "6014", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x00003815", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00009139", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:56.409882000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495296.409882000", - "frame.time_delta": "0.052809000", - "frame.time_delta_displayed": "0.052809000", - "frame.time_relative": "1704.949196000", - "frame.number": "6015", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x00003816", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00009138", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:56.462740000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495296.462740000", - "frame.time_delta": "0.052858000", - "frame.time_delta_displayed": "0.052858000", - "frame.time_relative": "1705.002054000", - "frame.number": "6016", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x00003819", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000913b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:56.515683000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495296.515683000", - "frame.time_delta": "0.052943000", - "frame.time_delta_displayed": "0.052943000", - "frame.time_relative": "1705.054997000", - "frame.number": "6017", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x0000381c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00009138", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:57.665815000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495297.665815000", - "frame.time_delta": "1.150132000", - "frame.time_delta_displayed": "1.150132000", - "frame.time_relative": "1706.205129000", - "frame.number": "6018", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001f9b", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b855", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000136f", - "udp.checksum.status": "2", - "udp.stream": "98" - }, - "mdns": { - "dns.id": "0x00000286", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=646", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:57.666332000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495297.666332000", - "frame.time_delta": "0.000517000", - "frame.time_delta_displayed": "0.000517000", - "frame.time_relative": "1706.205646000", - "frame.number": "6019", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001f9c", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009950", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f46a", - "udp.checksum.status": "2", - "udp.stream": "99" - }, - "mdns": { - "dns.id": "0x00000286", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=646", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:14:57.666959000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495297.666959000", - "frame.time_delta": "0.000627000", - "frame.time_delta_displayed": "0.000627000", - "frame.time_relative": "1706.206273000", - "frame.number": "6020", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1322", - "udp.dstport": "5353", - "udp.port": "1322", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00008230", - "udp.checksum.status": "2", - "udp.stream": "100" - }, - "mdns": { - "dns.id": "0x00000286", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=646", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:02.666099000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495302.666099000", - "frame.time_delta": "4.999140000", - "frame.time_delta_displayed": "4.999140000", - "frame.time_relative": "1711.205413000", - "frame.number": "6021", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001f9d", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b853", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000136f", - "udp.checksum.status": "2", - "udp.stream": "98" - }, - "mdns": { - "dns.id": "0x00000286", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=646", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:02.666637000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495302.666637000", - "frame.time_delta": "0.000538000", - "frame.time_delta_displayed": "0.000538000", - "frame.time_relative": "1711.205951000", - "frame.number": "6022", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001f9e", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000994e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f46a", - "udp.checksum.status": "2", - "udp.stream": "99" - }, - "mdns": { - "dns.id": "0x00000286", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=646", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:02.667245000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495302.667245000", - "frame.time_delta": "0.000608000", - "frame.time_delta_displayed": "0.000608000", - "frame.time_relative": "1711.206559000", - "frame.number": "6023", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1322", - "udp.dstport": "5353", - "udp.port": "1322", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00008230", - "udp.checksum.status": "2", - "udp.stream": "100" - }, - "mdns": { - "dns.id": "0x00000286", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=646", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:03.410772000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495303.410772000", - "frame.time_delta": "0.743527000", - "frame.time_delta_displayed": "0.743527000", - "frame.time_relative": "1711.950086000", - "frame.number": "6024", - "frame.len": "115", - "frame.cap_len": "115", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "101", - "ip.id": "0x0000968b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000076c3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "49", - "tcp.seq": "77160", - "tcp.nxtseq": "77209", - "tcp.ack": "17320", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000cbc5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:4d:ad:a7:a1:64:de", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2575789, TSecr 2812372190": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2575789", - "tcp.options.timestamp.tsecr": "2812372190" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "49", - "tcp.analysis.push_bytes_sent": "49" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "44", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:26:05:a2:15:44:7a:62:57:83:fe:33:05:1d:7f:91:d4:96:35:38:49:96:ee:ff:53:e3:84:f2:d9:32:73:43:41:42:35:0d:8f:e0" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:03.471399000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495303.471399000", - "frame.time_delta": "0.060627000", - "frame.time_delta_displayed": "0.060627000", - "frame.time_relative": "1712.010713000", - "frame.number": "6025", - "frame.len": "121", - "frame.cap_len": "121", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "107", - "ip.id": "0x00002d81", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037c7", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "55", - "tcp.seq": "17320", - "tcp.nxtseq": "17375", - "tcp.ack": "77209", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00004c0a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:83:38:00:27:4d:ad", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812379960, TSecr 2575789": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812379960", - "tcp.options.timestamp.tsecr": "2575789" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "6024", - "tcp.analysis.ack_rtt": "0.060627000", - "tcp.analysis.bytes_in_flight": "55", - "tcp.analysis.push_bytes_sent": "55" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "50", - "ssl.app_data": "34:cd:34:17:47:48:0e:be:0d:25:a1:2b:6e:a2:d7:37:f8:82:a4:d6:9d:29:68:f4:c5:02:f8:7b:73:09:58:e2:4d:0c:be:06:24:be:3a:68:75:4a:c2:67:12:6c:1a:aa:65:d4" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:03.471880000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495303.471880000", - "frame.time_delta": "0.000481000", - "frame.time_delta_displayed": "0.000481000", - "frame.time_relative": "1712.011194000", - "frame.number": "6026", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000968c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000076f3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "77209", - "tcp.ack": "17375", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00006535", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:4d:b3:a7:a1:83:38", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2575795, TSecr 2812379960": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2575795", - "tcp.options.timestamp.tsecr": "2812379960" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "6025", - "tcp.analysis.ack_rtt": "0.000481000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:04.478873000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495304.478873000", - "frame.time_delta": "1.006993000", - "frame.time_delta_displayed": "1.006993000", - "frame.time_relative": "1713.018187000", - "frame.number": "6027", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000581d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a674", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "5077", - "tcp.ack": "613", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f086", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive": "", - "_ws.expert.message": "TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:04.624005000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495304.624005000", - "frame.time_delta": "0.145132000", - "frame.time_delta_displayed": "0.145132000", - "frame.time_relative": "1713.163319000", - "frame.number": "6028", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001003", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fd8e", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "613", - "tcp.ack": "5078", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000fafb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive_ack": "", - "_ws.expert.message": "ACK to a TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:06.652180000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495306.652180000", - "frame.time_delta": "2.028175000", - "frame.time_delta_displayed": "2.028175000", - "frame.time_relative": "1715.191494000", - "frame.number": "6029", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005e24", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x000059c5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:07.666299000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495307.666299000", - "frame.time_delta": "1.014119000", - "frame.time_delta_displayed": "1.014119000", - "frame.time_relative": "1716.205613000", - "frame.number": "6030", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001f9f", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b851", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000136f", - "udp.checksum.status": "2", - "udp.stream": "98" - }, - "mdns": { - "dns.id": "0x00000286", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=646", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:07.666860000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495307.666860000", - "frame.time_delta": "0.000561000", - "frame.time_delta_displayed": "0.000561000", - "frame.time_relative": "1716.206174000", - "frame.number": "6031", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001fa0", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000994c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f46a", - "udp.checksum.status": "2", - "udp.stream": "99" - }, - "mdns": { - "dns.id": "0x00000286", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=646", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:07.667482000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495307.667482000", - "frame.time_delta": "0.000622000", - "frame.time_delta_displayed": "0.000622000", - "frame.time_relative": "1716.206796000", - "frame.number": "6032", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1322", - "udp.dstport": "5353", - "udp.port": "1322", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00008230", - "udp.checksum.status": "2", - "udp.stream": "100" - }, - "mdns": { - "dns.id": "0x00000286", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=646", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:09.488799000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495309.488799000", - "frame.time_delta": "1.821317000", - "frame.time_delta_displayed": "1.821317000", - "frame.time_relative": "1718.028113000", - "frame.number": "6033", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "00:17:88:69:ee:e4", - "arp.src.proto_ipv4": "192.168.0.160", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:09.488989000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495309.488989000", - "frame.time_delta": "0.000190000", - "frame.time_delta_displayed": "0.000190000", - "frame.time_relative": "1718.028303000", - "frame.number": "6034", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:17:88:69:ee:e4", - "arp.dst.proto_ipv4": "192.168.0.160" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:28.850522000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495328.850522000", - "frame.time_delta": "19.361533000", - "frame.time_delta_displayed": "19.361533000", - "frame.time_relative": "1737.389836000", - "frame.number": "6035", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "3c:ef:8c:6f:79:5a", - "eth.src_tree": { - "eth.src_resolved": "Zhejiang_6f:79:5a", - "eth.addr": "3c:ef:8c:6f:79:5a", - "eth.addr_resolved": "Zhejiang_6f:79:5a", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.isgratuitous": "1", - "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", - "arp.src.proto_ipv4": "192.168.0.71", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.71" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:30.432441000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495330.432441000", - "frame.time_delta": "1.581919000", - "frame.time_delta_displayed": "1.581919000", - "frame.time_relative": "1738.971755000", - "frame.number": "6036", - "frame.len": "168", - "frame.cap_len": "168", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "154", - "ip.id": "0x00002114", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e730", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "52117", - "udp.dstport": "1900", - "udp.port": "52117", - "udp.port": "1900", - "udp.length": "134", - "udp.checksum": "0x00004d48", - "udp.checksum.status": "2", - "udp.stream": "10" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "15", - "http.prev_request_in": "5828" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:30.835802000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495330.835802000", - "frame.time_delta": "0.403361000", - "frame.time_delta_displayed": "0.403361000", - "frame.time_relative": "1739.375116000", - "frame.number": "6037", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00004c3f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00006b0c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "305", - "udp.checksum": "0x0000f985", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "85", - "http.prev_response_in": "5884" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:30.839634000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495330.839634000", - "frame.time_delta": "0.003832000", - "frame.time_delta_displayed": "0.003832000", - "frame.time_relative": "1739.378948000", - "frame.number": "6038", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001bbb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005cac", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54722", - "tcp.dstport": "80", - "tcp.port": "54722", - "tcp.port": "80", - "tcp.stream": "218", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x0000f812", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:30.840167000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495330.840167000", - "frame.time_delta": "0.000533000", - "frame.time_delta_displayed": "0.000533000", - "frame.time_relative": "1739.379481000", - "frame.number": "6039", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54722", - "tcp.port": "80", - "tcp.port": "54722", - "tcp.stream": "218", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000f0e3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "6038", - "tcp.analysis.ack_rtt": "0.000533000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:30.842939000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495330.842939000", - "frame.time_delta": "0.002772000", - "frame.time_delta_displayed": "0.002772000", - "frame.time_relative": "1739.382253000", - "frame.number": "6040", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001bbc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005cb7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54722", - "tcp.dstport": "80", - "tcp.port": "54722", - "tcp.port": "80", - "tcp.stream": "218", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000a2c2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6039", - "tcp.analysis.ack_rtt": "0.002772000", - "tcp.analysis.initial_rtt": "0.003305000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:30.843550000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495330.843550000", - "frame.time_delta": "0.000611000", - "frame.time_delta_displayed": "0.000611000", - "frame.time_relative": "1739.382864000", - "frame.number": "6041", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001bbd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005c0f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54722", - "tcp.dstport": "80", - "tcp.port": "54722", - "tcp.port": "80", - "tcp.stream": "218", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000b83b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003305000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:30.844027000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495330.844027000", - "frame.time_delta": "0.000477000", - "frame.time_delta_displayed": "0.000477000", - "frame.time_relative": "1739.383341000", - "frame.number": "6042", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00009e16", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001a5d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54722", - "tcp.port": "80", - "tcp.port": "54722", - "tcp.stream": "218", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00009453", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6041", - "tcp.analysis.ack_rtt": "0.000477000", - "tcp.analysis.initial_rtt": "0.003305000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:30.844679000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495330.844679000", - "frame.time_delta": "0.000652000", - "frame.time_delta_displayed": "0.000652000", - "frame.time_relative": "1739.383993000", - "frame.number": "6043", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00009e17", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001a4b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54722", - "tcp.port": "80", - "tcp.port": "54722", - "tcp.stream": "218", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000d474", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003305000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:30.845037000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495330.845037000", - "frame.time_delta": "0.000358000", - "frame.time_delta_displayed": "0.000358000", - "frame.time_relative": "1739.384351000", - "frame.number": "6044", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00009e18", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001678", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54722", - "tcp.port": "80", - "tcp.port": "54722", - "tcp.stream": "218", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000026de", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003305000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "6043", - "tcp.segment": "6044", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001487000", - "http.request_in": "6041", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:30.847818000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495330.847818000", - "frame.time_delta": "0.002781000", - "frame.time_delta_displayed": "0.002781000", - "frame.time_relative": "1739.387132000", - "frame.number": "6045", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001bbe", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005cb5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54722", - "tcp.dstport": "80", - "tcp.port": "54722", - "tcp.port": "80", - "tcp.stream": "218", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00009e2a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6044", - "tcp.analysis.ack_rtt": "0.002781000", - "tcp.analysis.initial_rtt": "0.003305000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:30.848479000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495330.848479000", - "frame.time_delta": "0.000661000", - "frame.time_delta_displayed": "0.000661000", - "frame.time_relative": "1739.387793000", - "frame.number": "6046", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001bbf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005cb4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54722", - "tcp.dstport": "80", - "tcp.port": "54722", - "tcp.port": "80", - "tcp.stream": "218", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00009e29", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:30.848932000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495330.848932000", - "frame.time_delta": "0.000453000", - "frame.time_delta_displayed": "0.000453000", - "frame.time_relative": "1739.388246000", - "frame.number": "6047", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002c5f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008c14", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54722", - "tcp.port": "80", - "tcp.port": "54722", - "tcp.stream": "218", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000905d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6046", - "tcp.analysis.ack_rtt": "0.000453000", - "tcp.analysis.initial_rtt": "0.003305000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:30.888906000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495330.888906000", - "frame.time_delta": "0.039974000", - "frame.time_delta_displayed": "0.039974000", - "frame.time_relative": "1739.428220000", - "frame.number": "6048", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00004c40", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00006b02", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "314", - "udp.checksum": "0x00000771", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "86", - "http.prev_response_in": "6037" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:30.899799000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495330.899799000", - "frame.time_delta": "0.010893000", - "frame.time_delta_displayed": "0.010893000", - "frame.time_relative": "1739.439113000", - "frame.number": "6049", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001bc0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005ca7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54723", - "tcp.dstport": "80", - "tcp.port": "54723", - "tcp.port": "80", - "tcp.stream": "219", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x00003f93", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:30.900543000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495330.900543000", - "frame.time_delta": "0.000744000", - "frame.time_delta_displayed": "0.000744000", - "frame.time_relative": "1739.439857000", - "frame.number": "6050", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54723", - "tcp.port": "80", - "tcp.port": "54723", - "tcp.stream": "219", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00006907", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "6049", - "tcp.analysis.ack_rtt": "0.000744000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:30.903067000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495330.903067000", - "frame.time_delta": "0.002524000", - "frame.time_delta_displayed": "0.002524000", - "frame.time_relative": "1739.442381000", - "frame.number": "6051", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001bc1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005cb2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54723", - "tcp.dstport": "80", - "tcp.port": "54723", - "tcp.port": "80", - "tcp.stream": "219", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00001ae6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6050", - "tcp.analysis.ack_rtt": "0.002524000", - "tcp.analysis.initial_rtt": "0.003268000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:30.903703000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495330.903703000", - "frame.time_delta": "0.000636000", - "frame.time_delta_displayed": "0.000636000", - "frame.time_relative": "1739.443017000", - "frame.number": "6052", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001bc2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005c0a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54723", - "tcp.dstport": "80", - "tcp.port": "54723", - "tcp.port": "80", - "tcp.stream": "219", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000305f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003268000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:30.904189000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495330.904189000", - "frame.time_delta": "0.000486000", - "frame.time_delta_displayed": "0.000486000", - "frame.time_relative": "1739.443503000", - "frame.number": "6053", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000b807", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000006c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54723", - "tcp.port": "80", - "tcp.port": "54723", - "tcp.stream": "219", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00000c77", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6052", - "tcp.analysis.ack_rtt": "0.000486000", - "tcp.analysis.initial_rtt": "0.003268000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:30.904779000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495330.904779000", - "frame.time_delta": "0.000590000", - "frame.time_delta_displayed": "0.000590000", - "frame.time_relative": "1739.444093000", - "frame.number": "6054", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000b808", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000005a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54723", - "tcp.port": "80", - "tcp.port": "54723", - "tcp.stream": "219", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00004c98", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003268000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:30.905136000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495330.905136000", - "frame.time_delta": "0.000357000", - "frame.time_delta_displayed": "0.000357000", - "frame.time_relative": "1739.444450000", - "frame.number": "6055", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000b809", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000fc86", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54723", - "tcp.port": "80", - "tcp.port": "54723", - "tcp.stream": "219", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00009f01", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003268000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "6054", - "tcp.segment": "6055", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001433000", - "http.request_in": "6052", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:30.907761000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495330.907761000", - "frame.time_delta": "0.002625000", - "frame.time_delta_displayed": "0.002625000", - "frame.time_relative": "1739.447075000", - "frame.number": "6056", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001bc3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005cb0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54723", - "tcp.dstport": "80", - "tcp.port": "54723", - "tcp.port": "80", - "tcp.stream": "219", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000164e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6055", - "tcp.analysis.ack_rtt": "0.002625000", - "tcp.analysis.initial_rtt": "0.003268000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:30.908943000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495330.908943000", - "frame.time_delta": "0.001182000", - "frame.time_delta_displayed": "0.001182000", - "frame.time_relative": "1739.448257000", - "frame.number": "6057", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001bc4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005caf", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54723", - "tcp.dstport": "80", - "tcp.port": "54723", - "tcp.port": "80", - "tcp.stream": "219", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000164d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:30.909389000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495330.909389000", - "frame.time_delta": "0.000446000", - "frame.time_delta_displayed": "0.000446000", - "frame.time_relative": "1739.448703000", - "frame.number": "6058", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002c65", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008c0e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54723", - "tcp.port": "80", - "tcp.port": "54723", - "tcp.stream": "219", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00000881", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6057", - "tcp.analysis.ack_rtt": "0.000446000", - "tcp.analysis.initial_rtt": "0.003268000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:30.942297000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495330.942297000", - "frame.time_delta": "0.032908000", - "frame.time_delta_displayed": "0.032908000", - "frame.time_relative": "1739.481611000", - "frame.number": "6059", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00004c41", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00006b07", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "308", - "udp.checksum": "0x00002afb", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "87", - "http.prev_response_in": "6048" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:30.946718000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495330.946718000", - "frame.time_delta": "0.004421000", - "frame.time_delta_displayed": "0.004421000", - "frame.time_relative": "1739.486032000", - "frame.number": "6060", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001bc5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005ca2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54724", - "tcp.dstport": "80", - "tcp.port": "54724", - "tcp.port": "80", - "tcp.stream": "220", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x00008f15", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:30.947250000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495330.947250000", - "frame.time_delta": "0.000532000", - "frame.time_delta_displayed": "0.000532000", - "frame.time_relative": "1739.486564000", - "frame.number": "6061", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54724", - "tcp.port": "80", - "tcp.port": "54724", - "tcp.stream": "220", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00001d61", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "6060", - "tcp.analysis.ack_rtt": "0.000532000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:30.949851000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495330.949851000", - "frame.time_delta": "0.002601000", - "frame.time_delta_displayed": "0.002601000", - "frame.time_relative": "1739.489165000", - "frame.number": "6062", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001bc6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005cad", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54724", - "tcp.dstport": "80", - "tcp.port": "54724", - "tcp.port": "80", - "tcp.stream": "220", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000cf3f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6061", - "tcp.analysis.ack_rtt": "0.002601000", - "tcp.analysis.initial_rtt": "0.003133000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:30.950911000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495330.950911000", - "frame.time_delta": "0.001060000", - "frame.time_delta_displayed": "0.001060000", - "frame.time_relative": "1739.490225000", - "frame.number": "6063", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001bc7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005c05", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54724", - "tcp.dstport": "80", - "tcp.port": "54724", - "tcp.port": "80", - "tcp.stream": "220", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000e4b8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003133000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:30.951403000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495330.951403000", - "frame.time_delta": "0.000492000", - "frame.time_delta_displayed": "0.000492000", - "frame.time_relative": "1739.490717000", - "frame.number": "6064", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00009e75", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000019fe", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54724", - "tcp.port": "80", - "tcp.port": "54724", - "tcp.stream": "220", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000c0d0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6063", - "tcp.analysis.ack_rtt": "0.000492000", - "tcp.analysis.initial_rtt": "0.003133000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:30.951977000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495330.951977000", - "frame.time_delta": "0.000574000", - "frame.time_delta_displayed": "0.000574000", - "frame.time_relative": "1739.491291000", - "frame.number": "6065", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00009e76", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000019ec", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54724", - "tcp.port": "80", - "tcp.port": "54724", - "tcp.stream": "220", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000000f2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003133000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:30.952417000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495330.952417000", - "frame.time_delta": "0.000440000", - "frame.time_delta_displayed": "0.000440000", - "frame.time_relative": "1739.491731000", - "frame.number": "6066", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00009e77", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001619", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54724", - "tcp.port": "80", - "tcp.port": "54724", - "tcp.stream": "220", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000535b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003133000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "6065", - "tcp.segment": "6066", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001506000", - "http.request_in": "6063", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:30.955212000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495330.955212000", - "frame.time_delta": "0.002795000", - "frame.time_delta_displayed": "0.002795000", - "frame.time_relative": "1739.494526000", - "frame.number": "6067", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001bc8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005cab", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54724", - "tcp.dstport": "80", - "tcp.port": "54724", - "tcp.port": "80", - "tcp.stream": "220", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000caa7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6066", - "tcp.analysis.ack_rtt": "0.002795000", - "tcp.analysis.initial_rtt": "0.003133000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:30.956237000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495330.956237000", - "frame.time_delta": "0.001025000", - "frame.time_delta_displayed": "0.001025000", - "frame.time_relative": "1739.495551000", - "frame.number": "6068", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001bc9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005caa", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54724", - "tcp.dstport": "80", - "tcp.port": "54724", - "tcp.port": "80", - "tcp.stream": "220", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000caa6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:30.956675000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495330.956675000", - "frame.time_delta": "0.000438000", - "frame.time_delta_displayed": "0.000438000", - "frame.time_relative": "1739.495989000", - "frame.number": "6069", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002c69", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008c0a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54724", - "tcp.port": "80", - "tcp.port": "54724", - "tcp.stream": "220", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000bcda", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6068", - "tcp.analysis.ack_rtt": "0.000438000", - "tcp.analysis.initial_rtt": "0.003133000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:31.224328000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495331.224328000", - "frame.time_delta": "0.267653000", - "frame.time_delta_displayed": "0.267653000", - "frame.time_relative": "1739.763642000", - "frame.number": "6070", - "frame.len": "416", - "frame.cap_len": "416", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "402", - "ip.id": "0x0000968d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007594", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "350", - "tcp.seq": "77209", - "tcp.nxtseq": "77559", - "tcp.ack": "17375", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000fa17", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:58:8a:a7:a1:83:38", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2578570, TSecr 2812379960": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2578570", - "tcp.options.timestamp.tsecr": "2812379960" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "350", - "tcp.analysis.push_bytes_sent": "350" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "345", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:27:f1:94:95:47:b8:df:b5:ae:80:46:c9:df:b1:f7:f0:61:2f:98:17:ea:03:98:77:b0:a9:1e:cf:e2:b4:f6:f0:27:25:4f:74:9b:1d:3a:6c:fd:c6:7c:b0:fd:ca:6f:5e:23:4d:6f:d4:cb:51:ff:3a:2f:01:bb:fe:df:ef:8f:85:36:e8:4b:57:9a:0f:72:b7:2b:77:10:5e:94:f0:ef:b6:e5:0a:4b:10:79:2d:ad:c9:59:86:53:44:fe:c4:ef:11:21:3d:a0:a0:99:2d:0c:bd:6f:cc:64:62:5b:9c:7a:7f:54:c2:6e:2e:fc:9a:0e:32:c5:58:7d:2a:2f:09:b3:bb:e9:ab:0d:62:80:fd:1b:6e:06:ab:1c:6e:d8:c5:f7:87:ee:1e:d0:59:76:e0:64:4c:73:d5:3b:80:71:43:37:34:76:44:df:df:b3:af:dc:03:91:20:58:bf:b9:c8:ed:9a:aa:86:da:4e:23:eb:bc:62:3f:fc:42:06:9b:1e:9d:73:dd:f6:6f:24:31:83:6e:b9:ad:12:87:69:95:e4:fa:ac:b7:a6:2b:50:1f:33:71:cf:3d:9b:33:2c:02:38:f1:40:dd:cc:7c:4f:8d:a2:eb:f5:bc:54:9e:e5:f1:d2:a9:c6:65:a8:2a:c8:b1:13:cc:1f:cd:db:2c:51:15:21:95:fb:54:92:ff:46:13:30:a6:83:97:9d:c3:5a:bc:3d:5e:30:95:9d:86:41:3c:d8:94:81:b2:2d:a0:d6:ba:9e:44:68:99:cf:ef:d4:f3:c8:fa:13:bf:0d:c9:b2:a5:a7:71:1a:cc:03:84:06:ba:e6:7b:e2:81:96:dd:1b:28:91:e0:1c:5f:f5:b4:8c:94:49:75:b9:f4:e8:31:fe:40:4c:62:93:60:ca" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:31.285374000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495331.285374000", - "frame.time_delta": "0.061046000", - "frame.time_delta_displayed": "0.061046000", - "frame.time_relative": "1739.824688000", - "frame.number": "6071", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002d82", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037ce", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "17375", - "tcp.nxtseq": "17422", - "tcp.ack": "77559", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00003476", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:9e:61:00:27:58:8a", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812386913, TSecr 2578570": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812386913", - "tcp.options.timestamp.tsecr": "2578570" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "6070", - "tcp.analysis.ack_rtt": "0.061046000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:bf:07:94:1d:fa:94:c8:f0:8e:26:36:f7:d9:27:f2:de:cd:1b:2d:94:7a:2e:af:f2:18:43:b1:15:df:29:2d:48:6a:eb:8c" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:31.285822000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495331.285822000", - "frame.time_delta": "0.000448000", - "frame.time_delta_displayed": "0.000448000", - "frame.time_relative": "1739.825136000", - "frame.number": "6072", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000968e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000076f1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "77559", - "tcp.ack": "17422", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00003da2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:58:90:a7:a1:9e:61", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2578576, TSecr 2812386913": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2578576", - "tcp.options.timestamp.tsecr": "2812386913" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "6071", - "tcp.analysis.ack_rtt": "0.000448000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:31.888464000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495331.888464000", - "frame.time_delta": "0.602642000", - "frame.time_delta_displayed": "0.602642000", - "frame.time_relative": "1740.427778000", - "frame.number": "6073", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00004c6e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00006add", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "305", - "udp.checksum": "0x0000f985", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "88", - "http.prev_response_in": "6059" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:31.891919000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495331.891919000", - "frame.time_delta": "0.003455000", - "frame.time_delta_displayed": "0.003455000", - "frame.time_relative": "1740.431233000", - "frame.number": "6074", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001bca", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005c9d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54725", - "tcp.dstport": "80", - "tcp.port": "54725", - "tcp.port": "80", - "tcp.stream": "221", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x00006fa6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:31.892450000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495331.892450000", - "frame.time_delta": "0.000531000", - "frame.time_delta_displayed": "0.000531000", - "frame.time_relative": "1740.431764000", - "frame.number": "6075", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54725", - "tcp.port": "80", - "tcp.port": "54725", - "tcp.stream": "221", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00000883", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "6074", - "tcp.analysis.ack_rtt": "0.000531000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:31.896320000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495331.896320000", - "frame.time_delta": "0.003870000", - "frame.time_delta_displayed": "0.003870000", - "frame.time_relative": "1740.435634000", - "frame.number": "6076", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001bcb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005ca8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54725", - "tcp.dstport": "80", - "tcp.port": "54725", - "tcp.port": "80", - "tcp.stream": "221", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000ba61", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6075", - "tcp.analysis.ack_rtt": "0.003870000", - "tcp.analysis.initial_rtt": "0.004401000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:31.896998000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495331.896998000", - "frame.time_delta": "0.000678000", - "frame.time_delta_displayed": "0.000678000", - "frame.time_relative": "1740.436312000", - "frame.number": "6077", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001bcc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005c00", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54725", - "tcp.dstport": "80", - "tcp.port": "54725", - "tcp.port": "80", - "tcp.stream": "221", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000cfda", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004401000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:31.897492000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495331.897492000", - "frame.time_delta": "0.000494000", - "frame.time_delta_displayed": "0.000494000", - "frame.time_relative": "1740.436806000", - "frame.number": "6078", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000f233", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000c63f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54725", - "tcp.port": "80", - "tcp.port": "54725", - "tcp.stream": "221", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000abf2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6077", - "tcp.analysis.ack_rtt": "0.000494000", - "tcp.analysis.initial_rtt": "0.004401000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:31.898054000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495331.898054000", - "frame.time_delta": "0.000562000", - "frame.time_delta_displayed": "0.000562000", - "frame.time_relative": "1740.437368000", - "frame.number": "6079", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000f234", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000c62d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54725", - "tcp.port": "80", - "tcp.port": "54725", - "tcp.stream": "221", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000ec13", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004401000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:31.898486000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495331.898486000", - "frame.time_delta": "0.000432000", - "frame.time_delta_displayed": "0.000432000", - "frame.time_relative": "1740.437800000", - "frame.number": "6080", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000f235", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000c25a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54725", - "tcp.port": "80", - "tcp.port": "54725", - "tcp.stream": "221", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00003e7d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004401000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "6079", - "tcp.segment": "6080", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001488000", - "http.request_in": "6077", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:31.898904000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495331.898904000", - "frame.time_delta": "0.000418000", - "frame.time_delta_displayed": "0.000418000", - "frame.time_relative": "1740.438218000", - "frame.number": "6081", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000f236", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000c259", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54725", - "tcp.port": "80", - "tcp.port": "54725", - "tcp.stream": "221", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00003e7d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004401000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.out_of_order": "", - "_ws.expert.message": "This frame is a (suspected) out-of-order segment", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - } - } - }, - "_ws.malformed": { - "_ws.expert": { - "_ws.malformed.reassembly": "", - "_ws.expert.message": "New fragment overlaps old data (retransmission?)", - "_ws.expert.severity": "8388608", - "_ws.expert.group": "117440512" - }, - "_ws.malformed": "Malformed Packet" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:31.901464000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495331.901464000", - "frame.time_delta": "0.002560000", - "frame.time_delta_displayed": "0.002560000", - "frame.time_relative": "1740.440778000", - "frame.number": "6082", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001bcd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005c9a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54725", - "tcp.dstport": "80", - "tcp.port": "54725", - "tcp.port": "80", - "tcp.stream": "221", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00009bbb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:05:0a:07:40:e8:c9:07:40:ec:ac", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "SACK: 18-1013": { - "tcp.option_kind": "5", - "tcp.option_len": "10", - "tcp.options.sack": "1", - "tcp.options.sack_le": "18", - "tcp.options.sack_re": "1013", - "tcp.options.sack.count": "1" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "6080", - "tcp.analysis.ack_rtt": "0.002978000", - "tcp.analysis.initial_rtt": "0.004401000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:31.902431000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495331.902431000", - "frame.time_delta": "0.000967000", - "frame.time_delta_displayed": "0.000967000", - "frame.time_relative": "1740.441745000", - "frame.number": "6083", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001bce", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005ca5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54725", - "tcp.dstport": "80", - "tcp.port": "54725", - "tcp.port": "80", - "tcp.stream": "221", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000b5c8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:31.902874000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495331.902874000", - "frame.time_delta": "0.000443000", - "frame.time_delta_displayed": "0.000443000", - "frame.time_relative": "1740.442188000", - "frame.number": "6084", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002c82", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008bf1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54725", - "tcp.port": "80", - "tcp.port": "54725", - "tcp.stream": "221", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000a7fc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6083", - "tcp.analysis.ack_rtt": "0.000443000", - "tcp.analysis.initial_rtt": "0.004401000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:31.941410000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495331.941410000", - "frame.time_delta": "0.038536000", - "frame.time_delta_displayed": "0.038536000", - "frame.time_relative": "1740.480724000", - "frame.number": "6085", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00004c70", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00006ad2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "314", - "udp.checksum": "0x00000771", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "89", - "http.prev_response_in": "6073" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:31.948670000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495331.948670000", - "frame.time_delta": "0.007260000", - "frame.time_delta_displayed": "0.007260000", - "frame.time_relative": "1740.487984000", - "frame.number": "6086", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001bcf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005c98", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54726", - "tcp.dstport": "80", - "tcp.port": "54726", - "tcp.port": "80", - "tcp.stream": "222", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x0000167b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:31.949212000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495331.949212000", - "frame.time_delta": "0.000542000", - "frame.time_delta_displayed": "0.000542000", - "frame.time_relative": "1740.488526000", - "frame.number": "6087", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54726", - "tcp.port": "80", - "tcp.port": "54726", - "tcp.stream": "222", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000d25a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "6086", - "tcp.analysis.ack_rtt": "0.000542000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:31.956229000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495331.956229000", - "frame.time_delta": "0.007017000", - "frame.time_delta_displayed": "0.007017000", - "frame.time_relative": "1740.495543000", - "frame.number": "6088", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001bd0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005ca3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54726", - "tcp.dstport": "80", - "tcp.port": "54726", - "tcp.port": "80", - "tcp.stream": "222", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00008439", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6087", - "tcp.analysis.ack_rtt": "0.007017000", - "tcp.analysis.initial_rtt": "0.007559000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:31.956850000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495331.956850000", - "frame.time_delta": "0.000621000", - "frame.time_delta_displayed": "0.000621000", - "frame.time_relative": "1740.496164000", - "frame.number": "6089", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001bd1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005bfb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54726", - "tcp.dstport": "80", - "tcp.port": "54726", - "tcp.port": "80", - "tcp.stream": "222", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000099b2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.007559000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:31.957534000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495331.957534000", - "frame.time_delta": "0.000684000", - "frame.time_delta_displayed": "0.000684000", - "frame.time_relative": "1740.496848000", - "frame.number": "6090", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000dad9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000dd99", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54726", - "tcp.port": "80", - "tcp.port": "54726", - "tcp.stream": "222", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000075ca", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6089", - "tcp.analysis.ack_rtt": "0.000684000", - "tcp.analysis.initial_rtt": "0.007559000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:31.958104000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495331.958104000", - "frame.time_delta": "0.000570000", - "frame.time_delta_displayed": "0.000570000", - "frame.time_relative": "1740.497418000", - "frame.number": "6091", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000dada", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000dd87", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54726", - "tcp.port": "80", - "tcp.port": "54726", - "tcp.stream": "222", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000b5eb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.007559000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:31.958454000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495331.958454000", - "frame.time_delta": "0.000350000", - "frame.time_delta_displayed": "0.000350000", - "frame.time_relative": "1740.497768000", - "frame.number": "6092", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000dadb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d9b4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54726", - "tcp.port": "80", - "tcp.port": "54726", - "tcp.stream": "222", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00000855", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.007559000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "6091", - "tcp.segment": "6092", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001604000", - "http.request_in": "6089", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:31.959071000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495331.959071000", - "frame.time_delta": "0.000617000", - "frame.time_delta_displayed": "0.000617000", - "frame.time_relative": "1740.498385000", - "frame.number": "6093", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000dadc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d9b3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54726", - "tcp.port": "80", - "tcp.port": "54726", - "tcp.stream": "222", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00000855", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.007559000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.out_of_order": "", - "_ws.expert.message": "This frame is a (suspected) out-of-order segment", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - } - } - }, - "_ws.malformed": { - "_ws.expert": { - "_ws.malformed.reassembly": "", - "_ws.expert.message": "New fragment overlaps old data (retransmission?)", - "_ws.expert.severity": "8388608", - "_ws.expert.group": "117440512" - }, - "_ws.malformed": "Malformed Packet" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:31.960844000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495331.960844000", - "frame.time_delta": "0.001773000", - "frame.time_delta_displayed": "0.001773000", - "frame.time_relative": "1740.500158000", - "frame.number": "6094", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001bd2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005ca1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54726", - "tcp.dstport": "80", - "tcp.port": "54726", - "tcp.port": "80", - "tcp.stream": "222", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00007fa1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6092", - "tcp.analysis.ack_rtt": "0.002390000", - "tcp.analysis.initial_rtt": "0.007559000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:31.961495000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495331.961495000", - "frame.time_delta": "0.000651000", - "frame.time_delta_displayed": "0.000651000", - "frame.time_relative": "1740.500809000", - "frame.number": "6095", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001bd3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005ca0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54726", - "tcp.dstport": "80", - "tcp.port": "54726", - "tcp.port": "80", - "tcp.stream": "222", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00007fa0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:31.961944000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495331.961944000", - "frame.time_delta": "0.000449000", - "frame.time_delta_displayed": "0.000449000", - "frame.time_relative": "1740.501258000", - "frame.number": "6096", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002c87", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008bec", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54726", - "tcp.port": "80", - "tcp.port": "54726", - "tcp.stream": "222", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000071d4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6095", - "tcp.analysis.ack_rtt": "0.000449000", - "tcp.analysis.initial_rtt": "0.007559000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:31.964345000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495331.964345000", - "frame.time_delta": "0.002401000", - "frame.time_delta_displayed": "0.002401000", - "frame.time_relative": "1740.503659000", - "frame.number": "6097", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001bd4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005c93", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54726", - "tcp.dstport": "80", - "tcp.port": "54726", - "tcp.port": "80", - "tcp.stream": "222", - "tcp.len": "0", - "tcp.seq": "169", - "tcp.ack": "1014", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000ab98", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:05:0a:0c:ad:c0:59:0c:ad:c4:3c", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "SACK: 18-1013": { - "tcp.option_kind": "5", - "tcp.option_len": "10", - "tcp.options.sack": "1", - "tcp.options.sack_le": "18", - "tcp.options.sack_re": "1013", - "tcp.options.sack.count": "1" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.007559000", - "tcp.analysis.flags": { - "tcp.analysis.duplicate_ack": "" - }, - "tcp.analysis.duplicate_ack_num": "1", - "tcp.analysis.duplicate_ack_frame": "6094", - "tcp.analysis.duplicate_ack_frame_tree": { - "_ws.expert": { - "tcp.analysis.duplicate_ack": "", - "_ws.expert.message": "Duplicate ACK (#1)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:31.995402000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495331.995402000", - "frame.time_delta": "0.031057000", - "frame.time_delta_displayed": "0.031057000", - "frame.time_relative": "1740.534716000", - "frame.number": "6098", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00004c74", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00006ad4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "308", - "udp.checksum": "0x00002afb", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "90", - "http.prev_response_in": "6085" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:31.999284000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495331.999284000", - "frame.time_delta": "0.003882000", - "frame.time_delta_displayed": "0.003882000", - "frame.time_relative": "1740.538598000", - "frame.number": "6099", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001bd5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005c92", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54727", - "tcp.dstport": "80", - "tcp.port": "54727", - "tcp.port": "80", - "tcp.stream": "223", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x00008ee1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:31.999835000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495331.999835000", - "frame.time_delta": "0.000551000", - "frame.time_delta_displayed": "0.000551000", - "frame.time_relative": "1740.539149000", - "frame.number": "6100", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54727", - "tcp.port": "80", - "tcp.port": "54727", - "tcp.stream": "223", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000b585", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "6099", - "tcp.analysis.ack_rtt": "0.000551000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:32.002743000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495332.002743000", - "frame.time_delta": "0.002908000", - "frame.time_delta_displayed": "0.002908000", - "frame.time_relative": "1740.542057000", - "frame.number": "6101", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001bd6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005c9d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54727", - "tcp.dstport": "80", - "tcp.port": "54727", - "tcp.port": "80", - "tcp.stream": "223", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00006764", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6100", - "tcp.analysis.ack_rtt": "0.002908000", - "tcp.analysis.initial_rtt": "0.003459000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:32.003685000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495332.003685000", - "frame.time_delta": "0.000942000", - "frame.time_delta_displayed": "0.000942000", - "frame.time_relative": "1740.542999000", - "frame.number": "6102", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001bd7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005bf5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54727", - "tcp.dstport": "80", - "tcp.port": "54727", - "tcp.port": "80", - "tcp.stream": "223", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00007cdd", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003459000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:32.004168000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495332.004168000", - "frame.time_delta": "0.000483000", - "frame.time_delta_displayed": "0.000483000", - "frame.time_relative": "1740.543482000", - "frame.number": "6103", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000a0e5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000178e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54727", - "tcp.port": "80", - "tcp.port": "54727", - "tcp.stream": "223", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000058f5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6102", - "tcp.analysis.ack_rtt": "0.000483000", - "tcp.analysis.initial_rtt": "0.003459000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:32.004738000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495332.004738000", - "frame.time_delta": "0.000570000", - "frame.time_delta_displayed": "0.000570000", - "frame.time_relative": "1740.544052000", - "frame.number": "6104", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000a0e6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000177c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54727", - "tcp.port": "80", - "tcp.port": "54727", - "tcp.stream": "223", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00009916", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003459000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:32.005183000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495332.005183000", - "frame.time_delta": "0.000445000", - "frame.time_delta_displayed": "0.000445000", - "frame.time_relative": "1740.544497000", - "frame.number": "6105", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000a0e7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000013a9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54727", - "tcp.port": "80", - "tcp.port": "54727", - "tcp.stream": "223", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000eb7f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003459000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "6104", - "tcp.segment": "6105", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001498000", - "http.request_in": "6102", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:32.008605000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495332.008605000", - "frame.time_delta": "0.003422000", - "frame.time_delta_displayed": "0.003422000", - "frame.time_relative": "1740.547919000", - "frame.number": "6106", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001bd8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005c9b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54727", - "tcp.dstport": "80", - "tcp.port": "54727", - "tcp.port": "80", - "tcp.stream": "223", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000062cc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6105", - "tcp.analysis.ack_rtt": "0.003422000", - "tcp.analysis.initial_rtt": "0.003459000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:32.008912000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495332.008912000", - "frame.time_delta": "0.000307000", - "frame.time_delta_displayed": "0.000307000", - "frame.time_relative": "1740.548226000", - "frame.number": "6107", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000a0e8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000013a8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54727", - "tcp.port": "80", - "tcp.port": "54727", - "tcp.stream": "223", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000eb7f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003459000", - "tcp.analysis.bytes_in_flight": "996", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.spurious_retransmission": "", - "_ws.expert.message": "This frame is a (suspected) spurious retransmission", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - }, - "_ws.expert": { - "tcp.analysis.retransmission": "", - "_ws.expert.message": "This frame is a (suspected) retransmission", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - }, - "_ws.malformed": { - "_ws.expert": { - "_ws.malformed.reassembly": "", - "_ws.expert.message": "New fragment overlaps old data (retransmission?)", - "_ws.expert.severity": "8388608", - "_ws.expert.group": "117440512" - }, - "_ws.malformed": "Malformed Packet" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:32.009291000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495332.009291000", - "frame.time_delta": "0.000379000", - "frame.time_delta_displayed": "0.000379000", - "frame.time_relative": "1740.548605000", - "frame.number": "6108", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001bd9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005c9a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54727", - "tcp.dstport": "80", - "tcp.port": "54727", - "tcp.port": "80", - "tcp.stream": "223", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000062cb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6107", - "tcp.analysis.ack_rtt": "0.000379000", - "tcp.analysis.initial_rtt": "0.003459000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:32.009719000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495332.009719000", - "frame.time_delta": "0.000428000", - "frame.time_delta_displayed": "0.000428000", - "frame.time_relative": "1740.549033000", - "frame.number": "6109", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002c8a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008be9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54727", - "tcp.port": "80", - "tcp.port": "54727", - "tcp.stream": "223", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000054ff", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6108", - "tcp.analysis.ack_rtt": "0.000428000", - "tcp.analysis.initial_rtt": "0.003459000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:32.011858000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495332.011858000", - "frame.time_delta": "0.002139000", - "frame.time_delta_displayed": "0.002139000", - "frame.time_relative": "1740.551172000", - "frame.number": "6110", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001bda", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005c8d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54727", - "tcp.dstport": "80", - "tcp.port": "54727", - "tcp.port": "80", - "tcp.stream": "223", - "tcp.len": "0", - "tcp.seq": "169", - "tcp.ack": "1014", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000644c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:05:0a:a7:bd:ba:84:a7:bd:be:67", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "SACK: 18-1013": { - "tcp.option_kind": "5", - "tcp.option_len": "10", - "tcp.options.sack": "1", - "tcp.options.sack_le": "18", - "tcp.options.sack_re": "1013", - "tcp.options.sack.count": "1" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003459000", - "tcp.analysis.flags": { - "tcp.analysis.duplicate_ack": "" - }, - "tcp.analysis.duplicate_ack_num": "1", - "tcp.analysis.duplicate_ack_frame": "6106", - "tcp.analysis.duplicate_ack_frame_tree": { - "_ws.expert": { - "tcp.analysis.duplicate_ack": "", - "_ws.expert.message": "Duplicate ACK (#1)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:33.096204000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495333.096204000", - "frame.time_delta": "1.084346000", - "frame.time_delta_displayed": "1.084346000", - "frame.time_relative": "1741.635518000", - "frame.number": "6111", - "frame.len": "171", - "frame.cap_len": "171", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "157", - "ip.id": "0x00009bfb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x00002c5c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "3942", - "udp.dstport": "1900", - "udp.port": "3942", - "udp.port": "1900", - "udp.length": "137", - "udp.checksum": "0x00007fb2", - "udp.checksum.status": "2", - "udp.stream": "37" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.request.line": "ST: urn:schemas-upnp-org:device:MediaRenderer:1\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "31", - "http.prev_request_in": "5506" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:33.096362000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495333.096362000", - "frame.time_delta": "0.000158000", - "frame.time_delta_displayed": "0.000158000", - "frame.time_relative": "1741.635676000", - "frame.number": "6112", - "frame.len": "171", - "frame.cap_len": "171", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "157", - "ip.id": "0x00009bfc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x00002c5b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "3942", - "udp.dstport": "1900", - "udp.port": "3942", - "udp.port": "1900", - "udp.length": "137", - "udp.checksum": "0x00007fb2", - "udp.checksum.status": "2", - "udp.stream": "37" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.request.line": "ST: urn:schemas-upnp-org:device:MediaRenderer:1\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "32", - "http.prev_request_in": "6111" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:33.096571000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495333.096571000", - "frame.time_delta": "0.000209000", - "frame.time_delta_displayed": "0.000209000", - "frame.time_relative": "1741.635885000", - "frame.number": "6113", - "frame.len": "171", - "frame.cap_len": "171", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "157", - "ip.id": "0x00009bfd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x00002c5a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "3942", - "udp.dstport": "1900", - "udp.port": "3942", - "udp.port": "1900", - "udp.length": "137", - "udp.checksum": "0x00007fb2", - "udp.checksum.status": "2", - "udp.stream": "37" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.request.line": "ST: urn:schemas-upnp-org:device:MediaRenderer:1\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "33", - "http.prev_request_in": "6112" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:33.096714000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495333.096714000", - "frame.time_delta": "0.000143000", - "frame.time_delta_displayed": "0.000143000", - "frame.time_relative": "1741.636028000", - "frame.number": "6114", - "frame.len": "171", - "frame.cap_len": "171", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "157", - "ip.id": "0x00009bfe", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x00002c59", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "3942", - "udp.dstport": "1900", - "udp.port": "3942", - "udp.port": "1900", - "udp.length": "137", - "udp.checksum": "0x00007fb2", - "udp.checksum.status": "2", - "udp.stream": "37" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.request.line": "ST: urn:schemas-upnp-org:device:MediaRenderer:1\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "34", - "http.prev_request_in": "6113" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:33.096912000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495333.096912000", - "frame.time_delta": "0.000198000", - "frame.time_delta_displayed": "0.000198000", - "frame.time_relative": "1741.636226000", - "frame.number": "6115", - "frame.len": "171", - "frame.cap_len": "171", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "157", - "ip.id": "0x00009bff", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x00002c58", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "3942", - "udp.dstport": "1900", - "udp.port": "3942", - "udp.port": "1900", - "udp.length": "137", - "udp.checksum": "0x00007fb2", - "udp.checksum.status": "2", - "udp.stream": "37" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.request.line": "ST: urn:schemas-upnp-org:device:MediaRenderer:1\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "35", - "http.prev_request_in": "6114" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:33.097613000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495333.097613000", - "frame.time_delta": "0.000701000", - "frame.time_delta_displayed": "0.000701000", - "frame.time_relative": "1741.636927000", - "frame.number": "6116", - "frame.len": "169", - "frame.cap_len": "169", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "155", - "ip.id": "0x00009c00", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x00002c59", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "3942", - "udp.dstport": "1900", - "udp.port": "3942", - "udp.port": "1900", - "udp.length": "135", - "udp.checksum": "0x0000e016", - "udp.checksum.status": "2", - "udp.stream": "37" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.request.line": "ST: urn:schemas-upnp-org:device:MediaServer:1\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "36", - "http.prev_request_in": "6115" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:33.097767000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495333.097767000", - "frame.time_delta": "0.000154000", - "frame.time_delta_displayed": "0.000154000", - "frame.time_relative": "1741.637081000", - "frame.number": "6117", - "frame.len": "169", - "frame.cap_len": "169", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "155", - "ip.id": "0x00009c01", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x00002c58", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "3942", - "udp.dstport": "1900", - "udp.port": "3942", - "udp.port": "1900", - "udp.length": "135", - "udp.checksum": "0x0000e016", - "udp.checksum.status": "2", - "udp.stream": "37" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.request.line": "ST: urn:schemas-upnp-org:device:MediaServer:1\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "37", - "http.prev_request_in": "6116" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:33.098179000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495333.098179000", - "frame.time_delta": "0.000412000", - "frame.time_delta_displayed": "0.000412000", - "frame.time_relative": "1741.637493000", - "frame.number": "6118", - "frame.len": "169", - "frame.cap_len": "169", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "155", - "ip.id": "0x00009c02", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x00002c57", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "3942", - "udp.dstport": "1900", - "udp.port": "3942", - "udp.port": "1900", - "udp.length": "135", - "udp.checksum": "0x0000e016", - "udp.checksum.status": "2", - "udp.stream": "37" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.request.line": "ST: urn:schemas-upnp-org:device:MediaServer:1\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "38", - "http.prev_request_in": "6117" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:33.098320000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495333.098320000", - "frame.time_delta": "0.000141000", - "frame.time_delta_displayed": "0.000141000", - "frame.time_relative": "1741.637634000", - "frame.number": "6119", - "frame.len": "169", - "frame.cap_len": "169", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "155", - "ip.id": "0x00009c03", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x00002c56", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "3942", - "udp.dstport": "1900", - "udp.port": "3942", - "udp.port": "1900", - "udp.length": "135", - "udp.checksum": "0x0000e016", - "udp.checksum.status": "2", - "udp.stream": "37" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.request.line": "ST: urn:schemas-upnp-org:device:MediaServer:1\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "39", - "http.prev_request_in": "6118" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:33.099105000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495333.099105000", - "frame.time_delta": "0.000785000", - "frame.time_delta_displayed": "0.000785000", - "frame.time_relative": "1741.638419000", - "frame.number": "6120", - "frame.len": "169", - "frame.cap_len": "169", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "155", - "ip.id": "0x00009c04", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x00002c55", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "3942", - "udp.dstport": "1900", - "udp.port": "3942", - "udp.port": "1900", - "udp.length": "135", - "udp.checksum": "0x0000e016", - "udp.checksum.status": "2", - "udp.stream": "37" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.request.line": "ST: urn:schemas-upnp-org:device:MediaServer:1\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "40", - "http.prev_request_in": "6119" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:33.099250000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495333.099250000", - "frame.time_delta": "0.000145000", - "frame.time_delta_displayed": "0.000145000", - "frame.time_relative": "1741.638564000", - "frame.number": "6121", - "frame.len": "166", - "frame.cap_len": "166", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "152", - "ip.id": "0x00009c05", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x00002c57", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "3942", - "udp.dstport": "1900", - "udp.port": "3942", - "udp.port": "1900", - "udp.length": "132", - "udp.checksum": "0x00005fa7", - "udp.checksum.status": "2", - "udp.stream": "37" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.request.line": "ST: urn:samsung.com:device:ScreenSharing:1\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "41", - "http.prev_request_in": "6120" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:33.099446000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495333.099446000", - "frame.time_delta": "0.000196000", - "frame.time_delta_displayed": "0.000196000", - "frame.time_relative": "1741.638760000", - "frame.number": "6122", - "frame.len": "166", - "frame.cap_len": "166", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "152", - "ip.id": "0x00009c06", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x00002c56", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "3942", - "udp.dstport": "1900", - "udp.port": "3942", - "udp.port": "1900", - "udp.length": "132", - "udp.checksum": "0x00005fa7", - "udp.checksum.status": "2", - "udp.stream": "37" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.request.line": "ST: urn:samsung.com:device:ScreenSharing:1\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "42", - "http.prev_request_in": "6121" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:33.099589000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495333.099589000", - "frame.time_delta": "0.000143000", - "frame.time_delta_displayed": "0.000143000", - "frame.time_relative": "1741.638903000", - "frame.number": "6123", - "frame.len": "166", - "frame.cap_len": "166", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "152", - "ip.id": "0x00009c07", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x00002c55", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "3942", - "udp.dstport": "1900", - "udp.port": "3942", - "udp.port": "1900", - "udp.length": "132", - "udp.checksum": "0x00005fa7", - "udp.checksum.status": "2", - "udp.stream": "37" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.request.line": "ST: urn:samsung.com:device:ScreenSharing:1\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "43", - "http.prev_request_in": "6122" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:33.100302000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495333.100302000", - "frame.time_delta": "0.000713000", - "frame.time_delta_displayed": "0.000713000", - "frame.time_relative": "1741.639616000", - "frame.number": "6124", - "frame.len": "166", - "frame.cap_len": "166", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "152", - "ip.id": "0x00009c08", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x00002c54", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "3942", - "udp.dstport": "1900", - "udp.port": "3942", - "udp.port": "1900", - "udp.length": "132", - "udp.checksum": "0x00005fa7", - "udp.checksum.status": "2", - "udp.stream": "37" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.request.line": "ST: urn:samsung.com:device:ScreenSharing:1\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "44", - "http.prev_request_in": "6123" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:33.100452000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495333.100452000", - "frame.time_delta": "0.000150000", - "frame.time_delta_displayed": "0.000150000", - "frame.time_relative": "1741.639766000", - "frame.number": "6125", - "frame.len": "166", - "frame.cap_len": "166", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "152", - "ip.id": "0x00009c09", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x00002c53", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "3942", - "udp.dstport": "1900", - "udp.port": "3942", - "udp.port": "1900", - "udp.length": "132", - "udp.checksum": "0x00005fa7", - "udp.checksum.status": "2", - "udp.stream": "37" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.request.line": "ST: urn:samsung.com:device:ScreenSharing:1\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "45", - "http.prev_request_in": "6124" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:33.111728000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495333.111728000", - "frame.time_delta": "0.011276000", - "frame.time_delta_displayed": "0.011276000", - "frame.time_relative": "1741.651042000", - "frame.number": "6126", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:igmp:igmp" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_16", - "eth.addr": "01:00:5e:00:00:16", - "eth.addr_resolved": "IPv4mcast_16", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "24", - "ip.dsfield": "0x000000c0", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "48", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "2", - "ip.checksum": "0x000042fb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "224.0.0.22", - "ip.addr": "224.0.0.22", - "ip.dst_host": "224.0.0.22", - "ip.host": "224.0.0.22", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "Options: (4 bytes), Router Alert": { - "Router Alert (4 bytes): Router shall examine packet (0)": { - "ip.opt.type": "148", - "ip.opt.type_tree": { - "ip.opt.type.copy": "1", - "ip.opt.type.class": "0", - "ip.opt.type.number": "20" - }, - "ip.opt.len": "4", - "ip.opt.ra": "0" - } - } - }, - "igmp": { - "igmp.version": "3", - "igmp.type": "0x00000022", - "igmp.reserved": "00", - "igmp.checksum": "0x0000ea03", - "igmp.checksum.status": "1", - "igmp.reserved": "00:00", - "igmp.num_grp_recs": "1", - "Group Record : 239.255.255.250 Change To Exclude Mode": { - "igmp.record_type": "4", - "igmp.aux_data_len": "0", - "igmp.num_src": "0", - "igmp.maddr": "239.255.255.250" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:33.169438000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495333.169438000", - "frame.time_delta": "0.057710000", - "frame.time_delta_displayed": "0.057710000", - "frame.time_relative": "1741.708752000", - "frame.number": "6127", - "frame.len": "103", - "frame.cap_len": "103", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "89", - "ip.id": "0x0000537d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000861c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "69", - "udp.checksum": "0x00000e5b", - "udp.checksum.status": "2", - "udp.stream": "38" - }, - "mdns": { - "dns.id": "0x00000001", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_FFACD959._sub._googlecast._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_FFACD959._sub._googlecast._tcp.local", - "dns.qry.name.len": "37", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:33.176245000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495333.176245000", - "frame.time_delta": "0.006807000", - "frame.time_delta_displayed": "0.006807000", - "frame.time_relative": "1741.715559000", - "frame.number": "6128", - "frame.len": "62", - "frame.cap_len": "62", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:igmp:igmp" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_16", - "eth.addr": "01:00:5e:00:00:16", - "eth.addr_resolved": "IPv4mcast_16", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "24", - "ip.dsfield": "0x000000c0", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "48", - "ip.dsfield.ecn": "0" - }, - "ip.len": "48", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "2", - "ip.checksum": "0x000042f3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "224.0.0.22", - "ip.addr": "224.0.0.22", - "ip.dst_host": "224.0.0.22", - "ip.host": "224.0.0.22", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "Options: (4 bytes), Router Alert": { - "Router Alert (4 bytes): Router shall examine packet (0)": { - "ip.opt.type": "148", - "ip.opt.type_tree": { - "ip.opt.type.copy": "1", - "ip.opt.type.class": "0", - "ip.opt.type.number": "20" - }, - "ip.opt.len": "4", - "ip.opt.ra": "0" - } - } - }, - "igmp": { - "igmp.version": "3", - "igmp.type": "0x00000022", - "igmp.reserved": "00", - "igmp.checksum": "0x00000507", - "igmp.checksum.status": "1", - "igmp.reserved": "00:00", - "igmp.num_grp_recs": "2", - "Group Record : 224.0.0.251 Change To Exclude Mode": { - "igmp.record_type": "4", - "igmp.aux_data_len": "0", - "igmp.num_src": "0", - "igmp.maddr": "224.0.0.251" - }, - "Group Record : 239.255.255.250 Change To Exclude Mode": { - "igmp.record_type": "4", - "igmp.aux_data_len": "0", - "igmp.num_src": "0", - "igmp.maddr": "239.255.255.250" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:33.416102000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495333.416102000", - "frame.time_delta": "0.239857000", - "frame.time_delta_displayed": "0.239857000", - "frame.time_relative": "1741.955416000", - "frame.number": "6129", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:igmp:igmp" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_16", - "eth.addr": "01:00:5e:00:00:16", - "eth.addr_resolved": "IPv4mcast_16", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "24", - "ip.dsfield": "0x000000c0", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "48", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "2", - "ip.checksum": "0x000042fb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "224.0.0.22", - "ip.addr": "224.0.0.22", - "ip.dst_host": "224.0.0.22", - "ip.host": "224.0.0.22", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "Options: (4 bytes), Router Alert": { - "Router Alert (4 bytes): Router shall examine packet (0)": { - "ip.opt.type": "148", - "ip.opt.type_tree": { - "ip.opt.type.copy": "1", - "ip.opt.type.class": "0", - "ip.opt.type.number": "20" - }, - "ip.opt.len": "4", - "ip.opt.ra": "0" - } - } - }, - "igmp": { - "igmp.version": "3", - "igmp.type": "0x00000022", - "igmp.reserved": "00", - "igmp.checksum": "0x0000f902", - "igmp.checksum.status": "1", - "igmp.reserved": "00:00", - "igmp.num_grp_recs": "1", - "Group Record : 224.0.0.251 Change To Exclude Mode": { - "igmp.record_type": "4", - "igmp.aux_data_len": "0", - "igmp.num_src": "0", - "igmp.maddr": "224.0.0.251" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:34.099292000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495334.099292000", - "frame.time_delta": "0.683190000", - "frame.time_delta_displayed": "0.683190000", - "frame.time_relative": "1742.638606000", - "frame.number": "6130", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000528c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000064d5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "207", - "http.prev_response_in": "5805" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:34.152048000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495334.152048000", - "frame.time_delta": "0.052756000", - "frame.time_delta_displayed": "0.052756000", - "frame.time_relative": "1742.691362000", - "frame.number": "6131", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000528d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000064cb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "208", - "http.prev_response_in": "6130" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:34.195254000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495334.195254000", - "frame.time_delta": "0.043206000", - "frame.time_delta_displayed": "0.043206000", - "frame.time_relative": "1742.734568000", - "frame.number": "6132", - "frame.len": "103", - "frame.cap_len": "103", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "89", - "ip.id": "0x000053d0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000085c9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "69", - "udp.checksum": "0x00000f5a", - "udp.checksum.status": "2", - "udp.stream": "38" - }, - "mdns": { - "dns.id": "0x00000002", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_FFACD959._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_FFACD959._sub._googlecast._tcp.local", - "dns.qry.name.len": "37", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:34.204822000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495334.204822000", - "frame.time_delta": "0.009568000", - "frame.time_delta_displayed": "0.009568000", - "frame.time_relative": "1742.744136000", - "frame.number": "6133", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000528e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000064d0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "209", - "http.prev_response_in": "6131" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:34.208003000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495334.208003000", - "frame.time_delta": "0.003181000", - "frame.time_delta_displayed": "0.003181000", - "frame.time_relative": "1742.747317000", - "frame.number": "6134", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x0000fd19", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000bb5b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47533", - "tcp.dstport": "80", - "tcp.port": "47533", - "tcp.port": "80", - "tcp.stream": "224", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x0000d8d9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:7b:2b:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 949035, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "949035", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:34.208542000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495334.208542000", - "frame.time_delta": "0.000539000", - "frame.time_delta_displayed": "0.000539000", - "frame.time_relative": "1742.747856000", - "frame.number": "6135", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47533", - "tcp.port": "80", - "tcp.port": "47533", - "tcp.stream": "224", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00003fd8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "6134", - "tcp.analysis.ack_rtt": "0.000539000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:34.214589000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495334.214589000", - "frame.time_delta": "0.006047000", - "frame.time_delta_displayed": "0.006047000", - "frame.time_relative": "1742.753903000", - "frame.number": "6136", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000fd1a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000bb6e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47533", - "tcp.dstport": "80", - "tcp.port": "47533", - "tcp.port": "80", - "tcp.stream": "224", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000f15f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6135", - "tcp.analysis.ack_rtt": "0.006047000", - "tcp.analysis.initial_rtt": "0.006586000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:34.215170000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495334.215170000", - "frame.time_delta": "0.000581000", - "frame.time_delta_displayed": "0.000581000", - "frame.time_relative": "1742.754484000", - "frame.number": "6137", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x0000fd1b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000baad", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47533", - "tcp.dstport": "80", - "tcp.port": "47533", - "tcp.port": "80", - "tcp.stream": "224", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000050da", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.006586000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:34.215708000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495334.215708000", - "frame.time_delta": "0.000538000", - "frame.time_delta_displayed": "0.000538000", - "frame.time_relative": "1742.755022000", - "frame.number": "6138", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000051c5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000066c4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47533", - "tcp.port": "80", - "tcp.port": "47533", - "tcp.stream": "224", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000e32e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6137", - "tcp.analysis.ack_rtt": "0.000538000", - "tcp.analysis.initial_rtt": "0.006586000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:34.216451000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495334.216451000", - "frame.time_delta": "0.000743000", - "frame.time_delta_displayed": "0.000743000", - "frame.time_relative": "1742.755765000", - "frame.number": "6139", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x000051c6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000066b2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47533", - "tcp.port": "80", - "tcp.port": "47533", - "tcp.stream": "224", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00002350", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.006586000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:34.216793000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495334.216793000", - "frame.time_delta": "0.000342000", - "frame.time_delta_displayed": "0.000342000", - "frame.time_relative": "1742.756107000", - "frame.number": "6140", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x000051c7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000062df", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47533", - "tcp.port": "80", - "tcp.port": "47533", - "tcp.stream": "224", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000075b9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.006586000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "6139", - "tcp.segment": "6140", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001623000", - "http.request_in": "6137", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:34.220637000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495334.220637000", - "frame.time_delta": "0.003844000", - "frame.time_delta_displayed": "0.003844000", - "frame.time_relative": "1742.759951000", - "frame.number": "6141", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000fd1c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000bb6c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47533", - "tcp.dstport": "80", - "tcp.port": "47533", - "tcp.port": "80", - "tcp.stream": "224", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000f08e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6139", - "tcp.analysis.ack_rtt": "0.004186000", - "tcp.analysis.initial_rtt": "0.006586000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:34.220814000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495334.220814000", - "frame.time_delta": "0.000177000", - "frame.time_delta_displayed": "0.000177000", - "frame.time_relative": "1742.760128000", - "frame.number": "6142", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000fd1d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000bb6b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47533", - "tcp.dstport": "80", - "tcp.port": "47533", - "tcp.port": "80", - "tcp.stream": "224", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000eca3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6140", - "tcp.analysis.ack_rtt": "0.004021000", - "tcp.analysis.initial_rtt": "0.006586000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:34.226363000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495334.226363000", - "frame.time_delta": "0.005549000", - "frame.time_delta_displayed": "0.005549000", - "frame.time_relative": "1742.765677000", - "frame.number": "6143", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000fd1e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000bb6a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47533", - "tcp.dstport": "80", - "tcp.port": "47533", - "tcp.port": "80", - "tcp.stream": "224", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000eca2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:34.226834000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495334.226834000", - "frame.time_delta": "0.000471000", - "frame.time_delta_displayed": "0.000471000", - "frame.time_relative": "1742.766148000", - "frame.number": "6144", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000126a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a61f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47533", - "tcp.port": "80", - "tcp.port": "47533", - "tcp.stream": "224", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000df38", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6143", - "tcp.analysis.ack_rtt": "0.000471000", - "tcp.analysis.initial_rtt": "0.006586000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:34.230816000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495334.230816000", - "frame.time_delta": "0.003982000", - "frame.time_delta_displayed": "0.003982000", - "frame.time_relative": "1742.770130000", - "frame.number": "6145", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001fa1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000098e8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47533", - "tcp.dstport": "80", - "tcp.port": "47533", - "tcp.port": "80", - "tcp.stream": "224", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000bb32", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:34.618819000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495334.618819000", - "frame.time_delta": "0.388003000", - "frame.time_delta_displayed": "0.388003000", - "frame.time_relative": "1743.158133000", - "frame.number": "6146", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000581e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a673", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "5077", - "tcp.ack": "613", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f086", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive": "", - "_ws.expert.message": "TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:34.762069000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495334.762069000", - "frame.time_delta": "0.143250000", - "frame.time_delta_displayed": "0.143250000", - "frame.time_relative": "1743.301383000", - "frame.number": "6147", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001004", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fd8d", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "613", - "tcp.ack": "5078", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000fafb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive_ack": "", - "_ws.expert.message": "ACK to a TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:35.152129000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495335.152129000", - "frame.time_delta": "0.390060000", - "frame.time_delta_displayed": "0.390060000", - "frame.time_relative": "1743.691443000", - "frame.number": "6148", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x000052a1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000064c0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "210", - "http.prev_response_in": "6133" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:35.204403000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495335.204403000", - "frame.time_delta": "0.052274000", - "frame.time_delta_displayed": "0.052274000", - "frame.time_relative": "1743.743717000", - "frame.number": "6149", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x000052a2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000064b6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "211", - "http.prev_response_in": "6148" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:35.243076000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495335.243076000", - "frame.time_delta": "0.038673000", - "frame.time_delta_displayed": "0.038673000", - "frame.time_relative": "1743.782390000", - "frame.number": "6150", - "frame.len": "103", - "frame.cap_len": "103", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "89", - "ip.id": "0x00005404", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00008595", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "69", - "udp.checksum": "0x00000f59", - "udp.checksum.status": "2", - "udp.stream": "38" - }, - "mdns": { - "dns.id": "0x00000003", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_FFACD959._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_FFACD959._sub._googlecast._tcp.local", - "dns.qry.name.len": "37", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:35.249927000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495335.249927000", - "frame.time_delta": "0.006851000", - "frame.time_delta_displayed": "0.006851000", - "frame.time_relative": "1743.789241000", - "frame.number": "6151", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x0000c908", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ef6c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47536", - "tcp.dstport": "80", - "tcp.port": "47536", - "tcp.port": "80", - "tcp.stream": "225", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x00009be5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:7b:93:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 949139, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "949139", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:35.250487000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495335.250487000", - "frame.time_delta": "0.000560000", - "frame.time_delta_displayed": "0.000560000", - "frame.time_relative": "1743.789801000", - "frame.number": "6152", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47536", - "tcp.port": "80", - "tcp.port": "47536", - "tcp.stream": "225", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x000099b7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "6151", - "tcp.analysis.ack_rtt": "0.000560000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:35.253215000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495335.253215000", - "frame.time_delta": "0.002728000", - "frame.time_delta_displayed": "0.002728000", - "frame.time_relative": "1743.792529000", - "frame.number": "6153", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000c909", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ef7f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47536", - "tcp.dstport": "80", - "tcp.port": "47536", - "tcp.port": "80", - "tcp.stream": "225", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00004b3f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6152", - "tcp.analysis.ack_rtt": "0.002728000", - "tcp.analysis.initial_rtt": "0.003288000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:35.255312000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495335.255312000", - "frame.time_delta": "0.002097000", - "frame.time_delta_displayed": "0.002097000", - "frame.time_relative": "1743.794626000", - "frame.number": "6154", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x0000c90a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000eebe", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47536", - "tcp.dstport": "80", - "tcp.port": "47536", - "tcp.port": "80", - "tcp.stream": "225", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000aab9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003288000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:35.255810000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495335.255810000", - "frame.time_delta": "0.000498000", - "frame.time_delta_displayed": "0.000498000", - "frame.time_relative": "1743.795124000", - "frame.number": "6155", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000f17e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000c70a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47536", - "tcp.port": "80", - "tcp.port": "47536", - "tcp.stream": "225", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00003d0e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6154", - "tcp.analysis.ack_rtt": "0.000498000", - "tcp.analysis.initial_rtt": "0.003288000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:35.256456000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495335.256456000", - "frame.time_delta": "0.000646000", - "frame.time_delta_displayed": "0.000646000", - "frame.time_relative": "1743.795770000", - "frame.number": "6156", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000f17f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000c6f8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47536", - "tcp.port": "80", - "tcp.port": "47536", - "tcp.stream": "225", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00007d2f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003288000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:35.256810000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495335.256810000", - "frame.time_delta": "0.000354000", - "frame.time_delta_displayed": "0.000354000", - "frame.time_relative": "1743.796124000", - "frame.number": "6157", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000f180", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000c325", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47536", - "tcp.port": "80", - "tcp.port": "47536", - "tcp.stream": "225", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000cf98", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003288000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "6156", - "tcp.segment": "6157", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001498000", - "http.request_in": "6154", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:35.257205000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495335.257205000", - "frame.time_delta": "0.000395000", - "frame.time_delta_displayed": "0.000395000", - "frame.time_relative": "1743.796519000", - "frame.number": "6158", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x000052a7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000064b7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "212", - "http.prev_response_in": "6149" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:35.258898000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495335.258898000", - "frame.time_delta": "0.001693000", - "frame.time_delta_displayed": "0.001693000", - "frame.time_relative": "1743.798212000", - "frame.number": "6159", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000f181", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000c324", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47536", - "tcp.port": "80", - "tcp.port": "47536", - "tcp.stream": "225", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000cf98", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003288000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.out_of_order": "", - "_ws.expert.message": "This frame is a (suspected) out-of-order segment", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - } - } - }, - "_ws.malformed": { - "_ws.expert": { - "_ws.malformed.reassembly": "", - "_ws.expert.message": "New fragment overlaps old data (retransmission?)", - "_ws.expert.severity": "8388608", - "_ws.expert.group": "117440512" - }, - "_ws.malformed": "Malformed Packet" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:35.260687000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495335.260687000", - "frame.time_delta": "0.001789000", - "frame.time_delta_displayed": "0.001789000", - "frame.time_relative": "1743.800001000", - "frame.number": "6160", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000c90b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ef7d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47536", - "tcp.dstport": "80", - "tcp.port": "47536", - "tcp.port": "80", - "tcp.stream": "225", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00004a6e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6156", - "tcp.analysis.ack_rtt": "0.004231000", - "tcp.analysis.initial_rtt": "0.003288000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:35.260885000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495335.260885000", - "frame.time_delta": "0.000198000", - "frame.time_delta_displayed": "0.000198000", - "frame.time_relative": "1743.800199000", - "frame.number": "6161", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000c90c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ef7c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47536", - "tcp.dstport": "80", - "tcp.port": "47536", - "tcp.port": "80", - "tcp.stream": "225", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00004683", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6157", - "tcp.analysis.ack_rtt": "0.004075000", - "tcp.analysis.initial_rtt": "0.003288000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:35.261315000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495335.261315000", - "frame.time_delta": "0.000430000", - "frame.time_delta_displayed": "0.000430000", - "frame.time_relative": "1743.800629000", - "frame.number": "6162", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000c90d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ef7b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47536", - "tcp.dstport": "80", - "tcp.port": "47536", - "tcp.port": "80", - "tcp.stream": "225", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00004682", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:35.261757000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495335.261757000", - "frame.time_delta": "0.000442000", - "frame.time_delta_displayed": "0.000442000", - "frame.time_relative": "1743.801071000", - "frame.number": "6163", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000012b2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a5d7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47536", - "tcp.port": "80", - "tcp.port": "47536", - "tcp.stream": "225", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00003918", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6162", - "tcp.analysis.ack_rtt": "0.000442000", - "tcp.analysis.initial_rtt": "0.003288000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:35.262087000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495335.262087000", - "frame.time_delta": "0.000330000", - "frame.time_delta_displayed": "0.000330000", - "frame.time_relative": "1743.801401000", - "frame.number": "6164", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001fcb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000098be", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47536", - "tcp.dstport": "80", - "tcp.port": "47536", - "tcp.port": "80", - "tcp.stream": "225", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00007ea7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:35.265270000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495335.265270000", - "frame.time_delta": "0.003183000", - "frame.time_delta_displayed": "0.003183000", - "frame.time_relative": "1743.804584000", - "frame.number": "6165", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001fcc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000098bd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47536", - "tcp.dstport": "80", - "tcp.port": "47536", - "tcp.port": "80", - "tcp.stream": "225", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00007ea6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:35.520444000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495335.520444000", - "frame.time_delta": "0.255174000", - "frame.time_delta_displayed": "0.255174000", - "frame.time_relative": "1744.059758000", - "frame.number": "6166", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x000052ba", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000064a7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "213", - "http.prev_response_in": "6158" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:35.573230000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495335.573230000", - "frame.time_delta": "0.052786000", - "frame.time_delta_displayed": "0.052786000", - "frame.time_relative": "1744.112544000", - "frame.number": "6167", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x000052bf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00006499", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "214", - "http.prev_response_in": "6166" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:35.626059000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495335.626059000", - "frame.time_delta": "0.052829000", - "frame.time_delta_displayed": "0.052829000", - "frame.time_relative": "1744.165373000", - "frame.number": "6168", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x000052c2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000649c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "215", - "http.prev_response_in": "6167" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:35.628465000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495335.628465000", - "frame.time_delta": "0.002406000", - "frame.time_delta_displayed": "0.002406000", - "frame.time_relative": "1744.167779000", - "frame.number": "6169", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x0000add7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000a9e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47537", - "tcp.dstport": "80", - "tcp.port": "47537", - "tcp.port": "80", - "tcp.stream": "226", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x00002cce", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:7b:b9:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 949177, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "949177", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:35.629009000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495335.629009000", - "frame.time_delta": "0.000544000", - "frame.time_delta_displayed": "0.000544000", - "frame.time_relative": "1744.168323000", - "frame.number": "6170", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47537", - "tcp.port": "80", - "tcp.port": "47537", - "tcp.stream": "226", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00005026", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "6169", - "tcp.analysis.ack_rtt": "0.000544000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:35.631951000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495335.631951000", - "frame.time_delta": "0.002942000", - "frame.time_delta_displayed": "0.002942000", - "frame.time_relative": "1744.171265000", - "frame.number": "6171", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000add8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000ab1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47537", - "tcp.dstport": "80", - "tcp.port": "47537", - "tcp.port": "80", - "tcp.stream": "226", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000001ae", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6170", - "tcp.analysis.ack_rtt": "0.002942000", - "tcp.analysis.initial_rtt": "0.003486000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:35.635490000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495335.635490000", - "frame.time_delta": "0.003539000", - "frame.time_delta_displayed": "0.003539000", - "frame.time_relative": "1744.174804000", - "frame.number": "6172", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x0000add9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000009f0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47537", - "tcp.dstport": "80", - "tcp.port": "47537", - "tcp.port": "80", - "tcp.stream": "226", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00006128", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003486000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:35.635982000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495335.635982000", - "frame.time_delta": "0.000492000", - "frame.time_delta_displayed": "0.000492000", - "frame.time_relative": "1744.175296000", - "frame.number": "6173", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000be8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000aca1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47537", - "tcp.port": "80", - "tcp.port": "47537", - "tcp.stream": "226", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000f37c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6172", - "tcp.analysis.ack_rtt": "0.000492000", - "tcp.analysis.initial_rtt": "0.003486000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:35.636711000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495335.636711000", - "frame.time_delta": "0.000729000", - "frame.time_delta_displayed": "0.000729000", - "frame.time_relative": "1744.176025000", - "frame.number": "6174", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00000be9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ac8f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47537", - "tcp.port": "80", - "tcp.port": "47537", - "tcp.stream": "226", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000339e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003486000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:35.637068000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495335.637068000", - "frame.time_delta": "0.000357000", - "frame.time_delta_displayed": "0.000357000", - "frame.time_relative": "1744.176382000", - "frame.number": "6175", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00000bea", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a8bc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47537", - "tcp.port": "80", - "tcp.port": "47537", - "tcp.stream": "226", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00008607", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003486000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "6174", - "tcp.segment": "6175", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001578000", - "http.request_in": "6172", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:35.638895000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495335.638895000", - "frame.time_delta": "0.001827000", - "frame.time_delta_displayed": "0.001827000", - "frame.time_relative": "1744.178209000", - "frame.number": "6176", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00000beb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a8bb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47537", - "tcp.port": "80", - "tcp.port": "47537", - "tcp.stream": "226", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00008607", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003486000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.out_of_order": "", - "_ws.expert.message": "This frame is a (suspected) out-of-order segment", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - } - } - }, - "_ws.malformed": { - "_ws.expert": { - "_ws.malformed.reassembly": "", - "_ws.expert.message": "New fragment overlaps old data (retransmission?)", - "_ws.expert.severity": "8388608", - "_ws.expert.group": "117440512" - }, - "_ws.malformed": "Malformed Packet" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:35.642604000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495335.642604000", - "frame.time_delta": "0.003709000", - "frame.time_delta_displayed": "0.003709000", - "frame.time_relative": "1744.181918000", - "frame.number": "6177", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000adda", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000aaf", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47537", - "tcp.dstport": "80", - "tcp.port": "47537", - "tcp.port": "80", - "tcp.stream": "226", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000000dd", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6174", - "tcp.analysis.ack_rtt": "0.005893000", - "tcp.analysis.initial_rtt": "0.003486000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:35.643276000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495335.643276000", - "frame.time_delta": "0.000672000", - "frame.time_delta_displayed": "0.000672000", - "frame.time_relative": "1744.182590000", - "frame.number": "6178", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000addb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000aae", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47537", - "tcp.dstport": "80", - "tcp.port": "47537", - "tcp.port": "80", - "tcp.stream": "226", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000fcf1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6175", - "tcp.analysis.ack_rtt": "0.006208000", - "tcp.analysis.initial_rtt": "0.003486000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:35.643404000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495335.643404000", - "frame.time_delta": "0.000128000", - "frame.time_delta_displayed": "0.000128000", - "frame.time_relative": "1744.182718000", - "frame.number": "6179", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000addc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000aa1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47537", - "tcp.dstport": "80", - "tcp.port": "47537", - "tcp.port": "80", - "tcp.stream": "226", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000a80a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:05:0a:f5:7b:17:fa:f5:7b:1b:de", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "SACK: 18-1014": { - "tcp.option_kind": "5", - "tcp.option_len": "10", - "tcp.options.sack": "1", - "tcp.options.sack_le": "18", - "tcp.options.sack_re": "1014", - "tcp.options.sack.count": "1" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003486000", - "tcp.analysis.flags": { - "tcp.analysis.duplicate_ack": "" - }, - "tcp.analysis.duplicate_ack_num": "1", - "tcp.analysis.duplicate_ack_frame": "6178", - "tcp.analysis.duplicate_ack_frame_tree": { - "_ws.expert": { - "tcp.analysis.duplicate_ack": "", - "_ws.expert.message": "Duplicate ACK (#1)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:35.644425000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495335.644425000", - "frame.time_delta": "0.001021000", - "frame.time_delta_displayed": "0.001021000", - "frame.time_relative": "1744.183739000", - "frame.number": "6180", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000addd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000aac", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47537", - "tcp.dstport": "80", - "tcp.port": "47537", - "tcp.port": "80", - "tcp.stream": "226", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000fcf0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:35.644871000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495335.644871000", - "frame.time_delta": "0.000446000", - "frame.time_delta_displayed": "0.000446000", - "frame.time_relative": "1744.184185000", - "frame.number": "6181", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000012b8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a5d1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47537", - "tcp.port": "80", - "tcp.port": "47537", - "tcp.stream": "226", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000ef86", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6180", - "tcp.analysis.ack_rtt": "0.000446000", - "tcp.analysis.initial_rtt": "0.003486000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:35.648864000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495335.648864000", - "frame.time_delta": "0.003993000", - "frame.time_delta_displayed": "0.003993000", - "frame.time_relative": "1744.188178000", - "frame.number": "6182", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001feb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000989e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47537", - "tcp.dstport": "80", - "tcp.port": "47537", - "tcp.port": "80", - "tcp.stream": "226", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00000fb5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:36.188391000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495336.188391000", - "frame.time_delta": "0.539527000", - "frame.time_delta_displayed": "0.539527000", - "frame.time_relative": "1744.727705000", - "frame.number": "6183", - "frame.len": "174", - "frame.cap_len": "174", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:01", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01", - "eth.addr": "33:33:00:00:00:01", - "eth.addr_resolved": "IPv6mcast_01", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00016898", - "ipv6.plen": "120", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "fe80::b2b9:8aff:fe73:698e", - "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.dst": "ff02::1", - "ipv6.addr": "ff02::1", - "ipv6.dst_host": "ff02::1", - "ipv6.host": "ff02::1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "134", - "icmpv6.code": "0", - "icmpv6.checksum": "0x00006442", - "icmpv6.checksum.status": "1", - "icmpv6.nd.ra.cur_hop_limit": "64", - "icmpv6.nd.ra.flag": "0x000000c0", - "icmpv6.nd.ra.flag_tree": { - "icmpv6.nd.ra.flag.m": "1", - "icmpv6.nd.ra.flag.o": "1", - "icmpv6.nd.ra.flag.h": "0", - "icmpv6.nd.ra.flag.prf": "0", - "icmpv6.nd.ra.flag.p": "0", - "icmpv6.nd.ra.flag.rsv": "0" - }, - "icmpv6.nd.ra.router_lifetime": "0", - "icmpv6.nd.ra.reachable_time": "0", - "icmpv6.nd.ra.retrans_timer": "0", - "icmpv6.opt": { - "icmpv6.opt.type": "1", - "icmpv6.opt.length": "1", - "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", - "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "5", - "icmpv6.opt.length": "1", - "icmpv6.opt.reserved": "", - "icmpv6.opt.mtu": "1500" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "3", - "icmpv6.opt.length": "4", - "icmpv6.opt.prefix.length": "64", - "icmpv6.opt.prefix.flag": "0x000000c0", - "icmpv6.opt.prefix.flag_tree": { - "icmpv6.opt.prefix.flag.l": "1", - "icmpv6.opt.prefix.flag.a": "1", - "icmpv6.opt.prefix.flag.r": "0", - "icmpv6.opt.prefix.flag.reserved": "0" - }, - "icmpv6.opt.prefix.valid_lifetime": "4294967295", - "icmpv6.opt.prefix.preferred_lifetime": "4294967295", - "icmpv6.opt.reserved": "", - "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "24", - "icmpv6.opt.length": "3", - "icmpv6.opt.prefix.length": "48", - "icmpv6.opt.route_info.flag": "0x00000000", - "icmpv6.opt.route_info.flag_tree": { - "icmpv6.opt.route_info.flag.route_preference": "0", - "icmpv6.opt.route_info.flag.reserved": "0" - }, - "icmpv6.opt.route_lifetime": "4294967295", - "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "25", - "icmpv6.opt.length": "3", - "icmpv6.opt.reserved": "", - "icmpv6.opt.rdnss.lifetime": "6000", - "icmpv6.opt.rdnss": "fd1e:4e89:3b7b::1" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "7", - "icmpv6.opt.length": "1", - "icmpv6.opt.reserved": "", - "icmpv6.opt.advertisement_interval": "600000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:36.290717000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495336.290717000", - "frame.time_delta": "0.102326000", - "frame.time_delta_displayed": "0.102326000", - "frame.time_relative": "1744.830031000", - "frame.number": "6184", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.242" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:36.291162000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495336.291162000", - "frame.time_delta": "0.000445000", - "frame.time_delta_displayed": "0.000445000", - "frame.time_relative": "1744.830476000", - "frame.number": "6185", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "d0:52:a8:a3:60:0f", - "arp.src.proto_ipv4": "192.168.0.242", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:36.574065000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495336.574065000", - "frame.time_delta": "0.282903000", - "frame.time_delta_displayed": "0.282903000", - "frame.time_relative": "1745.113379000", - "frame.number": "6186", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x000052f5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000646c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "216", - "http.prev_response_in": "6168" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:36.579313000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495336.579313000", - "frame.time_delta": "0.005248000", - "frame.time_delta_displayed": "0.005248000", - "frame.time_relative": "1745.118627000", - "frame.number": "6187", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x0000247c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000093f9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47538", - "tcp.dstport": "80", - "tcp.port": "47538", - "tcp.port": "80", - "tcp.stream": "227", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x0000f777", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:7c:18:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 949272, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "949272", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:36.579860000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495336.579860000", - "frame.time_delta": "0.000547000", - "frame.time_delta_displayed": "0.000547000", - "frame.time_relative": "1745.119174000", - "frame.number": "6188", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47538", - "tcp.port": "80", - "tcp.port": "47538", - "tcp.stream": "227", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000c2e5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "6187", - "tcp.analysis.ack_rtt": "0.000547000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:36.582440000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495336.582440000", - "frame.time_delta": "0.002580000", - "frame.time_delta_displayed": "0.002580000", - "frame.time_relative": "1745.121754000", - "frame.number": "6189", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000247d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000940c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47538", - "tcp.dstport": "80", - "tcp.port": "47538", - "tcp.port": "80", - "tcp.stream": "227", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000746d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6188", - "tcp.analysis.ack_rtt": "0.002580000", - "tcp.analysis.initial_rtt": "0.003127000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:36.582578000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495336.582578000", - "frame.time_delta": "0.000138000", - "frame.time_delta_displayed": "0.000138000", - "frame.time_relative": "1745.121892000", - "frame.number": "6190", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x0000247e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000934b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47538", - "tcp.dstport": "80", - "tcp.port": "47538", - "tcp.port": "80", - "tcp.stream": "227", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000d3e7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003127000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:36.583023000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495336.583023000", - "frame.time_delta": "0.000445000", - "frame.time_delta_displayed": "0.000445000", - "frame.time_relative": "1745.122337000", - "frame.number": "6191", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000063ef", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000549a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47538", - "tcp.port": "80", - "tcp.port": "47538", - "tcp.stream": "227", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000663c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6190", - "tcp.analysis.ack_rtt": "0.000445000", - "tcp.analysis.initial_rtt": "0.003127000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:36.583700000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495336.583700000", - "frame.time_delta": "0.000677000", - "frame.time_delta_displayed": "0.000677000", - "frame.time_relative": "1745.123014000", - "frame.number": "6192", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x000063f0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005488", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47538", - "tcp.port": "80", - "tcp.port": "47538", - "tcp.stream": "227", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000a65d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003127000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:36.584055000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495336.584055000", - "frame.time_delta": "0.000355000", - "frame.time_delta_displayed": "0.000355000", - "frame.time_relative": "1745.123369000", - "frame.number": "6193", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x000063f1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000050b5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47538", - "tcp.port": "80", - "tcp.port": "47538", - "tcp.stream": "227", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000f8c6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003127000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "6192", - "tcp.segment": "6193", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001477000", - "http.request_in": "6190", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:36.586260000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495336.586260000", - "frame.time_delta": "0.002205000", - "frame.time_delta_displayed": "0.002205000", - "frame.time_relative": "1745.125574000", - "frame.number": "6194", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000247f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000940a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47538", - "tcp.dstport": "80", - "tcp.port": "47538", - "tcp.port": "80", - "tcp.stream": "227", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000739c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6192", - "tcp.analysis.ack_rtt": "0.002560000", - "tcp.analysis.initial_rtt": "0.003127000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:36.626982000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495336.626982000", - "frame.time_delta": "0.040722000", - "frame.time_delta_displayed": "0.040722000", - "frame.time_relative": "1745.166296000", - "frame.number": "6195", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x000052f8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00006460", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "217", - "http.prev_response_in": "6186" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:36.654057000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495336.654057000", - "frame.time_delta": "0.027075000", - "frame.time_delta_displayed": "0.027075000", - "frame.time_relative": "1745.193371000", - "frame.number": "6196", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005e4b", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x0000599e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:36.674668000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495336.674668000", - "frame.time_delta": "0.020611000", - "frame.time_delta_displayed": "0.020611000", - "frame.time_relative": "1745.213982000", - "frame.number": "6197", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x00002115", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e6ff", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "49741", - "udp.dstport": "1900", - "udp.port": "49741", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x00008810", - "udp.checksum.status": "2", - "udp.stream": "135" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:36.679955000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495336.679955000", - "frame.time_delta": "0.005287000", - "frame.time_delta_displayed": "0.005287000", - "frame.time_relative": "1745.219269000", - "frame.number": "6198", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x000052fa", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00006464", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "218", - "http.prev_response_in": "6195" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:36.771465000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495336.771465000", - "frame.time_delta": "0.091510000", - "frame.time_delta_displayed": "0.091510000", - "frame.time_relative": "1745.310779000", - "frame.number": "6199", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002480", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009409", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47538", - "tcp.dstport": "80", - "tcp.port": "47538", - "tcp.port": "80", - "tcp.stream": "227", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00006fb1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6193", - "tcp.analysis.ack_rtt": "0.187410000", - "tcp.analysis.initial_rtt": "0.003127000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:36.771600000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495336.771600000", - "frame.time_delta": "0.000135000", - "frame.time_delta_displayed": "0.000135000", - "frame.time_relative": "1745.310914000", - "frame.number": "6200", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002481", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009408", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47538", - "tcp.dstport": "80", - "tcp.port": "47538", - "tcp.port": "80", - "tcp.stream": "227", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00006fb0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:36.772042000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495336.772042000", - "frame.time_delta": "0.000442000", - "frame.time_delta_displayed": "0.000442000", - "frame.time_relative": "1745.311356000", - "frame.number": "6201", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000012c3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a5c6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47538", - "tcp.port": "80", - "tcp.port": "47538", - "tcp.stream": "227", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00006246", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6200", - "tcp.analysis.ack_rtt": "0.000442000", - "tcp.analysis.initial_rtt": "0.003127000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:36.774236000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495336.774236000", - "frame.time_delta": "0.002194000", - "frame.time_delta_displayed": "0.002194000", - "frame.time_relative": "1745.313550000", - "frame.number": "6202", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x00005392", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000064e3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47539", - "tcp.dstport": "80", - "tcp.port": "47539", - "tcp.port": "80", - "tcp.stream": "228", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x00003f72", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:7c:2c:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 949292, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "949292", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:36.774757000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495336.774757000", - "frame.time_delta": "0.000521000", - "frame.time_delta_displayed": "0.000521000", - "frame.time_relative": "1745.314071000", - "frame.number": "6203", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47539", - "tcp.port": "80", - "tcp.port": "47539", - "tcp.stream": "228", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000b2e8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "6202", - "tcp.analysis.ack_rtt": "0.000521000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:36.775139000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495336.775139000", - "frame.time_delta": "0.000382000", - "frame.time_delta_displayed": "0.000382000", - "frame.time_relative": "1745.314453000", - "frame.number": "6204", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002059", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009830", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47538", - "tcp.dstport": "80", - "tcp.port": "47538", - "tcp.port": "80", - "tcp.stream": "227", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000dabd", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:36.778484000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495336.778484000", - "frame.time_delta": "0.003345000", - "frame.time_delta_displayed": "0.003345000", - "frame.time_relative": "1745.317798000", - "frame.number": "6205", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005393", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000064f6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47539", - "tcp.dstport": "80", - "tcp.port": "47539", - "tcp.port": "80", - "tcp.stream": "228", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00006470", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6203", - "tcp.analysis.ack_rtt": "0.003727000", - "tcp.analysis.initial_rtt": "0.004248000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:36.780555000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495336.780555000", - "frame.time_delta": "0.002071000", - "frame.time_delta_displayed": "0.002071000", - "frame.time_relative": "1745.319869000", - "frame.number": "6206", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x00005394", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006435", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47539", - "tcp.dstport": "80", - "tcp.port": "47539", - "tcp.port": "80", - "tcp.stream": "228", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000c3ea", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004248000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:36.781074000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495336.781074000", - "frame.time_delta": "0.000519000", - "frame.time_delta_displayed": "0.000519000", - "frame.time_relative": "1745.320388000", - "frame.number": "6207", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000eca6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000cbe2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47539", - "tcp.port": "80", - "tcp.port": "47539", - "tcp.stream": "228", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000563f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6206", - "tcp.analysis.ack_rtt": "0.000519000", - "tcp.analysis.initial_rtt": "0.004248000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:36.781786000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495336.781786000", - "frame.time_delta": "0.000712000", - "frame.time_delta_displayed": "0.000712000", - "frame.time_relative": "1745.321100000", - "frame.number": "6208", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000eca7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000cbd0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47539", - "tcp.port": "80", - "tcp.port": "47539", - "tcp.stream": "228", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00009660", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004248000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:36.782142000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495336.782142000", - "frame.time_delta": "0.000356000", - "frame.time_delta_displayed": "0.000356000", - "frame.time_relative": "1745.321456000", - "frame.number": "6209", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000eca8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000c7fd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47539", - "tcp.port": "80", - "tcp.port": "47539", - "tcp.stream": "228", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000e8c9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004248000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "6208", - "tcp.segment": "6209", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001587000", - "http.request_in": "6206", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:36.785028000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495336.785028000", - "frame.time_delta": "0.002886000", - "frame.time_delta_displayed": "0.002886000", - "frame.time_relative": "1745.324342000", - "frame.number": "6210", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005395", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000064f4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47539", - "tcp.dstport": "80", - "tcp.port": "47539", - "tcp.port": "80", - "tcp.stream": "228", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000639f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6208", - "tcp.analysis.ack_rtt": "0.003242000", - "tcp.analysis.initial_rtt": "0.004248000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:36.785141000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495336.785141000", - "frame.time_delta": "0.000113000", - "frame.time_delta_displayed": "0.000113000", - "frame.time_relative": "1745.324455000", - "frame.number": "6211", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005396", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000064f3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47539", - "tcp.dstport": "80", - "tcp.port": "47539", - "tcp.port": "80", - "tcp.stream": "228", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00005fb4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6209", - "tcp.analysis.ack_rtt": "0.002999000", - "tcp.analysis.initial_rtt": "0.004248000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:36.790200000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495336.790200000", - "frame.time_delta": "0.005059000", - "frame.time_delta_displayed": "0.005059000", - "frame.time_relative": "1745.329514000", - "frame.number": "6212", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005397", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000064f2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47539", - "tcp.dstport": "80", - "tcp.port": "47539", - "tcp.port": "80", - "tcp.stream": "228", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00005fb3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:36.790673000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495336.790673000", - "frame.time_delta": "0.000473000", - "frame.time_delta_displayed": "0.000473000", - "frame.time_relative": "1745.329987000", - "frame.number": "6213", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000012c4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a5c5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47539", - "tcp.port": "80", - "tcp.port": "47539", - "tcp.stream": "228", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00005249", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6212", - "tcp.analysis.ack_rtt": "0.000473000", - "tcp.analysis.initial_rtt": "0.004248000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:36.793866000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495336.793866000", - "frame.time_delta": "0.003193000", - "frame.time_delta_displayed": "0.003193000", - "frame.time_relative": "1745.333180000", - "frame.number": "6214", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000205a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000982f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47539", - "tcp.dstport": "80", - "tcp.port": "47539", - "tcp.port": "80", - "tcp.stream": "228", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000022cc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:37.364397000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495337.364397000", - "frame.time_delta": "0.570531000", - "frame.time_delta_displayed": "0.570531000", - "frame.time_relative": "1745.903711000", - "frame.number": "6215", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000530d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00006454", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "219", - "http.prev_response_in": "6198" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:37.417171000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495337.417171000", - "frame.time_delta": "0.052774000", - "frame.time_delta_displayed": "0.052774000", - "frame.time_relative": "1745.956485000", - "frame.number": "6216", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000530f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00006449", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "220", - "http.prev_response_in": "6215" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:37.470087000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495337.470087000", - "frame.time_delta": "0.052916000", - "frame.time_delta_displayed": "0.052916000", - "frame.time_relative": "1746.009401000", - "frame.number": "6217", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00005311", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000644d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "221", - "http.prev_response_in": "6216" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:37.472429000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495337.472429000", - "frame.time_delta": "0.002342000", - "frame.time_delta_displayed": "0.002342000", - "frame.time_relative": "1746.011743000", - "frame.number": "6218", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x0000163e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a237", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47540", - "tcp.dstport": "80", - "tcp.port": "47540", - "tcp.port": "80", - "tcp.stream": "229", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x00007d0e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:7c:68:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 949352, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "949352", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:37.473071000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495337.473071000", - "frame.time_delta": "0.000642000", - "frame.time_delta_displayed": "0.000642000", - "frame.time_relative": "1746.012385000", - "frame.number": "6219", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47540", - "tcp.port": "80", - "tcp.port": "47540", - "tcp.stream": "229", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000c3b2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "6218", - "tcp.analysis.ack_rtt": "0.000642000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:37.475454000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495337.475454000", - "frame.time_delta": "0.002383000", - "frame.time_delta_displayed": "0.002383000", - "frame.time_relative": "1746.014768000", - "frame.number": "6220", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000163f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a24a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47540", - "tcp.dstport": "80", - "tcp.port": "47540", - "tcp.port": "80", - "tcp.stream": "229", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000753a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6219", - "tcp.analysis.ack_rtt": "0.002383000", - "tcp.analysis.initial_rtt": "0.003025000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:37.475581000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495337.475581000", - "frame.time_delta": "0.000127000", - "frame.time_delta_displayed": "0.000127000", - "frame.time_relative": "1746.014895000", - "frame.number": "6221", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x00001640", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a189", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47540", - "tcp.dstport": "80", - "tcp.port": "47540", - "tcp.port": "80", - "tcp.stream": "229", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000d4b4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003025000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:37.476041000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495337.476041000", - "frame.time_delta": "0.000460000", - "frame.time_delta_displayed": "0.000460000", - "frame.time_relative": "1746.015355000", - "frame.number": "6222", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00007136", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004753", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47540", - "tcp.port": "80", - "tcp.port": "47540", - "tcp.stream": "229", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00006709", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6221", - "tcp.analysis.ack_rtt": "0.000460000", - "tcp.analysis.initial_rtt": "0.003025000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:37.476774000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495337.476774000", - "frame.time_delta": "0.000733000", - "frame.time_delta_displayed": "0.000733000", - "frame.time_relative": "1746.016088000", - "frame.number": "6223", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00007137", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004741", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47540", - "tcp.port": "80", - "tcp.port": "47540", - "tcp.stream": "229", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000a72a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003025000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:37.477157000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495337.477157000", - "frame.time_delta": "0.000383000", - "frame.time_delta_displayed": "0.000383000", - "frame.time_relative": "1746.016471000", - "frame.number": "6224", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00007138", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000436e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47540", - "tcp.port": "80", - "tcp.port": "47540", - "tcp.stream": "229", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000f993", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003025000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "6223", - "tcp.segment": "6224", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001576000", - "http.request_in": "6221", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:37.478892000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495337.478892000", - "frame.time_delta": "0.001735000", - "frame.time_delta_displayed": "0.001735000", - "frame.time_relative": "1746.018206000", - "frame.number": "6225", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00007139", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000436d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47540", - "tcp.port": "80", - "tcp.port": "47540", - "tcp.stream": "229", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000f993", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003025000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.out_of_order": "", - "_ws.expert.message": "This frame is a (suspected) out-of-order segment", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - } - } - }, - "_ws.malformed": { - "_ws.expert": { - "_ws.malformed.reassembly": "", - "_ws.expert.message": "New fragment overlaps old data (retransmission?)", - "_ws.expert.severity": "8388608", - "_ws.expert.group": "117440512" - }, - "_ws.malformed": "Malformed Packet" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:37.484492000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495337.484492000", - "frame.time_delta": "0.005600000", - "frame.time_delta_displayed": "0.005600000", - "frame.time_relative": "1746.023806000", - "frame.number": "6226", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001641", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a248", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47540", - "tcp.dstport": "80", - "tcp.port": "47540", - "tcp.port": "80", - "tcp.stream": "229", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00007469", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6223", - "tcp.analysis.ack_rtt": "0.007718000", - "tcp.analysis.initial_rtt": "0.003025000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:37.484542000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495337.484542000", - "frame.time_delta": "0.000050000", - "frame.time_delta_displayed": "0.000050000", - "frame.time_relative": "1746.023856000", - "frame.number": "6227", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001642", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a247", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47540", - "tcp.dstport": "80", - "tcp.port": "47540", - "tcp.port": "80", - "tcp.stream": "229", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000707e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6224", - "tcp.analysis.ack_rtt": "0.007385000", - "tcp.analysis.initial_rtt": "0.003025000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:37.485180000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495337.485180000", - "frame.time_delta": "0.000638000", - "frame.time_delta_displayed": "0.000638000", - "frame.time_relative": "1746.024494000", - "frame.number": "6228", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001643", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a246", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47540", - "tcp.dstport": "80", - "tcp.port": "47540", - "tcp.port": "80", - "tcp.stream": "229", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000707d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:37.485223000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495337.485223000", - "frame.time_delta": "0.000043000", - "frame.time_delta_displayed": "0.000043000", - "frame.time_relative": "1746.024537000", - "frame.number": "6229", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002063", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009826", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47540", - "tcp.dstport": "80", - "tcp.port": "47540", - "tcp.port": "80", - "tcp.stream": "229", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000060a5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:37.485639000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495337.485639000", - "frame.time_delta": "0.000416000", - "frame.time_delta_displayed": "0.000416000", - "frame.time_relative": "1746.024953000", - "frame.number": "6230", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000012c6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a5c3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47540", - "tcp.port": "80", - "tcp.port": "47540", - "tcp.stream": "229", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00006313", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6228", - "tcp.analysis.ack_rtt": "0.000459000", - "tcp.analysis.initial_rtt": "0.003025000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:37.489134000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495337.489134000", - "frame.time_delta": "0.003495000", - "frame.time_delta_displayed": "0.003495000", - "frame.time_relative": "1746.028448000", - "frame.number": "6231", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002064", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009825", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47540", - "tcp.dstport": "80", - "tcp.port": "47540", - "tcp.port": "80", - "tcp.stream": "229", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000060a4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:37.675817000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495337.675817000", - "frame.time_delta": "0.186683000", - "frame.time_delta_displayed": "0.186683000", - "frame.time_relative": "1746.215131000", - "frame.number": "6232", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x00002116", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e6fe", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "49741", - "udp.dstport": "1900", - "udp.port": "49741", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x00008810", - "udp.checksum.status": "2", - "udp.stream": "135" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "2", - "http.prev_request_in": "6197" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:37.953475000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495337.953475000", - "frame.time_delta": "0.277658000", - "frame.time_delta_displayed": "0.277658000", - "frame.time_relative": "1746.492789000", - "frame.number": "6233", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "60:f1:89:96:45:f6", - "arp.src.proto_ipv4": "192.168.0.86", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:38.416651000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495338.416651000", - "frame.time_delta": "0.463176000", - "frame.time_delta_displayed": "0.463176000", - "frame.time_relative": "1746.955965000", - "frame.number": "6234", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00005358", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00006409", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "222", - "http.prev_response_in": "6217" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:38.446948000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495338.446948000", - "frame.time_delta": "0.030297000", - "frame.time_delta_displayed": "0.030297000", - "frame.time_relative": "1746.986262000", - "frame.number": "6235", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x00008fbd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000028b8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47542", - "tcp.dstport": "80", - "tcp.port": "47542", - "tcp.port": "80", - "tcp.stream": "230", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x00000460", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:7c:d3:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 949459, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "949459", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:38.447500000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495338.447500000", - "frame.time_delta": "0.000552000", - "frame.time_delta_displayed": "0.000552000", - "frame.time_relative": "1746.986814000", - "frame.number": "6236", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47542", - "tcp.port": "80", - "tcp.port": "47542", - "tcp.stream": "230", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000a85b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "6235", - "tcp.analysis.ack_rtt": "0.000552000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:38.451243000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495338.451243000", - "frame.time_delta": "0.003743000", - "frame.time_delta_displayed": "0.003743000", - "frame.time_relative": "1746.990557000", - "frame.number": "6237", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00008fbe", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000028cb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47542", - "tcp.dstport": "80", - "tcp.port": "47542", - "tcp.port": "80", - "tcp.stream": "230", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000059e3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6236", - "tcp.analysis.ack_rtt": "0.003743000", - "tcp.analysis.initial_rtt": "0.004295000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:38.451378000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495338.451378000", - "frame.time_delta": "0.000135000", - "frame.time_delta_displayed": "0.000135000", - "frame.time_relative": "1746.990692000", - "frame.number": "6238", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x00008fbf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000280a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47542", - "tcp.dstport": "80", - "tcp.port": "47542", - "tcp.port": "80", - "tcp.stream": "230", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000b95d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004295000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:38.451819000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495338.451819000", - "frame.time_delta": "0.000441000", - "frame.time_delta_displayed": "0.000441000", - "frame.time_relative": "1746.991133000", - "frame.number": "6239", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005dcf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005aba", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47542", - "tcp.port": "80", - "tcp.port": "47542", - "tcp.stream": "230", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00004bb2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6238", - "tcp.analysis.ack_rtt": "0.000441000", - "tcp.analysis.initial_rtt": "0.004295000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:38.452586000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495338.452586000", - "frame.time_delta": "0.000767000", - "frame.time_delta_displayed": "0.000767000", - "frame.time_relative": "1746.991900000", - "frame.number": "6240", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00005dd0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005aa8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47542", - "tcp.port": "80", - "tcp.port": "47542", - "tcp.stream": "230", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00008bd3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004295000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:38.452945000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495338.452945000", - "frame.time_delta": "0.000359000", - "frame.time_delta_displayed": "0.000359000", - "frame.time_relative": "1746.992259000", - "frame.number": "6241", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00005dd1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000056d5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47542", - "tcp.port": "80", - "tcp.port": "47542", - "tcp.stream": "230", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000de3c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004295000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "6240", - "tcp.segment": "6241", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001567000", - "http.request_in": "6238", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:38.455188000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495338.455188000", - "frame.time_delta": "0.002243000", - "frame.time_delta_displayed": "0.002243000", - "frame.time_relative": "1746.994502000", - "frame.number": "6242", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00008fc0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000028c9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47542", - "tcp.dstport": "80", - "tcp.port": "47542", - "tcp.port": "80", - "tcp.stream": "230", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00005912", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6240", - "tcp.analysis.ack_rtt": "0.002602000", - "tcp.analysis.initial_rtt": "0.004295000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:38.456831000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495338.456831000", - "frame.time_delta": "0.001643000", - "frame.time_delta_displayed": "0.001643000", - "frame.time_relative": "1746.996145000", - "frame.number": "6243", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00008fc1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000028c8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47542", - "tcp.dstport": "80", - "tcp.port": "47542", - "tcp.port": "80", - "tcp.stream": "230", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00005527", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6241", - "tcp.analysis.ack_rtt": "0.003886000", - "tcp.analysis.initial_rtt": "0.004295000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:38.461774000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495338.461774000", - "frame.time_delta": "0.004943000", - "frame.time_delta_displayed": "0.004943000", - "frame.time_relative": "1747.001088000", - "frame.number": "6244", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00008fc2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000028c7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47542", - "tcp.dstport": "80", - "tcp.port": "47542", - "tcp.port": "80", - "tcp.stream": "230", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00005526", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:38.462254000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495338.462254000", - "frame.time_delta": "0.000480000", - "frame.time_delta_displayed": "0.000480000", - "frame.time_relative": "1747.001568000", - "frame.number": "6245", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000012d5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a5b4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47542", - "tcp.port": "80", - "tcp.port": "47542", - "tcp.stream": "230", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000047bc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6244", - "tcp.analysis.ack_rtt": "0.000480000", - "tcp.analysis.initial_rtt": "0.004295000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:38.465210000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495338.465210000", - "frame.time_delta": "0.002956000", - "frame.time_delta_displayed": "0.002956000", - "frame.time_relative": "1747.004524000", - "frame.number": "6246", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000020c5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000097c4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47542", - "tcp.dstport": "80", - "tcp.port": "47542", - "tcp.port": "80", - "tcp.stream": "230", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000e860", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:38.469581000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495338.469581000", - "frame.time_delta": "0.004371000", - "frame.time_delta_displayed": "0.004371000", - "frame.time_relative": "1747.008895000", - "frame.number": "6247", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000535b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000063fd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "223", - "http.prev_response_in": "6234" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:38.481659000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495338.481659000", - "frame.time_delta": "0.012078000", - "frame.time_delta_displayed": "0.012078000", - "frame.time_relative": "1747.020973000", - "frame.number": "6248", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x00002ce7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008b8e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47543", - "tcp.dstport": "80", - "tcp.port": "47543", - "tcp.port": "80", - "tcp.stream": "231", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x000090d9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:7c:d7:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 949463, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "949463", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:38.482237000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495338.482237000", - "frame.time_delta": "0.000578000", - "frame.time_delta_displayed": "0.000578000", - "frame.time_relative": "1747.021551000", - "frame.number": "6249", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47543", - "tcp.port": "80", - "tcp.port": "47543", - "tcp.stream": "231", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00000b5b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "6248", - "tcp.analysis.ack_rtt": "0.000578000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:38.485135000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495338.485135000", - "frame.time_delta": "0.002898000", - "frame.time_delta_displayed": "0.002898000", - "frame.time_relative": "1747.024449000", - "frame.number": "6250", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002ce8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008ba1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47543", - "tcp.dstport": "80", - "tcp.port": "47543", - "tcp.port": "80", - "tcp.stream": "231", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000bce2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6249", - "tcp.analysis.ack_rtt": "0.002898000", - "tcp.analysis.initial_rtt": "0.003476000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:38.486548000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495338.486548000", - "frame.time_delta": "0.001413000", - "frame.time_delta_displayed": "0.001413000", - "frame.time_relative": "1747.025862000", - "frame.number": "6251", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x00002ce9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008ae0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47543", - "tcp.dstport": "80", - "tcp.port": "47543", - "tcp.port": "80", - "tcp.stream": "231", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00001c5d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003476000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:38.487073000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495338.487073000", - "frame.time_delta": "0.000525000", - "frame.time_delta_displayed": "0.000525000", - "frame.time_relative": "1747.026387000", - "frame.number": "6252", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000086be", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000031cb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47543", - "tcp.port": "80", - "tcp.port": "47543", - "tcp.stream": "231", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000aeb1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6251", - "tcp.analysis.ack_rtt": "0.000525000", - "tcp.analysis.initial_rtt": "0.003476000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:38.487758000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495338.487758000", - "frame.time_delta": "0.000685000", - "frame.time_delta_displayed": "0.000685000", - "frame.time_relative": "1747.027072000", - "frame.number": "6253", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x000086bf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000031b9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47543", - "tcp.port": "80", - "tcp.port": "47543", - "tcp.stream": "231", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000eed2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003476000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:38.488184000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495338.488184000", - "frame.time_delta": "0.000426000", - "frame.time_delta_displayed": "0.000426000", - "frame.time_relative": "1747.027498000", - "frame.number": "6254", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x000086c0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00002de6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47543", - "tcp.port": "80", - "tcp.port": "47543", - "tcp.stream": "231", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000413c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003476000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "6253", - "tcp.segment": "6254", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001636000", - "http.request_in": "6251", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:38.488900000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495338.488900000", - "frame.time_delta": "0.000716000", - "frame.time_delta_displayed": "0.000716000", - "frame.time_relative": "1747.028214000", - "frame.number": "6255", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x000086c1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00002de5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47543", - "tcp.port": "80", - "tcp.port": "47543", - "tcp.stream": "231", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000413c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003476000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.out_of_order": "", - "_ws.expert.message": "This frame is a (suspected) out-of-order segment", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - } - } - }, - "_ws.malformed": { - "_ws.expert": { - "_ws.malformed.reassembly": "", - "_ws.expert.message": "New fragment overlaps old data (retransmission?)", - "_ws.expert.severity": "8388608", - "_ws.expert.group": "117440512" - }, - "_ws.malformed": "Malformed Packet" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:38.490493000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495338.490493000", - "frame.time_delta": "0.001593000", - "frame.time_delta_displayed": "0.001593000", - "frame.time_relative": "1747.029807000", - "frame.number": "6256", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002cea", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008b9f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47543", - "tcp.dstport": "80", - "tcp.port": "47543", - "tcp.port": "80", - "tcp.stream": "231", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000bc11", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6253", - "tcp.analysis.ack_rtt": "0.002735000", - "tcp.analysis.initial_rtt": "0.003476000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:38.491857000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495338.491857000", - "frame.time_delta": "0.001364000", - "frame.time_delta_displayed": "0.001364000", - "frame.time_relative": "1747.031171000", - "frame.number": "6257", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002ceb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008b9e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47543", - "tcp.dstport": "80", - "tcp.port": "47543", - "tcp.port": "80", - "tcp.stream": "231", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000b826", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6254", - "tcp.analysis.ack_rtt": "0.003673000", - "tcp.analysis.initial_rtt": "0.003476000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:38.491898000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495338.491898000", - "frame.time_delta": "0.000041000", - "frame.time_delta_displayed": "0.000041000", - "frame.time_relative": "1747.031212000", - "frame.number": "6258", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002cec", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008b91", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47543", - "tcp.dstport": "80", - "tcp.port": "47543", - "tcp.port": "80", - "tcp.stream": "231", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00000f56", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:05:0a:1b:b9:9b:b1:1b:b9:9f:95", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "SACK: 18-1014": { - "tcp.option_kind": "5", - "tcp.option_len": "10", - "tcp.options.sack": "1", - "tcp.options.sack_le": "18", - "tcp.options.sack_re": "1014", - "tcp.options.sack.count": "1" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003476000", - "tcp.analysis.flags": { - "tcp.analysis.duplicate_ack": "" - }, - "tcp.analysis.duplicate_ack_num": "1", - "tcp.analysis.duplicate_ack_frame": "6257", - "tcp.analysis.duplicate_ack_frame_tree": { - "_ws.expert": { - "tcp.analysis.duplicate_ack": "", - "_ws.expert.message": "Duplicate ACK (#1)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:38.495691000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495338.495691000", - "frame.time_delta": "0.003793000", - "frame.time_delta_displayed": "0.003793000", - "frame.time_relative": "1747.035005000", - "frame.number": "6259", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002ced", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008b9c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47543", - "tcp.dstport": "80", - "tcp.port": "47543", - "tcp.port": "80", - "tcp.stream": "231", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000b825", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:38.496171000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495338.496171000", - "frame.time_delta": "0.000480000", - "frame.time_delta_displayed": "0.000480000", - "frame.time_relative": "1747.035485000", - "frame.number": "6260", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000012d6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a5b3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47543", - "tcp.port": "80", - "tcp.port": "47543", - "tcp.stream": "231", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000aabb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6259", - "tcp.analysis.ack_rtt": "0.000480000", - "tcp.analysis.initial_rtt": "0.003476000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:38.500293000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495338.500293000", - "frame.time_delta": "0.004122000", - "frame.time_delta_displayed": "0.004122000", - "frame.time_relative": "1747.039607000", - "frame.number": "6261", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000020c6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000097c3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47543", - "tcp.dstport": "80", - "tcp.port": "47543", - "tcp.port": "80", - "tcp.stream": "231", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000074de", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:38.522904000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495338.522904000", - "frame.time_delta": "0.022611000", - "frame.time_delta_displayed": "0.022611000", - "frame.time_relative": "1747.062218000", - "frame.number": "6262", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000535f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000063ff", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "224", - "http.prev_response_in": "6247" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:38.538136000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495338.538136000", - "frame.time_delta": "0.015232000", - "frame.time_delta_displayed": "0.015232000", - "frame.time_relative": "1747.077450000", - "frame.number": "6263", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x000004a9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b3cc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47546", - "tcp.dstport": "80", - "tcp.port": "47546", - "tcp.port": "80", - "tcp.stream": "232", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x00005053", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:7c:dc:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 949468, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "949468", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:38.538682000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495338.538682000", - "frame.time_delta": "0.000546000", - "frame.time_delta_displayed": "0.000546000", - "frame.time_relative": "1747.077996000", - "frame.number": "6264", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47546", - "tcp.port": "80", - "tcp.port": "47546", - "tcp.stream": "232", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x000096d0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "6263", - "tcp.analysis.ack_rtt": "0.000546000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:38.541889000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495338.541889000", - "frame.time_delta": "0.003207000", - "frame.time_delta_displayed": "0.003207000", - "frame.time_relative": "1747.081203000", - "frame.number": "6265", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000004aa", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b3df", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47546", - "tcp.dstport": "80", - "tcp.port": "47546", - "tcp.port": "80", - "tcp.stream": "232", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00004858", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6264", - "tcp.analysis.ack_rtt": "0.003207000", - "tcp.analysis.initial_rtt": "0.003753000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:38.542402000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495338.542402000", - "frame.time_delta": "0.000513000", - "frame.time_delta_displayed": "0.000513000", - "frame.time_relative": "1747.081716000", - "frame.number": "6266", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x000004ab", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b31e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47546", - "tcp.dstport": "80", - "tcp.port": "47546", - "tcp.port": "80", - "tcp.stream": "232", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000a7d2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003753000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:38.542904000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495338.542904000", - "frame.time_delta": "0.000502000", - "frame.time_delta_displayed": "0.000502000", - "frame.time_relative": "1747.082218000", - "frame.number": "6267", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000b1a3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000006e6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47546", - "tcp.port": "80", - "tcp.port": "47546", - "tcp.stream": "232", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00003a27", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6266", - "tcp.analysis.ack_rtt": "0.000502000", - "tcp.analysis.initial_rtt": "0.003753000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:38.543605000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495338.543605000", - "frame.time_delta": "0.000701000", - "frame.time_delta_displayed": "0.000701000", - "frame.time_relative": "1747.082919000", - "frame.number": "6268", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000b1a4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000006d4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47546", - "tcp.port": "80", - "tcp.port": "47546", - "tcp.stream": "232", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00007a48", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003753000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:38.543991000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495338.543991000", - "frame.time_delta": "0.000386000", - "frame.time_delta_displayed": "0.000386000", - "frame.time_relative": "1747.083305000", - "frame.number": "6269", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000b1a5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000301", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47546", - "tcp.port": "80", - "tcp.port": "47546", - "tcp.stream": "232", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000ccb1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003753000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "6268", - "tcp.segment": "6269", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001589000", - "http.request_in": "6266", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:38.546550000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495338.546550000", - "frame.time_delta": "0.002559000", - "frame.time_delta_displayed": "0.002559000", - "frame.time_relative": "1747.085864000", - "frame.number": "6270", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000004ac", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b3dd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47546", - "tcp.dstport": "80", - "tcp.port": "47546", - "tcp.port": "80", - "tcp.stream": "232", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00004787", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6268", - "tcp.analysis.ack_rtt": "0.002945000", - "tcp.analysis.initial_rtt": "0.003753000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:38.546662000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495338.546662000", - "frame.time_delta": "0.000112000", - "frame.time_delta_displayed": "0.000112000", - "frame.time_relative": "1747.085976000", - "frame.number": "6271", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000004ad", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b3dc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47546", - "tcp.dstport": "80", - "tcp.port": "47546", - "tcp.port": "80", - "tcp.stream": "232", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000439c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6269", - "tcp.analysis.ack_rtt": "0.002671000", - "tcp.analysis.initial_rtt": "0.003753000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:38.548578000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495338.548578000", - "frame.time_delta": "0.001916000", - "frame.time_delta_displayed": "0.001916000", - "frame.time_relative": "1747.087892000", - "frame.number": "6272", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000004ae", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b3db", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47546", - "tcp.dstport": "80", - "tcp.port": "47546", - "tcp.port": "80", - "tcp.stream": "232", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000439b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:38.549062000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495338.549062000", - "frame.time_delta": "0.000484000", - "frame.time_delta_displayed": "0.000484000", - "frame.time_relative": "1747.088376000", - "frame.number": "6273", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000012dc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a5ad", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47546", - "tcp.port": "80", - "tcp.port": "47546", - "tcp.stream": "232", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00003631", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6272", - "tcp.analysis.ack_rtt": "0.000484000", - "tcp.analysis.initial_rtt": "0.003753000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:38.551822000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495338.551822000", - "frame.time_delta": "0.002760000", - "frame.time_delta_displayed": "0.002760000", - "frame.time_relative": "1747.091136000", - "frame.number": "6274", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000020ca", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000097bf", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47546", - "tcp.dstport": "80", - "tcp.port": "47546", - "tcp.port": "80", - "tcp.stream": "232", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000345d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:38.675973000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495338.675973000", - "frame.time_delta": "0.124151000", - "frame.time_delta_displayed": "0.124151000", - "frame.time_relative": "1747.215287000", - "frame.number": "6275", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x00002117", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e6fd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "49741", - "udp.dstport": "1900", - "udp.port": "49741", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x00008810", - "udp.checksum.status": "2", - "udp.stream": "135" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "3", - "http.prev_request_in": "6232" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:39.049838000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495339.049838000", - "frame.time_delta": "0.373865000", - "frame.time_delta_displayed": "0.373865000", - "frame.time_relative": "1747.589152000", - "frame.number": "6276", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000537b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000063e6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "225", - "http.prev_response_in": "6262" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:39.054760000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495339.054760000", - "frame.time_delta": "0.004922000", - "frame.time_delta_displayed": "0.004922000", - "frame.time_relative": "1747.594074000", - "frame.number": "6277", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x00005c6f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005c06", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47553", - "tcp.dstport": "80", - "tcp.port": "47553", - "tcp.port": "80", - "tcp.stream": "233", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x0000d7c3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:7d:10:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 949520, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "949520", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:39.055306000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495339.055306000", - "frame.time_delta": "0.000546000", - "frame.time_delta_displayed": "0.000546000", - "frame.time_relative": "1747.594620000", - "frame.number": "6278", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47553", - "tcp.port": "80", - "tcp.port": "47553", - "tcp.stream": "233", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000a8d6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "6277", - "tcp.analysis.ack_rtt": "0.000546000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:39.058763000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495339.058763000", - "frame.time_delta": "0.003457000", - "frame.time_delta_displayed": "0.003457000", - "frame.time_relative": "1747.598077000", - "frame.number": "6279", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005c70", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005c19", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47553", - "tcp.dstport": "80", - "tcp.port": "47553", - "tcp.port": "80", - "tcp.stream": "233", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00005a5e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6278", - "tcp.analysis.ack_rtt": "0.003457000", - "tcp.analysis.initial_rtt": "0.004003000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:39.058891000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495339.058891000", - "frame.time_delta": "0.000128000", - "frame.time_delta_displayed": "0.000128000", - "frame.time_relative": "1747.598205000", - "frame.number": "6280", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x00005c71", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005b58", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47553", - "tcp.dstport": "80", - "tcp.port": "47553", - "tcp.port": "80", - "tcp.stream": "233", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000b9d8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004003000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:39.059320000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495339.059320000", - "frame.time_delta": "0.000429000", - "frame.time_delta_displayed": "0.000429000", - "frame.time_relative": "1747.598634000", - "frame.number": "6281", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00006b46", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004d43", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47553", - "tcp.port": "80", - "tcp.port": "47553", - "tcp.stream": "233", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00004c2d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6280", - "tcp.analysis.ack_rtt": "0.000429000", - "tcp.analysis.initial_rtt": "0.004003000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:39.060314000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495339.060314000", - "frame.time_delta": "0.000994000", - "frame.time_delta_displayed": "0.000994000", - "frame.time_relative": "1747.599628000", - "frame.number": "6282", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00006b47", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004d31", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47553", - "tcp.port": "80", - "tcp.port": "47553", - "tcp.stream": "233", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00008c4e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004003000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:39.060325000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495339.060325000", - "frame.time_delta": "0.000011000", - "frame.time_delta_displayed": "0.000011000", - "frame.time_relative": "1747.599639000", - "frame.number": "6283", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00006b48", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000495e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47553", - "tcp.port": "80", - "tcp.port": "47553", - "tcp.stream": "233", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000deb7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004003000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "6282", - "tcp.segment": "6283", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001434000", - "http.request_in": "6280", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:39.062979000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495339.062979000", - "frame.time_delta": "0.002654000", - "frame.time_delta_displayed": "0.002654000", - "frame.time_relative": "1747.602293000", - "frame.number": "6284", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005c72", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005c17", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47553", - "tcp.dstport": "80", - "tcp.port": "47553", - "tcp.port": "80", - "tcp.stream": "233", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000598d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6282", - "tcp.analysis.ack_rtt": "0.002665000", - "tcp.analysis.initial_rtt": "0.004003000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:39.063155000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495339.063155000", - "frame.time_delta": "0.000176000", - "frame.time_delta_displayed": "0.000176000", - "frame.time_relative": "1747.602469000", - "frame.number": "6285", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005c73", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005c16", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47553", - "tcp.dstport": "80", - "tcp.port": "47553", - "tcp.port": "80", - "tcp.stream": "233", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000055a2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6283", - "tcp.analysis.ack_rtt": "0.002830000", - "tcp.analysis.initial_rtt": "0.004003000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:39.063609000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495339.063609000", - "frame.time_delta": "0.000454000", - "frame.time_delta_displayed": "0.000454000", - "frame.time_relative": "1747.602923000", - "frame.number": "6286", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005c74", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005c15", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47553", - "tcp.dstport": "80", - "tcp.port": "47553", - "tcp.port": "80", - "tcp.stream": "233", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000055a1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:39.064060000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495339.064060000", - "frame.time_delta": "0.000451000", - "frame.time_delta_displayed": "0.000451000", - "frame.time_relative": "1747.603374000", - "frame.number": "6287", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000012f1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a598", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47553", - "tcp.port": "80", - "tcp.port": "47553", - "tcp.stream": "233", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00004837", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6286", - "tcp.analysis.ack_rtt": "0.000451000", - "tcp.analysis.initial_rtt": "0.004003000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:39.067205000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495339.067205000", - "frame.time_delta": "0.003145000", - "frame.time_delta_displayed": "0.003145000", - "frame.time_relative": "1747.606519000", - "frame.number": "6288", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000020f9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009790", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47553", - "tcp.dstport": "80", - "tcp.port": "47553", - "tcp.port": "80", - "tcp.stream": "233", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000bc01", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:39.102967000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495339.102967000", - "frame.time_delta": "0.035762000", - "frame.time_delta_displayed": "0.035762000", - "frame.time_relative": "1747.642281000", - "frame.number": "6289", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000537d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000063db", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "226", - "http.prev_response_in": "6276" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:39.109049000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495339.109049000", - "frame.time_delta": "0.006082000", - "frame.time_delta_displayed": "0.006082000", - "frame.time_relative": "1747.648363000", - "frame.number": "6290", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x00001441", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a434", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47554", - "tcp.dstport": "80", - "tcp.port": "47554", - "tcp.port": "80", - "tcp.stream": "234", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x0000ce23", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:7d:15:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 949525, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "949525", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:39.109590000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495339.109590000", - "frame.time_delta": "0.000541000", - "frame.time_delta_displayed": "0.000541000", - "frame.time_relative": "1747.648904000", - "frame.number": "6291", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47554", - "tcp.port": "80", - "tcp.port": "47554", - "tcp.stream": "234", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00009c3d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "6290", - "tcp.analysis.ack_rtt": "0.000541000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:39.112895000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495339.112895000", - "frame.time_delta": "0.003305000", - "frame.time_delta_displayed": "0.003305000", - "frame.time_relative": "1747.652209000", - "frame.number": "6292", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001442", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a447", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47554", - "tcp.dstport": "80", - "tcp.port": "47554", - "tcp.port": "80", - "tcp.stream": "234", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00004dc5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6291", - "tcp.analysis.ack_rtt": "0.003305000", - "tcp.analysis.initial_rtt": "0.003846000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:39.123859000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495339.123859000", - "frame.time_delta": "0.010964000", - "frame.time_delta_displayed": "0.010964000", - "frame.time_relative": "1747.663173000", - "frame.number": "6293", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x00001443", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a386", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47554", - "tcp.dstport": "80", - "tcp.port": "47554", - "tcp.port": "80", - "tcp.stream": "234", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000ad3f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003846000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:39.124461000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495339.124461000", - "frame.time_delta": "0.000602000", - "frame.time_delta_displayed": "0.000602000", - "frame.time_relative": "1747.663775000", - "frame.number": "6294", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000036bf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000081ca", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47554", - "tcp.port": "80", - "tcp.port": "47554", - "tcp.stream": "234", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00003f94", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6293", - "tcp.analysis.ack_rtt": "0.000602000", - "tcp.analysis.initial_rtt": "0.003846000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:39.125157000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495339.125157000", - "frame.time_delta": "0.000696000", - "frame.time_delta_displayed": "0.000696000", - "frame.time_relative": "1747.664471000", - "frame.number": "6295", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x000036c0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000081b8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47554", - "tcp.port": "80", - "tcp.port": "47554", - "tcp.stream": "234", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00007fb5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003846000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:39.125516000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495339.125516000", - "frame.time_delta": "0.000359000", - "frame.time_delta_displayed": "0.000359000", - "frame.time_relative": "1747.664830000", - "frame.number": "6296", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x000036c1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007de5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47554", - "tcp.port": "80", - "tcp.port": "47554", - "tcp.stream": "234", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000d21e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003846000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "6295", - "tcp.segment": "6296", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001657000", - "http.request_in": "6293", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:39.128881000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495339.128881000", - "frame.time_delta": "0.003365000", - "frame.time_delta_displayed": "0.003365000", - "frame.time_relative": "1747.668195000", - "frame.number": "6297", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x000036c2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007de4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47554", - "tcp.port": "80", - "tcp.port": "47554", - "tcp.stream": "234", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000d21e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003846000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.out_of_order": "", - "_ws.expert.message": "This frame is a (suspected) out-of-order segment", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - } - } - }, - "_ws.malformed": { - "_ws.expert": { - "_ws.malformed.reassembly": "", - "_ws.expert.message": "New fragment overlaps old data (retransmission?)", - "_ws.expert.severity": "8388608", - "_ws.expert.group": "117440512" - }, - "_ws.malformed": "Malformed Packet" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:39.129369000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495339.129369000", - "frame.time_delta": "0.000488000", - "frame.time_delta_displayed": "0.000488000", - "frame.time_relative": "1747.668683000", - "frame.number": "6298", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001444", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a445", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47554", - "tcp.dstport": "80", - "tcp.port": "47554", - "tcp.port": "80", - "tcp.stream": "234", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00004cf4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6295", - "tcp.analysis.ack_rtt": "0.004212000", - "tcp.analysis.initial_rtt": "0.003846000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:39.129846000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495339.129846000", - "frame.time_delta": "0.000477000", - "frame.time_delta_displayed": "0.000477000", - "frame.time_relative": "1747.669160000", - "frame.number": "6299", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001445", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a444", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47554", - "tcp.dstport": "80", - "tcp.port": "47554", - "tcp.port": "80", - "tcp.stream": "234", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00004909", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6296", - "tcp.analysis.ack_rtt": "0.004330000", - "tcp.analysis.initial_rtt": "0.003846000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:39.130880000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495339.130880000", - "frame.time_delta": "0.001034000", - "frame.time_delta_displayed": "0.001034000", - "frame.time_relative": "1747.670194000", - "frame.number": "6300", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001446", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a443", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47554", - "tcp.dstport": "80", - "tcp.port": "47554", - "tcp.port": "80", - "tcp.stream": "234", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00004908", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:39.131306000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495339.131306000", - "frame.time_delta": "0.000426000", - "frame.time_delta_displayed": "0.000426000", - "frame.time_relative": "1747.670620000", - "frame.number": "6301", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000012f7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a592", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47554", - "tcp.port": "80", - "tcp.port": "47554", - "tcp.stream": "234", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00003b9e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6300", - "tcp.analysis.ack_rtt": "0.000426000", - "tcp.analysis.initial_rtt": "0.003846000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:39.131920000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495339.131920000", - "frame.time_delta": "0.000614000", - "frame.time_delta_displayed": "0.000614000", - "frame.time_relative": "1747.671234000", - "frame.number": "6302", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000020fa", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000978f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47554", - "tcp.dstport": "80", - "tcp.port": "47554", - "tcp.port": "80", - "tcp.stream": "234", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000b267", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:39.134228000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495339.134228000", - "frame.time_delta": "0.002308000", - "frame.time_delta_displayed": "0.002308000", - "frame.time_relative": "1747.673542000", - "frame.number": "6303", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000020fb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000978e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47554", - "tcp.dstport": "80", - "tcp.port": "47554", - "tcp.port": "80", - "tcp.stream": "234", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000b266", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:39.155910000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495339.155910000", - "frame.time_delta": "0.021682000", - "frame.time_delta_displayed": "0.021682000", - "frame.time_relative": "1747.695224000", - "frame.number": "6304", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00005382", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000063dc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "227", - "http.prev_response_in": "6289" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:39.160353000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495339.160353000", - "frame.time_delta": "0.004443000", - "frame.time_delta_displayed": "0.004443000", - "frame.time_relative": "1747.699667000", - "frame.number": "6305", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x0000da8b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000dde9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47555", - "tcp.dstport": "80", - "tcp.port": "47555", - "tcp.port": "80", - "tcp.stream": "235", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x00002853", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:7d:1a:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 949530, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "949530", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:39.160895000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495339.160895000", - "frame.time_delta": "0.000542000", - "frame.time_delta_displayed": "0.000542000", - "frame.time_relative": "1747.700209000", - "frame.number": "6306", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47555", - "tcp.port": "80", - "tcp.port": "47555", - "tcp.stream": "235", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000d005", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "6305", - "tcp.analysis.ack_rtt": "0.000542000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:39.163834000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495339.163834000", - "frame.time_delta": "0.002939000", - "frame.time_delta_displayed": "0.002939000", - "frame.time_relative": "1747.703148000", - "frame.number": "6307", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000da8c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ddfc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47555", - "tcp.dstport": "80", - "tcp.port": "47555", - "tcp.port": "80", - "tcp.stream": "235", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000818d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6306", - "tcp.analysis.ack_rtt": "0.002939000", - "tcp.analysis.initial_rtt": "0.003481000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:39.163984000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495339.163984000", - "frame.time_delta": "0.000150000", - "frame.time_delta_displayed": "0.000150000", - "frame.time_relative": "1747.703298000", - "frame.number": "6308", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x0000da8d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000dd3b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47555", - "tcp.dstport": "80", - "tcp.port": "47555", - "tcp.port": "80", - "tcp.stream": "235", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000e107", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003481000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:39.164450000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495339.164450000", - "frame.time_delta": "0.000466000", - "frame.time_delta_displayed": "0.000466000", - "frame.time_relative": "1747.703764000", - "frame.number": "6309", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00003b52", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007d37", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47555", - "tcp.port": "80", - "tcp.port": "47555", - "tcp.stream": "235", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000735c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6308", - "tcp.analysis.ack_rtt": "0.000466000", - "tcp.analysis.initial_rtt": "0.003481000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:39.165250000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495339.165250000", - "frame.time_delta": "0.000800000", - "frame.time_delta_displayed": "0.000800000", - "frame.time_relative": "1747.704564000", - "frame.number": "6310", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00003b53", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007d25", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47555", - "tcp.port": "80", - "tcp.port": "47555", - "tcp.stream": "235", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000b37d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003481000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:39.165607000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495339.165607000", - "frame.time_delta": "0.000357000", - "frame.time_delta_displayed": "0.000357000", - "frame.time_relative": "1747.704921000", - "frame.number": "6311", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00003b54", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007952", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47555", - "tcp.port": "80", - "tcp.port": "47555", - "tcp.stream": "235", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000005e7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003481000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "6310", - "tcp.segment": "6311", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001623000", - "http.request_in": "6308", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:39.167905000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495339.167905000", - "frame.time_delta": "0.002298000", - "frame.time_delta_displayed": "0.002298000", - "frame.time_relative": "1747.707219000", - "frame.number": "6312", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000da8e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ddfa", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47555", - "tcp.dstport": "80", - "tcp.port": "47555", - "tcp.port": "80", - "tcp.stream": "235", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000080bc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6310", - "tcp.analysis.ack_rtt": "0.002655000", - "tcp.analysis.initial_rtt": "0.003481000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:39.168908000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495339.168908000", - "frame.time_delta": "0.001003000", - "frame.time_delta_displayed": "0.001003000", - "frame.time_relative": "1747.708222000", - "frame.number": "6313", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000da8f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ddf9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47555", - "tcp.dstport": "80", - "tcp.port": "47555", - "tcp.port": "80", - "tcp.stream": "235", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00007cd1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6311", - "tcp.analysis.ack_rtt": "0.003301000", - "tcp.analysis.initial_rtt": "0.003481000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:39.169015000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495339.169015000", - "frame.time_delta": "0.000107000", - "frame.time_delta_displayed": "0.000107000", - "frame.time_relative": "1747.708329000", - "frame.number": "6314", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000da90", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ddf8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47555", - "tcp.dstport": "80", - "tcp.port": "47555", - "tcp.port": "80", - "tcp.stream": "235", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00007cd0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:39.169470000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495339.169470000", - "frame.time_delta": "0.000455000", - "frame.time_delta_displayed": "0.000455000", - "frame.time_relative": "1747.708784000", - "frame.number": "6315", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000012fa", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a58f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47555", - "tcp.port": "80", - "tcp.port": "47555", - "tcp.stream": "235", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00006f66", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6314", - "tcp.analysis.ack_rtt": "0.000455000", - "tcp.analysis.initial_rtt": "0.003481000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:39.172232000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495339.172232000", - "frame.time_delta": "0.002762000", - "frame.time_delta_displayed": "0.002762000", - "frame.time_relative": "1747.711546000", - "frame.number": "6316", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000020fe", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000978b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47555", - "tcp.dstport": "80", - "tcp.port": "47555", - "tcp.port": "80", - "tcp.stream": "235", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00000c9b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:39.676687000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495339.676687000", - "frame.time_delta": "0.504455000", - "frame.time_delta_displayed": "0.504455000", - "frame.time_relative": "1748.216001000", - "frame.number": "6317", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x00002118", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e6fc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "49741", - "udp.dstport": "1900", - "udp.port": "49741", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x00008810", - "udp.checksum.status": "2", - "udp.stream": "135" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "4", - "http.prev_request_in": "6275" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:39.770227000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495339.770227000", - "frame.time_delta": "0.093540000", - "frame.time_delta_displayed": "0.093540000", - "frame.time_relative": "1748.309541000", - "frame.number": "6318", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.160" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:39.770634000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495339.770634000", - "frame.time_delta": "0.000407000", - "frame.time_delta_displayed": "0.000407000", - "frame.time_relative": "1748.309948000", - "frame.number": "6319", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "00:17:88:69:ee:e4", - "arp.src.proto_ipv4": "192.168.0.160", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.102616000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.102616000", - "frame.time_delta": "0.331982000", - "frame.time_delta_displayed": "0.331982000", - "frame.time_relative": "1748.641930000", - "frame.number": "6320", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x000053cb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00006396", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "228", - "http.prev_response_in": "6304" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.108791000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.108791000", - "frame.time_delta": "0.006175000", - "frame.time_delta_displayed": "0.006175000", - "frame.time_relative": "1748.648105000", - "frame.number": "6321", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x00004e68", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006a0d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47566", - "tcp.dstport": "80", - "tcp.port": "47566", - "tcp.port": "80", - "tcp.stream": "236", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x0000b9c4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:7d:79:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 949625, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "949625", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.109331000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.109331000", - "frame.time_delta": "0.000540000", - "frame.time_delta_displayed": "0.000540000", - "frame.time_relative": "1748.648645000", - "frame.number": "6322", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47566", - "tcp.port": "80", - "tcp.port": "47566", - "tcp.stream": "236", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000a3c0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "6321", - "tcp.analysis.ack_rtt": "0.000540000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.116795000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.116795000", - "frame.time_delta": "0.007464000", - "frame.time_delta_displayed": "0.007464000", - "frame.time_relative": "1748.656109000", - "frame.number": "6323", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00004e69", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006a20", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47566", - "tcp.dstport": "80", - "tcp.port": "47566", - "tcp.port": "80", - "tcp.stream": "236", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00005548", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6322", - "tcp.analysis.ack_rtt": "0.007464000", - "tcp.analysis.initial_rtt": "0.008004000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.116836000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.116836000", - "frame.time_delta": "0.000041000", - "frame.time_delta_displayed": "0.000041000", - "frame.time_relative": "1748.656150000", - "frame.number": "6324", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x00004e6a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000695f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47566", - "tcp.dstport": "80", - "tcp.port": "47566", - "tcp.port": "80", - "tcp.stream": "236", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000b4c2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.008004000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.117353000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.117353000", - "frame.time_delta": "0.000517000", - "frame.time_delta_displayed": "0.000517000", - "frame.time_relative": "1748.656667000", - "frame.number": "6325", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00008997", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00002ef2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47566", - "tcp.port": "80", - "tcp.port": "47566", - "tcp.stream": "236", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00004717", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6324", - "tcp.analysis.ack_rtt": "0.000517000", - "tcp.analysis.initial_rtt": "0.008004000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.118106000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.118106000", - "frame.time_delta": "0.000753000", - "frame.time_delta_displayed": "0.000753000", - "frame.time_relative": "1748.657420000", - "frame.number": "6326", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00008998", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00002ee0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47566", - "tcp.port": "80", - "tcp.port": "47566", - "tcp.stream": "236", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00008738", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.008004000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.118495000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.118495000", - "frame.time_delta": "0.000389000", - "frame.time_delta_displayed": "0.000389000", - "frame.time_relative": "1748.657809000", - "frame.number": "6327", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00008999", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00002b0d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47566", - "tcp.port": "80", - "tcp.port": "47566", - "tcp.stream": "236", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000d9a1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.008004000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "6326", - "tcp.segment": "6327", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001659000", - "http.request_in": "6324", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.118889000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.118889000", - "frame.time_delta": "0.000394000", - "frame.time_delta_displayed": "0.000394000", - "frame.time_relative": "1748.658203000", - "frame.number": "6328", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000899a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00002b0c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47566", - "tcp.port": "80", - "tcp.port": "47566", - "tcp.stream": "236", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000d9a1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.008004000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.out_of_order": "", - "_ws.expert.message": "This frame is a (suspected) out-of-order segment", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - } - } - }, - "_ws.malformed": { - "_ws.expert": { - "_ws.malformed.reassembly": "", - "_ws.expert.message": "New fragment overlaps old data (retransmission?)", - "_ws.expert.severity": "8388608", - "_ws.expert.group": "117440512" - }, - "_ws.malformed": "Malformed Packet" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.121171000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.121171000", - "frame.time_delta": "0.002282000", - "frame.time_delta_displayed": "0.002282000", - "frame.time_relative": "1748.660485000", - "frame.number": "6329", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00004e6b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006a1e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47566", - "tcp.dstport": "80", - "tcp.port": "47566", - "tcp.port": "80", - "tcp.stream": "236", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00005477", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6326", - "tcp.analysis.ack_rtt": "0.003065000", - "tcp.analysis.initial_rtt": "0.008004000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.121208000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.121208000", - "frame.time_delta": "0.000037000", - "frame.time_delta_displayed": "0.000037000", - "frame.time_relative": "1748.660522000", - "frame.number": "6330", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00004e6c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006a1d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47566", - "tcp.dstport": "80", - "tcp.port": "47566", - "tcp.port": "80", - "tcp.stream": "236", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000508c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6327", - "tcp.analysis.ack_rtt": "0.002713000", - "tcp.analysis.initial_rtt": "0.008004000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.123369000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.123369000", - "frame.time_delta": "0.002161000", - "frame.time_delta_displayed": "0.002161000", - "frame.time_relative": "1748.662683000", - "frame.number": "6331", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00004e6d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006a10", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47566", - "tcp.dstport": "80", - "tcp.port": "47566", - "tcp.port": "80", - "tcp.stream": "236", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000856c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:05:0a:b4:2a:94:67:b4:2a:98:4b", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "SACK: 18-1014": { - "tcp.option_kind": "5", - "tcp.option_len": "10", - "tcp.options.sack": "1", - "tcp.options.sack_le": "18", - "tcp.options.sack_re": "1014", - "tcp.options.sack.count": "1" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.008004000", - "tcp.analysis.flags": { - "tcp.analysis.duplicate_ack": "" - }, - "tcp.analysis.duplicate_ack_num": "1", - "tcp.analysis.duplicate_ack_frame": "6330", - "tcp.analysis.duplicate_ack_frame_tree": { - "_ws.expert": { - "tcp.analysis.duplicate_ack": "", - "_ws.expert.message": "Duplicate ACK (#1)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.135000000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.135000000", - "frame.time_delta": "0.011631000", - "frame.time_delta_displayed": "0.011631000", - "frame.time_relative": "1748.674314000", - "frame.number": "6332", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00004e6e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006a1b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47566", - "tcp.dstport": "80", - "tcp.port": "47566", - "tcp.port": "80", - "tcp.stream": "236", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000508b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.135499000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.135499000", - "frame.time_delta": "0.000499000", - "frame.time_delta_displayed": "0.000499000", - "frame.time_relative": "1748.674813000", - "frame.number": "6333", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001349", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a540", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47566", - "tcp.port": "80", - "tcp.port": "47566", - "tcp.stream": "236", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00004321", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6332", - "tcp.analysis.ack_rtt": "0.000499000", - "tcp.analysis.initial_rtt": "0.008004000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.138588000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.138588000", - "frame.time_delta": "0.003089000", - "frame.time_delta_displayed": "0.003089000", - "frame.time_relative": "1748.677902000", - "frame.number": "6334", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002107", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009782", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47566", - "tcp.dstport": "80", - "tcp.port": "47566", - "tcp.port": "80", - "tcp.stream": "236", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00009e6b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.155786000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.155786000", - "frame.time_delta": "0.017198000", - "frame.time_delta_displayed": "0.017198000", - "frame.time_relative": "1748.695100000", - "frame.number": "6335", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x000053d0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00006388", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "229", - "http.prev_response_in": "6320" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.164203000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.164203000", - "frame.time_delta": "0.008417000", - "frame.time_delta_displayed": "0.008417000", - "frame.time_relative": "1748.703517000", - "frame.number": "6336", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x0000b87d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000fff7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47567", - "tcp.dstport": "80", - "tcp.port": "47567", - "tcp.port": "80", - "tcp.stream": "237", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x00005f39", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:7d:7f:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 949631, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "949631", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.164755000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.164755000", - "frame.time_delta": "0.000552000", - "frame.time_delta_displayed": "0.000552000", - "frame.time_relative": "1748.704069000", - "frame.number": "6337", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47567", - "tcp.port": "80", - "tcp.port": "47567", - "tcp.stream": "237", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x000036d1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "6336", - "tcp.analysis.ack_rtt": "0.000552000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.167915000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.167915000", - "frame.time_delta": "0.003160000", - "frame.time_delta_displayed": "0.003160000", - "frame.time_relative": "1748.707229000", - "frame.number": "6338", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000b87e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000000b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47567", - "tcp.dstport": "80", - "tcp.port": "47567", - "tcp.port": "80", - "tcp.stream": "237", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000e858", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6337", - "tcp.analysis.ack_rtt": "0.003160000", - "tcp.analysis.initial_rtt": "0.003712000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.168372000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.168372000", - "frame.time_delta": "0.000457000", - "frame.time_delta_displayed": "0.000457000", - "frame.time_relative": "1748.707686000", - "frame.number": "6339", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x0000b87f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ff49", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47567", - "tcp.dstport": "80", - "tcp.port": "47567", - "tcp.port": "80", - "tcp.stream": "237", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000047d3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003712000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.168910000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.168910000", - "frame.time_delta": "0.000538000", - "frame.time_delta_displayed": "0.000538000", - "frame.time_relative": "1748.708224000", - "frame.number": "6340", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000c359", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f52f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47567", - "tcp.port": "80", - "tcp.port": "47567", - "tcp.stream": "237", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000da27", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6339", - "tcp.analysis.ack_rtt": "0.000538000", - "tcp.analysis.initial_rtt": "0.003712000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.169565000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.169565000", - "frame.time_delta": "0.000655000", - "frame.time_delta_displayed": "0.000655000", - "frame.time_relative": "1748.708879000", - "frame.number": "6341", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000c35a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f51d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47567", - "tcp.port": "80", - "tcp.port": "47567", - "tcp.stream": "237", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00001a49", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003712000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.169918000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.169918000", - "frame.time_delta": "0.000353000", - "frame.time_delta_displayed": "0.000353000", - "frame.time_relative": "1748.709232000", - "frame.number": "6342", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000c35b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f14a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47567", - "tcp.port": "80", - "tcp.port": "47567", - "tcp.stream": "237", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00006cb2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003712000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "6341", - "tcp.segment": "6342", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001546000", - "http.request_in": "6339", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.173719000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.173719000", - "frame.time_delta": "0.003801000", - "frame.time_delta_displayed": "0.003801000", - "frame.time_relative": "1748.713033000", - "frame.number": "6343", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000b880", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000009", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47567", - "tcp.dstport": "80", - "tcp.port": "47567", - "tcp.port": "80", - "tcp.stream": "237", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000e787", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6341", - "tcp.analysis.ack_rtt": "0.004154000", - "tcp.analysis.initial_rtt": "0.003712000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.173823000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.173823000", - "frame.time_delta": "0.000104000", - "frame.time_delta_displayed": "0.000104000", - "frame.time_relative": "1748.713137000", - "frame.number": "6344", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000b881", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000008", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47567", - "tcp.dstport": "80", - "tcp.port": "47567", - "tcp.port": "80", - "tcp.stream": "237", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000e39c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6342", - "tcp.analysis.ack_rtt": "0.003905000", - "tcp.analysis.initial_rtt": "0.003712000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.175033000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.175033000", - "frame.time_delta": "0.001210000", - "frame.time_delta_displayed": "0.001210000", - "frame.time_relative": "1748.714347000", - "frame.number": "6345", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000b882", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000007", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47567", - "tcp.dstport": "80", - "tcp.port": "47567", - "tcp.port": "80", - "tcp.stream": "237", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000e39b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.175489000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.175489000", - "frame.time_delta": "0.000456000", - "frame.time_delta_displayed": "0.000456000", - "frame.time_relative": "1748.714803000", - "frame.number": "6346", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000134c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a53d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47567", - "tcp.port": "80", - "tcp.port": "47567", - "tcp.stream": "237", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000d631", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6345", - "tcp.analysis.ack_rtt": "0.000456000", - "tcp.analysis.initial_rtt": "0.003712000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.178865000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.178865000", - "frame.time_delta": "0.003376000", - "frame.time_delta_displayed": "0.003376000", - "frame.time_relative": "1748.718179000", - "frame.number": "6347", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000210b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000977e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47567", - "tcp.dstport": "80", - "tcp.port": "47567", - "tcp.port": "80", - "tcp.stream": "237", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000043e6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.208680000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.208680000", - "frame.time_delta": "0.029815000", - "frame.time_delta_displayed": "0.029815000", - "frame.time_relative": "1748.747994000", - "frame.number": "6348", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x000053d2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000638c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "230", - "http.prev_response_in": "6335" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.220352000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.220352000", - "frame.time_delta": "0.011672000", - "frame.time_delta_displayed": "0.011672000", - "frame.time_relative": "1748.759666000", - "frame.number": "6349", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x0000e773", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d101", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47568", - "tcp.dstport": "80", - "tcp.port": "47568", - "tcp.port": "80", - "tcp.stream": "238", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x000008ba", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:7d:84:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 949636, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "949636", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.220914000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.220914000", - "frame.time_delta": "0.000562000", - "frame.time_delta_displayed": "0.000562000", - "frame.time_relative": "1748.760228000", - "frame.number": "6350", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47568", - "tcp.port": "80", - "tcp.port": "47568", - "tcp.stream": "238", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000659d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "6349", - "tcp.analysis.ack_rtt": "0.000562000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.224268000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.224268000", - "frame.time_delta": "0.003354000", - "frame.time_delta_displayed": "0.003354000", - "frame.time_relative": "1748.763582000", - "frame.number": "6351", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e774", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d114", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47568", - "tcp.dstport": "80", - "tcp.port": "47568", - "tcp.port": "80", - "tcp.stream": "238", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00001725", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6350", - "tcp.analysis.ack_rtt": "0.003354000", - "tcp.analysis.initial_rtt": "0.003916000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.224790000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.224790000", - "frame.time_delta": "0.000522000", - "frame.time_delta_displayed": "0.000522000", - "frame.time_relative": "1748.764104000", - "frame.number": "6352", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x0000e775", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d053", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47568", - "tcp.dstport": "80", - "tcp.port": "47568", - "tcp.port": "80", - "tcp.stream": "238", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000769f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003916000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.225284000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.225284000", - "frame.time_delta": "0.000494000", - "frame.time_delta_displayed": "0.000494000", - "frame.time_relative": "1748.764598000", - "frame.number": "6353", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000b67a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000020f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47568", - "tcp.port": "80", - "tcp.port": "47568", - "tcp.stream": "238", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000008f4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6352", - "tcp.analysis.ack_rtt": "0.000494000", - "tcp.analysis.initial_rtt": "0.003916000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.226006000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.226006000", - "frame.time_delta": "0.000722000", - "frame.time_delta_displayed": "0.000722000", - "frame.time_relative": "1748.765320000", - "frame.number": "6354", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000b67b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000001fd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47568", - "tcp.port": "80", - "tcp.port": "47568", - "tcp.stream": "238", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00004915", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003916000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.226361000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.226361000", - "frame.time_delta": "0.000355000", - "frame.time_delta_displayed": "0.000355000", - "frame.time_relative": "1748.765675000", - "frame.number": "6355", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000b67c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000fe29", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47568", - "tcp.port": "80", - "tcp.port": "47568", - "tcp.stream": "238", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00009b7e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003916000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "6354", - "tcp.segment": "6355", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001571000", - "http.request_in": "6352", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.228485000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.228485000", - "frame.time_delta": "0.002124000", - "frame.time_delta_displayed": "0.002124000", - "frame.time_relative": "1748.767799000", - "frame.number": "6356", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e776", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d112", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47568", - "tcp.dstport": "80", - "tcp.port": "47568", - "tcp.port": "80", - "tcp.stream": "238", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00001654", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6354", - "tcp.analysis.ack_rtt": "0.002479000", - "tcp.analysis.initial_rtt": "0.003916000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.228897000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.228897000", - "frame.time_delta": "0.000412000", - "frame.time_delta_displayed": "0.000412000", - "frame.time_relative": "1748.768211000", - "frame.number": "6357", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000b67d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000fe28", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47568", - "tcp.port": "80", - "tcp.port": "47568", - "tcp.stream": "238", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00009b7e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003916000", - "tcp.analysis.bytes_in_flight": "996", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.out_of_order": "", - "_ws.expert.message": "This frame is a (suspected) out-of-order segment", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - } - } - }, - "_ws.malformed": { - "_ws.expert": { - "_ws.malformed.reassembly": "", - "_ws.expert.message": "New fragment overlaps old data (retransmission?)", - "_ws.expert.severity": "8388608", - "_ws.expert.group": "117440512" - }, - "_ws.malformed": "Malformed Packet" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.229465000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.229465000", - "frame.time_delta": "0.000568000", - "frame.time_delta_displayed": "0.000568000", - "frame.time_relative": "1748.768779000", - "frame.number": "6358", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e777", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d111", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47568", - "tcp.dstport": "80", - "tcp.port": "47568", - "tcp.port": "80", - "tcp.stream": "238", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00001269", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6355", - "tcp.analysis.ack_rtt": "0.003104000", - "tcp.analysis.initial_rtt": "0.003916000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.230457000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.230457000", - "frame.time_delta": "0.000992000", - "frame.time_delta_displayed": "0.000992000", - "frame.time_relative": "1748.769771000", - "frame.number": "6359", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e778", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d110", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47568", - "tcp.dstport": "80", - "tcp.port": "47568", - "tcp.port": "80", - "tcp.stream": "238", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00001268", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.230892000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.230892000", - "frame.time_delta": "0.000435000", - "frame.time_delta_displayed": "0.000435000", - "frame.time_relative": "1748.770206000", - "frame.number": "6360", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000134d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a53c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47568", - "tcp.port": "80", - "tcp.port": "47568", - "tcp.stream": "238", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000004fe", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6359", - "tcp.analysis.ack_rtt": "0.000435000", - "tcp.analysis.initial_rtt": "0.003916000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.232487000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.232487000", - "frame.time_delta": "0.001595000", - "frame.time_delta_displayed": "0.001595000", - "frame.time_relative": "1748.771801000", - "frame.number": "6361", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002111", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009778", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47568", - "tcp.dstport": "80", - "tcp.port": "47568", - "tcp.port": "80", - "tcp.stream": "238", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000ed6c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.235835000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.235835000", - "frame.time_delta": "0.003348000", - "frame.time_delta_displayed": "0.003348000", - "frame.time_relative": "1748.775149000", - "frame.number": "6362", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002112", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009777", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47568", - "tcp.dstport": "80", - "tcp.port": "47568", - "tcp.port": "80", - "tcp.stream": "238", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000ed6b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.419516000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.419516000", - "frame.time_delta": "0.183681000", - "frame.time_delta_displayed": "0.183681000", - "frame.time_relative": "1748.958830000", - "frame.number": "6363", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x000053da", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00006387", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "231", - "http.prev_response_in": "6348" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.434406000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.434406000", - "frame.time_delta": "0.014890000", - "frame.time_delta_displayed": "0.014890000", - "frame.time_relative": "1748.973720000", - "frame.number": "6364", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x00009dd4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001aa1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47570", - "tcp.dstport": "80", - "tcp.port": "47570", - "tcp.port": "80", - "tcp.stream": "239", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x0000cb09", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:7d:9a:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 949658, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "949658", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.434962000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.434962000", - "frame.time_delta": "0.000556000", - "frame.time_delta_displayed": "0.000556000", - "frame.time_relative": "1748.974276000", - "frame.number": "6365", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47570", - "tcp.port": "80", - "tcp.port": "47570", - "tcp.stream": "239", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000040c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "6364", - "tcp.analysis.ack_rtt": "0.000556000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.438351000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.438351000", - "frame.time_delta": "0.003389000", - "frame.time_delta_displayed": "0.003389000", - "frame.time_relative": "1748.977665000", - "frame.number": "6366", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00009dd5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001ab4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47570", - "tcp.dstport": "80", - "tcp.port": "47570", - "tcp.port": "80", - "tcp.stream": "239", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000b593", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6365", - "tcp.analysis.ack_rtt": "0.003389000", - "tcp.analysis.initial_rtt": "0.003945000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.441061000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.441061000", - "frame.time_delta": "0.002710000", - "frame.time_delta_displayed": "0.002710000", - "frame.time_relative": "1748.980375000", - "frame.number": "6367", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x00009dd6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000019f3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47570", - "tcp.dstport": "80", - "tcp.port": "47570", - "tcp.port": "80", - "tcp.stream": "239", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000150e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003945000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.441567000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.441567000", - "frame.time_delta": "0.000506000", - "frame.time_delta_displayed": "0.000506000", - "frame.time_relative": "1748.980881000", - "frame.number": "6368", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00009e3a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001a4f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47570", - "tcp.port": "80", - "tcp.port": "47570", - "tcp.stream": "239", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000a762", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6367", - "tcp.analysis.ack_rtt": "0.000506000", - "tcp.analysis.initial_rtt": "0.003945000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.442212000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.442212000", - "frame.time_delta": "0.000645000", - "frame.time_delta_displayed": "0.000645000", - "frame.time_relative": "1748.981526000", - "frame.number": "6369", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00009e3b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001a3d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47570", - "tcp.port": "80", - "tcp.port": "47570", - "tcp.stream": "239", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000e783", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003945000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.442560000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.442560000", - "frame.time_delta": "0.000348000", - "frame.time_delta_displayed": "0.000348000", - "frame.time_relative": "1748.981874000", - "frame.number": "6370", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00009e3c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000166a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47570", - "tcp.port": "80", - "tcp.port": "47570", - "tcp.stream": "239", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000039ed", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003945000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "6369", - "tcp.segment": "6370", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001499000", - "http.request_in": "6367", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.446535000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.446535000", - "frame.time_delta": "0.003975000", - "frame.time_delta_displayed": "0.003975000", - "frame.time_relative": "1748.985849000", - "frame.number": "6371", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00009dd7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001ab2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47570", - "tcp.dstport": "80", - "tcp.port": "47570", - "tcp.port": "80", - "tcp.stream": "239", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000b4c2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6369", - "tcp.analysis.ack_rtt": "0.004323000", - "tcp.analysis.initial_rtt": "0.003945000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.446645000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.446645000", - "frame.time_delta": "0.000110000", - "frame.time_delta_displayed": "0.000110000", - "frame.time_relative": "1748.985959000", - "frame.number": "6372", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00009dd8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001ab1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47570", - "tcp.dstport": "80", - "tcp.port": "47570", - "tcp.port": "80", - "tcp.stream": "239", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000b0d7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6370", - "tcp.analysis.ack_rtt": "0.004085000", - "tcp.analysis.initial_rtt": "0.003945000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.448143000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.448143000", - "frame.time_delta": "0.001498000", - "frame.time_delta_displayed": "0.001498000", - "frame.time_relative": "1748.987457000", - "frame.number": "6373", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00009dd9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001ab0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47570", - "tcp.dstport": "80", - "tcp.port": "47570", - "tcp.port": "80", - "tcp.stream": "239", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000b0d6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.448590000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.448590000", - "frame.time_delta": "0.000447000", - "frame.time_delta_displayed": "0.000447000", - "frame.time_relative": "1748.987904000", - "frame.number": "6374", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001350", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a539", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47570", - "tcp.port": "80", - "tcp.port": "47570", - "tcp.stream": "239", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000a36c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6373", - "tcp.analysis.ack_rtt": "0.000447000", - "tcp.analysis.initial_rtt": "0.003945000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.454977000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.454977000", - "frame.time_delta": "0.006387000", - "frame.time_delta_displayed": "0.006387000", - "frame.time_relative": "1748.994291000", - "frame.number": "6375", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000211e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000976b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47570", - "tcp.dstport": "80", - "tcp.port": "47570", - "tcp.port": "80", - "tcp.stream": "239", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000afd1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.472415000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.472415000", - "frame.time_delta": "0.017438000", - "frame.time_delta_displayed": "0.017438000", - "frame.time_relative": "1749.011729000", - "frame.number": "6376", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x000053df", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00006379", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "232", - "http.prev_response_in": "6363" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.483388000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.483388000", - "frame.time_delta": "0.010973000", - "frame.time_delta_displayed": "0.010973000", - "frame.time_relative": "1749.022702000", - "frame.number": "6377", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x00002113", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009762", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47572", - "tcp.dstport": "80", - "tcp.port": "47572", - "tcp.port": "80", - "tcp.stream": "240", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x0000cd40", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:7d:9f:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 949663, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "949663", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.483957000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.483957000", - "frame.time_delta": "0.000569000", - "frame.time_delta_displayed": "0.000569000", - "frame.time_relative": "1749.023271000", - "frame.number": "6378", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47572", - "tcp.port": "80", - "tcp.port": "47572", - "tcp.stream": "240", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00004865", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "6377", - "tcp.analysis.ack_rtt": "0.000569000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.488083000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.488083000", - "frame.time_delta": "0.004126000", - "frame.time_delta_displayed": "0.004126000", - "frame.time_relative": "1749.027397000", - "frame.number": "6379", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002114", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009775", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47572", - "tcp.dstport": "80", - "tcp.port": "47572", - "tcp.port": "80", - "tcp.stream": "240", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000f9ec", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6378", - "tcp.analysis.ack_rtt": "0.004126000", - "tcp.analysis.initial_rtt": "0.004695000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.488799000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.488799000", - "frame.time_delta": "0.000716000", - "frame.time_delta_displayed": "0.000716000", - "frame.time_relative": "1749.028113000", - "frame.number": "6380", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x00002115", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000096b4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47572", - "tcp.dstport": "80", - "tcp.port": "47572", - "tcp.port": "80", - "tcp.stream": "240", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00005967", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004695000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.489296000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.489296000", - "frame.time_delta": "0.000497000", - "frame.time_delta_displayed": "0.000497000", - "frame.time_relative": "1749.028610000", - "frame.number": "6381", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000f56f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000c319", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47572", - "tcp.port": "80", - "tcp.port": "47572", - "tcp.stream": "240", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000ebbb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6380", - "tcp.analysis.ack_rtt": "0.000497000", - "tcp.analysis.initial_rtt": "0.004695000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.490025000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.490025000", - "frame.time_delta": "0.000729000", - "frame.time_delta_displayed": "0.000729000", - "frame.time_relative": "1749.029339000", - "frame.number": "6382", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000f570", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000c307", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47572", - "tcp.port": "80", - "tcp.port": "47572", - "tcp.stream": "240", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00002bdd", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004695000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.490378000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.490378000", - "frame.time_delta": "0.000353000", - "frame.time_delta_displayed": "0.000353000", - "frame.time_relative": "1749.029692000", - "frame.number": "6383", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000f571", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000bf34", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47572", - "tcp.port": "80", - "tcp.port": "47572", - "tcp.stream": "240", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00007e46", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004695000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "6382", - "tcp.segment": "6383", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001579000", - "http.request_in": "6380", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.493681000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.493681000", - "frame.time_delta": "0.003303000", - "frame.time_delta_displayed": "0.003303000", - "frame.time_relative": "1749.032995000", - "frame.number": "6384", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002116", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009773", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47572", - "tcp.dstport": "80", - "tcp.port": "47572", - "tcp.port": "80", - "tcp.stream": "240", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000f91b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6382", - "tcp.analysis.ack_rtt": "0.003656000", - "tcp.analysis.initial_rtt": "0.004695000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.494337000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.494337000", - "frame.time_delta": "0.000656000", - "frame.time_delta_displayed": "0.000656000", - "frame.time_relative": "1749.033651000", - "frame.number": "6385", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002117", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009772", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47572", - "tcp.dstport": "80", - "tcp.port": "47572", - "tcp.port": "80", - "tcp.stream": "240", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000f530", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6383", - "tcp.analysis.ack_rtt": "0.003959000", - "tcp.analysis.initial_rtt": "0.004695000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.496196000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.496196000", - "frame.time_delta": "0.001859000", - "frame.time_delta_displayed": "0.001859000", - "frame.time_relative": "1749.035510000", - "frame.number": "6386", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002118", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009771", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47572", - "tcp.dstport": "80", - "tcp.port": "47572", - "tcp.port": "80", - "tcp.stream": "240", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000f52f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.496650000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.496650000", - "frame.time_delta": "0.000454000", - "frame.time_delta_displayed": "0.000454000", - "frame.time_relative": "1749.035964000", - "frame.number": "6387", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001352", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a537", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47572", - "tcp.port": "80", - "tcp.port": "47572", - "tcp.stream": "240", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000e7c5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6386", - "tcp.analysis.ack_rtt": "0.000454000", - "tcp.analysis.initial_rtt": "0.004695000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.500122000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.500122000", - "frame.time_delta": "0.003472000", - "frame.time_delta_displayed": "0.003472000", - "frame.time_relative": "1749.039436000", - "frame.number": "6388", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002121", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009768", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47572", - "tcp.dstport": "80", - "tcp.port": "47572", - "tcp.port": "80", - "tcp.stream": "240", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000b20d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.525245000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.525245000", - "frame.time_delta": "0.025123000", - "frame.time_delta_displayed": "0.025123000", - "frame.time_relative": "1749.064559000", - "frame.number": "6389", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x000053e4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000637a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "233", - "http.prev_response_in": "6376" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.537317000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.537317000", - "frame.time_delta": "0.012072000", - "frame.time_delta_displayed": "0.012072000", - "frame.time_relative": "1749.076631000", - "frame.number": "6390", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x0000d983", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000def1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47573", - "tcp.dstport": "80", - "tcp.port": "47573", - "tcp.port": "80", - "tcp.stream": "241", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x0000ff71", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:7d:a4:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 949668, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "949668", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.537867000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.537867000", - "frame.time_delta": "0.000550000", - "frame.time_delta_displayed": "0.000550000", - "frame.time_relative": "1749.077181000", - "frame.number": "6391", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47573", - "tcp.port": "80", - "tcp.port": "47573", - "tcp.stream": "241", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00008e90", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "6390", - "tcp.analysis.ack_rtt": "0.000550000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.543950000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.543950000", - "frame.time_delta": "0.006083000", - "frame.time_delta_displayed": "0.006083000", - "frame.time_relative": "1749.083264000", - "frame.number": "6392", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d984", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000df04", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47573", - "tcp.dstport": "80", - "tcp.port": "47573", - "tcp.port": "80", - "tcp.stream": "241", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00004018", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6391", - "tcp.analysis.ack_rtt": "0.006083000", - "tcp.analysis.initial_rtt": "0.006633000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.544003000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.544003000", - "frame.time_delta": "0.000053000", - "frame.time_delta_displayed": "0.000053000", - "frame.time_relative": "1749.083317000", - "frame.number": "6393", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x0000d985", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000de43", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47573", - "tcp.dstport": "80", - "tcp.port": "47573", - "tcp.port": "80", - "tcp.stream": "241", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00009f92", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.006633000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.544523000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.544523000", - "frame.time_delta": "0.000520000", - "frame.time_delta_displayed": "0.000520000", - "frame.time_relative": "1749.083837000", - "frame.number": "6394", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000088ec", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00002f9d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47573", - "tcp.port": "80", - "tcp.port": "47573", - "tcp.stream": "241", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000031e7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6393", - "tcp.analysis.ack_rtt": "0.000520000", - "tcp.analysis.initial_rtt": "0.006633000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.545257000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.545257000", - "frame.time_delta": "0.000734000", - "frame.time_delta_displayed": "0.000734000", - "frame.time_relative": "1749.084571000", - "frame.number": "6395", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x000088ed", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00002f8b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47573", - "tcp.port": "80", - "tcp.port": "47573", - "tcp.stream": "241", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00007208", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.006633000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.545614000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.545614000", - "frame.time_delta": "0.000357000", - "frame.time_delta_displayed": "0.000357000", - "frame.time_relative": "1749.084928000", - "frame.number": "6396", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x000088ee", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00002bb8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47573", - "tcp.port": "80", - "tcp.port": "47573", - "tcp.stream": "241", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000c471", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.006633000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "6395", - "tcp.segment": "6396", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001611000", - "http.request_in": "6393", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.553752000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.553752000", - "frame.time_delta": "0.008138000", - "frame.time_delta_displayed": "0.008138000", - "frame.time_relative": "1749.093066000", - "frame.number": "6397", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d986", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000df02", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47573", - "tcp.dstport": "80", - "tcp.port": "47573", - "tcp.port": "80", - "tcp.stream": "241", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00003f47", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6395", - "tcp.analysis.ack_rtt": "0.008495000", - "tcp.analysis.initial_rtt": "0.006633000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.565987000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.565987000", - "frame.time_delta": "0.012235000", - "frame.time_delta_displayed": "0.012235000", - "frame.time_relative": "1749.105301000", - "frame.number": "6398", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d987", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000df01", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47573", - "tcp.dstport": "80", - "tcp.port": "47573", - "tcp.port": "80", - "tcp.stream": "241", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00003b5c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6396", - "tcp.analysis.ack_rtt": "0.020373000", - "tcp.analysis.initial_rtt": "0.006633000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.568235000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.568235000", - "frame.time_delta": "0.002248000", - "frame.time_delta_displayed": "0.002248000", - "frame.time_relative": "1749.107549000", - "frame.number": "6399", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d988", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000df00", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47573", - "tcp.dstport": "80", - "tcp.port": "47573", - "tcp.port": "80", - "tcp.stream": "241", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00003b5b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.568707000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.568707000", - "frame.time_delta": "0.000472000", - "frame.time_delta_displayed": "0.000472000", - "frame.time_relative": "1749.108021000", - "frame.number": "6400", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001356", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a533", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47573", - "tcp.port": "80", - "tcp.port": "47573", - "tcp.stream": "241", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00002df1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6399", - "tcp.analysis.ack_rtt": "0.000472000", - "tcp.analysis.initial_rtt": "0.006633000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:40.572558000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495340.572558000", - "frame.time_delta": "0.003851000", - "frame.time_delta_displayed": "0.003851000", - "frame.time_relative": "1749.111872000", - "frame.number": "6401", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002128", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009761", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47573", - "tcp.dstport": "80", - "tcp.port": "47573", - "tcp.port": "80", - "tcp.stream": "241", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000e443", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:41.471924000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495341.471924000", - "frame.time_delta": "0.899366000", - "frame.time_delta_displayed": "0.899366000", - "frame.time_relative": "1750.011238000", - "frame.number": "6402", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000540f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00006352", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "234", - "http.prev_response_in": "6389" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:41.524690000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495341.524690000", - "frame.time_delta": "0.052766000", - "frame.time_delta_displayed": "0.052766000", - "frame.time_relative": "1750.064004000", - "frame.number": "6403", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00005412", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00006346", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "235", - "http.prev_response_in": "6402" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:41.577535000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495341.577535000", - "frame.time_delta": "0.052845000", - "frame.time_delta_displayed": "0.052845000", - "frame.time_relative": "1750.116849000", - "frame.number": "6404", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00005416", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00006348", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "236", - "http.prev_response_in": "6403" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:41.977265000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495341.977265000", - "frame.time_delta": "0.399730000", - "frame.time_delta_displayed": "0.399730000", - "frame.time_relative": "1750.516579000", - "frame.number": "6405", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x00003c82", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007bf3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47574", - "tcp.dstport": "80", - "tcp.port": "47574", - "tcp.port": "80", - "tcp.stream": "242", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x0000958e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:7e:34:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 949812, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "949812", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:41.977843000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495341.977843000", - "frame.time_delta": "0.000578000", - "frame.time_delta_displayed": "0.000578000", - "frame.time_relative": "1750.517157000", - "frame.number": "6406", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47574", - "tcp.port": "80", - "tcp.port": "47574", - "tcp.stream": "242", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000ab43", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "6405", - "tcp.analysis.ack_rtt": "0.000578000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:41.983428000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495341.983428000", - "frame.time_delta": "0.005585000", - "frame.time_delta_displayed": "0.005585000", - "frame.time_relative": "1750.522742000", - "frame.number": "6407", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00003c83", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007c06", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47574", - "tcp.dstport": "80", - "tcp.port": "47574", - "tcp.port": "80", - "tcp.stream": "242", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00005ccb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6406", - "tcp.analysis.ack_rtt": "0.005585000", - "tcp.analysis.initial_rtt": "0.006163000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:41.992549000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495341.992549000", - "frame.time_delta": "0.009121000", - "frame.time_delta_displayed": "0.009121000", - "frame.time_relative": "1750.531863000", - "frame.number": "6408", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x00003c84", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007b45", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47574", - "tcp.dstport": "80", - "tcp.port": "47574", - "tcp.port": "80", - "tcp.stream": "242", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000bc45", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.006163000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:41.993106000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495341.993106000", - "frame.time_delta": "0.000557000", - "frame.time_delta_displayed": "0.000557000", - "frame.time_relative": "1750.532420000", - "frame.number": "6409", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000e9b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a9ee", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47574", - "tcp.port": "80", - "tcp.port": "47574", - "tcp.stream": "242", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00004e9a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6408", - "tcp.analysis.ack_rtt": "0.000557000", - "tcp.analysis.initial_rtt": "0.006163000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:41.993813000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495341.993813000", - "frame.time_delta": "0.000707000", - "frame.time_delta_displayed": "0.000707000", - "frame.time_relative": "1750.533127000", - "frame.number": "6410", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00000e9c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a9dc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47574", - "tcp.port": "80", - "tcp.port": "47574", - "tcp.stream": "242", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00008ebb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.006163000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:41.994196000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495341.994196000", - "frame.time_delta": "0.000383000", - "frame.time_delta_displayed": "0.000383000", - "frame.time_relative": "1750.533510000", - "frame.number": "6411", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00000e9d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a609", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47574", - "tcp.port": "80", - "tcp.port": "47574", - "tcp.stream": "242", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000e124", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.006163000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "6410", - "tcp.segment": "6411", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001647000", - "http.request_in": "6408", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:41.999187000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495341.999187000", - "frame.time_delta": "0.004991000", - "frame.time_delta_displayed": "0.004991000", - "frame.time_relative": "1750.538501000", - "frame.number": "6412", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00003c85", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007c04", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47574", - "tcp.dstport": "80", - "tcp.port": "47574", - "tcp.port": "80", - "tcp.stream": "242", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00005bfa", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6410", - "tcp.analysis.ack_rtt": "0.005374000", - "tcp.analysis.initial_rtt": "0.006163000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:41.999845000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495341.999845000", - "frame.time_delta": "0.000658000", - "frame.time_delta_displayed": "0.000658000", - "frame.time_relative": "1750.539159000", - "frame.number": "6413", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00003c86", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007c03", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47574", - "tcp.dstport": "80", - "tcp.port": "47574", - "tcp.port": "80", - "tcp.stream": "242", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000580f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6411", - "tcp.analysis.ack_rtt": "0.005649000", - "tcp.analysis.initial_rtt": "0.006163000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:42.003032000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495342.003032000", - "frame.time_delta": "0.003187000", - "frame.time_delta_displayed": "0.003187000", - "frame.time_relative": "1750.542346000", - "frame.number": "6414", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00003c87", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007c02", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47574", - "tcp.dstport": "80", - "tcp.port": "47574", - "tcp.port": "80", - "tcp.stream": "242", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000580e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:42.003501000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495342.003501000", - "frame.time_delta": "0.000469000", - "frame.time_delta_displayed": "0.000469000", - "frame.time_relative": "1750.542815000", - "frame.number": "6415", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000013b7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a4d2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47574", - "tcp.port": "80", - "tcp.port": "47574", - "tcp.stream": "242", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00004aa4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6414", - "tcp.analysis.ack_rtt": "0.000469000", - "tcp.analysis.initial_rtt": "0.006163000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:42.007600000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495342.007600000", - "frame.time_delta": "0.004099000", - "frame.time_delta_displayed": "0.004099000", - "frame.time_relative": "1750.546914000", - "frame.number": "6416", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002157", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009732", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47574", - "tcp.dstport": "80", - "tcp.port": "47574", - "tcp.port": "80", - "tcp.stream": "242", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00007af0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:42.157567000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495342.157567000", - "frame.time_delta": "0.149967000", - "frame.time_delta_displayed": "0.149967000", - "frame.time_relative": "1750.696881000", - "frame.number": "6417", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00005450", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00006311", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "237", - "http.prev_response_in": "6404" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:42.168634000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495342.168634000", - "frame.time_delta": "0.011067000", - "frame.time_delta_displayed": "0.011067000", - "frame.time_relative": "1750.707948000", - "frame.number": "6418", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x00006efd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004978", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47575", - "tcp.dstport": "80", - "tcp.port": "47575", - "tcp.port": "80", - "tcp.stream": "243", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x0000d7c7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:7e:47:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 949831, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "949831", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:42.169180000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495342.169180000", - "frame.time_delta": "0.000546000", - "frame.time_delta_displayed": "0.000546000", - "frame.time_relative": "1750.708494000", - "frame.number": "6419", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47575", - "tcp.port": "80", - "tcp.port": "47575", - "tcp.stream": "243", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000181b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "6418", - "tcp.analysis.ack_rtt": "0.000546000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:42.173784000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495342.173784000", - "frame.time_delta": "0.004604000", - "frame.time_delta_displayed": "0.004604000", - "frame.time_relative": "1750.713098000", - "frame.number": "6420", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00006efe", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000498b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47575", - "tcp.dstport": "80", - "tcp.port": "47575", - "tcp.port": "80", - "tcp.stream": "243", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000c9a2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6419", - "tcp.analysis.ack_rtt": "0.004604000", - "tcp.analysis.initial_rtt": "0.005150000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:42.174715000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495342.174715000", - "frame.time_delta": "0.000931000", - "frame.time_delta_displayed": "0.000931000", - "frame.time_relative": "1750.714029000", - "frame.number": "6421", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x00006eff", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000048ca", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47575", - "tcp.dstport": "80", - "tcp.port": "47575", - "tcp.port": "80", - "tcp.stream": "243", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000291d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005150000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:42.175194000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495342.175194000", - "frame.time_delta": "0.000479000", - "frame.time_delta_displayed": "0.000479000", - "frame.time_relative": "1750.714508000", - "frame.number": "6422", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000ae09", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000a80", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47575", - "tcp.port": "80", - "tcp.port": "47575", - "tcp.stream": "243", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000bb71", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6421", - "tcp.analysis.ack_rtt": "0.000479000", - "tcp.analysis.initial_rtt": "0.005150000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:42.175873000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495342.175873000", - "frame.time_delta": "0.000679000", - "frame.time_delta_displayed": "0.000679000", - "frame.time_relative": "1750.715187000", - "frame.number": "6423", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000ae0a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000a6e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47575", - "tcp.port": "80", - "tcp.port": "47575", - "tcp.stream": "243", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000fb92", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005150000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:42.176302000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495342.176302000", - "frame.time_delta": "0.000429000", - "frame.time_delta_displayed": "0.000429000", - "frame.time_relative": "1750.715616000", - "frame.number": "6424", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000ae0b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000069b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47575", - "tcp.port": "80", - "tcp.port": "47575", - "tcp.stream": "243", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00004dfc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005150000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "6423", - "tcp.segment": "6424", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001587000", - "http.request_in": "6421", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:42.178877000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495342.178877000", - "frame.time_delta": "0.002575000", - "frame.time_delta_displayed": "0.002575000", - "frame.time_relative": "1750.718191000", - "frame.number": "6425", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000ae0c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000069a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47575", - "tcp.port": "80", - "tcp.port": "47575", - "tcp.stream": "243", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00004dfc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005150000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.out_of_order": "", - "_ws.expert.message": "This frame is a (suspected) out-of-order segment", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - } - } - }, - "_ws.malformed": { - "_ws.expert": { - "_ws.malformed.reassembly": "", - "_ws.expert.message": "New fragment overlaps old data (retransmission?)", - "_ws.expert.severity": "8388608", - "_ws.expert.group": "117440512" - }, - "_ws.malformed": "Malformed Packet" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:42.182619000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495342.182619000", - "frame.time_delta": "0.003742000", - "frame.time_delta_displayed": "0.003742000", - "frame.time_relative": "1750.721933000", - "frame.number": "6426", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00006f00", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004989", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47575", - "tcp.dstport": "80", - "tcp.port": "47575", - "tcp.port": "80", - "tcp.stream": "243", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000c8d1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6423", - "tcp.analysis.ack_rtt": "0.006746000", - "tcp.analysis.initial_rtt": "0.005150000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:42.182668000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495342.182668000", - "frame.time_delta": "0.000049000", - "frame.time_delta_displayed": "0.000049000", - "frame.time_relative": "1750.721982000", - "frame.number": "6427", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00006f01", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004988", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47575", - "tcp.dstport": "80", - "tcp.port": "47575", - "tcp.port": "80", - "tcp.stream": "243", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000c4e6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6424", - "tcp.analysis.ack_rtt": "0.006366000", - "tcp.analysis.initial_rtt": "0.005150000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:42.183518000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495342.183518000", - "frame.time_delta": "0.000850000", - "frame.time_delta_displayed": "0.000850000", - "frame.time_relative": "1750.722832000", - "frame.number": "6428", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00006f02", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004987", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47575", - "tcp.dstport": "80", - "tcp.port": "47575", - "tcp.port": "80", - "tcp.stream": "243", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000c4e5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:42.183970000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495342.183970000", - "frame.time_delta": "0.000452000", - "frame.time_delta_displayed": "0.000452000", - "frame.time_relative": "1750.723284000", - "frame.number": "6429", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000013c5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a4c4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47575", - "tcp.port": "80", - "tcp.port": "47575", - "tcp.stream": "243", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000b77b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6428", - "tcp.analysis.ack_rtt": "0.000452000", - "tcp.analysis.initial_rtt": "0.005150000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:42.184338000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495342.184338000", - "frame.time_delta": "0.000368000", - "frame.time_delta_displayed": "0.000368000", - "frame.time_relative": "1750.723652000", - "frame.number": "6430", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002169", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009720", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47575", - "tcp.dstport": "80", - "tcp.port": "47575", - "tcp.port": "80", - "tcp.stream": "243", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000bd3d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:42.188470000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495342.188470000", - "frame.time_delta": "0.004132000", - "frame.time_delta_displayed": "0.004132000", - "frame.time_relative": "1750.727784000", - "frame.number": "6431", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000216a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000971f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47575", - "tcp.dstport": "80", - "tcp.port": "47575", - "tcp.port": "80", - "tcp.stream": "243", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000bd3c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:42.210700000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495342.210700000", - "frame.time_delta": "0.022230000", - "frame.time_delta_displayed": "0.022230000", - "frame.time_relative": "1750.750014000", - "frame.number": "6432", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00005456", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00006302", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "238", - "http.prev_response_in": "6417" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:42.234833000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495342.234833000", - "frame.time_delta": "0.024133000", - "frame.time_delta_displayed": "0.024133000", - "frame.time_relative": "1750.774147000", - "frame.number": "6433", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x0000cd50", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000eb24", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47576", - "tcp.dstport": "80", - "tcp.port": "47576", - "tcp.port": "80", - "tcp.stream": "244", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x000028d6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:7e:4e:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 949838, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "949838", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:42.235394000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495342.235394000", - "frame.time_delta": "0.000561000", - "frame.time_delta_displayed": "0.000561000", - "frame.time_relative": "1750.774708000", - "frame.number": "6434", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47576", - "tcp.port": "80", - "tcp.port": "47576", - "tcp.stream": "244", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000e579", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "6433", - "tcp.analysis.ack_rtt": "0.000561000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:42.239668000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495342.239668000", - "frame.time_delta": "0.004274000", - "frame.time_delta_displayed": "0.004274000", - "frame.time_relative": "1750.778982000", - "frame.number": "6435", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000cd51", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000eb37", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47576", - "tcp.dstport": "80", - "tcp.port": "47576", - "tcp.port": "80", - "tcp.stream": "244", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00009701", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6434", - "tcp.analysis.ack_rtt": "0.004274000", - "tcp.analysis.initial_rtt": "0.004835000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:42.239712000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495342.239712000", - "frame.time_delta": "0.000044000", - "frame.time_delta_displayed": "0.000044000", - "frame.time_relative": "1750.779026000", - "frame.number": "6436", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x0000cd52", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ea76", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47576", - "tcp.dstport": "80", - "tcp.port": "47576", - "tcp.port": "80", - "tcp.stream": "244", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000f67b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004835000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:42.240222000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495342.240222000", - "frame.time_delta": "0.000510000", - "frame.time_delta_displayed": "0.000510000", - "frame.time_relative": "1750.779536000", - "frame.number": "6437", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000f177", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000c711", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47576", - "tcp.port": "80", - "tcp.port": "47576", - "tcp.stream": "244", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000088d0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6436", - "tcp.analysis.ack_rtt": "0.000510000", - "tcp.analysis.initial_rtt": "0.004835000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:42.240915000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495342.240915000", - "frame.time_delta": "0.000693000", - "frame.time_delta_displayed": "0.000693000", - "frame.time_relative": "1750.780229000", - "frame.number": "6438", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000f178", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000c6ff", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47576", - "tcp.port": "80", - "tcp.port": "47576", - "tcp.stream": "244", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000c8f1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004835000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:42.241373000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495342.241373000", - "frame.time_delta": "0.000458000", - "frame.time_delta_displayed": "0.000458000", - "frame.time_relative": "1750.780687000", - "frame.number": "6439", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000f179", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000c32c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47576", - "tcp.port": "80", - "tcp.port": "47576", - "tcp.stream": "244", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00001b5b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004835000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "6438", - "tcp.segment": "6439", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001661000", - "http.request_in": "6436", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:42.246178000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495342.246178000", - "frame.time_delta": "0.004805000", - "frame.time_delta_displayed": "0.004805000", - "frame.time_relative": "1750.785492000", - "frame.number": "6440", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000cd53", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000eb35", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47576", - "tcp.dstport": "80", - "tcp.port": "47576", - "tcp.port": "80", - "tcp.stream": "244", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00009630", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6438", - "tcp.analysis.ack_rtt": "0.005263000", - "tcp.analysis.initial_rtt": "0.004835000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:42.246310000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495342.246310000", - "frame.time_delta": "0.000132000", - "frame.time_delta_displayed": "0.000132000", - "frame.time_relative": "1750.785624000", - "frame.number": "6441", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000cd54", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000eb34", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47576", - "tcp.dstport": "80", - "tcp.port": "47576", - "tcp.port": "80", - "tcp.stream": "244", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00009245", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6439", - "tcp.analysis.ack_rtt": "0.004937000", - "tcp.analysis.initial_rtt": "0.004835000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:42.248264000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495342.248264000", - "frame.time_delta": "0.001954000", - "frame.time_delta_displayed": "0.001954000", - "frame.time_relative": "1750.787578000", - "frame.number": "6442", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000cd55", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000eb33", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47576", - "tcp.dstport": "80", - "tcp.port": "47576", - "tcp.port": "80", - "tcp.stream": "244", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00009244", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:42.248758000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495342.248758000", - "frame.time_delta": "0.000494000", - "frame.time_delta_displayed": "0.000494000", - "frame.time_relative": "1750.788072000", - "frame.number": "6443", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000013c9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a4c0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47576", - "tcp.port": "80", - "tcp.port": "47576", - "tcp.stream": "244", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000084da", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6442", - "tcp.analysis.ack_rtt": "0.000494000", - "tcp.analysis.initial_rtt": "0.004835000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:42.253142000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495342.253142000", - "frame.time_delta": "0.004384000", - "frame.time_delta_displayed": "0.004384000", - "frame.time_relative": "1750.792456000", - "frame.number": "6444", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000216f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000971a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47576", - "tcp.dstport": "80", - "tcp.port": "47576", - "tcp.port": "80", - "tcp.stream": "244", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00000e52", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:42.263593000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495342.263593000", - "frame.time_delta": "0.010451000", - "frame.time_delta_displayed": "0.010451000", - "frame.time_relative": "1750.802907000", - "frame.number": "6445", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00005459", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00006305", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "239", - "http.prev_response_in": "6432" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:42.278879000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495342.278879000", - "frame.time_delta": "0.015286000", - "frame.time_delta_displayed": "0.015286000", - "frame.time_relative": "1750.818193000", - "frame.number": "6446", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x00002580", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000092f5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47577", - "tcp.dstport": "80", - "tcp.port": "47577", - "tcp.port": "80", - "tcp.stream": "245", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x0000c0ff", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:7e:52:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 949842, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "949842", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:42.279436000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495342.279436000", - "frame.time_delta": "0.000557000", - "frame.time_delta_displayed": "0.000557000", - "frame.time_relative": "1750.818750000", - "frame.number": "6447", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47577", - "tcp.port": "80", - "tcp.port": "47577", - "tcp.stream": "245", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000a40d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "6446", - "tcp.analysis.ack_rtt": "0.000557000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:42.284456000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495342.284456000", - "frame.time_delta": "0.005020000", - "frame.time_delta_displayed": "0.005020000", - "frame.time_relative": "1750.823770000", - "frame.number": "6448", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002581", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009308", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47577", - "tcp.dstport": "80", - "tcp.port": "47577", - "tcp.port": "80", - "tcp.stream": "245", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00005595", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6447", - "tcp.analysis.ack_rtt": "0.005020000", - "tcp.analysis.initial_rtt": "0.005577000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:42.286207000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495342.286207000", - "frame.time_delta": "0.001751000", - "frame.time_delta_displayed": "0.001751000", - "frame.time_relative": "1750.825521000", - "frame.number": "6449", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x00002582", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009247", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47577", - "tcp.dstport": "80", - "tcp.port": "47577", - "tcp.port": "80", - "tcp.stream": "245", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000b50f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005577000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:42.286738000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495342.286738000", - "frame.time_delta": "0.000531000", - "frame.time_delta_displayed": "0.000531000", - "frame.time_relative": "1750.826052000", - "frame.number": "6450", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000aa85", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000e04", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47577", - "tcp.port": "80", - "tcp.port": "47577", - "tcp.stream": "245", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00004764", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6449", - "tcp.analysis.ack_rtt": "0.000531000", - "tcp.analysis.initial_rtt": "0.005577000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:42.287376000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495342.287376000", - "frame.time_delta": "0.000638000", - "frame.time_delta_displayed": "0.000638000", - "frame.time_relative": "1750.826690000", - "frame.number": "6451", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000aa86", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000df2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47577", - "tcp.port": "80", - "tcp.port": "47577", - "tcp.stream": "245", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00008785", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005577000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:42.287727000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495342.287727000", - "frame.time_delta": "0.000351000", - "frame.time_delta_displayed": "0.000351000", - "frame.time_relative": "1750.827041000", - "frame.number": "6452", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000aa87", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000a1f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47577", - "tcp.port": "80", - "tcp.port": "47577", - "tcp.stream": "245", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000d9ee", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005577000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "6451", - "tcp.segment": "6452", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001520000", - "http.request_in": "6449", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:42.288878000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495342.288878000", - "frame.time_delta": "0.001151000", - "frame.time_delta_displayed": "0.001151000", - "frame.time_relative": "1750.828192000", - "frame.number": "6453", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000aa88", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000a1e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47577", - "tcp.port": "80", - "tcp.port": "47577", - "tcp.stream": "245", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000d9ee", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005577000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.out_of_order": "", - "_ws.expert.message": "This frame is a (suspected) out-of-order segment", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - } - } - }, - "_ws.malformed": { - "_ws.expert": { - "_ws.malformed.reassembly": "", - "_ws.expert.message": "New fragment overlaps old data (retransmission?)", - "_ws.expert.severity": "8388608", - "_ws.expert.group": "117440512" - }, - "_ws.malformed": "Malformed Packet" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:42.291496000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495342.291496000", - "frame.time_delta": "0.002618000", - "frame.time_delta_displayed": "0.002618000", - "frame.time_relative": "1750.830810000", - "frame.number": "6454", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002583", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009306", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47577", - "tcp.dstport": "80", - "tcp.port": "47577", - "tcp.port": "80", - "tcp.stream": "245", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000054c4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6451", - "tcp.analysis.ack_rtt": "0.004120000", - "tcp.analysis.initial_rtt": "0.005577000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:42.297734000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495342.297734000", - "frame.time_delta": "0.006238000", - "frame.time_delta_displayed": "0.006238000", - "frame.time_relative": "1750.837048000", - "frame.number": "6455", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002584", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009305", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47577", - "tcp.dstport": "80", - "tcp.port": "47577", - "tcp.port": "80", - "tcp.stream": "245", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000050d9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6452", - "tcp.analysis.ack_rtt": "0.010007000", - "tcp.analysis.initial_rtt": "0.005577000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:42.297777000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495342.297777000", - "frame.time_delta": "0.000043000", - "frame.time_delta_displayed": "0.000043000", - "frame.time_relative": "1750.837091000", - "frame.number": "6456", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002585", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000092f8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47577", - "tcp.dstport": "80", - "tcp.port": "47577", - "tcp.port": "80", - "tcp.stream": "245", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000762b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:05:0a:9c:28:b4:30:9c:28:b8:14", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "SACK: 18-1014": { - "tcp.option_kind": "5", - "tcp.option_len": "10", - "tcp.options.sack": "1", - "tcp.options.sack_le": "18", - "tcp.options.sack_re": "1014", - "tcp.options.sack.count": "1" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005577000", - "tcp.analysis.flags": { - "tcp.analysis.duplicate_ack": "" - }, - "tcp.analysis.duplicate_ack_num": "1", - "tcp.analysis.duplicate_ack_frame": "6455", - "tcp.analysis.duplicate_ack_frame_tree": { - "_ws.expert": { - "tcp.analysis.duplicate_ack": "", - "_ws.expert.message": "Duplicate ACK (#1)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:42.298405000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495342.298405000", - "frame.time_delta": "0.000628000", - "frame.time_delta_displayed": "0.000628000", - "frame.time_relative": "1750.837719000", - "frame.number": "6457", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002586", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009303", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47577", - "tcp.dstport": "80", - "tcp.port": "47577", - "tcp.port": "80", - "tcp.stream": "245", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000050d8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:42.298857000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495342.298857000", - "frame.time_delta": "0.000452000", - "frame.time_delta_displayed": "0.000452000", - "frame.time_relative": "1750.838171000", - "frame.number": "6458", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000013ce", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a4bb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47577", - "tcp.port": "80", - "tcp.port": "47577", - "tcp.stream": "245", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000436e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6457", - "tcp.analysis.ack_rtt": "0.000452000", - "tcp.analysis.initial_rtt": "0.005577000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:42.305627000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495342.305627000", - "frame.time_delta": "0.006770000", - "frame.time_delta_displayed": "0.006770000", - "frame.time_relative": "1750.844941000", - "frame.number": "6459", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002170", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009719", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47577", - "tcp.dstport": "80", - "tcp.port": "47577", - "tcp.port": "80", - "tcp.stream": "245", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000a67f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:43.210618000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495343.210618000", - "frame.time_delta": "0.904991000", - "frame.time_delta_displayed": "0.904991000", - "frame.time_relative": "1751.749932000", - "frame.number": "6460", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00005460", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00006301", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "240", - "http.prev_response_in": "6445" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:43.263355000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495343.263355000", - "frame.time_delta": "0.052737000", - "frame.time_delta_displayed": "0.052737000", - "frame.time_relative": "1751.802669000", - "frame.number": "6461", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00005462", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000062f6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "241", - "http.prev_response_in": "6460" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:43.298587000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495343.298587000", - "frame.time_delta": "0.035232000", - "frame.time_delta_displayed": "0.035232000", - "frame.time_relative": "1751.837901000", - "frame.number": "6462", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x0000a421", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001454", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47578", - "tcp.dstport": "80", - "tcp.port": "47578", - "tcp.port": "80", - "tcp.stream": "246", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x0000d86a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:7e:b8:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 949944, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "949944", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:43.299147000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495343.299147000", - "frame.time_delta": "0.000560000", - "frame.time_delta_displayed": "0.000560000", - "frame.time_relative": "1751.838461000", - "frame.number": "6463", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47578", - "tcp.port": "80", - "tcp.port": "47578", - "tcp.stream": "246", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00006990", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "6462", - "tcp.analysis.ack_rtt": "0.000560000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:43.302668000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495343.302668000", - "frame.time_delta": "0.003521000", - "frame.time_delta_displayed": "0.003521000", - "frame.time_relative": "1751.841982000", - "frame.number": "6464", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000a422", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001467", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47578", - "tcp.dstport": "80", - "tcp.port": "47578", - "tcp.port": "80", - "tcp.stream": "246", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00001b18", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6463", - "tcp.analysis.ack_rtt": "0.003521000", - "tcp.analysis.initial_rtt": "0.004081000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:43.303178000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495343.303178000", - "frame.time_delta": "0.000510000", - "frame.time_delta_displayed": "0.000510000", - "frame.time_relative": "1751.842492000", - "frame.number": "6465", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x0000a423", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000013a6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47578", - "tcp.dstport": "80", - "tcp.port": "47578", - "tcp.port": "80", - "tcp.stream": "246", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00007a92", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004081000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:43.303759000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495343.303759000", - "frame.time_delta": "0.000581000", - "frame.time_delta_displayed": "0.000581000", - "frame.time_relative": "1751.843073000", - "frame.number": "6466", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000c890", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000eff8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47578", - "tcp.port": "80", - "tcp.port": "47578", - "tcp.stream": "246", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00000ce7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6465", - "tcp.analysis.ack_rtt": "0.000581000", - "tcp.analysis.initial_rtt": "0.004081000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:43.304304000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495343.304304000", - "frame.time_delta": "0.000545000", - "frame.time_delta_displayed": "0.000545000", - "frame.time_relative": "1751.843618000", - "frame.number": "6467", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000c891", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000efe6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47578", - "tcp.port": "80", - "tcp.port": "47578", - "tcp.stream": "246", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00004d08", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004081000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:43.304654000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495343.304654000", - "frame.time_delta": "0.000350000", - "frame.time_delta_displayed": "0.000350000", - "frame.time_relative": "1751.843968000", - "frame.number": "6468", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000c892", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ec13", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47578", - "tcp.port": "80", - "tcp.port": "47578", - "tcp.stream": "246", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00009f71", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004081000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "6467", - "tcp.segment": "6468", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001476000", - "http.request_in": "6465", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:43.308884000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495343.308884000", - "frame.time_delta": "0.004230000", - "frame.time_delta_displayed": "0.004230000", - "frame.time_relative": "1751.848198000", - "frame.number": "6469", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000c893", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ec12", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47578", - "tcp.port": "80", - "tcp.port": "47578", - "tcp.stream": "246", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00009f71", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004081000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.retransmission": "", - "_ws.expert.message": "This frame is a (suspected) retransmission", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - }, - "tcp.analysis.rto": "0.004230000", - "tcp.analysis.rto_frame": "6468" - } - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:43.309120000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495343.309120000", - "frame.time_delta": "0.000236000", - "frame.time_delta_displayed": "0.000236000", - "frame.time_relative": "1751.848434000", - "frame.number": "6470", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000a424", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001465", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47578", - "tcp.dstport": "80", - "tcp.port": "47578", - "tcp.port": "80", - "tcp.stream": "246", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00001a47", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6467", - "tcp.analysis.ack_rtt": "0.004816000", - "tcp.analysis.initial_rtt": "0.004081000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:43.309273000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495343.309273000", - "frame.time_delta": "0.000153000", - "frame.time_delta_displayed": "0.000153000", - "frame.time_relative": "1751.848587000", - "frame.number": "6471", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000a425", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001464", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47578", - "tcp.dstport": "80", - "tcp.port": "47578", - "tcp.port": "80", - "tcp.stream": "246", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000165c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6468", - "tcp.analysis.ack_rtt": "0.004619000", - "tcp.analysis.initial_rtt": "0.004081000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:43.310408000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495343.310408000", - "frame.time_delta": "0.001135000", - "frame.time_delta_displayed": "0.001135000", - "frame.time_relative": "1751.849722000", - "frame.number": "6472", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000a426", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001463", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47578", - "tcp.dstport": "80", - "tcp.port": "47578", - "tcp.port": "80", - "tcp.stream": "246", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000165b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:43.310858000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495343.310858000", - "frame.time_delta": "0.000450000", - "frame.time_delta_displayed": "0.000450000", - "frame.time_relative": "1751.850172000", - "frame.number": "6473", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000141b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a46e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47578", - "tcp.port": "80", - "tcp.port": "47578", - "tcp.stream": "246", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000008f1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6472", - "tcp.analysis.ack_rtt": "0.000450000", - "tcp.analysis.initial_rtt": "0.004081000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:43.313898000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495343.313898000", - "frame.time_delta": "0.003040000", - "frame.time_delta_displayed": "0.003040000", - "frame.time_relative": "1751.853212000", - "frame.number": "6474", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002178", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009711", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47578", - "tcp.dstport": "80", - "tcp.port": "47578", - "tcp.port": "80", - "tcp.stream": "246", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000be51", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:43.313939000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495343.313939000", - "frame.time_delta": "0.000041000", - "frame.time_delta_displayed": "0.000041000", - "frame.time_relative": "1751.853253000", - "frame.number": "6475", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002179", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009710", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47578", - "tcp.dstport": "80", - "tcp.port": "47578", - "tcp.port": "80", - "tcp.stream": "246", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000be50", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:43.316423000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495343.316423000", - "frame.time_delta": "0.002484000", - "frame.time_delta_displayed": "0.002484000", - "frame.time_relative": "1751.855737000", - "frame.number": "6476", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00005466", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000062f8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "242", - "http.prev_response_in": "6461" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:43.327214000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495343.327214000", - "frame.time_delta": "0.010791000", - "frame.time_delta_displayed": "0.010791000", - "frame.time_relative": "1751.866528000", - "frame.number": "6477", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x000051ac", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000066c9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47579", - "tcp.dstport": "80", - "tcp.port": "47579", - "tcp.port": "80", - "tcp.stream": "247", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x00005328", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:7e:bb:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 949947, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "949947", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:43.327757000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495343.327757000", - "frame.time_delta": "0.000543000", - "frame.time_delta_displayed": "0.000543000", - "frame.time_relative": "1751.867071000", - "frame.number": "6478", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47579", - "tcp.port": "80", - "tcp.port": "47579", - "tcp.stream": "247", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000a406", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "6477", - "tcp.analysis.ack_rtt": "0.000543000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:43.331114000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495343.331114000", - "frame.time_delta": "0.003357000", - "frame.time_delta_displayed": "0.003357000", - "frame.time_relative": "1751.870428000", - "frame.number": "6479", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000051ad", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000066dc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47579", - "tcp.dstport": "80", - "tcp.port": "47579", - "tcp.port": "80", - "tcp.stream": "247", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000558e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6478", - "tcp.analysis.ack_rtt": "0.003357000", - "tcp.analysis.initial_rtt": "0.003900000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:43.331779000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495343.331779000", - "frame.time_delta": "0.000665000", - "frame.time_delta_displayed": "0.000665000", - "frame.time_relative": "1751.871093000", - "frame.number": "6480", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x000051ae", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000661b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47579", - "tcp.dstport": "80", - "tcp.port": "47579", - "tcp.port": "80", - "tcp.stream": "247", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000b508", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003900000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:43.332494000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495343.332494000", - "frame.time_delta": "0.000715000", - "frame.time_delta_displayed": "0.000715000", - "frame.time_relative": "1751.871808000", - "frame.number": "6481", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000cfb1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e8d7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47579", - "tcp.port": "80", - "tcp.port": "47579", - "tcp.stream": "247", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000475d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6480", - "tcp.analysis.ack_rtt": "0.000715000", - "tcp.analysis.initial_rtt": "0.003900000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:43.333153000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495343.333153000", - "frame.time_delta": "0.000659000", - "frame.time_delta_displayed": "0.000659000", - "frame.time_relative": "1751.872467000", - "frame.number": "6482", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000cfb2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e8c5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47579", - "tcp.port": "80", - "tcp.port": "47579", - "tcp.stream": "247", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000877e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003900000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:43.333596000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495343.333596000", - "frame.time_delta": "0.000443000", - "frame.time_delta_displayed": "0.000443000", - "frame.time_relative": "1751.872910000", - "frame.number": "6483", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000cfb3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e4f2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47579", - "tcp.port": "80", - "tcp.port": "47579", - "tcp.stream": "247", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000d9e7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003900000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "6482", - "tcp.segment": "6483", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001817000", - "http.request_in": "6480", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:43.336511000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495343.336511000", - "frame.time_delta": "0.002915000", - "frame.time_delta_displayed": "0.002915000", - "frame.time_relative": "1751.875825000", - "frame.number": "6484", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000051af", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000066da", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47579", - "tcp.dstport": "80", - "tcp.port": "47579", - "tcp.port": "80", - "tcp.stream": "247", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000054bd", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6482", - "tcp.analysis.ack_rtt": "0.003358000", - "tcp.analysis.initial_rtt": "0.003900000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:43.336628000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495343.336628000", - "frame.time_delta": "0.000117000", - "frame.time_delta_displayed": "0.000117000", - "frame.time_relative": "1751.875942000", - "frame.number": "6485", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000051b0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000066d9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47579", - "tcp.dstport": "80", - "tcp.port": "47579", - "tcp.port": "80", - "tcp.stream": "247", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000050d2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6483", - "tcp.analysis.ack_rtt": "0.003032000", - "tcp.analysis.initial_rtt": "0.003900000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:43.337235000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495343.337235000", - "frame.time_delta": "0.000607000", - "frame.time_delta_displayed": "0.000607000", - "frame.time_relative": "1751.876549000", - "frame.number": "6486", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000051b1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000066d8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47579", - "tcp.dstport": "80", - "tcp.port": "47579", - "tcp.port": "80", - "tcp.stream": "247", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000050d1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:43.337685000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495343.337685000", - "frame.time_delta": "0.000450000", - "frame.time_delta_displayed": "0.000450000", - "frame.time_relative": "1751.876999000", - "frame.number": "6487", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000141c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a46d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47579", - "tcp.port": "80", - "tcp.port": "47579", - "tcp.stream": "247", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00004367", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6486", - "tcp.analysis.ack_rtt": "0.000450000", - "tcp.analysis.initial_rtt": "0.003900000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:43.342096000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495343.342096000", - "frame.time_delta": "0.004411000", - "frame.time_delta_displayed": "0.004411000", - "frame.time_relative": "1751.881410000", - "frame.number": "6488", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000217c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000970d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47579", - "tcp.dstport": "80", - "tcp.port": "47579", - "tcp.port": "80", - "tcp.stream": "247", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00003911", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:43.633770000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495343.633770000", - "frame.time_delta": "0.291674000", - "frame.time_delta_displayed": "0.291674000", - "frame.time_relative": "1752.173084000", - "frame.number": "6489", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00005474", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000062ed", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "243", - "http.prev_response_in": "6476" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:43.686656000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495343.686656000", - "frame.time_delta": "0.052886000", - "frame.time_delta_displayed": "0.052886000", - "frame.time_relative": "1752.225970000", - "frame.number": "6490", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00005476", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000062e2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "244", - "http.prev_response_in": "6489" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:43.713894000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495343.713894000", - "frame.time_delta": "0.027238000", - "frame.time_delta_displayed": "0.027238000", - "frame.time_relative": "1752.253208000", - "frame.number": "6491", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x000074cc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000043a9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47580", - "tcp.dstport": "80", - "tcp.port": "47580", - "tcp.port": "80", - "tcp.stream": "248", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x00005ca5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:7e:e1:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 949985, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "949985", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:43.714443000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495343.714443000", - "frame.time_delta": "0.000549000", - "frame.time_delta_displayed": "0.000549000", - "frame.time_relative": "1752.253757000", - "frame.number": "6492", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47580", - "tcp.port": "80", - "tcp.port": "47580", - "tcp.stream": "248", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000d79e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "6491", - "tcp.analysis.ack_rtt": "0.000549000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:43.721838000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495343.721838000", - "frame.time_delta": "0.007395000", - "frame.time_delta_displayed": "0.007395000", - "frame.time_relative": "1752.261152000", - "frame.number": "6493", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000074cd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000043bc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47580", - "tcp.dstport": "80", - "tcp.port": "47580", - "tcp.port": "80", - "tcp.stream": "248", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00008926", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6492", - "tcp.analysis.ack_rtt": "0.007395000", - "tcp.analysis.initial_rtt": "0.007944000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:43.721941000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495343.721941000", - "frame.time_delta": "0.000103000", - "frame.time_delta_displayed": "0.000103000", - "frame.time_relative": "1752.261255000", - "frame.number": "6494", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x000074ce", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000042fb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47580", - "tcp.dstport": "80", - "tcp.port": "47580", - "tcp.port": "80", - "tcp.stream": "248", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000e8a0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.007944000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:43.722454000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495343.722454000", - "frame.time_delta": "0.000513000", - "frame.time_delta_displayed": "0.000513000", - "frame.time_relative": "1752.261768000", - "frame.number": "6495", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00006a8b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004dfe", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47580", - "tcp.port": "80", - "tcp.port": "47580", - "tcp.stream": "248", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00007af5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6494", - "tcp.analysis.ack_rtt": "0.000513000", - "tcp.analysis.initial_rtt": "0.007944000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:43.723114000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495343.723114000", - "frame.time_delta": "0.000660000", - "frame.time_delta_displayed": "0.000660000", - "frame.time_relative": "1752.262428000", - "frame.number": "6496", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00006a8c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004dec", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47580", - "tcp.port": "80", - "tcp.port": "47580", - "tcp.stream": "248", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000bb16", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.007944000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:43.723486000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495343.723486000", - "frame.time_delta": "0.000372000", - "frame.time_delta_displayed": "0.000372000", - "frame.time_relative": "1752.262800000", - "frame.number": "6497", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00006a8d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004a19", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47580", - "tcp.port": "80", - "tcp.port": "47580", - "tcp.stream": "248", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00000d80", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.007944000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "6496", - "tcp.segment": "6497", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001545000", - "http.request_in": "6494", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:43.731453000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495343.731453000", - "frame.time_delta": "0.007967000", - "frame.time_delta_displayed": "0.007967000", - "frame.time_relative": "1752.270767000", - "frame.number": "6498", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000074cf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000043ba", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47580", - "tcp.dstport": "80", - "tcp.port": "47580", - "tcp.port": "80", - "tcp.stream": "248", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00008855", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6496", - "tcp.analysis.ack_rtt": "0.008339000", - "tcp.analysis.initial_rtt": "0.007944000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:43.731501000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495343.731501000", - "frame.time_delta": "0.000048000", - "frame.time_delta_displayed": "0.000048000", - "frame.time_relative": "1752.270815000", - "frame.number": "6499", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000074d0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000043b9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47580", - "tcp.dstport": "80", - "tcp.port": "47580", - "tcp.port": "80", - "tcp.stream": "248", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000846a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6497", - "tcp.analysis.ack_rtt": "0.008015000", - "tcp.analysis.initial_rtt": "0.007944000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:43.732127000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495343.732127000", - "frame.time_delta": "0.000626000", - "frame.time_delta_displayed": "0.000626000", - "frame.time_relative": "1752.271441000", - "frame.number": "6500", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000074d1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000043b8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47580", - "tcp.dstport": "80", - "tcp.port": "47580", - "tcp.port": "80", - "tcp.stream": "248", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00008469", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:43.732577000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495343.732577000", - "frame.time_delta": "0.000450000", - "frame.time_delta_displayed": "0.000450000", - "frame.time_relative": "1752.271891000", - "frame.number": "6501", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000141f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a46a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47580", - "tcp.port": "80", - "tcp.port": "47580", - "tcp.stream": "248", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000076ff", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6500", - "tcp.analysis.ack_rtt": "0.000450000", - "tcp.analysis.initial_rtt": "0.007944000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:43.736578000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495343.736578000", - "frame.time_delta": "0.004001000", - "frame.time_delta_displayed": "0.004001000", - "frame.time_relative": "1752.275892000", - "frame.number": "6502", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002187", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009702", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47580", - "tcp.dstport": "80", - "tcp.port": "47580", - "tcp.port": "80", - "tcp.stream": "248", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000042b4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:43.739640000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495343.739640000", - "frame.time_delta": "0.003062000", - "frame.time_delta_displayed": "0.003062000", - "frame.time_relative": "1752.278954000", - "frame.number": "6503", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000547a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000062e4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "245", - "http.prev_response_in": "6490" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:43.751666000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495343.751666000", - "frame.time_delta": "0.012026000", - "frame.time_delta_displayed": "0.012026000", - "frame.time_relative": "1752.290980000", - "frame.number": "6504", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x000048b2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006fc3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47581", - "tcp.dstport": "80", - "tcp.port": "47581", - "tcp.port": "80", - "tcp.stream": "249", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x000033b3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:7e:e6:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 949990, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "949990", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:43.752200000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495343.752200000", - "frame.time_delta": "0.000534000", - "frame.time_delta_displayed": "0.000534000", - "frame.time_relative": "1752.291514000", - "frame.number": "6505", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47581", - "tcp.port": "80", - "tcp.port": "47581", - "tcp.stream": "249", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00000764", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "6504", - "tcp.analysis.ack_rtt": "0.000534000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:43.760634000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495343.760634000", - "frame.time_delta": "0.008434000", - "frame.time_delta_displayed": "0.008434000", - "frame.time_relative": "1752.299948000", - "frame.number": "6506", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000048b3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006fd6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47581", - "tcp.dstport": "80", - "tcp.port": "47581", - "tcp.port": "80", - "tcp.stream": "249", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000b8eb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6505", - "tcp.analysis.ack_rtt": "0.008434000", - "tcp.analysis.initial_rtt": "0.008968000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:43.760685000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495343.760685000", - "frame.time_delta": "0.000051000", - "frame.time_delta_displayed": "0.000051000", - "frame.time_relative": "1752.299999000", - "frame.number": "6507", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x000048b4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006f15", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47581", - "tcp.dstport": "80", - "tcp.port": "47581", - "tcp.port": "80", - "tcp.stream": "249", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00001866", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.008968000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:43.761195000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495343.761195000", - "frame.time_delta": "0.000510000", - "frame.time_delta_displayed": "0.000510000", - "frame.time_relative": "1752.300509000", - "frame.number": "6508", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00004a0a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006e7f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47581", - "tcp.port": "80", - "tcp.port": "47581", - "tcp.stream": "249", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000aaba", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6507", - "tcp.analysis.ack_rtt": "0.000510000", - "tcp.analysis.initial_rtt": "0.008968000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:43.761970000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495343.761970000", - "frame.time_delta": "0.000775000", - "frame.time_delta_displayed": "0.000775000", - "frame.time_relative": "1752.301284000", - "frame.number": "6509", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00004a0b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006e6d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47581", - "tcp.port": "80", - "tcp.port": "47581", - "tcp.stream": "249", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000eadb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.008968000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:43.762326000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495343.762326000", - "frame.time_delta": "0.000356000", - "frame.time_delta_displayed": "0.000356000", - "frame.time_relative": "1752.301640000", - "frame.number": "6510", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00004a0c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006a9a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47581", - "tcp.port": "80", - "tcp.port": "47581", - "tcp.stream": "249", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00003d45", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.008968000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "6509", - "tcp.segment": "6510", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001641000", - "http.request_in": "6507", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:43.769257000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495343.769257000", - "frame.time_delta": "0.006931000", - "frame.time_delta_displayed": "0.006931000", - "frame.time_relative": "1752.308571000", - "frame.number": "6511", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000048b5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006fd4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47581", - "tcp.dstport": "80", - "tcp.port": "47581", - "tcp.port": "80", - "tcp.stream": "249", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000b81a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6509", - "tcp.analysis.ack_rtt": "0.007287000", - "tcp.analysis.initial_rtt": "0.008968000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:43.769300000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495343.769300000", - "frame.time_delta": "0.000043000", - "frame.time_delta_displayed": "0.000043000", - "frame.time_relative": "1752.308614000", - "frame.number": "6512", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000048b6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006fd3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47581", - "tcp.dstport": "80", - "tcp.port": "47581", - "tcp.port": "80", - "tcp.stream": "249", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000b42f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6510", - "tcp.analysis.ack_rtt": "0.006974000", - "tcp.analysis.initial_rtt": "0.008968000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:43.770949000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495343.770949000", - "frame.time_delta": "0.001649000", - "frame.time_delta_displayed": "0.001649000", - "frame.time_relative": "1752.310263000", - "frame.number": "6513", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000048b7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006fd2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47581", - "tcp.dstport": "80", - "tcp.port": "47581", - "tcp.port": "80", - "tcp.stream": "249", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000b42e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:43.771482000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495343.771482000", - "frame.time_delta": "0.000533000", - "frame.time_delta_displayed": "0.000533000", - "frame.time_relative": "1752.310796000", - "frame.number": "6514", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001422", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a467", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47581", - "tcp.port": "80", - "tcp.port": "47581", - "tcp.stream": "249", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000a6c4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6513", - "tcp.analysis.ack_rtt": "0.000533000", - "tcp.analysis.initial_rtt": "0.008968000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:43.775560000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495343.775560000", - "frame.time_delta": "0.004078000", - "frame.time_delta_displayed": "0.004078000", - "frame.time_relative": "1752.314874000", - "frame.number": "6515", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002188", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009701", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47581", - "tcp.dstport": "80", - "tcp.port": "47581", - "tcp.port": "80", - "tcp.stream": "249", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000019c7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:44.686468000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495344.686468000", - "frame.time_delta": "0.910908000", - "frame.time_delta_displayed": "0.910908000", - "frame.time_relative": "1753.225782000", - "frame.number": "6516", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x000054d0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00006291", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "246", - "http.prev_response_in": "6503" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:44.734101000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495344.734101000", - "frame.time_delta": "0.047633000", - "frame.time_delta_displayed": "0.047633000", - "frame.time_relative": "1753.273415000", - "frame.number": "6517", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x00001d62", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009b13", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47582", - "tcp.dstport": "80", - "tcp.port": "47582", - "tcp.port": "80", - "tcp.stream": "250", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x00001048", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:7f:48:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 950088, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "950088", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:44.734646000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495344.734646000", - "frame.time_delta": "0.000545000", - "frame.time_delta_displayed": "0.000545000", - "frame.time_relative": "1753.273960000", - "frame.number": "6518", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47582", - "tcp.port": "80", - "tcp.port": "47582", - "tcp.stream": "250", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000d7d2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "6517", - "tcp.analysis.ack_rtt": "0.000545000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:44.738152000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495344.738152000", - "frame.time_delta": "0.003506000", - "frame.time_delta_displayed": "0.003506000", - "frame.time_relative": "1753.277466000", - "frame.number": "6519", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001d63", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009b26", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47582", - "tcp.dstport": "80", - "tcp.port": "47582", - "tcp.port": "80", - "tcp.stream": "250", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000895a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6518", - "tcp.analysis.ack_rtt": "0.003506000", - "tcp.analysis.initial_rtt": "0.004051000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:44.738280000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495344.738280000", - "frame.time_delta": "0.000128000", - "frame.time_delta_displayed": "0.000128000", - "frame.time_relative": "1753.277594000", - "frame.number": "6520", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x00001d64", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009a65", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47582", - "tcp.dstport": "80", - "tcp.port": "47582", - "tcp.port": "80", - "tcp.stream": "250", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000e8d4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004051000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:44.738743000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495344.738743000", - "frame.time_delta": "0.000463000", - "frame.time_delta_displayed": "0.000463000", - "frame.time_relative": "1753.278057000", - "frame.number": "6521", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00009c82", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001c07", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47582", - "tcp.port": "80", - "tcp.port": "47582", - "tcp.stream": "250", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00007b29", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6520", - "tcp.analysis.ack_rtt": "0.000463000", - "tcp.analysis.initial_rtt": "0.004051000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:44.739529000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495344.739529000", - "frame.time_delta": "0.000786000", - "frame.time_delta_displayed": "0.000786000", - "frame.time_relative": "1753.278843000", - "frame.number": "6522", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00009c83", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001bf5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47582", - "tcp.port": "80", - "tcp.port": "47582", - "tcp.stream": "250", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000bb4a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004051000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:44.739934000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495344.739934000", - "frame.time_delta": "0.000405000", - "frame.time_delta_displayed": "0.000405000", - "frame.time_relative": "1753.279248000", - "frame.number": "6523", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00009c84", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001822", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47582", - "tcp.port": "80", - "tcp.port": "47582", - "tcp.stream": "250", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00000db4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004051000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "6522", - "tcp.segment": "6523", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001654000", - "http.request_in": "6520", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:44.739943000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495344.739943000", - "frame.time_delta": "0.000009000", - "frame.time_delta_displayed": "0.000009000", - "frame.time_relative": "1753.279257000", - "frame.number": "6524", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x000054d1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00006287", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "247", - "http.prev_response_in": "6516" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:44.743514000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495344.743514000", - "frame.time_delta": "0.003571000", - "frame.time_delta_displayed": "0.003571000", - "frame.time_relative": "1753.282828000", - "frame.number": "6525", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001d65", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009b24", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47582", - "tcp.dstport": "80", - "tcp.port": "47582", - "tcp.port": "80", - "tcp.stream": "250", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00008889", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6522", - "tcp.analysis.ack_rtt": "0.003985000", - "tcp.analysis.initial_rtt": "0.004051000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:44.743629000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495344.743629000", - "frame.time_delta": "0.000115000", - "frame.time_delta_displayed": "0.000115000", - "frame.time_relative": "1753.282943000", - "frame.number": "6526", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001d66", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009b23", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47582", - "tcp.dstport": "80", - "tcp.port": "47582", - "tcp.port": "80", - "tcp.stream": "250", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000849e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6523", - "tcp.analysis.ack_rtt": "0.003695000", - "tcp.analysis.initial_rtt": "0.004051000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:44.744229000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495344.744229000", - "frame.time_delta": "0.000600000", - "frame.time_delta_displayed": "0.000600000", - "frame.time_relative": "1753.283543000", - "frame.number": "6527", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001d67", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009b22", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47582", - "tcp.dstport": "80", - "tcp.port": "47582", - "tcp.port": "80", - "tcp.stream": "250", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000849d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:44.744657000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495344.744657000", - "frame.time_delta": "0.000428000", - "frame.time_delta_displayed": "0.000428000", - "frame.time_relative": "1753.283971000", - "frame.number": "6528", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000145e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a42b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47582", - "tcp.port": "80", - "tcp.port": "47582", - "tcp.stream": "250", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00007733", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6527", - "tcp.analysis.ack_rtt": "0.000428000", - "tcp.analysis.initial_rtt": "0.004051000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:44.748978000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495344.748978000", - "frame.time_delta": "0.004321000", - "frame.time_delta_displayed": "0.004321000", - "frame.time_relative": "1753.288292000", - "frame.number": "6529", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000021a3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000096e6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47582", - "tcp.dstport": "80", - "tcp.port": "47582", - "tcp.port": "80", - "tcp.stream": "250", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000f6bd", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:44.749011000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495344.749011000", - "frame.time_delta": "0.000033000", - "frame.time_delta_displayed": "0.000033000", - "frame.time_relative": "1753.288325000", - "frame.number": "6530", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x0000b3fc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000479", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47583", - "tcp.dstport": "80", - "tcp.port": "47583", - "tcp.port": "80", - "tcp.stream": "251", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x00006406", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:7f:49:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 950089, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "950089", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:44.749533000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495344.749533000", - "frame.time_delta": "0.000522000", - "frame.time_delta_displayed": "0.000522000", - "frame.time_relative": "1753.288847000", - "frame.number": "6531", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47583", - "tcp.port": "80", - "tcp.port": "47583", - "tcp.stream": "251", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000e520", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "6530", - "tcp.analysis.ack_rtt": "0.000522000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:44.755498000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495344.755498000", - "frame.time_delta": "0.005965000", - "frame.time_delta_displayed": "0.005965000", - "frame.time_relative": "1753.294812000", - "frame.number": "6532", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000b3fd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000048c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47583", - "tcp.dstport": "80", - "tcp.port": "47583", - "tcp.port": "80", - "tcp.stream": "251", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000096a8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6531", - "tcp.analysis.ack_rtt": "0.005965000", - "tcp.analysis.initial_rtt": "0.006487000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:44.755539000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495344.755539000", - "frame.time_delta": "0.000041000", - "frame.time_delta_displayed": "0.000041000", - "frame.time_relative": "1753.294853000", - "frame.number": "6533", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x0000b3fe", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000003cb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47583", - "tcp.dstport": "80", - "tcp.port": "47583", - "tcp.port": "80", - "tcp.stream": "251", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000f622", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.006487000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:44.756101000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495344.756101000", - "frame.time_delta": "0.000562000", - "frame.time_delta_displayed": "0.000562000", - "frame.time_relative": "1753.295415000", - "frame.number": "6534", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000c466", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f422", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47583", - "tcp.port": "80", - "tcp.port": "47583", - "tcp.stream": "251", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00008877", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6533", - "tcp.analysis.ack_rtt": "0.000562000", - "tcp.analysis.initial_rtt": "0.006487000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:44.756863000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495344.756863000", - "frame.time_delta": "0.000762000", - "frame.time_delta_displayed": "0.000762000", - "frame.time_relative": "1753.296177000", - "frame.number": "6535", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000c467", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f410", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47583", - "tcp.port": "80", - "tcp.port": "47583", - "tcp.stream": "251", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000c898", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.006487000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:44.757249000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495344.757249000", - "frame.time_delta": "0.000386000", - "frame.time_delta_displayed": "0.000386000", - "frame.time_relative": "1753.296563000", - "frame.number": "6536", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000c468", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f03d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47583", - "tcp.port": "80", - "tcp.port": "47583", - "tcp.stream": "251", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00001b02", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.006487000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "6535", - "tcp.segment": "6536", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001710000", - "http.request_in": "6533", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:44.758870000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495344.758870000", - "frame.time_delta": "0.001621000", - "frame.time_delta_displayed": "0.001621000", - "frame.time_relative": "1753.298184000", - "frame.number": "6537", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000c469", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f03c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47583", - "tcp.port": "80", - "tcp.port": "47583", - "tcp.stream": "251", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00001b02", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.006487000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.out_of_order": "", - "_ws.expert.message": "This frame is a (suspected) out-of-order segment", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - } - } - }, - "_ws.malformed": { - "_ws.expert": { - "_ws.malformed.reassembly": "", - "_ws.expert.message": "New fragment overlaps old data (retransmission?)", - "_ws.expert.severity": "8388608", - "_ws.expert.group": "117440512" - }, - "_ws.malformed": "Malformed Packet" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:44.760270000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495344.760270000", - "frame.time_delta": "0.001400000", - "frame.time_delta_displayed": "0.001400000", - "frame.time_relative": "1753.299584000", - "frame.number": "6538", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000b3ff", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000048a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47583", - "tcp.dstport": "80", - "tcp.port": "47583", - "tcp.port": "80", - "tcp.stream": "251", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000095d7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6535", - "tcp.analysis.ack_rtt": "0.003407000", - "tcp.analysis.initial_rtt": "0.006487000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:44.760395000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495344.760395000", - "frame.time_delta": "0.000125000", - "frame.time_delta_displayed": "0.000125000", - "frame.time_relative": "1753.299709000", - "frame.number": "6539", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000b400", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000489", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47583", - "tcp.dstport": "80", - "tcp.port": "47583", - "tcp.port": "80", - "tcp.stream": "251", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000091ec", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6536", - "tcp.analysis.ack_rtt": "0.003146000", - "tcp.analysis.initial_rtt": "0.006487000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:44.761424000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495344.761424000", - "frame.time_delta": "0.001029000", - "frame.time_delta_displayed": "0.001029000", - "frame.time_relative": "1753.300738000", - "frame.number": "6540", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000b401", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000488", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47583", - "tcp.dstport": "80", - "tcp.port": "47583", - "tcp.port": "80", - "tcp.stream": "251", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000091eb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:44.761953000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495344.761953000", - "frame.time_delta": "0.000529000", - "frame.time_delta_displayed": "0.000529000", - "frame.time_relative": "1753.301267000", - "frame.number": "6541", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000021a5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000096e4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47583", - "tcp.dstport": "80", - "tcp.port": "47583", - "tcp.port": "80", - "tcp.stream": "251", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00004a7e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:44.761915000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495344.761915000", - "frame.time_delta": "-0.000038000", - "frame.time_delta_displayed": "-0.000038000", - "frame.time_relative": "1753.301229000", - "frame.number": "6542", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000145f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a42a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47583", - "tcp.port": "80", - "tcp.port": "47583", - "tcp.stream": "251", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00008481", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6540", - "tcp.analysis.ack_rtt": "0.000491000", - "tcp.analysis.initial_rtt": "0.006487000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:44.765350000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495344.765350000", - "frame.time_delta": "0.003435000", - "frame.time_delta_displayed": "0.003435000", - "frame.time_relative": "1753.304664000", - "frame.number": "6543", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000021a6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000096e3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47583", - "tcp.dstport": "80", - "tcp.port": "47583", - "tcp.port": "80", - "tcp.stream": "251", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00004a7d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:44.794650000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495344.794650000", - "frame.time_delta": "0.029300000", - "frame.time_delta_displayed": "0.029300000", - "frame.time_relative": "1753.333964000", - "frame.number": "6544", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x000054d4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000628a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "248", - "http.prev_response_in": "6524" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:44.801566000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495344.801566000", - "frame.time_delta": "0.006916000", - "frame.time_delta_displayed": "0.006916000", - "frame.time_relative": "1753.340880000", - "frame.number": "6545", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x00005b70", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005d05", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47584", - "tcp.dstport": "80", - "tcp.port": "47584", - "tcp.port": "80", - "tcp.stream": "252", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x000044f5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:7f:4f:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 950095, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "950095", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:44.802084000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495344.802084000", - "frame.time_delta": "0.000518000", - "frame.time_delta_displayed": "0.000518000", - "frame.time_relative": "1753.341398000", - "frame.number": "6546", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47584", - "tcp.port": "80", - "tcp.port": "47584", - "tcp.stream": "252", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00008007", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "6545", - "tcp.analysis.ack_rtt": "0.000518000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:44.805863000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495344.805863000", - "frame.time_delta": "0.003779000", - "frame.time_delta_displayed": "0.003779000", - "frame.time_relative": "1753.345177000", - "frame.number": "6547", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005b71", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005d18", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47584", - "tcp.dstport": "80", - "tcp.port": "47584", - "tcp.port": "80", - "tcp.stream": "252", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000318f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6546", - "tcp.analysis.ack_rtt": "0.003779000", - "tcp.analysis.initial_rtt": "0.004297000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:44.805993000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495344.805993000", - "frame.time_delta": "0.000130000", - "frame.time_delta_displayed": "0.000130000", - "frame.time_relative": "1753.345307000", - "frame.number": "6548", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x00005b72", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005c57", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47584", - "tcp.dstport": "80", - "tcp.port": "47584", - "tcp.port": "80", - "tcp.stream": "252", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00009109", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004297000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:44.806414000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495344.806414000", - "frame.time_delta": "0.000421000", - "frame.time_delta_displayed": "0.000421000", - "frame.time_relative": "1753.345728000", - "frame.number": "6549", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002a56", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008e33", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47584", - "tcp.port": "80", - "tcp.port": "47584", - "tcp.stream": "252", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000235e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6548", - "tcp.analysis.ack_rtt": "0.000421000", - "tcp.analysis.initial_rtt": "0.004297000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:44.807086000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495344.807086000", - "frame.time_delta": "0.000672000", - "frame.time_delta_displayed": "0.000672000", - "frame.time_relative": "1753.346400000", - "frame.number": "6550", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00002a57", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008e21", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47584", - "tcp.port": "80", - "tcp.port": "47584", - "tcp.stream": "252", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000637f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004297000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:44.807447000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495344.807447000", - "frame.time_delta": "0.000361000", - "frame.time_delta_displayed": "0.000361000", - "frame.time_relative": "1753.346761000", - "frame.number": "6551", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00002a58", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008a4e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47584", - "tcp.port": "80", - "tcp.port": "47584", - "tcp.stream": "252", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000b5e8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004297000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "6550", - "tcp.segment": "6551", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001454000", - "http.request_in": "6548", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:44.808872000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495344.808872000", - "frame.time_delta": "0.001425000", - "frame.time_delta_displayed": "0.001425000", - "frame.time_relative": "1753.348186000", - "frame.number": "6552", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00002a59", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008a4d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47584", - "tcp.port": "80", - "tcp.port": "47584", - "tcp.stream": "252", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000b5e8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004297000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.out_of_order": "", - "_ws.expert.message": "This frame is a (suspected) out-of-order segment", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - } - } - }, - "_ws.malformed": { - "_ws.expert": { - "_ws.malformed.reassembly": "", - "_ws.expert.message": "New fragment overlaps old data (retransmission?)", - "_ws.expert.severity": "8388608", - "_ws.expert.group": "117440512" - }, - "_ws.malformed": "Malformed Packet" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:44.810255000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495344.810255000", - "frame.time_delta": "0.001383000", - "frame.time_delta_displayed": "0.001383000", - "frame.time_relative": "1753.349569000", - "frame.number": "6553", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005b73", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005d16", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47584", - "tcp.dstport": "80", - "tcp.port": "47584", - "tcp.port": "80", - "tcp.stream": "252", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000030be", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6550", - "tcp.analysis.ack_rtt": "0.003169000", - "tcp.analysis.initial_rtt": "0.004297000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:44.812019000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495344.812019000", - "frame.time_delta": "0.001764000", - "frame.time_delta_displayed": "0.001764000", - "frame.time_relative": "1753.351333000", - "frame.number": "6554", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005b74", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005d15", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47584", - "tcp.dstport": "80", - "tcp.port": "47584", - "tcp.port": "80", - "tcp.stream": "252", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00002cd3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6551", - "tcp.analysis.ack_rtt": "0.004572000", - "tcp.analysis.initial_rtt": "0.004297000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:44.813030000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495344.813030000", - "frame.time_delta": "0.001011000", - "frame.time_delta_displayed": "0.001011000", - "frame.time_relative": "1753.352344000", - "frame.number": "6555", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005b75", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005d14", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47584", - "tcp.dstport": "80", - "tcp.port": "47584", - "tcp.port": "80", - "tcp.stream": "252", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00002cd2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:44.813150000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495344.813150000", - "frame.time_delta": "0.000120000", - "frame.time_delta_displayed": "0.000120000", - "frame.time_relative": "1753.352464000", - "frame.number": "6556", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00005b76", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005d07", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47584", - "tcp.dstport": "80", - "tcp.port": "47584", - "tcp.port": "80", - "tcp.stream": "252", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "1014", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00000033", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:05:0a:c3:80:35:d1:c3:80:39:b5", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "SACK: 18-1014": { - "tcp.option_kind": "5", - "tcp.option_len": "10", - "tcp.options.sack": "1", - "tcp.options.sack_le": "18", - "tcp.options.sack_re": "1014", - "tcp.options.sack.count": "1" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004297000", - "tcp.analysis.flags": { - "tcp.analysis.duplicate_ack": "" - }, - "tcp.analysis.duplicate_ack_num": "1", - "tcp.analysis.duplicate_ack_frame": "6554", - "tcp.analysis.duplicate_ack_frame_tree": { - "_ws.expert": { - "tcp.analysis.duplicate_ack": "", - "_ws.expert.message": "Duplicate ACK (#1)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:44.813442000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495344.813442000", - "frame.time_delta": "0.000292000", - "frame.time_delta_displayed": "0.000292000", - "frame.time_relative": "1753.352756000", - "frame.number": "6557", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001460", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a429", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47584", - "tcp.port": "80", - "tcp.port": "47584", - "tcp.stream": "252", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00001f68", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6555", - "tcp.analysis.ack_rtt": "0.000412000", - "tcp.analysis.initial_rtt": "0.004297000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:44.816735000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495344.816735000", - "frame.time_delta": "0.003293000", - "frame.time_delta_displayed": "0.003293000", - "frame.time_relative": "1753.356049000", - "frame.number": "6558", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000021ab", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000096de", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47584", - "tcp.dstport": "80", - "tcp.port": "47584", - "tcp.port": "80", - "tcp.stream": "252", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00002b72", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:45.635011000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495345.635011000", - "frame.time_delta": "0.818276000", - "frame.time_delta_displayed": "0.818276000", - "frame.time_relative": "1754.174325000", - "frame.number": "6559", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x000054d5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000628c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "249", - "http.prev_response_in": "6544" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:45.663131000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495345.663131000", - "frame.time_delta": "0.028120000", - "frame.time_delta_displayed": "0.028120000", - "frame.time_relative": "1754.202445000", - "frame.number": "6560", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x0000b145", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000730", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47585", - "tcp.dstport": "80", - "tcp.port": "47585", - "tcp.port": "80", - "tcp.stream": "253", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x00000977", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:7f:a5:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 950181, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "950181", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:45.663694000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495345.663694000", - "frame.time_delta": "0.000563000", - "frame.time_delta_displayed": "0.000563000", - "frame.time_relative": "1754.203008000", - "frame.number": "6561", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47585", - "tcp.port": "80", - "tcp.port": "47585", - "tcp.stream": "253", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000bae4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "6560", - "tcp.analysis.ack_rtt": "0.000563000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:45.668840000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495345.668840000", - "frame.time_delta": "0.005146000", - "frame.time_delta_displayed": "0.005146000", - "frame.time_relative": "1754.208154000", - "frame.number": "6562", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000b146", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000743", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47585", - "tcp.dstport": "80", - "tcp.port": "47585", - "tcp.port": "80", - "tcp.stream": "253", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00006c6c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6561", - "tcp.analysis.ack_rtt": "0.005146000", - "tcp.analysis.initial_rtt": "0.005709000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:45.669637000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495345.669637000", - "frame.time_delta": "0.000797000", - "frame.time_delta_displayed": "0.000797000", - "frame.time_relative": "1754.208951000", - "frame.number": "6563", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x0000b147", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000682", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47585", - "tcp.dstport": "80", - "tcp.port": "47585", - "tcp.port": "80", - "tcp.stream": "253", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000cbe6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005709000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:45.670246000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495345.670246000", - "frame.time_delta": "0.000609000", - "frame.time_delta_displayed": "0.000609000", - "frame.time_relative": "1754.209560000", - "frame.number": "6564", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00007ff3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003896", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47585", - "tcp.port": "80", - "tcp.port": "47585", - "tcp.stream": "253", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00005e3b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6563", - "tcp.analysis.ack_rtt": "0.000609000", - "tcp.analysis.initial_rtt": "0.005709000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:45.670837000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495345.670837000", - "frame.time_delta": "0.000591000", - "frame.time_delta_displayed": "0.000591000", - "frame.time_relative": "1754.210151000", - "frame.number": "6565", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00007ff4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003884", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47585", - "tcp.port": "80", - "tcp.port": "47585", - "tcp.stream": "253", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00009e5c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005709000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:45.671185000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495345.671185000", - "frame.time_delta": "0.000348000", - "frame.time_delta_displayed": "0.000348000", - "frame.time_relative": "1754.210499000", - "frame.number": "6566", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00007ff5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000034b1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47585", - "tcp.port": "80", - "tcp.port": "47585", - "tcp.stream": "253", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000f0c5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005709000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "6565", - "tcp.segment": "6566", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001548000", - "http.request_in": "6563", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:45.679647000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495345.679647000", - "frame.time_delta": "0.008462000", - "frame.time_delta_displayed": "0.008462000", - "frame.time_relative": "1754.218961000", - "frame.number": "6567", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000b148", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000741", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47585", - "tcp.dstport": "80", - "tcp.port": "47585", - "tcp.port": "80", - "tcp.stream": "253", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00006b9b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6565", - "tcp.analysis.ack_rtt": "0.008810000", - "tcp.analysis.initial_rtt": "0.005709000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:45.680424000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495345.680424000", - "frame.time_delta": "0.000777000", - "frame.time_delta_displayed": "0.000777000", - "frame.time_relative": "1754.219738000", - "frame.number": "6568", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000b149", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000740", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47585", - "tcp.dstport": "80", - "tcp.port": "47585", - "tcp.port": "80", - "tcp.stream": "253", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000067b0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6566", - "tcp.analysis.ack_rtt": "0.009239000", - "tcp.analysis.initial_rtt": "0.005709000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:45.683528000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495345.683528000", - "frame.time_delta": "0.003104000", - "frame.time_delta_displayed": "0.003104000", - "frame.time_relative": "1754.222842000", - "frame.number": "6569", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000b14a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000073f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47585", - "tcp.dstport": "80", - "tcp.port": "47585", - "tcp.port": "80", - "tcp.stream": "253", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000067af", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:45.684023000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495345.684023000", - "frame.time_delta": "0.000495000", - "frame.time_delta_displayed": "0.000495000", - "frame.time_relative": "1754.223337000", - "frame.number": "6570", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000014b0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a3d9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47585", - "tcp.port": "80", - "tcp.port": "47585", - "tcp.stream": "253", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00005a45", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6569", - "tcp.analysis.ack_rtt": "0.000495000", - "tcp.analysis.initial_rtt": "0.005709000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:45.687820000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495345.687820000", - "frame.time_delta": "0.003797000", - "frame.time_delta_displayed": "0.003797000", - "frame.time_relative": "1754.227134000", - "frame.number": "6571", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x000054d8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00006280", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "250", - "http.prev_response_in": "6559" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:45.689245000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495345.689245000", - "frame.time_delta": "0.001425000", - "frame.time_delta_displayed": "0.001425000", - "frame.time_relative": "1754.228559000", - "frame.number": "6572", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000021ff", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000968a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47585", - "tcp.dstport": "80", - "tcp.port": "47585", - "tcp.port": "80", - "tcp.stream": "253", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000f049", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:45.700097000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495345.700097000", - "frame.time_delta": "0.010852000", - "frame.time_delta_displayed": "0.010852000", - "frame.time_relative": "1754.239411000", - "frame.number": "6573", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x0000e4cf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d3a5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47586", - "tcp.dstport": "80", - "tcp.port": "47586", - "tcp.port": "80", - "tcp.stream": "254", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x00003cac", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:7f:a8:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 950184, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "950184", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:45.700617000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495345.700617000", - "frame.time_delta": "0.000520000", - "frame.time_delta_displayed": "0.000520000", - "frame.time_relative": "1754.239931000", - "frame.number": "6574", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47586", - "tcp.port": "80", - "tcp.port": "47586", - "tcp.stream": "254", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00000c5a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "6573", - "tcp.analysis.ack_rtt": "0.000520000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:45.705905000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495345.705905000", - "frame.time_delta": "0.005288000", - "frame.time_delta_displayed": "0.005288000", - "frame.time_relative": "1754.245219000", - "frame.number": "6575", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e4d0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d3b8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47586", - "tcp.dstport": "80", - "tcp.port": "47586", - "tcp.port": "80", - "tcp.stream": "254", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000bde1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6574", - "tcp.analysis.ack_rtt": "0.005288000", - "tcp.analysis.initial_rtt": "0.005808000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:45.706928000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495345.706928000", - "frame.time_delta": "0.001023000", - "frame.time_delta_displayed": "0.001023000", - "frame.time_relative": "1754.246242000", - "frame.number": "6576", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x0000e4d1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d2f7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47586", - "tcp.dstport": "80", - "tcp.port": "47586", - "tcp.port": "80", - "tcp.stream": "254", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00001d5c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005808000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:45.707412000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495345.707412000", - "frame.time_delta": "0.000484000", - "frame.time_delta_displayed": "0.000484000", - "frame.time_relative": "1754.246726000", - "frame.number": "6577", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e5d9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d2af", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47586", - "tcp.port": "80", - "tcp.port": "47586", - "tcp.stream": "254", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000afb0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6576", - "tcp.analysis.ack_rtt": "0.000484000", - "tcp.analysis.initial_rtt": "0.005808000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:45.708053000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495345.708053000", - "frame.time_delta": "0.000641000", - "frame.time_delta_displayed": "0.000641000", - "frame.time_relative": "1754.247367000", - "frame.number": "6578", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000e5da", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d29d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47586", - "tcp.port": "80", - "tcp.port": "47586", - "tcp.stream": "254", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000efd1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005808000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:45.708408000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495345.708408000", - "frame.time_delta": "0.000355000", - "frame.time_delta_displayed": "0.000355000", - "frame.time_relative": "1754.247722000", - "frame.number": "6579", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000e5db", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ceca", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47586", - "tcp.port": "80", - "tcp.port": "47586", - "tcp.stream": "254", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000423b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005808000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "6578", - "tcp.segment": "6579", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001480000", - "http.request_in": "6576", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:45.708891000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495345.708891000", - "frame.time_delta": "0.000483000", - "frame.time_delta_displayed": "0.000483000", - "frame.time_relative": "1754.248205000", - "frame.number": "6580", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000e5dc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000cec9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47586", - "tcp.port": "80", - "tcp.port": "47586", - "tcp.stream": "254", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000423b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005808000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.out_of_order": "", - "_ws.expert.message": "This frame is a (suspected) out-of-order segment", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - } - } - }, - "_ws.malformed": { - "_ws.expert": { - "_ws.malformed.reassembly": "", - "_ws.expert.message": "New fragment overlaps old data (retransmission?)", - "_ws.expert.severity": "8388608", - "_ws.expert.group": "117440512" - }, - "_ws.malformed": "Malformed Packet" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:45.712296000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495345.712296000", - "frame.time_delta": "0.003405000", - "frame.time_delta_displayed": "0.003405000", - "frame.time_relative": "1754.251610000", - "frame.number": "6581", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e4d2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d3b6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47586", - "tcp.dstport": "80", - "tcp.port": "47586", - "tcp.port": "80", - "tcp.stream": "254", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000bd10", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6578", - "tcp.analysis.ack_rtt": "0.004243000", - "tcp.analysis.initial_rtt": "0.005808000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:45.712471000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495345.712471000", - "frame.time_delta": "0.000175000", - "frame.time_delta_displayed": "0.000175000", - "frame.time_relative": "1754.251785000", - "frame.number": "6582", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e4d3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d3b5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47586", - "tcp.dstport": "80", - "tcp.port": "47586", - "tcp.port": "80", - "tcp.stream": "254", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000b925", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6579", - "tcp.analysis.ack_rtt": "0.004063000", - "tcp.analysis.initial_rtt": "0.005808000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:45.714769000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495345.714769000", - "frame.time_delta": "0.002298000", - "frame.time_delta_displayed": "0.002298000", - "frame.time_relative": "1754.254083000", - "frame.number": "6583", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e4d4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d3b4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47586", - "tcp.dstport": "80", - "tcp.port": "47586", - "tcp.port": "80", - "tcp.stream": "254", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000b924", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:45.715220000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495345.715220000", - "frame.time_delta": "0.000451000", - "frame.time_delta_displayed": "0.000451000", - "frame.time_relative": "1754.254534000", - "frame.number": "6584", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000014b2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a3d7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47586", - "tcp.port": "80", - "tcp.port": "47586", - "tcp.stream": "254", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000abba", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6583", - "tcp.analysis.ack_rtt": "0.000451000", - "tcp.analysis.initial_rtt": "0.005808000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:45.719857000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495345.719857000", - "frame.time_delta": "0.004637000", - "frame.time_delta_displayed": "0.004637000", - "frame.time_relative": "1754.259171000", - "frame.number": "6585", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002200", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009689", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47586", - "tcp.dstport": "80", - "tcp.port": "47586", - "tcp.port": "80", - "tcp.stream": "254", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00002383", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:45.720368000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495345.720368000", - "frame.time_delta": "0.000511000", - "frame.time_delta_displayed": "0.000511000", - "frame.time_relative": "1754.259682000", - "frame.number": "6586", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002201", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009688", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47586", - "tcp.dstport": "80", - "tcp.port": "47586", - "tcp.port": "80", - "tcp.stream": "254", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00002382", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:45.740791000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495345.740791000", - "frame.time_delta": "0.020423000", - "frame.time_delta_displayed": "0.020423000", - "frame.time_relative": "1754.280105000", - "frame.number": "6587", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x000054da", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00006284", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "251", - "http.prev_response_in": "6571" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:45.751269000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495345.751269000", - "frame.time_delta": "0.010478000", - "frame.time_delta_displayed": "0.010478000", - "frame.time_relative": "1754.290583000", - "frame.number": "6588", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x00006636", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000523f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47587", - "tcp.dstport": "80", - "tcp.port": "47587", - "tcp.port": "80", - "tcp.stream": "255", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x0000a39f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:7f:ad:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 950189, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "950189", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:45.751816000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495345.751816000", - "frame.time_delta": "0.000547000", - "frame.time_delta_displayed": "0.000547000", - "frame.time_relative": "1754.291130000", - "frame.number": "6589", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47587", - "tcp.port": "80", - "tcp.port": "47587", - "tcp.stream": "255", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000a365", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "6588", - "tcp.analysis.ack_rtt": "0.000547000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:45.756377000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495345.756377000", - "frame.time_delta": "0.004561000", - "frame.time_delta_displayed": "0.004561000", - "frame.time_relative": "1754.295691000", - "frame.number": "6590", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00006637", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005252", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47587", - "tcp.dstport": "80", - "tcp.port": "47587", - "tcp.port": "80", - "tcp.stream": "255", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000054ed", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6589", - "tcp.analysis.ack_rtt": "0.004561000", - "tcp.analysis.initial_rtt": "0.005108000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:45.757144000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495345.757144000", - "frame.time_delta": "0.000767000", - "frame.time_delta_displayed": "0.000767000", - "frame.time_relative": "1754.296458000", - "frame.number": "6591", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x00006638", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005191", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47587", - "tcp.dstport": "80", - "tcp.port": "47587", - "tcp.port": "80", - "tcp.stream": "255", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000b467", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005108000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:45.757643000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495345.757643000", - "frame.time_delta": "0.000499000", - "frame.time_delta_displayed": "0.000499000", - "frame.time_relative": "1754.296957000", - "frame.number": "6592", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d33a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e54e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47587", - "tcp.port": "80", - "tcp.port": "47587", - "tcp.stream": "255", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000046bc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6591", - "tcp.analysis.ack_rtt": "0.000499000", - "tcp.analysis.initial_rtt": "0.005108000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:45.758341000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495345.758341000", - "frame.time_delta": "0.000698000", - "frame.time_delta_displayed": "0.000698000", - "frame.time_relative": "1754.297655000", - "frame.number": "6593", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000d33b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e53c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47587", - "tcp.port": "80", - "tcp.port": "47587", - "tcp.stream": "255", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000086dd", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005108000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:45.758693000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495345.758693000", - "frame.time_delta": "0.000352000", - "frame.time_delta_displayed": "0.000352000", - "frame.time_relative": "1754.298007000", - "frame.number": "6594", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000d33c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e169", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47587", - "tcp.port": "80", - "tcp.port": "47587", - "tcp.stream": "255", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000d946", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005108000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "6593", - "tcp.segment": "6594", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001549000", - "http.request_in": "6591", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:45.758704000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495345.758704000", - "frame.time_delta": "0.000011000", - "frame.time_delta_displayed": "0.000011000", - "frame.time_relative": "1754.298018000", - "frame.number": "6595", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000d33d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e168", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47587", - "tcp.port": "80", - "tcp.port": "47587", - "tcp.stream": "255", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000d946", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005108000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.out_of_order": "", - "_ws.expert.message": "This frame is a (suspected) out-of-order segment", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - } - } - }, - "_ws.malformed": { - "_ws.expert": { - "_ws.malformed.reassembly": "", - "_ws.expert.message": "New fragment overlaps old data (retransmission?)", - "_ws.expert.severity": "8388608", - "_ws.expert.group": "117440512" - }, - "_ws.malformed": "Malformed Packet" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:45.762933000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495345.762933000", - "frame.time_delta": "0.004229000", - "frame.time_delta_displayed": "0.004229000", - "frame.time_relative": "1754.302247000", - "frame.number": "6596", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00006639", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005250", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47587", - "tcp.dstport": "80", - "tcp.port": "47587", - "tcp.port": "80", - "tcp.stream": "255", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000541c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6593", - "tcp.analysis.ack_rtt": "0.004592000", - "tcp.analysis.initial_rtt": "0.005108000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:45.763339000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495345.763339000", - "frame.time_delta": "0.000406000", - "frame.time_delta_displayed": "0.000406000", - "frame.time_relative": "1754.302653000", - "frame.number": "6597", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000663a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000524f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47587", - "tcp.dstport": "80", - "tcp.port": "47587", - "tcp.port": "80", - "tcp.stream": "255", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00005031", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6594", - "tcp.analysis.ack_rtt": "0.004646000", - "tcp.analysis.initial_rtt": "0.005108000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:45.766117000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495345.766117000", - "frame.time_delta": "0.002778000", - "frame.time_delta_displayed": "0.002778000", - "frame.time_relative": "1754.305431000", - "frame.number": "6598", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000663b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005242", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47587", - "tcp.dstport": "80", - "tcp.port": "47587", - "tcp.port": "80", - "tcp.stream": "255", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000ac3d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:05:0a:68:1b:cc:e0:68:1b:d0:c4", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "SACK: 18-1014": { - "tcp.option_kind": "5", - "tcp.option_len": "10", - "tcp.options.sack": "1", - "tcp.options.sack_le": "18", - "tcp.options.sack_re": "1014", - "tcp.options.sack.count": "1" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005108000", - "tcp.analysis.flags": { - "tcp.analysis.duplicate_ack": "" - }, - "tcp.analysis.duplicate_ack_num": "1", - "tcp.analysis.duplicate_ack_frame": "6597", - "tcp.analysis.duplicate_ack_frame_tree": { - "_ws.expert": { - "tcp.analysis.duplicate_ack": "", - "_ws.expert.message": "Duplicate ACK (#1)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:45.766159000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495345.766159000", - "frame.time_delta": "0.000042000", - "frame.time_delta_displayed": "0.000042000", - "frame.time_relative": "1754.305473000", - "frame.number": "6599", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000663c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000524d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47587", - "tcp.dstport": "80", - "tcp.port": "47587", - "tcp.port": "80", - "tcp.stream": "255", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00005030", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:45.766588000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495345.766588000", - "frame.time_delta": "0.000429000", - "frame.time_delta_displayed": "0.000429000", - "frame.time_relative": "1754.305902000", - "frame.number": "6600", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000014b4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a3d5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47587", - "tcp.port": "80", - "tcp.port": "47587", - "tcp.stream": "255", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000042c6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6599", - "tcp.analysis.ack_rtt": "0.000429000", - "tcp.analysis.initial_rtt": "0.005108000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:45.770912000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495345.770912000", - "frame.time_delta": "0.004324000", - "frame.time_delta_displayed": "0.004324000", - "frame.time_relative": "1754.310226000", - "frame.number": "6601", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002205", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009684", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47587", - "tcp.dstport": "80", - "tcp.port": "47587", - "tcp.port": "80", - "tcp.stream": "255", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00008a7a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:46.687738000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495346.687738000", - "frame.time_delta": "0.916826000", - "frame.time_delta_displayed": "0.916826000", - "frame.time_relative": "1755.227052000", - "frame.number": "6602", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00005512", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000624f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "252", - "http.prev_response_in": "6587" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:46.740583000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495346.740583000", - "frame.time_delta": "0.052845000", - "frame.time_delta_displayed": "0.052845000", - "frame.time_relative": "1755.279897000", - "frame.number": "6603", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00005517", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00006241", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "253", - "http.prev_response_in": "6602" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:46.780981000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495346.780981000", - "frame.time_delta": "0.040398000", - "frame.time_delta_displayed": "0.040398000", - "frame.time_relative": "1755.320295000", - "frame.number": "6604", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x000038de", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007f97", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47588", - "tcp.dstport": "80", - "tcp.port": "47588", - "tcp.port": "80", - "tcp.stream": "256", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x000096fc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:80:14:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 950292, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "950292", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:46.781533000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495346.781533000", - "frame.time_delta": "0.000552000", - "frame.time_delta_displayed": "0.000552000", - "frame.time_relative": "1755.320847000", - "frame.number": "6605", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47588", - "tcp.port": "80", - "tcp.port": "47588", - "tcp.stream": "256", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000a5f8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "6604", - "tcp.analysis.ack_rtt": "0.000552000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:46.784755000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495346.784755000", - "frame.time_delta": "0.003222000", - "frame.time_delta_displayed": "0.003222000", - "frame.time_relative": "1755.324069000", - "frame.number": "6606", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000038df", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007faa", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47588", - "tcp.dstport": "80", - "tcp.port": "47588", - "tcp.port": "80", - "tcp.stream": "256", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00005780", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6605", - "tcp.analysis.ack_rtt": "0.003222000", - "tcp.analysis.initial_rtt": "0.003774000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:46.785291000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495346.785291000", - "frame.time_delta": "0.000536000", - "frame.time_delta_displayed": "0.000536000", - "frame.time_relative": "1755.324605000", - "frame.number": "6607", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x000038e0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007ee9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47588", - "tcp.dstport": "80", - "tcp.port": "47588", - "tcp.port": "80", - "tcp.stream": "256", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000b6fa", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003774000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:46.785781000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495346.785781000", - "frame.time_delta": "0.000490000", - "frame.time_delta_displayed": "0.000490000", - "frame.time_relative": "1755.325095000", - "frame.number": "6608", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000dcac", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000dbdc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47588", - "tcp.port": "80", - "tcp.port": "47588", - "tcp.stream": "256", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000494f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6607", - "tcp.analysis.ack_rtt": "0.000490000", - "tcp.analysis.initial_rtt": "0.003774000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:46.786441000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495346.786441000", - "frame.time_delta": "0.000660000", - "frame.time_delta_displayed": "0.000660000", - "frame.time_relative": "1755.325755000", - "frame.number": "6609", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000dcad", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000dbca", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47588", - "tcp.port": "80", - "tcp.port": "47588", - "tcp.stream": "256", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00008970", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003774000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:46.786791000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495346.786791000", - "frame.time_delta": "0.000350000", - "frame.time_delta_displayed": "0.000350000", - "frame.time_relative": "1755.326105000", - "frame.number": "6610", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000dcae", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d7f7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47588", - "tcp.port": "80", - "tcp.port": "47588", - "tcp.stream": "256", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000dbd9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003774000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "6609", - "tcp.segment": "6610", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001500000", - "http.request_in": "6607", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:46.788896000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495346.788896000", - "frame.time_delta": "0.002105000", - "frame.time_delta_displayed": "0.002105000", - "frame.time_relative": "1755.328210000", - "frame.number": "6611", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000dcaf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d7f6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47588", - "tcp.port": "80", - "tcp.port": "47588", - "tcp.stream": "256", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000dbd9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003774000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.out_of_order": "", - "_ws.expert.message": "This frame is a (suspected) out-of-order segment", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - } - } - }, - "_ws.malformed": { - "_ws.expert": { - "_ws.malformed.reassembly": "", - "_ws.expert.message": "New fragment overlaps old data (retransmission?)", - "_ws.expert.severity": "8388608", - "_ws.expert.group": "117440512" - }, - "_ws.malformed": "Malformed Packet" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:46.791312000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495346.791312000", - "frame.time_delta": "0.002416000", - "frame.time_delta_displayed": "0.002416000", - "frame.time_relative": "1755.330626000", - "frame.number": "6612", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000038e1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007fa8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47588", - "tcp.dstport": "80", - "tcp.port": "47588", - "tcp.port": "80", - "tcp.stream": "256", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000056af", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6609", - "tcp.analysis.ack_rtt": "0.004871000", - "tcp.analysis.initial_rtt": "0.003774000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:46.791446000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495346.791446000", - "frame.time_delta": "0.000134000", - "frame.time_delta_displayed": "0.000134000", - "frame.time_relative": "1755.330760000", - "frame.number": "6613", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000038e2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007fa7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47588", - "tcp.dstport": "80", - "tcp.port": "47588", - "tcp.port": "80", - "tcp.stream": "256", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000052c4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6610", - "tcp.analysis.ack_rtt": "0.004655000", - "tcp.analysis.initial_rtt": "0.003774000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:46.792271000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495346.792271000", - "frame.time_delta": "0.000825000", - "frame.time_delta_displayed": "0.000825000", - "frame.time_relative": "1755.331585000", - "frame.number": "6614", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000038e3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007fa6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47588", - "tcp.dstport": "80", - "tcp.port": "47588", - "tcp.port": "80", - "tcp.stream": "256", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000052c3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:46.792720000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495346.792720000", - "frame.time_delta": "0.000449000", - "frame.time_delta_displayed": "0.000449000", - "frame.time_relative": "1755.332034000", - "frame.number": "6615", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000014da", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a3af", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47588", - "tcp.port": "80", - "tcp.port": "47588", - "tcp.stream": "256", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00004559", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6614", - "tcp.analysis.ack_rtt": "0.000449000", - "tcp.analysis.initial_rtt": "0.003774000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:46.793295000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495346.793295000", - "frame.time_delta": "0.000575000", - "frame.time_delta_displayed": "0.000575000", - "frame.time_relative": "1755.332609000", - "frame.number": "6616", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000225f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000962a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47588", - "tcp.dstport": "80", - "tcp.port": "47588", - "tcp.port": "80", - "tcp.stream": "256", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00007e3f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:46.793500000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495346.793500000", - "frame.time_delta": "0.000205000", - "frame.time_delta_displayed": "0.000205000", - "frame.time_relative": "1755.332814000", - "frame.number": "6617", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000551b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00006243", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "254", - "http.prev_response_in": "6603" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:46.796254000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495346.796254000", - "frame.time_delta": "0.002754000", - "frame.time_delta_displayed": "0.002754000", - "frame.time_relative": "1755.335568000", - "frame.number": "6618", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002260", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009629", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47588", - "tcp.dstport": "80", - "tcp.port": "47588", - "tcp.port": "80", - "tcp.stream": "256", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00007e3e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:46.804213000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495346.804213000", - "frame.time_delta": "0.007959000", - "frame.time_delta_displayed": "0.007959000", - "frame.time_relative": "1755.343527000", - "frame.number": "6619", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x000035cb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000082aa", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47589", - "tcp.dstport": "80", - "tcp.port": "47589", - "tcp.port": "80", - "tcp.stream": "257", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x000007fb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:80:16:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 950294, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "950294", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:46.804774000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495346.804774000", - "frame.time_delta": "0.000561000", - "frame.time_delta_displayed": "0.000561000", - "frame.time_relative": "1755.344088000", - "frame.number": "6620", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47589", - "tcp.port": "80", - "tcp.port": "47589", - "tcp.stream": "257", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00003183", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "6619", - "tcp.analysis.ack_rtt": "0.000561000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:46.808527000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495346.808527000", - "frame.time_delta": "0.003753000", - "frame.time_delta_displayed": "0.003753000", - "frame.time_relative": "1755.347841000", - "frame.number": "6621", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000035cc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000082bd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47589", - "tcp.dstport": "80", - "tcp.port": "47589", - "tcp.port": "80", - "tcp.stream": "257", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000e30a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6620", - "tcp.analysis.ack_rtt": "0.003753000", - "tcp.analysis.initial_rtt": "0.004314000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:46.808995000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495346.808995000", - "frame.time_delta": "0.000468000", - "frame.time_delta_displayed": "0.000468000", - "frame.time_relative": "1755.348309000", - "frame.number": "6622", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x000035cd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000081fc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47589", - "tcp.dstport": "80", - "tcp.port": "47589", - "tcp.port": "80", - "tcp.stream": "257", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00004285", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004314000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:46.809716000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495346.809716000", - "frame.time_delta": "0.000721000", - "frame.time_delta_displayed": "0.000721000", - "frame.time_relative": "1755.349030000", - "frame.number": "6623", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00006bb6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004cd3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47589", - "tcp.port": "80", - "tcp.port": "47589", - "tcp.stream": "257", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000d4d9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6622", - "tcp.analysis.ack_rtt": "0.000721000", - "tcp.analysis.initial_rtt": "0.004314000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:46.810448000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495346.810448000", - "frame.time_delta": "0.000732000", - "frame.time_delta_displayed": "0.000732000", - "frame.time_relative": "1755.349762000", - "frame.number": "6624", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00006bb7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004cc1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47589", - "tcp.port": "80", - "tcp.port": "47589", - "tcp.stream": "257", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000014fb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004314000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:46.810459000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495346.810459000", - "frame.time_delta": "0.000011000", - "frame.time_delta_displayed": "0.000011000", - "frame.time_relative": "1755.349773000", - "frame.number": "6625", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00006bb8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000048ee", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47589", - "tcp.port": "80", - "tcp.port": "47589", - "tcp.stream": "257", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00006764", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004314000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "6624", - "tcp.segment": "6625", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001464000", - "http.request_in": "6622", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:46.814748000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495346.814748000", - "frame.time_delta": "0.004289000", - "frame.time_delta_displayed": "0.004289000", - "frame.time_relative": "1755.354062000", - "frame.number": "6626", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000035ce", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000082bb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47589", - "tcp.dstport": "80", - "tcp.port": "47589", - "tcp.port": "80", - "tcp.stream": "257", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000e239", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6624", - "tcp.analysis.ack_rtt": "0.004300000", - "tcp.analysis.initial_rtt": "0.004314000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:46.815275000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495346.815275000", - "frame.time_delta": "0.000527000", - "frame.time_delta_displayed": "0.000527000", - "frame.time_relative": "1755.354589000", - "frame.number": "6627", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000035cf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000082ba", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47589", - "tcp.dstport": "80", - "tcp.port": "47589", - "tcp.port": "80", - "tcp.stream": "257", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000de4e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6625", - "tcp.analysis.ack_rtt": "0.004816000", - "tcp.analysis.initial_rtt": "0.004314000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:46.816797000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495346.816797000", - "frame.time_delta": "0.001522000", - "frame.time_delta_displayed": "0.001522000", - "frame.time_relative": "1755.356111000", - "frame.number": "6628", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000035d0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000082b9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47589", - "tcp.dstport": "80", - "tcp.port": "47589", - "tcp.port": "80", - "tcp.stream": "257", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000de4d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:46.817249000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495346.817249000", - "frame.time_delta": "0.000452000", - "frame.time_delta_displayed": "0.000452000", - "frame.time_relative": "1755.356563000", - "frame.number": "6629", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000014db", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a3ae", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47589", - "tcp.port": "80", - "tcp.port": "47589", - "tcp.stream": "257", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000d0e3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6628", - "tcp.analysis.ack_rtt": "0.000452000", - "tcp.analysis.initial_rtt": "0.004314000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:46.821444000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495346.821444000", - "frame.time_delta": "0.004195000", - "frame.time_delta_displayed": "0.004195000", - "frame.time_relative": "1755.360758000", - "frame.number": "6630", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002263", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009626", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47589", - "tcp.dstport": "80", - "tcp.port": "47589", - "tcp.port": "80", - "tcp.stream": "257", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000ef3e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:47.164998000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495347.164998000", - "frame.time_delta": "0.343554000", - "frame.time_delta_displayed": "0.343554000", - "frame.time_relative": "1755.704312000", - "frame.number": "6631", - "frame.len": "318", - "frame.cap_len": "318", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:data-text-lines" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "304", - "ip.id": "0x0000642b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "46", - "ip.proto": "6", - "ip.checksum": "0x000031b1", - "ip.checksum.status": "2", - "ip.src": "54.219.189.240", - "ip.addr": "54.219.189.240", - "ip.src_host": "54.219.189.240", - "ip.host": "54.219.189.240", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.src_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.src_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.src_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49776", - "tcp.port": "80", - "tcp.port": "49776", - "tcp.stream": "183", - "tcp.len": "264", - "tcp.seq": "1", - "tcp.nxtseq": "265", - "tcp.ack": "258", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "15544", - "tcp.window_size": "15544", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000175c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.017905000", - "tcp.analysis.bytes_in_flight": "264", - "tcp.analysis.push_bytes_sent": "264" - } - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.date": "Wed, 01 Nov 2017 00:15:47 GMT", - "http.response.line": "Date: Wed, 01 Nov 2017 00:15:47 GMT\r\n", - "http.content_type": "text\/javascript; charset=\"UTF-8\"", - "http.response.line": "Content-Type: text\/javascript; charset=\"UTF-8\"\r\n", - "http.content_length_header": "24", - "http.content_length_header_tree": { - "http.content_length": "24" - }, - "http.response.line": "Content-Length: 24\r\n", - "http.connection": "keep-alive", - "http.response.line": "Connection: keep-alive\r\n", - "http.cache_control": "no-cache", - "http.response.line": "Cache-Control: no-cache\r\n", - "http.response.line": "Access-Control-Allow-Origin: *\r\n", - "http.response.line": "Access-Control-Allow-Methods: GET\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "280.017487000", - "http.request_in": "5029", - "http.file_data": "[[],\"15094945528362978\"]" - }, - "data-text-lines": { - "[[],\"15094945528362978\"]": "" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:47.198808000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495347.198808000", - "frame.time_delta": "0.033810000", - "frame.time_delta_displayed": "0.033810000", - "frame.time_relative": "1755.738122000", - "frame.number": "6632", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000105e", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x0000f585", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.219.189.240", - "ip.addr": "54.219.189.240", - "ip.dst_host": "54.219.189.240", - "ip.host": "54.219.189.240", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49776", - "tcp.dstport": "80", - "tcp.port": "49776", - "tcp.port": "80", - "tcp.stream": "183", - "tcp.len": "0", - "tcp.seq": "258", - "tcp.ack": "265", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "5336", - "tcp.window_size": "5336", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00003157", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6631", - "tcp.analysis.ack_rtt": "0.033810000", - "tcp.analysis.initial_rtt": "0.017905000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:47.212506000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495347.212506000", - "frame.time_delta": "0.013698000", - "frame.time_delta_displayed": "0.013698000", - "frame.time_relative": "1755.751820000", - "frame.number": "6633", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000642c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "46", - "ip.proto": "6", - "ip.checksum": "0x000032b8", - "ip.checksum.status": "2", - "ip.src": "54.219.189.240", - "ip.addr": "54.219.189.240", - "ip.src_host": "54.219.189.240", - "ip.host": "54.219.189.240", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.src_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.src_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.src_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49776", - "tcp.port": "80", - "tcp.port": "49776", - "tcp.stream": "183", - "tcp.len": "0", - "tcp.seq": "265", - "tcp.ack": "259", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "15544", - "tcp.window_size": "15544", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00000976", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6632", - "tcp.analysis.ack_rtt": "0.013698000", - "tcp.analysis.initial_rtt": "0.017905000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:47.217665000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495347.217665000", - "frame.time_delta": "0.005159000", - "frame.time_delta_displayed": "0.005159000", - "frame.time_relative": "1755.756979000", - "frame.number": "6634", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000105f", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x0000f584", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.219.189.240", - "ip.addr": "54.219.189.240", - "ip.dst_host": "54.219.189.240", - "ip.host": "54.219.189.240", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49776", - "tcp.dstport": "80", - "tcp.port": "49776", - "tcp.port": "80", - "tcp.stream": "183", - "tcp.len": "0", - "tcp.seq": "259", - "tcp.ack": "266", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5335", - "tcp.window_size": "5335", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00003157", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6633", - "tcp.analysis.ack_rtt": "0.005159000", - "tcp.analysis.initial_rtt": "0.017905000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:47.636219000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495347.636219000", - "frame.time_delta": "0.418554000", - "frame.time_delta_displayed": "0.418554000", - "frame.time_relative": "1756.175533000", - "frame.number": "6635", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00005542", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000621f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "255", - "http.prev_response_in": "6617" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:47.689099000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495347.689099000", - "frame.time_delta": "0.052880000", - "frame.time_delta_displayed": "0.052880000", - "frame.time_relative": "1756.228413000", - "frame.number": "6636", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00005547", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00006211", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "256", - "http.prev_response_in": "6635" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:47.701513000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495347.701513000", - "frame.time_delta": "0.012414000", - "frame.time_delta_displayed": "0.012414000", - "frame.time_relative": "1756.240827000", - "frame.number": "6637", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x00008442", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003433", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47590", - "tcp.dstport": "80", - "tcp.port": "47590", - "tcp.port": "80", - "tcp.stream": "258", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x0000f596", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:80:71:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 950385, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "950385", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:47.702059000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495347.702059000", - "frame.time_delta": "0.000546000", - "frame.time_delta_displayed": "0.000546000", - "frame.time_relative": "1756.241373000", - "frame.number": "6638", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47590", - "tcp.port": "80", - "tcp.port": "47590", - "tcp.stream": "258", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x000046d6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "6637", - "tcp.analysis.ack_rtt": "0.000546000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:47.705474000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495347.705474000", - "frame.time_delta": "0.003415000", - "frame.time_delta_displayed": "0.003415000", - "frame.time_relative": "1756.244788000", - "frame.number": "6639", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00008443", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003446", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47590", - "tcp.dstport": "80", - "tcp.port": "47590", - "tcp.port": "80", - "tcp.stream": "258", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000f85d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6638", - "tcp.analysis.ack_rtt": "0.003415000", - "tcp.analysis.initial_rtt": "0.003961000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:47.708471000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495347.708471000", - "frame.time_delta": "0.002997000", - "frame.time_delta_displayed": "0.002997000", - "frame.time_relative": "1756.247785000", - "frame.number": "6640", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x00008444", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003385", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47590", - "tcp.dstport": "80", - "tcp.port": "47590", - "tcp.port": "80", - "tcp.stream": "258", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000057d8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003961000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:47.709252000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495347.709252000", - "frame.time_delta": "0.000781000", - "frame.time_delta_displayed": "0.000781000", - "frame.time_relative": "1756.248566000", - "frame.number": "6641", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000b73f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000014a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47590", - "tcp.port": "80", - "tcp.port": "47590", - "tcp.stream": "258", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000ea2c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6640", - "tcp.analysis.ack_rtt": "0.000781000", - "tcp.analysis.initial_rtt": "0.003961000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:47.709902000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495347.709902000", - "frame.time_delta": "0.000650000", - "frame.time_delta_displayed": "0.000650000", - "frame.time_relative": "1756.249216000", - "frame.number": "6642", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000b740", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000138", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47590", - "tcp.port": "80", - "tcp.port": "47590", - "tcp.stream": "258", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00002a4e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003961000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:47.710287000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495347.710287000", - "frame.time_delta": "0.000385000", - "frame.time_delta_displayed": "0.000385000", - "frame.time_relative": "1756.249601000", - "frame.number": "6643", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000b741", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000fd64", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47590", - "tcp.port": "80", - "tcp.port": "47590", - "tcp.stream": "258", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00007cb7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003961000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "6642", - "tcp.segment": "6643", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001816000", - "http.request_in": "6640", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:47.718874000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495347.718874000", - "frame.time_delta": "0.008587000", - "frame.time_delta_displayed": "0.008587000", - "frame.time_relative": "1756.258188000", - "frame.number": "6644", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000b742", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000fd63", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47590", - "tcp.port": "80", - "tcp.port": "47590", - "tcp.stream": "258", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00007cb7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003961000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.retransmission": "", - "_ws.expert.message": "This frame is a (suspected) retransmission", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - }, - "tcp.analysis.rto": "0.008587000", - "tcp.analysis.rto_frame": "6643" - } - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:47.725073000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495347.725073000", - "frame.time_delta": "0.006199000", - "frame.time_delta_displayed": "0.006199000", - "frame.time_relative": "1756.264387000", - "frame.number": "6645", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00008445", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003444", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47590", - "tcp.dstport": "80", - "tcp.port": "47590", - "tcp.port": "80", - "tcp.stream": "258", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000f78c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6642", - "tcp.analysis.ack_rtt": "0.015171000", - "tcp.analysis.initial_rtt": "0.003961000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:47.725124000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495347.725124000", - "frame.time_delta": "0.000051000", - "frame.time_delta_displayed": "0.000051000", - "frame.time_relative": "1756.264438000", - "frame.number": "6646", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00008446", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003443", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47590", - "tcp.dstport": "80", - "tcp.port": "47590", - "tcp.port": "80", - "tcp.stream": "258", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000f3a1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6643", - "tcp.analysis.ack_rtt": "0.014837000", - "tcp.analysis.initial_rtt": "0.003961000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:47.725739000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495347.725739000", - "frame.time_delta": "0.000615000", - "frame.time_delta_displayed": "0.000615000", - "frame.time_relative": "1756.265053000", - "frame.number": "6647", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00008447", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003436", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47590", - "tcp.dstport": "80", - "tcp.port": "47590", - "tcp.port": "80", - "tcp.stream": "258", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000f118", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:05:0a:4c:ae:97:98:4c:ae:9b:7c", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "SACK: 18-1014": { - "tcp.option_kind": "5", - "tcp.option_len": "10", - "tcp.options.sack": "1", - "tcp.options.sack_le": "18", - "tcp.options.sack_re": "1014", - "tcp.options.sack.count": "1" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003961000", - "tcp.analysis.flags": { - "tcp.analysis.duplicate_ack": "" - }, - "tcp.analysis.duplicate_ack_num": "1", - "tcp.analysis.duplicate_ack_frame": "6646", - "tcp.analysis.duplicate_ack_frame_tree": { - "_ws.expert": { - "tcp.analysis.duplicate_ack": "", - "_ws.expert.message": "Duplicate ACK (#1)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:47.725854000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495347.725854000", - "frame.time_delta": "0.000115000", - "frame.time_delta_displayed": "0.000115000", - "frame.time_relative": "1756.265168000", - "frame.number": "6648", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00008448", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003441", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47590", - "tcp.dstport": "80", - "tcp.port": "47590", - "tcp.port": "80", - "tcp.stream": "258", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000f3a0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:47.726285000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495347.726285000", - "frame.time_delta": "0.000431000", - "frame.time_delta_displayed": "0.000431000", - "frame.time_relative": "1756.265599000", - "frame.number": "6649", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001526", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a363", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47590", - "tcp.port": "80", - "tcp.port": "47590", - "tcp.stream": "258", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000e636", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6648", - "tcp.analysis.ack_rtt": "0.000431000", - "tcp.analysis.initial_rtt": "0.003961000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:47.729071000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495347.729071000", - "frame.time_delta": "0.002786000", - "frame.time_delta_displayed": "0.002786000", - "frame.time_relative": "1756.268385000", - "frame.number": "6650", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002264", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009625", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47590", - "tcp.dstport": "80", - "tcp.port": "47590", - "tcp.port": "80", - "tcp.stream": "258", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000dd35", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:47.742421000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495347.742421000", - "frame.time_delta": "0.013350000", - "frame.time_delta_displayed": "0.013350000", - "frame.time_relative": "1756.281735000", - "frame.number": "6651", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000554a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00006214", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "257", - "http.prev_response_in": "6636" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:47.749153000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495347.749153000", - "frame.time_delta": "0.006732000", - "frame.time_delta_displayed": "0.006732000", - "frame.time_relative": "1756.288467000", - "frame.number": "6652", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x0000413f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007736", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47591", - "tcp.dstport": "80", - "tcp.port": "47591", - "tcp.port": "80", - "tcp.stream": "259", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x0000707e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:80:75:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 950389, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "950389", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:47.749684000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495347.749684000", - "frame.time_delta": "0.000531000", - "frame.time_delta_displayed": "0.000531000", - "frame.time_relative": "1756.288998000", - "frame.number": "6653", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47591", - "tcp.port": "80", - "tcp.port": "47591", - "tcp.stream": "259", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00002f48", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "6652", - "tcp.analysis.ack_rtt": "0.000531000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:47.752920000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495347.752920000", - "frame.time_delta": "0.003236000", - "frame.time_delta_displayed": "0.003236000", - "frame.time_relative": "1756.292234000", - "frame.number": "6654", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00004140", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007749", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47591", - "tcp.dstport": "80", - "tcp.port": "47591", - "tcp.port": "80", - "tcp.stream": "259", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000e0cf", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6653", - "tcp.analysis.ack_rtt": "0.003236000", - "tcp.analysis.initial_rtt": "0.003767000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:47.753050000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495347.753050000", - "frame.time_delta": "0.000130000", - "frame.time_delta_displayed": "0.000130000", - "frame.time_relative": "1756.292364000", - "frame.number": "6655", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x00004141", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007688", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47591", - "tcp.dstport": "80", - "tcp.port": "47591", - "tcp.port": "80", - "tcp.stream": "259", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000404a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003767000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:47.753485000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495347.753485000", - "frame.time_delta": "0.000435000", - "frame.time_delta_displayed": "0.000435000", - "frame.time_relative": "1756.292799000", - "frame.number": "6656", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000babd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000fdcb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47591", - "tcp.port": "80", - "tcp.port": "47591", - "tcp.stream": "259", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000d29e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6655", - "tcp.analysis.ack_rtt": "0.000435000", - "tcp.analysis.initial_rtt": "0.003767000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:47.754163000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495347.754163000", - "frame.time_delta": "0.000678000", - "frame.time_delta_displayed": "0.000678000", - "frame.time_relative": "1756.293477000", - "frame.number": "6657", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000babe", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000fdb9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47591", - "tcp.port": "80", - "tcp.port": "47591", - "tcp.stream": "259", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000012c0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003767000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:47.754517000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495347.754517000", - "frame.time_delta": "0.000354000", - "frame.time_delta_displayed": "0.000354000", - "frame.time_relative": "1756.293831000", - "frame.number": "6658", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000babf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f9e6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47591", - "tcp.port": "80", - "tcp.port": "47591", - "tcp.stream": "259", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00006529", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003767000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "6657", - "tcp.segment": "6658", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001467000", - "http.request_in": "6655", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:47.758860000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495347.758860000", - "frame.time_delta": "0.004343000", - "frame.time_delta_displayed": "0.004343000", - "frame.time_relative": "1756.298174000", - "frame.number": "6659", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00004142", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007747", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47591", - "tcp.dstport": "80", - "tcp.port": "47591", - "tcp.port": "80", - "tcp.stream": "259", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000dffe", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6657", - "tcp.analysis.ack_rtt": "0.004697000", - "tcp.analysis.initial_rtt": "0.003767000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:47.758871000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495347.758871000", - "frame.time_delta": "0.000011000", - "frame.time_delta_displayed": "0.000011000", - "frame.time_relative": "1756.298185000", - "frame.number": "6660", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000bac0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f9e5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47591", - "tcp.port": "80", - "tcp.port": "47591", - "tcp.stream": "259", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00006529", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003767000", - "tcp.analysis.bytes_in_flight": "996", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.retransmission": "", - "_ws.expert.message": "This frame is a (suspected) retransmission", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - }, - "tcp.analysis.rto": "0.004354000", - "tcp.analysis.rto_frame": "6658" - } - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:47.759685000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495347.759685000", - "frame.time_delta": "0.000814000", - "frame.time_delta_displayed": "0.000814000", - "frame.time_relative": "1756.298999000", - "frame.number": "6661", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00004143", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007746", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47591", - "tcp.dstport": "80", - "tcp.port": "47591", - "tcp.port": "80", - "tcp.stream": "259", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000dc13", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6658", - "tcp.analysis.ack_rtt": "0.005168000", - "tcp.analysis.initial_rtt": "0.003767000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:47.760663000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495347.760663000", - "frame.time_delta": "0.000978000", - "frame.time_delta_displayed": "0.000978000", - "frame.time_relative": "1756.299977000", - "frame.number": "6662", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00004144", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007745", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47591", - "tcp.dstport": "80", - "tcp.port": "47591", - "tcp.port": "80", - "tcp.stream": "259", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000dc12", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:47.761093000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495347.761093000", - "frame.time_delta": "0.000430000", - "frame.time_delta_displayed": "0.000430000", - "frame.time_relative": "1756.300407000", - "frame.number": "6663", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001528", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a361", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47591", - "tcp.port": "80", - "tcp.port": "47591", - "tcp.stream": "259", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000cea8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6662", - "tcp.analysis.ack_rtt": "0.000430000", - "tcp.analysis.initial_rtt": "0.003767000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:47.762630000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495347.762630000", - "frame.time_delta": "0.001537000", - "frame.time_delta_displayed": "0.001537000", - "frame.time_relative": "1756.301944000", - "frame.number": "6664", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002268", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009621", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47591", - "tcp.dstport": "80", - "tcp.port": "47591", - "tcp.port": "80", - "tcp.stream": "259", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00005822", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:47.765312000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495347.765312000", - "frame.time_delta": "0.002682000", - "frame.time_delta_displayed": "0.002682000", - "frame.time_relative": "1756.304626000", - "frame.number": "6665", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002269", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009620", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47591", - "tcp.dstport": "80", - "tcp.port": "47591", - "tcp.port": "80", - "tcp.stream": "259", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00005821", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:48.205397000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495348.205397000", - "frame.time_delta": "0.440085000", - "frame.time_delta_displayed": "0.440085000", - "frame.time_relative": "1756.744711000", - "frame.number": "6666", - "frame.len": "77", - "frame.cap_len": "77", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "63", - "ip.id": "0x00001060", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00002984", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "49153", - "udp.dstport": "53", - "udp.port": "49153", - "udp.port": "53", - "udp.length": "43", - "udp.checksum": "0x0000ae31", - "udp.checksum.status": "2", - "udp.stream": "14" - }, - "dns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "pubsub.pubnub.com: type A, class IN": { - "dns.qry.name": "pubsub.pubnub.com", - "dns.qry.name.len": "17", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:48.207330000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495348.207330000", - "frame.time_delta": "0.001933000", - "frame.time_delta_displayed": "0.001933000", - "frame.time_relative": "1756.746644000", - "frame.number": "6667", - "frame.len": "540", - "frame.cap_len": "540", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "526", - "ip.id": "0x0000f48d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000c287", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "49153", - "udp.port": "53", - "udp.port": "49153", - "udp.length": "506", - "udp.checksum": "0x000083d5", - "udp.checksum.status": "2", - "udp.stream": "14" - }, - "dns": { - "dns.response_to": "6666", - "dns.time": "0.001933000", - "dns.id": "0x00000000", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "2", - "dns.count.auth_rr": "8", - "dns.count.add_rr": "11", - "Queries": { - "pubsub.pubnub.com: type A, class IN": { - "dns.qry.name": "pubsub.pubnub.com", - "dns.qry.name.len": "17", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "pubsub.pubnub.com: type A, class IN, addr 54.219.189.243": { - "dns.resp.name": "pubsub.pubnub.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "107", - "dns.resp.len": "4", - "dns.a": "54.219.189.243" - }, - "pubsub.pubnub.com: type A, class IN, addr 52.9.63.131": { - "dns.resp.name": "pubsub.pubnub.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "107", - "dns.resp.len": "4", - "dns.a": "52.9.63.131" - } - }, - "Authoritative nameservers": { - "pubnub.com: type NS, class IN, ns ns4.p19.dynect.net": { - "dns.resp.name": "pubnub.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "52211", - "dns.resp.len": "20", - "dns.ns": "ns4.p19.dynect.net" - }, - "pubnub.com: type NS, class IN, ns ns-22.awsdns-02.com": { - "dns.resp.name": "pubnub.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "52211", - "dns.resp.len": "18", - "dns.ns": "ns-22.awsdns-02.com" - }, - "pubnub.com: type NS, class IN, ns ns1.p19.dynect.net": { - "dns.resp.name": "pubnub.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "52211", - "dns.resp.len": "6", - "dns.ns": "ns1.p19.dynect.net" - }, - "pubnub.com: type NS, class IN, ns ns-1979.awsdns-55.co.uk": { - "dns.resp.name": "pubnub.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "52211", - "dns.resp.len": "25", - "dns.ns": "ns-1979.awsdns-55.co.uk" - }, - "pubnub.com: type NS, class IN, ns ns-907.awsdns-49.net": { - "dns.resp.name": "pubnub.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "52211", - "dns.resp.len": "19", - "dns.ns": "ns-907.awsdns-49.net" - }, - "pubnub.com: type NS, class IN, ns ns2.p19.dynect.net": { - "dns.resp.name": "pubnub.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "52211", - "dns.resp.len": "6", - "dns.ns": "ns2.p19.dynect.net" - }, - "pubnub.com: type NS, class IN, ns ns3.p19.dynect.net": { - "dns.resp.name": "pubnub.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "52211", - "dns.resp.len": "6", - "dns.ns": "ns3.p19.dynect.net" - }, - "pubnub.com: type NS, class IN, ns ns-1127.awsdns-12.org": { - "dns.resp.name": "pubnub.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "52211", - "dns.resp.len": "23", - "dns.ns": "ns-1127.awsdns-12.org" - } - }, - "Additional records": { - "ns1.p19.dynect.net: type A, class IN, addr 208.78.70.19": { - "dns.resp.name": "ns1.p19.dynect.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "4502", - "dns.resp.len": "4", - "dns.a": "208.78.70.19" - }, - "ns2.p19.dynect.net: type A, class IN, addr 204.13.250.19": { - "dns.resp.name": "ns2.p19.dynect.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "56462", - "dns.resp.len": "4", - "dns.a": "204.13.250.19" - }, - "ns3.p19.dynect.net: type A, class IN, addr 208.78.71.19": { - "dns.resp.name": "ns3.p19.dynect.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2772", - "dns.resp.len": "4", - "dns.a": "208.78.71.19" - }, - "ns4.p19.dynect.net: type A, class IN, addr 204.13.251.19": { - "dns.resp.name": "ns4.p19.dynect.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "56463", - "dns.resp.len": "4", - "dns.a": "204.13.251.19" - }, - "ns-22.awsdns-02.com: type A, class IN, addr 205.251.192.22": { - "dns.resp.name": "ns-22.awsdns-02.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "57204", - "dns.resp.len": "4", - "dns.a": "205.251.192.22" - }, - "ns-907.awsdns-49.net: type A, class IN, addr 205.251.195.139": { - "dns.resp.name": "ns-907.awsdns-49.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "57312", - "dns.resp.len": "4", - "dns.a": "205.251.195.139" - }, - "ns-1127.awsdns-12.org: type A, class IN, addr 205.251.196.103": { - "dns.resp.name": "ns-1127.awsdns-12.org", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "56854", - "dns.resp.len": "4", - "dns.a": "205.251.196.103" - }, - "ns-1979.awsdns-55.co.uk: type A, class IN, addr 205.251.199.187": { - "dns.resp.name": "ns-1979.awsdns-55.co.uk", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "56655", - "dns.resp.len": "4", - "dns.a": "205.251.199.187" - }, - "ns-22.awsdns-02.com: type AAAA, class IN, addr 2600:9000:5300:1600::1": { - "dns.resp.name": "ns-22.awsdns-02.com", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "57204", - "dns.resp.len": "16", - "dns.aaaa": "2600:9000:5300:1600::1" - }, - "ns-907.awsdns-49.net: type AAAA, class IN, addr 2600:9000:5303:8b00::1": { - "dns.resp.name": "ns-907.awsdns-49.net", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "57312", - "dns.resp.len": "16", - "dns.aaaa": "2600:9000:5303:8b00::1" - }, - "ns-1127.awsdns-12.org: type AAAA, class IN, addr 2600:9000:5304:6700::1": { - "dns.resp.name": "ns-1127.awsdns-12.org", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "56854", - "dns.resp.len": "16", - "dns.aaaa": "2600:9000:5304:6700::1" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:48.214121000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495348.214121000", - "frame.time_delta": "0.006791000", - "frame.time_delta_displayed": "0.006791000", - "frame.time_relative": "1756.753435000", - "frame.number": "6668", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "44", - "ip.id": "0x00001061", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x0000f57b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.219.189.243", - "ip.addr": "54.219.189.243", - "ip.dst_host": "54.219.189.243", - "ip.host": "54.219.189.243", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49779", - "tcp.dstport": "80", - "tcp.port": "49779", - "tcp.port": "80", - "tcp.stream": "260", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "24", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "5600", - "tcp.window_size": "5600", - "tcp.checksum": "0x00004ecb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:78", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1400" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:48.225837000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495348.225837000", - "frame.time_delta": "0.011716000", - "frame.time_delta_displayed": "0.011716000", - "frame.time_relative": "1756.765151000", - "frame.number": "6669", - "frame.len": "58", - "frame.cap_len": "58", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "44", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "47", - "ip.proto": "6", - "ip.checksum": "0x000095dd", - "ip.checksum.status": "2", - "ip.src": "54.219.189.243", - "ip.addr": "54.219.189.243", - "ip.src_host": "54.219.189.243", - "ip.host": "54.219.189.243", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.src_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.src_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.src_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49779", - "tcp.port": "80", - "tcp.port": "49779", - "tcp.stream": "260", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "24", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "14600", - "tcp.window_size": "14600", - "tcp.checksum": "0x0000fdde", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "6668", - "tcp.analysis.ack_rtt": "0.011716000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:48.231114000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495348.231114000", - "frame.time_delta": "0.005277000", - "frame.time_delta_displayed": "0.005277000", - "frame.time_relative": "1756.770428000", - "frame.number": "6670", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001062", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x0000f57e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.219.189.243", - "ip.addr": "54.219.189.243", - "ip.dst_host": "54.219.189.243", - "ip.host": "54.219.189.243", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49779", - "tcp.dstport": "80", - "tcp.port": "49779", - "tcp.port": "80", - "tcp.stream": "260", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5600", - "tcp.window_size": "5600", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x000038c4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6669", - "tcp.analysis.ack_rtt": "0.005277000", - "tcp.analysis.initial_rtt": "0.016993000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:48.250366000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495348.250366000", - "frame.time_delta": "0.019252000", - "frame.time_delta_displayed": "0.019252000", - "frame.time_relative": "1756.789680000", - "frame.number": "6671", - "frame.len": "69", - "frame.cap_len": "69", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "55", - "ip.id": "0x00001063", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x0000f56e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.219.189.243", - "ip.addr": "54.219.189.243", - "ip.dst_host": "54.219.189.243", - "ip.host": "54.219.189.243", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49779", - "tcp.dstport": "80", - "tcp.port": "49779", - "tcp.port": "80", - "tcp.stream": "260", - "tcp.len": "15", - "tcp.seq": "1", - "tcp.nxtseq": "16", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5600", - "tcp.window_size": "5600", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000813f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.016993000", - "tcp.analysis.bytes_in_flight": "15", - "tcp.analysis.push_bytes_sent": "15" - }, - "tcp.segment_data": "47:45:54:20:2f:73:75:62:73:63:72:69:62:65:2f" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:48.262140000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495348.262140000", - "frame.time_delta": "0.011774000", - "frame.time_delta_displayed": "0.011774000", - "frame.time_relative": "1756.801454000", - "frame.number": "6672", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000b01c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "47", - "ip.proto": "6", - "ip.checksum": "0x0000e5c4", - "ip.checksum.status": "2", - "ip.src": "54.219.189.243", - "ip.addr": "54.219.189.243", - "ip.src_host": "54.219.189.243", - "ip.host": "54.219.189.243", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.src_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.src_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.src_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49779", - "tcp.port": "80", - "tcp.port": "49779", - "tcp.stream": "260", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "16", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "14600", - "tcp.window_size": "14600", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000158d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6671", - "tcp.analysis.ack_rtt": "0.011774000", - "tcp.analysis.initial_rtt": "0.016993000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:48.268058000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495348.268058000", - "frame.time_delta": "0.005918000", - "frame.time_delta_displayed": "0.005918000", - "frame.time_relative": "1756.807372000", - "frame.number": "6673", - "frame.len": "296", - "frame.cap_len": "296", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "282", - "ip.id": "0x00001064", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x0000f48a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.219.189.243", - "ip.addr": "54.219.189.243", - "ip.dst_host": "54.219.189.243", - "ip.host": "54.219.189.243", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49779", - "tcp.dstport": "80", - "tcp.port": "49779", - "tcp.port": "80", - "tcp.stream": "260", - "tcp.len": "242", - "tcp.seq": "16", - "tcp.nxtseq": "258", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5600", - "tcp.window_size": "5600", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000b7d2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.016993000", - "tcp.analysis.bytes_in_flight": "242", - "tcp.analysis.push_bytes_sent": "242" - }, - "tcp.segment_data": "73:75:62:2d:63:2d:62:35:62:35:65:61:61:65:2d:38:63:64:39:2d:31:31:65:33:2d:61:35:36:62:2d:30:32:65:65:32:64:64:61:62:37:66:65:2f:63:68:61:6e:6e:65:6c:5f:39:62:63:34:31:61:63:34:2d:37:39:61:36:2d:34:35:65:31:2d:39:37:64:32:2d:34:62:30:65:31:64:62:65:35:39:32:33:2f:30:2f:31:35:30:39:34:39:34:35:35:32:38:33:36:32:39:37:38:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:70:75:62:73:75:62:2e:70:75:62:6e:75:62:2e:63:6f:6d:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:6c:77:73:6f:63:6b:65:74:73:2f:30:2e:31:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:6b:65:65:70:2d:61:6c:69:76:65:0d:0a:43:61:63:68:65:2d:43:6f:6e:74:72:6f:6c:3a:20:6e:6f:2d:63:61:63:68:65:2c:20:6e:6f:2d:73:74:6f:72:65:2c:20:6d:61:78:2d:61:67:65:3d:30:0d:0a:0d:0a" - }, - "tcp.segments": { - "tcp.segment": "6671", - "tcp.segment": "6673", - "tcp.segment.count": "2", - "tcp.reassembled.length": "257", - "tcp.reassembled.data": "47:45:54:20:2f:73:75:62:73:63:72:69:62:65:2f:73:75:62:2d:63:2d:62:35:62:35:65:61:61:65:2d:38:63:64:39:2d:31:31:65:33:2d:61:35:36:62:2d:30:32:65:65:32:64:64:61:62:37:66:65:2f:63:68:61:6e:6e:65:6c:5f:39:62:63:34:31:61:63:34:2d:37:39:61:36:2d:34:35:65:31:2d:39:37:64:32:2d:34:62:30:65:31:64:62:65:35:39:32:33:2f:30:2f:31:35:30:39:34:39:34:35:35:32:38:33:36:32:39:37:38:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:70:75:62:73:75:62:2e:70:75:62:6e:75:62:2e:63:6f:6d:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:6c:77:73:6f:63:6b:65:74:73:2f:30:2e:31:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:6b:65:65:70:2d:61:6c:69:76:65:0d:0a:43:61:63:68:65:2d:43:6f:6e:74:72:6f:6c:3a:20:6e:6f:2d:63:61:63:68:65:2c:20:6e:6f:2d:73:74:6f:72:65:2c:20:6d:61:78:2d:61:67:65:3d:30:0d:0a:0d:0a" - }, - "http": { - "GET \/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094945528362978 HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094945528362978 HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094945528362978", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "pubsub.pubnub.com", - "http.request.line": "Host: pubsub.pubnub.com\r\n", - "http.user_agent": "lwsockets\/0.1", - "http.request.line": "User-Agent: lwsockets\/0.1\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.cache_control": "no-cache, no-store, max-age=0", - "http.request.line": "Cache-Control: no-cache, no-store, max-age=0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/pubsub.pubnub.com\/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094945528362978", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:48.280375000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495348.280375000", - "frame.time_delta": "0.012317000", - "frame.time_delta_displayed": "0.012317000", - "frame.time_relative": "1756.819689000", - "frame.number": "6674", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000b01d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "47", - "ip.proto": "6", - "ip.checksum": "0x0000e5c3", - "ip.checksum.status": "2", - "ip.src": "54.219.189.243", - "ip.addr": "54.219.189.243", - "ip.src_host": "54.219.189.243", - "ip.host": "54.219.189.243", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.src_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.src_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.src_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49779", - "tcp.port": "80", - "tcp.port": "49779", - "tcp.stream": "260", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "258", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "15544", - "tcp.window_size": "15544", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x000010eb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6673", - "tcp.analysis.ack_rtt": "0.012317000", - "tcp.analysis.initial_rtt": "0.016993000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:48.689339000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495348.689339000", - "frame.time_delta": "0.408964000", - "frame.time_delta_displayed": "0.408964000", - "frame.time_relative": "1757.228653000", - "frame.number": "6675", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00005595", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000061cc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "258", - "http.prev_response_in": "6651" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:48.700088000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495348.700088000", - "frame.time_delta": "0.010749000", - "frame.time_delta_displayed": "0.010749000", - "frame.time_relative": "1757.239402000", - "frame.number": "6676", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x00007f0e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003967", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47592", - "tcp.dstport": "80", - "tcp.port": "47592", - "tcp.port": "80", - "tcp.stream": "261", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x0000e4eb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:80:d4:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 950484, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "950484", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:48.700632000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495348.700632000", - "frame.time_delta": "0.000544000", - "frame.time_delta_displayed": "0.000544000", - "frame.time_relative": "1757.239946000", - "frame.number": "6677", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47592", - "tcp.port": "80", - "tcp.port": "47592", - "tcp.stream": "261", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00009981", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "6676", - "tcp.analysis.ack_rtt": "0.000544000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:48.704725000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495348.704725000", - "frame.time_delta": "0.004093000", - "frame.time_delta_displayed": "0.004093000", - "frame.time_relative": "1757.244039000", - "frame.number": "6678", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00007f0f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000397a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47592", - "tcp.dstport": "80", - "tcp.port": "47592", - "tcp.port": "80", - "tcp.stream": "261", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00004b09", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6677", - "tcp.analysis.ack_rtt": "0.004093000", - "tcp.analysis.initial_rtt": "0.004637000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:48.707962000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495348.707962000", - "frame.time_delta": "0.003237000", - "frame.time_delta_displayed": "0.003237000", - "frame.time_relative": "1757.247276000", - "frame.number": "6679", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x00007f10", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000038b9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47592", - "tcp.dstport": "80", - "tcp.port": "47592", - "tcp.port": "80", - "tcp.stream": "261", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000aa83", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004637000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:48.708461000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495348.708461000", - "frame.time_delta": "0.000499000", - "frame.time_delta_displayed": "0.000499000", - "frame.time_relative": "1757.247775000", - "frame.number": "6680", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002da0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008ae9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47592", - "tcp.port": "80", - "tcp.port": "47592", - "tcp.stream": "261", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00003cd8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6679", - "tcp.analysis.ack_rtt": "0.000499000", - "tcp.analysis.initial_rtt": "0.004637000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:48.709238000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495348.709238000", - "frame.time_delta": "0.000777000", - "frame.time_delta_displayed": "0.000777000", - "frame.time_relative": "1757.248552000", - "frame.number": "6681", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00002da1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008ad7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47592", - "tcp.port": "80", - "tcp.port": "47592", - "tcp.stream": "261", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00007cf9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004637000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:48.709555000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495348.709555000", - "frame.time_delta": "0.000317000", - "frame.time_delta_displayed": "0.000317000", - "frame.time_relative": "1757.248869000", - "frame.number": "6682", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00002da2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008704", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47592", - "tcp.port": "80", - "tcp.port": "47592", - "tcp.stream": "261", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000cf62", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004637000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "6681", - "tcp.segment": "6682", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001593000", - "http.request_in": "6679", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:48.712568000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495348.712568000", - "frame.time_delta": "0.003013000", - "frame.time_delta_displayed": "0.003013000", - "frame.time_relative": "1757.251882000", - "frame.number": "6683", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00007f11", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003978", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47592", - "tcp.dstport": "80", - "tcp.port": "47592", - "tcp.port": "80", - "tcp.stream": "261", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00004a38", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6681", - "tcp.analysis.ack_rtt": "0.003330000", - "tcp.analysis.initial_rtt": "0.004637000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:48.718814000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495348.718814000", - "frame.time_delta": "0.006246000", - "frame.time_delta_displayed": "0.006246000", - "frame.time_relative": "1757.258128000", - "frame.number": "6684", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00007f12", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003977", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47592", - "tcp.dstport": "80", - "tcp.port": "47592", - "tcp.port": "80", - "tcp.stream": "261", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000464d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6682", - "tcp.analysis.ack_rtt": "0.009259000", - "tcp.analysis.initial_rtt": "0.004637000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:48.718854000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495348.718854000", - "frame.time_delta": "0.000040000", - "frame.time_delta_displayed": "0.000040000", - "frame.time_relative": "1757.258168000", - "frame.number": "6685", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00007f13", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003976", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47592", - "tcp.dstport": "80", - "tcp.port": "47592", - "tcp.port": "80", - "tcp.stream": "261", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000464c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:48.719333000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495348.719333000", - "frame.time_delta": "0.000479000", - "frame.time_delta_displayed": "0.000479000", - "frame.time_relative": "1757.258647000", - "frame.number": "6686", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001588", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a301", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47592", - "tcp.port": "80", - "tcp.port": "47592", - "tcp.stream": "261", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000038e2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6685", - "tcp.analysis.ack_rtt": "0.000479000", - "tcp.analysis.initial_rtt": "0.004637000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:48.724434000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495348.724434000", - "frame.time_delta": "0.005101000", - "frame.time_delta_displayed": "0.005101000", - "frame.time_relative": "1757.263748000", - "frame.number": "6687", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000022c6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000095c3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47592", - "tcp.dstport": "80", - "tcp.port": "47592", - "tcp.port": "80", - "tcp.stream": "261", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000cced", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:48.742544000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495348.742544000", - "frame.time_delta": "0.018110000", - "frame.time_delta_displayed": "0.018110000", - "frame.time_relative": "1757.281858000", - "frame.number": "6688", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00005597", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000061c1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "259", - "http.prev_response_in": "6675" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:48.750737000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495348.750737000", - "frame.time_delta": "0.008193000", - "frame.time_delta_displayed": "0.008193000", - "frame.time_relative": "1757.290051000", - "frame.number": "6689", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x00004058", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000781d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47593", - "tcp.dstport": "80", - "tcp.port": "47593", - "tcp.port": "80", - "tcp.stream": "262", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x0000f7c5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:80:d9:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 950489, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "950489", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:48.751281000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495348.751281000", - "frame.time_delta": "0.000544000", - "frame.time_delta_displayed": "0.000544000", - "frame.time_relative": "1757.290595000", - "frame.number": "6690", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47593", - "tcp.port": "80", - "tcp.port": "47593", - "tcp.stream": "262", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000dfb5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "6689", - "tcp.analysis.ack_rtt": "0.000544000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:48.754806000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495348.754806000", - "frame.time_delta": "0.003525000", - "frame.time_delta_displayed": "0.003525000", - "frame.time_relative": "1757.294120000", - "frame.number": "6691", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00004059", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007830", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47593", - "tcp.dstport": "80", - "tcp.port": "47593", - "tcp.port": "80", - "tcp.stream": "262", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000913d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6690", - "tcp.analysis.ack_rtt": "0.003525000", - "tcp.analysis.initial_rtt": "0.004069000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:48.760190000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495348.760190000", - "frame.time_delta": "0.005384000", - "frame.time_delta_displayed": "0.005384000", - "frame.time_relative": "1757.299504000", - "frame.number": "6692", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x0000405a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000776f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47593", - "tcp.dstport": "80", - "tcp.port": "47593", - "tcp.port": "80", - "tcp.stream": "262", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000f0b7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004069000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:48.760696000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495348.760696000", - "frame.time_delta": "0.000506000", - "frame.time_delta_displayed": "0.000506000", - "frame.time_relative": "1757.300010000", - "frame.number": "6693", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000719f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000046ea", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47593", - "tcp.port": "80", - "tcp.port": "47593", - "tcp.stream": "262", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000830c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6692", - "tcp.analysis.ack_rtt": "0.000506000", - "tcp.analysis.initial_rtt": "0.004069000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:48.761430000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495348.761430000", - "frame.time_delta": "0.000734000", - "frame.time_delta_displayed": "0.000734000", - "frame.time_relative": "1757.300744000", - "frame.number": "6694", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x000071a0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000046d8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47593", - "tcp.port": "80", - "tcp.port": "47593", - "tcp.stream": "262", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000c32d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004069000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:48.761793000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495348.761793000", - "frame.time_delta": "0.000363000", - "frame.time_delta_displayed": "0.000363000", - "frame.time_relative": "1757.301107000", - "frame.number": "6695", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x000071a1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004305", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47593", - "tcp.port": "80", - "tcp.port": "47593", - "tcp.stream": "262", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00001597", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004069000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "6694", - "tcp.segment": "6695", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001603000", - "http.request_in": "6692", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:48.765647000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495348.765647000", - "frame.time_delta": "0.003854000", - "frame.time_delta_displayed": "0.003854000", - "frame.time_relative": "1757.304961000", - "frame.number": "6696", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000405b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000782e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47593", - "tcp.dstport": "80", - "tcp.port": "47593", - "tcp.port": "80", - "tcp.stream": "262", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000906c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6694", - "tcp.analysis.ack_rtt": "0.004217000", - "tcp.analysis.initial_rtt": "0.004069000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:48.766101000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495348.766101000", - "frame.time_delta": "0.000454000", - "frame.time_delta_displayed": "0.000454000", - "frame.time_relative": "1757.305415000", - "frame.number": "6697", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000405c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000782d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47593", - "tcp.dstport": "80", - "tcp.port": "47593", - "tcp.port": "80", - "tcp.stream": "262", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00008c81", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6695", - "tcp.analysis.ack_rtt": "0.004308000", - "tcp.analysis.initial_rtt": "0.004069000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:48.766955000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495348.766955000", - "frame.time_delta": "0.000854000", - "frame.time_delta_displayed": "0.000854000", - "frame.time_relative": "1757.306269000", - "frame.number": "6698", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000405d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000782c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47593", - "tcp.dstport": "80", - "tcp.port": "47593", - "tcp.port": "80", - "tcp.stream": "262", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00008c80", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:48.767385000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495348.767385000", - "frame.time_delta": "0.000430000", - "frame.time_delta_displayed": "0.000430000", - "frame.time_relative": "1757.306699000", - "frame.number": "6699", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000158c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a2fd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47593", - "tcp.port": "80", - "tcp.port": "47593", - "tcp.stream": "262", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00007f16", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6698", - "tcp.analysis.ack_rtt": "0.000430000", - "tcp.analysis.initial_rtt": "0.004069000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:48.772091000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495348.772091000", - "frame.time_delta": "0.004706000", - "frame.time_delta_displayed": "0.004706000", - "frame.time_relative": "1757.311405000", - "frame.number": "6700", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000022ca", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000095bf", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47593", - "tcp.dstport": "80", - "tcp.port": "47593", - "tcp.port": "80", - "tcp.stream": "262", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000dfcc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:48.795486000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495348.795486000", - "frame.time_delta": "0.023395000", - "frame.time_delta_displayed": "0.023395000", - "frame.time_relative": "1757.334800000", - "frame.number": "6701", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000559c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000061c2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "260", - "http.prev_response_in": "6688" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:48.807095000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495348.807095000", - "frame.time_delta": "0.011609000", - "frame.time_delta_displayed": "0.011609000", - "frame.time_relative": "1757.346409000", - "frame.number": "6702", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x00005e07", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005a6e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47594", - "tcp.dstport": "80", - "tcp.port": "47594", - "tcp.port": "80", - "tcp.stream": "263", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x00000951", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:80:df:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 950495, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "950495", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:48.807637000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495348.807637000", - "frame.time_delta": "0.000542000", - "frame.time_delta_displayed": "0.000542000", - "frame.time_relative": "1757.346951000", - "frame.number": "6703", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47594", - "tcp.port": "80", - "tcp.port": "47594", - "tcp.stream": "263", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00008a0a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "6702", - "tcp.analysis.ack_rtt": "0.000542000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:48.811564000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495348.811564000", - "frame.time_delta": "0.003927000", - "frame.time_delta_displayed": "0.003927000", - "frame.time_relative": "1757.350878000", - "frame.number": "6704", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005e08", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005a81", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47594", - "tcp.dstport": "80", - "tcp.port": "47594", - "tcp.port": "80", - "tcp.stream": "263", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00003b92", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6703", - "tcp.analysis.ack_rtt": "0.003927000", - "tcp.analysis.initial_rtt": "0.004469000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:48.812554000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495348.812554000", - "frame.time_delta": "0.000990000", - "frame.time_delta_displayed": "0.000990000", - "frame.time_relative": "1757.351868000", - "frame.number": "6705", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x00005e09", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000059c0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47594", - "tcp.dstport": "80", - "tcp.port": "47594", - "tcp.port": "80", - "tcp.stream": "263", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00009b0c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004469000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:48.813049000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495348.813049000", - "frame.time_delta": "0.000495000", - "frame.time_delta_displayed": "0.000495000", - "frame.time_relative": "1757.352363000", - "frame.number": "6706", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001cc4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009bc5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47594", - "tcp.port": "80", - "tcp.port": "47594", - "tcp.stream": "263", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00002d61", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6705", - "tcp.analysis.ack_rtt": "0.000495000", - "tcp.analysis.initial_rtt": "0.004469000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:48.813698000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495348.813698000", - "frame.time_delta": "0.000649000", - "frame.time_delta_displayed": "0.000649000", - "frame.time_relative": "1757.353012000", - "frame.number": "6707", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00001cc5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009bb3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47594", - "tcp.port": "80", - "tcp.port": "47594", - "tcp.stream": "263", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00006d82", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004469000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:48.814046000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495348.814046000", - "frame.time_delta": "0.000348000", - "frame.time_delta_displayed": "0.000348000", - "frame.time_relative": "1757.353360000", - "frame.number": "6708", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00001cc6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000097e0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47594", - "tcp.port": "80", - "tcp.port": "47594", - "tcp.stream": "263", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000bfeb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004469000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "6707", - "tcp.segment": "6708", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001492000", - "http.request_in": "6705", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:48.820769000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495348.820769000", - "frame.time_delta": "0.006723000", - "frame.time_delta_displayed": "0.006723000", - "frame.time_relative": "1757.360083000", - "frame.number": "6709", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005e0a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005a7f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47594", - "tcp.dstport": "80", - "tcp.port": "47594", - "tcp.port": "80", - "tcp.stream": "263", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00003ac1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6707", - "tcp.analysis.ack_rtt": "0.007071000", - "tcp.analysis.initial_rtt": "0.004469000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:48.820818000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495348.820818000", - "frame.time_delta": "0.000049000", - "frame.time_delta_displayed": "0.000049000", - "frame.time_relative": "1757.360132000", - "frame.number": "6710", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005e0b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005a7e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47594", - "tcp.dstport": "80", - "tcp.port": "47594", - "tcp.port": "80", - "tcp.stream": "263", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000036d6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6708", - "tcp.analysis.ack_rtt": "0.006772000", - "tcp.analysis.initial_rtt": "0.004469000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:48.821445000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495348.821445000", - "frame.time_delta": "0.000627000", - "frame.time_delta_displayed": "0.000627000", - "frame.time_relative": "1757.360759000", - "frame.number": "6711", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005e0c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005a7d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47594", - "tcp.dstport": "80", - "tcp.port": "47594", - "tcp.port": "80", - "tcp.stream": "263", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000036d5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:48.821901000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495348.821901000", - "frame.time_delta": "0.000456000", - "frame.time_delta_displayed": "0.000456000", - "frame.time_relative": "1757.361215000", - "frame.number": "6712", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001590", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a2f9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47594", - "tcp.port": "80", - "tcp.port": "47594", - "tcp.stream": "263", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000296b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6711", - "tcp.analysis.ack_rtt": "0.000456000", - "tcp.analysis.initial_rtt": "0.004469000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:48.826137000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495348.826137000", - "frame.time_delta": "0.004236000", - "frame.time_delta_displayed": "0.004236000", - "frame.time_relative": "1757.365451000", - "frame.number": "6713", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000022cb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000095be", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47594", - "tcp.dstport": "80", - "tcp.port": "47594", - "tcp.port": "80", - "tcp.stream": "263", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000f15d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:49.636896000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495349.636896000", - "frame.time_delta": "0.810759000", - "frame.time_delta_displayed": "0.810759000", - "frame.time_relative": "1758.176210000", - "frame.number": "6714", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x000055db", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00006186", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "261", - "http.prev_response_in": "6701" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:49.640056000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495349.640056000", - "frame.time_delta": "0.003160000", - "frame.time_delta_displayed": "0.003160000", - "frame.time_relative": "1758.179370000", - "frame.number": "6715", - "frame.len": "20", - "frame.cap_len": "20", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:llc" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.len": "6" - }, - "llc": { - "llc.dsap": "0x00000000", - "llc.dsap_tree": { - "llc.dsap.sap": "0", - "llc.dsap.ig": "0" - }, - "llc.ssap": "0x00000001", - "llc.ssap_tree": { - "llc.ssap.sap": "0", - "llc.ssap.cr": "1" - }, - "llc.control": "0x000000af", - "llc.control_tree": { - "llc.control.u_modifier_resp": "0x0000002b", - "llc.control.ftype": "0x00000003" - } - }, - "basicxid": { - "basicxid.llc.xid.format": "0x00000081", - "basicxid.llc.xid.types": "0x00000001", - "basicxid.llc.xid.wsize": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:49.689566000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495349.689566000", - "frame.time_delta": "0.049510000", - "frame.time_delta_displayed": "0.049510000", - "frame.time_relative": "1758.228880000", - "frame.number": "6716", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x000055dc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000617c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "262", - "http.prev_response_in": "6714" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:49.742342000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495349.742342000", - "frame.time_delta": "0.052776000", - "frame.time_delta_displayed": "0.052776000", - "frame.time_relative": "1758.281656000", - "frame.number": "6717", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x000055de", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00006180", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "263", - "http.prev_response_in": "6716" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:49.751593000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495349.751593000", - "frame.time_delta": "0.009251000", - "frame.time_delta_displayed": "0.009251000", - "frame.time_relative": "1758.290907000", - "frame.number": "6718", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x00007714", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004161", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47595", - "tcp.dstport": "80", - "tcp.port": "47595", - "tcp.port": "80", - "tcp.stream": "264", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x00006bd9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:81:3d:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 950589, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "950589", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:49.752138000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495349.752138000", - "frame.time_delta": "0.000545000", - "frame.time_delta_displayed": "0.000545000", - "frame.time_relative": "1758.291452000", - "frame.number": "6719", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47595", - "tcp.port": "80", - "tcp.port": "47595", - "tcp.stream": "264", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00004114", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "6718", - "tcp.analysis.ack_rtt": "0.000545000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:49.755664000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495349.755664000", - "frame.time_delta": "0.003526000", - "frame.time_delta_displayed": "0.003526000", - "frame.time_relative": "1758.294978000", - "frame.number": "6720", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00007715", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004174", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47595", - "tcp.dstport": "80", - "tcp.port": "47595", - "tcp.port": "80", - "tcp.stream": "264", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000f29b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6719", - "tcp.analysis.ack_rtt": "0.003526000", - "tcp.analysis.initial_rtt": "0.004071000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:49.756179000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495349.756179000", - "frame.time_delta": "0.000515000", - "frame.time_delta_displayed": "0.000515000", - "frame.time_relative": "1758.295493000", - "frame.number": "6721", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x00007716", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000040b3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47595", - "tcp.dstport": "80", - "tcp.port": "47595", - "tcp.port": "80", - "tcp.stream": "264", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00005216", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004071000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:49.756656000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495349.756656000", - "frame.time_delta": "0.000477000", - "frame.time_delta_displayed": "0.000477000", - "frame.time_relative": "1758.295970000", - "frame.number": "6722", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e0b9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d7cf", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47595", - "tcp.port": "80", - "tcp.port": "47595", - "tcp.stream": "264", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000e46a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6721", - "tcp.analysis.ack_rtt": "0.000477000", - "tcp.analysis.initial_rtt": "0.004071000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:49.757325000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495349.757325000", - "frame.time_delta": "0.000669000", - "frame.time_delta_displayed": "0.000669000", - "frame.time_relative": "1758.296639000", - "frame.number": "6723", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000e0ba", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d7bd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47595", - "tcp.port": "80", - "tcp.port": "47595", - "tcp.stream": "264", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000248c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004071000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:49.757674000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495349.757674000", - "frame.time_delta": "0.000349000", - "frame.time_delta_displayed": "0.000349000", - "frame.time_relative": "1758.296988000", - "frame.number": "6724", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000e0bb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d3ea", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47595", - "tcp.port": "80", - "tcp.port": "47595", - "tcp.stream": "264", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000076f5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004071000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "6723", - "tcp.segment": "6724", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001495000", - "http.request_in": "6721", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:49.758864000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495349.758864000", - "frame.time_delta": "0.001190000", - "frame.time_delta_displayed": "0.001190000", - "frame.time_relative": "1758.298178000", - "frame.number": "6725", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000e0bc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d3e9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47595", - "tcp.port": "80", - "tcp.port": "47595", - "tcp.stream": "264", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000076f5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004071000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.out_of_order": "", - "_ws.expert.message": "This frame is a (suspected) out-of-order segment", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - } - } - }, - "_ws.malformed": { - "_ws.expert": { - "_ws.malformed.reassembly": "", - "_ws.expert.message": "New fragment overlaps old data (retransmission?)", - "_ws.expert.severity": "8388608", - "_ws.expert.group": "117440512" - }, - "_ws.malformed": "Malformed Packet" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:49.763527000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495349.763527000", - "frame.time_delta": "0.004663000", - "frame.time_delta_displayed": "0.004663000", - "frame.time_relative": "1758.302841000", - "frame.number": "6726", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00007717", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004172", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47595", - "tcp.dstport": "80", - "tcp.port": "47595", - "tcp.port": "80", - "tcp.stream": "264", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000f1ca", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6723", - "tcp.analysis.ack_rtt": "0.006202000", - "tcp.analysis.initial_rtt": "0.004071000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:49.763578000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495349.763578000", - "frame.time_delta": "0.000051000", - "frame.time_delta_displayed": "0.000051000", - "frame.time_relative": "1758.302892000", - "frame.number": "6727", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00007718", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004171", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47595", - "tcp.dstport": "80", - "tcp.port": "47595", - "tcp.port": "80", - "tcp.stream": "264", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000eddf", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6724", - "tcp.analysis.ack_rtt": "0.005904000", - "tcp.analysis.initial_rtt": "0.004071000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:49.778679000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495349.778679000", - "frame.time_delta": "0.015101000", - "frame.time_delta_displayed": "0.015101000", - "frame.time_relative": "1758.317993000", - "frame.number": "6728", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00007719", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004170", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47595", - "tcp.dstport": "80", - "tcp.port": "47595", - "tcp.port": "80", - "tcp.stream": "264", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000edde", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:49.779174000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495349.779174000", - "frame.time_delta": "0.000495000", - "frame.time_delta_displayed": "0.000495000", - "frame.time_relative": "1758.318488000", - "frame.number": "6729", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000015b5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a2d4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47595", - "tcp.port": "80", - "tcp.port": "47595", - "tcp.stream": "264", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000e074", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6728", - "tcp.analysis.ack_rtt": "0.000495000", - "tcp.analysis.initial_rtt": "0.004071000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:49.784664000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495349.784664000", - "frame.time_delta": "0.005490000", - "frame.time_delta_displayed": "0.005490000", - "frame.time_relative": "1758.323978000", - "frame.number": "6730", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000230b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000957e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47595", - "tcp.dstport": "80", - "tcp.port": "47595", - "tcp.port": "80", - "tcp.stream": "264", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00005445", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:49.784705000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495349.784705000", - "frame.time_delta": "0.000041000", - "frame.time_delta_displayed": "0.000041000", - "frame.time_relative": "1758.324019000", - "frame.number": "6731", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000230c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000957d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47595", - "tcp.dstport": "80", - "tcp.port": "47595", - "tcp.port": "80", - "tcp.stream": "264", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00005444", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:49.876395000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495349.876395000", - "frame.time_delta": "0.091690000", - "frame.time_delta_displayed": "0.091690000", - "frame.time_relative": "1758.415709000", - "frame.number": "6732", - "frame.len": "350", - "frame.cap_len": "350", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:bootp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "336", - "ip.id": "0x00000000", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ba9d", - "ip.checksum.status": "2", - "ip.src": "0.0.0.0", - "ip.addr": "0.0.0.0", - "ip.src_host": "0.0.0.0", - "ip.host": "0.0.0.0", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "68", - "udp.dstport": "67", - "udp.port": "68", - "udp.port": "67", - "udp.length": "316", - "udp.checksum": "0x00004f9e", - "udp.checksum.status": "2", - "udp.stream": "3" - }, - "bootp": { - "bootp.type": "1", - "bootp.hw.type": "0x00000001", - "bootp.hw.len": "6", - "bootp.hops": "0", - "bootp.id": "0xabcd0001", - "bootp.secs": "0", - "bootp.flags": "0x00000000", - "bootp.flags_tree": { - "bootp.flags.bc": "0", - "bootp.flags.reserved": "0x00000000" - }, - "bootp.ip.client": "0.0.0.0", - "bootp.ip.your": "0.0.0.0", - "bootp.ip.server": "0.0.0.0", - "bootp.ip.relay": "0.0.0.0", - "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", - "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", - "bootp.server": "", - "bootp.file": "", - "bootp.dhcp": "1", - "bootp.cookie": "99.130.83.99", - "bootp.option.type": "53", - "bootp.option.type_tree": { - "bootp.option.length": "1", - "bootp.option.value": "01", - "bootp.option.dhcp": "1" - }, - "bootp.option.type": "12", - "bootp.option.type_tree": { - "bootp.option.length": "14", - "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", - "bootp.option.hostname": "USR-WIFI232-G2" - }, - "bootp.option.type": "57", - "bootp.option.type_tree": { - "bootp.option.length": "2", - "bootp.option.value": "05:dc", - "bootp.option.dhcp_max_message_size": "1500" - }, - "bootp.option.type": "55", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "01:03:1c:06", - "bootp.option.request_list_item": "1", - "bootp.option.request_list_item": "3", - "bootp.option.request_list_item": "28", - "bootp.option.request_list_item": "6" - }, - "bootp.option.type": "0", - "bootp.option.type_tree": { - "bootp.option.end": "255" - }, - "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:49.900532000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495349.900532000", - "frame.time_delta": "0.024137000", - "frame.time_delta_displayed": "0.024137000", - "frame.time_relative": "1758.439846000", - "frame.number": "6733", - "frame.len": "350", - "frame.cap_len": "350", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:bootp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "336", - "ip.id": "0x00000001", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ba9c", - "ip.checksum.status": "2", - "ip.src": "0.0.0.0", - "ip.addr": "0.0.0.0", - "ip.src_host": "0.0.0.0", - "ip.host": "0.0.0.0", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "68", - "udp.dstport": "67", - "udp.port": "68", - "udp.port": "67", - "udp.length": "316", - "udp.checksum": "0x000080b3", - "udp.checksum.status": "2", - "udp.stream": "3" - }, - "bootp": { - "bootp.type": "1", - "bootp.hw.type": "0x00000001", - "bootp.hw.len": "6", - "bootp.hops": "0", - "bootp.id": "0xabcd0002", - "bootp.secs": "0", - "bootp.flags": "0x00000000", - "bootp.flags_tree": { - "bootp.flags.bc": "0", - "bootp.flags.reserved": "0x00000000" - }, - "bootp.ip.client": "0.0.0.0", - "bootp.ip.your": "0.0.0.0", - "bootp.ip.server": "0.0.0.0", - "bootp.ip.relay": "0.0.0.0", - "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", - "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", - "bootp.server": "", - "bootp.file": "", - "bootp.dhcp": "1", - "bootp.cookie": "99.130.83.99", - "bootp.option.type": "53", - "bootp.option.type_tree": { - "bootp.option.length": "1", - "bootp.option.value": "03", - "bootp.option.dhcp": "3" - }, - "bootp.option.type": "12", - "bootp.option.type_tree": { - "bootp.option.length": "14", - "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", - "bootp.option.hostname": "USR-WIFI232-G2" - }, - "bootp.option.type": "57", - "bootp.option.type_tree": { - "bootp.option.length": "2", - "bootp.option.value": "05:dc", - "bootp.option.dhcp_max_message_size": "1500" - }, - "bootp.option.type": "50", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "c0:a8:00:72", - "bootp.option.requested_ip_address": "192.168.0.114" - }, - "bootp.option.type": "54", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "c0:a8:00:01", - "bootp.option.dhcp_server_id": "192.168.0.1" - }, - "bootp.option.type": "55", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "01:03:1c:06", - "bootp.option.request_list_item": "1", - "bootp.option.request_list_item": "3", - "bootp.option.request_list_item": "28", - "bootp.option.request_list_item": "6" - }, - "bootp.option.type": "0", - "bootp.option.type_tree": { - "bootp.option.end": "255" - }, - "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:49.954579000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495349.954579000", - "frame.time_delta": "0.054047000", - "frame.time_delta_displayed": "0.054047000", - "frame.time_relative": "1758.493893000", - "frame.number": "6734", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", - "arp.src.proto_ipv4": "0.0.0.0", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.114" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:50.079718000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495350.079718000", - "frame.time_delta": "0.125139000", - "frame.time_delta_displayed": "0.125139000", - "frame.time_relative": "1758.619032000", - "frame.number": "6735", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", - "arp.src.proto_ipv4": "0.0.0.0", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.114" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:50.689912000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495350.689912000", - "frame.time_delta": "0.610194000", - "frame.time_delta_displayed": "0.610194000", - "frame.time_relative": "1759.229226000", - "frame.number": "6736", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000560f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00006152", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "264", - "http.prev_response_in": "6717" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:50.742782000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495350.742782000", - "frame.time_delta": "0.052870000", - "frame.time_delta_displayed": "0.052870000", - "frame.time_relative": "1759.282096000", - "frame.number": "6737", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00005614", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00006144", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "265", - "http.prev_response_in": "6736" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:50.784698000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495350.784698000", - "frame.time_delta": "0.041916000", - "frame.time_delta_displayed": "0.041916000", - "frame.time_relative": "1759.324012000", - "frame.number": "6738", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x00003f2c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007949", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47596", - "tcp.dstport": "80", - "tcp.port": "47596", - "tcp.port": "80", - "tcp.stream": "265", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x0000a244", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:81:a5:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 950693, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "950693", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:50.785255000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495350.785255000", - "frame.time_delta": "0.000557000", - "frame.time_delta_displayed": "0.000557000", - "frame.time_relative": "1759.324569000", - "frame.number": "6739", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47596", - "tcp.port": "80", - "tcp.port": "47596", - "tcp.stream": "265", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000c84a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "6738", - "tcp.analysis.ack_rtt": "0.000557000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:50.790490000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495350.790490000", - "frame.time_delta": "0.005235000", - "frame.time_delta_displayed": "0.005235000", - "frame.time_relative": "1759.329804000", - "frame.number": "6740", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00003f2d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000795c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47596", - "tcp.dstport": "80", - "tcp.port": "47596", - "tcp.port": "80", - "tcp.stream": "265", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000079d2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6739", - "tcp.analysis.ack_rtt": "0.005235000", - "tcp.analysis.initial_rtt": "0.005792000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:50.791430000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495350.791430000", - "frame.time_delta": "0.000940000", - "frame.time_delta_displayed": "0.000940000", - "frame.time_relative": "1759.330744000", - "frame.number": "6741", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x00003f2e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000789b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47596", - "tcp.dstport": "80", - "tcp.port": "47596", - "tcp.port": "80", - "tcp.stream": "265", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000d94c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005792000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:50.791934000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495350.791934000", - "frame.time_delta": "0.000504000", - "frame.time_delta_displayed": "0.000504000", - "frame.time_relative": "1759.331248000", - "frame.number": "6742", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000033e0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000084a9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47596", - "tcp.port": "80", - "tcp.port": "47596", - "tcp.stream": "265", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00006ba1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6741", - "tcp.analysis.ack_rtt": "0.000504000", - "tcp.analysis.initial_rtt": "0.005792000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:50.792601000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495350.792601000", - "frame.time_delta": "0.000667000", - "frame.time_delta_displayed": "0.000667000", - "frame.time_relative": "1759.331915000", - "frame.number": "6743", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x000033e1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008497", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47596", - "tcp.port": "80", - "tcp.port": "47596", - "tcp.stream": "265", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000abc2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005792000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:50.792949000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495350.792949000", - "frame.time_delta": "0.000348000", - "frame.time_delta_displayed": "0.000348000", - "frame.time_relative": "1759.332263000", - "frame.number": "6744", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x000033e2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000080c4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47596", - "tcp.port": "80", - "tcp.port": "47596", - "tcp.stream": "265", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000fe2b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005792000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "6743", - "tcp.segment": "6744", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001519000", - "http.request_in": "6741", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:50.795376000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495350.795376000", - "frame.time_delta": "0.002427000", - "frame.time_delta_displayed": "0.002427000", - "frame.time_relative": "1759.334690000", - "frame.number": "6745", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00005618", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00006146", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "266", - "http.prev_response_in": "6737" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:50.800377000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495350.800377000", - "frame.time_delta": "0.005001000", - "frame.time_delta_displayed": "0.005001000", - "frame.time_relative": "1759.339691000", - "frame.number": "6746", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00003f2f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000795a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47596", - "tcp.dstport": "80", - "tcp.port": "47596", - "tcp.port": "80", - "tcp.stream": "265", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00007901", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6743", - "tcp.analysis.ack_rtt": "0.007776000", - "tcp.analysis.initial_rtt": "0.005792000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:50.800952000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495350.800952000", - "frame.time_delta": "0.000575000", - "frame.time_delta_displayed": "0.000575000", - "frame.time_relative": "1759.340266000", - "frame.number": "6747", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00003f30", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007959", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47596", - "tcp.dstport": "80", - "tcp.port": "47596", - "tcp.port": "80", - "tcp.stream": "265", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00007516", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6744", - "tcp.analysis.ack_rtt": "0.008003000", - "tcp.analysis.initial_rtt": "0.005792000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:50.802697000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495350.802697000", - "frame.time_delta": "0.001745000", - "frame.time_delta_displayed": "0.001745000", - "frame.time_relative": "1759.342011000", - "frame.number": "6748", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00003f31", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007958", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47596", - "tcp.dstport": "80", - "tcp.port": "47596", - "tcp.port": "80", - "tcp.stream": "265", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00007515", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:50.803155000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495350.803155000", - "frame.time_delta": "0.000458000", - "frame.time_delta_displayed": "0.000458000", - "frame.time_relative": "1759.342469000", - "frame.number": "6749", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000015df", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a2aa", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47596", - "tcp.port": "80", - "tcp.port": "47596", - "tcp.stream": "265", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000067ab", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6748", - "tcp.analysis.ack_rtt": "0.000458000", - "tcp.analysis.initial_rtt": "0.005792000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:50.810728000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495350.810728000", - "frame.time_delta": "0.007573000", - "frame.time_delta_displayed": "0.007573000", - "frame.time_relative": "1759.350042000", - "frame.number": "6750", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x000050ba", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000067bb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47597", - "tcp.dstport": "80", - "tcp.port": "47597", - "tcp.port": "80", - "tcp.stream": "266", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x0000cc4b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:81:a7:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 950695, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "950695", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:50.811285000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495350.811285000", - "frame.time_delta": "0.000557000", - "frame.time_delta_displayed": "0.000557000", - "frame.time_relative": "1759.350599000", - "frame.number": "6751", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47597", - "tcp.port": "80", - "tcp.port": "47597", - "tcp.stream": "266", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00009896", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "6750", - "tcp.analysis.ack_rtt": "0.000557000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:50.813762000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495350.813762000", - "frame.time_delta": "0.002477000", - "frame.time_delta_displayed": "0.002477000", - "frame.time_relative": "1759.353076000", - "frame.number": "6752", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002326", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009563", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47596", - "tcp.dstport": "80", - "tcp.port": "47596", - "tcp.port": "80", - "tcp.stream": "265", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00008b17", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:50.816180000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495350.816180000", - "frame.time_delta": "0.002418000", - "frame.time_delta_displayed": "0.002418000", - "frame.time_relative": "1759.355494000", - "frame.number": "6753", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000050bb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000067ce", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47597", - "tcp.dstport": "80", - "tcp.port": "47597", - "tcp.port": "80", - "tcp.stream": "266", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00004a1e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6751", - "tcp.analysis.ack_rtt": "0.004895000", - "tcp.analysis.initial_rtt": "0.005452000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:50.816224000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495350.816224000", - "frame.time_delta": "0.000044000", - "frame.time_delta_displayed": "0.000044000", - "frame.time_relative": "1759.355538000", - "frame.number": "6754", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x000050bc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000670d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47597", - "tcp.dstport": "80", - "tcp.port": "47597", - "tcp.port": "80", - "tcp.stream": "266", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000a998", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005452000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:50.816736000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495350.816736000", - "frame.time_delta": "0.000512000", - "frame.time_delta_displayed": "0.000512000", - "frame.time_relative": "1759.356050000", - "frame.number": "6755", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00007c06", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003c83", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47597", - "tcp.port": "80", - "tcp.port": "47597", - "tcp.stream": "266", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00003bed", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6754", - "tcp.analysis.ack_rtt": "0.000512000", - "tcp.analysis.initial_rtt": "0.005452000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:50.817745000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495350.817745000", - "frame.time_delta": "0.001009000", - "frame.time_delta_displayed": "0.001009000", - "frame.time_relative": "1759.357059000", - "frame.number": "6756", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00007c07", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003c71", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47597", - "tcp.port": "80", - "tcp.port": "47597", - "tcp.stream": "266", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00007c0e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005452000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:50.818099000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495350.818099000", - "frame.time_delta": "0.000354000", - "frame.time_delta_displayed": "0.000354000", - "frame.time_relative": "1759.357413000", - "frame.number": "6757", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00007c08", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000389e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47597", - "tcp.port": "80", - "tcp.port": "47597", - "tcp.stream": "266", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000ce77", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005452000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "6756", - "tcp.segment": "6757", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001875000", - "http.request_in": "6754", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:50.818856000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495350.818856000", - "frame.time_delta": "0.000757000", - "frame.time_delta_displayed": "0.000757000", - "frame.time_relative": "1759.358170000", - "frame.number": "6758", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00007c09", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000389d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47597", - "tcp.port": "80", - "tcp.port": "47597", - "tcp.stream": "266", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000ce77", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005452000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.out_of_order": "", - "_ws.expert.message": "This frame is a (suspected) out-of-order segment", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - } - } - }, - "_ws.malformed": { - "_ws.expert": { - "_ws.malformed.reassembly": "", - "_ws.expert.message": "New fragment overlaps old data (retransmission?)", - "_ws.expert.severity": "8388608", - "_ws.expert.group": "117440512" - }, - "_ws.malformed": "Malformed Packet" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:50.821295000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495350.821295000", - "frame.time_delta": "0.002439000", - "frame.time_delta_displayed": "0.002439000", - "frame.time_relative": "1759.360609000", - "frame.number": "6759", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000050bd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000067cc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47597", - "tcp.dstport": "80", - "tcp.port": "47597", - "tcp.port": "80", - "tcp.stream": "266", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000494d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6756", - "tcp.analysis.ack_rtt": "0.003550000", - "tcp.analysis.initial_rtt": "0.005452000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:50.822323000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495350.822323000", - "frame.time_delta": "0.001028000", - "frame.time_delta_displayed": "0.001028000", - "frame.time_relative": "1759.361637000", - "frame.number": "6760", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000050be", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000067cb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47597", - "tcp.dstport": "80", - "tcp.port": "47597", - "tcp.port": "80", - "tcp.stream": "266", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00004562", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6757", - "tcp.analysis.ack_rtt": "0.004224000", - "tcp.analysis.initial_rtt": "0.005452000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:50.822447000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495350.822447000", - "frame.time_delta": "0.000124000", - "frame.time_delta_displayed": "0.000124000", - "frame.time_relative": "1759.361761000", - "frame.number": "6761", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x000050bf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000067be", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47597", - "tcp.dstport": "80", - "tcp.port": "47597", - "tcp.port": "80", - "tcp.stream": "266", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00003684", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:05:0a:0c:77:5d:fa:0c:77:61:de", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "SACK: 18-1014": { - "tcp.option_kind": "5", - "tcp.option_len": "10", - "tcp.options.sack": "1", - "tcp.options.sack_le": "18", - "tcp.options.sack_re": "1014", - "tcp.options.sack.count": "1" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005452000", - "tcp.analysis.flags": { - "tcp.analysis.duplicate_ack": "" - }, - "tcp.analysis.duplicate_ack_num": "1", - "tcp.analysis.duplicate_ack_frame": "6760", - "tcp.analysis.duplicate_ack_frame_tree": { - "_ws.expert": { - "tcp.analysis.duplicate_ack": "", - "_ws.expert.message": "Duplicate ACK (#1)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:50.823897000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495350.823897000", - "frame.time_delta": "0.001450000", - "frame.time_delta_displayed": "0.001450000", - "frame.time_relative": "1759.363211000", - "frame.number": "6762", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000050c0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000067c9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47597", - "tcp.dstport": "80", - "tcp.port": "47597", - "tcp.port": "80", - "tcp.stream": "266", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00004561", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:50.824334000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495350.824334000", - "frame.time_delta": "0.000437000", - "frame.time_delta_displayed": "0.000437000", - "frame.time_relative": "1759.363648000", - "frame.number": "6763", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000015e1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a2a8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47597", - "tcp.port": "80", - "tcp.port": "47597", - "tcp.stream": "266", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000037f7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6762", - "tcp.analysis.ack_rtt": "0.000437000", - "tcp.analysis.initial_rtt": "0.005452000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:50.828065000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495350.828065000", - "frame.time_delta": "0.003731000", - "frame.time_delta_displayed": "0.003731000", - "frame.time_relative": "1759.367379000", - "frame.number": "6764", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002327", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009562", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47597", - "tcp.dstport": "80", - "tcp.port": "47597", - "tcp.port": "80", - "tcp.stream": "266", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000b520", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:51.638542000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495351.638542000", - "frame.time_delta": "0.810477000", - "frame.time_delta_displayed": "0.810477000", - "frame.time_relative": "1760.177856000", - "frame.number": "6765", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00005636", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000612b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "267", - "http.prev_response_in": "6745" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:51.691349000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495351.691349000", - "frame.time_delta": "0.052807000", - "frame.time_delta_displayed": "0.052807000", - "frame.time_relative": "1760.230663000", - "frame.number": "6766", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000563c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000611c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "268", - "http.prev_response_in": "6765" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:51.698808000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495351.698808000", - "frame.time_delta": "0.007459000", - "frame.time_delta_displayed": "0.007459000", - "frame.time_relative": "1760.238122000", - "frame.number": "6767", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x0000ca81", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000edf3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47598", - "tcp.dstport": "80", - "tcp.port": "47598", - "tcp.port": "80", - "tcp.stream": "267", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x000027a0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:82:00:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 950784, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "950784", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:51.699343000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495351.699343000", - "frame.time_delta": "0.000535000", - "frame.time_delta_displayed": "0.000535000", - "frame.time_relative": "1760.238657000", - "frame.number": "6768", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47598", - "tcp.port": "80", - "tcp.port": "47598", - "tcp.stream": "267", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000f459", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "6767", - "tcp.analysis.ack_rtt": "0.000535000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:51.704893000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495351.704893000", - "frame.time_delta": "0.005550000", - "frame.time_delta_displayed": "0.005550000", - "frame.time_relative": "1760.244207000", - "frame.number": "6769", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000ca82", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ee06", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47598", - "tcp.dstport": "80", - "tcp.port": "47598", - "tcp.port": "80", - "tcp.stream": "267", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000a5e1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6768", - "tcp.analysis.ack_rtt": "0.005550000", - "tcp.analysis.initial_rtt": "0.006085000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:51.704943000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495351.704943000", - "frame.time_delta": "0.000050000", - "frame.time_delta_displayed": "0.000050000", - "frame.time_relative": "1760.244257000", - "frame.number": "6770", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x0000ca83", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ed45", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47598", - "tcp.dstport": "80", - "tcp.port": "47598", - "tcp.port": "80", - "tcp.stream": "267", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000055c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.006085000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:51.705455000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495351.705455000", - "frame.time_delta": "0.000512000", - "frame.time_delta_displayed": "0.000512000", - "frame.time_relative": "1760.244769000", - "frame.number": "6771", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000026c7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000091c2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47598", - "tcp.port": "80", - "tcp.port": "47598", - "tcp.stream": "267", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000097b0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6770", - "tcp.analysis.ack_rtt": "0.000512000", - "tcp.analysis.initial_rtt": "0.006085000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:51.706136000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495351.706136000", - "frame.time_delta": "0.000681000", - "frame.time_delta_displayed": "0.000681000", - "frame.time_relative": "1760.245450000", - "frame.number": "6772", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x000026c8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000091b0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47598", - "tcp.port": "80", - "tcp.port": "47598", - "tcp.stream": "267", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000d7d1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.006085000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:51.706497000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495351.706497000", - "frame.time_delta": "0.000361000", - "frame.time_delta_displayed": "0.000361000", - "frame.time_relative": "1760.245811000", - "frame.number": "6773", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x000026c9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008ddd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47598", - "tcp.port": "80", - "tcp.port": "47598", - "tcp.stream": "267", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00002a3b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.006085000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "6772", - "tcp.segment": "6773", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001554000", - "http.request_in": "6770", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:51.708866000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495351.708866000", - "frame.time_delta": "0.002369000", - "frame.time_delta_displayed": "0.002369000", - "frame.time_relative": "1760.248180000", - "frame.number": "6774", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x000026ca", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008ddc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47598", - "tcp.port": "80", - "tcp.port": "47598", - "tcp.stream": "267", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00002a3b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.006085000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.out_of_order": "", - "_ws.expert.message": "This frame is a (suspected) out-of-order segment", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - } - } - }, - "_ws.malformed": { - "_ws.expert": { - "_ws.malformed.reassembly": "", - "_ws.expert.message": "New fragment overlaps old data (retransmission?)", - "_ws.expert.severity": "8388608", - "_ws.expert.group": "117440512" - }, - "_ws.malformed": "Malformed Packet" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:51.710508000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495351.710508000", - "frame.time_delta": "0.001642000", - "frame.time_delta_displayed": "0.001642000", - "frame.time_relative": "1760.249822000", - "frame.number": "6775", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000ca84", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ee04", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47598", - "tcp.dstport": "80", - "tcp.port": "47598", - "tcp.port": "80", - "tcp.stream": "267", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000a510", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6772", - "tcp.analysis.ack_rtt": "0.004372000", - "tcp.analysis.initial_rtt": "0.006085000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:51.711437000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495351.711437000", - "frame.time_delta": "0.000929000", - "frame.time_delta_displayed": "0.000929000", - "frame.time_relative": "1760.250751000", - "frame.number": "6776", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000ca85", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ee03", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47598", - "tcp.dstport": "80", - "tcp.port": "47598", - "tcp.port": "80", - "tcp.stream": "267", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000a125", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6773", - "tcp.analysis.ack_rtt": "0.004940000", - "tcp.analysis.initial_rtt": "0.006085000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:51.714280000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495351.714280000", - "frame.time_delta": "0.002843000", - "frame.time_delta_displayed": "0.002843000", - "frame.time_relative": "1760.253594000", - "frame.number": "6777", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000ca86", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ee02", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47598", - "tcp.dstport": "80", - "tcp.port": "47598", - "tcp.port": "80", - "tcp.stream": "267", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000a124", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:51.714733000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495351.714733000", - "frame.time_delta": "0.000453000", - "frame.time_delta_displayed": "0.000453000", - "frame.time_relative": "1760.254047000", - "frame.number": "6778", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000015e4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a2a5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47598", - "tcp.port": "80", - "tcp.port": "47598", - "tcp.stream": "267", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000093ba", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6777", - "tcp.analysis.ack_rtt": "0.000453000", - "tcp.analysis.initial_rtt": "0.006085000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:51.714975000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495351.714975000", - "frame.time_delta": "0.000242000", - "frame.time_delta_displayed": "0.000242000", - "frame.time_relative": "1760.254289000", - "frame.number": "6779", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000233b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000954e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47598", - "tcp.dstport": "80", - "tcp.port": "47598", - "tcp.port": "80", - "tcp.stream": "267", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000010cf", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:51.718232000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495351.718232000", - "frame.time_delta": "0.003257000", - "frame.time_delta_displayed": "0.003257000", - "frame.time_relative": "1760.257546000", - "frame.number": "6780", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000233c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000954d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47598", - "tcp.dstport": "80", - "tcp.port": "47598", - "tcp.port": "80", - "tcp.stream": "267", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000010ce", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:51.744214000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495351.744214000", - "frame.time_delta": "0.025982000", - "frame.time_delta_displayed": "0.025982000", - "frame.time_relative": "1760.283528000", - "frame.number": "6781", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000563d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00006121", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "269", - "http.prev_response_in": "6766" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:51.756883000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495351.756883000", - "frame.time_delta": "0.012669000", - "frame.time_delta_displayed": "0.012669000", - "frame.time_relative": "1760.296197000", - "frame.number": "6782", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x0000660d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005268", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47599", - "tcp.dstport": "80", - "tcp.port": "47599", - "tcp.port": "80", - "tcp.stream": "268", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x0000ee6d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:82:06:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 950790, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "950790", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:51.757438000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495351.757438000", - "frame.time_delta": "0.000555000", - "frame.time_delta_displayed": "0.000555000", - "frame.time_relative": "1760.296752000", - "frame.number": "6783", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47599", - "tcp.port": "80", - "tcp.port": "47599", - "tcp.stream": "268", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00003612", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "6782", - "tcp.analysis.ack_rtt": "0.000555000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:51.763796000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495351.763796000", - "frame.time_delta": "0.006358000", - "frame.time_delta_displayed": "0.006358000", - "frame.time_relative": "1760.303110000", - "frame.number": "6784", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000660e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000527b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47599", - "tcp.dstport": "80", - "tcp.port": "47599", - "tcp.port": "80", - "tcp.stream": "268", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000e799", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6783", - "tcp.analysis.ack_rtt": "0.006358000", - "tcp.analysis.initial_rtt": "0.006913000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:51.766627000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495351.766627000", - "frame.time_delta": "0.002831000", - "frame.time_delta_displayed": "0.002831000", - "frame.time_relative": "1760.305941000", - "frame.number": "6785", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x0000660f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000051ba", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47599", - "tcp.dstport": "80", - "tcp.port": "47599", - "tcp.port": "80", - "tcp.stream": "268", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00004714", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.006913000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:51.767116000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495351.767116000", - "frame.time_delta": "0.000489000", - "frame.time_delta_displayed": "0.000489000", - "frame.time_relative": "1760.306430000", - "frame.number": "6786", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000221b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000966e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47599", - "tcp.port": "80", - "tcp.port": "47599", - "tcp.stream": "268", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000d968", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6785", - "tcp.analysis.ack_rtt": "0.000489000", - "tcp.analysis.initial_rtt": "0.006913000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:51.767842000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495351.767842000", - "frame.time_delta": "0.000726000", - "frame.time_delta_displayed": "0.000726000", - "frame.time_relative": "1760.307156000", - "frame.number": "6787", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000221c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000965c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47599", - "tcp.port": "80", - "tcp.port": "47599", - "tcp.stream": "268", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000198a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.006913000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:51.768194000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495351.768194000", - "frame.time_delta": "0.000352000", - "frame.time_delta_displayed": "0.000352000", - "frame.time_relative": "1760.307508000", - "frame.number": "6788", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000221d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009289", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47599", - "tcp.port": "80", - "tcp.port": "47599", - "tcp.stream": "268", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00006bf3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.006913000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "6787", - "tcp.segment": "6788", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001567000", - "http.request_in": "6785", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:51.772468000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495351.772468000", - "frame.time_delta": "0.004274000", - "frame.time_delta_displayed": "0.004274000", - "frame.time_relative": "1760.311782000", - "frame.number": "6789", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00006610", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005279", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47599", - "tcp.dstport": "80", - "tcp.port": "47599", - "tcp.port": "80", - "tcp.stream": "268", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000e6c8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6787", - "tcp.analysis.ack_rtt": "0.004626000", - "tcp.analysis.initial_rtt": "0.006913000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:51.772669000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495351.772669000", - "frame.time_delta": "0.000201000", - "frame.time_delta_displayed": "0.000201000", - "frame.time_relative": "1760.311983000", - "frame.number": "6790", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00006611", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005278", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47599", - "tcp.dstport": "80", - "tcp.port": "47599", - "tcp.port": "80", - "tcp.stream": "268", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000e2dd", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6788", - "tcp.analysis.ack_rtt": "0.004475000", - "tcp.analysis.initial_rtt": "0.006913000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:51.776439000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495351.776439000", - "frame.time_delta": "0.003770000", - "frame.time_delta_displayed": "0.003770000", - "frame.time_relative": "1760.315753000", - "frame.number": "6791", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00006612", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005277", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47599", - "tcp.dstport": "80", - "tcp.port": "47599", - "tcp.port": "80", - "tcp.stream": "268", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000e2dc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:51.776900000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495351.776900000", - "frame.time_delta": "0.000461000", - "frame.time_delta_displayed": "0.000461000", - "frame.time_relative": "1760.316214000", - "frame.number": "6792", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000015e5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a2a4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47599", - "tcp.port": "80", - "tcp.port": "47599", - "tcp.stream": "268", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000d572", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6791", - "tcp.analysis.ack_rtt": "0.000461000", - "tcp.analysis.initial_rtt": "0.006913000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:51.780499000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495351.780499000", - "frame.time_delta": "0.003599000", - "frame.time_delta_displayed": "0.003599000", - "frame.time_relative": "1760.319813000", - "frame.number": "6793", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002341", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009548", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47599", - "tcp.dstport": "80", - "tcp.port": "47599", - "tcp.port": "80", - "tcp.stream": "268", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000d7a1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:52.170036000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495352.170036000", - "frame.time_delta": "0.389537000", - "frame.time_delta_displayed": "0.389537000", - "frame.time_relative": "1760.709350000", - "frame.number": "6794", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.120" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:52.175911000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495352.175911000", - "frame.time_delta": "0.005875000", - "frame.time_delta_displayed": "0.005875000", - "frame.time_relative": "1760.715225000", - "frame.number": "6795", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "e4:95:6e:b0:20:39", - "arp.src.proto_ipv4": "192.168.0.120", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:52.672088000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495352.672088000", - "frame.time_delta": "0.496177000", - "frame.time_delta_displayed": "0.496177000", - "frame.time_relative": "1761.211402000", - "frame.number": "6796", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001fa6", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b84a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000126e", - "udp.checksum.status": "2", - "udp.stream": "98" - }, - "mdns": { - "dns.id": "0x00000287", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=647", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:52.674641000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495352.674641000", - "frame.time_delta": "0.002553000", - "frame.time_delta_displayed": "0.002553000", - "frame.time_relative": "1761.213955000", - "frame.number": "6797", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001fa7", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009945", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f369", - "udp.checksum.status": "2", - "udp.stream": "99" - }, - "mdns": { - "dns.id": "0x00000287", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=647", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:52.675022000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495352.675022000", - "frame.time_delta": "0.000381000", - "frame.time_delta_displayed": "0.000381000", - "frame.time_relative": "1761.214336000", - "frame.number": "6798", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1322", - "udp.dstport": "5353", - "udp.port": "1322", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000812f", - "udp.checksum.status": "2", - "udp.stream": "100" - }, - "mdns": { - "dns.id": "0x00000287", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=647", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:52.691270000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495352.691270000", - "frame.time_delta": "0.016248000", - "frame.time_delta_displayed": "0.016248000", - "frame.time_relative": "1761.230584000", - "frame.number": "6799", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00005685", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000060dc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "270", - "http.prev_response_in": "6781" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:52.725203000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495352.725203000", - "frame.time_delta": "0.033933000", - "frame.time_delta_displayed": "0.033933000", - "frame.time_relative": "1761.264517000", - "frame.number": "6800", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x0000f8a2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000bfd2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47600", - "tcp.dstport": "80", - "tcp.port": "47600", - "tcp.port": "80", - "tcp.stream": "269", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x0000e8c0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:82:67:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 950887, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "950887", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:52.725749000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495352.725749000", - "frame.time_delta": "0.000546000", - "frame.time_delta_displayed": "0.000546000", - "frame.time_relative": "1761.265063000", - "frame.number": "6801", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47600", - "tcp.port": "80", - "tcp.port": "47600", - "tcp.stream": "269", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x000012eb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "6800", - "tcp.analysis.ack_rtt": "0.000546000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:52.731809000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495352.731809000", - "frame.time_delta": "0.006060000", - "frame.time_delta_displayed": "0.006060000", - "frame.time_relative": "1761.271123000", - "frame.number": "6802", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000f8a3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000bfe5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47600", - "tcp.dstport": "80", - "tcp.port": "47600", - "tcp.port": "80", - "tcp.stream": "269", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000c472", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6801", - "tcp.analysis.ack_rtt": "0.006060000", - "tcp.analysis.initial_rtt": "0.006606000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:52.732762000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495352.732762000", - "frame.time_delta": "0.000953000", - "frame.time_delta_displayed": "0.000953000", - "frame.time_relative": "1761.272076000", - "frame.number": "6803", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x0000f8a4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000bf24", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47600", - "tcp.dstport": "80", - "tcp.port": "47600", - "tcp.port": "80", - "tcp.stream": "269", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000023ed", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.006606000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:52.733262000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495352.733262000", - "frame.time_delta": "0.000500000", - "frame.time_delta_displayed": "0.000500000", - "frame.time_relative": "1761.272576000", - "frame.number": "6804", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000022a0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000095e9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47600", - "tcp.port": "80", - "tcp.port": "47600", - "tcp.stream": "269", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000b641", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6803", - "tcp.analysis.ack_rtt": "0.000500000", - "tcp.analysis.initial_rtt": "0.006606000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:52.734049000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495352.734049000", - "frame.time_delta": "0.000787000", - "frame.time_delta_displayed": "0.000787000", - "frame.time_relative": "1761.273363000", - "frame.number": "6805", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x000022a1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000095d7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47600", - "tcp.port": "80", - "tcp.port": "47600", - "tcp.stream": "269", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000f662", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.006606000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:52.734345000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495352.734345000", - "frame.time_delta": "0.000296000", - "frame.time_delta_displayed": "0.000296000", - "frame.time_relative": "1761.273659000", - "frame.number": "6806", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x000022a2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009204", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47600", - "tcp.port": "80", - "tcp.port": "47600", - "tcp.stream": "269", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000048cc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.006606000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "6805", - "tcp.segment": "6806", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001583000", - "http.request_in": "6803", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:52.737272000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495352.737272000", - "frame.time_delta": "0.002927000", - "frame.time_delta_displayed": "0.002927000", - "frame.time_relative": "1761.276586000", - "frame.number": "6807", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000f8a5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000bfe3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47600", - "tcp.dstport": "80", - "tcp.port": "47600", - "tcp.port": "80", - "tcp.stream": "269", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000c3a1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6805", - "tcp.analysis.ack_rtt": "0.003223000", - "tcp.analysis.initial_rtt": "0.006606000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:52.744936000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495352.744936000", - "frame.time_delta": "0.007664000", - "frame.time_delta_displayed": "0.007664000", - "frame.time_relative": "1761.284250000", - "frame.number": "6808", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000f8a6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000bfe2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47600", - "tcp.dstport": "80", - "tcp.port": "47600", - "tcp.port": "80", - "tcp.stream": "269", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000bfb6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6806", - "tcp.analysis.ack_rtt": "0.010591000", - "tcp.analysis.initial_rtt": "0.006606000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:52.745247000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495352.745247000", - "frame.time_delta": "0.000311000", - "frame.time_delta_displayed": "0.000311000", - "frame.time_relative": "1761.284561000", - "frame.number": "6809", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00005689", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000060cf", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "271", - "http.prev_response_in": "6799" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:52.746092000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495352.746092000", - "frame.time_delta": "0.000845000", - "frame.time_delta_displayed": "0.000845000", - "frame.time_relative": "1761.285406000", - "frame.number": "6810", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000f8a7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000bfe1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47600", - "tcp.dstport": "80", - "tcp.port": "47600", - "tcp.port": "80", - "tcp.stream": "269", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000bfb5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:52.746537000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495352.746537000", - "frame.time_delta": "0.000445000", - "frame.time_delta_displayed": "0.000445000", - "frame.time_relative": "1761.285851000", - "frame.number": "6811", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000015f8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a291", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47600", - "tcp.port": "80", - "tcp.port": "47600", - "tcp.stream": "269", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000b24b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6810", - "tcp.analysis.ack_rtt": "0.000445000", - "tcp.analysis.initial_rtt": "0.006606000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:52.750620000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495352.750620000", - "frame.time_delta": "0.004083000", - "frame.time_delta_displayed": "0.004083000", - "frame.time_relative": "1761.289934000", - "frame.number": "6812", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002392", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000094f7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47600", - "tcp.dstport": "80", - "tcp.port": "47600", - "tcp.port": "80", - "tcp.stream": "269", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000d255", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:52.762140000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495352.762140000", - "frame.time_delta": "0.011520000", - "frame.time_delta_displayed": "0.011520000", - "frame.time_relative": "1761.301454000", - "frame.number": "6813", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x0000bc63", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000fc11", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47601", - "tcp.dstport": "80", - "tcp.port": "47601", - "tcp.port": "80", - "tcp.stream": "270", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x0000814a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:82:6b:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 950891, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "950891", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:52.762682000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495352.762682000", - "frame.time_delta": "0.000542000", - "frame.time_delta_displayed": "0.000542000", - "frame.time_relative": "1761.301996000", - "frame.number": "6814", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47601", - "tcp.port": "80", - "tcp.port": "47601", - "tcp.stream": "270", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000fcd3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "6813", - "tcp.analysis.ack_rtt": "0.000542000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:52.766339000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495352.766339000", - "frame.time_delta": "0.003657000", - "frame.time_delta_displayed": "0.003657000", - "frame.time_relative": "1761.305653000", - "frame.number": "6815", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000bc64", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000fc24", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47601", - "tcp.dstport": "80", - "tcp.port": "47601", - "tcp.port": "80", - "tcp.stream": "270", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000ae5b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6814", - "tcp.analysis.ack_rtt": "0.003657000", - "tcp.analysis.initial_rtt": "0.004199000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:52.766805000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495352.766805000", - "frame.time_delta": "0.000466000", - "frame.time_delta_displayed": "0.000466000", - "frame.time_relative": "1761.306119000", - "frame.number": "6816", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x0000bc65", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000fb63", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47601", - "tcp.dstport": "80", - "tcp.port": "47601", - "tcp.port": "80", - "tcp.stream": "270", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00000dd6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004199000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:52.767282000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495352.767282000", - "frame.time_delta": "0.000477000", - "frame.time_delta_displayed": "0.000477000", - "frame.time_relative": "1761.306596000", - "frame.number": "6817", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000072d7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000045b2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47601", - "tcp.port": "80", - "tcp.port": "47601", - "tcp.stream": "270", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000a02a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6816", - "tcp.analysis.ack_rtt": "0.000477000", - "tcp.analysis.initial_rtt": "0.004199000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:52.767935000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495352.767935000", - "frame.time_delta": "0.000653000", - "frame.time_delta_displayed": "0.000653000", - "frame.time_relative": "1761.307249000", - "frame.number": "6818", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x000072d8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000045a0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47601", - "tcp.port": "80", - "tcp.port": "47601", - "tcp.stream": "270", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000e04b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004199000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:52.768282000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495352.768282000", - "frame.time_delta": "0.000347000", - "frame.time_delta_displayed": "0.000347000", - "frame.time_relative": "1761.307596000", - "frame.number": "6819", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x000072d9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000041cd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47601", - "tcp.port": "80", - "tcp.port": "47601", - "tcp.stream": "270", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000032b5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004199000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "6818", - "tcp.segment": "6819", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001477000", - "http.request_in": "6816", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:52.768866000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495352.768866000", - "frame.time_delta": "0.000584000", - "frame.time_delta_displayed": "0.000584000", - "frame.time_relative": "1761.308180000", - "frame.number": "6820", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x000072da", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000041cc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47601", - "tcp.port": "80", - "tcp.port": "47601", - "tcp.stream": "270", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000032b5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004199000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.out_of_order": "", - "_ws.expert.message": "This frame is a (suspected) out-of-order segment", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - } - } - }, - "_ws.malformed": { - "_ws.expert": { - "_ws.malformed.reassembly": "", - "_ws.expert.message": "New fragment overlaps old data (retransmission?)", - "_ws.expert.severity": "8388608", - "_ws.expert.group": "117440512" - }, - "_ws.malformed": "Malformed Packet" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:52.771700000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495352.771700000", - "frame.time_delta": "0.002834000", - "frame.time_delta_displayed": "0.002834000", - "frame.time_relative": "1761.311014000", - "frame.number": "6821", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000bc66", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000fc22", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47601", - "tcp.dstport": "80", - "tcp.port": "47601", - "tcp.port": "80", - "tcp.stream": "270", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000ad8a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6818", - "tcp.analysis.ack_rtt": "0.003765000", - "tcp.analysis.initial_rtt": "0.004199000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:52.771828000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495352.771828000", - "frame.time_delta": "0.000128000", - "frame.time_delta_displayed": "0.000128000", - "frame.time_relative": "1761.311142000", - "frame.number": "6822", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000bc67", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000fc21", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47601", - "tcp.dstport": "80", - "tcp.port": "47601", - "tcp.port": "80", - "tcp.stream": "270", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000a99f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6819", - "tcp.analysis.ack_rtt": "0.003546000", - "tcp.analysis.initial_rtt": "0.004199000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:52.772835000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495352.772835000", - "frame.time_delta": "0.001007000", - "frame.time_delta_displayed": "0.001007000", - "frame.time_relative": "1761.312149000", - "frame.number": "6823", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000bc68", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000fc20", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47601", - "tcp.dstport": "80", - "tcp.port": "47601", - "tcp.port": "80", - "tcp.stream": "270", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000a99e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:52.772963000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495352.772963000", - "frame.time_delta": "0.000128000", - "frame.time_delta_displayed": "0.000128000", - "frame.time_relative": "1761.312277000", - "frame.number": "6824", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000bc69", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000fc13", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47601", - "tcp.dstport": "80", - "tcp.port": "47601", - "tcp.port": "80", - "tcp.stream": "270", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "1014", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000f7b5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:05:0a:6b:80:50:76:6b:80:54:5a", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "SACK: 18-1014": { - "tcp.option_kind": "5", - "tcp.option_len": "10", - "tcp.options.sack": "1", - "tcp.options.sack_le": "18", - "tcp.options.sack_re": "1014", - "tcp.options.sack.count": "1" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004199000", - "tcp.analysis.flags": { - "tcp.analysis.duplicate_ack": "" - }, - "tcp.analysis.duplicate_ack_num": "1", - "tcp.analysis.duplicate_ack_frame": "6822", - "tcp.analysis.duplicate_ack_frame_tree": { - "_ws.expert": { - "tcp.analysis.duplicate_ack": "", - "_ws.expert.message": "Duplicate ACK (#1)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:52.773299000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495352.773299000", - "frame.time_delta": "0.000336000", - "frame.time_delta_displayed": "0.000336000", - "frame.time_relative": "1761.312613000", - "frame.number": "6825", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000015fa", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a28f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47601", - "tcp.port": "80", - "tcp.port": "47601", - "tcp.stream": "270", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00009c34", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6823", - "tcp.analysis.ack_rtt": "0.000464000", - "tcp.analysis.initial_rtt": "0.004199000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:52.777806000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495352.777806000", - "frame.time_delta": "0.004507000", - "frame.time_delta_displayed": "0.004507000", - "frame.time_relative": "1761.317120000", - "frame.number": "6826", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002393", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000094f6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47601", - "tcp.dstport": "80", - "tcp.port": "47601", - "tcp.port": "80", - "tcp.stream": "270", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00006ae3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:52.798680000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495352.798680000", - "frame.time_delta": "0.020874000", - "frame.time_delta_displayed": "0.020874000", - "frame.time_relative": "1761.337994000", - "frame.number": "6827", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000568e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000060d0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "272", - "http.prev_response_in": "6809" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:52.806525000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495352.806525000", - "frame.time_delta": "0.007845000", - "frame.time_delta_displayed": "0.007845000", - "frame.time_relative": "1761.345839000", - "frame.number": "6828", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x00005efd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005978", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47602", - "tcp.dstport": "80", - "tcp.port": "47602", - "tcp.port": "80", - "tcp.stream": "271", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x0000bfab", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:82:6f:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 950895, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "950895", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:52.807067000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495352.807067000", - "frame.time_delta": "0.000542000", - "frame.time_delta_displayed": "0.000542000", - "frame.time_relative": "1761.346381000", - "frame.number": "6829", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47602", - "tcp.port": "80", - "tcp.port": "47602", - "tcp.stream": "271", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00003ba3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "6828", - "tcp.analysis.ack_rtt": "0.000542000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:52.821825000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495352.821825000", - "frame.time_delta": "0.014758000", - "frame.time_delta_displayed": "0.014758000", - "frame.time_relative": "1761.361139000", - "frame.number": "6830", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005efe", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000598b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47602", - "tcp.dstport": "80", - "tcp.port": "47602", - "tcp.port": "80", - "tcp.stream": "271", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000ed2a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6829", - "tcp.analysis.ack_rtt": "0.014758000", - "tcp.analysis.initial_rtt": "0.015300000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:52.821877000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495352.821877000", - "frame.time_delta": "0.000052000", - "frame.time_delta_displayed": "0.000052000", - "frame.time_relative": "1761.361191000", - "frame.number": "6831", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x00005eff", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000058ca", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47602", - "tcp.dstport": "80", - "tcp.port": "47602", - "tcp.port": "80", - "tcp.stream": "271", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00004ca5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.015300000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:52.822420000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495352.822420000", - "frame.time_delta": "0.000543000", - "frame.time_delta_displayed": "0.000543000", - "frame.time_relative": "1761.361734000", - "frame.number": "6832", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d34b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e53d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47602", - "tcp.port": "80", - "tcp.port": "47602", - "tcp.stream": "271", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000def9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6831", - "tcp.analysis.ack_rtt": "0.000543000", - "tcp.analysis.initial_rtt": "0.015300000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:52.823146000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495352.823146000", - "frame.time_delta": "0.000726000", - "frame.time_delta_displayed": "0.000726000", - "frame.time_relative": "1761.362460000", - "frame.number": "6833", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000d34c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e52b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47602", - "tcp.port": "80", - "tcp.port": "47602", - "tcp.stream": "271", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00001f1b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.015300000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:52.823590000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495352.823590000", - "frame.time_delta": "0.000444000", - "frame.time_delta_displayed": "0.000444000", - "frame.time_relative": "1761.362904000", - "frame.number": "6834", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000d34d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e158", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47602", - "tcp.port": "80", - "tcp.port": "47602", - "tcp.stream": "271", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00007184", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.015300000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "6833", - "tcp.segment": "6834", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001713000", - "http.request_in": "6831", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:52.827418000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495352.827418000", - "frame.time_delta": "0.003828000", - "frame.time_delta_displayed": "0.003828000", - "frame.time_relative": "1761.366732000", - "frame.number": "6835", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005f00", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005989", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47602", - "tcp.dstport": "80", - "tcp.port": "47602", - "tcp.port": "80", - "tcp.stream": "271", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000ec59", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6833", - "tcp.analysis.ack_rtt": "0.004272000", - "tcp.analysis.initial_rtt": "0.015300000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:52.827849000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495352.827849000", - "frame.time_delta": "0.000431000", - "frame.time_delta_displayed": "0.000431000", - "frame.time_relative": "1761.367163000", - "frame.number": "6836", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005f01", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005988", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47602", - "tcp.dstport": "80", - "tcp.port": "47602", - "tcp.port": "80", - "tcp.stream": "271", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000e86e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6834", - "tcp.analysis.ack_rtt": "0.004259000", - "tcp.analysis.initial_rtt": "0.015300000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:52.831183000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495352.831183000", - "frame.time_delta": "0.003334000", - "frame.time_delta_displayed": "0.003334000", - "frame.time_relative": "1761.370497000", - "frame.number": "6837", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005f02", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005987", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47602", - "tcp.dstport": "80", - "tcp.port": "47602", - "tcp.port": "80", - "tcp.stream": "271", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000e86d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:52.831652000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495352.831652000", - "frame.time_delta": "0.000469000", - "frame.time_delta_displayed": "0.000469000", - "frame.time_relative": "1761.370966000", - "frame.number": "6838", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000015fc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a28d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47602", - "tcp.port": "80", - "tcp.port": "47602", - "tcp.stream": "271", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000db03", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6837", - "tcp.analysis.ack_rtt": "0.000469000", - "tcp.analysis.initial_rtt": "0.015300000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:52.835285000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495352.835285000", - "frame.time_delta": "0.003633000", - "frame.time_delta_displayed": "0.003633000", - "frame.time_relative": "1761.374599000", - "frame.number": "6839", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002395", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000094f4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47602", - "tcp.dstport": "80", - "tcp.port": "47602", - "tcp.port": "80", - "tcp.stream": "271", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000a948", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:53.639838000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495353.639838000", - "frame.time_delta": "0.804553000", - "frame.time_delta_displayed": "0.804553000", - "frame.time_relative": "1762.179152000", - "frame.number": "6840", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000569d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000060c4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "273", - "http.prev_response_in": "6827" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:53.664765000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495353.664765000", - "frame.time_delta": "0.024927000", - "frame.time_delta_displayed": "0.024927000", - "frame.time_relative": "1762.204079000", - "frame.number": "6841", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x0000b713", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000162", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47603", - "tcp.dstport": "80", - "tcp.port": "47603", - "tcp.port": "80", - "tcp.stream": "272", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x00002156", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:82:c5:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 950981, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "950981", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:53.665333000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495353.665333000", - "frame.time_delta": "0.000568000", - "frame.time_delta_displayed": "0.000568000", - "frame.time_relative": "1762.204647000", - "frame.number": "6842", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47603", - "tcp.port": "80", - "tcp.port": "47603", - "tcp.stream": "272", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000eed9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "6841", - "tcp.analysis.ack_rtt": "0.000568000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:53.669668000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495353.669668000", - "frame.time_delta": "0.004335000", - "frame.time_delta_displayed": "0.004335000", - "frame.time_relative": "1762.208982000", - "frame.number": "6843", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000b714", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000175", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47603", - "tcp.dstport": "80", - "tcp.port": "47603", - "tcp.port": "80", - "tcp.stream": "272", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000a061", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6842", - "tcp.analysis.ack_rtt": "0.004335000", - "tcp.analysis.initial_rtt": "0.004903000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:53.670205000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495353.670205000", - "frame.time_delta": "0.000537000", - "frame.time_delta_displayed": "0.000537000", - "frame.time_relative": "1762.209519000", - "frame.number": "6844", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x0000b715", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000000b4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47603", - "tcp.dstport": "80", - "tcp.port": "47603", - "tcp.port": "80", - "tcp.stream": "272", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000ffdb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004903000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:53.670691000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495353.670691000", - "frame.time_delta": "0.000486000", - "frame.time_delta_displayed": "0.000486000", - "frame.time_relative": "1762.210005000", - "frame.number": "6845", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000f251", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000c637", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47603", - "tcp.port": "80", - "tcp.port": "47603", - "tcp.stream": "272", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00009230", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6844", - "tcp.analysis.ack_rtt": "0.000486000", - "tcp.analysis.initial_rtt": "0.004903000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:53.671448000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495353.671448000", - "frame.time_delta": "0.000757000", - "frame.time_delta_displayed": "0.000757000", - "frame.time_relative": "1762.210762000", - "frame.number": "6846", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000f252", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000c625", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47603", - "tcp.port": "80", - "tcp.port": "47603", - "tcp.stream": "272", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000d251", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004903000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:53.671825000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495353.671825000", - "frame.time_delta": "0.000377000", - "frame.time_delta_displayed": "0.000377000", - "frame.time_relative": "1762.211139000", - "frame.number": "6847", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000f253", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000c252", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47603", - "tcp.port": "80", - "tcp.port": "47603", - "tcp.stream": "272", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000024bb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004903000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "6846", - "tcp.segment": "6847", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001620000", - "http.request_in": "6844", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:53.675943000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495353.675943000", - "frame.time_delta": "0.004118000", - "frame.time_delta_displayed": "0.004118000", - "frame.time_relative": "1762.215257000", - "frame.number": "6848", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000b716", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000173", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47603", - "tcp.dstport": "80", - "tcp.port": "47603", - "tcp.port": "80", - "tcp.stream": "272", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00009f90", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6846", - "tcp.analysis.ack_rtt": "0.004495000", - "tcp.analysis.initial_rtt": "0.004903000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:53.679706000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495353.679706000", - "frame.time_delta": "0.003763000", - "frame.time_delta_displayed": "0.003763000", - "frame.time_relative": "1762.219020000", - "frame.number": "6849", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000b717", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000172", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47603", - "tcp.dstport": "80", - "tcp.port": "47603", - "tcp.port": "80", - "tcp.stream": "272", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00009ba5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6847", - "tcp.analysis.ack_rtt": "0.007881000", - "tcp.analysis.initial_rtt": "0.004903000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:53.682711000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495353.682711000", - "frame.time_delta": "0.003005000", - "frame.time_delta_displayed": "0.003005000", - "frame.time_relative": "1762.222025000", - "frame.number": "6850", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000b718", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000171", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47603", - "tcp.dstport": "80", - "tcp.port": "47603", - "tcp.port": "80", - "tcp.stream": "272", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00009ba4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:53.683210000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495353.683210000", - "frame.time_delta": "0.000499000", - "frame.time_delta_displayed": "0.000499000", - "frame.time_relative": "1762.222524000", - "frame.number": "6851", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001627", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a262", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47603", - "tcp.port": "80", - "tcp.port": "47603", - "tcp.stream": "272", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00008e3a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6850", - "tcp.analysis.ack_rtt": "0.000499000", - "tcp.analysis.initial_rtt": "0.004903000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:53.687094000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495353.687094000", - "frame.time_delta": "0.003884000", - "frame.time_delta_displayed": "0.003884000", - "frame.time_relative": "1762.226408000", - "frame.number": "6852", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000023aa", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000094df", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47603", - "tcp.dstport": "80", - "tcp.port": "47603", - "tcp.port": "80", - "tcp.stream": "272", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00000b49", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:53.693313000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495353.693313000", - "frame.time_delta": "0.006219000", - "frame.time_delta_displayed": "0.006219000", - "frame.time_relative": "1762.232627000", - "frame.number": "6853", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000569e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000060ba", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "274", - "http.prev_response_in": "6840" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:53.699736000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495353.699736000", - "frame.time_delta": "0.006423000", - "frame.time_delta_displayed": "0.006423000", - "frame.time_relative": "1762.239050000", - "frame.number": "6854", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x000017ec", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a089", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47604", - "tcp.dstport": "80", - "tcp.port": "47604", - "tcp.port": "80", - "tcp.stream": "273", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x0000a104", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:82:c8:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 950984, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "950984", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:53.700267000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495353.700267000", - "frame.time_delta": "0.000531000", - "frame.time_delta_displayed": "0.000531000", - "frame.time_relative": "1762.239581000", - "frame.number": "6855", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47604", - "tcp.port": "80", - "tcp.port": "47604", - "tcp.stream": "273", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00002d03", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "6854", - "tcp.analysis.ack_rtt": "0.000531000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:53.703707000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495353.703707000", - "frame.time_delta": "0.003440000", - "frame.time_delta_displayed": "0.003440000", - "frame.time_relative": "1762.243021000", - "frame.number": "6856", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000017ed", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a09c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47604", - "tcp.dstport": "80", - "tcp.port": "47604", - "tcp.port": "80", - "tcp.stream": "273", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000de8a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6855", - "tcp.analysis.ack_rtt": "0.003440000", - "tcp.analysis.initial_rtt": "0.003971000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:53.705284000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495353.705284000", - "frame.time_delta": "0.001577000", - "frame.time_delta_displayed": "0.001577000", - "frame.time_relative": "1762.244598000", - "frame.number": "6857", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x000017ee", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009fdb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47604", - "tcp.dstport": "80", - "tcp.port": "47604", - "tcp.port": "80", - "tcp.stream": "273", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00003e05", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003971000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:53.705778000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495353.705778000", - "frame.time_delta": "0.000494000", - "frame.time_delta_displayed": "0.000494000", - "frame.time_relative": "1762.245092000", - "frame.number": "6858", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00003ee3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000079a6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47604", - "tcp.port": "80", - "tcp.port": "47604", - "tcp.stream": "273", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000d059", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6857", - "tcp.analysis.ack_rtt": "0.000494000", - "tcp.analysis.initial_rtt": "0.003971000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:53.706427000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495353.706427000", - "frame.time_delta": "0.000649000", - "frame.time_delta_displayed": "0.000649000", - "frame.time_relative": "1762.245741000", - "frame.number": "6859", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00003ee4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007994", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47604", - "tcp.port": "80", - "tcp.port": "47604", - "tcp.stream": "273", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000107b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003971000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:53.706779000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495353.706779000", - "frame.time_delta": "0.000352000", - "frame.time_delta_displayed": "0.000352000", - "frame.time_relative": "1762.246093000", - "frame.number": "6860", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00003ee5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000075c1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47604", - "tcp.port": "80", - "tcp.port": "47604", - "tcp.stream": "273", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000062e4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003971000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "6859", - "tcp.segment": "6860", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001495000", - "http.request_in": "6857", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:53.708854000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495353.708854000", - "frame.time_delta": "0.002075000", - "frame.time_delta_displayed": "0.002075000", - "frame.time_relative": "1762.248168000", - "frame.number": "6861", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00003ee6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000075c0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47604", - "tcp.port": "80", - "tcp.port": "47604", - "tcp.stream": "273", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000062e4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003971000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.out_of_order": "", - "_ws.expert.message": "This frame is a (suspected) out-of-order segment", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - } - } - }, - "_ws.malformed": { - "_ws.expert": { - "_ws.malformed.reassembly": "", - "_ws.expert.message": "New fragment overlaps old data (retransmission?)", - "_ws.expert.severity": "8388608", - "_ws.expert.group": "117440512" - }, - "_ws.malformed": "Malformed Packet" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:53.715634000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495353.715634000", - "frame.time_delta": "0.006780000", - "frame.time_delta_displayed": "0.006780000", - "frame.time_relative": "1762.254948000", - "frame.number": "6862", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000017ef", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a09a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47604", - "tcp.dstport": "80", - "tcp.port": "47604", - "tcp.port": "80", - "tcp.stream": "273", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000ddb9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6859", - "tcp.analysis.ack_rtt": "0.009207000", - "tcp.analysis.initial_rtt": "0.003971000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:53.715682000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495353.715682000", - "frame.time_delta": "0.000048000", - "frame.time_delta_displayed": "0.000048000", - "frame.time_relative": "1762.254996000", - "frame.number": "6863", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000017f0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a099", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47604", - "tcp.dstport": "80", - "tcp.port": "47604", - "tcp.port": "80", - "tcp.stream": "273", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000d9ce", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6860", - "tcp.analysis.ack_rtt": "0.008903000", - "tcp.analysis.initial_rtt": "0.003971000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:53.716667000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495353.716667000", - "frame.time_delta": "0.000985000", - "frame.time_delta_displayed": "0.000985000", - "frame.time_relative": "1762.255981000", - "frame.number": "6864", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000017f1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a098", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47604", - "tcp.dstport": "80", - "tcp.port": "47604", - "tcp.port": "80", - "tcp.stream": "273", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000d9cd", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:53.717146000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495353.717146000", - "frame.time_delta": "0.000479000", - "frame.time_delta_displayed": "0.000479000", - "frame.time_relative": "1762.256460000", - "frame.number": "6865", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000162a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a25f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47604", - "tcp.port": "80", - "tcp.port": "47604", - "tcp.stream": "273", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000cc63", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6864", - "tcp.analysis.ack_rtt": "0.000479000", - "tcp.analysis.initial_rtt": "0.003971000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:53.721099000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495353.721099000", - "frame.time_delta": "0.003953000", - "frame.time_delta_displayed": "0.003953000", - "frame.time_relative": "1762.260413000", - "frame.number": "6866", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000023ac", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000094dd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47604", - "tcp.dstport": "80", - "tcp.port": "47604", - "tcp.port": "80", - "tcp.stream": "273", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00008afb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:53.725120000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495353.725120000", - "frame.time_delta": "0.004021000", - "frame.time_delta_displayed": "0.004021000", - "frame.time_relative": "1762.264434000", - "frame.number": "6867", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000023ad", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000094dc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47604", - "tcp.dstport": "80", - "tcp.port": "47604", - "tcp.port": "80", - "tcp.stream": "273", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00008afa", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:53.746146000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495353.746146000", - "frame.time_delta": "0.021026000", - "frame.time_delta_displayed": "0.021026000", - "frame.time_relative": "1762.285460000", - "frame.number": "6868", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x000056a0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000060be", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "275", - "http.prev_response_in": "6853" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:53.755573000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495353.755573000", - "frame.time_delta": "0.009427000", - "frame.time_delta_displayed": "0.009427000", - "frame.time_relative": "1762.294887000", - "frame.number": "6869", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x0000d107", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e76d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47605", - "tcp.dstport": "80", - "tcp.port": "47605", - "tcp.port": "80", - "tcp.stream": "274", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x00005e95", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:82:ce:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 950990, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "950990", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:53.756109000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495353.756109000", - "frame.time_delta": "0.000536000", - "frame.time_delta_displayed": "0.000536000", - "frame.time_relative": "1762.295423000", - "frame.number": "6870", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47605", - "tcp.port": "80", - "tcp.port": "47605", - "tcp.stream": "274", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000e7c5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "6869", - "tcp.analysis.ack_rtt": "0.000536000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:53.760030000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495353.760030000", - "frame.time_delta": "0.003921000", - "frame.time_delta_displayed": "0.003921000", - "frame.time_relative": "1762.299344000", - "frame.number": "6871", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d108", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e780", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47605", - "tcp.dstport": "80", - "tcp.port": "47605", - "tcp.port": "80", - "tcp.stream": "274", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000994d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6870", - "tcp.analysis.ack_rtt": "0.003921000", - "tcp.analysis.initial_rtt": "0.004457000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:53.761053000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495353.761053000", - "frame.time_delta": "0.001023000", - "frame.time_delta_displayed": "0.001023000", - "frame.time_relative": "1762.300367000", - "frame.number": "6872", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x0000d109", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e6bf", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47605", - "tcp.dstport": "80", - "tcp.port": "47605", - "tcp.port": "80", - "tcp.stream": "274", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000f8c7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004457000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:53.761559000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495353.761559000", - "frame.time_delta": "0.000506000", - "frame.time_delta_displayed": "0.000506000", - "frame.time_relative": "1762.300873000", - "frame.number": "6873", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00003f74", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007915", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47605", - "tcp.port": "80", - "tcp.port": "47605", - "tcp.stream": "274", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00008b1c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6872", - "tcp.analysis.ack_rtt": "0.000506000", - "tcp.analysis.initial_rtt": "0.004457000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:53.762226000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495353.762226000", - "frame.time_delta": "0.000667000", - "frame.time_delta_displayed": "0.000667000", - "frame.time_relative": "1762.301540000", - "frame.number": "6874", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00003f75", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007903", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47605", - "tcp.port": "80", - "tcp.port": "47605", - "tcp.stream": "274", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000cb3d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004457000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:53.762601000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495353.762601000", - "frame.time_delta": "0.000375000", - "frame.time_delta_displayed": "0.000375000", - "frame.time_relative": "1762.301915000", - "frame.number": "6875", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00003f76", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007530", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47605", - "tcp.port": "80", - "tcp.port": "47605", - "tcp.stream": "274", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00001da7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004457000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "6874", - "tcp.segment": "6875", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001548000", - "http.request_in": "6872", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:53.769630000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495353.769630000", - "frame.time_delta": "0.007029000", - "frame.time_delta_displayed": "0.007029000", - "frame.time_relative": "1762.308944000", - "frame.number": "6876", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d10a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e77e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47605", - "tcp.dstport": "80", - "tcp.port": "47605", - "tcp.port": "80", - "tcp.stream": "274", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000987c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6874", - "tcp.analysis.ack_rtt": "0.007404000", - "tcp.analysis.initial_rtt": "0.004457000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:53.978874000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495353.978874000", - "frame.time_delta": "0.209244000", - "frame.time_delta_displayed": "0.209244000", - "frame.time_relative": "1762.518188000", - "frame.number": "6877", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00003f77", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000752f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47605", - "tcp.port": "80", - "tcp.port": "47605", - "tcp.stream": "274", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00001da7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004457000", - "tcp.analysis.bytes_in_flight": "996", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.retransmission": "", - "_ws.expert.message": "This frame is a (suspected) retransmission", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - }, - "tcp.analysis.rto": "0.216273000", - "tcp.analysis.rto_frame": "6875" - } - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:54.049657000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495354.049657000", - "frame.time_delta": "0.070783000", - "frame.time_delta_displayed": "0.070783000", - "frame.time_relative": "1762.588971000", - "frame.number": "6878", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d10b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e77d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47605", - "tcp.dstport": "80", - "tcp.port": "47605", - "tcp.port": "80", - "tcp.stream": "274", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00009491", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6875", - "tcp.analysis.ack_rtt": "0.287056000", - "tcp.analysis.initial_rtt": "0.004457000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:54.049711000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495354.049711000", - "frame.time_delta": "0.000054000", - "frame.time_delta_displayed": "0.000054000", - "frame.time_relative": "1762.589025000", - "frame.number": "6879", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000d10c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e770", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47605", - "tcp.dstport": "80", - "tcp.port": "47605", - "tcp.port": "80", - "tcp.stream": "274", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000fd30", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:05:0a:92:3f:1c:73:92:3f:20:57", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "SACK: 18-1014": { - "tcp.option_kind": "5", - "tcp.option_len": "10", - "tcp.options.sack": "1", - "tcp.options.sack_le": "18", - "tcp.options.sack_re": "1014", - "tcp.options.sack.count": "1" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004457000", - "tcp.analysis.flags": { - "tcp.analysis.duplicate_ack": "" - }, - "tcp.analysis.duplicate_ack_num": "1", - "tcp.analysis.duplicate_ack_frame": "6878", - "tcp.analysis.duplicate_ack_frame_tree": { - "_ws.expert": { - "tcp.analysis.duplicate_ack": "", - "_ws.expert.message": "Duplicate ACK (#1)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:54.050377000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495354.050377000", - "frame.time_delta": "0.000666000", - "frame.time_delta_displayed": "0.000666000", - "frame.time_relative": "1762.589691000", - "frame.number": "6880", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d10d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e77b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47605", - "tcp.dstport": "80", - "tcp.port": "47605", - "tcp.port": "80", - "tcp.stream": "274", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00009490", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:54.050802000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495354.050802000", - "frame.time_delta": "0.000425000", - "frame.time_delta_displayed": "0.000425000", - "frame.time_relative": "1762.590116000", - "frame.number": "6881", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001639", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a250", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47605", - "tcp.port": "80", - "tcp.port": "47605", - "tcp.stream": "274", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00008726", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6880", - "tcp.analysis.ack_rtt": "0.000425000", - "tcp.analysis.initial_rtt": "0.004457000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:54.054936000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495354.054936000", - "frame.time_delta": "0.004134000", - "frame.time_delta_displayed": "0.004134000", - "frame.time_relative": "1762.594250000", - "frame.number": "6882", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000023c6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000094c3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47605", - "tcp.dstport": "80", - "tcp.port": "47605", - "tcp.port": "80", - "tcp.stream": "274", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00004891", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:54.694469000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495354.694469000", - "frame.time_delta": "0.639533000", - "frame.time_delta_displayed": "0.639533000", - "frame.time_relative": "1763.233783000", - "frame.number": "6883", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x000056f5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000606c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "276", - "http.prev_response_in": "6868" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:54.747299000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495354.747299000", - "frame.time_delta": "0.052830000", - "frame.time_delta_displayed": "0.052830000", - "frame.time_relative": "1763.286613000", - "frame.number": "6884", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x000056f9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000605f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "277", - "http.prev_response_in": "6883" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:54.775435000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495354.775435000", - "frame.time_delta": "0.028136000", - "frame.time_delta_displayed": "0.028136000", - "frame.time_relative": "1763.314749000", - "frame.number": "6885", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x00002eb8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000089bd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47606", - "tcp.dstport": "80", - "tcp.port": "47606", - "tcp.port": "80", - "tcp.stream": "275", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x000009fc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:83:34:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 951092, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "951092", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:54.775989000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495354.775989000", - "frame.time_delta": "0.000554000", - "frame.time_delta_displayed": "0.000554000", - "frame.time_relative": "1763.315303000", - "frame.number": "6886", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47606", - "tcp.port": "80", - "tcp.port": "47606", - "tcp.stream": "275", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000862d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "6885", - "tcp.analysis.ack_rtt": "0.000554000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:54.781727000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495354.781727000", - "frame.time_delta": "0.005738000", - "frame.time_delta_displayed": "0.005738000", - "frame.time_relative": "1763.321041000", - "frame.number": "6887", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002eb9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000089d0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47606", - "tcp.dstport": "80", - "tcp.port": "47606", - "tcp.port": "80", - "tcp.stream": "275", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000037b5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6886", - "tcp.analysis.ack_rtt": "0.005738000", - "tcp.analysis.initial_rtt": "0.006292000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:54.782200000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495354.782200000", - "frame.time_delta": "0.000473000", - "frame.time_delta_displayed": "0.000473000", - "frame.time_relative": "1763.321514000", - "frame.number": "6888", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x00002eba", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000890f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47606", - "tcp.dstport": "80", - "tcp.port": "47606", - "tcp.port": "80", - "tcp.stream": "275", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000972f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.006292000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:54.782684000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495354.782684000", - "frame.time_delta": "0.000484000", - "frame.time_delta_displayed": "0.000484000", - "frame.time_relative": "1763.321998000", - "frame.number": "6889", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000cf9d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e8eb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47606", - "tcp.port": "80", - "tcp.port": "47606", - "tcp.stream": "275", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00002984", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6888", - "tcp.analysis.ack_rtt": "0.000484000", - "tcp.analysis.initial_rtt": "0.006292000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:54.783396000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495354.783396000", - "frame.time_delta": "0.000712000", - "frame.time_delta_displayed": "0.000712000", - "frame.time_relative": "1763.322710000", - "frame.number": "6890", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000cf9e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e8d9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47606", - "tcp.port": "80", - "tcp.port": "47606", - "tcp.stream": "275", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000069a5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.006292000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:54.783751000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495354.783751000", - "frame.time_delta": "0.000355000", - "frame.time_delta_displayed": "0.000355000", - "frame.time_relative": "1763.323065000", - "frame.number": "6891", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000cf9f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e506", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47606", - "tcp.port": "80", - "tcp.port": "47606", - "tcp.stream": "275", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000bc0e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.006292000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "6890", - "tcp.segment": "6891", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001551000", - "http.request_in": "6888", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:54.788358000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495354.788358000", - "frame.time_delta": "0.004607000", - "frame.time_delta_displayed": "0.004607000", - "frame.time_relative": "1763.327672000", - "frame.number": "6892", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002ebb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000089ce", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47606", - "tcp.dstport": "80", - "tcp.port": "47606", - "tcp.port": "80", - "tcp.stream": "275", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000036e4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6890", - "tcp.analysis.ack_rtt": "0.004962000", - "tcp.analysis.initial_rtt": "0.006292000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:54.788404000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495354.788404000", - "frame.time_delta": "0.000046000", - "frame.time_delta_displayed": "0.000046000", - "frame.time_relative": "1763.327718000", - "frame.number": "6893", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002ebc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000089cd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47606", - "tcp.dstport": "80", - "tcp.port": "47606", - "tcp.port": "80", - "tcp.stream": "275", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000032f9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6891", - "tcp.analysis.ack_rtt": "0.004653000", - "tcp.analysis.initial_rtt": "0.006292000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:54.791919000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495354.791919000", - "frame.time_delta": "0.003515000", - "frame.time_delta_displayed": "0.003515000", - "frame.time_relative": "1763.331233000", - "frame.number": "6894", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002ebd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000089cc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47606", - "tcp.dstport": "80", - "tcp.port": "47606", - "tcp.port": "80", - "tcp.stream": "275", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000032f8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:54.792382000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495354.792382000", - "frame.time_delta": "0.000463000", - "frame.time_delta_displayed": "0.000463000", - "frame.time_relative": "1763.331696000", - "frame.number": "6895", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001683", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a206", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47606", - "tcp.port": "80", - "tcp.port": "47606", - "tcp.stream": "275", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000258e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6894", - "tcp.analysis.ack_rtt": "0.000463000", - "tcp.analysis.initial_rtt": "0.006292000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:54.796619000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495354.796619000", - "frame.time_delta": "0.004237000", - "frame.time_delta_displayed": "0.004237000", - "frame.time_relative": "1763.335933000", - "frame.number": "6896", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000023d4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000094b5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47606", - "tcp.dstport": "80", - "tcp.port": "47606", - "tcp.port": "80", - "tcp.stream": "275", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000f45d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:54.800230000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495354.800230000", - "frame.time_delta": "0.003611000", - "frame.time_delta_displayed": "0.003611000", - "frame.time_relative": "1763.339544000", - "frame.number": "6897", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x000056fd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00006061", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "278", - "http.prev_response_in": "6884" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:54.818991000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495354.818991000", - "frame.time_delta": "0.018761000", - "frame.time_delta_displayed": "0.018761000", - "frame.time_relative": "1763.358305000", - "frame.number": "6898", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x000009eb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ae8a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47607", - "tcp.dstport": "80", - "tcp.port": "47607", - "tcp.port": "80", - "tcp.stream": "276", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x00007958", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:83:38:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 951096, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "951096", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:54.819546000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495354.819546000", - "frame.time_delta": "0.000555000", - "frame.time_delta_displayed": "0.000555000", - "frame.time_relative": "1763.358860000", - "frame.number": "6899", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47607", - "tcp.port": "80", - "tcp.port": "47607", - "tcp.stream": "276", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000842c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "6898", - "tcp.analysis.ack_rtt": "0.000555000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:54.824576000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495354.824576000", - "frame.time_delta": "0.005030000", - "frame.time_delta_displayed": "0.005030000", - "frame.time_relative": "1763.363890000", - "frame.number": "6900", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000009ec", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ae9d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47607", - "tcp.dstport": "80", - "tcp.port": "47607", - "tcp.port": "80", - "tcp.stream": "276", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000035b4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6899", - "tcp.analysis.ack_rtt": "0.005030000", - "tcp.analysis.initial_rtt": "0.005585000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:54.825744000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495354.825744000", - "frame.time_delta": "0.001168000", - "frame.time_delta_displayed": "0.001168000", - "frame.time_relative": "1763.365058000", - "frame.number": "6901", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x000009ed", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000addc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47607", - "tcp.dstport": "80", - "tcp.port": "47607", - "tcp.port": "80", - "tcp.stream": "276", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000952e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005585000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:54.826216000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495354.826216000", - "frame.time_delta": "0.000472000", - "frame.time_delta_displayed": "0.000472000", - "frame.time_relative": "1763.365530000", - "frame.number": "6902", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000dcc2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000dbc6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47607", - "tcp.port": "80", - "tcp.port": "47607", - "tcp.stream": "276", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00002783", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6901", - "tcp.analysis.ack_rtt": "0.000472000", - "tcp.analysis.initial_rtt": "0.005585000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:54.826901000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495354.826901000", - "frame.time_delta": "0.000685000", - "frame.time_delta_displayed": "0.000685000", - "frame.time_relative": "1763.366215000", - "frame.number": "6903", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000dcc3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000dbb4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47607", - "tcp.port": "80", - "tcp.port": "47607", - "tcp.stream": "276", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000067a4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005585000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:54.827276000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495354.827276000", - "frame.time_delta": "0.000375000", - "frame.time_delta_displayed": "0.000375000", - "frame.time_relative": "1763.366590000", - "frame.number": "6904", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000dcc4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d7e1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47607", - "tcp.port": "80", - "tcp.port": "47607", - "tcp.stream": "276", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000ba0d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005585000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "6903", - "tcp.segment": "6904", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001532000", - "http.request_in": "6901", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:54.828854000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495354.828854000", - "frame.time_delta": "0.001578000", - "frame.time_delta_displayed": "0.001578000", - "frame.time_relative": "1763.368168000", - "frame.number": "6905", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000dcc5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d7e0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47607", - "tcp.port": "80", - "tcp.port": "47607", - "tcp.stream": "276", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000ba0d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005585000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.out_of_order": "", - "_ws.expert.message": "This frame is a (suspected) out-of-order segment", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - } - } - }, - "_ws.malformed": { - "_ws.expert": { - "_ws.malformed.reassembly": "", - "_ws.expert.message": "New fragment overlaps old data (retransmission?)", - "_ws.expert.severity": "8388608", - "_ws.expert.group": "117440512" - }, - "_ws.malformed": "Malformed Packet" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:54.833626000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495354.833626000", - "frame.time_delta": "0.004772000", - "frame.time_delta_displayed": "0.004772000", - "frame.time_relative": "1763.372940000", - "frame.number": "6906", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000009ee", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ae9b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47607", - "tcp.dstport": "80", - "tcp.port": "47607", - "tcp.port": "80", - "tcp.stream": "276", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000034e3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6903", - "tcp.analysis.ack_rtt": "0.006725000", - "tcp.analysis.initial_rtt": "0.005585000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:54.833673000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495354.833673000", - "frame.time_delta": "0.000047000", - "frame.time_delta_displayed": "0.000047000", - "frame.time_relative": "1763.372987000", - "frame.number": "6907", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000009ef", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ae9a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47607", - "tcp.dstport": "80", - "tcp.port": "47607", - "tcp.port": "80", - "tcp.stream": "276", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000030f8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6904", - "tcp.analysis.ack_rtt": "0.006397000", - "tcp.analysis.initial_rtt": "0.005585000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:54.834813000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495354.834813000", - "frame.time_delta": "0.001140000", - "frame.time_delta_displayed": "0.001140000", - "frame.time_relative": "1763.374127000", - "frame.number": "6908", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x000009f0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ae8d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47607", - "tcp.dstport": "80", - "tcp.port": "47607", - "tcp.port": "80", - "tcp.stream": "276", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00009c0a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:05:0a:2e:25:ff:53:2e:26:03:37", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "SACK: 18-1014": { - "tcp.option_kind": "5", - "tcp.option_len": "10", - "tcp.options.sack": "1", - "tcp.options.sack_le": "18", - "tcp.options.sack_re": "1014", - "tcp.options.sack.count": "1" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005585000", - "tcp.analysis.flags": { - "tcp.analysis.duplicate_ack": "" - }, - "tcp.analysis.duplicate_ack_num": "1", - "tcp.analysis.duplicate_ack_frame": "6907", - "tcp.analysis.duplicate_ack_frame_tree": { - "_ws.expert": { - "tcp.analysis.duplicate_ack": "", - "_ws.expert.message": "Duplicate ACK (#1)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:54.834853000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495354.834853000", - "frame.time_delta": "0.000040000", - "frame.time_delta_displayed": "0.000040000", - "frame.time_relative": "1763.374167000", - "frame.number": "6909", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000009f1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ae98", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47607", - "tcp.dstport": "80", - "tcp.port": "47607", - "tcp.port": "80", - "tcp.stream": "276", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000030f7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:54.835284000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495354.835284000", - "frame.time_delta": "0.000431000", - "frame.time_delta_displayed": "0.000431000", - "frame.time_relative": "1763.374598000", - "frame.number": "6910", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001687", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a202", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47607", - "tcp.port": "80", - "tcp.port": "47607", - "tcp.stream": "276", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000238d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6909", - "tcp.analysis.ack_rtt": "0.000431000", - "tcp.analysis.initial_rtt": "0.005585000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:54.839652000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495354.839652000", - "frame.time_delta": "0.004368000", - "frame.time_delta_displayed": "0.004368000", - "frame.time_relative": "1763.378966000", - "frame.number": "6911", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000023d5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000094b4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47607", - "tcp.dstport": "80", - "tcp.port": "47607", - "tcp.port": "80", - "tcp.stream": "276", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000063be", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:55.165290000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495355.165290000", - "frame.time_delta": "0.325638000", - "frame.time_delta_displayed": "0.325638000", - "frame.time_relative": "1763.704604000", - "frame.number": "6912", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", - "arp.src.proto_ipv4": "192.168.0.114", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:55.169005000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495355.169005000", - "frame.time_delta": "0.003715000", - "frame.time_delta_displayed": "0.003715000", - "frame.time_relative": "1763.708319000", - "frame.number": "6913", - "frame.len": "103", - "frame.cap_len": "103", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "89", - "ip.id": "0x00005806", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00008193", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "69", - "udp.checksum": "0x00000f59", - "udp.checksum.status": "2", - "udp.stream": "38" - }, - "mdns": { - "dns.id": "0x00000003", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_FFACD959._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_FFACD959._sub._googlecast._tcp.local", - "dns.qry.name.len": "37", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:55.400132000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495355.400132000", - "frame.time_delta": "0.231127000", - "frame.time_delta_displayed": "0.231127000", - "frame.time_relative": "1763.939446000", - "frame.number": "6914", - "frame.len": "130", - "frame.cap_len": "130", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "116", - "ip.id": "0x00000b99", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ecf7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "96", - "udp.checksum": "0x0000de15", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "58:00:00:54:42:52:4b:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:00:04:6d:a8:03:07:ce:f2:14:6b:00:00:00:78:27:e3:e3:14:2e:34:21:00:00:00:00:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", - "data.len": "88" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:55.642813000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495355.642813000", - "frame.time_delta": "0.242681000", - "frame.time_delta_displayed": "0.242681000", - "frame.time_relative": "1764.182127000", - "frame.number": "6915", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00005701", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00006060", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "279", - "http.prev_response_in": "6897" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:55.653626000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495355.653626000", - "frame.time_delta": "0.010813000", - "frame.time_delta_displayed": "0.010813000", - "frame.time_relative": "1764.192940000", - "frame.number": "6916", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x0000106a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a80b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47608", - "tcp.dstport": "80", - "tcp.port": "47608", - "tcp.port": "80", - "tcp.stream": "277", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x000073af", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:83:8c:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 951180, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "951180", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:55.654232000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495355.654232000", - "frame.time_delta": "0.000606000", - "frame.time_delta_displayed": "0.000606000", - "frame.time_relative": "1764.193546000", - "frame.number": "6917", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47608", - "tcp.port": "80", - "tcp.port": "47608", - "tcp.stream": "277", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00008859", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "6916", - "tcp.analysis.ack_rtt": "0.000606000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:55.661377000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495355.661377000", - "frame.time_delta": "0.007145000", - "frame.time_delta_displayed": "0.007145000", - "frame.time_relative": "1764.200691000", - "frame.number": "6918", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000106b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a81e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47608", - "tcp.dstport": "80", - "tcp.port": "47608", - "tcp.port": "80", - "tcp.stream": "277", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000039e1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6917", - "tcp.analysis.ack_rtt": "0.007145000", - "tcp.analysis.initial_rtt": "0.007751000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:55.661838000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495355.661838000", - "frame.time_delta": "0.000461000", - "frame.time_delta_displayed": "0.000461000", - "frame.time_relative": "1764.201152000", - "frame.number": "6919", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x0000106c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a75d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47608", - "tcp.dstport": "80", - "tcp.port": "47608", - "tcp.port": "80", - "tcp.stream": "277", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000995b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.007751000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:55.662318000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495355.662318000", - "frame.time_delta": "0.000480000", - "frame.time_delta_displayed": "0.000480000", - "frame.time_relative": "1764.201632000", - "frame.number": "6920", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00006fc7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000048c2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47608", - "tcp.port": "80", - "tcp.port": "47608", - "tcp.stream": "277", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00002bb0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6919", - "tcp.analysis.ack_rtt": "0.000480000", - "tcp.analysis.initial_rtt": "0.007751000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:55.663047000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495355.663047000", - "frame.time_delta": "0.000729000", - "frame.time_delta_displayed": "0.000729000", - "frame.time_relative": "1764.202361000", - "frame.number": "6921", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00006fc8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000048b0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47608", - "tcp.port": "80", - "tcp.port": "47608", - "tcp.stream": "277", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00006bd1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.007751000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:55.663400000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495355.663400000", - "frame.time_delta": "0.000353000", - "frame.time_delta_displayed": "0.000353000", - "frame.time_relative": "1764.202714000", - "frame.number": "6922", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00006fc9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000044dd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47608", - "tcp.port": "80", - "tcp.port": "47608", - "tcp.stream": "277", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000be3a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.007751000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "6921", - "tcp.segment": "6922", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001562000", - "http.request_in": "6919", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:55.667948000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495355.667948000", - "frame.time_delta": "0.004548000", - "frame.time_delta_displayed": "0.004548000", - "frame.time_relative": "1764.207262000", - "frame.number": "6923", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000106d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a81c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47608", - "tcp.dstport": "80", - "tcp.port": "47608", - "tcp.port": "80", - "tcp.stream": "277", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00003910", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6921", - "tcp.analysis.ack_rtt": "0.004901000", - "tcp.analysis.initial_rtt": "0.007751000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:55.667991000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495355.667991000", - "frame.time_delta": "0.000043000", - "frame.time_delta_displayed": "0.000043000", - "frame.time_relative": "1764.207305000", - "frame.number": "6924", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000106e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a81b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47608", - "tcp.dstport": "80", - "tcp.port": "47608", - "tcp.port": "80", - "tcp.stream": "277", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00003525", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6922", - "tcp.analysis.ack_rtt": "0.004591000", - "tcp.analysis.initial_rtt": "0.007751000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:55.668892000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495355.668892000", - "frame.time_delta": "0.000901000", - "frame.time_delta_displayed": "0.000901000", - "frame.time_relative": "1764.208206000", - "frame.number": "6925", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000106f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a81a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47608", - "tcp.dstport": "80", - "tcp.port": "47608", - "tcp.port": "80", - "tcp.stream": "277", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00003524", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:55.669350000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495355.669350000", - "frame.time_delta": "0.000458000", - "frame.time_delta_displayed": "0.000458000", - "frame.time_relative": "1764.208664000", - "frame.number": "6926", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000016ca", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a1bf", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47608", - "tcp.port": "80", - "tcp.port": "47608", - "tcp.stream": "277", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000027ba", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6925", - "tcp.analysis.ack_rtt": "0.000458000", - "tcp.analysis.initial_rtt": "0.007751000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:55.671958000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495355.671958000", - "frame.time_delta": "0.002608000", - "frame.time_delta_displayed": "0.002608000", - "frame.time_relative": "1764.211272000", - "frame.number": "6927", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002400", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009489", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47608", - "tcp.dstport": "80", - "tcp.port": "47608", - "tcp.port": "80", - "tcp.stream": "277", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00005e69", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:55.695852000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495355.695852000", - "frame.time_delta": "0.023894000", - "frame.time_delta_displayed": "0.023894000", - "frame.time_relative": "1764.235166000", - "frame.number": "6928", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00005702", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00006056", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "280", - "http.prev_response_in": "6915" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:55.738096000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495355.738096000", - "frame.time_delta": "0.042244000", - "frame.time_delta_displayed": "0.042244000", - "frame.time_relative": "1764.277410000", - "frame.number": "6929", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x00003871", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008004", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47609", - "tcp.dstport": "80", - "tcp.port": "47609", - "tcp.port": "80", - "tcp.stream": "278", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x0000917f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:83:93:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 951187, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "951187", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:55.738647000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495355.738647000", - "frame.time_delta": "0.000551000", - "frame.time_delta_displayed": "0.000551000", - "frame.time_relative": "1764.277961000", - "frame.number": "6930", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47609", - "tcp.port": "80", - "tcp.port": "47609", - "tcp.stream": "278", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000af22", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "6929", - "tcp.analysis.ack_rtt": "0.000551000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:55.743187000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495355.743187000", - "frame.time_delta": "0.004540000", - "frame.time_delta_displayed": "0.004540000", - "frame.time_relative": "1764.282501000", - "frame.number": "6931", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00003872", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008017", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47609", - "tcp.dstport": "80", - "tcp.port": "47609", - "tcp.port": "80", - "tcp.stream": "278", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000060aa", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6930", - "tcp.analysis.ack_rtt": "0.004540000", - "tcp.analysis.initial_rtt": "0.005091000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:55.743239000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495355.743239000", - "frame.time_delta": "0.000052000", - "frame.time_delta_displayed": "0.000052000", - "frame.time_relative": "1764.282553000", - "frame.number": "6932", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x00003873", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007f56", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47609", - "tcp.dstport": "80", - "tcp.port": "47609", - "tcp.port": "80", - "tcp.stream": "278", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000c024", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005091000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:55.743765000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495355.743765000", - "frame.time_delta": "0.000526000", - "frame.time_delta_displayed": "0.000526000", - "frame.time_relative": "1764.283079000", - "frame.number": "6933", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00007c35", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003c54", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47609", - "tcp.port": "80", - "tcp.port": "47609", - "tcp.stream": "278", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00005279", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6932", - "tcp.analysis.ack_rtt": "0.000526000", - "tcp.analysis.initial_rtt": "0.005091000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:55.744521000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495355.744521000", - "frame.time_delta": "0.000756000", - "frame.time_delta_displayed": "0.000756000", - "frame.time_relative": "1764.283835000", - "frame.number": "6934", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00007c36", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003c42", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47609", - "tcp.port": "80", - "tcp.port": "47609", - "tcp.stream": "278", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000929a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005091000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:55.744878000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495355.744878000", - "frame.time_delta": "0.000357000", - "frame.time_delta_displayed": "0.000357000", - "frame.time_relative": "1764.284192000", - "frame.number": "6935", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00007c37", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000386f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47609", - "tcp.port": "80", - "tcp.port": "47609", - "tcp.stream": "278", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000e503", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005091000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "6934", - "tcp.segment": "6935", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001639000", - "http.request_in": "6932", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:55.748729000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495355.748729000", - "frame.time_delta": "0.003851000", - "frame.time_delta_displayed": "0.003851000", - "frame.time_relative": "1764.288043000", - "frame.number": "6936", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00005705", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00006059", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "281", - "http.prev_response_in": "6928" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:55.756853000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495355.756853000", - "frame.time_delta": "0.008124000", - "frame.time_delta_displayed": "0.008124000", - "frame.time_relative": "1764.296167000", - "frame.number": "6937", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00003874", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008015", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47609", - "tcp.dstport": "80", - "tcp.port": "47609", - "tcp.port": "80", - "tcp.stream": "278", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00005fd9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6934", - "tcp.analysis.ack_rtt": "0.012332000", - "tcp.analysis.initial_rtt": "0.005091000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:55.758572000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495355.758572000", - "frame.time_delta": "0.001719000", - "frame.time_delta_displayed": "0.001719000", - "frame.time_relative": "1764.297886000", - "frame.number": "6938", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00003875", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008014", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47609", - "tcp.dstport": "80", - "tcp.port": "47609", - "tcp.port": "80", - "tcp.stream": "278", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00005bee", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6935", - "tcp.analysis.ack_rtt": "0.013694000", - "tcp.analysis.initial_rtt": "0.005091000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:55.759285000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495355.759285000", - "frame.time_delta": "0.000713000", - "frame.time_delta_displayed": "0.000713000", - "frame.time_relative": "1764.298599000", - "frame.number": "6939", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00003876", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008013", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47609", - "tcp.dstport": "80", - "tcp.port": "47609", - "tcp.port": "80", - "tcp.stream": "278", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00005bed", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:55.759739000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495355.759739000", - "frame.time_delta": "0.000454000", - "frame.time_delta_displayed": "0.000454000", - "frame.time_relative": "1764.299053000", - "frame.number": "6940", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000016cd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a1bc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47609", - "tcp.port": "80", - "tcp.port": "47609", - "tcp.stream": "278", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00004e83", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6939", - "tcp.analysis.ack_rtt": "0.000454000", - "tcp.analysis.initial_rtt": "0.005091000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:55.771258000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495355.771258000", - "frame.time_delta": "0.011519000", - "frame.time_delta_displayed": "0.011519000", - "frame.time_relative": "1764.310572000", - "frame.number": "6941", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x0000b6a4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000001d1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47610", - "tcp.dstport": "80", - "tcp.port": "47610", - "tcp.port": "80", - "tcp.stream": "279", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x0000d925", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:83:97:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 951191, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "951191", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:55.771693000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495355.771693000", - "frame.time_delta": "0.000435000", - "frame.time_delta_displayed": "0.000435000", - "frame.time_relative": "1764.311007000", - "frame.number": "6942", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002409", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009480", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47609", - "tcp.dstport": "80", - "tcp.port": "47609", - "tcp.port": "80", - "tcp.stream": "278", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00007c40", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:55.771795000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495355.771795000", - "frame.time_delta": "0.000102000", - "frame.time_delta_displayed": "0.000102000", - "frame.time_relative": "1764.311109000", - "frame.number": "6943", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47610", - "tcp.port": "80", - "tcp.port": "47610", - "tcp.stream": "279", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000e3f3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "6941", - "tcp.analysis.ack_rtt": "0.000537000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:55.789699000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495355.789699000", - "frame.time_delta": "0.017904000", - "frame.time_delta_displayed": "0.017904000", - "frame.time_relative": "1764.329013000", - "frame.number": "6944", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000b6a5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000001e4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47610", - "tcp.dstport": "80", - "tcp.port": "47610", - "tcp.port": "80", - "tcp.stream": "279", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000957b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6943", - "tcp.analysis.ack_rtt": "0.017904000", - "tcp.analysis.initial_rtt": "0.018441000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:55.789880000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495355.789880000", - "frame.time_delta": "0.000181000", - "frame.time_delta_displayed": "0.000181000", - "frame.time_relative": "1764.329194000", - "frame.number": "6945", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x0000b6a6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000123", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47610", - "tcp.dstport": "80", - "tcp.port": "47610", - "tcp.port": "80", - "tcp.stream": "279", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000f4f5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.018441000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:55.790342000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495355.790342000", - "frame.time_delta": "0.000462000", - "frame.time_delta_displayed": "0.000462000", - "frame.time_relative": "1764.329656000", - "frame.number": "6946", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000091f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000af6a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47610", - "tcp.port": "80", - "tcp.port": "47610", - "tcp.stream": "279", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000874a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6945", - "tcp.analysis.ack_rtt": "0.000462000", - "tcp.analysis.initial_rtt": "0.018441000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:55.791112000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495355.791112000", - "frame.time_delta": "0.000770000", - "frame.time_delta_displayed": "0.000770000", - "frame.time_relative": "1764.330426000", - "frame.number": "6947", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00000920", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000af58", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47610", - "tcp.port": "80", - "tcp.port": "47610", - "tcp.stream": "279", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000c76b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.018441000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:55.791468000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495355.791468000", - "frame.time_delta": "0.000356000", - "frame.time_delta_displayed": "0.000356000", - "frame.time_relative": "1764.330782000", - "frame.number": "6948", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00000921", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ab85", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47610", - "tcp.port": "80", - "tcp.port": "47610", - "tcp.stream": "279", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000019d5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.018441000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "6947", - "tcp.segment": "6948", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001588000", - "http.request_in": "6945", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:55.807249000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495355.807249000", - "frame.time_delta": "0.015781000", - "frame.time_delta_displayed": "0.015781000", - "frame.time_relative": "1764.346563000", - "frame.number": "6949", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000b6a7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000001e2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47610", - "tcp.dstport": "80", - "tcp.port": "47610", - "tcp.port": "80", - "tcp.stream": "279", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000094aa", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6947", - "tcp.analysis.ack_rtt": "0.016137000", - "tcp.analysis.initial_rtt": "0.018441000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:55.807426000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495355.807426000", - "frame.time_delta": "0.000177000", - "frame.time_delta_displayed": "0.000177000", - "frame.time_relative": "1764.346740000", - "frame.number": "6950", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000b6a8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000001e1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47610", - "tcp.dstport": "80", - "tcp.port": "47610", - "tcp.port": "80", - "tcp.stream": "279", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000090bf", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6948", - "tcp.analysis.ack_rtt": "0.015958000", - "tcp.analysis.initial_rtt": "0.018441000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:55.808318000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495355.808318000", - "frame.time_delta": "0.000892000", - "frame.time_delta_displayed": "0.000892000", - "frame.time_relative": "1764.347632000", - "frame.number": "6951", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000b6a9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000001e0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47610", - "tcp.dstport": "80", - "tcp.port": "47610", - "tcp.port": "80", - "tcp.stream": "279", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000090be", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:55.808795000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495355.808795000", - "frame.time_delta": "0.000477000", - "frame.time_delta_displayed": "0.000477000", - "frame.time_relative": "1764.348109000", - "frame.number": "6952", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000016d1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a1b8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47610", - "tcp.port": "80", - "tcp.port": "47610", - "tcp.stream": "279", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00008354", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6951", - "tcp.analysis.ack_rtt": "0.000477000", - "tcp.analysis.initial_rtt": "0.018441000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:55.817701000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495355.817701000", - "frame.time_delta": "0.008906000", - "frame.time_delta_displayed": "0.008906000", - "frame.time_relative": "1764.357015000", - "frame.number": "6953", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000240a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000947f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47610", - "tcp.dstport": "80", - "tcp.port": "47610", - "tcp.port": "80", - "tcp.stream": "279", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000c3ea", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:56.596717000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495356.596717000", - "frame.time_delta": "0.779016000", - "frame.time_delta_displayed": "0.779016000", - "frame.time_relative": "1765.136031000", - "frame.number": "6954", - "frame.len": "418", - "frame.cap_len": "418", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "404", - "ip.id": "0x0000968f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007590", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "352", - "tcp.seq": "77559", - "tcp.nxtseq": "77911", - "tcp.ack": "17422", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000aafb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:62:74:a7:a1:9e:61", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2581108, TSecr 2812386913": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2581108", - "tcp.options.timestamp.tsecr": "2812386913" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "352", - "tcp.analysis.push_bytes_sent": "352" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "347", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:28:b3:49:7e:04:8f:59:a3:0a:6f:5e:53:29:83:5d:51:90:ad:59:91:ee:bc:c3:71:cb:77:89:30:b0:85:d1:9e:71:3b:ac:bb:8a:f1:44:a6:c8:71:86:58:a0:b3:19:a4:76:c8:a4:18:59:4d:28:7d:a7:07:e7:1a:b0:e3:22:69:f4:83:68:3a:4d:03:33:73:b0:08:f0:fd:cc:b0:28:8a:12:e1:d1:8a:70:23:c5:ae:54:93:78:b4:a7:9b:2b:4c:bb:64:99:ea:61:9d:37:93:69:76:8b:07:56:d5:65:e3:66:d5:3b:8f:e6:60:2e:2f:8f:80:fb:28:0a:7e:40:86:3c:92:20:09:f9:80:b7:9a:54:7c:4b:41:d0:e5:f0:0d:24:fd:28:f8:cd:38:82:c1:20:40:73:bd:03:df:20:69:ad:66:c5:48:9f:ca:4d:ab:75:43:6e:b0:97:41:c0:76:a6:77:8c:60:c6:fb:35:4e:ee:c9:7a:9c:87:b1:92:a7:37:7b:aa:4c:84:5d:34:73:62:a1:e9:7b:77:1c:b1:5f:85:09:98:46:a0:d5:49:df:29:34:b9:1e:ce:5b:bb:ae:31:f4:b2:7a:59:90:4f:17:6d:40:15:46:f6:95:e1:11:73:83:a5:ac:2e:40:fb:28:de:fd:8a:be:bf:68:43:13:42:66:bd:4a:1e:2a:60:49:f5:e5:d6:37:2b:93:70:42:9b:5b:42:9d:11:ea:09:56:05:8c:29:4a:3d:3e:5f:ab:01:91:2d:ef:03:0f:61:35:96:66:5e:fb:d9:86:95:ce:76:a5:cd:d1:bf:a2:ee:43:0a:3b:a0:90:ad:67:7b:2f:00:be:ca:60:b4:50:89:96:28:f5:f4:cd:81:57:2c:a9:36:70:32:76" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:56.670007000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495356.670007000", - "frame.time_delta": "0.073290000", - "frame.time_delta_displayed": "0.073290000", - "frame.time_relative": "1765.209321000", - "frame.number": "6955", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002d83", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037cd", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "17422", - "tcp.nxtseq": "17469", - "tcp.ack": "77911", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000ac08", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:b7:28:00:27:62:74", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812393256, TSecr 2581108": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812393256", - "tcp.options.timestamp.tsecr": "2581108" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "6954", - "tcp.analysis.ack_rtt": "0.073290000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:c0:dc:31:ab:94:ac:90:46:af:0e:36:ca:be:c0:d7:e4:48:62:33:11:e8:7c:25:a0:db:11:7b:bd:31:0e:7c:40:e4:db:f7" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:56.670464000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495356.670464000", - "frame.time_delta": "0.000457000", - "frame.time_delta_displayed": "0.000457000", - "frame.time_relative": "1765.209778000", - "frame.number": "6956", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00009690", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000076ef", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "77911", - "tcp.ack": "17469", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00001961", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:62:7b:a7:a1:b7:28", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2581115, TSecr 2812393256": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2581115", - "tcp.options.timestamp.tsecr": "2812393256" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "6955", - "tcp.analysis.ack_rtt": "0.000457000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:56.671900000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495356.671900000", - "frame.time_delta": "0.001436000", - "frame.time_delta_displayed": "0.001436000", - "frame.time_relative": "1765.211214000", - "frame.number": "6957", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00005731", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00006030", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "282", - "http.prev_response_in": "6936" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:56.713837000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495356.713837000", - "frame.time_delta": "0.041937000", - "frame.time_delta_displayed": "0.041937000", - "frame.time_relative": "1765.253151000", - "frame.number": "6958", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x00005607", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000626e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47611", - "tcp.dstport": "80", - "tcp.port": "47611", - "tcp.port": "80", - "tcp.stream": "280", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x0000297f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:83:f6:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 951286, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "951286", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:56.714366000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495356.714366000", - "frame.time_delta": "0.000529000", - "frame.time_delta_displayed": "0.000529000", - "frame.time_relative": "1765.253680000", - "frame.number": "6959", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47611", - "tcp.port": "80", - "tcp.port": "47611", - "tcp.stream": "280", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00002ff4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "6958", - "tcp.analysis.ack_rtt": "0.000529000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:56.718515000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495356.718515000", - "frame.time_delta": "0.004149000", - "frame.time_delta_displayed": "0.004149000", - "frame.time_relative": "1765.257829000", - "frame.number": "6960", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005608", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006281", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47611", - "tcp.dstport": "80", - "tcp.port": "47611", - "tcp.port": "80", - "tcp.stream": "280", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000e17b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6959", - "tcp.analysis.ack_rtt": "0.004149000", - "tcp.analysis.initial_rtt": "0.004678000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:56.718946000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495356.718946000", - "frame.time_delta": "0.000431000", - "frame.time_delta_displayed": "0.000431000", - "frame.time_relative": "1765.258260000", - "frame.number": "6961", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x00005609", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000061c0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47611", - "tcp.dstport": "80", - "tcp.port": "47611", - "tcp.port": "80", - "tcp.stream": "280", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000040f6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004678000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:56.719374000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495356.719374000", - "frame.time_delta": "0.000428000", - "frame.time_delta_displayed": "0.000428000", - "frame.time_relative": "1765.258688000", - "frame.number": "6962", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000ecca", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000cbbe", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47611", - "tcp.port": "80", - "tcp.port": "47611", - "tcp.stream": "280", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000d34a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6961", - "tcp.analysis.ack_rtt": "0.000428000", - "tcp.analysis.initial_rtt": "0.004678000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:56.720162000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495356.720162000", - "frame.time_delta": "0.000788000", - "frame.time_delta_displayed": "0.000788000", - "frame.time_relative": "1765.259476000", - "frame.number": "6963", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000eccb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000cbac", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47611", - "tcp.port": "80", - "tcp.port": "47611", - "tcp.stream": "280", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000136c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004678000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:56.720459000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495356.720459000", - "frame.time_delta": "0.000297000", - "frame.time_delta_displayed": "0.000297000", - "frame.time_relative": "1765.259773000", - "frame.number": "6964", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000eccc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000c7d9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47611", - "tcp.port": "80", - "tcp.port": "47611", - "tcp.stream": "280", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000065d5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004678000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "6963", - "tcp.segment": "6964", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001513000", - "http.request_in": "6961", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:56.725900000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495356.725900000", - "frame.time_delta": "0.005441000", - "frame.time_delta_displayed": "0.005441000", - "frame.time_relative": "1765.265214000", - "frame.number": "6965", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000560a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000627f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47611", - "tcp.dstport": "80", - "tcp.port": "47611", - "tcp.port": "80", - "tcp.stream": "280", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000e0aa", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6963", - "tcp.analysis.ack_rtt": "0.005738000", - "tcp.analysis.initial_rtt": "0.004678000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:56.726042000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495356.726042000", - "frame.time_delta": "0.000142000", - "frame.time_delta_displayed": "0.000142000", - "frame.time_relative": "1765.265356000", - "frame.number": "6966", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00005732", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00006026", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "283", - "http.prev_response_in": "6957" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:56.726402000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495356.726402000", - "frame.time_delta": "0.000360000", - "frame.time_delta_displayed": "0.000360000", - "frame.time_relative": "1765.265716000", - "frame.number": "6967", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000560b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000627e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47611", - "tcp.dstport": "80", - "tcp.port": "47611", - "tcp.port": "80", - "tcp.stream": "280", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000dcbf", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6964", - "tcp.analysis.ack_rtt": "0.005943000", - "tcp.analysis.initial_rtt": "0.004678000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:56.726513000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495356.726513000", - "frame.time_delta": "0.000111000", - "frame.time_delta_displayed": "0.000111000", - "frame.time_relative": "1765.265827000", - "frame.number": "6968", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000560c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000627d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47611", - "tcp.dstport": "80", - "tcp.port": "47611", - "tcp.port": "80", - "tcp.stream": "280", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000dcbe", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:56.726897000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495356.726897000", - "frame.time_delta": "0.000384000", - "frame.time_delta_displayed": "0.000384000", - "frame.time_relative": "1765.266211000", - "frame.number": "6969", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001705", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a184", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47611", - "tcp.port": "80", - "tcp.port": "47611", - "tcp.stream": "280", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000cf54", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6968", - "tcp.analysis.ack_rtt": "0.000384000", - "tcp.analysis.initial_rtt": "0.004678000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:56.730636000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495356.730636000", - "frame.time_delta": "0.003739000", - "frame.time_delta_displayed": "0.003739000", - "frame.time_relative": "1765.269950000", - "frame.number": "6970", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002441", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009448", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47611", - "tcp.dstport": "80", - "tcp.port": "47611", - "tcp.port": "80", - "tcp.stream": "280", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000014a3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:56.735841000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495356.735841000", - "frame.time_delta": "0.005205000", - "frame.time_delta_displayed": "0.005205000", - "frame.time_relative": "1765.275155000", - "frame.number": "6971", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x0000985e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00002017", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47612", - "tcp.dstport": "80", - "tcp.port": "47612", - "tcp.port": "80", - "tcp.stream": "281", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x00002d42", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:83:f8:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 951288, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "951288", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:56.736370000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495356.736370000", - "frame.time_delta": "0.000529000", - "frame.time_delta_displayed": "0.000529000", - "frame.time_relative": "1765.275684000", - "frame.number": "6972", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47612", - "tcp.port": "80", - "tcp.port": "47612", - "tcp.stream": "281", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000c34e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "6971", - "tcp.analysis.ack_rtt": "0.000529000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:56.741368000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495356.741368000", - "frame.time_delta": "0.004998000", - "frame.time_delta_displayed": "0.004998000", - "frame.time_relative": "1765.280682000", - "frame.number": "6973", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000985f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000202a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47612", - "tcp.dstport": "80", - "tcp.port": "47612", - "tcp.port": "80", - "tcp.stream": "281", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000074d6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6972", - "tcp.analysis.ack_rtt": "0.004998000", - "tcp.analysis.initial_rtt": "0.005527000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:56.741762000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495356.741762000", - "frame.time_delta": "0.000394000", - "frame.time_delta_displayed": "0.000394000", - "frame.time_relative": "1765.281076000", - "frame.number": "6974", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x00009860", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001f69", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47612", - "tcp.dstport": "80", - "tcp.port": "47612", - "tcp.port": "80", - "tcp.stream": "281", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000d450", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005527000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:56.742222000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495356.742222000", - "frame.time_delta": "0.000460000", - "frame.time_delta_displayed": "0.000460000", - "frame.time_relative": "1765.281536000", - "frame.number": "6975", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d686", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e202", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47612", - "tcp.port": "80", - "tcp.port": "47612", - "tcp.stream": "281", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000066a5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6974", - "tcp.analysis.ack_rtt": "0.000460000", - "tcp.analysis.initial_rtt": "0.005527000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:56.743058000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495356.743058000", - "frame.time_delta": "0.000836000", - "frame.time_delta_displayed": "0.000836000", - "frame.time_relative": "1765.282372000", - "frame.number": "6976", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000d687", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e1f0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47612", - "tcp.port": "80", - "tcp.port": "47612", - "tcp.stream": "281", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000a6c6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005527000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:56.743392000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495356.743392000", - "frame.time_delta": "0.000334000", - "frame.time_delta_displayed": "0.000334000", - "frame.time_relative": "1765.282706000", - "frame.number": "6977", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000d688", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000de1d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47612", - "tcp.port": "80", - "tcp.port": "47612", - "tcp.stream": "281", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000f92f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005527000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "6976", - "tcp.segment": "6977", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001630000", - "http.request_in": "6974", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:56.746195000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495356.746195000", - "frame.time_delta": "0.002803000", - "frame.time_delta_displayed": "0.002803000", - "frame.time_relative": "1765.285509000", - "frame.number": "6978", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00009861", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00002028", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47612", - "tcp.dstport": "80", - "tcp.port": "47612", - "tcp.port": "80", - "tcp.stream": "281", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00007405", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6976", - "tcp.analysis.ack_rtt": "0.003137000", - "tcp.analysis.initial_rtt": "0.005527000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:56.747282000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495356.747282000", - "frame.time_delta": "0.001087000", - "frame.time_delta_displayed": "0.001087000", - "frame.time_relative": "1765.286596000", - "frame.number": "6979", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00009862", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00002027", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47612", - "tcp.dstport": "80", - "tcp.port": "47612", - "tcp.port": "80", - "tcp.stream": "281", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000701a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6977", - "tcp.analysis.ack_rtt": "0.003890000", - "tcp.analysis.initial_rtt": "0.005527000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:56.748406000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495356.748406000", - "frame.time_delta": "0.001124000", - "frame.time_delta_displayed": "0.001124000", - "frame.time_relative": "1765.287720000", - "frame.number": "6980", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00009863", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00002026", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47612", - "tcp.dstport": "80", - "tcp.port": "47612", - "tcp.port": "80", - "tcp.stream": "281", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00007019", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:56.748878000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495356.748878000", - "frame.time_delta": "0.000472000", - "frame.time_delta_displayed": "0.000472000", - "frame.time_relative": "1765.288192000", - "frame.number": "6981", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001708", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a181", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47612", - "tcp.port": "80", - "tcp.port": "47612", - "tcp.stream": "281", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000062af", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6980", - "tcp.analysis.ack_rtt": "0.000472000", - "tcp.analysis.initial_rtt": "0.005527000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:56.752966000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495356.752966000", - "frame.time_delta": "0.004088000", - "frame.time_delta_displayed": "0.004088000", - "frame.time_relative": "1765.292280000", - "frame.number": "6982", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002443", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009446", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47612", - "tcp.dstport": "80", - "tcp.port": "47612", - "tcp.port": "80", - "tcp.stream": "281", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00001868", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:56.780402000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495356.780402000", - "frame.time_delta": "0.027436000", - "frame.time_delta_displayed": "0.027436000", - "frame.time_relative": "1765.319716000", - "frame.number": "6983", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00005733", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000602b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "284", - "http.prev_response_in": "6966" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:56.785923000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495356.785923000", - "frame.time_delta": "0.005521000", - "frame.time_delta_displayed": "0.005521000", - "frame.time_relative": "1765.325237000", - "frame.number": "6984", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x0000d6f5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e17f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47613", - "tcp.dstport": "80", - "tcp.port": "47613", - "tcp.port": "80", - "tcp.stream": "282", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x00009294", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:83:fd:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 951293, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "951293", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:56.786454000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495356.786454000", - "frame.time_delta": "0.000531000", - "frame.time_delta_displayed": "0.000531000", - "frame.time_relative": "1765.325768000", - "frame.number": "6985", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47613", - "tcp.port": "80", - "tcp.port": "47613", - "tcp.stream": "282", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00002e24", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "6984", - "tcp.analysis.ack_rtt": "0.000531000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:56.793237000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495356.793237000", - "frame.time_delta": "0.006783000", - "frame.time_delta_displayed": "0.006783000", - "frame.time_relative": "1765.332551000", - "frame.number": "6986", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d6f6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e192", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47613", - "tcp.dstport": "80", - "tcp.port": "47613", - "tcp.port": "80", - "tcp.stream": "282", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000dfab", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6985", - "tcp.analysis.ack_rtt": "0.006783000", - "tcp.analysis.initial_rtt": "0.007314000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:56.793353000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495356.793353000", - "frame.time_delta": "0.000116000", - "frame.time_delta_displayed": "0.000116000", - "frame.time_relative": "1765.332667000", - "frame.number": "6987", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x0000d6f7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e0d1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47613", - "tcp.dstport": "80", - "tcp.port": "47613", - "tcp.port": "80", - "tcp.stream": "282", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00003f26", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.007314000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:56.793809000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495356.793809000", - "frame.time_delta": "0.000456000", - "frame.time_delta_displayed": "0.000456000", - "frame.time_relative": "1765.333123000", - "frame.number": "6988", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d577", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e311", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47613", - "tcp.port": "80", - "tcp.port": "47613", - "tcp.stream": "282", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000d17a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6987", - "tcp.analysis.ack_rtt": "0.000456000", - "tcp.analysis.initial_rtt": "0.007314000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:56.794497000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495356.794497000", - "frame.time_delta": "0.000688000", - "frame.time_delta_displayed": "0.000688000", - "frame.time_relative": "1765.333811000", - "frame.number": "6989", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000d578", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e2ff", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47613", - "tcp.port": "80", - "tcp.port": "47613", - "tcp.stream": "282", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000119c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.007314000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:56.794962000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495356.794962000", - "frame.time_delta": "0.000465000", - "frame.time_delta_displayed": "0.000465000", - "frame.time_relative": "1765.334276000", - "frame.number": "6990", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000d579", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000df2c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47613", - "tcp.port": "80", - "tcp.port": "47613", - "tcp.stream": "282", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00006405", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.007314000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "6989", - "tcp.segment": "6990", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001609000", - "http.request_in": "6987", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:56.798678000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495356.798678000", - "frame.time_delta": "0.003716000", - "frame.time_delta_displayed": "0.003716000", - "frame.time_relative": "1765.337992000", - "frame.number": "6991", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d6f8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e190", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47613", - "tcp.dstport": "80", - "tcp.port": "47613", - "tcp.port": "80", - "tcp.stream": "282", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000deda", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6989", - "tcp.analysis.ack_rtt": "0.004181000", - "tcp.analysis.initial_rtt": "0.007314000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:56.799352000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495356.799352000", - "frame.time_delta": "0.000674000", - "frame.time_delta_displayed": "0.000674000", - "frame.time_relative": "1765.338666000", - "frame.number": "6992", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d6f9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e18f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47613", - "tcp.dstport": "80", - "tcp.port": "47613", - "tcp.port": "80", - "tcp.stream": "282", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000daef", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6990", - "tcp.analysis.ack_rtt": "0.004390000", - "tcp.analysis.initial_rtt": "0.007314000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:56.800119000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495356.800119000", - "frame.time_delta": "0.000767000", - "frame.time_delta_displayed": "0.000767000", - "frame.time_relative": "1765.339433000", - "frame.number": "6993", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d6fa", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e18e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47613", - "tcp.dstport": "80", - "tcp.port": "47613", - "tcp.port": "80", - "tcp.stream": "282", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000daee", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:56.800557000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495356.800557000", - "frame.time_delta": "0.000438000", - "frame.time_delta_displayed": "0.000438000", - "frame.time_relative": "1765.339871000", - "frame.number": "6994", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000170a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a17f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47613", - "tcp.port": "80", - "tcp.port": "47613", - "tcp.stream": "282", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000cd84", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6993", - "tcp.analysis.ack_rtt": "0.000438000", - "tcp.analysis.initial_rtt": "0.007314000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:56.808923000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495356.808923000", - "frame.time_delta": "0.008366000", - "frame.time_delta_displayed": "0.008366000", - "frame.time_relative": "1765.348237000", - "frame.number": "6995", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002448", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009441", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47613", - "tcp.dstport": "80", - "tcp.port": "47613", - "tcp.port": "80", - "tcp.stream": "282", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00007dbf", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:57.569567000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495357.569567000", - "frame.time_delta": "0.760644000", - "frame.time_delta_displayed": "0.760644000", - "frame.time_relative": "1766.108881000", - "frame.number": "6996", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000575c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00006005", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "285", - "http.prev_response_in": "6983" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:57.622360000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495357.622360000", - "frame.time_delta": "0.052793000", - "frame.time_delta_displayed": "0.052793000", - "frame.time_relative": "1766.161674000", - "frame.number": "6997", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00005760", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00005ff8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "286", - "http.prev_response_in": "6996" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:57.634151000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495357.634151000", - "frame.time_delta": "0.011791000", - "frame.time_delta_displayed": "0.011791000", - "frame.time_relative": "1766.173465000", - "frame.number": "6998", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x00001015", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a860", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47614", - "tcp.dstport": "80", - "tcp.port": "47614", - "tcp.port": "80", - "tcp.stream": "283", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x00003250", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:84:52:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 951378, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "951378", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:57.634703000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495357.634703000", - "frame.time_delta": "0.000552000", - "frame.time_delta_displayed": "0.000552000", - "frame.time_relative": "1766.174017000", - "frame.number": "6999", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47614", - "tcp.port": "80", - "tcp.port": "47614", - "tcp.stream": "283", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00008dd2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "6998", - "tcp.analysis.ack_rtt": "0.000552000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:57.637809000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495357.637809000", - "frame.time_delta": "0.003106000", - "frame.time_delta_displayed": "0.003106000", - "frame.time_relative": "1766.177123000", - "frame.number": "7000", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001016", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a873", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47614", - "tcp.dstport": "80", - "tcp.port": "47614", - "tcp.port": "80", - "tcp.stream": "283", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00003f5a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "6999", - "tcp.analysis.ack_rtt": "0.003106000", - "tcp.analysis.initial_rtt": "0.003658000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:57.639329000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495357.639329000", - "frame.time_delta": "0.001520000", - "frame.time_delta_displayed": "0.001520000", - "frame.time_relative": "1766.178643000", - "frame.number": "7001", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x00001017", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a7b2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47614", - "tcp.dstport": "80", - "tcp.port": "47614", - "tcp.port": "80", - "tcp.stream": "283", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00009ed4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003658000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:57.639836000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495357.639836000", - "frame.time_delta": "0.000507000", - "frame.time_delta_displayed": "0.000507000", - "frame.time_relative": "1766.179150000", - "frame.number": "7002", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000098f0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001f99", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47614", - "tcp.port": "80", - "tcp.port": "47614", - "tcp.stream": "283", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00003129", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7001", - "tcp.analysis.ack_rtt": "0.000507000", - "tcp.analysis.initial_rtt": "0.003658000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:57.640561000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495357.640561000", - "frame.time_delta": "0.000725000", - "frame.time_delta_displayed": "0.000725000", - "frame.time_relative": "1766.179875000", - "frame.number": "7003", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x000098f1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001f87", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47614", - "tcp.port": "80", - "tcp.port": "47614", - "tcp.stream": "283", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000714a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003658000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:57.640912000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495357.640912000", - "frame.time_delta": "0.000351000", - "frame.time_delta_displayed": "0.000351000", - "frame.time_relative": "1766.180226000", - "frame.number": "7004", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x000098f2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001bb4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47614", - "tcp.port": "80", - "tcp.port": "47614", - "tcp.stream": "283", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000c3b3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003658000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "7003", - "tcp.segment": "7004", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001583000", - "http.request_in": "7001", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:57.644744000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495357.644744000", - "frame.time_delta": "0.003832000", - "frame.time_delta_displayed": "0.003832000", - "frame.time_relative": "1766.184058000", - "frame.number": "7005", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001018", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a871", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47614", - "tcp.dstport": "80", - "tcp.port": "47614", - "tcp.port": "80", - "tcp.stream": "283", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00003e89", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7003", - "tcp.analysis.ack_rtt": "0.004183000", - "tcp.analysis.initial_rtt": "0.003658000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:57.644795000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495357.644795000", - "frame.time_delta": "0.000051000", - "frame.time_delta_displayed": "0.000051000", - "frame.time_relative": "1766.184109000", - "frame.number": "7006", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001019", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a870", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47614", - "tcp.dstport": "80", - "tcp.port": "47614", - "tcp.port": "80", - "tcp.stream": "283", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00003a9e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7004", - "tcp.analysis.ack_rtt": "0.003883000", - "tcp.analysis.initial_rtt": "0.003658000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:57.646189000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495357.646189000", - "frame.time_delta": "0.001394000", - "frame.time_delta_displayed": "0.001394000", - "frame.time_relative": "1766.185503000", - "frame.number": "7007", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000101a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a86f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47614", - "tcp.dstport": "80", - "tcp.port": "47614", - "tcp.port": "80", - "tcp.stream": "283", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00003a9d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:57.646644000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495357.646644000", - "frame.time_delta": "0.000455000", - "frame.time_delta_displayed": "0.000455000", - "frame.time_relative": "1766.185958000", - "frame.number": "7008", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001740", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a149", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47614", - "tcp.port": "80", - "tcp.port": "47614", - "tcp.stream": "283", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00002d33", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7007", - "tcp.analysis.ack_rtt": "0.000455000", - "tcp.analysis.initial_rtt": "0.003658000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:57.649921000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495357.649921000", - "frame.time_delta": "0.003277000", - "frame.time_delta_displayed": "0.003277000", - "frame.time_relative": "1766.189235000", - "frame.number": "7009", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002494", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000093f5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47614", - "tcp.dstport": "80", - "tcp.port": "47614", - "tcp.port": "80", - "tcp.stream": "283", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00001dd0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:57.669172000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495357.669172000", - "frame.time_delta": "0.019251000", - "frame.time_delta_displayed": "0.019251000", - "frame.time_relative": "1766.208486000", - "frame.number": "7010", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001fa8", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b848", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000126e", - "udp.checksum.status": "2", - "udp.stream": "98" - }, - "mdns": { - "dns.id": "0x00000287", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=647", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:57.670019000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495357.670019000", - "frame.time_delta": "0.000847000", - "frame.time_delta_displayed": "0.000847000", - "frame.time_relative": "1766.209333000", - "frame.number": "7011", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001fa9", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009943", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f369", - "udp.checksum.status": "2", - "udp.stream": "99" - }, - "mdns": { - "dns.id": "0x00000287", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=647", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:57.670532000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495357.670532000", - "frame.time_delta": "0.000513000", - "frame.time_delta_displayed": "0.000513000", - "frame.time_relative": "1766.209846000", - "frame.number": "7012", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1322", - "udp.dstport": "5353", - "udp.port": "1322", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000812f", - "udp.checksum.status": "2", - "udp.stream": "100" - }, - "mdns": { - "dns.id": "0x00000287", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=647", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:57.675543000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495357.675543000", - "frame.time_delta": "0.005011000", - "frame.time_delta_displayed": "0.005011000", - "frame.time_relative": "1766.214857000", - "frame.number": "7013", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00005761", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00005ffd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "287", - "http.prev_response_in": "6997" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:57.723455000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495357.723455000", - "frame.time_delta": "0.047912000", - "frame.time_delta_displayed": "0.047912000", - "frame.time_relative": "1766.262769000", - "frame.number": "7014", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x0000545c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006419", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47617", - "tcp.dstport": "80", - "tcp.port": "47617", - "tcp.port": "80", - "tcp.stream": "284", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x0000d588", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:84:5b:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 951387, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "951387", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:57.724018000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495357.724018000", - "frame.time_delta": "0.000563000", - "frame.time_delta_displayed": "0.000563000", - "frame.time_relative": "1766.263332000", - "frame.number": "7015", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47617", - "tcp.port": "80", - "tcp.port": "47617", - "tcp.stream": "284", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00002b1b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7014", - "tcp.analysis.ack_rtt": "0.000563000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:57.740289000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495357.740289000", - "frame.time_delta": "0.016271000", - "frame.time_delta_displayed": "0.016271000", - "frame.time_relative": "1766.279603000", - "frame.number": "7016", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000545d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000642c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47617", - "tcp.dstport": "80", - "tcp.port": "47617", - "tcp.port": "80", - "tcp.stream": "284", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000dca2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7015", - "tcp.analysis.ack_rtt": "0.016271000", - "tcp.analysis.initial_rtt": "0.016834000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:57.741177000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495357.741177000", - "frame.time_delta": "0.000888000", - "frame.time_delta_displayed": "0.000888000", - "frame.time_relative": "1766.280491000", - "frame.number": "7017", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x0000545e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000636b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47617", - "tcp.dstport": "80", - "tcp.port": "47617", - "tcp.port": "80", - "tcp.stream": "284", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00003c1d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.016834000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:57.741638000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495357.741638000", - "frame.time_delta": "0.000461000", - "frame.time_delta_displayed": "0.000461000", - "frame.time_relative": "1766.280952000", - "frame.number": "7018", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000bb86", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000fd02", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47617", - "tcp.port": "80", - "tcp.port": "47617", - "tcp.stream": "284", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000ce71", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7017", - "tcp.analysis.ack_rtt": "0.000461000", - "tcp.analysis.initial_rtt": "0.016834000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:57.742320000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495357.742320000", - "frame.time_delta": "0.000682000", - "frame.time_delta_displayed": "0.000682000", - "frame.time_relative": "1766.281634000", - "frame.number": "7019", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000bb87", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000fcf0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47617", - "tcp.port": "80", - "tcp.port": "47617", - "tcp.stream": "284", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00000e93", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.016834000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:57.742747000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495357.742747000", - "frame.time_delta": "0.000427000", - "frame.time_delta_displayed": "0.000427000", - "frame.time_relative": "1766.282061000", - "frame.number": "7020", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000bb88", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f91d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47617", - "tcp.port": "80", - "tcp.port": "47617", - "tcp.stream": "284", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000060fc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.016834000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "7019", - "tcp.segment": "7020", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001570000", - "http.request_in": "7017", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:57.749008000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495357.749008000", - "frame.time_delta": "0.006261000", - "frame.time_delta_displayed": "0.006261000", - "frame.time_relative": "1766.288322000", - "frame.number": "7021", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000545f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000642a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47617", - "tcp.dstport": "80", - "tcp.port": "47617", - "tcp.port": "80", - "tcp.stream": "284", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000dbd1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7019", - "tcp.analysis.ack_rtt": "0.006688000", - "tcp.analysis.initial_rtt": "0.016834000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:57.749112000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495357.749112000", - "frame.time_delta": "0.000104000", - "frame.time_delta_displayed": "0.000104000", - "frame.time_relative": "1766.288426000", - "frame.number": "7022", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005460", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006429", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47617", - "tcp.dstport": "80", - "tcp.port": "47617", - "tcp.port": "80", - "tcp.stream": "284", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000d7e6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7020", - "tcp.analysis.ack_rtt": "0.006365000", - "tcp.analysis.initial_rtt": "0.016834000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:57.749768000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495357.749768000", - "frame.time_delta": "0.000656000", - "frame.time_delta_displayed": "0.000656000", - "frame.time_relative": "1766.289082000", - "frame.number": "7023", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005461", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006428", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47617", - "tcp.dstport": "80", - "tcp.port": "47617", - "tcp.port": "80", - "tcp.stream": "284", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000d7e5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:57.750231000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495357.750231000", - "frame.time_delta": "0.000463000", - "frame.time_delta_displayed": "0.000463000", - "frame.time_relative": "1766.289545000", - "frame.number": "7024", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001745", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a144", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47617", - "tcp.port": "80", - "tcp.port": "47617", - "tcp.stream": "284", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000ca7b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7023", - "tcp.analysis.ack_rtt": "0.000463000", - "tcp.analysis.initial_rtt": "0.016834000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:57.753376000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495357.753376000", - "frame.time_delta": "0.003145000", - "frame.time_delta_displayed": "0.003145000", - "frame.time_relative": "1766.292690000", - "frame.number": "7025", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000249f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000093ea", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47617", - "tcp.dstport": "80", - "tcp.port": "47617", - "tcp.port": "80", - "tcp.stream": "284", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000c111", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:58.622565000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495358.622565000", - "frame.time_delta": "0.869189000", - "frame.time_delta_displayed": "0.869189000", - "frame.time_relative": "1767.161879000", - "frame.number": "7026", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x000057a0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00005fc1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "288", - "http.prev_response_in": "7013" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:58.628898000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495358.628898000", - "frame.time_delta": "0.006333000", - "frame.time_delta_displayed": "0.006333000", - "frame.time_relative": "1767.168212000", - "frame.number": "7027", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x0000a89a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000fdb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47618", - "tcp.dstport": "80", - "tcp.port": "47618", - "tcp.port": "80", - "tcp.stream": "285", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x0000a536", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:84:b5:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 951477, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "951477", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:58.629459000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495358.629459000", - "frame.time_delta": "0.000561000", - "frame.time_delta_displayed": "0.000561000", - "frame.time_relative": "1767.168773000", - "frame.number": "7028", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47618", - "tcp.port": "80", - "tcp.port": "47618", - "tcp.stream": "285", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000a75e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7027", - "tcp.analysis.ack_rtt": "0.000561000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:58.632862000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495358.632862000", - "frame.time_delta": "0.003403000", - "frame.time_delta_displayed": "0.003403000", - "frame.time_relative": "1767.172176000", - "frame.number": "7029", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000a89b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000fee", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47618", - "tcp.dstport": "80", - "tcp.port": "47618", - "tcp.port": "80", - "tcp.stream": "285", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000058e6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7028", - "tcp.analysis.ack_rtt": "0.003403000", - "tcp.analysis.initial_rtt": "0.003964000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:58.633301000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495358.633301000", - "frame.time_delta": "0.000439000", - "frame.time_delta_displayed": "0.000439000", - "frame.time_relative": "1767.172615000", - "frame.number": "7030", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x0000a89c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000f2d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47618", - "tcp.dstport": "80", - "tcp.port": "47618", - "tcp.port": "80", - "tcp.stream": "285", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000b860", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003964000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:58.633788000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495358.633788000", - "frame.time_delta": "0.000487000", - "frame.time_delta_displayed": "0.000487000", - "frame.time_relative": "1767.173102000", - "frame.number": "7031", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e032", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d856", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47618", - "tcp.port": "80", - "tcp.port": "47618", - "tcp.stream": "285", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00004ab5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7030", - "tcp.analysis.ack_rtt": "0.000487000", - "tcp.analysis.initial_rtt": "0.003964000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:58.634430000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495358.634430000", - "frame.time_delta": "0.000642000", - "frame.time_delta_displayed": "0.000642000", - "frame.time_relative": "1767.173744000", - "frame.number": "7032", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000e033", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d844", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47618", - "tcp.port": "80", - "tcp.port": "47618", - "tcp.stream": "285", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00008ad6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003964000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:58.634780000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495358.634780000", - "frame.time_delta": "0.000350000", - "frame.time_delta_displayed": "0.000350000", - "frame.time_relative": "1767.174094000", - "frame.number": "7033", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000e034", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d471", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47618", - "tcp.port": "80", - "tcp.port": "47618", - "tcp.stream": "285", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000dd3f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003964000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "7032", - "tcp.segment": "7033", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001479000", - "http.request_in": "7030", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:58.638019000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495358.638019000", - "frame.time_delta": "0.003239000", - "frame.time_delta_displayed": "0.003239000", - "frame.time_relative": "1767.177333000", - "frame.number": "7034", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000a89d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000fec", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47618", - "tcp.dstport": "80", - "tcp.port": "47618", - "tcp.port": "80", - "tcp.stream": "285", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00005815", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7032", - "tcp.analysis.ack_rtt": "0.003589000", - "tcp.analysis.initial_rtt": "0.003964000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:58.638484000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495358.638484000", - "frame.time_delta": "0.000465000", - "frame.time_delta_displayed": "0.000465000", - "frame.time_relative": "1767.177798000", - "frame.number": "7035", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000a89e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000feb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47618", - "tcp.dstport": "80", - "tcp.port": "47618", - "tcp.port": "80", - "tcp.stream": "285", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000542a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7033", - "tcp.analysis.ack_rtt": "0.003704000", - "tcp.analysis.initial_rtt": "0.003964000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:58.639426000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495358.639426000", - "frame.time_delta": "0.000942000", - "frame.time_delta_displayed": "0.000942000", - "frame.time_relative": "1767.178740000", - "frame.number": "7036", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000a89f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000fea", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47618", - "tcp.dstport": "80", - "tcp.port": "47618", - "tcp.port": "80", - "tcp.stream": "285", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00005429", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:58.639878000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495358.639878000", - "frame.time_delta": "0.000452000", - "frame.time_delta_displayed": "0.000452000", - "frame.time_relative": "1767.179192000", - "frame.number": "7037", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000176f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a11a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47618", - "tcp.port": "80", - "tcp.port": "47618", - "tcp.stream": "285", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000046bf", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7036", - "tcp.analysis.ack_rtt": "0.000452000", - "tcp.analysis.initial_rtt": "0.003964000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:58.644489000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495358.644489000", - "frame.time_delta": "0.004611000", - "frame.time_delta_displayed": "0.004611000", - "frame.time_relative": "1767.183803000", - "frame.number": "7038", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000024f6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009393", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47618", - "tcp.dstport": "80", - "tcp.port": "47618", - "tcp.port": "80", - "tcp.stream": "285", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00009119", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:58.675708000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495358.675708000", - "frame.time_delta": "0.031219000", - "frame.time_delta_displayed": "0.031219000", - "frame.time_relative": "1767.215022000", - "frame.number": "7039", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x000057a3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00005fb5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "289", - "http.prev_response_in": "7026" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:58.748264000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495358.748264000", - "frame.time_delta": "0.072556000", - "frame.time_delta_displayed": "0.072556000", - "frame.time_relative": "1767.287578000", - "frame.number": "7040", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x00007aac", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003dc9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47619", - "tcp.dstport": "80", - "tcp.port": "47619", - "tcp.port": "80", - "tcp.stream": "286", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x00002093", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:84:bb:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 951483, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "951483", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:58.748200000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495358.748200000", - "frame.time_delta": "-0.000064000", - "frame.time_delta_displayed": "-0.000064000", - "frame.time_relative": "1767.287514000", - "frame.number": "7041", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x000057a5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00005fb9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "290", - "http.prev_response_in": "7039" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:58.748823000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495358.748823000", - "frame.time_delta": "0.000623000", - "frame.time_delta_displayed": "0.000623000", - "frame.time_relative": "1767.288137000", - "frame.number": "7042", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47619", - "tcp.port": "80", - "tcp.port": "47619", - "tcp.stream": "286", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x000013be", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7040", - "tcp.analysis.ack_rtt": "0.000559000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:58.760627000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495358.760627000", - "frame.time_delta": "0.011804000", - "frame.time_delta_displayed": "0.011804000", - "frame.time_relative": "1767.299941000", - "frame.number": "7043", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00007aad", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003ddc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47619", - "tcp.dstport": "80", - "tcp.port": "47619", - "tcp.port": "80", - "tcp.stream": "286", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000c545", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7042", - "tcp.analysis.ack_rtt": "0.011804000", - "tcp.analysis.initial_rtt": "0.012363000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:58.761377000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495358.761377000", - "frame.time_delta": "0.000750000", - "frame.time_delta_displayed": "0.000750000", - "frame.time_relative": "1767.300691000", - "frame.number": "7044", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x00007aae", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003d1b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47619", - "tcp.dstport": "80", - "tcp.port": "47619", - "tcp.port": "80", - "tcp.stream": "286", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000024c0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.012363000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:58.761841000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495358.761841000", - "frame.time_delta": "0.000464000", - "frame.time_delta_displayed": "0.000464000", - "frame.time_relative": "1767.301155000", - "frame.number": "7045", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000001dc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b6ad", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47619", - "tcp.port": "80", - "tcp.port": "47619", - "tcp.stream": "286", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000b714", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7044", - "tcp.analysis.ack_rtt": "0.000464000", - "tcp.analysis.initial_rtt": "0.012363000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:58.762495000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495358.762495000", - "frame.time_delta": "0.000654000", - "frame.time_delta_displayed": "0.000654000", - "frame.time_relative": "1767.301809000", - "frame.number": "7046", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x000001dd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b69b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47619", - "tcp.port": "80", - "tcp.port": "47619", - "tcp.stream": "286", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000f735", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.012363000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:58.762846000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495358.762846000", - "frame.time_delta": "0.000351000", - "frame.time_delta_displayed": "0.000351000", - "frame.time_relative": "1767.302160000", - "frame.number": "7047", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x000001de", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b2c8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47619", - "tcp.port": "80", - "tcp.port": "47619", - "tcp.stream": "286", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000499f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.012363000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "7046", - "tcp.segment": "7047", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001469000", - "http.request_in": "7044", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:58.770342000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495358.770342000", - "frame.time_delta": "0.007496000", - "frame.time_delta_displayed": "0.007496000", - "frame.time_relative": "1767.309656000", - "frame.number": "7048", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00007aaf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003dda", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47619", - "tcp.dstport": "80", - "tcp.port": "47619", - "tcp.port": "80", - "tcp.stream": "286", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000c474", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7046", - "tcp.analysis.ack_rtt": "0.007847000", - "tcp.analysis.initial_rtt": "0.012363000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:58.770380000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495358.770380000", - "frame.time_delta": "0.000038000", - "frame.time_delta_displayed": "0.000038000", - "frame.time_relative": "1767.309694000", - "frame.number": "7049", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00007ab0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003dd9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47619", - "tcp.dstport": "80", - "tcp.port": "47619", - "tcp.port": "80", - "tcp.stream": "286", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000c089", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7047", - "tcp.analysis.ack_rtt": "0.007534000", - "tcp.analysis.initial_rtt": "0.012363000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:58.773074000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495358.773074000", - "frame.time_delta": "0.002694000", - "frame.time_delta_displayed": "0.002694000", - "frame.time_relative": "1767.312388000", - "frame.number": "7050", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00007ab1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003dd8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47619", - "tcp.dstport": "80", - "tcp.port": "47619", - "tcp.port": "80", - "tcp.stream": "286", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000c088", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:58.773539000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495358.773539000", - "frame.time_delta": "0.000465000", - "frame.time_delta_displayed": "0.000465000", - "frame.time_relative": "1767.312853000", - "frame.number": "7051", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000177b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a10e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47619", - "tcp.port": "80", - "tcp.port": "47619", - "tcp.stream": "286", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000b31e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7050", - "tcp.analysis.ack_rtt": "0.000465000", - "tcp.analysis.initial_rtt": "0.012363000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:58.777780000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495358.777780000", - "frame.time_delta": "0.004241000", - "frame.time_delta_displayed": "0.004241000", - "frame.time_relative": "1767.317094000", - "frame.number": "7052", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000024fe", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000938b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47619", - "tcp.dstport": "80", - "tcp.port": "47619", - "tcp.port": "80", - "tcp.stream": "286", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00000c7c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:59.464765000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495359.464765000", - "frame.time_delta": "0.686985000", - "frame.time_delta_displayed": "0.686985000", - "frame.time_relative": "1768.004079000", - "frame.number": "7053", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x000057cc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00005f95", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "291", - "http.prev_response_in": "7041" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:59.517637000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495359.517637000", - "frame.time_delta": "0.052872000", - "frame.time_delta_displayed": "0.052872000", - "frame.time_relative": "1768.056951000", - "frame.number": "7054", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x000057d0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00005f88", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "292", - "http.prev_response_in": "7053" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:59.570455000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495359.570455000", - "frame.time_delta": "0.052818000", - "frame.time_delta_displayed": "0.052818000", - "frame.time_relative": "1768.109769000", - "frame.number": "7055", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x000057d6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00005f88", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "293", - "http.prev_response_in": "7054" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:59.583472000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495359.583472000", - "frame.time_delta": "0.013017000", - "frame.time_delta_displayed": "0.013017000", - "frame.time_relative": "1768.122786000", - "frame.number": "7056", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x0000717b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000046fa", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47621", - "tcp.dstport": "80", - "tcp.port": "47621", - "tcp.port": "80", - "tcp.stream": "287", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x0000cb6a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:85:15:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 951573, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "951573", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:59.584016000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495359.584016000", - "frame.time_delta": "0.000544000", - "frame.time_delta_displayed": "0.000544000", - "frame.time_relative": "1768.123330000", - "frame.number": "7057", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47621", - "tcp.port": "80", - "tcp.port": "47621", - "tcp.stream": "287", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00005a4f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7056", - "tcp.analysis.ack_rtt": "0.000544000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:59.590144000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495359.590144000", - "frame.time_delta": "0.006128000", - "frame.time_delta_displayed": "0.006128000", - "frame.time_relative": "1768.129458000", - "frame.number": "7058", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000717c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000470d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47621", - "tcp.dstport": "80", - "tcp.port": "47621", - "tcp.port": "80", - "tcp.stream": "287", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00000bd7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7057", - "tcp.analysis.ack_rtt": "0.006128000", - "tcp.analysis.initial_rtt": "0.006672000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:59.591519000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495359.591519000", - "frame.time_delta": "0.001375000", - "frame.time_delta_displayed": "0.001375000", - "frame.time_relative": "1768.130833000", - "frame.number": "7059", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x0000717d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000464c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47621", - "tcp.dstport": "80", - "tcp.port": "47621", - "tcp.port": "80", - "tcp.stream": "287", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00006b51", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.006672000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:59.592022000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495359.592022000", - "frame.time_delta": "0.000503000", - "frame.time_delta_displayed": "0.000503000", - "frame.time_relative": "1768.131336000", - "frame.number": "7060", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00009150", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00002739", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47621", - "tcp.port": "80", - "tcp.port": "47621", - "tcp.stream": "287", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000fda5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7059", - "tcp.analysis.ack_rtt": "0.000503000", - "tcp.analysis.initial_rtt": "0.006672000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:59.592672000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495359.592672000", - "frame.time_delta": "0.000650000", - "frame.time_delta_displayed": "0.000650000", - "frame.time_relative": "1768.131986000", - "frame.number": "7061", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00009151", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00002727", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47621", - "tcp.port": "80", - "tcp.port": "47621", - "tcp.stream": "287", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00003dc7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.006672000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:59.593106000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495359.593106000", - "frame.time_delta": "0.000434000", - "frame.time_delta_displayed": "0.000434000", - "frame.time_relative": "1768.132420000", - "frame.number": "7062", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00009152", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00002354", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47621", - "tcp.port": "80", - "tcp.port": "47621", - "tcp.stream": "287", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00009030", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.006672000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "7061", - "tcp.segment": "7062", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001587000", - "http.request_in": "7059", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:59.596062000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495359.596062000", - "frame.time_delta": "0.002956000", - "frame.time_delta_displayed": "0.002956000", - "frame.time_relative": "1768.135376000", - "frame.number": "7063", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000717e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000470b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47621", - "tcp.dstport": "80", - "tcp.port": "47621", - "tcp.port": "80", - "tcp.stream": "287", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00000b06", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7061", - "tcp.analysis.ack_rtt": "0.003390000", - "tcp.analysis.initial_rtt": "0.006672000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:59.597116000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495359.597116000", - "frame.time_delta": "0.001054000", - "frame.time_delta_displayed": "0.001054000", - "frame.time_relative": "1768.136430000", - "frame.number": "7064", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000717f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000470a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47621", - "tcp.dstport": "80", - "tcp.port": "47621", - "tcp.port": "80", - "tcp.stream": "287", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000071b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7062", - "tcp.analysis.ack_rtt": "0.004010000", - "tcp.analysis.initial_rtt": "0.006672000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:59.603159000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495359.603159000", - "frame.time_delta": "0.006043000", - "frame.time_delta_displayed": "0.006043000", - "frame.time_relative": "1768.142473000", - "frame.number": "7065", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00007180", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004709", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47621", - "tcp.dstport": "80", - "tcp.port": "47621", - "tcp.port": "80", - "tcp.stream": "287", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000071a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:59.603666000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495359.603666000", - "frame.time_delta": "0.000507000", - "frame.time_delta_displayed": "0.000507000", - "frame.time_relative": "1768.142980000", - "frame.number": "7066", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000017c4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a0c5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47621", - "tcp.port": "80", - "tcp.port": "47621", - "tcp.stream": "287", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000f9af", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7065", - "tcp.analysis.ack_rtt": "0.000507000", - "tcp.analysis.initial_rtt": "0.006672000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:15:59.607890000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495359.607890000", - "frame.time_delta": "0.004224000", - "frame.time_delta_displayed": "0.004224000", - "frame.time_relative": "1768.147204000", - "frame.number": "7067", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002539", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009350", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47621", - "tcp.dstport": "80", - "tcp.port": "47621", - "tcp.port": "80", - "tcp.stream": "287", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000b7ad", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:00.514009000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495360.514009000", - "frame.time_delta": "0.906119000", - "frame.time_delta_displayed": "0.906119000", - "frame.time_relative": "1769.053323000", - "frame.number": "7068", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00005822", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00005f3f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "305", - "udp.checksum": "0x0000b5cb", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "294", - "http.prev_response_in": "7055" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:00.566747000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495360.566747000", - "frame.time_delta": "0.052738000", - "frame.time_delta_displayed": "0.052738000", - "frame.time_relative": "1769.106061000", - "frame.number": "7069", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00005825", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00005f33", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "314", - "udp.checksum": "0x0000c3b6", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "295", - "http.prev_response_in": "7068" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:00.614794000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495360.614794000", - "frame.time_delta": "0.048047000", - "frame.time_delta_displayed": "0.048047000", - "frame.time_relative": "1769.154108000", - "frame.number": "7070", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x00000e93", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a9e2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47622", - "tcp.dstport": "80", - "tcp.port": "47622", - "tcp.port": "80", - "tcp.stream": "288", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x00007bcf", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:85:7c:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 951676, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "951676", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:00.615350000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495360.615350000", - "frame.time_delta": "0.000556000", - "frame.time_delta_displayed": "0.000556000", - "frame.time_relative": "1769.154664000", - "frame.number": "7071", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47622", - "tcp.port": "80", - "tcp.port": "47622", - "tcp.stream": "288", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00000c81", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7070", - "tcp.analysis.ack_rtt": "0.000556000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:00.619493000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495360.619493000", - "frame.time_delta": "0.004143000", - "frame.time_delta_displayed": "0.004143000", - "frame.time_relative": "1769.158807000", - "frame.number": "7072", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000582b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00005f33", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "3942", - "udp.port": "1900", - "udp.port": "3942", - "udp.length": "308", - "udp.checksum": "0x0000e740", - "udp.checksum.status": "2", - "udp.stream": "39" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "296", - "http.prev_response_in": "7069" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:00.619672000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495360.619672000", - "frame.time_delta": "0.000179000", - "frame.time_delta_displayed": "0.000179000", - "frame.time_relative": "1769.158986000", - "frame.number": "7073", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000e94", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a9f5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47622", - "tcp.dstport": "80", - "tcp.port": "47622", - "tcp.port": "80", - "tcp.stream": "288", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000be08", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7071", - "tcp.analysis.ack_rtt": "0.004322000", - "tcp.analysis.initial_rtt": "0.004878000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:00.620166000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495360.620166000", - "frame.time_delta": "0.000494000", - "frame.time_delta_displayed": "0.000494000", - "frame.time_relative": "1769.159480000", - "frame.number": "7074", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x00000e95", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a934", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47622", - "tcp.dstport": "80", - "tcp.port": "47622", - "tcp.port": "80", - "tcp.stream": "288", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00001d83", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004878000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:00.620731000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495360.620731000", - "frame.time_delta": "0.000565000", - "frame.time_delta_displayed": "0.000565000", - "frame.time_relative": "1769.160045000", - "frame.number": "7075", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000ed90", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000caf8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47622", - "tcp.port": "80", - "tcp.port": "47622", - "tcp.stream": "288", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000afd7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7074", - "tcp.analysis.ack_rtt": "0.000565000", - "tcp.analysis.initial_rtt": "0.004878000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:00.621310000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495360.621310000", - "frame.time_delta": "0.000579000", - "frame.time_delta_displayed": "0.000579000", - "frame.time_relative": "1769.160624000", - "frame.number": "7076", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000ed91", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000cae6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47622", - "tcp.port": "80", - "tcp.port": "47622", - "tcp.stream": "288", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000eff8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004878000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:00.621659000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495360.621659000", - "frame.time_delta": "0.000349000", - "frame.time_delta_displayed": "0.000349000", - "frame.time_relative": "1769.160973000", - "frame.number": "7077", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000ed92", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000c713", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47622", - "tcp.port": "80", - "tcp.port": "47622", - "tcp.stream": "288", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00004262", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004878000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "7076", - "tcp.segment": "7077", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001493000", - "http.request_in": "7074", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:00.627905000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495360.627905000", - "frame.time_delta": "0.006246000", - "frame.time_delta_displayed": "0.006246000", - "frame.time_relative": "1769.167219000", - "frame.number": "7078", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000e96", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a9f3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47622", - "tcp.dstport": "80", - "tcp.port": "47622", - "tcp.port": "80", - "tcp.stream": "288", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000bd37", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7076", - "tcp.analysis.ack_rtt": "0.006595000", - "tcp.analysis.initial_rtt": "0.004878000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:00.628035000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495360.628035000", - "frame.time_delta": "0.000130000", - "frame.time_delta_displayed": "0.000130000", - "frame.time_relative": "1769.167349000", - "frame.number": "7079", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000e97", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a9f2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47622", - "tcp.dstport": "80", - "tcp.port": "47622", - "tcp.port": "80", - "tcp.stream": "288", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000b94c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7077", - "tcp.analysis.ack_rtt": "0.006376000", - "tcp.analysis.initial_rtt": "0.004878000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:00.628518000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495360.628518000", - "frame.time_delta": "0.000483000", - "frame.time_delta_displayed": "0.000483000", - "frame.time_relative": "1769.167832000", - "frame.number": "7080", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000e98", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a9f1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47622", - "tcp.dstport": "80", - "tcp.port": "47622", - "tcp.port": "80", - "tcp.stream": "288", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000b94b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:00.628981000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495360.628981000", - "frame.time_delta": "0.000463000", - "frame.time_delta_displayed": "0.000463000", - "frame.time_relative": "1769.168295000", - "frame.number": "7081", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000017f8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a091", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47622", - "tcp.port": "80", - "tcp.port": "47622", - "tcp.stream": "288", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000abe1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7080", - "tcp.analysis.ack_rtt": "0.000463000", - "tcp.analysis.initial_rtt": "0.004878000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:00.630579000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495360.630579000", - "frame.time_delta": "0.001598000", - "frame.time_delta_displayed": "0.001598000", - "frame.time_relative": "1769.169893000", - "frame.number": "7082", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x00001926", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009f4f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47623", - "tcp.dstport": "80", - "tcp.port": "47623", - "tcp.port": "80", - "tcp.stream": "289", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x0000efcc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:85:7d:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 951677, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "951677", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:00.631086000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495360.631086000", - "frame.time_delta": "0.000507000", - "frame.time_delta_displayed": "0.000507000", - "frame.time_relative": "1769.170400000", - "frame.number": "7083", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47623", - "tcp.port": "80", - "tcp.port": "47623", - "tcp.stream": "289", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00008031", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7082", - "tcp.analysis.ack_rtt": "0.000507000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:00.632937000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495360.632937000", - "frame.time_delta": "0.001851000", - "frame.time_delta_displayed": "0.001851000", - "frame.time_relative": "1769.172251000", - "frame.number": "7084", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000256d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000931c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47622", - "tcp.dstport": "80", - "tcp.port": "47622", - "tcp.port": "80", - "tcp.stream": "288", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00006879", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:00.634598000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495360.634598000", - "frame.time_delta": "0.001661000", - "frame.time_delta_displayed": "0.001661000", - "frame.time_relative": "1769.173912000", - "frame.number": "7085", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001927", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009f62", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47623", - "tcp.dstport": "80", - "tcp.port": "47623", - "tcp.port": "80", - "tcp.stream": "289", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000031b9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7083", - "tcp.analysis.ack_rtt": "0.003512000", - "tcp.analysis.initial_rtt": "0.004019000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:00.634729000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495360.634729000", - "frame.time_delta": "0.000131000", - "frame.time_delta_displayed": "0.000131000", - "frame.time_relative": "1769.174043000", - "frame.number": "7086", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x00001928", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009ea1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47623", - "tcp.dstport": "80", - "tcp.port": "47623", - "tcp.port": "80", - "tcp.stream": "289", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00009133", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004019000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:00.635191000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495360.635191000", - "frame.time_delta": "0.000462000", - "frame.time_delta_displayed": "0.000462000", - "frame.time_relative": "1769.174505000", - "frame.number": "7087", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000155a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a32f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47623", - "tcp.port": "80", - "tcp.port": "47623", - "tcp.stream": "289", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00002388", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7086", - "tcp.analysis.ack_rtt": "0.000462000", - "tcp.analysis.initial_rtt": "0.004019000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:00.635878000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495360.635878000", - "frame.time_delta": "0.000687000", - "frame.time_delta_displayed": "0.000687000", - "frame.time_relative": "1769.175192000", - "frame.number": "7088", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000155b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a31d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47623", - "tcp.port": "80", - "tcp.port": "47623", - "tcp.stream": "289", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000063a9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004019000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:00.636231000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495360.636231000", - "frame.time_delta": "0.000353000", - "frame.time_delta_displayed": "0.000353000", - "frame.time_relative": "1769.175545000", - "frame.number": "7089", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000155c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009f4a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47623", - "tcp.port": "80", - "tcp.port": "47623", - "tcp.stream": "289", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000b612", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004019000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "7088", - "tcp.segment": "7089", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001502000", - "http.request_in": "7086", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:00.638858000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495360.638858000", - "frame.time_delta": "0.002627000", - "frame.time_delta_displayed": "0.002627000", - "frame.time_relative": "1769.178172000", - "frame.number": "7090", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000155d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009f49", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47623", - "tcp.port": "80", - "tcp.port": "47623", - "tcp.stream": "289", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000b612", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004019000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.out_of_order": "", - "_ws.expert.message": "This frame is a (suspected) out-of-order segment", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - } - } - }, - "_ws.malformed": { - "_ws.expert": { - "_ws.malformed.reassembly": "", - "_ws.expert.message": "New fragment overlaps old data (retransmission?)", - "_ws.expert.severity": "8388608", - "_ws.expert.group": "117440512" - }, - "_ws.malformed": "Malformed Packet" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:00.642631000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495360.642631000", - "frame.time_delta": "0.003773000", - "frame.time_delta_displayed": "0.003773000", - "frame.time_relative": "1769.181945000", - "frame.number": "7091", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001929", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009f60", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47623", - "tcp.dstport": "80", - "tcp.port": "47623", - "tcp.port": "80", - "tcp.stream": "289", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000030e8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7088", - "tcp.analysis.ack_rtt": "0.006753000", - "tcp.analysis.initial_rtt": "0.004019000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:00.642681000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495360.642681000", - "frame.time_delta": "0.000050000", - "frame.time_delta_displayed": "0.000050000", - "frame.time_relative": "1769.181995000", - "frame.number": "7092", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000192a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009f5f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47623", - "tcp.dstport": "80", - "tcp.port": "47623", - "tcp.port": "80", - "tcp.stream": "289", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00002cfd", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7089", - "tcp.analysis.ack_rtt": "0.006450000", - "tcp.analysis.initial_rtt": "0.004019000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:00.643515000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495360.643515000", - "frame.time_delta": "0.000834000", - "frame.time_delta_displayed": "0.000834000", - "frame.time_relative": "1769.182829000", - "frame.number": "7093", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000192b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009f5e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47623", - "tcp.dstport": "80", - "tcp.port": "47623", - "tcp.port": "80", - "tcp.stream": "289", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00002cfc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:00.643942000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495360.643942000", - "frame.time_delta": "0.000427000", - "frame.time_delta_displayed": "0.000427000", - "frame.time_relative": "1769.183256000", - "frame.number": "7094", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000017f9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a090", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47623", - "tcp.port": "80", - "tcp.port": "47623", - "tcp.stream": "289", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00001f92", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7093", - "tcp.analysis.ack_rtt": "0.000427000", - "tcp.analysis.initial_rtt": "0.004019000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:00.647683000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495360.647683000", - "frame.time_delta": "0.003741000", - "frame.time_delta_displayed": "0.003741000", - "frame.time_relative": "1769.186997000", - "frame.number": "7095", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000256e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000931b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47623", - "tcp.dstport": "80", - "tcp.port": "47623", - "tcp.port": "80", - "tcp.stream": "289", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000dc78", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:00.647809000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495360.647809000", - "frame.time_delta": "0.000126000", - "frame.time_delta_displayed": "0.000126000", - "frame.time_relative": "1769.187123000", - "frame.number": "7096", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000256f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000931a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47623", - "tcp.dstport": "80", - "tcp.port": "47623", - "tcp.port": "80", - "tcp.stream": "289", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000dc77", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:01.251856000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495361.251856000", - "frame.time_delta": "0.604047000", - "frame.time_delta_displayed": "0.604047000", - "frame.time_relative": "1769.791170000", - "frame.number": "7097", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000545c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000062ef", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "49741", - "udp.port": "1900", - "udp.port": "49741", - "udp.length": "305", - "udp.checksum": "0x000002ce", - "udp.checksum.status": "2", - "udp.stream": "136" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:01.304667000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495361.304667000", - "frame.time_delta": "0.052811000", - "frame.time_delta_displayed": "0.052811000", - "frame.time_relative": "1769.843981000", - "frame.number": "7098", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00005461", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000062e1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "49741", - "udp.port": "1900", - "udp.port": "49741", - "udp.length": "314", - "udp.checksum": "0x000010b9", - "udp.checksum.status": "2", - "udp.stream": "136" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "2", - "http.prev_response_in": "7097" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:01.357411000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495361.357411000", - "frame.time_delta": "0.052744000", - "frame.time_delta_displayed": "0.052744000", - "frame.time_relative": "1769.896725000", - "frame.number": "7099", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00005463", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000062e5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "49741", - "udp.port": "1900", - "udp.port": "49741", - "udp.length": "308", - "udp.checksum": "0x00003443", - "udp.checksum.status": "2", - "udp.stream": "136" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "3", - "http.prev_response_in": "7098" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:02.304218000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495362.304218000", - "frame.time_delta": "0.946807000", - "frame.time_delta_displayed": "0.946807000", - "frame.time_relative": "1770.843532000", - "frame.number": "7100", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x000054c1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000628a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "49741", - "udp.port": "1900", - "udp.port": "49741", - "udp.length": "305", - "udp.checksum": "0x000002ce", - "udp.checksum.status": "2", - "udp.stream": "136" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "4", - "http.prev_response_in": "7099" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:02.356977000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495362.356977000", - "frame.time_delta": "0.052759000", - "frame.time_delta_displayed": "0.052759000", - "frame.time_relative": "1770.896291000", - "frame.number": "7101", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x000054c6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000627c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "49741", - "udp.port": "1900", - "udp.port": "49741", - "udp.length": "314", - "udp.checksum": "0x000010b9", - "udp.checksum.status": "2", - "udp.stream": "136" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "5", - "http.prev_response_in": "7100" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:02.409771000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495362.409771000", - "frame.time_delta": "0.052794000", - "frame.time_delta_displayed": "0.052794000", - "frame.time_relative": "1770.949085000", - "frame.number": "7102", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x000054c7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00006281", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "49741", - "udp.port": "1900", - "udp.port": "49741", - "udp.length": "308", - "udp.checksum": "0x00003443", - "udp.checksum.status": "2", - "udp.stream": "136" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "6", - "http.prev_response_in": "7101" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:02.669474000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495362.669474000", - "frame.time_delta": "0.259703000", - "frame.time_delta_displayed": "0.259703000", - "frame.time_relative": "1771.208788000", - "frame.number": "7103", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001faa", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b846", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000126e", - "udp.checksum.status": "2", - "udp.stream": "98" - }, - "mdns": { - "dns.id": "0x00000287", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=647", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:02.669997000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495362.669997000", - "frame.time_delta": "0.000523000", - "frame.time_delta_displayed": "0.000523000", - "frame.time_relative": "1771.209311000", - "frame.number": "7104", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001fab", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009941", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f369", - "udp.checksum.status": "2", - "udp.stream": "99" - }, - "mdns": { - "dns.id": "0x00000287", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=647", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:02.670614000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495362.670614000", - "frame.time_delta": "0.000617000", - "frame.time_delta_displayed": "0.000617000", - "frame.time_relative": "1771.209928000", - "frame.number": "7105", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1322", - "udp.dstport": "5353", - "udp.port": "1322", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000812f", - "udp.checksum.status": "2", - "udp.stream": "100" - }, - "mdns": { - "dns.id": "0x00000287", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=647", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:02.831071000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495362.831071000", - "frame.time_delta": "0.160457000", - "frame.time_delta_displayed": "0.160457000", - "frame.time_relative": "1771.370385000", - "frame.number": "7106", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x000054d2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00006279", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "49741", - "udp.port": "1900", - "udp.port": "49741", - "udp.length": "305", - "udp.checksum": "0x000002ce", - "udp.checksum.status": "2", - "udp.stream": "136" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "7", - "http.prev_response_in": "7102" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:02.883913000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495362.883913000", - "frame.time_delta": "0.052842000", - "frame.time_delta_displayed": "0.052842000", - "frame.time_relative": "1771.423227000", - "frame.number": "7107", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x000054d3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000626f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "49741", - "udp.port": "1900", - "udp.port": "49741", - "udp.length": "314", - "udp.checksum": "0x000010b9", - "udp.checksum.status": "2", - "udp.stream": "136" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "8", - "http.prev_response_in": "7106" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:02.936651000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495362.936651000", - "frame.time_delta": "0.052738000", - "frame.time_delta_displayed": "0.052738000", - "frame.time_relative": "1771.475965000", - "frame.number": "7108", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x000054d7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00006271", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "49741", - "udp.port": "1900", - "udp.port": "49741", - "udp.length": "308", - "udp.checksum": "0x00003443", - "udp.checksum.status": "2", - "udp.stream": "136" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "9", - "http.prev_response_in": "7107" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:03.883038000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495363.883038000", - "frame.time_delta": "0.946387000", - "frame.time_delta_displayed": "0.946387000", - "frame.time_relative": "1772.422352000", - "frame.number": "7109", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00005525", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00006226", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "49741", - "udp.port": "1900", - "udp.port": "49741", - "udp.length": "305", - "udp.checksum": "0x000002ce", - "udp.checksum.status": "2", - "udp.stream": "136" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "10", - "http.prev_response_in": "7108" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:03.935892000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495363.935892000", - "frame.time_delta": "0.052854000", - "frame.time_delta_displayed": "0.052854000", - "frame.time_relative": "1772.475206000", - "frame.number": "7110", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00005529", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00006219", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "49741", - "udp.port": "1900", - "udp.port": "49741", - "udp.length": "314", - "udp.checksum": "0x000010b9", - "udp.checksum.status": "2", - "udp.stream": "136" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "11", - "http.prev_response_in": "7109" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:03.988612000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495363.988612000", - "frame.time_delta": "0.052720000", - "frame.time_delta_displayed": "0.052720000", - "frame.time_relative": "1772.527926000", - "frame.number": "7111", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000552d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000621b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "49741", - "udp.port": "1900", - "udp.port": "49741", - "udp.length": "308", - "udp.checksum": "0x00003443", - "udp.checksum.status": "2", - "udp.stream": "136" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "12", - "http.prev_response_in": "7110" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:04.009400000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495364.009400000", - "frame.time_delta": "0.020788000", - "frame.time_delta_displayed": "0.020788000", - "frame.time_relative": "1772.548714000", - "frame.number": "7112", - "frame.len": "94", - "frame.cap_len": "94", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "80", - "ip.id": "0x0000581f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a64a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "40", - "tcp.seq": "5078", - "tcp.nxtseq": "5118", - "tcp.ack": "613", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000cc12", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "40", - "tcp.analysis.push_bytes_sent": "40" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "35", - "ssl.app_data": "c1:4c:bc:6e:d4:4e:36:ec:c3:95:d8:10:d3:55:5f:21:9f:69:94:03:3e:ee:25:e2:2f:56:33:a3:9d:6f:75:ca:f7:60:e3" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:04.152730000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495364.152730000", - "frame.time_delta": "0.143330000", - "frame.time_delta_displayed": "0.143330000", - "frame.time_relative": "1772.692044000", - "frame.number": "7113", - "frame.len": "90", - "frame.cap_len": "90", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "76", - "ip.id": "0x00001005", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fd68", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "36", - "tcp.seq": "613", - "tcp.nxtseq": "649", - "tcp.ack": "5118", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00009cf2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7112", - "tcp.analysis.ack_rtt": "0.143330000", - "tcp.analysis.bytes_in_flight": "36", - "tcp.analysis.push_bytes_sent": "36" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "31", - "ssl.app_data": "54:26:79:5a:1e:3d:fa:71:f4:ac:23:9a:b3:48:80:2b:1d:c0:32:4c:94:7b:86:73:bc:ea:74:19:67:39:7d" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:04.153253000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495364.153253000", - "frame.time_delta": "0.000523000", - "frame.time_delta_displayed": "0.000523000", - "frame.time_relative": "1772.692567000", - "frame.number": "7114", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005820", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a671", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "5118", - "tcp.ack": "649", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f039", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7113", - "tcp.analysis.ack_rtt": "0.000523000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:04.988576000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495364.988576000", - "frame.time_delta": "0.835323000", - "frame.time_delta_displayed": "0.835323000", - "frame.time_relative": "1773.527890000", - "frame.number": "7115", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00005578", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000061d3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "49741", - "udp.port": "1900", - "udp.port": "49741", - "udp.length": "305", - "udp.checksum": "0x000002ce", - "udp.checksum.status": "2", - "udp.stream": "136" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "13", - "http.prev_response_in": "7111" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:05.041407000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495365.041407000", - "frame.time_delta": "0.052831000", - "frame.time_delta_displayed": "0.052831000", - "frame.time_relative": "1773.580721000", - "frame.number": "7116", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000557a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000061c8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "49741", - "udp.port": "1900", - "udp.port": "49741", - "udp.length": "314", - "udp.checksum": "0x000010b9", - "udp.checksum.status": "2", - "udp.stream": "136" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "14", - "http.prev_response_in": "7115" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:05.094213000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495365.094213000", - "frame.time_delta": "0.052806000", - "frame.time_delta_displayed": "0.052806000", - "frame.time_relative": "1773.633527000", - "frame.number": "7117", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000557f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000061c9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "49741", - "udp.port": "1900", - "udp.port": "49741", - "udp.length": "308", - "udp.checksum": "0x00003443", - "udp.checksum.status": "2", - "udp.stream": "136" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "15", - "http.prev_response_in": "7116" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:06.040927000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495366.040927000", - "frame.time_delta": "0.946714000", - "frame.time_delta_displayed": "0.946714000", - "frame.time_relative": "1774.580241000", - "frame.number": "7118", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x000055d2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00006179", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "49741", - "udp.port": "1900", - "udp.port": "49741", - "udp.length": "305", - "udp.checksum": "0x000002ce", - "udp.checksum.status": "2", - "udp.stream": "136" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "16", - "http.prev_response_in": "7117" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:06.093671000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495366.093671000", - "frame.time_delta": "0.052744000", - "frame.time_delta_displayed": "0.052744000", - "frame.time_relative": "1774.632985000", - "frame.number": "7119", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x000055d7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000616b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "49741", - "udp.port": "1900", - "udp.port": "49741", - "udp.length": "314", - "udp.checksum": "0x000010b9", - "udp.checksum.status": "2", - "udp.stream": "136" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "17", - "http.prev_response_in": "7118" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:06.146404000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495366.146404000", - "frame.time_delta": "0.052733000", - "frame.time_delta_displayed": "0.052733000", - "frame.time_relative": "1774.685718000", - "frame.number": "7120", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x000055db", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000616d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "49741", - "udp.port": "1900", - "udp.port": "49741", - "udp.length": "308", - "udp.checksum": "0x00003443", - "udp.checksum.status": "2", - "udp.stream": "136" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "18", - "http.prev_response_in": "7119" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:06.304264000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495366.304264000", - "frame.time_delta": "0.157860000", - "frame.time_delta_displayed": "0.157860000", - "frame.time_relative": "1774.843578000", - "frame.number": "7121", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x000055e1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000616a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "49741", - "udp.port": "1900", - "udp.port": "49741", - "udp.length": "305", - "udp.checksum": "0x000002ce", - "udp.checksum.status": "2", - "udp.stream": "136" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "19", - "http.prev_response_in": "7120" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:06.357066000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495366.357066000", - "frame.time_delta": "0.052802000", - "frame.time_delta_displayed": "0.052802000", - "frame.time_relative": "1774.896380000", - "frame.number": "7122", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x000055e5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000615d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "49741", - "udp.port": "1900", - "udp.port": "49741", - "udp.length": "314", - "udp.checksum": "0x000010b9", - "udp.checksum.status": "2", - "udp.stream": "136" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "20", - "http.prev_response_in": "7121" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:06.409778000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495366.409778000", - "frame.time_delta": "0.052712000", - "frame.time_delta_displayed": "0.052712000", - "frame.time_relative": "1774.949092000", - "frame.number": "7123", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x000055e6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00006162", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "49741", - "udp.port": "1900", - "udp.port": "49741", - "udp.length": "308", - "udp.checksum": "0x00003443", - "udp.checksum.status": "2", - "udp.stream": "136" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "21", - "http.prev_response_in": "7122" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:06.671758000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495366.671758000", - "frame.time_delta": "0.261980000", - "frame.time_delta_displayed": "0.261980000", - "frame.time_relative": "1775.211072000", - "frame.number": "7124", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005e52", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x00005997", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:07.356201000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495367.356201000", - "frame.time_delta": "0.684443000", - "frame.time_delta_displayed": "0.684443000", - "frame.time_relative": "1775.895515000", - "frame.number": "7125", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00005614", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00006137", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "49741", - "udp.port": "1900", - "udp.port": "49741", - "udp.length": "305", - "udp.checksum": "0x000002ce", - "udp.checksum.status": "2", - "udp.stream": "136" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "22", - "http.prev_response_in": "7123" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:07.409002000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495367.409002000", - "frame.time_delta": "0.052801000", - "frame.time_delta_displayed": "0.052801000", - "frame.time_relative": "1775.948316000", - "frame.number": "7126", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00005615", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000612d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "49741", - "udp.port": "1900", - "udp.port": "49741", - "udp.length": "314", - "udp.checksum": "0x000010b9", - "udp.checksum.status": "2", - "udp.stream": "136" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "23", - "http.prev_response_in": "7125" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:07.461862000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495367.461862000", - "frame.time_delta": "0.052860000", - "frame.time_delta_displayed": "0.052860000", - "frame.time_relative": "1776.001176000", - "frame.number": "7127", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000561a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000612e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "49741", - "udp.port": "1900", - "udp.port": "49741", - "udp.length": "308", - "udp.checksum": "0x00003443", - "udp.checksum.status": "2", - "udp.stream": "136" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "24", - "http.prev_response_in": "7126" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:08.008772000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495368.008772000", - "frame.time_delta": "0.546910000", - "frame.time_delta_displayed": "0.546910000", - "frame.time_relative": "1776.548086000", - "frame.number": "7128", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "60:f1:89:96:45:f6", - "arp.src.proto_ipv4": "192.168.0.86", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:08.172515000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495368.172515000", - "frame.time_delta": "0.163743000", - "frame.time_delta_displayed": "0.163743000", - "frame.time_relative": "1776.711829000", - "frame.number": "7129", - "frame.len": "151", - "frame.cap_len": "151", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "137", - "ip.id": "0x00002d84", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037a6", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "85", - "tcp.seq": "17469", - "tcp.nxtseq": "17554", - "tcp.ack": "77911", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000cd55", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:c2:67:00:27:62:7b", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812396135, TSecr 2581115": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812396135", - "tcp.options.timestamp.tsecr": "2581115" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "85", - "tcp.analysis.push_bytes_sent": "85" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "80", - "ssl.app_data": "34:cd:34:17:47:48:0e:c1:5b:f7:72:45:a1:13:bf:83:64:96:c2:ee:6d:cb:73:8f:07:ac:11:82:ff:73:48:08:20:25:2f:2a:9b:ca:83:b7:2a:26:58:fd:c1:ce:58:42:63:69:cd:5a:6e:40:c3:59:11:e0:3a:ab:0a:d4:15:15:16:b1:38:ac:0d:b5:31:26:39:0a:df:6e:6c:d5:15:2b" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:08.172991000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495368.172991000", - "frame.time_delta": "0.000476000", - "frame.time_delta_displayed": "0.000476000", - "frame.time_relative": "1776.712305000", - "frame.number": "7130", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00009691", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000076ee", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "77911", - "tcp.ack": "17554", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000094f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:66:f9:a7:a1:c2:67", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2582265, TSecr 2812396135": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2582265", - "tcp.options.timestamp.tsecr": "2812396135" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7129", - "tcp.analysis.ack_rtt": "0.000476000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:08.176602000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495368.176602000", - "frame.time_delta": "0.003611000", - "frame.time_delta_displayed": "0.003611000", - "frame.time_relative": "1776.715916000", - "frame.number": "7131", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00009692", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000076be", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "77911", - "tcp.nxtseq": "77958", - "tcp.ack": "17554", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00009978", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:66:fa:a7:a1:c2:67", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2582266, TSecr 2812396135": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2582266", - "tcp.options.timestamp.tsecr": "2812396135" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:29:09:21:63:9b:c7:b9:2d:75:b2:95:e4:57:5a:44:e9:1b:0a:7f:c2:2a:19:01:d2:49:82:05:27:64:c3:8d:e8:5e:33:c2" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:08.190507000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495368.190507000", - "frame.time_delta": "0.013905000", - "frame.time_delta_displayed": "0.013905000", - "frame.time_relative": "1776.729821000", - "frame.number": "7132", - "frame.len": "162", - "frame.cap_len": "162", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "148", - "ip.id": "0x0000df03", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000eabf", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "10023", - "udp.dstport": "1900", - "udp.port": "10023", - "udp.port": "1900", - "udp.length": "128", - "udp.checksum": "0x0000e91a", - "udp.checksum.status": "2", - "udp.stream": "88" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.request.line": "MX: 4\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST:239.255.255.250:1900\r\n", - "http.request.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "5", - "http.prev_request_in": "3404" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:08.275813000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495368.275813000", - "frame.time_delta": "0.085306000", - "frame.time_delta_displayed": "0.085306000", - "frame.time_relative": "1776.815127000", - "frame.number": "7133", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d85", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037fa", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "17554", - "tcp.ack": "77958", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000009f4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:c2:81:00:27:66:fa", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812396161, TSecr 2582266": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812396161", - "tcp.options.timestamp.tsecr": "2582266" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7131", - "tcp.analysis.ack_rtt": "0.099211000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:08.276306000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495368.276306000", - "frame.time_delta": "0.000493000", - "frame.time_delta_displayed": "0.000493000", - "frame.time_relative": "1776.815620000", - "frame.number": "7134", - "frame.len": "174", - "frame.cap_len": "174", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "160", - "ip.id": "0x00009693", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007680", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "108", - "tcp.seq": "77958", - "tcp.nxtseq": "78066", - "tcp.ack": "17554", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00009e11", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:67:04:a7:a1:c2:81", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2582276, TSecr 2812396161": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2582276", - "tcp.options.timestamp.tsecr": "2812396161" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "108", - "tcp.analysis.push_bytes_sent": "108" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:2a:0d:1c:3f:d7:95:27:a4:c6:2e:ed:d7:72:f1:c6:54:35:2c:d5:ef:0a:82:49:8f:58:c5:e2:09:24:67:53:1c:d9:7c:02:27:11:be:9c:ca:73:e2" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:2b:f2:f8:00:5d:4f:6a:3e:ff:53:f9:92:a5:5e:88:ac:7f:b9:d9:94:78:8a:cf:89:68:00:1e:86:8c:c0:77:9c:cb:4b:07:f0:7a:7c:3b:ef:51:70" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:08.336393000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495368.336393000", - "frame.time_delta": "0.060087000", - "frame.time_delta_displayed": "0.060087000", - "frame.time_relative": "1776.875707000", - "frame.number": "7135", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d86", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037f9", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "17554", - "tcp.ack": "78066", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000096f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:c2:90:00:27:67:04", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812396176, TSecr 2582276": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812396176", - "tcp.options.timestamp.tsecr": "2582276" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7134", - "tcp.analysis.ack_rtt": "0.060087000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:08.336888000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495368.336888000", - "frame.time_delta": "0.000495000", - "frame.time_delta_displayed": "0.000495000", - "frame.time_relative": "1776.876202000", - "frame.number": "7136", - "frame.len": "218", - "frame.cap_len": "218", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "204", - "ip.id": "0x00009694", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007653", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "152", - "tcp.seq": "78066", - "tcp.nxtseq": "78218", - "tcp.ack": "17554", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000ce9f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:67:0a:a7:a1:c2:90", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2582282, TSecr 2812396176": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2582282", - "tcp.options.timestamp.tsecr": "2812396176" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "152", - "tcp.analysis.push_bytes_sent": "152" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "147", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:2c:56:d9:0c:8e:b9:2d:f5:77:32:49:31:91:3a:45:da:ba:34:25:1c:69:64:e9:ca:7f:08:e2:b6:f5:c9:3d:87:d7:49:b5:4a:37:c8:16:c2:b9:e4:9d:d7:96:ca:1f:6e:d2:a9:6a:c6:cf:df:03:c5:7e:96:a0:a5:a9:13:ca:0e:13:08:1e:a1:e1:dd:27:3f:ff:01:fe:26:e2:e4:e0:8e:11:a9:8f:54:a4:2c:ed:b1:30:57:48:97:62:90:51:d5:73:5f:70:98:ca:c5:5e:49:62:ea:fe:84:ef:6d:3a:82:a3:32:b2:30:9d:7c:1b:1e:b2:1c:e8:c7:72:90:cd:48:fc:b3:f7:df:a0:e2:a6:d0:27:d4:e1:a4" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:08.397379000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495368.397379000", - "frame.time_delta": "0.060491000", - "frame.time_delta_displayed": "0.060491000", - "frame.time_relative": "1776.936693000", - "frame.number": "7137", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d87", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037f8", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "17554", - "tcp.ack": "78218", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000008c2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:c2:9f:00:27:67:0a", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812396191, TSecr 2582282": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812396191", - "tcp.options.timestamp.tsecr": "2582282" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7136", - "tcp.analysis.ack_rtt": "0.060491000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:08.397871000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495368.397871000", - "frame.time_delta": "0.000492000", - "frame.time_delta_displayed": "0.000492000", - "frame.time_relative": "1776.937185000", - "frame.number": "7138", - "frame.len": "227", - "frame.cap_len": "227", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "213", - "ip.id": "0x00009695", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007649", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "161", - "tcp.seq": "78218", - "tcp.nxtseq": "78379", - "tcp.ack": "17554", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00006a4d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:67:10:a7:a1:c2:9f", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2582288, TSecr 2812396191": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2582288", - "tcp.options.timestamp.tsecr": "2812396191" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "161", - "tcp.analysis.push_bytes_sent": "161" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "156", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:2d:8c:01:28:1b:bd:1e:4f:19:ed:0c:4b:e3:7e:24:fa:18:a5:65:5b:28:4c:f5:24:76:27:02:25:38:c0:20:71:44:df:68:fa:f0:d9:22:c0:47:95:ad:bb:12:00:9e:7b:a0:6c:53:9b:f3:cc:56:bf:7d:24:8b:5b:4d:71:a7:3e:36:25:2a:29:4a:80:67:8e:14:48:e8:b9:76:84:00:7e:9b:40:72:99:d0:ed:ce:c8:48:0b:f1:6a:0a:16:2a:0b:72:57:3c:5c:39:d3:96:b5:5b:5d:71:d4:9f:7d:89:cb:ec:43:d5:c2:a8:99:49:36:fd:41:5d:6a:92:e8:d9:50:5e:b9:03:7d:2a:fb:cf:14:4f:cb:22:a2:48:cc:ef:7c:7c:5f:b3:f4:ba" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:08.458112000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495368.458112000", - "frame.time_delta": "0.060241000", - "frame.time_delta_displayed": "0.060241000", - "frame.time_relative": "1776.997426000", - "frame.number": "7139", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d88", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037f7", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "17554", - "tcp.ack": "78379", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000080c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:c2:ae:00:27:67:10", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812396206, TSecr 2582288": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812396206", - "tcp.options.timestamp.tsecr": "2582288" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7138", - "tcp.analysis.ack_rtt": "0.060241000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:08.458607000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495368.458607000", - "frame.time_delta": "0.000495000", - "frame.time_delta_displayed": "0.000495000", - "frame.time_relative": "1776.997921000", - "frame.number": "7140", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00009696", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000764e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "155", - "tcp.seq": "78379", - "tcp.nxtseq": "78534", - "tcp.ack": "17554", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000e6fc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:67:16:a7:a1:c2:ae", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2582294, TSecr 2812396206": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2582294", - "tcp.options.timestamp.tsecr": "2812396206" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "155", - "tcp.analysis.push_bytes_sent": "155" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "150", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:2e:9f:a9:d1:96:09:69:1c:ad:2c:48:15:93:77:40:28:cd:6b:fa:da:4e:5b:5a:2a:6d:e1:35:5d:f4:07:95:d2:55:76:20:0e:5e:ef:9d:10:fe:73:11:cb:3f:c7:2e:ad:02:a8:5c:5a:fb:8a:9c:33:a2:96:a4:19:95:ec:ba:ae:46:dc:dc:9a:f9:e3:09:a9:b7:1b:0e:64:09:38:1e:b0:ba:04:a2:ea:12:28:22:22:7b:6c:4f:bc:d8:e6:34:8b:56:12:64:5c:57:3c:91:d6:9e:ef:af:e4:ff:b4:05:58:f3:75:de:0a:04:b0:13:d5:61:6c:02:ff:0d:b1:a1:f6:a0:36:c8:73:4a:d6:17:36:fe:23:19:fb:77:20:29" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:08.518672000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495368.518672000", - "frame.time_delta": "0.060065000", - "frame.time_delta_displayed": "0.060065000", - "frame.time_relative": "1777.057986000", - "frame.number": "7141", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d89", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037f6", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "17554", - "tcp.ack": "78534", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000075b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:c2:be:00:27:67:16", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812396222, TSecr 2582294": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812396222", - "tcp.options.timestamp.tsecr": "2582294" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7140", - "tcp.analysis.ack_rtt": "0.060065000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:09.375573000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495369.375573000", - "frame.time_delta": "0.856901000", - "frame.time_delta_displayed": "0.856901000", - "frame.time_relative": "1777.914887000", - "frame.number": "7142", - "frame.len": "218", - "frame.cap_len": "218", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "204", - "ip.id": "0x00009697", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007650", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "152", - "tcp.seq": "78534", - "tcp.nxtseq": "78686", - "tcp.ack": "17554", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000038a9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:67:72:a7:a1:c2:be", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2582386, TSecr 2812396222": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2582386", - "tcp.options.timestamp.tsecr": "2812396222" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "152", - "tcp.analysis.push_bytes_sent": "152" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "147", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:2f:cc:5a:fa:2d:01:b0:49:fc:a5:a2:2a:50:9a:48:27:13:bf:48:05:85:04:02:be:6c:7a:0e:73:76:8e:1b:0e:30:3d:27:f2:ad:b2:54:73:45:55:6e:9e:b2:2a:88:56:94:29:98:f6:f3:04:36:b0:51:0f:89:92:57:d2:7d:4c:89:3f:dd:38:9e:f8:03:20:e3:08:2d:6b:b0:75:67:81:f2:04:85:ae:85:1c:3a:f2:8c:95:8e:eb:38:64:8a:c4:38:98:45:85:9d:e4:65:b9:e2:91:1c:0f:af:c0:c9:ad:91:f0:0a:f5:5e:76:45:92:e0:31:a7:e1:3e:70:b1:43:c9:cd:ae:77:f6:47:8b:31:60:1a:30:ce" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:09.435791000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495369.435791000", - "frame.time_delta": "0.060218000", - "frame.time_delta_displayed": "0.060218000", - "frame.time_relative": "1777.975105000", - "frame.number": "7143", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d8a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037f5", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "17554", - "tcp.ack": "78686", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00000582", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:c3:a3:00:27:67:72", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812396451, TSecr 2582386": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812396451", - "tcp.options.timestamp.tsecr": "2582386" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7142", - "tcp.analysis.ack_rtt": "0.060218000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:09.436284000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495369.436284000", - "frame.time_delta": "0.000493000", - "frame.time_delta_displayed": "0.000493000", - "frame.time_relative": "1777.975598000", - "frame.number": "7144", - "frame.len": "227", - "frame.cap_len": "227", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "213", - "ip.id": "0x00009698", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007646", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "161", - "tcp.seq": "78686", - "tcp.nxtseq": "78847", - "tcp.ack": "17554", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000397e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:67:78:a7:a1:c3:a3", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2582392, TSecr 2812396451": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2582392", - "tcp.options.timestamp.tsecr": "2812396451" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "161", - "tcp.analysis.push_bytes_sent": "161" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "156", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:30:b4:e4:2c:66:4b:7a:17:17:31:be:43:f5:68:bd:20:11:a5:00:81:85:ab:85:72:c5:83:81:40:cd:c2:52:4f:10:10:64:8e:fa:b8:1f:5a:06:bc:6c:e4:5e:31:61:4e:e2:f4:94:d8:2a:d4:4c:03:f1:67:67:48:4d:ba:bb:aa:b0:cb:5d:b9:a7:53:b8:06:a9:d8:08:09:54:5c:37:60:fb:fd:13:c9:59:1a:1c:ee:f7:2f:5c:dc:65:8a:02:40:65:58:42:99:c8:74:53:8d:ed:62:e8:a0:a4:4f:6e:7b:67:b2:2d:54:44:f0:c2:87:20:5c:17:25:d3:bd:b1:fc:51:f6:86:4d:bf:30:39:60:22:d6:ca:7e:04:4a:fc:37:db:eb:79:22:3d" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:09.496381000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495369.496381000", - "frame.time_delta": "0.060097000", - "frame.time_delta_displayed": "0.060097000", - "frame.time_relative": "1778.035695000", - "frame.number": "7145", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d8b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037f4", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "17554", - "tcp.ack": "78847", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000004cc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:c3:b2:00:27:67:78", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812396466, TSecr 2582392": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812396466", - "tcp.options.timestamp.tsecr": "2582392" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7144", - "tcp.analysis.ack_rtt": "0.060097000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:09.496884000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495369.496884000", - "frame.time_delta": "0.000503000", - "frame.time_delta_displayed": "0.000503000", - "frame.time_relative": "1778.036198000", - "frame.number": "7146", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00009699", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000764b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "155", - "tcp.seq": "78847", - "tcp.nxtseq": "79002", - "tcp.ack": "17554", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000b101", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:67:7e:a7:a1:c3:b2", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2582398, TSecr 2812396466": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2582398", - "tcp.options.timestamp.tsecr": "2812396466" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "155", - "tcp.analysis.push_bytes_sent": "155" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "150", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:31:95:0a:35:e0:25:fe:dc:78:68:d5:ff:c3:41:98:4c:7e:22:8d:b4:3c:0c:f7:48:ab:49:69:d3:46:c7:72:a6:b1:cf:92:51:33:85:42:c1:e0:86:26:98:94:ef:de:fc:19:d6:7c:14:da:16:4a:bb:9d:da:44:25:09:82:b1:50:3c:43:d7:f0:b2:94:6e:02:9f:4a:10:b4:a8:5f:53:6f:52:5d:6d:7c:7e:ed:d9:e4:0f:16:6d:e7:0a:6c:17:68:1e:45:79:55:57:76:3a:60:b3:db:1f:61:d0:65:69:86:90:91:51:3d:c6:91:c5:a7:32:7b:15:c3:ba:c2:af:29:d6:0e:a0:b9:fc:dc:66:1d:08:b4:ec:5d:aa:da:1e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:09.556943000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495369.556943000", - "frame.time_delta": "0.060059000", - "frame.time_delta_displayed": "0.060059000", - "frame.time_relative": "1778.096257000", - "frame.number": "7147", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d8c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037f3", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "17554", - "tcp.ack": "79002", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000041c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:c3:c1:00:27:67:7e", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812396481, TSecr 2582398": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812396481", - "tcp.options.timestamp.tsecr": "2582398" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7146", - "tcp.analysis.ack_rtt": "0.060059000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:11.172852000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495371.172852000", - "frame.time_delta": "1.615909000", - "frame.time_delta_displayed": "1.615909000", - "frame.time_relative": "1779.712166000", - "frame.number": "7148", - "frame.len": "156", - "frame.cap_len": "156", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "142", - "ip.id": "0x00002d8d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003798", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "90", - "tcp.seq": "17554", - "tcp.nxtseq": "17644", - "tcp.ack": "79002", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000c46b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:c5:55:00:27:67:7e", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812396885, TSecr 2582398": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812396885", - "tcp.options.timestamp.tsecr": "2582398" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "90", - "tcp.analysis.push_bytes_sent": "90" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "85", - "ssl.app_data": "34:cd:34:17:47:48:0e:c2:49:ed:9b:9b:c4:bc:57:1a:32:d2:f6:54:ac:ed:8f:40:1a:75:01:b5:f0:40:a7:f4:e2:d5:6a:02:02:21:df:f4:6a:35:cf:b5:e1:1f:31:ef:c1:c0:54:8e:8a:17:65:71:79:a3:3d:5d:e7:8a:01:1b:e2:d1:2b:37:c8:52:36:9f:d0:9d:2a:21:43:17:02:1a:69:4d:1c:2a:e9" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:11.176929000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495371.176929000", - "frame.time_delta": "0.004077000", - "frame.time_delta_displayed": "0.004077000", - "frame.time_relative": "1779.716243000", - "frame.number": "7149", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x0000969a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000076b6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "79002", - "tcp.nxtseq": "79049", - "tcp.ack": "17644", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00000c63", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:68:26:a7:a1:c5:55", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2582566, TSecr 2812396885": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2582566", - "tcp.options.timestamp.tsecr": "2812396885" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7148", - "tcp.analysis.ack_rtt": "0.004077000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:32:1d:91:e8:84:0e:28:55:96:a0:f4:89:73:80:a3:fa:42:df:cc:50:18:5b:eb:cd:e0:cd:49:ba:02:f4:57:d0:43:27:05" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:11.190910000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495371.190910000", - "frame.time_delta": "0.013981000", - "frame.time_delta_displayed": "0.013981000", - "frame.time_relative": "1779.730224000", - "frame.number": "7150", - "frame.len": "167", - "frame.cap_len": "167", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "153", - "ip.id": "0x0000df1f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ea9e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "10024", - "udp.dstport": "1900", - "udp.port": "10024", - "udp.port": "1900", - "udp.length": "133", - "udp.checksum": "0x00009659", - "udp.checksum.status": "2", - "udp.stream": "89" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.request.line": "MX: 4\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST:239.255.255.250:1900\r\n", - "http.request.line": "ST: urn:schemas-upnp-org:device:ZonePlayer:1\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "5", - "http.prev_request_in": "3431" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:11.237082000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495371.237082000", - "frame.time_delta": "0.046172000", - "frame.time_delta_displayed": "0.046172000", - "frame.time_relative": "1779.776396000", - "frame.number": "7151", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d8e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037f1", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "17644", - "tcp.ack": "79049", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00000147", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:c5:65:00:27:68:26", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812396901, TSecr 2582566": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812396901", - "tcp.options.timestamp.tsecr": "2582566" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7149", - "tcp.analysis.ack_rtt": "0.060153000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:11.237566000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495371.237566000", - "frame.time_delta": "0.000484000", - "frame.time_delta_displayed": "0.000484000", - "frame.time_relative": "1779.776880000", - "frame.number": "7152", - "frame.len": "174", - "frame.cap_len": "174", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "160", - "ip.id": "0x0000969b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007678", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "108", - "tcp.seq": "79049", - "tcp.nxtseq": "79157", - "tcp.ack": "17644", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00001ff7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:68:2c:a7:a1:c5:65", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2582572, TSecr 2812396901": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2582572", - "tcp.options.timestamp.tsecr": "2812396901" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "108", - "tcp.analysis.push_bytes_sent": "108" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:33:4d:80:6c:57:07:66:75:40:3f:80:66:a4:8e:d7:33:26:e9:07:63:bd:8d:02:3e:db:f9:b6:01:b6:2f:70:cd:d2:94:90:4b:a1:73:62:22:7e:de" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:34:90:9b:c2:5a:05:ce:82:10:38:e3:4b:3a:56:bf:2c:f7:4a:24:d2:97:1f:53:a5:91:f1:67:f7:69:5a:41:1e:71:9d:1b:aa:e0:85:d9:79:bf:33" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:11.297629000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495371.297629000", - "frame.time_delta": "0.060063000", - "frame.time_delta_displayed": "0.060063000", - "frame.time_relative": "1779.836943000", - "frame.number": "7153", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d8f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037f0", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "17644", - "tcp.ack": "79157", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000000c6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:c5:74:00:27:68:2c", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812396916, TSecr 2582572": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812396916", - "tcp.options.timestamp.tsecr": "2582572" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7152", - "tcp.analysis.ack_rtt": "0.060063000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:11.321689000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495371.321689000", - "frame.time_delta": "0.024060000", - "frame.time_delta_displayed": "0.024060000", - "frame.time_relative": "1779.861003000", - "frame.number": "7154", - "frame.len": "218", - "frame.cap_len": "218", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "204", - "ip.id": "0x0000969c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000764b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "152", - "tcp.seq": "79157", - "tcp.nxtseq": "79309", - "tcp.ack": "17644", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000334f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:68:34:a7:a1:c5:74", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2582580, TSecr 2812396916": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2582580", - "tcp.options.timestamp.tsecr": "2812396916" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "152", - "tcp.analysis.push_bytes_sent": "152" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "147", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:35:3b:08:c8:4b:7c:7b:c3:bd:d5:71:bb:3f:6f:5d:82:39:eb:a0:b4:58:72:ca:32:b2:ef:63:ca:ff:1e:2a:1d:a5:a0:81:78:02:e7:96:95:f3:81:5a:2d:97:70:f4:ae:85:64:7b:0c:4a:62:8f:c0:82:89:9c:73:03:e0:c4:7a:13:e7:4f:1f:b9:a0:ec:26:23:ce:4d:d7:61:3c:99:6c:13:dc:a5:eb:ae:97:7a:40:de:07:38:7f:30:16:17:74:09:31:9d:34:73:48:72:40:a0:a3:03:3c:f1:a9:5b:0d:1e:bc:d8:69:9f:ee:80:ea:d0:88:74:aa:cc:de:8a:f2:4b:59:bd:4d:9c:b2:b8:0a:e7:62:cb:4e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:11.358681000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495371.358681000", - "frame.time_delta": "0.036992000", - "frame.time_delta_displayed": "0.036992000", - "frame.time_relative": "1779.897995000", - "frame.number": "7155", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "00:17:88:69:ee:e4", - "arp.src.proto_ipv4": "192.168.0.160", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.108" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:11.361494000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495371.361494000", - "frame.time_delta": "0.002813000", - "frame.time_delta_displayed": "0.002813000", - "frame.time_relative": "1779.900808000", - "frame.number": "7156", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "60:57:18:8e:aa:94", - "arp.src.proto_ipv4": "192.168.0.108", - "arp.dst.hw_mac": "00:17:88:69:ee:e4", - "arp.dst.proto_ipv4": "192.168.0.160" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:11.381878000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495371.381878000", - "frame.time_delta": "0.020384000", - "frame.time_delta_displayed": "0.020384000", - "frame.time_relative": "1779.921192000", - "frame.number": "7157", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d90", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037ef", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "17644", - "tcp.ack": "79309", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00000011", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:c5:89:00:27:68:34", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812396937, TSecr 2582580": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812396937", - "tcp.options.timestamp.tsecr": "2582580" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7154", - "tcp.analysis.ack_rtt": "0.060189000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:11.382377000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495371.382377000", - "frame.time_delta": "0.000499000", - "frame.time_delta_displayed": "0.000499000", - "frame.time_relative": "1779.921691000", - "frame.number": "7158", - "frame.len": "227", - "frame.cap_len": "227", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "213", - "ip.id": "0x0000969d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007641", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "161", - "tcp.seq": "79309", - "tcp.nxtseq": "79470", - "tcp.ack": "17644", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000065ff", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:68:3a:a7:a1:c5:89", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2582586, TSecr 2812396937": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2582586", - "tcp.options.timestamp.tsecr": "2812396937" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "161", - "tcp.analysis.push_bytes_sent": "161" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "156", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:36:ce:d5:b8:54:ab:c6:08:b9:4d:d5:48:33:5c:2a:d8:75:63:88:e2:ad:a5:16:68:5b:8d:b4:7c:e3:4d:70:c6:fa:48:a3:49:bb:b0:4f:2a:eb:51:df:36:da:c0:54:d7:89:d5:49:1e:e9:77:7a:8a:ae:83:b7:3f:0b:c3:bb:90:f8:ad:09:1d:84:09:8e:07:ef:02:f0:2d:e2:7b:7c:9d:4b:13:58:6a:76:17:d7:d3:90:37:36:cd:88:63:8b:5f:6b:93:71:6c:20:a5:1d:7b:d8:18:4b:aa:55:76:7f:b9:98:48:cd:1f:4a:88:95:4b:ac:43:89:17:da:ad:49:a9:30:f1:21:1e:f9:05:4a:78:e1:5e:a3:38:be:47:2d:80:60:bd:0f:3a:9e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:11.442471000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495371.442471000", - "frame.time_delta": "0.060094000", - "frame.time_delta_displayed": "0.060094000", - "frame.time_relative": "1779.981785000", - "frame.number": "7159", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d91", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037ee", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "17644", - "tcp.ack": "79470", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000ff59", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:c5:99:00:27:68:3a", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812396953, TSecr 2582586": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812396953", - "tcp.options.timestamp.tsecr": "2582586" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7158", - "tcp.analysis.ack_rtt": "0.060094000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:11.442964000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495371.442964000", - "frame.time_delta": "0.000493000", - "frame.time_delta_displayed": "0.000493000", - "frame.time_relative": "1779.982278000", - "frame.number": "7160", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x0000969e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007646", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "155", - "tcp.seq": "79470", - "tcp.nxtseq": "79625", - "tcp.ack": "17644", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00005a0d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:68:40:a7:a1:c5:99", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2582592, TSecr 2812396953": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2582592", - "tcp.options.timestamp.tsecr": "2812396953" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "155", - "tcp.analysis.push_bytes_sent": "155" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "150", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:37:5e:76:ac:1f:b1:06:42:ab:7d:43:75:67:16:f2:bb:c0:47:3b:2a:3c:35:eb:ab:a4:ae:f9:da:64:f0:e0:e4:36:12:95:5f:b1:9f:aa:c9:d1:54:76:23:41:a4:74:65:21:33:14:bd:73:3a:ed:1a:ea:71:2f:e6:1c:46:4d:27:59:a6:ae:15:7b:24:d6:e8:c7:dc:0c:d6:f0:95:36:57:64:47:00:1c:44:91:4a:93:b8:15:d7:71:7b:44:88:33:c1:fa:59:19:ce:de:22:f9:f4:a8:f9:d8:13:8f:de:38:cd:ab:4d:e9:e7:5a:2f:ad:d2:80:d3:60:1e:a4:49:04:60:7e:ac:cf:20:5a:33:71:a3:9d:43:50:50:60:32" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:11.503202000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495371.503202000", - "frame.time_delta": "0.060238000", - "frame.time_delta_displayed": "0.060238000", - "frame.time_relative": "1780.042516000", - "frame.number": "7161", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d92", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037ed", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "17644", - "tcp.ack": "79625", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000fea9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:c5:a8:00:27:68:40", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812396968, TSecr 2582592": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812396968", - "tcp.options.timestamp.tsecr": "2582592" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7160", - "tcp.analysis.ack_rtt": "0.060238000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:12.371964000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495372.371964000", - "frame.time_delta": "0.868762000", - "frame.time_delta_displayed": "0.868762000", - "frame.time_relative": "1780.911278000", - "frame.number": "7162", - "frame.len": "218", - "frame.cap_len": "218", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "204", - "ip.id": "0x0000969f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007648", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "152", - "tcp.seq": "79625", - "tcp.nxtseq": "79777", - "tcp.ack": "17644", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000c28c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:68:9d:a7:a1:c5:a8", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2582685, TSecr 2812396968": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2582685", - "tcp.options.timestamp.tsecr": "2812396968" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "152", - "tcp.analysis.push_bytes_sent": "152" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "147", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:38:b6:e1:ad:54:33:5d:bb:05:24:12:12:ae:59:65:d6:cb:ad:d8:13:b8:22:5f:28:00:30:62:59:3c:75:71:79:78:23:f8:77:f8:73:be:1b:95:d4:01:31:bb:78:3a:08:03:6d:89:a2:9c:9e:e8:a8:b8:c4:29:e0:90:87:d8:4f:ef:3a:31:54:a9:ec:b7:fa:a3:69:37:79:3b:f1:ca:02:48:c6:6d:c2:5a:75:f9:ea:b5:72:5e:8e:2b:7c:ba:b2:75:70:b2:7f:4c:b7:bd:8c:5a:de:d3:c1:41:75:0b:31:a8:91:7b:ea:db:f0:73:fe:30:96:72:e8:f5:04:56:11:1c:69:9e:c3:30:9a:50:db:34:fa:11:cf" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:12.432061000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495372.432061000", - "frame.time_delta": "0.060097000", - "frame.time_delta_displayed": "0.060097000", - "frame.time_relative": "1780.971375000", - "frame.number": "7163", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d93", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037ec", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "17644", - "tcp.ack": "79777", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000fccc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:c6:90:00:27:68:9d", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812397200, TSecr 2582685": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812397200", - "tcp.options.timestamp.tsecr": "2582685" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7162", - "tcp.analysis.ack_rtt": "0.060097000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:12.432554000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495372.432554000", - "frame.time_delta": "0.000493000", - "frame.time_delta_displayed": "0.000493000", - "frame.time_relative": "1780.971868000", - "frame.number": "7164", - "frame.len": "227", - "frame.cap_len": "227", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "213", - "ip.id": "0x000096a0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000763e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "161", - "tcp.seq": "79777", - "tcp.nxtseq": "79938", - "tcp.ack": "17644", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000009cb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:68:a3:a7:a1:c6:90", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2582691, TSecr 2812397200": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2582691", - "tcp.options.timestamp.tsecr": "2812397200" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "161", - "tcp.analysis.push_bytes_sent": "161" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "156", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:39:33:da:d0:70:1a:d7:4b:ee:9d:e8:56:71:15:cb:83:e1:c0:03:e6:f9:63:e8:dc:6d:a6:22:2d:a0:1d:5d:75:fe:b2:85:5d:e9:7d:8f:12:dd:29:a2:1d:8b:53:ba:b1:f6:66:20:c0:68:0c:1f:ec:91:28:78:e5:58:99:f5:b7:de:63:1d:61:9b:44:f2:2c:16:c7:ea:76:bf:00:d8:b1:8a:59:61:8b:30:40:68:18:d7:8a:e1:86:26:c3:4d:33:08:27:a0:ee:58:da:c9:a9:d2:c2:37:01:2a:ee:26:56:2d:2d:13:06:5f:03:e6:e5:7d:3f:07:e2:70:d3:84:e3:4e:07:15:44:ef:65:e9:67:9f:0e:21:30:1b:79:c4:6e:77:83:17:c7:9b" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:12.492686000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495372.492686000", - "frame.time_delta": "0.060132000", - "frame.time_delta_displayed": "0.060132000", - "frame.time_relative": "1781.032000000", - "frame.number": "7165", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d94", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037eb", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "17644", - "tcp.ack": "79938", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000fc16", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:c6:9f:00:27:68:a3", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812397215, TSecr 2582691": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812397215", - "tcp.options.timestamp.tsecr": "2582691" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7164", - "tcp.analysis.ack_rtt": "0.060132000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:12.493164000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495372.493164000", - "frame.time_delta": "0.000478000", - "frame.time_delta_displayed": "0.000478000", - "frame.time_relative": "1781.032478000", - "frame.number": "7166", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x000096a1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007643", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "155", - "tcp.seq": "79938", - "tcp.nxtseq": "80093", - "tcp.ack": "17644", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00005bde", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:68:a9:a7:a1:c6:9f", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2582697, TSecr 2812397215": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2582697", - "tcp.options.timestamp.tsecr": "2812397215" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "155", - "tcp.analysis.push_bytes_sent": "155" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "150", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:3a:02:3c:ff:72:de:7c:4d:28:a2:bb:69:93:e2:83:04:03:4e:ba:be:84:ab:26:58:68:da:8d:ee:43:69:ed:ec:50:3d:82:8b:64:3d:7d:05:f2:0c:11:64:36:f1:73:9d:90:24:71:13:93:07:cb:c5:7c:3b:bc:cb:f9:f9:64:7b:2b:5c:1e:6a:e7:d6:50:a0:d5:82:83:6a:1f:f5:ae:7c:76:dc:38:f1:cb:59:2c:03:e3:20:60:8c:21:22:44:6b:9b:5d:fd:5b:bb:50:1d:e7:ae:71:f1:f8:72:72:af:2a:eb:1d:5c:e0:40:b4:4c:81:c9:b9:92:27:6f:d2:51:cc:09:09:f6:4a:b9:cb:70:63:7a:09:be:9f:02:c6:61" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:12.553236000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495372.553236000", - "frame.time_delta": "0.060072000", - "frame.time_delta_displayed": "0.060072000", - "frame.time_relative": "1781.092550000", - "frame.number": "7167", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d95", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037ea", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "17644", - "tcp.ack": "80093", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000fb66", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:c6:ae:00:27:68:a9", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812397230, TSecr 2582697": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812397230", - "tcp.options.timestamp.tsecr": "2582697" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7166", - "tcp.analysis.ack_rtt": "0.060072000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:13.212974000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495373.212974000", - "frame.time_delta": "0.659738000", - "frame.time_delta_displayed": "0.659738000", - "frame.time_relative": "1781.752288000", - "frame.number": "7168", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "106", - "ip.id": "0x000096a2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000076a7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "54", - "tcp.seq": "80093", - "tcp.nxtseq": "80147", - "tcp.ack": "17644", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00009741", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:68:f1:a7:a1:c6:ae", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2582769, TSecr 2812397230": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2582769", - "tcp.options.timestamp.tsecr": "2812397230" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "54", - "tcp.analysis.push_bytes_sent": "54" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:3b:ad:4b:2c:7c:37:f9:12:f4:be:1f:58:63:bc:c1:ad:26:e7:7f:e6:8d:d7:95:87:50:ef:8b:ea:39:e9:dd:2b:14:c6:45:16:14:c9:f5:ef:03:39" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:13.327661000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495373.327661000", - "frame.time_delta": "0.114687000", - "frame.time_delta_displayed": "0.114687000", - "frame.time_relative": "1781.866975000", - "frame.number": "7169", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d96", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037e9", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "17644", - "tcp.ack": "80147", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000fa34", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:c7:62:00:27:68:f1", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812397410, TSecr 2582769": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812397410", - "tcp.options.timestamp.tsecr": "2582769" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7168", - "tcp.analysis.ack_rtt": "0.114687000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:13.520890000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495373.520890000", - "frame.time_delta": "0.193229000", - "frame.time_delta_displayed": "0.193229000", - "frame.time_relative": "1782.060204000", - "frame.number": "7170", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.242" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:13.521322000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495373.521322000", - "frame.time_delta": "0.000432000", - "frame.time_delta_displayed": "0.000432000", - "frame.time_relative": "1782.060636000", - "frame.number": "7171", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "d0:52:a8:a3:60:0f", - "arp.src.proto_ipv4": "192.168.0.242", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:14.172610000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495374.172610000", - "frame.time_delta": "0.651288000", - "frame.time_delta_displayed": "0.651288000", - "frame.time_relative": "1782.711924000", - "frame.number": "7172", - "frame.len": "162", - "frame.cap_len": "162", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "148", - "ip.id": "0x00002d97", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003788", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "96", - "tcp.seq": "17644", - "tcp.nxtseq": "17740", - "tcp.ack": "80147", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000046ce", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:c8:43:00:27:68:f1", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812397635, TSecr 2582769": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812397635", - "tcp.options.timestamp.tsecr": "2582769" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "96", - "tcp.analysis.push_bytes_sent": "96" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "91", - "ssl.app_data": "34:cd:34:17:47:48:0e:c3:4b:47:cd:5d:3d:f6:4b:4f:4d:f0:09:79:9d:cc:4e:29:d0:ad:f0:ee:26:da:42:91:4f:fe:18:a9:23:33:9d:0d:1f:82:74:e1:80:5e:22:b8:92:7d:64:e6:a2:59:66:77:13:d5:50:6c:72:1b:ed:24:3c:c3:e1:da:6a:9f:b7:eb:d6:f8:c7:4b:95:d1:2a:3a:18:a7:44:3e:ed:e5:76:91:64:0b:62" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:14.176681000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495374.176681000", - "frame.time_delta": "0.004071000", - "frame.time_delta_displayed": "0.004071000", - "frame.time_relative": "1782.715995000", - "frame.number": "7173", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x000096a3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000076ad", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "80147", - "tcp.nxtseq": "80194", - "tcp.ack": "17740", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000084ae", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:69:52:a7:a1:c8:43", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2582866, TSecr 2812397635": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2582866", - "tcp.options.timestamp.tsecr": "2812397635" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7172", - "tcp.analysis.ack_rtt": "0.004071000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:3c:69:45:1a:cc:4e:c3:b1:6b:fb:1a:7a:9d:9f:05:39:2e:d0:ea:a6:af:78:dd:88:b9:3d:22:af:b6:43:6d:55:1e:cc:73" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:14.191366000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495374.191366000", - "frame.time_delta": "0.014685000", - "frame.time_delta_displayed": "0.014685000", - "frame.time_relative": "1782.730680000", - "frame.number": "7174", - "frame.len": "173", - "frame.cap_len": "173", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "159", - "ip.id": "0x0000e048", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000e96f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "10023", - "udp.dstport": "1900", - "udp.port": "10023", - "udp.port": "1900", - "udp.length": "139", - "udp.checksum": "0x000082c4", - "udp.checksum.status": "2", - "udp.stream": "88" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.request.line": "MX: 4\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST:239.255.255.250:1900\r\n", - "http.request.line": "ST: urn:samsung.com:device:RemoteControlReceiver:1\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "6", - "http.prev_request_in": "7132" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:14.236849000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495374.236849000", - "frame.time_delta": "0.045483000", - "frame.time_delta_displayed": "0.045483000", - "frame.time_relative": "1782.776163000", - "frame.number": "7175", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d98", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037e7", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "17740", - "tcp.ack": "80194", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f853", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:c8:53:00:27:69:52", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812397651, TSecr 2582866": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812397651", - "tcp.options.timestamp.tsecr": "2582866" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7173", - "tcp.analysis.ack_rtt": "0.060168000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:14.237326000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495374.237326000", - "frame.time_delta": "0.000477000", - "frame.time_delta_displayed": "0.000477000", - "frame.time_relative": "1782.776640000", - "frame.number": "7176", - "frame.len": "174", - "frame.cap_len": "174", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "160", - "ip.id": "0x000096a4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000766f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "108", - "tcp.seq": "80194", - "tcp.nxtseq": "80302", - "tcp.ack": "17740", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000009f7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:69:58:a7:a1:c8:53", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2582872, TSecr 2812397651": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2582872", - "tcp.options.timestamp.tsecr": "2812397651" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "108", - "tcp.analysis.push_bytes_sent": "108" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:3d:a3:ff:fb:b0:54:7f:bb:8b:d8:5f:f2:fd:0c:a0:7b:54:e7:ff:8b:a1:b2:e9:ba:e5:b9:25:7c:12:9b:cc:e1:ef:c8:f7:3f:95:b9:cd:be:de:30" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:3e:04:c2:ea:fc:03:10:3e:2e:b0:3d:3d:b9:35:77:a6:b8:60:b3:a3:e5:88:09:8e:7e:15:2b:fd:89:27:2c:25:41:49:aa:9f:a5:63:bc:24:42:82" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:14.297622000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495374.297622000", - "frame.time_delta": "0.060296000", - "frame.time_delta_displayed": "0.060296000", - "frame.time_relative": "1782.836936000", - "frame.number": "7177", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d99", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037e6", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "17740", - "tcp.ack": "80302", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f7d2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:c8:62:00:27:69:58", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812397666, TSecr 2582872": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812397666", - "tcp.options.timestamp.tsecr": "2582872" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7176", - "tcp.analysis.ack_rtt": "0.060296000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:14.316675000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495374.316675000", - "frame.time_delta": "0.019053000", - "frame.time_delta_displayed": "0.019053000", - "frame.time_relative": "1782.855989000", - "frame.number": "7178", - "frame.len": "218", - "frame.cap_len": "218", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "204", - "ip.id": "0x000096a5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007642", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "152", - "tcp.seq": "80302", - "tcp.nxtseq": "80454", - "tcp.ack": "17740", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00006d94", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:69:60:a7:a1:c8:62", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2582880, TSecr 2812397666": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2582880", - "tcp.options.timestamp.tsecr": "2812397666" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "152", - "tcp.analysis.push_bytes_sent": "152" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "147", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:3f:9a:95:c9:5c:f6:73:1c:16:eb:58:f8:1a:64:45:0b:60:04:f4:68:39:6e:4d:41:8d:61:be:d3:2f:9f:27:d1:15:36:17:8c:a6:4c:54:9c:d9:02:ee:2b:4e:d4:76:ad:82:43:ab:6a:44:9a:ae:aa:ed:70:10:01:c9:a1:72:9f:ba:1c:84:49:8b:a5:6f:4d:57:43:99:a0:2c:33:da:58:58:12:1d:d6:93:e7:26:84:bc:e4:e9:88:bf:c0:da:9a:fd:e7:d7:ee:4e:3a:2d:0c:b9:b4:a8:ae:ce:7a:5b:90:62:0b:88:0a:d0:0e:0c:47:20:b4:99:7d:f8:6c:9c:4d:f6:82:60:4a:52:33:99:7d:ff:35:46:79" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:14.376858000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495374.376858000", - "frame.time_delta": "0.060183000", - "frame.time_delta_displayed": "0.060183000", - "frame.time_relative": "1782.916172000", - "frame.number": "7179", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d9a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037e5", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "17740", - "tcp.ack": "80454", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f71e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:c8:76:00:27:69:60", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812397686, TSecr 2582880": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812397686", - "tcp.options.timestamp.tsecr": "2582880" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7178", - "tcp.analysis.ack_rtt": "0.060183000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:14.377334000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495374.377334000", - "frame.time_delta": "0.000476000", - "frame.time_delta_displayed": "0.000476000", - "frame.time_relative": "1782.916648000", - "frame.number": "7180", - "frame.len": "227", - "frame.cap_len": "227", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "213", - "ip.id": "0x000096a6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007638", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "161", - "tcp.seq": "80454", - "tcp.nxtseq": "80615", - "tcp.ack": "17740", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00007c3f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:69:66:a7:a1:c8:76", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2582886, TSecr 2812397686": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2582886", - "tcp.options.timestamp.tsecr": "2812397686" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "161", - "tcp.analysis.push_bytes_sent": "161" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "156", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:40:ee:10:7d:45:d8:63:7f:d1:4b:d1:7d:9f:86:9a:c0:3b:22:59:ff:e0:d7:0f:28:65:fb:79:5b:79:21:b5:ac:54:f4:5a:ea:bb:db:d6:0c:ce:72:6e:13:a3:15:2d:42:ed:dd:f6:ec:f4:fd:97:65:25:0d:69:74:06:97:36:be:79:7d:16:5c:a0:ed:d5:52:2b:b3:15:21:dd:b7:6f:0d:bc:d3:da:63:98:3f:15:7b:b3:4c:a0:50:98:75:16:83:c0:1a:bf:cd:e2:5d:5d:18:57:e2:cf:e4:8d:21:bd:29:7b:f1:90:5e:8f:0b:e2:32:38:d4:17:ca:57:d9:fe:b9:c3:0b:9c:94:12:b5:b1:88:7b:b2:c4:4e:cb:7e:32:cd:d2:91:59:30:51" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:14.437438000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495374.437438000", - "frame.time_delta": "0.060104000", - "frame.time_delta_displayed": "0.060104000", - "frame.time_relative": "1782.976752000", - "frame.number": "7181", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d9b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037e4", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "17740", - "tcp.ack": "80615", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f668", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:c8:85:00:27:69:66", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812397701, TSecr 2582886": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812397701", - "tcp.options.timestamp.tsecr": "2582886" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7180", - "tcp.analysis.ack_rtt": "0.060104000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:14.437920000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495374.437920000", - "frame.time_delta": "0.000482000", - "frame.time_delta_displayed": "0.000482000", - "frame.time_relative": "1782.977234000", - "frame.number": "7182", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x000096a7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000763d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "155", - "tcp.seq": "80615", - "tcp.nxtseq": "80770", - "tcp.ack": "17740", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000013f4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:69:6c:a7:a1:c8:85", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2582892, TSecr 2812397701": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2582892", - "tcp.options.timestamp.tsecr": "2812397701" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "155", - "tcp.analysis.push_bytes_sent": "155" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "150", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:41:c4:55:0b:51:34:91:78:5d:f5:19:91:1a:76:08:b4:d9:f4:4a:71:8e:56:fa:fa:f0:c8:cf:10:f0:6f:1f:df:39:7b:ea:6c:b5:3c:08:2a:59:21:83:93:0b:30:19:71:a4:78:3e:86:94:1f:36:85:97:ca:1d:26:15:26:59:c0:97:b4:d7:3a:9c:e2:6c:ba:b3:5c:9b:71:ef:10:f3:7b:39:6d:76:fb:77:d3:28:16:e4:0c:57:95:53:c1:e4:af:15:bc:9c:71:b8:39:cf:42:51:bf:7c:2d:36:4a:4f:ae:45:6c:8e:6e:d4:95:36:52:71:da:05:22:d6:34:a0:7c:dd:f3:84:7d:cc:cc:e1:42:9f:93:bd:47:48:e3:b0" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:14.494037000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495374.494037000", - "frame.time_delta": "0.056117000", - "frame.time_delta_displayed": "0.056117000", - "frame.time_relative": "1783.033351000", - "frame.number": "7183", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "50:c7:bf:59:d5:84", - "eth.src_tree": { - "eth.src_resolved": "Tp-LinkT_59:d5:84", - "eth.addr": "50:c7:bf:59:d5:84", - "eth.addr_resolved": "Tp-LinkT_59:d5:84", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "50:c7:bf:59:d5:84", - "arp.src.proto_ipv4": "192.168.0.221", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:14.498062000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495374.498062000", - "frame.time_delta": "0.004025000", - "frame.time_delta_displayed": "0.004025000", - "frame.time_relative": "1783.037376000", - "frame.number": "7184", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d9c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037e3", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "17740", - "tcp.ack": "80770", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f5b8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:c8:94:00:27:69:6c", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812397716, TSecr 2582892": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812397716", - "tcp.options.timestamp.tsecr": "2582892" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7182", - "tcp.analysis.ack_rtt": "0.060142000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:15.162939000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495375.162939000", - "frame.time_delta": "0.664877000", - "frame.time_delta_displayed": "0.664877000", - "frame.time_relative": "1783.702253000", - "frame.number": "7185", - "frame.len": "103", - "frame.cap_len": "103", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "89", - "ip.id": "0x000059c5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00007fd4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "69", - "udp.checksum": "0x00000f59", - "udp.checksum.status": "2", - "udp.stream": "38" - }, - "mdns": { - "dns.id": "0x00000003", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_FFACD959._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_FFACD959._sub._googlecast._tcp.local", - "dns.qry.name.len": "37", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:15.408887000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495375.408887000", - "frame.time_delta": "0.245948000", - "frame.time_delta_displayed": "0.245948000", - "frame.time_relative": "1783.948201000", - "frame.number": "7186", - "frame.len": "218", - "frame.cap_len": "218", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "204", - "ip.id": "0x000096a8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000763f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "152", - "tcp.seq": "80770", - "tcp.nxtseq": "80922", - "tcp.ack": "17740", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000e503", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:69:ca:a7:a1:c8:94", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2582986, TSecr 2812397716": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2582986", - "tcp.options.timestamp.tsecr": "2812397716" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "152", - "tcp.analysis.push_bytes_sent": "152" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "147", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:42:24:64:93:df:06:96:fc:61:f1:81:1d:96:80:be:09:be:46:cc:46:6e:d2:6e:9a:9b:ef:60:e0:94:05:eb:d6:90:6f:6a:55:00:10:36:5d:57:11:c2:70:7b:fb:28:4d:8d:4d:20:f8:73:9e:82:4a:0d:f1:93:ce:88:34:e2:2a:e2:bc:30:19:b6:71:7c:b0:36:9d:fd:d6:f6:56:d3:35:cb:b8:71:dc:5b:b5:c8:c2:8a:29:59:72:de:da:18:68:a3:23:bb:a3:fc:c0:98:1d:33:d1:7f:ff:fb:ef:df:d5:d6:7a:6a:98:a5:2a:06:9d:f3:5b:7a:a6:bf:66:04:8a:de:56:fe:d0:af:ed:46:2f:e7:2f:ef:fb" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:15.469047000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495375.469047000", - "frame.time_delta": "0.060160000", - "frame.time_delta_displayed": "0.060160000", - "frame.time_relative": "1784.008361000", - "frame.number": "7187", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d9d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037e2", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "17740", - "tcp.ack": "80922", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f3cf", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:c9:87:00:27:69:ca", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812397959, TSecr 2582986": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812397959", - "tcp.options.timestamp.tsecr": "2582986" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7186", - "tcp.analysis.ack_rtt": "0.060160000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:15.469551000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495375.469551000", - "frame.time_delta": "0.000504000", - "frame.time_delta_displayed": "0.000504000", - "frame.time_relative": "1784.008865000", - "frame.number": "7188", - "frame.len": "227", - "frame.cap_len": "227", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "213", - "ip.id": "0x000096a9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007635", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "161", - "tcp.seq": "80922", - "tcp.nxtseq": "81083", - "tcp.ack": "17740", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00007468", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:69:d3:a7:a1:c9:87", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2582995, TSecr 2812397959": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2582995", - "tcp.options.timestamp.tsecr": "2812397959" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "161", - "tcp.analysis.push_bytes_sent": "161" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "156", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:43:7a:33:c0:9a:13:b1:f2:8c:24:72:a5:96:c6:6b:7a:f8:2a:5f:87:c3:d0:85:bd:83:ca:3a:9e:1c:4a:f5:bf:ec:5f:60:c7:bc:13:65:d8:01:47:32:dd:db:a0:4e:d6:1e:45:5f:76:3e:11:4c:05:de:59:50:85:37:75:67:45:a1:97:0c:90:21:77:8e:2a:54:11:ef:b6:eb:7c:b2:8a:bc:0e:8c:ed:71:67:a0:88:98:78:97:c4:1b:bd:a4:36:20:49:f1:d2:0f:84:5b:33:0f:5b:92:07:61:a4:68:1a:91:7f:39:45:8c:9b:f8:1c:d2:98:ac:be:b9:31:3b:6e:3d:01:9b:61:94:97:d8:3e:20:cd:e3:5d:3c:35:c9:27:59:be:47:eb:0c" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:15.529805000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495375.529805000", - "frame.time_delta": "0.060254000", - "frame.time_delta_displayed": "0.060254000", - "frame.time_relative": "1784.069119000", - "frame.number": "7189", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d9e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037e1", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "17740", - "tcp.ack": "81083", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f316", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:c9:96:00:27:69:d3", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812397974, TSecr 2582995": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812397974", - "tcp.options.timestamp.tsecr": "2582995" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7188", - "tcp.analysis.ack_rtt": "0.060254000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:15.530298000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495375.530298000", - "frame.time_delta": "0.000493000", - "frame.time_delta_displayed": "0.000493000", - "frame.time_relative": "1784.069612000", - "frame.number": "7190", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x000096aa", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000763a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "155", - "tcp.seq": "81083", - "tcp.nxtseq": "81238", - "tcp.ack": "17740", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000caf4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:69:d9:a7:a1:c9:96", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2583001, TSecr 2812397974": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2583001", - "tcp.options.timestamp.tsecr": "2812397974" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "155", - "tcp.analysis.push_bytes_sent": "155" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "150", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:44:9f:80:e0:e8:a2:d7:7a:44:b1:4b:ed:1e:9f:3e:88:e6:99:86:2a:06:03:28:bb:ff:9d:2e:39:f8:46:4a:a8:ef:08:96:ff:09:31:ce:b2:9e:f5:9f:2a:76:fd:18:e9:97:fc:b1:72:06:ee:2b:bf:19:6e:92:a2:15:29:8f:4c:2c:9c:a3:cd:e3:c2:21:7a:67:49:8f:3d:12:80:b8:db:13:a7:c5:8d:73:17:64:cd:2e:a2:74:3e:bf:eb:a1:11:f3:a3:e4:d8:1b:ce:7c:3b:79:82:fd:05:74:5d:ed:63:e2:35:c7:dd:28:05:18:2c:47:41:f0:c4:03:6a:2d:7b:52:05:5a:60:52:d1:d7:fd:98:24:52:15:1f:35:79" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:15.590545000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495375.590545000", - "frame.time_delta": "0.060247000", - "frame.time_delta_displayed": "0.060247000", - "frame.time_relative": "1784.129859000", - "frame.number": "7191", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002d9f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037e0", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "17740", - "tcp.ack": "81238", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f265", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:c9:a6:00:27:69:d9", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812397990, TSecr 2583001": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812397990", - "tcp.options.timestamp.tsecr": "2583001" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7190", - "tcp.analysis.ack_rtt": "0.060247000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:16.208189000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495376.208189000", - "frame.time_delta": "0.617644000", - "frame.time_delta_displayed": "0.617644000", - "frame.time_relative": "1784.747503000", - "frame.number": "7192", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "106", - "ip.id": "0x000096ab", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000769e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "54", - "tcp.seq": "81238", - "tcp.nxtseq": "81292", - "tcp.ack": "17740", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00004dc0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:6a:1d:a7:a1:c9:a6", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2583069, TSecr 2812397990": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2583069", - "tcp.options.timestamp.tsecr": "2812397990" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "54", - "tcp.analysis.push_bytes_sent": "54" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:45:5a:17:87:0d:02:4c:79:bb:7c:82:9c:93:ff:31:b5:95:62:35:ee:2c:e6:fd:26:7a:e5:47:58:3f:9f:9d:da:0b:df:bb:9f:8c:ba:dc:1a:1c:7f" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:16.268314000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495376.268314000", - "frame.time_delta": "0.060125000", - "frame.time_delta_displayed": "0.060125000", - "frame.time_relative": "1784.807628000", - "frame.number": "7193", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002da0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037df", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "17740", - "tcp.ack": "81292", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f142", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:ca:4f:00:27:6a:1d", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812398159, TSecr 2583069": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812398159", - "tcp.options.timestamp.tsecr": "2583069" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7192", - "tcp.analysis.ack_rtt": "0.060125000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:17.173105000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495377.173105000", - "frame.time_delta": "0.904791000", - "frame.time_delta_displayed": "0.904791000", - "frame.time_relative": "1785.712419000", - "frame.number": "7194", - "frame.len": "159", - "frame.cap_len": "159", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "145", - "ip.id": "0x00002da1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003781", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "93", - "tcp.seq": "17740", - "tcp.nxtseq": "17833", - "tcp.ack": "81292", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000d907", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:cb:31:00:27:6a:1d", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812398385, TSecr 2583069": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812398385", - "tcp.options.timestamp.tsecr": "2583069" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "93", - "tcp.analysis.push_bytes_sent": "93" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "88", - "ssl.app_data": "34:cd:34:17:47:48:0e:c4:3d:23:7f:a5:20:57:74:be:52:13:a8:fe:ce:f5:f9:89:88:2d:8f:97:50:e2:12:a3:fc:26:26:e9:96:76:f9:77:24:1f:9d:8d:64:86:60:13:cb:c1:62:fd:4b:aa:0d:3a:e8:34:1f:51:d6:97:ae:69:45:21:4b:69:d1:14:a2:97:97:b6:57:86:16:bd:51:8b:65:49:f5:e5:56:59:46:44" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:17.175475000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495377.175475000", - "frame.time_delta": "0.002370000", - "frame.time_delta_displayed": "0.002370000", - "frame.time_relative": "1785.714789000", - "frame.number": "7195", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x000096ac", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000076a4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "81292", - "tcp.nxtseq": "81339", - "tcp.ack": "17833", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000138f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:6a:7e:a7:a1:cb:31", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2583166, TSecr 2812398385": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2583166", - "tcp.options.timestamp.tsecr": "2812398385" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7194", - "tcp.analysis.ack_rtt": "0.002370000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:46:c1:8f:8a:e2:2a:ad:87:b4:a7:33:37:33:44:de:b4:bc:bd:13:8c:b8:f8:e8:e3:94:57:30:99:5b:03:07:f3:4e:e8:92" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:17.189834000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495377.189834000", - "frame.time_delta": "0.014359000", - "frame.time_delta_displayed": "0.014359000", - "frame.time_relative": "1785.729148000", - "frame.number": "7196", - "frame.len": "170", - "frame.cap_len": "170", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "156", - "ip.id": "0x0000e0c7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000e8f3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "10024", - "udp.dstport": "1900", - "udp.port": "10024", - "udp.port": "1900", - "udp.length": "136", - "udp.checksum": "0x00005981", - "udp.checksum.status": "2", - "udp.stream": "89" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.request.line": "MX: 4\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST:239.255.255.250:1900\r\n", - "http.request.line": "ST: urn:schemas-upnp-org:device:MediaRenderer:1\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "6", - "http.prev_request_in": "7150" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:17.236055000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495377.236055000", - "frame.time_delta": "0.046221000", - "frame.time_delta_displayed": "0.046221000", - "frame.time_relative": "1785.775369000", - "frame.number": "7197", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002da2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037dd", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "17833", - "tcp.ack": "81339", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000ef63", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:cb:41:00:27:6a:7e", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812398401, TSecr 2583166": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812398401", - "tcp.options.timestamp.tsecr": "2583166" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7195", - "tcp.analysis.ack_rtt": "0.060580000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:17.236537000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495377.236537000", - "frame.time_delta": "0.000482000", - "frame.time_delta_displayed": "0.000482000", - "frame.time_relative": "1785.775851000", - "frame.number": "7198", - "frame.len": "174", - "frame.cap_len": "174", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "160", - "ip.id": "0x000096ad", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007666", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "108", - "tcp.seq": "81339", - "tcp.nxtseq": "81447", - "tcp.ack": "17833", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000bcc7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:6a:84:a7:a1:cb:41", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2583172, TSecr 2812398401": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2583172", - "tcp.options.timestamp.tsecr": "2812398401" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "108", - "tcp.analysis.push_bytes_sent": "108" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:47:78:71:f9:72:5c:60:56:d7:1e:b1:80:ae:01:84:0b:6f:c5:1a:3f:6e:3b:08:bf:b8:1c:8e:73:39:04:4e:b9:7b:c0:0a:0d:85:95:bd:b0:46:e7" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:48:04:f3:0b:4d:59:82:35:0a:df:eb:9d:b2:d9:70:f4:ce:f7:c8:18:e7:95:e6:65:33:59:84:c3:bd:50:cf:ba:bf:81:cf:5c:93:93:b9:6f:51:d7" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:17.296864000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495377.296864000", - "frame.time_delta": "0.060327000", - "frame.time_delta_displayed": "0.060327000", - "frame.time_relative": "1785.836178000", - "frame.number": "7199", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002da3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037dc", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "17833", - "tcp.ack": "81447", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000eee2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:cb:50:00:27:6a:84", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812398416, TSecr 2583172": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812398416", - "tcp.options.timestamp.tsecr": "2583172" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7198", - "tcp.analysis.ack_rtt": "0.060327000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:17.318543000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495377.318543000", - "frame.time_delta": "0.021679000", - "frame.time_delta_displayed": "0.021679000", - "frame.time_relative": "1785.857857000", - "frame.number": "7200", - "frame.len": "218", - "frame.cap_len": "218", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "204", - "ip.id": "0x000096ae", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007639", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "152", - "tcp.seq": "81447", - "tcp.nxtseq": "81599", - "tcp.ack": "17833", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000034e5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:6a:8c:a7:a1:cb:50", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2583180, TSecr 2812398416": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2583180", - "tcp.options.timestamp.tsecr": "2812398416" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "152", - "tcp.analysis.push_bytes_sent": "152" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "147", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:49:fc:77:c5:3c:94:9d:45:8e:8a:93:6f:88:d6:d6:33:23:f5:98:8a:72:79:8d:e4:df:ee:79:e2:56:5e:c4:50:03:60:d9:46:b4:d7:5d:ce:ab:43:51:b2:ba:f0:f3:f7:39:8c:3e:49:cc:3b:8c:31:c5:35:8c:dd:4a:90:ec:0d:03:b1:55:cb:22:61:f8:18:58:82:08:a9:54:ec:96:04:32:93:3f:23:cf:b8:70:a4:ad:a7:41:f4:bd:a0:c1:59:04:95:58:4d:51:72:c6:14:25:a9:18:59:4f:3b:95:4b:ef:e2:04:d4:e5:cf:38:a6:71:a5:1e:d5:9a:5c:b5:28:85:96:20:19:33:2c:28:89:8c:90:14:55" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:17.379049000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495377.379049000", - "frame.time_delta": "0.060506000", - "frame.time_delta_displayed": "0.060506000", - "frame.time_relative": "1785.918363000", - "frame.number": "7201", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002da4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037db", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "17833", - "tcp.ack": "81599", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000ee2d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:cb:65:00:27:6a:8c", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812398437, TSecr 2583180": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812398437", - "tcp.options.timestamp.tsecr": "2583180" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7200", - "tcp.analysis.ack_rtt": "0.060506000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:17.379564000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495377.379564000", - "frame.time_delta": "0.000515000", - "frame.time_delta_displayed": "0.000515000", - "frame.time_relative": "1785.918878000", - "frame.number": "7202", - "frame.len": "227", - "frame.cap_len": "227", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "213", - "ip.id": "0x000096af", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000762f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "161", - "tcp.seq": "81599", - "tcp.nxtseq": "81760", - "tcp.ack": "17833", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00002c07", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:6a:92:a7:a1:cb:65", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2583186, TSecr 2812398437": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2583186", - "tcp.options.timestamp.tsecr": "2812398437" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "161", - "tcp.analysis.push_bytes_sent": "161" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "156", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:4a:28:c9:67:56:cc:3f:39:8a:bc:10:86:76:b1:78:e8:a5:ea:51:97:d5:e5:75:85:c1:08:60:66:76:5d:27:30:a5:b3:be:8b:2c:3e:56:a6:2c:e7:8a:a5:80:2f:61:50:ff:89:55:2a:bb:dc:33:3a:c3:9f:9f:0e:03:16:9d:89:27:f2:cb:45:c8:1d:f3:c2:aa:44:43:46:15:c2:cd:5c:68:bf:c3:46:b8:9d:1c:3c:c5:d3:9f:f0:cd:d1:59:ea:fa:2b:fa:71:0a:51:55:22:8b:8a:96:f0:7a:d2:15:a9:55:b2:52:51:bb:96:40:ab:6d:01:73:24:0f:1f:c1:13:96:23:0c:4a:9b:9a:82:6f:e8:9d:1a:cb:4e:aa:26:23:aa:68:6a:e0:99" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:17.488962000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495377.488962000", - "frame.time_delta": "0.109398000", - "frame.time_delta_displayed": "0.109398000", - "frame.time_relative": "1786.028276000", - "frame.number": "7203", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002da5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037da", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "17833", - "tcp.ack": "81760", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000ed77", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:cb:74:00:27:6a:92", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812398452, TSecr 2583186": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812398452", - "tcp.options.timestamp.tsecr": "2583186" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7202", - "tcp.analysis.ack_rtt": "0.109398000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:17.489455000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495377.489455000", - "frame.time_delta": "0.000493000", - "frame.time_delta_displayed": "0.000493000", - "frame.time_relative": "1786.028769000", - "frame.number": "7204", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x000096b0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007634", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "155", - "tcp.seq": "81760", - "tcp.nxtseq": "81915", - "tcp.ack": "17833", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000c7b4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:6a:9d:a7:a1:cb:74", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2583197, TSecr 2812398452": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2583197", - "tcp.options.timestamp.tsecr": "2812398452" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "155", - "tcp.analysis.push_bytes_sent": "155" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "150", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:4b:8b:13:22:91:d0:9b:80:74:0b:af:07:7c:d9:93:05:63:6e:8b:36:f2:cd:c0:cc:65:63:60:d1:5f:76:45:6a:13:2c:aa:d6:82:7f:7b:7e:cc:ef:ce:4b:f4:b0:7b:2c:fa:fa:34:31:e9:e4:b9:49:5f:b7:9a:d2:53:02:95:b9:96:04:c7:cd:76:1f:d2:52:c6:70:ca:48:a7:8a:b9:6f:48:50:20:3c:3c:cb:b0:29:f4:69:6f:f0:cf:dc:e7:8d:e9:ec:5c:6c:d0:a6:17:45:31:de:2d:27:41:24:01:6d:78:17:ec:f7:58:f0:20:cb:94:06:59:47:71:a4:48:39:67:12:d7:a4:ac:30:ad:ed:82:66:ba:de:d7:d7:62" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:17.549524000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495377.549524000", - "frame.time_delta": "0.060069000", - "frame.time_delta_displayed": "0.060069000", - "frame.time_relative": "1786.088838000", - "frame.number": "7205", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002da6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037d9", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "17833", - "tcp.ack": "81915", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000ecb6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:cb:8f:00:27:6a:9d", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812398479, TSecr 2583197": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812398479", - "tcp.options.timestamp.tsecr": "2583197" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7204", - "tcp.analysis.ack_rtt": "0.060069000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:18.374858000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495378.374858000", - "frame.time_delta": "0.825334000", - "frame.time_delta_displayed": "0.825334000", - "frame.time_relative": "1786.914172000", - "frame.number": "7206", - "frame.len": "218", - "frame.cap_len": "218", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "204", - "ip.id": "0x000096b1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007636", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "152", - "tcp.seq": "81915", - "tcp.nxtseq": "82067", - "tcp.ack": "17833", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f950", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:6a:f6:a7:a1:cb:8f", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2583286, TSecr 2812398479": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2583286", - "tcp.options.timestamp.tsecr": "2812398479" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "152", - "tcp.analysis.push_bytes_sent": "152" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "147", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:4c:71:f6:78:4c:bd:e9:f0:21:39:84:24:fc:96:28:7e:b8:42:54:aa:ce:38:a3:bc:ed:15:49:00:c6:4d:c9:67:af:b5:f4:f2:55:69:4a:cc:3e:33:22:8e:1d:00:c1:2a:b0:ed:83:4e:03:aa:ff:a2:9c:8e:64:ae:41:0e:4d:5e:b0:c7:4a:f7:6a:aa:a4:c2:e1:82:3d:65:32:e1:85:cd:4c:75:2c:04:ec:f6:9b:b3:8b:96:47:28:15:0e:d0:ce:a2:69:56:f7:58:e7:97:9e:27:59:5b:eb:35:6c:ef:84:9c:72:a0:6c:f0:6c:5b:ce:1d:a7:1e:91:46:a2:36:6e:44:f0:e0:37:83:3b:dc:26:bf:fc:ff:1b" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:18.435025000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495378.435025000", - "frame.time_delta": "0.060167000", - "frame.time_delta_displayed": "0.060167000", - "frame.time_relative": "1786.974339000", - "frame.number": "7207", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002da7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037d8", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "17833", - "tcp.ack": "82067", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000eae7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:cc:6d:00:27:6a:f6", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812398701, TSecr 2583286": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812398701", - "tcp.options.timestamp.tsecr": "2583286" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7206", - "tcp.analysis.ack_rtt": "0.060167000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:18.435509000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495378.435509000", - "frame.time_delta": "0.000484000", - "frame.time_delta_displayed": "0.000484000", - "frame.time_relative": "1786.974823000", - "frame.number": "7208", - "frame.len": "227", - "frame.cap_len": "227", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "213", - "ip.id": "0x000096b2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000762c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "161", - "tcp.seq": "82067", - "tcp.nxtseq": "82228", - "tcp.ack": "17833", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00003be3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:6a:fc:a7:a1:cc:6d", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2583292, TSecr 2812398701": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2583292", - "tcp.options.timestamp.tsecr": "2812398701" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "161", - "tcp.analysis.push_bytes_sent": "161" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "156", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:4d:6b:8b:1f:ff:06:34:fc:53:e1:eb:92:cd:ad:01:76:37:64:db:90:66:ef:5f:d6:eb:68:d1:15:aa:2a:c0:7d:c8:ea:74:72:23:7b:f4:cd:c3:e5:41:c7:0a:9e:ba:21:27:ac:17:c5:7f:d9:9e:bd:ec:d1:f0:eb:dc:c9:5b:c8:4e:c3:cd:eb:5e:27:bb:9b:ae:1a:61:ec:1a:b4:1f:a1:f3:c3:88:5e:5f:5e:db:a5:dc:27:07:94:58:de:19:a6:cd:8c:c7:55:8d:61:c3:fc:33:d7:4e:8b:38:0e:a6:25:2b:5a:86:62:35:92:b5:76:a0:00:b0:06:e1:e4:ef:d9:71:91:92:4e:45:c5:c5:f3:4a:f5:b5:53:d3:31:78:33:26:87:d8:69:9d" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:18.495637000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495378.495637000", - "frame.time_delta": "0.060128000", - "frame.time_delta_displayed": "0.060128000", - "frame.time_relative": "1787.034951000", - "frame.number": "7209", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002da8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037d7", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "17833", - "tcp.ack": "82228", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000ea31", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:cc:7c:00:27:6a:fc", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812398716, TSecr 2583292": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812398716", - "tcp.options.timestamp.tsecr": "2583292" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7208", - "tcp.analysis.ack_rtt": "0.060128000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:18.496168000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495378.496168000", - "frame.time_delta": "0.000531000", - "frame.time_delta_displayed": "0.000531000", - "frame.time_relative": "1787.035482000", - "frame.number": "7210", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x000096b3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007631", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "155", - "tcp.seq": "82228", - "tcp.nxtseq": "82383", - "tcp.ack": "17833", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000078d8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:6b:02:a7:a1:cc:7c", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2583298, TSecr 2812398716": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2583298", - "tcp.options.timestamp.tsecr": "2812398716" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "155", - "tcp.analysis.push_bytes_sent": "155" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "150", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:4e:74:e9:37:bc:d7:7d:4f:d9:9e:24:ee:f6:1b:10:cd:f6:68:0f:b3:28:ab:38:46:f9:8a:aa:71:d0:3b:4f:f6:e8:ad:0e:a4:02:40:a9:8f:7e:90:fa:41:c8:0b:7b:ca:98:06:c5:85:9d:b5:c5:47:40:fc:2a:98:52:08:c0:01:d7:aa:c3:52:b6:e1:33:64:16:35:88:71:c2:87:27:02:2a:33:51:f5:d3:b8:1c:7e:56:3e:99:35:55:d9:62:bb:b2:3d:be:eb:d6:6d:b1:47:58:a4:5d:05:c3:8c:82:5d:be:2d:b7:06:82:68:fc:11:a2:a2:22:fd:49:18:a5:59:a8:5a:a8:d5:21:15:7b:f5:77:b6:23:7e:a9:a7:d2" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:18.556298000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495378.556298000", - "frame.time_delta": "0.060130000", - "frame.time_delta_displayed": "0.060130000", - "frame.time_relative": "1787.095612000", - "frame.number": "7211", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002da9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037d6", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "17833", - "tcp.ack": "82383", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000e981", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:cc:8b:00:27:6b:02", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812398731, TSecr 2583298": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812398731", - "tcp.options.timestamp.tsecr": "2583298" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7210", - "tcp.analysis.ack_rtt": "0.060130000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:19.219199000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495379.219199000", - "frame.time_delta": "0.662901000", - "frame.time_delta_displayed": "0.662901000", - "frame.time_relative": "1787.758513000", - "frame.number": "7212", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "106", - "ip.id": "0x000096b4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007695", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "54", - "tcp.seq": "82383", - "tcp.nxtseq": "82437", - "tcp.ack": "17833", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000fd49", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:6b:4a:a7:a1:cc:8b", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2583370, TSecr 2812398731": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2583370", - "tcp.options.timestamp.tsecr": "2812398731" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "54", - "tcp.analysis.push_bytes_sent": "54" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:4f:22:bb:af:55:7d:33:2d:38:81:29:56:09:c0:01:f9:ee:25:24:67:ec:ee:f5:87:e1:19:94:8d:f7:37:56:40:04:b1:96:bc:cd:31:81:73:40:5e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:19.279475000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495379.279475000", - "frame.time_delta": "0.060276000", - "frame.time_delta_displayed": "0.060276000", - "frame.time_relative": "1787.818789000", - "frame.number": "7213", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002daa", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037d5", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "17833", - "tcp.ack": "82437", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000e84e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:cd:40:00:27:6b:4a", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812398912, TSecr 2583370": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812398912", - "tcp.options.timestamp.tsecr": "2583370" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7212", - "tcp.analysis.ack_rtt": "0.060276000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:20.173112000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495380.173112000", - "frame.time_delta": "0.893637000", - "frame.time_delta_displayed": "0.893637000", - "frame.time_relative": "1788.712426000", - "frame.number": "7214", - "frame.len": "143", - "frame.cap_len": "143", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "129", - "ip.id": "0x00002dab", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003787", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "77", - "tcp.seq": "17833", - "tcp.nxtseq": "17910", - "tcp.ack": "82437", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000054e7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:ce:1f:00:27:6b:4a", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812399135, TSecr 2583370": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812399135", - "tcp.options.timestamp.tsecr": "2583370" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "77", - "tcp.analysis.push_bytes_sent": "77" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "72", - "ssl.app_data": "34:cd:34:17:47:48:0e:c5:4a:cf:6b:7f:2a:b2:0d:4e:70:75:8f:3c:f8:0b:32:04:78:7f:2c:b8:1e:e9:45:e0:6d:eb:76:db:92:70:f1:86:43:5d:31:dc:d0:d3:60:2e:7f:23:54:5f:29:17:0e:e9:6d:3d:0d:f6:6c:c1:b5:95:ec:40:e3:f5:93:90:33:5d" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:20.175890000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495380.175890000", - "frame.time_delta": "0.002778000", - "frame.time_delta_displayed": "0.002778000", - "frame.time_relative": "1788.715204000", - "frame.number": "7215", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x000096b5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000769b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "82437", - "tcp.nxtseq": "82484", - "tcp.ack": "17910", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00006469", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:6b:aa:a7:a1:ce:1f", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2583466, TSecr 2812399135": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2583466", - "tcp.options.timestamp.tsecr": "2812399135" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7214", - "tcp.analysis.ack_rtt": "0.002778000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:50:dd:23:4d:97:d7:b7:5d:5e:db:5d:bb:bd:fc:aa:82:09:a2:3c:74:31:83:ed:6a:7e:cc:9a:32:08:37:14:46:4a:1b:b4" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:20.188313000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495380.188313000", - "frame.time_delta": "0.012423000", - "frame.time_delta_displayed": "0.012423000", - "frame.time_relative": "1788.727627000", - "frame.number": "7216", - "frame.len": "154", - "frame.cap_len": "154", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "140", - "ip.id": "0x0000e101", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000e8c9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "10023", - "udp.dstport": "1900", - "udp.port": "10023", - "udp.port": "1900", - "udp.length": "120", - "udp.checksum": "0x000043d3", - "udp.checksum.status": "2", - "udp.stream": "88" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.request.line": "MX: 4\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST:239.255.255.250:1900\r\n", - "http.request.line": "ST: urn:Belkin:device:insight:1\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "7", - "http.prev_request_in": "7174" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:20.236216000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495380.236216000", - "frame.time_delta": "0.047903000", - "frame.time_delta_displayed": "0.047903000", - "frame.time_relative": "1788.775530000", - "frame.number": "7217", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002dac", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037d3", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "17910", - "tcp.ack": "82484", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000e683", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:ce:2f:00:27:6b:aa", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812399151, TSecr 2583466": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812399151", - "tcp.options.timestamp.tsecr": "2583466" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7215", - "tcp.analysis.ack_rtt": "0.060326000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:20.236650000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495380.236650000", - "frame.time_delta": "0.000434000", - "frame.time_delta_displayed": "0.000434000", - "frame.time_relative": "1788.775964000", - "frame.number": "7218", - "frame.len": "174", - "frame.cap_len": "174", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "160", - "ip.id": "0x000096b6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000765d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "108", - "tcp.seq": "82484", - "tcp.nxtseq": "82592", - "tcp.ack": "17910", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00002b40", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:6b:b0:a7:a1:ce:2f", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2583472, TSecr 2812399151": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2583472", - "tcp.options.timestamp.tsecr": "2812399151" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "108", - "tcp.analysis.push_bytes_sent": "108" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:51:1a:58:2d:7c:0c:2e:5b:89:0a:87:39:9a:3b:b5:b8:80:32:65:4d:43:59:b9:40:16:00:07:24:69:a5:64:37:f4:30:9e:d2:4f:d0:92:ea:b2:3a" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:52:d9:d5:21:77:5d:95:3e:0f:9e:f1:eb:1f:a9:92:57:aa:7e:49:6f:e5:b7:04:0f:49:81:b4:18:99:4d:a5:b0:3c:45:09:60:d8:23:96:02:4c:62" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:20.296896000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495380.296896000", - "frame.time_delta": "0.060246000", - "frame.time_delta_displayed": "0.060246000", - "frame.time_relative": "1788.836210000", - "frame.number": "7219", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002dad", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037d2", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "17910", - "tcp.ack": "82592", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000e602", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:ce:3e:00:27:6b:b0", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812399166, TSecr 2583472": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812399166", - "tcp.options.timestamp.tsecr": "2583472" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7218", - "tcp.analysis.ack_rtt": "0.060246000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:20.323945000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495380.323945000", - "frame.time_delta": "0.027049000", - "frame.time_delta_displayed": "0.027049000", - "frame.time_relative": "1788.863259000", - "frame.number": "7220", - "frame.len": "218", - "frame.cap_len": "218", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "204", - "ip.id": "0x000096b7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007630", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "152", - "tcp.seq": "82592", - "tcp.nxtseq": "82744", - "tcp.ack": "17910", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000c3dd", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:6b:b8:a7:a1:ce:3e", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2583480, TSecr 2812399166": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2583480", - "tcp.options.timestamp.tsecr": "2812399166" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "152", - "tcp.analysis.push_bytes_sent": "152" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "147", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:53:90:51:4b:63:86:62:33:0f:8b:73:40:04:83:3f:52:aa:59:92:45:29:7c:e0:2f:a1:98:6a:2a:f2:76:20:f8:3c:61:7c:96:0f:db:7e:2b:a6:9f:eb:29:2f:f1:a2:c8:15:22:c9:5e:63:ae:e2:25:35:91:08:f5:a9:ae:22:ce:c6:98:99:4b:3c:b9:0a:9c:a9:f7:b1:33:0a:d8:0a:83:99:6f:75:c4:4d:85:1c:6c:28:9c:ed:e9:b0:36:88:0e:f7:8e:3a:3e:da:e1:a5:5f:3a:cc:18:db:f9:ab:78:82:6c:4a:49:ed:67:f7:35:cc:79:82:7e:ed:00:fe:0c:c8:17:85:c6:d6:3f:80:c7:3a:4c:09:62:f8" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:20.384113000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495380.384113000", - "frame.time_delta": "0.060168000", - "frame.time_delta_displayed": "0.060168000", - "frame.time_relative": "1788.923427000", - "frame.number": "7221", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002dae", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037d1", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "17910", - "tcp.ack": "82744", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000e54c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:ce:54:00:27:6b:b8", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812399188, TSecr 2583480": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812399188", - "tcp.options.timestamp.tsecr": "2583480" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7220", - "tcp.analysis.ack_rtt": "0.060168000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:20.384601000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495380.384601000", - "frame.time_delta": "0.000488000", - "frame.time_delta_displayed": "0.000488000", - "frame.time_relative": "1788.923915000", - "frame.number": "7222", - "frame.len": "227", - "frame.cap_len": "227", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "213", - "ip.id": "0x000096b8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007626", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "161", - "tcp.seq": "82744", - "tcp.nxtseq": "82905", - "tcp.ack": "17910", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00007073", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:6b:bf:a7:a1:ce:54", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2583487, TSecr 2812399188": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2583487", - "tcp.options.timestamp.tsecr": "2812399188" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "161", - "tcp.analysis.push_bytes_sent": "161" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "156", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:54:af:65:4b:1b:76:2d:97:3f:a1:ea:75:b5:68:4f:a4:ab:93:ad:1f:97:ac:25:38:b2:9c:19:c4:4c:aa:b0:c6:bc:54:3d:40:9e:3f:33:d4:56:0d:5f:c5:bc:22:13:98:37:b0:4c:9f:9c:8a:7f:c2:1b:38:b4:a4:92:1a:ae:27:b8:2b:63:e5:35:dd:ee:b9:a7:20:51:4d:e8:81:a3:ea:49:1b:38:2d:ed:cb:1a:15:0e:ad:3f:0a:ea:53:3e:25:5c:43:1c:6c:82:9d:c7:75:f4:5d:81:f5:02:30:7e:f7:ed:f2:da:39:c3:09:be:0a:e0:ac:fe:74:95:9c:db:cd:56:3f:1a:cb:e9:db:7c:c9:8e:17:8f:f6:f0:56:0c:0e:0b:d3:cf:b2:07" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:20.444805000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495380.444805000", - "frame.time_delta": "0.060204000", - "frame.time_delta_displayed": "0.060204000", - "frame.time_relative": "1788.984119000", - "frame.number": "7223", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002daf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037d0", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "17910", - "tcp.ack": "82905", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000e495", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:ce:63:00:27:6b:bf", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812399203, TSecr 2583487": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812399203", - "tcp.options.timestamp.tsecr": "2583487" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7222", - "tcp.analysis.ack_rtt": "0.060204000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:20.445289000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495380.445289000", - "frame.time_delta": "0.000484000", - "frame.time_delta_displayed": "0.000484000", - "frame.time_relative": "1788.984603000", - "frame.number": "7224", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x000096b9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000762b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "155", - "tcp.seq": "82905", - "tcp.nxtseq": "83060", - "tcp.ack": "17910", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00009794", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:6b:c5:a7:a1:ce:63", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2583493, TSecr 2812399203": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2583493", - "tcp.options.timestamp.tsecr": "2812399203" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "155", - "tcp.analysis.push_bytes_sent": "155" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "150", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:55:bf:fb:7f:4a:51:aa:6f:33:34:5d:c4:1a:4c:ea:f0:5d:b3:66:f4:0f:bd:4e:21:7e:a8:46:9b:35:f6:24:09:9b:64:03:18:87:c7:f5:b7:ec:a3:a9:d0:67:58:12:83:ae:ae:14:21:dc:99:0d:73:21:86:22:86:8b:b2:ab:e1:3c:0c:37:72:57:78:87:fa:93:8a:eb:0a:6a:3b:e6:69:b1:04:5c:eb:dc:ea:fa:f4:ff:2d:10:12:b2:0f:bb:74:1a:7c:18:67:74:a0:f3:3a:ba:52:bd:4f:14:92:dc:7d:00:c0:09:7b:3e:b9:d7:8a:92:53:2a:f6:30:b0:65:fd:7a:e8:5f:b6:2a:53:52:51:c0:da:43:00:e0:b8:34" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:20.505441000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495380.505441000", - "frame.time_delta": "0.060152000", - "frame.time_delta_displayed": "0.060152000", - "frame.time_relative": "1789.044755000", - "frame.number": "7225", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002db0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037cf", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "17910", - "tcp.ack": "83060", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000e3e5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:ce:72:00:27:6b:c5", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812399218, TSecr 2583493": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812399218", - "tcp.options.timestamp.tsecr": "2583493" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7224", - "tcp.analysis.ack_rtt": "0.060152000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:21.374436000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495381.374436000", - "frame.time_delta": "0.868995000", - "frame.time_delta_displayed": "0.868995000", - "frame.time_relative": "1789.913750000", - "frame.number": "7226", - "frame.len": "218", - "frame.cap_len": "218", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "204", - "ip.id": "0x000096ba", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000762d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "152", - "tcp.seq": "83060", - "tcp.nxtseq": "83212", - "tcp.ack": "17910", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000067d3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:6c:22:a7:a1:ce:72", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2583586, TSecr 2812399218": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2583586", - "tcp.options.timestamp.tsecr": "2812399218" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "152", - "tcp.analysis.push_bytes_sent": "152" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "147", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:56:bd:6d:c1:56:f3:3e:9d:7f:a8:19:7a:87:43:2b:20:46:d6:bf:4b:6f:40:6b:75:1c:31:2d:42:62:73:aa:b9:b7:21:74:04:e0:e0:94:10:d7:bc:b5:d6:da:59:57:14:01:81:41:fe:87:26:4e:77:c8:b3:65:93:a0:bb:56:7a:77:2a:df:9c:cc:a2:39:6c:a7:4d:d5:61:7c:6e:03:49:22:2e:57:0d:43:07:94:12:55:96:67:91:63:08:87:92:5c:bb:43:14:88:0d:bf:ce:b6:3d:c1:21:bf:86:36:ba:5e:f2:1d:00:59:47:73:1a:91:ed:92:3b:83:de:89:81:43:b5:2e:b8:02:e6:7f:19:c0:1e:c1:38" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:21.434602000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495381.434602000", - "frame.time_delta": "0.060166000", - "frame.time_delta_displayed": "0.060166000", - "frame.time_relative": "1789.973916000", - "frame.number": "7227", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002db1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037ce", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "17910", - "tcp.ack": "83212", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000e207", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:cf:5b:00:27:6c:22", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812399451, TSecr 2583586": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812399451", - "tcp.options.timestamp.tsecr": "2583586" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7226", - "tcp.analysis.ack_rtt": "0.060166000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:21.435095000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495381.435095000", - "frame.time_delta": "0.000493000", - "frame.time_delta_displayed": "0.000493000", - "frame.time_relative": "1789.974409000", - "frame.number": "7228", - "frame.len": "227", - "frame.cap_len": "227", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "213", - "ip.id": "0x000096bb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007623", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "161", - "tcp.seq": "83212", - "tcp.nxtseq": "83373", - "tcp.ack": "17910", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00008d20", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:6c:28:a7:a1:cf:5b", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2583592, TSecr 2812399451": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2583592", - "tcp.options.timestamp.tsecr": "2812399451" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "161", - "tcp.analysis.push_bytes_sent": "161" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "156", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:57:ce:60:91:67:9b:1b:b0:c0:45:86:f6:4f:9f:1e:a8:00:44:4f:96:c8:f2:74:6a:5b:04:c1:41:b5:9e:e7:d8:30:54:fd:6d:7b:c7:88:7c:93:b8:d5:d2:48:f2:f2:c1:29:fd:c8:07:3f:12:0e:c2:8a:41:7f:87:f7:f4:b6:a6:6c:7a:00:04:db:4e:a9:5c:34:88:95:70:03:68:ad:22:26:92:a9:9d:dd:51:17:d2:93:7f:ba:82:cf:a9:56:f2:19:64:02:fa:d6:e3:0f:a5:13:8a:cc:61:01:14:90:07:ab:22:78:3d:53:36:d8:66:da:c4:38:d5:6f:b0:1a:67:83:cd:29:c0:d1:1f:42:e3:77:06:b4:f3:b5:80:9a:e3:61:84:55:ce:de" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:21.495188000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495381.495188000", - "frame.time_delta": "0.060093000", - "frame.time_delta_displayed": "0.060093000", - "frame.time_relative": "1790.034502000", - "frame.number": "7229", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002db2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037cd", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "17910", - "tcp.ack": "83373", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000e151", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:cf:6a:00:27:6c:28", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812399466, TSecr 2583592": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812399466", - "tcp.options.timestamp.tsecr": "2583592" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7228", - "tcp.analysis.ack_rtt": "0.060093000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:21.495671000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495381.495671000", - "frame.time_delta": "0.000483000", - "frame.time_delta_displayed": "0.000483000", - "frame.time_relative": "1790.034985000", - "frame.number": "7230", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x000096bc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007628", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "155", - "tcp.seq": "83373", - "tcp.nxtseq": "83528", - "tcp.ack": "17910", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000ad22", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:6c:2e:a7:a1:cf:6a", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2583598, TSecr 2812399466": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2583598", - "tcp.options.timestamp.tsecr": "2812399466" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "155", - "tcp.analysis.push_bytes_sent": "155" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "150", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:58:65:ae:35:41:76:fa:f0:32:7b:12:ea:ae:da:08:1c:a6:1b:c3:89:d8:60:8a:a1:10:b5:d6:fd:6c:d5:21:12:2b:73:65:51:db:88:fe:48:ef:54:1b:7d:22:57:17:ef:97:31:de:47:3f:73:e8:06:bd:af:2e:b1:4f:cd:d0:66:ab:40:2f:00:70:57:a9:d0:7e:26:5c:a8:25:9b:da:7e:4e:a7:f9:ce:98:d5:81:75:5d:23:6a:80:78:83:52:98:56:d0:4c:ec:66:ce:ad:fd:a6:a3:a8:23:5e:2f:8b:94:14:a8:8a:f3:f7:d3:c9:e2:e6:03:a5:1d:80:55:94:66:54:4a:bc:9b:76:8a:a1:94:c8:23:c6:f5:f6:67:86" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:21.555755000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495381.555755000", - "frame.time_delta": "0.060084000", - "frame.time_delta_displayed": "0.060084000", - "frame.time_relative": "1790.095069000", - "frame.number": "7231", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002db3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037cc", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "17910", - "tcp.ack": "83528", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000e0a1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:cf:79:00:27:6c:2e", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812399481, TSecr 2583598": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812399481", - "tcp.options.timestamp.tsecr": "2583598" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7230", - "tcp.analysis.ack_rtt": "0.060084000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:22.214839000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495382.214839000", - "frame.time_delta": "0.659084000", - "frame.time_delta_displayed": "0.659084000", - "frame.time_relative": "1790.754153000", - "frame.number": "7232", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "106", - "ip.id": "0x000096bd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000768c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "54", - "tcp.seq": "83528", - "tcp.nxtseq": "83582", - "tcp.ack": "17910", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00001ab1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:6c:76:a7:a1:cf:79", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2583670, TSecr 2812399481": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2583670", - "tcp.options.timestamp.tsecr": "2812399481" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "54", - "tcp.analysis.push_bytes_sent": "54" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:59:98:5c:ab:14:22:d1:ac:16:27:dd:81:1a:b9:c3:bb:6c:1b:9a:1c:91:88:6f:ea:65:07:b1:bc:47:6a:c1:d1:bf:24:4b:06:b2:d7:a5:36:c5:45" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:22.275099000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495382.275099000", - "frame.time_delta": "0.060260000", - "frame.time_delta_displayed": "0.060260000", - "frame.time_relative": "1790.814413000", - "frame.number": "7233", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002db4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037cb", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "17910", - "tcp.ack": "83582", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000df6f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:d0:2d:00:27:6c:76", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812399661, TSecr 2583670": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812399661", - "tcp.options.timestamp.tsecr": "2583670" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7232", - "tcp.analysis.ack_rtt": "0.060260000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:23.173815000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495383.173815000", - "frame.time_delta": "0.898716000", - "frame.time_delta_displayed": "0.898716000", - "frame.time_relative": "1791.713129000", - "frame.number": "7234", - "frame.len": "146", - "frame.cap_len": "146", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "132", - "ip.id": "0x00002db5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000377a", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "80", - "tcp.seq": "17910", - "tcp.nxtseq": "17990", - "tcp.ack": "83582", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000b256", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:d1:0d:00:27:6c:76", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812399885, TSecr 2583670": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812399885", - "tcp.options.timestamp.tsecr": "2583670" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "80", - "tcp.analysis.push_bytes_sent": "80" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "75", - "ssl.app_data": "34:cd:34:17:47:48:0e:c6:32:96:70:8d:f4:65:2c:b9:b6:97:28:00:69:8c:ff:8b:a3:d3:51:88:9b:87:91:78:35:1f:d5:d5:aa:ce:f9:9f:66:81:eb:5f:b5:8a:05:1c:86:8d:d7:83:5e:15:14:8a:39:ec:50:d4:85:98:92:32:72:b4:89:e7:9f:1c:f7:d2:83:d0:aa" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:23.177688000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495383.177688000", - "frame.time_delta": "0.003873000", - "frame.time_delta_displayed": "0.003873000", - "frame.time_relative": "1791.717002000", - "frame.number": "7235", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x000096be", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007692", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "83582", - "tcp.nxtseq": "83629", - "tcp.ack": "17990", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000025ec", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:6c:d6:a7:a1:d1:0d", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2583766, TSecr 2812399885": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2583766", - "tcp.options.timestamp.tsecr": "2812399885" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7234", - "tcp.analysis.ack_rtt": "0.003873000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:5a:c9:63:69:ff:6b:26:90:9f:90:e2:f5:0d:e8:6a:50:b2:c2:03:50:75:ec:36:09:f0:9b:0a:69:d2:38:c1:db:3c:9c:aa" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:23.195317000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495383.195317000", - "frame.time_delta": "0.017629000", - "frame.time_delta_displayed": "0.017629000", - "frame.time_relative": "1791.734631000", - "frame.number": "7236", - "frame.len": "157", - "frame.cap_len": "157", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "143", - "ip.id": "0x0000e208", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000e7bf", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "10024", - "udp.dstport": "1900", - "udp.port": "10024", - "udp.port": "1900", - "udp.length": "123", - "udp.checksum": "0x00006e5f", - "udp.checksum.status": "2", - "udp.stream": "89" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.request.line": "MX: 4\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST:239.255.255.250:1900\r\n", - "http.request.line": "ST: urn:Belkin:device:controllee:1\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "7", - "http.prev_request_in": "7196" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:23.237799000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495383.237799000", - "frame.time_delta": "0.042482000", - "frame.time_delta_displayed": "0.042482000", - "frame.time_relative": "1791.777113000", - "frame.number": "7237", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002db6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037c9", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "17990", - "tcp.ack": "83629", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000dda0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:d1:1d:00:27:6c:d6", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812399901, TSecr 2583766": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812399901", - "tcp.options.timestamp.tsecr": "2583766" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7235", - "tcp.analysis.ack_rtt": "0.060111000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:23.238289000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495383.238289000", - "frame.time_delta": "0.000490000", - "frame.time_delta_displayed": "0.000490000", - "frame.time_relative": "1791.777603000", - "frame.number": "7238", - "frame.len": "174", - "frame.cap_len": "174", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "160", - "ip.id": "0x000096bf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007654", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "108", - "tcp.seq": "83629", - "tcp.nxtseq": "83737", - "tcp.ack": "17990", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00009bf3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:6c:dc:a7:a1:d1:1d", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2583772, TSecr 2812399901": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2583772", - "tcp.options.timestamp.tsecr": "2812399901" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "108", - "tcp.analysis.push_bytes_sent": "108" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:5b:36:93:20:2f:e9:a6:56:82:3a:2d:23:69:cd:ea:0a:ed:79:2c:26:4e:60:57:27:e8:59:dc:6b:58:3a:07:31:6c:80:cc:77:8a:c0:70:80:dc:11" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:5c:fb:cd:b3:42:eb:5b:56:c9:82:2b:73:03:c5:e7:03:68:dc:1b:77:d2:bb:9f:19:24:62:54:c2:b1:5c:be:a5:b0:15:fb:95:79:2c:7a:44:4f:75" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:23.298319000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495383.298319000", - "frame.time_delta": "0.060030000", - "frame.time_delta_displayed": "0.060030000", - "frame.time_relative": "1791.837633000", - "frame.number": "7239", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002db7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037c8", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "17990", - "tcp.ack": "83737", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000dd1e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:d1:2d:00:27:6c:dc", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812399917, TSecr 2583772": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812399917", - "tcp.options.timestamp.tsecr": "2583772" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7238", - "tcp.analysis.ack_rtt": "0.060030000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:23.338321000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495383.338321000", - "frame.time_delta": "0.040002000", - "frame.time_delta_displayed": "0.040002000", - "frame.time_relative": "1791.877635000", - "frame.number": "7240", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "94:10:3e:36:60:09", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "94:10:3e:36:60:09", - "arp.src.proto_ipv4": "192.168.0.225", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.242" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:23.338745000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495383.338745000", - "frame.time_delta": "0.000424000", - "frame.time_delta_displayed": "0.000424000", - "frame.time_relative": "1791.878059000", - "frame.number": "7241", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "94:10:3e:36:60:09", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "d0:52:a8:a3:60:0f", - "arp.src.proto_ipv4": "192.168.0.242", - "arp.dst.hw_mac": "94:10:3e:36:60:09", - "arp.dst.proto_ipv4": "192.168.0.225" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:23.347520000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495383.347520000", - "frame.time_delta": "0.008775000", - "frame.time_delta_displayed": "0.008775000", - "frame.time_relative": "1791.886834000", - "frame.number": "7242", - "frame.len": "450", - "frame.cap_len": "450", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "94:10:3e:36:60:09", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "436", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000b615", - "ip.checksum.status": "2", - "ip.src": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.src_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "3077", - "udp.dstport": "10024", - "udp.port": "3077", - "udp.port": "10024", - "udp.length": "416", - "udp.checksum": "0x0000f481", - "udp.checksum.status": "2", - "udp.stream": "93" - }, - "data": { - "data.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:41:43:48:45:2d:43:4f:4e:54:52:4f:4c:3a:20:6d:61:78:2d:61:67:65:3d:38:36:34:30:30:0d:0a:44:41:54:45:3a:20:57:65:64:2c:20:30:31:20:4e:6f:76:20:32:30:31:37:20:30:30:3a:31:36:3a:32:33:20:47:4d:54:0d:0a:45:58:54:3a:0d:0a:4c:4f:43:41:54:49:4f:4e:3a:20:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:32:32:35:3a:34:39:31:35:33:2f:73:65:74:75:70:2e:78:6d:6c:0d:0a:4f:50:54:3a:20:22:68:74:74:70:3a:2f:2f:73:63:68:65:6d:61:73:2e:75:70:6e:70:2e:6f:72:67:2f:75:70:6e:70:2f:31:2f:30:2f:22:3b:20:6e:73:3d:30:31:0d:0a:30:31:2d:4e:4c:53:3a:20:61:35:61:35:62:30:39:36:2d:31:64:64:31:2d:31:31:62:32:2d:62:64:62:38:2d:38:32:36:39:32:65:66:62:30:64:37:65:0d:0a:53:45:52:56:45:52:3a:20:55:6e:73:70:65:63:69:66:69:65:64:2c:20:55:50:6e:50:2f:31:2e:30:2c:20:55:6e:73:70:65:63:69:66:69:65:64:0d:0a:58:2d:55:73:65:72:2d:41:67:65:6e:74:3a:20:72:65:64:73:6f:6e:69:63:0d:0a:53:54:3a:20:75:72:6e:3a:42:65:6c:6b:69:6e:3a:64:65:76:69:63:65:3a:63:6f:6e:74:72:6f:6c:6c:65:65:3a:31:0d:0a:55:53:4e:3a:20:75:75:69:64:3a:53:6f:63:6b:65:74:2d:31:5f:30:2d:32:32:31:35:32:33:4b:30:31:30:30:42:31:31:3a:3a:75:72:6e:3a:42:65:6c:6b:69:6e:3a:64:65:76:69:63:65:3a:63:6f:6e:74:72:6f:6c:6c:65:65:3a:31:0d:0a:0d:0a", - "data.len": "408" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:23.361438000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495383.361438000", - "frame.time_delta": "0.013918000", - "frame.time_delta_displayed": "0.013918000", - "frame.time_relative": "1791.900752000", - "frame.number": "7243", - "frame.len": "231", - "frame.cap_len": "231", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "217", - "ip.id": "0x000096c0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000761a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "165", - "tcp.seq": "83737", - "tcp.nxtseq": "83902", - "tcp.ack": "17990", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00005923", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:6c:e8:a7:a1:d1:2d", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2583784, TSecr 2812399917": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2583784", - "tcp.options.timestamp.tsecr": "2812399917" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "165", - "tcp.analysis.push_bytes_sent": "165" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "160", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:5d:3c:d5:a4:a3:b4:5c:13:de:9c:be:09:8d:e8:16:b1:ed:fc:af:28:f0:fd:c5:78:9a:1d:b9:f8:08:95:20:31:e3:61:ee:9c:2e:e4:87:10:ce:ba:b7:78:4f:53:90:8c:35:25:40:ab:7d:88:c1:7b:dc:12:d0:1e:a3:2c:34:fd:05:31:b6:c0:95:a4:2c:f5:af:07:14:17:98:78:bb:bb:27:78:b5:63:78:5e:90:30:b1:8d:87:13:f9:4a:8d:56:d7:84:e1:cc:36:81:f2:ef:a0:8d:cb:c9:44:87:33:2f:3f:ae:f7:0e:d5:44:65:57:35:3a:e2:20:49:58:52:f4:e3:4b:55:29:49:99:03:85:c8:39:01:97:12:3b:91:5c:54:f2:50:38:ba:65:55:ad:d2" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:23.421636000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495383.421636000", - "frame.time_delta": "0.060198000", - "frame.time_delta_displayed": "0.060198000", - "frame.time_relative": "1791.960950000", - "frame.number": "7244", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002db8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037c7", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "17990", - "tcp.ack": "83902", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000dc4f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:d1:4b:00:27:6c:e8", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812399947, TSecr 2583784": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812399947", - "tcp.options.timestamp.tsecr": "2583784" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7243", - "tcp.analysis.ack_rtt": "0.060198000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:23.422123000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495383.422123000", - "frame.time_delta": "0.000487000", - "frame.time_delta_displayed": "0.000487000", - "frame.time_relative": "1791.961437000", - "frame.number": "7245", - "frame.len": "218", - "frame.cap_len": "218", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "204", - "ip.id": "0x000096c1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007626", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "152", - "tcp.seq": "83902", - "tcp.nxtseq": "84054", - "tcp.ack": "17990", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00000a76", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:6c:ee:a7:a1:d1:4b", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2583790, TSecr 2812399947": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2583790", - "tcp.options.timestamp.tsecr": "2812399947" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "152", - "tcp.analysis.push_bytes_sent": "152" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "147", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:5e:b6:9c:1c:11:24:43:73:fc:8b:ea:6a:ea:d3:18:7d:ee:67:9b:cd:c5:7c:ce:97:68:12:6e:fe:da:9e:49:b6:96:4d:46:f2:e9:d9:dd:8e:19:b2:95:2c:85:e6:05:d9:c0:92:4a:57:2e:f7:37:39:f5:d8:94:2e:32:3f:b3:6f:13:63:cd:41:48:65:f5:25:c8:f8:5b:d2:a4:05:fc:d8:58:d5:26:63:af:94:62:99:9b:35:5e:8e:b4:80:a0:98:be:b2:7b:6b:cb:f8:58:05:75:3a:d4:5f:85:a8:68:be:44:02:70:0c:82:a3:72:f1:a2:42:a4:21:20:bc:29:38:bc:68:62:a9:1c:25:44:71:c0:de:7e:ea" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:23.482346000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495383.482346000", - "frame.time_delta": "0.060223000", - "frame.time_delta_displayed": "0.060223000", - "frame.time_relative": "1792.021660000", - "frame.number": "7246", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002db9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037c6", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "17990", - "tcp.ack": "84054", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000dba1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:d1:5b:00:27:6c:ee", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812399963, TSecr 2583790": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812399963", - "tcp.options.timestamp.tsecr": "2583790" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7245", - "tcp.analysis.ack_rtt": "0.060223000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:23.482840000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495383.482840000", - "frame.time_delta": "0.000494000", - "frame.time_delta_displayed": "0.000494000", - "frame.time_relative": "1792.022154000", - "frame.number": "7247", - "frame.len": "227", - "frame.cap_len": "227", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "213", - "ip.id": "0x000096c2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000761c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "161", - "tcp.seq": "84054", - "tcp.nxtseq": "84215", - "tcp.ack": "17990", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000cd02", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:6c:f4:a7:a1:d1:5b", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2583796, TSecr 2812399963": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2583796", - "tcp.options.timestamp.tsecr": "2812399963" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "161", - "tcp.analysis.push_bytes_sent": "161" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "156", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:5f:03:b0:1d:95:29:b7:49:83:ef:cf:08:89:a0:84:51:3c:5f:a6:b0:ed:09:4b:33:5d:e9:7e:b1:33:61:27:8f:14:9a:f7:e8:57:72:46:47:69:92:4a:97:9f:ba:49:ce:fc:38:90:1c:80:dc:b3:f6:66:43:8f:60:02:ee:af:5e:86:74:92:14:32:3f:1b:7e:14:2a:97:62:06:11:89:1d:96:43:78:7a:45:22:54:31:78:eb:5b:37:ad:5f:1a:16:be:10:8d:66:7b:74:14:8a:66:c9:65:6b:9a:43:eb:3a:0b:84:32:ee:b2:ee:0b:18:ef:da:fe:0e:8b:8e:26:8d:a6:c9:2f:9c:ca:e4:4b:54:57:70:ac:30:f7:39:3d:9f:88:b3:80:5e:fe" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:23.542948000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495383.542948000", - "frame.time_delta": "0.060108000", - "frame.time_delta_displayed": "0.060108000", - "frame.time_relative": "1792.082262000", - "frame.number": "7248", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002dba", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037c5", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "17990", - "tcp.ack": "84215", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000daeb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:d1:6a:00:27:6c:f4", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812399978, TSecr 2583796": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812399978", - "tcp.options.timestamp.tsecr": "2583796" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7247", - "tcp.analysis.ack_rtt": "0.060108000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:23.543440000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495383.543440000", - "frame.time_delta": "0.000492000", - "frame.time_delta_displayed": "0.000492000", - "frame.time_relative": "1792.082754000", - "frame.number": "7249", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x000096c3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007621", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "155", - "tcp.seq": "84215", - "tcp.nxtseq": "84370", - "tcp.ack": "17990", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000527a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:6c:fa:a7:a1:d1:6a", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2583802, TSecr 2812399978": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2583802", - "tcp.options.timestamp.tsecr": "2812399978" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "155", - "tcp.analysis.push_bytes_sent": "155" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "150", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:60:a5:24:f5:f2:f3:ba:99:57:e6:db:40:a2:65:88:ca:54:7c:85:e7:53:13:80:dc:10:e7:2a:8c:34:cf:4e:8b:ba:df:d8:7b:6c:68:9e:c6:61:cb:23:ae:9a:38:67:9b:ed:d7:45:55:61:8f:91:3d:31:92:b3:c7:e2:30:99:7b:29:48:e6:45:11:75:c6:18:da:21:23:89:21:0d:24:82:48:82:28:2d:f4:1e:dc:c3:47:5c:83:51:3e:35:6c:4a:b2:ea:c4:2d:26:1d:65:b3:ac:85:03:aa:ad:4c:0f:5a:e3:85:e8:e5:f2:1e:68:7b:e9:28:b3:a7:01:1f:1d:af:c5:b4:15:d2:c4:12:e2:6f:cf:ab:05:1b:71:f3:73" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:23.604226000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495383.604226000", - "frame.time_delta": "0.060786000", - "frame.time_delta_displayed": "0.060786000", - "frame.time_relative": "1792.143540000", - "frame.number": "7250", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002dbb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037c4", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "17990", - "tcp.ack": "84370", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000da3b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:d1:79:00:27:6c:fa", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812399993, TSecr 2583802": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812399993", - "tcp.options.timestamp.tsecr": "2583802" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7249", - "tcp.analysis.ack_rtt": "0.060786000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:24.467661000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495384.467661000", - "frame.time_delta": "0.863435000", - "frame.time_delta_displayed": "0.863435000", - "frame.time_relative": "1793.006975000", - "frame.number": "7251", - "frame.len": "218", - "frame.cap_len": "218", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "204", - "ip.id": "0x000096c4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007623", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "152", - "tcp.seq": "84370", - "tcp.nxtseq": "84522", - "tcp.ack": "17990", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00009f8c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:6d:57:a7:a1:d1:79", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2583895, TSecr 2812399993": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2583895", - "tcp.options.timestamp.tsecr": "2812399993" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "152", - "tcp.analysis.push_bytes_sent": "152" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "147", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:61:07:7d:c3:a2:ab:3d:b7:e8:79:f3:65:67:a8:99:a7:2b:81:49:32:95:e7:c5:60:8d:08:ac:4d:72:7f:b1:f9:3c:87:4b:93:f5:8f:14:5e:eb:00:cf:6d:87:56:98:f5:5a:d0:01:00:5b:3d:61:d5:c9:5b:2b:98:42:23:90:c2:c3:5b:a5:34:83:01:f0:ff:ff:23:ed:f7:f0:a3:46:82:77:a7:b8:bf:d0:0b:15:85:eb:5a:b2:a2:42:ce:5c:9b:b5:3f:28:d9:b4:db:5b:50:bc:a2:b9:01:d3:d3:c4:62:5a:52:45:88:38:f7:6a:ea:23:0e:13:81:df:ff:1d:b4:50:c0:99:33:b2:d2:c2:00:6d:3b:23:a3" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:24.527916000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495384.527916000", - "frame.time_delta": "0.060255000", - "frame.time_delta_displayed": "0.060255000", - "frame.time_relative": "1793.067230000", - "frame.number": "7252", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002dbc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037c3", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "17990", - "tcp.ack": "84522", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000d85f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:d2:60:00:27:6d:57", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812400224, TSecr 2583895": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812400224", - "tcp.options.timestamp.tsecr": "2583895" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7251", - "tcp.analysis.ack_rtt": "0.060255000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:24.528406000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495384.528406000", - "frame.time_delta": "0.000490000", - "frame.time_delta_displayed": "0.000490000", - "frame.time_relative": "1793.067720000", - "frame.number": "7253", - "frame.len": "227", - "frame.cap_len": "227", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "213", - "ip.id": "0x000096c5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007619", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "161", - "tcp.seq": "84522", - "tcp.nxtseq": "84683", - "tcp.ack": "17990", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00001382", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:6d:5d:a7:a1:d2:60", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2583901, TSecr 2812400224": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2583901", - "tcp.options.timestamp.tsecr": "2812400224" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "161", - "tcp.analysis.push_bytes_sent": "161" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "156", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:62:c5:ae:c0:75:76:35:ed:97:09:90:0a:ff:16:b0:84:47:08:11:75:9e:17:19:89:33:f7:75:38:ed:c3:32:b2:ca:ce:7c:36:c1:4a:12:66:78:c6:0f:76:ff:02:a9:e2:01:8d:11:7c:8f:1d:60:bc:b2:aa:19:02:5d:f4:e1:01:aa:f0:1d:5f:b2:ef:cc:9b:28:59:61:a3:63:fb:2a:0e:8d:50:61:97:68:e0:ae:45:ab:aa:96:5a:39:3f:4b:c1:16:94:0a:d3:bc:29:b3:22:bb:d6:4d:46:e1:83:75:c8:3c:52:f9:91:a9:4c:92:55:45:ff:0a:78:25:25:bd:a3:53:92:de:69:a8:e7:64:29:26:37:d7:5d:3d:3f:b0:0a:6d:a8:7a:f4:b5" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:24.588804000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495384.588804000", - "frame.time_delta": "0.060398000", - "frame.time_delta_displayed": "0.060398000", - "frame.time_relative": "1793.128118000", - "frame.number": "7254", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002dbd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037c2", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "17990", - "tcp.ack": "84683", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000d7a9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:d2:6f:00:27:6d:5d", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812400239, TSecr 2583901": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812400239", - "tcp.options.timestamp.tsecr": "2583901" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7253", - "tcp.analysis.ack_rtt": "0.060398000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:24.589287000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495384.589287000", - "frame.time_delta": "0.000483000", - "frame.time_delta_displayed": "0.000483000", - "frame.time_relative": "1793.128601000", - "frame.number": "7255", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x000096c6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000761e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "155", - "tcp.seq": "84683", - "tcp.nxtseq": "84838", - "tcp.ack": "17990", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000c4cb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:6d:63:a7:a1:d2:6f", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2583907, TSecr 2812400239": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2583907", - "tcp.options.timestamp.tsecr": "2812400239" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "155", - "tcp.analysis.push_bytes_sent": "155" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "150", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:63:f6:db:37:f8:b0:92:bf:2d:54:b0:73:c7:2d:27:02:87:bf:24:19:71:cc:b0:a7:08:96:91:b8:2d:db:0d:1b:22:29:42:c4:bb:4e:be:52:f0:71:67:f3:7c:e5:07:af:16:95:bc:ef:7a:75:b7:3a:80:c2:3d:cd:69:bf:af:af:73:3c:72:0f:33:24:ff:a8:9b:56:53:97:a7:76:4c:7a:65:f9:7f:77:f1:be:8a:16:46:71:94:4c:7f:b9:89:18:06:a1:b7:5c:e7:80:e0:e5:5d:e5:0f:77:2f:51:34:4e:ae:7d:96:72:bc:8e:11:37:d8:ec:cf:cd:d9:b5:6c:d1:68:cf:04:fe:d6:a9:77:8c:7a:40:74:fd:f2:d6:9b" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:24.649885000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495384.649885000", - "frame.time_delta": "0.060598000", - "frame.time_delta_displayed": "0.060598000", - "frame.time_relative": "1793.189199000", - "frame.number": "7256", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002dbe", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037c1", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "17990", - "tcp.ack": "84838", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000d6f9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:d2:7e:00:27:6d:63", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812400254, TSecr 2583907": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812400254", - "tcp.options.timestamp.tsecr": "2583907" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7255", - "tcp.analysis.ack_rtt": "0.060598000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:25.213193000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495385.213193000", - "frame.time_delta": "0.563308000", - "frame.time_delta_displayed": "0.563308000", - "frame.time_relative": "1793.752507000", - "frame.number": "7257", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "106", - "ip.id": "0x000096c7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007682", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "54", - "tcp.seq": "84838", - "tcp.nxtseq": "84892", - "tcp.ack": "17990", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00001c26", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:6d:a1:a7:a1:d2:7e", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2583969, TSecr 2812400254": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2583969", - "tcp.options.timestamp.tsecr": "2812400254" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "54", - "tcp.analysis.push_bytes_sent": "54" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:64:94:7b:a0:5b:60:28:3c:a3:94:7f:ae:fe:63:a8:bc:2d:fb:58:d9:4c:78:f8:fb:97:f7:70:b2:e8:81:d4:ee:13:0d:5e:1c:d2:67:1d:63:90:ba" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:25.273819000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495385.273819000", - "frame.time_delta": "0.060626000", - "frame.time_delta_displayed": "0.060626000", - "frame.time_relative": "1793.813133000", - "frame.number": "7258", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002dbf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037c0", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "17990", - "tcp.ack": "84892", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000d5e9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:d3:1a:00:27:6d:a1", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812400410, TSecr 2583969": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812400410", - "tcp.options.timestamp.tsecr": "2583969" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7257", - "tcp.analysis.ack_rtt": "0.060626000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:26.174946000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495386.174946000", - "frame.time_delta": "0.901127000", - "frame.time_delta_displayed": "0.901127000", - "frame.time_relative": "1794.714260000", - "frame.number": "7259", - "frame.len": "142", - "frame.cap_len": "142", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "128", - "ip.id": "0x00002dc0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003773", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "76", - "tcp.seq": "17990", - "tcp.nxtseq": "18066", - "tcp.ack": "84892", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000fcb3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:d3:fc:00:27:6d:a1", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812400636, TSecr 2583969": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812400636", - "tcp.options.timestamp.tsecr": "2583969" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "76", - "tcp.analysis.push_bytes_sent": "76" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "71", - "ssl.app_data": "34:cd:34:17:47:48:0e:c7:cb:7a:db:61:dc:9c:47:f3:15:da:82:dc:94:fa:52:92:92:02:af:d7:a1:7a:dd:95:e2:7a:28:69:41:b3:72:a3:f9:39:1c:e0:d4:94:bd:05:3e:8a:39:15:1d:a4:72:aa:98:57:3f:4b:70:4e:17:00:76:84:af:59:2b:3b:12" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:26.178889000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495386.178889000", - "frame.time_delta": "0.003943000", - "frame.time_delta_displayed": "0.003943000", - "frame.time_relative": "1794.718203000", - "frame.number": "7260", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x000096c8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007688", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "84892", - "tcp.nxtseq": "84939", - "tcp.ack": "18066", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000c954", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:6e:02:a7:a1:d3:fc", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2584066, TSecr 2812400636": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2584066", - "tcp.options.timestamp.tsecr": "2812400636" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7259", - "tcp.analysis.ack_rtt": "0.003943000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:65:cf:e0:99:3c:37:75:6d:76:00:21:c9:16:f4:04:c4:d5:a8:95:ef:e4:eb:52:b9:1d:64:16:ec:0e:63:3d:1f:6e:1e:cd" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:26.193888000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495386.193888000", - "frame.time_delta": "0.014999000", - "frame.time_delta_displayed": "0.014999000", - "frame.time_relative": "1794.733202000", - "frame.number": "7261", - "frame.len": "153", - "frame.cap_len": "153", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "139", - "ip.id": "0x0000e301", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000e6ca", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "10023", - "udp.dstport": "1900", - "udp.port": "10023", - "udp.port": "1900", - "udp.length": "119", - "udp.checksum": "0x0000482d", - "udp.checksum.status": "2", - "udp.stream": "88" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.request.line": "MX: 4\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST:239.255.255.250:1900\r\n", - "http.request.line": "ST: urn:Belkin:device:sensor:1\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "8", - "http.prev_request_in": "7216" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:26.239077000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495386.239077000", - "frame.time_delta": "0.045189000", - "frame.time_delta_displayed": "0.045189000", - "frame.time_relative": "1794.778391000", - "frame.number": "7262", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002dc1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037be", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "18066", - "tcp.ack": "84939", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000d41b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:d4:0c:00:27:6e:02", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812400652, TSecr 2584066": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812400652", - "tcp.options.timestamp.tsecr": "2584066" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7260", - "tcp.analysis.ack_rtt": "0.060188000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:26.239560000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495386.239560000", - "frame.time_delta": "0.000483000", - "frame.time_delta_displayed": "0.000483000", - "frame.time_relative": "1794.778874000", - "frame.number": "7263", - "frame.len": "145", - "frame.cap_len": "145", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "131", - "ip.id": "0x000096c9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007667", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "79", - "tcp.seq": "84939", - "tcp.nxtseq": "85018", - "tcp.ack": "18066", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00008d9a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:6e:08:a7:a1:d4:0c", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2584072, TSecr 2812400652": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2584072", - "tcp.options.timestamp.tsecr": "2812400652" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "79", - "tcp.analysis.push_bytes_sent": "79" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "74", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:66:c2:87:45:34:da:87:af:cd:94:e6:74:16:22:16:55:65:50:8f:3d:24:44:37:b4:70:6f:9e:77:62:99:a6:42:cc:42:da:47:99:2a:65:c2:b3:5b:54:eb:8d:1b:0e:ef:14:53:83:d2:57:da:ee:87:61:e1:92:51:66:53:86:9f:51:40:d7" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:26.299909000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495386.299909000", - "frame.time_delta": "0.060349000", - "frame.time_delta_displayed": "0.060349000", - "frame.time_relative": "1794.839223000", - "frame.number": "7264", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002dc2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037bd", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "18066", - "tcp.ack": "85018", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000d3b7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:d4:1b:00:27:6e:08", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812400667, TSecr 2584072": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812400667", - "tcp.options.timestamp.tsecr": "2584072" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7263", - "tcp.analysis.ack_rtt": "0.060349000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:26.320591000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495386.320591000", - "frame.time_delta": "0.020682000", - "frame.time_delta_displayed": "0.020682000", - "frame.time_relative": "1794.859905000", - "frame.number": "7265", - "frame.len": "218", - "frame.cap_len": "218", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "204", - "ip.id": "0x000096ca", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000761d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "152", - "tcp.seq": "85018", - "tcp.nxtseq": "85170", - "tcp.ack": "18066", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00001769", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:6e:10:a7:a1:d4:1b", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2584080, TSecr 2812400667": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2584080", - "tcp.options.timestamp.tsecr": "2812400667" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "152", - "tcp.analysis.push_bytes_sent": "152" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "147", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:67:09:28:57:a4:6d:80:a4:23:fa:42:24:a5:35:0f:13:ef:60:a2:6c:ed:18:76:39:0d:c6:30:de:37:14:e6:f1:84:0b:39:7d:d0:97:32:07:11:fc:a0:c6:09:68:26:55:30:bd:ba:cc:e6:a7:6c:c9:db:7d:4f:7f:3f:5d:64:f5:68:3d:44:b5:5a:eb:ca:de:fd:ec:91:6a:f3:5f:67:a7:46:2b:21:17:9d:3b:cb:bd:bd:7f:99:0b:f4:c3:5b:2f:fd:94:e2:08:ac:0d:8c:d5:3c:d8:e3:ac:8a:b5:a6:bf:63:c0:7f:fe:46:aa:ff:a1:49:e0:09:18:19:a4:e2:06:7d:90:01:08:2b:44:5a:be:4d:fe:16:66" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:26.380694000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495386.380694000", - "frame.time_delta": "0.060103000", - "frame.time_delta_displayed": "0.060103000", - "frame.time_relative": "1794.920008000", - "frame.number": "7266", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002dc3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037bc", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "18066", - "tcp.ack": "85170", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000d303", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:d4:2f:00:27:6e:10", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812400687, TSecr 2584080": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812400687", - "tcp.options.timestamp.tsecr": "2584080" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7265", - "tcp.analysis.ack_rtt": "0.060103000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:26.381135000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495386.381135000", - "frame.time_delta": "0.000441000", - "frame.time_delta_displayed": "0.000441000", - "frame.time_relative": "1794.920449000", - "frame.number": "7267", - "frame.len": "227", - "frame.cap_len": "227", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "213", - "ip.id": "0x000096cb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007613", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "161", - "tcp.seq": "85170", - "tcp.nxtseq": "85331", - "tcp.ack": "18066", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000d4ef", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:6e:16:a7:a1:d4:2f", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2584086, TSecr 2812400687": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2584086", - "tcp.options.timestamp.tsecr": "2812400687" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "161", - "tcp.analysis.push_bytes_sent": "161" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "156", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:68:43:6e:e8:fa:8e:3d:bb:35:03:76:11:47:97:e7:3f:74:9c:a4:7a:0e:43:64:6d:33:86:9a:95:a6:f2:3f:99:ed:0c:53:4b:17:87:2d:c2:e6:d0:ca:1f:b9:bb:fd:72:6e:b0:25:0e:1d:fc:09:17:1a:b7:dc:37:07:02:9d:f2:a4:9c:e5:91:c6:91:d5:cd:31:48:91:fe:61:6f:6f:61:c5:71:98:99:f6:01:4d:a8:5a:14:fb:5f:4a:1e:e4:1d:99:93:1f:35:ec:bf:21:25:33:d5:63:e8:d8:bf:29:9b:18:7b:6b:cd:01:86:bd:55:41:f0:6e:17:6b:53:99:2e:05:49:70:cf:32:18:86:a6:09:19:55:20:75:82:4f:ed:57:6d:9d:9e:9c" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:26.441466000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495386.441466000", - "frame.time_delta": "0.060331000", - "frame.time_delta_displayed": "0.060331000", - "frame.time_relative": "1794.980780000", - "frame.number": "7268", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002dc4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037bb", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "18066", - "tcp.ack": "85331", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000d24d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:d4:3e:00:27:6e:16", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812400702, TSecr 2584086": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812400702", - "tcp.options.timestamp.tsecr": "2584086" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7267", - "tcp.analysis.ack_rtt": "0.060331000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:26.441955000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495386.441955000", - "frame.time_delta": "0.000489000", - "frame.time_delta_displayed": "0.000489000", - "frame.time_relative": "1794.981269000", - "frame.number": "7269", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x000096cc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007618", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "155", - "tcp.seq": "85331", - "tcp.nxtseq": "85486", - "tcp.ack": "18066", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000c279", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:6e:1c:a7:a1:d4:3e", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2584092, TSecr 2812400702": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2584092", - "tcp.options.timestamp.tsecr": "2812400702" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "155", - "tcp.analysis.push_bytes_sent": "155" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "150", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:69:40:58:51:86:cc:79:dd:54:50:98:d3:81:da:e3:8a:0c:c6:18:f3:2c:72:d9:07:41:24:d3:b1:76:6e:5c:ab:90:05:64:75:c6:9c:37:df:ad:60:9c:d3:f8:44:0e:89:8e:29:fe:6e:8d:69:0d:3c:62:3d:61:d4:ed:b2:fd:9f:2d:05:10:d5:fe:47:18:d6:0b:5e:4f:3c:8c:64:55:ea:41:6a:0f:43:91:58:a9:ac:c9:4b:ab:9d:c0:e9:43:2f:87:9c:fa:06:57:fb:35:7f:b6:8c:ba:f2:80:30:8d:5a:d0:21:13:35:b1:45:22:7d:9c:2f:97:e6:ea:45:92:65:1b:89:a2:8b:2b:2d:53:da:b3:36:25:ba:2c:ee:90" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:26.502213000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495386.502213000", - "frame.time_delta": "0.060258000", - "frame.time_delta_displayed": "0.060258000", - "frame.time_relative": "1795.041527000", - "frame.number": "7270", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002dc5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037ba", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "18066", - "tcp.ack": "85486", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000d19d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:d4:4d:00:27:6e:1c", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812400717, TSecr 2584092": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812400717", - "tcp.options.timestamp.tsecr": "2584092" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7269", - "tcp.analysis.ack_rtt": "0.060258000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:27.381871000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495387.381871000", - "frame.time_delta": "0.879658000", - "frame.time_delta_displayed": "0.879658000", - "frame.time_relative": "1795.921185000", - "frame.number": "7271", - "frame.len": "218", - "frame.cap_len": "218", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "204", - "ip.id": "0x000096cd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000761a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "152", - "tcp.seq": "85486", - "tcp.nxtseq": "85638", - "tcp.ack": "18066", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000dd0e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:6e:7a:a7:a1:d4:4d", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2584186, TSecr 2812400717": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2584186", - "tcp.options.timestamp.tsecr": "2812400717" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "152", - "tcp.analysis.push_bytes_sent": "152" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "147", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:6a:e2:a5:c6:cf:6a:a8:eb:12:29:47:09:ea:a7:cc:d9:89:31:2d:98:35:b8:2c:d3:cc:06:c1:5c:2a:8a:4b:dc:ee:77:0f:6a:00:34:59:e0:30:65:e1:35:be:90:8b:24:74:7d:76:38:0d:55:2f:97:d4:1e:41:de:3f:a5:44:1a:42:73:56:62:81:4c:9a:0c:c6:d1:64:3a:24:58:ff:91:28:1d:1f:ce:93:15:58:f4:8f:6d:98:1d:ca:4b:49:7f:66:99:42:7a:38:4e:b4:59:8d:12:79:ec:5d:41:3d:0a:63:06:7d:d4:b5:fe:96:43:e0:2a:e8:4d:ba:8f:17:2b:ef:bd:69:de:e0:2b:f7:70:57:43:64:c4" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:27.442082000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495387.442082000", - "frame.time_delta": "0.060211000", - "frame.time_delta_displayed": "0.060211000", - "frame.time_relative": "1795.981396000", - "frame.number": "7272", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002dc6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037b9", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "18066", - "tcp.ack": "85638", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000cfbc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:d5:38:00:27:6e:7a", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812400952, TSecr 2584186": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812400952", - "tcp.options.timestamp.tsecr": "2584186" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7271", - "tcp.analysis.ack_rtt": "0.060211000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:27.442573000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495387.442573000", - "frame.time_delta": "0.000491000", - "frame.time_delta_displayed": "0.000491000", - "frame.time_relative": "1795.981887000", - "frame.number": "7273", - "frame.len": "227", - "frame.cap_len": "227", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "213", - "ip.id": "0x000096ce", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007610", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "161", - "tcp.seq": "85638", - "tcp.nxtseq": "85799", - "tcp.ack": "18066", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000d3c4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:6e:80:a7:a1:d5:38", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2584192, TSecr 2812400952": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2584192", - "tcp.options.timestamp.tsecr": "2812400952" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "161", - "tcp.analysis.push_bytes_sent": "161" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "156", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:6b:b2:23:68:88:19:9d:ec:93:a0:62:d8:91:fd:0b:8b:a3:83:39:88:05:f7:f4:4c:37:30:14:1e:33:50:9e:44:b7:f7:7c:bb:53:e5:a4:b2:e2:18:e4:82:a6:10:7d:7c:4d:2a:93:ee:5b:91:57:bd:63:3b:fe:2d:d4:84:36:06:1a:8b:91:d0:15:2a:a4:aa:5a:80:49:3d:92:c5:20:23:57:82:20:be:6e:52:63:77:e1:fb:31:c5:6c:90:d5:57:ba:25:20:01:19:00:aa:b3:a9:a1:06:ff:67:e4:51:c3:02:94:37:aa:99:2a:d7:c2:4c:52:45:5c:31:41:54:b0:00:56:12:5b:c8:bb:b9:d9:b9:95:37:8a:b8:8a:2f:41:ca:f7:c4:6f:0e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:27.502797000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495387.502797000", - "frame.time_delta": "0.060224000", - "frame.time_delta_displayed": "0.060224000", - "frame.time_relative": "1796.042111000", - "frame.number": "7274", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002dc7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037b8", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "18066", - "tcp.ack": "85799", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000cf05", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:d5:48:00:27:6e:80", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812400968, TSecr 2584192": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812400968", - "tcp.options.timestamp.tsecr": "2584192" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7273", - "tcp.analysis.ack_rtt": "0.060224000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:27.503316000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495387.503316000", - "frame.time_delta": "0.000519000", - "frame.time_delta_displayed": "0.000519000", - "frame.time_relative": "1796.042630000", - "frame.number": "7275", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x000096cf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007615", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "155", - "tcp.seq": "85799", - "tcp.nxtseq": "85954", - "tcp.ack": "18066", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00004c32", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:6e:86:a7:a1:d5:48", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2584198, TSecr 2812400968": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2584198", - "tcp.options.timestamp.tsecr": "2812400968" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "155", - "tcp.analysis.push_bytes_sent": "155" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "150", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:6c:1a:46:45:c9:ea:d1:4a:08:39:db:cf:68:75:06:b7:17:f1:a7:67:1e:a5:b7:03:72:02:82:03:4a:d5:f2:dc:2a:80:d3:dc:db:e8:95:73:af:6f:d5:44:5c:8b:9f:b9:08:bf:b0:6e:f1:5f:55:11:1f:8d:a6:6f:eb:d0:42:48:c9:17:fe:e0:4e:50:92:7d:54:63:8d:ee:cb:c7:ce:db:af:da:50:24:aa:14:c2:85:7d:99:d8:e8:1c:0c:3a:ac:bb:03:81:44:51:5c:56:86:a0:c5:eb:cb:e4:45:f9:40:01:5c:6d:c9:c7:bf:0e:c7:0f:df:f2:63:d3:c7:d2:38:81:02:7f:70:60:31:72:ea:7a:50:b8:78:c4:11:83" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:27.563458000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495387.563458000", - "frame.time_delta": "0.060142000", - "frame.time_delta_displayed": "0.060142000", - "frame.time_relative": "1796.102772000", - "frame.number": "7276", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002dc8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037b7", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "18066", - "tcp.ack": "85954", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000ce55", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:d5:57:00:27:6e:86", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812400983, TSecr 2584198": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812400983", - "tcp.options.timestamp.tsecr": "2584198" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7275", - "tcp.analysis.ack_rtt": "0.060142000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:28.217866000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495388.217866000", - "frame.time_delta": "0.654408000", - "frame.time_delta_displayed": "0.654408000", - "frame.time_relative": "1796.757180000", - "frame.number": "7277", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "106", - "ip.id": "0x000096d0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007679", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "54", - "tcp.seq": "85954", - "tcp.nxtseq": "86008", - "tcp.ack": "18066", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00008035", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:6e:ce:a7:a1:d5:57", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2584270, TSecr 2812400983": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2584270", - "tcp.options.timestamp.tsecr": "2812400983" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "54", - "tcp.analysis.push_bytes_sent": "54" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:6d:29:d5:f3:e7:5b:13:b4:80:02:9f:31:b0:88:89:bf:f4:b6:f0:34:38:24:08:ba:03:00:a8:1e:52:60:a9:f3:eb:1c:77:e6:41:79:59:7f:e2:a7" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:28.278184000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495388.278184000", - "frame.time_delta": "0.060318000", - "frame.time_delta_displayed": "0.060318000", - "frame.time_relative": "1796.817498000", - "frame.number": "7278", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002dc9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037b6", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "18066", - "tcp.ack": "86008", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000cd25", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:d6:09:00:27:6e:ce", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812401161, TSecr 2584270": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812401161", - "tcp.options.timestamp.tsecr": "2584270" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7277", - "tcp.analysis.ack_rtt": "0.060318000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:28.348051000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495388.348051000", - "frame.time_delta": "0.069867000", - "frame.time_delta_displayed": "0.069867000", - "frame.time_relative": "1796.887365000", - "frame.number": "7279", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "94:10:3e:36:60:09", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "94:10:3e:36:60:09", - "arp.src.proto_ipv4": "192.168.0.225", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.242" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:28.348479000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495388.348479000", - "frame.time_delta": "0.000428000", - "frame.time_delta_displayed": "0.000428000", - "frame.time_relative": "1796.887793000", - "frame.number": "7280", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "94:10:3e:36:60:09", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "d0:52:a8:a3:60:0f", - "arp.src.proto_ipv4": "192.168.0.242", - "arp.dst.hw_mac": "94:10:3e:36:60:09", - "arp.dst.proto_ipv4": "192.168.0.225" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:28.850702000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495388.850702000", - "frame.time_delta": "0.502223000", - "frame.time_delta_displayed": "0.502223000", - "frame.time_relative": "1797.390016000", - "frame.number": "7281", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "3c:ef:8c:6f:79:5a", - "eth.src_tree": { - "eth.src_resolved": "Zhejiang_6f:79:5a", - "eth.addr": "3c:ef:8c:6f:79:5a", - "eth.addr_resolved": "Zhejiang_6f:79:5a", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.isgratuitous": "1", - "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", - "arp.src.proto_ipv4": "192.168.0.71", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.71" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:29.135750000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495389.135750000", - "frame.time_delta": "0.285048000", - "frame.time_delta_displayed": "0.285048000", - "frame.time_relative": "1797.675064000", - "frame.number": "7282", - "frame.len": "413", - "frame.cap_len": "413", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "399", - "ip.id": "0x000096d1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007553", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "347", - "tcp.seq": "86008", - "tcp.nxtseq": "86355", - "tcp.ack": "18066", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000066b8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:6f:2a:a7:a1:d6:09", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2584362, TSecr 2812401161": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2584362", - "tcp.options.timestamp.tsecr": "2812401161" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "347", - "tcp.analysis.push_bytes_sent": "347" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "342", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:6e:00:7c:9f:65:9a:91:2a:73:5b:3c:15:01:24:aa:19:03:74:17:22:9c:90:4b:a2:5b:6f:88:a5:8c:29:7e:17:1b:41:a2:66:68:1a:a8:c2:13:cc:b1:47:61:f6:66:6e:0f:d2:fe:64:17:87:54:4b:69:ec:5a:6e:73:46:5c:9f:4b:25:98:b9:bc:dd:15:2d:5e:9a:95:7e:99:f5:e1:93:8b:0b:98:64:15:eb:1b:a8:b0:6f:91:1e:76:f8:e3:fa:c2:24:52:36:cc:98:2a:67:e3:dc:89:79:77:7f:8c:9a:44:4c:41:21:f9:09:67:45:59:4d:69:b1:10:77:20:43:12:73:6d:52:4b:17:92:10:1e:de:b8:d4:53:ab:46:dc:ef:d3:74:75:55:b2:2a:bc:b0:28:a5:15:cd:86:47:b2:b2:fe:a2:36:3f:c0:d7:8b:f9:86:e8:a5:80:09:80:89:20:0e:cf:eb:91:37:3d:a6:b6:b7:66:88:77:18:8f:a3:1d:34:6f:90:13:c8:a1:20:2b:46:12:fb:97:98:27:b8:68:12:98:8b:40:0e:de:a0:db:3b:93:4d:5a:db:82:09:ad:b0:72:9f:bf:c6:06:cd:c4:44:e8:b8:40:9c:ed:9e:3a:62:b4:d2:b0:82:8d:6e:5c:46:43:16:e0:99:1e:3a:a4:cb:d8:93:73:23:80:69:73:11:08:0a:8a:96:cd:17:df:58:79:4e:65:5f:77:b0:2a:4e:6d:74:a2:d2:dc:69:49:6c:e3:83:54:46:02:3b:7d:c4:46:5c:62:f3:34:1b:41:08:a9:a9:2c:aa:27:eb:c0:1c:2d:e3:8f:ee:7d:1e:ec:4a:c1:eb:65:bc:76:87:13:0a:9d:8f:d3:7f:f3" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:29.186586000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495389.186586000", - "frame.time_delta": "0.050836000", - "frame.time_delta_displayed": "0.050836000", - "frame.time_relative": "1797.725900000", - "frame.number": "7283", - "frame.len": "147", - "frame.cap_len": "147", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "133", - "ip.id": "0x00002dca", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003764", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "81", - "tcp.seq": "18066", - "tcp.nxtseq": "18147", - "tcp.ack": "86008", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000eb3d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:d6:ed:00:27:6e:ce", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812401389, TSecr 2584270": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812401389", - "tcp.options.timestamp.tsecr": "2584270" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "81", - "tcp.analysis.push_bytes_sent": "81" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "76", - "ssl.app_data": "34:cd:34:17:47:48:0e:c8:e0:17:d7:1b:cb:33:8d:18:63:18:b3:10:9b:88:90:a8:67:05:01:93:82:48:1a:cb:09:50:b5:ca:39:88:8d:1d:4d:67:b4:9b:9c:d8:ee:f1:48:30:18:ba:7d:8f:b8:8a:6f:42:c6:db:c8:35:86:3f:e7:b8:48:1d:30:b1:d9:11:ea:cc:3d:73" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:29.195964000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495389.195964000", - "frame.time_delta": "0.009378000", - "frame.time_delta_displayed": "0.009378000", - "frame.time_relative": "1797.735278000", - "frame.number": "7284", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002dcb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037b4", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "18147", - "tcp.ack": "86355", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000ca37", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:d6:ef:00:27:6f:2a", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812401391, TSecr 2584362": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812401391", - "tcp.options.timestamp.tsecr": "2584362" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7282", - "tcp.analysis.ack_rtt": "0.060214000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:29.196396000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495389.196396000", - "frame.time_delta": "0.000432000", - "frame.time_delta_displayed": "0.000432000", - "frame.time_relative": "1797.735710000", - "frame.number": "7285", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x000096d2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000767e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "86355", - "tcp.nxtseq": "86402", - "tcp.ack": "18147", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000a186", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:6f:30:a7:a1:d6:ed", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2584368, TSecr 2812401389": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2584368", - "tcp.options.timestamp.tsecr": "2812401389" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7283", - "tcp.analysis.ack_rtt": "0.009810000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:6f:80:7b:2b:7d:b7:2b:dc:5d:b4:bb:90:88:9d:f0:fd:34:42:c4:7d:56:dd:23:a3:66:2e:20:0e:61:6f:e8:c4:7e:94:3e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:29.201712000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495389.201712000", - "frame.time_delta": "0.005316000", - "frame.time_delta_displayed": "0.005316000", - "frame.time_relative": "1797.741026000", - "frame.number": "7286", - "frame.len": "158", - "frame.cap_len": "158", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "144", - "ip.id": "0x0000e33a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000e68c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "10024", - "udp.dstport": "1900", - "udp.port": "10024", - "udp.port": "1900", - "udp.length": "124", - "udp.checksum": "0x000071e6", - "udp.checksum.status": "2", - "udp.stream": "89" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.request.line": "MX: 4\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST:239.255.255.250:1900\r\n", - "http.request.line": "ST: urn:Belkin:device:lightswitch:1\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "8", - "http.prev_request_in": "7236" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:29.206824000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495389.206824000", - "frame.time_delta": "0.005112000", - "frame.time_delta_displayed": "0.005112000", - "frame.time_relative": "1797.746138000", - "frame.number": "7287", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002dcc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003784", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "18147", - "tcp.nxtseq": "18194", - "tcp.ack": "86355", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00001a15", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:d6:f2:00:27:6f:2a", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812401394, TSecr 2584362": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812401394", - "tcp.options.timestamp.tsecr": "2584362" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:c9:73:83:6e:3a:a2:82:b9:2b:ec:3c:44:35:90:6d:d3:0c:63:f2:c0:75:52:e6:be:23:45:fc:7b:2f:05:40:e0:6d:78:d1" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:29.243716000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495389.243716000", - "frame.time_delta": "0.036892000", - "frame.time_delta_displayed": "0.036892000", - "frame.time_relative": "1797.783030000", - "frame.number": "7288", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x000096d3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000076ac", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "86402", - "tcp.ack": "18194", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000c8dc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:6f:35:a7:a1:d6:f2", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2584373, TSecr 2812401394": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2584373", - "tcp.options.timestamp.tsecr": "2812401394" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7287", - "tcp.analysis.ack_rtt": "0.036892000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:29.294263000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495389.294263000", - "frame.time_delta": "0.050547000", - "frame.time_delta_displayed": "0.050547000", - "frame.time_relative": "1797.833577000", - "frame.number": "7289", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002dcd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037b2", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "18194", - "tcp.ack": "86402", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000c9ba", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:d7:08:00:27:6f:30", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812401416, TSecr 2584368": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812401416", - "tcp.options.timestamp.tsecr": "2584368" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7285", - "tcp.analysis.ack_rtt": "0.097867000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:29.294732000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495389.294732000", - "frame.time_delta": "0.000469000", - "frame.time_delta_displayed": "0.000469000", - "frame.time_relative": "1797.834046000", - "frame.number": "7290", - "frame.len": "174", - "frame.cap_len": "174", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "160", - "ip.id": "0x000096d4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000763f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "108", - "tcp.seq": "86402", - "tcp.nxtseq": "86510", - "tcp.ack": "18194", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000960f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:6f:3a:a7:a1:d7:08", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2584378, TSecr 2812401416": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2584378", - "tcp.options.timestamp.tsecr": "2812401416" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "108", - "tcp.analysis.push_bytes_sent": "108" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:70:74:b7:70:62:8f:94:ff:9c:33:59:97:15:5d:86:38:61:43:68:ec:9f:7d:8d:76:f6:f7:38:ea:9e:bf:4a:3e:7d:3c:45:fc:bb:82:31:c7:fc:70" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:71:8f:f6:2b:fc:b2:9e:1c:7e:0a:09:25:42:73:a7:ed:6f:c9:15:9a:a0:bf:aa:38:c1:56:c2:5a:f4:7f:4c:dc:7d:65:30:cd:23:26:e6:2a:f5:26" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:29.354821000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495389.354821000", - "frame.time_delta": "0.060089000", - "frame.time_delta_displayed": "0.060089000", - "frame.time_relative": "1797.894135000", - "frame.number": "7291", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002dce", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037b1", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "18194", - "tcp.ack": "86510", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000c935", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:d7:17:00:27:6f:3a", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812401431, TSecr 2584378": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812401431", - "tcp.options.timestamp.tsecr": "2584378" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7290", - "tcp.analysis.ack_rtt": "0.060089000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:29.355318000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495389.355318000", - "frame.time_delta": "0.000497000", - "frame.time_delta_displayed": "0.000497000", - "frame.time_relative": "1797.894632000", - "frame.number": "7292", - "frame.len": "218", - "frame.cap_len": "218", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "204", - "ip.id": "0x000096d5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007612", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "152", - "tcp.seq": "86510", - "tcp.nxtseq": "86662", - "tcp.ack": "18194", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00007e02", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:6f:40:a7:a1:d7:17", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2584384, TSecr 2812401431": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2584384", - "tcp.options.timestamp.tsecr": "2812401431" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "152", - "tcp.analysis.push_bytes_sent": "152" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "147", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:72:41:fd:ab:c6:48:cb:44:4d:ec:cd:fb:cf:67:17:5a:67:5b:49:36:04:39:9f:db:2d:fc:5f:5e:d5:f4:fa:13:59:83:51:63:fd:a4:bc:9d:1b:bb:5c:0d:e6:be:4e:76:f5:29:d3:37:84:f6:cb:4c:3a:1c:a7:ca:a8:7d:31:76:7d:cd:c2:79:28:45:06:bf:ac:08:8e:e0:3e:3a:92:14:4b:74:e0:3d:62:05:06:8f:78:27:04:5b:e6:5c:07:7c:af:70:2d:87:cf:33:ca:ae:00:22:dd:f5:83:f3:83:5f:e6:0b:a6:d2:64:38:da:20:11:f4:ec:3d:08:18:82:6c:3d:e2:bb:81:57:88:72:68:08:57:4e:a2" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:29.415543000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495389.415543000", - "frame.time_delta": "0.060225000", - "frame.time_delta_displayed": "0.060225000", - "frame.time_relative": "1797.954857000", - "frame.number": "7293", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002dcf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037b0", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "18194", - "tcp.ack": "86662", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000c888", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:d7:26:00:27:6f:40", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812401446, TSecr 2584384": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812401446", - "tcp.options.timestamp.tsecr": "2584384" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7292", - "tcp.analysis.ack_rtt": "0.060225000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:29.415972000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495389.415972000", - "frame.time_delta": "0.000429000", - "frame.time_delta_displayed": "0.000429000", - "frame.time_relative": "1797.955286000", - "frame.number": "7294", - "frame.len": "227", - "frame.cap_len": "227", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "213", - "ip.id": "0x000096d6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007608", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "161", - "tcp.seq": "86662", - "tcp.nxtseq": "86823", - "tcp.ack": "18194", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000397e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:6f:46:a7:a1:d7:26", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2584390, TSecr 2812401446": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2584390", - "tcp.options.timestamp.tsecr": "2812401446" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "161", - "tcp.analysis.push_bytes_sent": "161" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "156", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:73:64:8a:1b:fe:14:60:e2:ae:28:74:2b:d5:35:3c:af:ce:a7:6c:48:6a:29:6e:53:1a:a2:60:07:13:47:17:b5:af:5d:48:36:13:94:50:b8:91:46:43:c2:99:f5:ab:4a:fa:d6:fa:18:71:fa:3f:08:64:04:fa:39:7c:2e:c6:1d:ac:3b:17:22:99:28:a6:62:0c:3d:6d:66:e4:05:16:05:51:63:05:08:5e:62:65:9c:61:dd:c5:e7:ff:f8:23:eb:28:73:c8:60:7d:31:86:88:e4:3e:f8:3b:a2:e8:ac:63:2d:02:8c:7f:15:85:31:20:e4:17:2e:e2:09:d8:1e:0a:ff:2b:d5:84:ec:10:64:48:3c:a2:05:4d:61:be:84:5b:a8:e7:9e:e2:48" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:29.476085000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495389.476085000", - "frame.time_delta": "0.060113000", - "frame.time_delta_displayed": "0.060113000", - "frame.time_relative": "1798.015399000", - "frame.number": "7295", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002dd0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037af", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "18194", - "tcp.ack": "86823", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000c7d2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:d7:35:00:27:6f:46", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812401461, TSecr 2584390": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812401461", - "tcp.options.timestamp.tsecr": "2584390" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7294", - "tcp.analysis.ack_rtt": "0.060113000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:29.476528000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495389.476528000", - "frame.time_delta": "0.000443000", - "frame.time_delta_displayed": "0.000443000", - "frame.time_relative": "1798.015842000", - "frame.number": "7296", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x000096d7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000760d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "155", - "tcp.seq": "86823", - "tcp.nxtseq": "86978", - "tcp.ack": "18194", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000b585", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:6f:4c:a7:a1:d7:35", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2584396, TSecr 2812401461": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2584396", - "tcp.options.timestamp.tsecr": "2812401461" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "155", - "tcp.analysis.push_bytes_sent": "155" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "150", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:74:66:ab:66:9c:e6:0d:63:ce:63:ef:a1:0d:4c:41:ef:de:c0:49:92:49:3b:9e:38:31:85:22:85:4a:0c:11:fa:a8:5c:88:fc:79:20:aa:88:ec:b7:10:67:6e:5c:90:f2:da:b7:ff:37:6a:34:aa:e5:ae:97:33:b4:1a:08:46:a6:cf:bc:ed:7a:58:ae:ec:36:2d:b6:5b:a2:b8:91:98:99:4e:32:44:1a:4b:0e:25:e2:ef:f6:d5:24:36:92:13:d2:9f:38:3f:e4:66:39:4a:17:09:d0:de:e9:21:18:df:6d:ce:0b:90:56:58:a3:bc:43:8d:06:83:42:f0:f8:a0:92:2c:f1:af:6c:d2:50:5f:28:19:41:b4:07:af:a5:82" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:29.536642000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495389.536642000", - "frame.time_delta": "0.060114000", - "frame.time_delta_displayed": "0.060114000", - "frame.time_relative": "1798.075956000", - "frame.number": "7297", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002dd1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037ae", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "18194", - "tcp.ack": "86978", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000c722", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:d7:44:00:27:6f:4c", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812401476, TSecr 2584396": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812401476", - "tcp.options.timestamp.tsecr": "2584396" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7296", - "tcp.analysis.ack_rtt": "0.060114000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:30.381928000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495390.381928000", - "frame.time_delta": "0.845286000", - "frame.time_delta_displayed": "0.845286000", - "frame.time_relative": "1798.921242000", - "frame.number": "7298", - "frame.len": "218", - "frame.cap_len": "218", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "204", - "ip.id": "0x000096d8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000760f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "152", - "tcp.seq": "86978", - "tcp.nxtseq": "87130", - "tcp.ack": "18194", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00009541", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:6f:a6:a7:a1:d7:44", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2584486, TSecr 2812401476": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2584486", - "tcp.options.timestamp.tsecr": "2812401476" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "152", - "tcp.analysis.push_bytes_sent": "152" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "147", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:75:ca:f4:c9:48:42:4a:0d:04:10:6e:36:ea:8d:23:8e:e6:d5:03:0d:71:df:17:77:a6:49:b4:e4:70:4a:6f:91:53:43:c6:9e:02:1d:f7:a4:f3:d0:d7:f2:0e:2f:43:e8:5f:88:59:93:60:78:48:7c:58:70:b1:f7:a7:01:87:bf:e0:e4:ab:40:22:a4:11:1d:fd:5d:58:a0:8d:c1:48:c5:24:a6:da:b8:e3:fc:0e:f6:e4:8a:31:cb:6b:19:a9:78:87:8f:b6:be:f3:6b:6e:47:b2:2d:6c:24:83:93:49:2e:7c:81:bc:51:45:75:36:a1:43:ad:e0:b7:66:63:e7:f3:63:52:70:86:98:21:00:ce:11:8b:93:de" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:30.442154000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495390.442154000", - "frame.time_delta": "0.060226000", - "frame.time_delta_displayed": "0.060226000", - "frame.time_relative": "1798.981468000", - "frame.number": "7299", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002dd2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037ad", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "18194", - "tcp.ack": "87130", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000c54e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:d8:26:00:27:6f:a6", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812401702, TSecr 2584486": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812401702", - "tcp.options.timestamp.tsecr": "2584486" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7298", - "tcp.analysis.ack_rtt": "0.060226000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:30.442641000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495390.442641000", - "frame.time_delta": "0.000487000", - "frame.time_delta_displayed": "0.000487000", - "frame.time_relative": "1798.981955000", - "frame.number": "7300", - "frame.len": "227", - "frame.cap_len": "227", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "213", - "ip.id": "0x000096d9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007605", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "161", - "tcp.seq": "87130", - "tcp.nxtseq": "87291", - "tcp.ack": "18194", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00007a76", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:6f:ac:a7:a1:d8:26", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2584492, TSecr 2812401702": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2584492", - "tcp.options.timestamp.tsecr": "2812401702" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "161", - "tcp.analysis.push_bytes_sent": "161" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "156", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:76:f7:36:eb:09:fe:52:58:e6:7c:ee:b4:73:71:7b:2b:5d:c6:e1:6d:e0:87:54:f1:e2:7a:d0:bd:23:f3:f9:49:08:4a:ce:dc:4d:87:e1:9b:2b:99:88:cb:41:c4:f9:44:ec:c0:c2:73:f3:46:b2:f6:ad:99:a2:e2:d3:b1:d8:36:d0:69:80:08:12:e4:f7:d9:61:06:d9:e0:19:56:8b:6d:19:b8:70:aa:40:f4:27:f0:80:85:d2:81:0b:93:1e:72:fd:d0:36:9a:d1:85:1b:e3:ba:a5:61:5d:61:04:b8:d1:10:9e:8c:bc:7e:f4:bc:ac:98:03:58:88:4f:67:70:6c:99:40:48:5b:14:2d:47:1d:2e:67:b8:f1:61:a7:30:b8:a5:fc:ff:8a:94" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:30.502796000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495390.502796000", - "frame.time_delta": "0.060155000", - "frame.time_delta_displayed": "0.060155000", - "frame.time_relative": "1799.042110000", - "frame.number": "7301", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002dd3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037ac", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "18194", - "tcp.ack": "87291", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000c497", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:d8:36:00:27:6f:ac", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812401718, TSecr 2584492": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812401718", - "tcp.options.timestamp.tsecr": "2584492" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7300", - "tcp.analysis.ack_rtt": "0.060155000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:30.503278000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495390.503278000", - "frame.time_delta": "0.000482000", - "frame.time_delta_displayed": "0.000482000", - "frame.time_relative": "1799.042592000", - "frame.number": "7302", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x000096da", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000760a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "155", - "tcp.seq": "87291", - "tcp.nxtseq": "87446", - "tcp.ack": "18194", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000b2e7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:6f:b2:a7:a1:d8:36", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2584498, TSecr 2812401718": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2584498", - "tcp.options.timestamp.tsecr": "2812401718" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "155", - "tcp.analysis.push_bytes_sent": "155" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "150", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:77:65:8e:17:9c:30:54:95:1d:5f:a7:ce:4a:8a:56:55:e7:fc:22:df:22:b3:f3:51:72:76:c4:ba:b0:bd:ba:1f:e9:4f:84:56:8e:aa:52:d9:48:08:11:24:0c:07:1d:e2:8d:69:53:5c:3a:88:1a:44:1b:27:1d:80:06:9f:8d:70:04:9e:9e:a9:e4:d8:07:34:6d:8f:63:54:28:5d:d7:fd:2a:d6:89:4b:82:3c:88:2e:98:b2:b7:dd:67:5a:5b:22:48:f3:06:e9:5b:cb:a1:12:4f:43:fa:60:bd:64:5c:01:5a:e9:8c:33:06:52:30:74:03:8c:ab:3b:9c:45:26:2b:82:84:dc:7a:ed:6a:c3:74:ee:c8:45:01:c0:76:3b" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:30.563485000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495390.563485000", - "frame.time_delta": "0.060207000", - "frame.time_delta_displayed": "0.060207000", - "frame.time_relative": "1799.102799000", - "frame.number": "7303", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002dd4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037ab", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "18194", - "tcp.ack": "87446", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000c3e7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:d8:45:00:27:6f:b2", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812401733, TSecr 2584498": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812401733", - "tcp.options.timestamp.tsecr": "2584498" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7302", - "tcp.analysis.ack_rtt": "0.060207000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:31.224631000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495391.224631000", - "frame.time_delta": "0.661146000", - "frame.time_delta_displayed": "0.661146000", - "frame.time_relative": "1799.763945000", - "frame.number": "7304", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "106", - "ip.id": "0x000096db", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000766e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "54", - "tcp.seq": "87446", - "tcp.nxtseq": "87500", - "tcp.ack": "18194", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000297f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:6f:fb:a7:a1:d8:45", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2584571, TSecr 2812401733": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2584571", - "tcp.options.timestamp.tsecr": "2812401733" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "54", - "tcp.analysis.push_bytes_sent": "54" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:78:4e:db:de:b8:45:3c:3f:df:d7:30:e3:bb:14:27:4e:10:a5:d9:e3:06:86:b3:eb:d5:f0:10:02:16:6f:2d:e8:3c:c9:9f:c1:03:49:04:42:a2:a6" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:31.284741000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495391.284741000", - "frame.time_delta": "0.060110000", - "frame.time_delta_displayed": "0.060110000", - "frame.time_relative": "1799.824055000", - "frame.number": "7305", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002dd5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037aa", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "18194", - "tcp.ack": "87500", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000c2b4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:d8:f9:00:27:6f:fb", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812401913, TSecr 2584571": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812401913", - "tcp.options.timestamp.tsecr": "2584571" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7304", - "tcp.analysis.ack_rtt": "0.060110000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:34.178691000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495394.178691000", - "frame.time_delta": "2.893950000", - "frame.time_delta_displayed": "2.893950000", - "frame.time_relative": "1802.718005000", - "frame.number": "7306", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005821", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a670", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "5117", - "tcp.ack": "649", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f03a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive": "", - "_ws.expert.message": "TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:34.223258000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495394.223258000", - "frame.time_delta": "0.044567000", - "frame.time_delta_displayed": "0.044567000", - "frame.time_relative": "1802.762572000", - "frame.number": "7307", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "106", - "ip.id": "0x000096dc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000766d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "54", - "tcp.seq": "87500", - "tcp.nxtseq": "87554", - "tcp.ack": "18194", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000004e3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:71:26:a7:a1:d8:f9", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2584870, TSecr 2812401913": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2584870", - "tcp.options.timestamp.tsecr": "2812401913" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "54", - "tcp.analysis.push_bytes_sent": "54" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:79:da:0b:9c:3e:bb:7c:31:8a:16:26:7a:72:9c:fd:97:b9:ed:25:60:66:9b:7e:65:bd:8a:e3:5d:fc:3c:ba:28:14:3a:77:fe:1e:71:51:6c:3b:7d" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:34.283310000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495394.283310000", - "frame.time_delta": "0.060052000", - "frame.time_delta_displayed": "0.060052000", - "frame.time_relative": "1802.822624000", - "frame.number": "7308", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002dd6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037a9", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "18194", - "tcp.ack": "87554", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000be65", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:db:e7:00:27:71:26", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812402663, TSecr 2584870": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812402663", - "tcp.options.timestamp.tsecr": "2584870" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7307", - "tcp.analysis.ack_rtt": "0.060052000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:34.322576000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495394.322576000", - "frame.time_delta": "0.039266000", - "frame.time_delta_displayed": "0.039266000", - "frame.time_relative": "1802.861890000", - "frame.number": "7309", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001006", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fd8b", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "649", - "tcp.ack": "5118", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000faaf", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive_ack": "", - "_ws.expert.message": "ACK to a TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:34.420297000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495394.420297000", - "frame.time_delta": "0.097721000", - "frame.time_delta_displayed": "0.097721000", - "frame.time_relative": "1802.959611000", - "frame.number": "7310", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x000047c8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000818f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:34.472933000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495394.472933000", - "frame.time_delta": "0.052636000", - "frame.time_delta_displayed": "0.052636000", - "frame.time_relative": "1803.012247000", - "frame.number": "7311", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x000047cc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000818b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:34.525766000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495394.525766000", - "frame.time_delta": "0.052833000", - "frame.time_delta_displayed": "0.052833000", - "frame.time_relative": "1803.065080000", - "frame.number": "7312", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x000047cd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00008181", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:34.578937000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495394.578937000", - "frame.time_delta": "0.053171000", - "frame.time_delta_displayed": "0.053171000", - "frame.time_relative": "1803.118251000", - "frame.number": "7313", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x000047cf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000817f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:34.619492000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495394.619492000", - "frame.time_delta": "0.040555000", - "frame.time_delta_displayed": "0.040555000", - "frame.time_relative": "1803.158806000", - "frame.number": "7314", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x0000fd0f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000bb65", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47627", - "tcp.dstport": "80", - "tcp.port": "47627", - "tcp.port": "80", - "tcp.stream": "290", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x00001f7c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:92:c4:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 955076, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "955076", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:34.620052000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495394.620052000", - "frame.time_delta": "0.000560000", - "frame.time_delta_displayed": "0.000560000", - "frame.time_relative": "1803.159366000", - "frame.number": "7315", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47627", - "tcp.port": "80", - "tcp.port": "47627", - "tcp.stream": "290", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000b20e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7314", - "tcp.analysis.ack_rtt": "0.000560000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:34.628766000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495394.628766000", - "frame.time_delta": "0.008714000", - "frame.time_delta_displayed": "0.008714000", - "frame.time_relative": "1803.168080000", - "frame.number": "7316", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000fd10", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000bb78", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47627", - "tcp.dstport": "80", - "tcp.port": "47627", - "tcp.port": "80", - "tcp.stream": "290", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00006396", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7315", - "tcp.analysis.ack_rtt": "0.008714000", - "tcp.analysis.initial_rtt": "0.009274000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:34.629635000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495394.629635000", - "frame.time_delta": "0.000869000", - "frame.time_delta_displayed": "0.000869000", - "frame.time_relative": "1803.168949000", - "frame.number": "7317", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x0000fd11", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000bab7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47627", - "tcp.dstport": "80", - "tcp.port": "47627", - "tcp.port": "80", - "tcp.stream": "290", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000c310", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.009274000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:34.630244000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495394.630244000", - "frame.time_delta": "0.000609000", - "frame.time_delta_displayed": "0.000609000", - "frame.time_relative": "1803.169558000", - "frame.number": "7318", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00009e14", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001a75", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47627", - "tcp.port": "80", - "tcp.port": "47627", - "tcp.stream": "290", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00005565", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7317", - "tcp.analysis.ack_rtt": "0.000609000", - "tcp.analysis.initial_rtt": "0.009274000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:34.630837000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495394.630837000", - "frame.time_delta": "0.000593000", - "frame.time_delta_displayed": "0.000593000", - "frame.time_relative": "1803.170151000", - "frame.number": "7319", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00009e15", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001a63", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47627", - "tcp.port": "80", - "tcp.port": "47627", - "tcp.stream": "290", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00009586", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.009274000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:34.631222000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495394.631222000", - "frame.time_delta": "0.000385000", - "frame.time_delta_displayed": "0.000385000", - "frame.time_relative": "1803.170536000", - "frame.number": "7320", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00009e16", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001690", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47627", - "tcp.port": "80", - "tcp.port": "47627", - "tcp.stream": "290", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000e7ef", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.009274000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "7319", - "tcp.segment": "7320", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001587000", - "http.request_in": "7317", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:34.631847000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495394.631847000", - "frame.time_delta": "0.000625000", - "frame.time_delta_displayed": "0.000625000", - "frame.time_relative": "1803.171161000", - "frame.number": "7321", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x000047d2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00008182", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:34.635507000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495394.635507000", - "frame.time_delta": "0.003660000", - "frame.time_delta_displayed": "0.003660000", - "frame.time_relative": "1803.174821000", - "frame.number": "7322", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000fd12", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000bb76", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47627", - "tcp.dstport": "80", - "tcp.port": "47627", - "tcp.port": "80", - "tcp.stream": "290", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000062c5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7319", - "tcp.analysis.ack_rtt": "0.004670000", - "tcp.analysis.initial_rtt": "0.009274000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:34.684762000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495394.684762000", - "frame.time_delta": "0.049255000", - "frame.time_delta_displayed": "0.049255000", - "frame.time_relative": "1803.224076000", - "frame.number": "7323", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x000047d5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000817f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:34.805675000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495394.805675000", - "frame.time_delta": "0.120913000", - "frame.time_delta_displayed": "0.120913000", - "frame.time_relative": "1803.344989000", - "frame.number": "7324", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000fd13", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000bb75", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47627", - "tcp.dstport": "80", - "tcp.port": "47627", - "tcp.port": "80", - "tcp.stream": "290", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00005eda", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7320", - "tcp.analysis.ack_rtt": "0.174453000", - "tcp.analysis.initial_rtt": "0.009274000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:34.806457000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495394.806457000", - "frame.time_delta": "0.000782000", - "frame.time_delta_displayed": "0.000782000", - "frame.time_relative": "1803.345771000", - "frame.number": "7325", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000fd14", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000bb74", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47627", - "tcp.dstport": "80", - "tcp.port": "47627", - "tcp.port": "80", - "tcp.stream": "290", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00005ed9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:34.806920000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495394.806920000", - "frame.time_delta": "0.000463000", - "frame.time_delta_displayed": "0.000463000", - "frame.time_relative": "1803.346234000", - "frame.number": "7326", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001b54", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009d35", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47627", - "tcp.port": "80", - "tcp.port": "47627", - "tcp.stream": "290", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000516f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7325", - "tcp.analysis.ack_rtt": "0.000463000", - "tcp.analysis.initial_rtt": "0.009274000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:34.811125000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495394.811125000", - "frame.time_delta": "0.004205000", - "frame.time_delta_displayed": "0.004205000", - "frame.time_relative": "1803.350439000", - "frame.number": "7327", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002eee", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000899b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47627", - "tcp.dstport": "80", - "tcp.port": "47627", - "tcp.port": "80", - "tcp.stream": "290", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000196e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:34.817036000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495394.817036000", - "frame.time_delta": "0.005911000", - "frame.time_delta_displayed": "0.005911000", - "frame.time_relative": "1803.356350000", - "frame.number": "7328", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x0000d962", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000df12", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47628", - "tcp.dstport": "80", - "tcp.port": "47628", - "tcp.port": "80", - "tcp.stream": "291", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "65535", - "tcp.window_size": "65535", - "tcp.checksum": "0x0000f465", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:0e:92:d8:00:00:00:00:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 955096, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "955096", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:34.817551000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495394.817551000", - "frame.time_delta": "0.000515000", - "frame.time_delta_displayed": "0.000515000", - "frame.time_relative": "1803.356865000", - "frame.number": "7329", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47628", - "tcp.port": "80", - "tcp.port": "47628", - "tcp.stream": "291", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00000eeb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7328", - "tcp.analysis.ack_rtt": "0.000515000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:34.821162000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495394.821162000", - "frame.time_delta": "0.003611000", - "frame.time_delta_displayed": "0.003611000", - "frame.time_relative": "1803.360476000", - "frame.number": "7330", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d963", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000df25", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47628", - "tcp.dstport": "80", - "tcp.port": "47628", - "tcp.port": "80", - "tcp.stream": "291", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000c072", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7329", - "tcp.analysis.ack_rtt": "0.003611000", - "tcp.analysis.initial_rtt": "0.004126000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:34.821569000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495394.821569000", - "frame.time_delta": "0.000407000", - "frame.time_delta_displayed": "0.000407000", - "frame.time_relative": "1803.360883000", - "frame.number": "7331", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x0000d964", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000de64", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47628", - "tcp.dstport": "80", - "tcp.port": "47628", - "tcp.port": "80", - "tcp.stream": "291", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00001fed", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004126000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160:80", - "http.request.line": "HOST: 192.168.0.160:80\r\n", - "http.accept_language": "en-us", - "http.request.line": "ACCEPT-LANGUAGE: en-us\r\n", - "http.connection": "Keep-Alive", - "http.request.line": "Connection: Keep-Alive\r\n", - "http.user_agent": "DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0", - "http.request.line": "USER-AGENT: DLNADOC\/1.51 SEC_HHP_[Phone]Samsung Galaxy S7 edge\/1.0\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.request.line": "Content-Length: 0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160:80\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:34.822062000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495394.822062000", - "frame.time_delta": "0.000493000", - "frame.time_delta_displayed": "0.000493000", - "frame.time_relative": "1803.361376000", - "frame.number": "7332", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000010b1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a7d8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47628", - "tcp.port": "80", - "tcp.port": "47628", - "tcp.stream": "291", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000b241", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7331", - "tcp.analysis.ack_rtt": "0.000493000", - "tcp.analysis.initial_rtt": "0.004126000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:34.822706000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495394.822706000", - "frame.time_delta": "0.000644000", - "frame.time_delta_displayed": "0.000644000", - "frame.time_relative": "1803.362020000", - "frame.number": "7333", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x000010b2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a7c6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47628", - "tcp.port": "80", - "tcp.port": "47628", - "tcp.stream": "291", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000f262", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004126000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:34.823074000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495394.823074000", - "frame.time_delta": "0.000368000", - "frame.time_delta_displayed": "0.000368000", - "frame.time_relative": "1803.362388000", - "frame.number": "7334", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x000010b3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a3f3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47628", - "tcp.port": "80", - "tcp.port": "47628", - "tcp.stream": "291", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000044cc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004126000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "7333", - "tcp.segment": "7334", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001505000", - "http.request_in": "7331", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:34.829414000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495394.829414000", - "frame.time_delta": "0.006340000", - "frame.time_delta_displayed": "0.006340000", - "frame.time_relative": "1803.368728000", - "frame.number": "7335", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d965", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000df23", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47628", - "tcp.dstport": "80", - "tcp.port": "47628", - "tcp.port": "80", - "tcp.stream": "291", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "18", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "343", - "tcp.window_size": "87808", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000bfa1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7333", - "tcp.analysis.ack_rtt": "0.006708000", - "tcp.analysis.initial_rtt": "0.004126000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:34.829542000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495394.829542000", - "frame.time_delta": "0.000128000", - "frame.time_delta_displayed": "0.000128000", - "frame.time_relative": "1803.368856000", - "frame.number": "7336", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d966", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000df22", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47628", - "tcp.dstport": "80", - "tcp.port": "47628", - "tcp.port": "80", - "tcp.stream": "291", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000bbb6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7334", - "tcp.analysis.ack_rtt": "0.006468000", - "tcp.analysis.initial_rtt": "0.004126000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:34.830028000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495394.830028000", - "frame.time_delta": "0.000486000", - "frame.time_delta_displayed": "0.000486000", - "frame.time_relative": "1803.369342000", - "frame.number": "7337", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d967", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000df21", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47628", - "tcp.dstport": "80", - "tcp.port": "47628", - "tcp.port": "80", - "tcp.stream": "291", - "tcp.len": "0", - "tcp.seq": "193", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "350", - "tcp.window_size": "89600", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000bbb5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:34.830462000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495394.830462000", - "frame.time_delta": "0.000434000", - "frame.time_delta_displayed": "0.000434000", - "frame.time_relative": "1803.369776000", - "frame.number": "7338", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:f1:89:96:45:f6", - "eth.dst_tree": { - "eth.dst_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001b56", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009d33", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.dst_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "47628", - "tcp.port": "80", - "tcp.port": "47628", - "tcp.stream": "291", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "194", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000ae4b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7337", - "tcp.analysis.ack_rtt": "0.000434000", - "tcp.analysis.initial_rtt": "0.004126000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:34.833805000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495394.833805000", - "frame.time_delta": "0.003343000", - "frame.time_delta_displayed": "0.003343000", - "frame.time_relative": "1803.373119000", - "frame.number": "7339", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002ef0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008999", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "47628", - "tcp.dstport": "80", - "tcp.port": "47628", - "tcp.port": "80", - "tcp.stream": "291", - "tcp.len": "0", - "tcp.seq": "194", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000ee6b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:35.175008000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495395.175008000", - "frame.time_delta": "0.341203000", - "frame.time_delta_displayed": "0.341203000", - "frame.time_relative": "1803.714322000", - "frame.number": "7340", - "frame.len": "103", - "frame.cap_len": "103", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "89", - "ip.id": "0x00005d96", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00007c03", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "69", - "udp.checksum": "0x00000f59", - "udp.checksum.status": "2", - "udp.stream": "38" - }, - "mdns": { - "dns.id": "0x00000003", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_FFACD959._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_FFACD959._sub._googlecast._tcp.local", - "dns.qry.name.len": "37", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:36.717604000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495396.717604000", - "frame.time_delta": "1.542596000", - "frame.time_delta_displayed": "1.542596000", - "frame.time_relative": "1805.256918000", - "frame.number": "7341", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005e59", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x00005990", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:38.061467000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495398.061467000", - "frame.time_delta": "1.343863000", - "frame.time_delta_displayed": "1.343863000", - "frame.time_relative": "1806.600781000", - "frame.number": "7342", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "60:f1:89:96:45:f6", - "arp.src.proto_ipv4": "192.168.0.86", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:39.330257000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495399.330257000", - "frame.time_delta": "1.268790000", - "frame.time_delta_displayed": "1.268790000", - "frame.time_relative": "1807.869571000", - "frame.number": "7343", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.160" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:39.330655000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495399.330655000", - "frame.time_delta": "0.000398000", - "frame.time_delta_displayed": "0.000398000", - "frame.time_relative": "1807.869969000", - "frame.number": "7344", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "00:17:88:69:ee:e4", - "arp.src.proto_ipv4": "192.168.0.160", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:40.200407000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495400.200407000", - "frame.time_delta": "0.869752000", - "frame.time_delta_displayed": "0.869752000", - "frame.time_relative": "1808.739721000", - "frame.number": "7345", - "frame.len": "80", - "frame.cap_len": "80", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "66", - "ip.id": "0x00000b9c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ed26", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "46", - "udp.checksum": "0x00009146", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "26:00:00:54:42:52:4b:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:00:c4:ea:e2:71:11:ce:f2:14:6f:00:00:00:92:0c", - "data.len": "38" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:47.671970000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495407.671970000", - "frame.time_delta": "7.471563000", - "frame.time_delta_displayed": "7.471563000", - "frame.time_relative": "1816.211284000", - "frame.number": "7346", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001fb1", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b83f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000116d", - "udp.checksum.status": "2", - "udp.stream": "98" - }, - "mdns": { - "dns.id": "0x00000288", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=648", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:47.672513000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495407.672513000", - "frame.time_delta": "0.000543000", - "frame.time_delta_displayed": "0.000543000", - "frame.time_relative": "1816.211827000", - "frame.number": "7347", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001fb2", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000993a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f268", - "udp.checksum.status": "2", - "udp.stream": "99" - }, - "mdns": { - "dns.id": "0x00000288", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=648", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:47.673125000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495407.673125000", - "frame.time_delta": "0.000612000", - "frame.time_delta_displayed": "0.000612000", - "frame.time_relative": "1816.212439000", - "frame.number": "7348", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1322", - "udp.dstport": "5353", - "udp.port": "1322", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000802e", - "udp.checksum.status": "2", - "udp.stream": "100" - }, - "mdns": { - "dns.id": "0x00000288", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=648", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:52.672276000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495412.672276000", - "frame.time_delta": "4.999151000", - "frame.time_delta_displayed": "4.999151000", - "frame.time_relative": "1821.211590000", - "frame.number": "7349", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001fb3", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b83d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000116d", - "udp.checksum.status": "2", - "udp.stream": "98" - }, - "mdns": { - "dns.id": "0x00000288", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=648", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:52.672803000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495412.672803000", - "frame.time_delta": "0.000527000", - "frame.time_delta_displayed": "0.000527000", - "frame.time_relative": "1821.212117000", - "frame.number": "7350", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001fb4", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009938", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f268", - "udp.checksum.status": "2", - "udp.stream": "99" - }, - "mdns": { - "dns.id": "0x00000288", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=648", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:52.673424000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495412.673424000", - "frame.time_delta": "0.000621000", - "frame.time_delta_displayed": "0.000621000", - "frame.time_relative": "1821.212738000", - "frame.number": "7351", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1322", - "udp.dstport": "5353", - "udp.port": "1322", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000802e", - "udp.checksum.status": "2", - "udp.stream": "100" - }, - "mdns": { - "dns.id": "0x00000288", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=648", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:55.176508000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495415.176508000", - "frame.time_delta": "2.503084000", - "frame.time_delta_displayed": "2.503084000", - "frame.time_relative": "1823.715822000", - "frame.number": "7352", - "frame.len": "103", - "frame.cap_len": "103", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "89", - "ip.id": "0x00006138", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00007861", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "5353", - "udp.dstport": "5353", - "udp.port": "5353", - "udp.port": "5353", - "udp.length": "69", - "udp.checksum": "0x00000f59", - "udp.checksum.status": "2", - "udp.stream": "38" - }, - "mdns": { - "dns.id": "0x00000003", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "_FFACD959._sub._googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_FFACD959._sub._googlecast._tcp.local", - "dns.qry.name.len": "37", - "dns.count.labels": "5", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - }, - "_googlecast._tcp.local: type PTR, class IN, \"QM\" question": { - "dns.qry.name": "_googlecast._tcp.local", - "dns.qry.name.len": "22", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:57.009066000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495417.009066000", - "frame.time_delta": "1.832558000", - "frame.time_delta_displayed": "1.832558000", - "frame.time_relative": "1825.548380000", - "frame.number": "7353", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:igmp:igmp" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_16", - "eth.addr": "01:00:5e:00:00:16", - "eth.addr_resolved": "IPv4mcast_16", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "24", - "ip.dsfield": "0x000000c0", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "48", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "2", - "ip.checksum": "0x000042fb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "224.0.0.22", - "ip.addr": "224.0.0.22", - "ip.dst_host": "224.0.0.22", - "ip.host": "224.0.0.22", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "Options: (4 bytes), Router Alert": { - "Router Alert (4 bytes): Router shall examine packet (0)": { - "ip.opt.type": "148", - "ip.opt.type_tree": { - "ip.opt.type.copy": "1", - "ip.opt.type.class": "0", - "ip.opt.type.number": "20" - }, - "ip.opt.len": "4", - "ip.opt.ra": "0" - } - } - }, - "igmp": { - "igmp.version": "3", - "igmp.type": "0x00000022", - "igmp.reserved": "00", - "igmp.checksum": "0x0000eb03", - "igmp.checksum.status": "1", - "igmp.reserved": "00:00", - "igmp.num_grp_recs": "1", - "Group Record : 239.255.255.250 Change To Include Mode": { - "igmp.record_type": "3", - "igmp.aux_data_len": "0", - "igmp.num_src": "0", - "igmp.maddr": "239.255.255.250" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:57.009195000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495417.009195000", - "frame.time_delta": "0.000129000", - "frame.time_delta_displayed": "0.000129000", - "frame.time_relative": "1825.548509000", - "frame.number": "7354", - "frame.len": "62", - "frame.cap_len": "62", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:igmp:igmp" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_16", - "eth.addr": "01:00:5e:00:00:16", - "eth.addr_resolved": "IPv4mcast_16", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "24", - "ip.dsfield": "0x000000c0", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "48", - "ip.dsfield.ecn": "0" - }, - "ip.len": "48", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "2", - "ip.checksum": "0x000042f3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "224.0.0.22", - "ip.addr": "224.0.0.22", - "ip.dst_host": "224.0.0.22", - "ip.host": "224.0.0.22", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "Options: (4 bytes), Router Alert": { - "Router Alert (4 bytes): Router shall examine packet (0)": { - "ip.opt.type": "148", - "ip.opt.type_tree": { - "ip.opt.type.copy": "1", - "ip.opt.type.class": "0", - "ip.opt.type.number": "20" - }, - "ip.opt.len": "4", - "ip.opt.ra": "0" - } - } - }, - "igmp": { - "igmp.version": "3", - "igmp.type": "0x00000022", - "igmp.reserved": "00", - "igmp.checksum": "0x00000707", - "igmp.checksum.status": "1", - "igmp.reserved": "00:00", - "igmp.num_grp_recs": "2", - "Group Record : 224.0.0.251 Change To Include Mode": { - "igmp.record_type": "3", - "igmp.aux_data_len": "0", - "igmp.num_src": "0", - "igmp.maddr": "224.0.0.251" - }, - "Group Record : 239.255.255.250 Change To Include Mode": { - "igmp.record_type": "3", - "igmp.aux_data_len": "0", - "igmp.num_src": "0", - "igmp.maddr": "239.255.255.250" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:57.667206000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495417.667206000", - "frame.time_delta": "0.658011000", - "frame.time_delta_displayed": "0.658011000", - "frame.time_relative": "1826.206520000", - "frame.number": "7355", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x000079b8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003ea9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57862", - "udp.dstport": "53", - "udp.port": "57862", - "udp.port": "53", - "udp.length": "52", - "udp.checksum": "0x0000453d", - "udp.checksum.status": "2", - "udp.stream": "137" - }, - "dns": { - "dns.id": "0x0000ef57", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "fw-update2.smartthings.com: type A, class IN": { - "dns.qry.name": "fw-update2.smartthings.com", - "dns.qry.name.len": "26", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:57.667222000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495417.667222000", - "frame.time_delta": "0.000016000", - "frame.time_delta_displayed": "0.000016000", - "frame.time_relative": "1826.206536000", - "frame.number": "7356", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x000079b9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003ea8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57862", - "udp.dstport": "53", - "udp.port": "57862", - "udp.port": "53", - "udp.length": "52", - "udp.checksum": "0x0000249c", - "udp.checksum.status": "2", - "udp.stream": "137" - }, - "dns": { - "dns.id": "0x00000fde", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "fw-update2.smartthings.com: type AAAA, class IN": { - "dns.qry.name": "fw-update2.smartthings.com", - "dns.qry.name.len": "26", - "dns.count.labels": "3", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:57.668271000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495417.668271000", - "frame.time_delta": "0.001049000", - "frame.time_delta_displayed": "0.001049000", - "frame.time_relative": "1826.207585000", - "frame.number": "7357", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00002566", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000092fb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "57862", - "udp.port": "53", - "udp.port": "57862", - "udp.length": "52", - "udp.checksum": "0x00008289", - "udp.checksum.status": "2", - "udp.stream": "137" - }, - "dns": { - "dns.response_to": "7356", - "dns.time": "0.001049000", - "dns.id": "0x00000fde", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "fw-update2.smartthings.com: type AAAA, class IN": { - "dns.qry.name": "fw-update2.smartthings.com", - "dns.qry.name.len": "26", - "dns.count.labels": "3", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:57.672567000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495417.672567000", - "frame.time_delta": "0.004296000", - "frame.time_delta_displayed": "0.004296000", - "frame.time_relative": "1826.211881000", - "frame.number": "7358", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001fb5", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b83b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000116d", - "udp.checksum.status": "2", - "udp.stream": "98" - }, - "mdns": { - "dns.id": "0x00000288", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=648", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:57.673061000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495417.673061000", - "frame.time_delta": "0.000494000", - "frame.time_delta_displayed": "0.000494000", - "frame.time_relative": "1826.212375000", - "frame.number": "7359", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001fb6", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009936", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f268", - "udp.checksum.status": "2", - "udp.stream": "99" - }, - "mdns": { - "dns.id": "0x00000288", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=648", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:57.673688000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495417.673688000", - "frame.time_delta": "0.000627000", - "frame.time_delta_displayed": "0.000627000", - "frame.time_relative": "1826.213002000", - "frame.number": "7360", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1322", - "udp.dstport": "5353", - "udp.port": "1322", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000802e", - "udp.checksum.status": "2", - "udp.stream": "100" - }, - "mdns": { - "dns.id": "0x00000288", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=648", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:57.681592000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495417.681592000", - "frame.time_delta": "0.007904000", - "frame.time_delta_displayed": "0.007904000", - "frame.time_relative": "1826.220906000", - "frame.number": "7361", - "frame.len": "447", - "frame.cap_len": "447", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "433", - "ip.id": "0x00002567", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009191", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "57862", - "udp.port": "53", - "udp.port": "57862", - "udp.length": "413", - "udp.checksum": "0x000083f2", - "udp.checksum.status": "2", - "udp.stream": "137" - }, - "dns": { - "dns.response_to": "7355", - "dns.time": "0.014386000", - "dns.id": "0x0000ef57", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "3", - "dns.count.auth_rr": "4", - "dns.count.add_rr": "8", - "Queries": { - "fw-update2.smartthings.com: type A, class IN": { - "dns.qry.name": "fw-update2.smartthings.com", - "dns.qry.name.len": "26", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "fw-update2.smartthings.com: type A, class IN, addr 34.231.50.247": { - "dns.resp.name": "fw-update2.smartthings.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "60", - "dns.resp.len": "4", - "dns.a": "34.231.50.247" - }, - "fw-update2.smartthings.com: type A, class IN, addr 52.4.156.100": { - "dns.resp.name": "fw-update2.smartthings.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "60", - "dns.resp.len": "4", - "dns.a": "52.4.156.100" - }, - "fw-update2.smartthings.com: type A, class IN, addr 52.70.238.171": { - "dns.resp.name": "fw-update2.smartthings.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "60", - "dns.resp.len": "4", - "dns.a": "52.70.238.171" - } - }, - "Authoritative nameservers": { - "smartthings.com: type NS, class IN, ns ns-1275.awsdns-31.org": { - "dns.resp.name": "smartthings.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "9445", - "dns.resp.len": "23", - "dns.ns": "ns-1275.awsdns-31.org" - }, - "smartthings.com: type NS, class IN, ns ns-1610.awsdns-09.co.uk": { - "dns.resp.name": "smartthings.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "9445", - "dns.resp.len": "25", - "dns.ns": "ns-1610.awsdns-09.co.uk" - }, - "smartthings.com: type NS, class IN, ns ns-442.awsdns-55.com": { - "dns.resp.name": "smartthings.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "9445", - "dns.resp.len": "19", - "dns.ns": "ns-442.awsdns-55.com" - }, - "smartthings.com: type NS, class IN, ns ns-779.awsdns-33.net": { - "dns.resp.name": "smartthings.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "9445", - "dns.resp.len": "22", - "dns.ns": "ns-779.awsdns-33.net" - } - }, - "Additional records": { - "ns-442.awsdns-55.com: type A, class IN, addr 205.251.193.186": { - "dns.resp.name": "ns-442.awsdns-55.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "138511", - "dns.resp.len": "4", - "dns.a": "205.251.193.186" - }, - "ns-779.awsdns-33.net: type A, class IN, addr 205.251.195.11": { - "dns.resp.name": "ns-779.awsdns-33.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "10131", - "dns.resp.len": "4", - "dns.a": "205.251.195.11" - }, - "ns-1275.awsdns-31.org: type A, class IN, addr 205.251.196.251": { - "dns.resp.name": "ns-1275.awsdns-31.org", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "6424", - "dns.resp.len": "4", - "dns.a": "205.251.196.251" - }, - "ns-1610.awsdns-09.co.uk: type A, class IN, addr 205.251.198.74": { - "dns.resp.name": "ns-1610.awsdns-09.co.uk", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "15026", - "dns.resp.len": "4", - "dns.a": "205.251.198.74" - }, - "ns-442.awsdns-55.com: type AAAA, class IN, addr 2600:9000:5301:ba00::1": { - "dns.resp.name": "ns-442.awsdns-55.com", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "138511", - "dns.resp.len": "16", - "dns.aaaa": "2600:9000:5301:ba00::1" - }, - "ns-779.awsdns-33.net: type AAAA, class IN, addr 2600:9000:5303:b00::1": { - "dns.resp.name": "ns-779.awsdns-33.net", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "10131", - "dns.resp.len": "16", - "dns.aaaa": "2600:9000:5303:b00::1" - }, - "ns-1275.awsdns-31.org: type AAAA, class IN, addr 2600:9000:5304:fb00::1": { - "dns.resp.name": "ns-1275.awsdns-31.org", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "6424", - "dns.resp.len": "16", - "dns.aaaa": "2600:9000:5304:fb00::1" - }, - "ns-1610.awsdns-09.co.uk: type AAAA, class IN, addr 2600:9000:5306:4a00::1": { - "dns.resp.name": "ns-1610.awsdns-09.co.uk", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "15026", - "dns.resp.len": "16", - "dns.aaaa": "2600:9000:5306:4a00::1" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:57.682820000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495417.682820000", - "frame.time_delta": "0.001228000", - "frame.time_delta_displayed": "0.001228000", - "frame.time_relative": "1826.222134000", - "frame.number": "7362", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x0000c705", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005c3e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "34.231.50.247", - "ip.addr": "34.231.50.247", - "ip.dst_host": "34.231.50.247", - "ip.host": "34.231.50.247", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Houston, TX, 29.699699, -95.585899": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Houston, TX", - "ip.geoip.city": "Houston, TX", - "ip.geoip.dst_lat": "29.699699", - "ip.geoip.lat": "29.699699", - "ip.geoip.dst_lon": "-95.585899", - "ip.geoip.lon": "-95.585899" - } - }, - "tcp": { - "tcp.srcport": "54421", - "tcp.dstport": "443", - "tcp.port": "54421", - "tcp.port": "443", - "tcp.stream": "292", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 443", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "14600", - "tcp.window_size": "14600", - "tcp.checksum": "0x00006d2f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:27:7a:51:00:00:00:00:01:03:03:06", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 2587217, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2587217", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 6 (multiply by 64)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "6", - "tcp.options.wscale.multiplier": "64" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:57.753841000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495417.753841000", - "frame.time_delta": "0.071021000", - "frame.time_delta_displayed": "0.071021000", - "frame.time_relative": "1826.293155000", - "frame.number": "7363", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "229", - "ip.proto": "6", - "ip.checksum": "0x00007e43", - "ip.checksum.status": "2", - "ip.src": "34.231.50.247", - "ip.addr": "34.231.50.247", - "ip.src_host": "34.231.50.247", - "ip.host": "34.231.50.247", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Houston, TX, 29.699699, -95.585899": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Houston, TX", - "ip.geoip.city": "Houston, TX", - "ip.geoip.src_lat": "29.699699", - "ip.geoip.lat": "29.699699", - "ip.geoip.src_lon": "-95.585899", - "ip.geoip.lon": "-95.585899" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "54421", - "tcp.port": "443", - "tcp.port": "54421", - "tcp.stream": "292", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 443", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "26847", - "tcp.window_size": "26847", - "tcp.checksum": "0x0000e6d8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:4b:49:31:ef:00:27:7a:51:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 1263088111, TSecr 2587217": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "1263088111", - "tcp.options.timestamp.tsecr": "2587217" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7362", - "tcp.analysis.ack_rtt": "0.071021000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:57.754361000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495417.754361000", - "frame.time_delta": "0.000520000", - "frame.time_delta_displayed": "0.000520000", - "frame.time_relative": "1826.293675000", - "frame.number": "7364", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000c706", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005c45", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "34.231.50.247", - "ip.addr": "34.231.50.247", - "ip.dst_host": "34.231.50.247", - "ip.host": "34.231.50.247", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Houston, TX, 29.699699, -95.585899": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Houston, TX", - "ip.geoip.city": "Houston, TX", - "ip.geoip.dst_lat": "29.699699", - "ip.geoip.lat": "29.699699", - "ip.geoip.dst_lon": "-95.585899", - "ip.geoip.lon": "-95.585899" - } - }, - "tcp": { - "tcp.srcport": "54421", - "tcp.dstport": "443", - "tcp.port": "54421", - "tcp.port": "443", - "tcp.stream": "292", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "229", - "tcp.window_size": "14656", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x00007d99", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:7a:58:4b:49:31:ef", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2587224, TSecr 1263088111": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2587224", - "tcp.options.timestamp.tsecr": "1263088111" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7363", - "tcp.analysis.ack_rtt": "0.000520000", - "tcp.analysis.initial_rtt": "0.071541000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:57.756623000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495417.756623000", - "frame.time_delta": "0.002262000", - "frame.time_delta_displayed": "0.002262000", - "frame.time_relative": "1826.295937000", - "frame.number": "7365", - "frame.len": "373", - "frame.cap_len": "373", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "359", - "ip.id": "0x0000c707", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005b11", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "34.231.50.247", - "ip.addr": "34.231.50.247", - "ip.dst_host": "34.231.50.247", - "ip.host": "34.231.50.247", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Houston, TX, 29.699699, -95.585899": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Houston, TX", - "ip.geoip.city": "Houston, TX", - "ip.geoip.dst_lat": "29.699699", - "ip.geoip.lat": "29.699699", - "ip.geoip.dst_lon": "-95.585899", - "ip.geoip.lon": "-95.585899" - } - }, - "tcp": { - "tcp.srcport": "54421", - "tcp.dstport": "443", - "tcp.port": "54421", - "tcp.port": "443", - "tcp.stream": "292", - "tcp.len": "307", - "tcp.seq": "1", - "tcp.nxtseq": "308", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "229", - "tcp.window_size": "14656", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000152b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:7a:58:4b:49:31:ef", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2587224, TSecr 1263088111": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2587224", - "tcp.options.timestamp.tsecr": "1263088111" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.071541000", - "tcp.analysis.bytes_in_flight": "307", - "tcp.analysis.push_bytes_sent": "307" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "22", - "ssl.record.version": "0x00000301", - "ssl.record.length": "302", - "ssl.handshake": { - "ssl.handshake.type": "1", - "ssl.handshake.length": "298", - "ssl.handshake.version": "0x00000303", - "Random": { - "ssl.handshake.random_time": "Mar 2, 1985 05:02:55.000000000 PST", - "ssl.handshake.random": "28:60:ef:f9:72:91:2b:49:f7:b1:32:8f:55:1e:67:56:22:6c:b2:64:cd:7d:10:d1:63:c6:b2:48" - }, - "ssl.handshake.session_id_length": "0", - "ssl.handshake.cipher_suites_length": "148", - "ssl.handshake.ciphersuites": { - "ssl.handshake.ciphersuite": "49200", - "ssl.handshake.ciphersuite": "49196", - "ssl.handshake.ciphersuite": "49192", - "ssl.handshake.ciphersuite": "49188", - "ssl.handshake.ciphersuite": "49172", - "ssl.handshake.ciphersuite": "49162", - "ssl.handshake.ciphersuite": "163", - "ssl.handshake.ciphersuite": "159", - "ssl.handshake.ciphersuite": "107", - "ssl.handshake.ciphersuite": "106", - "ssl.handshake.ciphersuite": "57", - "ssl.handshake.ciphersuite": "56", - "ssl.handshake.ciphersuite": "136", - "ssl.handshake.ciphersuite": "135", - "ssl.handshake.ciphersuite": "49202", - "ssl.handshake.ciphersuite": "49198", - "ssl.handshake.ciphersuite": "49194", - "ssl.handshake.ciphersuite": "49190", - "ssl.handshake.ciphersuite": "49167", - "ssl.handshake.ciphersuite": "49157", - "ssl.handshake.ciphersuite": "157", - "ssl.handshake.ciphersuite": "61", - "ssl.handshake.ciphersuite": "53", - "ssl.handshake.ciphersuite": "132", - "ssl.handshake.ciphersuite": "49199", - "ssl.handshake.ciphersuite": "49195", - "ssl.handshake.ciphersuite": "49191", - "ssl.handshake.ciphersuite": "49187", - "ssl.handshake.ciphersuite": "49171", - "ssl.handshake.ciphersuite": "49161", - "ssl.handshake.ciphersuite": "162", - "ssl.handshake.ciphersuite": "158", - "ssl.handshake.ciphersuite": "103", - "ssl.handshake.ciphersuite": "64", - "ssl.handshake.ciphersuite": "51", - "ssl.handshake.ciphersuite": "50", - "ssl.handshake.ciphersuite": "154", - "ssl.handshake.ciphersuite": "153", - "ssl.handshake.ciphersuite": "69", - "ssl.handshake.ciphersuite": "68", - "ssl.handshake.ciphersuite": "49201", - "ssl.handshake.ciphersuite": "49197", - "ssl.handshake.ciphersuite": "49193", - "ssl.handshake.ciphersuite": "49189", - "ssl.handshake.ciphersuite": "49166", - "ssl.handshake.ciphersuite": "49156", - "ssl.handshake.ciphersuite": "156", - "ssl.handshake.ciphersuite": "60", - "ssl.handshake.ciphersuite": "47", - "ssl.handshake.ciphersuite": "150", - "ssl.handshake.ciphersuite": "65", - "ssl.handshake.ciphersuite": "7", - "ssl.handshake.ciphersuite": "49169", - "ssl.handshake.ciphersuite": "49159", - "ssl.handshake.ciphersuite": "49164", - "ssl.handshake.ciphersuite": "49154", - "ssl.handshake.ciphersuite": "5", - "ssl.handshake.ciphersuite": "4", - "ssl.handshake.ciphersuite": "49170", - "ssl.handshake.ciphersuite": "49160", - "ssl.handshake.ciphersuite": "22", - "ssl.handshake.ciphersuite": "19", - "ssl.handshake.ciphersuite": "49165", - "ssl.handshake.ciphersuite": "49155", - "ssl.handshake.ciphersuite": "10", - "ssl.handshake.ciphersuite": "21", - "ssl.handshake.ciphersuite": "18", - "ssl.handshake.ciphersuite": "9", - "ssl.handshake.ciphersuite": "20", - "ssl.handshake.ciphersuite": "17", - "ssl.handshake.ciphersuite": "8", - "ssl.handshake.ciphersuite": "6", - "ssl.handshake.ciphersuite": "3", - "ssl.handshake.ciphersuite": "255" - }, - "ssl.handshake.comp_methods_length": "1", - "ssl.handshake.comp_methods": { - "ssl.handshake.comp_method": "0" - }, - "ssl.handshake.extensions_length": "109", - "Extension: ec_point_formats": { - "ssl.handshake.extension.type": "0x0000000b", - "ssl.handshake.extension.len": "4", - "ssl.handshake.extensions_ec_point_formats_length": "3", - "ssl.handshake.extensions_elliptic_curves": { - "ssl.handshake.extensions_ec_point_format": "0", - "ssl.handshake.extensions_ec_point_format": "1", - "ssl.handshake.extensions_ec_point_format": "2" - } - }, - "Extension: elliptic_curves": { - "ssl.handshake.extension.type": "0x0000000a", - "ssl.handshake.extension.len": "52", - "ssl.handshake.extensions_elliptic_curves_length": "50", - "ssl.handshake.extensions_elliptic_curves": { - "ssl.handshake.extensions_elliptic_curve": "0x0000000e", - "ssl.handshake.extensions_elliptic_curve": "0x0000000d", - "ssl.handshake.extensions_elliptic_curve": "0x00000019", - "ssl.handshake.extensions_elliptic_curve": "0x0000000b", - "ssl.handshake.extensions_elliptic_curve": "0x0000000c", - "ssl.handshake.extensions_elliptic_curve": "0x00000018", - "ssl.handshake.extensions_elliptic_curve": "0x00000009", - "ssl.handshake.extensions_elliptic_curve": "0x0000000a", - "ssl.handshake.extensions_elliptic_curve": "0x00000016", - "ssl.handshake.extensions_elliptic_curve": "0x00000017", - "ssl.handshake.extensions_elliptic_curve": "0x00000008", - "ssl.handshake.extensions_elliptic_curve": "0x00000006", - "ssl.handshake.extensions_elliptic_curve": "0x00000007", - "ssl.handshake.extensions_elliptic_curve": "0x00000014", - "ssl.handshake.extensions_elliptic_curve": "0x00000015", - "ssl.handshake.extensions_elliptic_curve": "0x00000004", - "ssl.handshake.extensions_elliptic_curve": "0x00000005", - "ssl.handshake.extensions_elliptic_curve": "0x00000012", - "ssl.handshake.extensions_elliptic_curve": "0x00000013", - "ssl.handshake.extensions_elliptic_curve": "0x00000001", - "ssl.handshake.extensions_elliptic_curve": "0x00000002", - "ssl.handshake.extensions_elliptic_curve": "0x00000003", - "ssl.handshake.extensions_elliptic_curve": "0x0000000f", - "ssl.handshake.extensions_elliptic_curve": "0x00000010", - "ssl.handshake.extensions_elliptic_curve": "0x00000011" - } - }, - "Extension: SessionTicket TLS": { - "ssl.handshake.extension.type": "0x00000023", - "ssl.handshake.extension.len": "0", - "ssl.handshake.extension.data": "" - }, - "Extension: signature_algorithms": { - "ssl.handshake.extension.type": "0x0000000d", - "ssl.handshake.extension.len": "32", - "ssl.handshake.sig_hash_alg_len": "30", - "ssl.handshake.sig_hash_algs": { - "ssl.handshake.sig_hash_alg": "0x00000601", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "6", - "ssl.handshake.sig_hash_sig": "1" - }, - "ssl.handshake.sig_hash_alg": "0x00000602", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "6", - "ssl.handshake.sig_hash_sig": "2" - }, - "ssl.handshake.sig_hash_alg": "0x00000603", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "6", - "ssl.handshake.sig_hash_sig": "3" - }, - "ssl.handshake.sig_hash_alg": "0x00000501", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "5", - "ssl.handshake.sig_hash_sig": "1" - }, - "ssl.handshake.sig_hash_alg": "0x00000502", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "5", - "ssl.handshake.sig_hash_sig": "2" - }, - "ssl.handshake.sig_hash_alg": "0x00000503", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "5", - "ssl.handshake.sig_hash_sig": "3" - }, - "ssl.handshake.sig_hash_alg": "0x00000401", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "4", - "ssl.handshake.sig_hash_sig": "1" - }, - "ssl.handshake.sig_hash_alg": "0x00000402", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "4", - "ssl.handshake.sig_hash_sig": "2" - }, - "ssl.handshake.sig_hash_alg": "0x00000403", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "4", - "ssl.handshake.sig_hash_sig": "3" - }, - "ssl.handshake.sig_hash_alg": "0x00000301", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "3", - "ssl.handshake.sig_hash_sig": "1" - }, - "ssl.handshake.sig_hash_alg": "0x00000302", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "3", - "ssl.handshake.sig_hash_sig": "2" - }, - "ssl.handshake.sig_hash_alg": "0x00000303", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "3", - "ssl.handshake.sig_hash_sig": "3" - }, - "ssl.handshake.sig_hash_alg": "0x00000201", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "2", - "ssl.handshake.sig_hash_sig": "1" - }, - "ssl.handshake.sig_hash_alg": "0x00000202", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "2", - "ssl.handshake.sig_hash_sig": "2" - }, - "ssl.handshake.sig_hash_alg": "0x00000203", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "2", - "ssl.handshake.sig_hash_sig": "3" - } - } - }, - "Extension: Heartbeat": { - "ssl.handshake.extension.type": "0x0000000f", - "ssl.handshake.extension.len": "1", - "ssl.handshake.extension.heartbeat.mode": "1" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:57.767569000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495417.767569000", - "frame.time_delta": "0.010946000", - "frame.time_delta_displayed": "0.010946000", - "frame.time_relative": "1826.306883000", - "frame.number": "7366", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:igmp:igmp" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_16", - "eth.addr": "01:00:5e:00:00:16", - "eth.addr_resolved": "IPv4mcast_16", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "24", - "ip.dsfield": "0x000000c0", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "48", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "2", - "ip.checksum": "0x000042fb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.86", - "ip.addr": "192.168.0.86", - "ip.src_host": "192.168.0.86", - "ip.host": "192.168.0.86", - "ip.dst": "224.0.0.22", - "ip.addr": "224.0.0.22", - "ip.dst_host": "224.0.0.22", - "ip.host": "224.0.0.22", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "Options: (4 bytes), Router Alert": { - "Router Alert (4 bytes): Router shall examine packet (0)": { - "ip.opt.type": "148", - "ip.opt.type_tree": { - "ip.opt.type.copy": "1", - "ip.opt.type.class": "0", - "ip.opt.type.number": "20" - }, - "ip.opt.len": "4", - "ip.opt.ra": "0" - } - } - }, - "igmp": { - "igmp.version": "3", - "igmp.type": "0x00000022", - "igmp.reserved": "00", - "igmp.checksum": "0x0000fa02", - "igmp.checksum.status": "1", - "igmp.reserved": "00:00", - "igmp.num_grp_recs": "1", - "Group Record : 224.0.0.251 Change To Include Mode": { - "igmp.record_type": "3", - "igmp.aux_data_len": "0", - "igmp.num_src": "0", - "igmp.maddr": "224.0.0.251" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:57.827648000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495417.827648000", - "frame.time_delta": "0.060079000", - "frame.time_delta_displayed": "0.060079000", - "frame.time_relative": "1826.366962000", - "frame.number": "7367", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00007e3b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "229", - "ip.proto": "6", - "ip.checksum": "0x00000010", - "ip.checksum.status": "2", - "ip.src": "34.231.50.247", - "ip.addr": "34.231.50.247", - "ip.src_host": "34.231.50.247", - "ip.host": "34.231.50.247", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Houston, TX, 29.699699, -95.585899": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Houston, TX", - "ip.geoip.city": "Houston, TX", - "ip.geoip.src_lat": "29.699699", - "ip.geoip.lat": "29.699699", - "ip.geoip.src_lon": "-95.585899", - "ip.geoip.lon": "-95.585899" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "54421", - "tcp.port": "443", - "tcp.port": "54421", - "tcp.stream": "292", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "308", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "110", - "tcp.window_size": "28160", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00007ccb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:4b:49:32:01:00:27:7a:58", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 1263088129, TSecr 2587224": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "1263088129", - "tcp.options.timestamp.tsecr": "2587224" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7365", - "tcp.analysis.ack_rtt": "0.071025000", - "tcp.analysis.initial_rtt": "0.071541000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:57.828731000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495417.828731000", - "frame.time_delta": "0.001083000", - "frame.time_delta_displayed": "0.001083000", - "frame.time_relative": "1826.368045000", - "frame.number": "7368", - "frame.len": "1514", - "frame.cap_len": "1514", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1500", - "ip.id": "0x00007e3c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "229", - "ip.proto": "6", - "ip.checksum": "0x0000fa66", - "ip.checksum.status": "2", - "ip.src": "34.231.50.247", - "ip.addr": "34.231.50.247", - "ip.src_host": "34.231.50.247", - "ip.host": "34.231.50.247", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Houston, TX, 29.699699, -95.585899": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Houston, TX", - "ip.geoip.city": "Houston, TX", - "ip.geoip.src_lat": "29.699699", - "ip.geoip.lat": "29.699699", - "ip.geoip.src_lon": "-95.585899", - "ip.geoip.lon": "-95.585899" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "54421", - "tcp.port": "443", - "tcp.port": "54421", - "tcp.stream": "292", - "tcp.len": "1448", - "tcp.seq": "1", - "tcp.nxtseq": "1449", - "tcp.ack": "308", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "110", - "tcp.window_size": "28160", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00001d47", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:4b:49:32:01:00:27:7a:58", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 1263088129, TSecr 2587224": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "1263088129", - "tcp.options.timestamp.tsecr": "2587224" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.071541000", - "tcp.analysis.bytes_in_flight": "1448", - "tcp.analysis.push_bytes_sent": "1448" - }, - "tcp.segment_data": "16:03:03:05:49:0b:00:05:45:00:05:42:00:03:09:30:82:03:05:30:82:02:6e:a0:03:02:01:02:02:01:00:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:34:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:34:34:5a:30:5f:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:10:30:0e:06:03:55:04:03:13:07:53:54:46:57:53:52:56:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:c9:56:e8:6d:ec:56:0a:e8:a6:09:dc:50:d1:72:66:6d:16:64:1c:fa:f4:df:ab:ee:e5:89:6f:90:1c:78:63:3a:cd:18:c9:a0:0a:c2:c9:09:99:15:ce:93:87:44:31:dc:56:53:c4:1d:bd:6a:6a:96:2d:97:e8:16:59:4c:b6:13:6d:a7:e6:e1:1e:51:8f:7a:40:d9:eb:47:f6:88:3f:04:7a:a2:3a:49:ae:c4:fb:fe:f3:b6:72:59:38:60:5e:cf:12:0d:db:15:fe:f5:c9:0c:89:b1:91:59:69:d0:4a:1c:0a:86:4d:6f:66:19:22:eb:57:e3:c8:8f:b7:f6:4d:8b:02:03:01:00:01:a3:81:d3:30:81:d0:30:09:06:03:55:1d:13:04:02:30:00:30:2c:06:09:60:86:48:01:86:f8:42:01:0d:04:1f:16:1d:4f:70:65:6e:53:53:4c:20:47:65:6e:65:72:61:74:65:64:20:43:65:72:74:69:66:69:63:61:74:65:30:1d:06:03:55:1d:0e:04:16:04:14:01:07:04:ee:a6:17:33:cc:2d:e5:e1:56:cd:43:0f:b2:71:42:05:02:30:76:06:03:55:1d:23:04:6f:30:6d:a1:60:a4:5e:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:82:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:0f:26:11:8e:c5:ab:4b:39:27:63:dc:70:73:ad:5b:c3:b1:83:2e:2d:8d:93:d4:2a:6e:70:9a:38:75:cc:0c:c4:0d:13:ae:b5:72:2f:15:bf:44:17:4a:3d:c2:8b:15:3d:87:ce:90:01:e6:20:b4:55:04:15:30:3f:ac:1b:78:f8:ff:c0:64:74:c2:29:96:f3:5f:be:a1:59:6e:24:e4:0f:4b:08:71:22:83:e6:9a:ce:7f:64:11:05:4c:33:40:04:42:a4:bf:b0:e8:e5:50:2b:0f:7b:20:ec:53:4e:da:b4:e5:8f:3c:d1:bb:ab:95:e6:16:7a:9a:72:e5:e6:53:79:00:02:33:30:82:02:2f:30:82:01:98:02:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:33:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:33:34:5a:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:eb:7c:8a:c0:0c:30:96:1b:ea:91:46:ea:ed:6b:41:f5:f0:f6:0a:16:a7:f3:cd:25:e9:4a:2c:9b:b4:66:58:54:22:a2:ad:5a:31:51:fe:85:9a:52:f5:e0:b8:45:2e:05:75:5e:fd:39:35:35:11:62:26:19:f8:7b:7d:8d:aa:73:b4:24:ab:c3:b1:08:c5:81:f1:1f:a8:3a:e6:13:ce:42:d4:67:59:3c:50:1d:6b:a2:f9:87:11:24:b5:ca:e0:cc:23:54:af:1a:9d:60:21:8e:41:4c:f9:00:4f:8e:2e:48:be:60:61:25:8a:bb:e5:16:ac:c0:01:fe:bf:6c:ee:7f:02:03:01:00:01:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:48:44:84:f7:d5:c5:67:7f:cb:ea:65:30:ba:64:5c:53:a1:6d:22:f4:de:32:75:b0:cc:53:3d:29:00:14:5a:78:1c:40:a5:2d:4e:7e:fa:c8:d6:22:c3:3e:56:3f:33:22:0b:7a:23:02:e5:75:49:94:70:27:b4:a4:a4:48:5f:77:a2:09:78:90:0e:0d:41:6d:26:a7:9f:9b:e0:16:4f:9c:16:98:14:5e:99:67:f1:cb:ff:5d:b2:7e:bf:b3:fd:c3:b3:d5:fb:3a:fe:78:2d:df:5a:6f:db:e3:3a:b0:93:6f:ed:c8:ee:58:a4:f6:95:5e:43:48:37:1e" - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "22", - "ssl.record.version": "0x00000303", - "ssl.record.length": "89", - "ssl.handshake": { - "ssl.handshake.type": "2", - "ssl.handshake.length": "85", - "ssl.handshake.version": "0x00000303", - "Random": { - "ssl.handshake.random_time": "Jan 31, 2001 12:21:18.000000000 PST", - "ssl.handshake.random": "e8:c9:bf:d8:5c:4d:fb:a7:31:b2:d4:5a:0a:15:72:5a:2a:03:c5:27:bb:69:46:59:ac:70:1e:89" - }, - "ssl.handshake.session_id_length": "32", - "ssl.handshake.session_id": "21:4d:c2:e5:4f:77:3f:2b:cb:a1:a4:50:5e:55:15:fd:51:ee:d7:98:ae:b8:51:53:20:4f:6d:bb:c1:64:93:e5", - "ssl.handshake.ciphersuite": "49199", - "ssl.handshake.comp_method": "0", - "ssl.handshake.extensions_length": "13", - "Extension: renegotiation_info": { - "ssl.handshake.extension.type": "0x0000ff01", - "ssl.handshake.extension.len": "1", - "Renegotiation Info extension": { - "ssl.handshake.extensions_reneg_info_len": "0" - } - }, - "Extension: ec_point_formats": { - "ssl.handshake.extension.type": "0x0000000b", - "ssl.handshake.extension.len": "4", - "ssl.handshake.extensions_ec_point_formats_length": "3", - "ssl.handshake.extensions_elliptic_curves": { - "ssl.handshake.extensions_ec_point_format": "0", - "ssl.handshake.extensions_ec_point_format": "1", - "ssl.handshake.extensions_ec_point_format": "2" - } - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:57.828752000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495417.828752000", - "frame.time_delta": "0.000021000", - "frame.time_delta_displayed": "0.000021000", - "frame.time_relative": "1826.368066000", - "frame.number": "7369", - "frame.len": "289", - "frame.cap_len": "289", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl:pkcs-1:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:pkcs-1:x509ce:ns_cert_exts:x509ce:x509ce:x509sat:x509sat:x509sat:x509sat:x509sat:pkcs-1:pkcs-1:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:pkcs-1:pkcs-1:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "275", - "ip.id": "0x00007e3d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "229", - "ip.proto": "6", - "ip.checksum": "0x0000ff2e", - "ip.checksum.status": "2", - "ip.src": "34.231.50.247", - "ip.addr": "34.231.50.247", - "ip.src_host": "34.231.50.247", - "ip.host": "34.231.50.247", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Houston, TX, 29.699699, -95.585899": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Houston, TX", - "ip.geoip.city": "Houston, TX", - "ip.geoip.src_lat": "29.699699", - "ip.geoip.lat": "29.699699", - "ip.geoip.src_lon": "-95.585899", - "ip.geoip.lon": "-95.585899" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "54421", - "tcp.port": "443", - "tcp.port": "54421", - "tcp.stream": "292", - "tcp.len": "223", - "tcp.seq": "1449", - "tcp.nxtseq": "1672", - "tcp.ack": "308", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "110", - "tcp.window_size": "28160", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000187e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:4b:49:32:01:00:27:7a:58", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 1263088129, TSecr 2587224": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "1263088129", - "tcp.options.timestamp.tsecr": "2587224" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.071541000", - "tcp.analysis.bytes_in_flight": "1671", - "tcp.analysis.push_bytes_sent": "1671" - }, - "tcp.segment_data": "3a:cd:63:9f" - }, - "tcp.segments": { - "tcp.segment": "7368", - "tcp.segment": "7369", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1358", - "tcp.reassembled.data": "16:03:03:05:49:0b:00:05:45:00:05:42:00:03:09:30:82:03:05:30:82:02:6e:a0:03:02:01:02:02:01:00:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:34:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:34:34:5a:30:5f:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:10:30:0e:06:03:55:04:03:13:07:53:54:46:57:53:52:56:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:c9:56:e8:6d:ec:56:0a:e8:a6:09:dc:50:d1:72:66:6d:16:64:1c:fa:f4:df:ab:ee:e5:89:6f:90:1c:78:63:3a:cd:18:c9:a0:0a:c2:c9:09:99:15:ce:93:87:44:31:dc:56:53:c4:1d:bd:6a:6a:96:2d:97:e8:16:59:4c:b6:13:6d:a7:e6:e1:1e:51:8f:7a:40:d9:eb:47:f6:88:3f:04:7a:a2:3a:49:ae:c4:fb:fe:f3:b6:72:59:38:60:5e:cf:12:0d:db:15:fe:f5:c9:0c:89:b1:91:59:69:d0:4a:1c:0a:86:4d:6f:66:19:22:eb:57:e3:c8:8f:b7:f6:4d:8b:02:03:01:00:01:a3:81:d3:30:81:d0:30:09:06:03:55:1d:13:04:02:30:00:30:2c:06:09:60:86:48:01:86:f8:42:01:0d:04:1f:16:1d:4f:70:65:6e:53:53:4c:20:47:65:6e:65:72:61:74:65:64:20:43:65:72:74:69:66:69:63:61:74:65:30:1d:06:03:55:1d:0e:04:16:04:14:01:07:04:ee:a6:17:33:cc:2d:e5:e1:56:cd:43:0f:b2:71:42:05:02:30:76:06:03:55:1d:23:04:6f:30:6d:a1:60:a4:5e:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:82:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:0f:26:11:8e:c5:ab:4b:39:27:63:dc:70:73:ad:5b:c3:b1:83:2e:2d:8d:93:d4:2a:6e:70:9a:38:75:cc:0c:c4:0d:13:ae:b5:72:2f:15:bf:44:17:4a:3d:c2:8b:15:3d:87:ce:90:01:e6:20:b4:55:04:15:30:3f:ac:1b:78:f8:ff:c0:64:74:c2:29:96:f3:5f:be:a1:59:6e:24:e4:0f:4b:08:71:22:83:e6:9a:ce:7f:64:11:05:4c:33:40:04:42:a4:bf:b0:e8:e5:50:2b:0f:7b:20:ec:53:4e:da:b4:e5:8f:3c:d1:bb:ab:95:e6:16:7a:9a:72:e5:e6:53:79:00:02:33:30:82:02:2f:30:82:01:98:02:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:33:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:33:34:5a:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:eb:7c:8a:c0:0c:30:96:1b:ea:91:46:ea:ed:6b:41:f5:f0:f6:0a:16:a7:f3:cd:25:e9:4a:2c:9b:b4:66:58:54:22:a2:ad:5a:31:51:fe:85:9a:52:f5:e0:b8:45:2e:05:75:5e:fd:39:35:35:11:62:26:19:f8:7b:7d:8d:aa:73:b4:24:ab:c3:b1:08:c5:81:f1:1f:a8:3a:e6:13:ce:42:d4:67:59:3c:50:1d:6b:a2:f9:87:11:24:b5:ca:e0:cc:23:54:af:1a:9d:60:21:8e:41:4c:f9:00:4f:8e:2e:48:be:60:61:25:8a:bb:e5:16:ac:c0:01:fe:bf:6c:ee:7f:02:03:01:00:01:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:48:44:84:f7:d5:c5:67:7f:cb:ea:65:30:ba:64:5c:53:a1:6d:22:f4:de:32:75:b0:cc:53:3d:29:00:14:5a:78:1c:40:a5:2d:4e:7e:fa:c8:d6:22:c3:3e:56:3f:33:22:0b:7a:23:02:e5:75:49:94:70:27:b4:a4:a4:48:5f:77:a2:09:78:90:0e:0d:41:6d:26:a7:9f:9b:e0:16:4f:9c:16:98:14:5e:99:67:f1:cb:ff:5d:b2:7e:bf:b3:fd:c3:b3:d5:fb:3a:fe:78:2d:df:5a:6f:db:e3:3a:b0:93:6f:ed:c8:ee:58:a4:f6:95:5e:43:48:37:1e:3a:cd:63:9f" - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "22", - "ssl.record.version": "0x00000303", - "ssl.record.length": "1353", - "ssl.handshake": { - "ssl.handshake.type": "11", - "ssl.handshake.length": "1349", - "ssl.handshake.certificates_length": "1346", - "ssl.handshake.certificates": { - "ssl.handshake.certificate_length": "777", - "ssl.handshake.certificate": "30:82:03:05:30:82:02:6e:a0:03:02:01:02:02:01:00:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:34:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:34:34:5a:30:5f:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:10:30:0e:06:03:55:04:03:13:07:53:54:46:57:53:52:56:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:c9:56:e8:6d:ec:56:0a:e8:a6:09:dc:50:d1:72:66:6d:16:64:1c:fa:f4:df:ab:ee:e5:89:6f:90:1c:78:63:3a:cd:18:c9:a0:0a:c2:c9:09:99:15:ce:93:87:44:31:dc:56:53:c4:1d:bd:6a:6a:96:2d:97:e8:16:59:4c:b6:13:6d:a7:e6:e1:1e:51:8f:7a:40:d9:eb:47:f6:88:3f:04:7a:a2:3a:49:ae:c4:fb:fe:f3:b6:72:59:38:60:5e:cf:12:0d:db:15:fe:f5:c9:0c:89:b1:91:59:69:d0:4a:1c:0a:86:4d:6f:66:19:22:eb:57:e3:c8:8f:b7:f6:4d:8b:02:03:01:00:01:a3:81:d3:30:81:d0:30:09:06:03:55:1d:13:04:02:30:00:30:2c:06:09:60:86:48:01:86:f8:42:01:0d:04:1f:16:1d:4f:70:65:6e:53:53:4c:20:47:65:6e:65:72:61:74:65:64:20:43:65:72:74:69:66:69:63:61:74:65:30:1d:06:03:55:1d:0e:04:16:04:14:01:07:04:ee:a6:17:33:cc:2d:e5:e1:56:cd:43:0f:b2:71:42:05:02:30:76:06:03:55:1d:23:04:6f:30:6d:a1:60:a4:5e:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:82:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:0f:26:11:8e:c5:ab:4b:39:27:63:dc:70:73:ad:5b:c3:b1:83:2e:2d:8d:93:d4:2a:6e:70:9a:38:75:cc:0c:c4:0d:13:ae:b5:72:2f:15:bf:44:17:4a:3d:c2:8b:15:3d:87:ce:90:01:e6:20:b4:55:04:15:30:3f:ac:1b:78:f8:ff:c0:64:74:c2:29:96:f3:5f:be:a1:59:6e:24:e4:0f:4b:08:71:22:83:e6:9a:ce:7f:64:11:05:4c:33:40:04:42:a4:bf:b0:e8:e5:50:2b:0f:7b:20:ec:53:4e:da:b4:e5:8f:3c:d1:bb:ab:95:e6:16:7a:9a:72:e5:e6:53:79", - "ssl.handshake.certificate_tree": { - "x509af.signedCertificate_element": { - "x509af.version": "2", - "x509af.serialNumber": "0", - "x509af.signature_element": { - "x509af.algorithm.id": "1.2.840.113549.1.1.5" - }, - "x509af.issuer": "0", - "x509af.issuer_tree": { - "x509if.rdnSequence": "5", - "x509if.rdnSequence_tree": { - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.6", - "x509sat.CountryName": "US" - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.8", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "Minnesota" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.10", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "SmartThings" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.11", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "SmartThings" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.3", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "STCA" - } - } - } - } - }, - "x509af.validity_element": { - "x509af.notBefore": "0", - "x509af.notBefore_tree": { - "x509af.utcTime": "15-03-05 21:25:44 (UTC)" - }, - "x509af.notAfter": "0", - "x509af.notAfter_tree": { - "x509af.utcTime": "25-03-02 21:25:44 (UTC)" - } - }, - "x509af.subject": "0", - "x509af.subject_tree": { - "x509af.rdnSequence": "5", - "x509af.rdnSequence_tree": { - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.6", - "x509sat.CountryName": "US" - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.8", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "Minnesota" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.10", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "SmartThings" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.11", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "SmartThings" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.3", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "STFWSRV" - } - } - } - } - }, - "x509af.subjectPublicKeyInfo_element": { - "x509af.algorithm_element": { - "x509af.algorithm.id": "1.2.840.113549.1.1.1" - }, - "x509af.subjectPublicKey": "30:81:89:02:81:81:00:c9:56:e8:6d:ec:56:0a:e8:a6:09:dc:50:d1:72:66:6d:16:64:1c:fa:f4:df:ab:ee:e5:89:6f:90:1c:78:63:3a:cd:18:c9:a0:0a:c2:c9:09:99:15:ce:93:87:44:31:dc:56:53:c4:1d:bd:6a:6a:96:2d:97:e8:16:59:4c:b6:13:6d:a7:e6:e1:1e:51:8f:7a:40:d9:eb:47:f6:88:3f:04:7a:a2:3a:49:ae:c4:fb:fe:f3:b6:72:59:38:60:5e:cf:12:0d:db:15:fe:f5:c9:0c:89:b1:91:59:69:d0:4a:1c:0a:86:4d:6f:66:19:22:eb:57:e3:c8:8f:b7:f6:4d:8b:02:03:01:00:01", - "x509af.subjectPublicKey_tree": { - "pkcs1.modulus": "00:c9:56:e8:6d:ec:56:0a:e8:a6:09:dc:50:d1:72:66:6d:16:64:1c:fa:f4:df:ab:ee:e5:89:6f:90:1c:78:63:3a:cd:18:c9:a0:0a:c2:c9:09:99:15:ce:93:87:44:31:dc:56:53:c4:1d:bd:6a:6a:96:2d:97:e8:16:59:4c:b6:13:6d:a7:e6:e1:1e:51:8f:7a:40:d9:eb:47:f6:88:3f:04:7a:a2:3a:49:ae:c4:fb:fe:f3:b6:72:59:38:60:5e:cf:12:0d:db:15:fe:f5:c9:0c:89:b1:91:59:69:d0:4a:1c:0a:86:4d:6f:66:19:22:eb:57:e3:c8:8f:b7:f6:4d:8b", - "pkcs1.publicExponent": "65537" - } - }, - "x509af.extensions": "4", - "x509af.extensions_tree": { - "x509af.Extension_element": { - "x509af.extension.id": "2.5.29.19", - "x509ce.BasicConstraintsSyntax_element": "" - }, - "x509af.Extension_element": { - "x509af.extension.id": "2.16.840.1.113730.1.13", - "ns_cert_exts.Comment": "OpenSSL Generated Certificate" - }, - "x509af.Extension_element": { - "x509af.extension.id": "2.5.29.14", - "x509ce.SubjectKeyIdentifier": "01:07:04:ee:a6:17:33:cc:2d:e5:e1:56:cd:43:0f:b2:71:42:05:02" - }, - "x509af.Extension_element": { - "x509af.extension.id": "2.5.29.35", - "x509ce.AuthorityKeyIdentifier_element": { - "x509ce.authorityCertIssuer": "1", - "x509ce.authorityCertIssuer_tree": { - "x509ce.GeneralName": "4", - "x509ce.GeneralName_tree": { - "x509ce.directoryName": "0", - "x509ce.directoryName_tree": { - "x509if.rdnSequence": "5", - "x509if.rdnSequence_tree": { - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.6", - "x509sat.CountryName": "US" - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.8", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "Minnesota" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.10", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "SmartThings" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.11", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "SmartThings" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.3", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "STCA" - } - } - } - } - } - } - }, - "x509ce.authorityCertSerialNumber": "-2877719464742176835" - } - } - } - }, - "x509af.algorithmIdentifier_element": { - "x509af.algorithm.id": "1.2.840.113549.1.1.5" - }, - "ber.bitstring.padding": "0", - "x509af.encrypted": "0f:26:11:8e:c5:ab:4b:39:27:63:dc:70:73:ad:5b:c3:b1:83:2e:2d:8d:93:d4:2a:6e:70:9a:38:75:cc:0c:c4:0d:13:ae:b5:72:2f:15:bf:44:17:4a:3d:c2:8b:15:3d:87:ce:90:01:e6:20:b4:55:04:15:30:3f:ac:1b:78:f8:ff:c0:64:74:c2:29:96:f3:5f:be:a1:59:6e:24:e4:0f:4b:08:71:22:83:e6:9a:ce:7f:64:11:05:4c:33:40:04:42:a4:bf:b0:e8:e5:50:2b:0f:7b:20:ec:53:4e:da:b4:e5:8f:3c:d1:bb:ab:95:e6:16:7a:9a:72:e5:e6:53:79" - }, - "ssl.handshake.certificate_length": "563", - "ssl.handshake.certificate": "30:82:02:2f:30:82:01:98:02:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:33:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:33:34:5a:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:eb:7c:8a:c0:0c:30:96:1b:ea:91:46:ea:ed:6b:41:f5:f0:f6:0a:16:a7:f3:cd:25:e9:4a:2c:9b:b4:66:58:54:22:a2:ad:5a:31:51:fe:85:9a:52:f5:e0:b8:45:2e:05:75:5e:fd:39:35:35:11:62:26:19:f8:7b:7d:8d:aa:73:b4:24:ab:c3:b1:08:c5:81:f1:1f:a8:3a:e6:13:ce:42:d4:67:59:3c:50:1d:6b:a2:f9:87:11:24:b5:ca:e0:cc:23:54:af:1a:9d:60:21:8e:41:4c:f9:00:4f:8e:2e:48:be:60:61:25:8a:bb:e5:16:ac:c0:01:fe:bf:6c:ee:7f:02:03:01:00:01:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:48:44:84:f7:d5:c5:67:7f:cb:ea:65:30:ba:64:5c:53:a1:6d:22:f4:de:32:75:b0:cc:53:3d:29:00:14:5a:78:1c:40:a5:2d:4e:7e:fa:c8:d6:22:c3:3e:56:3f:33:22:0b:7a:23:02:e5:75:49:94:70:27:b4:a4:a4:48:5f:77:a2:09:78:90:0e:0d:41:6d:26:a7:9f:9b:e0:16:4f:9c:16:98:14:5e:99:67:f1:cb:ff:5d:b2:7e:bf:b3:fd:c3:b3:d5:fb:3a:fe:78:2d:df:5a:6f:db:e3:3a:b0:93:6f:ed:c8:ee:58:a4:f6:95:5e:43:48:37:1e:3a:cd:63:9f", - "ssl.handshake.certificate_tree": { - "x509af.signedCertificate_element": { - "x509af.serialNumber": "-2877719464742176835", - "x509af.signature_element": { - "x509af.algorithm.id": "1.2.840.113549.1.1.5" - }, - "x509af.issuer": "0", - "x509af.issuer_tree": { - "x509if.rdnSequence": "5", - "x509if.rdnSequence_tree": { - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.6", - "x509sat.CountryName": "US" - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.8", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "Minnesota" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.10", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "SmartThings" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.11", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "SmartThings" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.3", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "STCA" - } - } - } - } - }, - "x509af.validity_element": { - "x509af.notBefore": "0", - "x509af.notBefore_tree": { - "x509af.utcTime": "15-03-05 21:25:34 (UTC)" - }, - "x509af.notAfter": "0", - "x509af.notAfter_tree": { - "x509af.utcTime": "25-03-02 21:25:34 (UTC)" - } - }, - "x509af.subject": "0", - "x509af.subject_tree": { - "x509af.rdnSequence": "5", - "x509af.rdnSequence_tree": { - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.6", - "x509sat.CountryName": "US" - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.8", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "Minnesota" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.10", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "SmartThings" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.11", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "SmartThings" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.3", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "STCA" - } - } - } - } - }, - "x509af.subjectPublicKeyInfo_element": { - "x509af.algorithm_element": { - "x509af.algorithm.id": "1.2.840.113549.1.1.1" - }, - "x509af.subjectPublicKey": "30:81:89:02:81:81:00:eb:7c:8a:c0:0c:30:96:1b:ea:91:46:ea:ed:6b:41:f5:f0:f6:0a:16:a7:f3:cd:25:e9:4a:2c:9b:b4:66:58:54:22:a2:ad:5a:31:51:fe:85:9a:52:f5:e0:b8:45:2e:05:75:5e:fd:39:35:35:11:62:26:19:f8:7b:7d:8d:aa:73:b4:24:ab:c3:b1:08:c5:81:f1:1f:a8:3a:e6:13:ce:42:d4:67:59:3c:50:1d:6b:a2:f9:87:11:24:b5:ca:e0:cc:23:54:af:1a:9d:60:21:8e:41:4c:f9:00:4f:8e:2e:48:be:60:61:25:8a:bb:e5:16:ac:c0:01:fe:bf:6c:ee:7f:02:03:01:00:01", - "x509af.subjectPublicKey_tree": { - "pkcs1.modulus": "00:eb:7c:8a:c0:0c:30:96:1b:ea:91:46:ea:ed:6b:41:f5:f0:f6:0a:16:a7:f3:cd:25:e9:4a:2c:9b:b4:66:58:54:22:a2:ad:5a:31:51:fe:85:9a:52:f5:e0:b8:45:2e:05:75:5e:fd:39:35:35:11:62:26:19:f8:7b:7d:8d:aa:73:b4:24:ab:c3:b1:08:c5:81:f1:1f:a8:3a:e6:13:ce:42:d4:67:59:3c:50:1d:6b:a2:f9:87:11:24:b5:ca:e0:cc:23:54:af:1a:9d:60:21:8e:41:4c:f9:00:4f:8e:2e:48:be:60:61:25:8a:bb:e5:16:ac:c0:01:fe:bf:6c:ee:7f", - "pkcs1.publicExponent": "65537" - } - } - }, - "x509af.algorithmIdentifier_element": { - "x509af.algorithm.id": "1.2.840.113549.1.1.5" - }, - "ber.bitstring.padding": "0", - "x509af.encrypted": "48:44:84:f7:d5:c5:67:7f:cb:ea:65:30:ba:64:5c:53:a1:6d:22:f4:de:32:75:b0:cc:53:3d:29:00:14:5a:78:1c:40:a5:2d:4e:7e:fa:c8:d6:22:c3:3e:56:3f:33:22:0b:7a:23:02:e5:75:49:94:70:27:b4:a4:a4:48:5f:77:a2:09:78:90:0e:0d:41:6d:26:a7:9f:9b:e0:16:4f:9c:16:98:14:5e:99:67:f1:cb:ff:5d:b2:7e:bf:b3:fd:c3:b3:d5:fb:3a:fe:78:2d:df:5a:6f:db:e3:3a:b0:93:6f:ed:c8:ee:58:a4:f6:95:5e:43:48:37:1e:3a:cd:63:9f" - } - } - } - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "22", - "ssl.record.version": "0x00000303", - "ssl.record.length": "205", - "ssl.handshake": { - "ssl.handshake.type": "12", - "ssl.handshake.length": "201", - "EC Diffie-Hellman Server Params": { - "ssl.handshake.server_curve_type": "0x00000003", - "ssl.handshake.server_named_curve": "0x00000017", - "ssl.handshake.server_point_len": "65", - "ssl.handshake.server_point": "04:e8:da:00:c4:e7:ad:1e:dd:b6:c0:12:56:aa:2c:43:43:6e:a1:03:93:fc:92:31:15:09:d1:39:c5:1c:9e:27:45:af:bf:10:12:e0:c1:a2:86:8d:e3:0e:37:27:53:c4:dc:13:66:ed:42:bc:53:0e:0b:f0:8d:44:7c:a6:9f:15:bf", - "ssl.handshake.sig_hash_alg": "0x00000601", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "6", - "ssl.handshake.sig_hash_sig": "1" - }, - "ssl.handshake.sig_len": "128", - "ssl.handshake.sig": "7d:ce:53:3e:20:dd:fa:f2:15:b1:a7:b0:26:ae:b4:ca:d1:ed:79:18:e0:c9:9d:31:b6:2f:51:53:26:f2:90:cb:93:06:ad:fe:6a:22:d6:22:a5:81:68:3b:3f:cf:e9:c2:cb:2f:56:1a:07:e4:58:3f:b9:d3:8a:08:e4:38:8a:aa:78:53:db:2d:40:fd:57:1e:eb:4e:ac:3c:e5:5a:78:56:6a:e2:f8:e5:29:23:ac:50:76:3c:70:71:87:b7:16:80:0b:17:72:87:58:0c:6e:38:2e:27:e7:d4:ca:bf:f3:d5:15:12:88:bd:b9:80:d5:eb:33:a2:a1:96:86:c4:41:08" - } - } - }, - "ssl.record": { - "ssl.record.content_type": "22", - "ssl.record.version": "0x00000303", - "ssl.record.length": "4", - "ssl.handshake": { - "ssl.handshake.type": "14", - "ssl.handshake.length": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:57.829388000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495417.829388000", - "frame.time_delta": "0.000636000", - "frame.time_delta_displayed": "0.000636000", - "frame.time_relative": "1826.368702000", - "frame.number": "7370", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000c708", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005c43", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "34.231.50.247", - "ip.addr": "34.231.50.247", - "ip.dst_host": "34.231.50.247", - "ip.host": "34.231.50.247", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Houston, TX, 29.699699, -95.585899": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Houston, TX", - "ip.geoip.city": "Houston, TX", - "ip.geoip.dst_lat": "29.699699", - "ip.geoip.lat": "29.699699", - "ip.geoip.dst_lon": "-95.585899", - "ip.geoip.lon": "-95.585899" - } - }, - "tcp": { - "tcp.srcport": "54421", - "tcp.dstport": "443", - "tcp.port": "54421", - "tcp.port": "443", - "tcp.stream": "292", - "tcp.len": "0", - "tcp.seq": "308", - "tcp.ack": "1672", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "281", - "tcp.window_size": "17984", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x00007592", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:7a:5f:4b:49:32:01", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2587231, TSecr 1263088129": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2587231", - "tcp.options.timestamp.tsecr": "1263088129" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7369", - "tcp.analysis.ack_rtt": "0.000636000", - "tcp.analysis.initial_rtt": "0.071541000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:57.858874000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495417.858874000", - "frame.time_delta": "0.029486000", - "frame.time_delta_displayed": "0.029486000", - "frame.time_relative": "1826.398188000", - "frame.number": "7371", - "frame.len": "192", - "frame.cap_len": "192", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "178", - "ip.id": "0x0000c709", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005bc4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "34.231.50.247", - "ip.addr": "34.231.50.247", - "ip.dst_host": "34.231.50.247", - "ip.host": "34.231.50.247", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Houston, TX, 29.699699, -95.585899": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Houston, TX", - "ip.geoip.city": "Houston, TX", - "ip.geoip.dst_lat": "29.699699", - "ip.geoip.lat": "29.699699", - "ip.geoip.dst_lon": "-95.585899", - "ip.geoip.lon": "-95.585899" - } - }, - "tcp": { - "tcp.srcport": "54421", - "tcp.dstport": "443", - "tcp.port": "54421", - "tcp.port": "443", - "tcp.stream": "292", - "tcp.len": "126", - "tcp.seq": "308", - "tcp.nxtseq": "434", - "tcp.ack": "1672", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "281", - "tcp.window_size": "17984", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x000078c8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:7a:62:4b:49:32:01", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2587234, TSecr 1263088129": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2587234", - "tcp.options.timestamp.tsecr": "1263088129" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.071541000", - "tcp.analysis.bytes_in_flight": "126", - "tcp.analysis.push_bytes_sent": "126" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "22", - "ssl.record.version": "0x00000303", - "ssl.record.length": "70", - "ssl.handshake": { - "ssl.handshake.type": "16", - "ssl.handshake.length": "66", - "EC Diffie-Hellman Client Params": { - "ssl.handshake.client_point_len": "65", - "ssl.handshake.client_point": "04:b3:20:d0:17:50:1d:60:f6:ce:03:fd:6f:3b:62:49:68:88:5a:55:d7:c3:c0:8b:78:9b:d5:09:21:52:96:bf:43:be:e6:bd:d9:a9:9e:4e:be:3b:bf:03:fc:c4:2c:11:ef:0e:18:91:13:1d:99:ed:48:75:fc:38:b1:22:b9:ec:48" - } - } - }, - "ssl.record": { - "ssl.record.content_type": "20", - "ssl.record.version": "0x00000303", - "ssl.record.length": "1", - "ssl.change_cipher_spec": "" - }, - "ssl.record": { - "ssl.record.content_type": "22", - "ssl.record.version": "0x00000303", - "ssl.record.length": "40", - "ssl.handshake": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:57.929879000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495417.929879000", - "frame.time_delta": "0.071005000", - "frame.time_delta_displayed": "0.071005000", - "frame.time_relative": "1826.469193000", - "frame.number": "7372", - "frame.len": "117", - "frame.cap_len": "117", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "103", - "ip.id": "0x00007e3e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "229", - "ip.proto": "6", - "ip.checksum": "0x0000ffd9", - "ip.checksum.status": "2", - "ip.src": "34.231.50.247", - "ip.addr": "34.231.50.247", - "ip.src_host": "34.231.50.247", - "ip.host": "34.231.50.247", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Houston, TX, 29.699699, -95.585899": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Houston, TX", - "ip.geoip.city": "Houston, TX", - "ip.geoip.src_lat": "29.699699", - "ip.geoip.lat": "29.699699", - "ip.geoip.src_lon": "-95.585899", - "ip.geoip.lon": "-95.585899" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "54421", - "tcp.port": "443", - "tcp.port": "54421", - "tcp.stream": "292", - "tcp.len": "51", - "tcp.seq": "1672", - "tcp.nxtseq": "1723", - "tcp.ack": "434", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "110", - "tcp.window_size": "28160", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00005118", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:4b:49:32:1b:00:27:7a:62", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 1263088155, TSecr 2587234": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "1263088155", - "tcp.options.timestamp.tsecr": "2587234" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7371", - "tcp.analysis.ack_rtt": "0.071005000", - "tcp.analysis.initial_rtt": "0.071541000", - "tcp.analysis.bytes_in_flight": "51", - "tcp.analysis.push_bytes_sent": "51" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "20", - "ssl.record.version": "0x00000303", - "ssl.record.length": "1", - "ssl.change_cipher_spec": "" - }, - "ssl.record": { - "ssl.record.content_type": "22", - "ssl.record.version": "0x00000303", - "ssl.record.length": "40", - "ssl.handshake": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:57.930898000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495417.930898000", - "frame.time_delta": "0.001019000", - "frame.time_delta_displayed": "0.001019000", - "frame.time_relative": "1826.470212000", - "frame.number": "7373", - "frame.len": "135", - "frame.cap_len": "135", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "121", - "ip.id": "0x0000c70a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005bfc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "34.231.50.247", - "ip.addr": "34.231.50.247", - "ip.dst_host": "34.231.50.247", - "ip.host": "34.231.50.247", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Houston, TX, 29.699699, -95.585899": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Houston, TX", - "ip.geoip.city": "Houston, TX", - "ip.geoip.dst_lat": "29.699699", - "ip.geoip.lat": "29.699699", - "ip.geoip.dst_lon": "-95.585899", - "ip.geoip.lon": "-95.585899" - } - }, - "tcp": { - "tcp.srcport": "54421", - "tcp.dstport": "443", - "tcp.port": "54421", - "tcp.port": "443", - "tcp.stream": "292", - "tcp.len": "69", - "tcp.seq": "434", - "tcp.nxtseq": "503", - "tcp.ack": "1723", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "281", - "tcp.window_size": "17984", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x00006091", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:7a:69:4b:49:32:1b", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2587241, TSecr 1263088155": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2587241", - "tcp.options.timestamp.tsecr": "1263088155" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7372", - "tcp.analysis.ack_rtt": "0.001019000", - "tcp.analysis.initial_rtt": "0.071541000", - "tcp.analysis.bytes_in_flight": "69", - "tcp.analysis.push_bytes_sent": "69" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "64", - "ssl.app_data": "1b:08:f9:0f:03:7b:40:9d:09:94:88:16:4d:e9:9e:7b:df:e3:63:e8:c9:f9:1f:e3:b7:13:42:1b:0e:31:c3:8a:b3:20:91:f1:1a:ff:0c:95:cc:74:9f:22:c7:f2:2d:65:82:27:6c:86:c2:53:d0:53:b6:99:ff:81:8a:35:7d:a9" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:58.002437000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495418.002437000", - "frame.time_delta": "0.071539000", - "frame.time_delta_displayed": "0.071539000", - "frame.time_relative": "1826.541751000", - "frame.number": "7374", - "frame.len": "135", - "frame.cap_len": "135", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "121", - "ip.id": "0x00007e3f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "229", - "ip.proto": "6", - "ip.checksum": "0x0000ffc6", - "ip.checksum.status": "2", - "ip.src": "34.231.50.247", - "ip.addr": "34.231.50.247", - "ip.src_host": "34.231.50.247", - "ip.host": "34.231.50.247", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Houston, TX, 29.699699, -95.585899": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Houston, TX", - "ip.geoip.city": "Houston, TX", - "ip.geoip.src_lat": "29.699699", - "ip.geoip.lat": "29.699699", - "ip.geoip.src_lon": "-95.585899", - "ip.geoip.lon": "-95.585899" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "54421", - "tcp.port": "443", - "tcp.port": "54421", - "tcp.stream": "292", - "tcp.len": "69", - "tcp.seq": "1723", - "tcp.nxtseq": "1792", - "tcp.ack": "503", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "110", - "tcp.window_size": "28160", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000c7ce", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:4b:49:32:2d:00:27:7a:69", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 1263088173, TSecr 2587241": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "1263088173", - "tcp.options.timestamp.tsecr": "2587241" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7373", - "tcp.analysis.ack_rtt": "0.071539000", - "tcp.analysis.initial_rtt": "0.071541000", - "tcp.analysis.bytes_in_flight": "69", - "tcp.analysis.push_bytes_sent": "69" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "64", - "ssl.app_data": "cf:45:ca:a4:d2:d5:5f:67:02:7e:6c:68:fe:13:ac:53:42:d0:39:6b:81:a6:3f:2e:d3:12:30:73:fd:98:c7:54:ab:73:e8:b3:8e:d6:89:58:71:92:8b:26:14:33:75:0a:b2:1a:e6:d0:61:e3:b9:5c:5f:c2:c6:0c:19:9b:e1:75" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:58.003358000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495418.003358000", - "frame.time_delta": "0.000921000", - "frame.time_delta_displayed": "0.000921000", - "frame.time_relative": "1826.542672000", - "frame.number": "7375", - "frame.len": "555", - "frame.cap_len": "555", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "541", - "ip.id": "0x0000c70b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005a57", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "34.231.50.247", - "ip.addr": "34.231.50.247", - "ip.dst_host": "34.231.50.247", - "ip.host": "34.231.50.247", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Houston, TX, 29.699699, -95.585899": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Houston, TX", - "ip.geoip.city": "Houston, TX", - "ip.geoip.dst_lat": "29.699699", - "ip.geoip.lat": "29.699699", - "ip.geoip.dst_lon": "-95.585899", - "ip.geoip.lon": "-95.585899" - } - }, - "tcp": { - "tcp.srcport": "54421", - "tcp.dstport": "443", - "tcp.port": "54421", - "tcp.port": "443", - "tcp.stream": "292", - "tcp.len": "489", - "tcp.seq": "503", - "tcp.nxtseq": "992", - "tcp.ack": "1792", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "281", - "tcp.window_size": "17984", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000408b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:7a:71:4b:49:32:2d", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2587249, TSecr 1263088173": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2587249", - "tcp.options.timestamp.tsecr": "1263088173" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7374", - "tcp.analysis.ack_rtt": "0.000921000", - "tcp.analysis.initial_rtt": "0.071541000", - "tcp.analysis.bytes_in_flight": "489", - "tcp.analysis.push_bytes_sent": "489" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "484", - "ssl.app_data": "1b:08:f9:0f:03:7b:40:9e:a3:60:45:93:5b:b6:69:a8:b0:9f:68:5a:14:c1:ea:fc:f6:b2:fc:a6:98:2c:66:47:8c:97:ce:5e:70:c2:9f:cb:8d:c4:08:a3:c3:3e:06:71:69:d7:f9:bb:47:f2:86:c5:d6:25:23:70:e4:5b:b9:c6:de:c2:c3:6d:c0:28:fd:c7:f8:8a:a4:8f:15:2b:a3:a2:11:bf:47:50:93:25:41:e6:b9:f6:7e:59:c5:1b:2d:c4:97:e2:83:6f:3a:04:c7:60:37:cd:44:7b:68:91:e6:e3:a5:da:d8:89:0d:44:f7:5a:1a:8d:2f:b5:91:6b:a7:a0:db:57:13:d7:12:73:f1:47:a0:c7:9d:45:3e:da:1b:37:cf:39:0c:54:bd:8f:a4:e4:bd:6d:bf:40:49:5a:02:5f:35:10:55:3e:81:7b:a7:f7:34:92:41:51:d7:ad:96:0b:a1:f8:a5:3c:72:be:c9:bc:e9:b5:3c:ea:e8:8f:7f:28:54:d3:af:e1:ba:82:cd:95:80:2d:7d:2d:06:39:24:05:b2:68:91:68:00:a0:18:09:49:85:b6:c5:b3:ff:c5:d8:db:e1:08:fb:c5:68:60:b9:8f:82:94:1e:c4:5c:2a:11:e4:07:ec:73:5e:f7:7b:7d:78:de:f1:36:a0:5b:05:99:a6:ef:43:66:be:ec:67:0e:39:3a:3b:07:61:e1:4d:63:1c:3e:75:3f:42:db:63:e0:89:da:aa:d4:6e:ec:c3:f6:b9:ae:d4:ad:f6:9d:6c:16:80:3a:1a:96:6e:30:b3:3d:a0:2f:10:b1:88:14:c2:a6:a5:9a:fe:5c:c3:a4:53:00:7a:ad:d1:10:1e:f7:33:7c:8c:2f:fb:3f:af:ed:17:21:b0:db:49:62:1b:f0:6a:71:10:79:5e:ed:40:5d:f9:a4:fc:98:e3:35:13:55:a4:f8:08:7f:93:1e:9a:94:a5:03:2d:49:96:f3:0d:33:db:24:f6:f6:4a:7f:1c:d7:a2:c2:00:29:6f:1b:08:af:70:e5:72:85:3d:3d:80:d8:a1:7e:c7:49:52:af:d9:87:f9:92:fe:0b:0e:34:3d:02:45:d2:46:59:b8:73:05:80:96:30:35:a7:85:25:c6:c2:46:60:7c:76:14:27:5b:67:0e:57:6f:11:76:4c:ff:a4:b1:38:74:be:d1:9f:7b:13:0a:a5:d8:24:a6:f0:81:65:6d:1b:e5:d6:6b:26:c6:7e:40:3b:1c:3f:12:ec:fc:c7:82:04:55:af:27:80" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:58.074879000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495418.074879000", - "frame.time_delta": "0.071521000", - "frame.time_delta_displayed": "0.071521000", - "frame.time_relative": "1826.614193000", - "frame.number": "7376", - "frame.len": "141", - "frame.cap_len": "141", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "127", - "ip.id": "0x00007e40", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "229", - "ip.proto": "6", - "ip.checksum": "0x0000ffbf", - "ip.checksum.status": "2", - "ip.src": "34.231.50.247", - "ip.addr": "34.231.50.247", - "ip.src_host": "34.231.50.247", - "ip.host": "34.231.50.247", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Houston, TX, 29.699699, -95.585899": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Houston, TX", - "ip.geoip.city": "Houston, TX", - "ip.geoip.src_lat": "29.699699", - "ip.geoip.lat": "29.699699", - "ip.geoip.src_lon": "-95.585899", - "ip.geoip.lon": "-95.585899" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "54421", - "tcp.port": "443", - "tcp.port": "54421", - "tcp.stream": "292", - "tcp.len": "75", - "tcp.seq": "1792", - "tcp.nxtseq": "1867", - "tcp.ack": "992", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "114", - "tcp.window_size": "29184", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000022db", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:4b:49:32:3f:00:27:7a:71", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 1263088191, TSecr 2587249": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "1263088191", - "tcp.options.timestamp.tsecr": "2587249" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7375", - "tcp.analysis.ack_rtt": "0.071521000", - "tcp.analysis.initial_rtt": "0.071541000", - "tcp.analysis.bytes_in_flight": "75", - "tcp.analysis.push_bytes_sent": "75" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "70", - "ssl.app_data": "cf:45:ca:a4:d2:d5:5f:68:a0:ba:7d:ef:07:e8:05:04:12:f5:21:73:d3:c1:41:9e:6f:68:4b:c0:bc:27:ba:ac:73:e0:71:af:2e:56:d3:98:f6:a2:c9:58:8b:b2:31:10:9f:7a:2c:86:79:f9:99:98:22:b4:ba:cf:2f:bb:99:de:ac:3f:b7:98:d1:a4" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:58.075624000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495418.075624000", - "frame.time_delta": "0.000745000", - "frame.time_delta_displayed": "0.000745000", - "frame.time_relative": "1826.614938000", - "frame.number": "7377", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000c70c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005c3f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "34.231.50.247", - "ip.addr": "34.231.50.247", - "ip.dst_host": "34.231.50.247", - "ip.host": "34.231.50.247", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Houston, TX, 29.699699, -95.585899": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Houston, TX", - "ip.geoip.city": "Houston, TX", - "ip.geoip.dst_lat": "29.699699", - "ip.geoip.lat": "29.699699", - "ip.geoip.dst_lon": "-95.585899", - "ip.geoip.lon": "-95.585899" - } - }, - "tcp": { - "tcp.srcport": "54421", - "tcp.dstport": "443", - "tcp.port": "54421", - "tcp.port": "443", - "tcp.stream": "292", - "tcp.len": "0", - "tcp.seq": "992", - "tcp.ack": "1867", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "281", - "tcp.window_size": "17984", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x000071cb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:7a:78:4b:49:32:3f", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2587256, TSecr 1263088191": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2587256", - "tcp.options.timestamp.tsecr": "1263088191" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7376", - "tcp.analysis.ack_rtt": "0.000745000", - "tcp.analysis.initial_rtt": "0.071541000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:58.146389000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495418.146389000", - "frame.time_delta": "0.070765000", - "frame.time_delta_displayed": "0.070765000", - "frame.time_relative": "1826.685703000", - "frame.number": "7378", - "frame.len": "97", - "frame.cap_len": "97", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "83", - "ip.id": "0x00007e41", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "229", - "ip.proto": "6", - "ip.checksum": "0x0000ffea", - "ip.checksum.status": "2", - "ip.src": "34.231.50.247", - "ip.addr": "34.231.50.247", - "ip.src_host": "34.231.50.247", - "ip.host": "34.231.50.247", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Houston, TX, 29.699699, -95.585899": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Houston, TX", - "ip.geoip.city": "Houston, TX", - "ip.geoip.src_lat": "29.699699", - "ip.geoip.lat": "29.699699", - "ip.geoip.src_lon": "-95.585899", - "ip.geoip.lon": "-95.585899" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "54421", - "tcp.port": "443", - "tcp.port": "54421", - "tcp.stream": "292", - "tcp.len": "31", - "tcp.seq": "1867", - "tcp.nxtseq": "1898", - "tcp.ack": "993", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "114", - "tcp.window_size": "29184", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000008a7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:4b:49:32:51:00:27:7a:78", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 1263088209, TSecr 2587256": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "1263088209", - "tcp.options.timestamp.tsecr": "2587256" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7377", - "tcp.analysis.ack_rtt": "0.070765000", - "tcp.analysis.initial_rtt": "0.071541000", - "tcp.analysis.bytes_in_flight": "31", - "tcp.analysis.push_bytes_sent": "31" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "21", - "ssl.record.version": "0x00000303", - "ssl.record.length": "26", - "ssl.alert_message": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:58.146474000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495418.146474000", - "frame.time_delta": "0.000085000", - "frame.time_delta_displayed": "0.000085000", - "frame.time_relative": "1826.685788000", - "frame.number": "7379", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00007e42", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "229", - "ip.proto": "6", - "ip.checksum": "0x00000009", - "ip.checksum.status": "2", - "ip.src": "34.231.50.247", - "ip.addr": "34.231.50.247", - "ip.src_host": "34.231.50.247", - "ip.host": "34.231.50.247", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Houston, TX, 29.699699, -95.585899": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Houston, TX", - "ip.geoip.city": "Houston, TX", - "ip.geoip.src_lat": "29.699699", - "ip.geoip.lat": "29.699699", - "ip.geoip.src_lon": "-95.585899", - "ip.geoip.lon": "-95.585899" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "54421", - "tcp.port": "443", - "tcp.port": "54421", - "tcp.stream": "292", - "tcp.len": "0", - "tcp.seq": "1898", - "tcp.ack": "993", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "114", - "tcp.window_size": "29184", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00007240", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:4b:49:32:51:00:27:7a:78", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 1263088209, TSecr 2587256": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "1263088209", - "tcp.options.timestamp.tsecr": "2587256" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:58.146905000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495418.146905000", - "frame.time_delta": "0.000431000", - "frame.time_delta_displayed": "0.000431000", - "frame.time_relative": "1826.686219000", - "frame.number": "7380", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000f0be", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003299", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "34.231.50.247", - "ip.addr": "34.231.50.247", - "ip.dst_host": "34.231.50.247", - "ip.host": "34.231.50.247", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Houston, TX, 29.699699, -95.585899": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Houston, TX", - "ip.geoip.city": "Houston, TX", - "ip.geoip.dst_lat": "29.699699", - "ip.geoip.lat": "29.699699", - "ip.geoip.dst_lon": "-95.585899", - "ip.geoip.lon": "-95.585899" - } - }, - "tcp": { - "tcp.srcport": "54421", - "tcp.dstport": "443", - "tcp.port": "54421", - "tcp.port": "443", - "tcp.stream": "292", - "tcp.len": "0", - "tcp.seq": "993", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x000084ae", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:16:58.146918000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495418.146918000", - "frame.time_delta": "0.000013000", - "frame.time_delta_displayed": "0.000013000", - "frame.time_relative": "1826.686232000", - "frame.number": "7381", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000f0bf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003298", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "34.231.50.247", - "ip.addr": "34.231.50.247", - "ip.dst_host": "34.231.50.247", - "ip.host": "34.231.50.247", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Houston, TX, 29.699699, -95.585899": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Houston, TX", - "ip.geoip.city": "Houston, TX", - "ip.geoip.dst_lat": "29.699699", - "ip.geoip.lat": "29.699699", - "ip.geoip.dst_lon": "-95.585899", - "ip.geoip.lon": "-95.585899" - } - }, - "tcp": { - "tcp.srcport": "54421", - "tcp.dstport": "443", - "tcp.port": "54421", - "tcp.port": "443", - "tcp.stream": "292", - "tcp.len": "0", - "tcp.seq": "993", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x000084ae", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:00.220840000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495420.220840000", - "frame.time_delta": "2.073922000", - "frame.time_delta_displayed": "2.073922000", - "frame.time_relative": "1828.760154000", - "frame.number": "7382", - "frame.len": "115", - "frame.cap_len": "115", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "101", - "ip.id": "0x000096dd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007671", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "49", - "tcp.seq": "87554", - "tcp.nxtseq": "87603", - "tcp.ack": "18194", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00001550", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:7b:4e:a7:a1:db:e7", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2587470, TSecr 2812402663": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2587470", - "tcp.options.timestamp.tsecr": "2812402663" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "49", - "tcp.analysis.push_bytes_sent": "49" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "44", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:7a:97:36:cb:7b:0d:30:69:f9:8a:18:23:82:45:35:83:e0:94:77:60:af:6f:24:a3:04:fb:3a:91:76:74:8a:af:ec:65:84:35:98" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:00.280995000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495420.280995000", - "frame.time_delta": "0.060155000", - "frame.time_delta_displayed": "0.060155000", - "frame.time_relative": "1828.820309000", - "frame.number": "7383", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002dd7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037a8", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "18194", - "tcp.ack": "87603", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00009aa9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:f5:4a:00:27:7b:4e", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812409162, TSecr 2587470": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812409162", - "tcp.options.timestamp.tsecr": "2587470" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7382", - "tcp.analysis.ack_rtt": "0.060155000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:00.282384000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495420.282384000", - "frame.time_delta": "0.001389000", - "frame.time_delta_displayed": "0.001389000", - "frame.time_relative": "1828.821698000", - "frame.number": "7384", - "frame.len": "121", - "frame.cap_len": "121", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "107", - "ip.id": "0x00002dd8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003770", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "55", - "tcp.seq": "18194", - "tcp.nxtseq": "18249", - "tcp.ack": "87603", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00008c29", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a1:f5:4b:00:27:7b:4e", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812409163, TSecr 2587470": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812409163", - "tcp.options.timestamp.tsecr": "2587470" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "55", - "tcp.analysis.push_bytes_sent": "55" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "50", - "ssl.app_data": "34:cd:34:17:47:48:0e:ca:68:70:98:a0:71:73:14:50:8f:6c:21:f4:51:e4:9c:8a:83:58:8e:69:c9:5d:f2:b3:10:4e:f3:2d:80:47:9a:13:98:76:4b:42:85:d2:c5:99:3c:57" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:00.282782000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495420.282782000", - "frame.time_delta": "0.000398000", - "frame.time_delta_displayed": "0.000398000", - "frame.time_relative": "1828.822096000", - "frame.number": "7385", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x000096de", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000076a1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "87603", - "tcp.ack": "18249", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000997b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:7b:55:a7:a1:f5:4b", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2587477, TSecr 2812409163": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2587477", - "tcp.options.timestamp.tsecr": "2812409163" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7384", - "tcp.analysis.ack_rtt": "0.000398000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:02.670187000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495422.670187000", - "frame.time_delta": "2.387405000", - "frame.time_delta_displayed": "2.387405000", - "frame.time_relative": "1831.209501000", - "frame.number": "7386", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.242" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:02.670619000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495422.670619000", - "frame.time_delta": "0.000432000", - "frame.time_delta_displayed": "0.000432000", - "frame.time_relative": "1831.209933000", - "frame.number": "7387", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "d0:52:a8:a3:60:0f", - "arp.src.proto_ipv4": "192.168.0.242", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:04.318677000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495424.318677000", - "frame.time_delta": "1.648058000", - "frame.time_delta_displayed": "1.648058000", - "frame.time_relative": "1832.857991000", - "frame.number": "7388", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005822", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a66f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "5117", - "tcp.ack": "649", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f03a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive": "", - "_ws.expert.message": "TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:04.461895000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495424.461895000", - "frame.time_delta": "0.143218000", - "frame.time_delta_displayed": "0.143218000", - "frame.time_relative": "1833.001209000", - "frame.number": "7389", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001007", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fd8a", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "649", - "tcp.ack": "5118", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000faaf", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive_ack": "", - "_ws.expert.message": "ACK to a TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:06.721951000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495426.721951000", - "frame.time_delta": "2.260056000", - "frame.time_delta_displayed": "2.260056000", - "frame.time_relative": "1835.261265000", - "frame.number": "7390", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005e60", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x00005989", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:07.449801000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495427.449801000", - "frame.time_delta": "0.727850000", - "frame.time_delta_displayed": "0.727850000", - "frame.time_relative": "1835.989115000", - "frame.number": "7391", - "frame.len": "130", - "frame.cap_len": "130", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "116", - "ip.id": "0x00000b9e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ecf2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "96", - "udp.checksum": "0x000002a0", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:3b:44:eb:1c:ca:17:ce:f2:14:6b:00:00:00:78:27:e3:e3:14:2e:34:21:00:00:00:00:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", - "data.len": "88" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:09.328591000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495429.328591000", - "frame.time_delta": "1.878790000", - "frame.time_delta_displayed": "1.878790000", - "frame.time_relative": "1837.867905000", - "frame.number": "7392", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "00:17:88:69:ee:e4", - "arp.src.proto_ipv4": "192.168.0.160", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:09.328722000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495429.328722000", - "frame.time_delta": "0.000131000", - "frame.time_delta_displayed": "0.000131000", - "frame.time_relative": "1837.868036000", - "frame.number": "7393", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:17:88:69:ee:e4", - "arp.dst.proto_ipv4": "192.168.0.160" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:10.938548000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495430.938548000", - "frame.time_delta": "1.609826000", - "frame.time_delta_displayed": "1.609826000", - "frame.time_relative": "1839.477862000", - "frame.number": "7394", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "60:f1:89:96:45:f6", - "arp.src.proto_ipv4": "192.168.0.86", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:25.398596000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495445.398596000", - "frame.time_delta": "14.460048000", - "frame.time_delta_displayed": "14.460048000", - "frame.time_relative": "1853.937910000", - "frame.number": "7395", - "frame.len": "92", - "frame.cap_len": "92", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "78", - "ip.id": "0x00000ba0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ed16", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "58", - "udp.checksum": "0x000014a1", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "32:00:00:54:42:52:4b:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:00:84:ec:f4:f7:1b:ce:f2:14:0d:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:88:12", - "data.len": "50" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:26.080758000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495446.080758000", - "frame.time_delta": "0.682162000", - "frame.time_delta_displayed": "0.682162000", - "frame.time_relative": "1854.620072000", - "frame.number": "7396", - "frame.len": "264", - "frame.cap_len": "264", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "250", - "ip.id": "0x00002dd9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000036e0", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "198", - "tcp.seq": "18249", - "tcp.nxtseq": "18447", - "tcp.ack": "87603", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000060b3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a2:0e:7c:00:27:7b:55", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812415612, TSecr 2587477": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812415612", - "tcp.options.timestamp.tsecr": "2587477" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "198", - "tcp.analysis.push_bytes_sent": "198" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "193", - "ssl.app_data": "34:cd:34:17:47:48:0e:cb:05:20:98:78:b6:f9:d9:5a:20:e5:ec:6c:3b:0e:f0:9c:2b:35:61:f0:aa:0f:c8:23:2e:04:52:40:68:88:7d:c6:89:40:e3:0e:9b:e3:4d:26:8a:d5:fb:32:24:71:d2:6e:0c:ec:4e:2d:5c:aa:c9:fc:c6:93:ab:21:85:8e:8c:f0:db:78:55:fa:ec:f3:70:44:04:74:f8:49:80:af:f2:98:c9:32:26:4f:e0:7d:cc:3f:75:ee:fa:76:bc:bc:8a:39:aa:2c:d9:77:d1:0d:9b:3f:73:d5:1f:a1:91:14:af:08:b0:0d:46:fd:76:40:a2:39:4c:51:7a:0d:b8:cf:6b:10:c5:96:6d:2d:1c:c9:a6:a5:e4:aa:5c:a3:f4:f9:59:62:17:fa:d2:23:72:29:18:4c:87:a9:49:5c:9e:dc:64:36:88:b0:2f:37:6d:60:37:02:6c:ac:de:6f:d6:c3:bf:94:e9:9d:8d:25:4d:94:cf:06:a1" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:26.081233000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495446.081233000", - "frame.time_delta": "0.000475000", - "frame.time_delta_displayed": "0.000475000", - "frame.time_relative": "1854.620547000", - "frame.number": "7397", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x000096df", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000076a0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "87603", - "tcp.ack": "18447", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00007571", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:85:68:a7:a2:0e:7c", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2590056, TSecr 2812415612": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2590056", - "tcp.options.timestamp.tsecr": "2812415612" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7396", - "tcp.analysis.ack_rtt": "0.000475000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:26.087214000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495446.087214000", - "frame.time_delta": "0.005981000", - "frame.time_delta_displayed": "0.005981000", - "frame.time_relative": "1854.626528000", - "frame.number": "7398", - "frame.len": "119", - "frame.cap_len": "119", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "105", - "ip.id": "0x000096e0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000766a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "53", - "tcp.seq": "87603", - "tcp.nxtseq": "87656", - "tcp.ack": "18447", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00007b7e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:85:69:a7:a2:0e:7c", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2590057, TSecr 2812415612": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2590057", - "tcp.options.timestamp.tsecr": "2812415612" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "53", - "tcp.analysis.push_bytes_sent": "53" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "48", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:7b:68:97:05:92:22:4b:76:3a:c3:23:6c:5d:13:1c:52:1f:f7:02:4a:db:8f:4e:58:52:b5:b7:93:2c:a4:f2:fe:f7:3f:ab:c1:54:64:e9:7b:d5" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:26.186101000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495446.186101000", - "frame.time_delta": "0.098887000", - "frame.time_delta_displayed": "0.098887000", - "frame.time_relative": "1854.725415000", - "frame.number": "7399", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002dda", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037a5", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "18447", - "tcp.ack": "87656", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000760f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a2:0e:97:00:27:85:69", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812415639, TSecr 2590057": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812415639", - "tcp.options.timestamp.tsecr": "2590057" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7398", - "tcp.analysis.ack_rtt": "0.098887000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:26.186689000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495446.186689000", - "frame.time_delta": "0.000588000", - "frame.time_delta_displayed": "0.000588000", - "frame.time_relative": "1854.726003000", - "frame.number": "7400", - "frame.len": "1442", - "frame.cap_len": "1442", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1428", - "ip.id": "0x000096e1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000713e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "1376", - "tcp.seq": "87656", - "tcp.nxtseq": "89032", - "tcp.ack": "18447", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00008034", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:85:73:a7:a2:0e:97", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2590067, TSecr 2812415639": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2590067", - "tcp.options.timestamp.tsecr": "2812415639" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "1376", - "tcp.analysis.push_bytes_sent": "1376" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:7c:86:c1:7d:49:94:dd:27:4f:53:12:ba:4a:b5:b2:58:7d:5a:cd:53:64:a3:8e:9d:63:47:50:05:11:39:a0:81:f1:62:e5:f3:4a:fc:ab:c1:b8:ba" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "96", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:7d:ab:f3:8c:e4:2f:d1:0d:50:a7:df:20:eb:0b:6e:3c:1a:2c:a7:46:44:e6:da:f5:70:4c:4a:b7:82:4d:d5:91:db:57:be:5f:d0:7b:43:53:a9:fa:ed:de:fd:b4:e9:cd:37:6e:e7:ab:00:a8:65:08:07:02:b5:a8:bb:a5:f6:7d:fe:38:22:f5:bc:79:60:0c:4c:a5:f5:bd:8e:50:36:68:b7:83:58:4e:95:0d:bc:6e:c1" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "1078", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:7e:db:cc:bd:47:dd:9f:10:e6:e2:3a:69:2f:e2:9c:1b:41:40:71:f2:8e:1d:5e:29:8a:73:1a:b2:8b:c7:c0:43:5a:b5:9a:19:25:68:6b:10:e7:8d:64:60:2e:93:06:52:77:9b:61:93:84:53:95:79:9c:0d:8a:71:06:df:4f:1b:d5:57:3f:db:df:0a:b9:fc:db:be:d1:f1:bb:c4:a1:61:3d:a4:09:7b:3d:f0:a0:04:b7:b7:7e:0e:5e:d7:20:30:f4:99:fd:27:f5:f9:65:7a:35:5e:d6:fb:a4:ad:9a:44:8b:3c:65:73:de:49:75:83:ec:71:a3:f4:10:9f:91:57:ea:2f:33:7b:24:38:47:d8:20:38:95:ea:e8:cf:36:7f:01:e6:65:3b:4d:0e:ea:ba:e3:33:35:8b:d5:b7:d2:8a:00:73:04:dc:b1:cb:bc:e5:b8:e0:46:12:92:ce:48:b1:99:4f:37:be:2f:27:a0:1f:08:15:be:16:1a:b7:06:bf:85:1a:bb:06:eb:2a:73:ce:fc:4c:f5:fc:0c:5b:70:03:a0:67:87:97:1c:50:1f:ee:54:c9:45:27:17:94:bd:77:ee:5d:ba:ea:c8:3c:19:8b:1b:1f:e4:cf:11:89:99:3c:1e:27:b8:51:5d:cb:1b:93:c4:a8:49:aa:5d:44:50:2a:ea:e0:e1:53:3d:e6:c5:97:36:af:74:35:23:68:ab:f0:ae:fb:2c:1c:33:48:12:73:92:74:56:ad:55:21:60:25:45:08:4e:d4:ca:f0:43:6b:64:1b:3f:26:b5:9c:7c:00:2a:8f:59:3f:15:38:b9:02:b2:04:6c:80:55:c2:24:0f:76:16:e2:ab:77:d8:6b:a1:82:ac:bd:7f:b4:9d:05:ce:2d:f8:94:fc:62:5d:2f:e2:34:07:55:01:f0:b0:6c:50:17:a5:62:b4:b8:11:14:87:2e:9b:f6:05:92:b4:c7:fe:28:c5:bb:67:0e:29:ed:ee:ee:93:13:9b:2d:c4:d1:08:c3:15:fa:d5:9b:0e:d0:60:7c:75:86:3a:cc:2e:85:70:52:1f:8f:c0:fc:4c:28:b6:27:b4:68:cc:4c:d4:02:94:47:39:ad:37:bf:2e:5c:0b:6f:86:83:e5:3c:cc:00:d7:14:3e:bc:97:61:93:6e:d4:40:e5:03:d6:8e:20:30:a6:f6:b4:29:ef:e0:15:91:c4:84:c4:97:79:32:96:af:15:6f:a9:5c:1c:3b:16:9f:6f:a9:6c:5a:fe:ba:21:e3:53:8a:2f:f1:c5:5c:cb:34:95:2d:c4:b1:68:cd:d5:1c:8b:15:c2:f5:f7:a0:f2:ed:ad:c2:e6:29:b0:16:69:42:56:e7:30:3b:65:14:0c:e5:31:2a:81:b8:cd:fe:fc:ad:52:b2:ba:8a:d5:77:69:f5:7d:1b:5c:9b:07:7d:69:5d:68:72:29:56:1c:18:72:cc:37:8d:f6:4f:8e:4f:c2:df:16:6b:31:bf:ff:47:3e:cd:66:49:f1:50:18:4f:53:7d:d7:0c:3f:69:92:21:d8:e3:3b:74:f2:c1:ce:b7:0d:3c:f6:1e:00:7f:e2:e8:ea:cc:ff:8e:32:5f:93:d2:22:66:3e:60:79:3d:44:46:94:21:df:64:3f:c8:e9:cb:1a:de:e3:26:1b:d6:9c:c7:6f:30:f5:35:b7:50:a9:d2:d3:4f:01:95:8d:0a:83:13:50:02:c7:09:42:ea:c7:da:52:af:6a:60:6e:c1:b8:84:80:c9:e1:e4:74:bb:7c:bd:25:44:11:09:9b:2d:07:77:c0:00:f7:e3:ff:14:4d:34:02:83:53:a3:9f:4b:dc:ea:d0:04:7c:81:a0:8c:e5:0c:53:1f:44:4d:ac:d4:94:71:bd:60:1c:af:18:3b:80:dd:32:3e:da:af:96:61:fc:a9:81:3d:a8:8c:54:5b:42:5e:7c:89:17:29:55:56:b6:0a:70:db:57:ab:dd:b4:72:c1:d5:9e:4d:b8:9a:f5:25:8a:58:dd:90:9f:b2:bf:e8:26:0b:41:5f:85:c8:03:44:b2:4e:43:ec:bf:c1:e1:0b:b1:4a:7f:a8:de:85:80:03:8e:3e:4c:8a:e7:ce:6d:fd:5d:92:51:d8:1e:9c:ec:64:5f:af:72:00:a3:fc:cb:ef:d7:0f:6a:c1:3d:12:13:e5:8e:e3:40:b0:7a:79:1a:79:c0:a4:ba:e5:0d:bd:b7:4d:f3:8b:f4:68:39:0f:92:36:86:30:9a:a2:91:10:69:d1:98:ab:08:16:5d:c4:e2:17:d3:da:48:82:d1:a6:4a:10:ea:1a:8c:9a:a0:5a:50:66:a2:aa:ba:c5:0d:91:ee:73:96:f2:72:0b:9f:b7:b1:46:c1:e4:ca:d1:e0:1f:1b:97:e1:27:1e:6c:2f:48:cf:81:ff:0c:ce:c6:3b:1c:98:82:cc:2b:02:36:c3:03:c5:9f:af:be:23:be:3d:c4:30:57:5a:6f:20:e9:64:77:78:c4:73:e4:3a:59:13:df:70:0a:75:12:a7:e9:84:f2:00:62:7f:f4:46:5d:9b:c8:ac:a0:3b:e7:64:0a:88:48:b8:0f:de:bd:2b:88:4e:0e:64:17:ec:a1:4e:41:a4:5d:8e:90:b7:9c:ab:69:01:ae:3d:59:6b:63:99:93:73:40:aa:1e:82:1c:06:82:85:0a:17:23:a5:75:2d:18:98:66:30:6d:8f:90:eb:d9:37:44:67:97:2e:20:b7:02:c5:da:66:ce:d7:f0:e0:d0:11:78:54:c5:8b:b4:7e:c2:d3:7a:47:cb:c2:08:22:92:2d:72:14:21:4c:3a:f6:1a:71:95:94:3e:79:30:66" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "133", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:7f:b2:71:f9:1f:b3:c9:cc:e0:28:5e:64:1e:37:da:9e:e2:da:5c:9e:72:3f:09:91:b1:5c:12:d0:6f:b5:33:76:d8:1b:c9:a9:95:4f:90:0a:49:c6:35:86:54:70:2a:99:c8:06:c8:ff:81:61:65:e7:a3:98:f5:0f:44:ed:62:85:91:d5:fa:a4:c1:57:8c:c0:f6:cd:f3:68:c9:75:27:cb:3f:d8:ef:89:4e:d3:c1:fd:5c:c7:ac:23:c8:8a:96:04:4d:96:c7:da:e3:7f:20:d1:f2:40:3f:5c:24:bd:21:54:a9:f7:aa:da:36:19:ec:91:33:2a:0c:b5:96:d9" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:26.246863000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495446.246863000", - "frame.time_delta": "0.060174000", - "frame.time_delta_displayed": "0.060174000", - "frame.time_relative": "1854.786177000", - "frame.number": "7401", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002ddb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037a4", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "18447", - "tcp.ack": "89032", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00007096", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a2:0e:a6:00:27:85:73", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812415654, TSecr 2590067": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812415654", - "tcp.options.timestamp.tsecr": "2590067" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7400", - "tcp.analysis.ack_rtt": "0.060174000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:26.506698000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495446.506698000", - "frame.time_delta": "0.259835000", - "frame.time_delta_displayed": "0.259835000", - "frame.time_relative": "1855.046012000", - "frame.number": "7402", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "106", - "ip.id": "0x000096e2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007667", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "54", - "tcp.seq": "89032", - "tcp.nxtseq": "89086", - "tcp.ack": "18447", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000d286", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:85:93:a7:a2:0e:a6", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2590099, TSecr 2812415654": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2590099", - "tcp.options.timestamp.tsecr": "2812415654" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "54", - "tcp.analysis.push_bytes_sent": "54" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:80:b5:e1:62:a2:91:10:48:d5:2a:9b:37:6f:bf:38:fc:28:85:ed:e3:ec:43:53:dc:27:a1:6f:6a:46:f0:82:78:5a:e7:96:e4:a5:4e:f7:d0:21:a8" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:26.567005000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495446.567005000", - "frame.time_delta": "0.060307000", - "frame.time_delta_displayed": "0.060307000", - "frame.time_relative": "1855.106319000", - "frame.number": "7403", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002ddc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037a3", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "18447", - "tcp.ack": "89086", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00006ff0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a2:0e:f6:00:27:85:93", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812415734, TSecr 2590099": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812415734", - "tcp.options.timestamp.tsecr": "2590099" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7402", - "tcp.analysis.ack_rtt": "0.060307000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:27.516551000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495447.516551000", - "frame.time_delta": "0.949546000", - "frame.time_delta_displayed": "0.949546000", - "frame.time_relative": "1856.055865000", - "frame.number": "7404", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x000053ea", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000756d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:27.534815000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495447.534815000", - "frame.time_delta": "0.018264000", - "frame.time_delta_displayed": "0.018264000", - "frame.time_relative": "1856.074129000", - "frame.number": "7405", - "frame.len": "213", - "frame.cap_len": "213", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "199", - "ip.id": "0x000096e3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007609", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "147", - "tcp.seq": "89086", - "tcp.nxtseq": "89233", - "tcp.ack": "18447", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00008fbe", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:85:fa:a7:a2:0e:f6", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2590202, TSecr 2812415734": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2590202", - "tcp.options.timestamp.tsecr": "2812415734" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "147", - "tcp.analysis.push_bytes_sent": "147" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "142", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:81:53:72:a7:1f:38:2d:5c:37:da:f9:69:02:83:f3:4c:e2:18:4f:a7:4b:af:b4:42:a2:bd:23:ab:56:84:9c:52:d4:15:70:d1:50:e7:8f:b8:bb:d6:09:63:1b:f0:46:4e:4d:65:96:f5:e5:8b:66:c8:ae:9d:b6:4c:2e:7a:9f:11:f6:02:45:6f:1b:12:81:56:fc:29:bf:53:16:35:57:d0:f5:3a:f2:b4:48:fd:70:b4:78:2b:53:1a:d9:ea:8f:e5:40:1a:34:a6:96:15:8c:3d:74:86:c4:19:a9:f2:66:c3:4c:73:e6:64:f2:28:f0:61:b1:a4:27:d9:27:ea:68:fb:3f:d9:1a:f9:e7:4b:fd" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:27.569444000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495447.569444000", - "frame.time_delta": "0.034629000", - "frame.time_delta_displayed": "0.034629000", - "frame.time_relative": "1856.108758000", - "frame.number": "7406", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x000053ef", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00007568", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:27.595002000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495447.595002000", - "frame.time_delta": "0.025558000", - "frame.time_delta_displayed": "0.025558000", - "frame.time_relative": "1856.134316000", - "frame.number": "7407", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002ddd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037a2", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "18447", - "tcp.ack": "89233", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00006df5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a2:0f:f7:00:27:85:fa", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812415991, TSecr 2590202": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812415991", - "tcp.options.timestamp.tsecr": "2590202" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7405", - "tcp.analysis.ack_rtt": "0.060187000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:27.622286000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495447.622286000", - "frame.time_delta": "0.027284000", - "frame.time_delta_displayed": "0.027284000", - "frame.time_relative": "1856.161600000", - "frame.number": "7408", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x000053f3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000755b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:27.641639000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495447.641639000", - "frame.time_delta": "0.019353000", - "frame.time_delta_displayed": "0.019353000", - "frame.time_relative": "1856.180953000", - "frame.number": "7409", - "frame.len": "196", - "frame.cap_len": "196", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "182", - "ip.id": "0x000096e4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007619", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "130", - "tcp.seq": "89233", - "tcp.nxtseq": "89363", - "tcp.ack": "18447", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00005503", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:86:05:a7:a2:0f:f7", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2590213, TSecr 2812415991": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2590213", - "tcp.options.timestamp.tsecr": "2812415991" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "130", - "tcp.analysis.push_bytes_sent": "130" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "125", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:82:09:1f:92:47:54:fa:48:24:1a:78:03:ea:3f:e6:b9:17:0d:0f:3c:c1:2e:3d:6c:a9:94:26:dd:bf:42:81:7c:b9:b8:6f:e0:07:f6:bf:ed:8e:a2:58:67:d9:98:f7:9c:ad:16:93:a8:5d:ea:dd:3e:02:ec:f3:cd:3e:b7:24:84:89:8d:35:3d:d7:7d:45:8a:5c:c4:4d:f0:3c:44:33:2e:01:b5:b2:f5:08:9d:94:48:26:62:e1:3b:59:eb:82:2e:36:1e:4a:11:cf:06:ae:13:ab:58:2b:38:ac:82:e0:8d:88:05:44:a3:65:76" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:27.675182000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495447.675182000", - "frame.time_delta": "0.033543000", - "frame.time_delta_displayed": "0.033543000", - "frame.time_relative": "1856.214496000", - "frame.number": "7410", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x000053f8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00007556", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:27.701870000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495447.701870000", - "frame.time_delta": "0.026688000", - "frame.time_delta_displayed": "0.026688000", - "frame.time_relative": "1856.241184000", - "frame.number": "7411", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002dde", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037a1", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "18447", - "tcp.ack": "89363", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00006d4e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a2:10:11:00:27:86:05", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812416017, TSecr 2590213": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812416017", - "tcp.options.timestamp.tsecr": "2590213" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7409", - "tcp.analysis.ack_rtt": "0.060231000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:27.728085000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495447.728085000", - "frame.time_delta": "0.026215000", - "frame.time_delta_displayed": "0.026215000", - "frame.time_relative": "1856.267399000", - "frame.number": "7412", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x000053fc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00007558", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:27.780998000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495447.780998000", - "frame.time_delta": "0.052913000", - "frame.time_delta_displayed": "0.052913000", - "frame.time_relative": "1856.320312000", - "frame.number": "7413", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x00005402", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00007552", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:28.436455000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495448.436455000", - "frame.time_delta": "0.655457000", - "frame.time_delta_displayed": "0.655457000", - "frame.time_relative": "1856.975769000", - "frame.number": "7414", - "frame.len": "1325", - "frame.cap_len": "1325", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1311", - "ip.id": "0x000096e5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000071af", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "1259", - "tcp.seq": "89363", - "tcp.nxtseq": "90622", - "tcp.ack": "18447", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00005f44", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:86:54:a7:a2:10:11", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2590292, TSecr 2812416017": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2590292", - "tcp.options.timestamp.tsecr": "2812416017" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "1259", - "tcp.analysis.push_bytes_sent": "1259" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "1254", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:83:94:27:7a:0a:48:69:f7:27:74:26:ff:db:7e:41:da:0a:6c:35:90:d2:1e:3f:91:4c:6e:34:40:f3:72:b0:74:32:5a:07:53:bf:2d:f3:22:3b:69:96:04:87:2b:b3:19:ec:fc:67:81:07:5b:f2:76:68:d7:bd:20:4b:e6:1b:df:1e:b7:cd:53:b9:35:91:8a:bc:5e:21:1f:94:6c:7a:08:83:d6:d7:6b:10:bf:d8:94:59:e4:3a:5d:cc:6d:87:c8:40:19:ec:84:aa:4b:a3:5c:10:69:d2:19:7d:51:90:5f:2f:b5:93:7d:6c:6b:cc:d2:23:92:47:3e:74:fc:ad:f4:1b:33:a8:92:a7:00:a2:30:5a:20:f6:1f:8f:6a:68:0b:b6:77:54:a2:f7:18:9f:ac:3a:23:be:ef:1f:88:0c:f6:2d:3d:cb:b4:d2:5a:1b:64:f1:c4:d9:8d:e3:e2:93:d0:8b:02:be:49:b1:93:24:1d:10:3b:52:40:3e:45:3d:20:71:21:85:a8:d5:e5:f3:0c:56:1e:e3:ee:04:51:cb:b1:fd:6a:76:b5:bc:87:76:78:56:0c:5b:05:c1:bf:8c:0f:7a:e8:85:4e:31:90:b2:b7:53:fd:a1:5e:ca:05:9c:e9:53:f0:94:90:c0:03:eb:fa:65:b7:8f:c8:82:92:aa:c6:2b:3e:f5:2b:eb:ee:d2:4e:c4:2c:ab:59:8e:db:35:ac:ef:af:d0:53:1a:ec:65:87:8d:24:a6:7f:7e:de:e8:fe:bf:27:a0:9e:de:0c:09:cb:a5:9d:52:2a:f9:1f:df:30:f2:8c:bc:b5:28:a7:bf:2a:a9:4c:ae:a2:be:38:be:45:34:c1:d2:93:32:af:d1:83:c3:9e:8b:96:a5:cd:5c:ed:b3:c5:ef:79:53:fd:e0:46:89:b1:a4:a3:0a:ce:85:7e:81:fc:fd:87:3d:e9:16:d1:46:99:f1:c4:b6:79:e4:80:4e:2f:57:07:bb:8b:36:ec:66:b7:bd:ce:b9:53:82:8e:de:97:38:56:90:9b:22:7c:c7:f0:e8:20:0a:83:3e:76:21:a9:57:0e:cd:f3:8e:b3:69:a7:1d:86:05:40:60:be:71:e7:18:ff:e1:8a:6c:40:7b:e8:a1:76:4a:57:50:7c:a5:fd:46:c3:c2:62:38:11:be:b7:81:ca:fb:e6:21:2d:f7:21:4a:b8:ea:24:ff:cb:7a:27:63:4c:19:19:f3:fd:09:82:cb:ef:cb:77:18:0d:ec:f1:94:36:a0:a4:d0:60:d1:81:a4:d8:09:66:c0:18:73:aa:d6:3e:90:98:e8:4a:5d:38:a2:ee:6c:a0:f9:e4:3a:c5:b9:b2:5a:b4:db:2e:12:4f:1e:35:91:d3:66:1d:6b:24:3e:24:f2:a2:94:3d:b8:7f:18:12:91:e7:7e:0f:29:85:80:ef:98:ca:4b:e7:41:de:3f:43:78:b9:fa:f6:d2:91:f1:96:13:09:bc:c0:88:47:03:43:f6:a8:0d:dc:06:20:ff:bb:fd:d8:e2:dc:93:0d:9a:81:7a:7b:40:99:a7:e3:64:b4:a8:6f:5e:f1:28:46:c2:fc:41:19:8a:42:8f:4a:e9:6c:36:1d:06:eb:4a:7a:98:a8:ed:13:f8:5b:b8:1b:d2:89:de:48:db:8c:6c:1a:a7:05:10:2f:c9:24:3b:c5:e6:36:f3:a5:20:8c:8d:06:be:32:a6:d6:79:ec:06:b1:88:c8:f0:65:a1:30:52:cd:03:34:a5:ac:6f:db:55:eb:e6:56:2f:18:9b:30:c6:16:90:6a:90:a3:60:65:80:86:b0:41:3f:55:bf:af:95:88:73:83:5a:63:36:31:e0:bf:d2:a6:70:d8:80:7e:91:1f:2b:cb:9c:cd:1d:33:7b:0f:5d:8c:2f:64:86:16:ca:92:7f:cf:ea:d6:b3:ee:10:79:43:61:9c:73:74:72:96:bb:5e:20:02:ea:1d:e7:bb:83:1d:aa:78:05:6a:9c:6c:aa:25:9f:a0:52:22:e5:ca:24:96:7f:cc:7e:c3:60:8a:f1:c6:db:25:52:d7:70:40:f9:47:c4:6b:7f:a5:d4:15:0d:17:79:68:1e:bd:07:5e:18:cd:e9:2a:98:27:29:9f:8a:95:e4:2c:16:a1:34:b9:81:5b:a8:d4:65:81:4d:61:c9:47:71:bc:fe:42:de:6a:ee:df:88:62:32:19:a8:27:6f:7c:eb:b0:57:b3:13:b4:f5:27:9f:bf:22:25:3c:14:b9:bd:fe:84:11:1b:fb:20:0d:bb:f2:a3:48:e7:fa:95:ae:67:a7:66:ed:63:d6:a1:ac:91:7a:90:4d:6e:10:0d:db:c9:06:cb:f6:11:e7:3e:7b:59:c7:9c:11:69:a7:dd:1e:73:16:43:31:d9:1e:99:cc:5c:1a:fe:98:5c:23:16:fc:ff:67:73:2c:e2:0e:84:e3:b4:e9:5d:80:be:e5:cc:4a:88:e0:1b:c0:5e:e3:b6:7b:2c:40:55:89:d8:69:6c:39:d3:02:ea:79:15:d9:2f:1f:b3:a2:9f:84:b9:b2:82:5e:5e:05:66:06:85:84:d0:9a:08:3e:b1:3b:ae:ab:ff:fb:6a:12:8d:be:58:c9:4d:a4:50:86:b9:a2:0e:9d:2d:a3:12:d3:1c:f5:9d:66:39:33:29:6b:bd:38:d6:df:12:0a:0e:a6:8b:39:f5:d2:ea:65:94:38:11:40:4c:a6:54:82:e5:22:4c:b4:0b:49:9f:24:02:05:36:de:ca:19:a8:ee:94:43:69:0e:f6:88:e7:b5:09:93:55:a3:a5:3e:c2:7f:d1:19:26:ba:69:41:97:85:e7:16:9e:e8:59:7a:e6:16:db:3f:4e:a7:7a:ef:43:f0:bb:23:bd:c5:bd:cc:41:26:51:1b:3c:17:c1:78:a2:9e:e3:1a:c2:03:09:fa:54:a8:a7:94:71:5c:4b:6c:57:6d:0c:af:a3:ae:78:61:5f:49:c6:69:c2:b1:d6:9c:8a:d1:54:5c:d6:c0:02:97:20:d2:94:04:e0:9d:71:ab:f5:3e:8f:fa:80:ee:4b:cc:99:8d:29:f0:0b:8a:76:4b:b1:34:dd:20:ea:c2:d6:12:35:3f:c4:c3:33:4e:4c:98:6a:a0:41:94:8f:37:f1:e9:48:86:af:9c:26:6a:0c:31:9f:e2:2c:80:bc:73:a8:d7:ef:92:99:9d:45:ad:c3:09:54:e9:05:e4:8a:b7:6c:d4:3e:01:4c:07:e8:74:9d:0c:c6:a7:4f:02:ad:52:77:ff:f1:02:34:d8:db:f2:24:cd:ca:a1:65:43:48:d9:19" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:28.496618000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495448.496618000", - "frame.time_delta": "0.060163000", - "frame.time_delta_displayed": "0.060163000", - "frame.time_relative": "1857.035932000", - "frame.number": "7415", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002ddf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000037a0", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "18447", - "tcp.ack": "90622", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000674d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a2:10:d8:00:27:86:54", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812416216, TSecr 2590292": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812416216", - "tcp.options.timestamp.tsecr": "2590292" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7414", - "tcp.analysis.ack_rtt": "0.060163000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:28.851181000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495448.851181000", - "frame.time_delta": "0.354563000", - "frame.time_delta_displayed": "0.354563000", - "frame.time_relative": "1857.390495000", - "frame.number": "7416", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "3c:ef:8c:6f:79:5a", - "eth.src_tree": { - "eth.src_resolved": "Zhejiang_6f:79:5a", - "eth.addr": "3c:ef:8c:6f:79:5a", - "eth.addr_resolved": "Zhejiang_6f:79:5a", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.isgratuitous": "1", - "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", - "arp.src.proto_ipv4": "192.168.0.71", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.71" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:30.170107000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495450.170107000", - "frame.time_delta": "1.318926000", - "frame.time_delta_displayed": "1.318926000", - "frame.time_relative": "1858.709421000", - "frame.number": "7417", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "60:57:18:8e:aa:94", - "arp.src.proto_ipv4": "192.168.0.108", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:30.431522000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495450.431522000", - "frame.time_delta": "0.261415000", - "frame.time_delta_displayed": "0.261415000", - "frame.time_relative": "1858.970836000", - "frame.number": "7418", - "frame.len": "168", - "frame.cap_len": "168", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "154", - "ip.id": "0x00002119", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e72b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "52117", - "udp.dstport": "1900", - "udp.port": "52117", - "udp.port": "1900", - "udp.length": "134", - "udp.checksum": "0x00004d48", - "udp.checksum.status": "2", - "udp.stream": "10" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "16", - "http.prev_request_in": "6036" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:30.834701000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495450.834701000", - "frame.time_delta": "0.403179000", - "frame.time_delta_displayed": "0.403179000", - "frame.time_relative": "1859.374015000", - "frame.number": "7419", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000691a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00004e31", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "305", - "udp.checksum": "0x0000f985", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "91", - "http.prev_response_in": "6098" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:30.837522000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495450.837522000", - "frame.time_delta": "0.002821000", - "frame.time_delta_displayed": "0.002821000", - "frame.time_relative": "1859.376836000", - "frame.number": "7420", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001bf7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005c70", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54738", - "tcp.dstport": "80", - "tcp.port": "54738", - "tcp.port": "80", - "tcp.stream": "293", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x000089a0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:30.838081000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495450.838081000", - "frame.time_delta": "0.000559000", - "frame.time_delta_displayed": "0.000559000", - "frame.time_relative": "1859.377395000", - "frame.number": "7421", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54738", - "tcp.port": "80", - "tcp.port": "54738", - "tcp.stream": "293", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000ec60", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7420", - "tcp.analysis.ack_rtt": "0.000559000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:30.845419000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495450.845419000", - "frame.time_delta": "0.007338000", - "frame.time_delta_displayed": "0.007338000", - "frame.time_relative": "1859.384733000", - "frame.number": "7422", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001bf8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005c7b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54738", - "tcp.dstport": "80", - "tcp.port": "54738", - "tcp.port": "80", - "tcp.stream": "293", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00009e3f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7421", - "tcp.analysis.ack_rtt": "0.007338000", - "tcp.analysis.initial_rtt": "0.007897000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:30.846003000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495450.846003000", - "frame.time_delta": "0.000584000", - "frame.time_delta_displayed": "0.000584000", - "frame.time_relative": "1859.385317000", - "frame.number": "7423", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001bf9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005bd3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54738", - "tcp.dstport": "80", - "tcp.port": "54738", - "tcp.port": "80", - "tcp.stream": "293", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000b3b8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.007897000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:30.846482000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495450.846482000", - "frame.time_delta": "0.000479000", - "frame.time_delta_displayed": "0.000479000", - "frame.time_relative": "1859.385796000", - "frame.number": "7424", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000b52", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ad21", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54738", - "tcp.port": "80", - "tcp.port": "54738", - "tcp.stream": "293", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00008fd0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7423", - "tcp.analysis.ack_rtt": "0.000479000", - "tcp.analysis.initial_rtt": "0.007897000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:30.847126000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495450.847126000", - "frame.time_delta": "0.000644000", - "frame.time_delta_displayed": "0.000644000", - "frame.time_relative": "1859.386440000", - "frame.number": "7425", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00000b53", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ad0f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54738", - "tcp.port": "80", - "tcp.port": "54738", - "tcp.stream": "293", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000cff1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.007897000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:30.847479000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495450.847479000", - "frame.time_delta": "0.000353000", - "frame.time_delta_displayed": "0.000353000", - "frame.time_relative": "1859.386793000", - "frame.number": "7426", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00000b54", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a93c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54738", - "tcp.port": "80", - "tcp.port": "54738", - "tcp.stream": "293", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000225b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.007897000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "7425", - "tcp.segment": "7426", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001476000", - "http.request_in": "7423", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:30.850310000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495450.850310000", - "frame.time_delta": "0.002831000", - "frame.time_delta_displayed": "0.002831000", - "frame.time_relative": "1859.389624000", - "frame.number": "7427", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001bfa", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005c79", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54738", - "tcp.dstport": "80", - "tcp.port": "54738", - "tcp.port": "80", - "tcp.stream": "293", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000099a7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7426", - "tcp.analysis.ack_rtt": "0.002831000", - "tcp.analysis.initial_rtt": "0.007897000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:30.851445000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495450.851445000", - "frame.time_delta": "0.001135000", - "frame.time_delta_displayed": "0.001135000", - "frame.time_relative": "1859.390759000", - "frame.number": "7428", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001bfb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005c78", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54738", - "tcp.dstport": "80", - "tcp.port": "54738", - "tcp.port": "80", - "tcp.stream": "293", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000099a6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:30.851899000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495450.851899000", - "frame.time_delta": "0.000454000", - "frame.time_delta_displayed": "0.000454000", - "frame.time_relative": "1859.391213000", - "frame.number": "7429", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00003b53", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007d20", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54738", - "tcp.port": "80", - "tcp.port": "54738", - "tcp.stream": "293", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00008bda", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7428", - "tcp.analysis.ack_rtt": "0.000454000", - "tcp.analysis.initial_rtt": "0.007897000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:30.887674000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495450.887674000", - "frame.time_delta": "0.035775000", - "frame.time_delta_displayed": "0.035775000", - "frame.time_relative": "1859.426988000", - "frame.number": "7430", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000691c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00004e26", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "314", - "udp.checksum": "0x00000771", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "92", - "http.prev_response_in": "7419" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:30.894709000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495450.894709000", - "frame.time_delta": "0.007035000", - "frame.time_delta_displayed": "0.007035000", - "frame.time_relative": "1859.434023000", - "frame.number": "7431", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001bfc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005c6b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54739", - "tcp.dstport": "80", - "tcp.port": "54739", - "tcp.port": "80", - "tcp.stream": "294", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x00008a61", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:30.895252000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495450.895252000", - "frame.time_delta": "0.000543000", - "frame.time_delta_displayed": "0.000543000", - "frame.time_relative": "1859.434566000", - "frame.number": "7432", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54739", - "tcp.port": "80", - "tcp.port": "54739", - "tcp.stream": "294", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000576a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7431", - "tcp.analysis.ack_rtt": "0.000543000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:30.897554000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495450.897554000", - "frame.time_delta": "0.002302000", - "frame.time_delta_displayed": "0.002302000", - "frame.time_relative": "1859.436868000", - "frame.number": "7433", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001bfd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005c76", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54739", - "tcp.dstport": "80", - "tcp.port": "54739", - "tcp.port": "80", - "tcp.stream": "294", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00000949", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7432", - "tcp.analysis.ack_rtt": "0.002302000", - "tcp.analysis.initial_rtt": "0.002845000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:30.898131000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495450.898131000", - "frame.time_delta": "0.000577000", - "frame.time_delta_displayed": "0.000577000", - "frame.time_relative": "1859.437445000", - "frame.number": "7434", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001bfe", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005bce", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54739", - "tcp.dstport": "80", - "tcp.port": "54739", - "tcp.port": "80", - "tcp.stream": "294", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00001ec2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002845000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:30.898731000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495450.898731000", - "frame.time_delta": "0.000600000", - "frame.time_delta_displayed": "0.000600000", - "frame.time_relative": "1859.438045000", - "frame.number": "7435", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00008bc9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00002caa", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54739", - "tcp.port": "80", - "tcp.port": "54739", - "tcp.stream": "294", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000fad9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7434", - "tcp.analysis.ack_rtt": "0.000600000", - "tcp.analysis.initial_rtt": "0.002845000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:30.899304000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495450.899304000", - "frame.time_delta": "0.000573000", - "frame.time_delta_displayed": "0.000573000", - "frame.time_relative": "1859.438618000", - "frame.number": "7436", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00008bca", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00002c98", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54739", - "tcp.port": "80", - "tcp.port": "54739", - "tcp.stream": "294", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00003afb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002845000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:30.899651000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495450.899651000", - "frame.time_delta": "0.000347000", - "frame.time_delta_displayed": "0.000347000", - "frame.time_relative": "1859.438965000", - "frame.number": "7437", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00008bcb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000028c5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54739", - "tcp.port": "80", - "tcp.port": "54739", - "tcp.stream": "294", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00008d64", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002845000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "7436", - "tcp.segment": "7437", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001520000", - "http.request_in": "7434", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:30.901575000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495450.901575000", - "frame.time_delta": "0.001924000", - "frame.time_delta_displayed": "0.001924000", - "frame.time_relative": "1859.440889000", - "frame.number": "7438", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001bff", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005c74", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54739", - "tcp.dstport": "80", - "tcp.port": "54739", - "tcp.port": "80", - "tcp.stream": "294", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000004b1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7437", - "tcp.analysis.ack_rtt": "0.001924000", - "tcp.analysis.initial_rtt": "0.002845000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:30.902132000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495450.902132000", - "frame.time_delta": "0.000557000", - "frame.time_delta_displayed": "0.000557000", - "frame.time_relative": "1859.441446000", - "frame.number": "7439", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001c00", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005c73", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54739", - "tcp.dstport": "80", - "tcp.port": "54739", - "tcp.port": "80", - "tcp.stream": "294", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000004b0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:30.902582000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495450.902582000", - "frame.time_delta": "0.000450000", - "frame.time_delta_displayed": "0.000450000", - "frame.time_relative": "1859.441896000", - "frame.number": "7440", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00003b55", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007d1e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54739", - "tcp.port": "80", - "tcp.port": "54739", - "tcp.stream": "294", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000f6e3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7439", - "tcp.analysis.ack_rtt": "0.000450000", - "tcp.analysis.initial_rtt": "0.002845000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:30.941898000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495450.941898000", - "frame.time_delta": "0.039316000", - "frame.time_delta_displayed": "0.039316000", - "frame.time_relative": "1859.481212000", - "frame.number": "7441", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000691e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00004e2a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "308", - "udp.checksum": "0x00002afb", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "93", - "http.prev_response_in": "7430" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:30.952853000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495450.952853000", - "frame.time_delta": "0.010955000", - "frame.time_delta_displayed": "0.010955000", - "frame.time_relative": "1859.492167000", - "frame.number": "7442", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001c01", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005c66", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54741", - "tcp.dstport": "80", - "tcp.port": "54741", - "tcp.port": "80", - "tcp.stream": "295", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x0000a3af", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:30.953407000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495450.953407000", - "frame.time_delta": "0.000554000", - "frame.time_delta_displayed": "0.000554000", - "frame.time_relative": "1859.492721000", - "frame.number": "7443", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54741", - "tcp.port": "80", - "tcp.port": "54741", - "tcp.stream": "295", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000ec74", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7442", - "tcp.analysis.ack_rtt": "0.000554000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:30.956271000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495450.956271000", - "frame.time_delta": "0.002864000", - "frame.time_delta_displayed": "0.002864000", - "frame.time_relative": "1859.495585000", - "frame.number": "7444", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001c02", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005c71", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54741", - "tcp.dstport": "80", - "tcp.port": "54741", - "tcp.port": "80", - "tcp.stream": "295", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00009e53", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7443", - "tcp.analysis.ack_rtt": "0.002864000", - "tcp.analysis.initial_rtt": "0.003418000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:30.956876000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495450.956876000", - "frame.time_delta": "0.000605000", - "frame.time_delta_displayed": "0.000605000", - "frame.time_relative": "1859.496190000", - "frame.number": "7445", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001c03", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005bc9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54741", - "tcp.dstport": "80", - "tcp.port": "54741", - "tcp.port": "80", - "tcp.stream": "295", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000b3cc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003418000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:30.957350000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495450.957350000", - "frame.time_delta": "0.000474000", - "frame.time_delta_displayed": "0.000474000", - "frame.time_relative": "1859.496664000", - "frame.number": "7446", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001ab7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009dbc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54741", - "tcp.port": "80", - "tcp.port": "54741", - "tcp.stream": "295", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00008fe4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7445", - "tcp.analysis.ack_rtt": "0.000474000", - "tcp.analysis.initial_rtt": "0.003418000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:30.958009000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495450.958009000", - "frame.time_delta": "0.000659000", - "frame.time_delta_displayed": "0.000659000", - "frame.time_relative": "1859.497323000", - "frame.number": "7447", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00001ab8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009daa", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54741", - "tcp.port": "80", - "tcp.port": "54741", - "tcp.stream": "295", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000d005", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003418000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:30.958389000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495450.958389000", - "frame.time_delta": "0.000380000", - "frame.time_delta_displayed": "0.000380000", - "frame.time_relative": "1859.497703000", - "frame.number": "7448", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00001ab9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000099d7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54741", - "tcp.port": "80", - "tcp.port": "54741", - "tcp.stream": "295", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000226f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003418000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "7447", - "tcp.segment": "7448", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001513000", - "http.request_in": "7445", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:30.958703000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495450.958703000", - "frame.time_delta": "0.000314000", - "frame.time_delta_displayed": "0.000314000", - "frame.time_relative": "1859.498017000", - "frame.number": "7449", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00001aba", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000099d6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54741", - "tcp.port": "80", - "tcp.port": "54741", - "tcp.stream": "295", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000226f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003418000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.out_of_order": "", - "_ws.expert.message": "This frame is a (suspected) out-of-order segment", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - } - } - }, - "_ws.malformed": { - "_ws.expert": { - "_ws.malformed.reassembly": "", - "_ws.expert.message": "New fragment overlaps old data (retransmission?)", - "_ws.expert.severity": "8388608", - "_ws.expert.group": "117440512" - }, - "_ws.malformed": "Malformed Packet" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:30.961723000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495450.961723000", - "frame.time_delta": "0.003020000", - "frame.time_delta_displayed": "0.003020000", - "frame.time_relative": "1859.501037000", - "frame.number": "7450", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001c04", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005c6f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54741", - "tcp.dstport": "80", - "tcp.port": "54741", - "tcp.port": "80", - "tcp.stream": "295", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000099bb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7448", - "tcp.analysis.ack_rtt": "0.003334000", - "tcp.analysis.initial_rtt": "0.003418000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:30.962332000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495450.962332000", - "frame.time_delta": "0.000609000", - "frame.time_delta_displayed": "0.000609000", - "frame.time_relative": "1859.501646000", - "frame.number": "7451", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001c05", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005c6e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54741", - "tcp.dstport": "80", - "tcp.port": "54741", - "tcp.port": "80", - "tcp.stream": "295", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000099ba", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:30.962760000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495450.962760000", - "frame.time_delta": "0.000428000", - "frame.time_delta_displayed": "0.000428000", - "frame.time_relative": "1859.502074000", - "frame.number": "7452", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00003b59", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007d1a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54741", - "tcp.port": "80", - "tcp.port": "54741", - "tcp.stream": "295", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00008bee", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7451", - "tcp.analysis.ack_rtt": "0.000428000", - "tcp.analysis.initial_rtt": "0.003418000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:30.962996000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495450.962996000", - "frame.time_delta": "0.000236000", - "frame.time_delta_displayed": "0.000236000", - "frame.time_relative": "1859.502310000", - "frame.number": "7453", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001c06", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005c61", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54741", - "tcp.dstport": "80", - "tcp.port": "54741", - "tcp.port": "80", - "tcp.stream": "295", - "tcp.len": "0", - "tcp.seq": "169", - "tcp.ack": "1014", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000df7d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:05:0a:ec:55:53:cb:ec:55:57:ae", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "SACK: 18-1013": { - "tcp.option_kind": "5", - "tcp.option_len": "10", - "tcp.options.sack": "1", - "tcp.options.sack_le": "18", - "tcp.options.sack_re": "1013", - "tcp.options.sack.count": "1" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003418000", - "tcp.analysis.flags": { - "tcp.analysis.duplicate_ack": "" - }, - "tcp.analysis.duplicate_ack_num": "1", - "tcp.analysis.duplicate_ack_frame": "7450", - "tcp.analysis.duplicate_ack_frame_tree": { - "_ws.expert": { - "tcp.analysis.duplicate_ack": "", - "_ws.expert.message": "Duplicate ACK (#1)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:31.679564000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495451.679564000", - "frame.time_delta": "0.716568000", - "frame.time_delta_displayed": "0.716568000", - "frame.time_relative": "1860.218878000", - "frame.number": "7454", - "frame.len": "20", - "frame.cap_len": "20", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:llc" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.len": "6" - }, - "llc": { - "llc.dsap": "0x00000000", - "llc.dsap_tree": { - "llc.dsap.sap": "0", - "llc.dsap.ig": "0" - }, - "llc.ssap": "0x00000001", - "llc.ssap_tree": { - "llc.ssap.sap": "0", - "llc.ssap.cr": "1" - }, - "llc.control": "0x000000af", - "llc.control_tree": { - "llc.control.u_modifier_resp": "0x0000002b", - "llc.control.ftype": "0x00000003" - } - }, - "basicxid": { - "basicxid.llc.xid.format": "0x00000081", - "basicxid.llc.xid.types": "0x00000001", - "basicxid.llc.xid.wsize": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:31.888953000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495451.888953000", - "frame.time_delta": "0.209389000", - "frame.time_delta_displayed": "0.209389000", - "frame.time_relative": "1860.428267000", - "frame.number": "7455", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00006972", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00004dd9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "305", - "udp.checksum": "0x0000f985", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "94", - "http.prev_response_in": "7441" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:31.893693000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495451.893693000", - "frame.time_delta": "0.004740000", - "frame.time_delta_displayed": "0.004740000", - "frame.time_relative": "1860.433007000", - "frame.number": "7456", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001c07", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005c60", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54742", - "tcp.dstport": "80", - "tcp.port": "54742", - "tcp.port": "80", - "tcp.stream": "296", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x0000e42a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:31.894258000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495451.894258000", - "frame.time_delta": "0.000565000", - "frame.time_delta_displayed": "0.000565000", - "frame.time_relative": "1860.433572000", - "frame.number": "7457", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54742", - "tcp.port": "80", - "tcp.port": "54742", - "tcp.stream": "296", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00004ed7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7456", - "tcp.analysis.ack_rtt": "0.000565000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:31.897160000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495451.897160000", - "frame.time_delta": "0.002902000", - "frame.time_delta_displayed": "0.002902000", - "frame.time_relative": "1860.436474000", - "frame.number": "7458", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001c08", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005c6b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54742", - "tcp.dstport": "80", - "tcp.port": "54742", - "tcp.port": "80", - "tcp.stream": "296", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000000b6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7457", - "tcp.analysis.ack_rtt": "0.002902000", - "tcp.analysis.initial_rtt": "0.003467000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:31.897856000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495451.897856000", - "frame.time_delta": "0.000696000", - "frame.time_delta_displayed": "0.000696000", - "frame.time_relative": "1860.437170000", - "frame.number": "7459", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001c09", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005bc3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54742", - "tcp.dstport": "80", - "tcp.port": "54742", - "tcp.port": "80", - "tcp.stream": "296", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000162f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003467000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:31.898333000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495451.898333000", - "frame.time_delta": "0.000477000", - "frame.time_delta_displayed": "0.000477000", - "frame.time_relative": "1860.437647000", - "frame.number": "7460", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000089f3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00002e80", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54742", - "tcp.port": "80", - "tcp.port": "54742", - "tcp.stream": "296", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000f246", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7459", - "tcp.analysis.ack_rtt": "0.000477000", - "tcp.analysis.initial_rtt": "0.003467000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:31.899081000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495451.899081000", - "frame.time_delta": "0.000748000", - "frame.time_delta_displayed": "0.000748000", - "frame.time_relative": "1860.438395000", - "frame.number": "7461", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x000089f4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00002e6e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54742", - "tcp.port": "80", - "tcp.port": "54742", - "tcp.stream": "296", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00003268", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003467000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:31.899490000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495451.899490000", - "frame.time_delta": "0.000409000", - "frame.time_delta_displayed": "0.000409000", - "frame.time_relative": "1860.438804000", - "frame.number": "7462", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x000089f5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00002a9b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54742", - "tcp.port": "80", - "tcp.port": "54742", - "tcp.stream": "296", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000084d1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003467000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "7461", - "tcp.segment": "7462", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001634000", - "http.request_in": "7459", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:31.902102000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495451.902102000", - "frame.time_delta": "0.002612000", - "frame.time_delta_displayed": "0.002612000", - "frame.time_relative": "1860.441416000", - "frame.number": "7463", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001c0a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005c69", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54742", - "tcp.dstport": "80", - "tcp.port": "54742", - "tcp.port": "80", - "tcp.stream": "296", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000fc1d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7462", - "tcp.analysis.ack_rtt": "0.002612000", - "tcp.analysis.initial_rtt": "0.003467000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:31.902627000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495451.902627000", - "frame.time_delta": "0.000525000", - "frame.time_delta_displayed": "0.000525000", - "frame.time_relative": "1860.441941000", - "frame.number": "7464", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001c0b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005c68", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54742", - "tcp.dstport": "80", - "tcp.port": "54742", - "tcp.port": "80", - "tcp.stream": "296", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000fc1c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:31.903073000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495451.903073000", - "frame.time_delta": "0.000446000", - "frame.time_delta_displayed": "0.000446000", - "frame.time_relative": "1860.442387000", - "frame.number": "7465", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00003b81", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007cf2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54742", - "tcp.port": "80", - "tcp.port": "54742", - "tcp.stream": "296", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000ee50", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7464", - "tcp.analysis.ack_rtt": "0.000446000", - "tcp.analysis.initial_rtt": "0.003467000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:31.924242000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495451.924242000", - "frame.time_delta": "0.021169000", - "frame.time_delta_displayed": "0.021169000", - "frame.time_relative": "1860.463556000", - "frame.number": "7466", - "frame.len": "350", - "frame.cap_len": "350", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:bootp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "336", - "ip.id": "0x00000000", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ba9d", - "ip.checksum.status": "2", - "ip.src": "0.0.0.0", - "ip.addr": "0.0.0.0", - "ip.src_host": "0.0.0.0", - "ip.host": "0.0.0.0", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "68", - "udp.dstport": "67", - "udp.port": "68", - "udp.port": "67", - "udp.length": "316", - "udp.checksum": "0x00004f9e", - "udp.checksum.status": "2", - "udp.stream": "3" - }, - "bootp": { - "bootp.type": "1", - "bootp.hw.type": "0x00000001", - "bootp.hw.len": "6", - "bootp.hops": "0", - "bootp.id": "0xabcd0001", - "bootp.secs": "0", - "bootp.flags": "0x00000000", - "bootp.flags_tree": { - "bootp.flags.bc": "0", - "bootp.flags.reserved": "0x00000000" - }, - "bootp.ip.client": "0.0.0.0", - "bootp.ip.your": "0.0.0.0", - "bootp.ip.server": "0.0.0.0", - "bootp.ip.relay": "0.0.0.0", - "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", - "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", - "bootp.server": "", - "bootp.file": "", - "bootp.dhcp": "1", - "bootp.cookie": "99.130.83.99", - "bootp.option.type": "53", - "bootp.option.type_tree": { - "bootp.option.length": "1", - "bootp.option.value": "01", - "bootp.option.dhcp": "1" - }, - "bootp.option.type": "12", - "bootp.option.type_tree": { - "bootp.option.length": "14", - "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", - "bootp.option.hostname": "USR-WIFI232-G2" - }, - "bootp.option.type": "57", - "bootp.option.type_tree": { - "bootp.option.length": "2", - "bootp.option.value": "05:dc", - "bootp.option.dhcp_max_message_size": "1500" - }, - "bootp.option.type": "55", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "01:03:1c:06", - "bootp.option.request_list_item": "1", - "bootp.option.request_list_item": "3", - "bootp.option.request_list_item": "28", - "bootp.option.request_list_item": "6" - }, - "bootp.option.type": "0", - "bootp.option.type_tree": { - "bootp.option.end": "255" - }, - "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:31.942057000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495451.942057000", - "frame.time_delta": "0.017815000", - "frame.time_delta_displayed": "0.017815000", - "frame.time_relative": "1860.481371000", - "frame.number": "7467", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00006977", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00004dcb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "314", - "udp.checksum": "0x00000771", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "95", - "http.prev_response_in": "7455" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:31.946642000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495451.946642000", - "frame.time_delta": "0.004585000", - "frame.time_delta_displayed": "0.004585000", - "frame.time_relative": "1860.485956000", - "frame.number": "7468", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001c0c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005c5b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54743", - "tcp.dstport": "80", - "tcp.port": "54743", - "tcp.port": "80", - "tcp.stream": "297", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x00002a8d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:31.947176000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495451.947176000", - "frame.time_delta": "0.000534000", - "frame.time_delta_displayed": "0.000534000", - "frame.time_relative": "1860.486490000", - "frame.number": "7469", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54743", - "tcp.port": "80", - "tcp.port": "54743", - "tcp.stream": "297", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00006ddc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7468", - "tcp.analysis.ack_rtt": "0.000534000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:31.949946000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495451.949946000", - "frame.time_delta": "0.002770000", - "frame.time_delta_displayed": "0.002770000", - "frame.time_relative": "1860.489260000", - "frame.number": "7470", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001c0d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005c66", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54743", - "tcp.dstport": "80", - "tcp.port": "54743", - "tcp.port": "80", - "tcp.stream": "297", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00001fbb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7469", - "tcp.analysis.ack_rtt": "0.002770000", - "tcp.analysis.initial_rtt": "0.003304000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:31.950599000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495451.950599000", - "frame.time_delta": "0.000653000", - "frame.time_delta_displayed": "0.000653000", - "frame.time_relative": "1860.489913000", - "frame.number": "7471", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001c0e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005bbe", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54743", - "tcp.dstport": "80", - "tcp.port": "54743", - "tcp.port": "80", - "tcp.stream": "297", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00003534", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003304000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:31.951081000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495451.951081000", - "frame.time_delta": "0.000482000", - "frame.time_delta_displayed": "0.000482000", - "frame.time_relative": "1860.490395000", - "frame.number": "7472", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005d11", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005b62", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54743", - "tcp.port": "80", - "tcp.port": "54743", - "tcp.stream": "297", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000114c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7471", - "tcp.analysis.ack_rtt": "0.000482000", - "tcp.analysis.initial_rtt": "0.003304000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:31.951724000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495451.951724000", - "frame.time_delta": "0.000643000", - "frame.time_delta_displayed": "0.000643000", - "frame.time_relative": "1860.491038000", - "frame.number": "7473", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00005d12", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005b50", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54743", - "tcp.port": "80", - "tcp.port": "54743", - "tcp.stream": "297", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000516d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003304000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:31.952077000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495451.952077000", - "frame.time_delta": "0.000353000", - "frame.time_delta_displayed": "0.000353000", - "frame.time_relative": "1860.491391000", - "frame.number": "7474", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00005d13", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000577d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54743", - "tcp.port": "80", - "tcp.port": "54743", - "tcp.stream": "297", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000a3d6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003304000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "7473", - "tcp.segment": "7474", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001478000", - "http.request_in": "7471", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:31.956135000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495451.956135000", - "frame.time_delta": "0.004058000", - "frame.time_delta_displayed": "0.004058000", - "frame.time_relative": "1860.495449000", - "frame.number": "7475", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001c0f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005c64", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54743", - "tcp.dstport": "80", - "tcp.port": "54743", - "tcp.port": "80", - "tcp.stream": "297", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00001b23", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7474", - "tcp.analysis.ack_rtt": "0.004058000", - "tcp.analysis.initial_rtt": "0.003304000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:31.956795000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495451.956795000", - "frame.time_delta": "0.000660000", - "frame.time_delta_displayed": "0.000660000", - "frame.time_relative": "1860.496109000", - "frame.number": "7476", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001c10", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005c63", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54743", - "tcp.dstport": "80", - "tcp.port": "54743", - "tcp.port": "80", - "tcp.stream": "297", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00001b22", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:31.957227000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495451.957227000", - "frame.time_delta": "0.000432000", - "frame.time_delta_displayed": "0.000432000", - "frame.time_relative": "1860.496541000", - "frame.number": "7477", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00003b83", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007cf0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54743", - "tcp.port": "80", - "tcp.port": "54743", - "tcp.stream": "297", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00000d56", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7476", - "tcp.analysis.ack_rtt": "0.000432000", - "tcp.analysis.initial_rtt": "0.003304000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:31.971414000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495451.971414000", - "frame.time_delta": "0.014187000", - "frame.time_delta_displayed": "0.014187000", - "frame.time_relative": "1860.510728000", - "frame.number": "7478", - "frame.len": "350", - "frame.cap_len": "350", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:bootp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "336", - "ip.id": "0x00000001", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ba9c", - "ip.checksum.status": "2", - "ip.src": "0.0.0.0", - "ip.addr": "0.0.0.0", - "ip.src_host": "0.0.0.0", - "ip.host": "0.0.0.0", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "68", - "udp.dstport": "67", - "udp.port": "68", - "udp.port": "67", - "udp.length": "316", - "udp.checksum": "0x000080b3", - "udp.checksum.status": "2", - "udp.stream": "3" - }, - "bootp": { - "bootp.type": "1", - "bootp.hw.type": "0x00000001", - "bootp.hw.len": "6", - "bootp.hops": "0", - "bootp.id": "0xabcd0002", - "bootp.secs": "0", - "bootp.flags": "0x00000000", - "bootp.flags_tree": { - "bootp.flags.bc": "0", - "bootp.flags.reserved": "0x00000000" - }, - "bootp.ip.client": "0.0.0.0", - "bootp.ip.your": "0.0.0.0", - "bootp.ip.server": "0.0.0.0", - "bootp.ip.relay": "0.0.0.0", - "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", - "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", - "bootp.server": "", - "bootp.file": "", - "bootp.dhcp": "1", - "bootp.cookie": "99.130.83.99", - "bootp.option.type": "53", - "bootp.option.type_tree": { - "bootp.option.length": "1", - "bootp.option.value": "03", - "bootp.option.dhcp": "3" - }, - "bootp.option.type": "12", - "bootp.option.type_tree": { - "bootp.option.length": "14", - "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", - "bootp.option.hostname": "USR-WIFI232-G2" - }, - "bootp.option.type": "57", - "bootp.option.type_tree": { - "bootp.option.length": "2", - "bootp.option.value": "05:dc", - "bootp.option.dhcp_max_message_size": "1500" - }, - "bootp.option.type": "50", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "c0:a8:00:72", - "bootp.option.requested_ip_address": "192.168.0.114" - }, - "bootp.option.type": "54", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "c0:a8:00:01", - "bootp.option.dhcp_server_id": "192.168.0.1" - }, - "bootp.option.type": "55", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "01:03:1c:06", - "bootp.option.request_list_item": "1", - "bootp.option.request_list_item": "3", - "bootp.option.request_list_item": "28", - "bootp.option.request_list_item": "6" - }, - "bootp.option.type": "0", - "bootp.option.type_tree": { - "bootp.option.end": "255" - }, - "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:31.986353000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495451.986353000", - "frame.time_delta": "0.014939000", - "frame.time_delta_displayed": "0.014939000", - "frame.time_relative": "1860.525667000", - "frame.number": "7479", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", - "arp.src.proto_ipv4": "0.0.0.0", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.114" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:31.995003000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495451.995003000", - "frame.time_delta": "0.008650000", - "frame.time_delta_displayed": "0.008650000", - "frame.time_relative": "1860.534317000", - "frame.number": "7480", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000697c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00004dcc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "308", - "udp.checksum": "0x00002afb", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "96", - "http.prev_response_in": "7467" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:31.999841000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495451.999841000", - "frame.time_delta": "0.004838000", - "frame.time_delta_displayed": "0.004838000", - "frame.time_relative": "1860.539155000", - "frame.number": "7481", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001c11", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005c56", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54744", - "tcp.dstport": "80", - "tcp.port": "54744", - "tcp.port": "80", - "tcp.stream": "298", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x0000137c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:32.000379000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495452.000379000", - "frame.time_delta": "0.000538000", - "frame.time_delta_displayed": "0.000538000", - "frame.time_relative": "1860.539693000", - "frame.number": "7482", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54744", - "tcp.port": "80", - "tcp.port": "54744", - "tcp.stream": "298", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000865a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7481", - "tcp.analysis.ack_rtt": "0.000538000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:32.003161000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495452.003161000", - "frame.time_delta": "0.002782000", - "frame.time_delta_displayed": "0.002782000", - "frame.time_relative": "1860.542475000", - "frame.number": "7483", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001c12", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005c61", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54744", - "tcp.dstport": "80", - "tcp.port": "54744", - "tcp.port": "80", - "tcp.stream": "298", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00003839", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7482", - "tcp.analysis.ack_rtt": "0.002782000", - "tcp.analysis.initial_rtt": "0.003320000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:32.003758000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495452.003758000", - "frame.time_delta": "0.000597000", - "frame.time_delta_displayed": "0.000597000", - "frame.time_relative": "1860.543072000", - "frame.number": "7484", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001c13", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005bb9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54744", - "tcp.dstport": "80", - "tcp.port": "54744", - "tcp.port": "80", - "tcp.stream": "298", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00004db2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003320000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:32.004278000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495452.004278000", - "frame.time_delta": "0.000520000", - "frame.time_delta_displayed": "0.000520000", - "frame.time_relative": "1860.543592000", - "frame.number": "7485", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00006731", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005142", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54744", - "tcp.port": "80", - "tcp.port": "54744", - "tcp.stream": "298", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000029ca", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7484", - "tcp.analysis.ack_rtt": "0.000520000", - "tcp.analysis.initial_rtt": "0.003320000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:32.004847000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495452.004847000", - "frame.time_delta": "0.000569000", - "frame.time_delta_displayed": "0.000569000", - "frame.time_relative": "1860.544161000", - "frame.number": "7486", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00006732", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005130", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54744", - "tcp.port": "80", - "tcp.port": "54744", - "tcp.stream": "298", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000069eb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003320000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:32.005199000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495452.005199000", - "frame.time_delta": "0.000352000", - "frame.time_delta_displayed": "0.000352000", - "frame.time_relative": "1860.544513000", - "frame.number": "7487", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00006733", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004d5d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54744", - "tcp.port": "80", - "tcp.port": "54744", - "tcp.stream": "298", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000bc54", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003320000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "7486", - "tcp.segment": "7487", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001441000", - "http.request_in": "7484", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:32.007378000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495452.007378000", - "frame.time_delta": "0.002179000", - "frame.time_delta_displayed": "0.002179000", - "frame.time_relative": "1860.546692000", - "frame.number": "7488", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001c14", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005c5f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54744", - "tcp.dstport": "80", - "tcp.port": "54744", - "tcp.port": "80", - "tcp.stream": "298", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000033a1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7487", - "tcp.analysis.ack_rtt": "0.002179000", - "tcp.analysis.initial_rtt": "0.003320000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:32.008033000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495452.008033000", - "frame.time_delta": "0.000655000", - "frame.time_delta_displayed": "0.000655000", - "frame.time_relative": "1860.547347000", - "frame.number": "7489", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001c15", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005c5e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54744", - "tcp.dstport": "80", - "tcp.port": "54744", - "tcp.port": "80", - "tcp.stream": "298", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000033a0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:32.008479000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495452.008479000", - "frame.time_delta": "0.000446000", - "frame.time_delta_displayed": "0.000446000", - "frame.time_relative": "1860.547793000", - "frame.number": "7490", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00003b85", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007cee", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54744", - "tcp.port": "80", - "tcp.port": "54744", - "tcp.stream": "298", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000025d4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7489", - "tcp.analysis.ack_rtt": "0.000446000", - "tcp.analysis.initial_rtt": "0.003320000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:32.039183000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495452.039183000", - "frame.time_delta": "0.030704000", - "frame.time_delta_displayed": "0.030704000", - "frame.time_relative": "1860.578497000", - "frame.number": "7491", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", - "arp.src.proto_ipv4": "0.0.0.0", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.114" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:34.459278000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495454.459278000", - "frame.time_delta": "2.420095000", - "frame.time_delta_displayed": "2.420095000", - "frame.time_relative": "1862.998592000", - "frame.number": "7492", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005823", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a66e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "5117", - "tcp.ack": "649", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f03a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive": "", - "_ws.expert.message": "TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:34.603618000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495454.603618000", - "frame.time_delta": "0.144340000", - "frame.time_delta_displayed": "0.144340000", - "frame.time_relative": "1863.142932000", - "frame.number": "7493", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001008", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fd89", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "649", - "tcp.ack": "5118", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000faaf", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive_ack": "", - "_ws.expert.message": "ACK to a TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:36.682209000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495456.682209000", - "frame.time_delta": "2.078591000", - "frame.time_delta_displayed": "2.078591000", - "frame.time_relative": "1865.221523000", - "frame.number": "7494", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x0000211a", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e6fa", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "50925", - "udp.dstport": "1900", - "udp.port": "50925", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x00008370", - "udp.checksum.status": "2", - "udp.stream": "138" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:36.726584000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495456.726584000", - "frame.time_delta": "0.044375000", - "frame.time_delta_displayed": "0.044375000", - "frame.time_relative": "1865.265898000", - "frame.number": "7495", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005e86", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x00005963", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:37.159727000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495457.159727000", - "frame.time_delta": "0.433143000", - "frame.time_delta_displayed": "0.433143000", - "frame.time_relative": "1865.699041000", - "frame.number": "7496", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", - "arp.src.proto_ipv4": "192.168.0.114", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:37.370513000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495457.370513000", - "frame.time_delta": "0.210786000", - "frame.time_delta_displayed": "0.210786000", - "frame.time_relative": "1865.909827000", - "frame.number": "7497", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00006ac2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00004c89", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50925", - "udp.port": "1900", - "udp.port": "50925", - "udp.length": "305", - "udp.checksum": "0x0000fe2d", - "udp.checksum.status": "2", - "udp.stream": "139" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:37.423265000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495457.423265000", - "frame.time_delta": "0.052752000", - "frame.time_delta_displayed": "0.052752000", - "frame.time_relative": "1865.962579000", - "frame.number": "7498", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00006ac6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00004c7c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50925", - "udp.port": "1900", - "udp.port": "50925", - "udp.length": "314", - "udp.checksum": "0x00000c19", - "udp.checksum.status": "2", - "udp.stream": "139" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "2", - "http.prev_response_in": "7497" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:37.476064000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495457.476064000", - "frame.time_delta": "0.052799000", - "frame.time_delta_displayed": "0.052799000", - "frame.time_relative": "1866.015378000", - "frame.number": "7499", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00006ac7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00004c81", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50925", - "udp.port": "1900", - "udp.port": "50925", - "udp.length": "308", - "udp.checksum": "0x00002fa3", - "udp.checksum.status": "2", - "udp.stream": "139" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "3", - "http.prev_response_in": "7498" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:37.679491000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495457.679491000", - "frame.time_delta": "0.203427000", - "frame.time_delta_displayed": "0.203427000", - "frame.time_relative": "1866.218805000", - "frame.number": "7500", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x0000211b", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e6f9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "50925", - "udp.dstport": "1900", - "udp.port": "50925", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x00008370", - "udp.checksum.status": "2", - "udp.stream": "138" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "2", - "http.prev_request_in": "7494" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:38.422821000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495458.422821000", - "frame.time_delta": "0.743330000", - "frame.time_delta_displayed": "0.743330000", - "frame.time_relative": "1866.962135000", - "frame.number": "7501", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00006b08", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00004c43", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50925", - "udp.port": "1900", - "udp.port": "50925", - "udp.length": "305", - "udp.checksum": "0x0000fe2d", - "udp.checksum.status": "2", - "udp.stream": "139" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "4", - "http.prev_response_in": "7499" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:38.475718000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495458.475718000", - "frame.time_delta": "0.052897000", - "frame.time_delta_displayed": "0.052897000", - "frame.time_relative": "1867.015032000", - "frame.number": "7502", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00006b09", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00004c39", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50925", - "udp.port": "1900", - "udp.port": "50925", - "udp.length": "314", - "udp.checksum": "0x00000c19", - "udp.checksum.status": "2", - "udp.stream": "139" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "5", - "http.prev_response_in": "7501" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:38.528549000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495458.528549000", - "frame.time_delta": "0.052831000", - "frame.time_delta_displayed": "0.052831000", - "frame.time_relative": "1867.067863000", - "frame.number": "7503", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00006b0a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00004c3e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50925", - "udp.port": "1900", - "udp.port": "50925", - "udp.length": "308", - "udp.checksum": "0x00002fa3", - "udp.checksum.status": "2", - "udp.stream": "139" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "6", - "http.prev_response_in": "7502" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:38.680037000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495458.680037000", - "frame.time_delta": "0.151488000", - "frame.time_delta_displayed": "0.151488000", - "frame.time_relative": "1867.219351000", - "frame.number": "7504", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x0000211c", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e6f8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "50925", - "udp.dstport": "1900", - "udp.port": "50925", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x00008370", - "udp.checksum.status": "2", - "udp.stream": "138" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "3", - "http.prev_request_in": "7500" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:39.107617000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495459.107617000", - "frame.time_delta": "0.427580000", - "frame.time_delta_displayed": "0.427580000", - "frame.time_relative": "1867.646931000", - "frame.number": "7505", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00006b21", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00004c2a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50925", - "udp.port": "1900", - "udp.port": "50925", - "udp.length": "305", - "udp.checksum": "0x0000fe2d", - "udp.checksum.status": "2", - "udp.stream": "139" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "7", - "http.prev_response_in": "7503" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:39.160441000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495459.160441000", - "frame.time_delta": "0.052824000", - "frame.time_delta_displayed": "0.052824000", - "frame.time_relative": "1867.699755000", - "frame.number": "7506", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00006b27", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00004c1b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50925", - "udp.port": "1900", - "udp.port": "50925", - "udp.length": "314", - "udp.checksum": "0x00000c19", - "udp.checksum.status": "2", - "udp.stream": "139" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "8", - "http.prev_response_in": "7505" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:39.213143000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495459.213143000", - "frame.time_delta": "0.052702000", - "frame.time_delta_displayed": "0.052702000", - "frame.time_relative": "1867.752457000", - "frame.number": "7507", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00006b28", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00004c20", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50925", - "udp.port": "1900", - "udp.port": "50925", - "udp.length": "308", - "udp.checksum": "0x00002fa3", - "udp.checksum.status": "2", - "udp.stream": "139" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "9", - "http.prev_response_in": "7506" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:39.610230000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495459.610230000", - "frame.time_delta": "0.397087000", - "frame.time_delta_displayed": "0.397087000", - "frame.time_relative": "1868.149544000", - "frame.number": "7508", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.160" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:39.610631000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495459.610631000", - "frame.time_delta": "0.000401000", - "frame.time_delta_displayed": "0.000401000", - "frame.time_relative": "1868.149945000", - "frame.number": "7509", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "00:17:88:69:ee:e4", - "arp.src.proto_ipv4": "192.168.0.160", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:39.680555000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495459.680555000", - "frame.time_delta": "0.069924000", - "frame.time_delta_displayed": "0.069924000", - "frame.time_relative": "1868.219869000", - "frame.number": "7510", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x0000211d", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e6f7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "50925", - "udp.dstport": "1900", - "udp.port": "50925", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x00008370", - "udp.checksum.status": "2", - "udp.stream": "138" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "4", - "http.prev_request_in": "7504" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:40.159637000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495460.159637000", - "frame.time_delta": "0.479082000", - "frame.time_delta_displayed": "0.479082000", - "frame.time_relative": "1868.698951000", - "frame.number": "7511", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00006b7b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00004bd0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50925", - "udp.port": "1900", - "udp.port": "50925", - "udp.length": "305", - "udp.checksum": "0x0000fe2d", - "udp.checksum.status": "2", - "udp.stream": "139" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "10", - "http.prev_response_in": "7507" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:40.212407000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495460.212407000", - "frame.time_delta": "0.052770000", - "frame.time_delta_displayed": "0.052770000", - "frame.time_relative": "1868.751721000", - "frame.number": "7512", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00006b7c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00004bc6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50925", - "udp.port": "1900", - "udp.port": "50925", - "udp.length": "314", - "udp.checksum": "0x00000c19", - "udp.checksum.status": "2", - "udp.stream": "139" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "11", - "http.prev_response_in": "7511" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:40.231950000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495460.231950000", - "frame.time_delta": "0.019543000", - "frame.time_delta_displayed": "0.019543000", - "frame.time_relative": "1868.771264000", - "frame.number": "7513", - "frame.len": "411", - "frame.cap_len": "411", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "397", - "ip.id": "0x000096e6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007540", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "345", - "tcp.seq": "90622", - "tcp.nxtseq": "90967", - "tcp.ack": "18447", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000057a7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:8a:f0:a7:a2:10:d8", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2591472, TSecr 2812416216": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2591472", - "tcp.options.timestamp.tsecr": "2812416216" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "345", - "tcp.analysis.push_bytes_sent": "345" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "340", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:84:d8:4c:6f:46:48:e7:d4:54:b2:f8:e7:87:3b:4a:64:85:8f:67:de:3c:3f:7c:9f:0a:05:bb:b8:93:23:1e:ef:cf:7b:d0:68:01:d9:0f:7c:c2:65:d0:ec:ef:86:4e:1b:8d:75:b7:5a:f5:67:c6:75:b7:f9:ec:38:fd:10:12:e4:f3:65:14:18:a8:77:ac:99:7c:92:7e:25:24:ca:c5:23:26:42:4b:c8:6b:3b:e9:f4:24:42:f2:50:2a:aa:01:e2:0a:f8:9a:14:53:bb:55:63:a2:54:5e:2c:7f:73:54:f6:db:d0:14:48:21:7c:dc:e2:47:31:95:94:f6:71:3b:33:09:1e:e3:b5:c1:94:25:c3:2b:04:03:23:a3:34:5a:b3:cf:ca:df:b7:a6:7d:29:25:9d:3b:5d:07:77:e9:2e:61:8b:0d:cb:28:a9:87:15:f2:e4:f8:b6:55:d4:f2:93:f2:9e:d4:46:9c:58:e7:4a:0d:85:c2:5f:33:6a:82:bb:7b:48:c1:65:c0:cd:49:ea:c6:c5:1c:83:92:28:53:98:b6:c0:30:33:22:a8:35:27:17:67:5e:75:6d:68:28:9d:e9:db:1a:62:8e:61:56:77:96:63:9b:c5:71:fb:5d:6e:cd:1c:2f:e5:3a:c8:f5:b6:48:67:3a:a4:21:0d:d8:e9:57:14:fa:a5:be:70:d4:61:6e:bc:9a:d4:6d:10:8f:50:43:1e:74:9c:11:06:93:36:bc:ee:58:9d:1d:5e:fa:9b:4b:12:f2:a2:f2:49:a1:71:b9:d6:e8:4b:e7:24:7d:c0:61:a6:e5:df:d5:67:ad:8d:35:29:f1:5b:14:5a:94:b9:40:31:97:b8:c9:47:45:d7:36:76:51:3a:58:ac" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:40.265127000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495460.265127000", - "frame.time_delta": "0.033177000", - "frame.time_delta_displayed": "0.033177000", - "frame.time_relative": "1868.804441000", - "frame.number": "7514", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00006b80", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00004bc8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50925", - "udp.port": "1900", - "udp.port": "50925", - "udp.length": "308", - "udp.checksum": "0x00002fa3", - "udp.checksum.status": "2", - "udp.stream": "139" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "12", - "http.prev_response_in": "7512" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:40.292303000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495460.292303000", - "frame.time_delta": "0.027176000", - "frame.time_delta_displayed": "0.027176000", - "frame.time_relative": "1868.831617000", - "frame.number": "7515", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002de0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000379f", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "18447", - "tcp.ack": "90967", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000055d3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a2:1c:5d:00:27:8a:f0", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812419165, TSecr 2591472": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812419165", - "tcp.options.timestamp.tsecr": "2591472" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7513", - "tcp.analysis.ack_rtt": "0.060353000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:40.326517000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495460.326517000", - "frame.time_delta": "0.034214000", - "frame.time_delta_displayed": "0.034214000", - "frame.time_relative": "1868.865831000", - "frame.number": "7516", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002de1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000376f", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "18447", - "tcp.nxtseq": "18494", - "tcp.ack": "90967", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00009dc6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a2:1c:65:00:27:8a:f0", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812419173, TSecr 2591472": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812419173", - "tcp.options.timestamp.tsecr": "2591472" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:cc:57:c8:35:9b:ec:64:8c:64:af:59:c0:b5:99:7d:44:87:99:a4:30:85:ff:47:fd:d6:c7:9a:55:00:9c:ac:b6:16:80:92" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:40.360724000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495460.360724000", - "frame.time_delta": "0.034207000", - "frame.time_delta_displayed": "0.034207000", - "frame.time_relative": "1868.900038000", - "frame.number": "7517", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x000096e7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007698", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "90967", - "tcp.ack": "18494", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000054a0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:8a:fd:a7:a2:1c:65", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2591485, TSecr 2812419173": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2591485", - "tcp.options.timestamp.tsecr": "2812419173" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7516", - "tcp.analysis.ack_rtt": "0.034207000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:40.528220000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495460.528220000", - "frame.time_delta": "0.167496000", - "frame.time_delta_displayed": "0.167496000", - "frame.time_relative": "1869.067534000", - "frame.number": "7518", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00006b98", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00004bb3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50925", - "udp.port": "1900", - "udp.port": "50925", - "udp.length": "305", - "udp.checksum": "0x0000fe2d", - "udp.checksum.status": "2", - "udp.stream": "139" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "13", - "http.prev_response_in": "7514" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:40.580997000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495460.580997000", - "frame.time_delta": "0.052777000", - "frame.time_delta_displayed": "0.052777000", - "frame.time_relative": "1869.120311000", - "frame.number": "7519", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00006b9e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00004ba4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50925", - "udp.port": "1900", - "udp.port": "50925", - "udp.length": "314", - "udp.checksum": "0x00000c19", - "udp.checksum.status": "2", - "udp.stream": "139" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "14", - "http.prev_response_in": "7518" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:40.697931000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495460.697931000", - "frame.time_delta": "0.116934000", - "frame.time_delta_displayed": "0.116934000", - "frame.time_relative": "1869.237245000", - "frame.number": "7520", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00006ba3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00004ba5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50925", - "udp.port": "1900", - "udp.port": "50925", - "udp.length": "308", - "udp.checksum": "0x00002fa3", - "udp.checksum.status": "2", - "udp.stream": "139" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "15", - "http.prev_response_in": "7519" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:41.585634000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495461.585634000", - "frame.time_delta": "0.887703000", - "frame.time_delta_displayed": "0.887703000", - "frame.time_relative": "1870.124948000", - "frame.number": "7521", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00006be7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00004b64", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50925", - "udp.port": "1900", - "udp.port": "50925", - "udp.length": "305", - "udp.checksum": "0x0000fe2d", - "udp.checksum.status": "2", - "udp.stream": "139" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "16", - "http.prev_response_in": "7520" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:41.638446000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495461.638446000", - "frame.time_delta": "0.052812000", - "frame.time_delta_displayed": "0.052812000", - "frame.time_relative": "1870.177760000", - "frame.number": "7522", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00006be9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00004b59", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50925", - "udp.port": "1900", - "udp.port": "50925", - "udp.length": "314", - "udp.checksum": "0x00000c19", - "udp.checksum.status": "2", - "udp.stream": "139" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "17", - "http.prev_response_in": "7521" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:41.691276000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495461.691276000", - "frame.time_delta": "0.052830000", - "frame.time_delta_displayed": "0.052830000", - "frame.time_relative": "1870.230590000", - "frame.number": "7523", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00006bef", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00004b59", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50925", - "udp.port": "1900", - "udp.port": "50925", - "udp.length": "308", - "udp.checksum": "0x00002fa3", - "udp.checksum.status": "2", - "udp.stream": "139" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "18", - "http.prev_response_in": "7522" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:42.428064000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495462.428064000", - "frame.time_delta": "0.736788000", - "frame.time_delta_displayed": "0.736788000", - "frame.time_relative": "1870.967378000", - "frame.number": "7524", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00006bfc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00004b4f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50925", - "udp.port": "1900", - "udp.port": "50925", - "udp.length": "305", - "udp.checksum": "0x0000fe2d", - "udp.checksum.status": "2", - "udp.stream": "139" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "19", - "http.prev_response_in": "7523" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:42.480866000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495462.480866000", - "frame.time_delta": "0.052802000", - "frame.time_delta_displayed": "0.052802000", - "frame.time_relative": "1871.020180000", - "frame.number": "7525", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00006c02", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00004b40", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50925", - "udp.port": "1900", - "udp.port": "50925", - "udp.length": "314", - "udp.checksum": "0x00000c19", - "udp.checksum.status": "2", - "udp.stream": "139" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "20", - "http.prev_response_in": "7524" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:42.533678000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495462.533678000", - "frame.time_delta": "0.052812000", - "frame.time_delta_displayed": "0.052812000", - "frame.time_relative": "1871.072992000", - "frame.number": "7526", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00006c03", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00004b45", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50925", - "udp.port": "1900", - "udp.port": "50925", - "udp.length": "308", - "udp.checksum": "0x00002fa3", - "udp.checksum.status": "2", - "udp.stream": "139" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "21", - "http.prev_response_in": "7525" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:42.675076000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495462.675076000", - "frame.time_delta": "0.141398000", - "frame.time_delta_displayed": "0.141398000", - "frame.time_relative": "1871.214390000", - "frame.number": "7527", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001fbf", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b831", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000106c", - "udp.checksum.status": "2", - "udp.stream": "98" - }, - "mdns": { - "dns.id": "0x00000289", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=649", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:42.675610000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495462.675610000", - "frame.time_delta": "0.000534000", - "frame.time_delta_displayed": "0.000534000", - "frame.time_relative": "1871.214924000", - "frame.number": "7528", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001fc0", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000992c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f167", - "udp.checksum.status": "2", - "udp.stream": "99" - }, - "mdns": { - "dns.id": "0x00000289", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=649", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:42.676207000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495462.676207000", - "frame.time_delta": "0.000597000", - "frame.time_delta_displayed": "0.000597000", - "frame.time_relative": "1871.215521000", - "frame.number": "7529", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1322", - "udp.dstport": "5353", - "udp.port": "1322", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00007f2d", - "udp.checksum.status": "2", - "udp.stream": "100" - }, - "mdns": { - "dns.id": "0x00000289", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=649", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:43.485304000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495463.485304000", - "frame.time_delta": "0.809097000", - "frame.time_delta_displayed": "0.809097000", - "frame.time_relative": "1872.024618000", - "frame.number": "7530", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00006c5c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00004aef", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50925", - "udp.port": "1900", - "udp.port": "50925", - "udp.length": "305", - "udp.checksum": "0x0000fe2d", - "udp.checksum.status": "2", - "udp.stream": "139" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "22", - "http.prev_response_in": "7526" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:43.538068000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495463.538068000", - "frame.time_delta": "0.052764000", - "frame.time_delta_displayed": "0.052764000", - "frame.time_relative": "1872.077382000", - "frame.number": "7531", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00006c61", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00004ae1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50925", - "udp.port": "1900", - "udp.port": "50925", - "udp.length": "314", - "udp.checksum": "0x00000c19", - "udp.checksum.status": "2", - "udp.stream": "139" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "23", - "http.prev_response_in": "7530" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:43.590880000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495463.590880000", - "frame.time_delta": "0.052812000", - "frame.time_delta_displayed": "0.052812000", - "frame.time_relative": "1872.130194000", - "frame.number": "7532", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00006c65", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00004ae3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "50925", - "udp.port": "1900", - "udp.port": "50925", - "udp.length": "308", - "udp.checksum": "0x00002fa3", - "udp.checksum.status": "2", - "udp.stream": "139" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "24", - "http.prev_response_in": "7531" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:45.300196000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495465.300196000", - "frame.time_delta": "1.709316000", - "frame.time_delta_displayed": "1.709316000", - "frame.time_relative": "1873.839510000", - "frame.number": "7533", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.242" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:45.300623000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495465.300623000", - "frame.time_delta": "0.000427000", - "frame.time_delta_displayed": "0.000427000", - "frame.time_relative": "1873.839937000", - "frame.number": "7534", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "d0:52:a8:a3:60:0f", - "arp.src.proto_ipv4": "192.168.0.242", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:45.930575000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495465.930575000", - "frame.time_delta": "0.629952000", - "frame.time_delta_displayed": "0.629952000", - "frame.time_relative": "1874.469889000", - "frame.number": "7535", - "frame.len": "62", - "frame.cap_len": "62", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_02", - "eth.addr": "33:33:00:00:00:02", - "eth.addr_resolved": "IPv6mcast_02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "8", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "::", - "ipv6.addr": "::", - "ipv6.src_host": "::", - "ipv6.host": "::", - "ipv6.dst": "ff02::2", - "ipv6.addr": "ff02::2", - "ipv6.dst_host": "ff02::2", - "ipv6.host": "ff02::2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "133", - "icmpv6.code": "0", - "icmpv6.checksum": "0x00007bb8", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:45.933219000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495465.933219000", - "frame.time_delta": "0.002644000", - "frame.time_delta_displayed": "0.002644000", - "frame.time_relative": "1874.472533000", - "frame.number": "7536", - "frame.len": "150", - "frame.cap_len": "150", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "96", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000b490", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "4", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::fb" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:45.933448000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495465.933448000", - "frame.time_delta": "0.000229000", - "frame.time_delta_displayed": "0.000229000", - "frame.time_relative": "1874.472762000", - "frame.number": "7537", - "frame.len": "174", - "frame.cap_len": "174", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:01", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01", - "eth.addr": "33:33:00:00:00:01", - "eth.addr_resolved": "IPv6mcast_01", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00016898", - "ipv6.plen": "120", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "fe80::b2b9:8aff:fe73:698e", - "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.dst": "ff02::1", - "ipv6.addr": "ff02::1", - "ipv6.dst_host": "ff02::1", - "ipv6.host": "ff02::1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "134", - "icmpv6.code": "0", - "icmpv6.checksum": "0x00006442", - "icmpv6.checksum.status": "1", - "icmpv6.nd.ra.cur_hop_limit": "64", - "icmpv6.nd.ra.flag": "0x000000c0", - "icmpv6.nd.ra.flag_tree": { - "icmpv6.nd.ra.flag.m": "1", - "icmpv6.nd.ra.flag.o": "1", - "icmpv6.nd.ra.flag.h": "0", - "icmpv6.nd.ra.flag.prf": "0", - "icmpv6.nd.ra.flag.p": "0", - "icmpv6.nd.ra.flag.rsv": "0" - }, - "icmpv6.nd.ra.router_lifetime": "0", - "icmpv6.nd.ra.reachable_time": "0", - "icmpv6.nd.ra.retrans_timer": "0", - "icmpv6.opt": { - "icmpv6.opt.type": "1", - "icmpv6.opt.length": "1", - "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", - "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "5", - "icmpv6.opt.length": "1", - "icmpv6.opt.reserved": "", - "icmpv6.opt.mtu": "1500" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "3", - "icmpv6.opt.length": "4", - "icmpv6.opt.prefix.length": "64", - "icmpv6.opt.prefix.flag": "0x000000c0", - "icmpv6.opt.prefix.flag_tree": { - "icmpv6.opt.prefix.flag.l": "1", - "icmpv6.opt.prefix.flag.a": "1", - "icmpv6.opt.prefix.flag.r": "0", - "icmpv6.opt.prefix.flag.reserved": "0" - }, - "icmpv6.opt.prefix.valid_lifetime": "4294967295", - "icmpv6.opt.prefix.preferred_lifetime": "4294967295", - "icmpv6.opt.reserved": "", - "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "24", - "icmpv6.opt.length": "3", - "icmpv6.opt.prefix.length": "48", - "icmpv6.opt.route_info.flag": "0x00000000", - "icmpv6.opt.route_info.flag_tree": { - "icmpv6.opt.route_info.flag.route_preference": "0", - "icmpv6.opt.route_info.flag.reserved": "0" - }, - "icmpv6.opt.route_lifetime": "4294967295", - "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "25", - "icmpv6.opt.length": "3", - "icmpv6.opt.reserved": "", - "icmpv6.opt.rdnss.lifetime": "6000", - "icmpv6.opt.rdnss": "fd1e:4e89:3b7b::1" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "7", - "icmpv6.opt.length": "1", - "icmpv6.opt.reserved": "", - "icmpv6.opt.advertisement_interval": "600000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:46.101473000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495466.101473000", - "frame.time_delta": "0.168025000", - "frame.time_delta_displayed": "0.168025000", - "frame.time_relative": "1874.640787000", - "frame.number": "7538", - "frame.len": "150", - "frame.cap_len": "150", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "96", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000b590", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "4", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::fb" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:46.758880000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495466.758880000", - "frame.time_delta": "0.657407000", - "frame.time_delta_displayed": "0.657407000", - "frame.time_relative": "1875.298194000", - "frame.number": "7539", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" - }, - "eth": { - "eth.dst": "33:33:00:01:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:02", - "eth.addr": "33:33:00:01:00:02", - "eth.addr_resolved": "IPv6mcast_01:00:02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "66", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::1:2", - "ipv6.addr": "ff02::1:2", - "ipv6.dst_host": "ff02::1:2", - "ipv6.host": "ff02::1:2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "546", - "udp.dstport": "547", - "udp.port": "546", - "udp.port": "547", - "udp.length": "66", - "udp.checksum": "0x00008b2d", - "udp.checksum.status": "2", - "udp.stream": "15" - }, - "dhcpv6": { - "dhcpv6.msgtype": "1", - "dhcpv6.xid": "0x001f9190", - "Elapsed time": { - "dhcpv6.option.type": "8", - "dhcpv6.option.length": "2", - "dhcpv6.option.value": "00:00", - "dhcpv6.elapsed_time": "0" - }, - "Rapid Commit": { - "dhcpv6.option.type": "14", - "dhcpv6.option.length": "0" - }, - "Client Identifier": { - "dhcpv6.option.type": "1", - "dhcpv6.option.length": "14", - "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.type": "1", - "dhcpv6.duidllt.hwtype": "1", - "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", - "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" - }, - "Identity Association for Non-temporary Address": { - "dhcpv6.option.type": "3", - "dhcpv6.option.length": "12", - "dhcpv6.option.value": "30:bf:34:7e:00:00:00:00:00:00:00:00", - "dhcpv6.iaid": "30bf347e", - "dhcpv6.iaid.t1": "0", - "dhcpv6.iaid.t2": "0" - }, - "Option Request": { - "dhcpv6.option.type": "6", - "dhcpv6.option.length": "6", - "dhcpv6.option.value": "00:17:00:18:00:1f", - "dhcpv6.requested_option_code": "23", - "dhcpv6.requested_option_code": "24", - "dhcpv6.requested_option_code": "31" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:46.766439000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495466.766439000", - "frame.time_delta": "0.007559000", - "frame.time_delta_displayed": "0.007559000", - "frame.time_relative": "1875.305753000", - "frame.number": "7540", - "frame.len": "158", - "frame.cap_len": "158", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" - }, - "eth": { - "eth.dst": "33:33:00:01:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:02", - "eth.addr": "33:33:00:01:00:02", - "eth.addr_resolved": "IPv6mcast_01:00:02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "104", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::1:2", - "ipv6.addr": "ff02::1:2", - "ipv6.dst_host": "ff02::1:2", - "ipv6.host": "ff02::1:2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "546", - "udp.dstport": "547", - "udp.port": "546", - "udp.port": "547", - "udp.length": "104", - "udp.checksum": "0x00001972", - "udp.checksum.status": "2", - "udp.stream": "15" - }, - "dhcpv6": { - "dhcpv6.msgtype": "3", - "dhcpv6.xid": "0x0046f85c", - "Elapsed time": { - "dhcpv6.option.type": "8", - "dhcpv6.option.length": "2", - "dhcpv6.option.value": "00:00", - "dhcpv6.elapsed_time": "0" - }, - "Server Identifier": { - "dhcpv6.option.type": "2", - "dhcpv6.option.length": "10", - "dhcpv6.option.value": "00:03:00:01:b0:b9:8a:73:69:8e", - "dhcpv6.duid.bytes": "00:03:00:01:b0:b9:8a:73:69:8e", - "dhcpv6.duid.type": "3", - "dhcpv6.duidll.hwtype": "1", - "dhcpv6.duidll.link_layer_addr": "b0:b9:8a:73:69:8e" - }, - "Client Identifier": { - "dhcpv6.option.type": "1", - "dhcpv6.option.length": "14", - "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.type": "1", - "dhcpv6.duidllt.hwtype": "1", - "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", - "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" - }, - "Identity Association for Non-temporary Address": { - "dhcpv6.option.type": "3", - "dhcpv6.option.length": "40", - "dhcpv6.option.value": "30:bf:34:7e:00:00:54:60:00:00:87:00:00:05:00:18:fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", - "dhcpv6.iaid": "30bf347e", - "dhcpv6.iaid.t1": "21600", - "dhcpv6.iaid.t2": "34560", - "IA Address": { - "dhcpv6.option.type": "5", - "dhcpv6.option.length": "24", - "dhcpv6.option.value": "fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", - "dhcpv6.iaaddr.ip": "fd1e:4e89:3b7b::101", - "dhcpv6.iaaddr.pref_lifetime": "0", - "dhcpv6.iaaddr.valid_lifetime": "0" - } - }, - "Option Request": { - "dhcpv6.option.type": "6", - "dhcpv6.option.length": "6", - "dhcpv6.option.value": "00:17:00:18:00:1f", - "dhcpv6.requested_option_code": "23", - "dhcpv6.requested_option_code": "24", - "dhcpv6.requested_option_code": "31" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:46.774151000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495466.774151000", - "frame.time_delta": "0.007712000", - "frame.time_delta_displayed": "0.007712000", - "frame.time_relative": "1875.313465000", - "frame.number": "7541", - "frame.len": "78", - "frame.cap_len": "78", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:ff:00:01:01", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_ff:00:01:01", - "eth.addr": "33:33:ff:00:01:01", - "eth.addr_resolved": "IPv6mcast_ff:00:01:01", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "24", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "::", - "ipv6.addr": "::", - "ipv6.src_host": "::", - "ipv6.host": "::", - "ipv6.dst": "ff02::1:ff00:101", - "ipv6.addr": "ff02::1:ff00:101", - "ipv6.dst_host": "ff02::1:ff00:101", - "ipv6.host": "ff02::1:ff00:101", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "135", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000f182", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00:00:00", - "icmpv6.nd.ns.target_address": "fd1e:4e89:3b7b::101" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:46.791790000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495466.791790000", - "frame.time_delta": "0.017639000", - "frame.time_delta_displayed": "0.017639000", - "frame.time_relative": "1875.331104000", - "frame.number": "7542", - "frame.len": "110", - "frame.cap_len": "110", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "56", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000effa", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "2", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:47.676494000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495467.676494000", - "frame.time_delta": "0.884704000", - "frame.time_delta_displayed": "0.884704000", - "frame.time_relative": "1876.215808000", - "frame.number": "7543", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001fc2", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b82e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000106c", - "udp.checksum.status": "2", - "udp.stream": "98" - }, - "mdns": { - "dns.id": "0x00000289", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=649", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:47.676877000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495467.676877000", - "frame.time_delta": "0.000383000", - "frame.time_delta_displayed": "0.000383000", - "frame.time_relative": "1876.216191000", - "frame.number": "7544", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001fc3", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009929", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f167", - "udp.checksum.status": "2", - "udp.stream": "99" - }, - "mdns": { - "dns.id": "0x00000289", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=649", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:47.677347000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495467.677347000", - "frame.time_delta": "0.000470000", - "frame.time_delta_displayed": "0.000470000", - "frame.time_relative": "1876.216661000", - "frame.number": "7545", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1322", - "udp.dstport": "5353", - "udp.port": "1322", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00007f2d", - "udp.checksum.status": "2", - "udp.stream": "100" - }, - "mdns": { - "dns.id": "0x00000289", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=649", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:47.787929000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495467.787929000", - "frame.time_delta": "0.110582000", - "frame.time_delta_displayed": "0.110582000", - "frame.time_relative": "1876.327243000", - "frame.number": "7546", - "frame.len": "62", - "frame.cap_len": "62", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_02", - "eth.addr": "33:33:00:00:00:02", - "eth.addr_resolved": "IPv6mcast_02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "8", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "::", - "ipv6.addr": "::", - "ipv6.src_host": "::", - "ipv6.host": "::", - "ipv6.dst": "ff02::2", - "ipv6.addr": "ff02::2", - "ipv6.dst_host": "ff02::2", - "ipv6.host": "ff02::2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "133", - "icmpv6.code": "0", - "icmpv6.checksum": "0x00007bb8", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:47.791154000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495467.791154000", - "frame.time_delta": "0.003225000", - "frame.time_delta_displayed": "0.003225000", - "frame.time_relative": "1876.330468000", - "frame.number": "7547", - "frame.len": "174", - "frame.cap_len": "174", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:01", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01", - "eth.addr": "33:33:00:00:00:01", - "eth.addr_resolved": "IPv6mcast_01", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00016898", - "ipv6.plen": "120", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "fe80::b2b9:8aff:fe73:698e", - "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.dst": "ff02::1", - "ipv6.addr": "ff02::1", - "ipv6.dst_host": "ff02::1", - "ipv6.host": "ff02::1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "134", - "icmpv6.code": "0", - "icmpv6.checksum": "0x00006442", - "icmpv6.checksum.status": "1", - "icmpv6.nd.ra.cur_hop_limit": "64", - "icmpv6.nd.ra.flag": "0x000000c0", - "icmpv6.nd.ra.flag_tree": { - "icmpv6.nd.ra.flag.m": "1", - "icmpv6.nd.ra.flag.o": "1", - "icmpv6.nd.ra.flag.h": "0", - "icmpv6.nd.ra.flag.prf": "0", - "icmpv6.nd.ra.flag.p": "0", - "icmpv6.nd.ra.flag.rsv": "0" - }, - "icmpv6.nd.ra.router_lifetime": "0", - "icmpv6.nd.ra.reachable_time": "0", - "icmpv6.nd.ra.retrans_timer": "0", - "icmpv6.opt": { - "icmpv6.opt.type": "1", - "icmpv6.opt.length": "1", - "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", - "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "5", - "icmpv6.opt.length": "1", - "icmpv6.opt.reserved": "", - "icmpv6.opt.mtu": "1500" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "3", - "icmpv6.opt.length": "4", - "icmpv6.opt.prefix.length": "64", - "icmpv6.opt.prefix.flag": "0x000000c0", - "icmpv6.opt.prefix.flag_tree": { - "icmpv6.opt.prefix.flag.l": "1", - "icmpv6.opt.prefix.flag.a": "1", - "icmpv6.opt.prefix.flag.r": "0", - "icmpv6.opt.prefix.flag.reserved": "0" - }, - "icmpv6.opt.prefix.valid_lifetime": "4294967295", - "icmpv6.opt.prefix.preferred_lifetime": "4294967295", - "icmpv6.opt.reserved": "", - "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "24", - "icmpv6.opt.length": "3", - "icmpv6.opt.prefix.length": "48", - "icmpv6.opt.route_info.flag": "0x00000000", - "icmpv6.opt.route_info.flag_tree": { - "icmpv6.opt.route_info.flag.route_preference": "0", - "icmpv6.opt.route_info.flag.reserved": "0" - }, - "icmpv6.opt.route_lifetime": "4294967295", - "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "25", - "icmpv6.opt.length": "3", - "icmpv6.opt.reserved": "", - "icmpv6.opt.rdnss.lifetime": "6000", - "icmpv6.opt.rdnss": "fd1e:4e89:3b7b::1" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "7", - "icmpv6.opt.length": "1", - "icmpv6.opt.reserved": "", - "icmpv6.opt.advertisement_interval": "600000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:47.804977000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495467.804977000", - "frame.time_delta": "0.013823000", - "frame.time_delta_displayed": "0.013823000", - "frame.time_relative": "1876.344291000", - "frame.number": "7548", - "frame.len": "150", - "frame.cap_len": "150", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "96", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000b490", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "4", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::fb" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:47.950466000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495467.950466000", - "frame.time_delta": "0.145489000", - "frame.time_delta_displayed": "0.145489000", - "frame.time_relative": "1876.489780000", - "frame.number": "7549", - "frame.len": "150", - "frame.cap_len": "150", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "96", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000b590", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "4", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::fb" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:48.342421000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495468.342421000", - "frame.time_delta": "0.391955000", - "frame.time_delta_displayed": "0.391955000", - "frame.time_relative": "1876.881735000", - "frame.number": "7550", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" - }, - "eth": { - "eth.dst": "33:33:00:01:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:02", - "eth.addr": "33:33:00:01:00:02", - "eth.addr_resolved": "IPv6mcast_01:00:02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "66", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::1:2", - "ipv6.addr": "ff02::1:2", - "ipv6.dst_host": "ff02::1:2", - "ipv6.host": "ff02::1:2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "546", - "udp.dstport": "547", - "udp.port": "546", - "udp.port": "547", - "udp.length": "66", - "udp.checksum": "0x0000afc0", - "udp.checksum.status": "2", - "udp.stream": "15" - }, - "dhcpv6": { - "dhcpv6.msgtype": "1", - "dhcpv6.xid": "0x00086d14", - "Elapsed time": { - "dhcpv6.option.type": "8", - "dhcpv6.option.length": "2", - "dhcpv6.option.value": "00:00", - "dhcpv6.elapsed_time": "0" - }, - "Rapid Commit": { - "dhcpv6.option.type": "14", - "dhcpv6.option.length": "0" - }, - "Client Identifier": { - "dhcpv6.option.type": "1", - "dhcpv6.option.length": "14", - "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.type": "1", - "dhcpv6.duidllt.hwtype": "1", - "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", - "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" - }, - "Identity Association for Non-temporary Address": { - "dhcpv6.option.type": "3", - "dhcpv6.option.length": "12", - "dhcpv6.option.value": "30:bf:34:7e:00:00:00:00:00:00:00:00", - "dhcpv6.iaid": "30bf347e", - "dhcpv6.iaid.t1": "0", - "dhcpv6.iaid.t2": "0" - }, - "Option Request": { - "dhcpv6.option.type": "6", - "dhcpv6.option.length": "6", - "dhcpv6.option.value": "00:17:00:18:00:1f", - "dhcpv6.requested_option_code": "23", - "dhcpv6.requested_option_code": "24", - "dhcpv6.requested_option_code": "31" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:48.347896000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495468.347896000", - "frame.time_delta": "0.005475000", - "frame.time_delta_displayed": "0.005475000", - "frame.time_relative": "1876.887210000", - "frame.number": "7551", - "frame.len": "158", - "frame.cap_len": "158", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" - }, - "eth": { - "eth.dst": "33:33:00:01:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:02", - "eth.addr": "33:33:00:01:00:02", - "eth.addr_resolved": "IPv6mcast_01:00:02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "104", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::1:2", - "ipv6.addr": "ff02::1:2", - "ipv6.dst_host": "ff02::1:2", - "ipv6.host": "ff02::1:2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "546", - "udp.dstport": "547", - "udp.port": "546", - "udp.port": "547", - "udp.length": "104", - "udp.checksum": "0x0000b032", - "udp.checksum.status": "2", - "udp.stream": "15" - }, - "dhcpv6": { - "dhcpv6.msgtype": "3", - "dhcpv6.xid": "0x005a6188", - "Elapsed time": { - "dhcpv6.option.type": "8", - "dhcpv6.option.length": "2", - "dhcpv6.option.value": "00:00", - "dhcpv6.elapsed_time": "0" - }, - "Server Identifier": { - "dhcpv6.option.type": "2", - "dhcpv6.option.length": "10", - "dhcpv6.option.value": "00:03:00:01:b0:b9:8a:73:69:8e", - "dhcpv6.duid.bytes": "00:03:00:01:b0:b9:8a:73:69:8e", - "dhcpv6.duid.type": "3", - "dhcpv6.duidll.hwtype": "1", - "dhcpv6.duidll.link_layer_addr": "b0:b9:8a:73:69:8e" - }, - "Client Identifier": { - "dhcpv6.option.type": "1", - "dhcpv6.option.length": "14", - "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.type": "1", - "dhcpv6.duidllt.hwtype": "1", - "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", - "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" - }, - "Identity Association for Non-temporary Address": { - "dhcpv6.option.type": "3", - "dhcpv6.option.length": "40", - "dhcpv6.option.value": "30:bf:34:7e:00:00:54:60:00:00:87:00:00:05:00:18:fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", - "dhcpv6.iaid": "30bf347e", - "dhcpv6.iaid.t1": "21600", - "dhcpv6.iaid.t2": "34560", - "IA Address": { - "dhcpv6.option.type": "5", - "dhcpv6.option.length": "24", - "dhcpv6.option.value": "fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", - "dhcpv6.iaaddr.ip": "fd1e:4e89:3b7b::101", - "dhcpv6.iaaddr.pref_lifetime": "0", - "dhcpv6.iaaddr.valid_lifetime": "0" - } - }, - "Option Request": { - "dhcpv6.option.type": "6", - "dhcpv6.option.length": "6", - "dhcpv6.option.value": "00:17:00:18:00:1f", - "dhcpv6.requested_option_code": "23", - "dhcpv6.requested_option_code": "24", - "dhcpv6.requested_option_code": "31" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:48.368584000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495468.368584000", - "frame.time_delta": "0.020688000", - "frame.time_delta_displayed": "0.020688000", - "frame.time_relative": "1876.907898000", - "frame.number": "7552", - "frame.len": "78", - "frame.cap_len": "78", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:ff:00:01:01", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_ff:00:01:01", - "eth.addr": "33:33:ff:00:01:01", - "eth.addr_resolved": "IPv6mcast_ff:00:01:01", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "24", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "::", - "ipv6.addr": "::", - "ipv6.src_host": "::", - "ipv6.host": "::", - "ipv6.dst": "ff02::1:ff00:101", - "ipv6.addr": "ff02::1:ff00:101", - "ipv6.dst_host": "ff02::1:ff00:101", - "ipv6.host": "ff02::1:ff00:101", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "135", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000f182", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00:00:00", - "icmpv6.nd.ns.target_address": "fd1e:4e89:3b7b::101" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:48.380500000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495468.380500000", - "frame.time_delta": "0.011916000", - "frame.time_delta_displayed": "0.011916000", - "frame.time_relative": "1876.919814000", - "frame.number": "7553", - "frame.len": "110", - "frame.cap_len": "110", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "56", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000effa", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "2", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:49.388985000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495469.388985000", - "frame.time_delta": "1.008485000", - "frame.time_delta_displayed": "1.008485000", - "frame.time_relative": "1877.928299000", - "frame.number": "7554", - "frame.len": "62", - "frame.cap_len": "62", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_02", - "eth.addr": "33:33:00:00:00:02", - "eth.addr_resolved": "IPv6mcast_02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "8", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "::", - "ipv6.addr": "::", - "ipv6.src_host": "::", - "ipv6.host": "::", - "ipv6.dst": "ff02::2", - "ipv6.addr": "ff02::2", - "ipv6.dst_host": "ff02::2", - "ipv6.host": "ff02::2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "133", - "icmpv6.code": "0", - "icmpv6.checksum": "0x00007bb8", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:49.391594000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495469.391594000", - "frame.time_delta": "0.002609000", - "frame.time_delta_displayed": "0.002609000", - "frame.time_relative": "1877.930908000", - "frame.number": "7555", - "frame.len": "150", - "frame.cap_len": "150", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "96", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000b490", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "4", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::fb" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:49.392133000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495469.392133000", - "frame.time_delta": "0.000539000", - "frame.time_delta_displayed": "0.000539000", - "frame.time_relative": "1877.931447000", - "frame.number": "7556", - "frame.len": "174", - "frame.cap_len": "174", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:01", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01", - "eth.addr": "33:33:00:00:00:01", - "eth.addr_resolved": "IPv6mcast_01", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00016898", - "ipv6.plen": "120", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "fe80::b2b9:8aff:fe73:698e", - "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.dst": "ff02::1", - "ipv6.addr": "ff02::1", - "ipv6.dst_host": "ff02::1", - "ipv6.host": "ff02::1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "134", - "icmpv6.code": "0", - "icmpv6.checksum": "0x00006442", - "icmpv6.checksum.status": "1", - "icmpv6.nd.ra.cur_hop_limit": "64", - "icmpv6.nd.ra.flag": "0x000000c0", - "icmpv6.nd.ra.flag_tree": { - "icmpv6.nd.ra.flag.m": "1", - "icmpv6.nd.ra.flag.o": "1", - "icmpv6.nd.ra.flag.h": "0", - "icmpv6.nd.ra.flag.prf": "0", - "icmpv6.nd.ra.flag.p": "0", - "icmpv6.nd.ra.flag.rsv": "0" - }, - "icmpv6.nd.ra.router_lifetime": "0", - "icmpv6.nd.ra.reachable_time": "0", - "icmpv6.nd.ra.retrans_timer": "0", - "icmpv6.opt": { - "icmpv6.opt.type": "1", - "icmpv6.opt.length": "1", - "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", - "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "5", - "icmpv6.opt.length": "1", - "icmpv6.opt.reserved": "", - "icmpv6.opt.mtu": "1500" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "3", - "icmpv6.opt.length": "4", - "icmpv6.opt.prefix.length": "64", - "icmpv6.opt.prefix.flag": "0x000000c0", - "icmpv6.opt.prefix.flag_tree": { - "icmpv6.opt.prefix.flag.l": "1", - "icmpv6.opt.prefix.flag.a": "1", - "icmpv6.opt.prefix.flag.r": "0", - "icmpv6.opt.prefix.flag.reserved": "0" - }, - "icmpv6.opt.prefix.valid_lifetime": "4294967295", - "icmpv6.opt.prefix.preferred_lifetime": "4294967295", - "icmpv6.opt.reserved": "", - "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "24", - "icmpv6.opt.length": "3", - "icmpv6.opt.prefix.length": "48", - "icmpv6.opt.route_info.flag": "0x00000000", - "icmpv6.opt.route_info.flag_tree": { - "icmpv6.opt.route_info.flag.route_preference": "0", - "icmpv6.opt.route_info.flag.reserved": "0" - }, - "icmpv6.opt.route_lifetime": "4294967295", - "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "25", - "icmpv6.opt.length": "3", - "icmpv6.opt.reserved": "", - "icmpv6.opt.rdnss.lifetime": "6000", - "icmpv6.opt.rdnss": "fd1e:4e89:3b7b::1" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "7", - "icmpv6.opt.length": "1", - "icmpv6.opt.reserved": "", - "icmpv6.opt.advertisement_interval": "600000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:49.583664000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495469.583664000", - "frame.time_delta": "0.191531000", - "frame.time_delta_displayed": "0.191531000", - "frame.time_relative": "1878.122978000", - "frame.number": "7557", - "frame.len": "150", - "frame.cap_len": "150", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "96", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000b590", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "4", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::fb" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:50.014847000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495470.014847000", - "frame.time_delta": "0.431183000", - "frame.time_delta_displayed": "0.431183000", - "frame.time_relative": "1878.554161000", - "frame.number": "7558", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" - }, - "eth": { - "eth.dst": "33:33:00:01:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:02", - "eth.addr": "33:33:00:01:00:02", - "eth.addr_resolved": "IPv6mcast_01:00:02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "66", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::1:2", - "ipv6.addr": "ff02::1:2", - "ipv6.dst_host": "ff02::1:2", - "ipv6.host": "ff02::1:2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "546", - "udp.dstport": "547", - "udp.port": "546", - "udp.port": "547", - "udp.length": "66", - "udp.checksum": "0x00009652", - "udp.checksum.status": "2", - "udp.stream": "15" - }, - "dhcpv6": { - "dhcpv6.msgtype": "1", - "dhcpv6.xid": "0x003a8650", - "Elapsed time": { - "dhcpv6.option.type": "8", - "dhcpv6.option.length": "2", - "dhcpv6.option.value": "00:00", - "dhcpv6.elapsed_time": "0" - }, - "Rapid Commit": { - "dhcpv6.option.type": "14", - "dhcpv6.option.length": "0" - }, - "Client Identifier": { - "dhcpv6.option.type": "1", - "dhcpv6.option.length": "14", - "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.type": "1", - "dhcpv6.duidllt.hwtype": "1", - "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", - "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" - }, - "Identity Association for Non-temporary Address": { - "dhcpv6.option.type": "3", - "dhcpv6.option.length": "12", - "dhcpv6.option.value": "30:bf:34:7e:00:00:00:00:00:00:00:00", - "dhcpv6.iaid": "30bf347e", - "dhcpv6.iaid.t1": "0", - "dhcpv6.iaid.t2": "0" - }, - "Option Request": { - "dhcpv6.option.type": "6", - "dhcpv6.option.length": "6", - "dhcpv6.option.value": "00:17:00:18:00:1f", - "dhcpv6.requested_option_code": "23", - "dhcpv6.requested_option_code": "24", - "dhcpv6.requested_option_code": "31" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:50.023170000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495470.023170000", - "frame.time_delta": "0.008323000", - "frame.time_delta_displayed": "0.008323000", - "frame.time_relative": "1878.562484000", - "frame.number": "7559", - "frame.len": "158", - "frame.cap_len": "158", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" - }, - "eth": { - "eth.dst": "33:33:00:01:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:02", - "eth.addr": "33:33:00:01:00:02", - "eth.addr_resolved": "IPv6mcast_01:00:02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "104", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::1:2", - "ipv6.addr": "ff02::1:2", - "ipv6.dst_host": "ff02::1:2", - "ipv6.host": "ff02::1:2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "546", - "udp.dstport": "547", - "udp.port": "546", - "udp.port": "547", - "udp.length": "104", - "udp.checksum": "0x0000c923", - "udp.checksum.status": "2", - "udp.stream": "15" - }, - "dhcpv6": { - "dhcpv6.msgtype": "3", - "dhcpv6.xid": "0x001c48d5", - "Elapsed time": { - "dhcpv6.option.type": "8", - "dhcpv6.option.length": "2", - "dhcpv6.option.value": "00:00", - "dhcpv6.elapsed_time": "0" - }, - "Server Identifier": { - "dhcpv6.option.type": "2", - "dhcpv6.option.length": "10", - "dhcpv6.option.value": "00:03:00:01:b0:b9:8a:73:69:8e", - "dhcpv6.duid.bytes": "00:03:00:01:b0:b9:8a:73:69:8e", - "dhcpv6.duid.type": "3", - "dhcpv6.duidll.hwtype": "1", - "dhcpv6.duidll.link_layer_addr": "b0:b9:8a:73:69:8e" - }, - "Client Identifier": { - "dhcpv6.option.type": "1", - "dhcpv6.option.length": "14", - "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.type": "1", - "dhcpv6.duidllt.hwtype": "1", - "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", - "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" - }, - "Identity Association for Non-temporary Address": { - "dhcpv6.option.type": "3", - "dhcpv6.option.length": "40", - "dhcpv6.option.value": "30:bf:34:7e:00:00:54:60:00:00:87:00:00:05:00:18:fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", - "dhcpv6.iaid": "30bf347e", - "dhcpv6.iaid.t1": "21600", - "dhcpv6.iaid.t2": "34560", - "IA Address": { - "dhcpv6.option.type": "5", - "dhcpv6.option.length": "24", - "dhcpv6.option.value": "fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", - "dhcpv6.iaaddr.ip": "fd1e:4e89:3b7b::101", - "dhcpv6.iaaddr.pref_lifetime": "0", - "dhcpv6.iaaddr.valid_lifetime": "0" - } - }, - "Option Request": { - "dhcpv6.option.type": "6", - "dhcpv6.option.length": "6", - "dhcpv6.option.value": "00:17:00:18:00:1f", - "dhcpv6.requested_option_code": "23", - "dhcpv6.requested_option_code": "24", - "dhcpv6.requested_option_code": "31" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:50.063938000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495470.063938000", - "frame.time_delta": "0.040768000", - "frame.time_delta_displayed": "0.040768000", - "frame.time_relative": "1878.603252000", - "frame.number": "7560", - "frame.len": "78", - "frame.cap_len": "78", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:ff:00:01:01", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_ff:00:01:01", - "eth.addr": "33:33:ff:00:01:01", - "eth.addr_resolved": "IPv6mcast_ff:00:01:01", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "24", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "::", - "ipv6.addr": "::", - "ipv6.src_host": "::", - "ipv6.host": "::", - "ipv6.dst": "ff02::1:ff00:101", - "ipv6.addr": "ff02::1:ff00:101", - "ipv6.dst_host": "ff02::1:ff00:101", - "ipv6.host": "ff02::1:ff00:101", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "135", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000f182", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00:00:00", - "icmpv6.nd.ns.target_address": "fd1e:4e89:3b7b::101" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:50.070483000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495470.070483000", - "frame.time_delta": "0.006545000", - "frame.time_delta_displayed": "0.006545000", - "frame.time_relative": "1878.609797000", - "frame.number": "7561", - "frame.len": "110", - "frame.cap_len": "110", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "56", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000effa", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "2", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:51.089285000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495471.089285000", - "frame.time_delta": "1.018802000", - "frame.time_delta_displayed": "1.018802000", - "frame.time_relative": "1879.628599000", - "frame.number": "7562", - "frame.len": "62", - "frame.cap_len": "62", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_02", - "eth.addr": "33:33:00:00:00:02", - "eth.addr_resolved": "IPv6mcast_02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "8", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "::", - "ipv6.addr": "::", - "ipv6.src_host": "::", - "ipv6.host": "::", - "ipv6.dst": "ff02::2", - "ipv6.addr": "ff02::2", - "ipv6.dst_host": "ff02::2", - "ipv6.host": "ff02::2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "133", - "icmpv6.code": "0", - "icmpv6.checksum": "0x00007bb8", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:51.090316000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495471.090316000", - "frame.time_delta": "0.001031000", - "frame.time_delta_displayed": "0.001031000", - "frame.time_relative": "1879.629630000", - "frame.number": "7563", - "frame.len": "150", - "frame.cap_len": "150", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "96", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000b490", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "4", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::fb" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:51.091474000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495471.091474000", - "frame.time_delta": "0.001158000", - "frame.time_delta_displayed": "0.001158000", - "frame.time_relative": "1879.630788000", - "frame.number": "7564", - "frame.len": "174", - "frame.cap_len": "174", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:01", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01", - "eth.addr": "33:33:00:00:00:01", - "eth.addr_resolved": "IPv6mcast_01", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00016898", - "ipv6.plen": "120", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "fe80::b2b9:8aff:fe73:698e", - "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.dst": "ff02::1", - "ipv6.addr": "ff02::1", - "ipv6.dst_host": "ff02::1", - "ipv6.host": "ff02::1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "134", - "icmpv6.code": "0", - "icmpv6.checksum": "0x00006442", - "icmpv6.checksum.status": "1", - "icmpv6.nd.ra.cur_hop_limit": "64", - "icmpv6.nd.ra.flag": "0x000000c0", - "icmpv6.nd.ra.flag_tree": { - "icmpv6.nd.ra.flag.m": "1", - "icmpv6.nd.ra.flag.o": "1", - "icmpv6.nd.ra.flag.h": "0", - "icmpv6.nd.ra.flag.prf": "0", - "icmpv6.nd.ra.flag.p": "0", - "icmpv6.nd.ra.flag.rsv": "0" - }, - "icmpv6.nd.ra.router_lifetime": "0", - "icmpv6.nd.ra.reachable_time": "0", - "icmpv6.nd.ra.retrans_timer": "0", - "icmpv6.opt": { - "icmpv6.opt.type": "1", - "icmpv6.opt.length": "1", - "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", - "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "5", - "icmpv6.opt.length": "1", - "icmpv6.opt.reserved": "", - "icmpv6.opt.mtu": "1500" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "3", - "icmpv6.opt.length": "4", - "icmpv6.opt.prefix.length": "64", - "icmpv6.opt.prefix.flag": "0x000000c0", - "icmpv6.opt.prefix.flag_tree": { - "icmpv6.opt.prefix.flag.l": "1", - "icmpv6.opt.prefix.flag.a": "1", - "icmpv6.opt.prefix.flag.r": "0", - "icmpv6.opt.prefix.flag.reserved": "0" - }, - "icmpv6.opt.prefix.valid_lifetime": "4294967295", - "icmpv6.opt.prefix.preferred_lifetime": "4294967295", - "icmpv6.opt.reserved": "", - "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "24", - "icmpv6.opt.length": "3", - "icmpv6.opt.prefix.length": "48", - "icmpv6.opt.route_info.flag": "0x00000000", - "icmpv6.opt.route_info.flag_tree": { - "icmpv6.opt.route_info.flag.route_preference": "0", - "icmpv6.opt.route_info.flag.reserved": "0" - }, - "icmpv6.opt.route_lifetime": "4294967295", - "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "25", - "icmpv6.opt.length": "3", - "icmpv6.opt.reserved": "", - "icmpv6.opt.rdnss.lifetime": "6000", - "icmpv6.opt.rdnss": "fd1e:4e89:3b7b::1" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "7", - "icmpv6.opt.length": "1", - "icmpv6.opt.reserved": "", - "icmpv6.opt.advertisement_interval": "600000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:51.221464000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495471.221464000", - "frame.time_delta": "0.129990000", - "frame.time_delta_displayed": "0.129990000", - "frame.time_relative": "1879.760778000", - "frame.number": "7565", - "frame.len": "150", - "frame.cap_len": "150", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "96", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000b590", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "4", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::fb" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:51.305192000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495471.305192000", - "frame.time_delta": "0.083728000", - "frame.time_delta_displayed": "0.083728000", - "frame.time_relative": "1879.844506000", - "frame.number": "7566", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" - }, - "eth": { - "eth.dst": "33:33:00:01:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:02", - "eth.addr": "33:33:00:01:00:02", - "eth.addr_resolved": "IPv6mcast_01:00:02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "66", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::1:2", - "ipv6.addr": "ff02::1:2", - "ipv6.dst_host": "ff02::1:2", - "ipv6.host": "ff02::1:2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "546", - "udp.dstport": "547", - "udp.port": "546", - "udp.port": "547", - "udp.length": "66", - "udp.checksum": "0x000081bf", - "udp.checksum.status": "2", - "udp.stream": "15" - }, - "dhcpv6": { - "dhcpv6.msgtype": "1", - "dhcpv6.xid": "0x00119b0c", - "Elapsed time": { - "dhcpv6.option.type": "8", - "dhcpv6.option.length": "2", - "dhcpv6.option.value": "00:00", - "dhcpv6.elapsed_time": "0" - }, - "Rapid Commit": { - "dhcpv6.option.type": "14", - "dhcpv6.option.length": "0" - }, - "Client Identifier": { - "dhcpv6.option.type": "1", - "dhcpv6.option.length": "14", - "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.type": "1", - "dhcpv6.duidllt.hwtype": "1", - "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", - "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" - }, - "Identity Association for Non-temporary Address": { - "dhcpv6.option.type": "3", - "dhcpv6.option.length": "12", - "dhcpv6.option.value": "30:bf:34:7e:00:00:00:00:00:00:00:00", - "dhcpv6.iaid": "30bf347e", - "dhcpv6.iaid.t1": "0", - "dhcpv6.iaid.t2": "0" - }, - "Option Request": { - "dhcpv6.option.type": "6", - "dhcpv6.option.length": "6", - "dhcpv6.option.value": "00:17:00:18:00:1f", - "dhcpv6.requested_option_code": "23", - "dhcpv6.requested_option_code": "24", - "dhcpv6.requested_option_code": "31" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:51.313568000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495471.313568000", - "frame.time_delta": "0.008376000", - "frame.time_delta_displayed": "0.008376000", - "frame.time_relative": "1879.852882000", - "frame.number": "7567", - "frame.len": "158", - "frame.cap_len": "158", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" - }, - "eth": { - "eth.dst": "33:33:00:01:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:02", - "eth.addr": "33:33:00:01:00:02", - "eth.addr_resolved": "IPv6mcast_01:00:02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "104", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::1:2", - "ipv6.addr": "ff02::1:2", - "ipv6.dst_host": "ff02::1:2", - "ipv6.host": "ff02::1:2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "546", - "udp.dstport": "547", - "udp.port": "546", - "udp.port": "547", - "udp.length": "104", - "udp.checksum": "0x00009a49", - "udp.checksum.status": "2", - "udp.stream": "15" - }, - "dhcpv6": { - "dhcpv6.msgtype": "3", - "dhcpv6.xid": "0x00c57706", - "Elapsed time": { - "dhcpv6.option.type": "8", - "dhcpv6.option.length": "2", - "dhcpv6.option.value": "00:00", - "dhcpv6.elapsed_time": "0" - }, - "Server Identifier": { - "dhcpv6.option.type": "2", - "dhcpv6.option.length": "10", - "dhcpv6.option.value": "00:03:00:01:b0:b9:8a:73:69:8e", - "dhcpv6.duid.bytes": "00:03:00:01:b0:b9:8a:73:69:8e", - "dhcpv6.duid.type": "3", - "dhcpv6.duidll.hwtype": "1", - "dhcpv6.duidll.link_layer_addr": "b0:b9:8a:73:69:8e" - }, - "Client Identifier": { - "dhcpv6.option.type": "1", - "dhcpv6.option.length": "14", - "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.type": "1", - "dhcpv6.duidllt.hwtype": "1", - "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", - "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" - }, - "Identity Association for Non-temporary Address": { - "dhcpv6.option.type": "3", - "dhcpv6.option.length": "40", - "dhcpv6.option.value": "30:bf:34:7e:00:00:54:60:00:00:87:00:00:05:00:18:fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", - "dhcpv6.iaid": "30bf347e", - "dhcpv6.iaid.t1": "21600", - "dhcpv6.iaid.t2": "34560", - "IA Address": { - "dhcpv6.option.type": "5", - "dhcpv6.option.length": "24", - "dhcpv6.option.value": "fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", - "dhcpv6.iaaddr.ip": "fd1e:4e89:3b7b::101", - "dhcpv6.iaaddr.pref_lifetime": "0", - "dhcpv6.iaaddr.valid_lifetime": "0" - } - }, - "Option Request": { - "dhcpv6.option.type": "6", - "dhcpv6.option.length": "6", - "dhcpv6.option.value": "00:17:00:18:00:1f", - "dhcpv6.requested_option_code": "23", - "dhcpv6.requested_option_code": "24", - "dhcpv6.requested_option_code": "31" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:51.329189000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495471.329189000", - "frame.time_delta": "0.015621000", - "frame.time_delta_displayed": "0.015621000", - "frame.time_relative": "1879.868503000", - "frame.number": "7568", - "frame.len": "78", - "frame.cap_len": "78", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:ff:00:01:01", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_ff:00:01:01", - "eth.addr": "33:33:ff:00:01:01", - "eth.addr_resolved": "IPv6mcast_ff:00:01:01", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "24", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "::", - "ipv6.addr": "::", - "ipv6.src_host": "::", - "ipv6.host": "::", - "ipv6.dst": "ff02::1:ff00:101", - "ipv6.addr": "ff02::1:ff00:101", - "ipv6.dst_host": "ff02::1:ff00:101", - "ipv6.host": "ff02::1:ff00:101", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "135", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000f182", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00:00:00", - "icmpv6.nd.ns.target_address": "fd1e:4e89:3b7b::101" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:51.340461000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495471.340461000", - "frame.time_delta": "0.011272000", - "frame.time_delta_displayed": "0.011272000", - "frame.time_relative": "1879.879775000", - "frame.number": "7569", - "frame.len": "110", - "frame.cap_len": "110", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "56", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000effa", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "2", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:52.350259000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495472.350259000", - "frame.time_delta": "1.009798000", - "frame.time_delta_displayed": "1.009798000", - "frame.time_relative": "1880.889573000", - "frame.number": "7570", - "frame.len": "62", - "frame.cap_len": "62", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_02", - "eth.addr": "33:33:00:00:00:02", - "eth.addr_resolved": "IPv6mcast_02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "8", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "::", - "ipv6.addr": "::", - "ipv6.src_host": "::", - "ipv6.host": "::", - "ipv6.dst": "ff02::2", - "ipv6.addr": "ff02::2", - "ipv6.dst_host": "ff02::2", - "ipv6.host": "ff02::2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "133", - "icmpv6.code": "0", - "icmpv6.checksum": "0x00007bb8", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:52.351432000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495472.351432000", - "frame.time_delta": "0.001173000", - "frame.time_delta_displayed": "0.001173000", - "frame.time_relative": "1880.890746000", - "frame.number": "7571", - "frame.len": "150", - "frame.cap_len": "150", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "96", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000b490", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "4", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::fb" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:52.352611000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495472.352611000", - "frame.time_delta": "0.001179000", - "frame.time_delta_displayed": "0.001179000", - "frame.time_relative": "1880.891925000", - "frame.number": "7572", - "frame.len": "174", - "frame.cap_len": "174", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:01", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01", - "eth.addr": "33:33:00:00:00:01", - "eth.addr_resolved": "IPv6mcast_01", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00016898", - "ipv6.plen": "120", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "fe80::b2b9:8aff:fe73:698e", - "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.dst": "ff02::1", - "ipv6.addr": "ff02::1", - "ipv6.dst_host": "ff02::1", - "ipv6.host": "ff02::1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "134", - "icmpv6.code": "0", - "icmpv6.checksum": "0x00006442", - "icmpv6.checksum.status": "1", - "icmpv6.nd.ra.cur_hop_limit": "64", - "icmpv6.nd.ra.flag": "0x000000c0", - "icmpv6.nd.ra.flag_tree": { - "icmpv6.nd.ra.flag.m": "1", - "icmpv6.nd.ra.flag.o": "1", - "icmpv6.nd.ra.flag.h": "0", - "icmpv6.nd.ra.flag.prf": "0", - "icmpv6.nd.ra.flag.p": "0", - "icmpv6.nd.ra.flag.rsv": "0" - }, - "icmpv6.nd.ra.router_lifetime": "0", - "icmpv6.nd.ra.reachable_time": "0", - "icmpv6.nd.ra.retrans_timer": "0", - "icmpv6.opt": { - "icmpv6.opt.type": "1", - "icmpv6.opt.length": "1", - "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", - "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "5", - "icmpv6.opt.length": "1", - "icmpv6.opt.reserved": "", - "icmpv6.opt.mtu": "1500" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "3", - "icmpv6.opt.length": "4", - "icmpv6.opt.prefix.length": "64", - "icmpv6.opt.prefix.flag": "0x000000c0", - "icmpv6.opt.prefix.flag_tree": { - "icmpv6.opt.prefix.flag.l": "1", - "icmpv6.opt.prefix.flag.a": "1", - "icmpv6.opt.prefix.flag.r": "0", - "icmpv6.opt.prefix.flag.reserved": "0" - }, - "icmpv6.opt.prefix.valid_lifetime": "4294967295", - "icmpv6.opt.prefix.preferred_lifetime": "4294967295", - "icmpv6.opt.reserved": "", - "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "24", - "icmpv6.opt.length": "3", - "icmpv6.opt.prefix.length": "48", - "icmpv6.opt.route_info.flag": "0x00000000", - "icmpv6.opt.route_info.flag_tree": { - "icmpv6.opt.route_info.flag.route_preference": "0", - "icmpv6.opt.route_info.flag.reserved": "0" - }, - "icmpv6.opt.route_lifetime": "4294967295", - "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "25", - "icmpv6.opt.length": "3", - "icmpv6.opt.reserved": "", - "icmpv6.opt.rdnss.lifetime": "6000", - "icmpv6.opt.rdnss": "fd1e:4e89:3b7b::1" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "7", - "icmpv6.opt.length": "1", - "icmpv6.opt.reserved": "", - "icmpv6.opt.advertisement_interval": "600000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:52.451862000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495472.451862000", - "frame.time_delta": "0.099251000", - "frame.time_delta_displayed": "0.099251000", - "frame.time_relative": "1880.991176000", - "frame.number": "7573", - "frame.len": "150", - "frame.cap_len": "150", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "96", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000b590", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "4", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::fb" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:52.675589000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495472.675589000", - "frame.time_delta": "0.223727000", - "frame.time_delta_displayed": "0.223727000", - "frame.time_relative": "1881.214903000", - "frame.number": "7574", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001fc6", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b82a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000106c", - "udp.checksum.status": "2", - "udp.stream": "98" - }, - "mdns": { - "dns.id": "0x00000289", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=649", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:52.676135000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495472.676135000", - "frame.time_delta": "0.000546000", - "frame.time_delta_displayed": "0.000546000", - "frame.time_relative": "1881.215449000", - "frame.number": "7575", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001fc7", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009925", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f167", - "udp.checksum.status": "2", - "udp.stream": "99" - }, - "mdns": { - "dns.id": "0x00000289", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=649", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:52.676762000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495472.676762000", - "frame.time_delta": "0.000627000", - "frame.time_delta_displayed": "0.000627000", - "frame.time_relative": "1881.216076000", - "frame.number": "7576", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1322", - "udp.dstport": "5353", - "udp.port": "1322", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00007f2d", - "udp.checksum.status": "2", - "udp.stream": "100" - }, - "mdns": { - "dns.id": "0x00000289", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=649", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:53.189933000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495473.189933000", - "frame.time_delta": "0.513171000", - "frame.time_delta_displayed": "0.513171000", - "frame.time_relative": "1881.729247000", - "frame.number": "7577", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" - }, - "eth": { - "eth.dst": "33:33:00:01:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:02", - "eth.addr": "33:33:00:01:00:02", - "eth.addr_resolved": "IPv6mcast_01:00:02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "66", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::1:2", - "ipv6.addr": "ff02::1:2", - "ipv6.dst_host": "ff02::1:2", - "ipv6.host": "ff02::1:2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "546", - "udp.dstport": "547", - "udp.port": "546", - "udp.port": "547", - "udp.length": "66", - "udp.checksum": "0x0000f875", - "udp.checksum.status": "2", - "udp.stream": "15" - }, - "dhcpv6": { - "dhcpv6.msgtype": "1", - "dhcpv6.xid": "0x00312436", - "Elapsed time": { - "dhcpv6.option.type": "8", - "dhcpv6.option.length": "2", - "dhcpv6.option.value": "00:00", - "dhcpv6.elapsed_time": "0" - }, - "Rapid Commit": { - "dhcpv6.option.type": "14", - "dhcpv6.option.length": "0" - }, - "Client Identifier": { - "dhcpv6.option.type": "1", - "dhcpv6.option.length": "14", - "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.type": "1", - "dhcpv6.duidllt.hwtype": "1", - "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", - "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" - }, - "Identity Association for Non-temporary Address": { - "dhcpv6.option.type": "3", - "dhcpv6.option.length": "12", - "dhcpv6.option.value": "30:bf:34:7e:00:00:00:00:00:00:00:00", - "dhcpv6.iaid": "30bf347e", - "dhcpv6.iaid.t1": "0", - "dhcpv6.iaid.t2": "0" - }, - "Option Request": { - "dhcpv6.option.type": "6", - "dhcpv6.option.length": "6", - "dhcpv6.option.value": "00:17:00:18:00:1f", - "dhcpv6.requested_option_code": "23", - "dhcpv6.requested_option_code": "24", - "dhcpv6.requested_option_code": "31" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:53.193852000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495473.193852000", - "frame.time_delta": "0.003919000", - "frame.time_delta_displayed": "0.003919000", - "frame.time_relative": "1881.733166000", - "frame.number": "7578", - "frame.len": "158", - "frame.cap_len": "158", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" - }, - "eth": { - "eth.dst": "33:33:00:01:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:02", - "eth.addr": "33:33:00:01:00:02", - "eth.addr_resolved": "IPv6mcast_01:00:02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "104", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::1:2", - "ipv6.addr": "ff02::1:2", - "ipv6.dst_host": "ff02::1:2", - "ipv6.host": "ff02::1:2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "546", - "udp.dstport": "547", - "udp.port": "546", - "udp.port": "547", - "udp.length": "104", - "udp.checksum": "0x0000497b", - "udp.checksum.status": "2", - "udp.stream": "15" - }, - "dhcpv6": { - "dhcpv6.msgtype": "3", - "dhcpv6.xid": "0x00e8c7b1", - "Elapsed time": { - "dhcpv6.option.type": "8", - "dhcpv6.option.length": "2", - "dhcpv6.option.value": "00:00", - "dhcpv6.elapsed_time": "0" - }, - "Server Identifier": { - "dhcpv6.option.type": "2", - "dhcpv6.option.length": "10", - "dhcpv6.option.value": "00:03:00:01:b0:b9:8a:73:69:8e", - "dhcpv6.duid.bytes": "00:03:00:01:b0:b9:8a:73:69:8e", - "dhcpv6.duid.type": "3", - "dhcpv6.duidll.hwtype": "1", - "dhcpv6.duidll.link_layer_addr": "b0:b9:8a:73:69:8e" - }, - "Client Identifier": { - "dhcpv6.option.type": "1", - "dhcpv6.option.length": "14", - "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.type": "1", - "dhcpv6.duidllt.hwtype": "1", - "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", - "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" - }, - "Identity Association for Non-temporary Address": { - "dhcpv6.option.type": "3", - "dhcpv6.option.length": "40", - "dhcpv6.option.value": "30:bf:34:7e:00:00:54:60:00:00:87:00:00:05:00:18:fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", - "dhcpv6.iaid": "30bf347e", - "dhcpv6.iaid.t1": "21600", - "dhcpv6.iaid.t2": "34560", - "IA Address": { - "dhcpv6.option.type": "5", - "dhcpv6.option.length": "24", - "dhcpv6.option.value": "fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", - "dhcpv6.iaaddr.ip": "fd1e:4e89:3b7b::101", - "dhcpv6.iaaddr.pref_lifetime": "0", - "dhcpv6.iaaddr.valid_lifetime": "0" - } - }, - "Option Request": { - "dhcpv6.option.type": "6", - "dhcpv6.option.length": "6", - "dhcpv6.option.value": "00:17:00:18:00:1f", - "dhcpv6.requested_option_code": "23", - "dhcpv6.requested_option_code": "24", - "dhcpv6.requested_option_code": "31" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:59.629420000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495479.629420000", - "frame.time_delta": "6.435568000", - "frame.time_delta_displayed": "6.435568000", - "frame.time_relative": "1888.168734000", - "frame.number": "7579", - "frame.len": "418", - "frame.cap_len": "418", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "404", - "ip.id": "0x000096e8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007537", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "352", - "tcp.seq": "90967", - "tcp.nxtseq": "91319", - "tcp.ack": "18494", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000019cc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:92:83:a7:a2:1c:65", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2593411, TSecr 2812419173": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2593411", - "tcp.options.timestamp.tsecr": "2812419173" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "352", - "tcp.analysis.push_bytes_sent": "352" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "347", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:85:31:e4:57:76:a1:fb:22:45:d0:82:ba:d7:0f:71:78:2c:25:f7:a8:be:04:29:1c:3b:05:43:6f:ec:89:83:63:aa:55:e0:a8:0c:a6:1d:2d:d7:97:bd:b8:5d:97:4a:c1:8e:e0:37:b6:71:6a:98:d8:ae:c7:1f:1f:f0:e6:be:2f:b1:16:87:18:10:9c:60:22:72:9b:ad:df:c2:c8:31:0c:22:5a:1f:e9:9d:58:8f:ce:43:7a:f3:fa:91:1d:19:0c:25:59:d9:c1:c2:b8:65:77:d6:e7:1f:3e:ff:22:92:d0:8a:b3:1d:4c:aa:54:a9:38:aa:ff:d5:54:7b:4b:1d:79:cd:0b:85:96:03:5b:89:1a:8f:ea:7a:d5:29:1b:cb:84:79:c3:68:79:3b:88:07:47:9b:9e:64:48:23:b0:03:18:78:fc:14:28:40:a4:17:4b:7f:07:ee:a9:2f:33:bc:ef:e5:d1:7a:5a:96:fa:c1:e3:01:90:67:99:61:43:93:66:4a:6f:db:f7:86:b0:88:ab:24:f1:57:7f:0c:64:c8:19:45:e8:e0:aa:f2:b2:44:f3:6a:f9:56:35:0c:8a:5f:e3:df:75:dd:a3:ee:fe:76:16:43:5d:3d:1b:d6:44:15:02:79:0f:f7:96:29:ea:f1:ba:58:63:a8:95:4a:cf:99:70:72:2f:ab:62:01:56:75:3a:03:92:00:ea:01:6f:db:42:59:be:e5:4a:08:dc:d8:4b:e1:b4:dc:f1:2f:69:c1:0f:a1:ae:e7:6d:bc:db:26:e2:26:6f:3e:9c:29:f3:66:36:50:ec:88:eb:26:1c:c6:a2:30:a6:97:77:73:6b:ba:fa:59:aa:37:4b:47:2f:d5:f0:9c:85:72:2e:9c:aa:e8:4a:0a:48:c6:a7" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:59.692153000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495479.692153000", - "frame.time_delta": "0.062733000", - "frame.time_delta_displayed": "0.062733000", - "frame.time_relative": "1888.231467000", - "frame.number": "7580", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002de2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000376e", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "18494", - "tcp.nxtseq": "18541", - "tcp.ack": "91319", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000ad39", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a2:2f:4f:00:27:92:83", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812424015, TSecr 2593411": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812424015", - "tcp.options.timestamp.tsecr": "2593411" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7579", - "tcp.analysis.ack_rtt": "0.062733000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:cd:cf:a1:d9:8d:01:44:1d:3c:43:61:41:cf:6a:5c:3d:cc:06:8c:4d:2d:90:46:81:cf:54:ce:f9:be:99:56:d7:5e:72:33" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:17:59.692590000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495479.692590000", - "frame.time_delta": "0.000437000", - "frame.time_delta_displayed": "0.000437000", - "frame.time_relative": "1888.231904000", - "frame.number": "7581", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x000096e9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007696", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "91319", - "tcp.ack": "18541", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000389a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:92:8a:a7:a2:2f:4f", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2593418, TSecr 2812424015": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2593418", - "tcp.options.timestamp.tsecr": "2812424015" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7580", - "tcp.analysis.ack_rtt": "0.000437000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:18:04.334345000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495484.334345000", - "frame.time_delta": "4.641755000", - "frame.time_delta_displayed": "4.641755000", - "frame.time_relative": "1892.873659000", - "frame.number": "7582", - "frame.len": "94", - "frame.cap_len": "94", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "80", - "ip.id": "0x00005824", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a645", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "40", - "tcp.seq": "5118", - "tcp.nxtseq": "5158", - "tcp.ack": "649", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00002c7c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "40", - "tcp.analysis.push_bytes_sent": "40" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "35", - "ssl.app_data": "c1:4c:bc:6e:d4:4e:36:ed:fd:1a:c4:0c:32:10:4c:e9:6a:60:67:ee:65:33:fb:f7:84:71:86:33:56:e3:09:63:f1:07:32" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:18:04.477626000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495484.477626000", - "frame.time_delta": "0.143281000", - "frame.time_delta_displayed": "0.143281000", - "frame.time_relative": "1893.016940000", - "frame.number": "7583", - "frame.len": "90", - "frame.cap_len": "90", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "76", - "ip.id": "0x00001009", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fd64", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "36", - "tcp.seq": "649", - "tcp.nxtseq": "685", - "tcp.ack": "5158", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000b1ae", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7582", - "tcp.analysis.ack_rtt": "0.143281000", - "tcp.analysis.bytes_in_flight": "36", - "tcp.analysis.push_bytes_sent": "36" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "31", - "ssl.app_data": "54:26:79:5a:1e:3d:fa:72:ca:3b:d3:c3:51:42:c1:65:29:3d:48:07:8f:db:b8:da:b5:a7:8c:38:e4:5b:33" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:18:04.478148000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495484.478148000", - "frame.time_delta": "0.000522000", - "frame.time_delta_displayed": "0.000522000", - "frame.time_relative": "1893.017462000", - "frame.number": "7584", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005825", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a66c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "5158", - "tcp.ack": "685", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000efed", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7583", - "tcp.analysis.ack_rtt": "0.000522000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:18:06.729033000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495486.729033000", - "frame.time_delta": "2.250885000", - "frame.time_delta_displayed": "2.250885000", - "frame.time_relative": "1895.268347000", - "frame.number": "7585", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005e8d", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x0000595c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:18:10.198012000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495490.198012000", - "frame.time_delta": "3.468979000", - "frame.time_delta_displayed": "3.468979000", - "frame.time_relative": "1898.737326000", - "frame.number": "7586", - "frame.len": "92", - "frame.cap_len": "92", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "78", - "ip.id": "0x00000ba3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ed13", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "58", - "udp.checksum": "0x00002028", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "32:00:00:54:42:52:4b:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:00:84:ac:3e:66:26:ce:f2:14:11:00:00:00:2a:43:4e:3c:ce:39:02:00:da:a3:01:00:00:00", - "data.len": "50" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:18:28.822696000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495508.822696000", - "frame.time_delta": "18.624684000", - "frame.time_delta_displayed": "18.624684000", - "frame.time_relative": "1917.362010000", - "frame.number": "7587", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x000058ed", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000706a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:18:28.850987000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495508.850987000", - "frame.time_delta": "0.028291000", - "frame.time_delta_displayed": "0.028291000", - "frame.time_relative": "1917.390301000", - "frame.number": "7588", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "3c:ef:8c:6f:79:5a", - "eth.src_tree": { - "eth.src_resolved": "Zhejiang_6f:79:5a", - "eth.addr": "3c:ef:8c:6f:79:5a", - "eth.addr_resolved": "Zhejiang_6f:79:5a", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.isgratuitous": "1", - "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", - "arp.src.proto_ipv4": "192.168.0.71", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.71" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:18:28.875697000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495508.875697000", - "frame.time_delta": "0.024710000", - "frame.time_delta_displayed": "0.024710000", - "frame.time_relative": "1917.415011000", - "frame.number": "7589", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x000058f2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00007065", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:18:28.928547000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495508.928547000", - "frame.time_delta": "0.052850000", - "frame.time_delta_displayed": "0.052850000", - "frame.time_relative": "1917.467861000", - "frame.number": "7590", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x000058f5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00007059", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:18:28.981450000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495508.981450000", - "frame.time_delta": "0.052903000", - "frame.time_delta_displayed": "0.052903000", - "frame.time_relative": "1917.520764000", - "frame.number": "7591", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x000058fb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00007053", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:18:29.034696000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495509.034696000", - "frame.time_delta": "0.053246000", - "frame.time_delta_displayed": "0.053246000", - "frame.time_relative": "1917.574010000", - "frame.number": "7592", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x000058fc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00007058", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:18:29.087583000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495509.087583000", - "frame.time_delta": "0.052887000", - "frame.time_delta_displayed": "0.052887000", - "frame.time_relative": "1917.626897000", - "frame.number": "7593", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x000058ff", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00007055", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:18:30.706679000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495510.706679000", - "frame.time_delta": "1.619096000", - "frame.time_delta_displayed": "1.619096000", - "frame.time_relative": "1919.245993000", - "frame.number": "7594", - "frame.len": "115", - "frame.cap_len": "115", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "101", - "ip.id": "0x000096ea", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007664", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "49", - "tcp.seq": "91319", - "tcp.nxtseq": "91368", - "tcp.ack": "18541", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000fd03", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:9e:a7:a7:a2:2f:4f", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2596519, TSecr 2812424015": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2596519", - "tcp.options.timestamp.tsecr": "2812424015" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "49", - "tcp.analysis.push_bytes_sent": "49" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "44", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:86:dc:04:f7:83:cf:75:c5:93:e6:75:84:b3:d6:b3:5f:eb:bf:d8:a2:5d:09:2f:d1:89:1a:6c:62:cd:80:5a:49:b7:65:e0:2a:31" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:18:30.767503000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495510.767503000", - "frame.time_delta": "0.060824000", - "frame.time_delta_displayed": "0.060824000", - "frame.time_relative": "1919.306817000", - "frame.number": "7595", - "frame.len": "121", - "frame.cap_len": "121", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "107", - "ip.id": "0x00002de3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003765", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "55", - "tcp.seq": "18541", - "tcp.nxtseq": "18596", - "tcp.ack": "91368", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00002608", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a2:4d:a8:00:27:9e:a7", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812431784, TSecr 2596519": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812431784", - "tcp.options.timestamp.tsecr": "2596519" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7594", - "tcp.analysis.ack_rtt": "0.060824000", - "tcp.analysis.bytes_in_flight": "55", - "tcp.analysis.push_bytes_sent": "55" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "50", - "ssl.app_data": "34:cd:34:17:47:48:0e:ce:dd:f7:31:29:f4:a3:b1:0e:24:86:6b:80:25:86:de:9d:b2:db:4f:ed:5b:1f:9c:cc:63:37:bc:9d:f9:b1:d3:74:ef:64:0f:55:96:ae:dd:d6:34:b3" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:18:30.768011000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495510.768011000", - "frame.time_delta": "0.000508000", - "frame.time_delta_displayed": "0.000508000", - "frame.time_relative": "1919.307325000", - "frame.number": "7596", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x000096eb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007694", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "91368", - "tcp.ack": "18596", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00000db6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:9e:ad:a7:a2:4d:a8", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2596525, TSecr 2812431784": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2596525", - "tcp.options.timestamp.tsecr": "2812431784" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7595", - "tcp.analysis.ack_rtt": "0.000508000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:18:34.498491000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495514.498491000", - "frame.time_delta": "3.730480000", - "frame.time_delta_displayed": "3.730480000", - "frame.time_relative": "1923.037805000", - "frame.number": "7597", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005826", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a66b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "5157", - "tcp.ack": "685", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000efee", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive": "", - "_ws.expert.message": "TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:18:34.641544000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495514.641544000", - "frame.time_delta": "0.143053000", - "frame.time_delta_displayed": "0.143053000", - "frame.time_relative": "1923.180858000", - "frame.number": "7598", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000100a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fd87", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "685", - "tcp.ack": "5158", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000fa63", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive_ack": "", - "_ws.expert.message": "ACK to a TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:18:35.770169000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495515.770169000", - "frame.time_delta": "1.128625000", - "frame.time_delta_displayed": "1.128625000", - "frame.time_relative": "1924.309483000", - "frame.number": "7599", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.242" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:18:35.770592000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495515.770592000", - "frame.time_delta": "0.000423000", - "frame.time_delta_displayed": "0.000423000", - "frame.time_relative": "1924.309906000", - "frame.number": "7600", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "d0:52:a8:a3:60:0f", - "arp.src.proto_ipv4": "192.168.0.242", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:18:36.761398000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495516.761398000", - "frame.time_delta": "0.990806000", - "frame.time_delta_displayed": "0.990806000", - "frame.time_relative": "1925.300712000", - "frame.number": "7601", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005e94", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x00005955", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:18:37.678732000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495517.678732000", - "frame.time_delta": "0.917334000", - "frame.time_delta_displayed": "0.917334000", - "frame.time_relative": "1926.218046000", - "frame.number": "7602", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001fd0", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b820", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000196a", - "udp.checksum.status": "2", - "udp.stream": "98" - }, - "mdns": { - "dns.id": "0x0000028a", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=650", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:18:37.679068000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495517.679068000", - "frame.time_delta": "0.000336000", - "frame.time_delta_displayed": "0.000336000", - "frame.time_relative": "1926.218382000", - "frame.number": "7603", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001fd1", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000991b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000fa65", - "udp.checksum.status": "2", - "udp.stream": "99" - }, - "mdns": { - "dns.id": "0x0000028a", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=650", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:18:37.679565000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495517.679565000", - "frame.time_delta": "0.000497000", - "frame.time_delta_displayed": "0.000497000", - "frame.time_relative": "1926.218879000", - "frame.number": "7604", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1322", - "udp.dstport": "5353", - "udp.port": "1322", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000882b", - "udp.checksum.status": "2", - "udp.stream": "100" - }, - "mdns": { - "dns.id": "0x0000028a", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=650", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:18:39.650181000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495519.650181000", - "frame.time_delta": "1.970616000", - "frame.time_delta_displayed": "1.970616000", - "frame.time_relative": "1928.189495000", - "frame.number": "7605", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.160" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:18:39.650579000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495519.650579000", - "frame.time_delta": "0.000398000", - "frame.time_delta_displayed": "0.000398000", - "frame.time_relative": "1928.189893000", - "frame.number": "7606", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "00:17:88:69:ee:e4", - "arp.src.proto_ipv4": "192.168.0.160", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:18:42.678430000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495522.678430000", - "frame.time_delta": "3.027851000", - "frame.time_delta_displayed": "3.027851000", - "frame.time_relative": "1931.217744000", - "frame.number": "7607", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001fd2", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b81e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000196a", - "udp.checksum.status": "2", - "udp.stream": "98" - }, - "mdns": { - "dns.id": "0x0000028a", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=650", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:18:42.678959000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495522.678959000", - "frame.time_delta": "0.000529000", - "frame.time_delta_displayed": "0.000529000", - "frame.time_relative": "1931.218273000", - "frame.number": "7608", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001fd3", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009919", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000fa65", - "udp.checksum.status": "2", - "udp.stream": "99" - }, - "mdns": { - "dns.id": "0x0000028a", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=650", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:18:42.679587000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495522.679587000", - "frame.time_delta": "0.000628000", - "frame.time_delta_displayed": "0.000628000", - "frame.time_relative": "1931.218901000", - "frame.number": "7609", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1322", - "udp.dstport": "5353", - "udp.port": "1322", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000882b", - "udp.checksum.status": "2", - "udp.stream": "100" - }, - "mdns": { - "dns.id": "0x0000028a", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=650", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:18:47.679349000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495527.679349000", - "frame.time_delta": "4.999762000", - "frame.time_delta_displayed": "4.999762000", - "frame.time_relative": "1936.218663000", - "frame.number": "7610", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001fd4", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b81c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000196a", - "udp.checksum.status": "2", - "udp.stream": "98" - }, - "mdns": { - "dns.id": "0x0000028a", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=650", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:18:47.679816000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495527.679816000", - "frame.time_delta": "0.000467000", - "frame.time_delta_displayed": "0.000467000", - "frame.time_relative": "1936.219130000", - "frame.number": "7611", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001fd5", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009917", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000fa65", - "udp.checksum.status": "2", - "udp.stream": "99" - }, - "mdns": { - "dns.id": "0x0000028a", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=650", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:18:47.680295000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495527.680295000", - "frame.time_delta": "0.000479000", - "frame.time_delta_displayed": "0.000479000", - "frame.time_relative": "1936.219609000", - "frame.number": "7612", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1322", - "udp.dstport": "5353", - "udp.port": "1322", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000882b", - "udp.checksum.status": "2", - "udp.stream": "100" - }, - "mdns": { - "dns.id": "0x0000028a", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=650", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:18:55.348269000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495535.348269000", - "frame.time_delta": "7.667974000", - "frame.time_delta_displayed": "7.667974000", - "frame.time_relative": "1943.887583000", - "frame.number": "7613", - "frame.len": "82", - "frame.cap_len": "82", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "68", - "ip.id": "0x00000ba9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ed17", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "48", - "udp.checksum": "0x00000381", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "28:00:00:54:42:52:4b:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:00:04:3a:26:e4:30:ce:f2:14:96:01:00:00:54:0b:00:00", - "data.len": "40" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:00.598793000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495540.598793000", - "frame.time_delta": "5.250524000", - "frame.time_delta_displayed": "5.250524000", - "frame.time_relative": "1949.138107000", - "frame.number": "7614", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.86" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:01.590412000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495541.590412000", - "frame.time_delta": "0.991619000", - "frame.time_delta_displayed": "0.991619000", - "frame.time_relative": "1950.129726000", - "frame.number": "7615", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.86" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:01.828984000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495541.828984000", - "frame.time_delta": "0.238572000", - "frame.time_delta_displayed": "0.238572000", - "frame.time_relative": "1950.368298000", - "frame.number": "7616", - "frame.len": "115", - "frame.cap_len": "115", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "101", - "ip.id": "0x000096ec", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007662", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "49", - "tcp.seq": "91368", - "tcp.nxtseq": "91417", - "tcp.ack": "18596", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000dd68", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:aa:cb:a7:a2:4d:a8", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2599627, TSecr 2812431784": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2599627", - "tcp.options.timestamp.tsecr": "2812431784" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "49", - "tcp.analysis.push_bytes_sent": "49" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "44", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:87:3c:47:43:ab:a8:84:8c:98:a8:64:ce:9f:67:bc:04:bd:23:0e:3e:6e:b6:2f:c7:00:4c:c3:3c:14:83:a0:b4:a4:a2:48:f9:fa" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:01.890469000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495541.890469000", - "frame.time_delta": "0.061485000", - "frame.time_delta_displayed": "0.061485000", - "frame.time_relative": "1950.429783000", - "frame.number": "7617", - "frame.len": "121", - "frame.cap_len": "121", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "107", - "ip.id": "0x00002de4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003764", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "55", - "tcp.seq": "18596", - "tcp.nxtseq": "18651", - "tcp.ack": "91417", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000327c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a2:6c:0c:00:27:aa:cb", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812439564, TSecr 2599627": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812439564", - "tcp.options.timestamp.tsecr": "2599627" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7616", - "tcp.analysis.ack_rtt": "0.061485000", - "tcp.analysis.bytes_in_flight": "55", - "tcp.analysis.push_bytes_sent": "55" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "50", - "ssl.app_data": "34:cd:34:17:47:48:0e:cf:a3:5c:d9:bf:ed:5b:0d:4f:52:c5:b7:bd:82:e7:4f:24:0f:77:4d:37:cc:33:7f:f4:12:ff:6c:6f:1d:58:fa:0e:c7:cf:8f:ab:45:bf:53:e7:ef:44" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:01.890933000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495541.890933000", - "frame.time_delta": "0.000464000", - "frame.time_delta_displayed": "0.000464000", - "frame.time_relative": "1950.430247000", - "frame.number": "7618", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x000096ed", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007692", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "91417", - "tcp.ack": "18651", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000e2c0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:aa:d6:a7:a2:6c:0c", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2599638, TSecr 2812439564": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2599638", - "tcp.options.timestamp.tsecr": "2812439564" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7617", - "tcp.analysis.ack_rtt": "0.000464000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:02.590290000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495542.590290000", - "frame.time_delta": "0.699357000", - "frame.time_delta_displayed": "0.699357000", - "frame.time_relative": "1951.129604000", - "frame.number": "7619", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.86" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:03.593533000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495543.593533000", - "frame.time_delta": "1.003243000", - "frame.time_delta_displayed": "1.003243000", - "frame.time_relative": "1952.132847000", - "frame.number": "7620", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.86" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:04.590581000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495544.590581000", - "frame.time_delta": "0.997048000", - "frame.time_delta_displayed": "0.997048000", - "frame.time_relative": "1953.129895000", - "frame.number": "7621", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.86" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:04.638436000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495544.638436000", - "frame.time_delta": "0.047855000", - "frame.time_delta_displayed": "0.047855000", - "frame.time_relative": "1953.177750000", - "frame.number": "7622", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005827", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a66a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "5157", - "tcp.ack": "685", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000efee", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive": "", - "_ws.expert.message": "TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:04.812582000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495544.812582000", - "frame.time_delta": "0.174146000", - "frame.time_delta_displayed": "0.174146000", - "frame.time_relative": "1953.351896000", - "frame.number": "7623", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000100b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fd86", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "685", - "tcp.ack": "5158", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000fa63", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive_ack": "", - "_ws.expert.message": "ACK to a TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:05.590321000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495545.590321000", - "frame.time_delta": "0.777739000", - "frame.time_delta_displayed": "0.777739000", - "frame.time_relative": "1954.129635000", - "frame.number": "7624", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.86" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:06.593480000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495546.593480000", - "frame.time_delta": "1.003159000", - "frame.time_delta_displayed": "1.003159000", - "frame.time_relative": "1955.132794000", - "frame.number": "7625", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.86" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:06.940669000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495546.940669000", - "frame.time_delta": "0.347189000", - "frame.time_delta_displayed": "0.347189000", - "frame.time_relative": "1955.479983000", - "frame.number": "7626", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005e9b", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x0000594e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:07.590334000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495547.590334000", - "frame.time_delta": "0.649665000", - "frame.time_delta_displayed": "0.649665000", - "frame.time_relative": "1956.129648000", - "frame.number": "7627", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.86" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:08.590347000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495548.590347000", - "frame.time_delta": "1.000013000", - "frame.time_delta_displayed": "1.000013000", - "frame.time_relative": "1957.129661000", - "frame.number": "7628", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.86" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:09.594001000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495549.594001000", - "frame.time_delta": "1.003654000", - "frame.time_delta_displayed": "1.003654000", - "frame.time_relative": "1958.133315000", - "frame.number": "7629", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.86" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:10.590296000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495550.590296000", - "frame.time_delta": "0.996295000", - "frame.time_delta_displayed": "0.996295000", - "frame.time_relative": "1959.129610000", - "frame.number": "7630", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.86" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:11.590343000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495551.590343000", - "frame.time_delta": "1.000047000", - "frame.time_delta_displayed": "1.000047000", - "frame.time_relative": "1960.129657000", - "frame.number": "7631", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.86" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:12.594570000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495552.594570000", - "frame.time_delta": "1.004227000", - "frame.time_delta_displayed": "1.004227000", - "frame.time_relative": "1961.133884000", - "frame.number": "7632", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.86" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:13.590551000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495553.590551000", - "frame.time_delta": "0.995981000", - "frame.time_delta_displayed": "0.995981000", - "frame.time_relative": "1962.129865000", - "frame.number": "7633", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.86" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:13.824139000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495553.824139000", - "frame.time_delta": "0.233588000", - "frame.time_delta_displayed": "0.233588000", - "frame.time_relative": "1962.363453000", - "frame.number": "7634", - "frame.len": "20", - "frame.cap_len": "20", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:llc" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.len": "6" - }, - "llc": { - "llc.dsap": "0x00000000", - "llc.dsap_tree": { - "llc.dsap.sap": "0", - "llc.dsap.ig": "0" - }, - "llc.ssap": "0x00000001", - "llc.ssap_tree": { - "llc.ssap.sap": "0", - "llc.ssap.cr": "1" - }, - "llc.control": "0x000000af", - "llc.control_tree": { - "llc.control.u_modifier_resp": "0x0000002b", - "llc.control.ftype": "0x00000003" - } - }, - "basicxid": { - "basicxid.llc.xid.format": "0x00000081", - "basicxid.llc.xid.types": "0x00000001", - "basicxid.llc.xid.wsize": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:14.073507000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495554.073507000", - "frame.time_delta": "0.249368000", - "frame.time_delta_displayed": "0.249368000", - "frame.time_relative": "1962.612821000", - "frame.number": "7635", - "frame.len": "350", - "frame.cap_len": "350", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:bootp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "336", - "ip.id": "0x00000000", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ba9d", - "ip.checksum.status": "2", - "ip.src": "0.0.0.0", - "ip.addr": "0.0.0.0", - "ip.src_host": "0.0.0.0", - "ip.host": "0.0.0.0", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "68", - "udp.dstport": "67", - "udp.port": "68", - "udp.port": "67", - "udp.length": "316", - "udp.checksum": "0x00004f9e", - "udp.checksum.status": "2", - "udp.stream": "3" - }, - "bootp": { - "bootp.type": "1", - "bootp.hw.type": "0x00000001", - "bootp.hw.len": "6", - "bootp.hops": "0", - "bootp.id": "0xabcd0001", - "bootp.secs": "0", - "bootp.flags": "0x00000000", - "bootp.flags_tree": { - "bootp.flags.bc": "0", - "bootp.flags.reserved": "0x00000000" - }, - "bootp.ip.client": "0.0.0.0", - "bootp.ip.your": "0.0.0.0", - "bootp.ip.server": "0.0.0.0", - "bootp.ip.relay": "0.0.0.0", - "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", - "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", - "bootp.server": "", - "bootp.file": "", - "bootp.dhcp": "1", - "bootp.cookie": "99.130.83.99", - "bootp.option.type": "53", - "bootp.option.type_tree": { - "bootp.option.length": "1", - "bootp.option.value": "01", - "bootp.option.dhcp": "1" - }, - "bootp.option.type": "12", - "bootp.option.type_tree": { - "bootp.option.length": "14", - "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", - "bootp.option.hostname": "USR-WIFI232-G2" - }, - "bootp.option.type": "57", - "bootp.option.type_tree": { - "bootp.option.length": "2", - "bootp.option.value": "05:dc", - "bootp.option.dhcp_max_message_size": "1500" - }, - "bootp.option.type": "55", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "01:03:1c:06", - "bootp.option.request_list_item": "1", - "bootp.option.request_list_item": "3", - "bootp.option.request_list_item": "28", - "bootp.option.request_list_item": "6" - }, - "bootp.option.type": "0", - "bootp.option.type_tree": { - "bootp.option.end": "255" - }, - "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:14.089490000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495554.089490000", - "frame.time_delta": "0.015983000", - "frame.time_delta_displayed": "0.015983000", - "frame.time_relative": "1962.628804000", - "frame.number": "7636", - "frame.len": "350", - "frame.cap_len": "350", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:bootp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "336", - "ip.id": "0x00000001", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ba9c", - "ip.checksum.status": "2", - "ip.src": "0.0.0.0", - "ip.addr": "0.0.0.0", - "ip.src_host": "0.0.0.0", - "ip.host": "0.0.0.0", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "68", - "udp.dstport": "67", - "udp.port": "68", - "udp.port": "67", - "udp.length": "316", - "udp.checksum": "0x000080b3", - "udp.checksum.status": "2", - "udp.stream": "3" - }, - "bootp": { - "bootp.type": "1", - "bootp.hw.type": "0x00000001", - "bootp.hw.len": "6", - "bootp.hops": "0", - "bootp.id": "0xabcd0002", - "bootp.secs": "0", - "bootp.flags": "0x00000000", - "bootp.flags_tree": { - "bootp.flags.bc": "0", - "bootp.flags.reserved": "0x00000000" - }, - "bootp.ip.client": "0.0.0.0", - "bootp.ip.your": "0.0.0.0", - "bootp.ip.server": "0.0.0.0", - "bootp.ip.relay": "0.0.0.0", - "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", - "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", - "bootp.server": "", - "bootp.file": "", - "bootp.dhcp": "1", - "bootp.cookie": "99.130.83.99", - "bootp.option.type": "53", - "bootp.option.type_tree": { - "bootp.option.length": "1", - "bootp.option.value": "03", - "bootp.option.dhcp": "3" - }, - "bootp.option.type": "12", - "bootp.option.type_tree": { - "bootp.option.length": "14", - "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", - "bootp.option.hostname": "USR-WIFI232-G2" - }, - "bootp.option.type": "57", - "bootp.option.type_tree": { - "bootp.option.length": "2", - "bootp.option.value": "05:dc", - "bootp.option.dhcp_max_message_size": "1500" - }, - "bootp.option.type": "50", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "c0:a8:00:72", - "bootp.option.requested_ip_address": "192.168.0.114" - }, - "bootp.option.type": "54", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "c0:a8:00:01", - "bootp.option.dhcp_server_id": "192.168.0.1" - }, - "bootp.option.type": "55", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "01:03:1c:06", - "bootp.option.request_list_item": "1", - "bootp.option.request_list_item": "3", - "bootp.option.request_list_item": "28", - "bootp.option.request_list_item": "6" - }, - "bootp.option.type": "0", - "bootp.option.type_tree": { - "bootp.option.end": "255" - }, - "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:14.142945000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495554.142945000", - "frame.time_delta": "0.053455000", - "frame.time_delta_displayed": "0.053455000", - "frame.time_relative": "1962.682259000", - "frame.number": "7637", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", - "arp.src.proto_ipv4": "0.0.0.0", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.114" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:14.441961000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495554.441961000", - "frame.time_delta": "0.299016000", - "frame.time_delta_displayed": "0.299016000", - "frame.time_relative": "1962.981275000", - "frame.number": "7638", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", - "arp.src.proto_ipv4": "0.0.0.0", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.114" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:14.590595000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495554.590595000", - "frame.time_delta": "0.148634000", - "frame.time_delta_displayed": "0.148634000", - "frame.time_relative": "1963.129909000", - "frame.number": "7639", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.86" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:15.593411000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495555.593411000", - "frame.time_delta": "1.002816000", - "frame.time_delta_displayed": "1.002816000", - "frame.time_relative": "1964.132725000", - "frame.number": "7640", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.86" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:16.590344000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495556.590344000", - "frame.time_delta": "0.996933000", - "frame.time_delta_displayed": "0.996933000", - "frame.time_relative": "1965.129658000", - "frame.number": "7641", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.86" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:17.590816000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495557.590816000", - "frame.time_delta": "1.000472000", - "frame.time_delta_displayed": "1.000472000", - "frame.time_relative": "1966.130130000", - "frame.number": "7642", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.86" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:18.593814000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495558.593814000", - "frame.time_delta": "1.002998000", - "frame.time_delta_displayed": "1.002998000", - "frame.time_relative": "1967.133128000", - "frame.number": "7643", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.86" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:19.150333000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495559.150333000", - "frame.time_delta": "0.556519000", - "frame.time_delta_displayed": "0.556519000", - "frame.time_relative": "1967.689647000", - "frame.number": "7644", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", - "arp.src.proto_ipv4": "192.168.0.114", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:19.590330000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495559.590330000", - "frame.time_delta": "0.439997000", - "frame.time_delta_displayed": "0.439997000", - "frame.time_relative": "1968.129644000", - "frame.number": "7645", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.86" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:20.590695000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495560.590695000", - "frame.time_delta": "1.000365000", - "frame.time_delta_displayed": "1.000365000", - "frame.time_relative": "1969.130009000", - "frame.number": "7646", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.86" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:21.594615000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495561.594615000", - "frame.time_delta": "1.003920000", - "frame.time_delta_displayed": "1.003920000", - "frame.time_relative": "1970.133929000", - "frame.number": "7647", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.86" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:21.925715000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495561.925715000", - "frame.time_delta": "0.331100000", - "frame.time_delta_displayed": "0.331100000", - "frame.time_relative": "1970.465029000", - "frame.number": "7648", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x0000678d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000061ca", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:21.978565000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495561.978565000", - "frame.time_delta": "0.052850000", - "frame.time_delta_displayed": "0.052850000", - "frame.time_relative": "1970.517879000", - "frame.number": "7649", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x0000678e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000061c9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:22.031451000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495562.031451000", - "frame.time_delta": "0.052886000", - "frame.time_delta_displayed": "0.052886000", - "frame.time_relative": "1970.570765000", - "frame.number": "7650", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x00006792", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000061bc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:22.084376000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495562.084376000", - "frame.time_delta": "0.052925000", - "frame.time_delta_displayed": "0.052925000", - "frame.time_relative": "1970.623690000", - "frame.number": "7651", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x00006795", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000061b9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:22.137340000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495562.137340000", - "frame.time_delta": "0.052964000", - "frame.time_delta_displayed": "0.052964000", - "frame.time_relative": "1970.676654000", - "frame.number": "7652", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x00006797", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000061bd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:22.190194000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495562.190194000", - "frame.time_delta": "0.052854000", - "frame.time_delta_displayed": "0.052854000", - "frame.time_relative": "1970.729508000", - "frame.number": "7653", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x00006798", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000061bc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:22.638688000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495562.638688000", - "frame.time_delta": "0.448494000", - "frame.time_delta_displayed": "0.448494000", - "frame.time_relative": "1971.178002000", - "frame.number": "7654", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.86" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:23.630364000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495563.630364000", - "frame.time_delta": "0.991676000", - "frame.time_delta_displayed": "0.991676000", - "frame.time_relative": "1972.169678000", - "frame.number": "7655", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.86" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:24.590690000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495564.590690000", - "frame.time_delta": "0.960326000", - "frame.time_delta_displayed": "0.960326000", - "frame.time_relative": "1973.130004000", - "frame.number": "7656", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "60:f1:89:96:45:f6", - "arp.src.proto_ipv4": "192.168.0.86", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:24.640455000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495564.640455000", - "frame.time_delta": "0.049765000", - "frame.time_delta_displayed": "0.049765000", - "frame.time_relative": "1973.179769000", - "frame.number": "7657", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:ff:00:00:01", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_ff:00:00:01", - "eth.addr": "33:33:ff:00:00:01", - "eth.addr_resolved": "IPv6mcast_ff:00:00:01", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "32", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "fd1e:4e89:3b7b:0:9c50:1137:e47d:55a4", - "ipv6.addr": "fd1e:4e89:3b7b:0:9c50:1137:e47d:55a4", - "ipv6.src_host": "fd1e:4e89:3b7b:0:9c50:1137:e47d:55a4", - "ipv6.host": "fd1e:4e89:3b7b:0:9c50:1137:e47d:55a4", - "ipv6.dst": "ff02::1:ff00:1", - "ipv6.addr": "ff02::1:ff00:1", - "ipv6.dst_host": "ff02::1:ff00:1", - "ipv6.host": "ff02::1:ff00:1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "135", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000532e", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00:00:00", - "icmpv6.nd.ns.target_address": "fd1e:4e89:3b7b::1", - "icmpv6.opt": { - "icmpv6.opt.type": "1", - "icmpv6.opt.length": "1", - "icmpv6.opt.linkaddr": "60:f1:89:96:45:f6", - "icmpv6.opt.src_linkaddr": "60:f1:89:96:45:f6" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:28.850753000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495568.850753000", - "frame.time_delta": "4.210298000", - "frame.time_delta_displayed": "4.210298000", - "frame.time_relative": "1977.390067000", - "frame.number": "7658", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "3c:ef:8c:6f:79:5a", - "eth.src_tree": { - "eth.src_resolved": "Zhejiang_6f:79:5a", - "eth.addr": "3c:ef:8c:6f:79:5a", - "eth.addr_resolved": "Zhejiang_6f:79:5a", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.isgratuitous": "1", - "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", - "arp.src.proto_ipv4": "192.168.0.71", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.71" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:29.150365000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495569.150365000", - "frame.time_delta": "0.299612000", - "frame.time_delta_displayed": "0.299612000", - "frame.time_relative": "1977.689679000", - "frame.number": "7659", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:ff:00:00:01", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_ff:00:00:01", - "eth.addr": "33:33:ff:00:00:01", - "eth.addr_resolved": "IPv6mcast_ff:00:00:01", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "32", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "fd1e:4e89:3b7b:0:9c50:1137:e47d:55a4", - "ipv6.addr": "fd1e:4e89:3b7b:0:9c50:1137:e47d:55a4", - "ipv6.src_host": "fd1e:4e89:3b7b:0:9c50:1137:e47d:55a4", - "ipv6.host": "fd1e:4e89:3b7b:0:9c50:1137:e47d:55a4", - "ipv6.dst": "ff02::1:ff00:1", - "ipv6.addr": "ff02::1:ff00:1", - "ipv6.dst_host": "ff02::1:ff00:1", - "ipv6.host": "ff02::1:ff00:1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "135", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000532e", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00:00:00", - "icmpv6.nd.ns.target_address": "fd1e:4e89:3b7b::1", - "icmpv6.opt": { - "icmpv6.opt.type": "1", - "icmpv6.opt.length": "1", - "icmpv6.opt.linkaddr": "60:f1:89:96:45:f6", - "icmpv6.opt.src_linkaddr": "60:f1:89:96:45:f6" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:29.560683000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495569.560683000", - "frame.time_delta": "0.410318000", - "frame.time_delta_displayed": "0.410318000", - "frame.time_relative": "1978.099997000", - "frame.number": "7660", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "3c:ef:8c:6f:79:5a", - "eth.src_tree": { - "eth.src_resolved": "Zhejiang_6f:79:5a", - "eth.addr": "3c:ef:8c:6f:79:5a", - "eth.addr_resolved": "Zhejiang_6f:79:5a", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.isgratuitous": "1", - "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", - "arp.src.proto_ipv4": "192.168.0.71", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.71" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:30.143072000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495570.143072000", - "frame.time_delta": "0.582389000", - "frame.time_delta_displayed": "0.582389000", - "frame.time_relative": "1978.682386000", - "frame.number": "7661", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "50:c7:bf:59:d5:84", - "eth.src_tree": { - "eth.src_resolved": "Tp-LinkT_59:d5:84", - "eth.addr": "50:c7:bf:59:d5:84", - "eth.addr_resolved": "Tp-LinkT_59:d5:84", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "50:c7:bf:59:d5:84", - "arp.src.proto_ipv4": "192.168.0.221", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:30.430508000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495570.430508000", - "frame.time_delta": "0.287436000", - "frame.time_delta_displayed": "0.287436000", - "frame.time_relative": "1978.969822000", - "frame.number": "7662", - "frame.len": "168", - "frame.cap_len": "168", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "154", - "ip.id": "0x0000211e", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e726", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "52117", - "udp.dstport": "1900", - "udp.port": "52117", - "udp.port": "1900", - "udp.length": "134", - "udp.checksum": "0x00004d48", - "udp.checksum.status": "2", - "udp.stream": "10" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "17", - "http.prev_request_in": "7418" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:30.832574000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495570.832574000", - "frame.time_delta": "0.402066000", - "frame.time_delta_displayed": "0.402066000", - "frame.time_relative": "1979.371888000", - "frame.number": "7663", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x000084fa", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003251", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "305", - "udp.checksum": "0x0000f985", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "97", - "http.prev_response_in": "7480" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:30.835696000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495570.835696000", - "frame.time_delta": "0.003122000", - "frame.time_delta_displayed": "0.003122000", - "frame.time_relative": "1979.375010000", - "frame.number": "7664", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001c32", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005c35", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54755", - "tcp.dstport": "80", - "tcp.port": "54755", - "tcp.port": "80", - "tcp.stream": "299", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x00004f9a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:30.836232000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495570.836232000", - "frame.time_delta": "0.000536000", - "frame.time_delta_displayed": "0.000536000", - "frame.time_relative": "1979.375546000", - "frame.number": "7665", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54755", - "tcp.port": "80", - "tcp.port": "54755", - "tcp.stream": "299", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00002748", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7664", - "tcp.analysis.ack_rtt": "0.000536000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:30.838326000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495570.838326000", - "frame.time_delta": "0.002094000", - "frame.time_delta_displayed": "0.002094000", - "frame.time_relative": "1979.377640000", - "frame.number": "7666", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001c33", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005c40", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54755", - "tcp.dstport": "80", - "tcp.port": "54755", - "tcp.port": "80", - "tcp.stream": "299", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000d926", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7665", - "tcp.analysis.ack_rtt": "0.002094000", - "tcp.analysis.initial_rtt": "0.002630000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:30.838949000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495570.838949000", - "frame.time_delta": "0.000623000", - "frame.time_delta_displayed": "0.000623000", - "frame.time_relative": "1979.378263000", - "frame.number": "7667", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001c34", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005b98", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54755", - "tcp.dstport": "80", - "tcp.port": "54755", - "tcp.port": "80", - "tcp.stream": "299", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000ee9f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002630000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:30.839423000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495570.839423000", - "frame.time_delta": "0.000474000", - "frame.time_delta_displayed": "0.000474000", - "frame.time_relative": "1979.378737000", - "frame.number": "7668", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000ff6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a87d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54755", - "tcp.port": "80", - "tcp.port": "54755", - "tcp.stream": "299", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000cab7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7667", - "tcp.analysis.ack_rtt": "0.000474000", - "tcp.analysis.initial_rtt": "0.002630000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:30.840211000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495570.840211000", - "frame.time_delta": "0.000788000", - "frame.time_delta_displayed": "0.000788000", - "frame.time_relative": "1979.379525000", - "frame.number": "7669", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00000ff7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a86b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54755", - "tcp.port": "80", - "tcp.port": "54755", - "tcp.stream": "299", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00000ad9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002630000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:30.840222000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495570.840222000", - "frame.time_delta": "0.000011000", - "frame.time_delta_displayed": "0.000011000", - "frame.time_relative": "1979.379536000", - "frame.number": "7670", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00000ff8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a498", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54755", - "tcp.port": "80", - "tcp.port": "54755", - "tcp.stream": "299", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00005d42", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002630000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "7669", - "tcp.segment": "7670", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001273000", - "http.request_in": "7667", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:30.843639000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495570.843639000", - "frame.time_delta": "0.003417000", - "frame.time_delta_displayed": "0.003417000", - "frame.time_relative": "1979.382953000", - "frame.number": "7671", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001c35", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005c3e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54755", - "tcp.dstport": "80", - "tcp.port": "54755", - "tcp.port": "80", - "tcp.stream": "299", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000d48e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7670", - "tcp.analysis.ack_rtt": "0.003417000", - "tcp.analysis.initial_rtt": "0.002630000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:30.844209000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495570.844209000", - "frame.time_delta": "0.000570000", - "frame.time_delta_displayed": "0.000570000", - "frame.time_relative": "1979.383523000", - "frame.number": "7672", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001c36", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005c3d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54755", - "tcp.dstport": "80", - "tcp.port": "54755", - "tcp.port": "80", - "tcp.stream": "299", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000d48d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:30.844655000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495570.844655000", - "frame.time_delta": "0.000446000", - "frame.time_delta_displayed": "0.000446000", - "frame.time_relative": "1979.383969000", - "frame.number": "7673", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000057f7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000607c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54755", - "tcp.port": "80", - "tcp.port": "54755", - "tcp.stream": "299", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000c6c1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7672", - "tcp.analysis.ack_rtt": "0.000446000", - "tcp.analysis.initial_rtt": "0.002630000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:30.885483000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495570.885483000", - "frame.time_delta": "0.040828000", - "frame.time_delta_displayed": "0.040828000", - "frame.time_relative": "1979.424797000", - "frame.number": "7674", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x000084fb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003247", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "314", - "udp.checksum": "0x00000771", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "98", - "http.prev_response_in": "7663" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:30.895883000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495570.895883000", - "frame.time_delta": "0.010400000", - "frame.time_delta_displayed": "0.010400000", - "frame.time_relative": "1979.435197000", - "frame.number": "7675", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001c37", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005c30", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54756", - "tcp.dstport": "80", - "tcp.port": "54756", - "tcp.port": "80", - "tcp.stream": "300", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x00002de5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:30.896429000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495570.896429000", - "frame.time_delta": "0.000546000", - "frame.time_delta_displayed": "0.000546000", - "frame.time_relative": "1979.435743000", - "frame.number": "7676", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54756", - "tcp.port": "80", - "tcp.port": "54756", - "tcp.stream": "300", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000c541", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7675", - "tcp.analysis.ack_rtt": "0.000546000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:30.906457000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495570.906457000", - "frame.time_delta": "0.010028000", - "frame.time_delta_displayed": "0.010028000", - "frame.time_relative": "1979.445771000", - "frame.number": "7677", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001c38", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005c3b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54756", - "tcp.dstport": "80", - "tcp.port": "54756", - "tcp.port": "80", - "tcp.stream": "300", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00007720", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7676", - "tcp.analysis.ack_rtt": "0.010028000", - "tcp.analysis.initial_rtt": "0.010574000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:30.907363000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495570.907363000", - "frame.time_delta": "0.000906000", - "frame.time_delta_displayed": "0.000906000", - "frame.time_relative": "1979.446677000", - "frame.number": "7678", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001c39", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005b93", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54756", - "tcp.dstport": "80", - "tcp.port": "54756", - "tcp.port": "80", - "tcp.stream": "300", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00008c99", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.010574000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:30.907846000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495570.907846000", - "frame.time_delta": "0.000483000", - "frame.time_delta_displayed": "0.000483000", - "frame.time_relative": "1979.447160000", - "frame.number": "7679", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000faf1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000bd81", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54756", - "tcp.port": "80", - "tcp.port": "54756", - "tcp.stream": "300", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000068b1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7678", - "tcp.analysis.ack_rtt": "0.000483000", - "tcp.analysis.initial_rtt": "0.010574000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:30.908477000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495570.908477000", - "frame.time_delta": "0.000631000", - "frame.time_delta_displayed": "0.000631000", - "frame.time_relative": "1979.447791000", - "frame.number": "7680", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000faf2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000bd6f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54756", - "tcp.port": "80", - "tcp.port": "54756", - "tcp.stream": "300", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000a8d2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.010574000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:30.908827000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495570.908827000", - "frame.time_delta": "0.000350000", - "frame.time_delta_displayed": "0.000350000", - "frame.time_relative": "1979.448141000", - "frame.number": "7681", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000faf3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b99c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54756", - "tcp.port": "80", - "tcp.port": "54756", - "tcp.stream": "300", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000fb3b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.010574000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "7680", - "tcp.segment": "7681", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001464000", - "http.request_in": "7678", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:30.911705000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495570.911705000", - "frame.time_delta": "0.002878000", - "frame.time_delta_displayed": "0.002878000", - "frame.time_relative": "1979.451019000", - "frame.number": "7682", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001c3a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005c39", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54756", - "tcp.dstport": "80", - "tcp.port": "54756", - "tcp.port": "80", - "tcp.stream": "300", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00007288", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7681", - "tcp.analysis.ack_rtt": "0.002878000", - "tcp.analysis.initial_rtt": "0.010574000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:30.912301000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495570.912301000", - "frame.time_delta": "0.000596000", - "frame.time_delta_displayed": "0.000596000", - "frame.time_relative": "1979.451615000", - "frame.number": "7683", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001c3b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005c38", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54756", - "tcp.dstport": "80", - "tcp.port": "54756", - "tcp.port": "80", - "tcp.stream": "300", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00007287", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:30.912731000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495570.912731000", - "frame.time_delta": "0.000430000", - "frame.time_delta_displayed": "0.000430000", - "frame.time_relative": "1979.452045000", - "frame.number": "7684", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000057fa", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006079", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54756", - "tcp.port": "80", - "tcp.port": "54756", - "tcp.stream": "300", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000064bb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7683", - "tcp.analysis.ack_rtt": "0.000430000", - "tcp.analysis.initial_rtt": "0.010574000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:30.960825000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495570.960825000", - "frame.time_delta": "0.048094000", - "frame.time_delta_displayed": "0.048094000", - "frame.time_relative": "1979.500139000", - "frame.number": "7685", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x000084fc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000324c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "308", - "udp.checksum": "0x00002afb", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "99", - "http.prev_response_in": "7674" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:30.977239000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495570.977239000", - "frame.time_delta": "0.016414000", - "frame.time_delta_displayed": "0.016414000", - "frame.time_relative": "1979.516553000", - "frame.number": "7686", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001c3c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005c2b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54757", - "tcp.dstport": "80", - "tcp.port": "54757", - "tcp.port": "80", - "tcp.stream": "301", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x00005aa7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:30.977748000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495570.977748000", - "frame.time_delta": "0.000509000", - "frame.time_delta_displayed": "0.000509000", - "frame.time_relative": "1979.517062000", - "frame.number": "7687", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54757", - "tcp.port": "80", - "tcp.port": "54757", - "tcp.stream": "301", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000b776", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7686", - "tcp.analysis.ack_rtt": "0.000509000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:30.980378000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495570.980378000", - "frame.time_delta": "0.002630000", - "frame.time_delta_displayed": "0.002630000", - "frame.time_relative": "1979.519692000", - "frame.number": "7688", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001c3d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005c36", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54757", - "tcp.dstport": "80", - "tcp.port": "54757", - "tcp.port": "80", - "tcp.stream": "301", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00006955", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7687", - "tcp.analysis.ack_rtt": "0.002630000", - "tcp.analysis.initial_rtt": "0.003139000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:30.980988000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495570.980988000", - "frame.time_delta": "0.000610000", - "frame.time_delta_displayed": "0.000610000", - "frame.time_relative": "1979.520302000", - "frame.number": "7689", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001c3e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005b8e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54757", - "tcp.dstport": "80", - "tcp.port": "54757", - "tcp.port": "80", - "tcp.stream": "301", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00007ece", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003139000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:30.981429000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495570.981429000", - "frame.time_delta": "0.000441000", - "frame.time_delta_displayed": "0.000441000", - "frame.time_relative": "1979.520743000", - "frame.number": "7690", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00006e1c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004a57", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54757", - "tcp.port": "80", - "tcp.port": "54757", - "tcp.stream": "301", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00005ae6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7689", - "tcp.analysis.ack_rtt": "0.000441000", - "tcp.analysis.initial_rtt": "0.003139000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:30.982011000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495570.982011000", - "frame.time_delta": "0.000582000", - "frame.time_delta_displayed": "0.000582000", - "frame.time_relative": "1979.521325000", - "frame.number": "7691", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00006e1d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004a45", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54757", - "tcp.port": "80", - "tcp.port": "54757", - "tcp.stream": "301", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00009b07", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003139000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:30.982452000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495570.982452000", - "frame.time_delta": "0.000441000", - "frame.time_delta_displayed": "0.000441000", - "frame.time_relative": "1979.521766000", - "frame.number": "7692", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00006e1e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004672", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54757", - "tcp.port": "80", - "tcp.port": "54757", - "tcp.stream": "301", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000ed70", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003139000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "7691", - "tcp.segment": "7692", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001464000", - "http.request_in": "7689", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:30.985576000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495570.985576000", - "frame.time_delta": "0.003124000", - "frame.time_delta_displayed": "0.003124000", - "frame.time_relative": "1979.524890000", - "frame.number": "7693", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001c3f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005c34", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54757", - "tcp.dstport": "80", - "tcp.port": "54757", - "tcp.port": "80", - "tcp.stream": "301", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000064bd", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7692", - "tcp.analysis.ack_rtt": "0.003124000", - "tcp.analysis.initial_rtt": "0.003139000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:30.986151000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495570.986151000", - "frame.time_delta": "0.000575000", - "frame.time_delta_displayed": "0.000575000", - "frame.time_relative": "1979.525465000", - "frame.number": "7694", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001c40", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005c33", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54757", - "tcp.dstport": "80", - "tcp.port": "54757", - "tcp.port": "80", - "tcp.stream": "301", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000064bc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:30.986568000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495570.986568000", - "frame.time_delta": "0.000417000", - "frame.time_delta_displayed": "0.000417000", - "frame.time_relative": "1979.525882000", - "frame.number": "7695", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000057fe", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006075", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54757", - "tcp.port": "80", - "tcp.port": "54757", - "tcp.stream": "301", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000056f0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7694", - "tcp.analysis.ack_rtt": "0.000417000", - "tcp.analysis.initial_rtt": "0.003139000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:31.837908000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495571.837908000", - "frame.time_delta": "0.851340000", - "frame.time_delta_displayed": "0.851340000", - "frame.time_relative": "1980.377222000", - "frame.number": "7696", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00008523", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003228", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "305", - "udp.checksum": "0x0000f985", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "100", - "http.prev_response_in": "7685" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:31.840814000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495571.840814000", - "frame.time_delta": "0.002906000", - "frame.time_delta_displayed": "0.002906000", - "frame.time_relative": "1980.380128000", - "frame.number": "7697", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001c41", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005c26", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54758", - "tcp.dstport": "80", - "tcp.port": "54758", - "tcp.port": "80", - "tcp.stream": "302", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x000010a4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:31.841358000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495571.841358000", - "frame.time_delta": "0.000544000", - "frame.time_delta_displayed": "0.000544000", - "frame.time_relative": "1980.380672000", - "frame.number": "7698", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54758", - "tcp.port": "80", - "tcp.port": "54758", - "tcp.stream": "302", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000e855", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7697", - "tcp.analysis.ack_rtt": "0.000544000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:31.853165000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495571.853165000", - "frame.time_delta": "0.011807000", - "frame.time_delta_displayed": "0.011807000", - "frame.time_relative": "1980.392479000", - "frame.number": "7699", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001c42", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005c31", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54758", - "tcp.dstport": "80", - "tcp.port": "54758", - "tcp.port": "80", - "tcp.stream": "302", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00009a34", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7698", - "tcp.analysis.ack_rtt": "0.011807000", - "tcp.analysis.initial_rtt": "0.012351000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:31.854010000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495571.854010000", - "frame.time_delta": "0.000845000", - "frame.time_delta_displayed": "0.000845000", - "frame.time_relative": "1980.393324000", - "frame.number": "7700", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001c43", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005b89", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54758", - "tcp.dstport": "80", - "tcp.port": "54758", - "tcp.port": "80", - "tcp.stream": "302", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000afad", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.012351000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:31.854502000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495571.854502000", - "frame.time_delta": "0.000492000", - "frame.time_delta_displayed": "0.000492000", - "frame.time_relative": "1980.393816000", - "frame.number": "7701", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000069be", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004eb5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54758", - "tcp.port": "80", - "tcp.port": "54758", - "tcp.stream": "302", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00008bc5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7700", - "tcp.analysis.ack_rtt": "0.000492000", - "tcp.analysis.initial_rtt": "0.012351000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:31.855139000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495571.855139000", - "frame.time_delta": "0.000637000", - "frame.time_delta_displayed": "0.000637000", - "frame.time_relative": "1980.394453000", - "frame.number": "7702", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x000069bf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004ea3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54758", - "tcp.port": "80", - "tcp.port": "54758", - "tcp.stream": "302", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000cbe6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.012351000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:31.855494000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495571.855494000", - "frame.time_delta": "0.000355000", - "frame.time_delta_displayed": "0.000355000", - "frame.time_relative": "1980.394808000", - "frame.number": "7703", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x000069c0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004ad0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54758", - "tcp.port": "80", - "tcp.port": "54758", - "tcp.stream": "302", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00001e50", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.012351000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "7702", - "tcp.segment": "7703", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001484000", - "http.request_in": "7700", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:31.857549000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495571.857549000", - "frame.time_delta": "0.002055000", - "frame.time_delta_displayed": "0.002055000", - "frame.time_relative": "1980.396863000", - "frame.number": "7704", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001c44", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005c2f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54758", - "tcp.dstport": "80", - "tcp.port": "54758", - "tcp.port": "80", - "tcp.stream": "302", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000959c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7703", - "tcp.analysis.ack_rtt": "0.002055000", - "tcp.analysis.initial_rtt": "0.012351000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:31.858579000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495571.858579000", - "frame.time_delta": "0.001030000", - "frame.time_delta_displayed": "0.001030000", - "frame.time_relative": "1980.397893000", - "frame.number": "7705", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001c45", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005c2e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54758", - "tcp.dstport": "80", - "tcp.port": "54758", - "tcp.port": "80", - "tcp.stream": "302", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000959b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:31.859048000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495571.859048000", - "frame.time_delta": "0.000469000", - "frame.time_delta_displayed": "0.000469000", - "frame.time_relative": "1980.398362000", - "frame.number": "7706", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000582f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006044", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54758", - "tcp.port": "80", - "tcp.port": "54758", - "tcp.stream": "302", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000087cf", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7705", - "tcp.analysis.ack_rtt": "0.000469000", - "tcp.analysis.initial_rtt": "0.012351000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:31.891037000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495571.891037000", - "frame.time_delta": "0.031989000", - "frame.time_delta_displayed": "0.031989000", - "frame.time_relative": "1980.430351000", - "frame.number": "7707", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00008528", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000321a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "314", - "udp.checksum": "0x00000771", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "101", - "http.prev_response_in": "7696" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:31.894256000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495571.894256000", - "frame.time_delta": "0.003219000", - "frame.time_delta_displayed": "0.003219000", - "frame.time_relative": "1980.433570000", - "frame.number": "7708", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001c46", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005c21", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54759", - "tcp.dstport": "80", - "tcp.port": "54759", - "tcp.port": "80", - "tcp.stream": "303", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x0000fa12", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:31.894791000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495571.894791000", - "frame.time_delta": "0.000535000", - "frame.time_delta_displayed": "0.000535000", - "frame.time_relative": "1980.434105000", - "frame.number": "7709", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54759", - "tcp.port": "80", - "tcp.port": "54759", - "tcp.stream": "303", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x000057a4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7708", - "tcp.analysis.ack_rtt": "0.000535000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:31.896943000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495571.896943000", - "frame.time_delta": "0.002152000", - "frame.time_delta_displayed": "0.002152000", - "frame.time_relative": "1980.436257000", - "frame.number": "7710", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001c47", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005c2c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54759", - "tcp.dstport": "80", - "tcp.port": "54759", - "tcp.port": "80", - "tcp.stream": "303", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00000983", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7709", - "tcp.analysis.ack_rtt": "0.002152000", - "tcp.analysis.initial_rtt": "0.002687000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:31.897645000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495571.897645000", - "frame.time_delta": "0.000702000", - "frame.time_delta_displayed": "0.000702000", - "frame.time_relative": "1980.436959000", - "frame.number": "7711", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001c48", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005b84", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54759", - "tcp.dstport": "80", - "tcp.port": "54759", - "tcp.port": "80", - "tcp.stream": "303", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00001efc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002687000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:31.898131000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495571.898131000", - "frame.time_delta": "0.000486000", - "frame.time_delta_displayed": "0.000486000", - "frame.time_relative": "1980.437445000", - "frame.number": "7712", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000a2fb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001578", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54759", - "tcp.port": "80", - "tcp.port": "54759", - "tcp.stream": "303", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000fb13", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7711", - "tcp.analysis.ack_rtt": "0.000486000", - "tcp.analysis.initial_rtt": "0.002687000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:31.898799000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495571.898799000", - "frame.time_delta": "0.000668000", - "frame.time_delta_displayed": "0.000668000", - "frame.time_relative": "1980.438113000", - "frame.number": "7713", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000a2fc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001566", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54759", - "tcp.port": "80", - "tcp.port": "54759", - "tcp.stream": "303", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00003b35", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002687000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:31.899152000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495571.899152000", - "frame.time_delta": "0.000353000", - "frame.time_delta_displayed": "0.000353000", - "frame.time_relative": "1980.438466000", - "frame.number": "7714", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000a2fd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001193", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54759", - "tcp.port": "80", - "tcp.port": "54759", - "tcp.stream": "303", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00008d9e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002687000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "7713", - "tcp.segment": "7714", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001507000", - "http.request_in": "7711", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:31.901463000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495571.901463000", - "frame.time_delta": "0.002311000", - "frame.time_delta_displayed": "0.002311000", - "frame.time_relative": "1980.440777000", - "frame.number": "7715", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001c49", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005c2a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54759", - "tcp.dstport": "80", - "tcp.port": "54759", - "tcp.port": "80", - "tcp.stream": "303", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000004eb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7714", - "tcp.analysis.ack_rtt": "0.002311000", - "tcp.analysis.initial_rtt": "0.002687000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:31.902119000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495571.902119000", - "frame.time_delta": "0.000656000", - "frame.time_delta_displayed": "0.000656000", - "frame.time_relative": "1980.441433000", - "frame.number": "7716", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001c4a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005c29", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54759", - "tcp.dstport": "80", - "tcp.port": "54759", - "tcp.port": "80", - "tcp.stream": "303", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000004ea", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:31.902566000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495571.902566000", - "frame.time_delta": "0.000447000", - "frame.time_delta_displayed": "0.000447000", - "frame.time_relative": "1980.441880000", - "frame.number": "7717", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005833", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006040", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54759", - "tcp.port": "80", - "tcp.port": "54759", - "tcp.stream": "303", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000f71d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7716", - "tcp.analysis.ack_rtt": "0.000447000", - "tcp.analysis.initial_rtt": "0.002687000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:31.943888000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495571.943888000", - "frame.time_delta": "0.041322000", - "frame.time_delta_displayed": "0.041322000", - "frame.time_relative": "1980.483202000", - "frame.number": "7718", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000852d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000321b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "308", - "udp.checksum": "0x00002afb", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "102", - "http.prev_response_in": "7707" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:31.946640000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495571.946640000", - "frame.time_delta": "0.002752000", - "frame.time_delta_displayed": "0.002752000", - "frame.time_relative": "1980.485954000", - "frame.number": "7719", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001c4b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005c1c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54760", - "tcp.dstport": "80", - "tcp.port": "54760", - "tcp.port": "80", - "tcp.stream": "304", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x0000348d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:31.947189000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495571.947189000", - "frame.time_delta": "0.000549000", - "frame.time_delta_displayed": "0.000549000", - "frame.time_relative": "1980.486503000", - "frame.number": "7720", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54760", - "tcp.port": "80", - "tcp.port": "54760", - "tcp.stream": "304", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00006ddd", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7719", - "tcp.analysis.ack_rtt": "0.000549000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:31.955132000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495571.955132000", - "frame.time_delta": "0.007943000", - "frame.time_delta_displayed": "0.007943000", - "frame.time_relative": "1980.494446000", - "frame.number": "7721", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001c4c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005c27", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54760", - "tcp.dstport": "80", - "tcp.port": "54760", - "tcp.port": "80", - "tcp.stream": "304", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00001fbc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7720", - "tcp.analysis.ack_rtt": "0.007943000", - "tcp.analysis.initial_rtt": "0.008492000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:31.955714000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495571.955714000", - "frame.time_delta": "0.000582000", - "frame.time_delta_displayed": "0.000582000", - "frame.time_relative": "1980.495028000", - "frame.number": "7722", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001c4d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005b7f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54760", - "tcp.dstport": "80", - "tcp.port": "54760", - "tcp.port": "80", - "tcp.stream": "304", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00003535", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.008492000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:31.956202000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495571.956202000", - "frame.time_delta": "0.000488000", - "frame.time_delta_displayed": "0.000488000", - "frame.time_relative": "1980.495516000", - "frame.number": "7723", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e5a9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d2c9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54760", - "tcp.port": "80", - "tcp.port": "54760", - "tcp.stream": "304", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000114d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7722", - "tcp.analysis.ack_rtt": "0.000488000", - "tcp.analysis.initial_rtt": "0.008492000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:31.956838000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495571.956838000", - "frame.time_delta": "0.000636000", - "frame.time_delta_displayed": "0.000636000", - "frame.time_relative": "1980.496152000", - "frame.number": "7724", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000e5aa", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d2b7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54760", - "tcp.port": "80", - "tcp.port": "54760", - "tcp.stream": "304", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000516e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.008492000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:31.957208000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495571.957208000", - "frame.time_delta": "0.000370000", - "frame.time_delta_displayed": "0.000370000", - "frame.time_relative": "1980.496522000", - "frame.number": "7725", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000e5ab", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000cee4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54760", - "tcp.port": "80", - "tcp.port": "54760", - "tcp.stream": "304", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000a3d7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.008492000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "7724", - "tcp.segment": "7725", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001494000", - "http.request_in": "7722", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:31.959089000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495571.959089000", - "frame.time_delta": "0.001881000", - "frame.time_delta_displayed": "0.001881000", - "frame.time_relative": "1980.498403000", - "frame.number": "7726", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001c4e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005c25", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54760", - "tcp.dstport": "80", - "tcp.port": "54760", - "tcp.port": "80", - "tcp.stream": "304", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00001b24", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7725", - "tcp.analysis.ack_rtt": "0.001881000", - "tcp.analysis.initial_rtt": "0.008492000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:31.959727000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495571.959727000", - "frame.time_delta": "0.000638000", - "frame.time_delta_displayed": "0.000638000", - "frame.time_relative": "1980.499041000", - "frame.number": "7727", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001c4f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005c24", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54760", - "tcp.dstport": "80", - "tcp.port": "54760", - "tcp.port": "80", - "tcp.stream": "304", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00001b23", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:31.960196000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495571.960196000", - "frame.time_delta": "0.000469000", - "frame.time_delta_displayed": "0.000469000", - "frame.time_relative": "1980.499510000", - "frame.number": "7728", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005834", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000603f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54760", - "tcp.port": "80", - "tcp.port": "54760", - "tcp.stream": "304", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00000d57", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7727", - "tcp.analysis.ack_rtt": "0.000469000", - "tcp.analysis.initial_rtt": "0.008492000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:32.681219000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495572.681219000", - "frame.time_delta": "0.721023000", - "frame.time_delta_displayed": "0.721023000", - "frame.time_relative": "1981.220533000", - "frame.number": "7729", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001fdb", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b815", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00001869", - "udp.checksum.status": "2", - "udp.stream": "98" - }, - "mdns": { - "dns.id": "0x0000028b", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=651", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:32.681759000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495572.681759000", - "frame.time_delta": "0.000540000", - "frame.time_delta_displayed": "0.000540000", - "frame.time_relative": "1981.221073000", - "frame.number": "7730", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001fdc", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009910", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f964", - "udp.checksum.status": "2", - "udp.stream": "99" - }, - "mdns": { - "dns.id": "0x0000028b", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=651", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:32.682360000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495572.682360000", - "frame.time_delta": "0.000601000", - "frame.time_delta_displayed": "0.000601000", - "frame.time_relative": "1981.221674000", - "frame.number": "7731", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1322", - "udp.dstport": "5353", - "udp.port": "1322", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000872a", - "udp.checksum.status": "2", - "udp.stream": "100" - }, - "mdns": { - "dns.id": "0x0000028b", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=651", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:32.731945000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495572.731945000", - "frame.time_delta": "0.049585000", - "frame.time_delta_displayed": "0.049585000", - "frame.time_relative": "1981.271259000", - "frame.number": "7732", - "frame.len": "417", - "frame.cap_len": "417", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "403", - "ip.id": "0x000096ee", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007532", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "351", - "tcp.seq": "91417", - "tcp.nxtseq": "91768", - "tcp.ack": "18651", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000430b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:b6:e2:a7:a2:6c:0c", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2602722, TSecr 2812439564": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2602722", - "tcp.options.timestamp.tsecr": "2812439564" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "351", - "tcp.analysis.push_bytes_sent": "351" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "346", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:88:a6:1d:56:01:a9:96:05:44:11:d4:2b:53:50:c1:23:5f:7b:88:09:a8:44:48:ba:8b:d2:de:39:90:15:8e:98:13:e9:96:c1:6d:c1:15:c2:d4:36:29:ea:b1:e9:42:50:c3:bb:88:7f:48:a5:3e:fd:48:29:a6:57:51:ca:5e:c5:5a:e1:91:bc:80:03:e9:81:9b:d3:ca:ed:bf:8b:94:82:19:03:5a:b5:47:96:24:37:23:4f:3b:e4:72:9d:e2:0d:36:f9:c6:e4:9d:c5:b3:8b:b7:fb:03:13:1d:f1:36:2a:3e:bb:88:d0:4c:b2:8f:95:29:6e:73:97:64:03:fd:b0:19:93:41:7e:cd:da:21:c4:75:3d:0f:e3:bb:1f:3e:64:0c:ac:c7:f3:4d:d5:9a:94:fd:84:c4:86:dc:45:66:79:1e:da:f4:0a:3c:af:b9:9d:03:d2:82:16:76:14:09:0a:68:65:4c:de:ed:45:b2:d3:b8:a8:16:77:71:ba:f7:f5:7a:51:3f:f0:61:27:01:73:a7:ba:cb:88:cd:98:05:df:75:85:2d:17:54:3d:26:41:d3:75:1b:78:7c:8d:70:cf:bc:34:0e:1b:e7:e4:0c:7b:5a:b2:9b:a0:8d:c9:14:40:27:e9:9f:14:8b:32:8b:10:bb:05:f0:7c:10:db:89:c0:99:7c:06:08:4a:26:13:5b:57:7e:e6:81:0b:66:85:89:f2:79:63:01:e1:bd:a4:6a:27:75:d7:b4:a3:ee:a4:f8:5b:5c:47:60:76:f2:3a:ed:76:b0:c2:28:b7:4f:18:93:16:7f:4a:80:56:3d:ac:97:63:c3:df:68:e0:e2:6b:49:ff:9e:25:75:47:c9:a7:b1:7b:47:17:68:7a:92:58:81:10:53:94" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:32.793671000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495572.793671000", - "frame.time_delta": "0.061726000", - "frame.time_delta_displayed": "0.061726000", - "frame.time_relative": "1981.332985000", - "frame.number": "7733", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002de5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000376b", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "18651", - "tcp.nxtseq": "18698", - "tcp.ack": "91768", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00002912", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a2:8a:3a:00:27:b6:e2", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812447290, TSecr 2602722": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812447290", - "tcp.options.timestamp.tsecr": "2602722" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7732", - "tcp.analysis.ack_rtt": "0.061726000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:d0:c1:e0:0c:9e:d5:c3:2f:70:83:3c:80:5e:0c:46:6e:fd:cc:4d:c8:72:11:e2:09:59:f0:23:03:92:47:01:28:12:a5:f7" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:32.794102000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495572.794102000", - "frame.time_delta": "0.000431000", - "frame.time_delta_displayed": "0.000431000", - "frame.time_relative": "1981.333416000", - "frame.number": "7734", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x000096ef", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007690", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "91768", - "tcp.ack": "18698", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000b6f2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:b6:e8:a7:a2:8a:3a", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2602728, TSecr 2812447290": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2602728", - "tcp.options.timestamp.tsecr": "2812447290" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7733", - "tcp.analysis.ack_rtt": "0.000431000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:34.808386000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495574.808386000", - "frame.time_delta": "2.014284000", - "frame.time_delta_displayed": "2.014284000", - "frame.time_relative": "1983.347700000", - "frame.number": "7735", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005828", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a669", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "5157", - "tcp.ack": "685", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000efee", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive": "", - "_ws.expert.message": "TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:34.951591000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495574.951591000", - "frame.time_delta": "0.143205000", - "frame.time_delta_displayed": "0.143205000", - "frame.time_relative": "1983.490905000", - "frame.number": "7736", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000100c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fd85", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "685", - "tcp.ack": "5158", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000fa63", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive_ack": "", - "_ws.expert.message": "ACK to a TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:36.676445000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495576.676445000", - "frame.time_delta": "1.724854000", - "frame.time_delta_displayed": "1.724854000", - "frame.time_relative": "1985.215759000", - "frame.number": "7737", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x0000211f", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e6f5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53846", - "udp.dstport": "1900", - "udp.port": "53846", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x00007807", - "udp.checksum.status": "2", - "udp.stream": "140" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:36.814331000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495576.814331000", - "frame.time_delta": "0.137886000", - "frame.time_delta_displayed": "0.137886000", - "frame.time_relative": "1985.353645000", - "frame.number": "7738", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005ec0", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x00005929", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:37.261593000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495577.261593000", - "frame.time_delta": "0.447262000", - "frame.time_delta_displayed": "0.447262000", - "frame.time_relative": "1985.800907000", - "frame.number": "7739", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x000085b4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003197", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "53846", - "udp.port": "1900", - "udp.port": "53846", - "udp.length": "305", - "udp.checksum": "0x0000f2c4", - "udp.checksum.status": "2", - "udp.stream": "141" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:37.314404000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495577.314404000", - "frame.time_delta": "0.052811000", - "frame.time_delta_displayed": "0.052811000", - "frame.time_relative": "1985.853718000", - "frame.number": "7740", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x000085b5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000318d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "53846", - "udp.port": "1900", - "udp.port": "53846", - "udp.length": "314", - "udp.checksum": "0x000000b0", - "udp.checksum.status": "2", - "udp.stream": "141" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "2", - "http.prev_response_in": "7739" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:37.367229000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495577.367229000", - "frame.time_delta": "0.052825000", - "frame.time_delta_displayed": "0.052825000", - "frame.time_relative": "1985.906543000", - "frame.number": "7741", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x000085b7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003191", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "53846", - "udp.port": "1900", - "udp.port": "53846", - "udp.length": "308", - "udp.checksum": "0x0000243a", - "udp.checksum.status": "2", - "udp.stream": "141" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "3", - "http.prev_response_in": "7740" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:37.677375000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495577.677375000", - "frame.time_delta": "0.310146000", - "frame.time_delta_displayed": "0.310146000", - "frame.time_relative": "1986.216689000", - "frame.number": "7742", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x00002120", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e6f4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53846", - "udp.dstport": "1900", - "udp.port": "53846", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x00007807", - "udp.checksum.status": "2", - "udp.stream": "140" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "2", - "http.prev_request_in": "7737" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:37.681490000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495577.681490000", - "frame.time_delta": "0.004115000", - "frame.time_delta_displayed": "0.004115000", - "frame.time_relative": "1986.220804000", - "frame.number": "7743", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001fdd", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b813", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00001869", - "udp.checksum.status": "2", - "udp.stream": "98" - }, - "mdns": { - "dns.id": "0x0000028b", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=651", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:37.682018000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495577.682018000", - "frame.time_delta": "0.000528000", - "frame.time_delta_displayed": "0.000528000", - "frame.time_relative": "1986.221332000", - "frame.number": "7744", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001fde", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000990e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f964", - "udp.checksum.status": "2", - "udp.stream": "99" - }, - "mdns": { - "dns.id": "0x0000028b", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=651", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:37.683613000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495577.683613000", - "frame.time_delta": "0.001595000", - "frame.time_delta_displayed": "0.001595000", - "frame.time_relative": "1986.222927000", - "frame.number": "7745", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1322", - "udp.dstport": "5353", - "udp.port": "1322", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000872a", - "udp.checksum.status": "2", - "udp.stream": "100" - }, - "mdns": { - "dns.id": "0x0000028b", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=651", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:37.800442000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495577.800442000", - "frame.time_delta": "0.116829000", - "frame.time_delta_displayed": "0.116829000", - "frame.time_relative": "1986.339756000", - "frame.number": "7746", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.242" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:37.800880000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495577.800880000", - "frame.time_delta": "0.000438000", - "frame.time_delta_displayed": "0.000438000", - "frame.time_relative": "1986.340194000", - "frame.number": "7747", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "d0:52:a8:a3:60:0f", - "arp.src.proto_ipv4": "192.168.0.242", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:38.266657000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495578.266657000", - "frame.time_delta": "0.465777000", - "frame.time_delta_displayed": "0.465777000", - "frame.time_relative": "1986.805971000", - "frame.number": "7748", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00008607", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003144", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "53846", - "udp.port": "1900", - "udp.port": "53846", - "udp.length": "305", - "udp.checksum": "0x0000f2c4", - "udp.checksum.status": "2", - "udp.stream": "141" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "4", - "http.prev_response_in": "7741" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:38.319451000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495578.319451000", - "frame.time_delta": "0.052794000", - "frame.time_delta_displayed": "0.052794000", - "frame.time_relative": "1986.858765000", - "frame.number": "7749", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000860c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003136", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "53846", - "udp.port": "1900", - "udp.port": "53846", - "udp.length": "314", - "udp.checksum": "0x000000b0", - "udp.checksum.status": "2", - "udp.stream": "141" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "5", - "http.prev_response_in": "7748" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:38.372232000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495578.372232000", - "frame.time_delta": "0.052781000", - "frame.time_delta_displayed": "0.052781000", - "frame.time_relative": "1986.911546000", - "frame.number": "7750", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000860f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003139", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "53846", - "udp.port": "1900", - "udp.port": "53846", - "udp.length": "308", - "udp.checksum": "0x0000243a", - "udp.checksum.status": "2", - "udp.stream": "141" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "6", - "http.prev_response_in": "7749" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:38.678652000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495578.678652000", - "frame.time_delta": "0.306420000", - "frame.time_delta_displayed": "0.306420000", - "frame.time_relative": "1987.217966000", - "frame.number": "7751", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x00002121", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e6f3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53846", - "udp.dstport": "1900", - "udp.port": "53846", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x00007807", - "udp.checksum.status": "2", - "udp.stream": "140" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "3", - "http.prev_request_in": "7742" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:38.793213000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495578.793213000", - "frame.time_delta": "0.114561000", - "frame.time_delta_displayed": "0.114561000", - "frame.time_relative": "1987.332527000", - "frame.number": "7752", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000861c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000312f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "53846", - "udp.port": "1900", - "udp.port": "53846", - "udp.length": "305", - "udp.checksum": "0x0000f2c4", - "udp.checksum.status": "2", - "udp.stream": "141" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "7", - "http.prev_response_in": "7750" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:38.845993000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495578.845993000", - "frame.time_delta": "0.052780000", - "frame.time_delta_displayed": "0.052780000", - "frame.time_relative": "1987.385307000", - "frame.number": "7753", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000861d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003125", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "53846", - "udp.port": "1900", - "udp.port": "53846", - "udp.length": "314", - "udp.checksum": "0x000000b0", - "udp.checksum.status": "2", - "udp.stream": "141" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "8", - "http.prev_response_in": "7752" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:38.898800000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495578.898800000", - "frame.time_delta": "0.052807000", - "frame.time_delta_displayed": "0.052807000", - "frame.time_relative": "1987.438114000", - "frame.number": "7754", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00008623", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003125", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "53846", - "udp.port": "1900", - "udp.port": "53846", - "udp.length": "308", - "udp.checksum": "0x0000243a", - "udp.checksum.status": "2", - "udp.stream": "141" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "9", - "http.prev_response_in": "7753" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:39.678785000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495579.678785000", - "frame.time_delta": "0.779985000", - "frame.time_delta_displayed": "0.779985000", - "frame.time_relative": "1988.218099000", - "frame.number": "7755", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x00002122", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e6f2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53846", - "udp.dstport": "1900", - "udp.port": "53846", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x00007807", - "udp.checksum.status": "2", - "udp.stream": "140" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "4", - "http.prev_request_in": "7751" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:39.818299000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495579.818299000", - "frame.time_delta": "0.139514000", - "frame.time_delta_displayed": "0.139514000", - "frame.time_relative": "1988.357613000", - "frame.number": "7756", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "00:17:88:69:ee:e4", - "arp.src.proto_ipv4": "192.168.0.160", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:39.818484000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495579.818484000", - "frame.time_delta": "0.000185000", - "frame.time_delta_displayed": "0.000185000", - "frame.time_relative": "1988.357798000", - "frame.number": "7757", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:17:88:69:ee:e4", - "arp.dst.proto_ipv4": "192.168.0.160" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:39.845718000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495579.845718000", - "frame.time_delta": "0.027234000", - "frame.time_delta_displayed": "0.027234000", - "frame.time_relative": "1988.385032000", - "frame.number": "7758", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00008627", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003124", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "53846", - "udp.port": "1900", - "udp.port": "53846", - "udp.length": "305", - "udp.checksum": "0x0000f2c4", - "udp.checksum.status": "2", - "udp.stream": "141" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "10", - "http.prev_response_in": "7754" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:39.898539000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495579.898539000", - "frame.time_delta": "0.052821000", - "frame.time_delta_displayed": "0.052821000", - "frame.time_relative": "1988.437853000", - "frame.number": "7759", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000862d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003115", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "53846", - "udp.port": "1900", - "udp.port": "53846", - "udp.length": "314", - "udp.checksum": "0x000000b0", - "udp.checksum.status": "2", - "udp.stream": "141" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "11", - "http.prev_response_in": "7758" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:39.951334000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495579.951334000", - "frame.time_delta": "0.052795000", - "frame.time_delta_displayed": "0.052795000", - "frame.time_relative": "1988.490648000", - "frame.number": "7760", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000862f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003119", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "53846", - "udp.port": "1900", - "udp.port": "53846", - "udp.length": "308", - "udp.checksum": "0x0000243a", - "udp.checksum.status": "2", - "udp.stream": "141" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "12", - "http.prev_response_in": "7759" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:40.199291000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495580.199291000", - "frame.time_delta": "0.247957000", - "frame.time_delta_displayed": "0.247957000", - "frame.time_relative": "1988.738605000", - "frame.number": "7761", - "frame.len": "142", - "frame.cap_len": "142", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:adwin_config" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "128", - "ip.id": "0x00000bac", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ecd8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "108", - "udp.checksum": "0x0000dfe5", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "adwin_config": { - "adwin_config.command": "1409286244", - "adwin_config.version": "1380667970", - "adwin_config.mac": "d0:73:d5:02:41:da", - "adwin_config.unused": "", - "adwin_config.server_ip": "88.70.73.76", - "adwin_config.unused": "", - "adwin_config.netmask": "85.106.234.132", - "adwin_config.unused": "", - "adwin_config.gateway": "0.0.0.59", - "adwin_config.unused": "", - "adwin_config.dhcp": "1", - "adwin_config.port": "351456827", - "adwin_config.password": "", - "adwin_config.bootloader": "0", - "adwin_config.unused": "", - "adwin_config.description": "", - "adwin_config.date": "", - "adwin_config.revision": "", - "adwin_config.processor_type_raw": "", - "adwin_config.processor_type": "Unknown", - "adwin_config.system_type_raw": "", - "adwin_config.system_type": "Unknown" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:40.950876000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495580.950876000", - "frame.time_delta": "0.751585000", - "frame.time_delta_displayed": "0.751585000", - "frame.time_relative": "1989.490190000", - "frame.number": "7762", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00008676", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000030d5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "53846", - "udp.port": "1900", - "udp.port": "53846", - "udp.length": "305", - "udp.checksum": "0x0000f2c4", - "udp.checksum.status": "2", - "udp.stream": "141" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "13", - "http.prev_response_in": "7760" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:41.003666000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495581.003666000", - "frame.time_delta": "0.052790000", - "frame.time_delta_displayed": "0.052790000", - "frame.time_relative": "1989.542980000", - "frame.number": "7763", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00008679", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000030c9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "53846", - "udp.port": "1900", - "udp.port": "53846", - "udp.length": "314", - "udp.checksum": "0x000000b0", - "udp.checksum.status": "2", - "udp.stream": "141" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "14", - "http.prev_response_in": "7762" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:41.056572000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495581.056572000", - "frame.time_delta": "0.052906000", - "frame.time_delta_displayed": "0.052906000", - "frame.time_relative": "1989.595886000", - "frame.number": "7764", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000867b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000030cd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "53846", - "udp.port": "1900", - "udp.port": "53846", - "udp.length": "308", - "udp.checksum": "0x0000243a", - "udp.checksum.status": "2", - "udp.stream": "141" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "15", - "http.prev_response_in": "7763" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:42.003743000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495582.003743000", - "frame.time_delta": "0.947171000", - "frame.time_delta_displayed": "0.947171000", - "frame.time_relative": "1990.543057000", - "frame.number": "7765", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x000086b5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003096", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "53846", - "udp.port": "1900", - "udp.port": "53846", - "udp.length": "305", - "udp.checksum": "0x0000f2c4", - "udp.checksum.status": "2", - "udp.stream": "141" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "16", - "http.prev_response_in": "7764" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:42.056509000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495582.056509000", - "frame.time_delta": "0.052766000", - "frame.time_delta_displayed": "0.052766000", - "frame.time_relative": "1990.595823000", - "frame.number": "7766", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x000086b9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003089", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "53846", - "udp.port": "1900", - "udp.port": "53846", - "udp.length": "314", - "udp.checksum": "0x000000b0", - "udp.checksum.status": "2", - "udp.stream": "141" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "17", - "http.prev_response_in": "7765" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:42.109332000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495582.109332000", - "frame.time_delta": "0.052823000", - "frame.time_delta_displayed": "0.052823000", - "frame.time_relative": "1990.648646000", - "frame.number": "7767", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x000086bc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000308c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "53846", - "udp.port": "1900", - "udp.port": "53846", - "udp.length": "308", - "udp.checksum": "0x0000243a", - "udp.checksum.status": "2", - "udp.stream": "141" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "18", - "http.prev_response_in": "7766" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:42.267289000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495582.267289000", - "frame.time_delta": "0.157957000", - "frame.time_delta_displayed": "0.157957000", - "frame.time_relative": "1990.806603000", - "frame.number": "7768", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x000086be", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000308d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "53846", - "udp.port": "1900", - "udp.port": "53846", - "udp.length": "305", - "udp.checksum": "0x0000f2c4", - "udp.checksum.status": "2", - "udp.stream": "141" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "19", - "http.prev_response_in": "7767" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:42.320054000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495582.320054000", - "frame.time_delta": "0.052765000", - "frame.time_delta_displayed": "0.052765000", - "frame.time_relative": "1990.859368000", - "frame.number": "7769", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x000086c4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000307e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "53846", - "udp.port": "1900", - "udp.port": "53846", - "udp.length": "314", - "udp.checksum": "0x000000b0", - "udp.checksum.status": "2", - "udp.stream": "141" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "20", - "http.prev_response_in": "7768" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:42.372781000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495582.372781000", - "frame.time_delta": "0.052727000", - "frame.time_delta_displayed": "0.052727000", - "frame.time_relative": "1990.912095000", - "frame.number": "7770", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x000086c8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003080", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "53846", - "udp.port": "1900", - "udp.port": "53846", - "udp.length": "308", - "udp.checksum": "0x0000243a", - "udp.checksum.status": "2", - "udp.stream": "141" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "21", - "http.prev_response_in": "7769" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:42.682349000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495582.682349000", - "frame.time_delta": "0.309568000", - "frame.time_delta_displayed": "0.309568000", - "frame.time_relative": "1991.221663000", - "frame.number": "7771", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001fdf", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b811", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00001869", - "udp.checksum.status": "2", - "udp.stream": "98" - }, - "mdns": { - "dns.id": "0x0000028b", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=651", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:42.682719000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495582.682719000", - "frame.time_delta": "0.000370000", - "frame.time_delta_displayed": "0.000370000", - "frame.time_relative": "1991.222033000", - "frame.number": "7772", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001fe0", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000990c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f964", - "udp.checksum.status": "2", - "udp.stream": "99" - }, - "mdns": { - "dns.id": "0x0000028b", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=651", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:42.683149000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495582.683149000", - "frame.time_delta": "0.000430000", - "frame.time_delta_displayed": "0.000430000", - "frame.time_relative": "1991.222463000", - "frame.number": "7773", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1322", - "udp.dstport": "5353", - "udp.port": "1322", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000872a", - "udp.checksum.status": "2", - "udp.stream": "100" - }, - "mdns": { - "dns.id": "0x0000028b", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=651", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:43.319846000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495583.319846000", - "frame.time_delta": "0.636697000", - "frame.time_delta_displayed": "0.636697000", - "frame.time_relative": "1991.859160000", - "frame.number": "7774", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x000086cc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000307f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "53846", - "udp.port": "1900", - "udp.port": "53846", - "udp.length": "305", - "udp.checksum": "0x0000f2c4", - "udp.checksum.status": "2", - "udp.stream": "141" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "22", - "http.prev_response_in": "7770" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:43.372626000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495583.372626000", - "frame.time_delta": "0.052780000", - "frame.time_delta_displayed": "0.052780000", - "frame.time_relative": "1991.911940000", - "frame.number": "7775", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x000086d1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003071", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "53846", - "udp.port": "1900", - "udp.port": "53846", - "udp.length": "314", - "udp.checksum": "0x000000b0", - "udp.checksum.status": "2", - "udp.stream": "141" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "23", - "http.prev_response_in": "7774" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:43.458304000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495583.458304000", - "frame.time_delta": "0.085678000", - "frame.time_delta_displayed": "0.085678000", - "frame.time_relative": "1991.997618000", - "frame.number": "7776", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x000086d6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003072", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "53846", - "udp.port": "1900", - "udp.port": "53846", - "udp.length": "308", - "udp.checksum": "0x0000243a", - "udp.checksum.status": "2", - "udp.stream": "141" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "24", - "http.prev_response_in": "7775" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:52.769399000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495592.769399000", - "frame.time_delta": "9.311095000", - "frame.time_delta_displayed": "9.311095000", - "frame.time_relative": "2001.308713000", - "frame.number": "7777", - "frame.len": "92", - "frame.cap_len": "92", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:nbns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "78", - "ip.id": "0x00005ec4", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x0000591f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "137", - "udp.dstport": "137", - "udp.port": "137", - "udp.port": "137", - "udp.length": "58", - "udp.checksum": "0x0000a41e", - "udp.checksum.status": "2", - "udp.stream": "28" - }, - "nbns": { - "nbns.id": "0x0000961f", - "nbns.flags": "0x00000110", - "nbns.flags_tree": { - "nbns.flags.response": "0", - "nbns.flags.opcode": "0", - "nbns.flags.truncated": "0", - "nbns.flags.recdesired": "1", - "nbns.flags.broadcast": "1" - }, - "nbns.count.queries": "1", - "nbns.count.answers": "0", - "nbns.count.auth_rr": "0", - "nbns.count.add_rr": "0", - "Queries": { - "WPAD<00>: type NB, class IN": { - "nbns.name": "WPAD<00>", - "nbns.type": "32", - "nbns.class": "1" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:52.770496000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495592.770496000", - "frame.time_delta": "0.001097000", - "frame.time_delta_displayed": "0.001097000", - "frame.time_relative": "2001.309810000", - "frame.number": "7778", - "frame.len": "84", - "frame.cap_len": "84", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:llmnr" - }, - "eth": { - "eth.dst": "33:33:00:01:00:03", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:03", - "eth.addr": "33:33:00:01:00:03", - "eth.addr_resolved": "IPv6mcast_01:00:03", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x000008f3", - "ipv6.plen": "30", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::790f:988f:49cf:68ba", - "ipv6.addr": "fe80::790f:988f:49cf:68ba", - "ipv6.src_host": "fe80::790f:988f:49cf:68ba", - "ipv6.host": "fe80::790f:988f:49cf:68ba", - "ipv6.dst": "ff02::1:3", - "ipv6.addr": "ff02::1:3", - "ipv6.dst_host": "ff02::1:3", - "ipv6.host": "ff02::1:3", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "60230", - "udp.dstport": "5355", - "udp.port": "60230", - "udp.port": "5355", - "udp.length": "30", - "udp.checksum": "0x0000fcb6", - "udp.checksum.status": "2", - "udp.stream": "142" - }, - "llmnr": { - "dns.id": "0x0000683d", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.conflict": "0", - "dns.flags.truncated": "0", - "dns.flags.tentative": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "wpad: type A, class IN": { - "dns.qry.name": "wpad", - "dns.qry.name.len": "4", - "dns.count.labels": "1", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:52.771129000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495592.771129000", - "frame.time_delta": "0.000633000", - "frame.time_delta_displayed": "0.000633000", - "frame.time_relative": "2001.310443000", - "frame.number": "7779", - "frame.len": "64", - "frame.cap_len": "64", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:llmnr" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fc", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fc", - "eth.addr": "01:00:5e:00:00:fc", - "eth.addr_resolved": "IPv4mcast_fc", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "50", - "ip.id": "0x0000057e", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000122d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "224.0.0.252", - "ip.addr": "224.0.0.252", - "ip.dst_host": "224.0.0.252", - "ip.host": "224.0.0.252", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "60230", - "udp.dstport": "5355", - "udp.port": "60230", - "udp.port": "5355", - "udp.length": "30", - "udp.checksum": "0x00001c56", - "udp.checksum.status": "2", - "udp.stream": "143" - }, - "llmnr": { - "dns.id": "0x0000683d", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.conflict": "0", - "dns.flags.truncated": "0", - "dns.flags.tentative": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "wpad: type A, class IN": { - "dns.qry.name": "wpad", - "dns.qry.name.len": "4", - "dns.count.labels": "1", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:52.771692000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495592.771692000", - "frame.time_delta": "0.000563000", - "frame.time_delta_displayed": "0.000563000", - "frame.time_relative": "2001.311006000", - "frame.number": "7780", - "frame.len": "64", - "frame.cap_len": "64", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:llmnr" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fc", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fc", - "eth.addr": "01:00:5e:00:00:fc", - "eth.addr_resolved": "IPv4mcast_fc", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "50", - "ip.id": "0x0000057f", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000122c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "224.0.0.252", - "ip.addr": "224.0.0.252", - "ip.dst_host": "224.0.0.252", - "ip.host": "224.0.0.252", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "51850", - "udp.dstport": "5355", - "udp.port": "51850", - "udp.port": "5355", - "udp.length": "30", - "udp.checksum": "0x0000700e", - "udp.checksum.status": "2", - "udp.stream": "144" - }, - "llmnr": { - "dns.id": "0x00003526", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.conflict": "0", - "dns.flags.truncated": "0", - "dns.flags.tentative": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "wpad: type AAAA, class IN": { - "dns.qry.name": "wpad", - "dns.qry.name.len": "4", - "dns.count.labels": "1", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:52.772274000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495592.772274000", - "frame.time_delta": "0.000582000", - "frame.time_delta_displayed": "0.000582000", - "frame.time_relative": "2001.311588000", - "frame.number": "7781", - "frame.len": "84", - "frame.cap_len": "84", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:llmnr" - }, - "eth": { - "eth.dst": "33:33:00:01:00:03", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:03", - "eth.addr": "33:33:00:01:00:03", - "eth.addr_resolved": "IPv6mcast_01:00:03", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x000dc88a", - "ipv6.plen": "30", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::790f:988f:49cf:68ba", - "ipv6.addr": "fe80::790f:988f:49cf:68ba", - "ipv6.src_host": "fe80::790f:988f:49cf:68ba", - "ipv6.host": "fe80::790f:988f:49cf:68ba", - "ipv6.dst": "ff02::1:3", - "ipv6.addr": "ff02::1:3", - "ipv6.dst_host": "ff02::1:3", - "ipv6.host": "ff02::1:3", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "51850", - "udp.dstport": "5355", - "udp.port": "51850", - "udp.port": "5355", - "udp.length": "30", - "udp.checksum": "0x0000506f", - "udp.checksum.status": "2", - "udp.stream": "145" - }, - "llmnr": { - "dns.id": "0x00003526", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.conflict": "0", - "dns.flags.truncated": "0", - "dns.flags.tentative": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "wpad: type AAAA, class IN": { - "dns.qry.name": "wpad", - "dns.qry.name.len": "4", - "dns.count.labels": "1", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:53.180856000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495593.180856000", - "frame.time_delta": "0.408582000", - "frame.time_delta_displayed": "0.408582000", - "frame.time_relative": "2001.720170000", - "frame.number": "7782", - "frame.len": "84", - "frame.cap_len": "84", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:llmnr" - }, - "eth": { - "eth.dst": "33:33:00:01:00:03", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:03", - "eth.addr": "33:33:00:01:00:03", - "eth.addr_resolved": "IPv6mcast_01:00:03", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x000008f3", - "ipv6.plen": "30", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::790f:988f:49cf:68ba", - "ipv6.addr": "fe80::790f:988f:49cf:68ba", - "ipv6.src_host": "fe80::790f:988f:49cf:68ba", - "ipv6.host": "fe80::790f:988f:49cf:68ba", - "ipv6.dst": "ff02::1:3", - "ipv6.addr": "ff02::1:3", - "ipv6.dst_host": "ff02::1:3", - "ipv6.host": "ff02::1:3", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "60230", - "udp.dstport": "5355", - "udp.port": "60230", - "udp.port": "5355", - "udp.length": "30", - "udp.checksum": "0x0000fcb6", - "udp.checksum.status": "2", - "udp.stream": "142" - }, - "llmnr": { - "dns.id": "0x0000683d", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.conflict": "0", - "dns.flags.truncated": "0", - "dns.flags.tentative": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "wpad: type A, class IN": { - "dns.qry.name": "wpad", - "dns.qry.name.len": "4", - "dns.count.labels": "1", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:53.181473000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495593.181473000", - "frame.time_delta": "0.000617000", - "frame.time_delta_displayed": "0.000617000", - "frame.time_relative": "2001.720787000", - "frame.number": "7783", - "frame.len": "64", - "frame.cap_len": "64", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:llmnr" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fc", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fc", - "eth.addr": "01:00:5e:00:00:fc", - "eth.addr_resolved": "IPv4mcast_fc", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "50", - "ip.id": "0x00000580", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000122b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "224.0.0.252", - "ip.addr": "224.0.0.252", - "ip.dst_host": "224.0.0.252", - "ip.host": "224.0.0.252", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "60230", - "udp.dstport": "5355", - "udp.port": "60230", - "udp.port": "5355", - "udp.length": "30", - "udp.checksum": "0x00001c56", - "udp.checksum.status": "2", - "udp.stream": "143" - }, - "llmnr": { - "dns.id": "0x0000683d", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.conflict": "0", - "dns.flags.truncated": "0", - "dns.flags.tentative": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "wpad: type A, class IN": { - "dns.qry.name": "wpad", - "dns.qry.name.len": "4", - "dns.count.labels": "1", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:53.182691000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495593.182691000", - "frame.time_delta": "0.001218000", - "frame.time_delta_displayed": "0.001218000", - "frame.time_relative": "2001.722005000", - "frame.number": "7784", - "frame.len": "84", - "frame.cap_len": "84", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:llmnr" - }, - "eth": { - "eth.dst": "33:33:00:01:00:03", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:03", - "eth.addr": "33:33:00:01:00:03", - "eth.addr_resolved": "IPv6mcast_01:00:03", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x000dc88a", - "ipv6.plen": "30", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::790f:988f:49cf:68ba", - "ipv6.addr": "fe80::790f:988f:49cf:68ba", - "ipv6.src_host": "fe80::790f:988f:49cf:68ba", - "ipv6.host": "fe80::790f:988f:49cf:68ba", - "ipv6.dst": "ff02::1:3", - "ipv6.addr": "ff02::1:3", - "ipv6.dst_host": "ff02::1:3", - "ipv6.host": "ff02::1:3", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "51850", - "udp.dstport": "5355", - "udp.port": "51850", - "udp.port": "5355", - "udp.length": "30", - "udp.checksum": "0x0000506f", - "udp.checksum.status": "2", - "udp.stream": "145" - }, - "llmnr": { - "dns.id": "0x00003526", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.conflict": "0", - "dns.flags.truncated": "0", - "dns.flags.tentative": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "wpad: type AAAA, class IN": { - "dns.qry.name": "wpad", - "dns.qry.name.len": "4", - "dns.count.labels": "1", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:53.183321000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495593.183321000", - "frame.time_delta": "0.000630000", - "frame.time_delta_displayed": "0.000630000", - "frame.time_relative": "2001.722635000", - "frame.number": "7785", - "frame.len": "64", - "frame.cap_len": "64", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:llmnr" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fc", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fc", - "eth.addr": "01:00:5e:00:00:fc", - "eth.addr_resolved": "IPv4mcast_fc", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "50", - "ip.id": "0x00000581", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000122a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "224.0.0.252", - "ip.addr": "224.0.0.252", - "ip.dst_host": "224.0.0.252", - "ip.host": "224.0.0.252", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "51850", - "udp.dstport": "5355", - "udp.port": "51850", - "udp.port": "5355", - "udp.length": "30", - "udp.checksum": "0x0000700e", - "udp.checksum.status": "2", - "udp.stream": "144" - }, - "llmnr": { - "dns.id": "0x00003526", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.conflict": "0", - "dns.flags.truncated": "0", - "dns.flags.tentative": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "wpad: type AAAA, class IN": { - "dns.qry.name": "wpad", - "dns.qry.name.len": "4", - "dns.count.labels": "1", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:53.519411000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495593.519411000", - "frame.time_delta": "0.336090000", - "frame.time_delta_displayed": "0.336090000", - "frame.time_relative": "2002.058725000", - "frame.number": "7786", - "frame.len": "92", - "frame.cap_len": "92", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:nbns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "78", - "ip.id": "0x00005ec5", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x0000591e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "137", - "udp.dstport": "137", - "udp.port": "137", - "udp.port": "137", - "udp.length": "58", - "udp.checksum": "0x0000a41e", - "udp.checksum.status": "2", - "udp.stream": "28" - }, - "nbns": { - "nbns.id": "0x0000961f", - "nbns.flags": "0x00000110", - "nbns.flags_tree": { - "nbns.flags.response": "0", - "nbns.flags.opcode": "0", - "nbns.flags.truncated": "0", - "nbns.flags.recdesired": "1", - "nbns.flags.broadcast": "1" - }, - "nbns.count.queries": "1", - "nbns.count.answers": "0", - "nbns.count.auth_rr": "0", - "nbns.count.add_rr": "0", - "Queries": { - "WPAD<00>: type NB, class IN": { - "nbns.name": "WPAD<00>", - "nbns.type": "32", - "nbns.class": "1" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:19:54.269494000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495594.269494000", - "frame.time_delta": "0.750083000", - "frame.time_delta_displayed": "0.750083000", - "frame.time_relative": "2002.808808000", - "frame.number": "7787", - "frame.len": "92", - "frame.cap_len": "92", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:nbns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "78", - "ip.id": "0x00005ec6", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x0000591d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "137", - "udp.dstport": "137", - "udp.port": "137", - "udp.port": "137", - "udp.length": "58", - "udp.checksum": "0x0000a41e", - "udp.checksum.status": "2", - "udp.stream": "28" - }, - "nbns": { - "nbns.id": "0x0000961f", - "nbns.flags": "0x00000110", - "nbns.flags_tree": { - "nbns.flags.response": "0", - "nbns.flags.opcode": "0", - "nbns.flags.truncated": "0", - "nbns.flags.recdesired": "1", - "nbns.flags.broadcast": "1" - }, - "nbns.count.queries": "1", - "nbns.count.answers": "0", - "nbns.count.auth_rr": "0", - "nbns.count.add_rr": "0", - "Queries": { - "WPAD<00>: type NB, class IN": { - "nbns.name": "WPAD<00>", - "nbns.type": "32", - "nbns.class": "1" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:20:03.810447000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495603.810447000", - "frame.time_delta": "9.540953000", - "frame.time_delta_displayed": "9.540953000", - "frame.time_relative": "2012.349761000", - "frame.number": "7788", - "frame.len": "115", - "frame.cap_len": "115", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "101", - "ip.id": "0x000096f0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000765e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "49", - "tcp.seq": "91768", - "tcp.nxtseq": "91817", - "tcp.ack": "18698", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000b56e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:c3:06:a7:a2:8a:3a", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2605830, TSecr 2812447290": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2605830", - "tcp.options.timestamp.tsecr": "2812447290" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "49", - "tcp.analysis.push_bytes_sent": "49" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "44", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:89:22:27:2b:bc:ee:51:aa:e5:ca:42:23:bd:10:0c:8b:cb:3d:23:e3:f9:df:37:d9:19:33:ee:48:01:79:a4:9f:41:4a:a0:e1:92" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:20:03.872424000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495603.872424000", - "frame.time_delta": "0.061977000", - "frame.time_delta_displayed": "0.061977000", - "frame.time_relative": "2012.411738000", - "frame.number": "7789", - "frame.len": "121", - "frame.cap_len": "121", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "107", - "ip.id": "0x00002de6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003762", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "55", - "tcp.seq": "18698", - "tcp.nxtseq": "18753", - "tcp.ack": "91817", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000d0fd", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a2:a8:94:00:27:c3:06", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812455060, TSecr 2605830": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812455060", - "tcp.options.timestamp.tsecr": "2605830" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7788", - "tcp.analysis.ack_rtt": "0.061977000", - "tcp.analysis.bytes_in_flight": "55", - "tcp.analysis.push_bytes_sent": "55" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "50", - "ssl.app_data": "34:cd:34:17:47:48:0e:d1:08:27:20:b3:99:26:08:48:87:47:ba:01:ea:0b:11:fd:a6:df:df:96:d4:4c:b1:fe:1c:e5:d5:fa:36:0c:98:89:2b:37:e6:19:fd:5b:5c:20:f8:d1" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:20:03.872915000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495603.872915000", - "frame.time_delta": "0.000491000", - "frame.time_delta_displayed": "0.000491000", - "frame.time_relative": "2012.412229000", - "frame.number": "7790", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x000096f1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000768e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "91817", - "tcp.ack": "18753", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00008c0c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:c3:0c:a7:a2:a8:94", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2605836, TSecr 2812455060": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2605836", - "tcp.options.timestamp.tsecr": "2812455060" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7789", - "tcp.analysis.ack_rtt": "0.000491000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:20:04.204867000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495604.204867000", - "frame.time_delta": "0.331952000", - "frame.time_delta_displayed": "0.331952000", - "frame.time_relative": "2012.744181000", - "frame.number": "7791", - "frame.len": "94", - "frame.cap_len": "94", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "80", - "ip.id": "0x00005829", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a640", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "40", - "tcp.seq": "5158", - "tcp.nxtseq": "5198", - "tcp.ack": "685", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000026c0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "40", - "tcp.analysis.push_bytes_sent": "40" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "35", - "ssl.app_data": "c1:4c:bc:6e:d4:4e:36:ee:57:ed:55:75:a6:44:03:c9:1c:e1:b1:5e:a7:64:ab:06:75:83:0a:da:82:59:d5:11:65:ae:bc" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:20:04.348024000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495604.348024000", - "frame.time_delta": "0.143157000", - "frame.time_delta_displayed": "0.143157000", - "frame.time_relative": "2012.887338000", - "frame.number": "7792", - "frame.len": "90", - "frame.cap_len": "90", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "76", - "ip.id": "0x0000100d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fd60", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "36", - "tcp.seq": "685", - "tcp.nxtseq": "721", - "tcp.ack": "5198", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000d303", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7791", - "tcp.analysis.ack_rtt": "0.143157000", - "tcp.analysis.bytes_in_flight": "36", - "tcp.analysis.push_bytes_sent": "36" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "31", - "ssl.app_data": "54:26:79:5a:1e:3d:fa:73:70:5a:cb:cc:2a:73:de:60:78:b2:d8:ac:06:c7:7a:53:2f:a4:38:aa:39:f8:69" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:20:04.348492000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495604.348492000", - "frame.time_delta": "0.000468000", - "frame.time_delta_displayed": "0.000468000", - "frame.time_relative": "2012.887806000", - "frame.number": "7793", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000582a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a667", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "5198", - "tcp.ack": "721", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000efa1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7792", - "tcp.analysis.ack_rtt": "0.000468000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:20:06.817331000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495606.817331000", - "frame.time_delta": "2.468839000", - "frame.time_delta_displayed": "2.468839000", - "frame.time_relative": "2015.356645000", - "frame.number": "7794", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005eca", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x0000591f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:20:09.350314000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495609.350314000", - "frame.time_delta": "2.532983000", - "frame.time_delta_displayed": "2.532983000", - "frame.time_relative": "2017.889628000", - "frame.number": "7795", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.160" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:20:09.350714000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495609.350714000", - "frame.time_delta": "0.000400000", - "frame.time_delta_displayed": "0.000400000", - "frame.time_relative": "2017.890028000", - "frame.number": "7796", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "00:17:88:69:ee:e4", - "arp.src.proto_ipv4": "192.168.0.160", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:20:23.170508000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495623.170508000", - "frame.time_delta": "13.819794000", - "frame.time_delta_displayed": "13.819794000", - "frame.time_relative": "2031.709822000", - "frame.number": "7797", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x00006d88", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00005bcf", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:20:23.223441000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495623.223441000", - "frame.time_delta": "0.052933000", - "frame.time_delta_displayed": "0.052933000", - "frame.time_relative": "2031.762755000", - "frame.number": "7798", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x00006d8c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00005bcb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:20:23.276305000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495623.276305000", - "frame.time_delta": "0.052864000", - "frame.time_delta_displayed": "0.052864000", - "frame.time_relative": "2031.815619000", - "frame.number": "7799", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x00006d8f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00005bbf", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:20:23.329204000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495623.329204000", - "frame.time_delta": "0.052899000", - "frame.time_delta_displayed": "0.052899000", - "frame.time_relative": "2031.868518000", - "frame.number": "7800", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x00006d90", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00005bbe", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:20:23.381985000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495623.381985000", - "frame.time_delta": "0.052781000", - "frame.time_delta_displayed": "0.052781000", - "frame.time_relative": "2031.921299000", - "frame.number": "7801", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x00006d94", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00005bc0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:20:23.434844000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495623.434844000", - "frame.time_delta": "0.052859000", - "frame.time_delta_displayed": "0.052859000", - "frame.time_relative": "2031.974158000", - "frame.number": "7802", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x00006d95", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00005bbf", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:20:25.347651000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495625.347651000", - "frame.time_delta": "1.912807000", - "frame.time_delta_displayed": "1.912807000", - "frame.time_relative": "2033.886965000", - "frame.number": "7803", - "frame.len": "134", - "frame.cap_len": "134", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:adwin_config" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "120", - "ip.id": "0x00000bae", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ecde", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "100", - "udp.checksum": "0x000058d9", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "adwin_config": { - "adwin_config.pattern": "0x5c000054", - "adwin_config.version": "1112689490", - "adwin_config.scan_id": "0xd073d502", - "adwin_config.status": "0x41da0000", - "adwin_config.timeout": "1279870552", - "adwin_config.filename": "V2", - "adwin_config.mac": "02:d3:af:c3:9f:42", - "adwin_config.unused": "" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:20:27.684298000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495627.684298000", - "frame.time_delta": "2.336647000", - "frame.time_delta_displayed": "2.336647000", - "frame.time_relative": "2036.223612000", - "frame.number": "7804", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001fe6", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b80a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00001768", - "udp.checksum.status": "2", - "udp.stream": "98" - }, - "mdns": { - "dns.id": "0x0000028c", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=652", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:20:27.684840000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495627.684840000", - "frame.time_delta": "0.000542000", - "frame.time_delta_displayed": "0.000542000", - "frame.time_relative": "2036.224154000", - "frame.number": "7805", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001fe7", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009905", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f863", - "udp.checksum.status": "2", - "udp.stream": "99" - }, - "mdns": { - "dns.id": "0x0000028c", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=652", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:20:27.685451000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495627.685451000", - "frame.time_delta": "0.000611000", - "frame.time_delta_displayed": "0.000611000", - "frame.time_relative": "2036.224765000", - "frame.number": "7806", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1322", - "udp.dstport": "5353", - "udp.port": "1322", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00008629", - "udp.checksum.status": "2", - "udp.stream": "100" - }, - "mdns": { - "dns.id": "0x0000028c", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=652", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:20:28.288716000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495628.288716000", - "frame.time_delta": "0.603265000", - "frame.time_delta_displayed": "0.603265000", - "frame.time_relative": "2036.828030000", - "frame.number": "7807", - "frame.len": "318", - "frame.cap_len": "318", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:data-text-lines" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "304", - "ip.id": "0x0000b01e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "47", - "ip.proto": "6", - "ip.checksum": "0x0000e4ba", - "ip.checksum.status": "2", - "ip.src": "54.219.189.243", - "ip.addr": "54.219.189.243", - "ip.src_host": "54.219.189.243", - "ip.host": "54.219.189.243", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.src_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.src_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.src_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49779", - "tcp.port": "80", - "tcp.port": "49779", - "tcp.stream": "260", - "tcp.len": "264", - "tcp.seq": "1", - "tcp.nxtseq": "265", - "tcp.ack": "258", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "15544", - "tcp.window_size": "15544", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x000024c5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.016993000", - "tcp.analysis.bytes_in_flight": "264", - "tcp.analysis.push_bytes_sent": "264" - } - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.date": "Wed, 01 Nov 2017 00:20:28 GMT", - "http.response.line": "Date: Wed, 01 Nov 2017 00:20:28 GMT\r\n", - "http.content_type": "text\/javascript; charset=\"UTF-8\"", - "http.response.line": "Content-Type: text\/javascript; charset=\"UTF-8\"\r\n", - "http.content_length_header": "24", - "http.content_length_header_tree": { - "http.content_length": "24" - }, - "http.response.line": "Content-Length: 24\r\n", - "http.connection": "keep-alive", - "http.response.line": "Connection: keep-alive\r\n", - "http.cache_control": "no-cache", - "http.response.line": "Cache-Control: no-cache\r\n", - "http.response.line": "Access-Control-Allow-Origin: *\r\n", - "http.response.line": "Access-Control-Allow-Methods: GET\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "280.020658000", - "http.request_in": "6673", - "http.file_data": "[[],\"15094945528362978\"]" - }, - "data-text-lines": { - "[[],\"15094945528362978\"]": "" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:20:28.322561000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495628.322561000", - "frame.time_delta": "0.033845000", - "frame.time_delta_displayed": "0.033845000", - "frame.time_relative": "2036.861875000", - "frame.number": "7808", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001065", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x0000f57b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.219.189.243", - "ip.addr": "54.219.189.243", - "ip.dst_host": "54.219.189.243", - "ip.host": "54.219.189.243", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49779", - "tcp.dstport": "80", - "tcp.port": "49779", - "tcp.port": "80", - "tcp.stream": "260", - "tcp.len": "0", - "tcp.seq": "258", - "tcp.ack": "265", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "5336", - "tcp.window_size": "5336", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x000037c2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7807", - "tcp.analysis.ack_rtt": "0.033845000", - "tcp.analysis.initial_rtt": "0.016993000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:20:28.334380000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495628.334380000", - "frame.time_delta": "0.011819000", - "frame.time_delta_displayed": "0.011819000", - "frame.time_relative": "2036.873694000", - "frame.number": "7809", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000b01f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "47", - "ip.proto": "6", - "ip.checksum": "0x0000e5c1", - "ip.checksum.status": "2", - "ip.src": "54.219.189.243", - "ip.addr": "54.219.189.243", - "ip.src_host": "54.219.189.243", - "ip.host": "54.219.189.243", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.src_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.src_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.src_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49779", - "tcp.port": "80", - "tcp.port": "49779", - "tcp.stream": "260", - "tcp.len": "0", - "tcp.seq": "265", - "tcp.ack": "259", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "15544", - "tcp.window_size": "15544", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00000fe1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7808", - "tcp.analysis.ack_rtt": "0.011819000", - "tcp.analysis.initial_rtt": "0.016993000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:20:28.340656000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495628.340656000", - "frame.time_delta": "0.006276000", - "frame.time_delta_displayed": "0.006276000", - "frame.time_relative": "2036.879970000", - "frame.number": "7810", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001066", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x0000f57a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.219.189.243", - "ip.addr": "54.219.189.243", - "ip.dst_host": "54.219.189.243", - "ip.host": "54.219.189.243", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49779", - "tcp.dstport": "80", - "tcp.port": "49779", - "tcp.port": "80", - "tcp.stream": "260", - "tcp.len": "0", - "tcp.seq": "259", - "tcp.ack": "266", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5335", - "tcp.window_size": "5335", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x000037c2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7809", - "tcp.analysis.ack_rtt": "0.006276000", - "tcp.analysis.initial_rtt": "0.016993000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:20:28.850988000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495628.850988000", - "frame.time_delta": "0.510332000", - "frame.time_delta_displayed": "0.510332000", - "frame.time_relative": "2037.390302000", - "frame.number": "7811", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "3c:ef:8c:6f:79:5a", - "eth.src_tree": { - "eth.src_resolved": "Zhejiang_6f:79:5a", - "eth.addr": "3c:ef:8c:6f:79:5a", - "eth.addr_resolved": "Zhejiang_6f:79:5a", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.isgratuitous": "1", - "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", - "arp.src.proto_ipv4": "192.168.0.71", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.71" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:20:29.328995000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495629.328995000", - "frame.time_delta": "0.478007000", - "frame.time_delta_displayed": "0.478007000", - "frame.time_relative": "2037.868309000", - "frame.number": "7812", - "frame.len": "77", - "frame.cap_len": "77", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "63", - "ip.id": "0x00001067", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000297d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "49153", - "udp.dstport": "53", - "udp.port": "49153", - "udp.port": "53", - "udp.length": "43", - "udp.checksum": "0x0000ae31", - "udp.checksum.status": "2", - "udp.stream": "14" - }, - "dns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "pubsub.pubnub.com: type A, class IN": { - "dns.qry.name": "pubsub.pubnub.com", - "dns.qry.name.len": "17", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:20:29.330815000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495629.330815000", - "frame.time_delta": "0.001820000", - "frame.time_delta_displayed": "0.001820000", - "frame.time_relative": "2037.870129000", - "frame.number": "7813", - "frame.len": "540", - "frame.cap_len": "540", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "526", - "ip.id": "0x00003ad4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00007c41", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "49153", - "udp.port": "53", - "udp.port": "49153", - "udp.length": "506", - "udp.checksum": "0x000083d5", - "udp.checksum.status": "2", - "udp.stream": "14" - }, - "dns": { - "dns.response_to": "7812", - "dns.time": "0.001820000", - "dns.id": "0x00000000", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "2", - "dns.count.auth_rr": "8", - "dns.count.add_rr": "11", - "Queries": { - "pubsub.pubnub.com: type A, class IN": { - "dns.qry.name": "pubsub.pubnub.com", - "dns.qry.name.len": "17", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "pubsub.pubnub.com: type A, class IN, addr 54.241.191.240": { - "dns.resp.name": "pubsub.pubnub.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "126", - "dns.resp.len": "4", - "dns.a": "54.241.191.240" - }, - "pubsub.pubnub.com: type A, class IN, addr 54.241.191.234": { - "dns.resp.name": "pubsub.pubnub.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "126", - "dns.resp.len": "4", - "dns.a": "54.241.191.234" - } - }, - "Authoritative nameservers": { - "pubnub.com: type NS, class IN, ns ns-1979.awsdns-55.co.uk": { - "dns.resp.name": "pubnub.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "51930", - "dns.resp.len": "25", - "dns.ns": "ns-1979.awsdns-55.co.uk" - }, - "pubnub.com: type NS, class IN, ns ns-22.awsdns-02.com": { - "dns.resp.name": "pubnub.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "51930", - "dns.resp.len": "18", - "dns.ns": "ns-22.awsdns-02.com" - }, - "pubnub.com: type NS, class IN, ns ns3.p19.dynect.net": { - "dns.resp.name": "pubnub.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "51930", - "dns.resp.len": "20", - "dns.ns": "ns3.p19.dynect.net" - }, - "pubnub.com: type NS, class IN, ns ns2.p19.dynect.net": { - "dns.resp.name": "pubnub.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "51930", - "dns.resp.len": "6", - "dns.ns": "ns2.p19.dynect.net" - }, - "pubnub.com: type NS, class IN, ns ns-907.awsdns-49.net": { - "dns.resp.name": "pubnub.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "51930", - "dns.resp.len": "19", - "dns.ns": "ns-907.awsdns-49.net" - }, - "pubnub.com: type NS, class IN, ns ns1.p19.dynect.net": { - "dns.resp.name": "pubnub.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "51930", - "dns.resp.len": "6", - "dns.ns": "ns1.p19.dynect.net" - }, - "pubnub.com: type NS, class IN, ns ns-1127.awsdns-12.org": { - "dns.resp.name": "pubnub.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "51930", - "dns.resp.len": "23", - "dns.ns": "ns-1127.awsdns-12.org" - }, - "pubnub.com: type NS, class IN, ns ns4.p19.dynect.net": { - "dns.resp.name": "pubnub.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "51930", - "dns.resp.len": "6", - "dns.ns": "ns4.p19.dynect.net" - } - }, - "Additional records": { - "ns1.p19.dynect.net: type A, class IN, addr 208.78.70.19": { - "dns.resp.name": "ns1.p19.dynect.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "4221", - "dns.resp.len": "4", - "dns.a": "208.78.70.19" - }, - "ns2.p19.dynect.net: type A, class IN, addr 204.13.250.19": { - "dns.resp.name": "ns2.p19.dynect.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "56181", - "dns.resp.len": "4", - "dns.a": "204.13.250.19" - }, - "ns3.p19.dynect.net: type A, class IN, addr 208.78.71.19": { - "dns.resp.name": "ns3.p19.dynect.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2491", - "dns.resp.len": "4", - "dns.a": "208.78.71.19" - }, - "ns4.p19.dynect.net: type A, class IN, addr 204.13.251.19": { - "dns.resp.name": "ns4.p19.dynect.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "56182", - "dns.resp.len": "4", - "dns.a": "204.13.251.19" - }, - "ns-22.awsdns-02.com: type A, class IN, addr 205.251.192.22": { - "dns.resp.name": "ns-22.awsdns-02.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "56923", - "dns.resp.len": "4", - "dns.a": "205.251.192.22" - }, - "ns-907.awsdns-49.net: type A, class IN, addr 205.251.195.139": { - "dns.resp.name": "ns-907.awsdns-49.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "57031", - "dns.resp.len": "4", - "dns.a": "205.251.195.139" - }, - "ns-1127.awsdns-12.org: type A, class IN, addr 205.251.196.103": { - "dns.resp.name": "ns-1127.awsdns-12.org", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "56573", - "dns.resp.len": "4", - "dns.a": "205.251.196.103" - }, - "ns-1979.awsdns-55.co.uk: type A, class IN, addr 205.251.199.187": { - "dns.resp.name": "ns-1979.awsdns-55.co.uk", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "56374", - "dns.resp.len": "4", - "dns.a": "205.251.199.187" - }, - "ns-22.awsdns-02.com: type AAAA, class IN, addr 2600:9000:5300:1600::1": { - "dns.resp.name": "ns-22.awsdns-02.com", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "56923", - "dns.resp.len": "16", - "dns.aaaa": "2600:9000:5300:1600::1" - }, - "ns-907.awsdns-49.net: type AAAA, class IN, addr 2600:9000:5303:8b00::1": { - "dns.resp.name": "ns-907.awsdns-49.net", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "57031", - "dns.resp.len": "16", - "dns.aaaa": "2600:9000:5303:8b00::1" - }, - "ns-1127.awsdns-12.org: type AAAA, class IN, addr 2600:9000:5304:6700::1": { - "dns.resp.name": "ns-1127.awsdns-12.org", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "56573", - "dns.resp.len": "16", - "dns.aaaa": "2600:9000:5304:6700::1" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:20:29.338146000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495629.338146000", - "frame.time_delta": "0.007331000", - "frame.time_delta_displayed": "0.007331000", - "frame.time_relative": "2037.877460000", - "frame.number": "7814", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "44", - "ip.id": "0x00001068", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x0000f361", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.241.191.240", - "ip.addr": "54.241.191.240", - "ip.dst_host": "54.241.191.240", - "ip.host": "54.241.191.240", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49780", - "tcp.dstport": "80", - "tcp.port": "49780", - "tcp.port": "80", - "tcp.stream": "305", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "24", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "5600", - "tcp.window_size": "5600", - "tcp.checksum": "0x0000dd5f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:78", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1400" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:20:29.351600000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495629.351600000", - "frame.time_delta": "0.013454000", - "frame.time_delta_displayed": "0.013454000", - "frame.time_relative": "2037.890914000", - "frame.number": "7815", - "frame.len": "58", - "frame.cap_len": "58", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "44", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "47", - "ip.proto": "6", - "ip.checksum": "0x000093ca", - "ip.checksum.status": "2", - "ip.src": "54.241.191.240", - "ip.addr": "54.241.191.240", - "ip.src_host": "54.241.191.240", - "ip.host": "54.241.191.240", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.src_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.src_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.src_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49780", - "tcp.port": "80", - "tcp.port": "49780", - "tcp.stream": "305", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "24", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "14600", - "tcp.window_size": "14600", - "tcp.checksum": "0x00002f03", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7814", - "tcp.analysis.ack_rtt": "0.013454000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:20:29.356849000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495629.356849000", - "frame.time_delta": "0.005249000", - "frame.time_delta_displayed": "0.005249000", - "frame.time_relative": "2037.896163000", - "frame.number": "7816", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001069", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x0000f364", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.241.191.240", - "ip.addr": "54.241.191.240", - "ip.dst_host": "54.241.191.240", - "ip.host": "54.241.191.240", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49780", - "tcp.dstport": "80", - "tcp.port": "49780", - "tcp.port": "80", - "tcp.stream": "305", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5600", - "tcp.window_size": "5600", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x000069e8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7815", - "tcp.analysis.ack_rtt": "0.005249000", - "tcp.analysis.initial_rtt": "0.018703000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:20:29.375974000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495629.375974000", - "frame.time_delta": "0.019125000", - "frame.time_delta_displayed": "0.019125000", - "frame.time_relative": "2037.915288000", - "frame.number": "7817", - "frame.len": "69", - "frame.cap_len": "69", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "55", - "ip.id": "0x0000106a", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x0000f354", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.241.191.240", - "ip.addr": "54.241.191.240", - "ip.dst_host": "54.241.191.240", - "ip.host": "54.241.191.240", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49780", - "tcp.dstport": "80", - "tcp.port": "49780", - "tcp.port": "80", - "tcp.stream": "305", - "tcp.len": "15", - "tcp.seq": "1", - "tcp.nxtseq": "16", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5600", - "tcp.window_size": "5600", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000b263", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.018703000", - "tcp.analysis.bytes_in_flight": "15", - "tcp.analysis.push_bytes_sent": "15" - }, - "tcp.segment_data": "47:45:54:20:2f:73:75:62:73:63:72:69:62:65:2f" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:20:29.388548000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495629.388548000", - "frame.time_delta": "0.012574000", - "frame.time_delta_displayed": "0.012574000", - "frame.time_relative": "2037.927862000", - "frame.number": "7818", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000cc13", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "47", - "ip.proto": "6", - "ip.checksum": "0x0000c7ba", - "ip.checksum.status": "2", - "ip.src": "54.241.191.240", - "ip.addr": "54.241.191.240", - "ip.src_host": "54.241.191.240", - "ip.host": "54.241.191.240", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.src_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.src_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.src_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49780", - "tcp.port": "80", - "tcp.port": "49780", - "tcp.stream": "305", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "16", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "14600", - "tcp.window_size": "14600", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x000046b1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7817", - "tcp.analysis.ack_rtt": "0.012574000", - "tcp.analysis.initial_rtt": "0.018703000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:20:29.393675000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495629.393675000", - "frame.time_delta": "0.005127000", - "frame.time_delta_displayed": "0.005127000", - "frame.time_relative": "2037.932989000", - "frame.number": "7819", - "frame.len": "296", - "frame.cap_len": "296", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "282", - "ip.id": "0x0000106b", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x0000f270", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.241.191.240", - "ip.addr": "54.241.191.240", - "ip.dst_host": "54.241.191.240", - "ip.host": "54.241.191.240", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49780", - "tcp.dstport": "80", - "tcp.port": "49780", - "tcp.port": "80", - "tcp.stream": "305", - "tcp.len": "242", - "tcp.seq": "16", - "tcp.nxtseq": "258", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5600", - "tcp.window_size": "5600", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000e8f6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.018703000", - "tcp.analysis.bytes_in_flight": "242", - "tcp.analysis.push_bytes_sent": "242" - }, - "tcp.segment_data": "73:75:62:2d:63:2d:62:35:62:35:65:61:61:65:2d:38:63:64:39:2d:31:31:65:33:2d:61:35:36:62:2d:30:32:65:65:32:64:64:61:62:37:66:65:2f:63:68:61:6e:6e:65:6c:5f:39:62:63:34:31:61:63:34:2d:37:39:61:36:2d:34:35:65:31:2d:39:37:64:32:2d:34:62:30:65:31:64:62:65:35:39:32:33:2f:30:2f:31:35:30:39:34:39:34:35:35:32:38:33:36:32:39:37:38:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:70:75:62:73:75:62:2e:70:75:62:6e:75:62:2e:63:6f:6d:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:6c:77:73:6f:63:6b:65:74:73:2f:30:2e:31:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:6b:65:65:70:2d:61:6c:69:76:65:0d:0a:43:61:63:68:65:2d:43:6f:6e:74:72:6f:6c:3a:20:6e:6f:2d:63:61:63:68:65:2c:20:6e:6f:2d:73:74:6f:72:65:2c:20:6d:61:78:2d:61:67:65:3d:30:0d:0a:0d:0a" - }, - "tcp.segments": { - "tcp.segment": "7817", - "tcp.segment": "7819", - "tcp.segment.count": "2", - "tcp.reassembled.length": "257", - "tcp.reassembled.data": "47:45:54:20:2f:73:75:62:73:63:72:69:62:65:2f:73:75:62:2d:63:2d:62:35:62:35:65:61:61:65:2d:38:63:64:39:2d:31:31:65:33:2d:61:35:36:62:2d:30:32:65:65:32:64:64:61:62:37:66:65:2f:63:68:61:6e:6e:65:6c:5f:39:62:63:34:31:61:63:34:2d:37:39:61:36:2d:34:35:65:31:2d:39:37:64:32:2d:34:62:30:65:31:64:62:65:35:39:32:33:2f:30:2f:31:35:30:39:34:39:34:35:35:32:38:33:36:32:39:37:38:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:70:75:62:73:75:62:2e:70:75:62:6e:75:62:2e:63:6f:6d:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:6c:77:73:6f:63:6b:65:74:73:2f:30:2e:31:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:6b:65:65:70:2d:61:6c:69:76:65:0d:0a:43:61:63:68:65:2d:43:6f:6e:74:72:6f:6c:3a:20:6e:6f:2d:63:61:63:68:65:2c:20:6e:6f:2d:73:74:6f:72:65:2c:20:6d:61:78:2d:61:67:65:3d:30:0d:0a:0d:0a" - }, - "http": { - "GET \/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094945528362978 HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094945528362978 HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094945528362978", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "pubsub.pubnub.com", - "http.request.line": "Host: pubsub.pubnub.com\r\n", - "http.user_agent": "lwsockets\/0.1", - "http.request.line": "User-Agent: lwsockets\/0.1\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.cache_control": "no-cache, no-store, max-age=0", - "http.request.line": "Cache-Control: no-cache, no-store, max-age=0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/pubsub.pubnub.com\/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094945528362978", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:20:29.407028000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495629.407028000", - "frame.time_delta": "0.013353000", - "frame.time_delta_displayed": "0.013353000", - "frame.time_relative": "2037.946342000", - "frame.number": "7820", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000cc14", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "47", - "ip.proto": "6", - "ip.checksum": "0x0000c7b9", - "ip.checksum.status": "2", - "ip.src": "54.241.191.240", - "ip.addr": "54.241.191.240", - "ip.src_host": "54.241.191.240", - "ip.host": "54.241.191.240", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.src_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.src_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.src_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49780", - "tcp.port": "80", - "tcp.port": "49780", - "tcp.stream": "305", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "258", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "15544", - "tcp.window_size": "15544", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000420f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7819", - "tcp.analysis.ack_rtt": "0.013353000", - "tcp.analysis.initial_rtt": "0.018703000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:20:32.684570000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495632.684570000", - "frame.time_delta": "3.277542000", - "frame.time_delta_displayed": "3.277542000", - "frame.time_relative": "2041.223884000", - "frame.number": "7821", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001fe8", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b808", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00001768", - "udp.checksum.status": "2", - "udp.stream": "98" - }, - "mdns": { - "dns.id": "0x0000028c", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=652", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:20:32.685097000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495632.685097000", - "frame.time_delta": "0.000527000", - "frame.time_delta_displayed": "0.000527000", - "frame.time_relative": "2041.224411000", - "frame.number": "7822", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001fe9", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009903", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f863", - "udp.checksum.status": "2", - "udp.stream": "99" - }, - "mdns": { - "dns.id": "0x0000028c", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=652", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:20:32.685743000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495632.685743000", - "frame.time_delta": "0.000646000", - "frame.time_delta_displayed": "0.000646000", - "frame.time_relative": "2041.225057000", - "frame.number": "7823", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1322", - "udp.dstport": "5353", - "udp.port": "1322", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00008629", - "udp.checksum.status": "2", - "udp.stream": "100" - }, - "mdns": { - "dns.id": "0x0000028c", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=652", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:20:33.290196000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495633.290196000", - "frame.time_delta": "0.604453000", - "frame.time_delta_displayed": "0.604453000", - "frame.time_relative": "2041.829510000", - "frame.number": "7824", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.120" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:20:33.295899000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495633.295899000", - "frame.time_delta": "0.005703000", - "frame.time_delta_displayed": "0.005703000", - "frame.time_relative": "2041.835213000", - "frame.number": "7825", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "e4:95:6e:b0:20:39", - "arp.src.proto_ipv4": "192.168.0.120", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:20:34.418286000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495634.418286000", - "frame.time_delta": "1.122387000", - "frame.time_delta_displayed": "1.122387000", - "frame.time_relative": "2042.957600000", - "frame.number": "7826", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000582b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a666", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "5197", - "tcp.ack": "721", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000efa2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive": "", - "_ws.expert.message": "TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:20:34.561838000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495634.561838000", - "frame.time_delta": "0.143552000", - "frame.time_delta_displayed": "0.143552000", - "frame.time_relative": "2043.101152000", - "frame.number": "7827", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000100e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fd83", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "721", - "tcp.ack": "5198", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000fa17", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive_ack": "", - "_ws.expert.message": "ACK to a TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:20:34.891447000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495634.891447000", - "frame.time_delta": "0.329609000", - "frame.time_delta_displayed": "0.329609000", - "frame.time_relative": "2043.430761000", - "frame.number": "7828", - "frame.len": "115", - "frame.cap_len": "115", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "101", - "ip.id": "0x000096f2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000765c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "49", - "tcp.seq": "91817", - "tcp.nxtseq": "91866", - "tcp.ack": "18753", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000092af", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:cf:2a:a7:a2:a8:94", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2608938, TSecr 2812455060": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2608938", - "tcp.options.timestamp.tsecr": "2812455060" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "49", - "tcp.analysis.push_bytes_sent": "49" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "44", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:8a:43:db:f2:fd:d1:92:47:07:76:23:19:63:0a:82:26:c6:d1:e4:af:a6:08:c9:37:06:a4:4c:de:50:e1:c1:e3:47:a7:52:23:ca" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:20:34.952266000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495634.952266000", - "frame.time_delta": "0.060819000", - "frame.time_delta_displayed": "0.060819000", - "frame.time_relative": "2043.491580000", - "frame.number": "7829", - "frame.len": "121", - "frame.cap_len": "121", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "107", - "ip.id": "0x00002de7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003761", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "55", - "tcp.seq": "18753", - "tcp.nxtseq": "18808", - "tcp.ack": "91866", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000dc6a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a2:c6:ee:00:27:cf:2a", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812462830, TSecr 2608938": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812462830", - "tcp.options.timestamp.tsecr": "2608938" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7828", - "tcp.analysis.ack_rtt": "0.060819000", - "tcp.analysis.bytes_in_flight": "55", - "tcp.analysis.push_bytes_sent": "55" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "50", - "ssl.app_data": "34:cd:34:17:47:48:0e:d2:9b:aa:bb:61:df:15:29:6f:b6:21:0b:70:b3:03:14:ca:0a:17:2c:a3:04:8e:13:85:83:dc:38:26:ea:36:b0:1a:ae:9f:9e:4f:ba:99:96:65:ba:39" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:20:34.952762000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495634.952762000", - "frame.time_delta": "0.000496000", - "frame.time_delta_displayed": "0.000496000", - "frame.time_relative": "2043.492076000", - "frame.number": "7830", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x000096f3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000768c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "91866", - "tcp.ack": "18808", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00006126", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:cf:30:a7:a2:c6:ee", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2608944, TSecr 2812462830": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2608944", - "tcp.options.timestamp.tsecr": "2812462830" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7829", - "tcp.analysis.ack_rtt": "0.000496000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:20:36.818162000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495636.818162000", - "frame.time_delta": "1.865400000", - "frame.time_delta_displayed": "1.865400000", - "frame.time_relative": "2045.357476000", - "frame.number": "7831", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005ed2", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x00005917", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:20:37.685577000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495637.685577000", - "frame.time_delta": "0.867415000", - "frame.time_delta_displayed": "0.867415000", - "frame.time_relative": "2046.224891000", - "frame.number": "7832", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001fea", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b806", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00001768", - "udp.checksum.status": "2", - "udp.stream": "98" - }, - "mdns": { - "dns.id": "0x0000028c", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=652", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:20:37.685977000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495637.685977000", - "frame.time_delta": "0.000400000", - "frame.time_delta_displayed": "0.000400000", - "frame.time_relative": "2046.225291000", - "frame.number": "7833", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001feb", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009901", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f863", - "udp.checksum.status": "2", - "udp.stream": "99" - }, - "mdns": { - "dns.id": "0x0000028c", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=652", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:20:37.686971000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495637.686971000", - "frame.time_delta": "0.000994000", - "frame.time_delta_displayed": "0.000994000", - "frame.time_relative": "2046.226285000", - "frame.number": "7834", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1322", - "udp.dstport": "5353", - "udp.port": "1322", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00008629", - "udp.checksum.status": "2", - "udp.stream": "100" - }, - "mdns": { - "dns.id": "0x0000028c", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=652", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:20:39.428193000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495639.428193000", - "frame.time_delta": "1.741222000", - "frame.time_delta_displayed": "1.741222000", - "frame.time_relative": "2047.967507000", - "frame.number": "7835", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "00:17:88:69:ee:e4", - "arp.src.proto_ipv4": "192.168.0.160", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:20:39.428324000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495639.428324000", - "frame.time_delta": "0.000131000", - "frame.time_delta_displayed": "0.000131000", - "frame.time_relative": "2047.967638000", - "frame.number": "7836", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:17:88:69:ee:e4", - "arp.dst.proto_ipv4": "192.168.0.160" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:20:39.960183000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495639.960183000", - "frame.time_delta": "0.531859000", - "frame.time_delta_displayed": "0.531859000", - "frame.time_relative": "2048.499497000", - "frame.number": "7837", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.242" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:20:39.960616000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495639.960616000", - "frame.time_delta": "0.000433000", - "frame.time_delta_displayed": "0.000433000", - "frame.time_relative": "2048.499930000", - "frame.number": "7838", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "d0:52:a8:a3:60:0f", - "arp.src.proto_ipv4": "192.168.0.242", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:20:54.895568000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495654.895568000", - "frame.time_delta": "14.934952000", - "frame.time_delta_displayed": "14.934952000", - "frame.time_relative": "2063.434882000", - "frame.number": "7839", - "frame.len": "90", - "frame.cap_len": "90", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ntp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000010", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "4", - "ip.dsfield.ecn": "0" - }, - "ip.len": "76", - "ip.id": "0x00005189", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000dbe2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "198.206.133.14", - "ip.addr": "198.206.133.14", - "ip.dst_host": "198.206.133.14", - "ip.host": "198.206.133.14", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS21554 Wisconsin CyberLynk Network, Inc., Franklin, WI, 42.886902, -88.009697": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS21554 Wisconsin CyberLynk Network, Inc.", - "ip.geoip.asnum": "AS21554 Wisconsin CyberLynk Network, Inc.", - "ip.geoip.dst_city": "Franklin, WI", - "ip.geoip.city": "Franklin, WI", - "ip.geoip.dst_lat": "42.886902", - "ip.geoip.lat": "42.886902", - "ip.geoip.dst_lon": "-88.009697", - "ip.geoip.lon": "-88.009697" - } - }, - "udp": { - "udp.srcport": "34570", - "udp.dstport": "123", - "udp.port": "34570", - "udp.port": "123", - "udp.length": "56", - "udp.checksum": "0x00008545", - "udp.checksum.status": "2", - "udp.stream": "146" - }, - "ntp": { - "ntp.flags": "0x00000023", - "ntp.flags_tree": { - "ntp.flags.li": "0", - "ntp.flags.vn": "4", - "ntp.flags.mode": "3" - }, - "ntp.stratum": "0", - "ntp.ppoll": "0", - "ntp.precision": "0", - "ntp.rootdelay": "0", - "ntp.rootdispersion": "0", - "ntp.refid": "00:00:00:00", - "ntp.reftime": "Dec 31, 1969 16:00:00.000000000 PST", - "ntp.org": "Dec 31, 1969 16:00:00.000000000 PST", - "ntp.rec": "Dec 31, 1969 16:00:00.000000000 PST", - "ntp.xmt": "Apr 10, 2081 17:49:27.423284000 PDT" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:20:54.954802000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495654.954802000", - "frame.time_delta": "0.059234000", - "frame.time_delta_displayed": "0.059234000", - "frame.time_relative": "2063.494116000", - "frame.number": "7840", - "frame.len": "90", - "frame.cap_len": "90", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ntp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "76", - "ip.id": "0x00004ef4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "47", - "ip.proto": "17", - "ip.checksum": "0x0000ef87", - "ip.checksum.status": "2", - "ip.src": "198.206.133.14", - "ip.addr": "198.206.133.14", - "ip.src_host": "198.206.133.14", - "ip.host": "198.206.133.14", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS21554 Wisconsin CyberLynk Network, Inc., Franklin, WI, 42.886902, -88.009697": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS21554 Wisconsin CyberLynk Network, Inc.", - "ip.geoip.asnum": "AS21554 Wisconsin CyberLynk Network, Inc.", - "ip.geoip.src_city": "Franklin, WI", - "ip.geoip.city": "Franklin, WI", - "ip.geoip.src_lat": "42.886902", - "ip.geoip.lat": "42.886902", - "ip.geoip.src_lon": "-88.009697", - "ip.geoip.lon": "-88.009697" - }, - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "123", - "udp.dstport": "34570", - "udp.port": "123", - "udp.port": "34570", - "udp.length": "56", - "udp.checksum": "0x0000809d", - "udp.checksum.status": "2", - "udp.stream": "146" - }, - "ntp": { - "ntp.flags": "0x00000024", - "ntp.flags_tree": { - "ntp.flags.li": "0", - "ntp.flags.vn": "4", - "ntp.flags.mode": "4" - }, - "ntp.stratum": "3", - "ntp.ppoll": "6", - "ntp.precision": "-25", - "ntp.rootdelay": "0.00360107421875", - "ntp.rootdispersion": "0.0005340576171875", - "ntp.refid": "3a:b4:9e:96", - "ntp.reftime": "Oct 31, 2017 17:15:25.241065000 PDT", - "ntp.org": "Apr 10, 2081 17:49:27.423284000 PDT", - "ntp.rec": "Oct 31, 2017 17:20:54.932763000 PDT", - "ntp.xmt": "Oct 31, 2017 17:20:54.932780000 PDT" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:20:55.718111000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495655.718111000", - "frame.time_delta": "0.763309000", - "frame.time_delta_displayed": "0.763309000", - "frame.time_relative": "2064.257425000", - "frame.number": "7841", - "frame.len": "20", - "frame.cap_len": "20", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:llc" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.len": "6" - }, - "llc": { - "llc.dsap": "0x00000000", - "llc.dsap_tree": { - "llc.dsap.sap": "0", - "llc.dsap.ig": "0" - }, - "llc.ssap": "0x00000001", - "llc.ssap_tree": { - "llc.ssap.sap": "0", - "llc.ssap.cr": "1" - }, - "llc.control": "0x000000af", - "llc.control_tree": { - "llc.control.u_modifier_resp": "0x0000002b", - "llc.control.ftype": "0x00000003" - } - }, - "basicxid": { - "basicxid.llc.xid.format": "0x00000081", - "basicxid.llc.xid.types": "0x00000001", - "basicxid.llc.xid.wsize": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:20:55.967550000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495655.967550000", - "frame.time_delta": "0.249439000", - "frame.time_delta_displayed": "0.249439000", - "frame.time_relative": "2064.506864000", - "frame.number": "7842", - "frame.len": "350", - "frame.cap_len": "350", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:bootp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "336", - "ip.id": "0x00000000", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ba9d", - "ip.checksum.status": "2", - "ip.src": "0.0.0.0", - "ip.addr": "0.0.0.0", - "ip.src_host": "0.0.0.0", - "ip.host": "0.0.0.0", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "68", - "udp.dstport": "67", - "udp.port": "68", - "udp.port": "67", - "udp.length": "316", - "udp.checksum": "0x00004f9e", - "udp.checksum.status": "2", - "udp.stream": "3" - }, - "bootp": { - "bootp.type": "1", - "bootp.hw.type": "0x00000001", - "bootp.hw.len": "6", - "bootp.hops": "0", - "bootp.id": "0xabcd0001", - "bootp.secs": "0", - "bootp.flags": "0x00000000", - "bootp.flags_tree": { - "bootp.flags.bc": "0", - "bootp.flags.reserved": "0x00000000" - }, - "bootp.ip.client": "0.0.0.0", - "bootp.ip.your": "0.0.0.0", - "bootp.ip.server": "0.0.0.0", - "bootp.ip.relay": "0.0.0.0", - "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", - "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", - "bootp.server": "", - "bootp.file": "", - "bootp.dhcp": "1", - "bootp.cookie": "99.130.83.99", - "bootp.option.type": "53", - "bootp.option.type_tree": { - "bootp.option.length": "1", - "bootp.option.value": "01", - "bootp.option.dhcp": "1" - }, - "bootp.option.type": "12", - "bootp.option.type_tree": { - "bootp.option.length": "14", - "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", - "bootp.option.hostname": "USR-WIFI232-G2" - }, - "bootp.option.type": "57", - "bootp.option.type_tree": { - "bootp.option.length": "2", - "bootp.option.value": "05:dc", - "bootp.option.dhcp_max_message_size": "1500" - }, - "bootp.option.type": "55", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "01:03:1c:06", - "bootp.option.request_list_item": "1", - "bootp.option.request_list_item": "3", - "bootp.option.request_list_item": "28", - "bootp.option.request_list_item": "6" - }, - "bootp.option.type": "0", - "bootp.option.type_tree": { - "bootp.option.end": "255" - }, - "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:20:56.030307000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495656.030307000", - "frame.time_delta": "0.062757000", - "frame.time_delta_displayed": "0.062757000", - "frame.time_relative": "2064.569621000", - "frame.number": "7843", - "frame.len": "350", - "frame.cap_len": "350", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:bootp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "336", - "ip.id": "0x00000001", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ba9c", - "ip.checksum.status": "2", - "ip.src": "0.0.0.0", - "ip.addr": "0.0.0.0", - "ip.src_host": "0.0.0.0", - "ip.host": "0.0.0.0", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "68", - "udp.dstport": "67", - "udp.port": "68", - "udp.port": "67", - "udp.length": "316", - "udp.checksum": "0x000080b3", - "udp.checksum.status": "2", - "udp.stream": "3" - }, - "bootp": { - "bootp.type": "1", - "bootp.hw.type": "0x00000001", - "bootp.hw.len": "6", - "bootp.hops": "0", - "bootp.id": "0xabcd0002", - "bootp.secs": "0", - "bootp.flags": "0x00000000", - "bootp.flags_tree": { - "bootp.flags.bc": "0", - "bootp.flags.reserved": "0x00000000" - }, - "bootp.ip.client": "0.0.0.0", - "bootp.ip.your": "0.0.0.0", - "bootp.ip.server": "0.0.0.0", - "bootp.ip.relay": "0.0.0.0", - "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", - "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", - "bootp.server": "", - "bootp.file": "", - "bootp.dhcp": "1", - "bootp.cookie": "99.130.83.99", - "bootp.option.type": "53", - "bootp.option.type_tree": { - "bootp.option.length": "1", - "bootp.option.value": "03", - "bootp.option.dhcp": "3" - }, - "bootp.option.type": "12", - "bootp.option.type_tree": { - "bootp.option.length": "14", - "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", - "bootp.option.hostname": "USR-WIFI232-G2" - }, - "bootp.option.type": "57", - "bootp.option.type_tree": { - "bootp.option.length": "2", - "bootp.option.value": "05:dc", - "bootp.option.dhcp_max_message_size": "1500" - }, - "bootp.option.type": "50", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "c0:a8:00:72", - "bootp.option.requested_ip_address": "192.168.0.114" - }, - "bootp.option.type": "54", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "c0:a8:00:01", - "bootp.option.dhcp_server_id": "192.168.0.1" - }, - "bootp.option.type": "55", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "01:03:1c:06", - "bootp.option.request_list_item": "1", - "bootp.option.request_list_item": "3", - "bootp.option.request_list_item": "28", - "bootp.option.request_list_item": "6" - }, - "bootp.option.type": "0", - "bootp.option.type_tree": { - "bootp.option.end": "255" - }, - "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:20:56.045032000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495656.045032000", - "frame.time_delta": "0.014725000", - "frame.time_delta_displayed": "0.014725000", - "frame.time_relative": "2064.584346000", - "frame.number": "7844", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", - "arp.src.proto_ipv4": "0.0.0.0", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.114" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:20:56.436509000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495656.436509000", - "frame.time_delta": "0.391477000", - "frame.time_delta_displayed": "0.391477000", - "frame.time_relative": "2064.975823000", - "frame.number": "7845", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", - "arp.src.proto_ipv4": "0.0.0.0", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.114" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:20:59.960186000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495659.960186000", - "frame.time_delta": "3.523677000", - "frame.time_delta_displayed": "3.523677000", - "frame.time_relative": "2068.499500000", - "frame.number": "7846", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.160" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:20:59.960592000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495659.960592000", - "frame.time_delta": "0.000406000", - "frame.time_delta_displayed": "0.000406000", - "frame.time_relative": "2068.499906000", - "frame.number": "7847", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "00:17:88:69:ee:e4", - "arp.src.proto_ipv4": "192.168.0.160", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:00.189024000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495660.189024000", - "frame.time_delta": "0.228432000", - "frame.time_delta_displayed": "0.228432000", - "frame.time_relative": "2068.728338000", - "frame.number": "7848", - "frame.len": "418", - "frame.cap_len": "418", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "404", - "ip.id": "0x000096f4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000752b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "352", - "tcp.seq": "91866", - "tcp.nxtseq": "92218", - "tcp.ack": "18808", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000071aa", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:d9:0c:a7:a2:c6:ee", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2611468, TSecr 2812462830": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2611468", - "tcp.options.timestamp.tsecr": "2812462830" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "352", - "tcp.analysis.push_bytes_sent": "352" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "347", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:8b:0c:e4:73:ae:04:fb:e0:2b:b9:4e:a2:83:15:47:d9:79:13:ca:ef:d6:fe:b6:4d:87:8e:40:52:36:74:da:55:58:c3:ec:cb:da:e5:4e:1c:ac:21:58:35:02:d2:c0:b6:cf:7e:ab:51:75:a4:04:b0:be:97:a2:4a:f8:d7:03:23:28:dc:fe:f8:5c:23:bf:f9:9d:88:60:5a:aa:2a:7a:b0:c8:76:50:72:27:dc:e8:98:04:14:a2:ac:7f:85:6c:04:b4:10:79:03:7e:79:8d:2b:83:f7:32:ca:15:94:68:3a:c7:a1:2b:b2:3a:86:77:2f:7e:3c:f1:27:39:c7:ef:45:b4:b2:81:bf:d1:28:1d:4a:76:75:a2:dd:05:94:34:3e:f2:89:06:47:94:d6:bc:2e:d0:aa:db:3b:a1:2e:ed:ac:ca:60:fb:4b:27:67:ee:98:87:81:45:1b:17:72:ff:16:33:0e:c4:fd:b6:a4:7e:82:e3:41:9d:37:95:f8:59:57:b2:9f:d8:d0:9d:83:a6:54:de:6d:13:7b:1b:40:bc:33:ca:4a:6e:64:90:c1:a5:49:19:3c:62:6f:0b:8c:80:16:1d:b6:41:f6:03:97:85:6b:e1:e3:a4:4f:fa:ef:b5:94:97:6f:e4:b2:13:62:c4:42:d3:4a:25:b1:06:3b:9a:6c:6d:4d:9c:66:e7:60:1a:ce:9c:61:7a:0f:dd:f3:81:62:fb:95:b4:45:e0:05:40:42:93:3a:6b:30:7f:d3:2b:80:17:c5:40:b7:5b:ae:6e:ea:21:1d:c1:e9:e2:d5:2e:97:d3:1e:0f:b4:65:84:7d:1b:4a:d9:8e:52:ff:45:de:25:81:15:ec:0e:f5:6d:1f:5a:d4:48:e4:79:ff:42:d1:15:88:c5:bd:f8" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:00.250242000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495660.250242000", - "frame.time_delta": "0.061218000", - "frame.time_delta_displayed": "0.061218000", - "frame.time_relative": "2068.789556000", - "frame.number": "7849", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002de8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003768", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "18808", - "tcp.nxtseq": "18855", - "tcp.ack": "92218", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00002f7f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a2:df:a2:00:27:d9:0c", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812469154, TSecr 2611468": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812469154", - "tcp.options.timestamp.tsecr": "2611468" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7848", - "tcp.analysis.ack_rtt": "0.061218000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:d3:14:bf:b8:b2:a0:ad:03:5e:97:56:81:b8:8d:7c:1c:3f:a8:ab:3c:69:05:8c:ff:74:87:18:ae:de:8d:04:62:bf:68:b1" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:00.250681000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495660.250681000", - "frame.time_delta": "0.000439000", - "frame.time_delta_displayed": "0.000439000", - "frame.time_relative": "2068.789995000", - "frame.number": "7850", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x000096f5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000768a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "92218", - "tcp.ack": "18855", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00003d01", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:d9:12:a7:a2:df:a2", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2611474, TSecr 2812469154": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2611474", - "tcp.options.timestamp.tsecr": "2812469154" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7849", - "tcp.analysis.ack_rtt": "0.000439000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:01.149744000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495661.149744000", - "frame.time_delta": "0.899063000", - "frame.time_delta_displayed": "0.899063000", - "frame.time_relative": "2069.689058000", - "frame.number": "7851", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", - "arp.src.proto_ipv4": "192.168.0.114", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:04.558213000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495664.558213000", - "frame.time_delta": "3.408469000", - "frame.time_delta_displayed": "3.408469000", - "frame.time_relative": "2073.097527000", - "frame.number": "7852", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000582c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a665", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "5197", - "tcp.ack": "721", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000efa2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive": "", - "_ws.expert.message": "TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:04.701571000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495664.701571000", - "frame.time_delta": "0.143358000", - "frame.time_delta_displayed": "0.143358000", - "frame.time_relative": "2073.240885000", - "frame.number": "7853", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000100f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fd82", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "721", - "tcp.ack": "5198", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000fa17", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive_ack": "", - "_ws.expert.message": "ACK to a TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:06.819595000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495666.819595000", - "frame.time_delta": "2.118024000", - "frame.time_delta_displayed": "2.118024000", - "frame.time_relative": "2075.358909000", - "frame.number": "7854", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005ed9", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x00005910", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:09.568137000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495669.568137000", - "frame.time_delta": "2.748542000", - "frame.time_delta_displayed": "2.748542000", - "frame.time_relative": "2078.107451000", - "frame.number": "7855", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "00:17:88:69:ee:e4", - "arp.src.proto_ipv4": "192.168.0.160", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:09.568266000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495669.568266000", - "frame.time_delta": "0.000129000", - "frame.time_delta_displayed": "0.000129000", - "frame.time_relative": "2078.107580000", - "frame.number": "7856", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:17:88:69:ee:e4", - "arp.dst.proto_ipv4": "192.168.0.160" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:10.196891000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495670.196891000", - "frame.time_delta": "0.628625000", - "frame.time_delta_displayed": "0.628625000", - "frame.time_relative": "2078.736205000", - "frame.number": "7857", - "frame.len": "134", - "frame.cap_len": "134", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:adwin_config" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "120", - "ip.id": "0x00000bb1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ecdb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "100", - "udp.checksum": "0x00007c31", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "adwin_config": { - "adwin_config.pattern": "0x5c000054", - "adwin_config.version": "1112689490", - "adwin_config.scan_id": "0xd073d502", - "adwin_config.status": "0x41da0000", - "adwin_config.timeout": "1279870552", - "adwin_config.filename": "V2", - "adwin_config.mac": "fc:de:8e:3a:f3:96", - "adwin_config.unused": "" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:12.903978000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495672.903978000", - "frame.time_delta": "2.707087000", - "frame.time_delta_displayed": "2.707087000", - "frame.time_relative": "2081.443292000", - "frame.number": "7858", - "frame.len": "78", - "frame.cap_len": "78", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "64", - "ip.id": "0x0000106c", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00002977", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "49153", - "udp.dstport": "53", - "udp.port": "49153", - "udp.port": "53", - "udp.length": "44", - "udp.checksum": "0x0000f376", - "udp.checksum.status": "2", - "udp.stream": "14" - }, - "dns": { - "dns.id": "0x00000001", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "home.myblossom.com: type A, class IN": { - "dns.qry.name": "home.myblossom.com", - "dns.qry.name.len": "18", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:12.920785000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495672.920785000", - "frame.time_delta": "0.016807000", - "frame.time_delta_displayed": "0.016807000", - "frame.time_relative": "2081.460099000", - "frame.number": "7859", - "frame.len": "423", - "frame.cap_len": "423", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "409", - "ip.id": "0x000041be", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000075cc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "49153", - "udp.port": "53", - "udp.port": "49153", - "udp.length": "389", - "udp.checksum": "0x00008360", - "udp.checksum.status": "2", - "udp.stream": "14" - }, - "dns": { - "dns.response_to": "7858", - "dns.time": "0.016807000", - "dns.id": "0x00000001", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "2", - "dns.count.auth_rr": "4", - "dns.count.add_rr": "8", - "Queries": { - "home.myblossom.com: type A, class IN": { - "dns.qry.name": "home.myblossom.com", - "dns.qry.name.len": "18", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "home.myblossom.com: type A, class IN, addr 54.219.161.163": { - "dns.resp.name": "home.myblossom.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "60", - "dns.resp.len": "4", - "dns.a": "54.219.161.163" - }, - "home.myblossom.com: type A, class IN, addr 54.153.31.0": { - "dns.resp.name": "home.myblossom.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "60", - "dns.resp.len": "4", - "dns.a": "54.153.31.0" - } - }, - "Authoritative nameservers": { - "myblossom.com: type NS, class IN, ns ns-1743.awsdns-25.co.uk": { - "dns.resp.name": "myblossom.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "165905", - "dns.resp.len": "25", - "dns.ns": "ns-1743.awsdns-25.co.uk" - }, - "myblossom.com: type NS, class IN, ns ns-1324.awsdns-37.org": { - "dns.resp.name": "myblossom.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "165905", - "dns.resp.len": "23", - "dns.ns": "ns-1324.awsdns-37.org" - }, - "myblossom.com: type NS, class IN, ns ns-540.awsdns-03.net": { - "dns.resp.name": "myblossom.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "165905", - "dns.resp.len": "22", - "dns.ns": "ns-540.awsdns-03.net" - }, - "myblossom.com: type NS, class IN, ns ns-477.awsdns-59.com": { - "dns.resp.name": "myblossom.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "165905", - "dns.resp.len": "19", - "dns.ns": "ns-477.awsdns-59.com" - } - }, - "Additional records": { - "ns-477.awsdns-59.com: type A, class IN, addr 205.251.193.221": { - "dns.resp.name": "ns-477.awsdns-59.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "86542", - "dns.resp.len": "4", - "dns.a": "205.251.193.221" - }, - "ns-540.awsdns-03.net: type A, class IN, addr 205.251.194.28": { - "dns.resp.name": "ns-540.awsdns-03.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "37907", - "dns.resp.len": "4", - "dns.a": "205.251.194.28" - }, - "ns-1324.awsdns-37.org: type A, class IN, addr 205.251.197.44": { - "dns.resp.name": "ns-1324.awsdns-37.org", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "13699", - "dns.resp.len": "4", - "dns.a": "205.251.197.44" - }, - "ns-1743.awsdns-25.co.uk: type A, class IN, addr 205.251.198.207": { - "dns.resp.name": "ns-1743.awsdns-25.co.uk", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "17624", - "dns.resp.len": "4", - "dns.a": "205.251.198.207" - }, - "ns-477.awsdns-59.com: type AAAA, class IN, addr 2600:9000:5301:dd00::1": { - "dns.resp.name": "ns-477.awsdns-59.com", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "86542", - "dns.resp.len": "16", - "dns.aaaa": "2600:9000:5301:dd00::1" - }, - "ns-540.awsdns-03.net: type AAAA, class IN, addr 2600:9000:5302:1c00::1": { - "dns.resp.name": "ns-540.awsdns-03.net", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "37907", - "dns.resp.len": "16", - "dns.aaaa": "2600:9000:5302:1c00::1" - }, - "ns-1324.awsdns-37.org: type AAAA, class IN, addr 2600:9000:5305:2c00::1": { - "dns.resp.name": "ns-1324.awsdns-37.org", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "13699", - "dns.resp.len": "16", - "dns.aaaa": "2600:9000:5305:2c00::1" - }, - "ns-1743.awsdns-25.co.uk: type AAAA, class IN, addr 2600:9000:5306:cf00::1": { - "dns.resp.name": "ns-1743.awsdns-25.co.uk", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "17624", - "dns.resp.len": "16", - "dns.aaaa": "2600:9000:5306:cf00::1" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:12.927515000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495672.927515000", - "frame.time_delta": "0.006730000", - "frame.time_delta_displayed": "0.006730000", - "frame.time_relative": "2081.466829000", - "frame.number": "7860", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "44", - "ip.id": "0x0000106d", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x000011c0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.219.161.163", - "ip.addr": "54.219.161.163", - "ip.dst_host": "54.219.161.163", - "ip.host": "54.219.161.163", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49781", - "tcp.dstport": "80", - "tcp.port": "49781", - "tcp.port": "80", - "tcp.stream": "306", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "24", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "5600", - "tcp.window_size": "5600", - "tcp.checksum": "0x00008bbc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:78", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1400" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:12.951047000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495672.951047000", - "frame.time_delta": "0.023532000", - "frame.time_delta_displayed": "0.023532000", - "frame.time_relative": "2081.490361000", - "frame.number": "7861", - "frame.len": "58", - "frame.cap_len": "58", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "44", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "237", - "ip.proto": "6", - "ip.checksum": "0x0000f42c", - "ip.checksum.status": "2", - "ip.src": "54.219.161.163", - "ip.addr": "54.219.161.163", - "ip.src_host": "54.219.161.163", - "ip.host": "54.219.161.163", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.src_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.src_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.src_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49781", - "tcp.port": "80", - "tcp.port": "49781", - "tcp.stream": "306", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "24", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "26883", - "tcp.window_size": "26883", - "tcp.checksum": "0x00001220", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7860", - "tcp.analysis.ack_rtt": "0.023532000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:12.956588000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495672.956588000", - "frame.time_delta": "0.005541000", - "frame.time_delta_displayed": "0.005541000", - "frame.time_relative": "2081.495902000", - "frame.number": "7862", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000106e", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x000011c3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.219.161.163", - "ip.addr": "54.219.161.163", - "ip.dst_host": "54.219.161.163", - "ip.host": "54.219.161.163", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49781", - "tcp.dstport": "80", - "tcp.port": "49781", - "tcp.port": "80", - "tcp.stream": "306", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5600", - "tcp.window_size": "5600", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00007d00", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7861", - "tcp.analysis.ack_rtt": "0.005541000", - "tcp.analysis.initial_rtt": "0.029073000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:13.427018000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495673.427018000", - "frame.time_delta": "0.470430000", - "frame.time_delta_displayed": "0.470430000", - "frame.time_relative": "2081.966332000", - "frame.number": "7863", - "frame.len": "232", - "frame.cap_len": "232", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "218", - "ip.id": "0x0000106f", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x00001110", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.219.161.163", - "ip.addr": "54.219.161.163", - "ip.dst_host": "54.219.161.163", - "ip.host": "54.219.161.163", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49781", - "tcp.dstport": "80", - "tcp.port": "49781", - "tcp.port": "80", - "tcp.stream": "306", - "tcp.len": "178", - "tcp.seq": "1", - "tcp.nxtseq": "179", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5600", - "tcp.window_size": "5600", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000a37d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.029073000", - "tcp.analysis.bytes_in_flight": "178", - "tcp.analysis.push_bytes_sent": "178" - }, - "tcp.segment_data": "50:4f:53:54:20:2f:61:70:69:2f:64:65:76:69:63:65:2f:76:31:2f:39:62:63:34:31:61:63:34:2d:37:39:61:36:2d:34:35:65:31:2d:39:37:64:32:2d:34:62:30:65:31:64:62:65:35:39:32:33:2f:74:65:6c:65:6d:65:74:72:79:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:68:6f:6d:65:2e:6d:79:62:6c:6f:73:73:6f:6d:2e:63:6f:6d:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:57:4d:53:44:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:6a:73:6f:6e:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:34:32:39:0d:0a:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:13.441301000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495673.441301000", - "frame.time_delta": "0.014283000", - "frame.time_delta_displayed": "0.014283000", - "frame.time_relative": "2081.980615000", - "frame.number": "7864", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00008486", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "237", - "ip.proto": "6", - "ip.checksum": "0x00006faa", - "ip.checksum.status": "2", - "ip.src": "54.219.161.163", - "ip.addr": "54.219.161.163", - "ip.src_host": "54.219.161.163", - "ip.host": "54.219.161.163", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.src_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.src_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.src_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49781", - "tcp.port": "80", - "tcp.port": "49781", - "tcp.stream": "306", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "179", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "27872", - "tcp.window_size": "27872", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000254e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7863", - "tcp.analysis.ack_rtt": "0.014283000", - "tcp.analysis.initial_rtt": "0.029073000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:13.447487000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495673.447487000", - "frame.time_delta": "0.006186000", - "frame.time_delta_displayed": "0.006186000", - "frame.time_relative": "2081.986801000", - "frame.number": "7865", - "frame.len": "483", - "frame.cap_len": "483", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:json" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "469", - "ip.id": "0x00001070", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x00001014", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.219.161.163", - "ip.addr": "54.219.161.163", - "ip.dst_host": "54.219.161.163", - "ip.host": "54.219.161.163", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49781", - "tcp.dstport": "80", - "tcp.port": "49781", - "tcp.port": "80", - "tcp.stream": "306", - "tcp.len": "429", - "tcp.seq": "179", - "tcp.nxtseq": "608", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5600", - "tcp.window_size": "5600", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00006db5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.029073000", - "tcp.analysis.bytes_in_flight": "429", - "tcp.analysis.push_bytes_sent": "429" - }, - "tcp.segment_data": "7b:22:64:68:63:70:53:74:61:74:75:73:22:3a:32:2c:22:70:6c:31:2e:69:70:22:3a:22:31:39:32:2e:31:36:38:2e:30:2e:31:32:30:22:2c:22:70:6c:31:2e:6e:6d:22:3a:22:32:35:35:2e:32:35:35:2e:32:35:35:2e:30:22:2c:22:70:6c:31:2e:67:77:22:3a:22:31:39:32:2e:31:36:38:2e:30:2e:31:22:2c:22:70:6c:31:2e:66:6c:67:22:3a:22:30:78:30:30:30:30:30:30:62:62:22:2c:22:75:61:33:69:70:22:3a:22:30:2e:30:2e:30:2e:30:22:2c:22:75:61:33:2e:6e:6d:22:3a:22:30:2e:30:2e:30:2e:30:22:2c:22:75:61:33:2e:67:77:22:3a:22:30:2e:30:2e:30:2e:30:22:2c:22:75:61:33:2e:66:6c:67:22:3a:22:30:78:30:30:30:30:30:30:62:32:22:2c:22:6c:6f:30:2e:69:70:22:3a:22:31:32:37:2e:30:2e:30:2e:31:22:2c:22:6c:6f:30:2e:6e:6d:22:3a:22:32:35:35:2e:30:2e:30:2e:30:22:2c:22:6c:6f:30:2e:67:77:22:3a:22:31:32:37:2e:30:2e:30:2e:31:22:2c:22:6c:6f:30:2e:66:6c:67:22:3a:22:30:78:30:30:30:30:30:30:30:31:22:2c:22:6d:6c:32:2e:69:70:22:3a:22:30:2e:30:2e:30:2e:30:22:2c:22:6d:6c:32:2e:6e:6d:22:3a:22:30:2e:30:2e:30:2e:30:22:2c:22:6d:6c:32:2e:67:77:22:3a:22:30:2e:30:2e:30:2e:30:22:2c:22:6d:6c:32:2e:66:6c:67:22:3a:22:30:78:30:30:30:30:30:30:62:32:22:2c:22:64:6e:73:30:22:3a:22:31:39:32:2e:31:36:38:2e:30:2e:31:22:2c:22:64:6e:73:31:22:3a:22:38:2e:38:2e:38:2e:38:22:2c:22:64:6e:73:32:22:3a:22:38:2e:38:2e:34:2e:34:22:2c:22:64:6e:73:33:22:3a:22:30:2e:30:2e:30:2e:30:22:7d" - }, - "tcp.segments": { - "tcp.segment": "7863", - "tcp.segment": "7865", - "tcp.segment.count": "2", - "tcp.reassembled.length": "607", - "tcp.reassembled.data": "50:4f:53:54:20:2f:61:70:69:2f:64:65:76:69:63:65:2f:76:31:2f:39:62:63:34:31:61:63:34:2d:37:39:61:36:2d:34:35:65:31:2d:39:37:64:32:2d:34:62:30:65:31:64:62:65:35:39:32:33:2f:74:65:6c:65:6d:65:74:72:79:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:68:6f:6d:65:2e:6d:79:62:6c:6f:73:73:6f:6d:2e:63:6f:6d:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:57:4d:53:44:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:6a:73:6f:6e:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:34:32:39:0d:0a:0d:0a:7b:22:64:68:63:70:53:74:61:74:75:73:22:3a:32:2c:22:70:6c:31:2e:69:70:22:3a:22:31:39:32:2e:31:36:38:2e:30:2e:31:32:30:22:2c:22:70:6c:31:2e:6e:6d:22:3a:22:32:35:35:2e:32:35:35:2e:32:35:35:2e:30:22:2c:22:70:6c:31:2e:67:77:22:3a:22:31:39:32:2e:31:36:38:2e:30:2e:31:22:2c:22:70:6c:31:2e:66:6c:67:22:3a:22:30:78:30:30:30:30:30:30:62:62:22:2c:22:75:61:33:69:70:22:3a:22:30:2e:30:2e:30:2e:30:22:2c:22:75:61:33:2e:6e:6d:22:3a:22:30:2e:30:2e:30:2e:30:22:2c:22:75:61:33:2e:67:77:22:3a:22:30:2e:30:2e:30:2e:30:22:2c:22:75:61:33:2e:66:6c:67:22:3a:22:30:78:30:30:30:30:30:30:62:32:22:2c:22:6c:6f:30:2e:69:70:22:3a:22:31:32:37:2e:30:2e:30:2e:31:22:2c:22:6c:6f:30:2e:6e:6d:22:3a:22:32:35:35:2e:30:2e:30:2e:30:22:2c:22:6c:6f:30:2e:67:77:22:3a:22:31:32:37:2e:30:2e:30:2e:31:22:2c:22:6c:6f:30:2e:66:6c:67:22:3a:22:30:78:30:30:30:30:30:30:30:31:22:2c:22:6d:6c:32:2e:69:70:22:3a:22:30:2e:30:2e:30:2e:30:22:2c:22:6d:6c:32:2e:6e:6d:22:3a:22:30:2e:30:2e:30:2e:30:22:2c:22:6d:6c:32:2e:67:77:22:3a:22:30:2e:30:2e:30:2e:30:22:2c:22:6d:6c:32:2e:66:6c:67:22:3a:22:30:78:30:30:30:30:30:30:62:32:22:2c:22:64:6e:73:30:22:3a:22:31:39:32:2e:31:36:38:2e:30:2e:31:22:2c:22:64:6e:73:31:22:3a:22:38:2e:38:2e:38:2e:38:22:2c:22:64:6e:73:32:22:3a:22:38:2e:38:2e:34:2e:34:22:2c:22:64:6e:73:33:22:3a:22:30:2e:30:2e:30:2e:30:22:7d" - }, - "http": { - "POST \/api\/device\/v1\/9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/telemetry\/ HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "POST \/api\/device\/v1\/9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/telemetry\/ HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "POST", - "http.request.uri": "\/api\/device\/v1\/9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/telemetry\/", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "home.myblossom.com", - "http.request.line": "Host: home.myblossom.com\r\n", - "http.user_agent": "WMSDK", - "http.request.line": "User-Agent: WMSDK\r\n", - "http.content_type": "application\/json", - "http.request.line": "Content-Type: application\/json\r\n", - "http.content_length_header": "429", - "http.content_length_header_tree": { - "http.content_length": "429" - }, - "http.request.line": "Content-Length: 429\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/home.myblossom.com\/api\/device\/v1\/9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/telemetry\/", - "http.request": "1", - "http.request_number": "1", - "http.file_data": "{\"dhcpStatus\":2,\"pl1.ip\":\"192.168.0.120\",\"pl1.nm\":\"255.255.255.0\",\"pl1.gw\":\"192.168.0.1\",\"pl1.flg\":\"0x000000bb\",\"ua3ip\":\"0.0.0.0\",\"ua3.nm\":\"0.0.0.0\",\"ua3.gw\":\"0.0.0.0\",\"ua3.flg\":\"0x000000b2\",\"lo0.ip\":\"127.0.0.1\",\"lo0.nm\":\"255.0.0.0\",\"lo0.gw\":\"127.0.0.1\",\"lo0.flg\":\"0x00000001\",\"ml2.ip\":\"0.0.0.0\",\"ml2.nm\":\"0.0.0.0\",\"ml2.gw\":\"0.0.0.0\",\"ml2.flg\":\"0x000000b2\",\"dns0\":\"192.168.0.1\",\"dns1\":\"8.8.8.8\",\"dns2\":\"8.8.4.4\",\"dns3\":\"0.0.0.0\"}" - }, - "json": { - "json.object": { - "json.member": { - "json.value.number": "2", - "json.key": "dhcpStatus" - }, - "json.member": { - "json.value.string": "192.168.0.120", - "json.key": "pl1.ip" - }, - "json.member": { - "json.value.string": "255.255.255.0", - "json.key": "pl1.nm" - }, - "json.member": { - "json.value.string": "192.168.0.1", - "json.key": "pl1.gw" - }, - "json.member": { - "json.value.string": "0x000000bb", - "json.key": "pl1.flg" - }, - "json.member": { - "json.value.string": "0.0.0.0", - "json.key": "ua3ip" - }, - "json.member": { - "json.value.string": "0.0.0.0", - "json.key": "ua3.nm" - }, - "json.member": { - "json.value.string": "0.0.0.0", - "json.key": "ua3.gw" - }, - "json.member": { - "json.value.string": "0x000000b2", - "json.key": "ua3.flg" - }, - "json.member": { - "json.value.string": "127.0.0.1", - "json.key": "lo0.ip" - }, - "json.member": { - "json.value.string": "255.0.0.0", - "json.key": "lo0.nm" - }, - "json.member": { - "json.value.string": "127.0.0.1", - "json.key": "lo0.gw" - }, - "json.member": { - "json.value.string": "0x00000001", - "json.key": "lo0.flg" - }, - "json.member": { - "json.value.string": "0.0.0.0", - "json.key": "ml2.ip" - }, - "json.member": { - "json.value.string": "0.0.0.0", - "json.key": "ml2.nm" - }, - "json.member": { - "json.value.string": "0.0.0.0", - "json.key": "ml2.gw" - }, - "json.member": { - "json.value.string": "0x000000b2", - "json.key": "ml2.flg" - }, - "json.member": { - "json.value.string": "192.168.0.1", - "json.key": "dns0" - }, - "json.member": { - "json.value.string": "8.8.8.8", - "json.key": "dns1" - }, - "json.member": { - "json.value.string": "8.8.4.4", - "json.key": "dns2" - }, - "json.member": { - "json.value.string": "0.0.0.0", - "json.key": "dns3" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:13.462067000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495673.462067000", - "frame.time_delta": "0.014580000", - "frame.time_delta_displayed": "0.014580000", - "frame.time_relative": "2082.001381000", - "frame.number": "7866", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00008487", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "237", - "ip.proto": "6", - "ip.checksum": "0x00006fa9", - "ip.checksum.status": "2", - "ip.src": "54.219.161.163", - "ip.addr": "54.219.161.163", - "ip.src_host": "54.219.161.163", - "ip.host": "54.219.161.163", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.src_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.src_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.src_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49781", - "tcp.port": "80", - "tcp.port": "49781", - "tcp.stream": "306", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "608", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "28944", - "tcp.window_size": "28944", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00001f71", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7865", - "tcp.analysis.ack_rtt": "0.014580000", - "tcp.analysis.initial_rtt": "0.029073000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:13.490348000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495673.490348000", - "frame.time_delta": "0.028281000", - "frame.time_delta_displayed": "0.028281000", - "frame.time_relative": "2082.029662000", - "frame.number": "7867", - "frame.len": "690", - "frame.cap_len": "690", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:json" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "676", - "ip.id": "0x00008488", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "237", - "ip.proto": "6", - "ip.checksum": "0x00006d2c", - "ip.checksum.status": "2", - "ip.src": "54.219.161.163", - "ip.addr": "54.219.161.163", - "ip.src_host": "54.219.161.163", - "ip.host": "54.219.161.163", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.src_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.src_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.src_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49781", - "tcp.port": "80", - "tcp.port": "49781", - "tcp.stream": "306", - "tcp.len": "636", - "tcp.seq": "1", - "tcp.nxtseq": "637", - "tcp.ack": "608", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "28944", - "tcp.window_size": "28944", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00009320", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.029073000", - "tcp.analysis.bytes_in_flight": "636", - "tcp.analysis.push_bytes_sent": "636" - } - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.response.line": "Allow: POST, OPTIONS\r\n", - "http.content_type": "application\/json", - "http.response.line": "Content-Type: application\/json\r\n", - "http.date": "Wed, 01 Nov 2017 00:21:13 GMT", - "http.response.line": "Date: Wed, 01 Nov 2017 00:21:13 GMT\r\n", - "http.server": "nginx\/1.4.6 (Ubuntu)", - "http.response.line": "Server: nginx\/1.4.6 (Ubuntu)\r\n", - "http.response.line": "Vary: Accept, Cookie\r\n", - "http.content_length_header": "429", - "http.content_length_header_tree": { - "http.content_length": "429" - }, - "http.response.line": "Content-Length: 429\r\n", - "http.connection": "keep-alive", - "http.response.line": "Connection: keep-alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.042861000", - "http.request_in": "7865", - "http.file_data": "{\"lo0.nm\":\"255.0.0.0\",\"lo0.gw\":\"127.0.0.1\",\"ua3ip\":\"0.0.0.0\",\"pl1.ip\":\"192.168.0.120\",\"pl1.flg\":\"0x000000bb\",\"ml2.nm\":\"0.0.0.0\",\"dns0\":\"192.168.0.1\",\"pl1.nm\":\"255.255.255.0\",\"dns3\":\"0.0.0.0\",\"lo0.flg\":\"0x00000001\",\"dhcpStatus\":2,\"ml2.ip\":\"0.0.0.0\",\"lo0.ip\":\"127.0.0.1\",\"dns1\":\"8.8.8.8\",\"ua3.flg\":\"0x000000b2\",\"dns2\":\"8.8.4.4\",\"ml2.gw\":\"0.0.0.0\",\"ua3.nm\":\"0.0.0.0\",\"ua3.gw\":\"0.0.0.0\",\"ml2.flg\":\"0x000000b2\",\"pl1.gw\":\"192.168.0.1\"}" - }, - "json": { - "json.object": { - "json.member": { - "json.value.string": "255.0.0.0", - "json.key": "lo0.nm" - }, - "json.member": { - "json.value.string": "127.0.0.1", - "json.key": "lo0.gw" - }, - "json.member": { - "json.value.string": "0.0.0.0", - "json.key": "ua3ip" - }, - "json.member": { - "json.value.string": "192.168.0.120", - "json.key": "pl1.ip" - }, - "json.member": { - "json.value.string": "0x000000bb", - "json.key": "pl1.flg" - }, - "json.member": { - "json.value.string": "0.0.0.0", - "json.key": "ml2.nm" - }, - "json.member": { - "json.value.string": "192.168.0.1", - "json.key": "dns0" - }, - "json.member": { - "json.value.string": "255.255.255.0", - "json.key": "pl1.nm" - }, - "json.member": { - "json.value.string": "0.0.0.0", - "json.key": "dns3" - }, - "json.member": { - "json.value.string": "0x00000001", - "json.key": "lo0.flg" - }, - "json.member": { - "json.value.number": "2", - "json.key": "dhcpStatus" - }, - "json.member": { - "json.value.string": "0.0.0.0", - "json.key": "ml2.ip" - }, - "json.member": { - "json.value.string": "127.0.0.1", - "json.key": "lo0.ip" - }, - "json.member": { - "json.value.string": "8.8.8.8", - "json.key": "dns1" - }, - "json.member": { - "json.value.string": "0x000000b2", - "json.key": "ua3.flg" - }, - "json.member": { - "json.value.string": "8.8.4.4", - "json.key": "dns2" - }, - "json.member": { - "json.value.string": "0.0.0.0", - "json.key": "ml2.gw" - }, - "json.member": { - "json.value.string": "0.0.0.0", - "json.key": "ua3.nm" - }, - "json.member": { - "json.value.string": "0.0.0.0", - "json.key": "ua3.gw" - }, - "json.member": { - "json.value.string": "0x000000b2", - "json.key": "ml2.flg" - }, - "json.member": { - "json.value.string": "192.168.0.1", - "json.key": "pl1.gw" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:13.504307000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495673.504307000", - "frame.time_delta": "0.013959000", - "frame.time_delta_displayed": "0.013959000", - "frame.time_relative": "2082.043621000", - "frame.number": "7868", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001071", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x000011c0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.219.161.163", - "ip.addr": "54.219.161.163", - "ip.dst_host": "54.219.161.163", - "ip.host": "54.219.161.163", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49781", - "tcp.dstport": "80", - "tcp.port": "49781", - "tcp.port": "80", - "tcp.stream": "306", - "tcp.len": "0", - "tcp.seq": "608", - "tcp.ack": "637", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "4964", - "tcp.window_size": "4964", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00007aa0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7867", - "tcp.analysis.ack_rtt": "0.013959000", - "tcp.analysis.initial_rtt": "0.029073000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:13.519453000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495673.519453000", - "frame.time_delta": "0.015146000", - "frame.time_delta_displayed": "0.015146000", - "frame.time_relative": "2082.058767000", - "frame.number": "7869", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00008489", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "237", - "ip.proto": "6", - "ip.checksum": "0x00006fa7", - "ip.checksum.status": "2", - "ip.src": "54.219.161.163", - "ip.addr": "54.219.161.163", - "ip.src_host": "54.219.161.163", - "ip.host": "54.219.161.163", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.src_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.src_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.src_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49781", - "tcp.port": "80", - "tcp.port": "49781", - "tcp.stream": "306", - "tcp.len": "0", - "tcp.seq": "637", - "tcp.ack": "609", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "28944", - "tcp.window_size": "28944", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00001cf3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7868", - "tcp.analysis.ack_rtt": "0.015146000", - "tcp.analysis.initial_rtt": "0.029073000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:13.525300000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495673.525300000", - "frame.time_delta": "0.005847000", - "frame.time_delta_displayed": "0.005847000", - "frame.time_relative": "2082.064614000", - "frame.number": "7870", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001072", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x000011bf", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.219.161.163", - "ip.addr": "54.219.161.163", - "ip.dst_host": "54.219.161.163", - "ip.host": "54.219.161.163", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49781", - "tcp.dstport": "80", - "tcp.port": "49781", - "tcp.port": "80", - "tcp.stream": "306", - "tcp.len": "0", - "tcp.seq": "609", - "tcp.ack": "638", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4963", - "tcp.window_size": "4963", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00007aa0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7869", - "tcp.analysis.ack_rtt": "0.005847000", - "tcp.analysis.initial_rtt": "0.029073000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:16.261679000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495676.261679000", - "frame.time_delta": "2.736379000", - "frame.time_delta_displayed": "2.736379000", - "frame.time_relative": "2084.800993000", - "frame.number": "7871", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x00007710", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00005247", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:16.314607000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495676.314607000", - "frame.time_delta": "0.052928000", - "frame.time_delta_displayed": "0.052928000", - "frame.time_relative": "2084.853921000", - "frame.number": "7872", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x00007713", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00005244", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:16.367478000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495676.367478000", - "frame.time_delta": "0.052871000", - "frame.time_delta_displayed": "0.052871000", - "frame.time_relative": "2084.906792000", - "frame.number": "7873", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x00007717", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00005237", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:16.420369000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495676.420369000", - "frame.time_delta": "0.052891000", - "frame.time_delta_displayed": "0.052891000", - "frame.time_relative": "2084.959683000", - "frame.number": "7874", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x0000771a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00005234", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:16.473172000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495676.473172000", - "frame.time_delta": "0.052803000", - "frame.time_delta_displayed": "0.052803000", - "frame.time_relative": "2085.012486000", - "frame.number": "7875", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x0000771c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00005238", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:16.526039000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495676.526039000", - "frame.time_delta": "0.052867000", - "frame.time_delta_displayed": "0.052867000", - "frame.time_relative": "2085.065353000", - "frame.number": "7876", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x00007720", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00005234", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:17.930628000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495677.930628000", - "frame.time_delta": "1.404589000", - "frame.time_delta_displayed": "1.404589000", - "frame.time_relative": "2086.469942000", - "frame.number": "7877", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.120" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:17.936946000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495677.936946000", - "frame.time_delta": "0.006318000", - "frame.time_delta_displayed": "0.006318000", - "frame.time_relative": "2086.476260000", - "frame.number": "7878", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "e4:95:6e:b0:20:39", - "arp.src.proto_ipv4": "192.168.0.120", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:22.687356000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495682.687356000", - "frame.time_delta": "4.750410000", - "frame.time_delta_displayed": "4.750410000", - "frame.time_relative": "2091.226670000", - "frame.number": "7879", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001ff1", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b7ff", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00001667", - "udp.checksum.status": "2", - "udp.stream": "98" - }, - "mdns": { - "dns.id": "0x0000028d", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=653", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:22.687911000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495682.687911000", - "frame.time_delta": "0.000555000", - "frame.time_delta_displayed": "0.000555000", - "frame.time_relative": "2091.227225000", - "frame.number": "7880", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001ff2", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000098fa", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f762", - "udp.checksum.status": "2", - "udp.stream": "99" - }, - "mdns": { - "dns.id": "0x0000028d", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=653", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:22.688501000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495682.688501000", - "frame.time_delta": "0.000590000", - "frame.time_delta_displayed": "0.000590000", - "frame.time_relative": "2091.227815000", - "frame.number": "7881", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1322", - "udp.dstport": "5353", - "udp.port": "1322", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00008528", - "udp.checksum.status": "2", - "udp.stream": "100" - }, - "mdns": { - "dns.id": "0x0000028d", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=653", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:27.687686000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495687.687686000", - "frame.time_delta": "4.999185000", - "frame.time_delta_displayed": "4.999185000", - "frame.time_relative": "2096.227000000", - "frame.number": "7882", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001ff3", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b7fd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00001667", - "udp.checksum.status": "2", - "udp.stream": "98" - }, - "mdns": { - "dns.id": "0x0000028d", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=653", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:27.688201000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495687.688201000", - "frame.time_delta": "0.000515000", - "frame.time_delta_displayed": "0.000515000", - "frame.time_relative": "2096.227515000", - "frame.number": "7883", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001ff4", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000098f8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f762", - "udp.checksum.status": "2", - "udp.stream": "99" - }, - "mdns": { - "dns.id": "0x0000028d", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=653", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:27.688805000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495687.688805000", - "frame.time_delta": "0.000604000", - "frame.time_delta_displayed": "0.000604000", - "frame.time_relative": "2096.228119000", - "frame.number": "7884", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1322", - "udp.dstport": "5353", - "udp.port": "1322", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00008528", - "udp.checksum.status": "2", - "udp.stream": "100" - }, - "mdns": { - "dns.id": "0x0000028d", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=653", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:28.850454000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495688.850454000", - "frame.time_delta": "1.161649000", - "frame.time_delta_displayed": "1.161649000", - "frame.time_relative": "2097.389768000", - "frame.number": "7885", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "3c:ef:8c:6f:79:5a", - "eth.src_tree": { - "eth.src_resolved": "Zhejiang_6f:79:5a", - "eth.addr": "3c:ef:8c:6f:79:5a", - "eth.addr_resolved": "Zhejiang_6f:79:5a", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.isgratuitous": "1", - "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", - "arp.src.proto_ipv4": "192.168.0.71", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.71" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:28.989906000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495688.989906000", - "frame.time_delta": "0.139452000", - "frame.time_delta_displayed": "0.139452000", - "frame.time_relative": "2097.529220000", - "frame.number": "7886", - "frame.len": "90", - "frame.cap_len": "90", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ntp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000010", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "4", - "ip.dsfield.ecn": "0" - }, - "ip.len": "76", - "ip.id": "0x000068dd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000eff2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "74.117.214.3", - "ip.addr": "74.117.214.3", - "ip.dst_host": "74.117.214.3", - "ip.host": "74.117.214.3", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS4539 Schweitzer Engineering Laboratories, Inc., Pullman, WA, 46.732201, -117.245598": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS4539 Schweitzer Engineering Laboratories, Inc.", - "ip.geoip.asnum": "AS4539 Schweitzer Engineering Laboratories, Inc.", - "ip.geoip.dst_city": "Pullman, WA", - "ip.geoip.city": "Pullman, WA", - "ip.geoip.dst_lat": "46.732201", - "ip.geoip.lat": "46.732201", - "ip.geoip.dst_lon": "-117.245598", - "ip.geoip.lon": "-117.245598" - } - }, - "udp": { - "udp.srcport": "59279", - "udp.dstport": "123", - "udp.port": "59279", - "udp.port": "123", - "udp.length": "56", - "udp.checksum": "0x000065df", - "udp.checksum.status": "2", - "udp.stream": "147" - }, - "ntp": { - "ntp.flags": "0x00000023", - "ntp.flags_tree": { - "ntp.flags.li": "0", - "ntp.flags.vn": "4", - "ntp.flags.mode": "3" - }, - "ntp.stratum": "0", - "ntp.ppoll": "0", - "ntp.precision": "0", - "ntp.rootdelay": "0", - "ntp.rootdispersion": "0", - "ntp.refid": "00:00:00:00", - "ntp.reftime": "Dec 31, 1969 16:00:00.000000000 PST", - "ntp.org": "Dec 31, 1969 16:00:00.000000000 PST", - "ntp.rec": "Dec 31, 1969 16:00:00.000000000 PST", - "ntp.xmt": "Jul 30, 2060 15:35:09.402268000 PDT" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:29.029957000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495689.029957000", - "frame.time_delta": "0.040051000", - "frame.time_delta_displayed": "0.040051000", - "frame.time_relative": "2097.569271000", - "frame.number": "7887", - "frame.len": "90", - "frame.cap_len": "90", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ntp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "76", - "ip.id": "0x0000cc80", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "44", - "ip.proto": "17", - "ip.checksum": "0x0000a05f", - "ip.checksum.status": "2", - "ip.src": "74.117.214.3", - "ip.addr": "74.117.214.3", - "ip.src_host": "74.117.214.3", - "ip.host": "74.117.214.3", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS4539 Schweitzer Engineering Laboratories, Inc., Pullman, WA, 46.732201, -117.245598": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS4539 Schweitzer Engineering Laboratories, Inc.", - "ip.geoip.asnum": "AS4539 Schweitzer Engineering Laboratories, Inc.", - "ip.geoip.src_city": "Pullman, WA", - "ip.geoip.city": "Pullman, WA", - "ip.geoip.src_lat": "46.732201", - "ip.geoip.lat": "46.732201", - "ip.geoip.src_lon": "-117.245598", - "ip.geoip.lon": "-117.245598" - }, - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "123", - "udp.dstport": "59279", - "udp.port": "123", - "udp.port": "59279", - "udp.length": "56", - "udp.checksum": "0x00004f4a", - "udp.checksum.status": "2", - "udp.stream": "147" - }, - "ntp": { - "ntp.flags": "0x00000024", - "ntp.flags_tree": { - "ntp.flags.li": "0", - "ntp.flags.vn": "4", - "ntp.flags.mode": "4" - }, - "ntp.stratum": "1", - "ntp.ppoll": "3", - "ntp.precision": "-23", - "ntp.rootdelay": "0", - "ntp.rootdispersion": "0.00115966796875", - "ntp.refid": "50:50:53:00", - "ntp.reftime": "Oct 31, 2017 17:21:17.114496000 PDT", - "ntp.org": "Jul 30, 2060 15:35:09.402268000 PDT", - "ntp.rec": "Oct 31, 2017 17:21:29.018627000 PDT", - "ntp.xmt": "Oct 31, 2017 17:21:29.018684000 PDT" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:30.429056000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495690.429056000", - "frame.time_delta": "1.399099000", - "frame.time_delta_displayed": "1.399099000", - "frame.time_relative": "2098.968370000", - "frame.number": "7888", - "frame.len": "168", - "frame.cap_len": "168", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "154", - "ip.id": "0x00002123", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e721", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "52117", - "udp.dstport": "1900", - "udp.port": "52117", - "udp.port": "1900", - "udp.length": "134", - "udp.checksum": "0x00004d48", - "udp.checksum.status": "2", - "udp.stream": "10" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "18", - "http.prev_request_in": "7662" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:30.807309000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495690.807309000", - "frame.time_delta": "0.378253000", - "frame.time_delta_displayed": "0.378253000", - "frame.time_relative": "2099.346623000", - "frame.number": "7889", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00009c95", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00001ab6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "305", - "udp.checksum": "0x0000f985", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "103", - "http.prev_response_in": "7718" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:30.810708000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495690.810708000", - "frame.time_delta": "0.003399000", - "frame.time_delta_displayed": "0.003399000", - "frame.time_relative": "2099.350022000", - "frame.number": "7890", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001c71", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005bf6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54783", - "tcp.dstport": "80", - "tcp.port": "54783", - "tcp.port": "80", - "tcp.stream": "307", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x0000e528", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:30.811251000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495690.811251000", - "frame.time_delta": "0.000543000", - "frame.time_delta_displayed": "0.000543000", - "frame.time_relative": "2099.350565000", - "frame.number": "7891", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54783", - "tcp.port": "80", - "tcp.port": "54783", - "tcp.stream": "307", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000c09e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7890", - "tcp.analysis.ack_rtt": "0.000543000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:30.814057000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495690.814057000", - "frame.time_delta": "0.002806000", - "frame.time_delta_displayed": "0.002806000", - "frame.time_relative": "2099.353371000", - "frame.number": "7892", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001c72", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005c01", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54783", - "tcp.dstport": "80", - "tcp.port": "54783", - "tcp.port": "80", - "tcp.stream": "307", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000727d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7891", - "tcp.analysis.ack_rtt": "0.002806000", - "tcp.analysis.initial_rtt": "0.003349000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:30.814724000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495690.814724000", - "frame.time_delta": "0.000667000", - "frame.time_delta_displayed": "0.000667000", - "frame.time_relative": "2099.354038000", - "frame.number": "7893", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001c73", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005b59", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54783", - "tcp.dstport": "80", - "tcp.port": "54783", - "tcp.port": "80", - "tcp.stream": "307", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000087f6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003349000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:30.815201000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495690.815201000", - "frame.time_delta": "0.000477000", - "frame.time_delta_displayed": "0.000477000", - "frame.time_relative": "2099.354515000", - "frame.number": "7894", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000dd43", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000db2f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54783", - "tcp.port": "80", - "tcp.port": "54783", - "tcp.stream": "307", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000640e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7893", - "tcp.analysis.ack_rtt": "0.000477000", - "tcp.analysis.initial_rtt": "0.003349000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:30.815856000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495690.815856000", - "frame.time_delta": "0.000655000", - "frame.time_delta_displayed": "0.000655000", - "frame.time_relative": "2099.355170000", - "frame.number": "7895", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000dd44", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000db1d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54783", - "tcp.port": "80", - "tcp.port": "54783", - "tcp.stream": "307", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000a42f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003349000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:30.816213000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495690.816213000", - "frame.time_delta": "0.000357000", - "frame.time_delta_displayed": "0.000357000", - "frame.time_relative": "2099.355527000", - "frame.number": "7896", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000dd45", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d74a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54783", - "tcp.port": "80", - "tcp.port": "54783", - "tcp.stream": "307", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000f698", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003349000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "7895", - "tcp.segment": "7896", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001489000", - "http.request_in": "7893", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:30.818241000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495690.818241000", - "frame.time_delta": "0.002028000", - "frame.time_delta_displayed": "0.002028000", - "frame.time_relative": "2099.357555000", - "frame.number": "7897", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000dd46", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d749", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54783", - "tcp.port": "80", - "tcp.port": "54783", - "tcp.stream": "307", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000f698", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003349000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.out_of_order": "", - "_ws.expert.message": "This frame is a (suspected) out-of-order segment", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - } - } - }, - "_ws.malformed": { - "_ws.expert": { - "_ws.malformed.reassembly": "", - "_ws.expert.message": "New fragment overlaps old data (retransmission?)", - "_ws.expert.severity": "8388608", - "_ws.expert.group": "117440512" - }, - "_ws.malformed": "Malformed Packet" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:30.818751000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495690.818751000", - "frame.time_delta": "0.000510000", - "frame.time_delta_displayed": "0.000510000", - "frame.time_relative": "2099.358065000", - "frame.number": "7898", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001c74", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005bff", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54783", - "tcp.dstport": "80", - "tcp.port": "54783", - "tcp.port": "80", - "tcp.stream": "307", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00006de5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7896", - "tcp.analysis.ack_rtt": "0.002538000", - "tcp.analysis.initial_rtt": "0.003349000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:30.819317000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495690.819317000", - "frame.time_delta": "0.000566000", - "frame.time_delta_displayed": "0.000566000", - "frame.time_relative": "2099.358631000", - "frame.number": "7899", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001c75", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005bfe", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54783", - "tcp.dstport": "80", - "tcp.port": "54783", - "tcp.port": "80", - "tcp.stream": "307", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00006de4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:30.819762000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495690.819762000", - "frame.time_delta": "0.000445000", - "frame.time_delta_displayed": "0.000445000", - "frame.time_relative": "2099.359076000", - "frame.number": "7900", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00007053", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004820", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54783", - "tcp.port": "80", - "tcp.port": "54783", - "tcp.stream": "307", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00006018", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7899", - "tcp.analysis.ack_rtt": "0.000445000", - "tcp.analysis.initial_rtt": "0.003349000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:30.822453000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495690.822453000", - "frame.time_delta": "0.002691000", - "frame.time_delta_displayed": "0.002691000", - "frame.time_relative": "2099.361767000", - "frame.number": "7901", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001c76", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005bf1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54783", - "tcp.dstport": "80", - "tcp.port": "54783", - "tcp.port": "80", - "tcp.stream": "307", - "tcp.len": "0", - "tcp.seq": "169", - "tcp.ack": "1014", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000d908", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:05:0a:31:63:7c:0d:31:63:7f:f0", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "SACK: 18-1013": { - "tcp.option_kind": "5", - "tcp.option_len": "10", - "tcp.options.sack": "1", - "tcp.options.sack_le": "18", - "tcp.options.sack_re": "1013", - "tcp.options.sack.count": "1" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003349000", - "tcp.analysis.flags": { - "tcp.analysis.duplicate_ack": "" - }, - "tcp.analysis.duplicate_ack_num": "1", - "tcp.analysis.duplicate_ack_frame": "7898", - "tcp.analysis.duplicate_ack_frame_tree": { - "_ws.expert": { - "tcp.analysis.duplicate_ack": "", - "_ws.expert.message": "Duplicate ACK (#1)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:30.860289000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495690.860289000", - "frame.time_delta": "0.037836000", - "frame.time_delta_displayed": "0.037836000", - "frame.time_relative": "2099.399603000", - "frame.number": "7902", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00009c9a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00001aa8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "314", - "udp.checksum": "0x00000771", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "104", - "http.prev_response_in": "7889" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:30.871220000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495690.871220000", - "frame.time_delta": "0.010931000", - "frame.time_delta_displayed": "0.010931000", - "frame.time_relative": "2099.410534000", - "frame.number": "7903", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001c77", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005bf0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54784", - "tcp.dstport": "80", - "tcp.port": "54784", - "tcp.port": "80", - "tcp.stream": "308", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x0000e523", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:30.871764000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495690.871764000", - "frame.time_delta": "0.000544000", - "frame.time_delta_displayed": "0.000544000", - "frame.time_relative": "2099.411078000", - "frame.number": "7904", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54784", - "tcp.port": "80", - "tcp.port": "54784", - "tcp.stream": "308", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000db2f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7903", - "tcp.analysis.ack_rtt": "0.000544000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:30.875554000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495690.875554000", - "frame.time_delta": "0.003790000", - "frame.time_delta_displayed": "0.003790000", - "frame.time_relative": "2099.414868000", - "frame.number": "7905", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001c78", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005bfb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54784", - "tcp.dstport": "80", - "tcp.port": "54784", - "tcp.port": "80", - "tcp.stream": "308", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00008d0e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7904", - "tcp.analysis.ack_rtt": "0.003790000", - "tcp.analysis.initial_rtt": "0.004334000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:30.876164000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495690.876164000", - "frame.time_delta": "0.000610000", - "frame.time_delta_displayed": "0.000610000", - "frame.time_relative": "2099.415478000", - "frame.number": "7906", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001c79", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005b53", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54784", - "tcp.dstport": "80", - "tcp.port": "54784", - "tcp.port": "80", - "tcp.stream": "308", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000a287", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004334000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:30.876648000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495690.876648000", - "frame.time_delta": "0.000484000", - "frame.time_delta_displayed": "0.000484000", - "frame.time_relative": "2099.415962000", - "frame.number": "7907", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002799", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000090da", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54784", - "tcp.port": "80", - "tcp.port": "54784", - "tcp.stream": "308", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00007e9f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7906", - "tcp.analysis.ack_rtt": "0.000484000", - "tcp.analysis.initial_rtt": "0.004334000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:30.877291000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495690.877291000", - "frame.time_delta": "0.000643000", - "frame.time_delta_displayed": "0.000643000", - "frame.time_relative": "2099.416605000", - "frame.number": "7908", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000279a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000090c8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54784", - "tcp.port": "80", - "tcp.port": "54784", - "tcp.stream": "308", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000bec0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004334000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:30.877646000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495690.877646000", - "frame.time_delta": "0.000355000", - "frame.time_delta_displayed": "0.000355000", - "frame.time_relative": "2099.416960000", - "frame.number": "7909", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000279b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008cf5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54784", - "tcp.port": "80", - "tcp.port": "54784", - "tcp.stream": "308", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000112a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004334000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "7908", - "tcp.segment": "7909", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001482000", - "http.request_in": "7906", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:30.878242000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495690.878242000", - "frame.time_delta": "0.000596000", - "frame.time_delta_displayed": "0.000596000", - "frame.time_relative": "2099.417556000", - "frame.number": "7910", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000279c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008cf4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54784", - "tcp.port": "80", - "tcp.port": "54784", - "tcp.stream": "308", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000112a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004334000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.out_of_order": "", - "_ws.expert.message": "This frame is a (suspected) out-of-order segment", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - } - } - }, - "_ws.malformed": { - "_ws.expert": { - "_ws.malformed.reassembly": "", - "_ws.expert.message": "New fragment overlaps old data (retransmission?)", - "_ws.expert.severity": "8388608", - "_ws.expert.group": "117440512" - }, - "_ws.malformed": "Malformed Packet" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:30.880571000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495690.880571000", - "frame.time_delta": "0.002329000", - "frame.time_delta_displayed": "0.002329000", - "frame.time_relative": "2099.419885000", - "frame.number": "7911", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001c7a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005bed", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54784", - "tcp.dstport": "80", - "tcp.port": "54784", - "tcp.port": "80", - "tcp.stream": "308", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000028c7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:05:0a:11:6d:81:6d:11:6d:85:50", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "SACK: 18-1013": { - "tcp.option_kind": "5", - "tcp.option_len": "10", - "tcp.options.sack": "1", - "tcp.options.sack_le": "18", - "tcp.options.sack_re": "1013", - "tcp.options.sack.count": "1" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7909", - "tcp.analysis.ack_rtt": "0.002925000", - "tcp.analysis.initial_rtt": "0.004334000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:30.881182000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495690.881182000", - "frame.time_delta": "0.000611000", - "frame.time_delta_displayed": "0.000611000", - "frame.time_relative": "2099.420496000", - "frame.number": "7912", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001c7b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005bf8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54784", - "tcp.dstport": "80", - "tcp.port": "54784", - "tcp.port": "80", - "tcp.stream": "308", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00008875", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:30.881626000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495690.881626000", - "frame.time_delta": "0.000444000", - "frame.time_delta_displayed": "0.000444000", - "frame.time_relative": "2099.420940000", - "frame.number": "7913", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00007058", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000481b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54784", - "tcp.port": "80", - "tcp.port": "54784", - "tcp.stream": "308", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00007aa9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7912", - "tcp.analysis.ack_rtt": "0.000444000", - "tcp.analysis.initial_rtt": "0.004334000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:30.913374000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495690.913374000", - "frame.time_delta": "0.031748000", - "frame.time_delta_displayed": "0.031748000", - "frame.time_relative": "2099.452688000", - "frame.number": "7914", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00009c9d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00001aab", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "308", - "udp.checksum": "0x00002afb", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "105", - "http.prev_response_in": "7902" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:30.916433000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495690.916433000", - "frame.time_delta": "0.003059000", - "frame.time_delta_displayed": "0.003059000", - "frame.time_relative": "2099.455747000", - "frame.number": "7915", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001c7c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005beb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54785", - "tcp.dstport": "80", - "tcp.port": "54785", - "tcp.port": "80", - "tcp.stream": "309", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x0000b484", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:30.916959000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495690.916959000", - "frame.time_delta": "0.000526000", - "frame.time_delta_displayed": "0.000526000", - "frame.time_relative": "2099.456273000", - "frame.number": "7916", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54785", - "tcp.port": "80", - "tcp.port": "54785", - "tcp.stream": "309", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000014a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7915", - "tcp.analysis.ack_rtt": "0.000526000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:30.919039000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495690.919039000", - "frame.time_delta": "0.002080000", - "frame.time_delta_displayed": "0.002080000", - "frame.time_relative": "2099.458353000", - "frame.number": "7917", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001c7d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005bf6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54785", - "tcp.dstport": "80", - "tcp.port": "54785", - "tcp.port": "80", - "tcp.stream": "309", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000b328", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7916", - "tcp.analysis.ack_rtt": "0.002080000", - "tcp.analysis.initial_rtt": "0.002606000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:30.919677000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495690.919677000", - "frame.time_delta": "0.000638000", - "frame.time_delta_displayed": "0.000638000", - "frame.time_relative": "2099.458991000", - "frame.number": "7918", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001c7e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005b4e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54785", - "tcp.dstport": "80", - "tcp.port": "54785", - "tcp.port": "80", - "tcp.stream": "309", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000c8a1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002606000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:30.920229000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495690.920229000", - "frame.time_delta": "0.000552000", - "frame.time_delta_displayed": "0.000552000", - "frame.time_relative": "2099.459543000", - "frame.number": "7919", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00007386", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000044ed", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54785", - "tcp.port": "80", - "tcp.port": "54785", - "tcp.stream": "309", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000a4b9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7918", - "tcp.analysis.ack_rtt": "0.000552000", - "tcp.analysis.initial_rtt": "0.002606000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:30.920850000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495690.920850000", - "frame.time_delta": "0.000621000", - "frame.time_delta_displayed": "0.000621000", - "frame.time_relative": "2099.460164000", - "frame.number": "7920", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00007387", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000044db", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54785", - "tcp.port": "80", - "tcp.port": "54785", - "tcp.stream": "309", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000e4da", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002606000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:30.921199000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495690.921199000", - "frame.time_delta": "0.000349000", - "frame.time_delta_displayed": "0.000349000", - "frame.time_relative": "2099.460513000", - "frame.number": "7921", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00007388", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004108", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54785", - "tcp.port": "80", - "tcp.port": "54785", - "tcp.stream": "309", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00003744", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002606000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "7920", - "tcp.segment": "7921", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001522000", - "http.request_in": "7918", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:30.923457000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495690.923457000", - "frame.time_delta": "0.002258000", - "frame.time_delta_displayed": "0.002258000", - "frame.time_relative": "2099.462771000", - "frame.number": "7922", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001c7f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005bf4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54785", - "tcp.dstport": "80", - "tcp.port": "54785", - "tcp.port": "80", - "tcp.stream": "309", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000ae90", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7921", - "tcp.analysis.ack_rtt": "0.002258000", - "tcp.analysis.initial_rtt": "0.002606000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:30.924681000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495690.924681000", - "frame.time_delta": "0.001224000", - "frame.time_delta_displayed": "0.001224000", - "frame.time_relative": "2099.463995000", - "frame.number": "7923", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001c80", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005bf3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54785", - "tcp.dstport": "80", - "tcp.port": "54785", - "tcp.port": "80", - "tcp.stream": "309", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000ae8f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:30.925129000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495690.925129000", - "frame.time_delta": "0.000448000", - "frame.time_delta_displayed": "0.000448000", - "frame.time_relative": "2099.464443000", - "frame.number": "7924", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000705b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004818", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54785", - "tcp.port": "80", - "tcp.port": "54785", - "tcp.stream": "309", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000a0c3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7923", - "tcp.analysis.ack_rtt": "0.000448000", - "tcp.analysis.initial_rtt": "0.002606000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:31.256337000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495691.256337000", - "frame.time_delta": "0.331208000", - "frame.time_delta_displayed": "0.331208000", - "frame.time_relative": "2099.795651000", - "frame.number": "7925", - "frame.len": "115", - "frame.cap_len": "115", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "101", - "ip.id": "0x000096f6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007658", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "49", - "tcp.seq": "92218", - "tcp.nxtseq": "92267", - "tcp.ack": "18855", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000a561", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:e5:2f:a7:a2:df:a2", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2614575, TSecr 2812469154": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2614575", - "tcp.options.timestamp.tsecr": "2812469154" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "49", - "tcp.analysis.push_bytes_sent": "49" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "44", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:8c:49:d6:21:cf:ab:8d:cb:64:78:1f:a1:9a:09:91:d6:d9:ec:15:f4:99:0b:72:f9:15:ad:fb:53:e4:2f:b3:33:2a:ba:44:47:06" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:31.317539000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495691.317539000", - "frame.time_delta": "0.061202000", - "frame.time_delta_displayed": "0.061202000", - "frame.time_relative": "2099.856853000", - "frame.number": "7926", - "frame.len": "121", - "frame.cap_len": "121", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "107", - "ip.id": "0x00002de9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000375f", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "55", - "tcp.seq": "18855", - "tcp.nxtseq": "18910", - "tcp.ack": "92267", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00008426", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a2:fd:f9:00:27:e5:2f", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812476921, TSecr 2614575": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812476921", - "tcp.options.timestamp.tsecr": "2614575" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7925", - "tcp.analysis.ack_rtt": "0.061202000", - "tcp.analysis.bytes_in_flight": "55", - "tcp.analysis.push_bytes_sent": "55" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "50", - "ssl.app_data": "34:cd:34:17:47:48:0e:d4:51:9a:a5:15:41:5f:ec:c6:78:1b:33:11:d0:57:6b:6a:7a:71:58:55:21:f2:0f:3e:20:d9:d3:4d:5e:00:44:0f:8e:9f:b9:9d:39:88:e2:33:19:56" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:31.318020000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495691.318020000", - "frame.time_delta": "0.000481000", - "frame.time_delta_displayed": "0.000481000", - "frame.time_relative": "2099.857334000", - "frame.number": "7927", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x000096f7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007688", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "92267", - "tcp.ack": "18910", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000121f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:e5:35:a7:a2:fd:f9", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2614581, TSecr 2812476921": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2614581", - "tcp.options.timestamp.tsecr": "2812476921" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7926", - "tcp.analysis.ack_rtt": "0.000481000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:31.812450000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495691.812450000", - "frame.time_delta": "0.494430000", - "frame.time_delta_displayed": "0.494430000", - "frame.time_relative": "2100.351764000", - "frame.number": "7928", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00009cbd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00001a8e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "305", - "udp.checksum": "0x0000f985", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "106", - "http.prev_response_in": "7914" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:31.815797000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495691.815797000", - "frame.time_delta": "0.003347000", - "frame.time_delta_displayed": "0.003347000", - "frame.time_relative": "2100.355111000", - "frame.number": "7929", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001c81", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005be6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54786", - "tcp.dstport": "80", - "tcp.port": "54786", - "tcp.port": "80", - "tcp.stream": "310", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x0000d1b1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:31.816337000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495691.816337000", - "frame.time_delta": "0.000540000", - "frame.time_delta_displayed": "0.000540000", - "frame.time_relative": "2100.355651000", - "frame.number": "7930", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54786", - "tcp.port": "80", - "tcp.port": "54786", - "tcp.stream": "310", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000b7d3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7929", - "tcp.analysis.ack_rtt": "0.000540000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:31.819324000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495691.819324000", - "frame.time_delta": "0.002987000", - "frame.time_delta_displayed": "0.002987000", - "frame.time_relative": "2100.358638000", - "frame.number": "7931", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001c82", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005bf1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54786", - "tcp.dstport": "80", - "tcp.port": "54786", - "tcp.port": "80", - "tcp.stream": "310", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000069b2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7930", - "tcp.analysis.ack_rtt": "0.002987000", - "tcp.analysis.initial_rtt": "0.003527000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:31.819905000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495691.819905000", - "frame.time_delta": "0.000581000", - "frame.time_delta_displayed": "0.000581000", - "frame.time_relative": "2100.359219000", - "frame.number": "7932", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001c83", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005b49", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54786", - "tcp.dstport": "80", - "tcp.port": "54786", - "tcp.port": "80", - "tcp.stream": "310", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00007f2b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003527000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:31.820385000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495691.820385000", - "frame.time_delta": "0.000480000", - "frame.time_delta_displayed": "0.000480000", - "frame.time_relative": "2100.359699000", - "frame.number": "7933", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000039ea", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007e89", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54786", - "tcp.port": "80", - "tcp.port": "54786", - "tcp.stream": "310", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00005b43", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7932", - "tcp.analysis.ack_rtt": "0.000480000", - "tcp.analysis.initial_rtt": "0.003527000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:31.821029000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495691.821029000", - "frame.time_delta": "0.000644000", - "frame.time_delta_displayed": "0.000644000", - "frame.time_relative": "2100.360343000", - "frame.number": "7934", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x000039eb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007e77", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54786", - "tcp.port": "80", - "tcp.port": "54786", - "tcp.stream": "310", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00009b64", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003527000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:31.821408000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495691.821408000", - "frame.time_delta": "0.000379000", - "frame.time_delta_displayed": "0.000379000", - "frame.time_relative": "2100.360722000", - "frame.number": "7935", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x000039ec", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007aa4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54786", - "tcp.port": "80", - "tcp.port": "54786", - "tcp.stream": "310", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000edcd", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003527000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "7934", - "tcp.segment": "7935", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001503000", - "http.request_in": "7932", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:31.826083000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495691.826083000", - "frame.time_delta": "0.004675000", - "frame.time_delta_displayed": "0.004675000", - "frame.time_relative": "2100.365397000", - "frame.number": "7936", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001c84", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005bef", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54786", - "tcp.dstport": "80", - "tcp.port": "54786", - "tcp.port": "80", - "tcp.stream": "310", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000651a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7935", - "tcp.analysis.ack_rtt": "0.004675000", - "tcp.analysis.initial_rtt": "0.003527000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:31.826707000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495691.826707000", - "frame.time_delta": "0.000624000", - "frame.time_delta_displayed": "0.000624000", - "frame.time_relative": "2100.366021000", - "frame.number": "7937", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001c85", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005bee", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54786", - "tcp.dstport": "80", - "tcp.port": "54786", - "tcp.port": "80", - "tcp.stream": "310", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00006519", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:31.827150000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495691.827150000", - "frame.time_delta": "0.000443000", - "frame.time_delta_displayed": "0.000443000", - "frame.time_relative": "2100.366464000", - "frame.number": "7938", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00007069", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000480a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54786", - "tcp.port": "80", - "tcp.port": "54786", - "tcp.stream": "310", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000574d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7937", - "tcp.analysis.ack_rtt": "0.000443000", - "tcp.analysis.initial_rtt": "0.003527000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:31.865408000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495691.865408000", - "frame.time_delta": "0.038258000", - "frame.time_delta_displayed": "0.038258000", - "frame.time_relative": "2100.404722000", - "frame.number": "7939", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00009cc1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00001a81", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "314", - "udp.checksum": "0x00000771", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "107", - "http.prev_response_in": "7928" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:31.878091000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495691.878091000", - "frame.time_delta": "0.012683000", - "frame.time_delta_displayed": "0.012683000", - "frame.time_relative": "2100.417405000", - "frame.number": "7940", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001c86", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005be1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54787", - "tcp.dstport": "80", - "tcp.port": "54787", - "tcp.port": "80", - "tcp.stream": "311", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x0000d1ad", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:31.878627000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495691.878627000", - "frame.time_delta": "0.000536000", - "frame.time_delta_displayed": "0.000536000", - "frame.time_relative": "2100.417941000", - "frame.number": "7941", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54787", - "tcp.port": "80", - "tcp.port": "54787", - "tcp.stream": "311", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000d085", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7940", - "tcp.analysis.ack_rtt": "0.000536000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:31.881240000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495691.881240000", - "frame.time_delta": "0.002613000", - "frame.time_delta_displayed": "0.002613000", - "frame.time_relative": "2100.420554000", - "frame.number": "7942", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001c87", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005bec", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54787", - "tcp.dstport": "80", - "tcp.port": "54787", - "tcp.port": "80", - "tcp.stream": "311", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00008264", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7941", - "tcp.analysis.ack_rtt": "0.002613000", - "tcp.analysis.initial_rtt": "0.003149000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:31.881818000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495691.881818000", - "frame.time_delta": "0.000578000", - "frame.time_delta_displayed": "0.000578000", - "frame.time_relative": "2100.421132000", - "frame.number": "7943", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001c88", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005b44", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54787", - "tcp.dstport": "80", - "tcp.port": "54787", - "tcp.port": "80", - "tcp.stream": "311", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000097dd", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003149000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:31.882299000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495691.882299000", - "frame.time_delta": "0.000481000", - "frame.time_delta_displayed": "0.000481000", - "frame.time_relative": "2100.421613000", - "frame.number": "7944", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000a553", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001320", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54787", - "tcp.port": "80", - "tcp.port": "54787", - "tcp.stream": "311", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000073f5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7943", - "tcp.analysis.ack_rtt": "0.000481000", - "tcp.analysis.initial_rtt": "0.003149000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:31.882873000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495691.882873000", - "frame.time_delta": "0.000574000", - "frame.time_delta_displayed": "0.000574000", - "frame.time_relative": "2100.422187000", - "frame.number": "7945", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000a554", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000130e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54787", - "tcp.port": "80", - "tcp.port": "54787", - "tcp.stream": "311", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000b416", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003149000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:31.883251000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495691.883251000", - "frame.time_delta": "0.000378000", - "frame.time_delta_displayed": "0.000378000", - "frame.time_relative": "2100.422565000", - "frame.number": "7946", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000a555", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000f3b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54787", - "tcp.port": "80", - "tcp.port": "54787", - "tcp.stream": "311", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00000680", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003149000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "7945", - "tcp.segment": "7946", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001433000", - "http.request_in": "7943", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:31.887328000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495691.887328000", - "frame.time_delta": "0.004077000", - "frame.time_delta_displayed": "0.004077000", - "frame.time_relative": "2100.426642000", - "frame.number": "7947", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001c89", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005bea", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54787", - "tcp.dstport": "80", - "tcp.port": "54787", - "tcp.port": "80", - "tcp.stream": "311", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00007dcc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7946", - "tcp.analysis.ack_rtt": "0.004077000", - "tcp.analysis.initial_rtt": "0.003149000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:31.887905000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495691.887905000", - "frame.time_delta": "0.000577000", - "frame.time_delta_displayed": "0.000577000", - "frame.time_relative": "2100.427219000", - "frame.number": "7948", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001c8a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005be9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54787", - "tcp.dstport": "80", - "tcp.port": "54787", - "tcp.port": "80", - "tcp.stream": "311", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00007dcb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:31.888344000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495691.888344000", - "frame.time_delta": "0.000439000", - "frame.time_delta_displayed": "0.000439000", - "frame.time_relative": "2100.427658000", - "frame.number": "7949", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000706c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004807", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54787", - "tcp.port": "80", - "tcp.port": "54787", - "tcp.stream": "311", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00006fff", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7948", - "tcp.analysis.ack_rtt": "0.000439000", - "tcp.analysis.initial_rtt": "0.003149000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:31.918258000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495691.918258000", - "frame.time_delta": "0.029914000", - "frame.time_delta_displayed": "0.029914000", - "frame.time_relative": "2100.457572000", - "frame.number": "7950", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00009cc3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00001a85", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "308", - "udp.checksum": "0x00002afb", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "108", - "http.prev_response_in": "7939" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:31.923889000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495691.923889000", - "frame.time_delta": "0.005631000", - "frame.time_delta_displayed": "0.005631000", - "frame.time_relative": "2100.463203000", - "frame.number": "7951", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001c8b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005bdc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54788", - "tcp.dstport": "80", - "tcp.port": "54788", - "tcp.port": "80", - "tcp.stream": "312", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x00003bf3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:31.924430000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495691.924430000", - "frame.time_delta": "0.000541000", - "frame.time_delta_displayed": "0.000541000", - "frame.time_relative": "2100.463744000", - "frame.number": "7952", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54788", - "tcp.port": "80", - "tcp.port": "54788", - "tcp.stream": "312", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000f2d5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "7951", - "tcp.analysis.ack_rtt": "0.000541000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:31.926935000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495691.926935000", - "frame.time_delta": "0.002505000", - "frame.time_delta_displayed": "0.002505000", - "frame.time_relative": "2100.466249000", - "frame.number": "7953", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001c8c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005be7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54788", - "tcp.dstport": "80", - "tcp.port": "54788", - "tcp.port": "80", - "tcp.stream": "312", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000a4b4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7952", - "tcp.analysis.ack_rtt": "0.002505000", - "tcp.analysis.initial_rtt": "0.003046000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:31.927558000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495691.927558000", - "frame.time_delta": "0.000623000", - "frame.time_delta_displayed": "0.000623000", - "frame.time_relative": "2100.466872000", - "frame.number": "7954", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001c8d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005b3f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54788", - "tcp.dstport": "80", - "tcp.port": "54788", - "tcp.port": "80", - "tcp.stream": "312", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000ba2d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003046000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:31.928031000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495691.928031000", - "frame.time_delta": "0.000473000", - "frame.time_delta_displayed": "0.000473000", - "frame.time_relative": "2100.467345000", - "frame.number": "7955", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000421d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007656", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54788", - "tcp.port": "80", - "tcp.port": "54788", - "tcp.stream": "312", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00009645", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7954", - "tcp.analysis.ack_rtt": "0.000473000", - "tcp.analysis.initial_rtt": "0.003046000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:31.928723000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495691.928723000", - "frame.time_delta": "0.000692000", - "frame.time_delta_displayed": "0.000692000", - "frame.time_relative": "2100.468037000", - "frame.number": "7956", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000421e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007644", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54788", - "tcp.port": "80", - "tcp.port": "54788", - "tcp.stream": "312", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000d666", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003046000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:31.929084000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495691.929084000", - "frame.time_delta": "0.000361000", - "frame.time_delta_displayed": "0.000361000", - "frame.time_relative": "2100.468398000", - "frame.number": "7957", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000421f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007271", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54788", - "tcp.port": "80", - "tcp.port": "54788", - "tcp.stream": "312", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000028d0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003046000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "7956", - "tcp.segment": "7957", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001526000", - "http.request_in": "7954", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:31.932680000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495691.932680000", - "frame.time_delta": "0.003596000", - "frame.time_delta_displayed": "0.003596000", - "frame.time_relative": "2100.471994000", - "frame.number": "7958", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001c8e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005be5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54788", - "tcp.dstport": "80", - "tcp.port": "54788", - "tcp.port": "80", - "tcp.stream": "312", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000a01c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7957", - "tcp.analysis.ack_rtt": "0.003596000", - "tcp.analysis.initial_rtt": "0.003046000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:31.933284000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495691.933284000", - "frame.time_delta": "0.000604000", - "frame.time_delta_displayed": "0.000604000", - "frame.time_relative": "2100.472598000", - "frame.number": "7959", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001c8f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005be4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54788", - "tcp.dstport": "80", - "tcp.port": "54788", - "tcp.port": "80", - "tcp.stream": "312", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000a01b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:31.933730000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495691.933730000", - "frame.time_delta": "0.000446000", - "frame.time_delta_displayed": "0.000446000", - "frame.time_relative": "2100.473044000", - "frame.number": "7960", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00007070", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004803", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54788", - "tcp.port": "80", - "tcp.port": "54788", - "tcp.stream": "312", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000924f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "7959", - "tcp.analysis.ack_rtt": "0.000446000", - "tcp.analysis.initial_rtt": "0.003046000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:32.687904000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495692.687904000", - "frame.time_delta": "0.754174000", - "frame.time_delta_displayed": "0.754174000", - "frame.time_relative": "2101.227218000", - "frame.number": "7961", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001ff6", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b7fa", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00001667", - "udp.checksum.status": "2", - "udp.stream": "98" - }, - "mdns": { - "dns.id": "0x0000028d", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=653", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:32.688440000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495692.688440000", - "frame.time_delta": "0.000536000", - "frame.time_delta_displayed": "0.000536000", - "frame.time_relative": "2101.227754000", - "frame.number": "7962", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001ff7", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000098f5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1321", - "udp.dstport": "5353", - "udp.port": "1321", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f762", - "udp.checksum.status": "2", - "udp.stream": "99" - }, - "mdns": { - "dns.id": "0x0000028d", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=653", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:32.689058000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495692.689058000", - "frame.time_delta": "0.000618000", - "frame.time_delta_displayed": "0.000618000", - "frame.time_relative": "2101.228372000", - "frame.number": "7963", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1322", - "udp.dstport": "5353", - "udp.port": "1322", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00008528", - "udp.checksum.status": "2", - "udp.stream": "100" - }, - "mdns": { - "dns.id": "0x0000028d", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=653", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=55681" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:33.998102000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495693.998102000", - "frame.time_delta": "1.309044000", - "frame.time_delta_displayed": "1.309044000", - "frame.time_relative": "2102.537416000", - "frame.number": "7964", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "00:17:88:69:ee:e4", - "arp.src.proto_ipv4": "192.168.0.160", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:33.998278000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495693.998278000", - "frame.time_delta": "0.000176000", - "frame.time_delta_displayed": "0.000176000", - "frame.time_relative": "2102.537592000", - "frame.number": "7965", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:17:88:69:ee:e4", - "arp.dst.proto_ipv4": "192.168.0.160" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:34.698175000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495694.698175000", - "frame.time_delta": "0.699897000", - "frame.time_delta_displayed": "0.699897000", - "frame.time_relative": "2103.237489000", - "frame.number": "7966", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000582d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a664", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "5197", - "tcp.ack": "721", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000efa2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive": "", - "_ws.expert.message": "TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:34.841535000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495694.841535000", - "frame.time_delta": "0.143360000", - "frame.time_delta_displayed": "0.143360000", - "frame.time_relative": "2103.380849000", - "frame.number": "7967", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001010", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fd81", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "721", - "tcp.ack": "5198", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000fa17", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive_ack": "", - "_ws.expert.message": "ACK to a TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:36.320939000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495696.320939000", - "frame.time_delta": "1.479404000", - "frame.time_delta_displayed": "1.479404000", - "frame.time_relative": "2104.860253000", - "frame.number": "7968", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.242" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:36.321392000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495696.321392000", - "frame.time_delta": "0.000453000", - "frame.time_delta_displayed": "0.000453000", - "frame.time_relative": "2104.860706000", - "frame.number": "7969", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "d0:52:a8:a3:60:0f", - "arp.src.proto_ipv4": "192.168.0.242", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:36.675017000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495696.675017000", - "frame.time_delta": "0.353625000", - "frame.time_delta_displayed": "0.353625000", - "frame.time_relative": "2105.214331000", - "frame.number": "7970", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x00002124", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e6f0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57205", - "udp.dstport": "1900", - "udp.port": "57205", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x00006ae8", - "udp.checksum.status": "2", - "udp.stream": "148" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:36.822388000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495696.822388000", - "frame.time_delta": "0.147371000", - "frame.time_delta_displayed": "0.147371000", - "frame.time_relative": "2105.361702000", - "frame.number": "7971", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005f00", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x000058e9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:37.342545000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495697.342545000", - "frame.time_delta": "0.520157000", - "frame.time_delta_displayed": "0.520157000", - "frame.time_relative": "2105.881859000", - "frame.number": "7972", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00009da8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000019a3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "57205", - "udp.port": "1900", - "udp.port": "57205", - "udp.length": "305", - "udp.checksum": "0x0000e5a5", - "udp.checksum.status": "2", - "udp.stream": "149" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:37.395404000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495697.395404000", - "frame.time_delta": "0.052859000", - "frame.time_delta_displayed": "0.052859000", - "frame.time_relative": "2105.934718000", - "frame.number": "7973", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00009dac", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00001996", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "57205", - "udp.port": "1900", - "udp.port": "57205", - "udp.length": "314", - "udp.checksum": "0x0000f390", - "udp.checksum.status": "2", - "udp.stream": "149" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "2", - "http.prev_response_in": "7972" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:37.448240000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495697.448240000", - "frame.time_delta": "0.052836000", - "frame.time_delta_displayed": "0.052836000", - "frame.time_relative": "2105.987554000", - "frame.number": "7974", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00009db1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00001997", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "57205", - "udp.port": "1900", - "udp.port": "57205", - "udp.length": "308", - "udp.checksum": "0x0000171b", - "udp.checksum.status": "2", - "udp.stream": "149" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "3", - "http.prev_response_in": "7973" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:37.677057000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495697.677057000", - "frame.time_delta": "0.228817000", - "frame.time_delta_displayed": "0.228817000", - "frame.time_relative": "2106.216371000", - "frame.number": "7975", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x00002125", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e6ef", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57205", - "udp.dstport": "1900", - "udp.port": "57205", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x00006ae8", - "udp.checksum.status": "2", - "udp.stream": "148" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "2", - "http.prev_request_in": "7970" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:38.399725000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495698.399725000", - "frame.time_delta": "0.722668000", - "frame.time_delta_displayed": "0.722668000", - "frame.time_relative": "2106.939039000", - "frame.number": "7976", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00009db5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00001996", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "57205", - "udp.port": "1900", - "udp.port": "57205", - "udp.length": "305", - "udp.checksum": "0x0000e5a5", - "udp.checksum.status": "2", - "udp.stream": "149" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "4", - "http.prev_response_in": "7974" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:38.452554000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495698.452554000", - "frame.time_delta": "0.052829000", - "frame.time_delta_displayed": "0.052829000", - "frame.time_relative": "2106.991868000", - "frame.number": "7977", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00009db8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000198a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "57205", - "udp.port": "1900", - "udp.port": "57205", - "udp.length": "314", - "udp.checksum": "0x0000f390", - "udp.checksum.status": "2", - "udp.stream": "149" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "5", - "http.prev_response_in": "7976" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:38.505274000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495698.505274000", - "frame.time_delta": "0.052720000", - "frame.time_delta_displayed": "0.052720000", - "frame.time_relative": "2107.044588000", - "frame.number": "7978", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00009dbd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000198b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "57205", - "udp.port": "1900", - "udp.port": "57205", - "udp.length": "308", - "udp.checksum": "0x0000171b", - "udp.checksum.status": "2", - "udp.stream": "149" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "6", - "http.prev_response_in": "7977" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:38.679232000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495698.679232000", - "frame.time_delta": "0.173958000", - "frame.time_delta_displayed": "0.173958000", - "frame.time_relative": "2107.218546000", - "frame.number": "7979", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x00002126", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e6ee", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57205", - "udp.dstport": "1900", - "udp.port": "57205", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x00006ae8", - "udp.checksum.status": "2", - "udp.stream": "148" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "3", - "http.prev_request_in": "7975" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:39.031736000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495699.031736000", - "frame.time_delta": "0.352504000", - "frame.time_delta_displayed": "0.352504000", - "frame.time_relative": "2107.571050000", - "frame.number": "7980", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00009dd6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00001975", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "57205", - "udp.port": "1900", - "udp.port": "57205", - "udp.length": "305", - "udp.checksum": "0x0000e5a5", - "udp.checksum.status": "2", - "udp.stream": "149" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "7", - "http.prev_response_in": "7978" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:39.084558000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495699.084558000", - "frame.time_delta": "0.052822000", - "frame.time_delta_displayed": "0.052822000", - "frame.time_relative": "2107.623872000", - "frame.number": "7981", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00009dd9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00001969", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "57205", - "udp.port": "1900", - "udp.port": "57205", - "udp.length": "314", - "udp.checksum": "0x0000f390", - "udp.checksum.status": "2", - "udp.stream": "149" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "8", - "http.prev_response_in": "7980" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:39.137342000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495699.137342000", - "frame.time_delta": "0.052784000", - "frame.time_delta_displayed": "0.052784000", - "frame.time_relative": "2107.676656000", - "frame.number": "7982", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00009ddd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000196b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "57205", - "udp.port": "1900", - "udp.port": "57205", - "udp.length": "308", - "udp.checksum": "0x0000171b", - "udp.checksum.status": "2", - "udp.stream": "149" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "9", - "http.prev_response_in": "7981" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:39.678377000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495699.678377000", - "frame.time_delta": "0.541035000", - "frame.time_delta_displayed": "0.541035000", - "frame.time_relative": "2108.217691000", - "frame.number": "7983", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x00002127", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e6ed", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57205", - "udp.dstport": "1900", - "udp.port": "57205", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x00006ae8", - "udp.checksum.status": "2", - "udp.stream": "148" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "4", - "http.prev_request_in": "7979" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:39.850202000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495699.850202000", - "frame.time_delta": "0.171825000", - "frame.time_delta_displayed": "0.171825000", - "frame.time_relative": "2108.389516000", - "frame.number": "7984", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.160" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:39.850601000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495699.850601000", - "frame.time_delta": "0.000399000", - "frame.time_delta_displayed": "0.000399000", - "frame.time_relative": "2108.389915000", - "frame.number": "7985", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "00:17:88:69:ee:e4", - "arp.src.proto_ipv4": "192.168.0.160", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:40.083993000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495700.083993000", - "frame.time_delta": "0.233392000", - "frame.time_delta_displayed": "0.233392000", - "frame.time_relative": "2108.623307000", - "frame.number": "7986", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00009e0d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000193e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "57205", - "udp.port": "1900", - "udp.port": "57205", - "udp.length": "305", - "udp.checksum": "0x0000e5a5", - "udp.checksum.status": "2", - "udp.stream": "149" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "10", - "http.prev_response_in": "7982" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:40.136758000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495700.136758000", - "frame.time_delta": "0.052765000", - "frame.time_delta_displayed": "0.052765000", - "frame.time_relative": "2108.676072000", - "frame.number": "7987", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00009e0f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00001933", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "57205", - "udp.port": "1900", - "udp.port": "57205", - "udp.length": "314", - "udp.checksum": "0x0000f390", - "udp.checksum.status": "2", - "udp.stream": "149" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "11", - "http.prev_response_in": "7986" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:40.189484000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495700.189484000", - "frame.time_delta": "0.052726000", - "frame.time_delta_displayed": "0.052726000", - "frame.time_relative": "2108.728798000", - "frame.number": "7988", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00009e11", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00001937", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "57205", - "udp.port": "1900", - "udp.port": "57205", - "udp.length": "308", - "udp.checksum": "0x0000171b", - "udp.checksum.status": "2", - "udp.stream": "149" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "12", - "http.prev_response_in": "7987" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:40.400187000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495700.400187000", - "frame.time_delta": "0.210703000", - "frame.time_delta_displayed": "0.210703000", - "frame.time_relative": "2108.939501000", - "frame.number": "7989", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00009e21", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000192a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "57205", - "udp.port": "1900", - "udp.port": "57205", - "udp.length": "305", - "udp.checksum": "0x0000e5a5", - "udp.checksum.status": "2", - "udp.stream": "149" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "13", - "http.prev_response_in": "7988" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:40.452922000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495700.452922000", - "frame.time_delta": "0.052735000", - "frame.time_delta_displayed": "0.052735000", - "frame.time_relative": "2108.992236000", - "frame.number": "7990", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00009e23", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000191f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "57205", - "udp.port": "1900", - "udp.port": "57205", - "udp.length": "314", - "udp.checksum": "0x0000f390", - "udp.checksum.status": "2", - "udp.stream": "149" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "14", - "http.prev_response_in": "7989" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:40.505614000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495700.505614000", - "frame.time_delta": "0.052692000", - "frame.time_delta_displayed": "0.052692000", - "frame.time_relative": "2109.044928000", - "frame.number": "7991", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00009e28", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00001920", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "57205", - "udp.port": "1900", - "udp.port": "57205", - "udp.length": "308", - "udp.checksum": "0x0000171b", - "udp.checksum.status": "2", - "udp.stream": "149" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "15", - "http.prev_response_in": "7990" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:41.452831000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495701.452831000", - "frame.time_delta": "0.947217000", - "frame.time_delta_displayed": "0.947217000", - "frame.time_relative": "2109.992145000", - "frame.number": "7992", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00009e70", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000018db", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "57205", - "udp.port": "1900", - "udp.port": "57205", - "udp.length": "305", - "udp.checksum": "0x0000e5a5", - "udp.checksum.status": "2", - "udp.stream": "149" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "16", - "http.prev_response_in": "7991" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:41.505550000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495701.505550000", - "frame.time_delta": "0.052719000", - "frame.time_delta_displayed": "0.052719000", - "frame.time_relative": "2110.044864000", - "frame.number": "7993", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00009e74", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000018ce", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "57205", - "udp.port": "1900", - "udp.port": "57205", - "udp.length": "314", - "udp.checksum": "0x0000f390", - "udp.checksum.status": "2", - "udp.stream": "149" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "17", - "http.prev_response_in": "7992" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:41.558339000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495701.558339000", - "frame.time_delta": "0.052789000", - "frame.time_delta_displayed": "0.052789000", - "frame.time_relative": "2110.097653000", - "frame.number": "7994", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00009e77", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000018d1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "57205", - "udp.port": "1900", - "udp.port": "57205", - "udp.length": "308", - "udp.checksum": "0x0000171b", - "udp.checksum.status": "2", - "udp.stream": "149" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "18", - "http.prev_response_in": "7993" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:42.136685000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495702.136685000", - "frame.time_delta": "0.578346000", - "frame.time_delta_displayed": "0.578346000", - "frame.time_relative": "2110.675999000", - "frame.number": "7995", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00009e8f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000018bc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "57205", - "udp.port": "1900", - "udp.port": "57205", - "udp.length": "305", - "udp.checksum": "0x0000e5a5", - "udp.checksum.status": "2", - "udp.stream": "149" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "19", - "http.prev_response_in": "7994" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:42.189530000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495702.189530000", - "frame.time_delta": "0.052845000", - "frame.time_delta_displayed": "0.052845000", - "frame.time_relative": "2110.728844000", - "frame.number": "7996", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00009e94", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000018ae", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "57205", - "udp.port": "1900", - "udp.port": "57205", - "udp.length": "314", - "udp.checksum": "0x0000f390", - "udp.checksum.status": "2", - "udp.stream": "149" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "20", - "http.prev_response_in": "7995" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:42.242333000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495702.242333000", - "frame.time_delta": "0.052803000", - "frame.time_delta_displayed": "0.052803000", - "frame.time_relative": "2110.781647000", - "frame.number": "7997", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00009e96", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000018b2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "57205", - "udp.port": "1900", - "udp.port": "57205", - "udp.length": "308", - "udp.checksum": "0x0000171b", - "udp.checksum.status": "2", - "udp.stream": "149" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "21", - "http.prev_response_in": "7996" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:43.188880000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495703.188880000", - "frame.time_delta": "0.946547000", - "frame.time_delta_displayed": "0.946547000", - "frame.time_relative": "2111.728194000", - "frame.number": "7998", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00009ec2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00001889", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "57205", - "udp.port": "1900", - "udp.port": "57205", - "udp.length": "305", - "udp.checksum": "0x0000e5a5", - "udp.checksum.status": "2", - "udp.stream": "149" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "22", - "http.prev_response_in": "7997" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:43.241615000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495703.241615000", - "frame.time_delta": "0.052735000", - "frame.time_delta_displayed": "0.052735000", - "frame.time_relative": "2111.780929000", - "frame.number": "7999", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00009ec3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000187f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "57205", - "udp.port": "1900", - "udp.port": "57205", - "udp.length": "314", - "udp.checksum": "0x0000f390", - "udp.checksum.status": "2", - "udp.stream": "149" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "23", - "http.prev_response_in": "7998" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:43.294488000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495703.294488000", - "frame.time_delta": "0.052873000", - "frame.time_delta_displayed": "0.052873000", - "frame.time_relative": "2111.833802000", - "frame.number": "8000", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x00009ec8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00001880", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "57205", - "udp.port": "1900", - "udp.port": "57205", - "udp.length": "308", - "udp.checksum": "0x0000171b", - "udp.checksum.status": "2", - "udp.stream": "149" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "24", - "http.prev_response_in": "7999" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:21:55.346826000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495715.346826000", - "frame.time_delta": "12.052338000", - "frame.time_delta_displayed": "12.052338000", - "frame.time_relative": "2123.886140000", - "frame.number": "8001", - "frame.len": "134", - "frame.cap_len": "134", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:adwin_config" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "120", - "ip.id": "0x00000bb4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ecd8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "100", - "udp.checksum": "0x0000e487", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "adwin_config": { - "adwin_config.pattern": "0x5c000054", - "adwin_config.version": "1112689490", - "adwin_config.scan_id": "0xd073d502", - "adwin_config.status": "0x41da0000", - "adwin_config.timeout": "1279870552", - "adwin_config.filename": "V2", - "adwin_config.mac": "9f:36:19:4e:7a:42", - "adwin_config.unused": "" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:02.336039000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495722.336039000", - "frame.time_delta": "6.989213000", - "frame.time_delta_displayed": "6.989213000", - "frame.time_relative": "2130.875353000", - "frame.number": "8002", - "frame.len": "115", - "frame.cap_len": "115", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "101", - "ip.id": "0x000096f8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007656", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "49", - "tcp.seq": "92267", - "tcp.nxtseq": "92316", - "tcp.ack": "18910", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000c158", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:f1:53:a7:a2:fd:f9", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2617683, TSecr 2812476921": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2617683", - "tcp.options.timestamp.tsecr": "2812476921" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "49", - "tcp.analysis.push_bytes_sent": "49" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "44", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:8d:cb:9a:91:cc:d3:07:16:c6:97:9e:ff:37:0e:10:35:44:bf:3f:9f:72:69:84:c0:f7:67:87:02:61:b5:a7:30:d7:8e:89:c4:35" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:02.397270000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495722.397270000", - "frame.time_delta": "0.061231000", - "frame.time_delta_displayed": "0.061231000", - "frame.time_relative": "2130.936584000", - "frame.number": "8003", - "frame.len": "121", - "frame.cap_len": "121", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "107", - "ip.id": "0x00002dea", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000375e", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "55", - "tcp.seq": "18910", - "tcp.nxtseq": "18965", - "tcp.ack": "92316", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000097ca", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a3:1c:53:00:27:f1:53", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812484691, TSecr 2617683": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812484691", - "tcp.options.timestamp.tsecr": "2617683" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8002", - "tcp.analysis.ack_rtt": "0.061231000", - "tcp.analysis.bytes_in_flight": "55", - "tcp.analysis.push_bytes_sent": "55" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "50", - "ssl.app_data": "34:cd:34:17:47:48:0e:d5:d6:b2:df:9d:3a:92:32:91:62:c1:5a:f2:ee:a8:59:aa:21:42:c6:c4:1c:e2:a4:d3:93:ae:51:6e:55:32:73:19:01:3c:bf:0c:92:7d:77:ba:4d:e1" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:02.397773000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495722.397773000", - "frame.time_delta": "0.000503000", - "frame.time_delta_displayed": "0.000503000", - "frame.time_relative": "2130.937087000", - "frame.number": "8004", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x000096f9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007686", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "92316", - "tcp.ack": "18965", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000e738", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:f1:59:a7:a3:1c:53", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2617689, TSecr 2812484691": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2617689", - "tcp.options.timestamp.tsecr": "2812484691" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8003", - "tcp.analysis.ack_rtt": "0.000503000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:04.081423000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495724.081423000", - "frame.time_delta": "1.683650000", - "frame.time_delta_displayed": "1.683650000", - "frame.time_relative": "2132.620737000", - "frame.number": "8005", - "frame.len": "94", - "frame.cap_len": "94", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "80", - "ip.id": "0x0000582e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a63b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "40", - "tcp.seq": "5198", - "tcp.nxtseq": "5238", - "tcp.ack": "721", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000fc58", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "40", - "tcp.analysis.push_bytes_sent": "40" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "35", - "ssl.app_data": "c1:4c:bc:6e:d4:4e:36:ef:ae:12:ab:73:e0:77:d4:07:e2:9a:30:12:a7:7a:67:f5:0e:51:f5:14:79:2d:ff:60:f3:a3:ed" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:04.225047000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495724.225047000", - "frame.time_delta": "0.143624000", - "frame.time_delta_displayed": "0.143624000", - "frame.time_relative": "2132.764361000", - "frame.number": "8006", - "frame.len": "90", - "frame.cap_len": "90", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "76", - "ip.id": "0x00001011", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fd5c", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "36", - "tcp.seq": "721", - "tcp.nxtseq": "757", - "tcp.ack": "5238", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000027de", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8005", - "tcp.analysis.ack_rtt": "0.143624000", - "tcp.analysis.bytes_in_flight": "36", - "tcp.analysis.push_bytes_sent": "36" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "31", - "ssl.app_data": "54:26:79:5a:1e:3d:fa:74:e7:75:4d:11:29:35:68:7b:52:8a:bf:eb:79:df:94:ae:74:1e:a0:52:a2:b8:5e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:04.225558000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495724.225558000", - "frame.time_delta": "0.000511000", - "frame.time_delta_displayed": "0.000511000", - "frame.time_relative": "2132.764872000", - "frame.number": "8007", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000582f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a662", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "5238", - "tcp.ack": "757", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000ef55", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8006", - "tcp.analysis.ack_rtt": "0.000511000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:06.825271000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495726.825271000", - "frame.time_delta": "2.599713000", - "frame.time_delta_displayed": "2.599713000", - "frame.time_relative": "2135.364585000", - "frame.number": "8008", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005f07", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x000058e2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:07.396852000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495727.396852000", - "frame.time_delta": "0.571581000", - "frame.time_delta_displayed": "0.571581000", - "frame.time_relative": "2135.936166000", - "frame.number": "8009", - "frame.len": "130", - "frame.cap_len": "130", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "116", - "ip.id": "0x00000bb6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ecda", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "96", - "udp.checksum": "0x00009e1c", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:37:84:a1:fb:9a:5d:ce:f2:14:6b:00:00:00:78:27:e3:e3:14:2e:34:21:00:00:00:00:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", - "data.len": "88" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:09.706004000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495729.706004000", - "frame.time_delta": "2.309152000", - "frame.time_delta_displayed": "2.309152000", - "frame.time_relative": "2138.245318000", - "frame.number": "8010", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001ffd", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b7f3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00001565", - "udp.checksum.status": "2", - "udp.stream": "150" - }, - "mdns": { - "dns.id": "0x0000028e", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=654", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:09.706519000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495729.706519000", - "frame.time_delta": "0.000515000", - "frame.time_delta_displayed": "0.000515000", - "frame.time_relative": "2138.245833000", - "frame.number": "8011", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001ffe", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000098ee", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f660", - "udp.checksum.status": "2", - "udp.stream": "151" - }, - "mdns": { - "dns.id": "0x0000028e", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=654", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:09.707420000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495729.707420000", - "frame.time_delta": "0.000901000", - "frame.time_delta_displayed": "0.000901000", - "frame.time_relative": "2138.246734000", - "frame.number": "8012", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1325", - "udp.dstport": "5353", - "udp.port": "1325", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00008426", - "udp.checksum.status": "2", - "udp.stream": "152" - }, - "mdns": { - "dns.id": "0x0000028e", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=654", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:14.706303000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495734.706303000", - "frame.time_delta": "4.998883000", - "frame.time_delta_displayed": "4.998883000", - "frame.time_relative": "2143.245617000", - "frame.number": "8013", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00001fff", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b7f1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00001565", - "udp.checksum.status": "2", - "udp.stream": "150" - }, - "mdns": { - "dns.id": "0x0000028e", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=654", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:14.706836000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495734.706836000", - "frame.time_delta": "0.000533000", - "frame.time_delta_displayed": "0.000533000", - "frame.time_relative": "2143.246150000", - "frame.number": "8014", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00002000", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000098ec", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f660", - "udp.checksum.status": "2", - "udp.stream": "151" - }, - "mdns": { - "dns.id": "0x0000028e", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=654", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:14.707439000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495734.707439000", - "frame.time_delta": "0.000603000", - "frame.time_delta_displayed": "0.000603000", - "frame.time_relative": "2143.246753000", - "frame.number": "8015", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1325", - "udp.dstport": "5353", - "udp.port": "1325", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00008426", - "udp.checksum.status": "2", - "udp.stream": "152" - }, - "mdns": { - "dns.id": "0x0000028e", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=654", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:17.397768000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495737.397768000", - "frame.time_delta": "2.690329000", - "frame.time_delta_displayed": "2.690329000", - "frame.time_relative": "2145.937082000", - "frame.number": "8016", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x00007a28", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00004f2f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:17.397783000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495737.397783000", - "frame.time_delta": "0.000015000", - "frame.time_delta_displayed": "0.000015000", - "frame.time_relative": "2145.937097000", - "frame.number": "8017", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x00007a2b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00004f2c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:17.430944000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495737.430944000", - "frame.time_delta": "0.033161000", - "frame.time_delta_displayed": "0.033161000", - "frame.time_relative": "2145.970258000", - "frame.number": "8018", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x00007a2e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00004f20", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:17.483783000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495737.483783000", - "frame.time_delta": "0.052839000", - "frame.time_delta_displayed": "0.052839000", - "frame.time_relative": "2146.023097000", - "frame.number": "8019", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x00007a33", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00004f1b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:17.536701000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495737.536701000", - "frame.time_delta": "0.052918000", - "frame.time_delta_displayed": "0.052918000", - "frame.time_relative": "2146.076015000", - "frame.number": "8020", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x00007a34", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00004f20", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:17.589504000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495737.589504000", - "frame.time_delta": "0.052803000", - "frame.time_delta_displayed": "0.052803000", - "frame.time_relative": "2146.128818000", - "frame.number": "8021", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x00007a39", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00004f1b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:19.707956000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495739.707956000", - "frame.time_delta": "2.118452000", - "frame.time_delta_displayed": "2.118452000", - "frame.time_relative": "2148.247270000", - "frame.number": "8022", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00002006", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b7ea", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00001565", - "udp.checksum.status": "2", - "udp.stream": "150" - }, - "mdns": { - "dns.id": "0x0000028e", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=654", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:19.710233000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495739.710233000", - "frame.time_delta": "0.002277000", - "frame.time_delta_displayed": "0.002277000", - "frame.time_relative": "2148.249547000", - "frame.number": "8023", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00002007", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000098e5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f660", - "udp.checksum.status": "2", - "udp.stream": "151" - }, - "mdns": { - "dns.id": "0x0000028e", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=654", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:19.710593000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495739.710593000", - "frame.time_delta": "0.000360000", - "frame.time_delta_displayed": "0.000360000", - "frame.time_relative": "2148.249907000", - "frame.number": "8024", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1325", - "udp.dstport": "5353", - "udp.port": "1325", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00008426", - "udp.checksum.status": "2", - "udp.stream": "152" - }, - "mdns": { - "dns.id": "0x0000028e", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=654", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:26.092161000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495746.092161000", - "frame.time_delta": "6.381568000", - "frame.time_delta_displayed": "6.381568000", - "frame.time_relative": "2154.631475000", - "frame.number": "8025", - "frame.len": "264", - "frame.cap_len": "264", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "250", - "ip.id": "0x00002deb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000036ce", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "198", - "tcp.seq": "18965", - "tcp.nxtseq": "19163", - "tcp.ack": "92316", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00007cde", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a3:33:77:00:27:f1:59", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812490615, TSecr 2617689": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812490615", - "tcp.options.timestamp.tsecr": "2617689" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "198", - "tcp.analysis.push_bytes_sent": "198" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "193", - "ssl.app_data": "34:cd:34:17:47:48:0e:d6:0d:bb:6d:72:33:82:75:3b:d3:97:29:c3:b9:cb:d4:db:4c:5e:2c:df:91:0b:8b:20:c2:ca:7a:e9:6d:9f:37:fd:0e:bf:f8:07:74:3b:2b:b2:b3:c3:ba:69:25:32:1c:aa:6b:96:6f:49:3f:a4:bf:cb:d3:a8:53:eb:4d:d7:2c:27:dd:6b:00:48:cb:83:42:29:c3:a8:f6:02:28:50:31:6d:8e:eb:a1:f9:fa:78:9e:d5:4e:96:72:e6:94:a0:92:38:a9:d0:cb:2d:c6:1c:be:35:f3:dd:6d:e0:4c:21:fa:5a:1e:b5:b2:17:8f:e4:78:90:90:d1:e8:43:24:2f:b2:c0:51:ac:c0:c5:6d:1f:42:be:db:9e:da:7c:c3:29:74:c9:13:10:37:19:db:42:31:a6:c6:81:b0:3d:46:ae:f7:63:97:ec:ab:8c:d4:7d:07:2d:0b:5e:e7:23:c1:cb:52:89:7e:0a:be:93:28:13:cb:16:0b" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:26.092663000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495746.092663000", - "frame.time_delta": "0.000502000", - "frame.time_delta_displayed": "0.000502000", - "frame.time_relative": "2154.631977000", - "frame.number": "8026", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x000096fa", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007685", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "92316", - "tcp.ack": "19163", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000c60c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:fa:9b:a7:a3:33:77", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2620059, TSecr 2812490615": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2620059", - "tcp.options.timestamp.tsecr": "2812490615" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8025", - "tcp.analysis.ack_rtt": "0.000502000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:26.098850000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495746.098850000", - "frame.time_delta": "0.006187000", - "frame.time_delta_displayed": "0.006187000", - "frame.time_relative": "2154.638164000", - "frame.number": "8027", - "frame.len": "119", - "frame.cap_len": "119", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "105", - "ip.id": "0x000096fb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000764f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "53", - "tcp.seq": "92316", - "tcp.nxtseq": "92369", - "tcp.ack": "19163", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00005638", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:fa:9c:a7:a3:33:77", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2620060, TSecr 2812490615": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2620060", - "tcp.options.timestamp.tsecr": "2812490615" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "53", - "tcp.analysis.push_bytes_sent": "53" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "48", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:8e:e1:96:97:93:f1:81:63:64:e4:82:6d:80:86:13:00:af:6e:0c:ef:65:08:10:b2:be:4b:8f:89:53:b9:8c:5f:76:12:bf:5d:15:a0:09:b7:ff" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:26.198023000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495746.198023000", - "frame.time_delta": "0.099173000", - "frame.time_delta_displayed": "0.099173000", - "frame.time_relative": "2154.737337000", - "frame.number": "8028", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002dec", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003793", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "19163", - "tcp.ack": "92369", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000c6aa", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a3:33:92:00:27:fa:9c", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812490642, TSecr 2620060": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812490642", - "tcp.options.timestamp.tsecr": "2620060" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8027", - "tcp.analysis.ack_rtt": "0.099173000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:26.198633000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495746.198633000", - "frame.time_delta": "0.000610000", - "frame.time_delta_displayed": "0.000610000", - "frame.time_relative": "2154.737947000", - "frame.number": "8029", - "frame.len": "1442", - "frame.cap_len": "1442", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1428", - "ip.id": "0x000096fc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007123", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "1376", - "tcp.seq": "92369", - "tcp.nxtseq": "93745", - "tcp.ack": "19163", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00000552", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:fa:a5:a7:a3:33:92", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2620069, TSecr 2812490642": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2620069", - "tcp.options.timestamp.tsecr": "2812490642" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "1376", - "tcp.analysis.push_bytes_sent": "1376" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:8f:21:66:30:2a:fb:59:9f:82:f0:1d:65:9f:22:82:61:5f:cf:37:db:71:93:1a:b0:ce:42:93:24:18:31:5e:73:d4:c2:f4:45:11:c2:8c:a1:1a:46" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "96", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:90:80:75:6e:45:8e:30:70:5c:a8:11:5c:c3:d5:a4:d2:3e:02:9e:73:37:76:8e:22:68:bc:ff:1c:de:70:8d:b2:0a:1e:0e:67:25:74:5f:b5:6b:ce:f1:2f:16:f3:58:01:9e:66:43:08:b9:c1:0a:c3:cb:03:e9:8b:ef:11:61:fe:78:37:f6:f1:90:e9:35:3a:96:17:2a:8a:93:c1:b2:ab:40:24:02:b5:59:95:58:e6:70" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "1078", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:91:ab:80:6a:56:d6:43:aa:70:95:d7:02:be:f0:d4:87:72:59:96:bb:33:f0:68:9e:64:d8:e4:60:58:6a:7e:bf:4d:18:92:7f:41:b5:fe:a2:01:63:af:cb:c3:55:ea:0d:3b:d6:ce:37:94:9e:f2:2d:56:b0:b5:ea:62:75:2b:55:14:85:b8:15:62:83:37:9e:1e:be:2a:7a:8b:34:85:ba:88:bf:df:32:dd:0d:a9:fa:b0:36:49:cb:1d:f4:93:83:55:2d:34:47:a9:ec:ba:c5:36:fe:4f:28:4d:a0:cf:34:16:f3:6a:95:c7:d1:08:4d:d4:60:bd:65:ce:fc:8c:a3:f1:42:66:c3:cd:1c:ae:03:62:91:d6:b2:f6:55:f5:f8:15:ab:4f:e3:e1:34:aa:b9:20:7a:3e:44:b3:58:22:eb:07:31:63:ea:b4:c8:74:53:bd:cf:64:43:83:f5:01:92:ba:ea:b1:3a:a5:d8:95:a4:24:98:e2:16:58:72:ae:f7:76:21:8e:92:86:55:3a:0b:f9:97:c7:d0:9e:92:ef:fc:03:9f:38:47:58:36:d1:2b:e3:4b:35:8d:09:01:94:03:47:9f:d5:35:f8:a9:50:bf:d2:80:3b:ae:c6:0e:73:f4:6c:cb:ee:38:ae:b9:50:89:38:e1:9a:1f:4a:61:7e:3e:22:7a:77:a1:b2:ef:58:f4:73:c2:13:01:d9:10:8b:77:42:1d:5d:ce:91:93:7f:ee:f8:ec:e8:9b:e5:9b:43:9c:f2:6e:6f:c6:69:ca:23:d8:73:58:72:f4:b5:fd:29:59:3a:5e:93:ae:37:79:a4:a0:77:9d:12:42:78:5d:cf:72:d4:2e:8d:b6:44:d1:6e:86:04:9f:0a:f3:d8:fc:45:a6:1c:2a:e2:37:0c:79:aa:70:34:a7:50:9a:7c:8c:6d:65:73:56:bc:a8:46:0c:78:a7:ca:ac:4d:a5:ea:15:b5:70:63:52:44:85:5b:83:c9:b2:eb:a2:01:d7:e9:6f:62:60:23:61:e3:62:c4:d9:ec:92:28:3a:d0:f9:5e:fc:b3:9c:6f:c5:97:08:83:5b:14:6a:5c:36:75:58:d1:3e:9e:d4:0f:bb:91:15:15:95:53:62:0b:eb:a8:a3:7a:26:1e:cb:fc:c4:1e:b6:83:05:46:b7:e6:85:3e:4e:d0:3c:10:5c:e5:64:1f:4d:d4:dc:66:a2:2e:db:c1:46:18:b8:f6:4d:5c:7f:7b:d5:79:7c:50:5e:91:c2:d3:64:cd:8b:aa:74:5f:f5:1c:2b:9d:5d:79:11:f6:51:c1:58:cb:72:80:1d:0d:03:df:da:9f:d7:36:25:6a:ac:f4:4f:48:8b:d1:57:64:00:65:29:0c:79:c2:14:08:3a:c9:5f:de:3d:7b:23:04:e0:85:34:da:4c:41:2e:cd:c9:36:95:b8:0c:70:65:13:f4:76:bf:f3:ea:c2:f7:50:2b:7f:5f:23:36:7c:7c:f5:78:04:f4:b5:18:98:59:46:a8:37:d6:c8:16:a2:13:dc:46:05:d7:e4:b2:ae:e5:6d:50:31:a6:e1:9b:7f:cb:5a:99:14:81:ca:bf:fb:55:c3:85:23:ba:64:79:60:77:80:bc:e6:1d:ed:d8:5e:d5:c9:8d:65:9b:a3:13:21:a1:2a:36:f5:bf:10:d4:87:d4:d6:da:ba:2f:e1:92:d3:17:33:49:ed:09:84:76:6f:ba:39:1f:e4:00:92:8c:4b:b0:e6:c8:1f:0a:d5:b0:72:b5:7b:b8:82:2e:05:10:26:6d:30:5e:13:ca:54:35:f0:1b:56:27:00:e3:37:b6:76:ff:ba:91:24:4c:46:ba:29:43:06:1e:70:2e:bd:7d:08:f6:83:ec:14:f1:8a:f4:70:7a:e6:1f:a9:2e:60:ff:30:ab:38:a0:1b:0e:af:28:b4:ee:41:a8:f2:f2:09:6d:b3:30:1c:5a:92:c7:8e:b0:7e:cb:bc:e5:08:7f:55:d5:a6:61:02:75:c3:03:f3:c1:df:56:d6:35:9e:8a:35:8c:05:86:71:1c:9c:b0:9b:7e:31:0e:5e:25:dd:cb:22:8c:6a:09:db:16:69:c4:e4:bb:19:2e:e2:e0:2a:fa:2b:9d:e6:3d:ec:c8:c0:3e:c3:96:7f:ec:76:56:25:c9:59:96:a1:d3:8f:d8:34:ac:d8:e5:43:b1:64:e0:ee:b6:be:fe:74:4c:ef:c8:9f:8d:87:18:a7:ff:87:76:63:c4:5a:0a:4b:23:35:3a:9b:da:a6:37:22:b1:5c:cb:64:70:cf:dc:b0:c9:e1:01:27:4c:ec:b3:e7:e0:5c:02:17:54:f6:4d:33:ce:09:3a:27:c1:bf:a9:dc:5a:d8:6f:41:9f:b8:32:ba:0a:d7:e9:29:33:c9:7a:7b:0d:a4:71:62:13:b3:3b:47:ed:45:c0:5a:36:05:d3:fe:da:3a:1c:03:03:46:d1:52:c0:18:77:72:aa:79:e8:0c:29:0a:d5:44:3e:7e:1b:bf:e6:4b:92:17:22:0e:f6:a2:e3:c8:22:f2:e2:ad:12:28:90:dc:30:00:d2:37:0b:8d:f5:b7:46:79:05:48:ea:02:00:b5:eb:68:8e:eb:9e:45:ce:82:1c:58:d6:35:30:72:3a:bb:d6:26:61:c4:d9:c5:d8:e4:28:29:03:89:08:10:23:33:6e:e2:19:1a:42:4b:7f:00:eb:8d:e2:4d:0d:47:4f:cb:57:33:f0:b0:6c:f1:df:08:3e:c9:43:b7:37:f3:50:6f:9e:48:78:db:46:c3:ee:71:69:c7:04:a6:d3:8c:c9:45:69:2f:db:d2:0a:dd:fd:a2:de:11:31:5e:c6:02" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "133", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:92:27:70:6d:c8:d5:77:76:8e:34:f0:a4:78:d6:4f:dc:8c:3c:ff:b7:5f:67:fa:54:33:bf:dd:00:90:15:ad:9c:63:b6:83:14:83:fa:a3:63:13:89:dc:44:cb:5c:b3:4c:e3:83:c5:47:8e:d4:77:13:94:8d:28:8b:c7:84:4d:74:00:d0:0d:8a:43:f2:27:71:02:56:5c:8d:be:d6:4b:5b:f6:5e:72:99:a1:57:4c:1e:4e:31:f2:eb:06:cf:77:df:44:dd:ab:d2:29:73:41:78:39:b2:ec:d9:37:eb:ec:e0:ce:a9:13:8c:1d:c7:c6:28:20:b0:3f:3a:e9:7f" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:26.258763000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495746.258763000", - "frame.time_delta": "0.060130000", - "frame.time_delta_displayed": "0.060130000", - "frame.time_relative": "2154.798077000", - "frame.number": "8030", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002ded", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003792", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "19163", - "tcp.ack": "93745", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000c132", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a3:33:a1:00:27:fa:a5", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812490657, TSecr 2620069": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812490657", - "tcp.options.timestamp.tsecr": "2620069" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8029", - "tcp.analysis.ack_rtt": "0.060130000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:26.515384000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495746.515384000", - "frame.time_delta": "0.256621000", - "frame.time_delta_displayed": "0.256621000", - "frame.time_relative": "2155.054698000", - "frame.number": "8031", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "106", - "ip.id": "0x000096fd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000764c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "54", - "tcp.seq": "93745", - "tcp.nxtseq": "93799", - "tcp.ack": "19163", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000398d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:fa:c5:a7:a3:33:a1", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2620101, TSecr 2812490657": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2620101", - "tcp.options.timestamp.tsecr": "2812490657" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "54", - "tcp.analysis.push_bytes_sent": "54" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:93:93:ff:33:5f:e2:03:88:12:b1:b8:6b:69:e9:21:c6:a8:bf:a7:3d:e2:0c:b7:7c:9d:ac:b9:66:8a:c6:9e:34:2b:5f:84:5d:93:f3:5b:b9:29:3a" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:26.575572000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495746.575572000", - "frame.time_delta": "0.060188000", - "frame.time_delta_displayed": "0.060188000", - "frame.time_relative": "2155.114886000", - "frame.number": "8032", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002dee", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003791", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "19163", - "tcp.ack": "93799", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000c08d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a3:33:f0:00:27:fa:c5", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812490736, TSecr 2620101": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812490736", - "tcp.options.timestamp.tsecr": "2620101" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8031", - "tcp.analysis.ack_rtt": "0.060188000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:28.063219000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495748.063219000", - "frame.time_delta": "1.487647000", - "frame.time_delta_displayed": "1.487647000", - "frame.time_relative": "2156.602533000", - "frame.number": "8033", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x0000a664", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000011fd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "39350", - "udp.dstport": "53", - "udp.port": "39350", - "udp.port": "53", - "udp.length": "52", - "udp.checksum": "0x00009d28", - "udp.checksum.status": "2", - "udp.stream": "153" - }, - "dns": { - "dns.id": "0x0000dfbc", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "fw-update2.smartthings.com: type A, class IN": { - "dns.qry.name": "fw-update2.smartthings.com", - "dns.qry.name.len": "26", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:28.063234000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495748.063234000", - "frame.time_delta": "0.000015000", - "frame.time_delta_displayed": "0.000015000", - "frame.time_relative": "2156.602548000", - "frame.number": "8034", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x0000a665", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000011fc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "39350", - "udp.dstport": "53", - "udp.port": "39350", - "udp.port": "53", - "udp.length": "52", - "udp.checksum": "0x0000c22e", - "udp.checksum.status": "2", - "udp.stream": "153" - }, - "dns": { - "dns.id": "0x0000ba9b", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "fw-update2.smartthings.com: type AAAA, class IN": { - "dns.qry.name": "fw-update2.smartthings.com", - "dns.qry.name.len": "26", - "dns.count.labels": "3", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:28.089330000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495748.089330000", - "frame.time_delta": "0.026096000", - "frame.time_delta_displayed": "0.026096000", - "frame.time_relative": "2156.628644000", - "frame.number": "8035", - "frame.len": "447", - "frame.cap_len": "447", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "433", - "ip.id": "0x0000a1f3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00001505", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "39350", - "udp.port": "53", - "udp.port": "39350", - "udp.length": "413", - "udp.checksum": "0x000083f2", - "udp.checksum.status": "2", - "udp.stream": "153" - }, - "dns": { - "dns.response_to": "8033", - "dns.time": "0.026111000", - "dns.id": "0x0000dfbc", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "3", - "dns.count.auth_rr": "4", - "dns.count.add_rr": "8", - "Queries": { - "fw-update2.smartthings.com: type A, class IN": { - "dns.qry.name": "fw-update2.smartthings.com", - "dns.qry.name.len": "26", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "fw-update2.smartthings.com: type A, class IN, addr 52.4.156.100": { - "dns.resp.name": "fw-update2.smartthings.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "60", - "dns.resp.len": "4", - "dns.a": "52.4.156.100" - }, - "fw-update2.smartthings.com: type A, class IN, addr 34.231.50.247": { - "dns.resp.name": "fw-update2.smartthings.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "60", - "dns.resp.len": "4", - "dns.a": "34.231.50.247" - }, - "fw-update2.smartthings.com: type A, class IN, addr 52.70.238.171": { - "dns.resp.name": "fw-update2.smartthings.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "60", - "dns.resp.len": "4", - "dns.a": "52.70.238.171" - } - }, - "Authoritative nameservers": { - "smartthings.com: type NS, class IN, ns ns-442.awsdns-55.com": { - "dns.resp.name": "smartthings.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "9114", - "dns.resp.len": "19", - "dns.ns": "ns-442.awsdns-55.com" - }, - "smartthings.com: type NS, class IN, ns ns-779.awsdns-33.net": { - "dns.resp.name": "smartthings.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "9114", - "dns.resp.len": "22", - "dns.ns": "ns-779.awsdns-33.net" - }, - "smartthings.com: type NS, class IN, ns ns-1275.awsdns-31.org": { - "dns.resp.name": "smartthings.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "9114", - "dns.resp.len": "23", - "dns.ns": "ns-1275.awsdns-31.org" - }, - "smartthings.com: type NS, class IN, ns ns-1610.awsdns-09.co.uk": { - "dns.resp.name": "smartthings.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "9114", - "dns.resp.len": "25", - "dns.ns": "ns-1610.awsdns-09.co.uk" - } - }, - "Additional records": { - "ns-442.awsdns-55.com: type A, class IN, addr 205.251.193.186": { - "dns.resp.name": "ns-442.awsdns-55.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "138180", - "dns.resp.len": "4", - "dns.a": "205.251.193.186" - }, - "ns-779.awsdns-33.net: type A, class IN, addr 205.251.195.11": { - "dns.resp.name": "ns-779.awsdns-33.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "9800", - "dns.resp.len": "4", - "dns.a": "205.251.195.11" - }, - "ns-1275.awsdns-31.org: type A, class IN, addr 205.251.196.251": { - "dns.resp.name": "ns-1275.awsdns-31.org", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "6093", - "dns.resp.len": "4", - "dns.a": "205.251.196.251" - }, - "ns-1610.awsdns-09.co.uk: type A, class IN, addr 205.251.198.74": { - "dns.resp.name": "ns-1610.awsdns-09.co.uk", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "14695", - "dns.resp.len": "4", - "dns.a": "205.251.198.74" - }, - "ns-442.awsdns-55.com: type AAAA, class IN, addr 2600:9000:5301:ba00::1": { - "dns.resp.name": "ns-442.awsdns-55.com", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "138180", - "dns.resp.len": "16", - "dns.aaaa": "2600:9000:5301:ba00::1" - }, - "ns-779.awsdns-33.net: type AAAA, class IN, addr 2600:9000:5303:b00::1": { - "dns.resp.name": "ns-779.awsdns-33.net", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "9800", - "dns.resp.len": "16", - "dns.aaaa": "2600:9000:5303:b00::1" - }, - "ns-1275.awsdns-31.org: type AAAA, class IN, addr 2600:9000:5304:fb00::1": { - "dns.resp.name": "ns-1275.awsdns-31.org", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "6093", - "dns.resp.len": "16", - "dns.aaaa": "2600:9000:5304:fb00::1" - }, - "ns-1610.awsdns-09.co.uk: type AAAA, class IN, addr 2600:9000:5306:4a00::1": { - "dns.resp.name": "ns-1610.awsdns-09.co.uk", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "14695", - "dns.resp.len": "16", - "dns.aaaa": "2600:9000:5306:4a00::1" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:28.089556000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495748.089556000", - "frame.time_delta": "0.000226000", - "frame.time_delta_displayed": "0.000226000", - "frame.time_relative": "2156.628870000", - "frame.number": "8036", - "frame.len": "168", - "frame.cap_len": "168", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "154", - "ip.id": "0x0000a1f4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000161b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "39350", - "udp.port": "53", - "udp.port": "39350", - "udp.length": "134", - "udp.checksum": "0x000082db", - "udp.checksum.status": "2", - "udp.stream": "153" - }, - "dns": { - "dns.response_to": "8034", - "dns.time": "0.026322000", - "dns.id": "0x0000ba9b", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "1", - "dns.count.add_rr": "0", - "Queries": { - "fw-update2.smartthings.com: type AAAA, class IN": { - "dns.qry.name": "fw-update2.smartthings.com", - "dns.qry.name.len": "26", - "dns.count.labels": "3", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - }, - "Authoritative nameservers": { - "smartthings.com: type SOA, class IN, mname ns-1275.awsdns-31.org": { - "dns.resp.name": "smartthings.com", - "dns.resp.type": "6", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "900", - "dns.resp.len": "70", - "dns.soa.mname": "ns-1275.awsdns-31.org", - "dns.soa.rname": "awsdns-hostmaster.amazon.com", - "dns.soa.serial_number": "1", - "dns.soa.refresh_interval": "7200", - "dns.soa.retry_interval": "900", - "dns.soa.expire_limit": "1209600", - "dns.soa.mininum_ttl": "86400" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:28.090600000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495748.090600000", - "frame.time_delta": "0.001044000", - "frame.time_delta_displayed": "0.001044000", - "frame.time_relative": "2156.629914000", - "frame.number": "8037", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x000013c4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000094f5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "52.4.156.100", - "ip.addr": "52.4.156.100", - "ip.dst_host": "52.4.156.100", - "ip.host": "52.4.156.100", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.dst_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.dst_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.dst_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - } - }, - "tcp": { - "tcp.srcport": "58240", - "tcp.dstport": "443", - "tcp.port": "58240", - "tcp.port": "443", - "tcp.stream": "313", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 443", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "14600", - "tcp.window_size": "14600", - "tcp.checksum": "0x000029ea", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:27:fb:63:00:00:00:00:01:03:03:06", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 2620259, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2620259", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 6 (multiply by 64)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "6", - "tcp.options.wscale.multiplier": "64" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:28.164111000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495748.164111000", - "frame.time_delta": "0.073511000", - "frame.time_delta_displayed": "0.073511000", - "frame.time_relative": "2156.703425000", - "frame.number": "8038", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "231", - "ip.proto": "6", - "ip.checksum": "0x000001b9", - "ip.checksum.status": "2", - "ip.src": "52.4.156.100", - "ip.addr": "52.4.156.100", - "ip.src_host": "52.4.156.100", - "ip.host": "52.4.156.100", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.src_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.src_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.src_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "58240", - "tcp.port": "443", - "tcp.port": "58240", - "tcp.stream": "313", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 443", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "26847", - "tcp.window_size": "26847", - "tcp.checksum": "0x00000a67", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:4b:4a:74:a6:00:27:fb:63:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 1263170726, TSecr 2620259": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "1263170726", - "tcp.options.timestamp.tsecr": "2620259" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8037", - "tcp.analysis.ack_rtt": "0.073511000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:28.164641000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495748.164641000", - "frame.time_delta": "0.000530000", - "frame.time_delta_displayed": "0.000530000", - "frame.time_relative": "2156.703955000", - "frame.number": "8039", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x000013c5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000094fc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "52.4.156.100", - "ip.addr": "52.4.156.100", - "ip.dst_host": "52.4.156.100", - "ip.host": "52.4.156.100", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.dst_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.dst_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.dst_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - } - }, - "tcp": { - "tcp.srcport": "58240", - "tcp.dstport": "443", - "tcp.port": "58240", - "tcp.port": "443", - "tcp.stream": "313", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "229", - "tcp.window_size": "14656", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000a127", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:fb:6a:4b:4a:74:a6", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2620266, TSecr 1263170726": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2620266", - "tcp.options.timestamp.tsecr": "1263170726" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8038", - "tcp.analysis.ack_rtt": "0.000530000", - "tcp.analysis.initial_rtt": "0.074041000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:28.166829000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495748.166829000", - "frame.time_delta": "0.002188000", - "frame.time_delta_displayed": "0.002188000", - "frame.time_relative": "2156.706143000", - "frame.number": "8040", - "frame.len": "373", - "frame.cap_len": "373", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "359", - "ip.id": "0x000013c6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000093c8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "52.4.156.100", - "ip.addr": "52.4.156.100", - "ip.dst_host": "52.4.156.100", - "ip.host": "52.4.156.100", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.dst_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.dst_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.dst_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - } - }, - "tcp": { - "tcp.srcport": "58240", - "tcp.dstport": "443", - "tcp.port": "58240", - "tcp.port": "443", - "tcp.stream": "313", - "tcp.len": "307", - "tcp.seq": "1", - "tcp.nxtseq": "308", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "229", - "tcp.window_size": "14656", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x00007d2d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:fb:6a:4b:4a:74:a6", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2620266, TSecr 1263170726": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2620266", - "tcp.options.timestamp.tsecr": "1263170726" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.074041000", - "tcp.analysis.bytes_in_flight": "307", - "tcp.analysis.push_bytes_sent": "307" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "22", - "ssl.record.version": "0x00000301", - "ssl.record.length": "302", - "ssl.handshake": { - "ssl.handshake.type": "1", - "ssl.handshake.length": "298", - "ssl.handshake.version": "0x00000303", - "Random": { - "ssl.handshake.random_time": "Oct 6, 2002 17:58:28.000000000 PDT", - "ssl.handshake.random": "23:59:c2:68:ce:8f:f9:4e:bc:89:6b:47:7f:bc:59:17:8a:cf:e7:7a:11:de:38:24:5b:5f:4a:94" - }, - "ssl.handshake.session_id_length": "0", - "ssl.handshake.cipher_suites_length": "148", - "ssl.handshake.ciphersuites": { - "ssl.handshake.ciphersuite": "49200", - "ssl.handshake.ciphersuite": "49196", - "ssl.handshake.ciphersuite": "49192", - "ssl.handshake.ciphersuite": "49188", - "ssl.handshake.ciphersuite": "49172", - "ssl.handshake.ciphersuite": "49162", - "ssl.handshake.ciphersuite": "163", - "ssl.handshake.ciphersuite": "159", - "ssl.handshake.ciphersuite": "107", - "ssl.handshake.ciphersuite": "106", - "ssl.handshake.ciphersuite": "57", - "ssl.handshake.ciphersuite": "56", - "ssl.handshake.ciphersuite": "136", - "ssl.handshake.ciphersuite": "135", - "ssl.handshake.ciphersuite": "49202", - "ssl.handshake.ciphersuite": "49198", - "ssl.handshake.ciphersuite": "49194", - "ssl.handshake.ciphersuite": "49190", - "ssl.handshake.ciphersuite": "49167", - "ssl.handshake.ciphersuite": "49157", - "ssl.handshake.ciphersuite": "157", - "ssl.handshake.ciphersuite": "61", - "ssl.handshake.ciphersuite": "53", - "ssl.handshake.ciphersuite": "132", - "ssl.handshake.ciphersuite": "49199", - "ssl.handshake.ciphersuite": "49195", - "ssl.handshake.ciphersuite": "49191", - "ssl.handshake.ciphersuite": "49187", - "ssl.handshake.ciphersuite": "49171", - "ssl.handshake.ciphersuite": "49161", - "ssl.handshake.ciphersuite": "162", - "ssl.handshake.ciphersuite": "158", - "ssl.handshake.ciphersuite": "103", - "ssl.handshake.ciphersuite": "64", - "ssl.handshake.ciphersuite": "51", - "ssl.handshake.ciphersuite": "50", - "ssl.handshake.ciphersuite": "154", - "ssl.handshake.ciphersuite": "153", - "ssl.handshake.ciphersuite": "69", - "ssl.handshake.ciphersuite": "68", - "ssl.handshake.ciphersuite": "49201", - "ssl.handshake.ciphersuite": "49197", - "ssl.handshake.ciphersuite": "49193", - "ssl.handshake.ciphersuite": "49189", - "ssl.handshake.ciphersuite": "49166", - "ssl.handshake.ciphersuite": "49156", - "ssl.handshake.ciphersuite": "156", - "ssl.handshake.ciphersuite": "60", - "ssl.handshake.ciphersuite": "47", - "ssl.handshake.ciphersuite": "150", - "ssl.handshake.ciphersuite": "65", - "ssl.handshake.ciphersuite": "7", - "ssl.handshake.ciphersuite": "49169", - "ssl.handshake.ciphersuite": "49159", - "ssl.handshake.ciphersuite": "49164", - "ssl.handshake.ciphersuite": "49154", - "ssl.handshake.ciphersuite": "5", - "ssl.handshake.ciphersuite": "4", - "ssl.handshake.ciphersuite": "49170", - "ssl.handshake.ciphersuite": "49160", - "ssl.handshake.ciphersuite": "22", - "ssl.handshake.ciphersuite": "19", - "ssl.handshake.ciphersuite": "49165", - "ssl.handshake.ciphersuite": "49155", - "ssl.handshake.ciphersuite": "10", - "ssl.handshake.ciphersuite": "21", - "ssl.handshake.ciphersuite": "18", - "ssl.handshake.ciphersuite": "9", - "ssl.handshake.ciphersuite": "20", - "ssl.handshake.ciphersuite": "17", - "ssl.handshake.ciphersuite": "8", - "ssl.handshake.ciphersuite": "6", - "ssl.handshake.ciphersuite": "3", - "ssl.handshake.ciphersuite": "255" - }, - "ssl.handshake.comp_methods_length": "1", - "ssl.handshake.comp_methods": { - "ssl.handshake.comp_method": "0" - }, - "ssl.handshake.extensions_length": "109", - "Extension: ec_point_formats": { - "ssl.handshake.extension.type": "0x0000000b", - "ssl.handshake.extension.len": "4", - "ssl.handshake.extensions_ec_point_formats_length": "3", - "ssl.handshake.extensions_elliptic_curves": { - "ssl.handshake.extensions_ec_point_format": "0", - "ssl.handshake.extensions_ec_point_format": "1", - "ssl.handshake.extensions_ec_point_format": "2" - } - }, - "Extension: elliptic_curves": { - "ssl.handshake.extension.type": "0x0000000a", - "ssl.handshake.extension.len": "52", - "ssl.handshake.extensions_elliptic_curves_length": "50", - "ssl.handshake.extensions_elliptic_curves": { - "ssl.handshake.extensions_elliptic_curve": "0x0000000e", - "ssl.handshake.extensions_elliptic_curve": "0x0000000d", - "ssl.handshake.extensions_elliptic_curve": "0x00000019", - "ssl.handshake.extensions_elliptic_curve": "0x0000000b", - "ssl.handshake.extensions_elliptic_curve": "0x0000000c", - "ssl.handshake.extensions_elliptic_curve": "0x00000018", - "ssl.handshake.extensions_elliptic_curve": "0x00000009", - "ssl.handshake.extensions_elliptic_curve": "0x0000000a", - "ssl.handshake.extensions_elliptic_curve": "0x00000016", - "ssl.handshake.extensions_elliptic_curve": "0x00000017", - "ssl.handshake.extensions_elliptic_curve": "0x00000008", - "ssl.handshake.extensions_elliptic_curve": "0x00000006", - "ssl.handshake.extensions_elliptic_curve": "0x00000007", - "ssl.handshake.extensions_elliptic_curve": "0x00000014", - "ssl.handshake.extensions_elliptic_curve": "0x00000015", - "ssl.handshake.extensions_elliptic_curve": "0x00000004", - "ssl.handshake.extensions_elliptic_curve": "0x00000005", - "ssl.handshake.extensions_elliptic_curve": "0x00000012", - "ssl.handshake.extensions_elliptic_curve": "0x00000013", - "ssl.handshake.extensions_elliptic_curve": "0x00000001", - "ssl.handshake.extensions_elliptic_curve": "0x00000002", - "ssl.handshake.extensions_elliptic_curve": "0x00000003", - "ssl.handshake.extensions_elliptic_curve": "0x0000000f", - "ssl.handshake.extensions_elliptic_curve": "0x00000010", - "ssl.handshake.extensions_elliptic_curve": "0x00000011" - } - }, - "Extension: SessionTicket TLS": { - "ssl.handshake.extension.type": "0x00000023", - "ssl.handshake.extension.len": "0", - "ssl.handshake.extension.data": "" - }, - "Extension: signature_algorithms": { - "ssl.handshake.extension.type": "0x0000000d", - "ssl.handshake.extension.len": "32", - "ssl.handshake.sig_hash_alg_len": "30", - "ssl.handshake.sig_hash_algs": { - "ssl.handshake.sig_hash_alg": "0x00000601", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "6", - "ssl.handshake.sig_hash_sig": "1" - }, - "ssl.handshake.sig_hash_alg": "0x00000602", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "6", - "ssl.handshake.sig_hash_sig": "2" - }, - "ssl.handshake.sig_hash_alg": "0x00000603", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "6", - "ssl.handshake.sig_hash_sig": "3" - }, - "ssl.handshake.sig_hash_alg": "0x00000501", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "5", - "ssl.handshake.sig_hash_sig": "1" - }, - "ssl.handshake.sig_hash_alg": "0x00000502", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "5", - "ssl.handshake.sig_hash_sig": "2" - }, - "ssl.handshake.sig_hash_alg": "0x00000503", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "5", - "ssl.handshake.sig_hash_sig": "3" - }, - "ssl.handshake.sig_hash_alg": "0x00000401", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "4", - "ssl.handshake.sig_hash_sig": "1" - }, - "ssl.handshake.sig_hash_alg": "0x00000402", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "4", - "ssl.handshake.sig_hash_sig": "2" - }, - "ssl.handshake.sig_hash_alg": "0x00000403", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "4", - "ssl.handshake.sig_hash_sig": "3" - }, - "ssl.handshake.sig_hash_alg": "0x00000301", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "3", - "ssl.handshake.sig_hash_sig": "1" - }, - "ssl.handshake.sig_hash_alg": "0x00000302", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "3", - "ssl.handshake.sig_hash_sig": "2" - }, - "ssl.handshake.sig_hash_alg": "0x00000303", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "3", - "ssl.handshake.sig_hash_sig": "3" - }, - "ssl.handshake.sig_hash_alg": "0x00000201", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "2", - "ssl.handshake.sig_hash_sig": "1" - }, - "ssl.handshake.sig_hash_alg": "0x00000202", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "2", - "ssl.handshake.sig_hash_sig": "2" - }, - "ssl.handshake.sig_hash_alg": "0x00000203", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "2", - "ssl.handshake.sig_hash_sig": "3" - } - } - }, - "Extension: Heartbeat": { - "ssl.handshake.extension.type": "0x0000000f", - "ssl.handshake.extension.len": "1", - "ssl.handshake.extension.heartbeat.mode": "1" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:28.240107000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495748.240107000", - "frame.time_delta": "0.073278000", - "frame.time_delta_displayed": "0.073278000", - "frame.time_relative": "2156.779421000", - "frame.number": "8041", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x000058da", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "231", - "ip.proto": "6", - "ip.checksum": "0x0000a8e6", - "ip.checksum.status": "2", - "ip.src": "52.4.156.100", - "ip.addr": "52.4.156.100", - "ip.src_host": "52.4.156.100", - "ip.host": "52.4.156.100", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.src_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.src_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.src_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "58240", - "tcp.port": "443", - "tcp.port": "58240", - "tcp.stream": "313", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "308", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "110", - "tcp.window_size": "28160", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000a058", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:4b:4a:74:b9:00:27:fb:6a", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 1263170745, TSecr 2620266": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "1263170745", - "tcp.options.timestamp.tsecr": "2620266" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8040", - "tcp.analysis.ack_rtt": "0.073278000", - "tcp.analysis.initial_rtt": "0.074041000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:28.241251000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495748.241251000", - "frame.time_delta": "0.001144000", - "frame.time_delta_displayed": "0.001144000", - "frame.time_relative": "2156.780565000", - "frame.number": "8042", - "frame.len": "1514", - "frame.cap_len": "1514", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1500", - "ip.id": "0x000058db", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "231", - "ip.proto": "6", - "ip.checksum": "0x0000a33d", - "ip.checksum.status": "2", - "ip.src": "52.4.156.100", - "ip.addr": "52.4.156.100", - "ip.src_host": "52.4.156.100", - "ip.host": "52.4.156.100", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.src_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.src_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.src_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "58240", - "tcp.port": "443", - "tcp.port": "58240", - "tcp.stream": "313", - "tcp.len": "1448", - "tcp.seq": "1", - "tcp.nxtseq": "1449", - "tcp.ack": "308", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "110", - "tcp.window_size": "28160", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000097d1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:4b:4a:74:ba:00:27:fb:6a", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 1263170746, TSecr 2620266": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "1263170746", - "tcp.options.timestamp.tsecr": "2620266" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.074041000", - "tcp.analysis.bytes_in_flight": "1448", - "tcp.analysis.push_bytes_sent": "1448" - }, - "tcp.segment_data": "16:03:03:05:49:0b:00:05:45:00:05:42:00:03:09:30:82:03:05:30:82:02:6e:a0:03:02:01:02:02:01:00:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:34:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:34:34:5a:30:5f:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:10:30:0e:06:03:55:04:03:13:07:53:54:46:57:53:52:56:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:c9:56:e8:6d:ec:56:0a:e8:a6:09:dc:50:d1:72:66:6d:16:64:1c:fa:f4:df:ab:ee:e5:89:6f:90:1c:78:63:3a:cd:18:c9:a0:0a:c2:c9:09:99:15:ce:93:87:44:31:dc:56:53:c4:1d:bd:6a:6a:96:2d:97:e8:16:59:4c:b6:13:6d:a7:e6:e1:1e:51:8f:7a:40:d9:eb:47:f6:88:3f:04:7a:a2:3a:49:ae:c4:fb:fe:f3:b6:72:59:38:60:5e:cf:12:0d:db:15:fe:f5:c9:0c:89:b1:91:59:69:d0:4a:1c:0a:86:4d:6f:66:19:22:eb:57:e3:c8:8f:b7:f6:4d:8b:02:03:01:00:01:a3:81:d3:30:81:d0:30:09:06:03:55:1d:13:04:02:30:00:30:2c:06:09:60:86:48:01:86:f8:42:01:0d:04:1f:16:1d:4f:70:65:6e:53:53:4c:20:47:65:6e:65:72:61:74:65:64:20:43:65:72:74:69:66:69:63:61:74:65:30:1d:06:03:55:1d:0e:04:16:04:14:01:07:04:ee:a6:17:33:cc:2d:e5:e1:56:cd:43:0f:b2:71:42:05:02:30:76:06:03:55:1d:23:04:6f:30:6d:a1:60:a4:5e:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:82:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:0f:26:11:8e:c5:ab:4b:39:27:63:dc:70:73:ad:5b:c3:b1:83:2e:2d:8d:93:d4:2a:6e:70:9a:38:75:cc:0c:c4:0d:13:ae:b5:72:2f:15:bf:44:17:4a:3d:c2:8b:15:3d:87:ce:90:01:e6:20:b4:55:04:15:30:3f:ac:1b:78:f8:ff:c0:64:74:c2:29:96:f3:5f:be:a1:59:6e:24:e4:0f:4b:08:71:22:83:e6:9a:ce:7f:64:11:05:4c:33:40:04:42:a4:bf:b0:e8:e5:50:2b:0f:7b:20:ec:53:4e:da:b4:e5:8f:3c:d1:bb:ab:95:e6:16:7a:9a:72:e5:e6:53:79:00:02:33:30:82:02:2f:30:82:01:98:02:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:33:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:33:34:5a:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:eb:7c:8a:c0:0c:30:96:1b:ea:91:46:ea:ed:6b:41:f5:f0:f6:0a:16:a7:f3:cd:25:e9:4a:2c:9b:b4:66:58:54:22:a2:ad:5a:31:51:fe:85:9a:52:f5:e0:b8:45:2e:05:75:5e:fd:39:35:35:11:62:26:19:f8:7b:7d:8d:aa:73:b4:24:ab:c3:b1:08:c5:81:f1:1f:a8:3a:e6:13:ce:42:d4:67:59:3c:50:1d:6b:a2:f9:87:11:24:b5:ca:e0:cc:23:54:af:1a:9d:60:21:8e:41:4c:f9:00:4f:8e:2e:48:be:60:61:25:8a:bb:e5:16:ac:c0:01:fe:bf:6c:ee:7f:02:03:01:00:01:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:48:44:84:f7:d5:c5:67:7f:cb:ea:65:30:ba:64:5c:53:a1:6d:22:f4:de:32:75:b0:cc:53:3d:29:00:14:5a:78:1c:40:a5:2d:4e:7e:fa:c8:d6:22:c3:3e:56:3f:33:22:0b:7a:23:02:e5:75:49:94:70:27:b4:a4:a4:48:5f:77:a2:09:78:90:0e:0d:41:6d:26:a7:9f:9b:e0:16:4f:9c:16:98:14:5e:99:67:f1:cb:ff:5d:b2:7e:bf:b3:fd:c3:b3:d5:fb:3a:fe:78:2d:df:5a:6f:db:e3:3a:b0:93:6f:ed:c8:ee:58:a4:f6:95:5e:43:48:37:1e" - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "22", - "ssl.record.version": "0x00000303", - "ssl.record.length": "89", - "ssl.handshake": { - "ssl.handshake.type": "2", - "ssl.handshake.length": "85", - "ssl.handshake.version": "0x00000303", - "Random": { - "ssl.handshake.random_time": "Jul 14, 2077 17:19:58.000000000 PDT", - "ssl.handshake.random": "81:0b:2c:cf:97:42:87:24:a0:b0:bb:52:0a:e1:e0:a8:4c:09:6d:ae:cd:47:2b:d6:14:5b:ab:6b" - }, - "ssl.handshake.session_id_length": "32", - "ssl.handshake.session_id": "f0:29:f1:00:8d:94:4b:36:dd:96:35:0b:29:9f:cc:fb:91:03:92:c5:9a:34:95:e9:ab:fa:d9:c3:19:ef:6d:01", - "ssl.handshake.ciphersuite": "49199", - "ssl.handshake.comp_method": "0", - "ssl.handshake.extensions_length": "13", - "Extension: renegotiation_info": { - "ssl.handshake.extension.type": "0x0000ff01", - "ssl.handshake.extension.len": "1", - "Renegotiation Info extension": { - "ssl.handshake.extensions_reneg_info_len": "0" - } - }, - "Extension: ec_point_formats": { - "ssl.handshake.extension.type": "0x0000000b", - "ssl.handshake.extension.len": "4", - "ssl.handshake.extensions_ec_point_formats_length": "3", - "ssl.handshake.extensions_elliptic_curves": { - "ssl.handshake.extensions_ec_point_format": "0", - "ssl.handshake.extensions_ec_point_format": "1", - "ssl.handshake.extensions_ec_point_format": "2" - } - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:28.241273000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495748.241273000", - "frame.time_delta": "0.000022000", - "frame.time_delta_displayed": "0.000022000", - "frame.time_relative": "2156.780587000", - "frame.number": "8043", - "frame.len": "289", - "frame.cap_len": "289", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl:pkcs-1:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:pkcs-1:x509ce:ns_cert_exts:x509ce:x509ce:x509sat:x509sat:x509sat:x509sat:x509sat:pkcs-1:pkcs-1:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:pkcs-1:pkcs-1:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "275", - "ip.id": "0x000058dc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "231", - "ip.proto": "6", - "ip.checksum": "0x0000a805", - "ip.checksum.status": "2", - "ip.src": "52.4.156.100", - "ip.addr": "52.4.156.100", - "ip.src_host": "52.4.156.100", - "ip.host": "52.4.156.100", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.src_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.src_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.src_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "58240", - "tcp.port": "443", - "tcp.port": "58240", - "tcp.stream": "313", - "tcp.len": "223", - "tcp.seq": "1449", - "tcp.nxtseq": "1672", - "tcp.ack": "308", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "110", - "tcp.window_size": "28160", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00009308", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:4b:4a:74:ba:00:27:fb:6a", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 1263170746, TSecr 2620266": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "1263170746", - "tcp.options.timestamp.tsecr": "2620266" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.074041000", - "tcp.analysis.bytes_in_flight": "1671", - "tcp.analysis.push_bytes_sent": "1671" - }, - "tcp.segment_data": "3a:cd:63:9f" - }, - "tcp.segments": { - "tcp.segment": "8042", - "tcp.segment": "8043", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1358", - "tcp.reassembled.data": "16:03:03:05:49:0b:00:05:45:00:05:42:00:03:09:30:82:03:05:30:82:02:6e:a0:03:02:01:02:02:01:00:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:34:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:34:34:5a:30:5f:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:10:30:0e:06:03:55:04:03:13:07:53:54:46:57:53:52:56:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:c9:56:e8:6d:ec:56:0a:e8:a6:09:dc:50:d1:72:66:6d:16:64:1c:fa:f4:df:ab:ee:e5:89:6f:90:1c:78:63:3a:cd:18:c9:a0:0a:c2:c9:09:99:15:ce:93:87:44:31:dc:56:53:c4:1d:bd:6a:6a:96:2d:97:e8:16:59:4c:b6:13:6d:a7:e6:e1:1e:51:8f:7a:40:d9:eb:47:f6:88:3f:04:7a:a2:3a:49:ae:c4:fb:fe:f3:b6:72:59:38:60:5e:cf:12:0d:db:15:fe:f5:c9:0c:89:b1:91:59:69:d0:4a:1c:0a:86:4d:6f:66:19:22:eb:57:e3:c8:8f:b7:f6:4d:8b:02:03:01:00:01:a3:81:d3:30:81:d0:30:09:06:03:55:1d:13:04:02:30:00:30:2c:06:09:60:86:48:01:86:f8:42:01:0d:04:1f:16:1d:4f:70:65:6e:53:53:4c:20:47:65:6e:65:72:61:74:65:64:20:43:65:72:74:69:66:69:63:61:74:65:30:1d:06:03:55:1d:0e:04:16:04:14:01:07:04:ee:a6:17:33:cc:2d:e5:e1:56:cd:43:0f:b2:71:42:05:02:30:76:06:03:55:1d:23:04:6f:30:6d:a1:60:a4:5e:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:82:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:0f:26:11:8e:c5:ab:4b:39:27:63:dc:70:73:ad:5b:c3:b1:83:2e:2d:8d:93:d4:2a:6e:70:9a:38:75:cc:0c:c4:0d:13:ae:b5:72:2f:15:bf:44:17:4a:3d:c2:8b:15:3d:87:ce:90:01:e6:20:b4:55:04:15:30:3f:ac:1b:78:f8:ff:c0:64:74:c2:29:96:f3:5f:be:a1:59:6e:24:e4:0f:4b:08:71:22:83:e6:9a:ce:7f:64:11:05:4c:33:40:04:42:a4:bf:b0:e8:e5:50:2b:0f:7b:20:ec:53:4e:da:b4:e5:8f:3c:d1:bb:ab:95:e6:16:7a:9a:72:e5:e6:53:79:00:02:33:30:82:02:2f:30:82:01:98:02:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:33:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:33:34:5a:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:eb:7c:8a:c0:0c:30:96:1b:ea:91:46:ea:ed:6b:41:f5:f0:f6:0a:16:a7:f3:cd:25:e9:4a:2c:9b:b4:66:58:54:22:a2:ad:5a:31:51:fe:85:9a:52:f5:e0:b8:45:2e:05:75:5e:fd:39:35:35:11:62:26:19:f8:7b:7d:8d:aa:73:b4:24:ab:c3:b1:08:c5:81:f1:1f:a8:3a:e6:13:ce:42:d4:67:59:3c:50:1d:6b:a2:f9:87:11:24:b5:ca:e0:cc:23:54:af:1a:9d:60:21:8e:41:4c:f9:00:4f:8e:2e:48:be:60:61:25:8a:bb:e5:16:ac:c0:01:fe:bf:6c:ee:7f:02:03:01:00:01:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:48:44:84:f7:d5:c5:67:7f:cb:ea:65:30:ba:64:5c:53:a1:6d:22:f4:de:32:75:b0:cc:53:3d:29:00:14:5a:78:1c:40:a5:2d:4e:7e:fa:c8:d6:22:c3:3e:56:3f:33:22:0b:7a:23:02:e5:75:49:94:70:27:b4:a4:a4:48:5f:77:a2:09:78:90:0e:0d:41:6d:26:a7:9f:9b:e0:16:4f:9c:16:98:14:5e:99:67:f1:cb:ff:5d:b2:7e:bf:b3:fd:c3:b3:d5:fb:3a:fe:78:2d:df:5a:6f:db:e3:3a:b0:93:6f:ed:c8:ee:58:a4:f6:95:5e:43:48:37:1e:3a:cd:63:9f" - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "22", - "ssl.record.version": "0x00000303", - "ssl.record.length": "1353", - "ssl.handshake": { - "ssl.handshake.type": "11", - "ssl.handshake.length": "1349", - "ssl.handshake.certificates_length": "1346", - "ssl.handshake.certificates": { - "ssl.handshake.certificate_length": "777", - "ssl.handshake.certificate": "30:82:03:05:30:82:02:6e:a0:03:02:01:02:02:01:00:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:34:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:34:34:5a:30:5f:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:10:30:0e:06:03:55:04:03:13:07:53:54:46:57:53:52:56:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:c9:56:e8:6d:ec:56:0a:e8:a6:09:dc:50:d1:72:66:6d:16:64:1c:fa:f4:df:ab:ee:e5:89:6f:90:1c:78:63:3a:cd:18:c9:a0:0a:c2:c9:09:99:15:ce:93:87:44:31:dc:56:53:c4:1d:bd:6a:6a:96:2d:97:e8:16:59:4c:b6:13:6d:a7:e6:e1:1e:51:8f:7a:40:d9:eb:47:f6:88:3f:04:7a:a2:3a:49:ae:c4:fb:fe:f3:b6:72:59:38:60:5e:cf:12:0d:db:15:fe:f5:c9:0c:89:b1:91:59:69:d0:4a:1c:0a:86:4d:6f:66:19:22:eb:57:e3:c8:8f:b7:f6:4d:8b:02:03:01:00:01:a3:81:d3:30:81:d0:30:09:06:03:55:1d:13:04:02:30:00:30:2c:06:09:60:86:48:01:86:f8:42:01:0d:04:1f:16:1d:4f:70:65:6e:53:53:4c:20:47:65:6e:65:72:61:74:65:64:20:43:65:72:74:69:66:69:63:61:74:65:30:1d:06:03:55:1d:0e:04:16:04:14:01:07:04:ee:a6:17:33:cc:2d:e5:e1:56:cd:43:0f:b2:71:42:05:02:30:76:06:03:55:1d:23:04:6f:30:6d:a1:60:a4:5e:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:82:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:0f:26:11:8e:c5:ab:4b:39:27:63:dc:70:73:ad:5b:c3:b1:83:2e:2d:8d:93:d4:2a:6e:70:9a:38:75:cc:0c:c4:0d:13:ae:b5:72:2f:15:bf:44:17:4a:3d:c2:8b:15:3d:87:ce:90:01:e6:20:b4:55:04:15:30:3f:ac:1b:78:f8:ff:c0:64:74:c2:29:96:f3:5f:be:a1:59:6e:24:e4:0f:4b:08:71:22:83:e6:9a:ce:7f:64:11:05:4c:33:40:04:42:a4:bf:b0:e8:e5:50:2b:0f:7b:20:ec:53:4e:da:b4:e5:8f:3c:d1:bb:ab:95:e6:16:7a:9a:72:e5:e6:53:79", - "ssl.handshake.certificate_tree": { - "x509af.signedCertificate_element": { - "x509af.version": "2", - "x509af.serialNumber": "0", - "x509af.signature_element": { - "x509af.algorithm.id": "1.2.840.113549.1.1.5" - }, - "x509af.issuer": "0", - "x509af.issuer_tree": { - "x509if.rdnSequence": "5", - "x509if.rdnSequence_tree": { - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.6", - "x509sat.CountryName": "US" - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.8", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "Minnesota" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.10", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "SmartThings" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.11", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "SmartThings" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.3", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "STCA" - } - } - } - } - }, - "x509af.validity_element": { - "x509af.notBefore": "0", - "x509af.notBefore_tree": { - "x509af.utcTime": "15-03-05 21:25:44 (UTC)" - }, - "x509af.notAfter": "0", - "x509af.notAfter_tree": { - "x509af.utcTime": "25-03-02 21:25:44 (UTC)" - } - }, - "x509af.subject": "0", - "x509af.subject_tree": { - "x509af.rdnSequence": "5", - "x509af.rdnSequence_tree": { - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.6", - "x509sat.CountryName": "US" - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.8", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "Minnesota" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.10", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "SmartThings" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.11", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "SmartThings" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.3", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "STFWSRV" - } - } - } - } - }, - "x509af.subjectPublicKeyInfo_element": { - "x509af.algorithm_element": { - "x509af.algorithm.id": "1.2.840.113549.1.1.1" - }, - "x509af.subjectPublicKey": "30:81:89:02:81:81:00:c9:56:e8:6d:ec:56:0a:e8:a6:09:dc:50:d1:72:66:6d:16:64:1c:fa:f4:df:ab:ee:e5:89:6f:90:1c:78:63:3a:cd:18:c9:a0:0a:c2:c9:09:99:15:ce:93:87:44:31:dc:56:53:c4:1d:bd:6a:6a:96:2d:97:e8:16:59:4c:b6:13:6d:a7:e6:e1:1e:51:8f:7a:40:d9:eb:47:f6:88:3f:04:7a:a2:3a:49:ae:c4:fb:fe:f3:b6:72:59:38:60:5e:cf:12:0d:db:15:fe:f5:c9:0c:89:b1:91:59:69:d0:4a:1c:0a:86:4d:6f:66:19:22:eb:57:e3:c8:8f:b7:f6:4d:8b:02:03:01:00:01", - "x509af.subjectPublicKey_tree": { - "pkcs1.modulus": "00:c9:56:e8:6d:ec:56:0a:e8:a6:09:dc:50:d1:72:66:6d:16:64:1c:fa:f4:df:ab:ee:e5:89:6f:90:1c:78:63:3a:cd:18:c9:a0:0a:c2:c9:09:99:15:ce:93:87:44:31:dc:56:53:c4:1d:bd:6a:6a:96:2d:97:e8:16:59:4c:b6:13:6d:a7:e6:e1:1e:51:8f:7a:40:d9:eb:47:f6:88:3f:04:7a:a2:3a:49:ae:c4:fb:fe:f3:b6:72:59:38:60:5e:cf:12:0d:db:15:fe:f5:c9:0c:89:b1:91:59:69:d0:4a:1c:0a:86:4d:6f:66:19:22:eb:57:e3:c8:8f:b7:f6:4d:8b", - "pkcs1.publicExponent": "65537" - } - }, - "x509af.extensions": "4", - "x509af.extensions_tree": { - "x509af.Extension_element": { - "x509af.extension.id": "2.5.29.19", - "x509ce.BasicConstraintsSyntax_element": "" - }, - "x509af.Extension_element": { - "x509af.extension.id": "2.16.840.1.113730.1.13", - "ns_cert_exts.Comment": "OpenSSL Generated Certificate" - }, - "x509af.Extension_element": { - "x509af.extension.id": "2.5.29.14", - "x509ce.SubjectKeyIdentifier": "01:07:04:ee:a6:17:33:cc:2d:e5:e1:56:cd:43:0f:b2:71:42:05:02" - }, - "x509af.Extension_element": { - "x509af.extension.id": "2.5.29.35", - "x509ce.AuthorityKeyIdentifier_element": { - "x509ce.authorityCertIssuer": "1", - "x509ce.authorityCertIssuer_tree": { - "x509ce.GeneralName": "4", - "x509ce.GeneralName_tree": { - "x509ce.directoryName": "0", - "x509ce.directoryName_tree": { - "x509if.rdnSequence": "5", - "x509if.rdnSequence_tree": { - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.6", - "x509sat.CountryName": "US" - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.8", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "Minnesota" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.10", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "SmartThings" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.11", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "SmartThings" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.3", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "STCA" - } - } - } - } - } - } - }, - "x509ce.authorityCertSerialNumber": "-2877719464742176835" - } - } - } - }, - "x509af.algorithmIdentifier_element": { - "x509af.algorithm.id": "1.2.840.113549.1.1.5" - }, - "ber.bitstring.padding": "0", - "x509af.encrypted": "0f:26:11:8e:c5:ab:4b:39:27:63:dc:70:73:ad:5b:c3:b1:83:2e:2d:8d:93:d4:2a:6e:70:9a:38:75:cc:0c:c4:0d:13:ae:b5:72:2f:15:bf:44:17:4a:3d:c2:8b:15:3d:87:ce:90:01:e6:20:b4:55:04:15:30:3f:ac:1b:78:f8:ff:c0:64:74:c2:29:96:f3:5f:be:a1:59:6e:24:e4:0f:4b:08:71:22:83:e6:9a:ce:7f:64:11:05:4c:33:40:04:42:a4:bf:b0:e8:e5:50:2b:0f:7b:20:ec:53:4e:da:b4:e5:8f:3c:d1:bb:ab:95:e6:16:7a:9a:72:e5:e6:53:79" - }, - "ssl.handshake.certificate_length": "563", - "ssl.handshake.certificate": "30:82:02:2f:30:82:01:98:02:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:33:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:33:34:5a:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:eb:7c:8a:c0:0c:30:96:1b:ea:91:46:ea:ed:6b:41:f5:f0:f6:0a:16:a7:f3:cd:25:e9:4a:2c:9b:b4:66:58:54:22:a2:ad:5a:31:51:fe:85:9a:52:f5:e0:b8:45:2e:05:75:5e:fd:39:35:35:11:62:26:19:f8:7b:7d:8d:aa:73:b4:24:ab:c3:b1:08:c5:81:f1:1f:a8:3a:e6:13:ce:42:d4:67:59:3c:50:1d:6b:a2:f9:87:11:24:b5:ca:e0:cc:23:54:af:1a:9d:60:21:8e:41:4c:f9:00:4f:8e:2e:48:be:60:61:25:8a:bb:e5:16:ac:c0:01:fe:bf:6c:ee:7f:02:03:01:00:01:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:48:44:84:f7:d5:c5:67:7f:cb:ea:65:30:ba:64:5c:53:a1:6d:22:f4:de:32:75:b0:cc:53:3d:29:00:14:5a:78:1c:40:a5:2d:4e:7e:fa:c8:d6:22:c3:3e:56:3f:33:22:0b:7a:23:02:e5:75:49:94:70:27:b4:a4:a4:48:5f:77:a2:09:78:90:0e:0d:41:6d:26:a7:9f:9b:e0:16:4f:9c:16:98:14:5e:99:67:f1:cb:ff:5d:b2:7e:bf:b3:fd:c3:b3:d5:fb:3a:fe:78:2d:df:5a:6f:db:e3:3a:b0:93:6f:ed:c8:ee:58:a4:f6:95:5e:43:48:37:1e:3a:cd:63:9f", - "ssl.handshake.certificate_tree": { - "x509af.signedCertificate_element": { - "x509af.serialNumber": "-2877719464742176835", - "x509af.signature_element": { - "x509af.algorithm.id": "1.2.840.113549.1.1.5" - }, - "x509af.issuer": "0", - "x509af.issuer_tree": { - "x509if.rdnSequence": "5", - "x509if.rdnSequence_tree": { - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.6", - "x509sat.CountryName": "US" - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.8", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "Minnesota" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.10", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "SmartThings" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.11", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "SmartThings" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.3", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "STCA" - } - } - } - } - }, - "x509af.validity_element": { - "x509af.notBefore": "0", - "x509af.notBefore_tree": { - "x509af.utcTime": "15-03-05 21:25:34 (UTC)" - }, - "x509af.notAfter": "0", - "x509af.notAfter_tree": { - "x509af.utcTime": "25-03-02 21:25:34 (UTC)" - } - }, - "x509af.subject": "0", - "x509af.subject_tree": { - "x509af.rdnSequence": "5", - "x509af.rdnSequence_tree": { - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.6", - "x509sat.CountryName": "US" - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.8", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "Minnesota" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.10", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "SmartThings" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.11", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "SmartThings" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.3", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "STCA" - } - } - } - } - }, - "x509af.subjectPublicKeyInfo_element": { - "x509af.algorithm_element": { - "x509af.algorithm.id": "1.2.840.113549.1.1.1" - }, - "x509af.subjectPublicKey": "30:81:89:02:81:81:00:eb:7c:8a:c0:0c:30:96:1b:ea:91:46:ea:ed:6b:41:f5:f0:f6:0a:16:a7:f3:cd:25:e9:4a:2c:9b:b4:66:58:54:22:a2:ad:5a:31:51:fe:85:9a:52:f5:e0:b8:45:2e:05:75:5e:fd:39:35:35:11:62:26:19:f8:7b:7d:8d:aa:73:b4:24:ab:c3:b1:08:c5:81:f1:1f:a8:3a:e6:13:ce:42:d4:67:59:3c:50:1d:6b:a2:f9:87:11:24:b5:ca:e0:cc:23:54:af:1a:9d:60:21:8e:41:4c:f9:00:4f:8e:2e:48:be:60:61:25:8a:bb:e5:16:ac:c0:01:fe:bf:6c:ee:7f:02:03:01:00:01", - "x509af.subjectPublicKey_tree": { - "pkcs1.modulus": "00:eb:7c:8a:c0:0c:30:96:1b:ea:91:46:ea:ed:6b:41:f5:f0:f6:0a:16:a7:f3:cd:25:e9:4a:2c:9b:b4:66:58:54:22:a2:ad:5a:31:51:fe:85:9a:52:f5:e0:b8:45:2e:05:75:5e:fd:39:35:35:11:62:26:19:f8:7b:7d:8d:aa:73:b4:24:ab:c3:b1:08:c5:81:f1:1f:a8:3a:e6:13:ce:42:d4:67:59:3c:50:1d:6b:a2:f9:87:11:24:b5:ca:e0:cc:23:54:af:1a:9d:60:21:8e:41:4c:f9:00:4f:8e:2e:48:be:60:61:25:8a:bb:e5:16:ac:c0:01:fe:bf:6c:ee:7f", - "pkcs1.publicExponent": "65537" - } - } - }, - "x509af.algorithmIdentifier_element": { - "x509af.algorithm.id": "1.2.840.113549.1.1.5" - }, - "ber.bitstring.padding": "0", - "x509af.encrypted": "48:44:84:f7:d5:c5:67:7f:cb:ea:65:30:ba:64:5c:53:a1:6d:22:f4:de:32:75:b0:cc:53:3d:29:00:14:5a:78:1c:40:a5:2d:4e:7e:fa:c8:d6:22:c3:3e:56:3f:33:22:0b:7a:23:02:e5:75:49:94:70:27:b4:a4:a4:48:5f:77:a2:09:78:90:0e:0d:41:6d:26:a7:9f:9b:e0:16:4f:9c:16:98:14:5e:99:67:f1:cb:ff:5d:b2:7e:bf:b3:fd:c3:b3:d5:fb:3a:fe:78:2d:df:5a:6f:db:e3:3a:b0:93:6f:ed:c8:ee:58:a4:f6:95:5e:43:48:37:1e:3a:cd:63:9f" - } - } - } - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "22", - "ssl.record.version": "0x00000303", - "ssl.record.length": "205", - "ssl.handshake": { - "ssl.handshake.type": "12", - "ssl.handshake.length": "201", - "EC Diffie-Hellman Server Params": { - "ssl.handshake.server_curve_type": "0x00000003", - "ssl.handshake.server_named_curve": "0x00000017", - "ssl.handshake.server_point_len": "65", - "ssl.handshake.server_point": "04:83:d8:68:7e:04:99:82:17:18:db:06:80:1e:97:f4:2b:c0:af:e1:d8:82:30:16:db:5b:27:ee:fc:d6:04:ec:f2:52:40:0c:77:62:df:81:b7:f2:b5:aa:b1:3c:ba:12:f9:42:f1:ea:76:8c:d9:4f:15:8d:bd:b8:d7:f4:41:7e:84", - "ssl.handshake.sig_hash_alg": "0x00000601", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "6", - "ssl.handshake.sig_hash_sig": "1" - }, - "ssl.handshake.sig_len": "128", - "ssl.handshake.sig": "c3:20:11:ef:ca:7a:32:7d:e9:7f:a6:08:a0:40:67:d7:d7:e9:1b:87:6d:df:ab:e7:e5:c2:0c:1f:02:8f:2c:91:34:cb:02:27:69:71:11:4a:84:73:ec:c5:e7:35:ee:03:d4:b4:d8:c5:2e:5c:3e:4e:65:6d:39:ae:3d:bf:04:39:a7:37:4d:8f:66:1d:e5:3c:c2:26:1c:37:7d:18:97:c3:f4:ce:42:a5:84:53:23:03:9f:44:e9:9b:20:b9:7e:f5:83:24:79:ec:ad:74:0a:62:93:f6:0f:10:97:26:9b:3d:9c:0a:ae:60:3f:e0:ef:06:99:5d:e7:dc:cf:14:05:51" - } - } - }, - "ssl.record": { - "ssl.record.content_type": "22", - "ssl.record.version": "0x00000303", - "ssl.record.length": "4", - "ssl.handshake": { - "ssl.handshake.type": "14", - "ssl.handshake.length": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:28.241933000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495748.241933000", - "frame.time_delta": "0.000660000", - "frame.time_delta_displayed": "0.000660000", - "frame.time_relative": "2156.781247000", - "frame.number": "8044", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x000013c7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000094fa", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "52.4.156.100", - "ip.addr": "52.4.156.100", - "ip.dst_host": "52.4.156.100", - "ip.host": "52.4.156.100", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.dst_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.dst_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.dst_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - } - }, - "tcp": { - "tcp.srcport": "58240", - "tcp.dstport": "443", - "tcp.port": "58240", - "tcp.port": "443", - "tcp.stream": "313", - "tcp.len": "0", - "tcp.seq": "308", - "tcp.ack": "1672", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "281", - "tcp.window_size": "17984", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000991d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:fb:72:4b:4a:74:ba", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2620274, TSecr 1263170746": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2620274", - "tcp.options.timestamp.tsecr": "1263170746" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8043", - "tcp.analysis.ack_rtt": "0.000660000", - "tcp.analysis.initial_rtt": "0.074041000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:28.274742000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495748.274742000", - "frame.time_delta": "0.032809000", - "frame.time_delta_displayed": "0.032809000", - "frame.time_relative": "2156.814056000", - "frame.number": "8045", - "frame.len": "192", - "frame.cap_len": "192", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "178", - "ip.id": "0x000013c8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000947b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "52.4.156.100", - "ip.addr": "52.4.156.100", - "ip.dst_host": "52.4.156.100", - "ip.host": "52.4.156.100", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.dst_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.dst_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.dst_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - } - }, - "tcp": { - "tcp.srcport": "58240", - "tcp.dstport": "443", - "tcp.port": "58240", - "tcp.port": "443", - "tcp.stream": "313", - "tcp.len": "126", - "tcp.seq": "308", - "tcp.nxtseq": "434", - "tcp.ack": "1672", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "281", - "tcp.window_size": "17984", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x000099d8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:fb:75:4b:4a:74:ba", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2620277, TSecr 1263170746": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2620277", - "tcp.options.timestamp.tsecr": "1263170746" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.074041000", - "tcp.analysis.bytes_in_flight": "126", - "tcp.analysis.push_bytes_sent": "126" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "22", - "ssl.record.version": "0x00000303", - "ssl.record.length": "70", - "ssl.handshake": { - "ssl.handshake.type": "16", - "ssl.handshake.length": "66", - "EC Diffie-Hellman Client Params": { - "ssl.handshake.client_point_len": "65", - "ssl.handshake.client_point": "04:4b:a6:45:63:4c:e2:66:86:49:97:4a:f3:ea:bd:df:61:4c:46:d5:ef:d1:d1:66:14:9d:ce:60:1b:44:a5:18:6b:07:f2:ae:d9:ee:0a:6d:f5:d1:7c:e1:21:3a:b1:ee:f5:c9:8e:16:f7:f2:54:c3:d8:91:4f:37:81:cc:a9:5b:32" - } - } - }, - "ssl.record": { - "ssl.record.content_type": "20", - "ssl.record.version": "0x00000303", - "ssl.record.length": "1", - "ssl.change_cipher_spec": "" - }, - "ssl.record": { - "ssl.record.content_type": "22", - "ssl.record.version": "0x00000303", - "ssl.record.length": "40", - "ssl.handshake": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:28.348401000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495748.348401000", - "frame.time_delta": "0.073659000", - "frame.time_delta_displayed": "0.073659000", - "frame.time_relative": "2156.887715000", - "frame.number": "8046", - "frame.len": "117", - "frame.cap_len": "117", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "103", - "ip.id": "0x000058dd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "231", - "ip.proto": "6", - "ip.checksum": "0x0000a8b0", - "ip.checksum.status": "2", - "ip.src": "52.4.156.100", - "ip.addr": "52.4.156.100", - "ip.src_host": "52.4.156.100", - "ip.host": "52.4.156.100", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.src_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.src_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.src_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "58240", - "tcp.port": "443", - "tcp.port": "58240", - "tcp.stream": "313", - "tcp.len": "51", - "tcp.seq": "1672", - "tcp.nxtseq": "1723", - "tcp.ack": "434", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "110", - "tcp.window_size": "28160", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00003cdc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:4b:4a:74:d4:00:27:fb:75", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 1263170772, TSecr 2620277": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "1263170772", - "tcp.options.timestamp.tsecr": "2620277" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8045", - "tcp.analysis.ack_rtt": "0.073659000", - "tcp.analysis.initial_rtt": "0.074041000", - "tcp.analysis.bytes_in_flight": "51", - "tcp.analysis.push_bytes_sent": "51" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "20", - "ssl.record.version": "0x00000303", - "ssl.record.length": "1", - "ssl.change_cipher_spec": "" - }, - "ssl.record": { - "ssl.record.content_type": "22", - "ssl.record.version": "0x00000303", - "ssl.record.length": "40", - "ssl.handshake": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:28.350047000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495748.350047000", - "frame.time_delta": "0.001646000", - "frame.time_delta_displayed": "0.001646000", - "frame.time_relative": "2156.889361000", - "frame.number": "8047", - "frame.len": "135", - "frame.cap_len": "135", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "121", - "ip.id": "0x000013c9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000094b3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "52.4.156.100", - "ip.addr": "52.4.156.100", - "ip.dst_host": "52.4.156.100", - "ip.host": "52.4.156.100", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.dst_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.dst_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.dst_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - } - }, - "tcp": { - "tcp.srcport": "58240", - "tcp.dstport": "443", - "tcp.port": "58240", - "tcp.port": "443", - "tcp.stream": "313", - "tcp.len": "69", - "tcp.seq": "434", - "tcp.nxtseq": "503", - "tcp.ack": "1723", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "281", - "tcp.window_size": "17984", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x00006c03", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:fb:7d:4b:4a:74:d4", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2620285, TSecr 1263170772": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2620285", - "tcp.options.timestamp.tsecr": "1263170772" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8046", - "tcp.analysis.ack_rtt": "0.001646000", - "tcp.analysis.initial_rtt": "0.074041000", - "tcp.analysis.bytes_in_flight": "69", - "tcp.analysis.push_bytes_sent": "69" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "64", - "ssl.app_data": "06:b5:da:26:35:28:6f:41:b9:01:d5:d2:b8:ac:3b:6f:52:fb:57:e1:be:dc:24:08:c8:f1:a3:90:e2:ea:01:1b:86:23:aa:15:06:d4:c4:e5:f8:cd:00:b1:11:b0:f1:6a:e7:eb:60:70:6e:fd:95:11:da:be:f0:08:5e:04:9f:8d" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:28.423571000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495748.423571000", - "frame.time_delta": "0.073524000", - "frame.time_delta_displayed": "0.073524000", - "frame.time_relative": "2156.962885000", - "frame.number": "8048", - "frame.len": "135", - "frame.cap_len": "135", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "121", - "ip.id": "0x000058de", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "231", - "ip.proto": "6", - "ip.checksum": "0x0000a89d", - "ip.checksum.status": "2", - "ip.src": "52.4.156.100", - "ip.addr": "52.4.156.100", - "ip.src_host": "52.4.156.100", - "ip.host": "52.4.156.100", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.src_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.src_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.src_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "58240", - "tcp.port": "443", - "tcp.port": "58240", - "tcp.stream": "313", - "tcp.len": "69", - "tcp.seq": "1723", - "tcp.nxtseq": "1792", - "tcp.ack": "503", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "110", - "tcp.window_size": "28160", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000011a0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:4b:4a:74:e7:00:27:fb:7d", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 1263170791, TSecr 2620285": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "1263170791", - "tcp.options.timestamp.tsecr": "2620285" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8047", - "tcp.analysis.ack_rtt": "0.073524000", - "tcp.analysis.initial_rtt": "0.074041000", - "tcp.analysis.bytes_in_flight": "69", - "tcp.analysis.push_bytes_sent": "69" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "64", - "ssl.app_data": "eb:72:a3:04:94:3e:7f:f9:53:de:ab:ca:a3:8b:da:46:a4:f1:a5:28:cb:12:15:73:ba:00:d3:e0:b7:f6:8d:57:fd:78:9e:20:38:84:94:a6:ea:68:63:3f:a5:cf:45:1d:57:23:eb:4a:34:97:47:f4:1a:00:79:d2:75:c4:22:47" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:28.424502000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495748.424502000", - "frame.time_delta": "0.000931000", - "frame.time_delta_displayed": "0.000931000", - "frame.time_relative": "2156.963816000", - "frame.number": "8049", - "frame.len": "555", - "frame.cap_len": "555", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "541", - "ip.id": "0x000013ca", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000930e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "52.4.156.100", - "ip.addr": "52.4.156.100", - "ip.dst_host": "52.4.156.100", - "ip.host": "52.4.156.100", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.dst_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.dst_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.dst_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - } - }, - "tcp": { - "tcp.srcport": "58240", - "tcp.dstport": "443", - "tcp.port": "58240", - "tcp.port": "443", - "tcp.stream": "313", - "tcp.len": "489", - "tcp.seq": "503", - "tcp.nxtseq": "992", - "tcp.ack": "1792", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "281", - "tcp.window_size": "17984", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000d82b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:fb:84:4b:4a:74:e7", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2620292, TSecr 1263170791": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2620292", - "tcp.options.timestamp.tsecr": "1263170791" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8048", - "tcp.analysis.ack_rtt": "0.000931000", - "tcp.analysis.initial_rtt": "0.074041000", - "tcp.analysis.bytes_in_flight": "489", - "tcp.analysis.push_bytes_sent": "489" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "484", - "ssl.app_data": "06:b5:da:26:35:28:6f:42:47:75:0c:82:e8:d7:e1:1a:32:e3:c4:7f:64:2f:1d:94:51:7b:3b:33:7c:ff:5e:48:66:ce:55:6d:e4:95:0b:43:8a:90:c1:e9:29:00:36:cc:df:cc:fb:be:aa:78:49:92:69:b9:b8:38:bb:18:95:e0:ff:9a:f2:2d:0d:2e:05:3b:c7:c9:88:c5:b6:27:1e:c2:77:ff:1d:04:91:09:79:98:3d:4b:87:84:d2:36:cf:fc:cf:59:02:48:ce:23:07:9b:d5:bc:9a:f5:06:9b:5f:a9:04:1b:da:1f:5a:e0:24:56:70:fc:dc:2a:2a:b0:33:08:fc:00:1f:89:7e:43:03:a0:8d:10:03:59:85:57:41:85:87:3e:6d:8b:02:50:75:72:43:42:82:b0:7a:6e:d1:c4:8d:7f:57:c2:ab:3b:75:31:18:02:5d:54:6b:c8:5a:90:ed:02:54:74:85:01:7a:37:2f:0b:1b:42:ba:84:c9:bd:de:62:64:8d:ca:41:f6:20:fc:e5:52:4b:45:6e:ec:13:6e:8c:8a:c3:bc:db:a6:a1:c3:50:2f:b1:70:89:90:fa:54:95:12:11:3a:92:2a:41:5c:eb:ea:97:23:b7:12:70:63:71:ff:b4:aa:ef:50:87:fb:95:89:28:37:5b:f4:36:ed:d5:89:43:a7:8b:1f:23:9d:5b:48:78:bc:e9:d8:ac:bd:91:36:f1:c2:ff:b2:9b:1f:5a:95:af:b5:48:79:29:e6:bb:8a:5c:58:20:1c:24:8a:9a:84:9d:0e:8a:cf:5f:76:52:da:bd:a6:30:2d:bb:30:de:31:19:82:5f:9f:2a:31:93:88:b6:47:4c:6d:42:ba:de:66:84:f0:d4:1d:99:b0:e1:b0:82:27:49:95:06:74:11:55:18:67:39:b9:0d:7c:69:af:94:3e:0e:d3:dc:54:fe:f6:dc:6b:ea:ea:ad:cb:83:9d:c6:7e:11:cb:dc:c7:ee:d2:f6:ae:3a:c8:02:64:c2:59:59:f6:f1:03:47:17:27:21:cf:a5:ba:c6:09:c2:ce:5d:97:95:05:0e:64:1d:1d:ed:a7:0a:58:2e:37:63:f1:5c:16:dd:d6:97:a4:aa:13:bb:7f:60:fe:04:55:4a:66:1e:6a:98:8d:27:07:5a:4a:ad:13:bb:c3:d7:5f:34:85:27:3c:87:a5:fd:4d:ba:42:66:93:1a:07:0a:77:c0:18:f5:06:e6:53:62:a3:2d:86:e2:e7:d0:22:1a:8b:b8:cb:ee:49" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:28.498303000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495748.498303000", - "frame.time_delta": "0.073801000", - "frame.time_delta_displayed": "0.073801000", - "frame.time_relative": "2157.037617000", - "frame.number": "8050", - "frame.len": "141", - "frame.cap_len": "141", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "127", - "ip.id": "0x000058df", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "231", - "ip.proto": "6", - "ip.checksum": "0x0000a896", - "ip.checksum.status": "2", - "ip.src": "52.4.156.100", - "ip.addr": "52.4.156.100", - "ip.src_host": "52.4.156.100", - "ip.host": "52.4.156.100", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.src_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.src_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.src_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "58240", - "tcp.port": "443", - "tcp.port": "58240", - "tcp.stream": "313", - "tcp.len": "75", - "tcp.seq": "1792", - "tcp.nxtseq": "1867", - "tcp.ack": "992", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "114", - "tcp.window_size": "29184", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000edb7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:4b:4a:74:fa:00:27:fb:84", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 1263170810, TSecr 2620292": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "1263170810", - "tcp.options.timestamp.tsecr": "2620292" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8049", - "tcp.analysis.ack_rtt": "0.073801000", - "tcp.analysis.initial_rtt": "0.074041000", - "tcp.analysis.bytes_in_flight": "75", - "tcp.analysis.push_bytes_sent": "75" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "70", - "ssl.app_data": "eb:72:a3:04:94:3e:7f:fa:8b:92:f1:c0:48:aa:5a:a1:3a:71:80:27:69:06:59:1f:ca:d7:ed:aa:33:e3:d2:99:fe:44:cd:b1:9a:b5:10:68:bd:fd:08:a1:1f:fe:84:44:ef:e0:fc:8c:49:f1:6d:c2:b1:27:e8:d0:52:ab:29:0d:97:a9:ee:fc:1e:cb" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:28.499036000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495748.499036000", - "frame.time_delta": "0.000733000", - "frame.time_delta_displayed": "0.000733000", - "frame.time_relative": "2157.038350000", - "frame.number": "8051", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x000013cb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000094f6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "52.4.156.100", - "ip.addr": "52.4.156.100", - "ip.dst_host": "52.4.156.100", - "ip.host": "52.4.156.100", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.dst_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.dst_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.dst_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - } - }, - "tcp": { - "tcp.srcport": "58240", - "tcp.dstport": "443", - "tcp.port": "58240", - "tcp.port": "443", - "tcp.stream": "313", - "tcp.len": "0", - "tcp.seq": "992", - "tcp.ack": "1867", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "281", - "tcp.window_size": "17984", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x00009553", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:27:fb:8c:4b:4a:74:fa", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2620300, TSecr 1263170810": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2620300", - "tcp.options.timestamp.tsecr": "1263170810" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8050", - "tcp.analysis.ack_rtt": "0.000733000", - "tcp.analysis.initial_rtt": "0.074041000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:28.572118000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495748.572118000", - "frame.time_delta": "0.073082000", - "frame.time_delta_displayed": "0.073082000", - "frame.time_relative": "2157.111432000", - "frame.number": "8052", - "frame.len": "97", - "frame.cap_len": "97", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "83", - "ip.id": "0x000058e0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "231", - "ip.proto": "6", - "ip.checksum": "0x0000a8c1", - "ip.checksum.status": "2", - "ip.src": "52.4.156.100", - "ip.addr": "52.4.156.100", - "ip.src_host": "52.4.156.100", - "ip.host": "52.4.156.100", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.src_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.src_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.src_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "58240", - "tcp.port": "443", - "tcp.port": "58240", - "tcp.stream": "313", - "tcp.len": "31", - "tcp.seq": "1867", - "tcp.nxtseq": "1898", - "tcp.ack": "993", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "114", - "tcp.window_size": "29184", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00000f69", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:4b:4a:75:0c:00:27:fb:8c", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 1263170828, TSecr 2620300": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "1263170828", - "tcp.options.timestamp.tsecr": "2620300" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8051", - "tcp.analysis.ack_rtt": "0.073082000", - "tcp.analysis.initial_rtt": "0.074041000", - "tcp.analysis.bytes_in_flight": "31", - "tcp.analysis.push_bytes_sent": "31" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "21", - "ssl.record.version": "0x00000303", - "ssl.record.length": "26", - "ssl.alert_message": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:28.572204000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495748.572204000", - "frame.time_delta": "0.000086000", - "frame.time_delta_displayed": "0.000086000", - "frame.time_relative": "2157.111518000", - "frame.number": "8053", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x000058e1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "231", - "ip.proto": "6", - "ip.checksum": "0x0000a8df", - "ip.checksum.status": "2", - "ip.src": "52.4.156.100", - "ip.addr": "52.4.156.100", - "ip.src_host": "52.4.156.100", - "ip.host": "52.4.156.100", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.src_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.src_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.src_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "58240", - "tcp.port": "443", - "tcp.port": "58240", - "tcp.stream": "313", - "tcp.len": "0", - "tcp.seq": "1898", - "tcp.ack": "993", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "114", - "tcp.window_size": "29184", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000095c8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:4b:4a:75:0c:00:27:fb:8c", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 1263170828, TSecr 2620300": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "1263170828", - "tcp.options.timestamp.tsecr": "2620300" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:28.572630000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495748.572630000", - "frame.time_delta": "0.000426000", - "frame.time_delta_displayed": "0.000426000", - "frame.time_relative": "2157.111944000", - "frame.number": "8054", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000f372", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b55a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "52.4.156.100", - "ip.addr": "52.4.156.100", - "ip.dst_host": "52.4.156.100", - "ip.host": "52.4.156.100", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.dst_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.dst_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.dst_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - } - }, - "tcp": { - "tcp.srcport": "58240", - "tcp.dstport": "443", - "tcp.port": "58240", - "tcp.port": "443", - "tcp.stream": "313", - "tcp.len": "0", - "tcp.seq": "993", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000c27b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:28.572643000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495748.572643000", - "frame.time_delta": "0.000013000", - "frame.time_delta_displayed": "0.000013000", - "frame.time_relative": "2157.111957000", - "frame.number": "8055", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000f373", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b559", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "52.4.156.100", - "ip.addr": "52.4.156.100", - "ip.dst_host": "52.4.156.100", - "ip.host": "52.4.156.100", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.dst_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.dst_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.dst_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - } - }, - "tcp": { - "tcp.srcport": "58240", - "tcp.dstport": "443", - "tcp.port": "58240", - "tcp.port": "443", - "tcp.stream": "313", - "tcp.len": "0", - "tcp.seq": "993", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000c27b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:28.851421000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495748.851421000", - "frame.time_delta": "0.278778000", - "frame.time_delta_displayed": "0.278778000", - "frame.time_relative": "2157.390735000", - "frame.number": "8056", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "3c:ef:8c:6f:79:5a", - "eth.src_tree": { - "eth.src_resolved": "Zhejiang_6f:79:5a", - "eth.addr": "3c:ef:8c:6f:79:5a", - "eth.addr_resolved": "Zhejiang_6f:79:5a", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.isgratuitous": "1", - "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", - "arp.src.proto_ipv4": "192.168.0.71", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.71" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:29.707153000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495749.707153000", - "frame.time_delta": "0.855732000", - "frame.time_delta_displayed": "0.855732000", - "frame.time_relative": "2158.246467000", - "frame.number": "8057", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00002008", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b7e8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00001464", - "udp.checksum.status": "2", - "udp.stream": "150" - }, - "mdns": { - "dns.id": "0x0000028f", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=655", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:29.707657000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495749.707657000", - "frame.time_delta": "0.000504000", - "frame.time_delta_displayed": "0.000504000", - "frame.time_relative": "2158.246971000", - "frame.number": "8058", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00002009", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000098e3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f55f", - "udp.checksum.status": "2", - "udp.stream": "151" - }, - "mdns": { - "dns.id": "0x0000028f", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=655", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:29.708273000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495749.708273000", - "frame.time_delta": "0.000616000", - "frame.time_delta_displayed": "0.000616000", - "frame.time_relative": "2158.247587000", - "frame.number": "8059", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1325", - "udp.dstport": "5353", - "udp.port": "1325", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00008325", - "udp.checksum.status": "2", - "udp.stream": "152" - }, - "mdns": { - "dns.id": "0x0000028f", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=655", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:30.062403000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495750.062403000", - "frame.time_delta": "0.354130000", - "frame.time_delta_displayed": "0.354130000", - "frame.time_relative": "2158.601717000", - "frame.number": "8060", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "60:57:18:8e:aa:94", - "arp.src.proto_ipv4": "192.168.0.108", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:31.100468000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495751.100468000", - "frame.time_delta": "1.038065000", - "frame.time_delta_displayed": "1.038065000", - "frame.time_relative": "2159.639782000", - "frame.number": "8061", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.242" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:31.100896000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495751.100896000", - "frame.time_delta": "0.000428000", - "frame.time_delta_displayed": "0.000428000", - "frame.time_relative": "2159.640210000", - "frame.number": "8062", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "d0:52:a8:a3:60:0f", - "arp.src.proto_ipv4": "192.168.0.242", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:34.258114000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495754.258114000", - "frame.time_delta": "3.157218000", - "frame.time_delta_displayed": "3.157218000", - "frame.time_relative": "2162.797428000", - "frame.number": "8063", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005830", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a661", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "5237", - "tcp.ack": "757", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000ef56", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive": "", - "_ws.expert.message": "TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:34.401196000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495754.401196000", - "frame.time_delta": "0.143082000", - "frame.time_delta_displayed": "0.143082000", - "frame.time_relative": "2162.940510000", - "frame.number": "8064", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001012", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fd7f", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "757", - "tcp.ack": "5238", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f9cb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive_ack": "", - "_ws.expert.message": "ACK to a TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:34.707397000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495754.707397000", - "frame.time_delta": "0.306201000", - "frame.time_delta_displayed": "0.306201000", - "frame.time_relative": "2163.246711000", - "frame.number": "8065", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x0000200a", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b7e6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00001464", - "udp.checksum.status": "2", - "udp.stream": "150" - }, - "mdns": { - "dns.id": "0x0000028f", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=655", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:34.707917000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495754.707917000", - "frame.time_delta": "0.000520000", - "frame.time_delta_displayed": "0.000520000", - "frame.time_relative": "2163.247231000", - "frame.number": "8066", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x0000200b", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000098e1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f55f", - "udp.checksum.status": "2", - "udp.stream": "151" - }, - "mdns": { - "dns.id": "0x0000028f", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=655", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:34.708532000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495754.708532000", - "frame.time_delta": "0.000615000", - "frame.time_delta_displayed": "0.000615000", - "frame.time_relative": "2163.247846000", - "frame.number": "8067", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1325", - "udp.dstport": "5353", - "udp.port": "1325", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00008325", - "udp.checksum.status": "2", - "udp.stream": "152" - }, - "mdns": { - "dns.id": "0x0000028f", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=655", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:36.828386000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495756.828386000", - "frame.time_delta": "2.119854000", - "frame.time_delta_displayed": "2.119854000", - "frame.time_relative": "2165.367700000", - "frame.number": "8068", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005f0e", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x000058db", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:37.626009000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495757.626009000", - "frame.time_delta": "0.797623000", - "frame.time_delta_displayed": "0.797623000", - "frame.time_relative": "2166.165323000", - "frame.number": "8069", - "frame.len": "20", - "frame.cap_len": "20", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:llc" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.len": "6" - }, - "llc": { - "llc.dsap": "0x00000000", - "llc.dsap_tree": { - "llc.dsap.sap": "0", - "llc.dsap.ig": "0" - }, - "llc.ssap": "0x00000001", - "llc.ssap_tree": { - "llc.ssap.sap": "0", - "llc.ssap.cr": "1" - }, - "llc.control": "0x000000af", - "llc.control_tree": { - "llc.control.u_modifier_resp": "0x0000002b", - "llc.control.ftype": "0x00000003" - } - }, - "basicxid": { - "basicxid.llc.xid.format": "0x00000081", - "basicxid.llc.xid.types": "0x00000001", - "basicxid.llc.xid.wsize": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:37.855185000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495757.855185000", - "frame.time_delta": "0.229176000", - "frame.time_delta_displayed": "0.229176000", - "frame.time_relative": "2166.394499000", - "frame.number": "8070", - "frame.len": "350", - "frame.cap_len": "350", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:bootp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "336", - "ip.id": "0x00000000", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ba9d", - "ip.checksum.status": "2", - "ip.src": "0.0.0.0", - "ip.addr": "0.0.0.0", - "ip.src_host": "0.0.0.0", - "ip.host": "0.0.0.0", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "68", - "udp.dstport": "67", - "udp.port": "68", - "udp.port": "67", - "udp.length": "316", - "udp.checksum": "0x00004f9e", - "udp.checksum.status": "2", - "udp.stream": "3" - }, - "bootp": { - "bootp.type": "1", - "bootp.hw.type": "0x00000001", - "bootp.hw.len": "6", - "bootp.hops": "0", - "bootp.id": "0xabcd0001", - "bootp.secs": "0", - "bootp.flags": "0x00000000", - "bootp.flags_tree": { - "bootp.flags.bc": "0", - "bootp.flags.reserved": "0x00000000" - }, - "bootp.ip.client": "0.0.0.0", - "bootp.ip.your": "0.0.0.0", - "bootp.ip.server": "0.0.0.0", - "bootp.ip.relay": "0.0.0.0", - "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", - "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", - "bootp.server": "", - "bootp.file": "", - "bootp.dhcp": "1", - "bootp.cookie": "99.130.83.99", - "bootp.option.type": "53", - "bootp.option.type_tree": { - "bootp.option.length": "1", - "bootp.option.value": "01", - "bootp.option.dhcp": "1" - }, - "bootp.option.type": "12", - "bootp.option.type_tree": { - "bootp.option.length": "14", - "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", - "bootp.option.hostname": "USR-WIFI232-G2" - }, - "bootp.option.type": "57", - "bootp.option.type_tree": { - "bootp.option.length": "2", - "bootp.option.value": "05:dc", - "bootp.option.dhcp_max_message_size": "1500" - }, - "bootp.option.type": "55", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "01:03:1c:06", - "bootp.option.request_list_item": "1", - "bootp.option.request_list_item": "3", - "bootp.option.request_list_item": "28", - "bootp.option.request_list_item": "6" - }, - "bootp.option.type": "0", - "bootp.option.type_tree": { - "bootp.option.end": "255" - }, - "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:37.872096000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495757.872096000", - "frame.time_delta": "0.016911000", - "frame.time_delta_displayed": "0.016911000", - "frame.time_relative": "2166.411410000", - "frame.number": "8071", - "frame.len": "350", - "frame.cap_len": "350", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:bootp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "336", - "ip.id": "0x00000001", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ba9c", - "ip.checksum.status": "2", - "ip.src": "0.0.0.0", - "ip.addr": "0.0.0.0", - "ip.src_host": "0.0.0.0", - "ip.host": "0.0.0.0", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "68", - "udp.dstport": "67", - "udp.port": "68", - "udp.port": "67", - "udp.length": "316", - "udp.checksum": "0x000080b3", - "udp.checksum.status": "2", - "udp.stream": "3" - }, - "bootp": { - "bootp.type": "1", - "bootp.hw.type": "0x00000001", - "bootp.hw.len": "6", - "bootp.hops": "0", - "bootp.id": "0xabcd0002", - "bootp.secs": "0", - "bootp.flags": "0x00000000", - "bootp.flags_tree": { - "bootp.flags.bc": "0", - "bootp.flags.reserved": "0x00000000" - }, - "bootp.ip.client": "0.0.0.0", - "bootp.ip.your": "0.0.0.0", - "bootp.ip.server": "0.0.0.0", - "bootp.ip.relay": "0.0.0.0", - "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", - "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", - "bootp.server": "", - "bootp.file": "", - "bootp.dhcp": "1", - "bootp.cookie": "99.130.83.99", - "bootp.option.type": "53", - "bootp.option.type_tree": { - "bootp.option.length": "1", - "bootp.option.value": "03", - "bootp.option.dhcp": "3" - }, - "bootp.option.type": "12", - "bootp.option.type_tree": { - "bootp.option.length": "14", - "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", - "bootp.option.hostname": "USR-WIFI232-G2" - }, - "bootp.option.type": "57", - "bootp.option.type_tree": { - "bootp.option.length": "2", - "bootp.option.value": "05:dc", - "bootp.option.dhcp_max_message_size": "1500" - }, - "bootp.option.type": "50", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "c0:a8:00:72", - "bootp.option.requested_ip_address": "192.168.0.114" - }, - "bootp.option.type": "54", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "c0:a8:00:01", - "bootp.option.dhcp_server_id": "192.168.0.1" - }, - "bootp.option.type": "55", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "01:03:1c:06", - "bootp.option.request_list_item": "1", - "bootp.option.request_list_item": "3", - "bootp.option.request_list_item": "28", - "bootp.option.request_list_item": "6" - }, - "bootp.option.type": "0", - "bootp.option.type_tree": { - "bootp.option.end": "255" - }, - "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:37.924817000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495757.924817000", - "frame.time_delta": "0.052721000", - "frame.time_delta_displayed": "0.052721000", - "frame.time_relative": "2166.464131000", - "frame.number": "8072", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", - "arp.src.proto_ipv4": "0.0.0.0", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.114" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:38.039399000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495758.039399000", - "frame.time_delta": "0.114582000", - "frame.time_delta_displayed": "0.114582000", - "frame.time_relative": "2166.578713000", - "frame.number": "8073", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", - "arp.src.proto_ipv4": "0.0.0.0", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.114" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:39.268037000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495759.268037000", - "frame.time_delta": "1.228638000", - "frame.time_delta_displayed": "1.228638000", - "frame.time_relative": "2167.807351000", - "frame.number": "8074", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "00:17:88:69:ee:e4", - "arp.src.proto_ipv4": "192.168.0.160", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:39.268212000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495759.268212000", - "frame.time_delta": "0.000175000", - "frame.time_delta_displayed": "0.000175000", - "frame.time_relative": "2167.807526000", - "frame.number": "8075", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:17:88:69:ee:e4", - "arp.dst.proto_ipv4": "192.168.0.160" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:39.707897000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495759.707897000", - "frame.time_delta": "0.439685000", - "frame.time_delta_displayed": "0.439685000", - "frame.time_relative": "2168.247211000", - "frame.number": "8076", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x0000200c", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b7e4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00001464", - "udp.checksum.status": "2", - "udp.stream": "150" - }, - "mdns": { - "dns.id": "0x0000028f", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=655", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:39.708288000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495759.708288000", - "frame.time_delta": "0.000391000", - "frame.time_delta_displayed": "0.000391000", - "frame.time_relative": "2168.247602000", - "frame.number": "8077", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x0000200d", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000098df", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f55f", - "udp.checksum.status": "2", - "udp.stream": "151" - }, - "mdns": { - "dns.id": "0x0000028f", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=655", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:39.708835000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495759.708835000", - "frame.time_delta": "0.000547000", - "frame.time_delta_displayed": "0.000547000", - "frame.time_relative": "2168.248149000", - "frame.number": "8078", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1325", - "udp.dstport": "5353", - "udp.port": "1325", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00008325", - "udp.checksum.status": "2", - "udp.stream": "152" - }, - "mdns": { - "dns.id": "0x0000028f", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=655", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:40.198780000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495760.198780000", - "frame.time_delta": "0.489945000", - "frame.time_delta_displayed": "0.489945000", - "frame.time_relative": "2168.738094000", - "frame.number": "8079", - "frame.len": "98", - "frame.cap_len": "98", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "84", - "ip.id": "0x00000bb9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ecf7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "64", - "udp.checksum": "0x00001f52", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "38:00:00:54:42:52:4b:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:00:44:a7:f4:3d:65:ce:f2:14:0f:00:00:00:00:a6:d4:73:1a:21:e0:13:ff:c9:9a:3b:00:00:00:00:01:00:02:00", - "data.len": "56" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:41.252944000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495761.252944000", - "frame.time_delta": "1.054164000", - "frame.time_delta_displayed": "1.054164000", - "frame.time_relative": "2169.792258000", - "frame.number": "8080", - "frame.len": "410", - "frame.cap_len": "410", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "396", - "ip.id": "0x000096fe", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007529", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "344", - "tcp.seq": "93799", - "tcp.nxtseq": "94143", - "tcp.ack": "19163", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00001a33", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:00:87:a7:a3:33:f0", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2621575, TSecr 2812490736": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2621575", - "tcp.options.timestamp.tsecr": "2812490736" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "344", - "tcp.analysis.push_bytes_sent": "344" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "339", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:94:5a:0a:a9:6a:65:99:eb:4a:78:80:d2:51:73:e6:e3:4c:1c:a9:dc:c5:3c:f5:f0:63:9e:25:24:f2:cf:dd:27:cc:05:04:d0:73:c1:77:0f:15:87:51:6a:a0:93:d9:ec:4b:36:5c:0e:8e:3c:7c:29:86:f7:7e:a2:90:25:05:70:6b:2b:f2:87:96:5c:e3:5c:22:f5:70:cc:1b:d6:f7:bb:88:1a:10:3a:0b:1a:a2:25:dd:e6:f4:df:32:f9:94:8a:ee:37:cd:6f:91:dc:65:0f:c9:7a:d1:e1:c4:77:f8:f3:3a:6c:5a:46:a6:df:8c:ca:a7:1b:70:50:e6:62:f7:0f:c4:03:4b:50:ee:d9:d3:2d:3a:fa:db:19:e9:f4:4b:7c:77:01:b8:b3:62:ee:8a:f2:03:6a:79:be:02:50:da:9a:0f:97:34:0a:2d:56:bc:0a:21:87:fa:6e:b3:11:c2:33:e0:23:c7:44:b4:bc:cd:30:83:46:b6:58:bc:e3:7d:57:ab:2e:77:82:b5:7c:36:db:26:82:d8:1c:f8:e0:7b:f9:47:43:73:b0:c7:fc:66:24:ec:8b:01:87:9f:4e:f5:60:ea:9f:ad:4d:ac:53:fd:2f:4b:50:a6:78:98:5b:c1:b9:d6:16:9c:27:f7:59:5d:0b:87:5c:3b:14:b1:6c:31:c9:80:f8:5b:76:e1:04:29:e6:2f:56:62:98:e6:9c:f7:d5:bf:4a:01:69:11:b0:10:73:8c:24:63:77:99:59:86:e7:9f:73:4d:59:85:e3:3a:72:a3:fc:38:40:33:d9:7b:30:e5:6d:a3:0e:cf:16:20:81:e4:de:52:ee:d0:a6:3e:50:e6:6a:8e:62:22:bd:c3:41:17:b8:27:03" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:41.313293000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495761.313293000", - "frame.time_delta": "0.060349000", - "frame.time_delta_displayed": "0.060349000", - "frame.time_relative": "2169.852607000", - "frame.number": "8081", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002def", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003790", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "19163", - "tcp.ack": "94143", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000ab0f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a3:42:54:00:28:00:87", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812494420, TSecr 2621575": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812494420", - "tcp.options.timestamp.tsecr": "2621575" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8080", - "tcp.analysis.ack_rtt": "0.060349000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:41.313778000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495761.313778000", - "frame.time_delta": "0.000485000", - "frame.time_delta_displayed": "0.000485000", - "frame.time_relative": "2169.853092000", - "frame.number": "8082", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002df0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003760", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "19163", - "tcp.nxtseq": "19210", - "tcp.ack": "94143", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000073d3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a3:42:54:00:28:00:87", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812494420, TSecr 2621575": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812494420", - "tcp.options.timestamp.tsecr": "2621575" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:d7:e8:e2:1a:93:4e:67:57:74:e8:19:09:dc:80:f0:e8:3b:fd:49:04:a9:9f:89:c0:7b:ec:84:28:95:d0:8d:98:96:5e:44" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:41.347965000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495761.347965000", - "frame.time_delta": "0.034187000", - "frame.time_delta_displayed": "0.034187000", - "frame.time_relative": "2169.887279000", - "frame.number": "8083", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x000096ff", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007680", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "94143", - "tcp.ack": "19210", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000a9e7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:00:91:a7:a3:42:54", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2621585, TSecr 2812494420": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2621585", - "tcp.options.timestamp.tsecr": "2812494420" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8082", - "tcp.analysis.ack_rtt": "0.034187000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:43.139534000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495763.139534000", - "frame.time_delta": "1.791569000", - "frame.time_delta_displayed": "1.791569000", - "frame.time_relative": "2171.678848000", - "frame.number": "8084", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", - "arp.src.proto_ipv4": "192.168.0.114", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:45.795640000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495765.795640000", - "frame.time_delta": "2.656106000", - "frame.time_delta_displayed": "2.656106000", - "frame.time_relative": "2174.334954000", - "frame.number": "8085", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "50:c7:bf:59:d5:84", - "eth.src_tree": { - "eth.src_resolved": "Tp-LinkT_59:d5:84", - "eth.addr": "50:c7:bf:59:d5:84", - "eth.addr_resolved": "Tp-LinkT_59:d5:84", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "50:c7:bf:59:d5:84", - "arp.src.proto_ipv4": "192.168.0.221", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:49.708245000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495769.708245000", - "frame.time_delta": "3.912605000", - "frame.time_delta_displayed": "3.912605000", - "frame.time_relative": "2178.247559000", - "frame.number": "8086", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x0000200e", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b7e2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00001363", - "udp.checksum.status": "2", - "udp.stream": "150" - }, - "mdns": { - "dns.id": "0x00000290", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=656", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:49.708777000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495769.708777000", - "frame.time_delta": "0.000532000", - "frame.time_delta_displayed": "0.000532000", - "frame.time_relative": "2178.248091000", - "frame.number": "8087", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x0000200f", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000098dd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f45e", - "udp.checksum.status": "2", - "udp.stream": "151" - }, - "mdns": { - "dns.id": "0x00000290", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=656", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:49.709400000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495769.709400000", - "frame.time_delta": "0.000623000", - "frame.time_delta_displayed": "0.000623000", - "frame.time_relative": "2178.248714000", - "frame.number": "8088", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1325", - "udp.dstport": "5353", - "udp.port": "1325", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00008224", - "udp.checksum.status": "2", - "udp.stream": "152" - }, - "mdns": { - "dns.id": "0x00000290", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=656", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:54.708537000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495774.708537000", - "frame.time_delta": "4.999137000", - "frame.time_delta_displayed": "4.999137000", - "frame.time_relative": "2183.247851000", - "frame.number": "8089", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00002010", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b7e0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00001363", - "udp.checksum.status": "2", - "udp.stream": "150" - }, - "mdns": { - "dns.id": "0x00000290", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=656", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:54.709046000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495774.709046000", - "frame.time_delta": "0.000509000", - "frame.time_delta_displayed": "0.000509000", - "frame.time_relative": "2183.248360000", - "frame.number": "8090", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00002011", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000098db", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f45e", - "udp.checksum.status": "2", - "udp.stream": "151" - }, - "mdns": { - "dns.id": "0x00000290", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=656", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:54.709655000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495774.709655000", - "frame.time_delta": "0.000609000", - "frame.time_delta_displayed": "0.000609000", - "frame.time_relative": "2183.248969000", - "frame.number": "8091", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1325", - "udp.dstport": "5353", - "udp.port": "1325", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00008224", - "udp.checksum.status": "2", - "udp.stream": "152" - }, - "mdns": { - "dns.id": "0x00000290", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=656", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:57.022087000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495777.022087000", - "frame.time_delta": "2.312432000", - "frame.time_delta_displayed": "2.312432000", - "frame.time_relative": "2185.561401000", - "frame.number": "8092", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "60:f1:89:96:45:f6", - "arp.src.proto_ipv4": "192.168.0.86", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:59.708808000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495779.708808000", - "frame.time_delta": "2.686721000", - "frame.time_delta_displayed": "2.686721000", - "frame.time_relative": "2188.248122000", - "frame.number": "8093", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00002012", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b7de", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00001363", - "udp.checksum.status": "2", - "udp.stream": "150" - }, - "mdns": { - "dns.id": "0x00000290", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=656", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:59.709348000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495779.709348000", - "frame.time_delta": "0.000540000", - "frame.time_delta_displayed": "0.000540000", - "frame.time_relative": "2188.248662000", - "frame.number": "8094", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00002013", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000098d9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f45e", - "udp.checksum.status": "2", - "udp.stream": "151" - }, - "mdns": { - "dns.id": "0x00000290", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=656", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:22:59.709963000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495779.709963000", - "frame.time_delta": "0.000615000", - "frame.time_delta_displayed": "0.000615000", - "frame.time_relative": "2188.249277000", - "frame.number": "8095", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1325", - "udp.dstport": "5353", - "udp.port": "1325", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00008224", - "udp.checksum.status": "2", - "udp.stream": "152" - }, - "mdns": { - "dns.id": "0x00000290", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=656", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:01.674556000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495781.674556000", - "frame.time_delta": "1.964593000", - "frame.time_delta_displayed": "1.964593000", - "frame.time_relative": "2190.213870000", - "frame.number": "8096", - "frame.len": "418", - "frame.cap_len": "418", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "404", - "ip.id": "0x00009700", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000751f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "352", - "tcp.seq": "94143", - "tcp.nxtseq": "94495", - "tcp.ack": "19210", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000009b4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:08:81:a7:a3:42:54", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2623617, TSecr 2812494420": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2623617", - "tcp.options.timestamp.tsecr": "2812494420" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "352", - "tcp.analysis.push_bytes_sent": "352" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "347", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:95:8e:15:52:eb:3d:79:a7:9a:9f:34:a6:f4:5c:b5:f9:fb:67:03:d5:a2:51:33:e9:cf:dc:d7:2b:d0:41:87:d7:9d:f5:e4:7f:67:3f:0d:a5:de:f6:36:4c:81:60:12:b4:a4:b1:05:38:e2:8f:ac:b7:fe:a0:c3:4f:41:0f:eb:57:7c:68:2e:38:82:81:e0:ec:f1:4b:af:36:8c:c2:0e:16:ae:74:0f:c4:ef:b5:07:6d:a5:f2:e9:dc:b6:47:e6:a9:40:e0:35:a6:c6:b1:cf:71:29:d5:a3:a7:1e:99:8e:23:c8:05:df:89:b4:6d:ff:36:bd:2d:51:cf:f7:68:14:1a:4e:a0:4a:23:b6:52:25:58:6c:b2:1c:e5:33:07:4a:9e:6f:88:83:e1:b1:89:a4:75:62:52:37:ee:bc:81:99:71:83:8d:5a:ee:f5:ef:a6:58:0c:89:dc:ce:a4:06:30:65:c5:ab:86:b2:0a:ea:79:53:87:c8:7c:30:95:08:ed:1b:7d:ea:2a:da:06:60:d5:24:e5:1f:cf:06:77:67:96:97:a0:d3:a0:0e:60:cc:f6:17:07:05:9e:78:39:4f:c5:46:95:5e:fb:cd:f8:b0:77:05:42:ef:b1:24:7d:f3:87:dd:36:40:29:52:2e:5a:e1:d8:3b:ee:fe:5f:90:1f:6f:58:6f:ed:f1:73:71:fe:8c:f3:4e:fc:3c:d3:a4:eb:ec:7b:5c:03:39:47:4b:55:f6:91:eb:6d:55:27:18:11:29:be:6e:c2:af:69:d7:3d:ad:48:3c:f0:7c:11:fd:e3:fc:18:36:d5:8a:2d:07:4f:c8:3e:9c:be:0f:68:f9:b7:94:91:21:c4:0c:1b:8d:81:56:6f:de:23:c8:09:62:84:b6:71:c1:25:22:4f" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:01.736082000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495781.736082000", - "frame.time_delta": "0.061526000", - "frame.time_delta_displayed": "0.061526000", - "frame.time_relative": "2190.275396000", - "frame.number": "8097", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002df1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000375f", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "19210", - "tcp.nxtseq": "19257", - "tcp.ack": "94495", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000b7d9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a3:56:46:00:28:08:81", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812499526, TSecr 2623617": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812499526", - "tcp.options.timestamp.tsecr": "2623617" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8096", - "tcp.analysis.ack_rtt": "0.061526000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:d8:58:d5:43:3b:8f:87:6a:0e:6c:7b:e3:0c:66:39:6e:b5:16:67:bf:6b:f5:89:34:8f:dc:9b:c2:6e:79:e0:6b:ee:82:a9" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:01.736517000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495781.736517000", - "frame.time_delta": "0.000435000", - "frame.time_delta_displayed": "0.000435000", - "frame.time_relative": "2190.275831000", - "frame.number": "8098", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00009701", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000767e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "94495", - "tcp.ack": "19257", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00008c70", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:08:87:a7:a3:56:46", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2623623, TSecr 2812499526": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2623623", - "tcp.options.timestamp.tsecr": "2812499526" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8097", - "tcp.analysis.ack_rtt": "0.000435000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:03.168984000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495783.168984000", - "frame.time_delta": "1.432467000", - "frame.time_delta_displayed": "1.432467000", - "frame.time_relative": "2191.708298000", - "frame.number": "8099", - "frame.len": "90", - "frame.cap_len": "90", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ntp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000010", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "4", - "ip.dsfield.ecn": "0" - }, - "ip.len": "76", - "ip.id": "0x00005afe", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000053e0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "216.93.242.12", - "ip.addr": "216.93.242.12", - "ip.dst_host": "216.93.242.12", - "ip.host": "216.93.242.12", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS27552 TowardEX Technologies International, Inc., Boston, MA, 42.358398, -71.059799": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS27552 TowardEX Technologies International, Inc.", - "ip.geoip.asnum": "AS27552 TowardEX Technologies International, Inc.", - "ip.geoip.dst_city": "Boston, MA", - "ip.geoip.city": "Boston, MA", - "ip.geoip.dst_lat": "42.358398", - "ip.geoip.lat": "42.358398", - "ip.geoip.dst_lon": "-71.059799", - "ip.geoip.lon": "-71.059799" - } - }, - "udp": { - "udp.srcport": "46395", - "udp.dstport": "123", - "udp.port": "46395", - "udp.port": "123", - "udp.length": "56", - "udp.checksum": "0x000070ca", - "udp.checksum.status": "2", - "udp.stream": "154" - }, - "ntp": { - "ntp.flags": "0x00000023", - "ntp.flags_tree": { - "ntp.flags.li": "0", - "ntp.flags.vn": "4", - "ntp.flags.mode": "3" - }, - "ntp.stratum": "0", - "ntp.ppoll": "0", - "ntp.precision": "0", - "ntp.rootdelay": "0", - "ntp.rootdispersion": "0", - "ntp.refid": "00:00:00:00", - "ntp.reftime": "Dec 31, 1969 16:00:00.000000000 PST", - "ntp.org": "Dec 31, 1969 16:00:00.000000000 PST", - "ntp.rec": "Dec 31, 1969 16:00:00.000000000 PST", - "ntp.xmt": "Oct 5, 2057 23:40:00.054627000 PDT" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:03.248589000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495783.248589000", - "frame.time_delta": "0.079605000", - "frame.time_delta_displayed": "0.079605000", - "frame.time_relative": "2191.787903000", - "frame.number": "8100", - "frame.len": "90", - "frame.cap_len": "90", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ntp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "76", - "ip.id": "0x0000ba62", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "48", - "ip.proto": "17", - "ip.checksum": "0x0000048c", - "ip.checksum.status": "2", - "ip.src": "216.93.242.12", - "ip.addr": "216.93.242.12", - "ip.src_host": "216.93.242.12", - "ip.host": "216.93.242.12", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS27552 TowardEX Technologies International, Inc., Boston, MA, 42.358398, -71.059799": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS27552 TowardEX Technologies International, Inc.", - "ip.geoip.asnum": "AS27552 TowardEX Technologies International, Inc.", - "ip.geoip.src_city": "Boston, MA", - "ip.geoip.city": "Boston, MA", - "ip.geoip.src_lat": "42.358398", - "ip.geoip.lat": "42.358398", - "ip.geoip.src_lon": "-71.059799", - "ip.geoip.lon": "-71.059799" - }, - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "123", - "udp.dstport": "46395", - "udp.port": "123", - "udp.port": "46395", - "udp.length": "56", - "udp.checksum": "0x00002980", - "udp.checksum.status": "2", - "udp.stream": "154" - }, - "ntp": { - "ntp.flags": "0x00000024", - "ntp.flags_tree": { - "ntp.flags.li": "0", - "ntp.flags.vn": "4", - "ntp.flags.mode": "4" - }, - "ntp.stratum": "2", - "ntp.ppoll": "3", - "ntp.precision": "-23", - "ntp.rootdelay": "0.0009613037109375", - "ntp.rootdispersion": "0.0285797119140625", - "ntp.refid": "12:1a:04:69", - "ntp.reftime": "Oct 31, 2017 17:10:35.123521000 PDT", - "ntp.org": "Oct 5, 2057 23:40:00.054627000 PDT", - "ntp.rec": "Oct 31, 2017 17:23:03.216221000 PDT", - "ntp.xmt": "Oct 31, 2017 17:23:03.216276000 PDT" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:04.398101000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495784.398101000", - "frame.time_delta": "1.149512000", - "frame.time_delta_displayed": "1.149512000", - "frame.time_relative": "2192.937415000", - "frame.number": "8101", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005831", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a660", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "5237", - "tcp.ack": "757", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000ef56", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive": "", - "_ws.expert.message": "TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:04.541332000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495784.541332000", - "frame.time_delta": "0.143231000", - "frame.time_delta_displayed": "0.143231000", - "frame.time_relative": "2193.080646000", - "frame.number": "8102", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001013", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fd7e", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "757", - "tcp.ack": "5238", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f9cb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive_ack": "", - "_ws.expert.message": "ACK to a TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:06.740172000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495786.740172000", - "frame.time_delta": "2.198840000", - "frame.time_delta_displayed": "2.198840000", - "frame.time_relative": "2195.279486000", - "frame.number": "8103", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.242" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:06.740593000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495786.740593000", - "frame.time_delta": "0.000421000", - "frame.time_delta_displayed": "0.000421000", - "frame.time_relative": "2195.279907000", - "frame.number": "8104", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "d0:52:a8:a3:60:0f", - "arp.src.proto_ipv4": "192.168.0.242", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:06.832996000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495786.832996000", - "frame.time_delta": "0.092403000", - "frame.time_delta_displayed": "0.092403000", - "frame.time_relative": "2195.372310000", - "frame.number": "8105", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005f15", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x000058d4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:08.128015000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495788.128015000", - "frame.time_delta": "1.295019000", - "frame.time_delta_displayed": "1.295019000", - "frame.time_relative": "2196.667329000", - "frame.number": "8106", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "00:17:88:69:ee:e4", - "arp.src.proto_ipv4": "192.168.0.160", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:08.128190000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495788.128190000", - "frame.time_delta": "0.000175000", - "frame.time_delta_displayed": "0.000175000", - "frame.time_relative": "2196.667504000", - "frame.number": "8107", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:17:88:69:ee:e4", - "arp.dst.proto_ipv4": "192.168.0.160" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:09.709378000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495789.709378000", - "frame.time_delta": "1.581188000", - "frame.time_delta_displayed": "1.581188000", - "frame.time_relative": "2198.248692000", - "frame.number": "8108", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00002017", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b7d9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00001262", - "udp.checksum.status": "2", - "udp.stream": "150" - }, - "mdns": { - "dns.id": "0x00000291", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=657", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:09.710614000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495789.710614000", - "frame.time_delta": "0.001236000", - "frame.time_delta_displayed": "0.001236000", - "frame.time_relative": "2198.249928000", - "frame.number": "8109", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00002018", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000098d4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f35d", - "udp.checksum.status": "2", - "udp.stream": "151" - }, - "mdns": { - "dns.id": "0x00000291", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=657", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:09.711168000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495789.711168000", - "frame.time_delta": "0.000554000", - "frame.time_delta_displayed": "0.000554000", - "frame.time_relative": "2198.250482000", - "frame.number": "8110", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1325", - "udp.dstport": "5353", - "udp.port": "1325", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00008123", - "udp.checksum.status": "2", - "udp.stream": "152" - }, - "mdns": { - "dns.id": "0x00000291", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=657", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:10.421594000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495790.421594000", - "frame.time_delta": "0.710426000", - "frame.time_delta_displayed": "0.710426000", - "frame.time_relative": "2198.960908000", - "frame.number": "8111", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x0000839b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000045bc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:10.440211000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495790.440211000", - "frame.time_delta": "0.018617000", - "frame.time_delta_displayed": "0.018617000", - "frame.time_relative": "2198.979525000", - "frame.number": "8112", - "frame.len": "213", - "frame.cap_len": "213", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "199", - "ip.id": "0x00009702", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000075ea", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "147", - "tcp.seq": "94495", - "tcp.nxtseq": "94642", - "tcp.ack": "19257", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000c424", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:0b:ee:a7:a3:56:46", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2624494, TSecr 2812499526": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2624494", - "tcp.options.timestamp.tsecr": "2812499526" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "147", - "tcp.analysis.push_bytes_sent": "147" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "142", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:96:7d:dd:95:a4:70:79:a4:b2:b7:b6:81:1d:72:3e:59:20:72:ba:66:2d:8e:c5:9f:22:c7:c7:e4:ee:91:15:e7:cf:c1:b1:0f:d5:2c:24:ee:20:54:07:48:d7:38:15:e8:b2:bf:2f:5d:05:05:ba:7d:1b:a5:bf:1e:53:fe:cf:cf:3b:3c:69:71:f9:e7:0a:75:1f:41:79:17:a4:9c:a7:f0:66:3d:0e:fb:15:34:6a:9d:86:56:c5:b4:be:49:e9:8a:ab:2c:86:77:35:6a:ee:e1:d9:e3:55:e3:5e:7e:d4:38:5d:f0:d0:e1:b5:8f:de:49:5d:46:54:68:89:9d:8b:99:fc:6e:61:d4:8d:d5:77" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:10.474484000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495790.474484000", - "frame.time_delta": "0.034273000", - "frame.time_delta_displayed": "0.034273000", - "frame.time_relative": "2199.013798000", - "frame.number": "8113", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x000083a0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000045b7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:10.527588000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495790.527588000", - "frame.time_delta": "0.053104000", - "frame.time_delta_displayed": "0.053104000", - "frame.time_relative": "2199.066902000", - "frame.number": "8114", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x000083a5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000045a9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:10.537970000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495790.537970000", - "frame.time_delta": "0.010382000", - "frame.time_delta_displayed": "0.010382000", - "frame.time_relative": "2199.077284000", - "frame.number": "8115", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002df2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000378d", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "19257", - "tcp.ack": "94642", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000080cc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a3:5e:df:00:28:0b:ee", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812501727, TSecr 2624494": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812501727", - "tcp.options.timestamp.tsecr": "2624494" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8112", - "tcp.analysis.ack_rtt": "0.097759000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:10.543493000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495790.543493000", - "frame.time_delta": "0.005523000", - "frame.time_delta_displayed": "0.005523000", - "frame.time_relative": "2199.082807000", - "frame.number": "8116", - "frame.len": "196", - "frame.cap_len": "196", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "182", - "ip.id": "0x00009703", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000075fa", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "130", - "tcp.seq": "94642", - "tcp.nxtseq": "94772", - "tcp.ack": "19257", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00008571", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:0b:f8:a7:a3:5e:df", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2624504, TSecr 2812501727": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2624504", - "tcp.options.timestamp.tsecr": "2812501727" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "130", - "tcp.analysis.push_bytes_sent": "130" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "125", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:97:e4:29:ca:53:ab:8e:a4:b4:8f:83:ae:f5:72:0c:ea:9f:5a:90:af:08:bb:9a:ef:44:a2:5f:d5:e9:04:d3:d8:f0:68:51:44:24:6b:86:18:39:f0:7b:18:21:d7:8c:b4:c7:86:82:25:70:0c:2a:29:cc:14:28:da:79:25:28:b0:b0:b8:ca:8d:57:01:51:c6:20:6d:8e:05:cd:3e:d5:ce:ee:92:1e:f2:a5:b9:53:0e:5d:04:d1:49:a1:c6:c8:a6:e3:ac:59:d8:15:14:6f:ae:93:ba:11:d6:c1:73:08:0f:f1:3c:a7:95:e9:e1" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:10.580422000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495790.580422000", - "frame.time_delta": "0.036929000", - "frame.time_delta_displayed": "0.036929000", - "frame.time_relative": "2199.119736000", - "frame.number": "8117", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x000083a8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000045a6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:10.603893000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495790.603893000", - "frame.time_delta": "0.023471000", - "frame.time_delta_displayed": "0.023471000", - "frame.time_relative": "2199.143207000", - "frame.number": "8118", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002df3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000378c", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "19257", - "tcp.ack": "94772", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00008030", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a3:5e:ef:00:28:0b:f8", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812501743, TSecr 2624504": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812501743", - "tcp.options.timestamp.tsecr": "2624504" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8116", - "tcp.analysis.ack_rtt": "0.060400000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:10.633338000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495790.633338000", - "frame.time_delta": "0.029445000", - "frame.time_delta_displayed": "0.029445000", - "frame.time_relative": "2199.172652000", - "frame.number": "8119", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x000083ad", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000045a7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:10.686179000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495790.686179000", - "frame.time_delta": "0.052841000", - "frame.time_delta_displayed": "0.052841000", - "frame.time_relative": "2199.225493000", - "frame.number": "8120", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x000083b2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000045a2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:14.709625000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495794.709625000", - "frame.time_delta": "4.023446000", - "frame.time_delta_displayed": "4.023446000", - "frame.time_relative": "2203.248939000", - "frame.number": "8121", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00002019", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b7d7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00001262", - "udp.checksum.status": "2", - "udp.stream": "150" - }, - "mdns": { - "dns.id": "0x00000291", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=657", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:14.710353000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495794.710353000", - "frame.time_delta": "0.000728000", - "frame.time_delta_displayed": "0.000728000", - "frame.time_relative": "2203.249667000", - "frame.number": "8122", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x0000201a", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000098d2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f35d", - "udp.checksum.status": "2", - "udp.stream": "151" - }, - "mdns": { - "dns.id": "0x00000291", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=657", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:14.711290000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495794.711290000", - "frame.time_delta": "0.000937000", - "frame.time_delta_displayed": "0.000937000", - "frame.time_relative": "2203.250604000", - "frame.number": "8123", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1325", - "udp.dstport": "5353", - "udp.port": "1325", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00008123", - "udp.checksum.status": "2", - "udp.stream": "152" - }, - "mdns": { - "dns.id": "0x00000291", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=657", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:19.709932000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495799.709932000", - "frame.time_delta": "4.998642000", - "frame.time_delta_displayed": "4.998642000", - "frame.time_relative": "2208.249246000", - "frame.number": "8124", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x0000201d", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b7d3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00001262", - "udp.checksum.status": "2", - "udp.stream": "150" - }, - "mdns": { - "dns.id": "0x00000291", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=657", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:19.710450000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495799.710450000", - "frame.time_delta": "0.000518000", - "frame.time_delta_displayed": "0.000518000", - "frame.time_relative": "2208.249764000", - "frame.number": "8125", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x0000201e", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000098ce", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f35d", - "udp.checksum.status": "2", - "udp.stream": "151" - }, - "mdns": { - "dns.id": "0x00000291", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=657", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:19.711066000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495799.711066000", - "frame.time_delta": "0.000616000", - "frame.time_delta_displayed": "0.000616000", - "frame.time_relative": "2208.250380000", - "frame.number": "8126", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1325", - "udp.dstport": "5353", - "udp.port": "1325", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00008123", - "udp.checksum.status": "2", - "udp.stream": "152" - }, - "mdns": { - "dns.id": "0x00000291", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=657", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:21.260735000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495801.260735000", - "frame.time_delta": "1.549669000", - "frame.time_delta_displayed": "1.549669000", - "frame.time_relative": "2209.800049000", - "frame.number": "8127", - "frame.len": "1325", - "frame.cap_len": "1325", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1311", - "ip.id": "0x00009704", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007190", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "1259", - "tcp.seq": "94772", - "tcp.nxtseq": "96031", - "tcp.ack": "19257", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000fb4c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:10:28:a7:a3:5e:ef", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2625576, TSecr 2812501743": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2625576", - "tcp.options.timestamp.tsecr": "2812501743" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "1259", - "tcp.analysis.push_bytes_sent": "1259" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "1254", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:98:98:c6:a5:d4:6a:87:02:0c:16:18:02:2d:39:6c:fb:a2:96:51:5e:63:b9:43:54:9a:fc:21:83:a1:ec:17:a5:88:5c:69:7c:de:04:80:ee:47:e8:ba:c1:0a:16:a7:84:67:0a:fc:75:28:5b:1d:0d:92:09:25:92:a2:30:5e:9a:2d:c4:85:36:13:6f:73:e8:0b:56:2f:e5:d1:81:54:f1:de:55:4a:a5:1e:2a:91:89:fb:59:4e:26:4a:2a:ac:a2:ff:a4:8c:c2:78:71:33:c3:1f:86:21:d4:83:b4:25:7f:54:e5:0b:77:c0:43:3e:df:cc:3c:8f:30:32:fa:83:5b:11:70:9e:02:e7:cb:dd:60:37:e5:9e:03:b5:69:7e:34:e8:c7:67:d9:a7:bc:95:49:48:33:af:19:f1:eb:81:89:6b:52:0c:02:c2:f9:c5:f2:21:0c:a7:48:d5:f6:b1:18:83:9d:0d:be:c5:06:86:de:5c:82:f2:95:5f:5e:85:f2:bd:c5:de:a3:61:d7:b7:d5:57:86:6f:49:29:c8:ed:15:c5:c4:36:44:46:d4:ae:d7:bf:e6:6f:01:0c:45:b6:de:16:5b:fe:ce:a2:50:73:f6:65:e4:19:85:31:39:26:a7:61:9b:84:29:e7:9b:4e:92:7d:60:2f:c0:7c:1e:2b:bf:36:0b:68:86:22:0c:ac:45:fc:3c:cf:e9:4e:77:9c:62:f2:17:10:e6:3e:15:2d:18:3a:70:f9:98:0b:6c:31:76:cb:9a:a5:d6:08:79:89:71:68:00:69:ad:87:5a:ee:b5:52:97:59:e7:52:f7:1a:9b:ec:28:f7:a6:5a:a9:8c:52:77:7e:37:55:8d:ad:6a:d8:f3:c9:c5:7d:30:3c:e5:b0:18:f7:f3:90:46:56:a6:cb:1d:d2:bd:63:57:bf:d7:b7:1c:ca:0f:cd:6a:3a:b2:7b:b2:2c:58:49:02:6f:10:87:57:4a:f6:2a:c1:b7:3b:d8:bf:a1:d5:37:2d:ff:e5:75:c1:ca:de:a2:86:6e:a5:a7:4e:ba:2f:49:0c:35:25:aa:b6:df:a2:a6:79:fb:4d:d0:3f:cd:d9:81:74:82:23:1b:4f:76:59:ad:ea:3c:e9:89:e0:70:e2:b4:7a:f0:8b:8c:ff:bc:05:df:e6:29:d3:a7:4c:52:e3:85:e0:d3:9a:14:af:c6:1e:aa:7e:ef:76:51:a7:d5:b5:23:2b:90:59:91:4c:b8:3f:fc:2d:db:5c:be:65:0b:23:0e:e3:70:06:51:1d:14:02:a4:fe:8e:14:24:69:eb:31:46:4c:4d:36:2d:dd:d7:51:cf:54:56:ce:99:50:09:8a:1d:4e:ac:87:0c:69:67:70:8f:72:ff:11:fc:b5:cb:4c:f3:f2:2d:2e:8d:70:ee:7d:8b:cb:39:ab:6e:90:8c:ba:72:b7:7d:07:50:ba:85:9f:b2:ce:10:4b:fb:a0:6d:ef:0a:7b:8b:16:ca:e5:af:04:fb:1f:bb:d1:82:e2:97:2a:11:c6:e8:f9:d9:ac:3f:8b:e3:2e:8e:94:85:1c:54:52:85:82:b6:ee:50:97:f0:3b:34:1d:f8:94:d4:b5:a0:df:ad:e5:c9:15:8e:87:ad:03:a5:27:de:46:9f:4b:f8:32:3a:0c:b6:88:68:af:6d:a0:e6:2c:24:f7:31:7e:76:85:b1:aa:55:09:a5:a9:c5:18:17:40:e5:5a:a1:92:28:bf:40:fd:4e:71:69:92:d3:12:71:26:71:2e:39:38:c6:4c:80:b8:63:ad:90:d8:91:13:aa:cf:2e:d2:80:5c:79:18:f8:a9:ba:10:a4:7f:bc:92:b0:ed:c6:49:4b:11:b7:8f:63:98:2b:08:2b:ee:d4:5a:1b:bd:4a:2c:4c:bd:8f:9b:a3:10:10:a2:48:d8:f5:91:4a:d8:fe:65:d1:a7:8b:62:20:9f:45:5a:62:ee:8e:16:c8:3e:cd:68:95:8c:fa:7c:5a:46:49:db:5f:ce:1c:ad:d8:12:ff:30:a9:13:da:8f:59:c8:32:86:f4:11:19:3e:de:9a:a2:ae:1e:9b:79:49:e6:79:77:42:60:6c:10:91:76:f4:7f:89:a3:6e:08:e5:f8:b9:a3:b4:a3:48:ba:e8:f2:99:ba:fa:d5:96:c5:02:a8:25:d5:40:22:1a:c2:3f:9a:49:11:71:77:9a:d9:31:6d:76:c0:f9:ab:3c:f2:c3:cb:9a:8d:9c:3f:c8:53:03:0c:a0:54:05:98:e2:1d:11:d1:b9:15:d8:ff:79:c7:67:78:60:01:3d:62:ad:7b:21:79:5b:92:d3:35:3e:2e:e3:77:f9:4f:45:61:6a:ac:f9:cf:6a:8d:32:55:18:d1:fa:fb:12:35:fd:38:9e:74:6f:07:60:c6:d1:16:fa:c7:13:92:d6:40:77:31:52:99:de:35:71:40:5b:46:60:69:09:12:39:9b:59:62:74:79:bb:44:e6:b3:6a:01:c3:0f:7f:71:e2:c5:91:d5:23:ad:9b:ff:ea:bb:77:72:03:39:55:97:40:93:6c:80:7e:a7:b5:df:22:66:bc:ae:46:87:16:09:42:ba:00:04:e3:8d:1a:28:e7:ce:35:47:da:41:89:9c:a8:df:89:35:6b:2d:31:8f:90:58:83:95:6e:7a:56:74:7d:1a:15:01:eb:e1:c9:20:e6:b5:b2:f1:59:8b:26:55:00:66:45:78:f0:43:8f:c5:7f:84:6a:e4:74:30:32:21:7e:df:50:15:7e:6d:e5:d4:ff:89:fd:35:4b:16:8b:4a:5a:78:8c:2a:55:a0:27:4d:1d:94:7c:02:a6:8a:ca:12:7b:9e:88:49:4a:38:4a:6a:50:bd:41:93:27:e2:7f:5e:59:c5:d5:ee:56:e0:a7:b2:7e:c9:41:71:8b:18:1f:f5:b4:0c:ad:5b:01:f6:93:64:93:2f:4a:12:1f:e5:8c:ca:c0:97:dc:2a:98:06:8e:36:77:73:d0:8a:be:e9:10:bb:57:4d:4b:74:14:22:0b:36:2a:e8:0d:1f:e5:38:be:23:a4:b4:8a:76:07:55:46:4d:79:3b:af:b5:d0:b8:ab:3c:88:07:0f:35:50:c4:af:ec:c7:f4:84:8d:9f:ef:a1:f0:43:6d:7c:88:55:3f:3a:1f:a3:5e:76:aa:cb:c8:47:9a:a9:25:32:67:1d:90:51:1f:b4:52:d0:fd:50:a6:a0:26:04:3e:ce:27:e8:78:3a:48:49:7f:ed:cd:1b:ac:f0:4b:3b:4a:a0:3e:f4:73:5a:7b:24:c8:38:a4:45:e5:56:8d:c3:77:5c" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:21.321060000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495801.321060000", - "frame.time_delta": "0.060325000", - "frame.time_delta_displayed": "0.060325000", - "frame.time_relative": "2209.860374000", - "frame.number": "8128", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002df4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000378b", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "19257", - "tcp.ack": "96031", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00006c9e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a3:69:66:00:28:10:28", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812504422, TSecr 2625576": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812504422", - "tcp.options.timestamp.tsecr": "2625576" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8127", - "tcp.analysis.ack_rtt": "0.060325000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:25.196024000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495805.196024000", - "frame.time_delta": "3.874964000", - "frame.time_delta_displayed": "3.874964000", - "frame.time_relative": "2213.735338000", - "frame.number": "8129", - "frame.len": "98", - "frame.cap_len": "98", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "84", - "ip.id": "0x00000bbb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ecf5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "64", - "udp.checksum": "0x00009db0", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "38:00:00:54:42:52:4b:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:00:04:e7:1a:b8:6f:ce:f2:14:13:00:00:00:00:70:a6:c7:74:f0:da:13:00:00:00:00:00:00:00:00:01:00:02:00", - "data.len": "56" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:28.849201000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495808.849201000", - "frame.time_delta": "3.653177000", - "frame.time_delta_displayed": "3.653177000", - "frame.time_relative": "2217.388515000", - "frame.number": "8130", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "3c:ef:8c:6f:79:5a", - "eth.src_tree": { - "eth.src_resolved": "Zhejiang_6f:79:5a", - "eth.addr": "3c:ef:8c:6f:79:5a", - "eth.addr_resolved": "Zhejiang_6f:79:5a", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.isgratuitous": "1", - "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", - "arp.src.proto_ipv4": "192.168.0.71", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.71" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:29.712490000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495809.712490000", - "frame.time_delta": "0.863289000", - "frame.time_delta_displayed": "0.863289000", - "frame.time_relative": "2218.251804000", - "frame.number": "8131", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x0000201f", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b7d1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00001161", - "udp.checksum.status": "2", - "udp.stream": "150" - }, - "mdns": { - "dns.id": "0x00000292", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=658", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:29.713010000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495809.713010000", - "frame.time_delta": "0.000520000", - "frame.time_delta_displayed": "0.000520000", - "frame.time_relative": "2218.252324000", - "frame.number": "8132", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00002020", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000098cc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f25c", - "udp.checksum.status": "2", - "udp.stream": "151" - }, - "mdns": { - "dns.id": "0x00000292", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=658", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:29.713618000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495809.713618000", - "frame.time_delta": "0.000608000", - "frame.time_delta_displayed": "0.000608000", - "frame.time_relative": "2218.252932000", - "frame.number": "8133", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1325", - "udp.dstport": "5353", - "udp.port": "1325", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00008022", - "udp.checksum.status": "2", - "udp.stream": "152" - }, - "mdns": { - "dns.id": "0x00000292", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=658", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:30.429811000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495810.429811000", - "frame.time_delta": "0.716193000", - "frame.time_delta_displayed": "0.716193000", - "frame.time_relative": "2218.969125000", - "frame.number": "8134", - "frame.len": "168", - "frame.cap_len": "168", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "154", - "ip.id": "0x00002128", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e71c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "52117", - "udp.dstport": "1900", - "udp.port": "52117", - "udp.port": "1900", - "udp.length": "134", - "udp.checksum": "0x00004d48", - "udp.checksum.status": "2", - "udp.stream": "10" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "19", - "http.prev_request_in": "7888" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:30.823804000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495810.823804000", - "frame.time_delta": "0.393993000", - "frame.time_delta_displayed": "0.393993000", - "frame.time_relative": "2219.363118000", - "frame.number": "8135", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000a425", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00001326", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "305", - "udp.checksum": "0x0000f985", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "109", - "http.prev_response_in": "7950" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:30.827726000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495810.827726000", - "frame.time_delta": "0.003922000", - "frame.time_delta_displayed": "0.003922000", - "frame.time_relative": "2219.367040000", - "frame.number": "8136", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001cad", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005bba", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54828", - "tcp.dstport": "80", - "tcp.port": "54828", - "tcp.port": "80", - "tcp.stream": "314", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x0000c9fd", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:30.828258000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495810.828258000", - "frame.time_delta": "0.000532000", - "frame.time_delta_displayed": "0.000532000", - "frame.time_relative": "2219.367572000", - "frame.number": "8137", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54828", - "tcp.port": "80", - "tcp.port": "54828", - "tcp.stream": "314", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000e38a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8136", - "tcp.analysis.ack_rtt": "0.000532000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:30.831000000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495810.831000000", - "frame.time_delta": "0.002742000", - "frame.time_delta_displayed": "0.002742000", - "frame.time_relative": "2219.370314000", - "frame.number": "8138", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001cae", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005bc5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54828", - "tcp.dstport": "80", - "tcp.port": "54828", - "tcp.port": "80", - "tcp.stream": "314", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00009569", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8137", - "tcp.analysis.ack_rtt": "0.002742000", - "tcp.analysis.initial_rtt": "0.003274000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:30.831591000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495810.831591000", - "frame.time_delta": "0.000591000", - "frame.time_delta_displayed": "0.000591000", - "frame.time_relative": "2219.370905000", - "frame.number": "8139", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001caf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005b1d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54828", - "tcp.dstport": "80", - "tcp.port": "54828", - "tcp.port": "80", - "tcp.stream": "314", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000aae2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003274000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:30.832084000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495810.832084000", - "frame.time_delta": "0.000493000", - "frame.time_delta_displayed": "0.000493000", - "frame.time_relative": "2219.371398000", - "frame.number": "8140", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00006264", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000560f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54828", - "tcp.port": "80", - "tcp.port": "54828", - "tcp.stream": "314", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000086fa", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8139", - "tcp.analysis.ack_rtt": "0.000493000", - "tcp.analysis.initial_rtt": "0.003274000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:30.832705000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495810.832705000", - "frame.time_delta": "0.000621000", - "frame.time_delta_displayed": "0.000621000", - "frame.time_relative": "2219.372019000", - "frame.number": "8141", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00006265", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000055fd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54828", - "tcp.port": "80", - "tcp.port": "54828", - "tcp.stream": "314", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000c71b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003274000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:30.833067000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495810.833067000", - "frame.time_delta": "0.000362000", - "frame.time_delta_displayed": "0.000362000", - "frame.time_relative": "2219.372381000", - "frame.number": "8142", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00006266", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000522a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54828", - "tcp.port": "80", - "tcp.port": "54828", - "tcp.stream": "314", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00001985", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003274000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "8141", - "tcp.segment": "8142", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001476000", - "http.request_in": "8139", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:30.838145000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495810.838145000", - "frame.time_delta": "0.005078000", - "frame.time_delta_displayed": "0.005078000", - "frame.time_relative": "2219.377459000", - "frame.number": "8143", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00006267", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005229", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54828", - "tcp.port": "80", - "tcp.port": "54828", - "tcp.stream": "314", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00001985", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003274000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.retransmission": "", - "_ws.expert.message": "This frame is a (suspected) retransmission", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - }, - "tcp.analysis.rto": "0.005078000", - "tcp.analysis.rto_frame": "8142" - } - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:30.840016000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495810.840016000", - "frame.time_delta": "0.001871000", - "frame.time_delta_displayed": "0.001871000", - "frame.time_relative": "2219.379330000", - "frame.number": "8144", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001cb0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005bc3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54828", - "tcp.dstport": "80", - "tcp.port": "54828", - "tcp.port": "80", - "tcp.stream": "314", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000090d1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8142", - "tcp.analysis.ack_rtt": "0.006949000", - "tcp.analysis.initial_rtt": "0.003274000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:30.840666000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495810.840666000", - "frame.time_delta": "0.000650000", - "frame.time_delta_displayed": "0.000650000", - "frame.time_relative": "2219.379980000", - "frame.number": "8145", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001cb1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005bc2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54828", - "tcp.dstport": "80", - "tcp.port": "54828", - "tcp.port": "80", - "tcp.stream": "314", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000090d0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:30.841099000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495810.841099000", - "frame.time_delta": "0.000433000", - "frame.time_delta_displayed": "0.000433000", - "frame.time_relative": "2219.380413000", - "frame.number": "8146", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000079a8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003ecb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54828", - "tcp.port": "80", - "tcp.port": "54828", - "tcp.stream": "314", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00008304", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8145", - "tcp.analysis.ack_rtt": "0.000433000", - "tcp.analysis.initial_rtt": "0.003274000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:30.842631000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495810.842631000", - "frame.time_delta": "0.001532000", - "frame.time_delta_displayed": "0.001532000", - "frame.time_relative": "2219.381945000", - "frame.number": "8147", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001cb2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005bb5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54828", - "tcp.dstport": "80", - "tcp.port": "54828", - "tcp.port": "80", - "tcp.stream": "314", - "tcp.len": "0", - "tcp.seq": "169", - "tcp.ack": "1014", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00007823", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:05:0a:b7:82:b7:d6:b7:82:bb:b9", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "SACK: 18-1013": { - "tcp.option_kind": "5", - "tcp.option_len": "10", - "tcp.options.sack": "1", - "tcp.options.sack_le": "18", - "tcp.options.sack_re": "1013", - "tcp.options.sack.count": "1" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003274000", - "tcp.analysis.flags": { - "tcp.analysis.duplicate_ack": "" - }, - "tcp.analysis.duplicate_ack_num": "1", - "tcp.analysis.duplicate_ack_frame": "8144", - "tcp.analysis.duplicate_ack_frame_tree": { - "_ws.expert": { - "tcp.analysis.duplicate_ack": "", - "_ws.expert.message": "Duplicate ACK (#1)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:30.876715000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495810.876715000", - "frame.time_delta": "0.034084000", - "frame.time_delta_displayed": "0.034084000", - "frame.time_relative": "2219.416029000", - "frame.number": "8148", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000a427", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000131b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "314", - "udp.checksum": "0x00000771", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "110", - "http.prev_response_in": "8135" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:30.892300000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495810.892300000", - "frame.time_delta": "0.015585000", - "frame.time_delta_displayed": "0.015585000", - "frame.time_relative": "2219.431614000", - "frame.number": "8149", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001cb3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005bb4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54829", - "tcp.dstport": "80", - "tcp.port": "54829", - "tcp.port": "80", - "tcp.stream": "315", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x00005361", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:30.892846000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495810.892846000", - "frame.time_delta": "0.000546000", - "frame.time_delta_displayed": "0.000546000", - "frame.time_relative": "2219.432160000", - "frame.number": "8150", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54829", - "tcp.port": "80", - "tcp.port": "54829", - "tcp.stream": "315", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000569a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8149", - "tcp.analysis.ack_rtt": "0.000546000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:30.895877000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495810.895877000", - "frame.time_delta": "0.003031000", - "frame.time_delta_displayed": "0.003031000", - "frame.time_relative": "2219.435191000", - "frame.number": "8151", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001cb4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005bbf", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54829", - "tcp.dstport": "80", - "tcp.port": "54829", - "tcp.port": "80", - "tcp.stream": "315", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00000879", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8150", - "tcp.analysis.ack_rtt": "0.003031000", - "tcp.analysis.initial_rtt": "0.003577000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:30.896479000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495810.896479000", - "frame.time_delta": "0.000602000", - "frame.time_delta_displayed": "0.000602000", - "frame.time_relative": "2219.435793000", - "frame.number": "8152", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001cb5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005b17", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54829", - "tcp.dstport": "80", - "tcp.port": "54829", - "tcp.port": "80", - "tcp.stream": "315", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00001df2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003577000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:30.896952000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495810.896952000", - "frame.time_delta": "0.000473000", - "frame.time_delta_displayed": "0.000473000", - "frame.time_relative": "2219.436266000", - "frame.number": "8153", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000656d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005306", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54829", - "tcp.port": "80", - "tcp.port": "54829", - "tcp.stream": "315", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000fa09", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8152", - "tcp.analysis.ack_rtt": "0.000473000", - "tcp.analysis.initial_rtt": "0.003577000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:30.897597000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495810.897597000", - "frame.time_delta": "0.000645000", - "frame.time_delta_displayed": "0.000645000", - "frame.time_relative": "2219.436911000", - "frame.number": "8154", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000656e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000052f4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54829", - "tcp.port": "80", - "tcp.port": "54829", - "tcp.stream": "315", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00003a2b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003577000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:30.897952000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495810.897952000", - "frame.time_delta": "0.000355000", - "frame.time_delta_displayed": "0.000355000", - "frame.time_relative": "2219.437266000", - "frame.number": "8155", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000656f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004f21", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54829", - "tcp.port": "80", - "tcp.port": "54829", - "tcp.stream": "315", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00008c94", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003577000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "8154", - "tcp.segment": "8155", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001473000", - "http.request_in": "8152", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:30.897962000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495810.897962000", - "frame.time_delta": "0.000010000", - "frame.time_delta_displayed": "0.000010000", - "frame.time_relative": "2219.437276000", - "frame.number": "8156", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00006570", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004f20", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54829", - "tcp.port": "80", - "tcp.port": "54829", - "tcp.stream": "315", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00008c94", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003577000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.out_of_order": "", - "_ws.expert.message": "This frame is a (suspected) out-of-order segment", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - } - } - }, - "_ws.malformed": { - "_ws.expert": { - "_ws.malformed.reassembly": "", - "_ws.expert.message": "New fragment overlaps old data (retransmission?)", - "_ws.expert.severity": "8388608", - "_ws.expert.group": "117440512" - }, - "_ws.malformed": "Malformed Packet" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:30.901122000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495810.901122000", - "frame.time_delta": "0.003160000", - "frame.time_delta_displayed": "0.003160000", - "frame.time_relative": "2219.440436000", - "frame.number": "8157", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001cb6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005bb1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54829", - "tcp.dstport": "80", - "tcp.port": "54829", - "tcp.port": "80", - "tcp.stream": "315", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000be8b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:05:0a:d4:d1:b0:db:d4:d1:b4:be", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "SACK: 18-1013": { - "tcp.option_kind": "5", - "tcp.option_len": "10", - "tcp.options.sack": "1", - "tcp.options.sack_le": "18", - "tcp.options.sack_re": "1013", - "tcp.options.sack.count": "1" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8155", - "tcp.analysis.ack_rtt": "0.003170000", - "tcp.analysis.initial_rtt": "0.003577000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:30.901714000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495810.901714000", - "frame.time_delta": "0.000592000", - "frame.time_delta_displayed": "0.000592000", - "frame.time_relative": "2219.441028000", - "frame.number": "8158", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001cb7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005bbc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54829", - "tcp.dstport": "80", - "tcp.port": "54829", - "tcp.port": "80", - "tcp.stream": "315", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000003e0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:30.902149000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495810.902149000", - "frame.time_delta": "0.000435000", - "frame.time_delta_displayed": "0.000435000", - "frame.time_relative": "2219.441463000", - "frame.number": "8159", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000079ab", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003ec8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54829", - "tcp.port": "80", - "tcp.port": "54829", - "tcp.stream": "315", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000f613", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8158", - "tcp.analysis.ack_rtt": "0.000435000", - "tcp.analysis.initial_rtt": "0.003577000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:30.930018000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495810.930018000", - "frame.time_delta": "0.027869000", - "frame.time_delta_displayed": "0.027869000", - "frame.time_relative": "2219.469332000", - "frame.number": "8160", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000a428", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00001320", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "308", - "udp.checksum": "0x00002afb", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "111", - "http.prev_response_in": "8148" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:30.935710000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495810.935710000", - "frame.time_delta": "0.005692000", - "frame.time_delta_displayed": "0.005692000", - "frame.time_relative": "2219.475024000", - "frame.number": "8161", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001cb8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005baf", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54830", - "tcp.dstport": "80", - "tcp.port": "54830", - "tcp.port": "80", - "tcp.stream": "316", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x0000dda4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:30.936263000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495810.936263000", - "frame.time_delta": "0.000553000", - "frame.time_delta_displayed": "0.000553000", - "frame.time_relative": "2219.475577000", - "frame.number": "8162", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54830", - "tcp.port": "80", - "tcp.port": "54830", - "tcp.stream": "316", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000b59e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8161", - "tcp.analysis.ack_rtt": "0.000553000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:30.939753000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495810.939753000", - "frame.time_delta": "0.003490000", - "frame.time_delta_displayed": "0.003490000", - "frame.time_relative": "2219.479067000", - "frame.number": "8163", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001cb9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005bba", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54830", - "tcp.dstport": "80", - "tcp.port": "54830", - "tcp.port": "80", - "tcp.stream": "316", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000677d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8162", - "tcp.analysis.ack_rtt": "0.003490000", - "tcp.analysis.initial_rtt": "0.004043000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:30.941121000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495810.941121000", - "frame.time_delta": "0.001368000", - "frame.time_delta_displayed": "0.001368000", - "frame.time_relative": "2219.480435000", - "frame.number": "8164", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001cba", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005b12", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54830", - "tcp.dstport": "80", - "tcp.port": "54830", - "tcp.port": "80", - "tcp.stream": "316", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00007cf6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004043000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:30.941613000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495810.941613000", - "frame.time_delta": "0.000492000", - "frame.time_delta_displayed": "0.000492000", - "frame.time_relative": "2219.480927000", - "frame.number": "8165", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000f32f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000c543", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54830", - "tcp.port": "80", - "tcp.port": "54830", - "tcp.stream": "316", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000590e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8164", - "tcp.analysis.ack_rtt": "0.000492000", - "tcp.analysis.initial_rtt": "0.004043000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:30.942256000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495810.942256000", - "frame.time_delta": "0.000643000", - "frame.time_delta_displayed": "0.000643000", - "frame.time_relative": "2219.481570000", - "frame.number": "8166", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000f330", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000c531", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54830", - "tcp.port": "80", - "tcp.port": "54830", - "tcp.stream": "316", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000992f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004043000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:30.942607000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495810.942607000", - "frame.time_delta": "0.000351000", - "frame.time_delta_displayed": "0.000351000", - "frame.time_relative": "2219.481921000", - "frame.number": "8167", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000f331", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000c15e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54830", - "tcp.port": "80", - "tcp.port": "54830", - "tcp.stream": "316", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000eb98", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004043000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "8166", - "tcp.segment": "8167", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001486000", - "http.request_in": "8164", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:30.945056000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495810.945056000", - "frame.time_delta": "0.002449000", - "frame.time_delta_displayed": "0.002449000", - "frame.time_relative": "2219.484370000", - "frame.number": "8168", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001cbb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005bb8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54830", - "tcp.dstport": "80", - "tcp.port": "54830", - "tcp.port": "80", - "tcp.stream": "316", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000062e5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8167", - "tcp.analysis.ack_rtt": "0.002449000", - "tcp.analysis.initial_rtt": "0.004043000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:30.945652000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495810.945652000", - "frame.time_delta": "0.000596000", - "frame.time_delta_displayed": "0.000596000", - "frame.time_relative": "2219.484966000", - "frame.number": "8169", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001cbc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005bb7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54830", - "tcp.dstport": "80", - "tcp.port": "54830", - "tcp.port": "80", - "tcp.stream": "316", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000062e4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:30.946104000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495810.946104000", - "frame.time_delta": "0.000452000", - "frame.time_delta_displayed": "0.000452000", - "frame.time_relative": "2219.485418000", - "frame.number": "8170", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000079ad", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003ec6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54830", - "tcp.port": "80", - "tcp.port": "54830", - "tcp.stream": "316", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00005518", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8169", - "tcp.analysis.ack_rtt": "0.000452000", - "tcp.analysis.initial_rtt": "0.004043000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:31.877431000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495811.877431000", - "frame.time_delta": "0.931327000", - "frame.time_delta_displayed": "0.931327000", - "frame.time_relative": "2220.416745000", - "frame.number": "8171", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000a470", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000012db", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "305", - "udp.checksum": "0x0000f985", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "112", - "http.prev_response_in": "8160" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:31.903971000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495811.903971000", - "frame.time_delta": "0.026540000", - "frame.time_delta_displayed": "0.026540000", - "frame.time_relative": "2220.443285000", - "frame.number": "8172", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001cbd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005baa", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54831", - "tcp.dstport": "80", - "tcp.port": "54831", - "tcp.port": "80", - "tcp.stream": "317", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x00008c1b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:31.904522000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495811.904522000", - "frame.time_delta": "0.000551000", - "frame.time_delta_displayed": "0.000551000", - "frame.time_relative": "2220.443836000", - "frame.number": "8173", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54831", - "tcp.port": "80", - "tcp.port": "54831", - "tcp.stream": "317", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00009a95", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8172", - "tcp.analysis.ack_rtt": "0.000551000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:31.911698000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495811.911698000", - "frame.time_delta": "0.007176000", - "frame.time_delta_displayed": "0.007176000", - "frame.time_relative": "2220.451012000", - "frame.number": "8174", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001cbe", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005bb5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54831", - "tcp.dstport": "80", - "tcp.port": "54831", - "tcp.port": "80", - "tcp.stream": "317", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00004c74", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8173", - "tcp.analysis.ack_rtt": "0.007176000", - "tcp.analysis.initial_rtt": "0.007727000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:31.912743000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495811.912743000", - "frame.time_delta": "0.001045000", - "frame.time_delta_displayed": "0.001045000", - "frame.time_relative": "2220.452057000", - "frame.number": "8175", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001cbf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005b0d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54831", - "tcp.dstport": "80", - "tcp.port": "54831", - "tcp.port": "80", - "tcp.stream": "317", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000061ed", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.007727000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:31.913339000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495811.913339000", - "frame.time_delta": "0.000596000", - "frame.time_delta_displayed": "0.000596000", - "frame.time_relative": "2220.452653000", - "frame.number": "8176", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005c3c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005c37", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54831", - "tcp.port": "80", - "tcp.port": "54831", - "tcp.stream": "317", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00003e05", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8175", - "tcp.analysis.ack_rtt": "0.000596000", - "tcp.analysis.initial_rtt": "0.007727000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:31.913803000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495811.913803000", - "frame.time_delta": "0.000464000", - "frame.time_delta_displayed": "0.000464000", - "frame.time_relative": "2220.453117000", - "frame.number": "8177", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00005c3d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005c25", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54831", - "tcp.port": "80", - "tcp.port": "54831", - "tcp.stream": "317", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00007e26", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.007727000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:31.914157000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495811.914157000", - "frame.time_delta": "0.000354000", - "frame.time_delta_displayed": "0.000354000", - "frame.time_relative": "2220.453471000", - "frame.number": "8178", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00005c3e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005852", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54831", - "tcp.port": "80", - "tcp.port": "54831", - "tcp.stream": "317", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000d08f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.007727000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "8177", - "tcp.segment": "8178", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001414000", - "http.request_in": "8175", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:31.916577000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495811.916577000", - "frame.time_delta": "0.002420000", - "frame.time_delta_displayed": "0.002420000", - "frame.time_relative": "2220.455891000", - "frame.number": "8179", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001cc0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005bb3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54831", - "tcp.dstport": "80", - "tcp.port": "54831", - "tcp.port": "80", - "tcp.stream": "317", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000047dc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8178", - "tcp.analysis.ack_rtt": "0.002420000", - "tcp.analysis.initial_rtt": "0.007727000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:31.917208000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495811.917208000", - "frame.time_delta": "0.000631000", - "frame.time_delta_displayed": "0.000631000", - "frame.time_relative": "2220.456522000", - "frame.number": "8180", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001cc1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005bb2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54831", - "tcp.dstport": "80", - "tcp.port": "54831", - "tcp.port": "80", - "tcp.stream": "317", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000047db", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:31.917643000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495811.917643000", - "frame.time_delta": "0.000435000", - "frame.time_delta_displayed": "0.000435000", - "frame.time_relative": "2220.456957000", - "frame.number": "8181", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000079ca", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003ea9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54831", - "tcp.port": "80", - "tcp.port": "54831", - "tcp.stream": "317", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00003a0f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8180", - "tcp.analysis.ack_rtt": "0.000435000", - "tcp.analysis.initial_rtt": "0.007727000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:31.930376000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495811.930376000", - "frame.time_delta": "0.012733000", - "frame.time_delta_displayed": "0.012733000", - "frame.time_relative": "2220.469690000", - "frame.number": "8182", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000a473", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000012cf", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "314", - "udp.checksum": "0x00000771", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "113", - "http.prev_response_in": "8171" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:31.934008000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495811.934008000", - "frame.time_delta": "0.003632000", - "frame.time_delta_displayed": "0.003632000", - "frame.time_relative": "2220.473322000", - "frame.number": "8183", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001cc2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005ba5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54832", - "tcp.dstport": "80", - "tcp.port": "54832", - "tcp.port": "80", - "tcp.stream": "318", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x00008203", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:31.934545000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495811.934545000", - "frame.time_delta": "0.000537000", - "frame.time_delta_displayed": "0.000537000", - "frame.time_relative": "2220.473859000", - "frame.number": "8184", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54832", - "tcp.port": "80", - "tcp.port": "54832", - "tcp.stream": "318", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000c0c9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8183", - "tcp.analysis.ack_rtt": "0.000537000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:31.937385000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495811.937385000", - "frame.time_delta": "0.002840000", - "frame.time_delta_displayed": "0.002840000", - "frame.time_relative": "2220.476699000", - "frame.number": "8185", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001cc3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005bb0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54832", - "tcp.dstport": "80", - "tcp.port": "54832", - "tcp.port": "80", - "tcp.stream": "318", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000072a8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8184", - "tcp.analysis.ack_rtt": "0.002840000", - "tcp.analysis.initial_rtt": "0.003377000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:31.938508000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495811.938508000", - "frame.time_delta": "0.001123000", - "frame.time_delta_displayed": "0.001123000", - "frame.time_relative": "2220.477822000", - "frame.number": "8186", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001cc4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005b08", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54832", - "tcp.dstport": "80", - "tcp.port": "54832", - "tcp.port": "80", - "tcp.stream": "318", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00008821", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003377000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:31.939010000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495811.939010000", - "frame.time_delta": "0.000502000", - "frame.time_delta_displayed": "0.000502000", - "frame.time_relative": "2220.478324000", - "frame.number": "8187", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000847c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000033f7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54832", - "tcp.port": "80", - "tcp.port": "54832", - "tcp.stream": "318", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00006439", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8186", - "tcp.analysis.ack_rtt": "0.000502000", - "tcp.analysis.initial_rtt": "0.003377000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:31.939586000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495811.939586000", - "frame.time_delta": "0.000576000", - "frame.time_delta_displayed": "0.000576000", - "frame.time_relative": "2220.478900000", - "frame.number": "8188", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000847d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000033e5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54832", - "tcp.port": "80", - "tcp.port": "54832", - "tcp.stream": "318", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000a45a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003377000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:31.939935000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495811.939935000", - "frame.time_delta": "0.000349000", - "frame.time_delta_displayed": "0.000349000", - "frame.time_relative": "2220.479249000", - "frame.number": "8189", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000847e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003012", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54832", - "tcp.port": "80", - "tcp.port": "54832", - "tcp.stream": "318", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000f6c3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003377000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "8188", - "tcp.segment": "8189", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001427000", - "http.request_in": "8186", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:31.943107000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495811.943107000", - "frame.time_delta": "0.003172000", - "frame.time_delta_displayed": "0.003172000", - "frame.time_relative": "2220.482421000", - "frame.number": "8190", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001cc5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005bae", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54832", - "tcp.dstport": "80", - "tcp.port": "54832", - "tcp.port": "80", - "tcp.stream": "318", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00006e10", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8189", - "tcp.analysis.ack_rtt": "0.003172000", - "tcp.analysis.initial_rtt": "0.003377000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:31.943781000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495811.943781000", - "frame.time_delta": "0.000674000", - "frame.time_delta_displayed": "0.000674000", - "frame.time_relative": "2220.483095000", - "frame.number": "8191", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001cc6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005bad", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54832", - "tcp.dstport": "80", - "tcp.port": "54832", - "tcp.port": "80", - "tcp.stream": "318", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00006e0f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:31.944211000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495811.944211000", - "frame.time_delta": "0.000430000", - "frame.time_delta_displayed": "0.000430000", - "frame.time_relative": "2220.483525000", - "frame.number": "8192", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000079cd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003ea6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54832", - "tcp.port": "80", - "tcp.port": "54832", - "tcp.stream": "318", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00006043", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8191", - "tcp.analysis.ack_rtt": "0.000430000", - "tcp.analysis.initial_rtt": "0.003377000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:31.982828000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495811.982828000", - "frame.time_delta": "0.038617000", - "frame.time_delta_displayed": "0.038617000", - "frame.time_relative": "2220.522142000", - "frame.number": "8193", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000a476", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000012d2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "308", - "udp.checksum": "0x00002afb", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "114", - "http.prev_response_in": "8182" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:31.994161000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495811.994161000", - "frame.time_delta": "0.011333000", - "frame.time_delta_displayed": "0.011333000", - "frame.time_relative": "2220.533475000", - "frame.number": "8194", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001cc7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005ba0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54833", - "tcp.dstport": "80", - "tcp.port": "54833", - "tcp.port": "80", - "tcp.stream": "319", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x00004998", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:31.994742000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495811.994742000", - "frame.time_delta": "0.000581000", - "frame.time_delta_displayed": "0.000581000", - "frame.time_relative": "2220.534056000", - "frame.number": "8195", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54833", - "tcp.port": "80", - "tcp.port": "54833", - "tcp.stream": "319", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00008d11", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8194", - "tcp.analysis.ack_rtt": "0.000581000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:31.997903000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495811.997903000", - "frame.time_delta": "0.003161000", - "frame.time_delta_displayed": "0.003161000", - "frame.time_relative": "2220.537217000", - "frame.number": "8196", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001cc8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005bab", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54833", - "tcp.dstport": "80", - "tcp.port": "54833", - "tcp.port": "80", - "tcp.stream": "319", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00003ef0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8195", - "tcp.analysis.ack_rtt": "0.003161000", - "tcp.analysis.initial_rtt": "0.003742000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:31.998488000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495811.998488000", - "frame.time_delta": "0.000585000", - "frame.time_delta_displayed": "0.000585000", - "frame.time_relative": "2220.537802000", - "frame.number": "8197", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001cc9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005b03", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54833", - "tcp.dstport": "80", - "tcp.port": "54833", - "tcp.port": "80", - "tcp.stream": "319", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00005469", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003742000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:31.998974000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495811.998974000", - "frame.time_delta": "0.000486000", - "frame.time_delta_displayed": "0.000486000", - "frame.time_relative": "2220.538288000", - "frame.number": "8198", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001c1d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009c56", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54833", - "tcp.port": "80", - "tcp.port": "54833", - "tcp.stream": "319", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00003081", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8197", - "tcp.analysis.ack_rtt": "0.000486000", - "tcp.analysis.initial_rtt": "0.003742000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:31.999551000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495811.999551000", - "frame.time_delta": "0.000577000", - "frame.time_delta_displayed": "0.000577000", - "frame.time_relative": "2220.538865000", - "frame.number": "8199", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00001c1e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009c44", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54833", - "tcp.port": "80", - "tcp.port": "54833", - "tcp.stream": "319", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000070a2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003742000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:31.999910000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495811.999910000", - "frame.time_delta": "0.000359000", - "frame.time_delta_displayed": "0.000359000", - "frame.time_relative": "2220.539224000", - "frame.number": "8200", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00001c1f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009871", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54833", - "tcp.port": "80", - "tcp.port": "54833", - "tcp.stream": "319", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000c30b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003742000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "8199", - "tcp.segment": "8200", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001422000", - "http.request_in": "8197", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:32.002261000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495812.002261000", - "frame.time_delta": "0.002351000", - "frame.time_delta_displayed": "0.002351000", - "frame.time_relative": "2220.541575000", - "frame.number": "8201", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001cca", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005ba9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54833", - "tcp.dstport": "80", - "tcp.port": "54833", - "tcp.port": "80", - "tcp.stream": "319", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00003a58", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8200", - "tcp.analysis.ack_rtt": "0.002351000", - "tcp.analysis.initial_rtt": "0.003742000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:32.002912000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495812.002912000", - "frame.time_delta": "0.000651000", - "frame.time_delta_displayed": "0.000651000", - "frame.time_relative": "2220.542226000", - "frame.number": "8202", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001ccb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005ba8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54833", - "tcp.dstport": "80", - "tcp.port": "54833", - "tcp.port": "80", - "tcp.stream": "319", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00003a57", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:32.003364000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495812.003364000", - "frame.time_delta": "0.000452000", - "frame.time_delta_displayed": "0.000452000", - "frame.time_relative": "2220.542678000", - "frame.number": "8203", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000079cf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003ea4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54833", - "tcp.port": "80", - "tcp.port": "54833", - "tcp.stream": "319", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00002c8b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8202", - "tcp.analysis.ack_rtt": "0.000452000", - "tcp.analysis.initial_rtt": "0.003742000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:32.740998000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495812.740998000", - "frame.time_delta": "0.737634000", - "frame.time_delta_displayed": "0.737634000", - "frame.time_relative": "2221.280312000", - "frame.number": "8204", - "frame.len": "115", - "frame.cap_len": "115", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "101", - "ip.id": "0x00009705", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007649", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "49", - "tcp.seq": "96031", - "tcp.nxtseq": "96080", - "tcp.ack": "19257", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000ca71", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:14:a4:a7:a3:69:66", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2626724, TSecr 2812504422": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2626724", - "tcp.options.timestamp.tsecr": "2812504422" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "49", - "tcp.analysis.push_bytes_sent": "49" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "44", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:99:d2:c8:8d:ba:d5:a4:3d:86:80:1b:55:82:ff:a9:ea:a6:df:8e:a3:8b:aa:72:27:4c:30:c9:63:64:70:ec:9b:62:d3:e2:6a:2b" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:32.801307000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495812.801307000", - "frame.time_delta": "0.060309000", - "frame.time_delta_displayed": "0.060309000", - "frame.time_relative": "2221.340621000", - "frame.number": "8205", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002df5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000378a", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "19257", - "tcp.ack": "96080", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00005cbb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a3:74:9c:00:28:14:a4", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812507292, TSecr 2626724": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812507292", - "tcp.options.timestamp.tsecr": "2626724" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8204", - "tcp.analysis.ack_rtt": "0.060309000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:32.801698000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495812.801698000", - "frame.time_delta": "0.000391000", - "frame.time_delta_displayed": "0.000391000", - "frame.time_relative": "2221.341012000", - "frame.number": "8206", - "frame.len": "121", - "frame.cap_len": "121", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "107", - "ip.id": "0x00002df6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003752", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "55", - "tcp.seq": "19257", - "tcp.nxtseq": "19312", - "tcp.ack": "96080", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000a0ec", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a3:74:9c:00:28:14:a4", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812507292, TSecr 2626724": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812507292", - "tcp.options.timestamp.tsecr": "2626724" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "55", - "tcp.analysis.push_bytes_sent": "55" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "50", - "ssl.app_data": "34:cd:34:17:47:48:0e:d9:8b:27:d4:17:49:4e:05:b9:27:75:67:f3:ce:24:9c:1e:ac:d8:59:19:dd:5b:37:ad:fd:8f:42:cc:d5:38:5a:7d:22:f5:4a:d1:bd:97:86:a1:e8:69" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:32.802139000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495812.802139000", - "frame.time_delta": "0.000441000", - "frame.time_delta_displayed": "0.000441000", - "frame.time_relative": "2221.341453000", - "frame.number": "8207", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00009706", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007679", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "96080", - "tcp.ack": "19312", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00005b8f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:14:aa:a7:a3:74:9c", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2626730, TSecr 2812507292": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2626730", - "tcp.options.timestamp.tsecr": "2812507292" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8206", - "tcp.analysis.ack_rtt": "0.000441000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:34.538069000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495814.538069000", - "frame.time_delta": "1.735930000", - "frame.time_delta_displayed": "1.735930000", - "frame.time_relative": "2223.077383000", - "frame.number": "8208", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005832", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a65f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "5237", - "tcp.ack": "757", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000ef56", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive": "", - "_ws.expert.message": "TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:34.681351000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495814.681351000", - "frame.time_delta": "0.143282000", - "frame.time_delta_displayed": "0.143282000", - "frame.time_relative": "2223.220665000", - "frame.number": "8209", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001014", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fd7d", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "757", - "tcp.ack": "5238", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f9cb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive_ack": "", - "_ws.expert.message": "ACK to a TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:34.712773000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495814.712773000", - "frame.time_delta": "0.031422000", - "frame.time_delta_displayed": "0.031422000", - "frame.time_relative": "2223.252087000", - "frame.number": "8210", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00002021", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b7cf", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00001161", - "udp.checksum.status": "2", - "udp.stream": "150" - }, - "mdns": { - "dns.id": "0x00000292", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=658", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:34.713301000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495814.713301000", - "frame.time_delta": "0.000528000", - "frame.time_delta_displayed": "0.000528000", - "frame.time_relative": "2223.252615000", - "frame.number": "8211", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00002022", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000098ca", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f25c", - "udp.checksum.status": "2", - "udp.stream": "151" - }, - "mdns": { - "dns.id": "0x00000292", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=658", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:34.713920000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495814.713920000", - "frame.time_delta": "0.000619000", - "frame.time_delta_displayed": "0.000619000", - "frame.time_relative": "2223.253234000", - "frame.number": "8212", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1325", - "udp.dstport": "5353", - "udp.port": "1325", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00008022", - "udp.checksum.status": "2", - "udp.stream": "152" - }, - "mdns": { - "dns.id": "0x00000292", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=658", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:36.675880000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495816.675880000", - "frame.time_delta": "1.961960000", - "frame.time_delta_displayed": "1.961960000", - "frame.time_relative": "2225.215194000", - "frame.number": "8213", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x00002129", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e6eb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "60335", - "udp.dstport": "1900", - "udp.port": "60335", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x00005eae", - "udp.checksum.status": "2", - "udp.stream": "155" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:36.835892000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495816.835892000", - "frame.time_delta": "0.160012000", - "frame.time_delta_displayed": "0.160012000", - "frame.time_relative": "2225.375206000", - "frame.number": "8214", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005f3c", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x000058ad", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:37.357954000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495817.357954000", - "frame.time_delta": "0.522062000", - "frame.time_delta_displayed": "0.522062000", - "frame.time_relative": "2225.897268000", - "frame.number": "8215", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000a5fb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00001150", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "60335", - "udp.port": "1900", - "udp.port": "60335", - "udp.length": "305", - "udp.checksum": "0x0000d96b", - "udp.checksum.status": "2", - "udp.stream": "156" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:37.410805000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495817.410805000", - "frame.time_delta": "0.052851000", - "frame.time_delta_displayed": "0.052851000", - "frame.time_relative": "2225.950119000", - "frame.number": "8216", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000a600", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00001142", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "60335", - "udp.port": "1900", - "udp.port": "60335", - "udp.length": "314", - "udp.checksum": "0x0000e756", - "udp.checksum.status": "2", - "udp.stream": "156" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "2", - "http.prev_response_in": "8215" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:37.463672000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495817.463672000", - "frame.time_delta": "0.052867000", - "frame.time_delta_displayed": "0.052867000", - "frame.time_relative": "2226.002986000", - "frame.number": "8217", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000a603", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00001145", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "60335", - "udp.port": "1900", - "udp.port": "60335", - "udp.length": "308", - "udp.checksum": "0x00000ae1", - "udp.checksum.status": "2", - "udp.stream": "156" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "3", - "http.prev_response_in": "8216" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:37.676183000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495817.676183000", - "frame.time_delta": "0.212511000", - "frame.time_delta_displayed": "0.212511000", - "frame.time_relative": "2226.215497000", - "frame.number": "8218", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x0000212a", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e6ea", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "60335", - "udp.dstport": "1900", - "udp.port": "60335", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x00005eae", - "udp.checksum.status": "2", - "udp.stream": "155" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "2", - "http.prev_request_in": "8213" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:38.415618000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495818.415618000", - "frame.time_delta": "0.739435000", - "frame.time_delta_displayed": "0.739435000", - "frame.time_relative": "2226.954932000", - "frame.number": "8219", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000a643", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00001108", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "60335", - "udp.port": "1900", - "udp.port": "60335", - "udp.length": "305", - "udp.checksum": "0x0000d96b", - "udp.checksum.status": "2", - "udp.stream": "156" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "4", - "http.prev_response_in": "8217" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:38.468363000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495818.468363000", - "frame.time_delta": "0.052745000", - "frame.time_delta_displayed": "0.052745000", - "frame.time_relative": "2227.007677000", - "frame.number": "8220", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000a647", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000010fb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "60335", - "udp.port": "1900", - "udp.port": "60335", - "udp.length": "314", - "udp.checksum": "0x0000e756", - "udp.checksum.status": "2", - "udp.stream": "156" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "5", - "http.prev_response_in": "8219" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:38.521150000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495818.521150000", - "frame.time_delta": "0.052787000", - "frame.time_delta_displayed": "0.052787000", - "frame.time_relative": "2227.060464000", - "frame.number": "8221", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000a64c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000010fc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "60335", - "udp.port": "1900", - "udp.port": "60335", - "udp.length": "308", - "udp.checksum": "0x00000ae1", - "udp.checksum.status": "2", - "udp.stream": "156" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "6", - "http.prev_response_in": "8220" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:38.676371000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495818.676371000", - "frame.time_delta": "0.155221000", - "frame.time_delta_displayed": "0.155221000", - "frame.time_relative": "2227.215685000", - "frame.number": "8222", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x0000212b", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e6e9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "60335", - "udp.dstport": "1900", - "udp.port": "60335", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x00005eae", - "udp.checksum.status": "2", - "udp.stream": "155" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "3", - "http.prev_request_in": "8218" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:39.047160000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495819.047160000", - "frame.time_delta": "0.370789000", - "frame.time_delta_displayed": "0.370789000", - "frame.time_relative": "2227.586474000", - "frame.number": "8223", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000a67c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000010cf", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "60335", - "udp.port": "1900", - "udp.port": "60335", - "udp.length": "305", - "udp.checksum": "0x0000d96b", - "udp.checksum.status": "2", - "udp.stream": "156" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "7", - "http.prev_response_in": "8221" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:39.099916000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495819.099916000", - "frame.time_delta": "0.052756000", - "frame.time_delta_displayed": "0.052756000", - "frame.time_relative": "2227.639230000", - "frame.number": "8224", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000a67d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000010c5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "60335", - "udp.port": "1900", - "udp.port": "60335", - "udp.length": "314", - "udp.checksum": "0x0000e756", - "udp.checksum.status": "2", - "udp.stream": "156" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "8", - "http.prev_response_in": "8223" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:39.152964000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495819.152964000", - "frame.time_delta": "0.053048000", - "frame.time_delta_displayed": "0.053048000", - "frame.time_relative": "2227.692278000", - "frame.number": "8225", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000a682", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000010c6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "60335", - "udp.port": "1900", - "udp.port": "60335", - "udp.length": "308", - "udp.checksum": "0x00000ae1", - "udp.checksum.status": "2", - "udp.stream": "156" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "9", - "http.prev_response_in": "8224" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:39.547984000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495819.547984000", - "frame.time_delta": "0.395020000", - "frame.time_delta_displayed": "0.395020000", - "frame.time_relative": "2228.087298000", - "frame.number": "8226", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "00:17:88:69:ee:e4", - "arp.src.proto_ipv4": "192.168.0.160", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:39.548160000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495819.548160000", - "frame.time_delta": "0.000176000", - "frame.time_delta_displayed": "0.000176000", - "frame.time_relative": "2228.087474000", - "frame.number": "8227", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:17:88:69:ee:e4", - "arp.dst.proto_ipv4": "192.168.0.160" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:39.677255000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495819.677255000", - "frame.time_delta": "0.129095000", - "frame.time_delta_displayed": "0.129095000", - "frame.time_relative": "2228.216569000", - "frame.number": "8228", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x0000212c", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e6e8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "60335", - "udp.dstport": "1900", - "udp.port": "60335", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x00005eae", - "udp.checksum.status": "2", - "udp.stream": "155" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "4", - "http.prev_request_in": "8222" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:39.713021000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495819.713021000", - "frame.time_delta": "0.035766000", - "frame.time_delta_displayed": "0.035766000", - "frame.time_relative": "2228.252335000", - "frame.number": "8229", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00002023", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b7cd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00001161", - "udp.checksum.status": "2", - "udp.stream": "150" - }, - "mdns": { - "dns.id": "0x00000292", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=658", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:39.713557000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495819.713557000", - "frame.time_delta": "0.000536000", - "frame.time_delta_displayed": "0.000536000", - "frame.time_relative": "2228.252871000", - "frame.number": "8230", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00002024", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000098c8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f25c", - "udp.checksum.status": "2", - "udp.stream": "151" - }, - "mdns": { - "dns.id": "0x00000292", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=658", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:39.714172000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495819.714172000", - "frame.time_delta": "0.000615000", - "frame.time_delta_displayed": "0.000615000", - "frame.time_relative": "2228.253486000", - "frame.number": "8231", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1325", - "udp.dstport": "5353", - "udp.port": "1325", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00008022", - "udp.checksum.status": "2", - "udp.stream": "152" - }, - "mdns": { - "dns.id": "0x00000292", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=658", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:40.104614000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495820.104614000", - "frame.time_delta": "0.390442000", - "frame.time_delta_displayed": "0.390442000", - "frame.time_relative": "2228.643928000", - "frame.number": "8232", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000a6c2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00001089", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "60335", - "udp.port": "1900", - "udp.port": "60335", - "udp.length": "305", - "udp.checksum": "0x0000d96b", - "udp.checksum.status": "2", - "udp.stream": "156" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "10", - "http.prev_response_in": "8225" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:40.157364000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495820.157364000", - "frame.time_delta": "0.052750000", - "frame.time_delta_displayed": "0.052750000", - "frame.time_relative": "2228.696678000", - "frame.number": "8233", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000a6c7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000107b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "60335", - "udp.port": "1900", - "udp.port": "60335", - "udp.length": "314", - "udp.checksum": "0x0000e756", - "udp.checksum.status": "2", - "udp.stream": "156" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "11", - "http.prev_response_in": "8232" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:40.210260000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495820.210260000", - "frame.time_delta": "0.052896000", - "frame.time_delta_displayed": "0.052896000", - "frame.time_relative": "2228.749574000", - "frame.number": "8234", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000a6cb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000107d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "60335", - "udp.port": "1900", - "udp.port": "60335", - "udp.length": "308", - "udp.checksum": "0x00000ae1", - "udp.checksum.status": "2", - "udp.stream": "156" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "12", - "http.prev_response_in": "8233" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:40.420980000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495820.420980000", - "frame.time_delta": "0.210720000", - "frame.time_delta_displayed": "0.210720000", - "frame.time_relative": "2228.960294000", - "frame.number": "8235", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000a6d3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00001078", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "60335", - "udp.port": "1900", - "udp.port": "60335", - "udp.length": "305", - "udp.checksum": "0x0000d96b", - "udp.checksum.status": "2", - "udp.stream": "156" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "13", - "http.prev_response_in": "8234" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:40.473688000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495820.473688000", - "frame.time_delta": "0.052708000", - "frame.time_delta_displayed": "0.052708000", - "frame.time_relative": "2229.013002000", - "frame.number": "8236", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000a6d7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000106b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "60335", - "udp.port": "1900", - "udp.port": "60335", - "udp.length": "314", - "udp.checksum": "0x0000e756", - "udp.checksum.status": "2", - "udp.stream": "156" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "14", - "http.prev_response_in": "8235" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:40.526512000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495820.526512000", - "frame.time_delta": "0.052824000", - "frame.time_delta_displayed": "0.052824000", - "frame.time_relative": "2229.065826000", - "frame.number": "8237", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000a6dc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000106c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "60335", - "udp.port": "1900", - "udp.port": "60335", - "udp.length": "308", - "udp.checksum": "0x00000ae1", - "udp.checksum.status": "2", - "udp.stream": "156" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "15", - "http.prev_response_in": "8236" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:41.473150000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495821.473150000", - "frame.time_delta": "0.946638000", - "frame.time_delta_displayed": "0.946638000", - "frame.time_relative": "2230.012464000", - "frame.number": "8238", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000a716", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00001035", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "60335", - "udp.port": "1900", - "udp.port": "60335", - "udp.length": "305", - "udp.checksum": "0x0000d96b", - "udp.checksum.status": "2", - "udp.stream": "156" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "16", - "http.prev_response_in": "8237" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:41.526087000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495821.526087000", - "frame.time_delta": "0.052937000", - "frame.time_delta_displayed": "0.052937000", - "frame.time_relative": "2230.065401000", - "frame.number": "8239", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000a717", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000102b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "60335", - "udp.port": "1900", - "udp.port": "60335", - "udp.length": "314", - "udp.checksum": "0x0000e756", - "udp.checksum.status": "2", - "udp.stream": "156" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "17", - "http.prev_response_in": "8238" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:41.578882000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495821.578882000", - "frame.time_delta": "0.052795000", - "frame.time_delta_displayed": "0.052795000", - "frame.time_relative": "2230.118196000", - "frame.number": "8240", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000a71b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000102d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "60335", - "udp.port": "1900", - "udp.port": "60335", - "udp.length": "308", - "udp.checksum": "0x00000ae1", - "udp.checksum.status": "2", - "udp.stream": "156" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "18", - "http.prev_response_in": "8239" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:42.157648000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495822.157648000", - "frame.time_delta": "0.578766000", - "frame.time_delta_displayed": "0.578766000", - "frame.time_relative": "2230.696962000", - "frame.number": "8241", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000a731", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000101a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "60335", - "udp.port": "1900", - "udp.port": "60335", - "udp.length": "305", - "udp.checksum": "0x0000d96b", - "udp.checksum.status": "2", - "udp.stream": "156" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "19", - "http.prev_response_in": "8240" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:42.210430000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495822.210430000", - "frame.time_delta": "0.052782000", - "frame.time_delta_displayed": "0.052782000", - "frame.time_relative": "2230.749744000", - "frame.number": "8242", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000a737", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000100b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "60335", - "udp.port": "1900", - "udp.port": "60335", - "udp.length": "314", - "udp.checksum": "0x0000e756", - "udp.checksum.status": "2", - "udp.stream": "156" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "20", - "http.prev_response_in": "8241" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:42.263159000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495822.263159000", - "frame.time_delta": "0.052729000", - "frame.time_delta_displayed": "0.052729000", - "frame.time_relative": "2230.802473000", - "frame.number": "8243", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000a73b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000100d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "60335", - "udp.port": "1900", - "udp.port": "60335", - "udp.length": "308", - "udp.checksum": "0x00000ae1", - "udp.checksum.status": "2", - "udp.stream": "156" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "21", - "http.prev_response_in": "8242" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:43.210059000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495823.210059000", - "frame.time_delta": "0.946900000", - "frame.time_delta_displayed": "0.946900000", - "frame.time_relative": "2231.749373000", - "frame.number": "8244", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000a759", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00000ff2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "60335", - "udp.port": "1900", - "udp.port": "60335", - "udp.length": "305", - "udp.checksum": "0x0000d96b", - "udp.checksum.status": "2", - "udp.stream": "156" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "22", - "http.prev_response_in": "8243" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:43.263138000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495823.263138000", - "frame.time_delta": "0.053079000", - "frame.time_delta_displayed": "0.053079000", - "frame.time_relative": "2231.802452000", - "frame.number": "8245", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000a75d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00000fe5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "60335", - "udp.port": "1900", - "udp.port": "60335", - "udp.length": "314", - "udp.checksum": "0x0000e756", - "udp.checksum.status": "2", - "udp.stream": "156" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "23", - "http.prev_response_in": "8244" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:43.315874000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495823.315874000", - "frame.time_delta": "0.052736000", - "frame.time_delta_displayed": "0.052736000", - "frame.time_relative": "2231.855188000", - "frame.number": "8246", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000a762", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00000fe6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "60335", - "udp.port": "1900", - "udp.port": "60335", - "udp.length": "308", - "udp.checksum": "0x00000ae1", - "udp.checksum.status": "2", - "udp.stream": "156" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "24", - "http.prev_response_in": "8245" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:49.713652000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495829.713652000", - "frame.time_delta": "6.397778000", - "frame.time_delta_displayed": "6.397778000", - "frame.time_relative": "2238.252966000", - "frame.number": "8247", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00002028", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b7c8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00001060", - "udp.checksum.status": "2", - "udp.stream": "150" - }, - "mdns": { - "dns.id": "0x00000293", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=659", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:49.714460000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495829.714460000", - "frame.time_delta": "0.000808000", - "frame.time_delta_displayed": "0.000808000", - "frame.time_relative": "2238.253774000", - "frame.number": "8248", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00002029", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000098c3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f15b", - "udp.checksum.status": "2", - "udp.stream": "151" - }, - "mdns": { - "dns.id": "0x00000293", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=659", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:49.715780000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495829.715780000", - "frame.time_delta": "0.001320000", - "frame.time_delta_displayed": "0.001320000", - "frame.time_relative": "2238.255094000", - "frame.number": "8249", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1325", - "udp.dstport": "5353", - "udp.port": "1325", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00007f21", - "udp.checksum.status": "2", - "udp.stream": "152" - }, - "mdns": { - "dns.id": "0x00000293", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=659", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:54.713919000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495834.713919000", - "frame.time_delta": "4.998139000", - "frame.time_delta_displayed": "4.998139000", - "frame.time_relative": "2243.253233000", - "frame.number": "8250", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x0000202a", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b7c6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00001060", - "udp.checksum.status": "2", - "udp.stream": "150" - }, - "mdns": { - "dns.id": "0x00000293", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=659", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:54.714431000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495834.714431000", - "frame.time_delta": "0.000512000", - "frame.time_delta_displayed": "0.000512000", - "frame.time_relative": "2243.253745000", - "frame.number": "8251", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x0000202b", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000098c1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f15b", - "udp.checksum.status": "2", - "udp.stream": "151" - }, - "mdns": { - "dns.id": "0x00000293", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=659", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:54.715044000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495834.715044000", - "frame.time_delta": "0.000613000", - "frame.time_delta_displayed": "0.000613000", - "frame.time_relative": "2243.254358000", - "frame.number": "8252", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1325", - "udp.dstport": "5353", - "udp.port": "1325", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00007f21", - "udp.checksum.status": "2", - "udp.stream": "152" - }, - "mdns": { - "dns.id": "0x00000293", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=659", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:55.636034000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495835.636034000", - "frame.time_delta": "0.920990000", - "frame.time_delta_displayed": "0.920990000", - "frame.time_relative": "2244.175348000", - "frame.number": "8253", - "frame.len": "174", - "frame.cap_len": "174", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:01", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01", - "eth.addr": "33:33:00:00:00:01", - "eth.addr_resolved": "IPv6mcast_01", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00016898", - "ipv6.plen": "120", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "fe80::b2b9:8aff:fe73:698e", - "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.dst": "ff02::1", - "ipv6.addr": "ff02::1", - "ipv6.dst_host": "ff02::1", - "ipv6.host": "ff02::1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "134", - "icmpv6.code": "0", - "icmpv6.checksum": "0x00006442", - "icmpv6.checksum.status": "1", - "icmpv6.nd.ra.cur_hop_limit": "64", - "icmpv6.nd.ra.flag": "0x000000c0", - "icmpv6.nd.ra.flag_tree": { - "icmpv6.nd.ra.flag.m": "1", - "icmpv6.nd.ra.flag.o": "1", - "icmpv6.nd.ra.flag.h": "0", - "icmpv6.nd.ra.flag.prf": "0", - "icmpv6.nd.ra.flag.p": "0", - "icmpv6.nd.ra.flag.rsv": "0" - }, - "icmpv6.nd.ra.router_lifetime": "0", - "icmpv6.nd.ra.reachable_time": "0", - "icmpv6.nd.ra.retrans_timer": "0", - "icmpv6.opt": { - "icmpv6.opt.type": "1", - "icmpv6.opt.length": "1", - "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", - "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "5", - "icmpv6.opt.length": "1", - "icmpv6.opt.reserved": "", - "icmpv6.opt.mtu": "1500" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "3", - "icmpv6.opt.length": "4", - "icmpv6.opt.prefix.length": "64", - "icmpv6.opt.prefix.flag": "0x000000c0", - "icmpv6.opt.prefix.flag_tree": { - "icmpv6.opt.prefix.flag.l": "1", - "icmpv6.opt.prefix.flag.a": "1", - "icmpv6.opt.prefix.flag.r": "0", - "icmpv6.opt.prefix.flag.reserved": "0" - }, - "icmpv6.opt.prefix.valid_lifetime": "4294967295", - "icmpv6.opt.prefix.preferred_lifetime": "4294967295", - "icmpv6.opt.reserved": "", - "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "24", - "icmpv6.opt.length": "3", - "icmpv6.opt.prefix.length": "48", - "icmpv6.opt.route_info.flag": "0x00000000", - "icmpv6.opt.route_info.flag_tree": { - "icmpv6.opt.route_info.flag.route_preference": "0", - "icmpv6.opt.route_info.flag.reserved": "0" - }, - "icmpv6.opt.route_lifetime": "4294967295", - "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "25", - "icmpv6.opt.length": "3", - "icmpv6.opt.reserved": "", - "icmpv6.opt.rdnss.lifetime": "6000", - "icmpv6.opt.rdnss": "fd1e:4e89:3b7b::1" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "7", - "icmpv6.opt.length": "1", - "icmpv6.opt.reserved": "", - "icmpv6.opt.advertisement_interval": "600000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:59.714202000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495839.714202000", - "frame.time_delta": "4.078168000", - "frame.time_delta_displayed": "4.078168000", - "frame.time_relative": "2248.253516000", - "frame.number": "8254", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x0000202c", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b7c4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00001060", - "udp.checksum.status": "2", - "udp.stream": "150" - }, - "mdns": { - "dns.id": "0x00000293", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=659", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:59.714703000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495839.714703000", - "frame.time_delta": "0.000501000", - "frame.time_delta_displayed": "0.000501000", - "frame.time_relative": "2248.254017000", - "frame.number": "8255", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x0000202d", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000098bf", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f15b", - "udp.checksum.status": "2", - "udp.stream": "151" - }, - "mdns": { - "dns.id": "0x00000293", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=659", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:23:59.715338000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495839.715338000", - "frame.time_delta": "0.000635000", - "frame.time_delta_displayed": "0.000635000", - "frame.time_relative": "2248.254652000", - "frame.number": "8256", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1325", - "udp.dstport": "5353", - "udp.port": "1325", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00007f21", - "udp.checksum.status": "2", - "udp.stream": "152" - }, - "mdns": { - "dns.id": "0x00000293", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=659", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:24:03.820095000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495843.820095000", - "frame.time_delta": "4.104757000", - "frame.time_delta_displayed": "4.104757000", - "frame.time_relative": "2252.359409000", - "frame.number": "8257", - "frame.len": "115", - "frame.cap_len": "115", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "101", - "ip.id": "0x00009707", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007647", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "49", - "tcp.seq": "96080", - "tcp.nxtseq": "96129", - "tcp.ack": "19312", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000039ff", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:20:c8:a7:a3:74:9c", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2629832, TSecr 2812507292": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2629832", - "tcp.options.timestamp.tsecr": "2812507292" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "49", - "tcp.analysis.push_bytes_sent": "49" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "44", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:9a:5f:a5:6e:e4:0e:2e:84:72:2d:e3:75:43:54:8c:9f:d3:34:04:12:b1:e0:3e:01:ba:77:e6:ae:19:32:f2:92:4d:51:4c:b9:8d" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:24:03.880901000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495843.880901000", - "frame.time_delta": "0.060806000", - "frame.time_delta_displayed": "0.060806000", - "frame.time_relative": "2252.420215000", - "frame.number": "8258", - "frame.len": "121", - "frame.cap_len": "121", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "107", - "ip.id": "0x00002df7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003751", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "55", - "tcp.seq": "19312", - "tcp.nxtseq": "19367", - "tcp.ack": "96129", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000c206", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a3:92:f6:00:28:20:c8", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812515062, TSecr 2629832": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812515062", - "tcp.options.timestamp.tsecr": "2629832" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8257", - "tcp.analysis.ack_rtt": "0.060806000", - "tcp.analysis.bytes_in_flight": "55", - "tcp.analysis.push_bytes_sent": "55" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "50", - "ssl.app_data": "34:cd:34:17:47:48:0e:da:ac:3a:a8:a7:fe:36:42:86:ad:3e:36:2b:09:12:a6:54:8b:7d:5c:94:e8:22:b8:26:48:15:3b:f8:b1:46:7f:c6:2c:0e:c2:90:de:e9:b4:f7:e4:b5" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:24:03.881413000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495843.881413000", - "frame.time_delta": "0.000512000", - "frame.time_delta_displayed": "0.000512000", - "frame.time_relative": "2252.420727000", - "frame.number": "8259", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00009708", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007677", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "96129", - "tcp.ack": "19367", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000030a9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:20:ce:a7:a3:92:f6", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2629838, TSecr 2812515062": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2629838", - "tcp.options.timestamp.tsecr": "2812515062" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8258", - "tcp.analysis.ack_rtt": "0.000512000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:24:04.404879000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495844.404879000", - "frame.time_delta": "0.523466000", - "frame.time_delta_displayed": "0.523466000", - "frame.time_relative": "2252.944193000", - "frame.number": "8260", - "frame.len": "94", - "frame.cap_len": "94", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "80", - "ip.id": "0x00005833", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a636", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "40", - "tcp.seq": "5238", - "tcp.nxtseq": "5278", - "tcp.ack": "757", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000788f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "40", - "tcp.analysis.push_bytes_sent": "40" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "35", - "ssl.app_data": "c1:4c:bc:6e:d4:4e:36:f0:e8:6a:b5:69:a5:58:25:e1:0c:b1:90:7c:ed:5a:ce:02:d8:1d:2f:cb:13:e3:81:95:75:43:36" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:24:04.548157000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495844.548157000", - "frame.time_delta": "0.143278000", - "frame.time_delta_displayed": "0.143278000", - "frame.time_relative": "2253.087471000", - "frame.number": "8261", - "frame.len": "90", - "frame.cap_len": "90", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "76", - "ip.id": "0x00001015", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fd58", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "36", - "tcp.seq": "757", - "tcp.nxtseq": "793", - "tcp.ack": "5278", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00005dbc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8260", - "tcp.analysis.ack_rtt": "0.143278000", - "tcp.analysis.bytes_in_flight": "36", - "tcp.analysis.push_bytes_sent": "36" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "31", - "ssl.app_data": "54:26:79:5a:1e:3d:fa:75:96:10:c6:ca:4c:85:ac:7f:e7:88:8c:3e:f1:8e:fb:94:75:8c:fb:44:f1:90:b9" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:24:04.548690000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495844.548690000", - "frame.time_delta": "0.000533000", - "frame.time_delta_displayed": "0.000533000", - "frame.time_relative": "2253.088004000", - "frame.number": "8262", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005834", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a65d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "5278", - "tcp.ack": "793", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000ef09", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8261", - "tcp.analysis.ack_rtt": "0.000533000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:24:06.838765000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495846.838765000", - "frame.time_delta": "2.290075000", - "frame.time_delta_displayed": "2.290075000", - "frame.time_relative": "2255.378079000", - "frame.number": "8263", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005f48", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x000058a1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:24:08.890018000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495848.890018000", - "frame.time_delta": "2.051253000", - "frame.time_delta_displayed": "2.051253000", - "frame.time_relative": "2257.429332000", - "frame.number": "8264", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.242" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:24:08.890439000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495848.890439000", - "frame.time_delta": "0.000421000", - "frame.time_delta_displayed": "0.000421000", - "frame.time_relative": "2257.429753000", - "frame.number": "8265", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "d0:52:a8:a3:60:0f", - "arp.src.proto_ipv4": "192.168.0.242", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:24:09.550706000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495849.550706000", - "frame.time_delta": "0.660267000", - "frame.time_delta_displayed": "0.660267000", - "frame.time_relative": "2258.090020000", - "frame.number": "8266", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.160" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:24:09.551104000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495849.551104000", - "frame.time_delta": "0.000398000", - "frame.time_delta_displayed": "0.000398000", - "frame.time_relative": "2258.090418000", - "frame.number": "8267", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "00:17:88:69:ee:e4", - "arp.src.proto_ipv4": "192.168.0.160", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:24:09.714751000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495849.714751000", - "frame.time_delta": "0.163647000", - "frame.time_delta_displayed": "0.163647000", - "frame.time_relative": "2258.254065000", - "frame.number": "8268", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x0000202e", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b7c2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000195e", - "udp.checksum.status": "2", - "udp.stream": "150" - }, - "mdns": { - "dns.id": "0x00000294", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=660", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:24:09.715264000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495849.715264000", - "frame.time_delta": "0.000513000", - "frame.time_delta_displayed": "0.000513000", - "frame.time_relative": "2258.254578000", - "frame.number": "8269", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x0000202f", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000098bd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000fa59", - "udp.checksum.status": "2", - "udp.stream": "151" - }, - "mdns": { - "dns.id": "0x00000294", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=660", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:24:09.715877000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495849.715877000", - "frame.time_delta": "0.000613000", - "frame.time_delta_displayed": "0.000613000", - "frame.time_relative": "2258.255191000", - "frame.number": "8270", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1325", - "udp.dstport": "5353", - "udp.port": "1325", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000881f", - "udp.checksum.status": "2", - "udp.stream": "152" - }, - "mdns": { - "dns.id": "0x00000294", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=660", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:24:10.244378000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495850.244378000", - "frame.time_delta": "0.528501000", - "frame.time_delta_displayed": "0.528501000", - "frame.time_relative": "2258.783692000", - "frame.number": "8271", - "frame.len": "90", - "frame.cap_len": "90", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "76", - "ip.id": "0x00000bc1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ecf7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "56", - "udp.checksum": "0x000016f1", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "30:00:00:54:42:52:4b:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:00:84:74:02:36:7a:ce:f2:14:21:00:00:00:01:00:00:00:01:00:00:00:06:00:00:00", - "data.len": "48" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:24:11.518542000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495851.518542000", - "frame.time_delta": "1.274164000", - "frame.time_delta_displayed": "1.274164000", - "frame.time_relative": "2260.057856000", - "frame.number": "8272", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x000085a1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000043b6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:24:11.571546000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495851.571546000", - "frame.time_delta": "0.053004000", - "frame.time_delta_displayed": "0.053004000", - "frame.time_relative": "2260.110860000", - "frame.number": "8273", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x000085a5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000043b2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:24:11.624448000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495851.624448000", - "frame.time_delta": "0.052902000", - "frame.time_delta_displayed": "0.052902000", - "frame.time_relative": "2260.163762000", - "frame.number": "8274", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x000085a9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000043a5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:24:11.677372000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495851.677372000", - "frame.time_delta": "0.052924000", - "frame.time_delta_displayed": "0.052924000", - "frame.time_relative": "2260.216686000", - "frame.number": "8275", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x000085ad", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000043a1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:24:11.730230000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495851.730230000", - "frame.time_delta": "0.052858000", - "frame.time_delta_displayed": "0.052858000", - "frame.time_relative": "2260.269544000", - "frame.number": "8276", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x000085b2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000043a2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:24:11.818766000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495851.818766000", - "frame.time_delta": "0.088536000", - "frame.time_delta_displayed": "0.088536000", - "frame.time_relative": "2260.358080000", - "frame.number": "8277", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x000085b5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000439f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:24:14.716079000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495854.716079000", - "frame.time_delta": "2.897313000", - "frame.time_delta_displayed": "2.897313000", - "frame.time_relative": "2263.255393000", - "frame.number": "8278", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00002030", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b7c0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000195e", - "udp.checksum.status": "2", - "udp.stream": "150" - }, - "mdns": { - "dns.id": "0x00000294", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=660", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:24:14.718389000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495854.718389000", - "frame.time_delta": "0.002310000", - "frame.time_delta_displayed": "0.002310000", - "frame.time_relative": "2263.257703000", - "frame.number": "8279", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00002031", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000098bb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000fa59", - "udp.checksum.status": "2", - "udp.stream": "151" - }, - "mdns": { - "dns.id": "0x00000294", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=660", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:24:14.725168000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495854.725168000", - "frame.time_delta": "0.006779000", - "frame.time_delta_displayed": "0.006779000", - "frame.time_relative": "2263.264482000", - "frame.number": "8280", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1325", - "udp.dstport": "5353", - "udp.port": "1325", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000881f", - "udp.checksum.status": "2", - "udp.stream": "152" - }, - "mdns": { - "dns.id": "0x00000294", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=660", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:24:19.715310000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495859.715310000", - "frame.time_delta": "4.990142000", - "frame.time_delta_displayed": "4.990142000", - "frame.time_relative": "2268.254624000", - "frame.number": "8281", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00002034", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b7bc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000195e", - "udp.checksum.status": "2", - "udp.stream": "150" - }, - "mdns": { - "dns.id": "0x00000294", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=660", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:24:19.715853000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495859.715853000", - "frame.time_delta": "0.000543000", - "frame.time_delta_displayed": "0.000543000", - "frame.time_relative": "2268.255167000", - "frame.number": "8282", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00002035", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000098b7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000fa59", - "udp.checksum.status": "2", - "udp.stream": "151" - }, - "mdns": { - "dns.id": "0x00000294", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=660", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:24:19.716435000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495859.716435000", - "frame.time_delta": "0.000582000", - "frame.time_delta_displayed": "0.000582000", - "frame.time_relative": "2268.255749000", - "frame.number": "8283", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1325", - "udp.dstport": "5353", - "udp.port": "1325", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000881f", - "udp.checksum.status": "2", - "udp.stream": "152" - }, - "mdns": { - "dns.id": "0x00000294", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=660", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:24:19.731589000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495859.731589000", - "frame.time_delta": "0.015154000", - "frame.time_delta_displayed": "0.015154000", - "frame.time_relative": "2268.270903000", - "frame.number": "8284", - "frame.len": "20", - "frame.cap_len": "20", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:llc" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.len": "6" - }, - "llc": { - "llc.dsap": "0x00000000", - "llc.dsap_tree": { - "llc.dsap.sap": "0", - "llc.dsap.ig": "0" - }, - "llc.ssap": "0x00000001", - "llc.ssap_tree": { - "llc.ssap.sap": "0", - "llc.ssap.cr": "1" - }, - "llc.control": "0x000000af", - "llc.control_tree": { - "llc.control.u_modifier_resp": "0x0000002b", - "llc.control.ftype": "0x00000003" - } - }, - "basicxid": { - "basicxid.llc.xid.format": "0x00000081", - "basicxid.llc.xid.types": "0x00000001", - "basicxid.llc.xid.wsize": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:24:19.990820000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495859.990820000", - "frame.time_delta": "0.259231000", - "frame.time_delta_displayed": "0.259231000", - "frame.time_relative": "2268.530134000", - "frame.number": "8285", - "frame.len": "350", - "frame.cap_len": "350", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:bootp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "336", - "ip.id": "0x00000000", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ba9d", - "ip.checksum.status": "2", - "ip.src": "0.0.0.0", - "ip.addr": "0.0.0.0", - "ip.src_host": "0.0.0.0", - "ip.host": "0.0.0.0", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "68", - "udp.dstport": "67", - "udp.port": "68", - "udp.port": "67", - "udp.length": "316", - "udp.checksum": "0x00004f9e", - "udp.checksum.status": "2", - "udp.stream": "3" - }, - "bootp": { - "bootp.type": "1", - "bootp.hw.type": "0x00000001", - "bootp.hw.len": "6", - "bootp.hops": "0", - "bootp.id": "0xabcd0001", - "bootp.secs": "0", - "bootp.flags": "0x00000000", - "bootp.flags_tree": { - "bootp.flags.bc": "0", - "bootp.flags.reserved": "0x00000000" - }, - "bootp.ip.client": "0.0.0.0", - "bootp.ip.your": "0.0.0.0", - "bootp.ip.server": "0.0.0.0", - "bootp.ip.relay": "0.0.0.0", - "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", - "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", - "bootp.server": "", - "bootp.file": "", - "bootp.dhcp": "1", - "bootp.cookie": "99.130.83.99", - "bootp.option.type": "53", - "bootp.option.type_tree": { - "bootp.option.length": "1", - "bootp.option.value": "01", - "bootp.option.dhcp": "1" - }, - "bootp.option.type": "12", - "bootp.option.type_tree": { - "bootp.option.length": "14", - "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", - "bootp.option.hostname": "USR-WIFI232-G2" - }, - "bootp.option.type": "57", - "bootp.option.type_tree": { - "bootp.option.length": "2", - "bootp.option.value": "05:dc", - "bootp.option.dhcp_max_message_size": "1500" - }, - "bootp.option.type": "55", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "01:03:1c:06", - "bootp.option.request_list_item": "1", - "bootp.option.request_list_item": "3", - "bootp.option.request_list_item": "28", - "bootp.option.request_list_item": "6" - }, - "bootp.option.type": "0", - "bootp.option.type_tree": { - "bootp.option.end": "255" - }, - "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:24:20.040461000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495860.040461000", - "frame.time_delta": "0.049641000", - "frame.time_delta_displayed": "0.049641000", - "frame.time_relative": "2268.579775000", - "frame.number": "8286", - "frame.len": "350", - "frame.cap_len": "350", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:bootp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "336", - "ip.id": "0x00000001", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ba9c", - "ip.checksum.status": "2", - "ip.src": "0.0.0.0", - "ip.addr": "0.0.0.0", - "ip.src_host": "0.0.0.0", - "ip.host": "0.0.0.0", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "68", - "udp.dstport": "67", - "udp.port": "68", - "udp.port": "67", - "udp.length": "316", - "udp.checksum": "0x000080b3", - "udp.checksum.status": "2", - "udp.stream": "3" - }, - "bootp": { - "bootp.type": "1", - "bootp.hw.type": "0x00000001", - "bootp.hw.len": "6", - "bootp.hops": "0", - "bootp.id": "0xabcd0002", - "bootp.secs": "0", - "bootp.flags": "0x00000000", - "bootp.flags_tree": { - "bootp.flags.bc": "0", - "bootp.flags.reserved": "0x00000000" - }, - "bootp.ip.client": "0.0.0.0", - "bootp.ip.your": "0.0.0.0", - "bootp.ip.server": "0.0.0.0", - "bootp.ip.relay": "0.0.0.0", - "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", - "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", - "bootp.server": "", - "bootp.file": "", - "bootp.dhcp": "1", - "bootp.cookie": "99.130.83.99", - "bootp.option.type": "53", - "bootp.option.type_tree": { - "bootp.option.length": "1", - "bootp.option.value": "03", - "bootp.option.dhcp": "3" - }, - "bootp.option.type": "12", - "bootp.option.type_tree": { - "bootp.option.length": "14", - "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", - "bootp.option.hostname": "USR-WIFI232-G2" - }, - "bootp.option.type": "57", - "bootp.option.type_tree": { - "bootp.option.length": "2", - "bootp.option.value": "05:dc", - "bootp.option.dhcp_max_message_size": "1500" - }, - "bootp.option.type": "50", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "c0:a8:00:72", - "bootp.option.requested_ip_address": "192.168.0.114" - }, - "bootp.option.type": "54", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "c0:a8:00:01", - "bootp.option.dhcp_server_id": "192.168.0.1" - }, - "bootp.option.type": "55", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "01:03:1c:06", - "bootp.option.request_list_item": "1", - "bootp.option.request_list_item": "3", - "bootp.option.request_list_item": "28", - "bootp.option.request_list_item": "6" - }, - "bootp.option.type": "0", - "bootp.option.type_tree": { - "bootp.option.end": "255" - }, - "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:24:20.052956000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495860.052956000", - "frame.time_delta": "0.012495000", - "frame.time_delta_displayed": "0.012495000", - "frame.time_relative": "2268.592270000", - "frame.number": "8287", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", - "arp.src.proto_ipv4": "0.0.0.0", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.114" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:24:20.429196000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495860.429196000", - "frame.time_delta": "0.376240000", - "frame.time_delta_displayed": "0.376240000", - "frame.time_relative": "2268.968510000", - "frame.number": "8288", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", - "arp.src.proto_ipv4": "0.0.0.0", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.114" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:24:25.154452000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495865.154452000", - "frame.time_delta": "4.725256000", - "frame.time_delta_displayed": "4.725256000", - "frame.time_relative": "2273.693766000", - "frame.number": "8289", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", - "arp.src.proto_ipv4": "192.168.0.114", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:24:28.849621000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495868.849621000", - "frame.time_delta": "3.695169000", - "frame.time_delta_displayed": "3.695169000", - "frame.time_relative": "2277.388935000", - "frame.number": "8290", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "3c:ef:8c:6f:79:5a", - "eth.src_tree": { - "eth.src_resolved": "Zhejiang_6f:79:5a", - "eth.addr": "3c:ef:8c:6f:79:5a", - "eth.addr_resolved": "Zhejiang_6f:79:5a", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.isgratuitous": "1", - "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", - "arp.src.proto_ipv4": "192.168.0.71", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.71" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:24:29.559232000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495869.559232000", - "frame.time_delta": "0.709611000", - "frame.time_delta_displayed": "0.709611000", - "frame.time_relative": "2278.098546000", - "frame.number": "8291", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "3c:ef:8c:6f:79:5a", - "eth.src_tree": { - "eth.src_resolved": "Zhejiang_6f:79:5a", - "eth.addr": "3c:ef:8c:6f:79:5a", - "eth.addr_resolved": "Zhejiang_6f:79:5a", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.isgratuitous": "1", - "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", - "arp.src.proto_ipv4": "192.168.0.71", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.71" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:24:29.718187000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495869.718187000", - "frame.time_delta": "0.158955000", - "frame.time_delta_displayed": "0.158955000", - "frame.time_relative": "2278.257501000", - "frame.number": "8292", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00002036", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b7ba", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000185d", - "udp.checksum.status": "2", - "udp.stream": "150" - }, - "mdns": { - "dns.id": "0x00000295", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=661", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:24:29.718669000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495869.718669000", - "frame.time_delta": "0.000482000", - "frame.time_delta_displayed": "0.000482000", - "frame.time_relative": "2278.257983000", - "frame.number": "8293", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00002037", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000098b5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f958", - "udp.checksum.status": "2", - "udp.stream": "151" - }, - "mdns": { - "dns.id": "0x00000295", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=661", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:24:29.719100000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495869.719100000", - "frame.time_delta": "0.000431000", - "frame.time_delta_displayed": "0.000431000", - "frame.time_relative": "2278.258414000", - "frame.number": "8294", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1325", - "udp.dstport": "5353", - "udp.port": "1325", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000871e", - "udp.checksum.status": "2", - "udp.stream": "152" - }, - "mdns": { - "dns.id": "0x00000295", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=661", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:24:33.119195000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495873.119195000", - "frame.time_delta": "3.400095000", - "frame.time_delta_displayed": "3.400095000", - "frame.time_relative": "2281.658509000", - "frame.number": "8295", - "frame.len": "418", - "frame.cap_len": "418", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "404", - "ip.id": "0x00009709", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007516", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "352", - "tcp.seq": "96129", - "tcp.nxtseq": "96481", - "tcp.ack": "19367", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00005536", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:2c:3a:a7:a3:92:f6", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2632762, TSecr 2812515062": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2632762", - "tcp.options.timestamp.tsecr": "2812515062" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "352", - "tcp.analysis.push_bytes_sent": "352" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "347", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:9b:59:60:40:5d:5f:b7:54:68:a8:ae:42:3d:1d:69:79:a5:51:61:82:94:9e:2e:30:94:6e:f5:5e:b1:ea:68:90:3b:53:a1:60:f9:97:17:65:d3:cf:2c:9a:0a:fd:47:d5:6e:14:3e:5c:dc:68:3a:27:f9:dd:bb:5d:4d:1d:d4:8d:da:1c:cd:16:a1:ae:fa:87:3d:1e:c7:37:6b:0e:e5:6a:a6:cf:58:f5:a6:ed:d2:a7:be:f8:a0:04:9e:3e:e5:34:b2:0d:99:82:d3:41:84:77:4c:d1:a8:f7:8b:80:f9:9b:b3:89:4e:91:42:7f:f4:5a:a0:0f:1b:4a:27:ff:d0:04:af:fe:60:4a:22:02:29:3d:fd:db:c4:1c:c4:c0:29:6f:cf:12:9d:6c:5d:9d:91:9d:ac:61:57:a8:79:13:2d:59:1e:ae:70:ed:b3:1b:20:b7:c2:a5:14:66:23:9c:a9:43:c9:60:8b:67:d1:2a:44:25:42:05:4e:ef:3b:aa:68:a7:13:0e:b8:ed:d7:6f:4a:74:e3:06:ac:26:a1:6b:b2:c3:5f:a7:0f:4b:2c:70:46:f1:4b:ac:1a:da:b4:87:de:4c:30:d4:d1:62:eb:34:b5:d8:d3:89:fc:13:5e:85:ff:ef:79:e5:af:d6:b0:2d:78:c9:25:63:d1:23:0c:a2:a2:9f:ea:9f:cc:2a:f8:b7:8b:15:70:c6:3e:fe:b0:4e:a7:a4:9b:fa:60:e8:2e:2e:a9:65:15:59:24:ee:71:ce:a2:7b:38:05:eb:87:23:53:eb:58:17:03:b8:fa:23:00:8f:4f:66:53:fd:9f:7d:04:f9:68:c2:bb:c8:fd:58:e4:33:66:c3:ea:a7:1e:b9:c4:0d:29:18:2b:45:c6:45:48:ad:88:59:6c:70:a1" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:24:33.187426000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495873.187426000", - "frame.time_delta": "0.068231000", - "frame.time_delta_displayed": "0.068231000", - "frame.time_relative": "2281.726740000", - "frame.number": "8296", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002df8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003758", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "19367", - "tcp.nxtseq": "19414", - "tcp.ack": "96481", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000019f7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a3:af:95:00:28:2c:3a", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812522389, TSecr 2632762": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812522389", - "tcp.options.timestamp.tsecr": "2632762" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8295", - "tcp.analysis.ack_rtt": "0.068231000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:db:3c:ca:8d:1b:26:2b:a1:e4:dc:d3:56:6a:af:92:82:d3:34:35:45:a7:86:41:0e:f3:69:60:52:a5:8a:e7:47:60:a7:a9" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:24:33.187865000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495873.187865000", - "frame.time_delta": "0.000439000", - "frame.time_delta_displayed": "0.000439000", - "frame.time_relative": "2281.727179000", - "frame.number": "8297", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000970a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007675", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "96481", - "tcp.ack": "19414", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00000708", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:2c:41:a7:a3:af:95", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2632769, TSecr 2812522389": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2632769", - "tcp.options.timestamp.tsecr": "2812522389" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8296", - "tcp.analysis.ack_rtt": "0.000439000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:24:34.658011000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495874.658011000", - "frame.time_delta": "1.470146000", - "frame.time_delta_displayed": "1.470146000", - "frame.time_relative": "2283.197325000", - "frame.number": "8298", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005835", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a65c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "5277", - "tcp.ack": "793", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000ef0a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive": "", - "_ws.expert.message": "TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:24:34.718153000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495874.718153000", - "frame.time_delta": "0.060142000", - "frame.time_delta_displayed": "0.060142000", - "frame.time_relative": "2283.257467000", - "frame.number": "8299", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x0000203b", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b7b5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000185d", - "udp.checksum.status": "2", - "udp.stream": "150" - }, - "mdns": { - "dns.id": "0x00000295", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=661", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:24:34.718691000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495874.718691000", - "frame.time_delta": "0.000538000", - "frame.time_delta_displayed": "0.000538000", - "frame.time_relative": "2283.258005000", - "frame.number": "8300", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x0000203c", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000098b0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f958", - "udp.checksum.status": "2", - "udp.stream": "151" - }, - "mdns": { - "dns.id": "0x00000295", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=661", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:24:34.719306000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495874.719306000", - "frame.time_delta": "0.000615000", - "frame.time_delta_displayed": "0.000615000", - "frame.time_relative": "2283.258620000", - "frame.number": "8301", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1325", - "udp.dstport": "5353", - "udp.port": "1325", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000871e", - "udp.checksum.status": "2", - "udp.stream": "152" - }, - "mdns": { - "dns.id": "0x00000295", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=661", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:24:34.801006000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495874.801006000", - "frame.time_delta": "0.081700000", - "frame.time_delta_displayed": "0.081700000", - "frame.time_relative": "2283.340320000", - "frame.number": "8302", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001016", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fd7b", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "793", - "tcp.ack": "5278", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f97f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive_ack": "", - "_ws.expert.message": "ACK to a TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:24:36.842117000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495876.842117000", - "frame.time_delta": "2.041111000", - "frame.time_delta_displayed": "2.041111000", - "frame.time_relative": "2285.381431000", - "frame.number": "8303", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005f4f", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x0000589a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:24:39.667946000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495879.667946000", - "frame.time_delta": "2.825829000", - "frame.time_delta_displayed": "2.825829000", - "frame.time_relative": "2288.207260000", - "frame.number": "8304", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "00:17:88:69:ee:e4", - "arp.src.proto_ipv4": "192.168.0.160", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:24:39.668077000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495879.668077000", - "frame.time_delta": "0.000131000", - "frame.time_delta_displayed": "0.000131000", - "frame.time_relative": "2288.207391000", - "frame.number": "8305", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:17:88:69:ee:e4", - "arp.dst.proto_ipv4": "192.168.0.160" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:24:39.718471000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495879.718471000", - "frame.time_delta": "0.050394000", - "frame.time_delta_displayed": "0.050394000", - "frame.time_relative": "2288.257785000", - "frame.number": "8306", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x0000203d", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b7b3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000185d", - "udp.checksum.status": "2", - "udp.stream": "150" - }, - "mdns": { - "dns.id": "0x00000295", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=661", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:24:39.718961000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495879.718961000", - "frame.time_delta": "0.000490000", - "frame.time_delta_displayed": "0.000490000", - "frame.time_relative": "2288.258275000", - "frame.number": "8307", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x0000203e", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000098ae", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f958", - "udp.checksum.status": "2", - "udp.stream": "151" - }, - "mdns": { - "dns.id": "0x00000295", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=661", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:24:39.719569000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495879.719569000", - "frame.time_delta": "0.000608000", - "frame.time_delta_displayed": "0.000608000", - "frame.time_relative": "2288.258883000", - "frame.number": "8308", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1325", - "udp.dstport": "5353", - "udp.port": "1325", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000871e", - "udp.checksum.status": "2", - "udp.stream": "152" - }, - "mdns": { - "dns.id": "0x00000295", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=661", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:24:49.718999000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495889.718999000", - "frame.time_delta": "9.999430000", - "frame.time_delta_displayed": "9.999430000", - "frame.time_relative": "2298.258313000", - "frame.number": "8309", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x0000203f", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b7b1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000175c", - "udp.checksum.status": "2", - "udp.stream": "150" - }, - "mdns": { - "dns.id": "0x00000296", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=662", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:24:49.719515000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495889.719515000", - "frame.time_delta": "0.000516000", - "frame.time_delta_displayed": "0.000516000", - "frame.time_relative": "2298.258829000", - "frame.number": "8310", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00002040", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000098ac", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f857", - "udp.checksum.status": "2", - "udp.stream": "151" - }, - "mdns": { - "dns.id": "0x00000296", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=662", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:24:49.720132000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495889.720132000", - "frame.time_delta": "0.000617000", - "frame.time_delta_displayed": "0.000617000", - "frame.time_relative": "2298.259446000", - "frame.number": "8311", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1325", - "udp.dstport": "5353", - "udp.port": "1325", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000861d", - "udp.checksum.status": "2", - "udp.stream": "152" - }, - "mdns": { - "dns.id": "0x00000296", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=662", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:24:54.719279000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495894.719279000", - "frame.time_delta": "4.999147000", - "frame.time_delta_displayed": "4.999147000", - "frame.time_relative": "2303.258593000", - "frame.number": "8312", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00002041", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b7af", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000175c", - "udp.checksum.status": "2", - "udp.stream": "150" - }, - "mdns": { - "dns.id": "0x00000296", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=662", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:24:54.719794000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495894.719794000", - "frame.time_delta": "0.000515000", - "frame.time_delta_displayed": "0.000515000", - "frame.time_relative": "2303.259108000", - "frame.number": "8313", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00002042", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000098aa", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f857", - "udp.checksum.status": "2", - "udp.stream": "151" - }, - "mdns": { - "dns.id": "0x00000296", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=662", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:24:54.720569000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495894.720569000", - "frame.time_delta": "0.000775000", - "frame.time_delta_displayed": "0.000775000", - "frame.time_relative": "2303.259883000", - "frame.number": "8314", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1325", - "udp.dstport": "5353", - "udp.port": "1325", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000861d", - "udp.checksum.status": "2", - "udp.stream": "152" - }, - "mdns": { - "dns.id": "0x00000296", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=662", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:24:59.719451000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495899.719451000", - "frame.time_delta": "4.998882000", - "frame.time_delta_displayed": "4.998882000", - "frame.time_relative": "2308.258765000", - "frame.number": "8315", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00002043", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b7ad", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000175c", - "udp.checksum.status": "2", - "udp.stream": "150" - }, - "mdns": { - "dns.id": "0x00000296", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=662", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:24:59.720139000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495899.720139000", - "frame.time_delta": "0.000688000", - "frame.time_delta_displayed": "0.000688000", - "frame.time_relative": "2308.259453000", - "frame.number": "8316", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00002044", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000098a8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f857", - "udp.checksum.status": "2", - "udp.stream": "151" - }, - "mdns": { - "dns.id": "0x00000296", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=662", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:24:59.720547000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495899.720547000", - "frame.time_delta": "0.000408000", - "frame.time_delta_displayed": "0.000408000", - "frame.time_relative": "2308.259861000", - "frame.number": "8317", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1325", - "udp.dstport": "5353", - "udp.port": "1325", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000861d", - "udp.checksum.status": "2", - "udp.stream": "152" - }, - "mdns": { - "dns.id": "0x00000296", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=662", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:04.206015000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495904.206015000", - "frame.time_delta": "4.485468000", - "frame.time_delta_displayed": "4.485468000", - "frame.time_relative": "2312.745329000", - "frame.number": "8318", - "frame.len": "115", - "frame.cap_len": "115", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "101", - "ip.id": "0x0000970b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007643", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "49", - "tcp.seq": "96481", - "tcp.nxtseq": "96530", - "tcp.ack": "19414", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00002a6f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:38:5f:a7:a3:af:95", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2635871, TSecr 2812522389": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2635871", - "tcp.options.timestamp.tsecr": "2812522389" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "49", - "tcp.analysis.push_bytes_sent": "49" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "44", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:9c:5b:69:bd:c2:23:28:78:e6:30:62:93:d1:f2:1a:62:b9:3b:cd:b4:90:2c:1d:cc:35:b2:7c:9e:49:e2:37:da:ed:8f:c1:cb:90" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:04.266566000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495904.266566000", - "frame.time_delta": "0.060551000", - "frame.time_delta_displayed": "0.060551000", - "frame.time_relative": "2312.805880000", - "frame.number": "8319", - "frame.len": "121", - "frame.cap_len": "121", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "107", - "ip.id": "0x00002df9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000374f", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "55", - "tcp.seq": "19414", - "tcp.nxtseq": "19469", - "tcp.ack": "96530", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000072cb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a3:cd:ef:00:28:38:5f", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812530159, TSecr 2635871": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812530159", - "tcp.options.timestamp.tsecr": "2635871" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8318", - "tcp.analysis.ack_rtt": "0.060551000", - "tcp.analysis.bytes_in_flight": "55", - "tcp.analysis.push_bytes_sent": "55" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "50", - "ssl.app_data": "34:cd:34:17:47:48:0e:dc:df:38:19:41:d8:18:d5:4e:d1:9b:aa:07:ae:c2:a1:9a:7c:7a:fd:08:c6:de:55:57:14:bc:dd:f5:2d:e9:6d:47:df:19:31:f1:8f:27:ec:b6:5e:ad" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:04.267068000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495904.267068000", - "frame.time_delta": "0.000502000", - "frame.time_delta_displayed": "0.000502000", - "frame.time_relative": "2312.806382000", - "frame.number": "8320", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000970c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007673", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "96530", - "tcp.ack": "19469", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000dc21", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:38:65:a7:a3:cd:ef", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2635877, TSecr 2812530159": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2635877", - "tcp.options.timestamp.tsecr": "2812530159" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8319", - "tcp.analysis.ack_rtt": "0.000502000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:04.617834000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495904.617834000", - "frame.time_delta": "0.350766000", - "frame.time_delta_displayed": "0.350766000", - "frame.time_relative": "2313.157148000", - "frame.number": "8321", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x000096e1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00003276", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:04.670978000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495904.670978000", - "frame.time_delta": "0.053144000", - "frame.time_delta_displayed": "0.053144000", - "frame.time_relative": "2313.210292000", - "frame.number": "8322", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x000096e6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00003271", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:04.723875000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495904.723875000", - "frame.time_delta": "0.052897000", - "frame.time_delta_displayed": "0.052897000", - "frame.time_relative": "2313.263189000", - "frame.number": "8323", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x000096e7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00003267", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:04.776758000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495904.776758000", - "frame.time_delta": "0.052883000", - "frame.time_delta_displayed": "0.052883000", - "frame.time_relative": "2313.316072000", - "frame.number": "8324", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x000096e8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00003266", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:04.797981000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495904.797981000", - "frame.time_delta": "0.021223000", - "frame.time_delta_displayed": "0.021223000", - "frame.time_relative": "2313.337295000", - "frame.number": "8325", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005836", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a65b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "5277", - "tcp.ack": "793", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000ef0a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive": "", - "_ws.expert.message": "TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:04.829945000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495904.829945000", - "frame.time_delta": "0.031964000", - "frame.time_delta_displayed": "0.031964000", - "frame.time_relative": "2313.369259000", - "frame.number": "8326", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x000096ea", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000326a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:04.882823000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495904.882823000", - "frame.time_delta": "0.052878000", - "frame.time_delta_displayed": "0.052878000", - "frame.time_relative": "2313.422137000", - "frame.number": "8327", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x000096ee", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00003266", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:04.941132000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495904.941132000", - "frame.time_delta": "0.058309000", - "frame.time_delta_displayed": "0.058309000", - "frame.time_relative": "2313.480446000", - "frame.number": "8328", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001017", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fd7a", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "793", - "tcp.ack": "5278", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f97f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive_ack": "", - "_ws.expert.message": "ACK to a TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:06.845148000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495906.845148000", - "frame.time_delta": "1.904016000", - "frame.time_delta_displayed": "1.904016000", - "frame.time_relative": "2315.384462000", - "frame.number": "8329", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005f56", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x00005893", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:09.270190000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495909.270190000", - "frame.time_delta": "2.425042000", - "frame.time_delta_displayed": "2.425042000", - "frame.time_relative": "2317.809504000", - "frame.number": "8330", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.242" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:09.270623000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495909.270623000", - "frame.time_delta": "0.000433000", - "frame.time_delta_displayed": "0.000433000", - "frame.time_relative": "2317.809937000", - "frame.number": "8331", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "d0:52:a8:a3:60:0f", - "arp.src.proto_ipv4": "192.168.0.242", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:09.429153000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495909.429153000", - "frame.time_delta": "0.158530000", - "frame.time_delta_displayed": "0.158530000", - "frame.time_relative": "2317.968467000", - "frame.number": "8332", - "frame.len": "318", - "frame.cap_len": "318", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:data-text-lines" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "304", - "ip.id": "0x0000cc15", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "47", - "ip.proto": "6", - "ip.checksum": "0x0000c6b0", - "ip.checksum.status": "2", - "ip.src": "54.241.191.240", - "ip.addr": "54.241.191.240", - "ip.src_host": "54.241.191.240", - "ip.host": "54.241.191.240", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.src_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.src_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.src_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49780", - "tcp.port": "80", - "tcp.port": "49780", - "tcp.stream": "305", - "tcp.len": "264", - "tcp.seq": "1", - "tcp.nxtseq": "265", - "tcp.ack": "258", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "15544", - "tcp.window_size": "15544", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x000052e8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.018703000", - "tcp.analysis.bytes_in_flight": "264", - "tcp.analysis.push_bytes_sent": "264" - } - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.date": "Wed, 01 Nov 2017 00:25:09 GMT", - "http.response.line": "Date: Wed, 01 Nov 2017 00:25:09 GMT\r\n", - "http.content_type": "text\/javascript; charset=\"UTF-8\"", - "http.response.line": "Content-Type: text\/javascript; charset=\"UTF-8\"\r\n", - "http.content_length_header": "24", - "http.content_length_header_tree": { - "http.content_length": "24" - }, - "http.response.line": "Content-Length: 24\r\n", - "http.connection": "keep-alive", - "http.response.line": "Connection: keep-alive\r\n", - "http.cache_control": "no-cache", - "http.response.line": "Cache-Control: no-cache\r\n", - "http.response.line": "Access-Control-Allow-Origin: *\r\n", - "http.response.line": "Access-Control-Allow-Methods: GET\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "280.035478000", - "http.request_in": "7819", - "http.file_data": "[[],\"15094945528362978\"]" - }, - "data-text-lines": { - "[[],\"15094945528362978\"]": "" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:09.462349000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495909.462349000", - "frame.time_delta": "0.033196000", - "frame.time_delta_displayed": "0.033196000", - "frame.time_relative": "2318.001663000", - "frame.number": "8333", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001073", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x0000f35a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.241.191.240", - "ip.addr": "54.241.191.240", - "ip.dst_host": "54.241.191.240", - "ip.host": "54.241.191.240", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49780", - "tcp.dstport": "80", - "tcp.port": "49780", - "tcp.port": "80", - "tcp.stream": "305", - "tcp.len": "0", - "tcp.seq": "258", - "tcp.ack": "265", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "5336", - "tcp.window_size": "5336", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x000068e6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8332", - "tcp.analysis.ack_rtt": "0.033196000", - "tcp.analysis.initial_rtt": "0.018703000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:09.474674000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495909.474674000", - "frame.time_delta": "0.012325000", - "frame.time_delta_displayed": "0.012325000", - "frame.time_relative": "2318.013988000", - "frame.number": "8334", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000cc16", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "47", - "ip.proto": "6", - "ip.checksum": "0x0000c7b7", - "ip.checksum.status": "2", - "ip.src": "54.241.191.240", - "ip.addr": "54.241.191.240", - "ip.src_host": "54.241.191.240", - "ip.host": "54.241.191.240", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.src_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.src_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.src_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49780", - "tcp.port": "80", - "tcp.port": "49780", - "tcp.stream": "305", - "tcp.len": "0", - "tcp.seq": "265", - "tcp.ack": "259", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "15544", - "tcp.window_size": "15544", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00004105", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8333", - "tcp.analysis.ack_rtt": "0.012325000", - "tcp.analysis.initial_rtt": "0.018703000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:09.480489000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495909.480489000", - "frame.time_delta": "0.005815000", - "frame.time_delta_displayed": "0.005815000", - "frame.time_relative": "2318.019803000", - "frame.number": "8335", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001074", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x0000f359", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.241.191.240", - "ip.addr": "54.241.191.240", - "ip.dst_host": "54.241.191.240", - "ip.host": "54.241.191.240", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49780", - "tcp.dstport": "80", - "tcp.port": "49780", - "tcp.port": "80", - "tcp.stream": "305", - "tcp.len": "0", - "tcp.seq": "259", - "tcp.ack": "266", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5335", - "tcp.window_size": "5335", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x000068e6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8334", - "tcp.analysis.ack_rtt": "0.005815000", - "tcp.analysis.initial_rtt": "0.018703000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:09.720131000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495909.720131000", - "frame.time_delta": "0.239642000", - "frame.time_delta_displayed": "0.239642000", - "frame.time_relative": "2318.259445000", - "frame.number": "8336", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00002045", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b7ab", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000165b", - "udp.checksum.status": "2", - "udp.stream": "150" - }, - "mdns": { - "dns.id": "0x00000297", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=663", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:09.720642000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495909.720642000", - "frame.time_delta": "0.000511000", - "frame.time_delta_displayed": "0.000511000", - "frame.time_relative": "2318.259956000", - "frame.number": "8337", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00002046", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000098a6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f756", - "udp.checksum.status": "2", - "udp.stream": "151" - }, - "mdns": { - "dns.id": "0x00000297", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=663", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:09.721267000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495909.721267000", - "frame.time_delta": "0.000625000", - "frame.time_delta_displayed": "0.000625000", - "frame.time_relative": "2318.260581000", - "frame.number": "8338", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1325", - "udp.dstport": "5353", - "udp.port": "1325", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000851c", - "udp.checksum.status": "2", - "udp.stream": "152" - }, - "mdns": { - "dns.id": "0x00000297", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=663", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:09.807956000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495909.807956000", - "frame.time_delta": "0.086689000", - "frame.time_delta_displayed": "0.086689000", - "frame.time_relative": "2318.347270000", - "frame.number": "8339", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "00:17:88:69:ee:e4", - "arp.src.proto_ipv4": "192.168.0.160", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:09.808124000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495909.808124000", - "frame.time_delta": "0.000168000", - "frame.time_delta_displayed": "0.000168000", - "frame.time_relative": "2318.347438000", - "frame.number": "8340", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:17:88:69:ee:e4", - "arp.dst.proto_ipv4": "192.168.0.160" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:10.468867000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495910.468867000", - "frame.time_delta": "0.660743000", - "frame.time_delta_displayed": "0.660743000", - "frame.time_relative": "2319.008181000", - "frame.number": "8341", - "frame.len": "77", - "frame.cap_len": "77", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "63", - "ip.id": "0x00001075", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000296f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "49153", - "udp.dstport": "53", - "udp.port": "49153", - "udp.port": "53", - "udp.length": "43", - "udp.checksum": "0x0000ae31", - "udp.checksum.status": "2", - "udp.stream": "14" - }, - "dns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "pubsub.pubnub.com: type A, class IN": { - "dns.qry.name": "pubsub.pubnub.com", - "dns.qry.name.len": "17", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:10.470887000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495910.470887000", - "frame.time_delta": "0.002020000", - "frame.time_delta_displayed": "0.002020000", - "frame.time_relative": "2319.010201000", - "frame.number": "8342", - "frame.len": "540", - "frame.cap_len": "540", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "526", - "ip.id": "0x00008423", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000032f2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "49153", - "udp.port": "53", - "udp.port": "49153", - "udp.length": "506", - "udp.checksum": "0x000083d5", - "udp.checksum.status": "2", - "udp.stream": "14" - }, - "dns": { - "dns.response_to": "8341", - "dns.time": "0.002020000", - "dns.id": "0x00000000", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "2", - "dns.count.auth_rr": "8", - "dns.count.add_rr": "11", - "Queries": { - "pubsub.pubnub.com: type A, class IN": { - "dns.qry.name": "pubsub.pubnub.com", - "dns.qry.name.len": "17", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "pubsub.pubnub.com: type A, class IN, addr 54.219.189.242": { - "dns.resp.name": "pubsub.pubnub.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "152", - "dns.resp.len": "4", - "dns.a": "54.219.189.242" - }, - "pubsub.pubnub.com: type A, class IN, addr 54.219.189.244": { - "dns.resp.name": "pubsub.pubnub.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "152", - "dns.resp.len": "4", - "dns.a": "54.219.189.244" - } - }, - "Authoritative nameservers": { - "pubnub.com: type NS, class IN, ns ns3.p19.dynect.net": { - "dns.resp.name": "pubnub.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "51649", - "dns.resp.len": "20", - "dns.ns": "ns3.p19.dynect.net" - }, - "pubnub.com: type NS, class IN, ns ns2.p19.dynect.net": { - "dns.resp.name": "pubnub.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "51649", - "dns.resp.len": "6", - "dns.ns": "ns2.p19.dynect.net" - }, - "pubnub.com: type NS, class IN, ns ns-1127.awsdns-12.org": { - "dns.resp.name": "pubnub.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "51649", - "dns.resp.len": "23", - "dns.ns": "ns-1127.awsdns-12.org" - }, - "pubnub.com: type NS, class IN, ns ns-22.awsdns-02.com": { - "dns.resp.name": "pubnub.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "51649", - "dns.resp.len": "18", - "dns.ns": "ns-22.awsdns-02.com" - }, - "pubnub.com: type NS, class IN, ns ns-1979.awsdns-55.co.uk": { - "dns.resp.name": "pubnub.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "51649", - "dns.resp.len": "25", - "dns.ns": "ns-1979.awsdns-55.co.uk" - }, - "pubnub.com: type NS, class IN, ns ns4.p19.dynect.net": { - "dns.resp.name": "pubnub.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "51649", - "dns.resp.len": "6", - "dns.ns": "ns4.p19.dynect.net" - }, - "pubnub.com: type NS, class IN, ns ns-907.awsdns-49.net": { - "dns.resp.name": "pubnub.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "51649", - "dns.resp.len": "19", - "dns.ns": "ns-907.awsdns-49.net" - }, - "pubnub.com: type NS, class IN, ns ns1.p19.dynect.net": { - "dns.resp.name": "pubnub.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "51649", - "dns.resp.len": "6", - "dns.ns": "ns1.p19.dynect.net" - } - }, - "Additional records": { - "ns1.p19.dynect.net: type A, class IN, addr 208.78.70.19": { - "dns.resp.name": "ns1.p19.dynect.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3940", - "dns.resp.len": "4", - "dns.a": "208.78.70.19" - }, - "ns2.p19.dynect.net: type A, class IN, addr 204.13.250.19": { - "dns.resp.name": "ns2.p19.dynect.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "55900", - "dns.resp.len": "4", - "dns.a": "204.13.250.19" - }, - "ns3.p19.dynect.net: type A, class IN, addr 208.78.71.19": { - "dns.resp.name": "ns3.p19.dynect.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2210", - "dns.resp.len": "4", - "dns.a": "208.78.71.19" - }, - "ns4.p19.dynect.net: type A, class IN, addr 204.13.251.19": { - "dns.resp.name": "ns4.p19.dynect.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "55901", - "dns.resp.len": "4", - "dns.a": "204.13.251.19" - }, - "ns-22.awsdns-02.com: type A, class IN, addr 205.251.192.22": { - "dns.resp.name": "ns-22.awsdns-02.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "56642", - "dns.resp.len": "4", - "dns.a": "205.251.192.22" - }, - "ns-907.awsdns-49.net: type A, class IN, addr 205.251.195.139": { - "dns.resp.name": "ns-907.awsdns-49.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "56750", - "dns.resp.len": "4", - "dns.a": "205.251.195.139" - }, - "ns-1127.awsdns-12.org: type A, class IN, addr 205.251.196.103": { - "dns.resp.name": "ns-1127.awsdns-12.org", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "56292", - "dns.resp.len": "4", - "dns.a": "205.251.196.103" - }, - "ns-1979.awsdns-55.co.uk: type A, class IN, addr 205.251.199.187": { - "dns.resp.name": "ns-1979.awsdns-55.co.uk", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "56093", - "dns.resp.len": "4", - "dns.a": "205.251.199.187" - }, - "ns-22.awsdns-02.com: type AAAA, class IN, addr 2600:9000:5300:1600::1": { - "dns.resp.name": "ns-22.awsdns-02.com", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "56642", - "dns.resp.len": "16", - "dns.aaaa": "2600:9000:5300:1600::1" - }, - "ns-907.awsdns-49.net: type AAAA, class IN, addr 2600:9000:5303:8b00::1": { - "dns.resp.name": "ns-907.awsdns-49.net", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "56750", - "dns.resp.len": "16", - "dns.aaaa": "2600:9000:5303:8b00::1" - }, - "ns-1127.awsdns-12.org: type AAAA, class IN, addr 2600:9000:5304:6700::1": { - "dns.resp.name": "ns-1127.awsdns-12.org", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "56292", - "dns.resp.len": "16", - "dns.aaaa": "2600:9000:5304:6700::1" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:10.477690000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495910.477690000", - "frame.time_delta": "0.006803000", - "frame.time_delta_displayed": "0.006803000", - "frame.time_relative": "2319.017004000", - "frame.number": "8343", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "44", - "ip.id": "0x00001076", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x0000f567", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.219.189.242", - "ip.addr": "54.219.189.242", - "ip.dst_host": "54.219.189.242", - "ip.host": "54.219.189.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49782", - "tcp.dstport": "80", - "tcp.port": "49782", - "tcp.port": "80", - "tcp.stream": "320", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "24", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "5600", - "tcp.window_size": "5600", - "tcp.checksum": "0x0000fbae", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:78", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1400" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:10.490248000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495910.490248000", - "frame.time_delta": "0.012558000", - "frame.time_delta_displayed": "0.012558000", - "frame.time_relative": "2319.029562000", - "frame.number": "8344", - "frame.len": "58", - "frame.cap_len": "58", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "44", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "47", - "ip.proto": "6", - "ip.checksum": "0x000095de", - "ip.checksum.status": "2", - "ip.src": "54.219.189.242", - "ip.addr": "54.219.189.242", - "ip.src_host": "54.219.189.242", - "ip.host": "54.219.189.242", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.src_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.src_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.src_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49782", - "tcp.port": "80", - "tcp.port": "49782", - "tcp.stream": "320", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "24", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "14600", - "tcp.window_size": "14600", - "tcp.checksum": "0x0000bf78", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8343", - "tcp.analysis.ack_rtt": "0.012558000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:10.495788000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495910.495788000", - "frame.time_delta": "0.005540000", - "frame.time_delta_displayed": "0.005540000", - "frame.time_relative": "2319.035102000", - "frame.number": "8345", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001077", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x0000f56a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.219.189.242", - "ip.addr": "54.219.189.242", - "ip.dst_host": "54.219.189.242", - "ip.host": "54.219.189.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49782", - "tcp.dstport": "80", - "tcp.port": "49782", - "tcp.port": "80", - "tcp.stream": "320", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5600", - "tcp.window_size": "5600", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000fa5d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8344", - "tcp.analysis.ack_rtt": "0.005540000", - "tcp.analysis.initial_rtt": "0.018098000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:10.514874000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495910.514874000", - "frame.time_delta": "0.019086000", - "frame.time_delta_displayed": "0.019086000", - "frame.time_relative": "2319.054188000", - "frame.number": "8346", - "frame.len": "69", - "frame.cap_len": "69", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "55", - "ip.id": "0x00001078", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x0000f55a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.219.189.242", - "ip.addr": "54.219.189.242", - "ip.dst_host": "54.219.189.242", - "ip.host": "54.219.189.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49782", - "tcp.dstport": "80", - "tcp.port": "49782", - "tcp.port": "80", - "tcp.stream": "320", - "tcp.len": "15", - "tcp.seq": "1", - "tcp.nxtseq": "16", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5600", - "tcp.window_size": "5600", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x000042d9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.018098000", - "tcp.analysis.bytes_in_flight": "15", - "tcp.analysis.push_bytes_sent": "15" - }, - "tcp.segment_data": "47:45:54:20:2f:73:75:62:73:63:72:69:62:65:2f" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:10.526586000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495910.526586000", - "frame.time_delta": "0.011712000", - "frame.time_delta_displayed": "0.011712000", - "frame.time_relative": "2319.065900000", - "frame.number": "8347", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00008656", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "47", - "ip.proto": "6", - "ip.checksum": "0x00000f8c", - "ip.checksum.status": "2", - "ip.src": "54.219.189.242", - "ip.addr": "54.219.189.242", - "ip.src_host": "54.219.189.242", - "ip.host": "54.219.189.242", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.src_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.src_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.src_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49782", - "tcp.port": "80", - "tcp.port": "49782", - "tcp.stream": "320", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "16", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "14600", - "tcp.window_size": "14600", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000d726", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8346", - "tcp.analysis.ack_rtt": "0.011712000", - "tcp.analysis.initial_rtt": "0.018098000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:10.532644000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495910.532644000", - "frame.time_delta": "0.006058000", - "frame.time_delta_displayed": "0.006058000", - "frame.time_relative": "2319.071958000", - "frame.number": "8348", - "frame.len": "296", - "frame.cap_len": "296", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "282", - "ip.id": "0x00001079", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x0000f476", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.219.189.242", - "ip.addr": "54.219.189.242", - "ip.dst_host": "54.219.189.242", - "ip.host": "54.219.189.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49782", - "tcp.dstport": "80", - "tcp.port": "49782", - "tcp.port": "80", - "tcp.stream": "320", - "tcp.len": "242", - "tcp.seq": "16", - "tcp.nxtseq": "258", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5600", - "tcp.window_size": "5600", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000796c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.018098000", - "tcp.analysis.bytes_in_flight": "242", - "tcp.analysis.push_bytes_sent": "242" - }, - "tcp.segment_data": "73:75:62:2d:63:2d:62:35:62:35:65:61:61:65:2d:38:63:64:39:2d:31:31:65:33:2d:61:35:36:62:2d:30:32:65:65:32:64:64:61:62:37:66:65:2f:63:68:61:6e:6e:65:6c:5f:39:62:63:34:31:61:63:34:2d:37:39:61:36:2d:34:35:65:31:2d:39:37:64:32:2d:34:62:30:65:31:64:62:65:35:39:32:33:2f:30:2f:31:35:30:39:34:39:34:35:35:32:38:33:36:32:39:37:38:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:70:75:62:73:75:62:2e:70:75:62:6e:75:62:2e:63:6f:6d:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:6c:77:73:6f:63:6b:65:74:73:2f:30:2e:31:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:6b:65:65:70:2d:61:6c:69:76:65:0d:0a:43:61:63:68:65:2d:43:6f:6e:74:72:6f:6c:3a:20:6e:6f:2d:63:61:63:68:65:2c:20:6e:6f:2d:73:74:6f:72:65:2c:20:6d:61:78:2d:61:67:65:3d:30:0d:0a:0d:0a" - }, - "tcp.segments": { - "tcp.segment": "8346", - "tcp.segment": "8348", - "tcp.segment.count": "2", - "tcp.reassembled.length": "257", - "tcp.reassembled.data": "47:45:54:20:2f:73:75:62:73:63:72:69:62:65:2f:73:75:62:2d:63:2d:62:35:62:35:65:61:61:65:2d:38:63:64:39:2d:31:31:65:33:2d:61:35:36:62:2d:30:32:65:65:32:64:64:61:62:37:66:65:2f:63:68:61:6e:6e:65:6c:5f:39:62:63:34:31:61:63:34:2d:37:39:61:36:2d:34:35:65:31:2d:39:37:64:32:2d:34:62:30:65:31:64:62:65:35:39:32:33:2f:30:2f:31:35:30:39:34:39:34:35:35:32:38:33:36:32:39:37:38:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:70:75:62:73:75:62:2e:70:75:62:6e:75:62:2e:63:6f:6d:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:6c:77:73:6f:63:6b:65:74:73:2f:30:2e:31:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:6b:65:65:70:2d:61:6c:69:76:65:0d:0a:43:61:63:68:65:2d:43:6f:6e:74:72:6f:6c:3a:20:6e:6f:2d:63:61:63:68:65:2c:20:6e:6f:2d:73:74:6f:72:65:2c:20:6d:61:78:2d:61:67:65:3d:30:0d:0a:0d:0a" - }, - "http": { - "GET \/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094945528362978 HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094945528362978 HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094945528362978", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "pubsub.pubnub.com", - "http.request.line": "Host: pubsub.pubnub.com\r\n", - "http.user_agent": "lwsockets\/0.1", - "http.request.line": "User-Agent: lwsockets\/0.1\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.cache_control": "no-cache, no-store, max-age=0", - "http.request.line": "Cache-Control: no-cache, no-store, max-age=0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/pubsub.pubnub.com\/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094945528362978", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:10.546766000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495910.546766000", - "frame.time_delta": "0.014122000", - "frame.time_delta_displayed": "0.014122000", - "frame.time_relative": "2319.086080000", - "frame.number": "8349", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00008657", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "47", - "ip.proto": "6", - "ip.checksum": "0x00000f8b", - "ip.checksum.status": "2", - "ip.src": "54.219.189.242", - "ip.addr": "54.219.189.242", - "ip.src_host": "54.219.189.242", - "ip.host": "54.219.189.242", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.src_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.src_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.src_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49782", - "tcp.port": "80", - "tcp.port": "49782", - "tcp.stream": "320", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "258", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "15544", - "tcp.window_size": "15544", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000d284", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8348", - "tcp.analysis.ack_rtt": "0.014122000", - "tcp.analysis.initial_rtt": "0.018098000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:14.430190000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495914.430190000", - "frame.time_delta": "3.883424000", - "frame.time_delta_displayed": "3.883424000", - "frame.time_relative": "2322.969504000", - "frame.number": "8350", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.120" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:14.436421000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495914.436421000", - "frame.time_delta": "0.006231000", - "frame.time_delta_displayed": "0.006231000", - "frame.time_relative": "2322.975735000", - "frame.number": "8351", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "e4:95:6e:b0:20:39", - "arp.src.proto_ipv4": "192.168.0.120", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:14.723179000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495914.723179000", - "frame.time_delta": "0.286758000", - "frame.time_delta_displayed": "0.286758000", - "frame.time_relative": "2323.262493000", - "frame.number": "8352", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00002047", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b7a9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000165b", - "udp.checksum.status": "2", - "udp.stream": "150" - }, - "mdns": { - "dns.id": "0x00000297", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=663", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:14.723715000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495914.723715000", - "frame.time_delta": "0.000536000", - "frame.time_delta_displayed": "0.000536000", - "frame.time_relative": "2323.263029000", - "frame.number": "8353", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00002048", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000098a4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f756", - "udp.checksum.status": "2", - "udp.stream": "151" - }, - "mdns": { - "dns.id": "0x00000297", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=663", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:14.724080000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495914.724080000", - "frame.time_delta": "0.000365000", - "frame.time_delta_displayed": "0.000365000", - "frame.time_relative": "2323.263394000", - "frame.number": "8354", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1325", - "udp.dstport": "5353", - "udp.port": "1325", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000851c", - "udp.checksum.status": "2", - "udp.stream": "152" - }, - "mdns": { - "dns.id": "0x00000297", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=663", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:19.720678000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495919.720678000", - "frame.time_delta": "4.996598000", - "frame.time_delta_displayed": "4.996598000", - "frame.time_relative": "2328.259992000", - "frame.number": "8355", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x0000204e", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b7a2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000165b", - "udp.checksum.status": "2", - "udp.stream": "150" - }, - "mdns": { - "dns.id": "0x00000297", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=663", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:19.721225000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495919.721225000", - "frame.time_delta": "0.000547000", - "frame.time_delta_displayed": "0.000547000", - "frame.time_relative": "2328.260539000", - "frame.number": "8356", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x0000204f", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000989d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f756", - "udp.checksum.status": "2", - "udp.stream": "151" - }, - "mdns": { - "dns.id": "0x00000297", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=663", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:19.721823000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495919.721823000", - "frame.time_delta": "0.000598000", - "frame.time_delta_displayed": "0.000598000", - "frame.time_relative": "2328.261137000", - "frame.number": "8357", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1325", - "udp.dstport": "5353", - "udp.port": "1325", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000851c", - "udp.checksum.status": "2", - "udp.stream": "152" - }, - "mdns": { - "dns.id": "0x00000297", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=663", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:21.703302000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495921.703302000", - "frame.time_delta": "1.981479000", - "frame.time_delta_displayed": "1.981479000", - "frame.time_relative": "2330.242616000", - "frame.number": "8358", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:ff:7d:55:a4", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_ff:7d:55:a4", - "eth.addr": "33:33:ff:7d:55:a4", - "eth.addr_resolved": "IPv6mcast_ff:7d:55:a4", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "32", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "fd1e:4e89:3b7b::1", - "ipv6.addr": "fd1e:4e89:3b7b::1", - "ipv6.src_host": "fd1e:4e89:3b7b::1", - "ipv6.host": "fd1e:4e89:3b7b::1", - "ipv6.dst": "ff02::1:ff7d:55a4", - "ipv6.addr": "ff02::1:ff7d:55a4", - "ipv6.dst_host": "ff02::1:ff7d:55a4", - "ipv6.host": "ff02::1:ff7d:55a4", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "135", - "icmpv6.code": "0", - "icmpv6.checksum": "0x000088d0", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00:00:00", - "icmpv6.nd.ns.target_address": "fd1e:4e89:3b7b:0:9c50:1137:e47d:55a4", - "icmpv6.opt": { - "icmpv6.opt.type": "1", - "icmpv6.opt.length": "1", - "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", - "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:28.849815000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495928.849815000", - "frame.time_delta": "7.146513000", - "frame.time_delta_displayed": "7.146513000", - "frame.time_relative": "2337.389129000", - "frame.number": "8359", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "3c:ef:8c:6f:79:5a", - "eth.src_tree": { - "eth.src_resolved": "Zhejiang_6f:79:5a", - "eth.addr": "3c:ef:8c:6f:79:5a", - "eth.addr_resolved": "Zhejiang_6f:79:5a", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.isgratuitous": "1", - "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", - "arp.src.proto_ipv4": "192.168.0.71", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.71" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:30.433482000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495930.433482000", - "frame.time_delta": "1.583667000", - "frame.time_delta_displayed": "1.583667000", - "frame.time_relative": "2338.972796000", - "frame.number": "8360", - "frame.len": "168", - "frame.cap_len": "168", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "154", - "ip.id": "0x0000212d", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e717", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "52117", - "udp.dstport": "1900", - "udp.port": "52117", - "udp.port": "1900", - "udp.length": "134", - "udp.checksum": "0x00004d48", - "udp.checksum.status": "2", - "udp.stream": "10" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "20", - "http.prev_request_in": "8134" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:30.815974000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495930.815974000", - "frame.time_delta": "0.382492000", - "frame.time_delta_displayed": "0.382492000", - "frame.time_relative": "2339.355288000", - "frame.number": "8361", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000a81a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00000f31", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "305", - "udp.checksum": "0x0000f985", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "115", - "http.prev_response_in": "8193" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:30.825383000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495930.825383000", - "frame.time_delta": "0.009409000", - "frame.time_delta_displayed": "0.009409000", - "frame.time_relative": "2339.364697000", - "frame.number": "8362", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001cec", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005b7b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54865", - "tcp.dstport": "80", - "tcp.port": "54865", - "tcp.port": "80", - "tcp.stream": "321", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x0000f7fe", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:30.825912000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495930.825912000", - "frame.time_delta": "0.000529000", - "frame.time_delta_displayed": "0.000529000", - "frame.time_relative": "2339.365226000", - "frame.number": "8363", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54865", - "tcp.port": "80", - "tcp.port": "54865", - "tcp.stream": "321", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000abdc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8362", - "tcp.analysis.ack_rtt": "0.000529000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:30.832990000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495930.832990000", - "frame.time_delta": "0.007078000", - "frame.time_delta_displayed": "0.007078000", - "frame.time_relative": "2339.372304000", - "frame.number": "8364", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001ced", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005b86", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54865", - "tcp.dstport": "80", - "tcp.port": "54865", - "tcp.port": "80", - "tcp.stream": "321", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00005dbb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8363", - "tcp.analysis.ack_rtt": "0.007078000", - "tcp.analysis.initial_rtt": "0.007607000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:30.833647000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495930.833647000", - "frame.time_delta": "0.000657000", - "frame.time_delta_displayed": "0.000657000", - "frame.time_relative": "2339.372961000", - "frame.number": "8365", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001cee", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005ade", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54865", - "tcp.dstport": "80", - "tcp.port": "54865", - "tcp.port": "80", - "tcp.stream": "321", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00007334", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.007607000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:30.834111000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495930.834111000", - "frame.time_delta": "0.000464000", - "frame.time_delta_displayed": "0.000464000", - "frame.time_relative": "2339.373425000", - "frame.number": "8366", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00007cc0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003bb3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54865", - "tcp.port": "80", - "tcp.port": "54865", - "tcp.stream": "321", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00004f4c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8365", - "tcp.analysis.ack_rtt": "0.000464000", - "tcp.analysis.initial_rtt": "0.007607000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:30.834683000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495930.834683000", - "frame.time_delta": "0.000572000", - "frame.time_delta_displayed": "0.000572000", - "frame.time_relative": "2339.373997000", - "frame.number": "8367", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00007cc1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003ba1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54865", - "tcp.port": "80", - "tcp.port": "54865", - "tcp.stream": "321", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00008f6d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.007607000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:30.835028000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495930.835028000", - "frame.time_delta": "0.000345000", - "frame.time_delta_displayed": "0.000345000", - "frame.time_relative": "2339.374342000", - "frame.number": "8368", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00007cc2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000037ce", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54865", - "tcp.port": "80", - "tcp.port": "54865", - "tcp.stream": "321", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000e1d6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.007607000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "8367", - "tcp.segment": "8368", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001381000", - "http.request_in": "8365", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:30.903022000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495930.903022000", - "frame.time_delta": "0.067994000", - "frame.time_delta_displayed": "0.067994000", - "frame.time_relative": "2339.442336000", - "frame.number": "8369", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001cef", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005b84", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54865", - "tcp.dstport": "80", - "tcp.port": "54865", - "tcp.port": "80", - "tcp.stream": "321", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00005923", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8368", - "tcp.analysis.ack_rtt": "0.067994000", - "tcp.analysis.initial_rtt": "0.007607000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:30.903694000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495930.903694000", - "frame.time_delta": "0.000672000", - "frame.time_delta_displayed": "0.000672000", - "frame.time_relative": "2339.443008000", - "frame.number": "8370", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001cf0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005b83", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54865", - "tcp.dstport": "80", - "tcp.port": "54865", - "tcp.port": "80", - "tcp.stream": "321", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00005922", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:30.903428000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495930.903428000", - "frame.time_delta": "-0.000266000", - "frame.time_delta_displayed": "-0.000266000", - "frame.time_relative": "2339.442742000", - "frame.number": "8371", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00007cc3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000037cd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54865", - "tcp.port": "80", - "tcp.port": "54865", - "tcp.stream": "321", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000e1d6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.007607000", - "tcp.analysis.bytes_in_flight": "996", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.spurious_retransmission": "", - "_ws.expert.message": "This frame is a (suspected) spurious retransmission", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - }, - "_ws.expert": { - "tcp.analysis.retransmission": "", - "_ws.expert.message": "This frame is a (suspected) retransmission", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - }, - "_ws.malformed": { - "_ws.expert": { - "_ws.malformed.reassembly": "", - "_ws.expert.message": "New fragment overlaps old data (retransmission?)", - "_ws.expert.severity": "8388608", - "_ws.expert.group": "117440512" - }, - "_ws.malformed": "Malformed Packet" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:30.903436000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495930.903436000", - "frame.time_delta": "0.000008000", - "frame.time_delta_displayed": "0.000008000", - "frame.time_relative": "2339.442750000", - "frame.number": "8372", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000a81e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00000f24", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "314", - "udp.checksum": "0x00000771", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "116", - "http.prev_response_in": "8361" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:30.904009000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495930.904009000", - "frame.time_delta": "0.000573000", - "frame.time_delta_displayed": "0.000573000", - "frame.time_relative": "2339.443323000", - "frame.number": "8373", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000086b7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000031bc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54865", - "tcp.port": "80", - "tcp.port": "54865", - "tcp.stream": "321", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00004b56", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8370", - "tcp.analysis.ack_rtt": "0.000315000", - "tcp.analysis.initial_rtt": "0.007607000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:30.907567000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495930.907567000", - "frame.time_delta": "0.003558000", - "frame.time_delta_displayed": "0.003558000", - "frame.time_relative": "2339.446881000", - "frame.number": "8374", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001cf1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005b76", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54865", - "tcp.dstport": "80", - "tcp.port": "54865", - "tcp.port": "80", - "tcp.stream": "321", - "tcp.len": "0", - "tcp.seq": "169", - "tcp.ack": "1014", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00007516", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:05:0a:5c:b6:78:52:5c:b6:7c:35", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "SACK: 18-1013": { - "tcp.option_kind": "5", - "tcp.option_len": "10", - "tcp.options.sack": "1", - "tcp.options.sack_le": "18", - "tcp.options.sack_re": "1013", - "tcp.options.sack.count": "1" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8371", - "tcp.analysis.ack_rtt": "0.004139000", - "tcp.analysis.initial_rtt": "0.007607000", - "tcp.analysis.flags": { - "tcp.analysis.duplicate_ack": "" - }, - "tcp.analysis.duplicate_ack_num": "1", - "tcp.analysis.duplicate_ack_frame": "8369", - "tcp.analysis.duplicate_ack_frame_tree": { - "_ws.expert": { - "tcp.analysis.duplicate_ack": "", - "_ws.expert.message": "Duplicate ACK (#1)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:30.908689000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495930.908689000", - "frame.time_delta": "0.001122000", - "frame.time_delta_displayed": "0.001122000", - "frame.time_relative": "2339.448003000", - "frame.number": "8375", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001cf2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005b75", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54866", - "tcp.dstport": "80", - "tcp.port": "54866", - "tcp.port": "80", - "tcp.stream": "322", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x0000cf5c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:30.909187000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495930.909187000", - "frame.time_delta": "0.000498000", - "frame.time_delta_displayed": "0.000498000", - "frame.time_relative": "2339.448501000", - "frame.number": "8376", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54866", - "tcp.port": "80", - "tcp.port": "54866", - "tcp.stream": "322", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00008da9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8375", - "tcp.analysis.ack_rtt": "0.000498000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:30.916554000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495930.916554000", - "frame.time_delta": "0.007367000", - "frame.time_delta_displayed": "0.007367000", - "frame.time_relative": "2339.455868000", - "frame.number": "8377", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001cf3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005b80", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54866", - "tcp.dstport": "80", - "tcp.port": "54866", - "tcp.port": "80", - "tcp.stream": "322", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00003f88", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8376", - "tcp.analysis.ack_rtt": "0.007367000", - "tcp.analysis.initial_rtt": "0.007865000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:30.917217000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495930.917217000", - "frame.time_delta": "0.000663000", - "frame.time_delta_displayed": "0.000663000", - "frame.time_relative": "2339.456531000", - "frame.number": "8378", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001cf4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005ad8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54866", - "tcp.dstport": "80", - "tcp.port": "54866", - "tcp.port": "80", - "tcp.stream": "322", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00005501", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.007865000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:30.917782000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495930.917782000", - "frame.time_delta": "0.000565000", - "frame.time_delta_displayed": "0.000565000", - "frame.time_relative": "2339.457096000", - "frame.number": "8379", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00009167", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000270c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54866", - "tcp.port": "80", - "tcp.port": "54866", - "tcp.stream": "322", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00003119", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8378", - "tcp.analysis.ack_rtt": "0.000565000", - "tcp.analysis.initial_rtt": "0.007865000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:30.918315000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495930.918315000", - "frame.time_delta": "0.000533000", - "frame.time_delta_displayed": "0.000533000", - "frame.time_relative": "2339.457629000", - "frame.number": "8380", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00009168", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000026fa", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54866", - "tcp.port": "80", - "tcp.port": "54866", - "tcp.stream": "322", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000713a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.007865000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:30.918760000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495930.918760000", - "frame.time_delta": "0.000445000", - "frame.time_delta_displayed": "0.000445000", - "frame.time_relative": "2339.458074000", - "frame.number": "8381", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00009169", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00002327", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54866", - "tcp.port": "80", - "tcp.port": "54866", - "tcp.stream": "322", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000c3a3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.007865000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "8380", - "tcp.segment": "8381", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001543000", - "http.request_in": "8378", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:30.921646000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495930.921646000", - "frame.time_delta": "0.002886000", - "frame.time_delta_displayed": "0.002886000", - "frame.time_relative": "2339.460960000", - "frame.number": "8382", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000a81f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00000f29", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "308", - "udp.checksum": "0x00002afb", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "117", - "http.prev_response_in": "8372" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:30.925255000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495930.925255000", - "frame.time_delta": "0.003609000", - "frame.time_delta_displayed": "0.003609000", - "frame.time_relative": "2339.464569000", - "frame.number": "8383", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001cf5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005b7e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54866", - "tcp.dstport": "80", - "tcp.port": "54866", - "tcp.port": "80", - "tcp.stream": "322", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00003af0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8381", - "tcp.analysis.ack_rtt": "0.006495000", - "tcp.analysis.initial_rtt": "0.007865000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:30.925833000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495930.925833000", - "frame.time_delta": "0.000578000", - "frame.time_delta_displayed": "0.000578000", - "frame.time_relative": "2339.465147000", - "frame.number": "8384", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001cf6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005b7d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54866", - "tcp.dstport": "80", - "tcp.port": "54866", - "tcp.port": "80", - "tcp.stream": "322", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00003aef", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:30.926245000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495930.926245000", - "frame.time_delta": "0.000412000", - "frame.time_delta_displayed": "0.000412000", - "frame.time_relative": "2339.465559000", - "frame.number": "8385", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000086b9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000031ba", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54866", - "tcp.port": "80", - "tcp.port": "54866", - "tcp.stream": "322", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00002d23", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8384", - "tcp.analysis.ack_rtt": "0.000412000", - "tcp.analysis.initial_rtt": "0.007865000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:30.926454000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495930.926454000", - "frame.time_delta": "0.000209000", - "frame.time_delta_displayed": "0.000209000", - "frame.time_relative": "2339.465768000", - "frame.number": "8386", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001cf7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005b70", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54867", - "tcp.dstport": "80", - "tcp.port": "54867", - "tcp.port": "80", - "tcp.stream": "323", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x0000b20c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:30.926947000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495930.926947000", - "frame.time_delta": "0.000493000", - "frame.time_delta_displayed": "0.000493000", - "frame.time_relative": "2339.466261000", - "frame.number": "8387", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54867", - "tcp.port": "80", - "tcp.port": "54867", - "tcp.stream": "323", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000a09c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8386", - "tcp.analysis.ack_rtt": "0.000493000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:30.933613000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495930.933613000", - "frame.time_delta": "0.006666000", - "frame.time_delta_displayed": "0.006666000", - "frame.time_relative": "2339.472927000", - "frame.number": "8388", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001cf8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005b7b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54867", - "tcp.dstport": "80", - "tcp.port": "54867", - "tcp.port": "80", - "tcp.stream": "323", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000527b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8387", - "tcp.analysis.ack_rtt": "0.006666000", - "tcp.analysis.initial_rtt": "0.007159000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:30.934209000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495930.934209000", - "frame.time_delta": "0.000596000", - "frame.time_delta_displayed": "0.000596000", - "frame.time_relative": "2339.473523000", - "frame.number": "8389", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001cf9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005ad3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54867", - "tcp.dstport": "80", - "tcp.port": "54867", - "tcp.port": "80", - "tcp.stream": "323", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000067f4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.007159000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:30.934661000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495930.934661000", - "frame.time_delta": "0.000452000", - "frame.time_delta_displayed": "0.000452000", - "frame.time_relative": "2339.473975000", - "frame.number": "8390", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000342a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008449", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54867", - "tcp.port": "80", - "tcp.port": "54867", - "tcp.stream": "323", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000440c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8389", - "tcp.analysis.ack_rtt": "0.000452000", - "tcp.analysis.initial_rtt": "0.007159000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:30.935310000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495930.935310000", - "frame.time_delta": "0.000649000", - "frame.time_delta_displayed": "0.000649000", - "frame.time_relative": "2339.474624000", - "frame.number": "8391", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000342b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008437", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54867", - "tcp.port": "80", - "tcp.port": "54867", - "tcp.stream": "323", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000842d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.007159000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:30.935743000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495930.935743000", - "frame.time_delta": "0.000433000", - "frame.time_delta_displayed": "0.000433000", - "frame.time_relative": "2339.475057000", - "frame.number": "8392", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000342c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008064", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54867", - "tcp.port": "80", - "tcp.port": "54867", - "tcp.stream": "323", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000d696", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.007159000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "8391", - "tcp.segment": "8392", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001534000", - "http.request_in": "8389", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:30.943745000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495930.943745000", - "frame.time_delta": "0.008002000", - "frame.time_delta_displayed": "0.008002000", - "frame.time_relative": "2339.483059000", - "frame.number": "8393", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001cfa", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005b79", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54867", - "tcp.dstport": "80", - "tcp.port": "54867", - "tcp.port": "80", - "tcp.stream": "323", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00004de3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8392", - "tcp.analysis.ack_rtt": "0.008002000", - "tcp.analysis.initial_rtt": "0.007159000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:30.944421000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495930.944421000", - "frame.time_delta": "0.000676000", - "frame.time_delta_displayed": "0.000676000", - "frame.time_relative": "2339.483735000", - "frame.number": "8394", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001cfb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005b78", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54867", - "tcp.dstport": "80", - "tcp.port": "54867", - "tcp.port": "80", - "tcp.stream": "323", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00004de2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:30.944827000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495930.944827000", - "frame.time_delta": "0.000406000", - "frame.time_delta_displayed": "0.000406000", - "frame.time_relative": "2339.484141000", - "frame.number": "8395", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000086bb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000031b8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54867", - "tcp.port": "80", - "tcp.port": "54867", - "tcp.stream": "323", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00004016", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8394", - "tcp.analysis.ack_rtt": "0.000406000", - "tcp.analysis.initial_rtt": "0.007159000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:31.869042000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495931.869042000", - "frame.time_delta": "0.924215000", - "frame.time_delta_displayed": "0.924215000", - "frame.time_relative": "2340.408356000", - "frame.number": "8396", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000a850", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00000efb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "305", - "udp.checksum": "0x0000f985", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "118", - "http.prev_response_in": "8382" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:31.874546000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495931.874546000", - "frame.time_delta": "0.005504000", - "frame.time_delta_displayed": "0.005504000", - "frame.time_relative": "2340.413860000", - "frame.number": "8397", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001cfd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005b6a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54868", - "tcp.dstport": "80", - "tcp.port": "54868", - "tcp.port": "80", - "tcp.stream": "324", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x0000a5ea", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:31.875081000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495931.875081000", - "frame.time_delta": "0.000535000", - "frame.time_delta_displayed": "0.000535000", - "frame.time_relative": "2340.414395000", - "frame.number": "8398", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54868", - "tcp.port": "80", - "tcp.port": "54868", - "tcp.stream": "324", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000915d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8397", - "tcp.analysis.ack_rtt": "0.000535000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:31.883031000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495931.883031000", - "frame.time_delta": "0.007950000", - "frame.time_delta_displayed": "0.007950000", - "frame.time_relative": "2340.422345000", - "frame.number": "8399", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001cfe", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005b75", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54868", - "tcp.dstport": "80", - "tcp.port": "54868", - "tcp.port": "80", - "tcp.stream": "324", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000433c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8398", - "tcp.analysis.ack_rtt": "0.007950000", - "tcp.analysis.initial_rtt": "0.008485000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:31.883699000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495931.883699000", - "frame.time_delta": "0.000668000", - "frame.time_delta_displayed": "0.000668000", - "frame.time_relative": "2340.423013000", - "frame.number": "8400", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001cff", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005acd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54868", - "tcp.dstport": "80", - "tcp.port": "54868", - "tcp.port": "80", - "tcp.stream": "324", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000058b5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.008485000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:31.884178000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495931.884178000", - "frame.time_delta": "0.000479000", - "frame.time_delta_displayed": "0.000479000", - "frame.time_relative": "2340.423492000", - "frame.number": "8401", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000015e7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a28c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54868", - "tcp.port": "80", - "tcp.port": "54868", - "tcp.stream": "324", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000034cd", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8400", - "tcp.analysis.ack_rtt": "0.000479000", - "tcp.analysis.initial_rtt": "0.008485000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:31.884770000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495931.884770000", - "frame.time_delta": "0.000592000", - "frame.time_delta_displayed": "0.000592000", - "frame.time_relative": "2340.424084000", - "frame.number": "8402", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x000015e8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a27a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54868", - "tcp.port": "80", - "tcp.port": "54868", - "tcp.stream": "324", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000074ee", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.008485000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:31.885202000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495931.885202000", - "frame.time_delta": "0.000432000", - "frame.time_delta_displayed": "0.000432000", - "frame.time_relative": "2340.424516000", - "frame.number": "8403", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x000015e9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009ea7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54868", - "tcp.port": "80", - "tcp.port": "54868", - "tcp.stream": "324", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000c757", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.008485000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "8402", - "tcp.segment": "8403", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001503000", - "http.request_in": "8400", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:31.890565000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495931.890565000", - "frame.time_delta": "0.005363000", - "frame.time_delta_displayed": "0.005363000", - "frame.time_relative": "2340.429879000", - "frame.number": "8404", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001d00", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005b73", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54868", - "tcp.dstport": "80", - "tcp.port": "54868", - "tcp.port": "80", - "tcp.stream": "324", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00003ea4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8403", - "tcp.analysis.ack_rtt": "0.005363000", - "tcp.analysis.initial_rtt": "0.008485000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:31.891231000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495931.891231000", - "frame.time_delta": "0.000666000", - "frame.time_delta_displayed": "0.000666000", - "frame.time_relative": "2340.430545000", - "frame.number": "8405", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001d01", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005b72", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54868", - "tcp.dstport": "80", - "tcp.port": "54868", - "tcp.port": "80", - "tcp.stream": "324", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00003ea3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:31.891680000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495931.891680000", - "frame.time_delta": "0.000449000", - "frame.time_delta_displayed": "0.000449000", - "frame.time_relative": "2340.430994000", - "frame.number": "8406", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000086dc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003197", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54868", - "tcp.port": "80", - "tcp.port": "54868", - "tcp.stream": "324", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000030d7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8405", - "tcp.analysis.ack_rtt": "0.000449000", - "tcp.analysis.initial_rtt": "0.008485000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:31.922324000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495931.922324000", - "frame.time_delta": "0.030644000", - "frame.time_delta_displayed": "0.030644000", - "frame.time_relative": "2340.461638000", - "frame.number": "8407", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000a851", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00000ef1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "314", - "udp.checksum": "0x00000771", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "119", - "http.prev_response_in": "8396" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:31.933829000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495931.933829000", - "frame.time_delta": "0.011505000", - "frame.time_delta_displayed": "0.011505000", - "frame.time_relative": "2340.473143000", - "frame.number": "8408", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001d02", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005b65", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54869", - "tcp.dstport": "80", - "tcp.port": "54869", - "tcp.port": "80", - "tcp.stream": "325", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x0000d9ef", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:31.934368000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495931.934368000", - "frame.time_delta": "0.000539000", - "frame.time_delta_displayed": "0.000539000", - "frame.time_relative": "2340.473682000", - "frame.number": "8409", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54869", - "tcp.port": "80", - "tcp.port": "54869", - "tcp.stream": "325", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x000009fc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8408", - "tcp.analysis.ack_rtt": "0.000539000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:31.941443000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495931.941443000", - "frame.time_delta": "0.007075000", - "frame.time_delta_displayed": "0.007075000", - "frame.time_relative": "2340.480757000", - "frame.number": "8410", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001d03", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005b70", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54869", - "tcp.dstport": "80", - "tcp.port": "54869", - "tcp.port": "80", - "tcp.stream": "325", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000bbda", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8409", - "tcp.analysis.ack_rtt": "0.007075000", - "tcp.analysis.initial_rtt": "0.007614000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:31.942129000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495931.942129000", - "frame.time_delta": "0.000686000", - "frame.time_delta_displayed": "0.000686000", - "frame.time_relative": "2340.481443000", - "frame.number": "8411", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001d04", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005ac8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54869", - "tcp.dstport": "80", - "tcp.port": "54869", - "tcp.port": "80", - "tcp.stream": "325", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000d153", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.007614000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:31.942621000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495931.942621000", - "frame.time_delta": "0.000492000", - "frame.time_delta_displayed": "0.000492000", - "frame.time_relative": "2340.481935000", - "frame.number": "8412", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000a4e9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000138a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54869", - "tcp.port": "80", - "tcp.port": "54869", - "tcp.stream": "325", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000ad6b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8411", - "tcp.analysis.ack_rtt": "0.000492000", - "tcp.analysis.initial_rtt": "0.007614000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:31.943189000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495931.943189000", - "frame.time_delta": "0.000568000", - "frame.time_delta_displayed": "0.000568000", - "frame.time_relative": "2340.482503000", - "frame.number": "8413", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000a4ea", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001378", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54869", - "tcp.port": "80", - "tcp.port": "54869", - "tcp.stream": "325", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000ed8c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.007614000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:31.943568000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495931.943568000", - "frame.time_delta": "0.000379000", - "frame.time_delta_displayed": "0.000379000", - "frame.time_relative": "2340.482882000", - "frame.number": "8414", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000a4eb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000fa5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54869", - "tcp.port": "80", - "tcp.port": "54869", - "tcp.stream": "325", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00003ff6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.007614000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "8413", - "tcp.segment": "8414", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001439000", - "http.request_in": "8411", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:31.950005000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495931.950005000", - "frame.time_delta": "0.006437000", - "frame.time_delta_displayed": "0.006437000", - "frame.time_relative": "2340.489319000", - "frame.number": "8415", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001d05", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005b6e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54869", - "tcp.dstport": "80", - "tcp.port": "54869", - "tcp.port": "80", - "tcp.stream": "325", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000b742", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8414", - "tcp.analysis.ack_rtt": "0.006437000", - "tcp.analysis.initial_rtt": "0.007614000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:31.950638000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495931.950638000", - "frame.time_delta": "0.000633000", - "frame.time_delta_displayed": "0.000633000", - "frame.time_relative": "2340.489952000", - "frame.number": "8416", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001d06", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005b6d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54869", - "tcp.dstport": "80", - "tcp.port": "54869", - "tcp.port": "80", - "tcp.stream": "325", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000b741", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:31.951067000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495931.951067000", - "frame.time_delta": "0.000429000", - "frame.time_delta_displayed": "0.000429000", - "frame.time_relative": "2340.490381000", - "frame.number": "8417", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000086e1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003192", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54869", - "tcp.port": "80", - "tcp.port": "54869", - "tcp.stream": "325", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000a975", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8416", - "tcp.analysis.ack_rtt": "0.000429000", - "tcp.analysis.initial_rtt": "0.007614000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:31.975501000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495931.975501000", - "frame.time_delta": "0.024434000", - "frame.time_delta_displayed": "0.024434000", - "frame.time_relative": "2340.514815000", - "frame.number": "8418", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000a853", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00000ef5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "308", - "udp.checksum": "0x00002afb", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "120", - "http.prev_response_in": "8407" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:32.000995000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495932.000995000", - "frame.time_delta": "0.025494000", - "frame.time_delta_displayed": "0.025494000", - "frame.time_relative": "2340.540309000", - "frame.number": "8419", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001d07", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005b60", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54870", - "tcp.dstport": "80", - "tcp.port": "54870", - "tcp.port": "80", - "tcp.stream": "326", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x0000a82c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:32.001540000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495932.001540000", - "frame.time_delta": "0.000545000", - "frame.time_delta_displayed": "0.000545000", - "frame.time_relative": "2340.540854000", - "frame.number": "8420", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54870", - "tcp.port": "80", - "tcp.port": "54870", - "tcp.stream": "326", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00009306", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8419", - "tcp.analysis.ack_rtt": "0.000545000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:32.009480000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495932.009480000", - "frame.time_delta": "0.007940000", - "frame.time_delta_displayed": "0.007940000", - "frame.time_relative": "2340.548794000", - "frame.number": "8421", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001d08", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005b6b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54870", - "tcp.dstport": "80", - "tcp.port": "54870", - "tcp.port": "80", - "tcp.stream": "326", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000044e5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8420", - "tcp.analysis.ack_rtt": "0.007940000", - "tcp.analysis.initial_rtt": "0.008485000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:32.010164000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495932.010164000", - "frame.time_delta": "0.000684000", - "frame.time_delta_displayed": "0.000684000", - "frame.time_relative": "2340.549478000", - "frame.number": "8422", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001d09", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005ac3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54870", - "tcp.dstport": "80", - "tcp.port": "54870", - "tcp.port": "80", - "tcp.stream": "326", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00005a5e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.008485000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:32.010645000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495932.010645000", - "frame.time_delta": "0.000481000", - "frame.time_delta_displayed": "0.000481000", - "frame.time_relative": "2340.549959000", - "frame.number": "8423", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005cae", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005bc5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54870", - "tcp.port": "80", - "tcp.port": "54870", - "tcp.stream": "326", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00003676", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8422", - "tcp.analysis.ack_rtt": "0.000481000", - "tcp.analysis.initial_rtt": "0.008485000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:32.011291000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495932.011291000", - "frame.time_delta": "0.000646000", - "frame.time_delta_displayed": "0.000646000", - "frame.time_relative": "2340.550605000", - "frame.number": "8424", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00005caf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005bb3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54870", - "tcp.port": "80", - "tcp.port": "54870", - "tcp.stream": "326", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00007697", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.008485000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:32.011644000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495932.011644000", - "frame.time_delta": "0.000353000", - "frame.time_delta_displayed": "0.000353000", - "frame.time_relative": "2340.550958000", - "frame.number": "8425", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00005cb0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000057e0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54870", - "tcp.port": "80", - "tcp.port": "54870", - "tcp.stream": "326", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000c900", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.008485000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "8424", - "tcp.segment": "8425", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001480000", - "http.request_in": "8422", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:32.017707000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495932.017707000", - "frame.time_delta": "0.006063000", - "frame.time_delta_displayed": "0.006063000", - "frame.time_relative": "2340.557021000", - "frame.number": "8426", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001d0a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005b69", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54870", - "tcp.dstport": "80", - "tcp.port": "54870", - "tcp.port": "80", - "tcp.stream": "326", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000404d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8425", - "tcp.analysis.ack_rtt": "0.006063000", - "tcp.analysis.initial_rtt": "0.008485000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:32.018367000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495932.018367000", - "frame.time_delta": "0.000660000", - "frame.time_delta_displayed": "0.000660000", - "frame.time_relative": "2340.557681000", - "frame.number": "8427", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001d0b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005b68", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54870", - "tcp.dstport": "80", - "tcp.port": "54870", - "tcp.port": "80", - "tcp.stream": "326", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000404c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:32.018817000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495932.018817000", - "frame.time_delta": "0.000450000", - "frame.time_delta_displayed": "0.000450000", - "frame.time_relative": "2340.558131000", - "frame.number": "8428", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000086e2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003191", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54870", - "tcp.port": "80", - "tcp.port": "54870", - "tcp.stream": "326", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00003280", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8427", - "tcp.analysis.ack_rtt": "0.000450000", - "tcp.analysis.initial_rtt": "0.008485000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:34.723529000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495934.723529000", - "frame.time_delta": "2.704712000", - "frame.time_delta_displayed": "2.704712000", - "frame.time_relative": "2343.262843000", - "frame.number": "8429", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00002050", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b7a0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000155a", - "udp.checksum.status": "2", - "udp.stream": "150" - }, - "mdns": { - "dns.id": "0x00000298", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=664", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:34.724040000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495934.724040000", - "frame.time_delta": "0.000511000", - "frame.time_delta_displayed": "0.000511000", - "frame.time_relative": "2343.263354000", - "frame.number": "8430", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00002051", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000989b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f655", - "udp.checksum.status": "2", - "udp.stream": "151" - }, - "mdns": { - "dns.id": "0x00000298", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=664", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:34.724639000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495934.724639000", - "frame.time_delta": "0.000599000", - "frame.time_delta_displayed": "0.000599000", - "frame.time_relative": "2343.263953000", - "frame.number": "8431", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1325", - "udp.dstport": "5353", - "udp.port": "1325", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000841b", - "udp.checksum.status": "2", - "udp.stream": "152" - }, - "mdns": { - "dns.id": "0x00000298", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=664", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:34.937966000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495934.937966000", - "frame.time_delta": "0.213327000", - "frame.time_delta_displayed": "0.213327000", - "frame.time_relative": "2343.477280000", - "frame.number": "8432", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005837", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a65a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "5277", - "tcp.ack": "793", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000ef0a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive": "", - "_ws.expert.message": "TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:35.081090000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495935.081090000", - "frame.time_delta": "0.143124000", - "frame.time_delta_displayed": "0.143124000", - "frame.time_relative": "2343.620404000", - "frame.number": "8433", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001018", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fd79", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "793", - "tcp.ack": "5278", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f97f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive_ack": "", - "_ws.expert.message": "ACK to a TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:35.281336000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495935.281336000", - "frame.time_delta": "0.200246000", - "frame.time_delta_displayed": "0.200246000", - "frame.time_relative": "2343.820650000", - "frame.number": "8434", - "frame.len": "115", - "frame.cap_len": "115", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "101", - "ip.id": "0x0000970d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007641", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "49", - "tcp.seq": "96530", - "tcp.nxtseq": "96579", - "tcp.ack": "19469", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000018db", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:44:83:a7:a3:cd:ef", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2638979, TSecr 2812530159": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2638979", - "tcp.options.timestamp.tsecr": "2812530159" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "49", - "tcp.analysis.push_bytes_sent": "49" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "44", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:9d:6a:bc:52:11:fb:e8:9d:a4:11:22:e9:69:79:dc:b9:7b:d8:4c:d6:b2:e6:fa:66:b6:71:e5:52:c0:ec:d9:f6:50:71:3a:34:1c" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:35.341908000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495935.341908000", - "frame.time_delta": "0.060572000", - "frame.time_delta_displayed": "0.060572000", - "frame.time_relative": "2343.881222000", - "frame.number": "8435", - "frame.len": "121", - "frame.cap_len": "121", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "107", - "ip.id": "0x00002dfa", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000374e", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "55", - "tcp.seq": "19469", - "tcp.nxtseq": "19524", - "tcp.ack": "96579", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000007b3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a3:ec:47:00:28:44:83", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812537927, TSecr 2638979": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812537927", - "tcp.options.timestamp.tsecr": "2638979" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8434", - "tcp.analysis.ack_rtt": "0.060572000", - "tcp.analysis.bytes_in_flight": "55", - "tcp.analysis.push_bytes_sent": "55" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "50", - "ssl.app_data": "34:cd:34:17:47:48:0e:dd:b2:ce:b1:41:46:1e:2a:41:aa:3a:c5:c2:bf:85:2e:c9:b4:89:c4:3d:94:32:04:bf:82:dc:29:58:bf:66:b9:e5:48:c1:32:d2:42:71:b6:4c:d7:0c" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:35.342378000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495935.342378000", - "frame.time_delta": "0.000470000", - "frame.time_delta_displayed": "0.000470000", - "frame.time_relative": "2343.881692000", - "frame.number": "8436", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000970e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007671", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "96579", - "tcp.ack": "19524", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000b13d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:44:89:a7:a3:ec:47", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2638985, TSecr 2812537927": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2638985", - "tcp.options.timestamp.tsecr": "2812537927" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8435", - "tcp.analysis.ack_rtt": "0.000470000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:36.674905000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495936.674905000", - "frame.time_delta": "1.332527000", - "frame.time_delta_displayed": "1.332527000", - "frame.time_relative": "2345.214219000", - "frame.number": "8437", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x0000212e", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e6e6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "58389", - "udp.dstport": "1900", - "udp.port": "58389", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x00006648", - "udp.checksum.status": "2", - "udp.stream": "157" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:36.850012000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495936.850012000", - "frame.time_delta": "0.175107000", - "frame.time_delta_displayed": "0.175107000", - "frame.time_relative": "2345.389326000", - "frame.number": "8438", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005f7f", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x0000586a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:37.351171000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495937.351171000", - "frame.time_delta": "0.501159000", - "frame.time_delta_displayed": "0.501159000", - "frame.time_relative": "2345.890485000", - "frame.number": "8439", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000a88f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00000ebc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "58389", - "udp.port": "1900", - "udp.port": "58389", - "udp.length": "305", - "udp.checksum": "0x0000e105", - "udp.checksum.status": "2", - "udp.stream": "158" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:37.403988000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495937.403988000", - "frame.time_delta": "0.052817000", - "frame.time_delta_displayed": "0.052817000", - "frame.time_relative": "2345.943302000", - "frame.number": "8440", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000a893", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00000eaf", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "58389", - "udp.port": "1900", - "udp.port": "58389", - "udp.length": "314", - "udp.checksum": "0x0000eef0", - "udp.checksum.status": "2", - "udp.stream": "158" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "2", - "http.prev_response_in": "8439" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:37.456939000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495937.456939000", - "frame.time_delta": "0.052951000", - "frame.time_delta_displayed": "0.052951000", - "frame.time_relative": "2345.996253000", - "frame.number": "8441", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000a898", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00000eb0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "58389", - "udp.port": "1900", - "udp.port": "58389", - "udp.length": "308", - "udp.checksum": "0x0000127b", - "udp.checksum.status": "2", - "udp.stream": "158" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "3", - "http.prev_response_in": "8440" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:37.677250000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495937.677250000", - "frame.time_delta": "0.220311000", - "frame.time_delta_displayed": "0.220311000", - "frame.time_relative": "2346.216564000", - "frame.number": "8442", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x0000212f", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e6e5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "58389", - "udp.dstport": "1900", - "udp.port": "58389", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x00006648", - "udp.checksum.status": "2", - "udp.stream": "157" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "2", - "http.prev_request_in": "8437" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:38.408634000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495938.408634000", - "frame.time_delta": "0.731384000", - "frame.time_delta_displayed": "0.731384000", - "frame.time_relative": "2346.947948000", - "frame.number": "8443", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000a8c8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00000e83", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "58389", - "udp.port": "1900", - "udp.port": "58389", - "udp.length": "305", - "udp.checksum": "0x0000e105", - "udp.checksum.status": "2", - "udp.stream": "158" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "4", - "http.prev_response_in": "8441" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:38.461457000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495938.461457000", - "frame.time_delta": "0.052823000", - "frame.time_delta_displayed": "0.052823000", - "frame.time_relative": "2347.000771000", - "frame.number": "8444", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000a8ca", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00000e78", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "58389", - "udp.port": "1900", - "udp.port": "58389", - "udp.length": "314", - "udp.checksum": "0x0000eef0", - "udp.checksum.status": "2", - "udp.stream": "158" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "5", - "http.prev_response_in": "8443" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:38.514201000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495938.514201000", - "frame.time_delta": "0.052744000", - "frame.time_delta_displayed": "0.052744000", - "frame.time_relative": "2347.053515000", - "frame.number": "8445", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000a8cd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00000e7b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "58389", - "udp.port": "1900", - "udp.port": "58389", - "udp.length": "308", - "udp.checksum": "0x0000127b", - "udp.checksum.status": "2", - "udp.stream": "158" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "6", - "http.prev_response_in": "8444" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:38.676195000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495938.676195000", - "frame.time_delta": "0.161994000", - "frame.time_delta_displayed": "0.161994000", - "frame.time_relative": "2347.215509000", - "frame.number": "8446", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x00002130", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e6e4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "58389", - "udp.dstport": "1900", - "udp.port": "58389", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x00006648", - "udp.checksum.status": "2", - "udp.stream": "157" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "3", - "http.prev_request_in": "8442" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:39.040711000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495939.040711000", - "frame.time_delta": "0.364516000", - "frame.time_delta_displayed": "0.364516000", - "frame.time_relative": "2347.580025000", - "frame.number": "8447", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000a8f7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00000e54", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "58389", - "udp.port": "1900", - "udp.port": "58389", - "udp.length": "305", - "udp.checksum": "0x0000e105", - "udp.checksum.status": "2", - "udp.stream": "158" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "7", - "http.prev_response_in": "8445" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:39.093484000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495939.093484000", - "frame.time_delta": "0.052773000", - "frame.time_delta_displayed": "0.052773000", - "frame.time_relative": "2347.632798000", - "frame.number": "8448", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000a8fb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00000e47", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "58389", - "udp.port": "1900", - "udp.port": "58389", - "udp.length": "314", - "udp.checksum": "0x0000eef0", - "udp.checksum.status": "2", - "udp.stream": "158" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "8", - "http.prev_response_in": "8447" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:39.146209000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495939.146209000", - "frame.time_delta": "0.052725000", - "frame.time_delta_displayed": "0.052725000", - "frame.time_relative": "2347.685523000", - "frame.number": "8449", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000a8ff", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00000e49", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "58389", - "udp.port": "1900", - "udp.port": "58389", - "udp.length": "308", - "udp.checksum": "0x0000127b", - "udp.checksum.status": "2", - "udp.stream": "158" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "9", - "http.prev_response_in": "8448" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:39.676525000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495939.676525000", - "frame.time_delta": "0.530316000", - "frame.time_delta_displayed": "0.530316000", - "frame.time_relative": "2348.215839000", - "frame.number": "8450", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x00002131", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e6e3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "58389", - "udp.dstport": "1900", - "udp.port": "58389", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x00006648", - "udp.checksum.status": "2", - "udp.stream": "157" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "4", - "http.prev_request_in": "8446" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:39.725268000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495939.725268000", - "frame.time_delta": "0.048743000", - "frame.time_delta_displayed": "0.048743000", - "frame.time_relative": "2348.264582000", - "frame.number": "8451", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00002052", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b79e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000155a", - "udp.checksum.status": "2", - "udp.stream": "150" - }, - "mdns": { - "dns.id": "0x00000298", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=664", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:39.725665000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495939.725665000", - "frame.time_delta": "0.000397000", - "frame.time_delta_displayed": "0.000397000", - "frame.time_relative": "2348.264979000", - "frame.number": "8452", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00002053", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009899", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f655", - "udp.checksum.status": "2", - "udp.stream": "151" - }, - "mdns": { - "dns.id": "0x00000298", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=664", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:39.726071000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495939.726071000", - "frame.time_delta": "0.000406000", - "frame.time_delta_displayed": "0.000406000", - "frame.time_relative": "2348.265385000", - "frame.number": "8453", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1325", - "udp.dstport": "5353", - "udp.port": "1325", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000841b", - "udp.checksum.status": "2", - "udp.stream": "152" - }, - "mdns": { - "dns.id": "0x00000298", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=664", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:39.947880000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495939.947880000", - "frame.time_delta": "0.221809000", - "frame.time_delta_displayed": "0.221809000", - "frame.time_relative": "2348.487194000", - "frame.number": "8454", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "00:17:88:69:ee:e4", - "arp.src.proto_ipv4": "192.168.0.160", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:39.948065000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495939.948065000", - "frame.time_delta": "0.000185000", - "frame.time_delta_displayed": "0.000185000", - "frame.time_relative": "2348.487379000", - "frame.number": "8455", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:17:88:69:ee:e4", - "arp.dst.proto_ipv4": "192.168.0.160" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:40.093723000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495940.093723000", - "frame.time_delta": "0.145658000", - "frame.time_delta_displayed": "0.145658000", - "frame.time_relative": "2348.633037000", - "frame.number": "8456", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000a90c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00000e3f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "58389", - "udp.port": "1900", - "udp.port": "58389", - "udp.length": "305", - "udp.checksum": "0x0000e105", - "udp.checksum.status": "2", - "udp.stream": "158" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "10", - "http.prev_response_in": "8449" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:40.146526000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495940.146526000", - "frame.time_delta": "0.052803000", - "frame.time_delta_displayed": "0.052803000", - "frame.time_relative": "2348.685840000", - "frame.number": "8457", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000a90e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00000e34", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "58389", - "udp.port": "1900", - "udp.port": "58389", - "udp.length": "314", - "udp.checksum": "0x0000eef0", - "udp.checksum.status": "2", - "udp.stream": "158" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "11", - "http.prev_response_in": "8456" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:40.198845000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495940.198845000", - "frame.time_delta": "0.052319000", - "frame.time_delta_displayed": "0.052319000", - "frame.time_relative": "2348.738159000", - "frame.number": "8458", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000a913", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00000e35", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "58389", - "udp.port": "1900", - "udp.port": "58389", - "udp.length": "308", - "udp.checksum": "0x0000127b", - "udp.checksum.status": "2", - "udp.stream": "158" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "12", - "http.prev_response_in": "8457" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:40.244628000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495940.244628000", - "frame.time_delta": "0.045783000", - "frame.time_delta_displayed": "0.045783000", - "frame.time_relative": "2348.783942000", - "frame.number": "8459", - "frame.len": "130", - "frame.cap_len": "130", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "116", - "ip.id": "0x00000bc6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ecca", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "96", - "udp.checksum": "0x00006025", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "58:00:00:54:42:52:4b:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:00:44:36:5e:2a:8f:ce:f2:14:6b:00:00:00:78:27:e3:e3:14:2e:34:21:00:00:00:00:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", - "data.len": "88" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:40.409319000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495940.409319000", - "frame.time_delta": "0.164691000", - "frame.time_delta_displayed": "0.164691000", - "frame.time_relative": "2348.948633000", - "frame.number": "8460", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000a923", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00000e28", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "58389", - "udp.port": "1900", - "udp.port": "58389", - "udp.length": "305", - "udp.checksum": "0x0000e105", - "udp.checksum.status": "2", - "udp.stream": "158" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "13", - "http.prev_response_in": "8458" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:40.462042000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495940.462042000", - "frame.time_delta": "0.052723000", - "frame.time_delta_displayed": "0.052723000", - "frame.time_relative": "2349.001356000", - "frame.number": "8461", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000a925", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00000e1d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "58389", - "udp.port": "1900", - "udp.port": "58389", - "udp.length": "314", - "udp.checksum": "0x0000eef0", - "udp.checksum.status": "2", - "udp.stream": "158" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "14", - "http.prev_response_in": "8460" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:40.514713000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495940.514713000", - "frame.time_delta": "0.052671000", - "frame.time_delta_displayed": "0.052671000", - "frame.time_relative": "2349.054027000", - "frame.number": "8462", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000a927", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00000e21", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "58389", - "udp.port": "1900", - "udp.port": "58389", - "udp.length": "308", - "udp.checksum": "0x0000127b", - "udp.checksum.status": "2", - "udp.stream": "158" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "15", - "http.prev_response_in": "8461" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:41.461758000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495941.461758000", - "frame.time_delta": "0.947045000", - "frame.time_delta_displayed": "0.947045000", - "frame.time_relative": "2350.001072000", - "frame.number": "8463", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000a963", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00000de8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "58389", - "udp.port": "1900", - "udp.port": "58389", - "udp.length": "305", - "udp.checksum": "0x0000e105", - "udp.checksum.status": "2", - "udp.stream": "158" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "16", - "http.prev_response_in": "8462" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:41.514759000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495941.514759000", - "frame.time_delta": "0.053001000", - "frame.time_delta_displayed": "0.053001000", - "frame.time_relative": "2350.054073000", - "frame.number": "8464", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000a964", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00000dde", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "58389", - "udp.port": "1900", - "udp.port": "58389", - "udp.length": "314", - "udp.checksum": "0x0000eef0", - "udp.checksum.status": "2", - "udp.stream": "158" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "17", - "http.prev_response_in": "8463" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:41.567565000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495941.567565000", - "frame.time_delta": "0.052806000", - "frame.time_delta_displayed": "0.052806000", - "frame.time_relative": "2350.106879000", - "frame.number": "8465", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000a968", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00000de0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "58389", - "udp.port": "1900", - "udp.port": "58389", - "udp.length": "308", - "udp.checksum": "0x0000127b", - "udp.checksum.status": "2", - "udp.stream": "158" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "18", - "http.prev_response_in": "8464" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:42.146310000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495942.146310000", - "frame.time_delta": "0.578745000", - "frame.time_delta_displayed": "0.578745000", - "frame.time_relative": "2350.685624000", - "frame.number": "8466", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000a982", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00000dc9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "58389", - "udp.port": "1900", - "udp.port": "58389", - "udp.length": "305", - "udp.checksum": "0x0000e105", - "udp.checksum.status": "2", - "udp.stream": "158" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "19", - "http.prev_response_in": "8465" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:42.198681000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495942.198681000", - "frame.time_delta": "0.052371000", - "frame.time_delta_displayed": "0.052371000", - "frame.time_relative": "2350.737995000", - "frame.number": "8467", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000a986", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00000dbc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "58389", - "udp.port": "1900", - "udp.port": "58389", - "udp.length": "314", - "udp.checksum": "0x0000eef0", - "udp.checksum.status": "2", - "udp.stream": "158" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "20", - "http.prev_response_in": "8466" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:42.251536000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495942.251536000", - "frame.time_delta": "0.052855000", - "frame.time_delta_displayed": "0.052855000", - "frame.time_relative": "2350.790850000", - "frame.number": "8468", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000a98b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00000dbd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "58389", - "udp.port": "1900", - "udp.port": "58389", - "udp.length": "308", - "udp.checksum": "0x0000127b", - "udp.checksum.status": "2", - "udp.stream": "158" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "21", - "http.prev_response_in": "8467" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:43.198593000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495943.198593000", - "frame.time_delta": "0.947057000", - "frame.time_delta_displayed": "0.947057000", - "frame.time_relative": "2351.737907000", - "frame.number": "8469", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000a9e4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00000d67", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "58389", - "udp.port": "1900", - "udp.port": "58389", - "udp.length": "305", - "udp.checksum": "0x0000e105", - "udp.checksum.status": "2", - "udp.stream": "158" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "22", - "http.prev_response_in": "8468" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:43.251412000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495943.251412000", - "frame.time_delta": "0.052819000", - "frame.time_delta_displayed": "0.052819000", - "frame.time_relative": "2351.790726000", - "frame.number": "8470", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000a9e5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00000d5d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "58389", - "udp.port": "1900", - "udp.port": "58389", - "udp.length": "314", - "udp.checksum": "0x0000eef0", - "udp.checksum.status": "2", - "udp.stream": "158" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "23", - "http.prev_response_in": "8469" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:43.304237000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495943.304237000", - "frame.time_delta": "0.052825000", - "frame.time_delta_displayed": "0.052825000", - "frame.time_relative": "2351.843551000", - "frame.number": "8471", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000a9e6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00000d62", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "58389", - "udp.port": "1900", - "udp.port": "58389", - "udp.length": "308", - "udp.checksum": "0x0000127b", - "udp.checksum.status": "2", - "udp.stream": "158" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "24", - "http.prev_response_in": "8470" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:44.727292000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495944.727292000", - "frame.time_delta": "1.423055000", - "frame.time_delta_displayed": "1.423055000", - "frame.time_relative": "2353.266606000", - "frame.number": "8472", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00002054", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b79c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000155a", - "udp.checksum.status": "2", - "udp.stream": "150" - }, - "mdns": { - "dns.id": "0x00000298", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=664", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:44.727713000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495944.727713000", - "frame.time_delta": "0.000421000", - "frame.time_delta_displayed": "0.000421000", - "frame.time_relative": "2353.267027000", - "frame.number": "8473", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00002055", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009897", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f655", - "udp.checksum.status": "2", - "udp.stream": "151" - }, - "mdns": { - "dns.id": "0x00000298", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=664", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:25:44.728240000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495944.728240000", - "frame.time_delta": "0.000527000", - "frame.time_delta_displayed": "0.000527000", - "frame.time_relative": "2353.267554000", - "frame.number": "8474", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1325", - "udp.dstport": "5353", - "udp.port": "1325", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000841b", - "udp.checksum.status": "2", - "udp.stream": "152" - }, - "mdns": { - "dns.id": "0x00000298", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=664", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:26:01.448477000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495961.448477000", - "frame.time_delta": "16.720237000", - "frame.time_delta_displayed": "16.720237000", - "frame.time_relative": "2369.987791000", - "frame.number": "8475", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "50:c7:bf:59:d5:84", - "eth.src_tree": { - "eth.src_resolved": "Tp-LinkT_59:d5:84", - "eth.addr": "50:c7:bf:59:d5:84", - "eth.addr_resolved": "Tp-LinkT_59:d5:84", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "50:c7:bf:59:d5:84", - "arp.src.proto_ipv4": "192.168.0.221", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:26:01.768202000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495961.768202000", - "frame.time_delta": "0.319725000", - "frame.time_delta_displayed": "0.319725000", - "frame.time_relative": "2370.307516000", - "frame.number": "8476", - "frame.len": "20", - "frame.cap_len": "20", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:llc" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.len": "6" - }, - "llc": { - "llc.dsap": "0x00000000", - "llc.dsap_tree": { - "llc.dsap.sap": "0", - "llc.dsap.ig": "0" - }, - "llc.ssap": "0x00000001", - "llc.ssap_tree": { - "llc.ssap.sap": "0", - "llc.ssap.cr": "1" - }, - "llc.control": "0x000000af", - "llc.control_tree": { - "llc.control.u_modifier_resp": "0x0000002b", - "llc.control.ftype": "0x00000003" - } - }, - "basicxid": { - "basicxid.llc.xid.format": "0x00000081", - "basicxid.llc.xid.types": "0x00000001", - "basicxid.llc.xid.wsize": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:26:02.020860000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495962.020860000", - "frame.time_delta": "0.252658000", - "frame.time_delta_displayed": "0.252658000", - "frame.time_relative": "2370.560174000", - "frame.number": "8477", - "frame.len": "350", - "frame.cap_len": "350", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:bootp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "336", - "ip.id": "0x00000000", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ba9d", - "ip.checksum.status": "2", - "ip.src": "0.0.0.0", - "ip.addr": "0.0.0.0", - "ip.src_host": "0.0.0.0", - "ip.host": "0.0.0.0", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "68", - "udp.dstport": "67", - "udp.port": "68", - "udp.port": "67", - "udp.length": "316", - "udp.checksum": "0x00004f9e", - "udp.checksum.status": "2", - "udp.stream": "3" - }, - "bootp": { - "bootp.type": "1", - "bootp.hw.type": "0x00000001", - "bootp.hw.len": "6", - "bootp.hops": "0", - "bootp.id": "0xabcd0001", - "bootp.secs": "0", - "bootp.flags": "0x00000000", - "bootp.flags_tree": { - "bootp.flags.bc": "0", - "bootp.flags.reserved": "0x00000000" - }, - "bootp.ip.client": "0.0.0.0", - "bootp.ip.your": "0.0.0.0", - "bootp.ip.server": "0.0.0.0", - "bootp.ip.relay": "0.0.0.0", - "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", - "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", - "bootp.server": "", - "bootp.file": "", - "bootp.dhcp": "1", - "bootp.cookie": "99.130.83.99", - "bootp.option.type": "53", - "bootp.option.type_tree": { - "bootp.option.length": "1", - "bootp.option.value": "01", - "bootp.option.dhcp": "1" - }, - "bootp.option.type": "12", - "bootp.option.type_tree": { - "bootp.option.length": "14", - "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", - "bootp.option.hostname": "USR-WIFI232-G2" - }, - "bootp.option.type": "57", - "bootp.option.type_tree": { - "bootp.option.length": "2", - "bootp.option.value": "05:dc", - "bootp.option.dhcp_max_message_size": "1500" - }, - "bootp.option.type": "55", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "01:03:1c:06", - "bootp.option.request_list_item": "1", - "bootp.option.request_list_item": "3", - "bootp.option.request_list_item": "28", - "bootp.option.request_list_item": "6" - }, - "bootp.option.type": "0", - "bootp.option.type_tree": { - "bootp.option.end": "255" - }, - "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:26:02.037773000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495962.037773000", - "frame.time_delta": "0.016913000", - "frame.time_delta_displayed": "0.016913000", - "frame.time_relative": "2370.577087000", - "frame.number": "8478", - "frame.len": "350", - "frame.cap_len": "350", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:bootp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "336", - "ip.id": "0x00000001", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ba9c", - "ip.checksum.status": "2", - "ip.src": "0.0.0.0", - "ip.addr": "0.0.0.0", - "ip.src_host": "0.0.0.0", - "ip.host": "0.0.0.0", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "68", - "udp.dstport": "67", - "udp.port": "68", - "udp.port": "67", - "udp.length": "316", - "udp.checksum": "0x000080b3", - "udp.checksum.status": "2", - "udp.stream": "3" - }, - "bootp": { - "bootp.type": "1", - "bootp.hw.type": "0x00000001", - "bootp.hw.len": "6", - "bootp.hops": "0", - "bootp.id": "0xabcd0002", - "bootp.secs": "0", - "bootp.flags": "0x00000000", - "bootp.flags_tree": { - "bootp.flags.bc": "0", - "bootp.flags.reserved": "0x00000000" - }, - "bootp.ip.client": "0.0.0.0", - "bootp.ip.your": "0.0.0.0", - "bootp.ip.server": "0.0.0.0", - "bootp.ip.relay": "0.0.0.0", - "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", - "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", - "bootp.server": "", - "bootp.file": "", - "bootp.dhcp": "1", - "bootp.cookie": "99.130.83.99", - "bootp.option.type": "53", - "bootp.option.type_tree": { - "bootp.option.length": "1", - "bootp.option.value": "03", - "bootp.option.dhcp": "3" - }, - "bootp.option.type": "12", - "bootp.option.type_tree": { - "bootp.option.length": "14", - "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", - "bootp.option.hostname": "USR-WIFI232-G2" - }, - "bootp.option.type": "57", - "bootp.option.type_tree": { - "bootp.option.length": "2", - "bootp.option.value": "05:dc", - "bootp.option.dhcp_max_message_size": "1500" - }, - "bootp.option.type": "50", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "c0:a8:00:72", - "bootp.option.requested_ip_address": "192.168.0.114" - }, - "bootp.option.type": "54", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "c0:a8:00:01", - "bootp.option.dhcp_server_id": "192.168.0.1" - }, - "bootp.option.type": "55", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "01:03:1c:06", - "bootp.option.request_list_item": "1", - "bootp.option.request_list_item": "3", - "bootp.option.request_list_item": "28", - "bootp.option.request_list_item": "6" - }, - "bootp.option.type": "0", - "bootp.option.type_tree": { - "bootp.option.end": "255" - }, - "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:26:02.119190000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495962.119190000", - "frame.time_delta": "0.081417000", - "frame.time_delta_displayed": "0.081417000", - "frame.time_relative": "2370.658504000", - "frame.number": "8479", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", - "arp.src.proto_ipv4": "0.0.0.0", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.114" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:26:02.436560000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495962.436560000", - "frame.time_delta": "0.317370000", - "frame.time_delta_displayed": "0.317370000", - "frame.time_relative": "2370.975874000", - "frame.number": "8480", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", - "arp.src.proto_ipv4": "0.0.0.0", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.114" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:26:03.813136000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495963.813136000", - "frame.time_delta": "1.376576000", - "frame.time_delta_displayed": "1.376576000", - "frame.time_relative": "2372.352450000", - "frame.number": "8481", - "frame.len": "418", - "frame.cap_len": "418", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "404", - "ip.id": "0x0000970f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007510", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "352", - "tcp.seq": "96579", - "tcp.nxtseq": "96931", - "tcp.ack": "19524", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000d685", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:4f:a8:a7:a3:ec:47", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2641832, TSecr 2812537927": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2641832", - "tcp.options.timestamp.tsecr": "2812537927" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "352", - "tcp.analysis.push_bytes_sent": "352" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "347", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:9e:af:d7:3d:d6:68:85:bc:4f:88:f1:26:7d:df:0b:ee:d1:a5:d6:a9:2b:ed:7b:71:86:fd:0f:15:d1:76:92:74:0f:eb:6a:8d:1e:2f:96:75:62:fe:a0:7a:f6:81:05:4b:ba:7b:bf:04:81:68:60:66:75:96:d0:93:ef:ac:3a:5d:fd:3e:fd:6f:b9:36:a8:fe:df:d5:1c:68:aa:c6:96:02:d1:a7:6c:ab:88:84:90:03:a4:0b:ad:de:8c:3b:53:e8:fe:ea:76:7d:52:8c:01:f5:70:5a:1b:7f:21:ab:56:01:cb:83:88:f3:c1:98:94:a6:98:99:a4:a6:34:06:22:d1:17:fe:87:75:d4:7d:a3:37:95:39:96:be:36:df:50:42:92:5b:aa:ff:82:e5:c9:fd:67:37:f0:38:9b:d3:96:b5:aa:c6:fb:df:cf:0d:51:6e:57:8d:3a:6f:32:b1:35:7c:1e:65:d4:8d:a3:8a:a4:af:51:45:a5:8c:32:33:d8:bc:3f:90:b9:2b:fc:5a:58:28:87:c6:5e:22:18:71:8e:27:1c:57:28:2f:18:4e:6c:35:d1:ef:74:2d:fa:1f:02:b9:a7:23:6c:aa:04:7d:91:ae:e5:f5:48:4d:23:a2:04:32:c8:4d:6d:04:f9:3f:6f:24:32:42:5a:4a:1f:03:16:17:26:f1:99:2c:0a:89:4d:90:5c:45:94:69:24:82:53:cc:85:c7:8f:b0:ca:22:f1:89:87:ce:d9:b4:1b:ce:6a:51:12:fb:66:38:59:0b:e1:c9:42:17:a8:07:55:8d:d4:ad:e2:b8:1c:5a:ef:95:23:32:cf:68:fc:51:04:fa:ac:1c:ae:1d:be:75:18:80:75:95:6b:68:a6:04:8b:df:a2:2f:28:d0:77:f1" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:26:03.874062000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495963.874062000", - "frame.time_delta": "0.060926000", - "frame.time_delta_displayed": "0.060926000", - "frame.time_relative": "2372.413376000", - "frame.number": "8482", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002dfb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003755", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "19524", - "tcp.nxtseq": "19571", - "tcp.ack": "96931", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00005f93", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a4:08:24:00:28:4f:a8", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812545060, TSecr 2641832": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812545060", - "tcp.options.timestamp.tsecr": "2641832" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8481", - "tcp.analysis.ack_rtt": "0.060926000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:de:69:2b:cd:af:ec:df:92:78:a7:ad:0e:a9:d6:74:9f:78:7e:db:27:27:ac:22:33:2d:54:29:09:ff:9c:50:16:6b:cb:2c" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:26:03.874516000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495963.874516000", - "frame.time_delta": "0.000454000", - "frame.time_delta_displayed": "0.000454000", - "frame.time_relative": "2372.413830000", - "frame.number": "8483", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00009710", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000766f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "96931", - "tcp.ack": "19571", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000088ac", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:4f:ae:a7:a4:08:24", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2641838, TSecr 2812545060": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2641838", - "tcp.options.timestamp.tsecr": "2812545060" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8482", - "tcp.analysis.ack_rtt": "0.000454000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:26:04.253855000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495964.253855000", - "frame.time_delta": "0.379339000", - "frame.time_delta_displayed": "0.379339000", - "frame.time_relative": "2372.793169000", - "frame.number": "8484", - "frame.len": "94", - "frame.cap_len": "94", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "80", - "ip.id": "0x00005838", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a631", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "40", - "tcp.seq": "5278", - "tcp.nxtseq": "5318", - "tcp.ack": "793", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00005928", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "40", - "tcp.analysis.push_bytes_sent": "40" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "35", - "ssl.app_data": "c1:4c:bc:6e:d4:4e:36:f1:3c:69:ec:87:98:57:ac:1a:c8:f5:df:03:bb:ab:1e:d5:cb:2e:3f:fe:e0:63:52:06:70:e7:87" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:26:04.396969000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495964.396969000", - "frame.time_delta": "0.143114000", - "frame.time_delta_displayed": "0.143114000", - "frame.time_relative": "2372.936283000", - "frame.number": "8485", - "frame.len": "90", - "frame.cap_len": "90", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "76", - "ip.id": "0x00001019", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fd54", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "36", - "tcp.seq": "793", - "tcp.nxtseq": "829", - "tcp.ack": "5318", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00009c70", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8484", - "tcp.analysis.ack_rtt": "0.143114000", - "tcp.analysis.bytes_in_flight": "36", - "tcp.analysis.push_bytes_sent": "36" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "31", - "ssl.app_data": "54:26:79:5a:1e:3d:fa:76:9a:c7:29:ce:8b:b1:00:95:96:af:b9:06:63:54:a5:6c:ba:e6:64:54:43:5f:c6" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:26:04.397482000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495964.397482000", - "frame.time_delta": "0.000513000", - "frame.time_delta_displayed": "0.000513000", - "frame.time_relative": "2372.936796000", - "frame.number": "8486", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005839", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a658", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "5318", - "tcp.ack": "829", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000eebd", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8485", - "tcp.analysis.ack_rtt": "0.000513000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:26:05.724573000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495965.724573000", - "frame.time_delta": "1.327091000", - "frame.time_delta_displayed": "1.327091000", - "frame.time_relative": "2374.263887000", - "frame.number": "8487", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x0000ad14", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00001c43", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:26:05.777579000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495965.777579000", - "frame.time_delta": "0.053006000", - "frame.time_delta_displayed": "0.053006000", - "frame.time_relative": "2374.316893000", - "frame.number": "8488", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x0000ad16", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00001c41", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:26:05.830553000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495965.830553000", - "frame.time_delta": "0.052974000", - "frame.time_delta_displayed": "0.052974000", - "frame.time_relative": "2374.369867000", - "frame.number": "8489", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x0000ad1b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00001c33", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:26:05.883499000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495965.883499000", - "frame.time_delta": "0.052946000", - "frame.time_delta_displayed": "0.052946000", - "frame.time_relative": "2374.422813000", - "frame.number": "8490", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x0000ad1d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00001c31", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:26:05.936383000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495965.936383000", - "frame.time_delta": "0.052884000", - "frame.time_delta_displayed": "0.052884000", - "frame.time_relative": "2374.475697000", - "frame.number": "8491", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x0000ad20", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00001c34", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:26:05.989257000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495965.989257000", - "frame.time_delta": "0.052874000", - "frame.time_delta_displayed": "0.052874000", - "frame.time_relative": "2374.528571000", - "frame.number": "8492", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x0000ad25", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00001c2f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:26:06.852018000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495966.852018000", - "frame.time_delta": "0.862761000", - "frame.time_delta_displayed": "0.862761000", - "frame.time_relative": "2375.391332000", - "frame.number": "8493", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005f86", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x00005863", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:26:07.133672000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495967.133672000", - "frame.time_delta": "0.281654000", - "frame.time_delta_displayed": "0.281654000", - "frame.time_relative": "2375.672986000", - "frame.number": "8494", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", - "arp.src.proto_ipv4": "192.168.0.114", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:26:08.880386000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495968.880386000", - "frame.time_delta": "1.746714000", - "frame.time_delta_displayed": "1.746714000", - "frame.time_relative": "2377.419700000", - "frame.number": "8495", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.242" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:26:08.880827000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495968.880827000", - "frame.time_delta": "0.000441000", - "frame.time_delta_displayed": "0.000441000", - "frame.time_relative": "2377.420141000", - "frame.number": "8496", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "d0:52:a8:a3:60:0f", - "arp.src.proto_ipv4": "192.168.0.242", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:26:09.400610000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495969.400610000", - "frame.time_delta": "0.519783000", - "frame.time_delta_displayed": "0.519783000", - "frame.time_relative": "2377.939924000", - "frame.number": "8497", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.160" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:26:09.401012000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495969.401012000", - "frame.time_delta": "0.000402000", - "frame.time_delta_displayed": "0.000402000", - "frame.time_relative": "2377.940326000", - "frame.number": "8498", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "00:17:88:69:ee:e4", - "arp.src.proto_ipv4": "192.168.0.160", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:26:09.725991000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495969.725991000", - "frame.time_delta": "0.324979000", - "frame.time_delta_displayed": "0.324979000", - "frame.time_relative": "2378.265305000", - "frame.number": "8499", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00002059", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b797", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00001459", - "udp.checksum.status": "2", - "udp.stream": "150" - }, - "mdns": { - "dns.id": "0x00000299", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=665", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:26:09.726426000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495969.726426000", - "frame.time_delta": "0.000435000", - "frame.time_delta_displayed": "0.000435000", - "frame.time_relative": "2378.265740000", - "frame.number": "8500", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x0000205a", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009892", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f554", - "udp.checksum.status": "2", - "udp.stream": "151" - }, - "mdns": { - "dns.id": "0x00000299", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=665", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:26:09.726938000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495969.726938000", - "frame.time_delta": "0.000512000", - "frame.time_delta_displayed": "0.000512000", - "frame.time_relative": "2378.266252000", - "frame.number": "8501", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1325", - "udp.dstport": "5353", - "udp.port": "1325", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000831a", - "udp.checksum.status": "2", - "udp.stream": "152" - }, - "mdns": { - "dns.id": "0x00000299", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=665", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:26:14.726211000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495974.726211000", - "frame.time_delta": "4.999273000", - "frame.time_delta_displayed": "4.999273000", - "frame.time_relative": "2383.265525000", - "frame.number": "8502", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x0000205b", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b795", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00001459", - "udp.checksum.status": "2", - "udp.stream": "150" - }, - "mdns": { - "dns.id": "0x00000299", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=665", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:26:14.727782000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495974.727782000", - "frame.time_delta": "0.001571000", - "frame.time_delta_displayed": "0.001571000", - "frame.time_relative": "2383.267096000", - "frame.number": "8503", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x0000205c", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009890", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f554", - "udp.checksum.status": "2", - "udp.stream": "151" - }, - "mdns": { - "dns.id": "0x00000299", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=665", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:26:14.728177000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495974.728177000", - "frame.time_delta": "0.000395000", - "frame.time_delta_displayed": "0.000395000", - "frame.time_relative": "2383.267491000", - "frame.number": "8504", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1325", - "udp.dstport": "5353", - "udp.port": "1325", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000831a", - "udp.checksum.status": "2", - "udp.stream": "152" - }, - "mdns": { - "dns.id": "0x00000299", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=665", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:26:17.506348000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495977.506348000", - "frame.time_delta": "2.778171000", - "frame.time_delta_displayed": "2.778171000", - "frame.time_relative": "2386.045662000", - "frame.number": "8505", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "60:f1:89:96:45:f6", - "arp.src.proto_ipv4": "192.168.0.86", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:26:19.726040000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495979.726040000", - "frame.time_delta": "2.219692000", - "frame.time_delta_displayed": "2.219692000", - "frame.time_relative": "2388.265354000", - "frame.number": "8506", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x0000205f", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b791", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00001459", - "udp.checksum.status": "2", - "udp.stream": "150" - }, - "mdns": { - "dns.id": "0x00000299", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=665", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:26:19.726568000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495979.726568000", - "frame.time_delta": "0.000528000", - "frame.time_delta_displayed": "0.000528000", - "frame.time_relative": "2388.265882000", - "frame.number": "8507", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00002060", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000988c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f554", - "udp.checksum.status": "2", - "udp.stream": "151" - }, - "mdns": { - "dns.id": "0x00000299", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=665", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:26:19.727192000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495979.727192000", - "frame.time_delta": "0.000624000", - "frame.time_delta_displayed": "0.000624000", - "frame.time_relative": "2388.266506000", - "frame.number": "8508", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1325", - "udp.dstport": "5353", - "udp.port": "1325", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000831a", - "udp.checksum.status": "2", - "udp.stream": "152" - }, - "mdns": { - "dns.id": "0x00000299", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=665", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:26:25.344543000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495985.344543000", - "frame.time_delta": "5.617351000", - "frame.time_delta_displayed": "5.617351000", - "frame.time_relative": "2393.883857000", - "frame.number": "8509", - "frame.len": "80", - "frame.cap_len": "80", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "66", - "ip.id": "0x00000bc8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ecfa", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "46", - "udp.checksum": "0x00000aa1", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "26:00:00:54:42:52:4b:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:00:04:57:7a:aa:99:ce:f2:14:6f:00:00:00:b9:0c", - "data.len": "38" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:26:28.850107000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495988.850107000", - "frame.time_delta": "3.505564000", - "frame.time_delta_displayed": "3.505564000", - "frame.time_relative": "2397.389421000", - "frame.number": "8510", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "3c:ef:8c:6f:79:5a", - "eth.src_tree": { - "eth.src_resolved": "Zhejiang_6f:79:5a", - "eth.addr": "3c:ef:8c:6f:79:5a", - "eth.addr_resolved": "Zhejiang_6f:79:5a", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.isgratuitous": "1", - "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", - "arp.src.proto_ipv4": "192.168.0.71", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.71" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:26:31.257540000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495991.257540000", - "frame.time_delta": "2.407433000", - "frame.time_delta_displayed": "2.407433000", - "frame.time_relative": "2399.796854000", - "frame.number": "8511", - "frame.len": "412", - "frame.cap_len": "412", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "398", - "ip.id": "0x00009711", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007514", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "346", - "tcp.seq": "96931", - "tcp.nxtseq": "97277", - "tcp.ack": "19571", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00001686", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:5a:60:a7:a4:08:24", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2644576, TSecr 2812545060": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2644576", - "tcp.options.timestamp.tsecr": "2812545060" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "346", - "tcp.analysis.push_bytes_sent": "346" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "341", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:9f:10:17:a9:af:3d:a9:d7:ee:17:fb:ce:05:e2:f9:11:8d:c5:43:3b:b9:1a:8f:8c:6e:84:b2:d3:a3:0f:57:9a:0e:75:bd:28:80:18:60:96:84:c8:24:42:83:dd:5a:1f:03:80:23:0d:24:99:ec:2a:0b:20:8d:39:7e:62:93:1e:99:d0:d7:4d:62:91:e8:91:10:3a:92:e8:3f:78:aa:d7:23:5e:95:68:8c:b0:30:3a:8b:d6:cd:be:01:66:2a:ae:71:99:e2:25:e5:06:f7:c7:8c:64:c2:87:e8:bd:94:68:6e:e1:4e:ed:3c:aa:aa:dd:5f:b9:3b:a8:aa:bd:c1:8e:59:cb:48:b9:ba:99:c4:dc:58:1c:5e:39:bd:e3:3b:bc:c9:20:e5:ac:bb:db:ff:4c:95:42:eb:04:64:55:d5:37:15:14:7d:1d:90:aa:3a:91:d1:21:88:4e:ef:0c:78:4f:af:cf:b9:34:b7:a9:25:38:42:78:ec:df:75:35:82:0d:61:09:10:85:0b:79:b7:15:22:49:a0:2b:ab:08:d3:e9:e7:95:a1:68:37:6f:f3:81:30:d1:b9:03:97:d6:9b:72:46:1d:ce:ec:00:0b:13:22:08:fd:98:de:bb:04:1d:a0:72:02:7d:99:d0:fc:66:44:11:51:81:3c:44:7d:76:3d:42:79:c2:a6:6f:b0:a5:38:c3:86:e2:fe:81:ff:69:00:3f:4a:a3:2e:53:1c:e5:f7:c3:26:a8:e5:d1:3b:1c:ae:9f:90:39:81:a1:94:69:de:9b:3c:dc:28:e8:a3:bf:a1:9a:49:75:24:54:2f:ce:12:7a:73:2c:6d:5c:af:ba:1f:8e:15:99:f6:f8:16:35:e5:99:5d:16:df:10:99" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:26:31.318254000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495991.318254000", - "frame.time_delta": "0.060714000", - "frame.time_delta_displayed": "0.060714000", - "frame.time_relative": "2399.857568000", - "frame.number": "8512", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002dfc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003754", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "19571", - "tcp.nxtseq": "19618", - "tcp.ack": "97277", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00005d47", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a4:22:f2:00:28:5a:60", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812551922, TSecr 2644576": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812551922", - "tcp.options.timestamp.tsecr": "2644576" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8511", - "tcp.analysis.ack_rtt": "0.060714000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:df:bb:07:31:6e:bc:1f:d1:54:0d:a2:0b:73:38:5c:a3:f3:fc:ac:50:2a:6b:89:65:73:99:63:51:af:0f:d9:40:8d:b8:18" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:26:31.318663000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495991.318663000", - "frame.time_delta": "0.000409000", - "frame.time_delta_displayed": "0.000409000", - "frame.time_relative": "2399.857977000", - "frame.number": "8513", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00009712", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000766d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "97277", - "tcp.ack": "19618", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000619c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:5a:67:a7:a4:22:f2", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2644583, TSecr 2812551922": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2644583", - "tcp.options.timestamp.tsecr": "2812551922" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8512", - "tcp.analysis.ack_rtt": "0.000409000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:26:34.497900000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495994.497900000", - "frame.time_delta": "3.179237000", - "frame.time_delta_displayed": "3.179237000", - "frame.time_relative": "2403.037214000", - "frame.number": "8514", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000583a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a657", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "5317", - "tcp.ack": "829", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000eebe", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive": "", - "_ws.expert.message": "TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:26:34.641149000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495994.641149000", - "frame.time_delta": "0.143249000", - "frame.time_delta_displayed": "0.143249000", - "frame.time_relative": "2403.180463000", - "frame.number": "8515", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000101a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fd77", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "829", - "tcp.ack": "5318", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f933", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive_ack": "", - "_ws.expert.message": "ACK to a TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:26:36.854433000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495996.854433000", - "frame.time_delta": "2.213284000", - "frame.time_delta_displayed": "2.213284000", - "frame.time_relative": "2405.393747000", - "frame.number": "8516", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005f8d", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x0000585c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:26:39.507824000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495999.507824000", - "frame.time_delta": "2.653391000", - "frame.time_delta_displayed": "2.653391000", - "frame.time_relative": "2408.047138000", - "frame.number": "8517", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "00:17:88:69:ee:e4", - "arp.src.proto_ipv4": "192.168.0.160", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:26:39.507964000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509495999.507964000", - "frame.time_delta": "0.000140000", - "frame.time_delta_displayed": "0.000140000", - "frame.time_relative": "2408.047278000", - "frame.number": "8518", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:17:88:69:ee:e4", - "arp.dst.proto_ipv4": "192.168.0.160" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:26:58.819396000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496018.819396000", - "frame.time_delta": "19.311432000", - "frame.time_delta_displayed": "19.311432000", - "frame.time_relative": "2427.358710000", - "frame.number": "8519", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x0000bc79", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00000cde", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:26:58.872198000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496018.872198000", - "frame.time_delta": "0.052802000", - "frame.time_delta_displayed": "0.052802000", - "frame.time_relative": "2427.411512000", - "frame.number": "8520", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x0000bc7c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00000cdb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:26:58.925070000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496018.925070000", - "frame.time_delta": "0.052872000", - "frame.time_delta_displayed": "0.052872000", - "frame.time_relative": "2427.464384000", - "frame.number": "8521", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x0000bc7d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00000cd1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:26:58.977940000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496018.977940000", - "frame.time_delta": "0.052870000", - "frame.time_delta_displayed": "0.052870000", - "frame.time_relative": "2427.517254000", - "frame.number": "8522", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x0000bc7f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00000ccf", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:26:59.030817000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496019.030817000", - "frame.time_delta": "0.052877000", - "frame.time_delta_displayed": "0.052877000", - "frame.time_relative": "2427.570131000", - "frame.number": "8523", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x0000bc81", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00000cd3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:26:59.083649000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496019.083649000", - "frame.time_delta": "0.052832000", - "frame.time_delta_displayed": "0.052832000", - "frame.time_relative": "2427.622963000", - "frame.number": "8524", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x0000bc82", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00000cd2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:02.337641000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496022.337641000", - "frame.time_delta": "3.253992000", - "frame.time_delta_displayed": "3.253992000", - "frame.time_relative": "2430.876955000", - "frame.number": "8525", - "frame.len": "115", - "frame.cap_len": "115", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "101", - "ip.id": "0x00009713", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000763b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "49", - "tcp.seq": "97277", - "tcp.nxtseq": "97326", - "tcp.ack": "19618", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000cc8a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:66:85:a7:a4:22:f2", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2647685, TSecr 2812551922": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2647685", - "tcp.options.timestamp.tsecr": "2812551922" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "49", - "tcp.analysis.push_bytes_sent": "49" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "44", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:a0:44:43:81:af:f4:fe:e6:f6:fb:ab:06:e9:e5:5f:d2:7b:57:e8:e0:39:63:3a:bc:ab:35:25:d1:25:14:eb:85:3e:78:37:cb:d8" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:02.448320000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496022.448320000", - "frame.time_delta": "0.110679000", - "frame.time_delta_displayed": "0.110679000", - "frame.time_relative": "2430.987634000", - "frame.number": "8526", - "frame.len": "121", - "frame.cap_len": "121", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "107", - "ip.id": "0x00002dfd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000374b", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "55", - "tcp.seq": "19618", - "tcp.nxtseq": "19673", - "tcp.ack": "97326", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00000cef", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a4:41:4c:00:28:66:85", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812559692, TSecr 2647685": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812559692", - "tcp.options.timestamp.tsecr": "2647685" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8525", - "tcp.analysis.ack_rtt": "0.110679000", - "tcp.analysis.bytes_in_flight": "55", - "tcp.analysis.push_bytes_sent": "55" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "50", - "ssl.app_data": "34:cd:34:17:47:48:0e:e0:fd:7a:08:86:7e:6f:32:28:8c:49:38:29:89:a0:cf:3f:dd:6f:54:20:8a:8c:3a:05:7c:81:03:7a:bf:0e:c1:28:cd:a7:94:3b:f6:90:48:76:86:a6" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:02.448784000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496022.448784000", - "frame.time_delta": "0.000464000", - "frame.time_delta_displayed": "0.000464000", - "frame.time_relative": "2430.988098000", - "frame.number": "8527", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00009714", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000766b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "97326", - "tcp.ack": "19673", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000036b1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:66:90:a7:a4:41:4c", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2647696, TSecr 2812559692": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2647696", - "tcp.options.timestamp.tsecr": "2812559692" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8526", - "tcp.analysis.ack_rtt": "0.000464000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:04.637849000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496024.637849000", - "frame.time_delta": "2.189065000", - "frame.time_delta_displayed": "2.189065000", - "frame.time_relative": "2433.177163000", - "frame.number": "8528", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000583b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a656", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "5317", - "tcp.ack": "829", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000eebe", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive": "", - "_ws.expert.message": "TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:04.730567000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496024.730567000", - "frame.time_delta": "0.092718000", - "frame.time_delta_displayed": "0.092718000", - "frame.time_relative": "2433.269881000", - "frame.number": "8529", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00002064", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b78c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00001358", - "udp.checksum.status": "2", - "udp.stream": "150" - }, - "mdns": { - "dns.id": "0x0000029a", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=666", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:04.731079000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496024.731079000", - "frame.time_delta": "0.000512000", - "frame.time_delta_displayed": "0.000512000", - "frame.time_relative": "2433.270393000", - "frame.number": "8530", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00002065", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009887", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f453", - "udp.checksum.status": "2", - "udp.stream": "151" - }, - "mdns": { - "dns.id": "0x0000029a", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=666", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:04.731710000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496024.731710000", - "frame.time_delta": "0.000631000", - "frame.time_delta_displayed": "0.000631000", - "frame.time_relative": "2433.271024000", - "frame.number": "8531", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1325", - "udp.dstport": "5353", - "udp.port": "1325", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00008219", - "udp.checksum.status": "2", - "udp.stream": "152" - }, - "mdns": { - "dns.id": "0x0000029a", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=666", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:04.781087000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496024.781087000", - "frame.time_delta": "0.049377000", - "frame.time_delta_displayed": "0.049377000", - "frame.time_relative": "2433.320401000", - "frame.number": "8532", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000101b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fd76", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "829", - "tcp.ack": "5318", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f933", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive_ack": "", - "_ws.expert.message": "ACK to a TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:06.904295000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496026.904295000", - "frame.time_delta": "2.123208000", - "frame.time_delta_displayed": "2.123208000", - "frame.time_relative": "2435.443609000", - "frame.number": "8533", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005f94", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x00005855", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:07.343431000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496027.343431000", - "frame.time_delta": "0.439136000", - "frame.time_delta_displayed": "0.439136000", - "frame.time_relative": "2435.882745000", - "frame.number": "8534", - "frame.len": "130", - "frame.cap_len": "130", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "116", - "ip.id": "0x00000bcb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ecc5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "96", - "udp.checksum": "0x000043a7", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "58:00:00:54:50:48:53:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:3e:c4:38:d0:71:a3:ce:f2:14:6b:00:00:00:78:27:e3:e3:14:2e:34:21:00:00:00:00:4c:49:46:58:20:30:32:34:31:64:61:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", - "data.len": "88" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:07.450224000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496027.450224000", - "frame.time_delta": "0.106793000", - "frame.time_delta_displayed": "0.106793000", - "frame.time_relative": "2435.989538000", - "frame.number": "8535", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.242" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:07.450667000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496027.450667000", - "frame.time_delta": "0.000443000", - "frame.time_delta_displayed": "0.000443000", - "frame.time_relative": "2435.989981000", - "frame.number": "8536", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "d0:52:a8:a3:60:0f", - "arp.src.proto_ipv4": "192.168.0.242", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:09.647792000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496029.647792000", - "frame.time_delta": "2.197125000", - "frame.time_delta_displayed": "2.197125000", - "frame.time_relative": "2438.187106000", - "frame.number": "8537", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "00:17:88:69:ee:e4", - "arp.src.proto_ipv4": "192.168.0.160", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:09.647977000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496029.647977000", - "frame.time_delta": "0.000185000", - "frame.time_delta_displayed": "0.000185000", - "frame.time_relative": "2438.187291000", - "frame.number": "8538", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:17:88:69:ee:e4", - "arp.dst.proto_ipv4": "192.168.0.160" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:09.730850000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496029.730850000", - "frame.time_delta": "0.082873000", - "frame.time_delta_displayed": "0.082873000", - "frame.time_relative": "2438.270164000", - "frame.number": "8539", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00002069", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b787", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00001358", - "udp.checksum.status": "2", - "udp.stream": "150" - }, - "mdns": { - "dns.id": "0x0000029a", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=666", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:09.731357000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496029.731357000", - "frame.time_delta": "0.000507000", - "frame.time_delta_displayed": "0.000507000", - "frame.time_relative": "2438.270671000", - "frame.number": "8540", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x0000206a", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009882", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f453", - "udp.checksum.status": "2", - "udp.stream": "151" - }, - "mdns": { - "dns.id": "0x0000029a", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=666", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:09.731971000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496029.731971000", - "frame.time_delta": "0.000614000", - "frame.time_delta_displayed": "0.000614000", - "frame.time_relative": "2438.271285000", - "frame.number": "8541", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1325", - "udp.dstport": "5353", - "udp.port": "1325", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00008219", - "udp.checksum.status": "2", - "udp.stream": "152" - }, - "mdns": { - "dns.id": "0x0000029a", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=666", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:10.243105000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496030.243105000", - "frame.time_delta": "0.511134000", - "frame.time_delta_displayed": "0.511134000", - "frame.time_relative": "2438.782419000", - "frame.number": "8542", - "frame.len": "92", - "frame.cap_len": "92", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "78", - "ip.id": "0x00000bcd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ece9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "58", - "udp.checksum": "0x000032b0", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "32:00:00:54:42:52:4b:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:00:c4:b5:aa:1e:a4:ce:f2:14:0d:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:ec:12", - "data.len": "50" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:14.731138000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496034.731138000", - "frame.time_delta": "4.488033000", - "frame.time_delta_displayed": "4.488033000", - "frame.time_relative": "2443.270452000", - "frame.number": "8543", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x0000206b", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b785", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00001358", - "udp.checksum.status": "2", - "udp.stream": "150" - }, - "mdns": { - "dns.id": "0x0000029a", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=666", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:14.731644000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496034.731644000", - "frame.time_delta": "0.000506000", - "frame.time_delta_displayed": "0.000506000", - "frame.time_relative": "2443.270958000", - "frame.number": "8544", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x0000206c", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009880", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f453", - "udp.checksum.status": "2", - "udp.stream": "151" - }, - "mdns": { - "dns.id": "0x0000029a", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=666", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:14.732243000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496034.732243000", - "frame.time_delta": "0.000599000", - "frame.time_delta_displayed": "0.000599000", - "frame.time_relative": "2443.271557000", - "frame.number": "8545", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1325", - "udp.dstport": "5353", - "udp.port": "1325", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00008219", - "udp.checksum.status": "2", - "udp.stream": "152" - }, - "mdns": { - "dns.id": "0x0000029a", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=666", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:20.007590000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496040.007590000", - "frame.time_delta": "5.275347000", - "frame.time_delta_displayed": "5.275347000", - "frame.time_relative": "2448.546904000", - "frame.number": "8546", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:f1:89:96:45:f6", - "eth.src_tree": { - "eth.src_resolved": "MurataMa_96:45:f6", - "eth.addr": "60:f1:89:96:45:f6", - "eth.addr_resolved": "MurataMa_96:45:f6", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "60:f1:89:96:45:f6", - "arp.src.proto_ipv4": "192.168.0.86", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:26.164506000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496046.164506000", - "frame.time_delta": "6.156916000", - "frame.time_delta_displayed": "6.156916000", - "frame.time_relative": "2454.703820000", - "frame.number": "8547", - "frame.len": "264", - "frame.cap_len": "264", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "250", - "ip.id": "0x00002dfe", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000036bb", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "198", - "tcp.seq": "19673", - "tcp.nxtseq": "19871", - "tcp.ack": "97326", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00000e1e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a4:58:81:00:28:66:90", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812565633, TSecr 2647696": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812565633", - "tcp.options.timestamp.tsecr": "2647696" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "198", - "tcp.analysis.push_bytes_sent": "198" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "193", - "ssl.app_data": "34:cd:34:17:47:48:0e:e1:3e:99:45:38:d1:c9:dc:6c:11:5d:8b:64:4e:5e:f3:0b:be:ab:da:da:9e:07:a2:63:39:a0:1b:28:3a:1e:30:ec:c5:21:1a:c4:f6:77:db:0a:98:f6:b9:c5:8a:ae:6b:6a:e3:15:f4:b9:1e:9c:3d:50:e1:80:42:a5:86:84:48:51:ac:aa:b3:5a:f2:06:71:88:aa:ed:8e:7c:6e:e5:50:f4:1f:c0:05:55:90:15:c1:f4:87:22:1d:f2:8a:ce:46:2d:fe:70:94:01:bb:ad:7d:a6:78:a4:16:58:4a:5b:7a:f6:4f:fe:cb:7a:7e:20:9c:c2:36:90:62:1d:96:7b:04:f3:53:1f:3b:c9:18:0a:dc:87:1e:eb:2a:31:3a:d7:c8:83:26:bc:69:f1:d3:18:c1:18:ea:49:55:52:6c:96:2f:63:13:cb:35:e1:76:4d:24:30:66:ef:5c:2c:78:12:a5:84:03:f5:a3:37:2d:ef:3b:44:17" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:26.165022000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496046.165022000", - "frame.time_delta": "0.000516000", - "frame.time_delta_displayed": "0.000516000", - "frame.time_relative": "2454.704336000", - "frame.number": "8548", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00009715", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000766a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "97326", - "tcp.ack": "19871", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00001573", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:6f:d3:a7:a4:58:81", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2650067, TSecr 2812565633": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2650067", - "tcp.options.timestamp.tsecr": "2812565633" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8547", - "tcp.analysis.ack_rtt": "0.000516000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:26.174407000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496046.174407000", - "frame.time_delta": "0.009385000", - "frame.time_delta_displayed": "0.009385000", - "frame.time_relative": "2454.713721000", - "frame.number": "8549", - "frame.len": "119", - "frame.cap_len": "119", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "105", - "ip.id": "0x00009716", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007634", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "53", - "tcp.seq": "97326", - "tcp.nxtseq": "97379", - "tcp.ack": "19871", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000084ad", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:6f:d4:a7:a4:58:81", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2650068, TSecr 2812565633": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2650068", - "tcp.options.timestamp.tsecr": "2812565633" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "53", - "tcp.analysis.push_bytes_sent": "53" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "48", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:a1:8d:ba:5e:aa:f7:8f:3a:b0:f2:f9:f9:2d:01:05:e1:d5:b9:a5:4d:43:c5:5b:ff:63:57:2e:91:b3:b7:ce:7d:33:72:f1:3b:24:9b:b2:44:ec" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:26.273873000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496046.273873000", - "frame.time_delta": "0.099466000", - "frame.time_delta_displayed": "0.099466000", - "frame.time_relative": "2454.813187000", - "frame.number": "8550", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002dff", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003780", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "19871", - "tcp.ack": "97379", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00001610", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a4:58:9d:00:28:6f:d4", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812565661, TSecr 2650068": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812565661", - "tcp.options.timestamp.tsecr": "2650068" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8549", - "tcp.analysis.ack_rtt": "0.099466000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:26.274499000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496046.274499000", - "frame.time_delta": "0.000626000", - "frame.time_delta_displayed": "0.000626000", - "frame.time_relative": "2454.813813000", - "frame.number": "8551", - "frame.len": "1442", - "frame.cap_len": "1442", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1428", - "ip.id": "0x00009717", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007108", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "1376", - "tcp.seq": "97379", - "tcp.nxtseq": "98755", - "tcp.ack": "19871", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000a5f5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:6f:de:a7:a4:58:9d", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2650078, TSecr 2812565661": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2650078", - "tcp.options.timestamp.tsecr": "2812565661" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "1376", - "tcp.analysis.push_bytes_sent": "1376" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:a2:65:49:88:5b:8b:24:5e:b2:8b:8c:d3:c6:7e:d0:3d:f6:43:0d:b3:6e:d4:15:02:16:ff:9a:a1:05:02:46:d2:fa:7e:8e:23:97:69:56:02:a8:02" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "96", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:a3:9f:04:89:c9:d2:2d:47:8f:c8:34:bf:41:ed:be:af:c3:34:5e:fa:80:58:9c:b9:96:73:f1:74:16:77:14:23:54:e1:cc:21:9c:ec:ab:bc:e1:ca:7e:4c:19:8c:dd:70:7b:c3:d9:f7:37:c9:5e:e8:92:bb:37:c0:54:0d:76:97:4c:bd:8d:de:4e:7e:09:6f:13:b4:39:88:b5:ed:b8:8f:9d:22:e1:54:7a:e3:3c:0a:95" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "1078", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:a4:e3:17:bd:4a:cc:b5:a1:a8:87:1a:1e:70:cb:a8:7d:26:df:b9:3d:15:35:4f:86:41:7d:60:9e:fc:a6:3c:65:c1:6c:91:36:ea:e3:1f:26:46:e0:9d:32:f2:45:f2:4c:ae:ee:47:30:8d:ea:b6:8c:a2:ec:74:6a:a7:e6:45:9c:f0:ab:44:e8:35:75:c4:6c:80:ba:e3:70:0e:66:f4:e3:f0:7e:7c:75:89:2d:87:be:c7:4b:74:28:f6:5d:04:82:d7:c3:b1:60:2c:94:e6:75:fa:d9:57:8a:57:0c:8b:62:53:d9:46:df:4a:05:99:c4:69:5d:46:e4:6c:71:29:9d:b8:2a:41:dc:47:06:94:67:92:d2:e3:1e:31:2a:db:dd:6b:7d:0b:8b:86:64:a1:a3:c2:df:2c:75:2e:ee:78:5d:26:98:12:87:2f:43:d0:53:c8:89:b1:08:68:af:24:79:a1:b3:b5:43:43:ca:12:70:99:90:a2:3a:54:b4:2f:cb:e4:bc:1e:0d:7e:a6:23:7e:18:b7:25:54:ec:67:94:07:35:96:7b:bf:6a:4b:14:60:b8:1d:d6:b8:ed:b5:3f:1b:c3:dd:a7:46:2d:63:80:e4:8f:c9:67:d2:6b:cd:d0:5b:26:7c:67:96:0d:26:76:6e:a5:e6:11:05:ef:86:0d:c6:82:e8:a6:d8:76:36:fb:91:cc:ec:05:30:f2:1a:45:ae:25:dc:9e:23:2c:e3:fc:17:6b:92:28:a6:9b:63:df:76:af:8c:9b:83:1b:c6:4c:ed:af:60:57:0d:6d:d8:74:c3:96:9a:7e:12:69:bf:f5:f0:98:ea:6b:07:07:ab:c4:a3:b3:6a:45:c9:66:5e:89:b5:94:cc:18:d0:84:1c:c9:7c:3f:8c:ea:b8:d2:d7:fa:5f:f9:88:93:f8:cb:5a:22:5e:c2:d1:5d:86:90:93:64:a3:61:20:97:3a:9a:bc:84:1c:54:9c:33:47:66:e7:c4:31:09:4c:d6:4b:40:fc:ef:6c:01:8d:d7:54:58:02:c5:9d:a2:0f:98:67:13:89:a1:22:b8:b4:57:5d:97:a1:d9:3e:ae:9d:24:d1:04:45:ab:8d:06:75:eb:30:4a:c2:0d:32:cb:66:a4:3b:cb:db:3d:a7:32:af:68:17:6d:90:ed:18:1f:72:33:43:eb:ca:51:b3:1e:c2:22:b8:fc:59:6d:30:04:3d:04:e9:b6:54:5c:cf:27:5e:31:0e:40:27:30:5c:0e:1c:a7:68:7e:2a:08:fa:42:1c:22:d6:9e:59:07:18:33:a2:77:08:14:a2:09:5d:2e:ad:b6:31:4e:03:c9:ed:34:70:11:d1:f3:9a:84:dc:f8:f5:51:c6:c9:48:8b:a3:c1:92:c4:64:22:a4:3e:b7:2b:63:f6:cd:2e:ce:1b:29:ad:16:c4:a2:c1:ca:c9:f4:a4:31:05:ef:a3:ea:89:28:a4:f0:7a:12:fb:bc:69:f4:4d:5b:f6:eb:2d:0f:cc:8f:d7:37:7d:5d:97:0f:5e:63:ba:8e:09:03:6a:98:b2:9a:b4:b2:50:71:f0:1f:0e:53:88:ce:52:c1:db:14:e0:22:a2:54:b4:dd:44:d2:1a:9c:46:cb:b8:4e:ac:1f:cf:e7:74:55:9b:38:f3:3d:64:17:cf:68:24:70:c2:65:b2:42:87:3d:10:70:33:d1:9b:24:01:67:a0:76:dc:5a:6c:56:0e:4c:6e:d1:b7:48:e1:f6:b9:a4:cc:d2:05:8f:b9:fa:7e:6a:28:d3:31:ac:fc:7a:3e:66:48:2e:2f:8e:9d:57:5f:94:19:6d:96:a8:7f:c0:7e:c8:ca:55:6b:b4:56:37:b2:7b:82:a5:17:15:71:7f:33:37:7e:f9:42:6a:46:a8:3a:f3:b5:13:7b:f1:47:01:98:43:e6:3a:73:e0:56:19:3f:3c:12:3b:18:43:44:25:ed:c2:d6:96:52:ea:2e:41:c2:2e:bb:ed:c9:9c:d7:4a:0f:9a:da:ab:12:20:86:2c:ed:f0:9b:05:c1:8d:26:d8:ed:02:0b:6c:c5:05:95:3d:b7:be:82:43:05:e9:f7:15:e6:19:0e:f0:1a:3e:b0:f8:9d:c1:15:bc:64:17:b6:98:e9:33:3f:c1:65:64:8b:0e:10:53:b1:b7:39:57:fe:77:78:9f:1a:cf:26:2d:12:65:09:4e:59:f3:30:25:1b:cf:26:6d:09:f7:1f:e2:42:64:b8:e8:97:2e:ca:c0:a9:5f:9b:69:42:0b:d4:1c:fd:36:82:27:10:a8:0f:3f:12:90:3d:bd:6d:74:ef:42:46:dc:10:dc:12:aa:1a:ae:76:3d:ae:6c:94:6e:31:dc:5f:e5:6a:a0:67:cc:ef:c5:01:ff:68:6e:cf:9d:17:51:b5:5b:3e:7c:82:f9:ff:fd:ee:07:6f:29:3a:5f:72:fe:63:1c:1d:90:93:a5:cf:22:06:03:d3:14:c5:c4:db:e4:a3:00:ea:f0:0a:ac:4f:d9:9a:c5:8d:b1:95:0c:73:3b:e6:a4:a1:f2:cc:3e:49:29:6e:54:52:bb:ea:11:d3:55:3b:98:ca:c3:77:2c:5e:49:99:85:d6:8e:f8:78:11:14:a6:9e:6d:6d:2f:28:c0:18:60:11:e2:27:74:f4:7e:73:8c:c6:8d:92:5b:24:14:11:8c:56:bd:43:db:64:72:ba:39:b9:34:00:4e:25:aa:50:f3:c5:c0:c5:2a:f6:14:df:5d:08:81:c8:ce:d4:28:c6:8b:ca:a7:db:aa:94:cd:57:91:68:be:90:26:b6:f9:f4:cd:52:7d:d0:29:4e:b3:3d:8f:c6:6e:b0:5a:e4:2b:a9:23" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "133", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:a5:97:38:9d:6c:e8:6b:11:46:dc:5d:11:73:a9:1c:6c:f1:2d:b6:eb:7a:10:f6:fb:99:d2:05:ce:09:8b:47:09:8c:72:44:c0:b0:3d:9c:55:5a:da:87:30:2c:72:56:1f:90:5e:68:c7:d0:6f:88:f9:b0:59:e2:5f:1e:15:7a:7f:4c:47:1d:35:a5:82:05:0d:98:f6:67:7a:e0:a6:24:b8:b4:4d:b5:90:68:8e:12:9d:58:9b:d5:60:ef:76:ce:23:e7:7b:58:16:e4:9f:47:c7:c7:03:0f:4d:4e:0b:5a:b7:56:5e:4a:92:e2:02:aa:ae:e8:64:a1:be:68:53" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:26.334899000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496046.334899000", - "frame.time_delta": "0.060400000", - "frame.time_delta_displayed": "0.060400000", - "frame.time_relative": "2454.874213000", - "frame.number": "8552", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002e00", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000377f", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "19871", - "tcp.ack": "98755", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00001097", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a4:58:ac:00:28:6f:de", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812565676, TSecr 2650078": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812565676", - "tcp.options.timestamp.tsecr": "2650078" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8551", - "tcp.analysis.ack_rtt": "0.060400000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:26.586961000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496046.586961000", - "frame.time_delta": "0.252062000", - "frame.time_delta_displayed": "0.252062000", - "frame.time_relative": "2455.126275000", - "frame.number": "8553", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "106", - "ip.id": "0x00009718", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007631", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "54", - "tcp.seq": "98755", - "tcp.nxtseq": "98809", - "tcp.ack": "19871", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000038aa", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:6f:fe:a7:a4:58:ac", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2650110, TSecr 2812565676": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2650110", - "tcp.options.timestamp.tsecr": "2812565676" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "54", - "tcp.analysis.push_bytes_sent": "54" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:a6:65:6c:54:b9:63:80:6b:a9:f8:94:30:25:7a:83:0c:bd:da:b9:aa:ed:c7:5b:c9:39:db:ff:a7:30:d9:9f:9c:31:ff:40:31:e0:cb:1d:44:60:f5" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:26.647371000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496046.647371000", - "frame.time_delta": "0.060410000", - "frame.time_delta_displayed": "0.060410000", - "frame.time_relative": "2455.186685000", - "frame.number": "8554", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002e01", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000377e", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "19871", - "tcp.ack": "98809", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00000ff3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a4:58:fa:00:28:6f:fe", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812565754, TSecr 2650110": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812565754", - "tcp.options.timestamp.tsecr": "2650110" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8553", - "tcp.analysis.ack_rtt": "0.060410000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:28.849328000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496048.849328000", - "frame.time_delta": "2.201957000", - "frame.time_delta_displayed": "2.201957000", - "frame.time_relative": "2457.388642000", - "frame.number": "8555", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "3c:ef:8c:6f:79:5a", - "eth.src_tree": { - "eth.src_resolved": "Zhejiang_6f:79:5a", - "eth.addr": "3c:ef:8c:6f:79:5a", - "eth.addr_resolved": "Zhejiang_6f:79:5a", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.isgratuitous": "1", - "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", - "arp.src.proto_ipv4": "192.168.0.71", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.71" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:30.428014000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496050.428014000", - "frame.time_delta": "1.578686000", - "frame.time_delta_displayed": "1.578686000", - "frame.time_relative": "2458.967328000", - "frame.number": "8556", - "frame.len": "168", - "frame.cap_len": "168", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "154", - "ip.id": "0x00002132", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e712", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "52117", - "udp.dstport": "1900", - "udp.port": "52117", - "udp.port": "1900", - "udp.length": "134", - "udp.checksum": "0x00004d48", - "udp.checksum.status": "2", - "udp.stream": "10" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "21", - "http.prev_request_in": "8360" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:30.809067000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496050.809067000", - "frame.time_delta": "0.381053000", - "frame.time_delta_displayed": "0.381053000", - "frame.time_relative": "2459.348381000", - "frame.number": "8557", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000ca13", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000ed37", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "305", - "udp.checksum": "0x0000f985", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "121", - "http.prev_response_in": "8418" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:30.817752000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496050.817752000", - "frame.time_delta": "0.008685000", - "frame.time_delta_displayed": "0.008685000", - "frame.time_relative": "2459.357066000", - "frame.number": "8558", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001d2a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005b3d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54905", - "tcp.dstport": "80", - "tcp.port": "54905", - "tcp.port": "80", - "tcp.stream": "327", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x00005649", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:30.818295000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496050.818295000", - "frame.time_delta": "0.000543000", - "frame.time_delta_displayed": "0.000543000", - "frame.time_relative": "2459.357609000", - "frame.number": "8559", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54905", - "tcp.port": "80", - "tcp.port": "54905", - "tcp.stream": "327", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000410f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8558", - "tcp.analysis.ack_rtt": "0.000543000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:30.825582000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496050.825582000", - "frame.time_delta": "0.007287000", - "frame.time_delta_displayed": "0.007287000", - "frame.time_relative": "2459.364896000", - "frame.number": "8560", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001d2b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005b48", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54905", - "tcp.dstport": "80", - "tcp.port": "54905", - "tcp.port": "80", - "tcp.stream": "327", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000f2ed", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8559", - "tcp.analysis.ack_rtt": "0.007287000", - "tcp.analysis.initial_rtt": "0.007830000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:30.826176000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496050.826176000", - "frame.time_delta": "0.000594000", - "frame.time_delta_displayed": "0.000594000", - "frame.time_relative": "2459.365490000", - "frame.number": "8561", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001d2c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005aa0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54905", - "tcp.dstport": "80", - "tcp.port": "54905", - "tcp.port": "80", - "tcp.stream": "327", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00000867", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.007830000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:30.826648000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496050.826648000", - "frame.time_delta": "0.000472000", - "frame.time_delta_displayed": "0.000472000", - "frame.time_relative": "2459.365962000", - "frame.number": "8562", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002fa2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000088d1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54905", - "tcp.port": "80", - "tcp.port": "54905", - "tcp.stream": "327", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000e47e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8561", - "tcp.analysis.ack_rtt": "0.000472000", - "tcp.analysis.initial_rtt": "0.007830000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:30.827224000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496050.827224000", - "frame.time_delta": "0.000576000", - "frame.time_delta_displayed": "0.000576000", - "frame.time_relative": "2459.366538000", - "frame.number": "8563", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00002fa3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000088bf", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54905", - "tcp.port": "80", - "tcp.port": "54905", - "tcp.stream": "327", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000024a0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.007830000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:30.827576000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496050.827576000", - "frame.time_delta": "0.000352000", - "frame.time_delta_displayed": "0.000352000", - "frame.time_relative": "2459.366890000", - "frame.number": "8564", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00002fa4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000084ec", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54905", - "tcp.port": "80", - "tcp.port": "54905", - "tcp.stream": "327", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00007709", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.007830000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "8563", - "tcp.segment": "8564", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001400000", - "http.request_in": "8561", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:30.827915000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496050.827915000", - "frame.time_delta": "0.000339000", - "frame.time_delta_displayed": "0.000339000", - "frame.time_relative": "2459.367229000", - "frame.number": "8565", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00002fa5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000084eb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54905", - "tcp.port": "80", - "tcp.port": "54905", - "tcp.stream": "327", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00007709", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.007830000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.out_of_order": "", - "_ws.expert.message": "This frame is a (suspected) out-of-order segment", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - } - } - }, - "_ws.malformed": { - "_ws.expert": { - "_ws.malformed.reassembly": "", - "_ws.expert.message": "New fragment overlaps old data (retransmission?)", - "_ws.expert.severity": "8388608", - "_ws.expert.group": "117440512" - }, - "_ws.malformed": "Malformed Packet" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:30.830395000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496050.830395000", - "frame.time_delta": "0.002480000", - "frame.time_delta_displayed": "0.002480000", - "frame.time_relative": "2459.369709000", - "frame.number": "8566", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001d2d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005b3a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54905", - "tcp.dstport": "80", - "tcp.port": "54905", - "tcp.port": "80", - "tcp.stream": "327", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000781a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:05:0a:81:4d:1c:d3:81:4d:20:b6", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "SACK: 18-1013": { - "tcp.option_kind": "5", - "tcp.option_len": "10", - "tcp.options.sack": "1", - "tcp.options.sack_le": "18", - "tcp.options.sack_re": "1013", - "tcp.options.sack.count": "1" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8564", - "tcp.analysis.ack_rtt": "0.002819000", - "tcp.analysis.initial_rtt": "0.007830000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:30.830880000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496050.830880000", - "frame.time_delta": "0.000485000", - "frame.time_delta_displayed": "0.000485000", - "frame.time_relative": "2459.370194000", - "frame.number": "8567", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001d2e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005b45", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54905", - "tcp.dstport": "80", - "tcp.port": "54905", - "tcp.port": "80", - "tcp.stream": "327", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000ee54", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:30.831310000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496050.831310000", - "frame.time_delta": "0.000430000", - "frame.time_delta_displayed": "0.000430000", - "frame.time_relative": "2459.370624000", - "frame.number": "8568", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000a828", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000104b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54905", - "tcp.port": "80", - "tcp.port": "54905", - "tcp.stream": "327", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000e088", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8567", - "tcp.analysis.ack_rtt": "0.000430000", - "tcp.analysis.initial_rtt": "0.007830000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:30.861954000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496050.861954000", - "frame.time_delta": "0.030644000", - "frame.time_delta_displayed": "0.030644000", - "frame.time_relative": "2459.401268000", - "frame.number": "8569", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000ca15", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000ed2c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "314", - "udp.checksum": "0x00000771", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "122", - "http.prev_response_in": "8557" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:30.881718000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496050.881718000", - "frame.time_delta": "0.019764000", - "frame.time_delta_displayed": "0.019764000", - "frame.time_relative": "2459.421032000", - "frame.number": "8570", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001d2f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005b38", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54906", - "tcp.dstport": "80", - "tcp.port": "54906", - "tcp.port": "80", - "tcp.stream": "328", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x0000ba75", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:30.882268000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496050.882268000", - "frame.time_delta": "0.000550000", - "frame.time_delta_displayed": "0.000550000", - "frame.time_relative": "2459.421582000", - "frame.number": "8571", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54906", - "tcp.port": "80", - "tcp.port": "54906", - "tcp.stream": "328", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x000073b1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8570", - "tcp.analysis.ack_rtt": "0.000550000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:30.890225000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496050.890225000", - "frame.time_delta": "0.007957000", - "frame.time_delta_displayed": "0.007957000", - "frame.time_relative": "2459.429539000", - "frame.number": "8572", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001d30", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005b43", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54906", - "tcp.dstport": "80", - "tcp.port": "54906", - "tcp.port": "80", - "tcp.stream": "328", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00002590", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8571", - "tcp.analysis.ack_rtt": "0.007957000", - "tcp.analysis.initial_rtt": "0.008507000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:30.890704000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496050.890704000", - "frame.time_delta": "0.000479000", - "frame.time_delta_displayed": "0.000479000", - "frame.time_relative": "2459.430018000", - "frame.number": "8573", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001d31", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005a9b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54906", - "tcp.dstport": "80", - "tcp.port": "54906", - "tcp.port": "80", - "tcp.stream": "328", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00003b09", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.008507000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:30.891246000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496050.891246000", - "frame.time_delta": "0.000542000", - "frame.time_delta_displayed": "0.000542000", - "frame.time_relative": "2459.430560000", - "frame.number": "8574", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000afa6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000008cd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54906", - "tcp.port": "80", - "tcp.port": "54906", - "tcp.stream": "328", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00001721", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8573", - "tcp.analysis.ack_rtt": "0.000542000", - "tcp.analysis.initial_rtt": "0.008507000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:30.891818000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496050.891818000", - "frame.time_delta": "0.000572000", - "frame.time_delta_displayed": "0.000572000", - "frame.time_relative": "2459.431132000", - "frame.number": "8575", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000afa7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000008bb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54906", - "tcp.port": "80", - "tcp.port": "54906", - "tcp.stream": "328", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00005742", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.008507000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:30.892170000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496050.892170000", - "frame.time_delta": "0.000352000", - "frame.time_delta_displayed": "0.000352000", - "frame.time_relative": "2459.431484000", - "frame.number": "8576", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000afa8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000004e8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54906", - "tcp.port": "80", - "tcp.port": "54906", - "tcp.stream": "328", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000a9ab", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.008507000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "8575", - "tcp.segment": "8576", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001466000", - "http.request_in": "8573", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:30.907178000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496050.907178000", - "frame.time_delta": "0.015008000", - "frame.time_delta_displayed": "0.015008000", - "frame.time_relative": "2459.446492000", - "frame.number": "8577", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001d32", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005b41", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54906", - "tcp.dstport": "80", - "tcp.port": "54906", - "tcp.port": "80", - "tcp.stream": "328", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000020f8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8576", - "tcp.analysis.ack_rtt": "0.015008000", - "tcp.analysis.initial_rtt": "0.008507000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:30.907816000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496050.907816000", - "frame.time_delta": "0.000638000", - "frame.time_delta_displayed": "0.000638000", - "frame.time_relative": "2459.447130000", - "frame.number": "8578", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001d33", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005b40", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54906", - "tcp.dstport": "80", - "tcp.port": "54906", - "tcp.port": "80", - "tcp.stream": "328", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000020f7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:30.908272000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496050.908272000", - "frame.time_delta": "0.000456000", - "frame.time_delta_displayed": "0.000456000", - "frame.time_relative": "2459.447586000", - "frame.number": "8579", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000a82a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001049", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54906", - "tcp.port": "80", - "tcp.port": "54906", - "tcp.stream": "328", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000132b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8578", - "tcp.analysis.ack_rtt": "0.000456000", - "tcp.analysis.initial_rtt": "0.008507000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:30.914873000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496050.914873000", - "frame.time_delta": "0.006601000", - "frame.time_delta_displayed": "0.006601000", - "frame.time_relative": "2459.454187000", - "frame.number": "8580", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000ca18", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000ed2f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "308", - "udp.checksum": "0x00002afb", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "123", - "http.prev_response_in": "8569" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:30.924638000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496050.924638000", - "frame.time_delta": "0.009765000", - "frame.time_delta_displayed": "0.009765000", - "frame.time_relative": "2459.463952000", - "frame.number": "8581", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001d34", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005b33", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54907", - "tcp.dstport": "80", - "tcp.port": "54907", - "tcp.port": "80", - "tcp.stream": "329", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x0000a96a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:30.925172000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496050.925172000", - "frame.time_delta": "0.000534000", - "frame.time_delta_displayed": "0.000534000", - "frame.time_relative": "2459.464486000", - "frame.number": "8582", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54907", - "tcp.port": "80", - "tcp.port": "54907", - "tcp.stream": "329", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00002471", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8581", - "tcp.analysis.ack_rtt": "0.000534000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:30.932374000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496050.932374000", - "frame.time_delta": "0.007202000", - "frame.time_delta_displayed": "0.007202000", - "frame.time_relative": "2459.471688000", - "frame.number": "8583", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001d35", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005b3e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54907", - "tcp.dstport": "80", - "tcp.port": "54907", - "tcp.port": "80", - "tcp.stream": "329", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000d64f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8582", - "tcp.analysis.ack_rtt": "0.007202000", - "tcp.analysis.initial_rtt": "0.007736000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:30.933033000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496050.933033000", - "frame.time_delta": "0.000659000", - "frame.time_delta_displayed": "0.000659000", - "frame.time_relative": "2459.472347000", - "frame.number": "8584", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001d36", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005a96", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54907", - "tcp.dstport": "80", - "tcp.port": "54907", - "tcp.port": "80", - "tcp.stream": "329", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000ebc8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.007736000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:30.933518000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496050.933518000", - "frame.time_delta": "0.000485000", - "frame.time_delta_displayed": "0.000485000", - "frame.time_relative": "2459.472832000", - "frame.number": "8585", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002ae2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008d91", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54907", - "tcp.port": "80", - "tcp.port": "54907", - "tcp.stream": "329", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000c7e0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8584", - "tcp.analysis.ack_rtt": "0.000485000", - "tcp.analysis.initial_rtt": "0.007736000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:30.934159000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496050.934159000", - "frame.time_delta": "0.000641000", - "frame.time_delta_displayed": "0.000641000", - "frame.time_relative": "2459.473473000", - "frame.number": "8586", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00002ae3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008d7f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54907", - "tcp.port": "80", - "tcp.port": "54907", - "tcp.stream": "329", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00000802", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.007736000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:30.934513000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496050.934513000", - "frame.time_delta": "0.000354000", - "frame.time_delta_displayed": "0.000354000", - "frame.time_relative": "2459.473827000", - "frame.number": "8587", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00002ae4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000089ac", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54907", - "tcp.port": "80", - "tcp.port": "54907", - "tcp.stream": "329", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00005a6b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.007736000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "8586", - "tcp.segment": "8587", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001480000", - "http.request_in": "8584", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:30.941744000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496050.941744000", - "frame.time_delta": "0.007231000", - "frame.time_delta_displayed": "0.007231000", - "frame.time_relative": "2459.481058000", - "frame.number": "8588", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001d37", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005b3c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54907", - "tcp.dstport": "80", - "tcp.port": "54907", - "tcp.port": "80", - "tcp.stream": "329", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000d1b7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8587", - "tcp.analysis.ack_rtt": "0.007231000", - "tcp.analysis.initial_rtt": "0.007736000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:30.942591000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496050.942591000", - "frame.time_delta": "0.000847000", - "frame.time_delta_displayed": "0.000847000", - "frame.time_relative": "2459.481905000", - "frame.number": "8589", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001d38", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005b3b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54907", - "tcp.dstport": "80", - "tcp.port": "54907", - "tcp.port": "80", - "tcp.stream": "329", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000d1b6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:30.943026000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496050.943026000", - "frame.time_delta": "0.000435000", - "frame.time_delta_displayed": "0.000435000", - "frame.time_relative": "2459.482340000", - "frame.number": "8590", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000a82d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001046", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54907", - "tcp.port": "80", - "tcp.port": "54907", - "tcp.stream": "329", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000c3ea", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8589", - "tcp.analysis.ack_rtt": "0.000435000", - "tcp.analysis.initial_rtt": "0.007736000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:31.861801000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496051.861801000", - "frame.time_delta": "0.918775000", - "frame.time_delta_displayed": "0.918775000", - "frame.time_relative": "2460.401115000", - "frame.number": "8591", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000ca3a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000ed10", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "305", - "udp.checksum": "0x0000f985", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "124", - "http.prev_response_in": "8580" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:31.865824000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496051.865824000", - "frame.time_delta": "0.004023000", - "frame.time_delta_displayed": "0.004023000", - "frame.time_relative": "2460.405138000", - "frame.number": "8592", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001d3a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005b2d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54908", - "tcp.dstport": "80", - "tcp.port": "54908", - "tcp.port": "80", - "tcp.stream": "330", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x000054fc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:31.866357000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496051.866357000", - "frame.time_delta": "0.000533000", - "frame.time_delta_displayed": "0.000533000", - "frame.time_relative": "2460.405671000", - "frame.number": "8593", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54908", - "tcp.port": "80", - "tcp.port": "54908", - "tcp.stream": "330", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x000046ca", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8592", - "tcp.analysis.ack_rtt": "0.000533000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:31.874249000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496051.874249000", - "frame.time_delta": "0.007892000", - "frame.time_delta_displayed": "0.007892000", - "frame.time_relative": "2460.413563000", - "frame.number": "8594", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001d3b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005b38", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54908", - "tcp.dstport": "80", - "tcp.port": "54908", - "tcp.port": "80", - "tcp.stream": "330", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000f8a8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8593", - "tcp.analysis.ack_rtt": "0.007892000", - "tcp.analysis.initial_rtt": "0.008425000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:31.874943000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496051.874943000", - "frame.time_delta": "0.000694000", - "frame.time_delta_displayed": "0.000694000", - "frame.time_relative": "2460.414257000", - "frame.number": "8595", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001d3c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005a90", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54908", - "tcp.dstport": "80", - "tcp.port": "54908", - "tcp.port": "80", - "tcp.stream": "330", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00000e22", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.008425000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:31.875505000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496051.875505000", - "frame.time_delta": "0.000562000", - "frame.time_delta_displayed": "0.000562000", - "frame.time_relative": "2460.414819000", - "frame.number": "8596", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e955", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000cf1d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54908", - "tcp.port": "80", - "tcp.port": "54908", - "tcp.stream": "330", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000ea39", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8595", - "tcp.analysis.ack_rtt": "0.000562000", - "tcp.analysis.initial_rtt": "0.008425000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:31.876126000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496051.876126000", - "frame.time_delta": "0.000621000", - "frame.time_delta_displayed": "0.000621000", - "frame.time_relative": "2460.415440000", - "frame.number": "8597", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000e956", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000cf0b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54908", - "tcp.port": "80", - "tcp.port": "54908", - "tcp.stream": "330", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00002a5b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.008425000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:31.876545000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496051.876545000", - "frame.time_delta": "0.000419000", - "frame.time_delta_displayed": "0.000419000", - "frame.time_relative": "2460.415859000", - "frame.number": "8598", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000e957", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000cb38", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54908", - "tcp.port": "80", - "tcp.port": "54908", - "tcp.stream": "330", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00007cc4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.008425000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "8597", - "tcp.segment": "8598", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001602000", - "http.request_in": "8595", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:31.882655000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496051.882655000", - "frame.time_delta": "0.006110000", - "frame.time_delta_displayed": "0.006110000", - "frame.time_relative": "2460.421969000", - "frame.number": "8599", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001d3d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005b36", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54908", - "tcp.dstport": "80", - "tcp.port": "54908", - "tcp.port": "80", - "tcp.stream": "330", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000f410", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8598", - "tcp.analysis.ack_rtt": "0.006110000", - "tcp.analysis.initial_rtt": "0.008425000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:31.883239000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496051.883239000", - "frame.time_delta": "0.000584000", - "frame.time_delta_displayed": "0.000584000", - "frame.time_relative": "2460.422553000", - "frame.number": "8600", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001d3e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005b35", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54908", - "tcp.dstport": "80", - "tcp.port": "54908", - "tcp.port": "80", - "tcp.stream": "330", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000f40f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:31.883694000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496051.883694000", - "frame.time_delta": "0.000455000", - "frame.time_delta_displayed": "0.000455000", - "frame.time_relative": "2460.423008000", - "frame.number": "8601", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000a833", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001040", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54908", - "tcp.port": "80", - "tcp.port": "54908", - "tcp.stream": "330", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000e643", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8600", - "tcp.analysis.ack_rtt": "0.000455000", - "tcp.analysis.initial_rtt": "0.008425000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:31.914978000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496051.914978000", - "frame.time_delta": "0.031284000", - "frame.time_delta_displayed": "0.031284000", - "frame.time_relative": "2460.454292000", - "frame.number": "8602", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000ca3b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000ed06", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "314", - "udp.checksum": "0x00000771", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "125", - "http.prev_response_in": "8591" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:31.925289000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496051.925289000", - "frame.time_delta": "0.010311000", - "frame.time_delta_displayed": "0.010311000", - "frame.time_relative": "2460.464603000", - "frame.number": "8603", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001d3f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005b28", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54909", - "tcp.dstport": "80", - "tcp.port": "54909", - "tcp.port": "80", - "tcp.stream": "331", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x0000ce5d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:31.925849000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496051.925849000", - "frame.time_delta": "0.000560000", - "frame.time_delta_displayed": "0.000560000", - "frame.time_relative": "2460.465163000", - "frame.number": "8604", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54909", - "tcp.port": "80", - "tcp.port": "54909", - "tcp.stream": "331", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000be13", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8603", - "tcp.analysis.ack_rtt": "0.000560000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:31.932745000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496051.932745000", - "frame.time_delta": "0.006896000", - "frame.time_delta_displayed": "0.006896000", - "frame.time_relative": "2460.472059000", - "frame.number": "8605", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001d40", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005b33", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54909", - "tcp.dstport": "80", - "tcp.port": "54909", - "tcp.port": "80", - "tcp.stream": "331", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00006ff2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8604", - "tcp.analysis.ack_rtt": "0.006896000", - "tcp.analysis.initial_rtt": "0.007456000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:31.933323000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496051.933323000", - "frame.time_delta": "0.000578000", - "frame.time_delta_displayed": "0.000578000", - "frame.time_relative": "2460.472637000", - "frame.number": "8606", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001d41", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005a8b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54909", - "tcp.dstport": "80", - "tcp.port": "54909", - "tcp.port": "80", - "tcp.stream": "331", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000856b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.007456000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:31.933806000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496051.933806000", - "frame.time_delta": "0.000483000", - "frame.time_delta_displayed": "0.000483000", - "frame.time_relative": "2460.473120000", - "frame.number": "8607", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00007782", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000040f1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54909", - "tcp.port": "80", - "tcp.port": "54909", - "tcp.stream": "331", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00006183", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8606", - "tcp.analysis.ack_rtt": "0.000483000", - "tcp.analysis.initial_rtt": "0.007456000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:31.934455000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496051.934455000", - "frame.time_delta": "0.000649000", - "frame.time_delta_displayed": "0.000649000", - "frame.time_relative": "2460.473769000", - "frame.number": "8608", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00007783", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000040df", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54909", - "tcp.port": "80", - "tcp.port": "54909", - "tcp.stream": "331", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000a1a4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.007456000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:31.934805000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496051.934805000", - "frame.time_delta": "0.000350000", - "frame.time_delta_displayed": "0.000350000", - "frame.time_relative": "2460.474119000", - "frame.number": "8609", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00007784", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003d0c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54909", - "tcp.port": "80", - "tcp.port": "54909", - "tcp.stream": "331", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000f40d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.007456000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "8608", - "tcp.segment": "8609", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001482000", - "http.request_in": "8606", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:31.941141000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496051.941141000", - "frame.time_delta": "0.006336000", - "frame.time_delta_displayed": "0.006336000", - "frame.time_relative": "2460.480455000", - "frame.number": "8610", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001d42", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005b31", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54909", - "tcp.dstport": "80", - "tcp.port": "54909", - "tcp.port": "80", - "tcp.stream": "331", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00006b5a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8609", - "tcp.analysis.ack_rtt": "0.006336000", - "tcp.analysis.initial_rtt": "0.007456000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:31.941710000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496051.941710000", - "frame.time_delta": "0.000569000", - "frame.time_delta_displayed": "0.000569000", - "frame.time_relative": "2460.481024000", - "frame.number": "8611", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001d43", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005b30", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54909", - "tcp.dstport": "80", - "tcp.port": "54909", - "tcp.port": "80", - "tcp.stream": "331", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00006b59", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:31.942160000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496051.942160000", - "frame.time_delta": "0.000450000", - "frame.time_delta_displayed": "0.000450000", - "frame.time_relative": "2460.481474000", - "frame.number": "8612", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000a838", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000103b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54909", - "tcp.port": "80", - "tcp.port": "54909", - "tcp.stream": "331", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00005d8d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8611", - "tcp.analysis.ack_rtt": "0.000450000", - "tcp.analysis.initial_rtt": "0.007456000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:31.968247000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496051.968247000", - "frame.time_delta": "0.026087000", - "frame.time_delta_displayed": "0.026087000", - "frame.time_relative": "2460.507561000", - "frame.number": "8613", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000ca40", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000ed07", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "308", - "udp.checksum": "0x00002afb", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "126", - "http.prev_response_in": "8602" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:31.992728000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496051.992728000", - "frame.time_delta": "0.024481000", - "frame.time_delta_displayed": "0.024481000", - "frame.time_relative": "2460.532042000", - "frame.number": "8614", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001d44", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005b23", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54910", - "tcp.dstport": "80", - "tcp.port": "54910", - "tcp.port": "80", - "tcp.stream": "332", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x0000a7b8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:31.993287000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496051.993287000", - "frame.time_delta": "0.000559000", - "frame.time_delta_displayed": "0.000559000", - "frame.time_relative": "2460.532601000", - "frame.number": "8615", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54910", - "tcp.port": "80", - "tcp.port": "54910", - "tcp.stream": "332", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00003f7c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8614", - "tcp.analysis.ack_rtt": "0.000559000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:31.999438000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496051.999438000", - "frame.time_delta": "0.006151000", - "frame.time_delta_displayed": "0.006151000", - "frame.time_relative": "2460.538752000", - "frame.number": "8616", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001d45", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005b2e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54910", - "tcp.dstport": "80", - "tcp.port": "54910", - "tcp.port": "80", - "tcp.stream": "332", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000f15a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8615", - "tcp.analysis.ack_rtt": "0.006151000", - "tcp.analysis.initial_rtt": "0.006710000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:32.000612000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496052.000612000", - "frame.time_delta": "0.001174000", - "frame.time_delta_displayed": "0.001174000", - "frame.time_relative": "2460.539926000", - "frame.number": "8617", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001d46", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005a86", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54910", - "tcp.dstport": "80", - "tcp.port": "54910", - "tcp.port": "80", - "tcp.stream": "332", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000006d4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.006710000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:32.001105000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496052.001105000", - "frame.time_delta": "0.000493000", - "frame.time_delta_displayed": "0.000493000", - "frame.time_relative": "2460.540419000", - "frame.number": "8618", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e6f0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d182", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54910", - "tcp.port": "80", - "tcp.port": "54910", - "tcp.stream": "332", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000e2eb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8617", - "tcp.analysis.ack_rtt": "0.000493000", - "tcp.analysis.initial_rtt": "0.006710000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:32.001761000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496052.001761000", - "frame.time_delta": "0.000656000", - "frame.time_delta_displayed": "0.000656000", - "frame.time_relative": "2460.541075000", - "frame.number": "8619", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000e6f1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d170", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54910", - "tcp.port": "80", - "tcp.port": "54910", - "tcp.stream": "332", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000230d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.006710000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:32.002113000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496052.002113000", - "frame.time_delta": "0.000352000", - "frame.time_delta_displayed": "0.000352000", - "frame.time_relative": "2460.541427000", - "frame.number": "8620", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000e6f2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000cd9d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54910", - "tcp.port": "80", - "tcp.port": "54910", - "tcp.stream": "332", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00007576", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.006710000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "8619", - "tcp.segment": "8620", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001501000", - "http.request_in": "8617", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:32.009953000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496052.009953000", - "frame.time_delta": "0.007840000", - "frame.time_delta_displayed": "0.007840000", - "frame.time_relative": "2460.549267000", - "frame.number": "8621", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001d47", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005b2c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54910", - "tcp.dstport": "80", - "tcp.port": "54910", - "tcp.port": "80", - "tcp.stream": "332", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000ecc2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8620", - "tcp.analysis.ack_rtt": "0.007840000", - "tcp.analysis.initial_rtt": "0.006710000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:32.010573000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496052.010573000", - "frame.time_delta": "0.000620000", - "frame.time_delta_displayed": "0.000620000", - "frame.time_relative": "2460.549887000", - "frame.number": "8622", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001d48", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005b2b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54910", - "tcp.dstport": "80", - "tcp.port": "54910", - "tcp.port": "80", - "tcp.stream": "332", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000ecc1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:32.011040000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496052.011040000", - "frame.time_delta": "0.000467000", - "frame.time_delta_displayed": "0.000467000", - "frame.time_relative": "2460.550354000", - "frame.number": "8623", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000a83f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001034", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54910", - "tcp.port": "80", - "tcp.port": "54910", - "tcp.stream": "332", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000def5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8622", - "tcp.analysis.ack_rtt": "0.000467000", - "tcp.analysis.initial_rtt": "0.006710000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:34.777842000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496054.777842000", - "frame.time_delta": "2.766802000", - "frame.time_delta_displayed": "2.766802000", - "frame.time_relative": "2463.317156000", - "frame.number": "8624", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000583c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a655", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "5317", - "tcp.ack": "829", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000eebe", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive": "", - "_ws.expert.message": "TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:34.921086000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496054.921086000", - "frame.time_delta": "0.143244000", - "frame.time_delta_displayed": "0.143244000", - "frame.time_relative": "2463.460400000", - "frame.number": "8625", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000101c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fd75", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "829", - "tcp.ack": "5318", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f933", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive_ack": "", - "_ws.expert.message": "ACK to a TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:36.673880000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496056.673880000", - "frame.time_delta": "1.752794000", - "frame.time_delta_displayed": "1.752794000", - "frame.time_relative": "2465.213194000", - "frame.number": "8626", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x00002133", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e6e1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56234", - "udp.dstport": "1900", - "udp.port": "56234", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x00006eb3", - "udp.checksum.status": "2", - "udp.stream": "159" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:36.907176000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496056.907176000", - "frame.time_delta": "0.233296000", - "frame.time_delta_displayed": "0.233296000", - "frame.time_relative": "2465.446490000", - "frame.number": "8627", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005fb9", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x00005830", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:37.343560000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496057.343560000", - "frame.time_delta": "0.436384000", - "frame.time_delta_displayed": "0.436384000", - "frame.time_relative": "2465.882874000", - "frame.number": "8628", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000caf8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000ec52", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "56234", - "udp.port": "1900", - "udp.port": "56234", - "udp.length": "305", - "udp.checksum": "0x0000e970", - "udp.checksum.status": "2", - "udp.stream": "160" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:37.396338000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496057.396338000", - "frame.time_delta": "0.052778000", - "frame.time_delta_displayed": "0.052778000", - "frame.time_relative": "2465.935652000", - "frame.number": "8629", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000cafc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000ec45", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "56234", - "udp.port": "1900", - "udp.port": "56234", - "udp.length": "314", - "udp.checksum": "0x0000f75b", - "udp.checksum.status": "2", - "udp.stream": "160" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "2", - "http.prev_response_in": "8628" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:37.449433000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496057.449433000", - "frame.time_delta": "0.053095000", - "frame.time_delta_displayed": "0.053095000", - "frame.time_relative": "2465.988747000", - "frame.number": "8630", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000cb02", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000ec45", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "56234", - "udp.port": "1900", - "udp.port": "56234", - "udp.length": "308", - "udp.checksum": "0x00001ae6", - "udp.checksum.status": "2", - "udp.stream": "160" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "3", - "http.prev_response_in": "8629" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:37.676217000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496057.676217000", - "frame.time_delta": "0.226784000", - "frame.time_delta_displayed": "0.226784000", - "frame.time_relative": "2466.215531000", - "frame.number": "8631", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x00002134", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e6e0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56234", - "udp.dstport": "1900", - "udp.port": "56234", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x00006eb3", - "udp.checksum.status": "2", - "udp.stream": "159" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "2", - "http.prev_request_in": "8626" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:38.401315000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496058.401315000", - "frame.time_delta": "0.725098000", - "frame.time_delta_displayed": "0.725098000", - "frame.time_relative": "2466.940629000", - "frame.number": "8632", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000cb2f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000ec1b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "56234", - "udp.port": "1900", - "udp.port": "56234", - "udp.length": "305", - "udp.checksum": "0x0000e970", - "udp.checksum.status": "2", - "udp.stream": "160" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "4", - "http.prev_response_in": "8630" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:38.454182000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496058.454182000", - "frame.time_delta": "0.052867000", - "frame.time_delta_displayed": "0.052867000", - "frame.time_relative": "2466.993496000", - "frame.number": "8633", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000cb33", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000ec0e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "56234", - "udp.port": "1900", - "udp.port": "56234", - "udp.length": "314", - "udp.checksum": "0x0000f75b", - "udp.checksum.status": "2", - "udp.stream": "160" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "5", - "http.prev_response_in": "8632" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:38.506933000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496058.506933000", - "frame.time_delta": "0.052751000", - "frame.time_delta_displayed": "0.052751000", - "frame.time_relative": "2467.046247000", - "frame.number": "8634", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000cb37", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000ec10", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "56234", - "udp.port": "1900", - "udp.port": "56234", - "udp.length": "308", - "udp.checksum": "0x00001ae6", - "udp.checksum.status": "2", - "udp.stream": "160" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "6", - "http.prev_response_in": "8633" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:38.675897000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496058.675897000", - "frame.time_delta": "0.168964000", - "frame.time_delta_displayed": "0.168964000", - "frame.time_relative": "2467.215211000", - "frame.number": "8635", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x00002135", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e6df", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56234", - "udp.dstport": "1900", - "udp.port": "56234", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x00006eb3", - "udp.checksum.status": "2", - "udp.stream": "159" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "3", - "http.prev_request_in": "8631" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:39.033665000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496059.033665000", - "frame.time_delta": "0.357768000", - "frame.time_delta_displayed": "0.357768000", - "frame.time_relative": "2467.572979000", - "frame.number": "8636", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000cb60", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000ebea", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "56234", - "udp.port": "1900", - "udp.port": "56234", - "udp.length": "305", - "udp.checksum": "0x0000e970", - "udp.checksum.status": "2", - "udp.stream": "160" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "7", - "http.prev_response_in": "8634" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:39.086493000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496059.086493000", - "frame.time_delta": "0.052828000", - "frame.time_delta_displayed": "0.052828000", - "frame.time_relative": "2467.625807000", - "frame.number": "8637", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000cb61", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000ebe0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "56234", - "udp.port": "1900", - "udp.port": "56234", - "udp.length": "314", - "udp.checksum": "0x0000f75b", - "udp.checksum.status": "2", - "udp.stream": "160" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "8", - "http.prev_response_in": "8636" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:39.139251000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496059.139251000", - "frame.time_delta": "0.052758000", - "frame.time_delta_displayed": "0.052758000", - "frame.time_relative": "2467.678565000", - "frame.number": "8638", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000cb67", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000ebe0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "56234", - "udp.port": "1900", - "udp.port": "56234", - "udp.length": "308", - "udp.checksum": "0x00001ae6", - "udp.checksum.status": "2", - "udp.stream": "160" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "9", - "http.prev_response_in": "8637" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:39.676711000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496059.676711000", - "frame.time_delta": "0.537460000", - "frame.time_delta_displayed": "0.537460000", - "frame.time_relative": "2468.216025000", - "frame.number": "8639", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x00002136", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e6de", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56234", - "udp.dstport": "1900", - "udp.port": "56234", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x00006eb3", - "udp.checksum.status": "2", - "udp.stream": "159" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "4", - "http.prev_request_in": "8635" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:39.787762000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496059.787762000", - "frame.time_delta": "0.111051000", - "frame.time_delta_displayed": "0.111051000", - "frame.time_relative": "2468.327076000", - "frame.number": "8640", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "00:17:88:69:ee:e4", - "arp.src.proto_ipv4": "192.168.0.160", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:39.787939000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496059.787939000", - "frame.time_delta": "0.000177000", - "frame.time_delta_displayed": "0.000177000", - "frame.time_relative": "2468.327253000", - "frame.number": "8641", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:17:88:69:ee:e4", - "arp.dst.proto_ipv4": "192.168.0.160" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:40.086543000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496060.086543000", - "frame.time_delta": "0.298604000", - "frame.time_delta_displayed": "0.298604000", - "frame.time_relative": "2468.625857000", - "frame.number": "8642", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000cb74", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000ebd6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "56234", - "udp.port": "1900", - "udp.port": "56234", - "udp.length": "305", - "udp.checksum": "0x0000e970", - "udp.checksum.status": "2", - "udp.stream": "160" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "10", - "http.prev_response_in": "8638" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:40.139268000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496060.139268000", - "frame.time_delta": "0.052725000", - "frame.time_delta_displayed": "0.052725000", - "frame.time_relative": "2468.678582000", - "frame.number": "8643", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000cb77", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000ebca", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "56234", - "udp.port": "1900", - "udp.port": "56234", - "udp.length": "314", - "udp.checksum": "0x0000f75b", - "udp.checksum.status": "2", - "udp.stream": "160" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "11", - "http.prev_response_in": "8642" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:40.192082000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496060.192082000", - "frame.time_delta": "0.052814000", - "frame.time_delta_displayed": "0.052814000", - "frame.time_relative": "2468.731396000", - "frame.number": "8644", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000cb7a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000ebcd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "56234", - "udp.port": "1900", - "udp.port": "56234", - "udp.length": "308", - "udp.checksum": "0x00001ae6", - "udp.checksum.status": "2", - "udp.stream": "160" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "12", - "http.prev_response_in": "8643" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:40.402077000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496060.402077000", - "frame.time_delta": "0.209995000", - "frame.time_delta_displayed": "0.209995000", - "frame.time_relative": "2468.941391000", - "frame.number": "8645", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000cb87", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000ebc3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "56234", - "udp.port": "1900", - "udp.port": "56234", - "udp.length": "305", - "udp.checksum": "0x0000e970", - "udp.checksum.status": "2", - "udp.stream": "160" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "13", - "http.prev_response_in": "8644" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:40.454853000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496060.454853000", - "frame.time_delta": "0.052776000", - "frame.time_delta_displayed": "0.052776000", - "frame.time_relative": "2468.994167000", - "frame.number": "8646", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000cb89", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000ebb8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "56234", - "udp.port": "1900", - "udp.port": "56234", - "udp.length": "314", - "udp.checksum": "0x0000f75b", - "udp.checksum.status": "2", - "udp.stream": "160" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "14", - "http.prev_response_in": "8645" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:40.507628000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496060.507628000", - "frame.time_delta": "0.052775000", - "frame.time_delta_displayed": "0.052775000", - "frame.time_relative": "2469.046942000", - "frame.number": "8647", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000cb8c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000ebbb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "56234", - "udp.port": "1900", - "udp.port": "56234", - "udp.length": "308", - "udp.checksum": "0x00001ae6", - "udp.checksum.status": "2", - "udp.stream": "160" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "15", - "http.prev_response_in": "8646" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:41.455131000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496061.455131000", - "frame.time_delta": "0.947503000", - "frame.time_delta_displayed": "0.947503000", - "frame.time_relative": "2469.994445000", - "frame.number": "8648", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000cbd2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000eb78", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "56234", - "udp.port": "1900", - "udp.port": "56234", - "udp.length": "305", - "udp.checksum": "0x0000e970", - "udp.checksum.status": "2", - "udp.stream": "160" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "16", - "http.prev_response_in": "8647" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:41.507924000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496061.507924000", - "frame.time_delta": "0.052793000", - "frame.time_delta_displayed": "0.052793000", - "frame.time_relative": "2470.047238000", - "frame.number": "8649", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000cbd7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000eb6a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "56234", - "udp.port": "1900", - "udp.port": "56234", - "udp.length": "314", - "udp.checksum": "0x0000f75b", - "udp.checksum.status": "2", - "udp.stream": "160" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "17", - "http.prev_response_in": "8648" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:41.560699000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496061.560699000", - "frame.time_delta": "0.052775000", - "frame.time_delta_displayed": "0.052775000", - "frame.time_relative": "2470.100013000", - "frame.number": "8650", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000cbd8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000eb6f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "56234", - "udp.port": "1900", - "udp.port": "56234", - "udp.length": "308", - "udp.checksum": "0x00001ae6", - "udp.checksum.status": "2", - "udp.stream": "160" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "18", - "http.prev_response_in": "8649" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:42.139450000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496062.139450000", - "frame.time_delta": "0.578751000", - "frame.time_delta_displayed": "0.578751000", - "frame.time_relative": "2470.678764000", - "frame.number": "8651", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000cbe9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000eb61", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "56234", - "udp.port": "1900", - "udp.port": "56234", - "udp.length": "305", - "udp.checksum": "0x0000e970", - "udp.checksum.status": "2", - "udp.stream": "160" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "19", - "http.prev_response_in": "8650" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:42.192237000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496062.192237000", - "frame.time_delta": "0.052787000", - "frame.time_delta_displayed": "0.052787000", - "frame.time_relative": "2470.731551000", - "frame.number": "8652", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000cbee", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000eb53", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "56234", - "udp.port": "1900", - "udp.port": "56234", - "udp.length": "314", - "udp.checksum": "0x0000f75b", - "udp.checksum.status": "2", - "udp.stream": "160" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "20", - "http.prev_response_in": "8651" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:42.244947000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496062.244947000", - "frame.time_delta": "0.052710000", - "frame.time_delta_displayed": "0.052710000", - "frame.time_relative": "2470.784261000", - "frame.number": "8653", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000cbf1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000eb56", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "56234", - "udp.port": "1900", - "udp.port": "56234", - "udp.length": "308", - "udp.checksum": "0x00001ae6", - "udp.checksum.status": "2", - "udp.stream": "160" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "21", - "http.prev_response_in": "8652" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:42.349339000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496062.349339000", - "frame.time_delta": "0.104392000", - "frame.time_delta_displayed": "0.104392000", - "frame.time_relative": "2470.888653000", - "frame.number": "8654", - "frame.len": "411", - "frame.cap_len": "411", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "397", - "ip.id": "0x00009719", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000750d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "345", - "tcp.seq": "98809", - "tcp.nxtseq": "99154", - "tcp.ack": "19871", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000959f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:76:26:a7:a4:58:fa", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2651686, TSecr 2812565754": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2651686", - "tcp.options.timestamp.tsecr": "2812565754" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "345", - "tcp.analysis.push_bytes_sent": "345" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "340", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:a7:a0:b2:77:a4:d6:79:9e:3c:eb:3c:7d:6a:70:82:89:70:cb:a0:da:a7:ad:4a:e4:20:74:2d:4a:e6:b7:3d:2f:db:46:7e:91:9d:6d:c1:e8:2c:ed:af:ce:3f:4f:21:fb:6c:6d:5c:c7:35:e0:16:fc:ef:06:08:fc:7a:cd:31:e8:06:e1:07:21:4f:7d:56:e2:be:11:91:f3:27:62:cc:7b:36:c3:ef:6c:44:0d:8c:bb:62:a0:78:dd:89:ea:61:6c:67:21:3e:50:62:9f:c9:34:05:de:4a:3c:b4:0a:b4:eb:ea:2b:79:8a:14:48:34:ab:26:c4:4c:74:64:99:eb:31:bf:a5:54:09:33:78:1f:15:2f:d7:cd:90:08:a2:20:ad:78:e0:1b:ee:f6:dd:e3:c5:64:91:22:a7:2c:10:9b:dc:7a:55:a5:0c:81:85:3e:bc:7d:f7:6d:ab:14:23:5e:e4:1c:d5:e2:1e:7c:3e:86:11:4f:53:0a:49:1d:b3:31:7c:94:30:90:bb:72:60:c2:42:8f:e2:05:7b:b5:69:dc:d6:a2:7f:b0:3b:3a:40:e0:35:60:9f:bc:d8:2a:37:cc:95:2d:a8:02:63:9c:da:cd:2f:52:54:57:e6:aa:7e:f6:fd:51:c4:5d:8c:81:53:17:73:0f:97:94:00:a4:56:87:38:5c:2f:f6:c2:cd:3b:68:44:e4:87:ed:d9:26:8b:60:35:5d:fd:26:c5:c1:f0:44:89:d3:82:74:a1:98:c8:96:c6:e2:55:41:9b:8b:09:2f:46:51:34:5b:6d:e3:8d:d5:28:7f:12:96:d4:5b:51:97:ef:09:9d:2a:eb:00:a8:d4:f5:03:f9:e1:1e:a1:5f:e8:1a:5d:52:77:ec:de" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:42.409638000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496062.409638000", - "frame.time_delta": "0.060299000", - "frame.time_delta_displayed": "0.060299000", - "frame.time_relative": "2470.948952000", - "frame.number": "8655", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002e02", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000377d", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "19871", - "tcp.ack": "99154", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f90d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a4:68:5e:00:28:76:26", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812569694, TSecr 2651686": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812569694", - "tcp.options.timestamp.tsecr": "2651686" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8654", - "tcp.analysis.ack_rtt": "0.060299000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:42.410276000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496062.410276000", - "frame.time_delta": "0.000638000", - "frame.time_delta_displayed": "0.000638000", - "frame.time_relative": "2470.949590000", - "frame.number": "8656", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002e03", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000374d", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "19871", - "tcp.nxtseq": "19918", - "tcp.ack": "99154", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000491d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a4:68:5f:00:28:76:26", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812569695, TSecr 2651686": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812569695", - "tcp.options.timestamp.tsecr": "2651686" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:e2:e0:f2:2b:36:f1:a0:52:24:7a:aa:df:8f:55:41:04:71:77:5a:05:e7:1d:46:f3:eb:d2:d5:60:f4:96:06:16:40:83:fd" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:42.445333000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496062.445333000", - "frame.time_delta": "0.035057000", - "frame.time_delta_displayed": "0.035057000", - "frame.time_relative": "2470.984647000", - "frame.number": "8657", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000971a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007665", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "99154", - "tcp.ack": "19918", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f7e4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:76:30:a7:a4:68:5f", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2651696, TSecr 2812569695": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2651696", - "tcp.options.timestamp.tsecr": "2812569695" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8656", - "tcp.analysis.ack_rtt": "0.035057000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:43.191447000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496063.191447000", - "frame.time_delta": "0.746114000", - "frame.time_delta_displayed": "0.746114000", - "frame.time_relative": "2471.730761000", - "frame.number": "8658", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000cc14", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000eb36", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "56234", - "udp.port": "1900", - "udp.port": "56234", - "udp.length": "305", - "udp.checksum": "0x0000e970", - "udp.checksum.status": "2", - "udp.stream": "160" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "22", - "http.prev_response_in": "8653" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:43.244243000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496063.244243000", - "frame.time_delta": "0.052796000", - "frame.time_delta_displayed": "0.052796000", - "frame.time_relative": "2471.783557000", - "frame.number": "8659", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000cc17", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000eb2a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "56234", - "udp.port": "1900", - "udp.port": "56234", - "udp.length": "314", - "udp.checksum": "0x0000f75b", - "udp.checksum.status": "2", - "udp.stream": "160" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "23", - "http.prev_response_in": "8658" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:43.297009000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496063.297009000", - "frame.time_delta": "0.052766000", - "frame.time_delta_displayed": "0.052766000", - "frame.time_relative": "2471.836323000", - "frame.number": "8660", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000cc1a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000eb2d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "56234", - "udp.port": "1900", - "udp.port": "56234", - "udp.length": "308", - "udp.checksum": "0x00001ae6", - "udp.checksum.status": "2", - "udp.stream": "160" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "24", - "http.prev_response_in": "8659" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:43.714767000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496063.714767000", - "frame.time_delta": "0.417758000", - "frame.time_delta_displayed": "0.417758000", - "frame.time_relative": "2472.254081000", - "frame.number": "8661", - "frame.len": "20", - "frame.cap_len": "20", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:llc" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.len": "6" - }, - "llc": { - "llc.dsap": "0x00000000", - "llc.dsap_tree": { - "llc.dsap.sap": "0", - "llc.dsap.ig": "0" - }, - "llc.ssap": "0x00000001", - "llc.ssap_tree": { - "llc.ssap.sap": "0", - "llc.ssap.cr": "1" - }, - "llc.control": "0x000000af", - "llc.control_tree": { - "llc.control.u_modifier_resp": "0x0000002b", - "llc.control.ftype": "0x00000003" - } - }, - "basicxid": { - "basicxid.llc.xid.format": "0x00000081", - "basicxid.llc.xid.types": "0x00000001", - "basicxid.llc.xid.wsize": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:43.974655000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496063.974655000", - "frame.time_delta": "0.259888000", - "frame.time_delta_displayed": "0.259888000", - "frame.time_relative": "2472.513969000", - "frame.number": "8662", - "frame.len": "350", - "frame.cap_len": "350", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:bootp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "336", - "ip.id": "0x00000000", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ba9d", - "ip.checksum.status": "2", - "ip.src": "0.0.0.0", - "ip.addr": "0.0.0.0", - "ip.src_host": "0.0.0.0", - "ip.host": "0.0.0.0", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "68", - "udp.dstport": "67", - "udp.port": "68", - "udp.port": "67", - "udp.length": "316", - "udp.checksum": "0x00004f9e", - "udp.checksum.status": "2", - "udp.stream": "3" - }, - "bootp": { - "bootp.type": "1", - "bootp.hw.type": "0x00000001", - "bootp.hw.len": "6", - "bootp.hops": "0", - "bootp.id": "0xabcd0001", - "bootp.secs": "0", - "bootp.flags": "0x00000000", - "bootp.flags_tree": { - "bootp.flags.bc": "0", - "bootp.flags.reserved": "0x00000000" - }, - "bootp.ip.client": "0.0.0.0", - "bootp.ip.your": "0.0.0.0", - "bootp.ip.server": "0.0.0.0", - "bootp.ip.relay": "0.0.0.0", - "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", - "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", - "bootp.server": "", - "bootp.file": "", - "bootp.dhcp": "1", - "bootp.cookie": "99.130.83.99", - "bootp.option.type": "53", - "bootp.option.type_tree": { - "bootp.option.length": "1", - "bootp.option.value": "01", - "bootp.option.dhcp": "1" - }, - "bootp.option.type": "12", - "bootp.option.type_tree": { - "bootp.option.length": "14", - "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", - "bootp.option.hostname": "USR-WIFI232-G2" - }, - "bootp.option.type": "57", - "bootp.option.type_tree": { - "bootp.option.length": "2", - "bootp.option.value": "05:dc", - "bootp.option.dhcp_max_message_size": "1500" - }, - "bootp.option.type": "55", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "01:03:1c:06", - "bootp.option.request_list_item": "1", - "bootp.option.request_list_item": "3", - "bootp.option.request_list_item": "28", - "bootp.option.request_list_item": "6" - }, - "bootp.option.type": "0", - "bootp.option.type_tree": { - "bootp.option.end": "255" - }, - "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:44.025940000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496064.025940000", - "frame.time_delta": "0.051285000", - "frame.time_delta_displayed": "0.051285000", - "frame.time_relative": "2472.565254000", - "frame.number": "8663", - "frame.len": "350", - "frame.cap_len": "350", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:bootp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "336", - "ip.id": "0x00000001", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ba9c", - "ip.checksum.status": "2", - "ip.src": "0.0.0.0", - "ip.addr": "0.0.0.0", - "ip.src_host": "0.0.0.0", - "ip.host": "0.0.0.0", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "68", - "udp.dstport": "67", - "udp.port": "68", - "udp.port": "67", - "udp.length": "316", - "udp.checksum": "0x000080b3", - "udp.checksum.status": "2", - "udp.stream": "3" - }, - "bootp": { - "bootp.type": "1", - "bootp.hw.type": "0x00000001", - "bootp.hw.len": "6", - "bootp.hops": "0", - "bootp.id": "0xabcd0002", - "bootp.secs": "0", - "bootp.flags": "0x00000000", - "bootp.flags_tree": { - "bootp.flags.bc": "0", - "bootp.flags.reserved": "0x00000000" - }, - "bootp.ip.client": "0.0.0.0", - "bootp.ip.your": "0.0.0.0", - "bootp.ip.server": "0.0.0.0", - "bootp.ip.relay": "0.0.0.0", - "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", - "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", - "bootp.server": "", - "bootp.file": "", - "bootp.dhcp": "1", - "bootp.cookie": "99.130.83.99", - "bootp.option.type": "53", - "bootp.option.type_tree": { - "bootp.option.length": "1", - "bootp.option.value": "03", - "bootp.option.dhcp": "3" - }, - "bootp.option.type": "12", - "bootp.option.type_tree": { - "bootp.option.length": "14", - "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", - "bootp.option.hostname": "USR-WIFI232-G2" - }, - "bootp.option.type": "57", - "bootp.option.type_tree": { - "bootp.option.length": "2", - "bootp.option.value": "05:dc", - "bootp.option.dhcp_max_message_size": "1500" - }, - "bootp.option.type": "50", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "c0:a8:00:72", - "bootp.option.requested_ip_address": "192.168.0.114" - }, - "bootp.option.type": "54", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "c0:a8:00:01", - "bootp.option.dhcp_server_id": "192.168.0.1" - }, - "bootp.option.type": "55", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "01:03:1c:06", - "bootp.option.request_list_item": "1", - "bootp.option.request_list_item": "3", - "bootp.option.request_list_item": "28", - "bootp.option.request_list_item": "6" - }, - "bootp.option.type": "0", - "bootp.option.type_tree": { - "bootp.option.end": "255" - }, - "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:44.059940000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496064.059940000", - "frame.time_delta": "0.034000000", - "frame.time_delta_displayed": "0.034000000", - "frame.time_relative": "2472.599254000", - "frame.number": "8664", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", - "arp.src.proto_ipv4": "0.0.0.0", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.114" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:44.060174000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496064.060174000", - "frame.time_delta": "0.000234000", - "frame.time_delta_displayed": "0.000234000", - "frame.time_relative": "2472.599488000", - "frame.number": "8665", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", - "arp.src.proto_ipv4": "0.0.0.0", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.114" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:46.605737000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496066.605737000", - "frame.time_delta": "2.545563000", - "frame.time_delta_displayed": "2.545563000", - "frame.time_relative": "2475.145051000", - "frame.number": "8666", - "frame.len": "78", - "frame.cap_len": "78", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:ff:00:01:01", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_ff:00:01:01", - "eth.addr": "33:33:ff:00:01:01", - "eth.addr_resolved": "IPv6mcast_ff:00:01:01", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "24", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "::", - "ipv6.addr": "::", - "ipv6.src_host": "::", - "ipv6.host": "::", - "ipv6.dst": "ff02::1:ff00:101", - "ipv6.addr": "ff02::1:ff00:101", - "ipv6.dst_host": "ff02::1:ff00:101", - "ipv6.host": "ff02::1:ff00:101", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "135", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000f182", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00:00:00", - "icmpv6.nd.ns.target_address": "fd1e:4e89:3b7b::101" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:46.615204000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496066.615204000", - "frame.time_delta": "0.009467000", - "frame.time_delta_displayed": "0.009467000", - "frame.time_relative": "2475.154518000", - "frame.number": "8667", - "frame.len": "110", - "frame.cap_len": "110", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "56", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000effa", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "2", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:47.620167000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496067.620167000", - "frame.time_delta": "1.004963000", - "frame.time_delta_displayed": "1.004963000", - "frame.time_relative": "2476.159481000", - "frame.number": "8668", - "frame.len": "62", - "frame.cap_len": "62", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_02", - "eth.addr": "33:33:00:00:00:02", - "eth.addr_resolved": "IPv6mcast_02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "8", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "::", - "ipv6.addr": "::", - "ipv6.src_host": "::", - "ipv6.host": "::", - "ipv6.dst": "ff02::2", - "ipv6.addr": "ff02::2", - "ipv6.dst_host": "ff02::2", - "ipv6.host": "ff02::2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "133", - "icmpv6.code": "0", - "icmpv6.checksum": "0x00007bb8", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:47.622560000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496067.622560000", - "frame.time_delta": "0.002393000", - "frame.time_delta_displayed": "0.002393000", - "frame.time_relative": "2476.161874000", - "frame.number": "8669", - "frame.len": "174", - "frame.cap_len": "174", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:01", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01", - "eth.addr": "33:33:00:00:00:01", - "eth.addr_resolved": "IPv6mcast_01", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00016898", - "ipv6.plen": "120", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "fe80::b2b9:8aff:fe73:698e", - "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.dst": "ff02::1", - "ipv6.addr": "ff02::1", - "ipv6.dst_host": "ff02::1", - "ipv6.host": "ff02::1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "134", - "icmpv6.code": "0", - "icmpv6.checksum": "0x00006442", - "icmpv6.checksum.status": "1", - "icmpv6.nd.ra.cur_hop_limit": "64", - "icmpv6.nd.ra.flag": "0x000000c0", - "icmpv6.nd.ra.flag_tree": { - "icmpv6.nd.ra.flag.m": "1", - "icmpv6.nd.ra.flag.o": "1", - "icmpv6.nd.ra.flag.h": "0", - "icmpv6.nd.ra.flag.prf": "0", - "icmpv6.nd.ra.flag.p": "0", - "icmpv6.nd.ra.flag.rsv": "0" - }, - "icmpv6.nd.ra.router_lifetime": "0", - "icmpv6.nd.ra.reachable_time": "0", - "icmpv6.nd.ra.retrans_timer": "0", - "icmpv6.opt": { - "icmpv6.opt.type": "1", - "icmpv6.opt.length": "1", - "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", - "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "5", - "icmpv6.opt.length": "1", - "icmpv6.opt.reserved": "", - "icmpv6.opt.mtu": "1500" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "3", - "icmpv6.opt.length": "4", - "icmpv6.opt.prefix.length": "64", - "icmpv6.opt.prefix.flag": "0x000000c0", - "icmpv6.opt.prefix.flag_tree": { - "icmpv6.opt.prefix.flag.l": "1", - "icmpv6.opt.prefix.flag.a": "1", - "icmpv6.opt.prefix.flag.r": "0", - "icmpv6.opt.prefix.flag.reserved": "0" - }, - "icmpv6.opt.prefix.valid_lifetime": "4294967295", - "icmpv6.opt.prefix.preferred_lifetime": "4294967295", - "icmpv6.opt.reserved": "", - "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "24", - "icmpv6.opt.length": "3", - "icmpv6.opt.prefix.length": "48", - "icmpv6.opt.route_info.flag": "0x00000000", - "icmpv6.opt.route_info.flag_tree": { - "icmpv6.opt.route_info.flag.route_preference": "0", - "icmpv6.opt.route_info.flag.reserved": "0" - }, - "icmpv6.opt.route_lifetime": "4294967295", - "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "25", - "icmpv6.opt.length": "3", - "icmpv6.opt.reserved": "", - "icmpv6.opt.rdnss.lifetime": "6000", - "icmpv6.opt.rdnss": "fd1e:4e89:3b7b::1" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "7", - "icmpv6.opt.length": "1", - "icmpv6.opt.reserved": "", - "icmpv6.opt.advertisement_interval": "600000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:47.624975000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496067.624975000", - "frame.time_delta": "0.002415000", - "frame.time_delta_displayed": "0.002415000", - "frame.time_relative": "2476.164289000", - "frame.number": "8670", - "frame.len": "150", - "frame.cap_len": "150", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "96", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000b490", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "4", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::fb" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:47.814986000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496067.814986000", - "frame.time_delta": "0.190011000", - "frame.time_delta_displayed": "0.190011000", - "frame.time_relative": "2476.354300000", - "frame.number": "8671", - "frame.len": "150", - "frame.cap_len": "150", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "96", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000b590", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "4", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::fb" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:48.583774000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496068.583774000", - "frame.time_delta": "0.768788000", - "frame.time_delta_displayed": "0.768788000", - "frame.time_relative": "2477.123088000", - "frame.number": "8672", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" - }, - "eth": { - "eth.dst": "33:33:00:01:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:02", - "eth.addr": "33:33:00:01:00:02", - "eth.addr_resolved": "IPv6mcast_01:00:02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "66", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::1:2", - "ipv6.addr": "ff02::1:2", - "ipv6.dst_host": "ff02::1:2", - "ipv6.host": "ff02::1:2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "546", - "udp.dstport": "547", - "udp.port": "546", - "udp.port": "547", - "udp.length": "66", - "udp.checksum": "0x00007e6d", - "udp.checksum.status": "2", - "udp.stream": "15" - }, - "dhcpv6": { - "dhcpv6.msgtype": "1", - "dhcpv6.xid": "0x00579e18", - "Elapsed time": { - "dhcpv6.option.type": "8", - "dhcpv6.option.length": "2", - "dhcpv6.option.value": "00:00", - "dhcpv6.elapsed_time": "0" - }, - "Rapid Commit": { - "dhcpv6.option.type": "14", - "dhcpv6.option.length": "0" - }, - "Client Identifier": { - "dhcpv6.option.type": "1", - "dhcpv6.option.length": "14", - "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.type": "1", - "dhcpv6.duidllt.hwtype": "1", - "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", - "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" - }, - "Identity Association for Non-temporary Address": { - "dhcpv6.option.type": "3", - "dhcpv6.option.length": "12", - "dhcpv6.option.value": "30:bf:34:7e:00:00:00:00:00:00:00:00", - "dhcpv6.iaid": "30bf347e", - "dhcpv6.iaid.t1": "0", - "dhcpv6.iaid.t2": "0" - }, - "Option Request": { - "dhcpv6.option.type": "6", - "dhcpv6.option.length": "6", - "dhcpv6.option.value": "00:17:00:18:00:1f", - "dhcpv6.requested_option_code": "23", - "dhcpv6.requested_option_code": "24", - "dhcpv6.requested_option_code": "31" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:48.594695000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496068.594695000", - "frame.time_delta": "0.010921000", - "frame.time_delta_displayed": "0.010921000", - "frame.time_relative": "2477.134009000", - "frame.number": "8673", - "frame.len": "158", - "frame.cap_len": "158", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" - }, - "eth": { - "eth.dst": "33:33:00:01:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:02", - "eth.addr": "33:33:00:01:00:02", - "eth.addr_resolved": "IPv6mcast_01:00:02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "104", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::1:2", - "ipv6.addr": "ff02::1:2", - "ipv6.dst_host": "ff02::1:2", - "ipv6.host": "ff02::1:2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "546", - "udp.dstport": "547", - "udp.port": "546", - "udp.port": "547", - "udp.length": "104", - "udp.checksum": "0x00000116", - "udp.checksum.status": "2", - "udp.stream": "15" - }, - "dhcpv6": { - "dhcpv6.msgtype": "3", - "dhcpv6.xid": "0x00c0103f", - "Elapsed time": { - "dhcpv6.option.type": "8", - "dhcpv6.option.length": "2", - "dhcpv6.option.value": "00:00", - "dhcpv6.elapsed_time": "0" - }, - "Server Identifier": { - "dhcpv6.option.type": "2", - "dhcpv6.option.length": "10", - "dhcpv6.option.value": "00:03:00:01:b0:b9:8a:73:69:8e", - "dhcpv6.duid.bytes": "00:03:00:01:b0:b9:8a:73:69:8e", - "dhcpv6.duid.type": "3", - "dhcpv6.duidll.hwtype": "1", - "dhcpv6.duidll.link_layer_addr": "b0:b9:8a:73:69:8e" - }, - "Client Identifier": { - "dhcpv6.option.type": "1", - "dhcpv6.option.length": "14", - "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.type": "1", - "dhcpv6.duidllt.hwtype": "1", - "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", - "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" - }, - "Identity Association for Non-temporary Address": { - "dhcpv6.option.type": "3", - "dhcpv6.option.length": "40", - "dhcpv6.option.value": "30:bf:34:7e:00:00:54:60:00:00:87:00:00:05:00:18:fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", - "dhcpv6.iaid": "30bf347e", - "dhcpv6.iaid.t1": "21600", - "dhcpv6.iaid.t2": "34560", - "IA Address": { - "dhcpv6.option.type": "5", - "dhcpv6.option.length": "24", - "dhcpv6.option.value": "fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", - "dhcpv6.iaaddr.ip": "fd1e:4e89:3b7b::101", - "dhcpv6.iaaddr.pref_lifetime": "0", - "dhcpv6.iaaddr.valid_lifetime": "0" - } - }, - "Option Request": { - "dhcpv6.option.type": "6", - "dhcpv6.option.length": "6", - "dhcpv6.option.value": "00:17:00:18:00:1f", - "dhcpv6.requested_option_code": "23", - "dhcpv6.requested_option_code": "24", - "dhcpv6.requested_option_code": "31" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:48.606115000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496068.606115000", - "frame.time_delta": "0.011420000", - "frame.time_delta_displayed": "0.011420000", - "frame.time_relative": "2477.145429000", - "frame.number": "8674", - "frame.len": "78", - "frame.cap_len": "78", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:ff:00:01:01", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_ff:00:01:01", - "eth.addr": "33:33:ff:00:01:01", - "eth.addr_resolved": "IPv6mcast_ff:00:01:01", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "24", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "::", - "ipv6.addr": "::", - "ipv6.src_host": "::", - "ipv6.host": "::", - "ipv6.dst": "ff02::1:ff00:101", - "ipv6.addr": "ff02::1:ff00:101", - "ipv6.dst_host": "ff02::1:ff00:101", - "ipv6.host": "ff02::1:ff00:101", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "135", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000f182", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00:00:00", - "icmpv6.nd.ns.target_address": "fd1e:4e89:3b7b::101" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:48.615008000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496068.615008000", - "frame.time_delta": "0.008893000", - "frame.time_delta_displayed": "0.008893000", - "frame.time_relative": "2477.154322000", - "frame.number": "8675", - "frame.len": "110", - "frame.cap_len": "110", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "56", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000effa", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "2", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:49.128989000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496069.128989000", - "frame.time_delta": "0.513981000", - "frame.time_delta_displayed": "0.513981000", - "frame.time_relative": "2477.668303000", - "frame.number": "8676", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", - "arp.src.proto_ipv4": "192.168.0.114", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:55.242544000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496075.242544000", - "frame.time_delta": "6.113555000", - "frame.time_delta_displayed": "6.113555000", - "frame.time_relative": "2483.781858000", - "frame.number": "8677", - "frame.len": "92", - "frame.cap_len": "92", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "78", - "ip.id": "0x00000bd0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ece6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "58", - "udp.checksum": "0x000053a5", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "32:00:00:54:42:52:4b:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:00:84:f5:d0:98:ae:ce:f2:14:11:00:00:00:2a:43:4e:3c:a0:3d:02:00:ba:a6:01:00:00:00", - "data.len": "50" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:59.733623000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496079.733623000", - "frame.time_delta": "4.491079000", - "frame.time_delta_displayed": "4.491079000", - "frame.time_relative": "2488.272937000", - "frame.number": "8678", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00002072", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b77e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00001257", - "udp.checksum.status": "2", - "udp.stream": "150" - }, - "mdns": { - "dns.id": "0x0000029b", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=667", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:59.734155000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496079.734155000", - "frame.time_delta": "0.000532000", - "frame.time_delta_displayed": "0.000532000", - "frame.time_relative": "2488.273469000", - "frame.number": "8679", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00002073", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009879", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f352", - "udp.checksum.status": "2", - "udp.stream": "151" - }, - "mdns": { - "dns.id": "0x0000029b", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=667", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:59.734786000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496079.734786000", - "frame.time_delta": "0.000631000", - "frame.time_delta_displayed": "0.000631000", - "frame.time_relative": "2488.274100000", - "frame.number": "8680", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1325", - "udp.dstport": "5353", - "udp.port": "1325", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00008118", - "udp.checksum.status": "2", - "udp.stream": "152" - }, - "mdns": { - "dns.id": "0x0000029b", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=667", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:59.908512000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496079.908512000", - "frame.time_delta": "0.173726000", - "frame.time_delta_displayed": "0.173726000", - "frame.time_relative": "2488.447826000", - "frame.number": "8681", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x0000c24c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000070b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:27:59.961705000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496079.961705000", - "frame.time_delta": "0.053193000", - "frame.time_delta_displayed": "0.053193000", - "frame.time_relative": "2488.501019000", - "frame.number": "8682", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x0000c251", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00000706", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:00.014572000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496080.014572000", - "frame.time_delta": "0.052867000", - "frame.time_delta_displayed": "0.052867000", - "frame.time_relative": "2488.553886000", - "frame.number": "8683", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x0000c253", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000006fb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:00.100710000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496080.100710000", - "frame.time_delta": "0.086138000", - "frame.time_delta_displayed": "0.086138000", - "frame.time_relative": "2488.640024000", - "frame.number": "8684", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x0000c25c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000006f2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:00.153585000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496080.153585000", - "frame.time_delta": "0.052875000", - "frame.time_delta_displayed": "0.052875000", - "frame.time_relative": "2488.692899000", - "frame.number": "8685", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x0000c25e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000006f6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:00.206453000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496080.206453000", - "frame.time_delta": "0.052868000", - "frame.time_delta_displayed": "0.052868000", - "frame.time_relative": "2488.745767000", - "frame.number": "8686", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x0000c260", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x000006f4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:03.751963000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496083.751963000", - "frame.time_delta": "3.545510000", - "frame.time_delta_displayed": "3.545510000", - "frame.time_relative": "2492.291277000", - "frame.number": "8687", - "frame.len": "418", - "frame.cap_len": "418", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "404", - "ip.id": "0x0000971b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007504", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "352", - "tcp.seq": "99154", - "tcp.nxtseq": "99506", - "tcp.ack": "19918", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000002d9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:7e:82:a7:a4:68:5f", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2653826, TSecr 2812569695": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2653826", - "tcp.options.timestamp.tsecr": "2812569695" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "352", - "tcp.analysis.push_bytes_sent": "352" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "347", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:a8:14:be:e4:5f:63:4e:5e:85:d2:e6:a3:36:a6:6f:f9:be:78:bc:80:3b:39:24:65:4b:01:90:64:b7:4d:48:21:e5:76:b3:df:95:b3:40:99:45:b5:ca:ae:dc:0c:b2:2a:7a:34:e8:be:b8:0e:d2:58:f5:27:d3:44:2e:d6:4d:b3:b3:62:3a:f3:cc:d3:98:b4:ea:44:ae:2f:28:b6:6a:42:0a:7d:e1:58:41:34:43:8e:40:42:7d:a5:4f:2e:e7:cf:a2:99:ab:51:dd:ac:f6:c6:23:59:d2:5a:22:aa:93:23:52:65:ba:78:e5:80:47:fa:e6:67:48:58:9c:9d:6f:9a:96:a4:1a:15:69:7b:4f:50:1a:70:dd:d1:c1:ea:25:86:54:a7:aa:40:77:b5:97:d5:36:98:68:52:86:15:cf:ed:72:8a:47:83:45:22:10:38:a3:8d:13:98:22:10:63:ad:f2:0f:35:50:75:34:aa:3e:5a:59:52:43:e5:a9:0f:19:30:4d:e2:49:19:e3:0d:34:01:b1:8e:d6:a3:48:63:87:2a:1f:7d:84:df:9b:71:68:be:66:7f:6e:a2:37:b9:84:40:1a:64:a5:2c:18:68:7c:59:93:43:90:ed:02:ec:d4:77:5d:64:ca:4d:b5:0a:2e:fa:ca:8f:79:dd:ba:53:67:94:5b:bf:c9:a6:ed:c7:98:70:41:6e:8a:27:55:72:ae:47:7a:42:2a:80:15:cc:aa:18:62:a8:eb:c0:81:08:f5:8a:ad:8d:06:76:ef:fa:53:60:4e:5a:3a:36:fb:21:82:e6:25:c7:28:31:12:b1:36:f6:38:48:33:85:bb:85:2b:6e:2a:39:a8:c5:b7:64:ac:14:12:d3:ec:94:9f:c5:3a:c5:f5:04:ba" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:03.812943000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496083.812943000", - "frame.time_delta": "0.060980000", - "frame.time_delta_displayed": "0.060980000", - "frame.time_relative": "2492.352257000", - "frame.number": "8688", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002e04", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000374c", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "19918", - "tcp.nxtseq": "19965", - "tcp.ack": "99506", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000035ea", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a4:7d:45:00:28:7e:82", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812575045, TSecr 2653826": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812575045", - "tcp.options.timestamp.tsecr": "2653826" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8687", - "tcp.analysis.ack_rtt": "0.060980000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:e3:f0:a4:7f:36:3f:a6:cb:a4:b6:2e:43:ef:2a:97:dc:b5:6a:ca:c9:aa:f4:17:1c:1d:35:74:49:af:67:77:c7:f2:e8:86" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:03.813388000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496083.813388000", - "frame.time_delta": "0.000445000", - "frame.time_delta_displayed": "0.000445000", - "frame.time_relative": "2492.352702000", - "frame.number": "8689", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000971c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007663", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "99506", - "tcp.ack": "19965", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000d917", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:7e:88:a7:a4:7d:45", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2653832, TSecr 2812575045": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2653832", - "tcp.options.timestamp.tsecr": "2812575045" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8688", - "tcp.analysis.ack_rtt": "0.000445000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:04.109734000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496084.109734000", - "frame.time_delta": "0.296346000", - "frame.time_delta_displayed": "0.296346000", - "frame.time_relative": "2492.649048000", - "frame.number": "8690", - "frame.len": "94", - "frame.cap_len": "94", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "80", - "ip.id": "0x0000583d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a62c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "40", - "tcp.seq": "5318", - "tcp.nxtseq": "5358", - "tcp.ack": "829", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000e81f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "40", - "tcp.analysis.push_bytes_sent": "40" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "35", - "ssl.app_data": "c1:4c:bc:6e:d4:4e:36:f2:26:44:87:42:b5:75:d2:28:d1:3a:e9:61:d1:d0:8f:48:07:08:19:61:e9:34:96:d5:0e:7d:e2" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:04.253233000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496084.253233000", - "frame.time_delta": "0.143499000", - "frame.time_delta_displayed": "0.143499000", - "frame.time_relative": "2492.792547000", - "frame.number": "8691", - "frame.len": "90", - "frame.cap_len": "90", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "76", - "ip.id": "0x0000101d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fd50", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "36", - "tcp.seq": "829", - "tcp.nxtseq": "865", - "tcp.ack": "5358", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000e029", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8690", - "tcp.analysis.ack_rtt": "0.143499000", - "tcp.analysis.bytes_in_flight": "36", - "tcp.analysis.push_bytes_sent": "36" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "31", - "ssl.app_data": "54:26:79:5a:1e:3d:fa:77:5f:ea:7a:a2:d9:64:dc:3c:d3:9d:12:02:38:1f:72:4a:2b:b7:33:87:8d:32:c0" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:04.253747000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496084.253747000", - "frame.time_delta": "0.000514000", - "frame.time_delta_displayed": "0.000514000", - "frame.time_relative": "2492.793061000", - "frame.number": "8692", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000583e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a653", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "5358", - "tcp.ack": "865", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000ee71", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8691", - "tcp.analysis.ack_rtt": "0.000514000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:04.733937000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496084.733937000", - "frame.time_delta": "0.480190000", - "frame.time_delta_displayed": "0.480190000", - "frame.time_relative": "2493.273251000", - "frame.number": "8693", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00002074", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b77c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00001257", - "udp.checksum.status": "2", - "udp.stream": "150" - }, - "mdns": { - "dns.id": "0x0000029b", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=667", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:04.734463000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496084.734463000", - "frame.time_delta": "0.000526000", - "frame.time_delta_displayed": "0.000526000", - "frame.time_relative": "2493.273777000", - "frame.number": "8694", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00002075", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009877", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f352", - "udp.checksum.status": "2", - "udp.stream": "151" - }, - "mdns": { - "dns.id": "0x0000029b", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=667", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:04.736542000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496084.736542000", - "frame.time_delta": "0.002079000", - "frame.time_delta_displayed": "0.002079000", - "frame.time_relative": "2493.275856000", - "frame.number": "8695", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1325", - "udp.dstport": "5353", - "udp.port": "1325", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00008118", - "udp.checksum.status": "2", - "udp.stream": "152" - }, - "mdns": { - "dns.id": "0x0000029b", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=667", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:06.910909000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496086.910909000", - "frame.time_delta": "2.174367000", - "frame.time_delta_displayed": "2.174367000", - "frame.time_relative": "2495.450223000", - "frame.number": "8696", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005fc0", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x00005829", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:08.820217000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496088.820217000", - "frame.time_delta": "1.909308000", - "frame.time_delta_displayed": "1.909308000", - "frame.time_relative": "2497.359531000", - "frame.number": "8697", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.242" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:08.820625000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496088.820625000", - "frame.time_delta": "0.000408000", - "frame.time_delta_displayed": "0.000408000", - "frame.time_relative": "2497.359939000", - "frame.number": "8698", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "d0:52:a8:a3:60:0f", - "arp.src.proto_ipv4": "192.168.0.242", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:09.260892000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496089.260892000", - "frame.time_delta": "0.440267000", - "frame.time_delta_displayed": "0.440267000", - "frame.time_relative": "2497.800206000", - "frame.number": "8699", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.160" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:09.261076000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496089.261076000", - "frame.time_delta": "0.000184000", - "frame.time_delta_displayed": "0.000184000", - "frame.time_relative": "2497.800390000", - "frame.number": "8700", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "00:17:88:69:ee:e4", - "arp.src.proto_ipv4": "192.168.0.160", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:09.308519000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496089.308519000", - "frame.time_delta": "0.047443000", - "frame.time_delta_displayed": "0.047443000", - "frame.time_relative": "2497.847833000", - "frame.number": "8701", - "frame.len": "297", - "frame.cap_len": "297", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "283", - "ip.id": "0x00002e05", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003693", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "231", - "tcp.seq": "19965", - "tcp.nxtseq": "20196", - "tcp.ack": "99506", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000061b5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a4:82:a3:00:28:7e:88", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812576419, TSecr 2653832": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812576419", - "tcp.options.timestamp.tsecr": "2653832" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "231", - "tcp.analysis.push_bytes_sent": "231" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "226", - "ssl.app_data": "34:cd:34:17:47:48:0e:e4:eb:80:b5:a3:fb:5a:4f:82:fe:8e:02:c7:9c:3e:6d:20:d6:49:5e:92:f1:fa:30:56:6e:ee:11:dc:83:75:8e:c5:94:c4:bd:65:67:12:bb:32:57:09:2b:de:01:d7:65:c7:f3:3c:52:e9:87:bf:fb:2e:ac:ec:78:e3:af:26:03:9d:2c:b7:d1:dc:38:33:1c:36:d5:ae:31:16:7c:2a:08:03:da:17:51:47:a1:3e:6f:37:e6:b6:8a:3d:9a:76:12:6b:16:2b:d9:fb:74:85:61:0c:10:0d:d4:81:42:c5:a6:d9:83:dd:a6:08:99:b1:53:9f:b1:3d:17:30:01:5d:e8:fc:a5:a2:ec:3e:b8:06:ee:2d:8e:b6:a4:10:ec:b6:de:52:c8:a1:52:ed:c2:68:09:c8:27:0f:94:f3:db:f2:21:ce:1f:3a:95:79:eb:d5:4f:64:b7:8a:4f:e9:61:f6:41:5b:09:4c:54:ab:55:39:67:7c:cf:e4:c4:39:c9:84:d0:40:73:b6:b2:4b:ab:aa:34:19:dd:43:22:90:9d:3a:4f:8c:9a:d2:9b:b8:ae:ff:64:ca:d2:f6" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:09.308998000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496089.308998000", - "frame.time_delta": "0.000479000", - "frame.time_delta_displayed": "0.000479000", - "frame.time_relative": "2497.848312000", - "frame.number": "8702", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000971d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007662", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "99506", - "tcp.ack": "20196", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000d0ac", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:80:ae:a7:a4:82:a3", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2654382, TSecr 2812576419": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2654382", - "tcp.options.timestamp.tsecr": "2812576419" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8701", - "tcp.analysis.ack_rtt": "0.000479000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:09.327967000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496089.327967000", - "frame.time_delta": "0.018969000", - "frame.time_delta_displayed": "0.018969000", - "frame.time_relative": "2497.867281000", - "frame.number": "8703", - "frame.len": "119", - "frame.cap_len": "119", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "105", - "ip.id": "0x0000971e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000762c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "53", - "tcp.seq": "99506", - "tcp.nxtseq": "99559", - "tcp.ack": "20196", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000bb67", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:80:b0:a7:a4:82:a3", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2654384, TSecr 2812576419": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2654384", - "tcp.options.timestamp.tsecr": "2812576419" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "53", - "tcp.analysis.push_bytes_sent": "53" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "48", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:a9:34:53:3d:22:ea:44:9a:17:45:13:da:b5:63:b6:28:e8:a5:72:53:cd:15:48:88:8e:64:2b:ef:de:4a:f2:1a:24:46:84:a8:e1:e8:d6:19:b8" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:09.333198000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496089.333198000", - "frame.time_delta": "0.005231000", - "frame.time_delta_displayed": "0.005231000", - "frame.time_relative": "2497.872512000", - "frame.number": "8704", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "14:91:82:25:10:77", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x00006767", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000050d1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.dst_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "36217", - "tcp.dstport": "49154", - "tcp.port": "36217", - "tcp.port": "49154", - "tcp.stream": "333", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 49154", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "14600", - "tcp.window_size": "14600", - "tcp.checksum": "0x0000e244", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:28:80:b0:00:00:00:00:01:03:03:06", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 2654384, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2654384", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 6 (multiply by 64)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "6", - "tcp.options.wscale.multiplier": "64" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:09.337317000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496089.337317000", - "frame.time_delta": "0.004119000", - "frame.time_delta_displayed": "0.004119000", - "frame.time_relative": "2497.876631000", - "frame.number": "8705", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "14:91:82:25:10:77", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "14:91:82:25:10:77", - "arp.src.proto_ipv4": "192.168.0.65", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.242" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:09.337708000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496089.337708000", - "frame.time_delta": "0.000391000", - "frame.time_delta_displayed": "0.000391000", - "frame.time_relative": "2497.877022000", - "frame.number": "8706", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "14:91:82:25:10:77", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "d0:52:a8:a3:60:0f", - "arp.src.proto_ipv4": "192.168.0.242", - "arp.dst.hw_mac": "14:91:82:25:10:77", - "arp.dst.proto_ipv4": "192.168.0.65" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:09.350514000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496089.350514000", - "frame.time_delta": "0.012806000", - "frame.time_delta_displayed": "0.012806000", - "frame.time_relative": "2497.889828000", - "frame.number": "8707", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "14:91:82:25:10:77", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b840", - "ip.checksum.status": "2", - "ip.src": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.src_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "49154", - "tcp.dstport": "36217", - "tcp.port": "49154", - "tcp.port": "36217", - "tcp.stream": "333", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 49154", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "5840", - "tcp.window_size": "5840", - "tcp.checksum": "0x00009369", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:01", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 1 (multiply by 2)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "1", - "tcp.options.wscale.multiplier": "2" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8704", - "tcp.analysis.ack_rtt": "0.017316000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:09.351060000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496089.351060000", - "frame.time_delta": "0.000546000", - "frame.time_delta_displayed": "0.000546000", - "frame.time_relative": "2497.890374000", - "frame.number": "8708", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "14:91:82:25:10:77", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00006768", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000050e4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.dst_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "36217", - "tcp.dstport": "49154", - "tcp.port": "36217", - "tcp.port": "49154", - "tcp.stream": "333", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "229", - "tcp.window_size": "14656", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000ea20", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8707", - "tcp.analysis.ack_rtt": "0.000546000", - "tcp.analysis.initial_rtt": "0.017862000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:09.362113000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496089.362113000", - "frame.time_delta": "0.011053000", - "frame.time_delta_displayed": "0.011053000", - "frame.time_relative": "2497.901427000", - "frame.number": "8709", - "frame.len": "233", - "frame.cap_len": "233", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:data" - }, - "eth": { - "eth.dst": "14:91:82:25:10:77", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "219", - "ip.id": "0x00006769", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00005030", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.dst_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "36217", - "tcp.dstport": "49154", - "tcp.port": "36217", - "tcp.port": "49154", - "tcp.stream": "333", - "tcp.len": "179", - "tcp.seq": "1", - "tcp.nxtseq": "180", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "229", - "tcp.window_size": "14656", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000ca67", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.017862000", - "tcp.analysis.bytes_in_flight": "179", - "tcp.analysis.push_bytes_sent": "179" - } - }, - "http": { - "SUBSCRIBE \/upnp\/event\/basicevent1 HTTP\/1.1\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "SUBSCRIBE \/upnp\/event\/basicevent1 HTTP\/1.1\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "SUBSCRIBE", - "http.request.uri": "\/upnp\/event\/basicevent1", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.65:49154", - "http.unknown_header": "CALLBACK: <http:\/\/192.168.0.242:39500\/>\\n", - "http.unknown_header": "NT: upnp:event\\n", - "http.unknown_header": "TIMEOUT: Second-5400\\n", - "http.user_agent": "CyberGarage-HTTP\/1.0", - "\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.65:49154\/upnp\/event\/basicevent1", - "http.notification": "1", - "http.file_data": "\n", - "data": { - "data.data": "0a", - "data.len": "1" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:09.363633000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496089.363633000", - "frame.time_delta": "0.001520000", - "frame.time_delta_displayed": "0.001520000", - "frame.time_relative": "2497.902947000", - "frame.number": "8710", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "14:91:82:25:10:77", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000888a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00002fc2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.src_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "49154", - "tcp.dstport": "36217", - "tcp.port": "49154", - "tcp.port": "36217", - "tcp.stream": "333", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "180", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "2920", - "tcp.window_size": "5840", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x0000deea", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8709", - "tcp.analysis.ack_rtt": "0.001520000", - "tcp.analysis.initial_rtt": "0.017862000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:09.366110000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496089.366110000", - "frame.time_delta": "0.002477000", - "frame.time_delta_displayed": "0.002477000", - "frame.time_relative": "2497.905424000", - "frame.number": "8711", - "frame.len": "267", - "frame.cap_len": "267", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "14:91:82:25:10:77", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "253", - "ip.id": "0x0000888b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00002eec", - "ip.checksum.status": "2", - "ip.src": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.src_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "49154", - "tcp.dstport": "36217", - "tcp.port": "49154", - "tcp.port": "36217", - "tcp.stream": "333", - "tcp.len": "213", - "tcp.seq": "1", - "tcp.nxtseq": "214", - "tcp.ack": "180", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "2920", - "tcp.window_size": "5840", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x0000bc70", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.017862000", - "tcp.analysis.bytes_in_flight": "213", - "tcp.analysis.push_bytes_sent": "213" - } - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.date": "Wed, 01 Nov 2017 00:28:09 GMT", - "http.response.line": "DATE: Wed, 01 Nov 2017 00:28:09 GMT\r\n", - "http.server": "Unspecified, UPnP\/1.0, Unspecified", - "http.response.line": "SERVER: Unspecified, UPnP\/1.0, Unspecified\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.response.line": "CONTENT-LENGTH: 0\r\n", - "http.response.line": "X-User-Agent: redsonic\r\n", - "http.response.line": "SID: uuid:8976ccd6-1dd2-11b2-be5b-b0ef260068aa\r\n", - "http.response.line": "TIMEOUT: Second-5400\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:09.366578000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496089.366578000", - "frame.time_delta": "0.000468000", - "frame.time_delta_displayed": "0.000468000", - "frame.time_relative": "2497.905892000", - "frame.number": "8712", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "14:91:82:25:10:77", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000676a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000050e2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.dst_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "36217", - "tcp.dstport": "49154", - "tcp.port": "36217", - "tcp.port": "49154", - "tcp.stream": "333", - "tcp.len": "0", - "tcp.seq": "180", - "tcp.ack": "214", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "245", - "tcp.window_size": "15680", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000e888", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8711", - "tcp.analysis.ack_rtt": "0.000468000", - "tcp.analysis.initial_rtt": "0.017862000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:09.367615000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496089.367615000", - "frame.time_delta": "0.001037000", - "frame.time_delta_displayed": "0.001037000", - "frame.time_relative": "2497.906929000", - "frame.number": "8713", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "14:91:82:25:10:77", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000888c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00002fc0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.src_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "49154", - "tcp.dstport": "36217", - "tcp.port": "49154", - "tcp.port": "36217", - "tcp.stream": "333", - "tcp.len": "0", - "tcp.seq": "214", - "tcp.ack": "180", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "2920", - "tcp.window_size": "5840", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x0000de14", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:09.370369000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496089.370369000", - "frame.time_delta": "0.002754000", - "frame.time_delta_displayed": "0.002754000", - "frame.time_relative": "2497.909683000", - "frame.number": "8714", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "14:91:82:25:10:77", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00007b46", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003cfa", - "ip.checksum.status": "2", - "ip.src": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.src_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "4469", - "tcp.dstport": "39500", - "tcp.port": "4469", - "tcp.port": "39500", - "tcp.stream": "334", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 39500", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "5840", - "tcp.window_size": "5840", - "tcp.checksum": "0x0000e1e0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:01", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 1 (multiply by 2)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "1", - "tcp.options.wscale.multiplier": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:09.370845000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496089.370845000", - "frame.time_delta": "0.000476000", - "frame.time_delta_displayed": "0.000476000", - "frame.time_relative": "2497.910159000", - "frame.number": "8715", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "14:91:82:25:10:77", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b840", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.dst_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "39500", - "tcp.dstport": "4469", - "tcp.port": "39500", - "tcp.port": "4469", - "tcp.stream": "334", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 39500", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "14600", - "tcp.window_size": "14600", - "tcp.checksum": "0x0000649f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:06", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 6 (multiply by 64)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "6", - "tcp.options.wscale.multiplier": "64" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8714", - "tcp.analysis.ack_rtt": "0.000476000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:09.373228000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496089.373228000", - "frame.time_delta": "0.002383000", - "frame.time_delta_displayed": "0.002383000", - "frame.time_relative": "2497.912542000", - "frame.number": "8716", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "14:91:82:25:10:77", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00007b47", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003d05", - "ip.checksum.status": "2", - "ip.src": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.src_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "4469", - "tcp.dstport": "39500", - "tcp.port": "4469", - "tcp.port": "39500", - "tcp.stream": "334", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "2920", - "tcp.window_size": "5840", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x0000d310", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8715", - "tcp.analysis.ack_rtt": "0.002383000", - "tcp.analysis.initial_rtt": "0.002859000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:09.374193000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496089.374193000", - "frame.time_delta": "0.000965000", - "frame.time_delta_displayed": "0.000965000", - "frame.time_relative": "2497.913507000", - "frame.number": "8717", - "frame.len": "258", - "frame.cap_len": "258", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "14:91:82:25:10:77", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "244", - "ip.id": "0x00007b48", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003c38", - "ip.checksum.status": "2", - "ip.src": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.src_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "4469", - "tcp.dstport": "39500", - "tcp.port": "4469", - "tcp.port": "39500", - "tcp.stream": "334", - "tcp.len": "204", - "tcp.seq": "1", - "tcp.nxtseq": "205", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "2920", - "tcp.window_size": "5840", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x00001ab0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002859000", - "tcp.analysis.bytes_in_flight": "204", - "tcp.analysis.push_bytes_sent": "204" - }, - "tcp.segment_data": "4e:4f:54:49:46:59:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:4f:53:54:3a:20:31:39:32:2e:31:36:38:2e:30:2e:32:34:32:3a:33:39:35:30:30:0d:0a:43:4f:4e:54:45:4e:54:2d:54:59:50:45:3a:20:74:65:78:74:2f:78:6d:6c:3b:20:63:68:61:72:73:65:74:3d:22:75:74:66:2d:38:22:0d:0a:43:4f:4e:54:45:4e:54:2d:4c:45:4e:47:54:48:3a:20:31:37:36:0d:0a:4e:54:3a:20:75:70:6e:70:3a:65:76:65:6e:74:0d:0a:4e:54:53:3a:20:75:70:6e:70:3a:70:72:6f:70:63:68:61:6e:67:65:0d:0a:53:49:44:3a:20:75:75:69:64:3a:38:39:37:36:63:63:64:36:2d:31:64:64:32:2d:31:31:62:32:2d:62:65:35:62:2d:62:30:65:66:32:36:30:30:36:38:61:61:0d:0a:53:45:51:3a:20:30:0d:0a:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:09.374636000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496089.374636000", - "frame.time_delta": "0.000443000", - "frame.time_delta_displayed": "0.000443000", - "frame.time_relative": "2497.913950000", - "frame.number": "8718", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "14:91:82:25:10:77", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00009415", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00002437", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.dst_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "39500", - "tcp.dstport": "4469", - "tcp.port": "39500", - "tcp.port": "4469", - "tcp.stream": "334", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "205", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "245", - "tcp.window_size": "15680", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000dcb7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8717", - "tcp.analysis.ack_rtt": "0.000443000", - "tcp.analysis.initial_rtt": "0.002859000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:09.378497000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496089.378497000", - "frame.time_delta": "0.003861000", - "frame.time_delta_displayed": "0.003861000", - "frame.time_relative": "2497.917811000", - "frame.number": "8719", - "frame.len": "231", - "frame.cap_len": "231", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml:http:data" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "14:91:82:25:10:77", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "217", - "ip.id": "0x00007b49", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003c52", - "ip.checksum.status": "2", - "ip.src": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.src_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "4469", - "tcp.dstport": "39500", - "tcp.port": "4469", - "tcp.port": "39500", - "tcp.stream": "334", - "tcp.len": "177", - "tcp.seq": "205", - "tcp.nxtseq": "382", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "2920", - "tcp.window_size": "5840", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x00009ef3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002859000", - "tcp.analysis.bytes_in_flight": "177", - "tcp.analysis.push_bytes_sent": "177" - }, - "tcp.segment_data": "3c:65:3a:70:72:6f:70:65:72:74:79:73:65:74:20:78:6d:6c:6e:73:3a:65:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:65:76:65:6e:74:2d:31:2d:30:22:3e:0a:3c:65:3a:70:72:6f:70:65:72:74:79:3e:0a:3c:42:69:6e:61:72:79:53:74:61:74:65:3e:30:7c:31:35:30:39:34:39:35:31:30:38:7c:30:7c:30:7c:31:34:33:32:30:7c:31:32:30:39:36:30:30:7c:31:35:7c:30:7c:30:7c:34:38:36:30:30:35:31:3c:2f:42:69:6e:61:72:79:53:74:61:74:65:3e:0a:3c:2f:65:3a:70:72:6f:70:65:72:74:79:3e:0a:3c:2f:65:3a:70:72:6f:70:65:72:74:79:73:65:74:3e:0a:0a:0d" - }, - "tcp.segments": { - "tcp.segment": "8717", - "tcp.segment": "8719", - "tcp.segment.count": "2", - "tcp.reassembled.length": "380", - "tcp.reassembled.data": "4e:4f:54:49:46:59:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:4f:53:54:3a:20:31:39:32:2e:31:36:38:2e:30:2e:32:34:32:3a:33:39:35:30:30:0d:0a:43:4f:4e:54:45:4e:54:2d:54:59:50:45:3a:20:74:65:78:74:2f:78:6d:6c:3b:20:63:68:61:72:73:65:74:3d:22:75:74:66:2d:38:22:0d:0a:43:4f:4e:54:45:4e:54:2d:4c:45:4e:47:54:48:3a:20:31:37:36:0d:0a:4e:54:3a:20:75:70:6e:70:3a:65:76:65:6e:74:0d:0a:4e:54:53:3a:20:75:70:6e:70:3a:70:72:6f:70:63:68:61:6e:67:65:0d:0a:53:49:44:3a:20:75:75:69:64:3a:38:39:37:36:63:63:64:36:2d:31:64:64:32:2d:31:31:62:32:2d:62:65:35:62:2d:62:30:65:66:32:36:30:30:36:38:61:61:0d:0a:53:45:51:3a:20:30:0d:0a:0d:0a:3c:65:3a:70:72:6f:70:65:72:74:79:73:65:74:20:78:6d:6c:6e:73:3a:65:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:65:76:65:6e:74:2d:31:2d:30:22:3e:0a:3c:65:3a:70:72:6f:70:65:72:74:79:3e:0a:3c:42:69:6e:61:72:79:53:74:61:74:65:3e:30:7c:31:35:30:39:34:39:35:31:30:38:7c:30:7c:30:7c:31:34:33:32:30:7c:31:32:30:39:36:30:30:7c:31:35:7c:30:7c:30:7c:34:38:36:30:30:35:31:3c:2f:42:69:6e:61:72:79:53:74:61:74:65:3e:0a:3c:2f:65:3a:70:72:6f:70:65:72:74:79:3e:0a:3c:2f:65:3a:70:72:6f:70:65:72:74:79:73:65:74:3e:0a:0a:0d" - }, - "http": { - "NOTIFY \/ HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY \/ HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "\/", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.242:39500", - "http.content_type": "text\/xml; charset=\"utf-8\"", - "http.content_length_header": "176", - "http.content_length_header_tree": { - "http.content_length": "176" - }, - "http.unknown_header": "NT: upnp:event\\r\\n", - "http.unknown_header": "NTS: upnp:propchange\\r\\n", - "http.unknown_header": "SID: uuid:8976ccd6-1dd2-11b2-be5b-b0ef260068aa\\r\\n", - "http.unknown_header": "SEQ: 0\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.242:39500\/", - "http.notification": "1", - "http.file_data": "<e:propertyset xmlns:e=\"urn:schemas-upnp-org:event-1-0\">\n<e:property>\n<BinaryState>0|1509495108|0|0|14320|1209600|15|0|0|4860051<\/BinaryState>\n<\/e:property>\n<\/e:propertyset>\n\n\r" - }, - "xml": { - "xml.tag": "<e:propertyset xmlns:e=\"urn:schemas-upnp-org:event-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns:e=\"urn:schemas-upnp-org:event-1-0\"", - "xml.tag": "<e:property>", - "xml.tag_tree": { - "xml.tag": "<BinaryState>", - "xml.tag_tree": { - "xml.cdata": "0|1509495108|0|0|14320|1209600|15|0|0|4860051", - "<\/BinaryState>": "" - }, - "<\/e:property>": "" - }, - "<\/e:propertyset>": "" - } - }, - "http": { - "data": { - "data.data": "0a", - "data.len": "1" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:09.378904000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496089.378904000", - "frame.time_delta": "0.000407000", - "frame.time_delta_displayed": "0.000407000", - "frame.time_relative": "2497.918218000", - "frame.number": "8720", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "14:91:82:25:10:77", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00009416", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00002436", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.dst_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "39500", - "tcp.dstport": "4469", - "tcp.port": "39500", - "tcp.port": "4469", - "tcp.stream": "334", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "382", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "262", - "tcp.window_size": "16768", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000dbf5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8719", - "tcp.analysis.ack_rtt": "0.000407000", - "tcp.analysis.initial_rtt": "0.002859000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:09.404202000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496089.404202000", - "frame.time_delta": "0.025298000", - "frame.time_delta_displayed": "0.025298000", - "frame.time_relative": "2497.943516000", - "frame.number": "8721", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "14:91:82:25:10:77", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000676b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000050e1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.dst_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "36217", - "tcp.dstport": "49154", - "tcp.port": "36217", - "tcp.port": "49154", - "tcp.stream": "333", - "tcp.len": "0", - "tcp.seq": "180", - "tcp.ack": "215", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "245", - "tcp.window_size": "15680", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000e887", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8713", - "tcp.analysis.ack_rtt": "0.036587000", - "tcp.analysis.initial_rtt": "0.017862000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:09.425862000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496089.425862000", - "frame.time_delta": "0.021660000", - "frame.time_delta_displayed": "0.021660000", - "frame.time_relative": "2497.965176000", - "frame.number": "8722", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002e06", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003779", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "20196", - "tcp.ack": "99559", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000d146", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a4:82:c1:00:28:80:b0", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812576449, TSecr 2654384": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812576449", - "tcp.options.timestamp.tsecr": "2654384" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8703", - "tcp.analysis.ack_rtt": "0.097895000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:09.426408000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496089.426408000", - "frame.time_delta": "0.000546000", - "frame.time_delta_displayed": "0.000546000", - "frame.time_relative": "2497.965722000", - "frame.number": "8723", - "frame.len": "882", - "frame.cap_len": "882", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "868", - "ip.id": "0x0000971f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007330", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "816", - "tcp.seq": "99559", - "tcp.nxtseq": "100375", - "tcp.ack": "20196", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000baa9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:80:ba:a7:a4:82:c1", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2654394, TSecr 2812576449": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2654394", - "tcp.options.timestamp.tsecr": "2812576449" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "816", - "tcp.analysis.push_bytes_sent": "816" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:aa:73:30:75:00:da:5f:5d:03:f5:f8:19:9c:8c:1a:59:87:ef:53:cd:97:e0:41:ec:53:51:d2:00:97:91:21:2a:12:4e:ed:20:87:4e:6a:53:d1:e9" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "292", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:ab:47:1a:64:67:90:d3:b0:82:b9:4a:6f:68:e1:b4:38:be:c0:fe:72:b9:37:22:f8:e7:d0:fa:d8:40:ca:0f:b8:a9:c8:52:a7:01:25:3f:24:90:a8:a1:10:25:b9:35:db:7f:e7:6e:c1:d0:d5:2a:92:d5:5d:5a:22:c5:29:fe:cb:31:fd:ba:ad:6c:43:ee:86:6b:5f:b4:d7:c4:06:8c:e4:87:0b:8e:ee:6f:89:38:06:d6:44:52:43:5d:2f:8c:ac:71:88:f0:0d:87:ef:6a:4c:20:e0:00:fd:00:f1:90:01:4d:4c:95:1d:db:db:11:fd:ba:ea:c0:2e:2e:c1:1f:24:4d:7b:54:c0:02:01:89:cd:b5:d8:5c:c5:d0:2a:3a:13:fa:92:f4:84:e3:5f:ae:f9:18:50:81:bb:3b:5c:e8:4b:05:69:10:b9:ac:07:eb:f9:6c:56:be:46:09:62:28:23:e7:1d:68:f4:35:ef:64:c0:ce:aa:4c:7f:cf:82:0a:0d:7f:2e:ad:e6:a0:7a:c5:cd:20:a2:45:9c:60:a4:a0:0d:c4:02:02:c1:83:89:f3:d1:a6:83:dc:98:42:c4:ad:be:dc:2f:02:3a:97:3f:5b:2a:62:53:9c:7f:48:2c:c6:35:6c:09:dd:53:d1:5b:15:7f:b2:dc:45:9e:32:26:e9:26:60:9e:a2:e6:49:13:b6:74:10:55:fc:81:31:ad:13:d6:0f:f7:98:0b:4c:ad:cc:f3:33:01:62:47:ba" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "460", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:ac:cb:e3:0b:88:d6:d9:5a:e9:ad:4b:b4:f2:01:01:fb:30:b3:2d:c7:a3:e5:e8:64:6c:d1:47:23:1b:01:e7:86:30:a5:77:b7:a1:6b:c3:53:d3:7c:9a:f0:db:b4:55:dc:cb:08:69:0d:14:85:93:eb:b3:05:8a:f8:e2:eb:9c:b2:fb:09:18:d1:c1:29:75:4a:52:9b:3f:ee:b9:25:9e:8f:56:f0:08:ab:fb:4d:94:26:2e:ce:3e:dc:3f:1d:76:d4:18:d2:d3:5a:f2:60:15:bf:b8:bd:e0:28:c8:ac:ba:12:1d:4c:4c:1b:ac:29:d4:4f:0c:76:fa:ae:ee:db:8b:28:4e:53:91:45:ab:c4:4b:9f:91:4d:8e:77:ea:d9:5e:2d:15:9f:cf:e1:19:bf:77:1c:17:cd:38:29:28:8d:d7:99:5c:54:2b:01:59:f2:d3:64:73:f1:d8:f8:9f:aa:0e:a8:9f:ea:6c:88:f7:c1:63:b9:6b:d9:17:4e:c7:e7:41:c6:c1:03:57:f3:46:b9:99:95:c9:e1:83:1a:cb:85:13:80:ab:b0:f3:cf:5a:18:7c:95:27:a9:c7:19:2a:ed:83:c0:0b:ac:6e:85:5d:38:c1:a7:eb:85:35:b1:f3:6e:54:06:37:0d:c4:86:0d:6f:a1:69:0c:91:19:65:24:d2:e6:b1:23:48:36:74:75:a6:78:b3:8e:8f:12:90:f5:e9:d9:47:e7:0f:70:08:2f:c1:3b:be:e6:92:2a:48:d4:7e:2f:c6:8a:92:fc:35:13:0a:58:b8:f4:1a:a4:8c:69:80:00:8d:a6:e3:2c:cb:64:dd:3a:cd:57:97:f9:2a:14:95:39:c6:9c:73:96:36:55:83:33:1c:58:3c:aa:29:94:ff:2f:55:9d:06:a8:f4:f5:bf:d5:e6:c3:cc:44:a0:22:d7:52:c5:45:cd:41:dd:16:50:b6:ad:39:43:ec:ea:f1:47:5e:7f:92:e9:0a:d0:9c:0d:72:c1:16:12:61:0b:ab:49:16:bf:03:d7:6e:9d:f4:33:79:71:6b:35:e9:c8:9a:a3:6a:db:21:dc:4c:e7:20:7a:d3:74:97:94:27:1a:8a:ec:da:75:ee:dc:32:6b:35:74:82:0d:4a:ad:1c:71:a8:9e:43:22:17:3d:1a:e4:fb:0e:da:81:84:1b:96:2b:33:e3:23:a7:94:94:9c:ed:78" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:09.487335000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496089.487335000", - "frame.time_delta": "0.060927000", - "frame.time_delta_displayed": "0.060927000", - "frame.time_relative": "2498.026649000", - "frame.number": "8724", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002e07", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003778", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "20196", - "tcp.ack": "100375", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000cdfd", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a4:82:d0:00:28:80:ba", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812576464, TSecr 2654394": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812576464", - "tcp.options.timestamp.tsecr": "2654394" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8723", - "tcp.analysis.ack_rtt": "0.060927000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:09.489283000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496089.489283000", - "frame.time_delta": "0.001948000", - "frame.time_delta_displayed": "0.001948000", - "frame.time_relative": "2498.028597000", - "frame.number": "8725", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002e08", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003748", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "20196", - "tcp.nxtseq": "20243", - "tcp.ack": "100375", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00004015", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a4:82:d0:00:28:80:ba", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812576464, TSecr 2654394": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812576464", - "tcp.options.timestamp.tsecr": "2654394" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:e5:9b:51:53:cc:49:55:4d:6a:c6:96:d5:63:22:ad:a4:b7:66:0c:c9:88:e5:83:14:aa:ad:c0:2c:f3:4b:8a:f5:51:c0:a7" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:09.490320000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496089.490320000", - "frame.time_delta": "0.001037000", - "frame.time_delta_displayed": "0.001037000", - "frame.time_relative": "2498.029634000", - "frame.number": "8726", - "frame.len": "704", - "frame.cap_len": "704", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "690", - "ip.id": "0x00002e09", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000034f8", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "638", - "tcp.seq": "20243", - "tcp.nxtseq": "20881", - "tcp.ack": "100375", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000003dd", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a4:82:d0:00:28:80:ba", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812576464, TSecr 2654394": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812576464", - "tcp.options.timestamp.tsecr": "2654394" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "685", - "tcp.analysis.push_bytes_sent": "638" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "633", - "ssl.app_data": "34:cd:34:17:47:48:0e:e6:a2:36:42:1d:33:0e:ce:d5:46:41:de:c7:f3:18:6a:03:a4:c3:8b:61:45:e0:7a:4b:c2:13:74:34:b1:06:84:59:70:5d:fd:85:7c:2a:20:a7:e9:0c:21:e5:86:fc:81:ad:6b:9e:4d:18:a4:4b:25:f7:ef:24:1f:9a:2d:f8:cd:07:73:51:a3:39:5f:f2:07:17:ba:3c:7e:97:e7:b6:b4:6f:06:fa:a4:23:d0:fa:98:81:20:14:84:c5:30:47:31:83:76:6a:5c:af:a5:a0:c4:ec:1b:da:86:76:0e:e2:d1:f7:0c:4e:83:bb:0d:1c:12:6f:57:3c:03:4b:a8:fe:ab:25:e4:64:7b:da:f6:05:5f:18:be:3b:df:6a:16:04:2d:64:f0:f1:b2:d3:b2:f9:df:12:d0:ae:99:fa:f4:89:a9:36:45:a0:9d:97:19:12:29:00:c0:6c:8f:89:50:37:23:8f:84:71:7e:3c:01:a4:47:bc:f5:4a:76:25:c6:a4:9a:59:70:81:bf:24:81:2c:c6:8a:32:9f:c8:8b:ef:9e:bd:41:07:11:94:98:a8:78:97:56:62:25:fc:fd:1b:96:62:de:c5:55:92:a3:2c:0e:1e:92:99:f8:d9:ac:cf:5b:9d:21:b0:6f:82:56:f1:4d:a1:dd:6e:4b:67:50:c9:c1:0c:77:8b:f7:38:b6:bb:a1:8d:b5:7e:3b:40:6e:93:e6:e5:dc:3d:38:f8:5d:c0:b2:8e:e0:99:6f:0f:39:0b:a0:31:73:00:ba:c0:82:8b:05:b7:f1:0e:06:99:d3:78:b5:1b:70:26:5c:c5:93:3e:cf:0b:05:b5:8b:f9:be:9b:83:d6:b0:07:fb:ff:a5:a3:d1:bd:29:65:80:ab:d5:85:43:f7:db:d8:bc:e0:23:90:7a:03:8a:65:6b:07:36:ab:a4:7f:ad:5e:e4:e0:a1:4d:d5:e6:e5:48:9d:61:a9:f3:a5:1e:1a:30:aa:95:a2:92:34:10:54:63:7f:f1:17:19:76:9c:c7:40:8e:cf:cc:14:01:50:a9:11:dd:50:7b:a9:ff:8b:a2:3d:f3:98:5b:03:f3:dd:6f:95:3a:e0:06:a5:ac:e1:62:e2:86:ab:b2:e3:34:95:7c:e3:90:8c:ae:34:18:10:ec:7f:29:48:82:a1:b2:80:fe:a0:be:ca:a1:f3:84:73:04:e7:d8:2b:97:13:93:70:dc:b0:ca:cb:b3:d2:58:c9:a2:58:b2:37:67:02:13:34:57:4d:bc:e7:30:47:b8:af:bd:c2:eb:dc:be:64:25:55:d5:cf:7b:39:6e:d4:4a:1d:3b:3f:dd:01:3f:44:c2:44:d0:cf:14:eb:53:3c:32:6e:ea:fe:0a:03:e6:0a:26:d2:df:e4:fd:1f:c7:89:1b:9e:89:ae:af:de:8f:48:65:7c:4a:0f:26:5c:8c:7b:92:74:19:c0:08:80:24:21:c3:a0:2d:0f:2f:dd:a2:cd:5c:94:82:28:30:30:65:7b:37:22:ee:24:d0:0a:d8:3b:84:81:2f:40:c2:b2:4b:ca:3f:69:e6:d0:f8:08:3f:10:79:b0:48:41:c1:b9:3a:66:ef:82:6a:f7:d8:c1:7f:0a:4a:19:b1:99:f9:46:ae:ef:0a:e1:45:de:98:a7:0c:93:94:d1:69:d3" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:09.493085000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496089.493085000", - "frame.time_delta": "0.002765000", - "frame.time_delta_displayed": "0.002765000", - "frame.time_relative": "2498.032399000", - "frame.number": "8727", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00009720", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007630", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "100375", - "tcp.nxtseq": "100422", - "tcp.ack": "20881", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000fbf1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:80:c0:a7:a4:82:d0", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2654400, TSecr 2812576464": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2654400", - "tcp.options.timestamp.tsecr": "2812576464" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8726", - "tcp.analysis.ack_rtt": "0.002765000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:ad:ff:be:36:27:c4:39:8a:fc:b2:d9:c9:54:e4:bb:ba:e3:60:84:b1:c5:63:b4:02:03:1c:fb:8c:95:07:8c:3e:a4:08:74" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:09.518251000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496089.518251000", - "frame.time_delta": "0.025166000", - "frame.time_delta_displayed": "0.025166000", - "frame.time_relative": "2498.057565000", - "frame.number": "8728", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "14:91:82:25:10:77", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000676c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000050e0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.dst_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "36217", - "tcp.dstport": "49154", - "tcp.port": "36217", - "tcp.port": "49154", - "tcp.stream": "333", - "tcp.len": "0", - "tcp.seq": "180", - "tcp.ack": "215", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "245", - "tcp.window_size": "15680", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000e886", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:09.523531000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496089.523531000", - "frame.time_delta": "0.005280000", - "frame.time_delta_displayed": "0.005280000", - "frame.time_relative": "2498.062845000", - "frame.number": "8729", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "14:91:82:25:10:77", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b84c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.src_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "49154", - "tcp.dstport": "36217", - "tcp.port": "49154", - "tcp.port": "36217", - "tcp.stream": "333", - "tcp.len": "0", - "tcp.seq": "215", - "tcp.ack": "181", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "2920", - "tcp.window_size": "5840", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x0000de13", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8728", - "tcp.analysis.ack_rtt": "0.005280000", - "tcp.analysis.initial_rtt": "0.017862000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:09.541615000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496089.541615000", - "frame.time_delta": "0.018084000", - "frame.time_delta_displayed": "0.018084000", - "frame.time_relative": "2498.080929000", - "frame.number": "8730", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "14:91:82:25:10:77", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x00003ecc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000796c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.dst_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "36218", - "tcp.dstport": "49154", - "tcp.port": "36218", - "tcp.port": "49154", - "tcp.stream": "335", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 49154", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "14600", - "tcp.window_size": "14600", - "tcp.checksum": "0x0000d60d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:28:80:c5:00:00:00:00:01:03:03:06", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 2654405, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2654405", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 6 (multiply by 64)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "6", - "tcp.options.wscale.multiplier": "64" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:09.543007000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496089.543007000", - "frame.time_delta": "0.001392000", - "frame.time_delta_displayed": "0.001392000", - "frame.time_relative": "2498.082321000", - "frame.number": "8731", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "14:91:82:25:10:77", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b840", - "ip.checksum.status": "2", - "ip.src": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.src_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "49154", - "tcp.dstport": "36218", - "tcp.port": "49154", - "tcp.port": "36218", - "tcp.stream": "335", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 49154", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "5840", - "tcp.window_size": "5840", - "tcp.checksum": "0x0000600a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:01", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 1 (multiply by 2)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "1", - "tcp.options.wscale.multiplier": "2" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8730", - "tcp.analysis.ack_rtt": "0.001392000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:09.543467000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496089.543467000", - "frame.time_delta": "0.000460000", - "frame.time_delta_displayed": "0.000460000", - "frame.time_relative": "2498.082781000", - "frame.number": "8732", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "14:91:82:25:10:77", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00003ecd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000797f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.dst_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "36218", - "tcp.dstport": "49154", - "tcp.port": "36218", - "tcp.port": "49154", - "tcp.stream": "335", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "229", - "tcp.window_size": "14656", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000b6c1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8731", - "tcp.analysis.ack_rtt": "0.000460000", - "tcp.analysis.initial_rtt": "0.001852000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:09.553725000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496089.553725000", - "frame.time_delta": "0.010258000", - "frame.time_delta_displayed": "0.010258000", - "frame.time_relative": "2498.093039000", - "frame.number": "8733", - "frame.len": "151", - "frame.cap_len": "151", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "137", - "ip.id": "0x00002e0a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003720", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "85", - "tcp.seq": "20881", - "tcp.nxtseq": "20966", - "tcp.ack": "100422", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00006464", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a4:82:e0:00:28:80:c0", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812576480, TSecr 2654400": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812576480", - "tcp.options.timestamp.tsecr": "2654400" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8727", - "tcp.analysis.ack_rtt": "0.060640000", - "tcp.analysis.bytes_in_flight": "85", - "tcp.analysis.push_bytes_sent": "85" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "80", - "ssl.app_data": "34:cd:34:17:47:48:0e:e7:2d:c1:b2:3b:ac:f0:ce:77:0a:66:51:8e:bc:9c:47:a2:54:df:5d:e7:84:f8:03:78:a8:c3:0b:3e:c6:02:f0:83:ee:b3:cf:1a:fb:7a:ca:17:15:9d:ed:47:94:8b:7d:ef:87:dd:46:31:92:2c:c0:b7:65:3d:2c:bc:84:ef:f4:d6:ea:99:0c:e8:45:35:24:64" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:09.554253000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496089.554253000", - "frame.time_delta": "0.000528000", - "frame.time_delta_displayed": "0.000528000", - "frame.time_relative": "2498.093567000", - "frame.number": "8734", - "frame.len": "144", - "frame.cap_len": "144", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "130", - "ip.id": "0x00009721", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007610", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "78", - "tcp.seq": "100422", - "tcp.nxtseq": "100500", - "tcp.ack": "20966", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00005865", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:80:c7:a7:a4:82:e0", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2654407, TSecr 2812576480": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2654407", - "tcp.options.timestamp.tsecr": "2812576480" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8733", - "tcp.analysis.ack_rtt": "0.000528000", - "tcp.analysis.bytes_in_flight": "78", - "tcp.analysis.push_bytes_sent": "78" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "73", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:ae:72:d9:44:2f:88:5c:92:51:46:eb:0b:6b:cb:4c:60:13:11:8c:d0:ac:96:79:99:f3:78:63:33:40:cd:42:ce:ec:f1:e9:5d:ab:a8:4b:c8:40:01:c0:11:7d:4f:3e:94:21:0c:11:93:67:eb:c3:bd:c6:ba:42:87:82:44:9e:9c:97:17" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:09.554584000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496089.554584000", - "frame.time_delta": "0.000331000", - "frame.time_delta_displayed": "0.000331000", - "frame.time_relative": "2498.093898000", - "frame.number": "8735", - "frame.len": "640", - "frame.cap_len": "640", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "14:91:82:25:10:77", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "626", - "ip.id": "0x00003ece", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007734", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.dst_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "36218", - "tcp.dstport": "49154", - "tcp.port": "36218", - "tcp.port": "49154", - "tcp.stream": "335", - "tcp.len": "586", - "tcp.seq": "1", - "tcp.nxtseq": "587", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "229", - "tcp.window_size": "14656", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x00003ce6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.001852000", - "tcp.analysis.bytes_in_flight": "586", - "tcp.analysis.push_bytes_sent": "586" - } - }, - "http": { - "POST \/upnp\/control\/timesync1 HTTP\/1.1\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "POST \/upnp\/control\/timesync1 HTTP\/1.1\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "POST", - "http.request.uri": "\/upnp\/control\/timesync1", - "http.request.version": "HTTP\/1.1" - }, - "http.content_type": "text\/xml; charset=\"utf-8\"", - "http.request.line": "Content-Type: text\/xml; charset=\"utf-8\"\n", - "http.request.line": "SOAPACTION: \"urn:Belkin:service:timesync:1#TimeSync\"\n", - "http.content_length_header": "376", - "http.content_length_header_tree": { - "http.content_length": "376" - }, - "http.request.line": "Content-Length: 376\n", - "http.host": "192.168.0.65:49154", - "http.request.line": "HOST: 192.168.0.65:49154\n", - "http.user_agent": "CyberGarage-HTTP\/1.0", - "http.request.line": "User-Agent: CyberGarage-HTTP\/1.0\n", - "\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.65:49154\/upnp\/control\/timesync1", - "http.request": "1", - "http.request_number": "1", - "http.file_data": "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<s:Envelope xmlns:s=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\" s:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\">\n <s:Body>\n <u:TimeSync xmlns:u=\"urn:Belkin:service:timesync:1\">\n <UTC>1509496089<\/UTC>\n <TimeZone>-05.00<\/TimeZone>\n <dst>1<\/dst>\n <DstSupported>1<\/DstSupported>\n <\/u:TimeSync>\n <\/s:Body>\n<\/s:Envelope>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"utf-8\"?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "utf-8", - "?>": "" - }, - "xml.tag": "<s:Envelope xmlns:s=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\" s:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\">", - "xml.tag_tree": { - "xml.attribute": "xmlns:s=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\"", - "xml.attribute": "s:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\"", - "xml.tag": "<s:Body>", - "xml.tag_tree": { - "xml.tag": "<u:TimeSync xmlns:u=\"urn:Belkin:service:timesync:1\">", - "xml.tag_tree": { - "xml.attribute": "xmlns:u=\"urn:Belkin:service:timesync:1\"", - "xml.tag": "<UTC>", - "xml.tag_tree": { - "xml.cdata": "1509496089", - "<\/UTC>": "" - }, - "xml.tag": "<TimeZone>", - "xml.tag_tree": { - "xml.cdata": "-05.00", - "<\/TimeZone>": "" - }, - "xml.tag": "<dst>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/dst>": "" - }, - "xml.tag": "<DstSupported>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/DstSupported>": "" - }, - "<\/u:TimeSync>": "" - }, - "<\/s:Body>": "" - }, - "<\/s:Envelope>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:09.556742000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496089.556742000", - "frame.time_delta": "0.002158000", - "frame.time_delta_displayed": "0.002158000", - "frame.time_relative": "2498.096056000", - "frame.number": "8736", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "14:91:82:25:10:77", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000072da", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004572", - "ip.checksum.status": "2", - "ip.src": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.src_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "49154", - "tcp.dstport": "36218", - "tcp.port": "49154", - "tcp.port": "36218", - "tcp.stream": "335", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "587", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3506", - "tcp.window_size": "7012", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x0000a7aa", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8735", - "tcp.analysis.ack_rtt": "0.002158000", - "tcp.analysis.initial_rtt": "0.001852000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:09.566501000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496089.566501000", - "frame.time_delta": "0.009759000", - "frame.time_delta_displayed": "0.009759000", - "frame.time_relative": "2498.105815000", - "frame.number": "8737", - "frame.len": "92", - "frame.cap_len": "92", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "14:91:82:25:10:77", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "78", - "ip.id": "0x00009417", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000240f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.dst_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "39500", - "tcp.dstport": "4469", - "tcp.port": "39500", - "tcp.port": "4469", - "tcp.stream": "334", - "tcp.len": "38", - "tcp.seq": "1", - "tcp.nxtseq": "39", - "tcp.ack": "382", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "262", - "tcp.window_size": "16768", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000e880", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002859000", - "tcp.analysis.bytes_in_flight": "38", - "tcp.analysis.push_bytes_sent": "38" - } - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.connection": "close", - "http.response.line": "Connection: close\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:09.567975000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496089.567975000", - "frame.time_delta": "0.001474000", - "frame.time_delta_displayed": "0.001474000", - "frame.time_relative": "2498.107289000", - "frame.number": "8738", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "14:91:82:25:10:77", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00007b4a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003d02", - "ip.checksum.status": "2", - "ip.src": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.src_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "4469", - "tcp.dstport": "39500", - "tcp.port": "4469", - "tcp.port": "39500", - "tcp.stream": "334", - "tcp.len": "0", - "tcp.seq": "382", - "tcp.ack": "39", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "2920", - "tcp.window_size": "5840", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x0000d16d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8737", - "tcp.analysis.ack_rtt": "0.001474000", - "tcp.analysis.initial_rtt": "0.002859000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:09.569134000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496089.569134000", - "frame.time_delta": "0.001159000", - "frame.time_delta_displayed": "0.001159000", - "frame.time_relative": "2498.108448000", - "frame.number": "8739", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "14:91:82:25:10:77", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00007b4b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003d01", - "ip.checksum.status": "2", - "ip.src": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.src_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "4469", - "tcp.dstport": "39500", - "tcp.port": "4469", - "tcp.port": "39500", - "tcp.stream": "334", - "tcp.len": "0", - "tcp.seq": "382", - "tcp.ack": "39", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "2920", - "tcp.window_size": "5840", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x0000d16c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:09.569747000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496089.569747000", - "frame.time_delta": "0.000613000", - "frame.time_delta_displayed": "0.000613000", - "frame.time_relative": "2498.109061000", - "frame.number": "8740", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "14:91:82:25:10:77", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00009418", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00002434", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.dst_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "39500", - "tcp.dstport": "4469", - "tcp.port": "39500", - "tcp.port": "4469", - "tcp.stream": "334", - "tcp.len": "0", - "tcp.seq": "39", - "tcp.ack": "383", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "262", - "tcp.window_size": "16768", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000dbcd", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8739", - "tcp.analysis.ack_rtt": "0.000613000", - "tcp.analysis.initial_rtt": "0.002859000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:09.571183000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496089.571183000", - "frame.time_delta": "0.001436000", - "frame.time_delta_displayed": "0.001436000", - "frame.time_relative": "2498.110497000", - "frame.number": "8741", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "14:91:82:25:10:77", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00007b4c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003d00", - "ip.checksum.status": "2", - "ip.src": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.src_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "4469", - "tcp.dstport": "39500", - "tcp.port": "4469", - "tcp.port": "39500", - "tcp.stream": "334", - "tcp.len": "0", - "tcp.seq": "383", - "tcp.ack": "40", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "2920", - "tcp.window_size": "5840", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x0000d16b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8740", - "tcp.analysis.ack_rtt": "0.001436000", - "tcp.analysis.initial_rtt": "0.002859000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:09.654627000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496089.654627000", - "frame.time_delta": "0.083444000", - "frame.time_delta_displayed": "0.083444000", - "frame.time_relative": "2498.193941000", - "frame.number": "8742", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002e0b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003774", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "20966", - "tcp.ack": "100500", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000ca47", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a4:82:fa:00:28:80:c7", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812576506, TSecr 2654407": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812576506", - "tcp.options.timestamp.tsecr": "2654407" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8734", - "tcp.analysis.ack_rtt": "0.100374000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:09.655122000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496089.655122000", - "frame.time_delta": "0.000495000", - "frame.time_delta_displayed": "0.000495000", - "frame.time_relative": "2498.194436000", - "frame.number": "8743", - "frame.len": "271", - "frame.cap_len": "271", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "257", - "ip.id": "0x00009722", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007590", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "205", - "tcp.seq": "100500", - "tcp.nxtseq": "100705", - "tcp.ack": "20966", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00002f7f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:80:d1:a7:a4:82:fa", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2654417, TSecr 2812576506": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2654417", - "tcp.options.timestamp.tsecr": "2812576506" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "205", - "tcp.analysis.push_bytes_sent": "205" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:af:21:e7:da:3d:77:b8:d2:38:f3:40:1f:87:c1:b9:33:13:c8:e8:4a:ec:ce:64:40:b8:34:b0:4f:a0:ee:33:2f:4b:cc:9f:c1:fe:40:ba:92:ba:97" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "67", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:b0:93:bf:28:87:75:b1:05:cf:99:22:ce:0c:05:4f:f8:c4:42:a0:4e:ef:55:e0:1f:f9:4e:c5:0f:3a:66:46:b6:77:83:2f:d6:8a:c5:dc:f6:4c:4b:b2:0c:ad:08:db:d4:80:07:68:56:68:20:b7:4f:d0:73:ef:25" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "74", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:b1:63:5a:73:8f:61:93:c3:33:36:b4:2b:4a:33:e8:aa:70:3d:f7:d4:40:5b:b9:e2:8d:a0:d4:b4:64:f4:78:72:a3:86:00:60:51:74:96:b4:4e:de:4a:73:a5:96:a2:98:e7:a7:3f:7d:73:bf:07:95:ca:c2:87:cc:ee:46:fb:dd:c8:b0:60" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:09.715263000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496089.715263000", - "frame.time_delta": "0.060141000", - "frame.time_delta_displayed": "0.060141000", - "frame.time_relative": "2498.254577000", - "frame.number": "8744", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002e0c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003773", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "20966", - "tcp.ack": "100705", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000c961", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a4:83:09:00:28:80:d1", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812576521, TSecr 2654417": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812576521", - "tcp.options.timestamp.tsecr": "2654417" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8743", - "tcp.analysis.ack_rtt": "0.060141000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:09.716460000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496089.716460000", - "frame.time_delta": "0.001197000", - "frame.time_delta_displayed": "0.001197000", - "frame.time_relative": "2498.255774000", - "frame.number": "8745", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002e0d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003743", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "20966", - "tcp.nxtseq": "21013", - "tcp.ack": "100705", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000dc6b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a4:83:09:00:28:80:d1", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812576521, TSecr 2654417": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812576521", - "tcp.options.timestamp.tsecr": "2654417" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:e8:8b:c6:a7:e1:54:37:9e:d3:a3:31:6c:95:80:83:ca:5c:2c:34:6f:61:4f:a6:fa:35:e7:04:e5:97:10:c8:b7:44:01:1e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:09.720536000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496089.720536000", - "frame.time_delta": "0.004076000", - "frame.time_delta_displayed": "0.004076000", - "frame.time_relative": "2498.259850000", - "frame.number": "8746", - "frame.len": "115", - "frame.cap_len": "115", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "101", - "ip.id": "0x00009723", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000762b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "49", - "tcp.seq": "100705", - "tcp.nxtseq": "100754", - "tcp.ack": "21013", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000056a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:80:d7:a7:a4:83:09", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2654423, TSecr 2812576521": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2654423", - "tcp.options.timestamp.tsecr": "2812576521" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8745", - "tcp.analysis.ack_rtt": "0.004076000", - "tcp.analysis.bytes_in_flight": "49", - "tcp.analysis.push_bytes_sent": "49" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "44", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:b2:bd:14:2d:b4:01:ea:db:24:f9:24:5a:b3:71:c8:96:6c:05:c4:c9:86:d0:2f:62:7c:ef:52:73:85:df:a3:d1:ed:be:4f:80:78" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:09.734185000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496089.734185000", - "frame.time_delta": "0.013649000", - "frame.time_delta_displayed": "0.013649000", - "frame.time_relative": "2498.273499000", - "frame.number": "8747", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00002076", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b77a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00001257", - "udp.checksum.status": "2", - "udp.stream": "150" - }, - "mdns": { - "dns.id": "0x0000029b", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=667", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:09.734721000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496089.734721000", - "frame.time_delta": "0.000536000", - "frame.time_delta_displayed": "0.000536000", - "frame.time_relative": "2498.274035000", - "frame.number": "8748", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00002077", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009875", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f352", - "udp.checksum.status": "2", - "udp.stream": "151" - }, - "mdns": { - "dns.id": "0x0000029b", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=667", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:09.735356000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496089.735356000", - "frame.time_delta": "0.000635000", - "frame.time_delta_displayed": "0.000635000", - "frame.time_relative": "2498.274670000", - "frame.number": "8749", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1325", - "udp.dstport": "5353", - "udp.port": "1325", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00008118", - "udp.checksum.status": "2", - "udp.stream": "152" - }, - "mdns": { - "dns.id": "0x0000029b", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=667", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:09.817873000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496089.817873000", - "frame.time_delta": "0.082517000", - "frame.time_delta_displayed": "0.082517000", - "frame.time_relative": "2498.357187000", - "frame.number": "8750", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002e0e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003771", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "21013", - "tcp.ack": "100754", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000c8e1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a4:83:23:00:28:80:d7", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812576547, TSecr 2654423": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812576547", - "tcp.options.timestamp.tsecr": "2654423" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8746", - "tcp.analysis.ack_rtt": "0.097337000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:10.070787000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496090.070787000", - "frame.time_delta": "0.252914000", - "frame.time_delta_displayed": "0.252914000", - "frame.time_relative": "2498.610101000", - "frame.number": "8751", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "14:91:82:25:10:77", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x000072db", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000044b1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.src_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "49154", - "tcp.dstport": "36218", - "tcp.port": "49154", - "tcp.port": "36218", - "tcp.stream": "335", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "587", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3506", - "tcp.window_size": "7012", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x0000acb1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.001852000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:4f:4e:54:45:4e:54:2d:4c:45:4e:47:54:48:3a:20:32:36:37:0d:0a:43:4f:4e:54:45:4e:54:2d:54:59:50:45:3a:20:74:65:78:74:2f:78:6d:6c:3b:20:63:68:61:72:73:65:74:3d:22:75:74:66:2d:38:22:0d:0a:44:41:54:45:3a:20:57:65:64:2c:20:30:31:20:4e:6f:76:20:32:30:31:37:20:30:30:3a:32:38:3a:31:30:20:47:4d:54:0d:0a:45:58:54:3a:0d:0a:53:45:52:56:45:52:3a:20:55:6e:73:70:65:63:69:66:69:65:64:2c:20:55:50:6e:50:2f:31:2e:30:2c:20:55:6e:73:70:65:63:69:66:69:65:64:0d:0a:58:2d:55:73:65:72:2d:41:67:65:6e:74:3a:20:72:65:64:73:6f:6e:69:63:0d:0a:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:10.071272000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496090.071272000", - "frame.time_delta": "0.000485000", - "frame.time_delta_displayed": "0.000485000", - "frame.time_relative": "2498.610586000", - "frame.number": "8752", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "14:91:82:25:10:77", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00003ecf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000797d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.dst_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "36218", - "tcp.dstport": "49154", - "tcp.port": "36218", - "tcp.port": "49154", - "tcp.stream": "335", - "tcp.len": "0", - "tcp.seq": "587", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "245", - "tcp.window_size": "15680", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000b3a7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8751", - "tcp.analysis.ack_rtt": "0.000485000", - "tcp.analysis.initial_rtt": "0.001852000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:10.072112000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496090.072112000", - "frame.time_delta": "0.000840000", - "frame.time_delta_displayed": "0.000840000", - "frame.time_relative": "2498.611426000", - "frame.number": "8753", - "frame.len": "321", - "frame.cap_len": "321", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "14:91:82:25:10:77", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "307", - "ip.id": "0x000072dc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004465", - "ip.checksum.status": "2", - "ip.src": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.src_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "49154", - "tcp.dstport": "36218", - "tcp.port": "49154", - "tcp.port": "36218", - "tcp.stream": "335", - "tcp.len": "267", - "tcp.seq": "193", - "tcp.nxtseq": "461", - "tcp.ack": "587", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3506", - "tcp.window_size": "7012", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x0000dcae", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.001852000", - "tcp.analysis.bytes_in_flight": "268", - "tcp.analysis.push_bytes_sent": "267" - }, - "tcp.segment_data": "3c:73:3a:45:6e:76:65:6c:6f:70:65:20:78:6d:6c:6e:73:3a:73:3d:22:68:74:74:70:3a:2f:2f:73:63:68:65:6d:61:73:2e:78:6d:6c:73:6f:61:70:2e:6f:72:67:2f:73:6f:61:70:2f:65:6e:76:65:6c:6f:70:65:2f:22:20:73:3a:65:6e:63:6f:64:69:6e:67:53:74:79:6c:65:3d:22:68:74:74:70:3a:2f:2f:73:63:68:65:6d:61:73:2e:78:6d:6c:73:6f:61:70:2e:6f:72:67:2f:73:6f:61:70:2f:65:6e:63:6f:64:69:6e:67:2f:22:3e:3c:73:3a:42:6f:64:79:3e:0a:3c:75:3a:54:69:6d:65:53:79:6e:63:52:65:73:70:6f:6e:73:65:20:78:6d:6c:6e:73:3a:75:3d:22:75:72:6e:3a:42:65:6c:6b:69:6e:3a:73:65:72:76:69:63:65:3a:74:69:6d:65:73:79:6e:63:3a:31:22:3e:0d:0a:3c:73:74:61:74:75:73:3e:73:75:63:63:65:73:73:3c:2f:73:74:61:74:75:73:3e:0d:0a:3c:2f:75:3a:54:69:6d:65:53:79:6e:63:52:65:73:70:6f:6e:73:65:3e:0d:0a:3c:2f:73:3a:42:6f:64:79:3e:20:3c:2f:73:3a:45:6e:76:65:6c:6f:70:65:3e" - }, - "tcp.segments": { - "tcp.segment": "8751", - "tcp.segment": "8753", - "tcp.segment.count": "2", - "tcp.reassembled.length": "459", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:4f:4e:54:45:4e:54:2d:4c:45:4e:47:54:48:3a:20:32:36:37:0d:0a:43:4f:4e:54:45:4e:54:2d:54:59:50:45:3a:20:74:65:78:74:2f:78:6d:6c:3b:20:63:68:61:72:73:65:74:3d:22:75:74:66:2d:38:22:0d:0a:44:41:54:45:3a:20:57:65:64:2c:20:30:31:20:4e:6f:76:20:32:30:31:37:20:30:30:3a:32:38:3a:31:30:20:47:4d:54:0d:0a:45:58:54:3a:0d:0a:53:45:52:56:45:52:3a:20:55:6e:73:70:65:63:69:66:69:65:64:2c:20:55:50:6e:50:2f:31:2e:30:2c:20:55:6e:73:70:65:63:69:66:69:65:64:0d:0a:58:2d:55:73:65:72:2d:41:67:65:6e:74:3a:20:72:65:64:73:6f:6e:69:63:0d:0a:0d:0a:3c:73:3a:45:6e:76:65:6c:6f:70:65:20:78:6d:6c:6e:73:3a:73:3d:22:68:74:74:70:3a:2f:2f:73:63:68:65:6d:61:73:2e:78:6d:6c:73:6f:61:70:2e:6f:72:67:2f:73:6f:61:70:2f:65:6e:76:65:6c:6f:70:65:2f:22:20:73:3a:65:6e:63:6f:64:69:6e:67:53:74:79:6c:65:3d:22:68:74:74:70:3a:2f:2f:73:63:68:65:6d:61:73:2e:78:6d:6c:73:6f:61:70:2e:6f:72:67:2f:73:6f:61:70:2f:65:6e:63:6f:64:69:6e:67:2f:22:3e:3c:73:3a:42:6f:64:79:3e:0a:3c:75:3a:54:69:6d:65:53:79:6e:63:52:65:73:70:6f:6e:73:65:20:78:6d:6c:6e:73:3a:75:3d:22:75:72:6e:3a:42:65:6c:6b:69:6e:3a:73:65:72:76:69:63:65:3a:74:69:6d:65:73:79:6e:63:3a:31:22:3e:0d:0a:3c:73:74:61:74:75:73:3e:73:75:63:63:65:73:73:3c:2f:73:74:61:74:75:73:3e:0d:0a:3c:2f:75:3a:54:69:6d:65:53:79:6e:63:52:65:73:70:6f:6e:73:65:3e:0d:0a:3c:2f:73:3a:42:6f:64:79:3e:20:3c:2f:73:3a:45:6e:76:65:6c:6f:70:65:3e" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_length_header": "267", - "http.content_length_header_tree": { - "http.content_length": "267" - }, - "http.response.line": "CONTENT-LENGTH: 267\r\n", - "http.content_type": "text\/xml; charset=\"utf-8\"", - "http.response.line": "CONTENT-TYPE: text\/xml; charset=\"utf-8\"\r\n", - "http.date": "Wed, 01 Nov 2017 00:28:10 GMT", - "http.response.line": "DATE: Wed, 01 Nov 2017 00:28:10 GMT\r\n", - "http.response.line": "EXT:\r\n", - "http.server": "Unspecified, UPnP\/1.0, Unspecified", - "http.response.line": "SERVER: Unspecified, UPnP\/1.0, Unspecified\r\n", - "http.response.line": "X-User-Agent: redsonic\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.517528000", - "http.request_in": "8735", - "http.file_data": "<s:Envelope xmlns:s=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\" s:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\"><s:Body>\n<u:TimeSyncResponse xmlns:u=\"urn:Belkin:service:timesync:1\">\r\n<status>success<\/status>\r\n<\/u:TimeSyncResponse>\r\n<\/s:Body> <\/s:Envelope>" - }, - "xml": { - "xml.tag": "<s:Envelope xmlns:s=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\" s:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\">", - "xml.tag_tree": { - "xml.attribute": "xmlns:s=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\"", - "xml.attribute": "s:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\"", - "xml.tag": "<s:Body>", - "xml.tag_tree": { - "xml.tag": "<u:TimeSyncResponse xmlns:u=\"urn:Belkin:service:timesync:1\">", - "xml.tag_tree": { - "xml.attribute": "xmlns:u=\"urn:Belkin:service:timesync:1\"", - "xml.tag": "<status>", - "xml.tag_tree": { - "xml.cdata": "success", - "<\/status>": "" - }, - "<\/u:TimeSyncResponse>": "" - }, - "<\/s:Body>": "" - }, - "<\/s:Envelope>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:10.086522000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496090.086522000", - "frame.time_delta": "0.014410000", - "frame.time_delta_displayed": "0.014410000", - "frame.time_relative": "2498.625836000", - "frame.number": "8754", - "frame.len": "317", - "frame.cap_len": "317", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "303", - "ip.id": "0x00009724", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007560", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "251", - "tcp.seq": "100754", - "tcp.nxtseq": "101005", - "tcp.ack": "21013", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000710d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:80:fc:a7:a4:83:23", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2654460, TSecr 2812576547": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2654460", - "tcp.options.timestamp.tsecr": "2812576547" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "251", - "tcp.analysis.push_bytes_sent": "251" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "246", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:b3:cb:c3:4e:33:8d:7f:08:55:0c:1c:15:37:bf:69:ea:00:14:d0:14:07:2a:88:0f:5e:a5:61:df:f4:53:68:b5:48:3c:2a:e5:20:9e:aa:5f:19:e3:52:18:a2:60:3d:e9:07:9c:d4:3d:97:09:0f:23:a0:d6:3a:23:0c:1e:07:3c:bb:ed:5f:4a:c1:3c:42:a1:b2:10:de:d6:20:46:01:2b:76:7b:8b:dc:3d:a4:5e:68:68:f1:c3:e8:64:b0:cb:b2:d5:d7:74:10:4a:17:39:6a:9c:3e:c2:51:6e:7e:2b:cb:6f:4a:5d:4d:35:19:d8:0c:d3:69:d4:05:22:f5:d3:56:88:95:89:eb:47:dc:4f:f5:9f:f2:ef:81:f4:5e:ab:de:91:57:40:12:bc:dc:86:3a:81:bf:c9:13:52:4c:ac:ac:24:81:70:5f:2d:18:16:4e:55:38:f5:74:13:9c:5b:f5:cf:5f:57:7f:63:c7:6b:e6:99:e1:85:cf:a1:dd:35:e0:00:05:fc:7b:70:45:4b:5c:01:ae:e2:bd:30:b2:f9:c8:9d:e2:26:a2:62:45:16:b9:f7:32:15:cb:ec:43:5b:e6:05:f3:6b:ed:26:41:5a:54:86:a0:a9:3a:8b:c8:0a" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:10.104170000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496090.104170000", - "frame.time_delta": "0.017648000", - "frame.time_delta_displayed": "0.017648000", - "frame.time_relative": "2498.643484000", - "frame.number": "8755", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "14:91:82:25:10:77", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00003ed0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000797c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.dst_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "36218", - "tcp.dstport": "49154", - "tcp.port": "36218", - "tcp.port": "49154", - "tcp.stream": "335", - "tcp.len": "0", - "tcp.seq": "587", - "tcp.ack": "461", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "262", - "tcp.window_size": "16768", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000b28a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8753", - "tcp.analysis.ack_rtt": "0.032058000", - "tcp.analysis.initial_rtt": "0.001852000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:10.146708000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496090.146708000", - "frame.time_delta": "0.042538000", - "frame.time_delta_displayed": "0.042538000", - "frame.time_relative": "2498.686022000", - "frame.number": "8756", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002e0f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003770", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "21013", - "tcp.ack": "101005", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000c76f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a4:83:75:00:28:80:fc", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812576629, TSecr 2654460": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812576629", - "tcp.options.timestamp.tsecr": "2654460" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8754", - "tcp.analysis.ack_rtt": "0.060186000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:10.147237000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496090.147237000", - "frame.time_delta": "0.000529000", - "frame.time_delta_displayed": "0.000529000", - "frame.time_relative": "2498.686551000", - "frame.number": "8757", - "frame.len": "392", - "frame.cap_len": "392", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "378", - "ip.id": "0x00009725", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007514", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "326", - "tcp.seq": "101005", - "tcp.nxtseq": "101331", - "tcp.ack": "21013", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000ad6b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:81:02:a7:a4:83:75", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2654466, TSecr 2812576629": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2654466", - "tcp.options.timestamp.tsecr": "2812576629" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "326", - "tcp.analysis.push_bytes_sent": "326" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "321", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:b4:e4:5c:ca:1f:ce:d0:3b:11:bf:55:ca:8a:36:8e:48:4e:dc:2f:a4:b2:34:0c:4b:1a:55:bf:1f:98:ac:6b:81:a9:57:1a:5b:dc:9c:da:a4:01:40:f9:4d:c1:c7:57:ea:bf:c9:f7:37:2a:d2:4a:5e:10:26:30:76:1e:66:d0:3a:4e:c3:5f:70:a3:fb:6b:38:bc:55:0f:d8:a6:bf:e2:57:5b:c0:14:67:38:6f:8b:50:7f:f0:b9:70:0a:84:67:b8:a7:c1:22:4b:a6:41:71:3d:09:9b:53:63:9b:a7:6e:72:0b:d1:58:8c:09:7a:dd:b2:14:64:cb:af:72:2b:d2:18:ab:8d:da:cd:ec:4d:b7:06:f9:b4:26:b2:ff:a5:64:cf:58:36:6f:13:9f:f0:b8:cb:0b:5c:85:b3:80:f0:6d:e5:0a:cf:2f:85:11:43:27:19:1e:07:3b:60:1e:fb:81:9d:79:97:55:99:3d:1c:e7:65:62:83:85:1b:90:63:5a:93:6c:2f:dc:ca:32:72:24:6d:3b:22:b8:a0:5d:36:91:c2:96:61:95:18:82:aa:22:f2:40:c4:45:35:3c:a5:94:cc:75:5b:85:06:c2:7a:53:8e:b2:cd:34:9c:8d:1c:55:9a:aa:fc:82:e8:24:8d:62:f2:86:f6:cf:c9:26:0f:00:f0:27:c4:81:2c:f9:f1:9b:fc:6b:73:d3:c0:51:2f:06:0a:d8:25:4e:e5:64:0e:51:2a:f8:08:13:25:48:92:a7:75:82:dd:28:f8:55:d3:62:53:02:1f:85:78:0b:d0:69:fd:e6:db:55:e7:d0:0d:8a:fe:ee:ac" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:10.208073000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496090.208073000", - "frame.time_delta": "0.060836000", - "frame.time_delta_displayed": "0.060836000", - "frame.time_relative": "2498.747387000", - "frame.number": "8758", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002e10", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000376f", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "21013", - "tcp.ack": "101331", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000c614", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a4:83:84:00:28:81:02", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812576644, TSecr 2654466": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812576644", - "tcp.options.timestamp.tsecr": "2654466" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8757", - "tcp.analysis.ack_rtt": "0.060836000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:10.209142000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496090.209142000", - "frame.time_delta": "0.001069000", - "frame.time_delta_displayed": "0.001069000", - "frame.time_relative": "2498.748456000", - "frame.number": "8759", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002e11", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000373f", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "21013", - "tcp.nxtseq": "21060", - "tcp.ack": "101331", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000ce4b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a4:83:84:00:28:81:02", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812576644, TSecr 2654466": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812576644", - "tcp.options.timestamp.tsecr": "2654466" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:e9:ca:5b:4f:af:61:3f:ee:b9:ad:95:dc:bf:ce:e9:d2:79:3c:5d:7e:f3:60:f9:ea:52:aa:b2:5a:4a:f3:47:68:dd:d2:20" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:10.210438000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496090.210438000", - "frame.time_delta": "0.001296000", - "frame.time_delta_displayed": "0.001296000", - "frame.time_relative": "2498.749752000", - "frame.number": "8760", - "frame.len": "615", - "frame.cap_len": "615", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "601", - "ip.id": "0x00002e12", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003548", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "549", - "tcp.seq": "21060", - "tcp.nxtseq": "21609", - "tcp.ack": "101331", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000aa96", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a4:83:84:00:28:81:02", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812576644, TSecr 2654466": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812576644", - "tcp.options.timestamp.tsecr": "2654466" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "596", - "tcp.analysis.push_bytes_sent": "549" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "544", - "ssl.app_data": "34:cd:34:17:47:48:0e:ea:75:9d:d5:4f:48:2f:2a:59:4f:55:1a:35:39:51:54:01:44:2e:94:4d:9c:a3:fd:f4:6a:40:dc:bf:24:c6:16:a5:13:c2:08:97:11:d5:d6:c9:56:b5:df:62:da:f1:b2:d7:14:00:1f:ab:2f:f3:01:2a:d9:aa:23:e4:cd:c4:ca:36:c5:d5:a4:d4:a1:a6:ce:f7:f3:be:29:a6:ae:73:ba:9c:85:92:11:e1:6b:dd:a0:2a:9d:51:8a:6f:f5:18:b8:98:b3:d6:7c:6b:d8:0b:be:1f:8c:ae:0b:d7:79:c7:e9:be:b3:b8:f6:6a:94:fd:09:9f:c2:72:51:8e:43:a7:ea:08:d2:53:a4:54:5c:27:f8:d2:0c:0b:46:f4:e5:e1:00:a0:02:88:02:47:27:d5:11:aa:7a:d4:42:1e:c7:0f:64:c0:b2:86:44:f7:70:54:57:bd:b8:a4:87:58:fd:b4:4e:bb:e4:b3:dd:35:54:e6:d7:20:1e:bd:87:45:e7:73:a5:00:1e:56:b5:1e:39:76:e5:a0:ca:e2:75:a7:9c:29:26:9c:56:d8:b9:2f:7a:f0:43:fa:39:88:44:57:ab:eb:3f:7b:5a:c7:77:d5:6a:68:0a:5e:1f:a5:f7:bb:2f:3e:9f:77:a5:e4:57:66:25:02:73:8e:6b:e2:4a:80:a4:6e:73:72:0b:a1:bf:1e:df:d7:95:84:74:d1:31:2d:04:dc:77:dd:a2:d4:7b:cd:e5:c6:d9:ea:0b:2d:45:7a:d1:41:38:3f:85:31:78:55:19:27:f5:d0:5c:be:4b:90:fe:84:77:36:07:30:c8:92:43:e0:ae:f1:9e:6e:e4:04:65:7b:80:e1:ff:c8:1f:ee:6e:75:08:b7:ba:30:67:61:a1:2e:e3:f5:b1:0b:dc:e8:a1:71:be:92:48:67:aa:ee:32:43:a1:5b:ed:0a:b6:c6:c3:1b:1f:82:ca:a4:61:38:f8:a5:ea:e4:b8:f6:77:f3:4a:d6:89:7b:39:eb:f5:be:bb:38:99:84:fe:f2:5e:c0:0d:74:ad:98:ce:e6:e9:be:d8:8f:c3:82:8a:19:66:b1:ed:78:37:4b:72:48:f6:4e:fb:99:57:c1:9d:0e:ae:2d:35:68:96:c6:25:76:16:0d:3d:c9:19:23:68:94:a4:bf:35:61:af:31:b4:ad:ea:b4:7c:5e:4f:9e:41:e8:30:0b:7f:69:87:e0:4e:3e:74:72:fc:fc:76:6a:55:24:09:79:05:9b:0b:0c:d3:f2:fa:05:73:04:50:ba:d2:72:84:f6:49:c6:b9:8d:fa:b3:f5:57:76:ac:cb:2f:b9:28:65:c8:15:cc:44:97:f3:f3:cc:3b:00:18:0b:a6:39:66:f4:7c:db:9d:2a:05:bd:0a:92:05:1f:dc:e8:7b:74:65:05:4d:28:a7:78:08" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:10.214364000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496090.214364000", - "frame.time_delta": "0.003926000", - "frame.time_delta_displayed": "0.003926000", - "frame.time_relative": "2498.753678000", - "frame.number": "8761", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00009726", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000762a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "101331", - "tcp.nxtseq": "101378", - "tcp.ack": "21609", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000022f8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:81:09:a7:a4:83:84", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2654473, TSecr 2812576644": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2654473", - "tcp.options.timestamp.tsecr": "2812576644" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8760", - "tcp.analysis.ack_rtt": "0.003926000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:b5:e2:b3:04:e4:04:4c:10:0e:55:c3:30:f8:26:31:ba:12:4b:85:b4:35:71:29:2f:32:73:01:37:ba:d1:68:46:73:b4:4a" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:10.243262000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496090.243262000", - "frame.time_delta": "0.028898000", - "frame.time_delta_displayed": "0.028898000", - "frame.time_relative": "2498.782576000", - "frame.number": "8762", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "14:91:82:25:10:77", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00003ed1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000797b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.dst_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "36218", - "tcp.dstport": "49154", - "tcp.port": "36218", - "tcp.port": "49154", - "tcp.stream": "335", - "tcp.len": "0", - "tcp.seq": "587", - "tcp.ack": "461", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "262", - "tcp.window_size": "16768", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000b289", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:10.244998000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496090.244998000", - "frame.time_delta": "0.001736000", - "frame.time_delta_displayed": "0.001736000", - "frame.time_relative": "2498.784312000", - "frame.number": "8763", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "14:91:82:25:10:77", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b84c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.src_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "49154", - "tcp.dstport": "36218", - "tcp.port": "49154", - "tcp.port": "36218", - "tcp.stream": "335", - "tcp.len": "0", - "tcp.seq": "461", - "tcp.ack": "588", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3506", - "tcp.window_size": "7012", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x0000a5dd", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8762", - "tcp.analysis.ack_rtt": "0.001736000", - "tcp.analysis.initial_rtt": "0.001852000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:10.254418000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496090.254418000", - "frame.time_delta": "0.009420000", - "frame.time_delta_displayed": "0.009420000", - "frame.time_relative": "2498.793732000", - "frame.number": "8764", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "14:91:82:25:10:77", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x00001e2e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009a0a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.dst_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "36219", - "tcp.dstport": "49154", - "tcp.port": "36219", - "tcp.port": "49154", - "tcp.stream": "336", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 49154", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "14600", - "tcp.window_size": "14600", - "tcp.checksum": "0x00001443", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:28:81:0d:00:00:00:00:01:03:03:06", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 2654477, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2654477", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 6 (multiply by 64)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "6", - "tcp.options.wscale.multiplier": "64" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:10.256145000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496090.256145000", - "frame.time_delta": "0.001727000", - "frame.time_delta_displayed": "0.001727000", - "frame.time_relative": "2498.795459000", - "frame.number": "8765", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "14:91:82:25:10:77", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b840", - "ip.checksum.status": "2", - "ip.src": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.src_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "49154", - "tcp.dstport": "36219", - "tcp.port": "49154", - "tcp.port": "36219", - "tcp.stream": "336", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 49154", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "5840", - "tcp.window_size": "5840", - "tcp.checksum": "0x0000476a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:01", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 1 (multiply by 2)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "1", - "tcp.options.wscale.multiplier": "2" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8764", - "tcp.analysis.ack_rtt": "0.001727000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:10.256610000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496090.256610000", - "frame.time_delta": "0.000465000", - "frame.time_delta_displayed": "0.000465000", - "frame.time_relative": "2498.795924000", - "frame.number": "8766", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "14:91:82:25:10:77", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001e2f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009a1d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.dst_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "36219", - "tcp.dstport": "49154", - "tcp.port": "36219", - "tcp.port": "49154", - "tcp.stream": "336", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "229", - "tcp.window_size": "14656", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x00009e21", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8765", - "tcp.analysis.ack_rtt": "0.000465000", - "tcp.analysis.initial_rtt": "0.002192000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:10.267619000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496090.267619000", - "frame.time_delta": "0.011009000", - "frame.time_delta_displayed": "0.011009000", - "frame.time_relative": "2498.806933000", - "frame.number": "8767", - "frame.len": "551", - "frame.cap_len": "551", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "14:91:82:25:10:77", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "537", - "ip.id": "0x00001e30", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000982b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.dst_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "36219", - "tcp.dstport": "49154", - "tcp.port": "36219", - "tcp.port": "49154", - "tcp.stream": "336", - "tcp.len": "497", - "tcp.seq": "1", - "tcp.nxtseq": "498", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "229", - "tcp.window_size": "14656", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000fedd", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002192000", - "tcp.analysis.bytes_in_flight": "497", - "tcp.analysis.push_bytes_sent": "497" - } - }, - "http": { - "POST \/upnp\/control\/basicevent1 HTTP\/1.1\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "POST \/upnp\/control\/basicevent1 HTTP\/1.1\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "POST", - "http.request.uri": "\/upnp\/control\/basicevent1", - "http.request.version": "HTTP\/1.1" - }, - "http.request.line": "SOAPACTION: \"urn:Belkin:service:basicevent:1#GetBinaryState\"\n", - "http.content_length_header": "277", - "http.content_length_header_tree": { - "http.content_length": "277" - }, - "http.request.line": "Content-Length: 277\n", - "http.content_type": "text\/xml; charset=\"utf-8\"", - "http.request.line": "Content-Type: text\/xml; charset=\"utf-8\"\n", - "http.host": "192.168.0.65:49154", - "http.request.line": "HOST: 192.168.0.65:49154\n", - "http.user_agent": "CyberGarage-HTTP\/1.0", - "http.request.line": "User-Agent: CyberGarage-HTTP\/1.0\n", - "\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.65:49154\/upnp\/control\/basicevent1", - "http.request": "1", - "http.request_number": "1", - "http.file_data": "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<s:Envelope xmlns:s=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\" s:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\">\n<s:Body>\n<u:GetBinaryState xmlns:u=\"urn:Belkin:service:basicevent:1\">\n<\/u:GetBinaryState>\n<\/s:Body>\n<\/s:Envelope>" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"utf-8\"?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "utf-8", - "?>": "" - }, - "xml.tag": "<s:Envelope xmlns:s=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\" s:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\">", - "xml.tag_tree": { - "xml.attribute": "xmlns:s=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\"", - "xml.attribute": "s:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\"", - "xml.tag": "<s:Body>", - "xml.tag_tree": { - "xml.tag": "<u:GetBinaryState xmlns:u=\"urn:Belkin:service:basicevent:1\">", - "xml.tag_tree": { - "xml.attribute": "xmlns:u=\"urn:Belkin:service:basicevent:1\"", - "<\/u:GetBinaryState>": "" - }, - "<\/s:Body>": "" - }, - "<\/s:Envelope>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:10.269729000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496090.269729000", - "frame.time_delta": "0.002110000", - "frame.time_delta_displayed": "0.002110000", - "frame.time_relative": "2498.809043000", - "frame.number": "8768", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "14:91:82:25:10:77", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000bbd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ac8f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.src_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "49154", - "tcp.dstport": "36219", - "tcp.port": "49154", - "tcp.port": "36219", - "tcp.stream": "336", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "498", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3456", - "tcp.window_size": "6912", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x00008f95", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8767", - "tcp.analysis.ack_rtt": "0.002110000", - "tcp.analysis.initial_rtt": "0.002192000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:10.273461000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496090.273461000", - "frame.time_delta": "0.003732000", - "frame.time_delta_displayed": "0.003732000", - "frame.time_relative": "2498.812775000", - "frame.number": "8769", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "14:91:82:25:10:77", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x00000bbe", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000abce", - "ip.checksum.status": "2", - "ip.src": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.src_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "49154", - "tcp.dstport": "36219", - "tcp.port": "49154", - "tcp.port": "36219", - "tcp.stream": "336", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "498", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3456", - "tcp.window_size": "6912", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x0000929e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002192000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:4f:4e:54:45:4e:54:2d:4c:45:4e:47:54:48:3a:20:32:38:35:0d:0a:43:4f:4e:54:45:4e:54:2d:54:59:50:45:3a:20:74:65:78:74:2f:78:6d:6c:3b:20:63:68:61:72:73:65:74:3d:22:75:74:66:2d:38:22:0d:0a:44:41:54:45:3a:20:57:65:64:2c:20:30:31:20:4e:6f:76:20:32:30:31:37:20:30:30:3a:32:38:3a:31:30:20:47:4d:54:0d:0a:45:58:54:3a:0d:0a:53:45:52:56:45:52:3a:20:55:6e:73:70:65:63:69:66:69:65:64:2c:20:55:50:6e:50:2f:31:2e:30:2c:20:55:6e:73:70:65:63:69:66:69:65:64:0d:0a:58:2d:55:73:65:72:2d:41:67:65:6e:74:3a:20:72:65:64:73:6f:6e:69:63:0d:0a:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:10.273918000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496090.273918000", - "frame.time_delta": "0.000457000", - "frame.time_delta_displayed": "0.000457000", - "frame.time_relative": "2498.813232000", - "frame.number": "8770", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "14:91:82:25:10:77", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001e31", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009a1b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.dst_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "36219", - "tcp.dstport": "49154", - "tcp.port": "36219", - "tcp.port": "49154", - "tcp.stream": "336", - "tcp.len": "0", - "tcp.seq": "498", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "245", - "tcp.window_size": "15680", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x00009b60", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8769", - "tcp.analysis.ack_rtt": "0.000457000", - "tcp.analysis.initial_rtt": "0.002192000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:10.274673000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496090.274673000", - "frame.time_delta": "0.000755000", - "frame.time_delta_displayed": "0.000755000", - "frame.time_relative": "2498.813987000", - "frame.number": "8771", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "14:91:82:25:10:77", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00000bbf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ab70", - "ip.checksum.status": "2", - "ip.src": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.src_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "49154", - "tcp.dstport": "36219", - "tcp.port": "49154", - "tcp.port": "36219", - "tcp.stream": "336", - "tcp.len": "285", - "tcp.seq": "193", - "tcp.nxtseq": "479", - "tcp.ack": "498", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3456", - "tcp.window_size": "6912", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x00009b83", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002192000", - "tcp.analysis.bytes_in_flight": "286", - "tcp.analysis.push_bytes_sent": "285" - }, - "tcp.segment_data": "3c:73:3a:45:6e:76:65:6c:6f:70:65:20:78:6d:6c:6e:73:3a:73:3d:22:68:74:74:70:3a:2f:2f:73:63:68:65:6d:61:73:2e:78:6d:6c:73:6f:61:70:2e:6f:72:67:2f:73:6f:61:70:2f:65:6e:76:65:6c:6f:70:65:2f:22:20:73:3a:65:6e:63:6f:64:69:6e:67:53:74:79:6c:65:3d:22:68:74:74:70:3a:2f:2f:73:63:68:65:6d:61:73:2e:78:6d:6c:73:6f:61:70:2e:6f:72:67:2f:73:6f:61:70:2f:65:6e:63:6f:64:69:6e:67:2f:22:3e:3c:73:3a:42:6f:64:79:3e:0a:3c:75:3a:47:65:74:42:69:6e:61:72:79:53:74:61:74:65:52:65:73:70:6f:6e:73:65:20:78:6d:6c:6e:73:3a:75:3d:22:75:72:6e:3a:42:65:6c:6b:69:6e:3a:73:65:72:76:69:63:65:3a:62:61:73:69:63:65:76:65:6e:74:3a:31:22:3e:0d:0a:3c:42:69:6e:61:72:79:53:74:61:74:65:3e:30:3c:2f:42:69:6e:61:72:79:53:74:61:74:65:3e:0d:0a:3c:2f:75:3a:47:65:74:42:69:6e:61:72:79:53:74:61:74:65:52:65:73:70:6f:6e:73:65:3e:0d:0a:3c:2f:73:3a:42:6f:64:79:3e:20:3c:2f:73:3a:45:6e:76:65:6c:6f:70:65:3e" - }, - "tcp.segments": { - "tcp.segment": "8769", - "tcp.segment": "8771", - "tcp.segment.count": "2", - "tcp.reassembled.length": "477", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:4f:4e:54:45:4e:54:2d:4c:45:4e:47:54:48:3a:20:32:38:35:0d:0a:43:4f:4e:54:45:4e:54:2d:54:59:50:45:3a:20:74:65:78:74:2f:78:6d:6c:3b:20:63:68:61:72:73:65:74:3d:22:75:74:66:2d:38:22:0d:0a:44:41:54:45:3a:20:57:65:64:2c:20:30:31:20:4e:6f:76:20:32:30:31:37:20:30:30:3a:32:38:3a:31:30:20:47:4d:54:0d:0a:45:58:54:3a:0d:0a:53:45:52:56:45:52:3a:20:55:6e:73:70:65:63:69:66:69:65:64:2c:20:55:50:6e:50:2f:31:2e:30:2c:20:55:6e:73:70:65:63:69:66:69:65:64:0d:0a:58:2d:55:73:65:72:2d:41:67:65:6e:74:3a:20:72:65:64:73:6f:6e:69:63:0d:0a:0d:0a:3c:73:3a:45:6e:76:65:6c:6f:70:65:20:78:6d:6c:6e:73:3a:73:3d:22:68:74:74:70:3a:2f:2f:73:63:68:65:6d:61:73:2e:78:6d:6c:73:6f:61:70:2e:6f:72:67:2f:73:6f:61:70:2f:65:6e:76:65:6c:6f:70:65:2f:22:20:73:3a:65:6e:63:6f:64:69:6e:67:53:74:79:6c:65:3d:22:68:74:74:70:3a:2f:2f:73:63:68:65:6d:61:73:2e:78:6d:6c:73:6f:61:70:2e:6f:72:67:2f:73:6f:61:70:2f:65:6e:63:6f:64:69:6e:67:2f:22:3e:3c:73:3a:42:6f:64:79:3e:0a:3c:75:3a:47:65:74:42:69:6e:61:72:79:53:74:61:74:65:52:65:73:70:6f:6e:73:65:20:78:6d:6c:6e:73:3a:75:3d:22:75:72:6e:3a:42:65:6c:6b:69:6e:3a:73:65:72:76:69:63:65:3a:62:61:73:69:63:65:76:65:6e:74:3a:31:22:3e:0d:0a:3c:42:69:6e:61:72:79:53:74:61:74:65:3e:30:3c:2f:42:69:6e:61:72:79:53:74:61:74:65:3e:0d:0a:3c:2f:75:3a:47:65:74:42:69:6e:61:72:79:53:74:61:74:65:52:65:73:70:6f:6e:73:65:3e:0d:0a:3c:2f:73:3a:42:6f:64:79:3e:20:3c:2f:73:3a:45:6e:76:65:6c:6f:70:65:3e" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_length_header": "285", - "http.content_length_header_tree": { - "http.content_length": "285" - }, - "http.response.line": "CONTENT-LENGTH: 285\r\n", - "http.content_type": "text\/xml; charset=\"utf-8\"", - "http.response.line": "CONTENT-TYPE: text\/xml; charset=\"utf-8\"\r\n", - "http.date": "Wed, 01 Nov 2017 00:28:10 GMT", - "http.response.line": "DATE: Wed, 01 Nov 2017 00:28:10 GMT\r\n", - "http.response.line": "EXT:\r\n", - "http.server": "Unspecified, UPnP\/1.0, Unspecified", - "http.response.line": "SERVER: Unspecified, UPnP\/1.0, Unspecified\r\n", - "http.response.line": "X-User-Agent: redsonic\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.007054000", - "http.request_in": "8767", - "http.file_data": "<s:Envelope xmlns:s=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\" s:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\"><s:Body>\n<u:GetBinaryStateResponse xmlns:u=\"urn:Belkin:service:basicevent:1\">\r\n<BinaryState>0<\/BinaryState>\r\n<\/u:GetBinaryStateResponse>\r\n<\/s:Body> <\/s:Envelope>" - }, - "xml": { - "xml.tag": "<s:Envelope xmlns:s=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\" s:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\">", - "xml.tag_tree": { - "xml.attribute": "xmlns:s=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\"", - "xml.attribute": "s:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\"", - "xml.tag": "<s:Body>", - "xml.tag_tree": { - "xml.tag": "<u:GetBinaryStateResponse xmlns:u=\"urn:Belkin:service:basicevent:1\">", - "xml.tag_tree": { - "xml.attribute": "xmlns:u=\"urn:Belkin:service:basicevent:1\"", - "xml.tag": "<BinaryState>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/BinaryState>": "" - }, - "<\/u:GetBinaryStateResponse>": "" - }, - "<\/s:Body>": "" - }, - "<\/s:Envelope>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:10.314156000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496090.314156000", - "frame.time_delta": "0.039483000", - "frame.time_delta_displayed": "0.039483000", - "frame.time_relative": "2498.853470000", - "frame.number": "8772", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "14:91:82:25:10:77", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001e32", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009a1a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.dst_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "36219", - "tcp.dstport": "49154", - "tcp.port": "36219", - "tcp.port": "49154", - "tcp.stream": "336", - "tcp.len": "0", - "tcp.seq": "498", - "tcp.ack": "479", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "262", - "tcp.window_size": "16768", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x00009a31", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8771", - "tcp.analysis.ack_rtt": "0.039483000", - "tcp.analysis.initial_rtt": "0.002192000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:10.315900000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496090.315900000", - "frame.time_delta": "0.001744000", - "frame.time_delta_displayed": "0.001744000", - "frame.time_relative": "2498.855214000", - "frame.number": "8773", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002e13", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000376c", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "21609", - "tcp.ack": "101378", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000c36f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a4:83:9f:00:28:81:09", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812576671, TSecr 2654473": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812576671", - "tcp.options.timestamp.tsecr": "2654473" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8761", - "tcp.analysis.ack_rtt": "0.101536000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:10.316422000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496090.316422000", - "frame.time_delta": "0.000522000", - "frame.time_delta_displayed": "0.000522000", - "frame.time_relative": "2498.855736000", - "frame.number": "8774", - "frame.len": "876", - "frame.cap_len": "876", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "862", - "ip.id": "0x00009727", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000732e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "810", - "tcp.seq": "101378", - "tcp.nxtseq": "102188", - "tcp.ack": "21609", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00000208", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:81:13:a7:a4:83:9f", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2654483, TSecr 2812576671": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2654483", - "tcp.options.timestamp.tsecr": "2812576671" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "810", - "tcp.analysis.push_bytes_sent": "810" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "48", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:b6:eb:87:67:4e:3e:11:a1:bd:09:f8:5c:53:50:1b:52:df:23:40:0d:0e:40:f8:0a:59:93:50:e1:b2:33:0e:14:b1:86:6f:a7:4a:c8:a8:dd:1f" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:b7:3a:6d:14:41:55:06:1f:66:43:2f:37:4c:1f:8d:69:f8:c0:a8:2e:4c:2b:bd:db:31:7d:39:51:0d:de:7f:f9:1b:c0:02:6a:24:54:53:bb:47:84" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:b8:ca:84:c9:0e:72:33:54:92:49:a9:98:22:a4:32:e1:63:cd:9d:6c:f4:de:b8:f0:64:bd:4b:08:7f:66:13:fd:26:89:c3:96:76:4c:f8:4b:3a:3d" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:b9:e0:0a:da:63:1c:49:26:24:06:9c:88:dc:c1:e0:7b:37:68:a8:78:3e:68:94:cd:c4:14:2c:91:3b:9a:46:b8:01:00:a7:41:e1:10:25:6b:8c:58" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "246", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:ba:cf:22:7b:60:72:12:f2:2a:c4:1b:8c:61:19:b3:55:09:d0:50:7f:d4:d5:06:5b:8e:54:0c:50:61:ad:42:8f:54:c6:08:92:d8:2b:4b:58:fa:41:ac:e2:c5:7a:a9:9f:f6:31:11:e9:81:7f:37:c2:e9:fa:8c:77:76:c8:32:52:dd:94:02:4e:a4:26:e9:92:a2:68:ba:96:c3:3b:3d:10:bb:dc:d0:c9:70:ef:92:f1:f5:4b:9f:2f:34:1b:48:dc:f2:ac:7d:fa:cb:f8:27:54:22:7a:9e:40:b0:a4:ba:8a:91:cd:b5:49:e5:32:1f:47:86:1c:58:24:e5:2a:ad:39:c8:db:d8:44:56:f3:9b:0e:d8:e5:49:b2:5b:85:54:ef:95:59:3f:2a:94:ff:e1:5d:ee:c0:9c:48:73:b9:02:63:14:4b:00:43:b1:d2:00:71:b5:a1:5f:bc:46:9b:3b:a8:63:e3:71:57:05:3e:68:9d:e0:6a:1b:6a:7a:d3:fa:78:4b:74:5b:b0:14:2c:8e:a3:29:3e:07:06:87:ec:d5:52:6d:cb:5b:db:ed:1b:e1:e9:55:8b:d0:b1:c0:2e:9a:cf:38:ea:83:0a:7b:0d:db:12:e9:88:dc:8b:ac:5a:54" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "339", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:bb:16:df:75:da:c0:3d:41:d4:27:f0:8d:e8:a1:b8:19:40:92:56:a9:45:14:45:f3:9a:c1:ed:29:70:d4:7f:30:89:80:3d:b5:30:1a:93:86:0c:c6:94:00:f0:9c:1c:92:15:8d:47:62:5b:19:aa:2b:7c:5f:44:09:e5:01:34:92:33:06:1b:f9:77:18:5f:cb:e9:6e:82:e3:63:b1:04:5e:71:05:a8:3d:13:65:84:ce:8d:0e:92:f2:ca:a0:80:9e:d7:fc:15:ca:e7:c3:42:3e:2d:f6:0e:19:cd:c8:0d:de:27:e8:27:a1:7d:fe:93:d2:31:e3:bd:82:b4:6e:7c:30:bc:b3:ed:f1:c7:e2:7c:4c:4f:39:57:40:e5:4c:20:b9:7b:42:7f:75:7f:de:5f:9a:cc:bd:e3:77:ee:b8:ba:c1:2c:53:c9:bc:24:a0:b2:ad:d0:6a:cb:79:bc:d6:28:e5:e3:79:8a:82:df:55:bd:c0:2b:ac:7f:9a:05:65:61:2d:5f:bc:82:1d:3d:c9:18:d9:a2:1d:fd:6f:88:8b:ef:dc:f5:7c:f2:a9:a6:ce:5b:dd:1c:41:8f:72:09:09:03:55:39:ac:09:41:88:da:43:fd:94:cd:68:24:9f:86:05:63:4e:4d:f0:4a:bd:8d:3b:13:fe:76:bc:41:cf:ec:53:2e:55:30:c9:90:77:35:aa:36:fd:e4:6a:e5:07:77:93:ab:96:7b:89:20:c0:30:ab:86:9c:3d:09:0d:51:34:9e:0e:c4:78:a2:5d:14:3e:00:79:c3:6c:c1:03:0f:a2:39:08:72:a4:b9:50:ce:ae:89:cd:98:16:25:9c:42:e7:fe:ea:4d:48:f5:89:98:79:8f:37:94:e4:df:7a" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:10.379589000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496090.379589000", - "frame.time_delta": "0.063167000", - "frame.time_delta_displayed": "0.063167000", - "frame.time_relative": "2498.918903000", - "frame.number": "8775", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002e14", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000376b", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "21609", - "tcp.ack": "102188", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000c02c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a4:83:ae:00:28:81:13", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812576686, TSecr 2654483": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812576686", - "tcp.options.timestamp.tsecr": "2654483" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8774", - "tcp.analysis.ack_rtt": "0.063167000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:10.381051000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496090.381051000", - "frame.time_delta": "0.001462000", - "frame.time_delta_displayed": "0.001462000", - "frame.time_relative": "2498.920365000", - "frame.number": "8776", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002e15", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000373b", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "21609", - "tcp.nxtseq": "21656", - "tcp.ack": "102188", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000c49e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a4:83:af:00:28:81:13", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812576687, TSecr 2654483": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812576687", - "tcp.options.timestamp.tsecr": "2654483" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:eb:27:d1:f9:40:8c:d1:6f:a2:e9:52:53:f1:e2:a4:ef:f3:5e:45:65:45:1d:ab:4e:1a:f8:c8:ea:2a:ce:8b:b7:5d:ce:0e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:10.387267000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496090.387267000", - "frame.time_delta": "0.006216000", - "frame.time_delta_displayed": "0.006216000", - "frame.time_relative": "2498.926581000", - "frame.number": "8777", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00009728", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007628", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "102188", - "tcp.nxtseq": "102235", - "tcp.ack": "21656", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000b4c3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:81:1a:a7:a4:83:af", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2654490, TSecr 2812576687": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2654490", - "tcp.options.timestamp.tsecr": "2812576687" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8776", - "tcp.analysis.ack_rtt": "0.006216000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:bc:7a:96:f6:76:50:38:32:bd:38:75:29:8a:40:a8:00:2c:3d:98:d4:0c:77:3d:17:2a:c5:1c:af:6c:fc:8d:f4:de:4d:74" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:10.397501000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496090.397501000", - "frame.time_delta": "0.010234000", - "frame.time_delta_displayed": "0.010234000", - "frame.time_relative": "2498.936815000", - "frame.number": "8778", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "14:91:82:25:10:77", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001e33", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00009a19", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.dst_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "36219", - "tcp.dstport": "49154", - "tcp.port": "36219", - "tcp.port": "49154", - "tcp.stream": "336", - "tcp.len": "0", - "tcp.seq": "498", - "tcp.ack": "479", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "262", - "tcp.window_size": "16768", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x00009a30", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:10.403742000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496090.403742000", - "frame.time_delta": "0.006241000", - "frame.time_delta_displayed": "0.006241000", - "frame.time_relative": "2498.943056000", - "frame.number": "8779", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "14:91:82:25:10:77", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b84c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.src_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "49154", - "tcp.dstport": "36219", - "tcp.port": "49154", - "tcp.port": "36219", - "tcp.stream": "336", - "tcp.len": "0", - "tcp.seq": "479", - "tcp.ack": "499", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3456", - "tcp.window_size": "6912", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x00008db6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8778", - "tcp.analysis.ack_rtt": "0.006241000", - "tcp.analysis.initial_rtt": "0.002192000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:10.486086000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496090.486086000", - "frame.time_delta": "0.082344000", - "frame.time_delta_displayed": "0.082344000", - "frame.time_relative": "2499.025400000", - "frame.number": "8780", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002e16", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003769", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "21656", - "tcp.ack": "102235", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000bfab", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a4:83:ca:00:28:81:1a", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812576714, TSecr 2654490": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812576714", - "tcp.options.timestamp.tsecr": "2654490" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8777", - "tcp.analysis.ack_rtt": "0.098819000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:10.486568000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496090.486568000", - "frame.time_delta": "0.000482000", - "frame.time_delta_displayed": "0.000482000", - "frame.time_relative": "2499.025882000", - "frame.number": "8781", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "106", - "ip.id": "0x00009729", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007620", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "54", - "tcp.seq": "102235", - "tcp.nxtseq": "102289", - "tcp.ack": "21656", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000a7af", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:81:24:a7:a4:83:ca", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2654500, TSecr 2812576714": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2654500", - "tcp.options.timestamp.tsecr": "2812576714" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "54", - "tcp.analysis.push_bytes_sent": "54" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:bd:66:4d:64:b2:83:96:ff:f8:b5:12:65:ee:bb:49:09:50:6c:49:67:e6:0a:d2:eb:0f:6c:e3:97:74:32:bf:11:84:d7:9b:cf:69:9c:16:17:5f:08" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:10.547269000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496090.547269000", - "frame.time_delta": "0.060701000", - "frame.time_delta_displayed": "0.060701000", - "frame.time_relative": "2499.086583000", - "frame.number": "8782", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002e17", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003768", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "21656", - "tcp.ack": "102289", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000bf5c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a4:83:d9:00:28:81:24", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812576729, TSecr 2654500": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812576729", - "tcp.options.timestamp.tsecr": "2654500" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8781", - "tcp.analysis.ack_rtt": "0.060701000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:10.815092000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496090.815092000", - "frame.time_delta": "0.267823000", - "frame.time_delta_displayed": "0.267823000", - "frame.time_relative": "2499.354406000", - "frame.number": "8783", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "14:91:82:25:10:77", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002946", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008efa", - "ip.checksum.status": "2", - "ip.src": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.src_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "4470", - "tcp.dstport": "39500", - "tcp.port": "4470", - "tcp.port": "39500", - "tcp.stream": "337", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 39500", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "5840", - "tcp.window_size": "5840", - "tcp.checksum": "0x0000ae86", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:01", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 1 (multiply by 2)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "1", - "tcp.options.wscale.multiplier": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:10.815576000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496090.815576000", - "frame.time_delta": "0.000484000", - "frame.time_delta_displayed": "0.000484000", - "frame.time_relative": "2499.354890000", - "frame.number": "8784", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "14:91:82:25:10:77", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b840", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.dst_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "39500", - "tcp.dstport": "4470", - "tcp.port": "39500", - "tcp.port": "4470", - "tcp.stream": "337", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 39500", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "14600", - "tcp.window_size": "14600", - "tcp.checksum": "0x00006fe6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:06", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 6 (multiply by 64)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "6", - "tcp.options.wscale.multiplier": "64" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8783", - "tcp.analysis.ack_rtt": "0.000484000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:10.819329000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496090.819329000", - "frame.time_delta": "0.003753000", - "frame.time_delta_displayed": "0.003753000", - "frame.time_relative": "2499.358643000", - "frame.number": "8785", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "14:91:82:25:10:77", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002947", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008f05", - "ip.checksum.status": "2", - "ip.src": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.src_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "4470", - "tcp.dstport": "39500", - "tcp.port": "4470", - "tcp.port": "39500", - "tcp.stream": "337", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "2920", - "tcp.window_size": "5840", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x0000de57", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8784", - "tcp.analysis.ack_rtt": "0.003753000", - "tcp.analysis.initial_rtt": "0.004237000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:10.822253000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496090.822253000", - "frame.time_delta": "0.002924000", - "frame.time_delta_displayed": "0.002924000", - "frame.time_relative": "2499.361567000", - "frame.number": "8786", - "frame.len": "258", - "frame.cap_len": "258", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "14:91:82:25:10:77", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "244", - "ip.id": "0x00002948", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008e38", - "ip.checksum.status": "2", - "ip.src": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.src_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "4470", - "tcp.dstport": "39500", - "tcp.port": "4470", - "tcp.port": "39500", - "tcp.stream": "337", - "tcp.len": "204", - "tcp.seq": "1", - "tcp.nxtseq": "205", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "2920", - "tcp.window_size": "5840", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x000027fc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004237000", - "tcp.analysis.bytes_in_flight": "204", - "tcp.analysis.push_bytes_sent": "204" - }, - "tcp.segment_data": "4e:4f:54:49:46:59:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:4f:53:54:3a:20:31:39:32:2e:31:36:38:2e:30:2e:32:34:32:3a:33:39:35:30:30:0d:0a:43:4f:4e:54:45:4e:54:2d:54:59:50:45:3a:20:74:65:78:74:2f:78:6d:6c:3b:20:63:68:61:72:73:65:74:3d:22:75:74:66:2d:38:22:0d:0a:43:4f:4e:54:45:4e:54:2d:4c:45:4e:47:54:48:3a:20:31:35:30:0d:0a:4e:54:3a:20:75:70:6e:70:3a:65:76:65:6e:74:0d:0a:4e:54:53:3a:20:75:70:6e:70:3a:70:72:6f:70:63:68:61:6e:67:65:0d:0a:53:49:44:3a:20:75:75:69:64:3a:38:39:37:36:63:63:64:36:2d:31:64:64:32:2d:31:31:62:32:2d:62:65:35:62:2d:62:30:65:66:32:36:30:30:36:38:61:61:0d:0a:53:45:51:3a:20:31:0d:0a:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:10.822736000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496090.822736000", - "frame.time_delta": "0.000483000", - "frame.time_delta_displayed": "0.000483000", - "frame.time_relative": "2499.362050000", - "frame.number": "8787", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "14:91:82:25:10:77", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00004a3f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006e0d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.dst_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "39500", - "tcp.dstport": "4470", - "tcp.port": "39500", - "tcp.port": "4470", - "tcp.stream": "337", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "205", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "245", - "tcp.window_size": "15680", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000e7fe", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8786", - "tcp.analysis.ack_rtt": "0.000483000", - "tcp.analysis.initial_rtt": "0.004237000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:10.824207000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496090.824207000", - "frame.time_delta": "0.001471000", - "frame.time_delta_displayed": "0.001471000", - "frame.time_relative": "2499.363521000", - "frame.number": "8788", - "frame.len": "205", - "frame.cap_len": "205", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml:http:data" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "14:91:82:25:10:77", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "191", - "ip.id": "0x00002949", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008e6c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.src_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "4470", - "tcp.dstport": "39500", - "tcp.port": "4470", - "tcp.port": "39500", - "tcp.stream": "337", - "tcp.len": "151", - "tcp.seq": "205", - "tcp.nxtseq": "356", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "2920", - "tcp.window_size": "5840", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x0000a925", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004237000", - "tcp.analysis.bytes_in_flight": "151", - "tcp.analysis.push_bytes_sent": "151" - }, - "tcp.segment_data": "3c:65:3a:70:72:6f:70:65:72:74:79:73:65:74:20:78:6d:6c:6e:73:3a:65:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:65:76:65:6e:74:2d:31:2d:30:22:3e:0a:3c:65:3a:70:72:6f:70:65:72:74:79:3e:0a:3c:45:6e:65:72:67:79:50:65:72:55:6e:69:74:43:6f:73:74:3e:31:7c:31:31:31:7c:31:3c:2f:45:6e:65:72:67:79:50:65:72:55:6e:69:74:43:6f:73:74:3e:0a:3c:2f:65:3a:70:72:6f:70:65:72:74:79:3e:0a:3c:2f:65:3a:70:72:6f:70:65:72:74:79:73:65:74:3e:0a:0a:0d" - }, - "tcp.segments": { - "tcp.segment": "8786", - "tcp.segment": "8788", - "tcp.segment.count": "2", - "tcp.reassembled.length": "354", - "tcp.reassembled.data": "4e:4f:54:49:46:59:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:4f:53:54:3a:20:31:39:32:2e:31:36:38:2e:30:2e:32:34:32:3a:33:39:35:30:30:0d:0a:43:4f:4e:54:45:4e:54:2d:54:59:50:45:3a:20:74:65:78:74:2f:78:6d:6c:3b:20:63:68:61:72:73:65:74:3d:22:75:74:66:2d:38:22:0d:0a:43:4f:4e:54:45:4e:54:2d:4c:45:4e:47:54:48:3a:20:31:35:30:0d:0a:4e:54:3a:20:75:70:6e:70:3a:65:76:65:6e:74:0d:0a:4e:54:53:3a:20:75:70:6e:70:3a:70:72:6f:70:63:68:61:6e:67:65:0d:0a:53:49:44:3a:20:75:75:69:64:3a:38:39:37:36:63:63:64:36:2d:31:64:64:32:2d:31:31:62:32:2d:62:65:35:62:2d:62:30:65:66:32:36:30:30:36:38:61:61:0d:0a:53:45:51:3a:20:31:0d:0a:0d:0a:3c:65:3a:70:72:6f:70:65:72:74:79:73:65:74:20:78:6d:6c:6e:73:3a:65:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:65:76:65:6e:74:2d:31:2d:30:22:3e:0a:3c:65:3a:70:72:6f:70:65:72:74:79:3e:0a:3c:45:6e:65:72:67:79:50:65:72:55:6e:69:74:43:6f:73:74:3e:31:7c:31:31:31:7c:31:3c:2f:45:6e:65:72:67:79:50:65:72:55:6e:69:74:43:6f:73:74:3e:0a:3c:2f:65:3a:70:72:6f:70:65:72:74:79:3e:0a:3c:2f:65:3a:70:72:6f:70:65:72:74:79:73:65:74:3e:0a:0a:0d" - }, - "http": { - "NOTIFY \/ HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY \/ HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "\/", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.242:39500", - "http.content_type": "text\/xml; charset=\"utf-8\"", - "http.content_length_header": "150", - "http.content_length_header_tree": { - "http.content_length": "150" - }, - "http.unknown_header": "NT: upnp:event\\r\\n", - "http.unknown_header": "NTS: upnp:propchange\\r\\n", - "http.unknown_header": "SID: uuid:8976ccd6-1dd2-11b2-be5b-b0ef260068aa\\r\\n", - "http.unknown_header": "SEQ: 1\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.242:39500\/", - "http.notification": "1", - "http.file_data": "<e:propertyset xmlns:e=\"urn:schemas-upnp-org:event-1-0\">\n<e:property>\n<EnergyPerUnitCost>1|111|1<\/EnergyPerUnitCost>\n<\/e:property>\n<\/e:propertyset>\n\n\r" - }, - "xml": { - "xml.tag": "<e:propertyset xmlns:e=\"urn:schemas-upnp-org:event-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns:e=\"urn:schemas-upnp-org:event-1-0\"", - "xml.tag": "<e:property>", - "xml.tag_tree": { - "xml.tag": "<EnergyPerUnitCost>", - "xml.tag_tree": { - "xml.cdata": "1|111|1", - "<\/EnergyPerUnitCost>": "" - }, - "<\/e:property>": "" - }, - "<\/e:propertyset>": "" - } - }, - "http": { - "data": { - "data.data": "0a", - "data.len": "1" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:10.824620000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496090.824620000", - "frame.time_delta": "0.000413000", - "frame.time_delta_displayed": "0.000413000", - "frame.time_relative": "2499.363934000", - "frame.number": "8789", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "14:91:82:25:10:77", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00004a40", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006e0c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.dst_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "39500", - "tcp.dstport": "4470", - "tcp.port": "39500", - "tcp.port": "4470", - "tcp.stream": "337", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "356", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "262", - "tcp.window_size": "16768", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000e756", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8788", - "tcp.analysis.ack_rtt": "0.000413000", - "tcp.analysis.initial_rtt": "0.004237000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:10.841176000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496090.841176000", - "frame.time_delta": "0.016556000", - "frame.time_delta_displayed": "0.016556000", - "frame.time_relative": "2499.380490000", - "frame.number": "8790", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "106", - "ip.id": "0x0000972a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000761f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "54", - "tcp.seq": "102289", - "tcp.nxtseq": "102343", - "tcp.ack": "21656", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00001277", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:81:47:a7:a4:83:d9", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2654535, TSecr 2812576729": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2654535", - "tcp.options.timestamp.tsecr": "2812576729" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "54", - "tcp.analysis.push_bytes_sent": "54" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:be:9e:b1:cd:0a:7a:46:8d:e0:95:66:6c:da:bb:16:c3:d2:9d:46:a6:1e:57:e9:e8:8f:1f:c4:d1:98:b7:6b:ca:33:76:97:10:cc:31:38:c5:61:0a" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:10.902089000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496090.902089000", - "frame.time_delta": "0.060913000", - "frame.time_delta_displayed": "0.060913000", - "frame.time_relative": "2499.441403000", - "frame.number": "8791", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002e18", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003767", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "21656", - "tcp.ack": "102343", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000beab", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a4:84:31:00:28:81:47", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812576817, TSecr 2654535": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812576817", - "tcp.options.timestamp.tsecr": "2654535" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8790", - "tcp.analysis.ack_rtt": "0.060913000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:10.902619000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496090.902619000", - "frame.time_delta": "0.000530000", - "frame.time_delta_displayed": "0.000530000", - "frame.time_relative": "2499.441933000", - "frame.number": "8792", - "frame.len": "480", - "frame.cap_len": "480", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "466", - "ip.id": "0x0000972b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000074b6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "414", - "tcp.seq": "102343", - "tcp.nxtseq": "102757", - "tcp.ack": "21656", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000ccb9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:81:4d:a7:a4:84:31", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2654541, TSecr 2812576817": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2654541", - "tcp.options.timestamp.tsecr": "2812576817" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "414", - "tcp.analysis.push_bytes_sent": "414" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "409", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:bf:2e:c0:fa:e8:bb:35:89:0a:24:49:fc:73:5b:39:9e:2f:f0:91:a9:85:29:21:d1:9e:c0:a9:a0:2e:6e:c0:7d:f5:9a:4b:3d:0c:c0:f2:fe:29:e6:97:ed:d5:1a:70:92:76:b3:66:01:5d:6d:07:b2:03:65:0f:8c:9f:22:06:4d:2f:8c:ef:0e:7c:b6:4d:fa:9e:8a:76:5f:fe:36:ee:ba:eb:aa:0f:43:9f:1e:c4:51:54:c5:6c:ed:b1:e6:78:8e:14:c3:1b:9d:3d:53:04:c0:c7:39:75:b4:82:15:fb:40:2e:75:a7:7a:e8:88:ed:d9:04:c1:5b:4c:7b:fc:b6:75:ac:8c:2d:a0:da:b9:23:5b:c5:0b:be:a9:7b:3e:dd:12:59:16:3b:e2:69:fd:c5:4e:23:e0:5b:2a:ec:ba:22:13:25:67:fc:86:98:48:d9:a7:bb:bc:2d:0a:33:f4:fe:bc:3d:a5:7c:db:38:79:e9:72:60:08:bb:71:39:0c:bd:13:fd:d1:4c:72:fb:75:cf:94:95:2d:f9:a6:c9:3d:ba:75:48:22:2d:b0:78:a8:ed:09:07:9a:76:d3:4e:89:35:8a:7f:cb:70:c7:67:95:fa:1f:29:2b:b6:48:e8:54:34:d4:1b:8f:f8:43:eb:96:ae:e5:52:77:38:a6:fc:94:96:ff:8a:4e:1c:68:60:da:51:a6:5c:3c:86:bb:f1:70:46:0b:e7:d7:d5:ee:50:27:ed:40:0b:70:df:c3:cb:66:b3:b7:39:09:55:b8:4c:2e:7b:5b:c1:33:c2:f5:c0:d2:07:78:c5:20:96:8d:ee:ba:35:b4:22:a8:c4:d1:36:a0:05:69:9e:21:38:b2:a1:9c:f1:85:18:f9:a9:73:9d:cb:71:8d:19:fd:2f:ce:ae:3d:f1:ad:f3:70:13:63:9f:0d:f7:86:19:53:74:3d:7d:d4:a2:fb:10:a3:e5:41:1a:9d:c1:75:a2:28:93:1a:23:73:e8:77:68:ef:88:31:a8:44:b5:d3:b8:8e:c6:19:f9:23:9d:07:92:e7:4b:bc:27:79:a2:03:e7:9e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:10.964505000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496090.964505000", - "frame.time_delta": "0.061886000", - "frame.time_delta_displayed": "0.061886000", - "frame.time_relative": "2499.503819000", - "frame.number": "8793", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002e19", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003766", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "21656", - "tcp.ack": "102757", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000bcf7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a4:84:41:00:28:81:4d", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812576833, TSecr 2654541": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812576833", - "tcp.options.timestamp.tsecr": "2654541" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8792", - "tcp.analysis.ack_rtt": "0.061886000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:10.965696000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496090.965696000", - "frame.time_delta": "0.001191000", - "frame.time_delta_displayed": "0.001191000", - "frame.time_relative": "2499.505010000", - "frame.number": "8794", - "frame.len": "151", - "frame.cap_len": "151", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "137", - "ip.id": "0x00002e1a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003710", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "85", - "tcp.seq": "21656", - "tcp.nxtseq": "21741", - "tcp.ack": "102757", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00001661", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a4:84:41:00:28:81:4d", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812576833, TSecr 2654541": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812576833", - "tcp.options.timestamp.tsecr": "2654541" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "85", - "tcp.analysis.push_bytes_sent": "85" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "80", - "ssl.app_data": "34:cd:34:17:47:48:0e:ec:77:f5:0d:50:72:f7:c6:23:8a:b9:17:5d:6b:7e:f7:46:8b:96:40:7d:84:0c:40:30:b2:7a:93:5a:57:70:9b:dc:07:76:54:f5:cc:71:09:f5:16:e4:7e:eb:55:d1:c8:d7:1c:10:c8:52:2a:5a:0c:82:59:89:72:10:8e:4f:53:b1:26:84:61:cb:86:bc:2b:43" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:10.969488000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496090.969488000", - "frame.time_delta": "0.003792000", - "frame.time_delta_displayed": "0.003792000", - "frame.time_relative": "2499.508802000", - "frame.number": "8795", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x0000972c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007624", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "102757", - "tcp.nxtseq": "102804", - "tcp.ack": "21741", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000677a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:81:54:a7:a4:84:41", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2654548, TSecr 2812576833": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2654548", - "tcp.options.timestamp.tsecr": "2812576833" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8794", - "tcp.analysis.ack_rtt": "0.003792000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:c0:46:91:d2:67:ac:46:1b:4b:28:9b:57:a3:a1:5e:42:b7:74:1b:23:de:c8:c9:30:62:dc:47:fe:b7:2b:2f:65:d1:97:8e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:10.978166000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496090.978166000", - "frame.time_delta": "0.008678000", - "frame.time_delta_displayed": "0.008678000", - "frame.time_relative": "2499.517480000", - "frame.number": "8796", - "frame.len": "92", - "frame.cap_len": "92", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "14:91:82:25:10:77", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "78", - "ip.id": "0x00004a41", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006de5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.dst_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "39500", - "tcp.dstport": "4470", - "tcp.port": "39500", - "tcp.port": "4470", - "tcp.stream": "337", - "tcp.len": "38", - "tcp.seq": "1", - "tcp.nxtseq": "39", - "tcp.ack": "356", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "262", - "tcp.window_size": "16768", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000f3e1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004237000", - "tcp.analysis.bytes_in_flight": "38", - "tcp.analysis.push_bytes_sent": "38" - } - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.connection": "close", - "http.response.line": "Connection: close\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:10.979570000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496090.979570000", - "frame.time_delta": "0.001404000", - "frame.time_delta_displayed": "0.001404000", - "frame.time_relative": "2499.518884000", - "frame.number": "8797", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "14:91:82:25:10:77", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000294a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008f02", - "ip.checksum.status": "2", - "ip.src": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.src_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "4470", - "tcp.dstport": "39500", - "tcp.port": "4470", - "tcp.port": "39500", - "tcp.stream": "337", - "tcp.len": "0", - "tcp.seq": "356", - "tcp.ack": "39", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "2920", - "tcp.window_size": "5840", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x0000dcce", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8796", - "tcp.analysis.ack_rtt": "0.001404000", - "tcp.analysis.initial_rtt": "0.004237000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:10.980592000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496090.980592000", - "frame.time_delta": "0.001022000", - "frame.time_delta_displayed": "0.001022000", - "frame.time_relative": "2499.519906000", - "frame.number": "8798", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "14:91:82:25:10:77", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000294b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008f01", - "ip.checksum.status": "2", - "ip.src": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.src_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "4470", - "tcp.dstport": "39500", - "tcp.port": "4470", - "tcp.port": "39500", - "tcp.stream": "337", - "tcp.len": "0", - "tcp.seq": "356", - "tcp.ack": "39", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "2920", - "tcp.window_size": "5840", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x0000dccd", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:10.981220000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496090.981220000", - "frame.time_delta": "0.000628000", - "frame.time_delta_displayed": "0.000628000", - "frame.time_relative": "2499.520534000", - "frame.number": "8799", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "14:91:82:25:10:77", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00004a42", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006e0a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.dst_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "39500", - "tcp.dstport": "4470", - "tcp.port": "39500", - "tcp.port": "4470", - "tcp.stream": "337", - "tcp.len": "0", - "tcp.seq": "39", - "tcp.ack": "357", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "262", - "tcp.window_size": "16768", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000e72e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8798", - "tcp.analysis.ack_rtt": "0.000628000", - "tcp.analysis.initial_rtt": "0.004237000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:10.983303000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496090.983303000", - "frame.time_delta": "0.002083000", - "frame.time_delta_displayed": "0.002083000", - "frame.time_relative": "2499.522617000", - "frame.number": "8800", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "14:91:82:25:10:77", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000294c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008f00", - "ip.checksum.status": "2", - "ip.src": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.src_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "4470", - "tcp.dstport": "39500", - "tcp.port": "4470", - "tcp.port": "39500", - "tcp.stream": "337", - "tcp.len": "0", - "tcp.seq": "357", - "tcp.ack": "40", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "2920", - "tcp.window_size": "5840", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x0000dccc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8799", - "tcp.analysis.ack_rtt": "0.002083000", - "tcp.analysis.initial_rtt": "0.004237000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:11.030278000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496091.030278000", - "frame.time_delta": "0.046975000", - "frame.time_delta_displayed": "0.046975000", - "frame.time_relative": "2499.569592000", - "frame.number": "8801", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002e1b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003735", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "21741", - "tcp.nxtseq": "21788", - "tcp.ack": "102804", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00005aac", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a4:84:52:00:28:81:54", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812576850, TSecr 2654548": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812576850", - "tcp.options.timestamp.tsecr": "2654548" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8795", - "tcp.analysis.ack_rtt": "0.060790000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:ed:03:af:00:5e:4d:d3:29:b2:d6:d6:39:95:85:93:c1:2d:57:6a:cc:87:08:00:f3:e8:16:d0:8d:b4:6c:04:2f:df:83:00" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:11.030764000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496091.030764000", - "frame.time_delta": "0.000486000", - "frame.time_delta_displayed": "0.000486000", - "frame.time_relative": "2499.570078000", - "frame.number": "8802", - "frame.len": "145", - "frame.cap_len": "145", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "131", - "ip.id": "0x0000972d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007603", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "79", - "tcp.seq": "102804", - "tcp.nxtseq": "102883", - "tcp.ack": "21788", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000098e4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:81:5a:a7:a4:84:52", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2654554, TSecr 2812576850": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2654554", - "tcp.options.timestamp.tsecr": "2812576850" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8801", - "tcp.analysis.ack_rtt": "0.000486000", - "tcp.analysis.bytes_in_flight": "79", - "tcp.analysis.push_bytes_sent": "79" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "74", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:c1:11:18:5f:ca:12:c9:e3:76:19:43:97:87:c0:36:48:0d:ad:6a:98:08:cf:b4:4a:dc:e1:4a:70:f5:c8:7a:24:fb:d0:e1:2c:52:ef:14:56:c4:9d:83:fb:d6:14:42:de:5f:1f:ec:03:a3:59:39:1a:d5:9a:1a:7c:21:ce:a1:5c:63:72:6c" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:11.129788000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496091.129788000", - "frame.time_delta": "0.099024000", - "frame.time_delta_displayed": "0.099024000", - "frame.time_relative": "2499.669102000", - "frame.number": "8803", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002e1c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003763", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "21788", - "tcp.ack": "102883", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000bbbe", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a4:84:6b:00:28:81:5a", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812576875, TSecr 2654554": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812576875", - "tcp.options.timestamp.tsecr": "2654554" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8802", - "tcp.analysis.ack_rtt": "0.099024000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:11.130261000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496091.130261000", - "frame.time_delta": "0.000473000", - "frame.time_delta_displayed": "0.000473000", - "frame.time_relative": "2499.669575000", - "frame.number": "8804", - "frame.len": "115", - "frame.cap_len": "115", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "101", - "ip.id": "0x0000972e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007620", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "49", - "tcp.seq": "102883", - "tcp.nxtseq": "102932", - "tcp.ack": "21788", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000889c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:81:64:a7:a4:84:6b", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2654564, TSecr 2812576875": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2654564", - "tcp.options.timestamp.tsecr": "2812576875" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "49", - "tcp.analysis.push_bytes_sent": "49" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "44", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:c2:07:de:b1:7e:fd:5e:04:dc:c9:31:c9:17:68:c9:85:36:93:ee:93:ea:07:39:e6:97:b8:2e:21:b5:90:ca:c6:33:14:70:37:90" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:11.190452000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496091.190452000", - "frame.time_delta": "0.060191000", - "frame.time_delta_displayed": "0.060191000", - "frame.time_relative": "2499.729766000", - "frame.number": "8805", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002e1d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003762", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "21788", - "tcp.ack": "102932", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000bb74", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a4:84:7a:00:28:81:64", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812576890, TSecr 2654564": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812576890", - "tcp.options.timestamp.tsecr": "2654564" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8804", - "tcp.analysis.ack_rtt": "0.060191000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:12.126432000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496092.126432000", - "frame.time_delta": "0.935980000", - "frame.time_delta_displayed": "0.935980000", - "frame.time_relative": "2500.665746000", - "frame.number": "8806", - "frame.len": "298", - "frame.cap_len": "298", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "284", - "ip.id": "0x00002e1e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003679", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "232", - "tcp.seq": "21788", - "tcp.nxtseq": "22020", - "tcp.ack": "102932", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00009924", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a4:85:64:00:28:81:64", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812577124, TSecr 2654564": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812577124", - "tcp.options.timestamp.tsecr": "2654564" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "232", - "tcp.analysis.push_bytes_sent": "232" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "227", - "ssl.app_data": "34:cd:34:17:47:48:0e:ee:58:3f:d4:c9:29:77:37:59:9b:9c:18:78:9e:58:37:0a:73:46:37:ac:6b:0b:d6:af:c6:6e:7d:0a:ea:87:13:47:af:05:33:ea:25:24:65:9c:97:9b:9b:5b:d4:4f:41:8b:61:48:e3:27:9b:4b:8e:6d:8c:6f:cf:a5:02:a1:a4:d6:eb:a8:ec:b3:7a:de:94:df:0f:09:28:eb:6e:3b:38:e6:9f:c9:66:47:fa:be:f5:76:b9:d1:f1:30:aa:0f:9d:9e:1b:66:5b:e8:00:e3:26:93:00:2e:fb:86:6e:df:31:e9:13:a2:30:d3:78:ee:13:df:db:70:cc:06:6c:0a:67:36:63:36:75:9d:49:2b:83:e2:2d:97:e1:99:11:0b:6e:4c:0e:bc:d7:dc:74:c6:c5:3b:13:83:25:87:ca:20:28:7c:6b:a6:e3:6b:d6:bb:be:0a:aa:11:70:ba:18:ee:f6:aa:60:a9:79:ab:21:c6:f7:f6:ac:d1:0d:70:7d:8f:99:db:49:ca:6a:2f:c4:14:b1:ca:ce:4d:24:02:61:04:56:24:0f:29:aa:82:30:ff:80:bc:0c:bf:6e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:12.134965000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496092.134965000", - "frame.time_delta": "0.008533000", - "frame.time_delta_displayed": "0.008533000", - "frame.time_relative": "2500.674279000", - "frame.number": "8807", - "frame.len": "119", - "frame.cap_len": "119", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "105", - "ip.id": "0x0000972f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000761b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "53", - "tcp.seq": "102932", - "tcp.nxtseq": "102985", - "tcp.ack": "22020", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00005d35", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:81:c9:a7:a4:85:64", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2654665, TSecr 2812577124": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2654665", - "tcp.options.timestamp.tsecr": "2812577124" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8806", - "tcp.analysis.ack_rtt": "0.008533000", - "tcp.analysis.bytes_in_flight": "53", - "tcp.analysis.push_bytes_sent": "53" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "48", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:c3:a6:64:b7:27:1b:2a:09:ff:c7:82:85:ea:ac:7b:96:59:e3:f8:3c:37:ee:1b:2b:0c:eb:23:b3:5f:31:c8:34:f0:71:39:a9:0d:93:6e:bb:4f" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:12.137689000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496092.137689000", - "frame.time_delta": "0.002724000", - "frame.time_delta_displayed": "0.002724000", - "frame.time_relative": "2500.677003000", - "frame.number": "8808", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "94:10:3e:36:60:09", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x00009bb4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001be4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.dst_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "36217", - "tcp.dstport": "49153", - "tcp.port": "36217", - "tcp.port": "49153", - "tcp.stream": "338", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 49153", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "14600", - "tcp.window_size": "14600", - "tcp.checksum": "0x00005f56", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:28:81:c9:00:00:00:00:01:03:03:06", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 2654665, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2654665", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 6 (multiply by 64)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "6", - "tcp.options.wscale.multiplier": "64" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:12.144216000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496092.144216000", - "frame.time_delta": "0.006527000", - "frame.time_delta_displayed": "0.006527000", - "frame.time_relative": "2500.683530000", - "frame.number": "8809", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "94:10:3e:36:60:09", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "94:10:3e:36:60:09", - "arp.src.proto_ipv4": "192.168.0.225", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.242" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:12.144636000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496092.144636000", - "frame.time_delta": "0.000420000", - "frame.time_delta_displayed": "0.000420000", - "frame.time_relative": "2500.683950000", - "frame.number": "8810", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "94:10:3e:36:60:09", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "d0:52:a8:a3:60:0f", - "arp.src.proto_ipv4": "192.168.0.242", - "arp.dst.hw_mac": "94:10:3e:36:60:09", - "arp.dst.proto_ipv4": "192.168.0.225" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:12.149712000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496092.149712000", - "frame.time_delta": "0.005076000", - "frame.time_delta_displayed": "0.005076000", - "frame.time_relative": "2500.689026000", - "frame.number": "8811", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "94:10:3e:36:60:09", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b7a0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.src_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "49153", - "tcp.dstport": "36217", - "tcp.port": "49153", - "tcp.port": "36217", - "tcp.stream": "338", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 49153", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "5840", - "tcp.window_size": "5840", - "tcp.checksum": "0x00006b8b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:01", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 1 (multiply by 2)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "1", - "tcp.options.wscale.multiplier": "2" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8808", - "tcp.analysis.ack_rtt": "0.012023000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:12.150227000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496092.150227000", - "frame.time_delta": "0.000515000", - "frame.time_delta_displayed": "0.000515000", - "frame.time_relative": "2500.689541000", - "frame.number": "8812", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "94:10:3e:36:60:09", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00009bb5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001bf7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.dst_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "36217", - "tcp.dstport": "49153", - "tcp.port": "36217", - "tcp.port": "49153", - "tcp.stream": "338", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "229", - "tcp.window_size": "14656", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000c242", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8811", - "tcp.analysis.ack_rtt": "0.000515000", - "tcp.analysis.initial_rtt": "0.012538000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:12.161248000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496092.161248000", - "frame.time_delta": "0.011021000", - "frame.time_delta_displayed": "0.011021000", - "frame.time_relative": "2500.700562000", - "frame.number": "8813", - "frame.len": "234", - "frame.cap_len": "234", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:data" - }, - "eth": { - "eth.dst": "94:10:3e:36:60:09", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "220", - "ip.id": "0x00009bb6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001b42", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.dst_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "36217", - "tcp.dstport": "49153", - "tcp.port": "36217", - "tcp.port": "49153", - "tcp.stream": "338", - "tcp.len": "180", - "tcp.seq": "1", - "tcp.nxtseq": "181", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "229", - "tcp.window_size": "14656", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x00008875", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.012538000", - "tcp.analysis.bytes_in_flight": "180", - "tcp.analysis.push_bytes_sent": "180" - } - }, - "http": { - "SUBSCRIBE \/upnp\/event\/basicevent1 HTTP\/1.1\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "SUBSCRIBE \/upnp\/event\/basicevent1 HTTP\/1.1\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "SUBSCRIBE", - "http.request.uri": "\/upnp\/event\/basicevent1", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.225:49153", - "http.unknown_header": "CALLBACK: <http:\/\/192.168.0.242:39500\/>\\n", - "http.unknown_header": "NT: upnp:event\\n", - "http.unknown_header": "TIMEOUT: Second-5400\\n", - "http.user_agent": "CyberGarage-HTTP\/1.0", - "\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.225:49153\/upnp\/event\/basicevent1", - "http.notification": "1", - "http.file_data": "\n", - "data": { - "data.data": "0a", - "data.len": "1" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:12.162762000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496092.162762000", - "frame.time_delta": "0.001514000", - "frame.time_delta_displayed": "0.001514000", - "frame.time_relative": "2500.702076000", - "frame.number": "8814", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "94:10:3e:36:60:09", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000fd79", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ba32", - "ip.checksum.status": "2", - "ip.src": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.src_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "49153", - "tcp.dstport": "36217", - "tcp.port": "49153", - "tcp.port": "36217", - "tcp.stream": "338", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "181", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "2920", - "tcp.window_size": "5840", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x0000b70b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8813", - "tcp.analysis.ack_rtt": "0.001514000", - "tcp.analysis.initial_rtt": "0.012538000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:12.166697000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496092.166697000", - "frame.time_delta": "0.003935000", - "frame.time_delta_displayed": "0.003935000", - "frame.time_relative": "2500.706011000", - "frame.number": "8815", - "frame.len": "267", - "frame.cap_len": "267", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "94:10:3e:36:60:09", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "253", - "ip.id": "0x0000fd7a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b95c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.src_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "49153", - "tcp.dstport": "36217", - "tcp.port": "49153", - "tcp.port": "36217", - "tcp.stream": "338", - "tcp.len": "213", - "tcp.seq": "1", - "tcp.nxtseq": "214", - "tcp.ack": "181", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "2920", - "tcp.window_size": "5840", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x0000da1a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.012538000", - "tcp.analysis.bytes_in_flight": "213", - "tcp.analysis.push_bytes_sent": "213" - } - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.date": "Wed, 01 Nov 2017 00:28:12 GMT", - "http.response.line": "DATE: Wed, 01 Nov 2017 00:28:12 GMT\r\n", - "http.server": "Unspecified, UPnP\/1.0, Unspecified", - "http.response.line": "SERVER: Unspecified, UPnP\/1.0, Unspecified\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.response.line": "CONTENT-LENGTH: 0\r\n", - "http.response.line": "X-User-Agent: redsonic\r\n", - "http.response.line": "SID: uuid:8b1d77e2-1dd2-11b2-bdbd-82692efb0d7e\r\n", - "http.response.line": "TIMEOUT: Second-5400\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:12.167153000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496092.167153000", - "frame.time_delta": "0.000456000", - "frame.time_delta_displayed": "0.000456000", - "frame.time_relative": "2500.706467000", - "frame.number": "8816", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "94:10:3e:36:60:09", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00009bb7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001bf5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.dst_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "36217", - "tcp.dstport": "49153", - "tcp.port": "36217", - "tcp.port": "49153", - "tcp.stream": "338", - "tcp.len": "0", - "tcp.seq": "181", - "tcp.ack": "214", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "245", - "tcp.window_size": "15680", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000c0a9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8815", - "tcp.analysis.ack_rtt": "0.000456000", - "tcp.analysis.initial_rtt": "0.012538000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:12.167648000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496092.167648000", - "frame.time_delta": "0.000495000", - "frame.time_delta_displayed": "0.000495000", - "frame.time_relative": "2500.706962000", - "frame.number": "8817", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "94:10:3e:36:60:09", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000fd7b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ba30", - "ip.checksum.status": "2", - "ip.src": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.src_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "49153", - "tcp.dstport": "36217", - "tcp.port": "49153", - "tcp.port": "36217", - "tcp.stream": "338", - "tcp.len": "0", - "tcp.seq": "214", - "tcp.ack": "181", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "2920", - "tcp.window_size": "5840", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x0000b635", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:12.169371000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496092.169371000", - "frame.time_delta": "0.001723000", - "frame.time_delta_displayed": "0.001723000", - "frame.time_relative": "2500.708685000", - "frame.number": "8818", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "94:10:3e:36:60:09", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000dc6e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000db31", - "ip.checksum.status": "2", - "ip.src": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.src_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "3668", - "tcp.dstport": "39500", - "tcp.port": "3668", - "tcp.port": "39500", - "tcp.stream": "339", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 39500", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "5840", - "tcp.window_size": "5840", - "tcp.checksum": "0x00004d9a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:01", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 1 (multiply by 2)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "1", - "tcp.options.wscale.multiplier": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:12.169800000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496092.169800000", - "frame.time_delta": "0.000429000", - "frame.time_delta_displayed": "0.000429000", - "frame.time_relative": "2500.709114000", - "frame.number": "8819", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "94:10:3e:36:60:09", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b7a0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.dst_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "39500", - "tcp.dstport": "3668", - "tcp.port": "39500", - "tcp.port": "3668", - "tcp.stream": "339", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 39500", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "14600", - "tcp.window_size": "14600", - "tcp.checksum": "0x0000d7d8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:06", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 6 (multiply by 64)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "6", - "tcp.options.wscale.multiplier": "64" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8818", - "tcp.analysis.ack_rtt": "0.000429000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:12.172123000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496092.172123000", - "frame.time_delta": "0.002323000", - "frame.time_delta_displayed": "0.002323000", - "frame.time_relative": "2500.711437000", - "frame.number": "8820", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "94:10:3e:36:60:09", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000dc6f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000db3c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.src_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "3668", - "tcp.dstport": "39500", - "tcp.port": "3668", - "tcp.port": "39500", - "tcp.stream": "339", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "2920", - "tcp.window_size": "5840", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x0000464a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8819", - "tcp.analysis.ack_rtt": "0.002323000", - "tcp.analysis.initial_rtt": "0.002752000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:12.173511000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496092.173511000", - "frame.time_delta": "0.001388000", - "frame.time_delta_displayed": "0.001388000", - "frame.time_relative": "2500.712825000", - "frame.number": "8821", - "frame.len": "258", - "frame.cap_len": "258", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "94:10:3e:36:60:09", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "244", - "ip.id": "0x0000dc70", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000da6f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.src_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "3668", - "tcp.dstport": "39500", - "tcp.port": "3668", - "tcp.port": "39500", - "tcp.stream": "339", - "tcp.len": "204", - "tcp.seq": "1", - "tcp.nxtseq": "205", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "2920", - "tcp.window_size": "5840", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x00001434", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002752000", - "tcp.analysis.bytes_in_flight": "204", - "tcp.analysis.push_bytes_sent": "204" - }, - "tcp.segment_data": "4e:4f:54:49:46:59:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:4f:53:54:3a:20:31:39:32:2e:31:36:38:2e:30:2e:32:34:32:3a:33:39:35:30:30:0d:0a:43:4f:4e:54:45:4e:54:2d:54:59:50:45:3a:20:74:65:78:74:2f:78:6d:6c:3b:20:63:68:61:72:73:65:74:3d:22:75:74:66:2d:38:22:0d:0a:43:4f:4e:54:45:4e:54:2d:4c:45:4e:47:54:48:3a:20:31:33:32:0d:0a:4e:54:3a:20:75:70:6e:70:3a:65:76:65:6e:74:0d:0a:4e:54:53:3a:20:75:70:6e:70:3a:70:72:6f:70:63:68:61:6e:67:65:0d:0a:53:49:44:3a:20:75:75:69:64:3a:38:62:31:64:37:37:65:32:2d:31:64:64:32:2d:31:31:62:32:2d:62:64:62:64:2d:38:32:36:39:32:65:66:62:30:64:37:65:0d:0a:53:45:51:3a:20:30:0d:0a:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:12.173963000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496092.173963000", - "frame.time_delta": "0.000452000", - "frame.time_delta_displayed": "0.000452000", - "frame.time_relative": "2500.713277000", - "frame.number": "8822", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "94:10:3e:36:60:09", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000f92", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a81a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.dst_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "39500", - "tcp.dstport": "3668", - "tcp.port": "39500", - "tcp.port": "3668", - "tcp.stream": "339", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "205", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "245", - "tcp.window_size": "15680", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x00004ff1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8821", - "tcp.analysis.ack_rtt": "0.000452000", - "tcp.analysis.initial_rtt": "0.002752000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:12.176493000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496092.176493000", - "frame.time_delta": "0.002530000", - "frame.time_delta_displayed": "0.002530000", - "frame.time_relative": "2500.715807000", - "frame.number": "8823", - "frame.len": "187", - "frame.cap_len": "187", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml:http:data" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "94:10:3e:36:60:09", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "173", - "ip.id": "0x0000dc71", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000dab5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.src_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "3668", - "tcp.dstport": "39500", - "tcp.port": "3668", - "tcp.port": "39500", - "tcp.stream": "339", - "tcp.len": "133", - "tcp.seq": "205", - "tcp.nxtseq": "338", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "2920", - "tcp.window_size": "5840", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x0000a125", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002752000", - "tcp.analysis.bytes_in_flight": "133", - "tcp.analysis.push_bytes_sent": "133" - }, - "tcp.segment_data": "3c:65:3a:70:72:6f:70:65:72:74:79:73:65:74:20:78:6d:6c:6e:73:3a:65:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:65:76:65:6e:74:2d:31:2d:30:22:3e:0a:3c:65:3a:70:72:6f:70:65:72:74:79:3e:0a:3c:42:69:6e:61:72:79:53:74:61:74:65:3e:30:3c:2f:42:69:6e:61:72:79:53:74:61:74:65:3e:0a:3c:2f:65:3a:70:72:6f:70:65:72:74:79:3e:0a:3c:2f:65:3a:70:72:6f:70:65:72:74:79:73:65:74:3e:0a:0a:0d" - }, - "tcp.segments": { - "tcp.segment": "8821", - "tcp.segment": "8823", - "tcp.segment.count": "2", - "tcp.reassembled.length": "336", - "tcp.reassembled.data": "4e:4f:54:49:46:59:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:4f:53:54:3a:20:31:39:32:2e:31:36:38:2e:30:2e:32:34:32:3a:33:39:35:30:30:0d:0a:43:4f:4e:54:45:4e:54:2d:54:59:50:45:3a:20:74:65:78:74:2f:78:6d:6c:3b:20:63:68:61:72:73:65:74:3d:22:75:74:66:2d:38:22:0d:0a:43:4f:4e:54:45:4e:54:2d:4c:45:4e:47:54:48:3a:20:31:33:32:0d:0a:4e:54:3a:20:75:70:6e:70:3a:65:76:65:6e:74:0d:0a:4e:54:53:3a:20:75:70:6e:70:3a:70:72:6f:70:63:68:61:6e:67:65:0d:0a:53:49:44:3a:20:75:75:69:64:3a:38:62:31:64:37:37:65:32:2d:31:64:64:32:2d:31:31:62:32:2d:62:64:62:64:2d:38:32:36:39:32:65:66:62:30:64:37:65:0d:0a:53:45:51:3a:20:30:0d:0a:0d:0a:3c:65:3a:70:72:6f:70:65:72:74:79:73:65:74:20:78:6d:6c:6e:73:3a:65:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:65:76:65:6e:74:2d:31:2d:30:22:3e:0a:3c:65:3a:70:72:6f:70:65:72:74:79:3e:0a:3c:42:69:6e:61:72:79:53:74:61:74:65:3e:30:3c:2f:42:69:6e:61:72:79:53:74:61:74:65:3e:0a:3c:2f:65:3a:70:72:6f:70:65:72:74:79:3e:0a:3c:2f:65:3a:70:72:6f:70:65:72:74:79:73:65:74:3e:0a:0a:0d" - }, - "http": { - "NOTIFY \/ HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY \/ HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "\/", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.242:39500", - "http.content_type": "text\/xml; charset=\"utf-8\"", - "http.content_length_header": "132", - "http.content_length_header_tree": { - "http.content_length": "132" - }, - "http.unknown_header": "NT: upnp:event\\r\\n", - "http.unknown_header": "NTS: upnp:propchange\\r\\n", - "http.unknown_header": "SID: uuid:8b1d77e2-1dd2-11b2-bdbd-82692efb0d7e\\r\\n", - "http.unknown_header": "SEQ: 0\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.242:39500\/", - "http.notification": "1", - "http.file_data": "<e:propertyset xmlns:e=\"urn:schemas-upnp-org:event-1-0\">\n<e:property>\n<BinaryState>0<\/BinaryState>\n<\/e:property>\n<\/e:propertyset>\n\n\r" - }, - "xml": { - "xml.tag": "<e:propertyset xmlns:e=\"urn:schemas-upnp-org:event-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns:e=\"urn:schemas-upnp-org:event-1-0\"", - "xml.tag": "<e:property>", - "xml.tag_tree": { - "xml.tag": "<BinaryState>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/BinaryState>": "" - }, - "<\/e:property>": "" - }, - "<\/e:propertyset>": "" - } - }, - "http": { - "data": { - "data.data": "0a", - "data.len": "1" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:12.176947000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496092.176947000", - "frame.time_delta": "0.000454000", - "frame.time_delta_displayed": "0.000454000", - "frame.time_relative": "2500.716261000", - "frame.number": "8824", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "94:10:3e:36:60:09", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000f93", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a819", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.dst_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "39500", - "tcp.dstport": "3668", - "tcp.port": "39500", - "tcp.port": "3668", - "tcp.stream": "339", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "338", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "262", - "tcp.window_size": "16768", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x00004f5b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8823", - "tcp.analysis.ack_rtt": "0.000454000", - "tcp.analysis.initial_rtt": "0.002752000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:12.196583000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496092.196583000", - "frame.time_delta": "0.019636000", - "frame.time_delta_displayed": "0.019636000", - "frame.time_relative": "2500.735897000", - "frame.number": "8825", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002e1f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003760", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "22020", - "tcp.ack": "102985", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000b8f7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a4:85:75:00:28:81:c9", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812577141, TSecr 2654665": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812577141", - "tcp.options.timestamp.tsecr": "2654665" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8807", - "tcp.analysis.ack_rtt": "0.061618000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:12.197107000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496092.197107000", - "frame.time_delta": "0.000524000", - "frame.time_delta_displayed": "0.000524000", - "frame.time_relative": "2500.736421000", - "frame.number": "8826", - "frame.len": "417", - "frame.cap_len": "417", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "403", - "ip.id": "0x00009730", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000074f0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "351", - "tcp.seq": "102985", - "tcp.nxtseq": "103336", - "tcp.ack": "22020", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000a643", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:81:cf:a7:a4:85:75", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2654671, TSecr 2812577141": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2654671", - "tcp.options.timestamp.tsecr": "2812577141" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "351", - "tcp.analysis.push_bytes_sent": "351" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:c4:d1:3f:af:72:00:0e:99:d0:f3:ad:90:70:0b:a8:40:92:5c:0e:54:a0:29:1b:75:cb:a3:3a:c3:c1:7c:7c:b9:98:3c:d6:70:9d:a2:e8:83:64:c6" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "292", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:c5:d7:fc:d8:2d:d2:26:1c:4b:a8:45:a3:61:03:72:54:66:e1:89:1a:84:f2:81:82:e0:ed:b2:fb:9b:14:48:ec:49:f8:cf:bd:79:47:67:b9:15:7f:1a:03:7b:d0:a8:a3:95:5a:ac:5d:29:eb:63:18:3c:15:f3:87:0f:58:10:2f:c0:7d:4a:76:8f:09:45:a2:93:82:6d:1f:00:33:c9:4f:2f:db:93:c8:89:17:d8:31:92:db:b1:22:c5:3b:e0:b4:23:a5:53:3e:b8:d9:33:7e:2e:ad:7f:b7:a7:f7:55:fa:5b:70:5b:93:a7:9e:d6:f8:24:19:2d:b5:c7:42:b3:13:61:c4:fd:58:17:a5:a0:f3:01:9c:36:35:64:5d:a6:a7:68:c4:3d:ad:53:2a:b1:45:dc:e6:28:d4:d8:49:5e:65:82:5c:ce:9e:3c:56:a8:f0:a2:28:1a:b5:4b:e9:0e:b6:42:68:1e:fb:8d:4f:c2:d7:92:d0:2a:db:a9:74:ca:91:11:06:8c:21:d8:a3:e3:7b:4d:fd:87:4a:4c:5a:b4:a8:df:62:a6:4f:75:68:2c:af:3f:4f:25:c3:b4:ac:15:ba:89:5f:13:ef:d7:6a:29:92:46:42:46:54:01:dc:39:b0:3e:96:22:b2:16:c4:74:15:54:d9:50:2c:83:19:c5:b6:1e:ae:1d:c4:5a:82:7e:82:0e:c6:50:ce:59:06:14:a8:45:4b:ec:ea:0f:dc:d1:b3:e1:65:37:8e:8f" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:12.204097000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496092.204097000", - "frame.time_delta": "0.006990000", - "frame.time_delta_displayed": "0.006990000", - "frame.time_relative": "2500.743411000", - "frame.number": "8827", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "94:10:3e:36:60:09", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00009bb8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001bf4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.dst_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "36217", - "tcp.dstport": "49153", - "tcp.port": "36217", - "tcp.port": "49153", - "tcp.stream": "338", - "tcp.len": "0", - "tcp.seq": "181", - "tcp.ack": "215", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "245", - "tcp.window_size": "15680", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000c0a8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8817", - "tcp.analysis.ack_rtt": "0.036449000", - "tcp.analysis.initial_rtt": "0.012538000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:12.257209000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496092.257209000", - "frame.time_delta": "0.053112000", - "frame.time_delta_displayed": "0.053112000", - "frame.time_relative": "2500.796523000", - "frame.number": "8828", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002e20", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000375f", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "22020", - "tcp.ack": "103336", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000b783", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a4:85:84:00:28:81:cf", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812577156, TSecr 2654671": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812577156", - "tcp.options.timestamp.tsecr": "2654671" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8826", - "tcp.analysis.ack_rtt": "0.060102000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:12.257729000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496092.257729000", - "frame.time_delta": "0.000520000", - "frame.time_delta_displayed": "0.000520000", - "frame.time_relative": "2500.797043000", - "frame.number": "8829", - "frame.len": "487", - "frame.cap_len": "487", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "473", - "ip.id": "0x00009731", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000074a9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "421", - "tcp.seq": "103336", - "tcp.nxtseq": "103757", - "tcp.ack": "22020", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000192d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:81:d5:a7:a4:85:84", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2654677, TSecr 2812577156": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2654677", - "tcp.options.timestamp.tsecr": "2812577156" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "421", - "tcp.analysis.push_bytes_sent": "421" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "416", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:c6:87:85:50:5e:21:55:ff:9e:32:9c:4a:11:cb:7f:49:43:2d:75:3a:66:da:c9:f6:c8:08:3f:59:01:f7:05:85:5a:fb:e0:33:a4:8b:07:f1:7b:0c:61:f0:0b:c0:4e:e5:76:1d:4c:24:0d:f2:30:53:a1:bc:9a:80:83:c7:e6:7e:43:7a:87:b4:39:18:50:33:c6:63:5a:09:6a:20:2e:65:79:41:e8:ee:d6:bf:85:02:23:b9:9e:b3:df:cb:56:1c:37:e2:6e:22:de:7d:28:e2:57:a1:54:8d:bc:a6:92:f2:dc:ac:c3:81:bf:ed:cf:c3:6c:cf:be:e2:3b:5f:6b:fe:64:4b:c6:56:8a:47:a7:56:bb:cb:dd:d1:da:ff:9a:97:3f:3d:6d:56:1d:14:38:df:b0:34:29:a2:fc:2d:41:12:6b:24:f4:8c:c5:43:ab:43:4b:1c:2c:d7:66:cd:ae:55:a2:be:a6:1c:8a:2c:5b:0a:fd:8b:a8:c3:52:32:bb:b4:c7:6b:98:3d:e9:27:c3:ad:30:09:52:61:1f:7f:d2:ff:c5:ac:ac:e8:dd:00:ec:9a:0c:c9:12:db:9b:c2:5b:e8:09:66:27:99:17:26:1e:ee:6d:4f:c4:62:fb:5c:11:dc:9f:c4:2d:17:70:e1:41:f0:45:6c:db:ac:a9:18:0d:26:fe:3e:87:88:18:1b:f4:6b:79:5e:c1:5e:c3:df:c6:a9:56:e7:f2:f8:6a:17:d1:12:0f:73:55:ff:92:ab:9f:02:41:d0:70:7d:a7:6f:8c:1f:74:10:7e:05:9e:ce:04:2e:75:44:02:79:90:69:19:c8:7d:8f:e9:23:b0:68:0a:07:39:5a:62:5b:12:2f:1b:94:c6:1f:d3:63:6a:96:7e:5d:c3:6e:e6:46:7d:61:cd:5f:82:7c:d5:61:17:51:f9:cc:59:22:ec:2b:20:94:e4:c5:89:d0:94:10:9f:e2:d7:28:b5:d0:81:ef:5d:de:07:2e:60:2c:13:60:2d:b5:30:46:5d:74:11:af:f7:0c:42:14:98:38:63:a8:08:49:37:25:83:63:18:8e:4b:df:c0:b8:e0" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:12.258626000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496092.258626000", - "frame.time_delta": "0.000897000", - "frame.time_delta_displayed": "0.000897000", - "frame.time_relative": "2500.797940000", - "frame.number": "8830", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002e21", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000372f", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "22020", - "tcp.nxtseq": "22067", - "tcp.ack": "103336", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000c96e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a4:85:85:00:28:81:cf", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812577157, TSecr 2654671": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812577157", - "tcp.options.timestamp.tsecr": "2654671" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:ef:5d:dc:ca:fd:ec:4a:16:c2:bd:c5:97:92:dc:79:fb:05:57:61:88:74:fe:14:c7:92:ae:e4:99:8a:17:ee:da:a8:e1:4a" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:12.259731000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496092.259731000", - "frame.time_delta": "0.001105000", - "frame.time_delta_displayed": "0.001105000", - "frame.time_relative": "2500.799045000", - "frame.number": "8831", - "frame.len": "705", - "frame.cap_len": "705", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "691", - "ip.id": "0x00002e22", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000034de", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "639", - "tcp.seq": "22067", - "tcp.nxtseq": "22706", - "tcp.ack": "103336", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000a943", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a4:85:85:00:28:81:cf", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812577157, TSecr 2654671": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812577157", - "tcp.options.timestamp.tsecr": "2654671" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "686", - "tcp.analysis.push_bytes_sent": "639" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "634", - "ssl.app_data": "34:cd:34:17:47:48:0e:f0:b8:77:ec:e5:b0:95:62:fb:84:fc:7f:92:20:22:75:ce:c5:90:0e:fc:65:88:99:c4:e9:b7:d7:d8:4e:c8:db:1f:cd:0a:ca:15:2c:11:c4:af:0a:d0:f1:bd:1a:4a:2b:2e:f3:af:e8:30:bc:97:cc:6a:71:a5:d5:4f:a5:fe:01:83:05:3f:dd:94:ae:e9:8e:c8:2e:df:e5:77:80:bd:ba:87:2c:64:e6:60:38:15:43:73:d9:59:7f:c2:64:4e:dc:bb:5e:8b:b4:11:0b:f8:b6:ba:24:3a:99:b4:05:80:9a:e5:80:ba:40:e1:ba:59:61:68:19:07:23:3b:48:ae:e2:45:63:c9:5f:81:57:4d:25:7a:a7:f6:2b:be:e8:c2:19:d1:b0:3d:25:16:ac:68:f8:0e:f3:9b:f2:57:1e:a0:12:13:22:9a:5b:10:79:0d:48:74:1d:14:7a:0f:de:a7:82:0a:19:7f:70:4f:71:99:60:3e:25:79:09:9d:07:05:31:3a:5a:55:b8:94:ff:52:d7:c9:aa:75:17:62:29:7a:60:5c:b2:1d:ba:87:53:2b:d7:1f:39:0d:d9:c8:c3:5a:e9:d6:d8:98:d8:e4:4e:a7:15:df:68:69:cb:c5:29:f9:b5:e2:4e:e6:90:70:3e:5f:30:46:ef:46:a2:4c:b5:6e:0f:e2:ee:86:15:13:ad:ec:5f:53:0e:10:c7:dc:2a:8f:db:1f:2c:79:e4:72:a6:63:ed:b1:34:3e:e9:07:52:7c:02:c1:7c:54:1c:ce:0c:5c:95:ae:73:4c:74:ec:b0:b9:6f:34:f5:45:ae:bf:27:86:24:ac:cb:7c:2b:0d:ff:df:3f:98:ac:e5:50:76:22:15:37:a6:7f:c9:fb:ce:5e:11:e5:d8:7c:37:46:98:31:aa:d2:a6:14:ce:9c:66:9a:b1:04:8f:6b:7f:f8:12:20:7a:99:2f:32:98:84:79:d2:d2:73:e7:cf:72:8a:2d:15:4b:29:c0:4e:60:d3:d5:14:c7:cc:99:b5:e9:07:5d:7c:35:ae:ac:98:17:e8:68:c9:d3:3c:80:6e:16:9f:da:c7:32:9e:35:f0:f6:8c:2a:cd:69:09:01:a8:8e:3a:5c:32:ab:a9:60:a8:30:6c:ce:73:65:f6:11:f4:79:8e:37:68:10:be:f5:11:cc:18:81:c8:98:5a:70:1c:43:6d:2e:6c:bf:cc:77:5f:ad:98:25:d2:3a:5a:54:d6:a9:5b:d4:6c:db:a8:fc:96:19:e5:b5:00:da:b0:10:d3:ac:80:69:75:9a:ed:84:87:69:6b:e7:fd:45:a9:62:70:b4:2d:b7:56:b9:52:a0:0c:2c:36:5b:71:f6:e2:b2:29:b1:3d:49:a9:1a:1d:f2:e7:3d:57:af:28:07:24:c9:ea:41:62:7e:46:55:b0:43:af:44:bc:1e:eb:7b:5f:9a:8c:d5:5a:28:2d:5e:ac:e8:08:54:46:7b:b4:29:ad:bb:d2:8a:3f:b5:0f:27:86:c3:6f:38:36:d5:a9:c6:fe:06:c0:b8:1a:ca:51:aa:17:fb:d8:97:24:b9:28:41:4d:b3:8d:26:76:f3:c9:39:ed:8d:e6:8b:1e:11:f2:bc:00:b1:e5:1b:28:ce:c8:fb:e5:0d:51:f8:a9:a2:a5:d4:2d:89:2b:9e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:12.270582000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496092.270582000", - "frame.time_delta": "0.010851000", - "frame.time_delta_displayed": "0.010851000", - "frame.time_relative": "2500.809896000", - "frame.number": "8832", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00009732", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000764d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "103757", - "tcp.ack": "22706", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000b239", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:81:d6:a7:a4:85:85", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2654678, TSecr 2812577157": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2654678", - "tcp.options.timestamp.tsecr": "2812577157" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8831", - "tcp.analysis.ack_rtt": "0.010851000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:12.294747000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496092.294747000", - "frame.time_delta": "0.024165000", - "frame.time_delta_displayed": "0.024165000", - "frame.time_relative": "2500.834061000", - "frame.number": "8833", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "94:10:3e:36:60:09", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00009bb9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00001bf3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.dst_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "36217", - "tcp.dstport": "49153", - "tcp.port": "36217", - "tcp.port": "49153", - "tcp.stream": "338", - "tcp.len": "0", - "tcp.seq": "181", - "tcp.ack": "215", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "245", - "tcp.window_size": "15680", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000c0a7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:12.296443000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496092.296443000", - "frame.time_delta": "0.001696000", - "frame.time_delta_displayed": "0.001696000", - "frame.time_relative": "2500.835757000", - "frame.number": "8834", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "94:10:3e:36:60:09", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b7ac", - "ip.checksum.status": "2", - "ip.src": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.src_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "49153", - "tcp.dstport": "36217", - "tcp.port": "49153", - "tcp.port": "36217", - "tcp.stream": "338", - "tcp.len": "0", - "tcp.seq": "215", - "tcp.ack": "182", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "2920", - "tcp.window_size": "5840", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x0000b634", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8833", - "tcp.analysis.ack_rtt": "0.001696000", - "tcp.analysis.initial_rtt": "0.012538000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:12.313825000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496092.313825000", - "frame.time_delta": "0.017382000", - "frame.time_delta_displayed": "0.017382000", - "frame.time_relative": "2500.853139000", - "frame.number": "8835", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "94:10:3e:36:60:09", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x0000d151", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e646", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.dst_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "36218", - "tcp.dstport": "49153", - "tcp.port": "36218", - "tcp.port": "49153", - "tcp.stream": "340", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 49153", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "14600", - "tcp.window_size": "14600", - "tcp.checksum": "0x000049be", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:28:81:da:00:00:00:00:01:03:03:06", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 2654682, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2654682", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 6 (multiply by 64)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "6", - "tcp.options.wscale.multiplier": "64" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:12.315676000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496092.315676000", - "frame.time_delta": "0.001851000", - "frame.time_delta_displayed": "0.001851000", - "frame.time_relative": "2500.854990000", - "frame.number": "8836", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "94:10:3e:36:60:09", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b7a0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.src_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "49153", - "tcp.dstport": "36218", - "tcp.port": "49153", - "tcp.port": "36218", - "tcp.stream": "340", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 49153", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "5840", - "tcp.window_size": "5840", - "tcp.checksum": "0x000063fa", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:01", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 1 (multiply by 2)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "1", - "tcp.options.wscale.multiplier": "2" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8835", - "tcp.analysis.ack_rtt": "0.001851000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:12.316136000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496092.316136000", - "frame.time_delta": "0.000460000", - "frame.time_delta_displayed": "0.000460000", - "frame.time_relative": "2500.855450000", - "frame.number": "8837", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "94:10:3e:36:60:09", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d152", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e659", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.dst_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "36218", - "tcp.dstport": "49153", - "tcp.port": "36218", - "tcp.port": "49153", - "tcp.stream": "340", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "229", - "tcp.window_size": "14656", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000bab1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8836", - "tcp.analysis.ack_rtt": "0.000460000", - "tcp.analysis.initial_rtt": "0.002311000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:12.327213000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496092.327213000", - "frame.time_delta": "0.011077000", - "frame.time_delta_displayed": "0.011077000", - "frame.time_relative": "2500.866527000", - "frame.number": "8838", - "frame.len": "641", - "frame.cap_len": "641", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "94:10:3e:36:60:09", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "627", - "ip.id": "0x0000d153", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e40d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.dst_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "36218", - "tcp.dstport": "49153", - "tcp.port": "36218", - "tcp.port": "49153", - "tcp.stream": "340", - "tcp.len": "587", - "tcp.seq": "1", - "tcp.nxtseq": "588", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "229", - "tcp.window_size": "14656", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x00005698", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002311000", - "tcp.analysis.bytes_in_flight": "587", - "tcp.analysis.push_bytes_sent": "587" - } - }, - "http": { - "POST \/upnp\/control\/timesync1 HTTP\/1.1\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "POST \/upnp\/control\/timesync1 HTTP\/1.1\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "POST", - "http.request.uri": "\/upnp\/control\/timesync1", - "http.request.version": "HTTP\/1.1" - }, - "http.content_type": "text\/xml; charset=\"utf-8\"", - "http.request.line": "Content-Type: text\/xml; charset=\"utf-8\"\n", - "http.request.line": "SOAPACTION: \"urn:Belkin:service:timesync:1#TimeSync\"\n", - "http.content_length_header": "376", - "http.content_length_header_tree": { - "http.content_length": "376" - }, - "http.request.line": "Content-Length: 376\n", - "http.host": "192.168.0.225:49153", - "http.request.line": "HOST: 192.168.0.225:49153\n", - "http.user_agent": "CyberGarage-HTTP\/1.0", - "http.request.line": "User-Agent: CyberGarage-HTTP\/1.0\n", - "\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.225:49153\/upnp\/control\/timesync1", - "http.request": "1", - "http.request_number": "1", - "http.file_data": "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<s:Envelope xmlns:s=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\" s:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\">\n <s:Body>\n <u:TimeSync xmlns:u=\"urn:Belkin:service:timesync:1\">\n <UTC>1509496092<\/UTC>\n <TimeZone>-05.00<\/TimeZone>\n <dst>1<\/dst>\n <DstSupported>1<\/DstSupported>\n <\/u:TimeSync>\n <\/s:Body>\n<\/s:Envelope>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"utf-8\"?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "utf-8", - "?>": "" - }, - "xml.tag": "<s:Envelope xmlns:s=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\" s:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\">", - "xml.tag_tree": { - "xml.attribute": "xmlns:s=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\"", - "xml.attribute": "s:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\"", - "xml.tag": "<s:Body>", - "xml.tag_tree": { - "xml.tag": "<u:TimeSync xmlns:u=\"urn:Belkin:service:timesync:1\">", - "xml.tag_tree": { - "xml.attribute": "xmlns:u=\"urn:Belkin:service:timesync:1\"", - "xml.tag": "<UTC>", - "xml.tag_tree": { - "xml.cdata": "1509496092", - "<\/UTC>": "" - }, - "xml.tag": "<TimeZone>", - "xml.tag_tree": { - "xml.cdata": "-05.00", - "<\/TimeZone>": "" - }, - "xml.tag": "<dst>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/dst>": "" - }, - "xml.tag": "<DstSupported>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/DstSupported>": "" - }, - "<\/u:TimeSync>": "" - }, - "<\/s:Body>": "" - }, - "<\/s:Envelope>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:12.329342000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496092.329342000", - "frame.time_delta": "0.002129000", - "frame.time_delta_displayed": "0.002129000", - "frame.time_relative": "2500.868656000", - "frame.number": "8839", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "94:10:3e:36:60:09", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000f3cf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000c3dc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.src_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "49153", - "tcp.dstport": "36218", - "tcp.port": "49153", - "tcp.port": "36218", - "tcp.stream": "340", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "588", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3507", - "tcp.window_size": "7014", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x0000ab98", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8838", - "tcp.analysis.ack_rtt": "0.002129000", - "tcp.analysis.initial_rtt": "0.002311000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:12.357879000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496092.357879000", - "frame.time_delta": "0.028537000", - "frame.time_delta_displayed": "0.028537000", - "frame.time_relative": "2500.897193000", - "frame.number": "8840", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002e23", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000375c", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "22706", - "tcp.ack": "103757", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000b310", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a4:85:9e:00:28:81:d5", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812577182, TSecr 2654677": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812577182", - "tcp.options.timestamp.tsecr": "2654677" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8829", - "tcp.analysis.ack_rtt": "0.100150000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:12.358392000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496092.358392000", - "frame.time_delta": "0.000513000", - "frame.time_delta_displayed": "0.000513000", - "frame.time_relative": "2500.897706000", - "frame.number": "8841", - "frame.len": "328", - "frame.cap_len": "328", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "314", - "ip.id": "0x00009733", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007546", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "262", - "tcp.seq": "103757", - "tcp.nxtseq": "104019", - "tcp.ack": "22706", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00003e6b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:81:df:a7:a4:85:9e", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2654687, TSecr 2812577182": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2654687", - "tcp.options.timestamp.tsecr": "2812577182" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "262", - "tcp.analysis.push_bytes_sent": "262" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:c7:4a:bc:5c:a9:13:bb:37:1e:7f:25:e1:15:e3:2c:12:7b:1d:69:1e:08:1a:eb:44:95:a0:2b:64:89:48:cd:c6:d6:ff:db" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "48", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:c8:26:19:e8:69:05:0e:d9:d2:3a:a3:41:e5:ec:9d:c1:10:7e:53:fe:a0:32:17:33:6d:ba:e8:3f:20:dd:d9:fb:ad:ef:f7:fc:22:3d:e7:f1:b3" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:c9:17:87:34:06:81:a3:de:b0:3f:e7:88:10:b9:2c:c5:ce:c0:21:45:ad:95:d5:36:f2:a4:72:fe:0f:a6:46:58:0e:4f:5d:06:9f:cc:2c:f3:2e:51" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:ca:93:53:ab:d9:2c:cd:51:6d:3f:64:8c:6a:4e:71:40:73:49:a4:20:dd:2e:4f:88:d7:4f:eb:be:b5:69:aa:92:3e:eb:d8:96:93:b2:ab:ab:35:35" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:cb:6a:0d:35:12:ef:fc:e2:10:57:40:03:dd:13:50:aa:a5:60:cb:68:69:d7:f2:2d:90:7c:5d:a8:64:1d:57:9c:b9:b6:73:9a:42:67:21:93:09:4e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:12.418760000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496092.418760000", - "frame.time_delta": "0.060368000", - "frame.time_delta_displayed": "0.060368000", - "frame.time_relative": "2500.958074000", - "frame.number": "8842", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002e24", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000375b", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "22706", - "tcp.ack": "104019", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000b1f1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a4:85:ad:00:28:81:df", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812577197, TSecr 2654687": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812577197", - "tcp.options.timestamp.tsecr": "2654687" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8841", - "tcp.analysis.ack_rtt": "0.060368000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:12.419371000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496092.419371000", - "frame.time_delta": "0.000611000", - "frame.time_delta_displayed": "0.000611000", - "frame.time_relative": "2500.958685000", - "frame.number": "8843", - "frame.len": "151", - "frame.cap_len": "151", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "137", - "ip.id": "0x00002e25", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003705", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "85", - "tcp.seq": "22706", - "tcp.nxtseq": "22791", - "tcp.ack": "104019", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000370d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a4:85:ad:00:28:81:df", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812577197, TSecr 2654687": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812577197", - "tcp.options.timestamp.tsecr": "2654687" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "85", - "tcp.analysis.push_bytes_sent": "85" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "80", - "ssl.app_data": "34:cd:34:17:47:48:0e:f1:5c:49:37:50:0a:0f:4a:3a:29:3b:52:58:74:35:d8:74:06:92:4a:43:da:f8:10:9e:b4:e7:36:c9:1c:e6:4f:f0:67:4a:2c:ad:de:a9:52:cb:5c:a9:b0:47:7b:15:78:99:9c:e1:76:2a:69:6d:bf:02:77:b2:29:2a:a0:fb:02:ca:08:c8:60:a8:45:98:8a:aa" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:12.423314000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496092.423314000", - "frame.time_delta": "0.003943000", - "frame.time_delta_displayed": "0.003943000", - "frame.time_relative": "2500.962628000", - "frame.number": "8844", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00009734", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000761c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "104019", - "tcp.nxtseq": "104066", - "tcp.ack": "22791", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000553b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:81:e5:a7:a4:85:ad", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2654693, TSecr 2812577197": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2654693", - "tcp.options.timestamp.tsecr": "2812577197" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8843", - "tcp.analysis.ack_rtt": "0.003943000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:cc:5d:9d:2b:c8:92:5f:79:e7:cc:21:5f:b0:e1:78:30:05:2e:f7:fb:f4:ba:24:02:9d:39:33:21:7a:ad:f0:6b:4c:e4:f9" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:12.426137000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496092.426137000", - "frame.time_delta": "0.002823000", - "frame.time_delta_displayed": "0.002823000", - "frame.time_relative": "2500.965451000", - "frame.number": "8845", - "frame.len": "92", - "frame.cap_len": "92", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "94:10:3e:36:60:09", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "78", - "ip.id": "0x00000f94", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a7f2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.dst_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "39500", - "tcp.dstport": "3668", - "tcp.port": "39500", - "tcp.port": "3668", - "tcp.stream": "339", - "tcp.len": "38", - "tcp.seq": "1", - "tcp.nxtseq": "39", - "tcp.ack": "338", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "262", - "tcp.window_size": "16768", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x00005be6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002752000", - "tcp.analysis.bytes_in_flight": "38", - "tcp.analysis.push_bytes_sent": "38" - } - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.connection": "close", - "http.response.line": "Connection: close\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:12.428219000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496092.428219000", - "frame.time_delta": "0.002082000", - "frame.time_delta_displayed": "0.002082000", - "frame.time_relative": "2500.967533000", - "frame.number": "8846", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "94:10:3e:36:60:09", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000dc72", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000db39", - "ip.checksum.status": "2", - "ip.src": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.src_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "3668", - "tcp.dstport": "39500", - "tcp.port": "3668", - "tcp.port": "39500", - "tcp.stream": "339", - "tcp.len": "0", - "tcp.seq": "338", - "tcp.ack": "39", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "2920", - "tcp.window_size": "5840", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x000044d3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8845", - "tcp.analysis.ack_rtt": "0.002082000", - "tcp.analysis.initial_rtt": "0.002752000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:12.429072000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496092.429072000", - "frame.time_delta": "0.000853000", - "frame.time_delta_displayed": "0.000853000", - "frame.time_relative": "2500.968386000", - "frame.number": "8847", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "94:10:3e:36:60:09", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000dc73", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000db38", - "ip.checksum.status": "2", - "ip.src": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.src_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "3668", - "tcp.dstport": "39500", - "tcp.port": "3668", - "tcp.port": "39500", - "tcp.stream": "339", - "tcp.len": "0", - "tcp.seq": "338", - "tcp.ack": "39", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "2920", - "tcp.window_size": "5840", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x000044d2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:12.429679000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496092.429679000", - "frame.time_delta": "0.000607000", - "frame.time_delta_displayed": "0.000607000", - "frame.time_relative": "2500.968993000", - "frame.number": "8848", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "94:10:3e:36:60:09", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000f95", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a817", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.dst_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "39500", - "tcp.dstport": "3668", - "tcp.port": "39500", - "tcp.port": "3668", - "tcp.stream": "339", - "tcp.len": "0", - "tcp.seq": "39", - "tcp.ack": "339", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "262", - "tcp.window_size": "16768", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x00004f33", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8847", - "tcp.analysis.ack_rtt": "0.000607000", - "tcp.analysis.initial_rtt": "0.002752000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:12.431403000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496092.431403000", - "frame.time_delta": "0.001724000", - "frame.time_delta_displayed": "0.001724000", - "frame.time_relative": "2500.970717000", - "frame.number": "8849", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "94:10:3e:36:60:09", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000dc74", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000db37", - "ip.checksum.status": "2", - "ip.src": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.src_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "3668", - "tcp.dstport": "39500", - "tcp.port": "3668", - "tcp.port": "39500", - "tcp.stream": "339", - "tcp.len": "0", - "tcp.seq": "339", - "tcp.ack": "40", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "2920", - "tcp.window_size": "5840", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x000044d1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8848", - "tcp.analysis.ack_rtt": "0.001724000", - "tcp.analysis.initial_rtt": "0.002752000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:12.484199000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496092.484199000", - "frame.time_delta": "0.052796000", - "frame.time_delta_displayed": "0.052796000", - "frame.time_relative": "2501.023513000", - "frame.number": "8850", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002e26", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000372a", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "22791", - "tcp.nxtseq": "22838", - "tcp.ack": "104066", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000d217", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a4:85:bd:00:28:81:e5", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812577213, TSecr 2654693": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812577213", - "tcp.options.timestamp.tsecr": "2654693" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8844", - "tcp.analysis.ack_rtt": "0.060885000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:f2:3b:20:64:7f:2f:98:30:ad:17:85:6c:f6:bd:58:47:c0:29:dd:a7:99:a0:a1:e1:b0:a1:66:30:3d:23:f9:2f:e4:43:b8" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:12.484691000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496092.484691000", - "frame.time_delta": "0.000492000", - "frame.time_delta_displayed": "0.000492000", - "frame.time_relative": "2501.024005000", - "frame.number": "8851", - "frame.len": "145", - "frame.cap_len": "145", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "131", - "ip.id": "0x00009735", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000075fb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "79", - "tcp.seq": "104066", - "tcp.nxtseq": "104145", - "tcp.ack": "22838", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000fa82", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:81:ec:a7:a4:85:bd", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2654700, TSecr 2812577213": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2654700", - "tcp.options.timestamp.tsecr": "2812577213" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8850", - "tcp.analysis.ack_rtt": "0.000492000", - "tcp.analysis.bytes_in_flight": "79", - "tcp.analysis.push_bytes_sent": "79" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "74", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:cd:c6:f1:69:9f:6b:44:b3:58:93:a5:c6:57:83:b3:e6:7b:37:6e:a1:0c:32:6c:b6:2a:b5:ae:09:cd:56:da:d0:71:b4:3a:ca:29:5b:6e:ac:37:88:4c:6d:53:9c:33:b2:a7:58:d0:68:18:16:69:48:21:66:25:d8:05:56:51:31:b1:cb:6c" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:12.581869000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496092.581869000", - "frame.time_delta": "0.097178000", - "frame.time_delta_displayed": "0.097178000", - "frame.time_relative": "2501.121183000", - "frame.number": "8852", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002e27", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003758", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "22838", - "tcp.ack": "104145", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000b0b9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a4:85:d6:00:28:81:ec", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812577238, TSecr 2654700": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812577238", - "tcp.options.timestamp.tsecr": "2654700" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8851", - "tcp.analysis.ack_rtt": "0.097178000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:12.582356000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496092.582356000", - "frame.time_delta": "0.000487000", - "frame.time_delta_displayed": "0.000487000", - "frame.time_relative": "2501.121670000", - "frame.number": "8853", - "frame.len": "115", - "frame.cap_len": "115", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "101", - "ip.id": "0x00009736", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007618", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "49", - "tcp.seq": "104145", - "tcp.nxtseq": "104194", - "tcp.ack": "22838", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000038a6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:81:f5:a7:a4:85:d6", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2654709, TSecr 2812577238": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2654709", - "tcp.options.timestamp.tsecr": "2812577238" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "49", - "tcp.analysis.push_bytes_sent": "49" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "44", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:ce:16:3c:c4:1f:8b:59:ab:21:6b:85:00:40:60:ee:23:41:e8:76:e3:97:20:da:df:5a:84:42:3e:74:1f:28:3b:08:4c:60:8a:4f" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:12.643072000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496092.643072000", - "frame.time_delta": "0.060716000", - "frame.time_delta_displayed": "0.060716000", - "frame.time_relative": "2501.182386000", - "frame.number": "8854", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002e28", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003757", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "22838", - "tcp.ack": "104194", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000b070", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a4:85:e5:00:28:81:f5", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812577253, TSecr 2654709": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812577253", - "tcp.options.timestamp.tsecr": "2654709" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8853", - "tcp.analysis.ack_rtt": "0.060716000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:12.839906000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496092.839906000", - "frame.time_delta": "0.196834000", - "frame.time_delta_displayed": "0.196834000", - "frame.time_relative": "2501.379220000", - "frame.number": "8855", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "94:10:3e:36:60:09", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x0000f3d0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000c31b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.src_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "49153", - "tcp.dstport": "36218", - "tcp.port": "49153", - "tcp.port": "36218", - "tcp.stream": "340", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "588", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3507", - "tcp.window_size": "7014", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x0000b09d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002311000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:4f:4e:54:45:4e:54:2d:4c:45:4e:47:54:48:3a:20:32:36:37:0d:0a:43:4f:4e:54:45:4e:54:2d:54:59:50:45:3a:20:74:65:78:74:2f:78:6d:6c:3b:20:63:68:61:72:73:65:74:3d:22:75:74:66:2d:38:22:0d:0a:44:41:54:45:3a:20:57:65:64:2c:20:30:31:20:4e:6f:76:20:32:30:31:37:20:30:30:3a:32:38:3a:31:32:20:47:4d:54:0d:0a:45:58:54:3a:0d:0a:53:45:52:56:45:52:3a:20:55:6e:73:70:65:63:69:66:69:65:64:2c:20:55:50:6e:50:2f:31:2e:30:2c:20:55:6e:73:70:65:63:69:66:69:65:64:0d:0a:58:2d:55:73:65:72:2d:41:67:65:6e:74:3a:20:72:65:64:73:6f:6e:69:63:0d:0a:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:12.840400000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496092.840400000", - "frame.time_delta": "0.000494000", - "frame.time_delta_displayed": "0.000494000", - "frame.time_relative": "2501.379714000", - "frame.number": "8856", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "94:10:3e:36:60:09", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d154", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e657", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.dst_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "36218", - "tcp.dstport": "49153", - "tcp.port": "36218", - "tcp.port": "49153", - "tcp.stream": "340", - "tcp.len": "0", - "tcp.seq": "588", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "245", - "tcp.window_size": "15680", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000b796", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8855", - "tcp.analysis.ack_rtt": "0.000494000", - "tcp.analysis.initial_rtt": "0.002311000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:12.841249000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496092.841249000", - "frame.time_delta": "0.000849000", - "frame.time_delta_displayed": "0.000849000", - "frame.time_relative": "2501.380563000", - "frame.number": "8857", - "frame.len": "321", - "frame.cap_len": "321", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "94:10:3e:36:60:09", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "307", - "ip.id": "0x0000f3d1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000c2cf", - "ip.checksum.status": "2", - "ip.src": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.src_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "49153", - "tcp.dstport": "36218", - "tcp.port": "49153", - "tcp.port": "36218", - "tcp.stream": "340", - "tcp.len": "267", - "tcp.seq": "193", - "tcp.nxtseq": "461", - "tcp.ack": "588", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3507", - "tcp.window_size": "7014", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x0000e09c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002311000", - "tcp.analysis.bytes_in_flight": "268", - "tcp.analysis.push_bytes_sent": "267" - }, - "tcp.segment_data": "3c:73:3a:45:6e:76:65:6c:6f:70:65:20:78:6d:6c:6e:73:3a:73:3d:22:68:74:74:70:3a:2f:2f:73:63:68:65:6d:61:73:2e:78:6d:6c:73:6f:61:70:2e:6f:72:67:2f:73:6f:61:70:2f:65:6e:76:65:6c:6f:70:65:2f:22:20:73:3a:65:6e:63:6f:64:69:6e:67:53:74:79:6c:65:3d:22:68:74:74:70:3a:2f:2f:73:63:68:65:6d:61:73:2e:78:6d:6c:73:6f:61:70:2e:6f:72:67:2f:73:6f:61:70:2f:65:6e:63:6f:64:69:6e:67:2f:22:3e:3c:73:3a:42:6f:64:79:3e:0a:3c:75:3a:54:69:6d:65:53:79:6e:63:52:65:73:70:6f:6e:73:65:20:78:6d:6c:6e:73:3a:75:3d:22:75:72:6e:3a:42:65:6c:6b:69:6e:3a:73:65:72:76:69:63:65:3a:74:69:6d:65:73:79:6e:63:3a:31:22:3e:0d:0a:3c:73:74:61:74:75:73:3e:73:75:63:63:65:73:73:3c:2f:73:74:61:74:75:73:3e:0d:0a:3c:2f:75:3a:54:69:6d:65:53:79:6e:63:52:65:73:70:6f:6e:73:65:3e:0d:0a:3c:2f:73:3a:42:6f:64:79:3e:20:3c:2f:73:3a:45:6e:76:65:6c:6f:70:65:3e" - }, - "tcp.segments": { - "tcp.segment": "8855", - "tcp.segment": "8857", - "tcp.segment.count": "2", - "tcp.reassembled.length": "459", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:4f:4e:54:45:4e:54:2d:4c:45:4e:47:54:48:3a:20:32:36:37:0d:0a:43:4f:4e:54:45:4e:54:2d:54:59:50:45:3a:20:74:65:78:74:2f:78:6d:6c:3b:20:63:68:61:72:73:65:74:3d:22:75:74:66:2d:38:22:0d:0a:44:41:54:45:3a:20:57:65:64:2c:20:30:31:20:4e:6f:76:20:32:30:31:37:20:30:30:3a:32:38:3a:31:32:20:47:4d:54:0d:0a:45:58:54:3a:0d:0a:53:45:52:56:45:52:3a:20:55:6e:73:70:65:63:69:66:69:65:64:2c:20:55:50:6e:50:2f:31:2e:30:2c:20:55:6e:73:70:65:63:69:66:69:65:64:0d:0a:58:2d:55:73:65:72:2d:41:67:65:6e:74:3a:20:72:65:64:73:6f:6e:69:63:0d:0a:0d:0a:3c:73:3a:45:6e:76:65:6c:6f:70:65:20:78:6d:6c:6e:73:3a:73:3d:22:68:74:74:70:3a:2f:2f:73:63:68:65:6d:61:73:2e:78:6d:6c:73:6f:61:70:2e:6f:72:67:2f:73:6f:61:70:2f:65:6e:76:65:6c:6f:70:65:2f:22:20:73:3a:65:6e:63:6f:64:69:6e:67:53:74:79:6c:65:3d:22:68:74:74:70:3a:2f:2f:73:63:68:65:6d:61:73:2e:78:6d:6c:73:6f:61:70:2e:6f:72:67:2f:73:6f:61:70:2f:65:6e:63:6f:64:69:6e:67:2f:22:3e:3c:73:3a:42:6f:64:79:3e:0a:3c:75:3a:54:69:6d:65:53:79:6e:63:52:65:73:70:6f:6e:73:65:20:78:6d:6c:6e:73:3a:75:3d:22:75:72:6e:3a:42:65:6c:6b:69:6e:3a:73:65:72:76:69:63:65:3a:74:69:6d:65:73:79:6e:63:3a:31:22:3e:0d:0a:3c:73:74:61:74:75:73:3e:73:75:63:63:65:73:73:3c:2f:73:74:61:74:75:73:3e:0d:0a:3c:2f:75:3a:54:69:6d:65:53:79:6e:63:52:65:73:70:6f:6e:73:65:3e:0d:0a:3c:2f:73:3a:42:6f:64:79:3e:20:3c:2f:73:3a:45:6e:76:65:6c:6f:70:65:3e" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_length_header": "267", - "http.content_length_header_tree": { - "http.content_length": "267" - }, - "http.response.line": "CONTENT-LENGTH: 267\r\n", - "http.content_type": "text\/xml; charset=\"utf-8\"", - "http.response.line": "CONTENT-TYPE: text\/xml; charset=\"utf-8\"\r\n", - "http.date": "Wed, 01 Nov 2017 00:28:12 GMT", - "http.response.line": "DATE: Wed, 01 Nov 2017 00:28:12 GMT\r\n", - "http.response.line": "EXT:\r\n", - "http.server": "Unspecified, UPnP\/1.0, Unspecified", - "http.response.line": "SERVER: Unspecified, UPnP\/1.0, Unspecified\r\n", - "http.response.line": "X-User-Agent: redsonic\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.514036000", - "http.request_in": "8838", - "http.file_data": "<s:Envelope xmlns:s=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\" s:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\"><s:Body>\n<u:TimeSyncResponse xmlns:u=\"urn:Belkin:service:timesync:1\">\r\n<status>success<\/status>\r\n<\/u:TimeSyncResponse>\r\n<\/s:Body> <\/s:Envelope>" - }, - "xml": { - "xml.tag": "<s:Envelope xmlns:s=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\" s:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\">", - "xml.tag_tree": { - "xml.attribute": "xmlns:s=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\"", - "xml.attribute": "s:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\"", - "xml.tag": "<s:Body>", - "xml.tag_tree": { - "xml.tag": "<u:TimeSyncResponse xmlns:u=\"urn:Belkin:service:timesync:1\">", - "xml.tag_tree": { - "xml.attribute": "xmlns:u=\"urn:Belkin:service:timesync:1\"", - "xml.tag": "<status>", - "xml.tag_tree": { - "xml.cdata": "success", - "<\/status>": "" - }, - "<\/u:TimeSyncResponse>": "" - }, - "<\/s:Body>": "" - }, - "<\/s:Envelope>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:12.848969000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496092.848969000", - "frame.time_delta": "0.007720000", - "frame.time_delta_displayed": "0.007720000", - "frame.time_relative": "2501.388283000", - "frame.number": "8858", - "frame.len": "317", - "frame.cap_len": "317", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "303", - "ip.id": "0x00009737", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000754d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "251", - "tcp.seq": "104194", - "tcp.nxtseq": "104445", - "tcp.ack": "22838", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000012d1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:82:10:a7:a4:85:e5", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2654736, TSecr 2812577253": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2654736", - "tcp.options.timestamp.tsecr": "2812577253" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "251", - "tcp.analysis.push_bytes_sent": "251" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "246", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:cf:90:f0:82:cf:f3:0a:55:d8:8c:66:a0:11:5a:d9:25:58:b3:ea:91:d9:41:71:9a:99:d9:4b:28:6f:6f:5e:f0:b4:42:66:3a:3f:d7:a9:8d:ca:84:92:32:d2:98:5f:41:b3:7b:fa:46:93:ea:c6:d2:c5:02:1f:dd:d5:b0:13:1b:37:b8:bb:6a:e6:03:56:fb:4e:f7:ca:c0:e5:dc:c8:a6:18:41:43:e6:65:f4:05:4f:a4:d5:62:54:f4:ab:4b:13:5a:a5:8b:5f:0e:82:ac:c7:fa:71:b4:f1:0f:42:73:23:05:4c:6a:25:23:12:16:1a:05:8e:9b:11:e1:92:cd:20:ca:e1:0f:98:fe:c3:1f:17:c4:74:8b:28:93:8c:1f:a8:a4:5c:ad:d0:64:18:fa:6e:d3:90:bc:27:fe:5e:b5:80:b2:c4:9a:ec:de:0e:7b:68:a1:fd:72:cf:48:2c:9e:ea:21:be:05:56:89:99:18:01:32:9c:ee:e0:1d:f8:0a:27:ff:fc:23:60:5a:5a:45:88:70:e8:66:05:0d:13:9e:18:17:ca:c5:99:49:af:41:8c:2d:fa:b2:8f:68:56:a9:17:b5:4d:57:5f:da:92:ae:3d:b7:af:32:bf:ad:e0:1d" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:12.874038000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496092.874038000", - "frame.time_delta": "0.025069000", - "frame.time_delta_displayed": "0.025069000", - "frame.time_relative": "2501.413352000", - "frame.number": "8859", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "94:10:3e:36:60:09", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d155", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e656", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.dst_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "36218", - "tcp.dstport": "49153", - "tcp.port": "36218", - "tcp.port": "49153", - "tcp.stream": "340", - "tcp.len": "0", - "tcp.seq": "588", - "tcp.ack": "461", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "262", - "tcp.window_size": "16768", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000b679", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8857", - "tcp.analysis.ack_rtt": "0.032789000", - "tcp.analysis.initial_rtt": "0.002311000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:12.909177000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496092.909177000", - "frame.time_delta": "0.035139000", - "frame.time_delta_displayed": "0.035139000", - "frame.time_relative": "2501.448491000", - "frame.number": "8860", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002e29", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003756", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "22838", - "tcp.ack": "104445", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000af18", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a4:86:27:00:28:82:10", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812577319, TSecr 2654736": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812577319", - "tcp.options.timestamp.tsecr": "2654736" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8858", - "tcp.analysis.ack_rtt": "0.060208000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:12.909689000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496092.909689000", - "frame.time_delta": "0.000512000", - "frame.time_delta_displayed": "0.000512000", - "frame.time_relative": "2501.449003000", - "frame.number": "8861", - "frame.len": "392", - "frame.cap_len": "392", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "378", - "ip.id": "0x00009738", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007501", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "326", - "tcp.seq": "104445", - "tcp.nxtseq": "104771", - "tcp.ack": "22838", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00003eac", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:82:16:a7:a4:86:27", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2654742, TSecr 2812577319": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2654742", - "tcp.options.timestamp.tsecr": "2812577319" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "326", - "tcp.analysis.push_bytes_sent": "326" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "321", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:d0:9a:f1:30:6e:c1:0a:d2:f9:90:fc:90:ee:0e:da:09:76:e0:8e:70:61:27:2f:c4:c4:04:0f:70:f3:97:3e:9d:18:ec:1f:a9:f6:9a:e4:a3:a1:86:95:d6:48:81:63:c3:2c:88:b6:31:78:d4:f4:ea:54:5d:59:e4:d1:8e:f3:d1:e2:73:0e:82:f3:21:3d:e0:6b:5f:70:25:a7:86:46:f2:93:5d:c3:7f:5c:f6:25:56:83:af:b2:10:b9:27:a3:75:75:da:d9:12:37:54:9d:26:aa:78:a1:dc:9f:eb:40:8a:54:31:a4:39:dc:f9:16:80:1d:38:31:71:f9:bb:02:b9:1f:63:22:45:3e:43:31:2b:79:7b:c3:0f:2d:54:1c:c7:c4:83:77:5a:99:54:20:ee:62:ec:51:b7:b0:8d:ce:14:ee:59:11:15:61:e2:be:90:8e:9a:38:df:97:40:dd:20:10:e2:1a:a5:fe:1b:63:a0:2d:8e:38:ab:c4:1c:fb:06:f8:ea:cc:74:da:ff:b2:f7:dc:a4:42:4f:20:be:c8:29:a6:fd:18:4e:32:93:9c:15:8f:f0:3e:84:dd:5f:01:87:66:60:9f:87:d8:7e:6d:7f:1f:49:7e:0f:09:54:07:ff:c8:78:3d:c2:f3:5c:70:90:23:7e:3c:d5:ef:26:a4:3e:0b:55:aa:c7:14:5e:4c:01:37:18:1b:62:f0:dd:75:78:49:d5:39:58:33:79:f9:e6:b0:26:d3:13:76:29:dc:f2:b0:5e:a2:c2:41:47:e6:2e:33:f1:01:71:0a:d0:44:7b:6f:70:cc:a0:5d:bf:4d:7d:8c:03" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:12.971684000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496092.971684000", - "frame.time_delta": "0.061995000", - "frame.time_delta_displayed": "0.061995000", - "frame.time_relative": "2501.510998000", - "frame.number": "8862", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002e2a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003755", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "22838", - "tcp.ack": "104771", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000adbc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a4:86:37:00:28:82:16", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812577335, TSecr 2654742": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812577335", - "tcp.options.timestamp.tsecr": "2654742" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8861", - "tcp.analysis.ack_rtt": "0.061995000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:12.972114000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496092.972114000", - "frame.time_delta": "0.000430000", - "frame.time_delta_displayed": "0.000430000", - "frame.time_relative": "2501.511428000", - "frame.number": "8863", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002e2b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003725", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "22838", - "tcp.nxtseq": "22885", - "tcp.ack": "104771", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000a102", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a4:86:37:00:28:82:16", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812577335, TSecr 2654742": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812577335", - "tcp.options.timestamp.tsecr": "2654742" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:f3:c9:15:c8:f0:69:ca:d4:47:24:f3:fb:5e:30:51:dc:b9:f1:2f:9f:b0:00:46:ae:69:67:d4:67:b3:f4:52:30:07:8f:c0" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:12.972934000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496092.972934000", - "frame.time_delta": "0.000820000", - "frame.time_delta_displayed": "0.000820000", - "frame.time_relative": "2501.512248000", - "frame.number": "8864", - "frame.len": "616", - "frame.cap_len": "616", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "602", - "ip.id": "0x00002e2c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000352d", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "550", - "tcp.seq": "22885", - "tcp.nxtseq": "23435", - "tcp.ack": "104771", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000d07c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a4:86:37:00:28:82:16", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812577335, TSecr 2654742": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812577335", - "tcp.options.timestamp.tsecr": "2654742" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "597", - "tcp.analysis.push_bytes_sent": "550" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "545", - "ssl.app_data": "34:cd:34:17:47:48:0e:f4:72:15:5c:76:04:f3:a4:72:cf:86:18:9e:dd:3e:29:d3:a6:7b:5a:a7:cf:9c:f2:f6:0f:d9:f0:0a:80:d6:c0:81:b1:33:20:a7:ff:e1:63:21:98:92:df:d1:18:d7:62:85:d0:ee:e6:08:18:eb:0d:1e:a0:09:88:5b:7d:4f:4d:00:96:d5:9f:ef:ab:a5:26:73:95:64:c5:82:1d:bf:cb:1a:63:e6:44:53:c4:e5:78:20:b8:e2:1d:d8:3e:f8:26:4b:32:6f:29:59:f9:fd:e7:68:31:5b:1f:2d:36:77:13:cd:5b:45:0d:c7:8f:90:ed:8d:ed:ae:02:78:39:d5:65:e3:e6:92:4f:c2:93:b6:c2:51:88:19:c0:ff:58:59:ab:38:b0:47:71:e7:1f:b2:4e:4b:a8:0d:fd:94:c4:0a:3d:e9:cb:25:5d:d3:39:d6:60:1b:9b:68:da:e4:49:a8:b0:5d:72:9c:c7:9d:f0:7e:8e:bf:a1:d8:a7:02:05:f8:51:59:9d:69:e9:34:93:61:b3:3d:fd:94:2f:f4:b1:d1:35:49:c7:ea:ad:50:02:4b:70:8a:cb:32:ad:8f:e6:49:1d:95:33:25:08:51:61:82:e3:a8:5e:cd:41:21:15:7c:7e:e5:e8:27:96:f3:6f:8e:08:0d:7e:94:00:3d:fd:9f:65:94:fb:01:02:53:c9:30:47:91:32:6a:77:39:cb:a8:55:e5:a5:c2:04:41:6d:6e:67:ce:0d:da:61:f4:7d:26:53:d6:d4:35:e6:73:d1:0f:e7:f2:6e:6e:86:8d:b9:18:2a:9d:71:51:05:d5:47:7b:06:d1:c2:53:7e:40:3f:d3:a9:cf:b3:47:08:2f:ff:82:d7:08:cf:a3:5a:d9:45:aa:22:38:b1:ea:56:3e:30:b8:28:43:eb:34:79:9b:4f:cb:a4:9e:19:2b:86:a6:67:52:5b:ba:9f:fd:23:bd:c1:da:85:59:b1:8a:e5:25:a6:b2:6f:5c:92:3d:f7:83:19:06:5b:48:3c:39:09:58:06:4d:99:fc:82:f6:f0:44:89:bc:a2:0a:98:e6:b9:5b:70:33:6a:26:bd:e0:b3:24:3f:2f:e5:35:e4:28:57:ec:b3:41:c0:5f:67:bd:6e:e8:97:c6:23:dd:c1:bb:c8:6f:4e:ad:a0:e0:98:4e:c6:71:0d:60:7d:62:45:98:bb:2f:f7:83:6c:83:fb:e7:93:28:51:3f:0d:51:12:26:a3:02:4c:61:0f:9c:39:3a:ba:04:33:31:9a:84:1a:ae:e2:5a:55:18:d2:a3:74:94:1c:3f:5a:eb:82:a8:10:2a:3c:f5:07:7a:04:56:0a:ae:33:34:fc:52:09:f8:06:55:5c:9a:a9:2a:f8:ef:71:45:90:aa:77:51:e2:83:f4:2d:23:6d:ce:af:35:6e:02" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:12.975936000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496092.975936000", - "frame.time_delta": "0.003002000", - "frame.time_delta_displayed": "0.003002000", - "frame.time_relative": "2501.515250000", - "frame.number": "8865", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00009739", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007617", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "104771", - "tcp.nxtseq": "104818", - "tcp.ack": "23435", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000049cd", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:82:1d:a7:a4:86:37", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2654749, TSecr 2812577335": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2654749", - "tcp.options.timestamp.tsecr": "2812577335" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8864", - "tcp.analysis.ack_rtt": "0.003002000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:d1:00:82:5d:68:fe:f1:61:c5:16:f3:b9:20:63:58:b7:aa:7b:4f:69:aa:39:67:9f:ea:e4:de:24:e7:4d:71:ac:aa:df:a8" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:12.988995000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496092.988995000", - "frame.time_delta": "0.013059000", - "frame.time_delta_displayed": "0.013059000", - "frame.time_relative": "2501.528309000", - "frame.number": "8866", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "94:10:3e:36:60:09", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d156", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e655", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.dst_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "36218", - "tcp.dstport": "49153", - "tcp.port": "36218", - "tcp.port": "49153", - "tcp.stream": "340", - "tcp.len": "0", - "tcp.seq": "588", - "tcp.ack": "461", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "262", - "tcp.window_size": "16768", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000b678", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:12.991057000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496092.991057000", - "frame.time_delta": "0.002062000", - "frame.time_delta_displayed": "0.002062000", - "frame.time_relative": "2501.530371000", - "frame.number": "8867", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "94:10:3e:36:60:09", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b7ac", - "ip.checksum.status": "2", - "ip.src": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.src_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "49153", - "tcp.dstport": "36218", - "tcp.port": "49153", - "tcp.port": "36218", - "tcp.stream": "340", - "tcp.len": "0", - "tcp.seq": "461", - "tcp.ack": "589", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3507", - "tcp.window_size": "7014", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x0000a9cb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8866", - "tcp.analysis.ack_rtt": "0.002062000", - "tcp.analysis.initial_rtt": "0.002311000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:13.016443000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496093.016443000", - "frame.time_delta": "0.025386000", - "frame.time_delta_displayed": "0.025386000", - "frame.time_relative": "2501.555757000", - "frame.number": "8868", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "94:10:3e:36:60:09", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x0000bf96", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f801", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.dst_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "36219", - "tcp.dstport": "49153", - "tcp.port": "36219", - "tcp.port": "49153", - "tcp.stream": "341", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 49153", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "14600", - "tcp.window_size": "14600", - "tcp.checksum": "0x00000973", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:28:82:21:00:00:00:00:01:03:03:06", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 2654753, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2654753", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 6 (multiply by 64)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "6", - "tcp.options.wscale.multiplier": "64" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:13.018059000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496093.018059000", - "frame.time_delta": "0.001616000", - "frame.time_delta_displayed": "0.001616000", - "frame.time_relative": "2501.557373000", - "frame.number": "8869", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "94:10:3e:36:60:09", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b7a0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.src_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "49153", - "tcp.dstport": "36219", - "tcp.port": "49153", - "tcp.port": "36219", - "tcp.stream": "341", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 49153", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "5840", - "tcp.window_size": "5840", - "tcp.checksum": "0x0000ebed", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:01", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 1 (multiply by 2)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "1", - "tcp.options.wscale.multiplier": "2" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8868", - "tcp.analysis.ack_rtt": "0.001616000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:13.018527000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496093.018527000", - "frame.time_delta": "0.000468000", - "frame.time_delta_displayed": "0.000468000", - "frame.time_relative": "2501.557841000", - "frame.number": "8870", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "94:10:3e:36:60:09", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000bf97", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f814", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.dst_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "36219", - "tcp.dstport": "49153", - "tcp.port": "36219", - "tcp.port": "49153", - "tcp.stream": "341", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "229", - "tcp.window_size": "14656", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x000042a5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8869", - "tcp.analysis.ack_rtt": "0.000468000", - "tcp.analysis.initial_rtt": "0.002084000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:13.029580000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496093.029580000", - "frame.time_delta": "0.011053000", - "frame.time_delta_displayed": "0.011053000", - "frame.time_relative": "2501.568894000", - "frame.number": "8871", - "frame.len": "552", - "frame.cap_len": "552", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "94:10:3e:36:60:09", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "538", - "ip.id": "0x0000bf98", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f621", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.dst_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "36219", - "tcp.dstport": "49153", - "tcp.port": "36219", - "tcp.port": "49153", - "tcp.stream": "341", - "tcp.len": "498", - "tcp.seq": "1", - "tcp.nxtseq": "499", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "229", - "tcp.window_size": "14656", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x00005e78", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002084000", - "tcp.analysis.bytes_in_flight": "498", - "tcp.analysis.push_bytes_sent": "498" - } - }, - "http": { - "POST \/upnp\/control\/basicevent1 HTTP\/1.1\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "POST \/upnp\/control\/basicevent1 HTTP\/1.1\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "POST", - "http.request.uri": "\/upnp\/control\/basicevent1", - "http.request.version": "HTTP\/1.1" - }, - "http.request.line": "SOAPACTION: \"urn:Belkin:service:basicevent:1#GetBinaryState\"\n", - "http.content_length_header": "277", - "http.content_length_header_tree": { - "http.content_length": "277" - }, - "http.request.line": "Content-Length: 277\n", - "http.content_type": "text\/xml; charset=\"utf-8\"", - "http.request.line": "Content-Type: text\/xml; charset=\"utf-8\"\n", - "http.host": "192.168.0.225:49153", - "http.request.line": "HOST: 192.168.0.225:49153\n", - "http.user_agent": "CyberGarage-HTTP\/1.0", - "http.request.line": "User-Agent: CyberGarage-HTTP\/1.0\n", - "\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.225:49153\/upnp\/control\/basicevent1", - "http.request": "1", - "http.request_number": "1", - "http.file_data": "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<s:Envelope xmlns:s=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\" s:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\">\n<s:Body>\n<u:GetBinaryState xmlns:u=\"urn:Belkin:service:basicevent:1\">\n<\/u:GetBinaryState>\n<\/s:Body>\n<\/s:Envelope>" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"utf-8\"?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "utf-8", - "?>": "" - }, - "xml.tag": "<s:Envelope xmlns:s=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\" s:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\">", - "xml.tag_tree": { - "xml.attribute": "xmlns:s=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\"", - "xml.attribute": "s:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\"", - "xml.tag": "<s:Body>", - "xml.tag_tree": { - "xml.tag": "<u:GetBinaryState xmlns:u=\"urn:Belkin:service:basicevent:1\">", - "xml.tag_tree": { - "xml.attribute": "xmlns:u=\"urn:Belkin:service:basicevent:1\"", - "<\/u:GetBinaryState>": "" - }, - "<\/s:Body>": "" - }, - "<\/s:Envelope>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:13.031974000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496093.031974000", - "frame.time_delta": "0.002394000", - "frame.time_delta_displayed": "0.002394000", - "frame.time_relative": "2501.571288000", - "frame.number": "8872", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "94:10:3e:36:60:09", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002a66", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008d46", - "ip.checksum.status": "2", - "ip.src": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.src_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "49153", - "tcp.dstport": "36219", - "tcp.port": "49153", - "tcp.port": "36219", - "tcp.stream": "341", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "499", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3456", - "tcp.window_size": "6912", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x00003418", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8871", - "tcp.analysis.ack_rtt": "0.002394000", - "tcp.analysis.initial_rtt": "0.002084000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:13.035743000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496093.035743000", - "frame.time_delta": "0.003769000", - "frame.time_delta_displayed": "0.003769000", - "frame.time_relative": "2501.575057000", - "frame.number": "8873", - "frame.len": "246", - "frame.cap_len": "246", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "94:10:3e:36:60:09", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "232", - "ip.id": "0x00002a67", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008c85", - "ip.checksum.status": "2", - "ip.src": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.src_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "49153", - "tcp.dstport": "36219", - "tcp.port": "49153", - "tcp.port": "36219", - "tcp.stream": "341", - "tcp.len": "192", - "tcp.seq": "1", - "tcp.nxtseq": "193", - "tcp.ack": "499", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3456", - "tcp.window_size": "6912", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x0000371f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002084000", - "tcp.analysis.bytes_in_flight": "192", - "tcp.analysis.push_bytes_sent": "192" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:4f:4e:54:45:4e:54:2d:4c:45:4e:47:54:48:3a:20:32:38:35:0d:0a:43:4f:4e:54:45:4e:54:2d:54:59:50:45:3a:20:74:65:78:74:2f:78:6d:6c:3b:20:63:68:61:72:73:65:74:3d:22:75:74:66:2d:38:22:0d:0a:44:41:54:45:3a:20:57:65:64:2c:20:30:31:20:4e:6f:76:20:32:30:31:37:20:30:30:3a:32:38:3a:31:32:20:47:4d:54:0d:0a:45:58:54:3a:0d:0a:53:45:52:56:45:52:3a:20:55:6e:73:70:65:63:69:66:69:65:64:2c:20:55:50:6e:50:2f:31:2e:30:2c:20:55:6e:73:70:65:63:69:66:69:65:64:0d:0a:58:2d:55:73:65:72:2d:41:67:65:6e:74:3a:20:72:65:64:73:6f:6e:69:63:0d:0a:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:13.036198000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496093.036198000", - "frame.time_delta": "0.000455000", - "frame.time_delta_displayed": "0.000455000", - "frame.time_relative": "2501.575512000", - "frame.number": "8874", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "94:10:3e:36:60:09", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000bf99", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f812", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.dst_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "36219", - "tcp.dstport": "49153", - "tcp.port": "36219", - "tcp.port": "49153", - "tcp.stream": "341", - "tcp.len": "0", - "tcp.seq": "499", - "tcp.ack": "193", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "245", - "tcp.window_size": "15680", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x00003fe3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8873", - "tcp.analysis.ack_rtt": "0.000455000", - "tcp.analysis.initial_rtt": "0.002084000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:13.036694000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496093.036694000", - "frame.time_delta": "0.000496000", - "frame.time_delta_displayed": "0.000496000", - "frame.time_relative": "2501.576008000", - "frame.number": "8875", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "94:10:3e:36:60:09", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x00002a68", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008c27", - "ip.checksum.status": "2", - "ip.src": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.src_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "49153", - "tcp.dstport": "36219", - "tcp.port": "49153", - "tcp.port": "36219", - "tcp.stream": "341", - "tcp.len": "285", - "tcp.seq": "193", - "tcp.nxtseq": "479", - "tcp.ack": "499", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3456", - "tcp.window_size": "6912", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x00004006", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002084000", - "tcp.analysis.bytes_in_flight": "286", - "tcp.analysis.push_bytes_sent": "285" - }, - "tcp.segment_data": "3c:73:3a:45:6e:76:65:6c:6f:70:65:20:78:6d:6c:6e:73:3a:73:3d:22:68:74:74:70:3a:2f:2f:73:63:68:65:6d:61:73:2e:78:6d:6c:73:6f:61:70:2e:6f:72:67:2f:73:6f:61:70:2f:65:6e:76:65:6c:6f:70:65:2f:22:20:73:3a:65:6e:63:6f:64:69:6e:67:53:74:79:6c:65:3d:22:68:74:74:70:3a:2f:2f:73:63:68:65:6d:61:73:2e:78:6d:6c:73:6f:61:70:2e:6f:72:67:2f:73:6f:61:70:2f:65:6e:63:6f:64:69:6e:67:2f:22:3e:3c:73:3a:42:6f:64:79:3e:0a:3c:75:3a:47:65:74:42:69:6e:61:72:79:53:74:61:74:65:52:65:73:70:6f:6e:73:65:20:78:6d:6c:6e:73:3a:75:3d:22:75:72:6e:3a:42:65:6c:6b:69:6e:3a:73:65:72:76:69:63:65:3a:62:61:73:69:63:65:76:65:6e:74:3a:31:22:3e:0d:0a:3c:42:69:6e:61:72:79:53:74:61:74:65:3e:30:3c:2f:42:69:6e:61:72:79:53:74:61:74:65:3e:0d:0a:3c:2f:75:3a:47:65:74:42:69:6e:61:72:79:53:74:61:74:65:52:65:73:70:6f:6e:73:65:3e:0d:0a:3c:2f:73:3a:42:6f:64:79:3e:20:3c:2f:73:3a:45:6e:76:65:6c:6f:70:65:3e" - }, - "tcp.segments": { - "tcp.segment": "8873", - "tcp.segment": "8875", - "tcp.segment.count": "2", - "tcp.reassembled.length": "477", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:4f:4e:54:45:4e:54:2d:4c:45:4e:47:54:48:3a:20:32:38:35:0d:0a:43:4f:4e:54:45:4e:54:2d:54:59:50:45:3a:20:74:65:78:74:2f:78:6d:6c:3b:20:63:68:61:72:73:65:74:3d:22:75:74:66:2d:38:22:0d:0a:44:41:54:45:3a:20:57:65:64:2c:20:30:31:20:4e:6f:76:20:32:30:31:37:20:30:30:3a:32:38:3a:31:32:20:47:4d:54:0d:0a:45:58:54:3a:0d:0a:53:45:52:56:45:52:3a:20:55:6e:73:70:65:63:69:66:69:65:64:2c:20:55:50:6e:50:2f:31:2e:30:2c:20:55:6e:73:70:65:63:69:66:69:65:64:0d:0a:58:2d:55:73:65:72:2d:41:67:65:6e:74:3a:20:72:65:64:73:6f:6e:69:63:0d:0a:0d:0a:3c:73:3a:45:6e:76:65:6c:6f:70:65:20:78:6d:6c:6e:73:3a:73:3d:22:68:74:74:70:3a:2f:2f:73:63:68:65:6d:61:73:2e:78:6d:6c:73:6f:61:70:2e:6f:72:67:2f:73:6f:61:70:2f:65:6e:76:65:6c:6f:70:65:2f:22:20:73:3a:65:6e:63:6f:64:69:6e:67:53:74:79:6c:65:3d:22:68:74:74:70:3a:2f:2f:73:63:68:65:6d:61:73:2e:78:6d:6c:73:6f:61:70:2e:6f:72:67:2f:73:6f:61:70:2f:65:6e:63:6f:64:69:6e:67:2f:22:3e:3c:73:3a:42:6f:64:79:3e:0a:3c:75:3a:47:65:74:42:69:6e:61:72:79:53:74:61:74:65:52:65:73:70:6f:6e:73:65:20:78:6d:6c:6e:73:3a:75:3d:22:75:72:6e:3a:42:65:6c:6b:69:6e:3a:73:65:72:76:69:63:65:3a:62:61:73:69:63:65:76:65:6e:74:3a:31:22:3e:0d:0a:3c:42:69:6e:61:72:79:53:74:61:74:65:3e:30:3c:2f:42:69:6e:61:72:79:53:74:61:74:65:3e:0d:0a:3c:2f:75:3a:47:65:74:42:69:6e:61:72:79:53:74:61:74:65:52:65:73:70:6f:6e:73:65:3e:0d:0a:3c:2f:73:3a:42:6f:64:79:3e:20:3c:2f:73:3a:45:6e:76:65:6c:6f:70:65:3e" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_length_header": "285", - "http.content_length_header_tree": { - "http.content_length": "285" - }, - "http.response.line": "CONTENT-LENGTH: 285\r\n", - "http.content_type": "text\/xml; charset=\"utf-8\"", - "http.response.line": "CONTENT-TYPE: text\/xml; charset=\"utf-8\"\r\n", - "http.date": "Wed, 01 Nov 2017 00:28:12 GMT", - "http.response.line": "DATE: Wed, 01 Nov 2017 00:28:12 GMT\r\n", - "http.response.line": "EXT:\r\n", - "http.server": "Unspecified, UPnP\/1.0, Unspecified", - "http.response.line": "SERVER: Unspecified, UPnP\/1.0, Unspecified\r\n", - "http.response.line": "X-User-Agent: redsonic\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.007114000", - "http.request_in": "8871", - "http.file_data": "<s:Envelope xmlns:s=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\" s:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\"><s:Body>\n<u:GetBinaryStateResponse xmlns:u=\"urn:Belkin:service:basicevent:1\">\r\n<BinaryState>0<\/BinaryState>\r\n<\/u:GetBinaryStateResponse>\r\n<\/s:Body> <\/s:Envelope>" - }, - "xml": { - "xml.tag": "<s:Envelope xmlns:s=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\" s:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\">", - "xml.tag_tree": { - "xml.attribute": "xmlns:s=\"http:\/\/schemas.xmlsoap.org\/soap\/envelope\/\"", - "xml.attribute": "s:encodingStyle=\"http:\/\/schemas.xmlsoap.org\/soap\/encoding\/\"", - "xml.tag": "<s:Body>", - "xml.tag_tree": { - "xml.tag": "<u:GetBinaryStateResponse xmlns:u=\"urn:Belkin:service:basicevent:1\">", - "xml.tag_tree": { - "xml.attribute": "xmlns:u=\"urn:Belkin:service:basicevent:1\"", - "xml.tag": "<BinaryState>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/BinaryState>": "" - }, - "<\/u:GetBinaryStateResponse>": "" - }, - "<\/s:Body>": "" - }, - "<\/s:Envelope>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:13.073960000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496093.073960000", - "frame.time_delta": "0.037266000", - "frame.time_delta_displayed": "0.037266000", - "frame.time_relative": "2501.613274000", - "frame.number": "8876", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002e2d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003752", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "23435", - "tcp.ack": "104818", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000ab17", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a4:86:51:00:28:82:1d", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812577361, TSecr 2654749": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812577361", - "tcp.options.timestamp.tsecr": "2654749" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8865", - "tcp.analysis.ack_rtt": "0.098024000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:13.074056000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496093.074056000", - "frame.time_delta": "0.000096000", - "frame.time_delta_displayed": "0.000096000", - "frame.time_relative": "2501.613370000", - "frame.number": "8877", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "94:10:3e:36:60:09", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000bf9a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f811", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.dst_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "36219", - "tcp.dstport": "49153", - "tcp.port": "36219", - "tcp.port": "49153", - "tcp.stream": "341", - "tcp.len": "0", - "tcp.seq": "499", - "tcp.ack": "479", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "262", - "tcp.window_size": "16768", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x00003eb4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8875", - "tcp.analysis.ack_rtt": "0.037362000", - "tcp.analysis.initial_rtt": "0.002084000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:13.074474000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496093.074474000", - "frame.time_delta": "0.000418000", - "frame.time_delta_displayed": "0.000418000", - "frame.time_relative": "2501.613788000", - "frame.number": "8878", - "frame.len": "876", - "frame.cap_len": "876", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "862", - "ip.id": "0x0000973a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000731b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "810", - "tcp.seq": "104818", - "tcp.nxtseq": "105628", - "tcp.ack": "23435", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000045f9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:82:27:a7:a4:86:51", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2654759, TSecr 2812577361": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2654759", - "tcp.options.timestamp.tsecr": "2812577361" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "810", - "tcp.analysis.push_bytes_sent": "810" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:d2:5e:03:34:2d:68:17:0b:ff:73:01:67:23:27:96:98:ec:b8:2b:f2:09:c0:8a:83:07:e4:b7:b7:57:4b:20:df:02:08:17:db:0d:11:bf:31:38:86" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "48", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:d3:72:21:1f:59:6e:da:ae:f6:cf:a4:5d:55:96:af:c7:49:98:7f:d6:18:08:2a:dd:5e:82:cb:18:b0:28:17:cd:91:e0:88:d8:67:e6:f4:68:df" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:d4:5f:df:87:42:10:ad:af:d1:9e:0d:29:8f:e0:6f:c8:ca:16:0d:11:3c:ed:15:33:f0:61:b6:7c:46:f9:e6:a4:8d:eb:44:f3:85:bc:86:cc:df:33" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:d5:a5:dd:56:7e:9d:36:53:b0:b8:68:3f:58:ff:54:dc:cc:09:aa:83:c0:67:07:83:85:13:45:7b:88:76:65:16:75:0a:9c:f9:ed:9d:58:7b:ca:e9" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "246", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:d6:e2:b1:41:48:aa:3f:a2:6e:18:3c:45:cc:23:03:71:d0:6e:b7:a8:40:79:86:1b:17:f1:53:26:8b:72:71:2b:4d:9c:ca:d2:e7:8d:1a:d8:61:d1:43:d3:f0:b7:b7:9a:06:7a:54:73:5b:51:82:e8:b8:cf:18:02:2c:02:a9:39:91:2f:fd:a4:29:b1:d8:86:16:0f:5c:de:76:b5:37:93:59:97:19:24:8f:fd:5a:88:b8:34:31:00:a9:38:da:e4:05:3c:24:64:bf:8d:1b:04:f2:62:2a:fc:4b:c7:00:a0:6d:e4:85:6c:a0:ac:85:09:10:cd:26:58:e2:94:59:02:5b:c1:1c:90:4a:a4:b3:2e:fc:9a:4b:ab:47:31:ab:4a:39:8e:31:12:98:79:0c:3f:e4:53:3b:0d:68:05:89:13:ca:99:5c:62:aa:75:15:4a:c6:28:3b:01:01:b9:74:0a:56:4c:10:d1:71:19:ba:e3:5a:66:de:76:60:ac:33:ce:49:21:e4:86:c2:41:5f:0c:6d:af:95:0c:2f:44:8b:5b:bf:96:fb:f0:ef:ba:64:f6:87:31:1a:dd:ab:8f:d2:de:8a:b9:12:dd:5f:2f:fa:64:19:25:52:44:93:19:79" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "339", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:d7:8a:c8:42:69:08:2e:5a:1f:e8:9a:21:d0:2f:d0:ae:d4:88:6b:94:0a:2e:5d:46:eb:f7:1b:9e:2c:1d:4d:f7:3d:7d:a7:ac:ea:8f:68:9f:6e:ae:25:c4:e4:ce:8c:9d:b1:da:3c:9c:7b:cf:c5:81:ff:36:ca:de:09:b1:ea:15:b2:7e:ca:43:10:46:2a:d8:12:e1:6a:01:ee:0a:04:a3:19:68:1b:a6:97:2d:3c:ac:42:14:4e:ec:8d:fa:bd:ab:ba:60:4f:69:9e:31:b7:26:10:95:f6:c7:a7:4f:4d:83:99:78:8a:6c:da:36:3c:01:9b:b9:43:76:97:ac:ce:0e:3e:87:ee:29:a5:44:2d:d6:1e:8b:2a:b5:97:fa:44:5b:c3:f4:f9:56:15:29:e1:7f:35:a5:52:cc:64:41:74:5a:3f:07:6a:b8:9c:9e:e6:e3:b9:74:47:65:65:08:a4:44:aa:f3:64:51:e7:13:de:97:04:cf:14:19:8a:9b:e1:c2:59:10:b1:4d:2d:33:17:a7:38:18:02:9a:74:54:a8:41:be:c2:15:4f:4f:e8:29:08:53:24:4c:a3:56:86:d0:77:59:a6:11:40:21:9d:54:e4:cb:3a:dd:28:64:ba:0e:c6:21:7a:0c:80:e9:fb:a3:6f:83:a1:c5:d1:a1:dc:50:6f:16:28:2d:70:4b:bb:00:8f:7d:b8:f5:c0:58:e6:4c:be:79:d3:c3:cd:31:c3:ab:a5:4a:50:f5:b5:ca:4b:93:4f:b5:3c:42:ae:b8:a3:6f:08:14:b0:91:d5:ac:58:4c:e3:d0:86:b5:56:72:7d:8f:5c:6a:5b:56:66:88:fd:6c:04:48:a7:ab:21:0b:b3:37:cd:a9:d4:8d:df" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:13.135635000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496093.135635000", - "frame.time_delta": "0.061161000", - "frame.time_delta_displayed": "0.061161000", - "frame.time_relative": "2501.674949000", - "frame.number": "8879", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002e2e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003751", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "23435", - "tcp.ack": "105628", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000a7d4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a4:86:60:00:28:82:27", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812577376, TSecr 2654759": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812577376", - "tcp.options.timestamp.tsecr": "2654759" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8878", - "tcp.analysis.ack_rtt": "0.061161000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:13.137929000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496093.137929000", - "frame.time_delta": "0.002294000", - "frame.time_delta_displayed": "0.002294000", - "frame.time_relative": "2501.677243000", - "frame.number": "8880", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002e2f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003721", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "23435", - "tcp.nxtseq": "23482", - "tcp.ack": "105628", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00001cfc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a4:86:60:00:28:82:27", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812577376, TSecr 2654759": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812577376", - "tcp.options.timestamp.tsecr": "2654759" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:f5:82:eb:15:c2:c6:7b:5b:20:72:62:42:e3:cd:4b:82:e3:57:1d:b5:02:e6:91:64:e7:24:cb:6b:f0:92:4e:32:78:72:4a" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:13.141543000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496093.141543000", - "frame.time_delta": "0.003614000", - "frame.time_delta_displayed": "0.003614000", - "frame.time_relative": "2501.680857000", - "frame.number": "8881", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x0000973b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007615", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "105628", - "tcp.nxtseq": "105675", - "tcp.ack": "23482", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000b92b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:82:2d:a7:a4:86:60", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2654765, TSecr 2812577376": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2654765", - "tcp.options.timestamp.tsecr": "2812577376" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8880", - "tcp.analysis.ack_rtt": "0.003614000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:d8:d6:fd:38:b7:ba:0a:f0:89:d0:1c:ba:27:7f:0c:d8:63:47:6a:11:e2:ef:e0:ee:f5:d0:db:aa:eb:34:c8:fd:ed:a9:75" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:13.188773000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496093.188773000", - "frame.time_delta": "0.047230000", - "frame.time_delta_displayed": "0.047230000", - "frame.time_relative": "2501.728087000", - "frame.number": "8882", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "94:10:3e:36:60:09", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000bf9b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000f810", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.dst_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "36219", - "tcp.dstport": "49153", - "tcp.port": "36219", - "tcp.port": "49153", - "tcp.stream": "341", - "tcp.len": "0", - "tcp.seq": "499", - "tcp.ack": "479", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "262", - "tcp.window_size": "16768", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x00003eb3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:13.190374000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496093.190374000", - "frame.time_delta": "0.001601000", - "frame.time_delta_displayed": "0.001601000", - "frame.time_relative": "2501.729688000", - "frame.number": "8883", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "94:10:3e:36:60:09", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_36:60:09", - "eth.addr": "94:10:3e:36:60:09", - "eth.addr_resolved": "BelkinIn_36:60:09", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b7ac", - "ip.checksum.status": "2", - "ip.src": "192.168.0.225", - "ip.addr": "192.168.0.225", - "ip.src_host": "192.168.0.225", - "ip.host": "192.168.0.225", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "49153", - "tcp.dstport": "36219", - "tcp.port": "49153", - "tcp.port": "36219", - "tcp.stream": "341", - "tcp.len": "0", - "tcp.seq": "479", - "tcp.ack": "500", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3456", - "tcp.window_size": "6912", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x00003239", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8882", - "tcp.analysis.ack_rtt": "0.001601000", - "tcp.analysis.initial_rtt": "0.002084000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:13.238420000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496093.238420000", - "frame.time_delta": "0.048046000", - "frame.time_delta_displayed": "0.048046000", - "frame.time_relative": "2501.777734000", - "frame.number": "8884", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002e30", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000374f", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "23482", - "tcp.ack": "105675", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000a756", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a4:86:7a:00:28:82:2d", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812577402, TSecr 2654765": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812577402", - "tcp.options.timestamp.tsecr": "2654765" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8881", - "tcp.analysis.ack_rtt": "0.096877000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:13.238903000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496093.238903000", - "frame.time_delta": "0.000483000", - "frame.time_delta_displayed": "0.000483000", - "frame.time_relative": "2501.778217000", - "frame.number": "8885", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "106", - "ip.id": "0x0000973c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000760d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "54", - "tcp.seq": "105675", - "tcp.nxtseq": "105729", - "tcp.ack": "23482", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000028f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:82:37:a7:a4:86:7a", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2654775, TSecr 2812577402": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2654775", - "tcp.options.timestamp.tsecr": "2812577402" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "54", - "tcp.analysis.push_bytes_sent": "54" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:d9:d8:c5:30:a4:17:41:9c:b7:41:40:b4:7a:b0:5f:32:42:88:2b:5a:3b:e8:f4:c1:90:2a:3a:46:3e:b8:a2:38:3a:8c:8a:93:e4:f5:32:61:1f:74" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:13.299462000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496093.299462000", - "frame.time_delta": "0.060559000", - "frame.time_delta_displayed": "0.060559000", - "frame.time_relative": "2501.838776000", - "frame.number": "8886", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002e31", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000374e", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "23482", - "tcp.ack": "105729", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000a707", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a4:86:89:00:28:82:37", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812577417, TSecr 2654775": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812577417", - "tcp.options.timestamp.tsecr": "2654775" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8885", - "tcp.analysis.ack_rtt": "0.060559000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:15.252543000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496095.252543000", - "frame.time_delta": "1.953081000", - "frame.time_delta_displayed": "1.953081000", - "frame.time_relative": "2503.791857000", - "frame.number": "8887", - "frame.len": "1325", - "frame.cap_len": "1325", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1311", - "ip.id": "0x0000973d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007157", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "1259", - "tcp.seq": "105729", - "tcp.nxtseq": "106988", - "tcp.ack": "23482", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000cbec", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:83:00:a7:a4:86:89", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2654976, TSecr 2812577417": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2654976", - "tcp.options.timestamp.tsecr": "2812577417" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "1259", - "tcp.analysis.push_bytes_sent": "1259" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "1254", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:da:62:f9:60:83:46:ae:38:f2:01:75:31:7b:f6:35:7c:bb:06:38:55:22:b7:4b:df:04:bf:6d:5a:60:e4:30:ff:dc:b8:7c:7b:76:2b:33:01:73:42:e9:1f:d5:42:fc:80:b6:62:ae:78:b3:f3:de:86:ce:2c:19:25:86:84:8e:16:9c:16:31:9f:df:a9:10:a2:41:7c:8b:e0:6b:82:16:17:af:9a:8d:82:42:0f:ec:00:6c:4b:df:cd:5e:a2:03:37:b2:fe:fb:7d:c9:75:e9:ed:d1:81:2b:e8:0f:df:b9:bb:d9:d8:e5:7f:43:d3:82:1c:4f:a2:94:d7:64:20:e0:8f:b7:2c:3e:b3:d8:2a:e0:d4:40:82:af:dc:47:44:ce:86:1c:90:12:0e:e0:df:72:35:81:57:b4:e8:48:30:b9:f4:65:5c:d9:99:95:ab:0f:98:42:14:39:6b:0d:d5:15:a0:37:a4:76:36:bc:fe:83:c9:c3:a0:3a:cf:8b:88:1d:34:67:42:f1:fb:7a:2a:fa:ce:32:2b:ba:0c:34:02:32:f9:27:2b:d2:fb:3c:8b:cd:18:7e:0f:a3:33:ea:b2:c0:ad:31:91:9d:45:c3:c8:45:00:71:52:5a:9c:21:a9:f8:0a:97:f9:ed:5a:30:d2:36:4f:31:17:46:bc:d6:a4:31:64:e7:6a:4e:1c:1a:d2:f6:7f:e1:97:63:a8:09:e1:63:fe:5d:6d:34:b5:17:7c:61:03:13:d3:e3:c7:4e:e0:90:2f:ad:e0:ef:03:01:b1:02:53:96:c1:da:7e:a4:3a:ac:c7:0d:56:bc:03:d5:ca:58:3c:dd:1d:f4:1b:12:5c:0a:55:f1:6c:5d:82:2a:b5:08:16:2e:63:76:51:c6:21:ea:f0:fe:f7:43:02:a4:e8:32:67:b2:87:10:41:69:6e:47:a2:30:2a:7f:5e:79:d8:7a:b1:0e:01:3a:63:40:8b:f7:a2:d1:48:f5:ff:62:3c:bf:f6:9a:58:45:73:c7:cc:77:3f:57:72:cd:5e:f0:8a:f9:58:7d:1f:2b:b4:bd:40:a0:43:fc:0b:ee:d9:35:1b:2a:1a:3d:1d:80:85:e1:b5:a6:44:d9:2c:d0:05:97:25:8f:45:66:50:a6:32:01:7e:00:f1:e2:1a:e9:a6:71:96:65:4a:33:1b:53:b3:ea:48:9c:25:38:f6:04:4f:ab:69:c6:d2:28:53:a3:f3:e2:8e:3d:8f:6a:74:28:a1:19:46:48:71:a4:a8:91:34:4d:71:47:bd:25:45:26:4a:f9:90:bf:b9:ca:09:67:3e:42:16:e3:be:f1:02:4c:e6:1c:ce:ce:06:20:ea:8e:32:7e:62:d8:35:30:d9:f5:70:22:e1:8a:fc:62:7f:a0:ba:bc:48:95:be:cc:b0:e4:09:36:4a:7c:69:50:e8:12:cf:a3:3d:55:c4:e6:29:75:33:b2:1b:0d:bc:43:54:2c:ce:71:a4:fb:54:b6:9d:e9:e4:7e:7f:58:2e:5f:96:6b:77:d4:40:27:c1:ba:43:bf:46:82:f1:20:31:79:32:45:aa:b2:e1:23:9d:da:41:5a:12:ca:38:ef:7a:6a:7c:bb:7d:f8:9b:7c:e0:5d:22:aa:69:3f:cf:3a:93:4f:28:53:4f:70:d2:4b:88:09:5c:62:dd:34:68:80:9c:c0:cf:21:f8:e5:e0:ac:13:ce:23:19:43:5b:97:c2:9b:5c:de:aa:5f:d1:d6:1d:7d:b1:89:23:86:a3:6c:18:f9:fc:23:a4:77:08:7a:9a:35:aa:4e:1a:59:5f:1d:ea:d2:16:b5:57:58:b8:b3:85:d2:0f:ac:06:a6:49:3e:b8:6e:df:84:21:95:3c:53:77:63:f8:da:77:6c:71:da:36:83:52:d5:70:00:86:26:36:bf:ad:ed:46:bc:62:02:cd:e0:2f:94:18:25:4c:e5:4e:4d:62:98:80:25:b6:ff:50:ba:c3:bb:4c:55:fe:67:dd:79:5e:48:4c:82:21:4b:b3:32:56:1f:9e:94:7c:ac:ae:cb:6d:20:45:2e:df:9c:36:47:75:3c:5a:75:02:40:8a:cb:09:74:09:f9:ee:d0:7a:55:d1:cb:f1:32:a0:4f:57:cf:a8:f7:5f:e0:ab:b9:fe:e9:e0:c3:ba:61:95:2c:af:25:c3:fa:45:c2:3a:47:93:99:76:f8:34:52:08:5d:63:00:d1:fa:23:4b:4d:93:42:57:fd:b5:86:83:a1:a4:e1:92:3a:9c:5e:7b:49:b4:1f:fb:f4:9a:34:03:7d:d1:13:59:43:01:50:4a:35:fe:34:bc:ba:22:0d:eb:e1:91:61:02:92:33:a5:8c:93:43:c5:fe:5b:d4:92:bc:1a:b5:09:31:b7:fd:69:23:4b:43:41:97:9a:79:9c:65:4c:92:cd:44:49:1e:98:27:88:5e:bd:f8:7e:dd:f2:e4:3e:e4:c2:b0:81:82:2d:4d:9a:23:89:b7:19:39:99:af:5c:62:5b:6d:c7:1f:1c:89:6d:c1:59:b8:3c:d0:cf:33:97:c5:b5:47:ef:4a:b7:f9:27:20:84:74:63:41:69:20:15:b6:41:69:aa:43:cf:0e:14:f4:73:94:cc:1b:15:4a:55:a7:e8:7f:51:35:80:3b:c7:60:b9:6d:2f:16:35:86:3a:03:d9:29:cc:ee:0d:3f:48:41:b6:12:b8:92:d2:de:59:43:93:21:69:4b:b5:a2:b9:ec:9d:a6:21:8c:c2:4c:24:85:97:12:81:67:af:59:9e:5a:f9:f6:3f:6d:a2:05:dd:21:fb:66:78:00:42:9d:e0:4d:dd:a2:0a:75:b4:83:61:34:f7:48:a8:5c:90:10:c8:5c:be:54:ba:12:bd:18:4b:29:f1:bc:b8:5d:4c:50:fa:53:76:dd:bb:ab:ff:b0:a8:b1:72:7e:e0:17:7f:d0:e9:51:55:92:6f:15:10:00:88:1e:77:dc:50:79:4f:ae:a6:8d:d2:0f:30:a9:25:d8:ba:b6:3d:2d:c0:ef:0d:66:b3:d2:01:78:fc:b9:dc:e1:db:63:99:cf:a0:7c:b9:b7:aa:f5:4b:c1:74:22:98:8f:7e:d3:73:4d:e9:fb:03:bf:37:c4:eb:86:37:fe:c7:6c:1c:6f:3c:3a:c1:02:b0:ee:08:a3:5e:2b:bd:e5:1e:ff:26:b7:58:78:cc:53:38:7c:47:3b:17:24:33:ed:c0:89:a5:de:a8:c1:86:85:c3:38:84:87:a3:7a:c3:78:ce:4b:9b:81:6d:16:a7:0d:53:f5:69:4a:63:31:a5:3c:28:b3:18:be:d1" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:15.313361000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496095.313361000", - "frame.time_delta": "0.060818000", - "frame.time_delta_displayed": "0.060818000", - "frame.time_relative": "2503.852675000", - "frame.number": "8888", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002e32", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000374d", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "23482", - "tcp.ack": "106988", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00009f5c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a4:88:80:00:28:83:00", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812577920, TSecr 2654976": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812577920", - "tcp.options.timestamp.tsecr": "2654976" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8887", - "tcp.analysis.ack_rtt": "0.060818000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:18.486641000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496098.486641000", - "frame.time_delta": "3.173280000", - "frame.time_delta_displayed": "3.173280000", - "frame.time_relative": "2507.025955000", - "frame.number": "8889", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00002804", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000905d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "52887", - "udp.dstport": "53", - "udp.port": "52887", - "udp.port": "53", - "udp.length": "52", - "udp.checksum": "0x00008eb7", - "udp.checksum.status": "2", - "udp.stream": "161" - }, - "dns": { - "dns.id": "0x0000b94c", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "fw-update2.smartthings.com: type A, class IN": { - "dns.qry.name": "fw-update2.smartthings.com", - "dns.qry.name.len": "26", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:18.486656000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496098.486656000", - "frame.time_delta": "0.000015000", - "frame.time_delta_displayed": "0.000015000", - "frame.time_relative": "2507.025970000", - "frame.number": "8890", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00002805", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000905c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "52887", - "udp.dstport": "53", - "udp.port": "52887", - "udp.port": "53", - "udp.length": "52", - "udp.checksum": "0x000084eb", - "udp.checksum.status": "2", - "udp.stream": "161" - }, - "dns": { - "dns.id": "0x0000c2fd", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "fw-update2.smartthings.com: type AAAA, class IN": { - "dns.qry.name": "fw-update2.smartthings.com", - "dns.qry.name.len": "26", - "dns.count.labels": "3", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:18.487820000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496098.487820000", - "frame.time_delta": "0.001164000", - "frame.time_delta_displayed": "0.001164000", - "frame.time_relative": "2507.027134000", - "frame.number": "8891", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x0000ad74", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00000aed", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "52887", - "udp.port": "53", - "udp.port": "52887", - "udp.length": "52", - "udp.checksum": "0x00008289", - "udp.checksum.status": "2", - "udp.stream": "161" - }, - "dns": { - "dns.response_to": "8890", - "dns.time": "0.001164000", - "dns.id": "0x0000c2fd", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "fw-update2.smartthings.com: type AAAA, class IN": { - "dns.qry.name": "fw-update2.smartthings.com", - "dns.qry.name.len": "26", - "dns.count.labels": "3", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:18.516141000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496098.516141000", - "frame.time_delta": "0.028321000", - "frame.time_delta_displayed": "0.028321000", - "frame.time_relative": "2507.055455000", - "frame.number": "8892", - "frame.len": "447", - "frame.cap_len": "447", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "433", - "ip.id": "0x0000ad75", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00000983", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "52887", - "udp.port": "53", - "udp.port": "52887", - "udp.length": "413", - "udp.checksum": "0x000083f2", - "udp.checksum.status": "2", - "udp.stream": "161" - }, - "dns": { - "dns.response_to": "8889", - "dns.time": "0.029500000", - "dns.id": "0x0000b94c", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "3", - "dns.count.auth_rr": "4", - "dns.count.add_rr": "8", - "Queries": { - "fw-update2.smartthings.com: type A, class IN": { - "dns.qry.name": "fw-update2.smartthings.com", - "dns.qry.name.len": "26", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "fw-update2.smartthings.com: type A, class IN, addr 52.4.156.100": { - "dns.resp.name": "fw-update2.smartthings.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "60", - "dns.resp.len": "4", - "dns.a": "52.4.156.100" - }, - "fw-update2.smartthings.com: type A, class IN, addr 52.70.238.171": { - "dns.resp.name": "fw-update2.smartthings.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "60", - "dns.resp.len": "4", - "dns.a": "52.70.238.171" - }, - "fw-update2.smartthings.com: type A, class IN, addr 34.231.50.247": { - "dns.resp.name": "fw-update2.smartthings.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "60", - "dns.resp.len": "4", - "dns.a": "34.231.50.247" - } - }, - "Authoritative nameservers": { - "smartthings.com: type NS, class IN, ns ns-1610.awsdns-09.co.uk": { - "dns.resp.name": "smartthings.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "62631", - "dns.resp.len": "25", - "dns.ns": "ns-1610.awsdns-09.co.uk" - }, - "smartthings.com: type NS, class IN, ns ns-779.awsdns-33.net": { - "dns.resp.name": "smartthings.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "62631", - "dns.resp.len": "22", - "dns.ns": "ns-779.awsdns-33.net" - }, - "smartthings.com: type NS, class IN, ns ns-442.awsdns-55.com": { - "dns.resp.name": "smartthings.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "62631", - "dns.resp.len": "19", - "dns.ns": "ns-442.awsdns-55.com" - }, - "smartthings.com: type NS, class IN, ns ns-1275.awsdns-31.org": { - "dns.resp.name": "smartthings.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "62631", - "dns.resp.len": "23", - "dns.ns": "ns-1275.awsdns-31.org" - } - }, - "Additional records": { - "ns-442.awsdns-55.com: type A, class IN, addr 205.251.193.186": { - "dns.resp.name": "ns-442.awsdns-55.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "149455", - "dns.resp.len": "4", - "dns.a": "205.251.193.186" - }, - "ns-779.awsdns-33.net: type A, class IN, addr 205.251.195.11": { - "dns.resp.name": "ns-779.awsdns-33.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "58492", - "dns.resp.len": "4", - "dns.a": "205.251.195.11" - }, - "ns-1275.awsdns-31.org: type A, class IN, addr 205.251.196.251": { - "dns.resp.name": "ns-1275.awsdns-31.org", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "56731", - "dns.resp.len": "4", - "dns.a": "205.251.196.251" - }, - "ns-1610.awsdns-09.co.uk: type A, class IN, addr 205.251.198.74": { - "dns.resp.name": "ns-1610.awsdns-09.co.uk", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "56833", - "dns.resp.len": "4", - "dns.a": "205.251.198.74" - }, - "ns-442.awsdns-55.com: type AAAA, class IN, addr 2600:9000:5301:ba00::1": { - "dns.resp.name": "ns-442.awsdns-55.com", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "100388", - "dns.resp.len": "16", - "dns.aaaa": "2600:9000:5301:ba00::1" - }, - "ns-779.awsdns-33.net: type AAAA, class IN, addr 2600:9000:5303:b00::1": { - "dns.resp.name": "ns-779.awsdns-33.net", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "58492", - "dns.resp.len": "16", - "dns.aaaa": "2600:9000:5303:b00::1" - }, - "ns-1275.awsdns-31.org: type AAAA, class IN, addr 2600:9000:5304:fb00::1": { - "dns.resp.name": "ns-1275.awsdns-31.org", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "56731", - "dns.resp.len": "16", - "dns.aaaa": "2600:9000:5304:fb00::1" - }, - "ns-1610.awsdns-09.co.uk: type AAAA, class IN, addr 2600:9000:5306:4a00::1": { - "dns.resp.name": "ns-1610.awsdns-09.co.uk", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "56833", - "dns.resp.len": "16", - "dns.aaaa": "2600:9000:5306:4a00::1" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:18.517285000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496098.517285000", - "frame.time_delta": "0.001144000", - "frame.time_delta_displayed": "0.001144000", - "frame.time_relative": "2507.056599000", - "frame.number": "8893", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x0000d0fe", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d7ba", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "52.4.156.100", - "ip.addr": "52.4.156.100", - "ip.dst_host": "52.4.156.100", - "ip.host": "52.4.156.100", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.dst_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.dst_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.dst_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - } - }, - "tcp": { - "tcp.srcport": "58254", - "tcp.dstport": "443", - "tcp.port": "58254", - "tcp.port": "443", - "tcp.stream": "342", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 443", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "14600", - "tcp.window_size": "14600", - "tcp.checksum": "0x00002dd5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:28:84:47:00:00:00:00:01:03:03:06", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 2655303, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2655303", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 6 (multiply by 64)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "6", - "tcp.options.wscale.multiplier": "64" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:18.595089000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496098.595089000", - "frame.time_delta": "0.077804000", - "frame.time_delta_displayed": "0.077804000", - "frame.time_relative": "2507.134403000", - "frame.number": "8894", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "231", - "ip.proto": "6", - "ip.checksum": "0x000001b9", - "ip.checksum.status": "2", - "ip.src": "52.4.156.100", - "ip.addr": "52.4.156.100", - "ip.src_host": "52.4.156.100", - "ip.host": "52.4.156.100", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.src_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.src_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.src_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "58254", - "tcp.port": "443", - "tcp.port": "58254", - "tcp.stream": "342", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 443", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "26847", - "tcp.window_size": "26847", - "tcp.checksum": "0x0000ddd8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:4b:4b:ca:dd:00:28:84:47:01:03:03:08", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 1263258333, TSecr 2655303": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "1263258333", - "tcp.options.timestamp.tsecr": "2655303" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8893", - "tcp.analysis.ack_rtt": "0.077804000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:18.595600000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496098.595600000", - "frame.time_delta": "0.000511000", - "frame.time_delta_displayed": "0.000511000", - "frame.time_relative": "2507.134914000", - "frame.number": "8895", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000d0ff", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d7c1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "52.4.156.100", - "ip.addr": "52.4.156.100", - "ip.dst_host": "52.4.156.100", - "ip.host": "52.4.156.100", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.dst_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.dst_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.dst_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - } - }, - "tcp": { - "tcp.srcport": "58254", - "tcp.dstport": "443", - "tcp.port": "58254", - "tcp.port": "443", - "tcp.stream": "342", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "229", - "tcp.window_size": "14656", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x00007498", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:84:4f:4b:4b:ca:dd", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2655311, TSecr 1263258333": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2655311", - "tcp.options.timestamp.tsecr": "1263258333" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8894", - "tcp.analysis.ack_rtt": "0.000511000", - "tcp.analysis.initial_rtt": "0.078315000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:18.597740000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496098.597740000", - "frame.time_delta": "0.002140000", - "frame.time_delta_displayed": "0.002140000", - "frame.time_relative": "2507.137054000", - "frame.number": "8896", - "frame.len": "373", - "frame.cap_len": "373", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "359", - "ip.id": "0x0000d100", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d68d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "52.4.156.100", - "ip.addr": "52.4.156.100", - "ip.dst_host": "52.4.156.100", - "ip.host": "52.4.156.100", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.dst_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.dst_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.dst_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - } - }, - "tcp": { - "tcp.srcport": "58254", - "tcp.dstport": "443", - "tcp.port": "58254", - "tcp.port": "443", - "tcp.stream": "342", - "tcp.len": "307", - "tcp.seq": "1", - "tcp.nxtseq": "308", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "229", - "tcp.window_size": "14656", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x00009dc5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:84:4f:4b:4b:ca:dd", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2655311, TSecr 1263258333": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2655311", - "tcp.options.timestamp.tsecr": "1263258333" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.078315000", - "tcp.analysis.bytes_in_flight": "307", - "tcp.analysis.push_bytes_sent": "307" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "22", - "ssl.record.version": "0x00000301", - "ssl.record.length": "302", - "ssl.handshake": { - "ssl.handshake.type": "1", - "ssl.handshake.length": "298", - "ssl.handshake.version": "0x00000303", - "Random": { - "ssl.handshake.random_time": "May 31, 2070 05:28:41.000000000 PDT", - "ssl.handshake.random": "cf:b0:4a:3a:47:a6:38:98:68:80:c2:56:ba:4f:38:b3:96:02:58:43:17:af:c2:a3:de:35:63:62" - }, - "ssl.handshake.session_id_length": "0", - "ssl.handshake.cipher_suites_length": "148", - "ssl.handshake.ciphersuites": { - "ssl.handshake.ciphersuite": "49200", - "ssl.handshake.ciphersuite": "49196", - "ssl.handshake.ciphersuite": "49192", - "ssl.handshake.ciphersuite": "49188", - "ssl.handshake.ciphersuite": "49172", - "ssl.handshake.ciphersuite": "49162", - "ssl.handshake.ciphersuite": "163", - "ssl.handshake.ciphersuite": "159", - "ssl.handshake.ciphersuite": "107", - "ssl.handshake.ciphersuite": "106", - "ssl.handshake.ciphersuite": "57", - "ssl.handshake.ciphersuite": "56", - "ssl.handshake.ciphersuite": "136", - "ssl.handshake.ciphersuite": "135", - "ssl.handshake.ciphersuite": "49202", - "ssl.handshake.ciphersuite": "49198", - "ssl.handshake.ciphersuite": "49194", - "ssl.handshake.ciphersuite": "49190", - "ssl.handshake.ciphersuite": "49167", - "ssl.handshake.ciphersuite": "49157", - "ssl.handshake.ciphersuite": "157", - "ssl.handshake.ciphersuite": "61", - "ssl.handshake.ciphersuite": "53", - "ssl.handshake.ciphersuite": "132", - "ssl.handshake.ciphersuite": "49199", - "ssl.handshake.ciphersuite": "49195", - "ssl.handshake.ciphersuite": "49191", - "ssl.handshake.ciphersuite": "49187", - "ssl.handshake.ciphersuite": "49171", - "ssl.handshake.ciphersuite": "49161", - "ssl.handshake.ciphersuite": "162", - "ssl.handshake.ciphersuite": "158", - "ssl.handshake.ciphersuite": "103", - "ssl.handshake.ciphersuite": "64", - "ssl.handshake.ciphersuite": "51", - "ssl.handshake.ciphersuite": "50", - "ssl.handshake.ciphersuite": "154", - "ssl.handshake.ciphersuite": "153", - "ssl.handshake.ciphersuite": "69", - "ssl.handshake.ciphersuite": "68", - "ssl.handshake.ciphersuite": "49201", - "ssl.handshake.ciphersuite": "49197", - "ssl.handshake.ciphersuite": "49193", - "ssl.handshake.ciphersuite": "49189", - "ssl.handshake.ciphersuite": "49166", - "ssl.handshake.ciphersuite": "49156", - "ssl.handshake.ciphersuite": "156", - "ssl.handshake.ciphersuite": "60", - "ssl.handshake.ciphersuite": "47", - "ssl.handshake.ciphersuite": "150", - "ssl.handshake.ciphersuite": "65", - "ssl.handshake.ciphersuite": "7", - "ssl.handshake.ciphersuite": "49169", - "ssl.handshake.ciphersuite": "49159", - "ssl.handshake.ciphersuite": "49164", - "ssl.handshake.ciphersuite": "49154", - "ssl.handshake.ciphersuite": "5", - "ssl.handshake.ciphersuite": "4", - "ssl.handshake.ciphersuite": "49170", - "ssl.handshake.ciphersuite": "49160", - "ssl.handshake.ciphersuite": "22", - "ssl.handshake.ciphersuite": "19", - "ssl.handshake.ciphersuite": "49165", - "ssl.handshake.ciphersuite": "49155", - "ssl.handshake.ciphersuite": "10", - "ssl.handshake.ciphersuite": "21", - "ssl.handshake.ciphersuite": "18", - "ssl.handshake.ciphersuite": "9", - "ssl.handshake.ciphersuite": "20", - "ssl.handshake.ciphersuite": "17", - "ssl.handshake.ciphersuite": "8", - "ssl.handshake.ciphersuite": "6", - "ssl.handshake.ciphersuite": "3", - "ssl.handshake.ciphersuite": "255" - }, - "ssl.handshake.comp_methods_length": "1", - "ssl.handshake.comp_methods": { - "ssl.handshake.comp_method": "0" - }, - "ssl.handshake.extensions_length": "109", - "Extension: ec_point_formats": { - "ssl.handshake.extension.type": "0x0000000b", - "ssl.handshake.extension.len": "4", - "ssl.handshake.extensions_ec_point_formats_length": "3", - "ssl.handshake.extensions_elliptic_curves": { - "ssl.handshake.extensions_ec_point_format": "0", - "ssl.handshake.extensions_ec_point_format": "1", - "ssl.handshake.extensions_ec_point_format": "2" - } - }, - "Extension: elliptic_curves": { - "ssl.handshake.extension.type": "0x0000000a", - "ssl.handshake.extension.len": "52", - "ssl.handshake.extensions_elliptic_curves_length": "50", - "ssl.handshake.extensions_elliptic_curves": { - "ssl.handshake.extensions_elliptic_curve": "0x0000000e", - "ssl.handshake.extensions_elliptic_curve": "0x0000000d", - "ssl.handshake.extensions_elliptic_curve": "0x00000019", - "ssl.handshake.extensions_elliptic_curve": "0x0000000b", - "ssl.handshake.extensions_elliptic_curve": "0x0000000c", - "ssl.handshake.extensions_elliptic_curve": "0x00000018", - "ssl.handshake.extensions_elliptic_curve": "0x00000009", - "ssl.handshake.extensions_elliptic_curve": "0x0000000a", - "ssl.handshake.extensions_elliptic_curve": "0x00000016", - "ssl.handshake.extensions_elliptic_curve": "0x00000017", - "ssl.handshake.extensions_elliptic_curve": "0x00000008", - "ssl.handshake.extensions_elliptic_curve": "0x00000006", - "ssl.handshake.extensions_elliptic_curve": "0x00000007", - "ssl.handshake.extensions_elliptic_curve": "0x00000014", - "ssl.handshake.extensions_elliptic_curve": "0x00000015", - "ssl.handshake.extensions_elliptic_curve": "0x00000004", - "ssl.handshake.extensions_elliptic_curve": "0x00000005", - "ssl.handshake.extensions_elliptic_curve": "0x00000012", - "ssl.handshake.extensions_elliptic_curve": "0x00000013", - "ssl.handshake.extensions_elliptic_curve": "0x00000001", - "ssl.handshake.extensions_elliptic_curve": "0x00000002", - "ssl.handshake.extensions_elliptic_curve": "0x00000003", - "ssl.handshake.extensions_elliptic_curve": "0x0000000f", - "ssl.handshake.extensions_elliptic_curve": "0x00000010", - "ssl.handshake.extensions_elliptic_curve": "0x00000011" - } - }, - "Extension: SessionTicket TLS": { - "ssl.handshake.extension.type": "0x00000023", - "ssl.handshake.extension.len": "0", - "ssl.handshake.extension.data": "" - }, - "Extension: signature_algorithms": { - "ssl.handshake.extension.type": "0x0000000d", - "ssl.handshake.extension.len": "32", - "ssl.handshake.sig_hash_alg_len": "30", - "ssl.handshake.sig_hash_algs": { - "ssl.handshake.sig_hash_alg": "0x00000601", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "6", - "ssl.handshake.sig_hash_sig": "1" - }, - "ssl.handshake.sig_hash_alg": "0x00000602", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "6", - "ssl.handshake.sig_hash_sig": "2" - }, - "ssl.handshake.sig_hash_alg": "0x00000603", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "6", - "ssl.handshake.sig_hash_sig": "3" - }, - "ssl.handshake.sig_hash_alg": "0x00000501", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "5", - "ssl.handshake.sig_hash_sig": "1" - }, - "ssl.handshake.sig_hash_alg": "0x00000502", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "5", - "ssl.handshake.sig_hash_sig": "2" - }, - "ssl.handshake.sig_hash_alg": "0x00000503", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "5", - "ssl.handshake.sig_hash_sig": "3" - }, - "ssl.handshake.sig_hash_alg": "0x00000401", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "4", - "ssl.handshake.sig_hash_sig": "1" - }, - "ssl.handshake.sig_hash_alg": "0x00000402", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "4", - "ssl.handshake.sig_hash_sig": "2" - }, - "ssl.handshake.sig_hash_alg": "0x00000403", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "4", - "ssl.handshake.sig_hash_sig": "3" - }, - "ssl.handshake.sig_hash_alg": "0x00000301", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "3", - "ssl.handshake.sig_hash_sig": "1" - }, - "ssl.handshake.sig_hash_alg": "0x00000302", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "3", - "ssl.handshake.sig_hash_sig": "2" - }, - "ssl.handshake.sig_hash_alg": "0x00000303", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "3", - "ssl.handshake.sig_hash_sig": "3" - }, - "ssl.handshake.sig_hash_alg": "0x00000201", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "2", - "ssl.handshake.sig_hash_sig": "1" - }, - "ssl.handshake.sig_hash_alg": "0x00000202", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "2", - "ssl.handshake.sig_hash_sig": "2" - }, - "ssl.handshake.sig_hash_alg": "0x00000203", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "2", - "ssl.handshake.sig_hash_sig": "3" - } - } - }, - "Extension: Heartbeat": { - "ssl.handshake.extension.type": "0x0000000f", - "ssl.handshake.extension.len": "1", - "ssl.handshake.extension.heartbeat.mode": "1" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:18.675430000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496098.675430000", - "frame.time_delta": "0.077690000", - "frame.time_delta_displayed": "0.077690000", - "frame.time_relative": "2507.214744000", - "frame.number": "8897", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x000068ae", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "231", - "ip.proto": "6", - "ip.checksum": "0x00009912", - "ip.checksum.status": "2", - "ip.src": "52.4.156.100", - "ip.addr": "52.4.156.100", - "ip.src_host": "52.4.156.100", - "ip.host": "52.4.156.100", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.src_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.src_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.src_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "58254", - "tcp.port": "443", - "tcp.port": "58254", - "tcp.stream": "342", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "308", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "110", - "tcp.window_size": "28160", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000073c8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:4b:4b:ca:f1:00:28:84:4f", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 1263258353, TSecr 2655311": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "1263258353", - "tcp.options.timestamp.tsecr": "2655311" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8896", - "tcp.analysis.ack_rtt": "0.077690000", - "tcp.analysis.initial_rtt": "0.078315000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:18.676528000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496098.676528000", - "frame.time_delta": "0.001098000", - "frame.time_delta_displayed": "0.001098000", - "frame.time_relative": "2507.215842000", - "frame.number": "8898", - "frame.len": "1514", - "frame.cap_len": "1514", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1500", - "ip.id": "0x000068af", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "231", - "ip.proto": "6", - "ip.checksum": "0x00009369", - "ip.checksum.status": "2", - "ip.src": "52.4.156.100", - "ip.addr": "52.4.156.100", - "ip.src_host": "52.4.156.100", - "ip.host": "52.4.156.100", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.src_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.src_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.src_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "58254", - "tcp.port": "443", - "tcp.port": "58254", - "tcp.stream": "342", - "tcp.len": "1448", - "tcp.seq": "1", - "tcp.nxtseq": "1449", - "tcp.ack": "308", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "110", - "tcp.window_size": "28160", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000097d1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:4b:4b:ca:f1:00:28:84:4f", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 1263258353, TSecr 2655311": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "1263258353", - "tcp.options.timestamp.tsecr": "2655311" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.078315000", - "tcp.analysis.bytes_in_flight": "1448", - "tcp.analysis.push_bytes_sent": "1448" - }, - "tcp.segment_data": "16:03:03:05:49:0b:00:05:45:00:05:42:00:03:09:30:82:03:05:30:82:02:6e:a0:03:02:01:02:02:01:00:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:34:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:34:34:5a:30:5f:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:10:30:0e:06:03:55:04:03:13:07:53:54:46:57:53:52:56:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:c9:56:e8:6d:ec:56:0a:e8:a6:09:dc:50:d1:72:66:6d:16:64:1c:fa:f4:df:ab:ee:e5:89:6f:90:1c:78:63:3a:cd:18:c9:a0:0a:c2:c9:09:99:15:ce:93:87:44:31:dc:56:53:c4:1d:bd:6a:6a:96:2d:97:e8:16:59:4c:b6:13:6d:a7:e6:e1:1e:51:8f:7a:40:d9:eb:47:f6:88:3f:04:7a:a2:3a:49:ae:c4:fb:fe:f3:b6:72:59:38:60:5e:cf:12:0d:db:15:fe:f5:c9:0c:89:b1:91:59:69:d0:4a:1c:0a:86:4d:6f:66:19:22:eb:57:e3:c8:8f:b7:f6:4d:8b:02:03:01:00:01:a3:81:d3:30:81:d0:30:09:06:03:55:1d:13:04:02:30:00:30:2c:06:09:60:86:48:01:86:f8:42:01:0d:04:1f:16:1d:4f:70:65:6e:53:53:4c:20:47:65:6e:65:72:61:74:65:64:20:43:65:72:74:69:66:69:63:61:74:65:30:1d:06:03:55:1d:0e:04:16:04:14:01:07:04:ee:a6:17:33:cc:2d:e5:e1:56:cd:43:0f:b2:71:42:05:02:30:76:06:03:55:1d:23:04:6f:30:6d:a1:60:a4:5e:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:82:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:0f:26:11:8e:c5:ab:4b:39:27:63:dc:70:73:ad:5b:c3:b1:83:2e:2d:8d:93:d4:2a:6e:70:9a:38:75:cc:0c:c4:0d:13:ae:b5:72:2f:15:bf:44:17:4a:3d:c2:8b:15:3d:87:ce:90:01:e6:20:b4:55:04:15:30:3f:ac:1b:78:f8:ff:c0:64:74:c2:29:96:f3:5f:be:a1:59:6e:24:e4:0f:4b:08:71:22:83:e6:9a:ce:7f:64:11:05:4c:33:40:04:42:a4:bf:b0:e8:e5:50:2b:0f:7b:20:ec:53:4e:da:b4:e5:8f:3c:d1:bb:ab:95:e6:16:7a:9a:72:e5:e6:53:79:00:02:33:30:82:02:2f:30:82:01:98:02:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:33:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:33:34:5a:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:eb:7c:8a:c0:0c:30:96:1b:ea:91:46:ea:ed:6b:41:f5:f0:f6:0a:16:a7:f3:cd:25:e9:4a:2c:9b:b4:66:58:54:22:a2:ad:5a:31:51:fe:85:9a:52:f5:e0:b8:45:2e:05:75:5e:fd:39:35:35:11:62:26:19:f8:7b:7d:8d:aa:73:b4:24:ab:c3:b1:08:c5:81:f1:1f:a8:3a:e6:13:ce:42:d4:67:59:3c:50:1d:6b:a2:f9:87:11:24:b5:ca:e0:cc:23:54:af:1a:9d:60:21:8e:41:4c:f9:00:4f:8e:2e:48:be:60:61:25:8a:bb:e5:16:ac:c0:01:fe:bf:6c:ee:7f:02:03:01:00:01:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:48:44:84:f7:d5:c5:67:7f:cb:ea:65:30:ba:64:5c:53:a1:6d:22:f4:de:32:75:b0:cc:53:3d:29:00:14:5a:78:1c:40:a5:2d:4e:7e:fa:c8:d6:22:c3:3e:56:3f:33:22:0b:7a:23:02:e5:75:49:94:70:27:b4:a4:a4:48:5f:77:a2:09:78:90:0e:0d:41:6d:26:a7:9f:9b:e0:16:4f:9c:16:98:14:5e:99:67:f1:cb:ff:5d:b2:7e:bf:b3:fd:c3:b3:d5:fb:3a:fe:78:2d:df:5a:6f:db:e3:3a:b0:93:6f:ed:c8:ee:58:a4:f6:95:5e:43:48:37:1e" - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "22", - "ssl.record.version": "0x00000303", - "ssl.record.length": "89", - "ssl.handshake": { - "ssl.handshake.type": "2", - "ssl.handshake.length": "85", - "ssl.handshake.version": "0x00000303", - "Random": { - "ssl.handshake.random_time": "Aug 20, 2078 06:26:26.000000000 PDT", - "ssl.handshake.random": "98:d9:51:4e:38:98:16:d3:e0:3c:28:31:21:90:13:53:2e:29:f1:8e:28:74:0f:f0:8c:9e:03:56" - }, - "ssl.handshake.session_id_length": "32", - "ssl.handshake.session_id": "fc:92:ce:90:4b:6c:c2:5f:27:84:6f:ca:79:7f:f9:f0:11:26:27:34:a7:01:36:bb:25:96:8c:75:66:8e:e1:97", - "ssl.handshake.ciphersuite": "49199", - "ssl.handshake.comp_method": "0", - "ssl.handshake.extensions_length": "13", - "Extension: renegotiation_info": { - "ssl.handshake.extension.type": "0x0000ff01", - "ssl.handshake.extension.len": "1", - "Renegotiation Info extension": { - "ssl.handshake.extensions_reneg_info_len": "0" - } - }, - "Extension: ec_point_formats": { - "ssl.handshake.extension.type": "0x0000000b", - "ssl.handshake.extension.len": "4", - "ssl.handshake.extensions_ec_point_formats_length": "3", - "ssl.handshake.extensions_elliptic_curves": { - "ssl.handshake.extensions_ec_point_format": "0", - "ssl.handshake.extensions_ec_point_format": "1", - "ssl.handshake.extensions_ec_point_format": "2" - } - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:18.676550000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496098.676550000", - "frame.time_delta": "0.000022000", - "frame.time_delta_displayed": "0.000022000", - "frame.time_relative": "2507.215864000", - "frame.number": "8899", - "frame.len": "289", - "frame.cap_len": "289", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl:pkcs-1:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:pkcs-1:x509ce:ns_cert_exts:x509ce:x509ce:x509sat:x509sat:x509sat:x509sat:x509sat:pkcs-1:pkcs-1:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:pkcs-1:pkcs-1:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "275", - "ip.id": "0x000068b0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "231", - "ip.proto": "6", - "ip.checksum": "0x00009831", - "ip.checksum.status": "2", - "ip.src": "52.4.156.100", - "ip.addr": "52.4.156.100", - "ip.src_host": "52.4.156.100", - "ip.host": "52.4.156.100", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.src_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.src_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.src_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "58254", - "tcp.port": "443", - "tcp.port": "58254", - "tcp.stream": "342", - "tcp.len": "223", - "tcp.seq": "1449", - "tcp.nxtseq": "1672", - "tcp.ack": "308", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "110", - "tcp.window_size": "28160", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00009308", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:4b:4b:ca:f1:00:28:84:4f", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 1263258353, TSecr 2655311": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "1263258353", - "tcp.options.timestamp.tsecr": "2655311" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.078315000", - "tcp.analysis.bytes_in_flight": "1671", - "tcp.analysis.push_bytes_sent": "1671" - }, - "tcp.segment_data": "3a:cd:63:9f" - }, - "tcp.segments": { - "tcp.segment": "8898", - "tcp.segment": "8899", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1358", - "tcp.reassembled.data": "16:03:03:05:49:0b:00:05:45:00:05:42:00:03:09:30:82:03:05:30:82:02:6e:a0:03:02:01:02:02:01:00:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:34:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:34:34:5a:30:5f:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:10:30:0e:06:03:55:04:03:13:07:53:54:46:57:53:52:56:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:c9:56:e8:6d:ec:56:0a:e8:a6:09:dc:50:d1:72:66:6d:16:64:1c:fa:f4:df:ab:ee:e5:89:6f:90:1c:78:63:3a:cd:18:c9:a0:0a:c2:c9:09:99:15:ce:93:87:44:31:dc:56:53:c4:1d:bd:6a:6a:96:2d:97:e8:16:59:4c:b6:13:6d:a7:e6:e1:1e:51:8f:7a:40:d9:eb:47:f6:88:3f:04:7a:a2:3a:49:ae:c4:fb:fe:f3:b6:72:59:38:60:5e:cf:12:0d:db:15:fe:f5:c9:0c:89:b1:91:59:69:d0:4a:1c:0a:86:4d:6f:66:19:22:eb:57:e3:c8:8f:b7:f6:4d:8b:02:03:01:00:01:a3:81:d3:30:81:d0:30:09:06:03:55:1d:13:04:02:30:00:30:2c:06:09:60:86:48:01:86:f8:42:01:0d:04:1f:16:1d:4f:70:65:6e:53:53:4c:20:47:65:6e:65:72:61:74:65:64:20:43:65:72:74:69:66:69:63:61:74:65:30:1d:06:03:55:1d:0e:04:16:04:14:01:07:04:ee:a6:17:33:cc:2d:e5:e1:56:cd:43:0f:b2:71:42:05:02:30:76:06:03:55:1d:23:04:6f:30:6d:a1:60:a4:5e:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:82:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:0f:26:11:8e:c5:ab:4b:39:27:63:dc:70:73:ad:5b:c3:b1:83:2e:2d:8d:93:d4:2a:6e:70:9a:38:75:cc:0c:c4:0d:13:ae:b5:72:2f:15:bf:44:17:4a:3d:c2:8b:15:3d:87:ce:90:01:e6:20:b4:55:04:15:30:3f:ac:1b:78:f8:ff:c0:64:74:c2:29:96:f3:5f:be:a1:59:6e:24:e4:0f:4b:08:71:22:83:e6:9a:ce:7f:64:11:05:4c:33:40:04:42:a4:bf:b0:e8:e5:50:2b:0f:7b:20:ec:53:4e:da:b4:e5:8f:3c:d1:bb:ab:95:e6:16:7a:9a:72:e5:e6:53:79:00:02:33:30:82:02:2f:30:82:01:98:02:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:33:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:33:34:5a:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:eb:7c:8a:c0:0c:30:96:1b:ea:91:46:ea:ed:6b:41:f5:f0:f6:0a:16:a7:f3:cd:25:e9:4a:2c:9b:b4:66:58:54:22:a2:ad:5a:31:51:fe:85:9a:52:f5:e0:b8:45:2e:05:75:5e:fd:39:35:35:11:62:26:19:f8:7b:7d:8d:aa:73:b4:24:ab:c3:b1:08:c5:81:f1:1f:a8:3a:e6:13:ce:42:d4:67:59:3c:50:1d:6b:a2:f9:87:11:24:b5:ca:e0:cc:23:54:af:1a:9d:60:21:8e:41:4c:f9:00:4f:8e:2e:48:be:60:61:25:8a:bb:e5:16:ac:c0:01:fe:bf:6c:ee:7f:02:03:01:00:01:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:48:44:84:f7:d5:c5:67:7f:cb:ea:65:30:ba:64:5c:53:a1:6d:22:f4:de:32:75:b0:cc:53:3d:29:00:14:5a:78:1c:40:a5:2d:4e:7e:fa:c8:d6:22:c3:3e:56:3f:33:22:0b:7a:23:02:e5:75:49:94:70:27:b4:a4:a4:48:5f:77:a2:09:78:90:0e:0d:41:6d:26:a7:9f:9b:e0:16:4f:9c:16:98:14:5e:99:67:f1:cb:ff:5d:b2:7e:bf:b3:fd:c3:b3:d5:fb:3a:fe:78:2d:df:5a:6f:db:e3:3a:b0:93:6f:ed:c8:ee:58:a4:f6:95:5e:43:48:37:1e:3a:cd:63:9f" - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "22", - "ssl.record.version": "0x00000303", - "ssl.record.length": "1353", - "ssl.handshake": { - "ssl.handshake.type": "11", - "ssl.handshake.length": "1349", - "ssl.handshake.certificates_length": "1346", - "ssl.handshake.certificates": { - "ssl.handshake.certificate_length": "777", - "ssl.handshake.certificate": "30:82:03:05:30:82:02:6e:a0:03:02:01:02:02:01:00:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:34:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:34:34:5a:30:5f:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:10:30:0e:06:03:55:04:03:13:07:53:54:46:57:53:52:56:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:c9:56:e8:6d:ec:56:0a:e8:a6:09:dc:50:d1:72:66:6d:16:64:1c:fa:f4:df:ab:ee:e5:89:6f:90:1c:78:63:3a:cd:18:c9:a0:0a:c2:c9:09:99:15:ce:93:87:44:31:dc:56:53:c4:1d:bd:6a:6a:96:2d:97:e8:16:59:4c:b6:13:6d:a7:e6:e1:1e:51:8f:7a:40:d9:eb:47:f6:88:3f:04:7a:a2:3a:49:ae:c4:fb:fe:f3:b6:72:59:38:60:5e:cf:12:0d:db:15:fe:f5:c9:0c:89:b1:91:59:69:d0:4a:1c:0a:86:4d:6f:66:19:22:eb:57:e3:c8:8f:b7:f6:4d:8b:02:03:01:00:01:a3:81:d3:30:81:d0:30:09:06:03:55:1d:13:04:02:30:00:30:2c:06:09:60:86:48:01:86:f8:42:01:0d:04:1f:16:1d:4f:70:65:6e:53:53:4c:20:47:65:6e:65:72:61:74:65:64:20:43:65:72:74:69:66:69:63:61:74:65:30:1d:06:03:55:1d:0e:04:16:04:14:01:07:04:ee:a6:17:33:cc:2d:e5:e1:56:cd:43:0f:b2:71:42:05:02:30:76:06:03:55:1d:23:04:6f:30:6d:a1:60:a4:5e:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:82:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:0f:26:11:8e:c5:ab:4b:39:27:63:dc:70:73:ad:5b:c3:b1:83:2e:2d:8d:93:d4:2a:6e:70:9a:38:75:cc:0c:c4:0d:13:ae:b5:72:2f:15:bf:44:17:4a:3d:c2:8b:15:3d:87:ce:90:01:e6:20:b4:55:04:15:30:3f:ac:1b:78:f8:ff:c0:64:74:c2:29:96:f3:5f:be:a1:59:6e:24:e4:0f:4b:08:71:22:83:e6:9a:ce:7f:64:11:05:4c:33:40:04:42:a4:bf:b0:e8:e5:50:2b:0f:7b:20:ec:53:4e:da:b4:e5:8f:3c:d1:bb:ab:95:e6:16:7a:9a:72:e5:e6:53:79", - "ssl.handshake.certificate_tree": { - "x509af.signedCertificate_element": { - "x509af.version": "2", - "x509af.serialNumber": "0", - "x509af.signature_element": { - "x509af.algorithm.id": "1.2.840.113549.1.1.5" - }, - "x509af.issuer": "0", - "x509af.issuer_tree": { - "x509if.rdnSequence": "5", - "x509if.rdnSequence_tree": { - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.6", - "x509sat.CountryName": "US" - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.8", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "Minnesota" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.10", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "SmartThings" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.11", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "SmartThings" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.3", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "STCA" - } - } - } - } - }, - "x509af.validity_element": { - "x509af.notBefore": "0", - "x509af.notBefore_tree": { - "x509af.utcTime": "15-03-05 21:25:44 (UTC)" - }, - "x509af.notAfter": "0", - "x509af.notAfter_tree": { - "x509af.utcTime": "25-03-02 21:25:44 (UTC)" - } - }, - "x509af.subject": "0", - "x509af.subject_tree": { - "x509af.rdnSequence": "5", - "x509af.rdnSequence_tree": { - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.6", - "x509sat.CountryName": "US" - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.8", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "Minnesota" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.10", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "SmartThings" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.11", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "SmartThings" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.3", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "STFWSRV" - } - } - } - } - }, - "x509af.subjectPublicKeyInfo_element": { - "x509af.algorithm_element": { - "x509af.algorithm.id": "1.2.840.113549.1.1.1" - }, - "x509af.subjectPublicKey": "30:81:89:02:81:81:00:c9:56:e8:6d:ec:56:0a:e8:a6:09:dc:50:d1:72:66:6d:16:64:1c:fa:f4:df:ab:ee:e5:89:6f:90:1c:78:63:3a:cd:18:c9:a0:0a:c2:c9:09:99:15:ce:93:87:44:31:dc:56:53:c4:1d:bd:6a:6a:96:2d:97:e8:16:59:4c:b6:13:6d:a7:e6:e1:1e:51:8f:7a:40:d9:eb:47:f6:88:3f:04:7a:a2:3a:49:ae:c4:fb:fe:f3:b6:72:59:38:60:5e:cf:12:0d:db:15:fe:f5:c9:0c:89:b1:91:59:69:d0:4a:1c:0a:86:4d:6f:66:19:22:eb:57:e3:c8:8f:b7:f6:4d:8b:02:03:01:00:01", - "x509af.subjectPublicKey_tree": { - "pkcs1.modulus": "00:c9:56:e8:6d:ec:56:0a:e8:a6:09:dc:50:d1:72:66:6d:16:64:1c:fa:f4:df:ab:ee:e5:89:6f:90:1c:78:63:3a:cd:18:c9:a0:0a:c2:c9:09:99:15:ce:93:87:44:31:dc:56:53:c4:1d:bd:6a:6a:96:2d:97:e8:16:59:4c:b6:13:6d:a7:e6:e1:1e:51:8f:7a:40:d9:eb:47:f6:88:3f:04:7a:a2:3a:49:ae:c4:fb:fe:f3:b6:72:59:38:60:5e:cf:12:0d:db:15:fe:f5:c9:0c:89:b1:91:59:69:d0:4a:1c:0a:86:4d:6f:66:19:22:eb:57:e3:c8:8f:b7:f6:4d:8b", - "pkcs1.publicExponent": "65537" - } - }, - "x509af.extensions": "4", - "x509af.extensions_tree": { - "x509af.Extension_element": { - "x509af.extension.id": "2.5.29.19", - "x509ce.BasicConstraintsSyntax_element": "" - }, - "x509af.Extension_element": { - "x509af.extension.id": "2.16.840.1.113730.1.13", - "ns_cert_exts.Comment": "OpenSSL Generated Certificate" - }, - "x509af.Extension_element": { - "x509af.extension.id": "2.5.29.14", - "x509ce.SubjectKeyIdentifier": "01:07:04:ee:a6:17:33:cc:2d:e5:e1:56:cd:43:0f:b2:71:42:05:02" - }, - "x509af.Extension_element": { - "x509af.extension.id": "2.5.29.35", - "x509ce.AuthorityKeyIdentifier_element": { - "x509ce.authorityCertIssuer": "1", - "x509ce.authorityCertIssuer_tree": { - "x509ce.GeneralName": "4", - "x509ce.GeneralName_tree": { - "x509ce.directoryName": "0", - "x509ce.directoryName_tree": { - "x509if.rdnSequence": "5", - "x509if.rdnSequence_tree": { - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.6", - "x509sat.CountryName": "US" - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.8", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "Minnesota" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.10", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "SmartThings" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.11", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "SmartThings" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.3", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "STCA" - } - } - } - } - } - } - }, - "x509ce.authorityCertSerialNumber": "-2877719464742176835" - } - } - } - }, - "x509af.algorithmIdentifier_element": { - "x509af.algorithm.id": "1.2.840.113549.1.1.5" - }, - "ber.bitstring.padding": "0", - "x509af.encrypted": "0f:26:11:8e:c5:ab:4b:39:27:63:dc:70:73:ad:5b:c3:b1:83:2e:2d:8d:93:d4:2a:6e:70:9a:38:75:cc:0c:c4:0d:13:ae:b5:72:2f:15:bf:44:17:4a:3d:c2:8b:15:3d:87:ce:90:01:e6:20:b4:55:04:15:30:3f:ac:1b:78:f8:ff:c0:64:74:c2:29:96:f3:5f:be:a1:59:6e:24:e4:0f:4b:08:71:22:83:e6:9a:ce:7f:64:11:05:4c:33:40:04:42:a4:bf:b0:e8:e5:50:2b:0f:7b:20:ec:53:4e:da:b4:e5:8f:3c:d1:bb:ab:95:e6:16:7a:9a:72:e5:e6:53:79" - }, - "ssl.handshake.certificate_length": "563", - "ssl.handshake.certificate": "30:82:02:2f:30:82:01:98:02:09:00:d8:10:49:64:c4:d0:b7:bd:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:1e:17:0d:31:35:30:33:30:35:32:31:32:35:33:34:5a:17:0d:32:35:30:33:30:32:32:31:32:35:33:34:5a:30:5c:31:0b:30:09:06:03:55:04:06:13:02:55:53:31:12:30:10:06:03:55:04:08:13:09:4d:69:6e:6e:65:73:6f:74:61:31:14:30:12:06:03:55:04:0a:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:14:30:12:06:03:55:04:0b:13:0b:53:6d:61:72:74:54:68:69:6e:67:73:31:0d:30:0b:06:03:55:04:03:13:04:53:54:43:41:30:81:9f:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:81:8d:00:30:81:89:02:81:81:00:eb:7c:8a:c0:0c:30:96:1b:ea:91:46:ea:ed:6b:41:f5:f0:f6:0a:16:a7:f3:cd:25:e9:4a:2c:9b:b4:66:58:54:22:a2:ad:5a:31:51:fe:85:9a:52:f5:e0:b8:45:2e:05:75:5e:fd:39:35:35:11:62:26:19:f8:7b:7d:8d:aa:73:b4:24:ab:c3:b1:08:c5:81:f1:1f:a8:3a:e6:13:ce:42:d4:67:59:3c:50:1d:6b:a2:f9:87:11:24:b5:ca:e0:cc:23:54:af:1a:9d:60:21:8e:41:4c:f9:00:4f:8e:2e:48:be:60:61:25:8a:bb:e5:16:ac:c0:01:fe:bf:6c:ee:7f:02:03:01:00:01:30:0d:06:09:2a:86:48:86:f7:0d:01:01:05:05:00:03:81:81:00:48:44:84:f7:d5:c5:67:7f:cb:ea:65:30:ba:64:5c:53:a1:6d:22:f4:de:32:75:b0:cc:53:3d:29:00:14:5a:78:1c:40:a5:2d:4e:7e:fa:c8:d6:22:c3:3e:56:3f:33:22:0b:7a:23:02:e5:75:49:94:70:27:b4:a4:a4:48:5f:77:a2:09:78:90:0e:0d:41:6d:26:a7:9f:9b:e0:16:4f:9c:16:98:14:5e:99:67:f1:cb:ff:5d:b2:7e:bf:b3:fd:c3:b3:d5:fb:3a:fe:78:2d:df:5a:6f:db:e3:3a:b0:93:6f:ed:c8:ee:58:a4:f6:95:5e:43:48:37:1e:3a:cd:63:9f", - "ssl.handshake.certificate_tree": { - "x509af.signedCertificate_element": { - "x509af.serialNumber": "-2877719464742176835", - "x509af.signature_element": { - "x509af.algorithm.id": "1.2.840.113549.1.1.5" - }, - "x509af.issuer": "0", - "x509af.issuer_tree": { - "x509if.rdnSequence": "5", - "x509if.rdnSequence_tree": { - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.6", - "x509sat.CountryName": "US" - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.8", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "Minnesota" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.10", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "SmartThings" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.11", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "SmartThings" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.3", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "STCA" - } - } - } - } - }, - "x509af.validity_element": { - "x509af.notBefore": "0", - "x509af.notBefore_tree": { - "x509af.utcTime": "15-03-05 21:25:34 (UTC)" - }, - "x509af.notAfter": "0", - "x509af.notAfter_tree": { - "x509af.utcTime": "25-03-02 21:25:34 (UTC)" - } - }, - "x509af.subject": "0", - "x509af.subject_tree": { - "x509af.rdnSequence": "5", - "x509af.rdnSequence_tree": { - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.6", - "x509sat.CountryName": "US" - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.8", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "Minnesota" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.10", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "SmartThings" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.11", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "SmartThings" - } - } - }, - "x509if.RDNSequence_item": "1", - "x509if.RDNSequence_item_tree": { - "x509if.RelativeDistinguishedName_item_element": { - "x509if.id": "2.5.4.3", - "x509sat.DirectoryString": "1", - "x509sat.DirectoryString_tree": { - "x509sat.printableString": "STCA" - } - } - } - } - }, - "x509af.subjectPublicKeyInfo_element": { - "x509af.algorithm_element": { - "x509af.algorithm.id": "1.2.840.113549.1.1.1" - }, - "x509af.subjectPublicKey": "30:81:89:02:81:81:00:eb:7c:8a:c0:0c:30:96:1b:ea:91:46:ea:ed:6b:41:f5:f0:f6:0a:16:a7:f3:cd:25:e9:4a:2c:9b:b4:66:58:54:22:a2:ad:5a:31:51:fe:85:9a:52:f5:e0:b8:45:2e:05:75:5e:fd:39:35:35:11:62:26:19:f8:7b:7d:8d:aa:73:b4:24:ab:c3:b1:08:c5:81:f1:1f:a8:3a:e6:13:ce:42:d4:67:59:3c:50:1d:6b:a2:f9:87:11:24:b5:ca:e0:cc:23:54:af:1a:9d:60:21:8e:41:4c:f9:00:4f:8e:2e:48:be:60:61:25:8a:bb:e5:16:ac:c0:01:fe:bf:6c:ee:7f:02:03:01:00:01", - "x509af.subjectPublicKey_tree": { - "pkcs1.modulus": "00:eb:7c:8a:c0:0c:30:96:1b:ea:91:46:ea:ed:6b:41:f5:f0:f6:0a:16:a7:f3:cd:25:e9:4a:2c:9b:b4:66:58:54:22:a2:ad:5a:31:51:fe:85:9a:52:f5:e0:b8:45:2e:05:75:5e:fd:39:35:35:11:62:26:19:f8:7b:7d:8d:aa:73:b4:24:ab:c3:b1:08:c5:81:f1:1f:a8:3a:e6:13:ce:42:d4:67:59:3c:50:1d:6b:a2:f9:87:11:24:b5:ca:e0:cc:23:54:af:1a:9d:60:21:8e:41:4c:f9:00:4f:8e:2e:48:be:60:61:25:8a:bb:e5:16:ac:c0:01:fe:bf:6c:ee:7f", - "pkcs1.publicExponent": "65537" - } - } - }, - "x509af.algorithmIdentifier_element": { - "x509af.algorithm.id": "1.2.840.113549.1.1.5" - }, - "ber.bitstring.padding": "0", - "x509af.encrypted": "48:44:84:f7:d5:c5:67:7f:cb:ea:65:30:ba:64:5c:53:a1:6d:22:f4:de:32:75:b0:cc:53:3d:29:00:14:5a:78:1c:40:a5:2d:4e:7e:fa:c8:d6:22:c3:3e:56:3f:33:22:0b:7a:23:02:e5:75:49:94:70:27:b4:a4:a4:48:5f:77:a2:09:78:90:0e:0d:41:6d:26:a7:9f:9b:e0:16:4f:9c:16:98:14:5e:99:67:f1:cb:ff:5d:b2:7e:bf:b3:fd:c3:b3:d5:fb:3a:fe:78:2d:df:5a:6f:db:e3:3a:b0:93:6f:ed:c8:ee:58:a4:f6:95:5e:43:48:37:1e:3a:cd:63:9f" - } - } - } - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "22", - "ssl.record.version": "0x00000303", - "ssl.record.length": "205", - "ssl.handshake": { - "ssl.handshake.type": "12", - "ssl.handshake.length": "201", - "EC Diffie-Hellman Server Params": { - "ssl.handshake.server_curve_type": "0x00000003", - "ssl.handshake.server_named_curve": "0x00000017", - "ssl.handshake.server_point_len": "65", - "ssl.handshake.server_point": "04:a4:ec:a6:1b:59:d9:b1:70:25:24:15:8b:ac:57:ce:39:9f:82:82:b0:ca:33:f7:00:97:48:c9:5d:d2:e9:21:c8:52:30:3d:47:ba:ad:d1:b9:d9:a9:30:dd:de:d8:4b:d9:d4:8f:34:7d:e6:58:03:25:48:48:5d:94:d5:58:df:6a", - "ssl.handshake.sig_hash_alg": "0x00000601", - "ssl.handshake.sig_hash_alg_tree": { - "ssl.handshake.sig_hash_hash": "6", - "ssl.handshake.sig_hash_sig": "1" - }, - "ssl.handshake.sig_len": "128", - "ssl.handshake.sig": "62:a9:fd:de:d3:ec:fb:6b:d9:25:c9:90:20:06:6a:75:19:d0:d3:fa:f3:ce:82:84:ce:91:0d:b1:73:6e:59:4e:58:70:37:7e:1c:5a:16:ab:08:94:bc:76:67:89:de:cd:49:93:90:c8:b8:c7:75:60:1d:7a:d8:3e:01:a7:71:1e:43:81:ca:90:91:95:aa:9f:be:01:87:61:27:df:52:2c:5f:ac:96:94:43:11:70:b7:b7:af:97:36:68:1b:36:8b:d6:89:66:58:83:8f:1a:8e:d8:aa:67:67:37:8f:c4:85:74:b7:e4:ad:76:f7:8e:5a:6e:03:6a:ba:e1:35:4c:18" - } - } - }, - "ssl.record": { - "ssl.record.content_type": "22", - "ssl.record.version": "0x00000303", - "ssl.record.length": "4", - "ssl.handshake": { - "ssl.handshake.type": "14", - "ssl.handshake.length": "0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:18.677181000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496098.677181000", - "frame.time_delta": "0.000631000", - "frame.time_delta_displayed": "0.000631000", - "frame.time_relative": "2507.216495000", - "frame.number": "8900", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000d101", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d7bf", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "52.4.156.100", - "ip.addr": "52.4.156.100", - "ip.dst_host": "52.4.156.100", - "ip.host": "52.4.156.100", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.dst_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.dst_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.dst_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - } - }, - "tcp": { - "tcp.srcport": "58254", - "tcp.dstport": "443", - "tcp.port": "58254", - "tcp.port": "443", - "tcp.stream": "342", - "tcp.len": "0", - "tcp.seq": "308", - "tcp.ack": "1672", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "281", - "tcp.window_size": "17984", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x00006c8e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:84:57:4b:4b:ca:f1", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2655319, TSecr 1263258353": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2655319", - "tcp.options.timestamp.tsecr": "1263258353" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8899", - "tcp.analysis.ack_rtt": "0.000631000", - "tcp.analysis.initial_rtt": "0.078315000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:18.715660000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496098.715660000", - "frame.time_delta": "0.038479000", - "frame.time_delta_displayed": "0.038479000", - "frame.time_relative": "2507.254974000", - "frame.number": "8901", - "frame.len": "192", - "frame.cap_len": "192", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "178", - "ip.id": "0x0000d102", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d740", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "52.4.156.100", - "ip.addr": "52.4.156.100", - "ip.dst_host": "52.4.156.100", - "ip.host": "52.4.156.100", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.dst_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.dst_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.dst_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - } - }, - "tcp": { - "tcp.srcport": "58254", - "tcp.dstport": "443", - "tcp.port": "58254", - "tcp.port": "443", - "tcp.stream": "342", - "tcp.len": "126", - "tcp.seq": "308", - "tcp.nxtseq": "434", - "tcp.ack": "1672", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "281", - "tcp.window_size": "17984", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000c0b9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:84:5b:4b:4b:ca:f1", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2655323, TSecr 1263258353": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2655323", - "tcp.options.timestamp.tsecr": "1263258353" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.078315000", - "tcp.analysis.bytes_in_flight": "126", - "tcp.analysis.push_bytes_sent": "126" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "22", - "ssl.record.version": "0x00000303", - "ssl.record.length": "70", - "ssl.handshake": { - "ssl.handshake.type": "16", - "ssl.handshake.length": "66", - "EC Diffie-Hellman Client Params": { - "ssl.handshake.client_point_len": "65", - "ssl.handshake.client_point": "04:15:ab:3e:4e:1b:1b:59:62:7d:ad:4e:4e:91:f7:aa:44:79:a1:e5:5c:75:8c:1e:6c:74:bd:f4:9a:3d:d5:7f:34:ff:00:b9:30:41:bf:6f:98:87:31:6b:e5:21:86:8c:ce:9f:ce:62:4c:14:1c:91:10:f2:94:67:ee:0b:f1:69:01" - } - } - }, - "ssl.record": { - "ssl.record.content_type": "20", - "ssl.record.version": "0x00000303", - "ssl.record.length": "1", - "ssl.change_cipher_spec": "" - }, - "ssl.record": { - "ssl.record.content_type": "22", - "ssl.record.version": "0x00000303", - "ssl.record.length": "40", - "ssl.handshake": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:18.793292000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496098.793292000", - "frame.time_delta": "0.077632000", - "frame.time_delta_displayed": "0.077632000", - "frame.time_relative": "2507.332606000", - "frame.number": "8902", - "frame.len": "117", - "frame.cap_len": "117", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "103", - "ip.id": "0x000068b1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "231", - "ip.proto": "6", - "ip.checksum": "0x000098dc", - "ip.checksum.status": "2", - "ip.src": "52.4.156.100", - "ip.addr": "52.4.156.100", - "ip.src_host": "52.4.156.100", - "ip.host": "52.4.156.100", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.src_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.src_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.src_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "58254", - "tcp.port": "443", - "tcp.port": "58254", - "tcp.stream": "342", - "tcp.len": "51", - "tcp.seq": "1672", - "tcp.nxtseq": "1723", - "tcp.ack": "434", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "110", - "tcp.window_size": "28160", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000e570", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:4b:4b:cb:0f:00:28:84:5b", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 1263258383, TSecr 2655323": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "1263258383", - "tcp.options.timestamp.tsecr": "2655323" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8901", - "tcp.analysis.ack_rtt": "0.077632000", - "tcp.analysis.initial_rtt": "0.078315000", - "tcp.analysis.bytes_in_flight": "51", - "tcp.analysis.push_bytes_sent": "51" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "20", - "ssl.record.version": "0x00000303", - "ssl.record.length": "1", - "ssl.change_cipher_spec": "" - }, - "ssl.record": { - "ssl.record.content_type": "22", - "ssl.record.version": "0x00000303", - "ssl.record.length": "40", - "ssl.handshake": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:18.793787000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496098.793787000", - "frame.time_delta": "0.000495000", - "frame.time_delta_displayed": "0.000495000", - "frame.time_relative": "2507.333101000", - "frame.number": "8903", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000d103", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d7bd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "52.4.156.100", - "ip.addr": "52.4.156.100", - "ip.dst_host": "52.4.156.100", - "ip.host": "52.4.156.100", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.dst_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.dst_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.dst_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - } - }, - "tcp": { - "tcp.srcport": "58254", - "tcp.dstport": "443", - "tcp.port": "58254", - "tcp.port": "443", - "tcp.stream": "342", - "tcp.len": "0", - "tcp.seq": "434", - "tcp.ack": "1723", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "281", - "tcp.window_size": "17984", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x00006bb3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:84:63:4b:4b:cb:0f", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2655331, TSecr 1263258383": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2655331", - "tcp.options.timestamp.tsecr": "1263258383" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8902", - "tcp.analysis.ack_rtt": "0.000495000", - "tcp.analysis.initial_rtt": "0.078315000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:18.794358000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496098.794358000", - "frame.time_delta": "0.000571000", - "frame.time_delta_displayed": "0.000571000", - "frame.time_relative": "2507.333672000", - "frame.number": "8904", - "frame.len": "135", - "frame.cap_len": "135", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "121", - "ip.id": "0x0000d104", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d777", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "52.4.156.100", - "ip.addr": "52.4.156.100", - "ip.dst_host": "52.4.156.100", - "ip.host": "52.4.156.100", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.dst_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.dst_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.dst_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - } - }, - "tcp": { - "tcp.srcport": "58254", - "tcp.dstport": "443", - "tcp.port": "58254", - "tcp.port": "443", - "tcp.stream": "342", - "tcp.len": "69", - "tcp.seq": "434", - "tcp.nxtseq": "503", - "tcp.ack": "1723", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "281", - "tcp.window_size": "17984", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000a2f8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:84:63:4b:4b:cb:0f", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2655331, TSecr 1263258383": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2655331", - "tcp.options.timestamp.tsecr": "1263258383" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.078315000", - "tcp.analysis.bytes_in_flight": "69", - "tcp.analysis.push_bytes_sent": "69" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "64", - "ssl.app_data": "4f:49:80:11:a4:61:71:f0:35:b8:00:ea:45:e3:02:9c:4c:e7:98:f9:01:f0:fb:be:7e:ea:ce:66:4a:43:5b:01:2e:89:59:7f:1a:4f:47:44:c8:76:46:63:88:78:5b:50:9a:92:70:1e:43:a8:4b:a4:3e:36:e7:ac:d3:7d:bf:dc" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:18.872457000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496098.872457000", - "frame.time_delta": "0.078099000", - "frame.time_delta_displayed": "0.078099000", - "frame.time_relative": "2507.411771000", - "frame.number": "8905", - "frame.len": "135", - "frame.cap_len": "135", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "121", - "ip.id": "0x000068b2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "231", - "ip.proto": "6", - "ip.checksum": "0x000098c9", - "ip.checksum.status": "2", - "ip.src": "52.4.156.100", - "ip.addr": "52.4.156.100", - "ip.src_host": "52.4.156.100", - "ip.host": "52.4.156.100", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.src_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.src_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.src_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "58254", - "tcp.port": "443", - "tcp.port": "58254", - "tcp.stream": "342", - "tcp.len": "69", - "tcp.seq": "1723", - "tcp.nxtseq": "1792", - "tcp.ack": "503", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "110", - "tcp.window_size": "28160", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000e70a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:4b:4b:cb:22:00:28:84:63", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 1263258402, TSecr 2655331": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "1263258402", - "tcp.options.timestamp.tsecr": "2655331" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8904", - "tcp.analysis.ack_rtt": "0.078099000", - "tcp.analysis.initial_rtt": "0.078315000", - "tcp.analysis.bytes_in_flight": "69", - "tcp.analysis.push_bytes_sent": "69" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "64", - "ssl.app_data": "01:a6:f9:d6:88:79:de:92:70:f7:13:96:1a:13:48:69:d1:cd:78:34:d8:b4:1a:57:e5:e1:db:d1:ed:48:c2:18:eb:34:71:5f:50:bd:b2:44:2b:fe:4a:04:20:86:07:af:e6:b5:82:b9:8d:56:0c:1f:4f:38:7d:ea:9e:e1:46:bc" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:18.873391000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496098.873391000", - "frame.time_delta": "0.000934000", - "frame.time_delta_displayed": "0.000934000", - "frame.time_relative": "2507.412705000", - "frame.number": "8906", - "frame.len": "555", - "frame.cap_len": "555", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "541", - "ip.id": "0x0000d105", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d5d2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "52.4.156.100", - "ip.addr": "52.4.156.100", - "ip.dst_host": "52.4.156.100", - "ip.host": "52.4.156.100", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.dst_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.dst_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.dst_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - } - }, - "tcp": { - "tcp.srcport": "58254", - "tcp.dstport": "443", - "tcp.port": "58254", - "tcp.port": "443", - "tcp.stream": "342", - "tcp.len": "489", - "tcp.seq": "503", - "tcp.nxtseq": "992", - "tcp.ack": "1792", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "281", - "tcp.window_size": "17984", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x00002909", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:84:6a:4b:4b:cb:22", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2655338, TSecr 1263258402": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2655338", - "tcp.options.timestamp.tsecr": "1263258402" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8905", - "tcp.analysis.ack_rtt": "0.000934000", - "tcp.analysis.initial_rtt": "0.078315000", - "tcp.analysis.bytes_in_flight": "489", - "tcp.analysis.push_bytes_sent": "489" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "484", - "ssl.app_data": "4f:49:80:11:a4:61:71:f1:e1:df:dc:f5:99:6c:c7:7e:c8:03:39:18:ff:e3:89:87:0e:2e:3b:f1:9c:9a:9b:80:ef:ac:2d:c2:69:dc:a8:ba:17:90:13:50:8b:62:24:29:85:77:4b:f5:53:a7:12:bd:7d:9b:f1:0c:c8:65:37:50:4e:f1:9a:52:fb:92:e4:fc:c6:fd:ac:21:ce:c5:69:f8:15:60:82:b9:18:42:12:45:75:ee:1d:bf:38:38:00:78:c1:8e:0b:3f:c8:46:a6:59:f8:94:6b:2e:d5:06:e8:ce:bb:08:f4:7b:f6:62:83:8a:5a:62:6e:46:9d:56:e9:20:40:73:40:ad:3c:47:5b:7d:ab:a2:0c:65:f0:e4:2b:76:9a:5d:1d:a4:1a:ee:7b:1e:8e:6b:3f:8f:10:bb:b4:29:9f:96:0b:7e:7c:47:1a:69:b7:c9:69:18:cc:05:7e:dd:68:eb:2f:6a:f2:ce:50:8f:e4:71:70:86:19:64:87:14:98:a0:1e:8f:3c:14:a6:98:52:a7:a5:5e:f9:4d:29:57:6b:93:f4:46:e0:35:3c:2b:30:b4:f5:14:02:d8:b2:f9:84:c8:f0:df:13:0b:3f:43:01:ae:76:85:cf:ab:c4:48:88:55:bc:24:33:96:31:53:1e:57:11:4c:cc:38:77:8f:3f:f6:ef:e1:45:05:65:82:ef:b4:03:a1:02:3a:77:71:37:90:cd:4b:fb:75:83:3c:f2:6f:11:64:ee:3e:ac:e9:84:05:92:be:2c:35:50:8d:45:17:41:78:9c:66:aa:56:33:79:70:fc:cb:0a:e3:bb:d0:61:87:6b:18:67:c9:63:22:c8:5a:75:b4:2e:65:2a:e6:65:56:54:5c:5f:97:67:96:3d:80:fa:45:b2:5e:b3:2b:12:80:ef:50:94:af:c0:c3:5f:92:7b:f4:9d:fd:5c:59:60:bf:02:ff:fb:16:7f:c4:72:d6:d2:22:4e:50:2e:6b:6b:8e:d2:63:a4:b7:1a:3e:cf:67:2f:94:0f:e6:b4:aa:30:26:2f:7b:71:01:01:6c:27:91:04:47:de:ee:4a:ef:cc:c5:21:fc:06:e7:b8:f3:81:82:2c:7a:b1:d7:df:e8:44:2c:b3:36:e5:0f:53:d4:a0:e9:b1:88:73:21:6a:c6:0d:22:7a:af:e2:9c:26:81:75:a7:15:87:83:54:af:06:c3:b1:7a:97:bf:6c:ad:fe:ea:f2:63:c4:da:53:12:1c:80:5a:d4:ea:1b:0f:1d:f5:fe:dd:e3" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:18.951236000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496098.951236000", - "frame.time_delta": "0.077845000", - "frame.time_delta_displayed": "0.077845000", - "frame.time_relative": "2507.490550000", - "frame.number": "8907", - "frame.len": "141", - "frame.cap_len": "141", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "127", - "ip.id": "0x000068b3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "231", - "ip.proto": "6", - "ip.checksum": "0x000098c2", - "ip.checksum.status": "2", - "ip.src": "52.4.156.100", - "ip.addr": "52.4.156.100", - "ip.src_host": "52.4.156.100", - "ip.host": "52.4.156.100", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.src_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.src_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.src_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "58254", - "tcp.port": "443", - "tcp.port": "58254", - "tcp.stream": "342", - "tcp.len": "75", - "tcp.seq": "1792", - "tcp.nxtseq": "1867", - "tcp.ack": "992", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "114", - "tcp.window_size": "29184", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00002808", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:4b:4b:cb:36:00:28:84:6a", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 1263258422, TSecr 2655338": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "1263258422", - "tcp.options.timestamp.tsecr": "2655338" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8906", - "tcp.analysis.ack_rtt": "0.077845000", - "tcp.analysis.initial_rtt": "0.078315000", - "tcp.analysis.bytes_in_flight": "75", - "tcp.analysis.push_bytes_sent": "75" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "70", - "ssl.app_data": "01:a6:f9:d6:88:79:de:93:22:67:a7:3e:6b:09:7e:68:9f:00:68:2d:8e:51:b4:21:fe:90:b4:ec:b2:ca:56:66:cc:a9:66:7e:33:6e:f5:f7:a9:3c:a9:b5:00:72:76:f3:d3:35:c8:f4:52:83:ce:20:f7:3f:3c:17:bb:10:ec:7a:53:e0:2e:36:fe:40" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:18.951977000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496098.951977000", - "frame.time_delta": "0.000741000", - "frame.time_delta_displayed": "0.000741000", - "frame.time_relative": "2507.491291000", - "frame.number": "8908", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000d106", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d7ba", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "52.4.156.100", - "ip.addr": "52.4.156.100", - "ip.dst_host": "52.4.156.100", - "ip.host": "52.4.156.100", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.dst_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.dst_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.dst_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - } - }, - "tcp": { - "tcp.srcport": "58254", - "tcp.dstport": "443", - "tcp.port": "58254", - "tcp.port": "443", - "tcp.stream": "342", - "tcp.len": "0", - "tcp.seq": "992", - "tcp.ack": "1867", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "281", - "tcp.window_size": "17984", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x000068be", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:84:72:4b:4b:cb:36", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2655346, TSecr 1263258422": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2655346", - "tcp.options.timestamp.tsecr": "1263258422" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8907", - "tcp.analysis.ack_rtt": "0.000741000", - "tcp.analysis.initial_rtt": "0.078315000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:19.029131000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496099.029131000", - "frame.time_delta": "0.077154000", - "frame.time_delta_displayed": "0.077154000", - "frame.time_relative": "2507.568445000", - "frame.number": "8909", - "frame.len": "97", - "frame.cap_len": "97", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "83", - "ip.id": "0x000068b4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "231", - "ip.proto": "6", - "ip.checksum": "0x000098ed", - "ip.checksum.status": "2", - "ip.src": "52.4.156.100", - "ip.addr": "52.4.156.100", - "ip.src_host": "52.4.156.100", - "ip.host": "52.4.156.100", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.src_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.src_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.src_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "58254", - "tcp.port": "443", - "tcp.port": "58254", - "tcp.stream": "342", - "tcp.len": "31", - "tcp.seq": "1867", - "tcp.nxtseq": "1898", - "tcp.ack": "993", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "114", - "tcp.window_size": "29184", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00007128", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:4b:4b:cb:4a:00:28:84:72", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 1263258442, TSecr 2655346": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "1263258442", - "tcp.options.timestamp.tsecr": "2655346" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8908", - "tcp.analysis.ack_rtt": "0.077154000", - "tcp.analysis.initial_rtt": "0.078315000", - "tcp.analysis.bytes_in_flight": "31", - "tcp.analysis.push_bytes_sent": "31" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "21", - "ssl.record.version": "0x00000303", - "ssl.record.length": "26", - "ssl.alert_message": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:19.029216000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496099.029216000", - "frame.time_delta": "0.000085000", - "frame.time_delta_displayed": "0.000085000", - "frame.time_relative": "2507.568530000", - "frame.number": "8910", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x000068b5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "231", - "ip.proto": "6", - "ip.checksum": "0x0000990b", - "ip.checksum.status": "2", - "ip.src": "52.4.156.100", - "ip.addr": "52.4.156.100", - "ip.src_host": "52.4.156.100", - "ip.host": "52.4.156.100", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.src_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.src_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.src_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "58254", - "tcp.port": "443", - "tcp.port": "58254", - "tcp.stream": "342", - "tcp.len": "0", - "tcp.seq": "1898", - "tcp.ack": "993", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "114", - "tcp.window_size": "29184", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00006931", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:4b:4b:cb:4a:00:28:84:72", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 1263258442, TSecr 2655346": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "1263258442", - "tcp.options.timestamp.tsecr": "2655346" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:19.029599000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496099.029599000", - "frame.time_delta": "0.000383000", - "frame.time_delta_displayed": "0.000383000", - "frame.time_relative": "2507.568913000", - "frame.number": "8911", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00006547", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004386", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "52.4.156.100", - "ip.addr": "52.4.156.100", - "ip.dst_host": "52.4.156.100", - "ip.host": "52.4.156.100", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.dst_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.dst_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.dst_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - } - }, - "tcp": { - "tcp.srcport": "58254", - "tcp.dstport": "443", - "tcp.port": "58254", - "tcp.port": "443", - "tcp.stream": "342", - "tcp.len": "0", - "tcp.seq": "993", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x00004f4b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:19.029610000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496099.029610000", - "frame.time_delta": "0.000011000", - "frame.time_delta_displayed": "0.000011000", - "frame.time_relative": "2507.568924000", - "frame.number": "8912", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00006548", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004385", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "52.4.156.100", - "ip.addr": "52.4.156.100", - "ip.dst_host": "52.4.156.100", - "ip.host": "52.4.156.100", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS14618 Amazon.com, Inc., Ashburn, VA, 39.033501, -77.483803": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.asnum": "AS14618 Amazon.com, Inc.", - "ip.geoip.dst_city": "Ashburn, VA", - "ip.geoip.city": "Ashburn, VA", - "ip.geoip.dst_lat": "39.033501", - "ip.geoip.lat": "39.033501", - "ip.geoip.dst_lon": "-77.483803", - "ip.geoip.lon": "-77.483803" - } - }, - "tcp": { - "tcp.srcport": "58254", - "tcp.dstport": "443", - "tcp.port": "58254", - "tcp.port": "443", - "tcp.stream": "342", - "tcp.len": "0", - "tcp.seq": "993", - "tcp.ack": "0", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000004", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "1", - "tcp.flags.reset_tree": { - "_ws.expert": { - "tcp.connection.rst": "", - "_ws.expert.message": "Connection reset (RST)", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7R\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "0", - "tcp.window_size": "0", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x00004f4b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:19.270745000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496099.270745000", - "frame.time_delta": "0.241135000", - "frame.time_delta_displayed": "0.241135000", - "frame.time_relative": "2507.810059000", - "frame.number": "8913", - "frame.len": "76", - "frame.cap_len": "76", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "62", - "ip.id": "0x0000d7a6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000e116", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "49169", - "udp.dstport": "53", - "udp.port": "49169", - "udp.port": "53", - "udp.length": "42", - "udp.checksum": "0x00008e6c", - "udp.checksum.status": "2", - "udp.stream": "162" - }, - "dns": { - "dns.id": "0x00000f3a", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:19.277116000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496099.277116000", - "frame.time_delta": "0.006371000", - "frame.time_delta_displayed": "0.006371000", - "frame.time_relative": "2507.816430000", - "frame.number": "8914", - "frame.len": "513", - "frame.cap_len": "513", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "499", - "ip.id": "0x0000c30d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000f3fa", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "49169", - "udp.port": "53", - "udp.port": "49169", - "udp.length": "479", - "udp.checksum": "0x000083e2", - "udp.checksum.status": "2", - "udp.stream": "162" - }, - "dns": { - "dns.response_to": "8913", - "dns.time": "0.006371000", - "dns.id": "0x00000f3a", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "4", - "dns.count.auth_rr": "9", - "dns.count.add_rr": "9", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { - "dns.resp.name": "www2.meethue.com", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "177", - "dns.resp.len": "41", - "dns.cname": "brands.lighting.philips.com.edgekey.net" - }, - "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { - "dns.resp.name": "brands.lighting.philips.com.edgekey.net", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "16752", - "dns.resp.len": "22", - "dns.cname": "e15361.b.akamaiedge.net" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "173.223.52.125" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "173.223.52.112" - } - }, - "Authoritative nameservers": { - "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1603", - "dns.resp.len": "6", - "dns.ns": "a0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1603", - "dns.resp.len": "6", - "dns.ns": "n1b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1603", - "dns.resp.len": "6", - "dns.ns": "n3b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1603", - "dns.resp.len": "6", - "dns.ns": "n4b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1603", - "dns.resp.len": "6", - "dns.ns": "n2b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1603", - "dns.resp.len": "6", - "dns.ns": "n6b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1603", - "dns.resp.len": "6", - "dns.ns": "n0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1603", - "dns.resp.len": "6", - "dns.ns": "n5b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1603", - "dns.resp.len": "6", - "dns.ns": "n7b.akamaiedge.net" - } - }, - "Additional records": { - "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { - "dns.resp.name": "n0b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "475", - "dns.resp.len": "4", - "dns.a": "88.221.81.192" - }, - "n1b.akamaiedge.net: type A, class IN, addr 165.254.137.96": { - "dns.resp.name": "n1b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "806", - "dns.resp.len": "4", - "dns.a": "165.254.137.96" - }, - "n2b.akamaiedge.net: type A, class IN, addr 165.254.137.96": { - "dns.resp.name": "n2b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3590", - "dns.resp.len": "4", - "dns.a": "165.254.137.96" - }, - "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.188": { - "dns.resp.name": "n3b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3784", - "dns.resp.len": "4", - "dns.a": "96.17.70.188" - }, - "n4b.akamaiedge.net: type A, class IN, addr 173.197.192.230": { - "dns.resp.name": "n4b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "117", - "dns.resp.len": "4", - "dns.a": "173.197.192.230" - }, - "n5b.akamaiedge.net: type A, class IN, addr 165.254.137.91": { - "dns.resp.name": "n5b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "604", - "dns.resp.len": "4", - "dns.a": "165.254.137.91" - }, - "n6b.akamaiedge.net: type A, class IN, addr 165.254.134.240": { - "dns.resp.name": "n6b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "393", - "dns.resp.len": "4", - "dns.a": "165.254.134.240" - }, - "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.239": { - "dns.resp.name": "n7b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "4359", - "dns.resp.len": "4", - "dns.a": "165.254.134.239" - }, - "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { - "dns.resp.name": "a0b.akamaiedge.net", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1614", - "dns.resp.len": "16", - "dns.aaaa": "2600:1480:e800::c0" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:19.277986000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496099.277986000", - "frame.time_delta": "0.000870000", - "frame.time_delta_displayed": "0.000870000", - "frame.time_relative": "2507.817300000", - "frame.number": "8915", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000a976", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000eda8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "173.223.52.125", - "ip.addr": "173.223.52.125", - "ip.dst_host": "173.223.52.125", - "ip.host": "173.223.52.125", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS20940 Akamai International B.V., Cambridge, MA, 42.362598, -71.084297": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS20940 Akamai International B.V.", - "ip.geoip.asnum": "AS20940 Akamai International B.V.", - "ip.geoip.dst_city": "Cambridge, MA", - "ip.geoip.city": "Cambridge, MA", - "ip.geoip.dst_lat": "42.362598", - "ip.geoip.lat": "42.362598", - "ip.geoip.dst_lon": "-71.084297", - "ip.geoip.lon": "-71.084297" - } - }, - "tcp": { - "tcp.srcport": "57703", - "tcp.dstport": "443", - "tcp.port": "57703", - "tcp.port": "443", - "tcp.stream": "343", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 443", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x000018c4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:19.281261000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496099.281261000", - "frame.time_delta": "0.003275000", - "frame.time_delta_displayed": "0.003275000", - "frame.time_relative": "2507.820575000", - "frame.number": "8916", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "56", - "ip.proto": "6", - "ip.checksum": "0x00009f1f", - "ip.checksum.status": "2", - "ip.src": "173.223.52.125", - "ip.addr": "173.223.52.125", - "ip.src_host": "173.223.52.125", - "ip.host": "173.223.52.125", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS20940 Akamai International B.V., Cambridge, MA, 42.362598, -71.084297": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS20940 Akamai International B.V.", - "ip.geoip.asnum": "AS20940 Akamai International B.V.", - "ip.geoip.src_city": "Cambridge, MA", - "ip.geoip.city": "Cambridge, MA", - "ip.geoip.src_lat": "42.362598", - "ip.geoip.lat": "42.362598", - "ip.geoip.src_lon": "-71.084297", - "ip.geoip.lon": "-71.084297" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "57703", - "tcp.port": "443", - "tcp.port": "57703", - "tcp.stream": "343", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 443", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00009486", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:05", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 5 (multiply by 32)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "5", - "tcp.options.wscale.multiplier": "32" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8915", - "tcp.analysis.ack_rtt": "0.003275000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:19.281792000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496099.281792000", - "frame.time_delta": "0.000531000", - "frame.time_delta_displayed": "0.000531000", - "frame.time_relative": "2507.821106000", - "frame.number": "8917", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000a977", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000edb3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "173.223.52.125", - "ip.addr": "173.223.52.125", - "ip.dst_host": "173.223.52.125", - "ip.host": "173.223.52.125", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS20940 Akamai International B.V., Cambridge, MA, 42.362598, -71.084297": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS20940 Akamai International B.V.", - "ip.geoip.asnum": "AS20940 Akamai International B.V.", - "ip.geoip.dst_city": "Cambridge, MA", - "ip.geoip.city": "Cambridge, MA", - "ip.geoip.dst_lat": "42.362598", - "ip.geoip.lat": "42.362598", - "ip.geoip.dst_lon": "-71.084297", - "ip.geoip.lon": "-71.084297" - } - }, - "tcp": { - "tcp.srcport": "57703", - "tcp.dstport": "443", - "tcp.port": "57703", - "tcp.port": "443", - "tcp.stream": "343", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3650", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00003925", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8916", - "tcp.analysis.ack_rtt": "0.000531000", - "tcp.analysis.initial_rtt": "0.003806000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:19.281804000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496099.281804000", - "frame.time_delta": "0.000012000", - "frame.time_delta_displayed": "0.000012000", - "frame.time_relative": "2507.821118000", - "frame.number": "8918", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000a978", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000edb2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "173.223.52.125", - "ip.addr": "173.223.52.125", - "ip.dst_host": "173.223.52.125", - "ip.host": "173.223.52.125", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS20940 Akamai International B.V., Cambridge, MA, 42.362598, -71.084297": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS20940 Akamai International B.V.", - "ip.geoip.asnum": "AS20940 Akamai International B.V.", - "ip.geoip.dst_city": "Cambridge, MA", - "ip.geoip.city": "Cambridge, MA", - "ip.geoip.dst_lat": "42.362598", - "ip.geoip.lat": "42.362598", - "ip.geoip.dst_lon": "-71.084297", - "ip.geoip.lon": "-71.084297" - } - }, - "tcp": { - "tcp.srcport": "57703", - "tcp.dstport": "443", - "tcp.port": "57703", - "tcp.port": "443", - "tcp.stream": "343", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3650", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00003924", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:19.285180000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496099.285180000", - "frame.time_delta": "0.003376000", - "frame.time_delta_displayed": "0.003376000", - "frame.time_relative": "2507.824494000", - "frame.number": "8919", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000f230", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "56", - "ip.proto": "6", - "ip.checksum": "0x0000acfa", - "ip.checksum.status": "2", - "ip.src": "173.223.52.125", - "ip.addr": "173.223.52.125", - "ip.src_host": "173.223.52.125", - "ip.host": "173.223.52.125", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS20940 Akamai International B.V., Cambridge, MA, 42.362598, -71.084297": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS20940 Akamai International B.V.", - "ip.geoip.asnum": "AS20940 Akamai International B.V.", - "ip.geoip.src_city": "Cambridge, MA", - "ip.geoip.city": "Cambridge, MA", - "ip.geoip.src_lat": "42.362598", - "ip.geoip.lat": "42.362598", - "ip.geoip.src_lon": "-71.084297", - "ip.geoip.lon": "-71.084297" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "57703", - "tcp.port": "443", - "tcp.port": "57703", - "tcp.stream": "343", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "2", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "913", - "tcp.window_size": "29216", - "tcp.window_size_scalefactor": "32", - "tcp.checksum": "0x000043d4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8918", - "tcp.analysis.ack_rtt": "0.003376000", - "tcp.analysis.initial_rtt": "0.003806000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:19.285649000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496099.285649000", - "frame.time_delta": "0.000469000", - "frame.time_delta_displayed": "0.000469000", - "frame.time_relative": "2507.824963000", - "frame.number": "8920", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000a979", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000edb1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "173.223.52.125", - "ip.addr": "173.223.52.125", - "ip.dst_host": "173.223.52.125", - "ip.host": "173.223.52.125", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS20940 Akamai International B.V., Cambridge, MA, 42.362598, -71.084297": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS20940 Akamai International B.V.", - "ip.geoip.asnum": "AS20940 Akamai International B.V.", - "ip.geoip.dst_city": "Cambridge, MA", - "ip.geoip.city": "Cambridge, MA", - "ip.geoip.dst_lat": "42.362598", - "ip.geoip.lat": "42.362598", - "ip.geoip.dst_lon": "-71.084297", - "ip.geoip.lon": "-71.084297" - } - }, - "tcp": { - "tcp.srcport": "57703", - "tcp.dstport": "443", - "tcp.port": "57703", - "tcp.port": "443", - "tcp.stream": "343", - "tcp.len": "0", - "tcp.seq": "2", - "tcp.ack": "2", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3650", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00003923", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8919", - "tcp.analysis.ack_rtt": "0.000469000", - "tcp.analysis.initial_rtt": "0.003806000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:23.067646000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496103.067646000", - "frame.time_delta": "3.781997000", - "frame.time_delta_displayed": "3.781997000", - "frame.time_relative": "2511.606960000", - "frame.number": "8921", - "frame.len": "297", - "frame.cap_len": "297", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "283", - "ip.id": "0x00002e33", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003665", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "231", - "tcp.seq": "23482", - "tcp.nxtseq": "23713", - "tcp.ack": "106988", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00004899", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a4:90:13:00:28:83:00", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812579859, TSecr 2654976": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812579859", - "tcp.options.timestamp.tsecr": "2654976" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "231", - "tcp.analysis.push_bytes_sent": "231" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "226", - "ssl.app_data": "34:cd:34:17:47:48:0e:f6:11:f8:e4:77:a0:d5:c2:13:51:62:c2:6d:95:b8:13:23:e4:22:32:28:d6:46:89:d4:c1:4c:f1:0f:7b:4b:11:8a:1f:19:62:ae:c3:13:33:a5:00:5f:fd:cf:a5:50:3c:66:04:b6:83:21:fd:3b:b4:c3:d1:36:05:7d:30:8b:d1:48:d7:42:49:7c:6a:eb:a7:0a:8c:eb:6c:e6:45:02:23:5e:49:17:27:57:8b:0d:12:7d:00:12:f3:c4:8f:f3:57:67:7e:df:9c:bf:c8:40:3b:9d:9b:dc:e7:2b:d1:4c:43:4d:44:89:b6:0b:a0:02:11:be:9e:9a:7f:95:47:b9:03:62:70:2c:1b:94:19:7e:96:c9:6a:d1:bd:8e:60:0a:b2:b8:ea:57:20:c7:71:c9:23:37:fd:5f:62:15:63:5d:8b:9c:a6:fb:20:54:5c:3f:18:fb:cd:82:92:7e:e0:71:18:1c:33:c5:75:41:c7:36:c7:bf:37:e2:f4:83:90:e9:68:8e:26:43:f4:15:17:19:a1:1c:93:09:07:f6:54:5e:1c:5b:c9:4e:2c:11:4a:41:29:6a:5c:f6" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:23.074667000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496103.074667000", - "frame.time_delta": "0.007021000", - "frame.time_delta_displayed": "0.007021000", - "frame.time_relative": "2511.613981000", - "frame.number": "8922", - "frame.len": "119", - "frame.cap_len": "119", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "105", - "ip.id": "0x0000973e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000760c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "53", - "tcp.seq": "106988", - "tcp.nxtseq": "107041", - "tcp.ack": "23713", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000046d9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:86:0f:a7:a4:90:13", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2655759, TSecr 2812579859": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2655759", - "tcp.options.timestamp.tsecr": "2812579859" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8921", - "tcp.analysis.ack_rtt": "0.007021000", - "tcp.analysis.bytes_in_flight": "53", - "tcp.analysis.push_bytes_sent": "53" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "48", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:db:25:8d:fd:e3:b3:fe:87:db:27:99:da:6b:36:67:df:50:30:44:3e:75:cb:ae:46:8c:fd:64:1e:be:b8:0c:a6:92:ec:d8:fb:ce:91:19:bf:e9" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:23.076142000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496103.076142000", - "frame.time_delta": "0.001475000", - "frame.time_delta_displayed": "0.001475000", - "frame.time_relative": "2511.615456000", - "frame.number": "8923", - "frame.len": "74", - "frame.cap_len": "74", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "14:91:82:25:10:77", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "60", - "ip.id": "0x0000d5f4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e243", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.dst_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "36225", - "tcp.dstport": "49154", - "tcp.port": "36225", - "tcp.port": "49154", - "tcp.stream": "344", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "40", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 49154", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "14600", - "tcp.window_size": "14600", - "tcp.checksum": "0x0000168f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:04:02:08:0a:00:28:86:0f:00:00:00:00:01:03:03:06", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "Timestamps: TSval 2655759, TSecr 0": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2655759", - "tcp.options.timestamp.tsecr": "0" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 6 (multiply by 64)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "6", - "tcp.options.wscale.multiplier": "64" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:23.078229000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496103.078229000", - "frame.time_delta": "0.002087000", - "frame.time_delta_displayed": "0.002087000", - "frame.time_relative": "2511.617543000", - "frame.number": "8924", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "14:91:82:25:10:77", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b840", - "ip.checksum.status": "2", - "ip.src": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.src_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "49154", - "tcp.dstport": "36225", - "tcp.port": "49154", - "tcp.port": "36225", - "tcp.stream": "344", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 49154", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "5840", - "tcp.window_size": "5840", - "tcp.checksum": "0x00002f21", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:01", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 1 (multiply by 2)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "1", - "tcp.options.wscale.multiplier": "2" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8923", - "tcp.analysis.ack_rtt": "0.002087000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:23.078638000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496103.078638000", - "frame.time_delta": "0.000409000", - "frame.time_delta_displayed": "0.000409000", - "frame.time_relative": "2511.617952000", - "frame.number": "8925", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "14:91:82:25:10:77", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d5f5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e256", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.dst_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "36225", - "tcp.dstport": "49154", - "tcp.port": "36225", - "tcp.port": "49154", - "tcp.stream": "344", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "229", - "tcp.window_size": "14656", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x000085d8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8924", - "tcp.analysis.ack_rtt": "0.000409000", - "tcp.analysis.initial_rtt": "0.002496000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:23.089137000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496103.089137000", - "frame.time_delta": "0.010499000", - "frame.time_delta_displayed": "0.010499000", - "frame.time_relative": "2511.628451000", - "frame.number": "8926", - "frame.len": "233", - "frame.cap_len": "233", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:data" - }, - "eth": { - "eth.dst": "14:91:82:25:10:77", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "219", - "ip.id": "0x0000d5f6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e1a2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.dst_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "36225", - "tcp.dstport": "49154", - "tcp.port": "36225", - "tcp.port": "49154", - "tcp.stream": "344", - "tcp.len": "179", - "tcp.seq": "1", - "tcp.nxtseq": "180", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "229", - "tcp.window_size": "14656", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000661f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002496000", - "tcp.analysis.bytes_in_flight": "179", - "tcp.analysis.push_bytes_sent": "179" - } - }, - "http": { - "SUBSCRIBE \/upnp\/event\/basicevent1 HTTP\/1.1\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "SUBSCRIBE \/upnp\/event\/basicevent1 HTTP\/1.1\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "SUBSCRIBE", - "http.request.uri": "\/upnp\/event\/basicevent1", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.65:49154", - "http.unknown_header": "CALLBACK: <http:\/\/192.168.0.242:39500\/>\\n", - "http.unknown_header": "NT: upnp:event\\n", - "http.unknown_header": "TIMEOUT: Second-5400\\n", - "http.user_agent": "CyberGarage-HTTP\/1.0", - "\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.65:49154\/upnp\/event\/basicevent1", - "http.notification": "1", - "http.file_data": "\n", - "data": { - "data.data": "0a", - "data.len": "1" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:23.092899000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496103.092899000", - "frame.time_delta": "0.003762000", - "frame.time_delta_displayed": "0.003762000", - "frame.time_relative": "2511.632213000", - "frame.number": "8927", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "14:91:82:25:10:77", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000f7d8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000c073", - "ip.checksum.status": "2", - "ip.src": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.src_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "49154", - "tcp.dstport": "36225", - "tcp.port": "49154", - "tcp.port": "36225", - "tcp.stream": "344", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "180", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "2920", - "tcp.window_size": "5840", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x00007aa2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8926", - "tcp.analysis.ack_rtt": "0.003762000", - "tcp.analysis.initial_rtt": "0.002496000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:23.096922000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496103.096922000", - "frame.time_delta": "0.004023000", - "frame.time_delta_displayed": "0.004023000", - "frame.time_relative": "2511.636236000", - "frame.number": "8928", - "frame.len": "267", - "frame.cap_len": "267", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "14:91:82:25:10:77", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "253", - "ip.id": "0x0000f7d9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000bf9d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.src_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "49154", - "tcp.dstport": "36225", - "tcp.port": "49154", - "tcp.port": "36225", - "tcp.stream": "344", - "tcp.len": "213", - "tcp.seq": "1", - "tcp.nxtseq": "214", - "tcp.ack": "180", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "2920", - "tcp.window_size": "5840", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x00008e62", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002496000", - "tcp.analysis.bytes_in_flight": "213", - "tcp.analysis.push_bytes_sent": "213" - } - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.date": "Wed, 01 Nov 2017 00:28:23 GMT", - "http.response.line": "DATE: Wed, 01 Nov 2017 00:28:23 GMT\r\n", - "http.server": "Unspecified, UPnP\/1.0, Unspecified", - "http.response.line": "SERVER: Unspecified, UPnP\/1.0, Unspecified\r\n", - "http.content_length_header": "0", - "http.content_length_header_tree": { - "http.content_length": "0" - }, - "http.response.line": "CONTENT-LENGTH: 0\r\n", - "http.response.line": "X-User-Agent: redsonic\r\n", - "http.response.line": "SID: uuid:91a61178-1dd2-11b2-be5b-b0ef260068aa\r\n", - "http.response.line": "TIMEOUT: Second-5400\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:23.097345000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496103.097345000", - "frame.time_delta": "0.000423000", - "frame.time_delta_displayed": "0.000423000", - "frame.time_relative": "2511.636659000", - "frame.number": "8929", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "14:91:82:25:10:77", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d5f7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e254", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.dst_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "36225", - "tcp.dstport": "49154", - "tcp.port": "36225", - "tcp.port": "49154", - "tcp.stream": "344", - "tcp.len": "0", - "tcp.seq": "180", - "tcp.ack": "214", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "245", - "tcp.window_size": "15680", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x00008440", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8928", - "tcp.analysis.ack_rtt": "0.000423000", - "tcp.analysis.initial_rtt": "0.002496000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:23.100769000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496103.100769000", - "frame.time_delta": "0.003424000", - "frame.time_delta_displayed": "0.003424000", - "frame.time_relative": "2511.640083000", - "frame.number": "8930", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "14:91:82:25:10:77", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x000054fe", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006342", - "ip.checksum.status": "2", - "ip.src": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.src_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "4471", - "tcp.dstport": "39500", - "tcp.port": "4471", - "tcp.port": "39500", - "tcp.stream": "345", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 39500", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "5840", - "tcp.window_size": "5840", - "tcp.checksum": "0x0000d572", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:01", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 1 (multiply by 2)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "1", - "tcp.options.wscale.multiplier": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:23.100912000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496103.100912000", - "frame.time_delta": "0.000143000", - "frame.time_delta_displayed": "0.000143000", - "frame.time_relative": "2511.640226000", - "frame.number": "8931", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "14:91:82:25:10:77", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000f7da", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000c071", - "ip.checksum.status": "2", - "ip.src": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.src_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "49154", - "tcp.dstport": "36225", - "tcp.port": "49154", - "tcp.port": "36225", - "tcp.stream": "344", - "tcp.len": "0", - "tcp.seq": "214", - "tcp.ack": "180", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "2920", - "tcp.window_size": "5840", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x000079cc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:23.101170000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496103.101170000", - "frame.time_delta": "0.000258000", - "frame.time_delta_displayed": "0.000258000", - "frame.time_relative": "2511.640484000", - "frame.number": "8932", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "14:91:82:25:10:77", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b840", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.dst_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "39500", - "tcp.dstport": "4471", - "tcp.port": "39500", - "tcp.port": "4471", - "tcp.stream": "345", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 39500", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "14600", - "tcp.window_size": "14600", - "tcp.checksum": "0x0000ee43", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:06", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 6 (multiply by 64)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "6", - "tcp.options.wscale.multiplier": "64" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8930", - "tcp.analysis.ack_rtt": "0.000401000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:23.106237000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496103.106237000", - "frame.time_delta": "0.005067000", - "frame.time_delta_displayed": "0.005067000", - "frame.time_relative": "2511.645551000", - "frame.number": "8933", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "14:91:82:25:10:77", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000054ff", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000634d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.src_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "4471", - "tcp.dstport": "39500", - "tcp.port": "4471", - "tcp.port": "39500", - "tcp.stream": "345", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "2920", - "tcp.window_size": "5840", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x00005cb5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8932", - "tcp.analysis.ack_rtt": "0.005067000", - "tcp.analysis.initial_rtt": "0.005468000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:23.106365000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496103.106365000", - "frame.time_delta": "0.000128000", - "frame.time_delta_displayed": "0.000128000", - "frame.time_relative": "2511.645679000", - "frame.number": "8934", - "frame.len": "258", - "frame.cap_len": "258", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "14:91:82:25:10:77", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "244", - "ip.id": "0x00005500", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006280", - "ip.checksum.status": "2", - "ip.src": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.src_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "4471", - "tcp.dstport": "39500", - "tcp.port": "4471", - "tcp.port": "39500", - "tcp.stream": "345", - "tcp.len": "204", - "tcp.seq": "1", - "tcp.nxtseq": "205", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "2920", - "tcp.window_size": "5840", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x0000d88c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005468000", - "tcp.analysis.bytes_in_flight": "204", - "tcp.analysis.push_bytes_sent": "204" - }, - "tcp.segment_data": "4e:4f:54:49:46:59:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:4f:53:54:3a:20:31:39:32:2e:31:36:38:2e:30:2e:32:34:32:3a:33:39:35:30:30:0d:0a:43:4f:4e:54:45:4e:54:2d:54:59:50:45:3a:20:74:65:78:74:2f:78:6d:6c:3b:20:63:68:61:72:73:65:74:3d:22:75:74:66:2d:38:22:0d:0a:43:4f:4e:54:45:4e:54:2d:4c:45:4e:47:54:48:3a:20:31:37:36:0d:0a:4e:54:3a:20:75:70:6e:70:3a:65:76:65:6e:74:0d:0a:4e:54:53:3a:20:75:70:6e:70:3a:70:72:6f:70:63:68:61:6e:67:65:0d:0a:53:49:44:3a:20:75:75:69:64:3a:39:31:61:36:31:31:37:38:2d:31:64:64:32:2d:31:31:62:32:2d:62:65:35:62:2d:62:30:65:66:32:36:30:30:36:38:61:61:0d:0a:53:45:51:3a:20:30:0d:0a:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:23.106759000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496103.106759000", - "frame.time_delta": "0.000394000", - "frame.time_delta_displayed": "0.000394000", - "frame.time_relative": "2511.646073000", - "frame.number": "8935", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "14:91:82:25:10:77", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000030e9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008763", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.dst_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "39500", - "tcp.dstport": "4471", - "tcp.port": "39500", - "tcp.port": "4471", - "tcp.stream": "345", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "205", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "245", - "tcp.window_size": "15680", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000665c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8934", - "tcp.analysis.ack_rtt": "0.000394000", - "tcp.analysis.initial_rtt": "0.005468000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:23.108459000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496103.108459000", - "frame.time_delta": "0.001700000", - "frame.time_delta_displayed": "0.001700000", - "frame.time_relative": "2511.647773000", - "frame.number": "8936", - "frame.len": "231", - "frame.cap_len": "231", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml:http:data" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "14:91:82:25:10:77", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "217", - "ip.id": "0x00005501", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000629a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.src_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "4471", - "tcp.dstport": "39500", - "tcp.port": "4471", - "tcp.port": "39500", - "tcp.stream": "345", - "tcp.len": "177", - "tcp.seq": "205", - "tcp.nxtseq": "382", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "2920", - "tcp.window_size": "5840", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x00002898", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005468000", - "tcp.analysis.bytes_in_flight": "177", - "tcp.analysis.push_bytes_sent": "177" - }, - "tcp.segment_data": "3c:65:3a:70:72:6f:70:65:72:74:79:73:65:74:20:78:6d:6c:6e:73:3a:65:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:65:76:65:6e:74:2d:31:2d:30:22:3e:0a:3c:65:3a:70:72:6f:70:65:72:74:79:3e:0a:3c:42:69:6e:61:72:79:53:74:61:74:65:3e:30:7c:31:35:30:39:34:39:35:31:30:38:7c:30:7c:30:7c:31:34:33:32:30:7c:31:32:30:39:36:30:30:7c:31:35:7c:30:7c:30:7c:34:38:36:30:30:35:31:3c:2f:42:69:6e:61:72:79:53:74:61:74:65:3e:0a:3c:2f:65:3a:70:72:6f:70:65:72:74:79:3e:0a:3c:2f:65:3a:70:72:6f:70:65:72:74:79:73:65:74:3e:0a:0a:0d" - }, - "tcp.segments": { - "tcp.segment": "8934", - "tcp.segment": "8936", - "tcp.segment.count": "2", - "tcp.reassembled.length": "380", - "tcp.reassembled.data": "4e:4f:54:49:46:59:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:4f:53:54:3a:20:31:39:32:2e:31:36:38:2e:30:2e:32:34:32:3a:33:39:35:30:30:0d:0a:43:4f:4e:54:45:4e:54:2d:54:59:50:45:3a:20:74:65:78:74:2f:78:6d:6c:3b:20:63:68:61:72:73:65:74:3d:22:75:74:66:2d:38:22:0d:0a:43:4f:4e:54:45:4e:54:2d:4c:45:4e:47:54:48:3a:20:31:37:36:0d:0a:4e:54:3a:20:75:70:6e:70:3a:65:76:65:6e:74:0d:0a:4e:54:53:3a:20:75:70:6e:70:3a:70:72:6f:70:63:68:61:6e:67:65:0d:0a:53:49:44:3a:20:75:75:69:64:3a:39:31:61:36:31:31:37:38:2d:31:64:64:32:2d:31:31:62:32:2d:62:65:35:62:2d:62:30:65:66:32:36:30:30:36:38:61:61:0d:0a:53:45:51:3a:20:30:0d:0a:0d:0a:3c:65:3a:70:72:6f:70:65:72:74:79:73:65:74:20:78:6d:6c:6e:73:3a:65:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:65:76:65:6e:74:2d:31:2d:30:22:3e:0a:3c:65:3a:70:72:6f:70:65:72:74:79:3e:0a:3c:42:69:6e:61:72:79:53:74:61:74:65:3e:30:7c:31:35:30:39:34:39:35:31:30:38:7c:30:7c:30:7c:31:34:33:32:30:7c:31:32:30:39:36:30:30:7c:31:35:7c:30:7c:30:7c:34:38:36:30:30:35:31:3c:2f:42:69:6e:61:72:79:53:74:61:74:65:3e:0a:3c:2f:65:3a:70:72:6f:70:65:72:74:79:3e:0a:3c:2f:65:3a:70:72:6f:70:65:72:74:79:73:65:74:3e:0a:0a:0d" - }, - "http": { - "NOTIFY \/ HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY \/ HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "\/", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.242:39500", - "http.content_type": "text\/xml; charset=\"utf-8\"", - "http.content_length_header": "176", - "http.content_length_header_tree": { - "http.content_length": "176" - }, - "http.unknown_header": "NT: upnp:event\\r\\n", - "http.unknown_header": "NTS: upnp:propchange\\r\\n", - "http.unknown_header": "SID: uuid:91a61178-1dd2-11b2-be5b-b0ef260068aa\\r\\n", - "http.unknown_header": "SEQ: 0\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.242:39500\/", - "http.notification": "1", - "http.file_data": "<e:propertyset xmlns:e=\"urn:schemas-upnp-org:event-1-0\">\n<e:property>\n<BinaryState>0|1509495108|0|0|14320|1209600|15|0|0|4860051<\/BinaryState>\n<\/e:property>\n<\/e:propertyset>\n\n\r" - }, - "xml": { - "xml.tag": "<e:propertyset xmlns:e=\"urn:schemas-upnp-org:event-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns:e=\"urn:schemas-upnp-org:event-1-0\"", - "xml.tag": "<e:property>", - "xml.tag_tree": { - "xml.tag": "<BinaryState>", - "xml.tag_tree": { - "xml.cdata": "0|1509495108|0|0|14320|1209600|15|0|0|4860051", - "<\/BinaryState>": "" - }, - "<\/e:property>": "" - }, - "<\/e:propertyset>": "" - } - }, - "http": { - "data": { - "data.data": "0a", - "data.len": "1" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:23.108877000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496103.108877000", - "frame.time_delta": "0.000418000", - "frame.time_delta_displayed": "0.000418000", - "frame.time_relative": "2511.648191000", - "frame.number": "8937", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "14:91:82:25:10:77", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000030ea", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008762", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.dst_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "39500", - "tcp.dstport": "4471", - "tcp.port": "39500", - "tcp.port": "4471", - "tcp.stream": "345", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "382", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "262", - "tcp.window_size": "16768", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000659a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8936", - "tcp.analysis.ack_rtt": "0.000418000", - "tcp.analysis.initial_rtt": "0.005468000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:23.133579000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496103.133579000", - "frame.time_delta": "0.024702000", - "frame.time_delta_displayed": "0.024702000", - "frame.time_relative": "2511.672893000", - "frame.number": "8938", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "14:91:82:25:10:77", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d5f8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e253", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.dst_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "36225", - "tcp.dstport": "49154", - "tcp.port": "36225", - "tcp.port": "49154", - "tcp.stream": "344", - "tcp.len": "0", - "tcp.seq": "180", - "tcp.ack": "215", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "245", - "tcp.window_size": "15680", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000843f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8931", - "tcp.analysis.ack_rtt": "0.032667000", - "tcp.analysis.initial_rtt": "0.002496000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:23.134890000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496103.134890000", - "frame.time_delta": "0.001311000", - "frame.time_delta_displayed": "0.001311000", - "frame.time_relative": "2511.674204000", - "frame.number": "8939", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002e34", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000374b", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "23713", - "tcp.ack": "107041", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000938d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a4:90:24:00:28:86:0f", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812579876, TSecr 2655759": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812579876", - "tcp.options.timestamp.tsecr": "2655759" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8922", - "tcp.analysis.ack_rtt": "0.060223000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:23.135376000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496103.135376000", - "frame.time_delta": "0.000486000", - "frame.time_delta_displayed": "0.000486000", - "frame.time_relative": "2511.674690000", - "frame.number": "8940", - "frame.len": "911", - "frame.cap_len": "911", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "897", - "ip.id": "0x0000973f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000072f3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "845", - "tcp.seq": "107041", - "tcp.nxtseq": "107886", - "tcp.ack": "23713", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000209f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:86:15:a7:a4:90:24", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2655765, TSecr 2812579876": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2655765", - "tcp.options.timestamp.tsecr": "2812579876" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "845", - "tcp.analysis.push_bytes_sent": "845" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:dc:39:2c:20:eb:1d:47:18:30:a1:3d:21:63:6e:1c:d7:3f:40:e7:07:9f:72:c9:d4:02:c8:cc:2e:b5:25:d7:bd:c4:27:19:ff:95:07:72:c2:3e:11" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:dd:8e:3c:7d:2d:7c:3a:d6:6f:50:cd:cc:f0:0b:7d:83:a7:ea:0a:d4:1f:35:9f:c1:a9:b8:dc:f7:aa:8f:44:1f:1b:d9:a3:81:f9:93:67:64:92:ce" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "267", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:de:ec:1f:09:12:30:40:1a:f2:c3:d5:07:5f:22:52:0d:07:7c:56:8c:3d:9f:4f:4e:eb:78:ae:4e:b9:6a:dd:ea:5c:9d:89:ea:db:6d:83:f3:b5:48:37:61:37:d7:39:68:22:e0:57:cd:88:4b:1a:16:61:5e:ef:2b:be:cd:b5:49:a6:fd:b5:4d:7b:d9:3f:5f:89:41:8d:e4:57:f6:f5:54:05:a8:a4:e0:90:9f:7c:59:ea:88:e9:c9:65:97:b2:ef:8c:bc:28:57:b5:f4:01:20:ca:39:bf:32:5a:fc:f7:b0:d2:15:64:7a:c1:fe:0f:ce:5a:89:58:d1:2a:a7:f3:88:fd:ba:77:86:3c:8b:87:cd:c0:eb:88:66:31:f9:35:60:ce:5c:3e:12:bd:c3:0d:f5:b6:e2:0a:2e:2e:7a:e6:65:35:1f:5a:46:db:62:27:a2:8a:d6:af:5e:a0:9a:4f:de:0f:c5:61:20:a7:77:93:b3:72:fb:cb:9d:95:b4:49:9a:6f:51:8e:4b:03:c5:30:8d:04:8f:e3:92:7a:dc:d0:58:e3:0c:f0:cb:cb:d4:b8:98:5a:ae:3f:13:2a:a2:23:9b:6a:7e:c2:93:d4:68:49:30:07:c7:e3:86:68:47:07:77:4c:2f:bf:7f:7e:85:76:a8:9f:bb:c3:22:25:31:80:34:62:78:f5:84" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "460", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:df:da:b3:da:19:42:4e:68:8c:bc:22:98:ac:02:ce:e5:ee:a3:39:00:0a:1e:57:8d:51:93:38:9d:52:a6:a7:20:af:89:2d:14:db:9b:14:2e:24:51:3e:2e:1b:1a:1e:34:5b:12:31:05:e0:8d:03:46:ff:ae:75:f5:23:2f:3c:0e:97:d4:4d:f1:69:9d:09:06:22:e5:11:33:f0:a8:87:83:d0:71:53:6b:31:e3:11:00:be:f2:bd:3f:85:4e:9f:3b:8f:17:ef:84:b9:c7:fb:fe:30:f3:81:52:28:93:41:5a:c7:23:61:ea:03:2e:af:0c:32:57:70:da:63:7e:e7:8b:e7:03:e0:2d:dc:2b:2d:25:c0:f8:15:90:b2:86:f6:c5:36:2d:db:bb:d8:c2:2e:70:0e:2c:6b:fc:fa:bf:a9:68:10:7a:a4:fd:ac:eb:4e:bb:b7:b2:4f:a5:ae:e1:3c:69:63:11:39:30:9f:9d:83:18:18:94:fd:eb:2a:d4:d3:fc:9e:99:ef:9a:f7:4b:8b:06:f6:44:4c:96:0a:67:41:99:a2:31:ee:34:3c:d2:0a:03:72:07:fe:c5:ee:05:e2:a8:50:4b:a0:24:09:6d:69:b4:3d:fc:e8:39:62:2c:56:fb:c6:8b:b8:7b:25:74:82:44:3c:b9:e7:c9:b8:25:f2:29:0d:9f:43:09:0d:2e:a9:f9:81:55:40:b0:93:00:65:ab:5e:8e:a6:78:c8:56:cd:23:55:5f:eb:5d:b9:c4:8a:95:ba:ee:c8:cc:0c:38:61:01:63:4f:fa:88:e3:7a:b6:d3:6e:9e:7f:6c:a3:96:cd:31:60:ae:51:d1:4a:63:e5:46:ca:d8:ed:af:24:5b:49:fd:1b:d8:a9:01:01:1f:24:76:0b:aa:43:86:a9:ae:fd:8f:cb:4d:b8:39:6c:30:2f:50:d2:f9:2d:b7:4f:0d:59:68:cc:24:5a:6e:25:e4:1b:18:fe:95:83:b4:87:14:1e:35:a6:9b:64:29:06:31:5d:cf:c3:b5:0a:d5:0f:01:33:ed:41:b9:bb:cd:5f:c8:7c:e9:d4:ff:a5:c1:4b:69:83:48:17:59:e1:fc:b4:fd:f7:73:4b:ca:79:73:d8:f4:94:7e:f5:cc:01:f5:e1:fb:48:35:c0:97:e5:4b:ff:a2:81:42:26:82:05:e0:cd:2d:61:7c:4e:53:35:59:5f" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:23.195617000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496103.195617000", - "frame.time_delta": "0.060241000", - "frame.time_delta_displayed": "0.060241000", - "frame.time_relative": "2511.734931000", - "frame.number": "8941", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002e35", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000374a", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "23713", - "tcp.ack": "107886", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000902b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a4:90:33:00:28:86:15", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812579891, TSecr 2655765": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812579891", - "tcp.options.timestamp.tsecr": "2655765" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8940", - "tcp.analysis.ack_rtt": "0.060241000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:23.198484000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496103.198484000", - "frame.time_delta": "0.002867000", - "frame.time_delta_displayed": "0.002867000", - "frame.time_relative": "2511.737798000", - "frame.number": "8942", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002e36", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000371a", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "23713", - "tcp.nxtseq": "23760", - "tcp.ack": "107886", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000d2cd", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a4:90:34:00:28:86:15", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812579892, TSecr 2655765": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812579892", - "tcp.options.timestamp.tsecr": "2655765" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:f7:02:f2:17:37:c5:b5:88:ff:78:cc:65:8a:80:27:8d:5d:dd:43:41:1f:87:2f:b6:1f:7e:3d:38:b0:7f:1f:c6:4f:b6:8b" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:23.202502000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496103.202502000", - "frame.time_delta": "0.004018000", - "frame.time_delta_displayed": "0.004018000", - "frame.time_relative": "2511.741816000", - "frame.number": "8943", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00009740", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007610", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "107886", - "tcp.nxtseq": "107933", - "tcp.ack": "23760", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000694d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:86:1b:a7:a4:90:34", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2655771, TSecr 2812579892": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2655771", - "tcp.options.timestamp.tsecr": "2812579892" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8942", - "tcp.analysis.ack_rtt": "0.004018000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:e0:72:7a:4b:56:70:e8:ae:d6:9f:2c:82:ff:45:22:af:cf:d0:33:bd:8e:82:60:ad:96:9d:4a:e9:14:40:9f:b0:84:36:5a" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:23.224729000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496103.224729000", - "frame.time_delta": "0.022227000", - "frame.time_delta_displayed": "0.022227000", - "frame.time_relative": "2511.764043000", - "frame.number": "8944", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "14:91:82:25:10:77", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000d5f9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000e252", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.dst_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "36225", - "tcp.dstport": "49154", - "tcp.port": "36225", - "tcp.port": "49154", - "tcp.stream": "344", - "tcp.len": "0", - "tcp.seq": "180", - "tcp.ack": "215", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "245", - "tcp.window_size": "15680", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000843e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:23.226680000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496103.226680000", - "frame.time_delta": "0.001951000", - "frame.time_delta_displayed": "0.001951000", - "frame.time_relative": "2511.765994000", - "frame.number": "8945", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "14:91:82:25:10:77", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b84c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.src_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "49154", - "tcp.dstport": "36225", - "tcp.port": "49154", - "tcp.port": "36225", - "tcp.stream": "344", - "tcp.len": "0", - "tcp.seq": "215", - "tcp.ack": "181", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "2920", - "tcp.window_size": "5840", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x000079cb", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8944", - "tcp.analysis.ack_rtt": "0.001951000", - "tcp.analysis.initial_rtt": "0.002496000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:23.263225000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496103.263225000", - "frame.time_delta": "0.036545000", - "frame.time_delta_displayed": "0.036545000", - "frame.time_relative": "2511.802539000", - "frame.number": "8946", - "frame.len": "151", - "frame.cap_len": "151", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "137", - "ip.id": "0x00002e37", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000036f3", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "85", - "tcp.seq": "23760", - "tcp.nxtseq": "23845", - "tcp.ack": "107933", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000e114", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a4:90:44:00:28:86:1b", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812579908, TSecr 2655771": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812579908", - "tcp.options.timestamp.tsecr": "2655771" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8943", - "tcp.analysis.ack_rtt": "0.060723000", - "tcp.analysis.bytes_in_flight": "85", - "tcp.analysis.push_bytes_sent": "85" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "80", - "ssl.app_data": "34:cd:34:17:47:48:0e:f8:66:4f:98:a0:95:24:fb:45:57:a3:d3:1b:08:59:bb:e4:81:50:d8:6e:ad:8e:82:c4:53:14:c7:f7:e4:0c:bb:f8:ef:1f:13:f3:59:8f:42:72:ea:44:c8:ef:73:26:f1:66:96:82:6b:cc:65:8e:52:5a:29:1d:7d:51:c7:52:ee:a0:a1:cb:95:82:a8:64:11:80" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:23.263734000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496103.263734000", - "frame.time_delta": "0.000509000", - "frame.time_delta_displayed": "0.000509000", - "frame.time_relative": "2511.803048000", - "frame.number": "8947", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "106", - "ip.id": "0x00009741", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007608", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "54", - "tcp.seq": "107933", - "tcp.nxtseq": "107987", - "tcp.ack": "23845", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000069f1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:86:22:a7:a4:90:44", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2655778, TSecr 2812579908": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2655778", - "tcp.options.timestamp.tsecr": "2812579908" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8946", - "tcp.analysis.ack_rtt": "0.000509000", - "tcp.analysis.bytes_in_flight": "54", - "tcp.analysis.push_bytes_sent": "54" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:e1:db:fa:fe:d3:5e:2b:3e:31:c7:9e:e1:a8:da:76:14:24:91:f4:5a:ed:b9:8e:a8:19:bb:03:d5:1f:fe:f1:99:e0:54:46:2f:e3:1b:3c:0f:47:e5" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:23.274088000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496103.274088000", - "frame.time_delta": "0.010354000", - "frame.time_delta_displayed": "0.010354000", - "frame.time_relative": "2511.813402000", - "frame.number": "8948", - "frame.len": "92", - "frame.cap_len": "92", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "14:91:82:25:10:77", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "78", - "ip.id": "0x000030eb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000873b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.dst_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "39500", - "tcp.dstport": "4471", - "tcp.port": "39500", - "tcp.port": "4471", - "tcp.stream": "345", - "tcp.len": "38", - "tcp.seq": "1", - "tcp.nxtseq": "39", - "tcp.ack": "382", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "262", - "tcp.window_size": "16768", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x00007225", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.005468000", - "tcp.analysis.bytes_in_flight": "38", - "tcp.analysis.push_bytes_sent": "38" - } - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.connection": "close", - "http.response.line": "Connection: close\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:23.275516000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496103.275516000", - "frame.time_delta": "0.001428000", - "frame.time_delta_displayed": "0.001428000", - "frame.time_relative": "2511.814830000", - "frame.number": "8949", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "14:91:82:25:10:77", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005502", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000634a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.src_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "4471", - "tcp.dstport": "39500", - "tcp.port": "4471", - "tcp.port": "39500", - "tcp.stream": "345", - "tcp.len": "0", - "tcp.seq": "382", - "tcp.ack": "39", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "2920", - "tcp.window_size": "5840", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x00005b12", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8948", - "tcp.analysis.ack_rtt": "0.001428000", - "tcp.analysis.initial_rtt": "0.005468000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:23.276560000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496103.276560000", - "frame.time_delta": "0.001044000", - "frame.time_delta_displayed": "0.001044000", - "frame.time_relative": "2511.815874000", - "frame.number": "8950", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "14:91:82:25:10:77", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005503", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006349", - "ip.checksum.status": "2", - "ip.src": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.src_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "4471", - "tcp.dstport": "39500", - "tcp.port": "4471", - "tcp.port": "39500", - "tcp.stream": "345", - "tcp.len": "0", - "tcp.seq": "382", - "tcp.ack": "39", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "2920", - "tcp.window_size": "5840", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x00005b11", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:23.277206000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496103.277206000", - "frame.time_delta": "0.000646000", - "frame.time_delta_displayed": "0.000646000", - "frame.time_relative": "2511.816520000", - "frame.number": "8951", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "14:91:82:25:10:77", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000030ec", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00008760", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.dst_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "39500", - "tcp.dstport": "4471", - "tcp.port": "39500", - "tcp.port": "4471", - "tcp.stream": "345", - "tcp.len": "0", - "tcp.seq": "39", - "tcp.ack": "383", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "262", - "tcp.window_size": "16768", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x00006572", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8950", - "tcp.analysis.ack_rtt": "0.000646000", - "tcp.analysis.initial_rtt": "0.005468000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:23.278709000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496103.278709000", - "frame.time_delta": "0.001503000", - "frame.time_delta_displayed": "0.001503000", - "frame.time_relative": "2511.818023000", - "frame.number": "8952", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "14:91:82:25:10:77", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005504", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006348", - "ip.checksum.status": "2", - "ip.src": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.src_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "4471", - "tcp.dstport": "39500", - "tcp.port": "4471", - "tcp.port": "39500", - "tcp.stream": "345", - "tcp.len": "0", - "tcp.seq": "383", - "tcp.ack": "40", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "2920", - "tcp.window_size": "5840", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x00005b10", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8951", - "tcp.analysis.ack_rtt": "0.001503000", - "tcp.analysis.initial_rtt": "0.005468000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:23.366004000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496103.366004000", - "frame.time_delta": "0.087295000", - "frame.time_delta_displayed": "0.087295000", - "frame.time_relative": "2511.905318000", - "frame.number": "8953", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002e38", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003747", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "23845", - "tcp.ack": "107987", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00008f0a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a4:90:5e:00:28:86:22", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812579934, TSecr 2655778": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812579934", - "tcp.options.timestamp.tsecr": "2655778" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8947", - "tcp.analysis.ack_rtt": "0.102270000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:23.366500000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496103.366500000", - "frame.time_delta": "0.000496000", - "frame.time_delta_displayed": "0.000496000", - "frame.time_relative": "2511.905814000", - "frame.number": "8954", - "frame.len": "192", - "frame.cap_len": "192", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "178", - "ip.id": "0x00009742", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000075bf", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "126", - "tcp.seq": "107987", - "tcp.nxtseq": "108113", - "tcp.ack": "23845", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000dcf7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:86:2c:a7:a4:90:5e", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2655788, TSecr 2812579934": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2655788", - "tcp.options.timestamp.tsecr": "2812579934" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "126", - "tcp.analysis.push_bytes_sent": "126" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:e2:2e:79:bc:c3:a2:01:5d:ac:68:fd:14:8f:fd:56:f0:6c:ac:e1:6c:8a:e2:73:c1:0e:bd:3d:69:4b:2f:77:3e:eb:67:33" - }, - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "74", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:e3:fe:2a:8e:66:3e:26:9c:07:8c:16:57:b6:25:25:70:7f:d9:c1:2d:d4:2d:52:2e:fa:69:3e:c1:6e:ef:44:d5:54:e5:56:6b:25:46:bc:e1:24:ff:c7:db:44:7f:57:4c:88:90:d1:d9:96:cc:0e:8d:62:e4:c1:f2:9f:83:08:b9:50:39:26" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:23.427174000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496103.427174000", - "frame.time_delta": "0.060674000", - "frame.time_delta_displayed": "0.060674000", - "frame.time_relative": "2511.966488000", - "frame.number": "8955", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002e39", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003746", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "23845", - "tcp.ack": "108113", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00008e73", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a4:90:6d:00:28:86:2c", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812579949, TSecr 2655788": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812579949", - "tcp.options.timestamp.tsecr": "2655788" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8954", - "tcp.analysis.ack_rtt": "0.060674000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:23.427661000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496103.427661000", - "frame.time_delta": "0.000487000", - "frame.time_delta_displayed": "0.000487000", - "frame.time_relative": "2511.966975000", - "frame.number": "8956", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002e3a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003716", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "23845", - "tcp.nxtseq": "23892", - "tcp.ack": "108113", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00007d25", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a4:90:6d:00:28:86:2c", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812579949, TSecr 2655788": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812579949", - "tcp.options.timestamp.tsecr": "2655788" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:f9:52:af:70:60:14:03:e9:5d:38:d4:49:7e:76:ba:d2:77:30:90:56:50:a6:42:e3:28:c6:6e:71:32:d2:ea:05:f3:a7:e6" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:23.431563000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496103.431563000", - "frame.time_delta": "0.003902000", - "frame.time_delta_displayed": "0.003902000", - "frame.time_relative": "2511.970877000", - "frame.number": "8957", - "frame.len": "115", - "frame.cap_len": "115", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "101", - "ip.id": "0x00009743", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000760b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "49", - "tcp.seq": "108113", - "tcp.nxtseq": "108162", - "tcp.ack": "23892", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000d251", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:86:32:a7:a4:90:6d", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2655794, TSecr 2812579949": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2655794", - "tcp.options.timestamp.tsecr": "2812579949" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8956", - "tcp.analysis.ack_rtt": "0.003902000", - "tcp.analysis.bytes_in_flight": "49", - "tcp.analysis.push_bytes_sent": "49" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "44", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:e4:4f:08:67:fc:45:e2:17:0a:b0:8f:df:0d:4b:a7:77:39:5b:12:9f:23:50:7d:ec:91:66:23:2a:90:66:d0:71:36:ad:32:ef:32" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:23.529848000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496103.529848000", - "frame.time_delta": "0.098285000", - "frame.time_delta_displayed": "0.098285000", - "frame.time_relative": "2512.069162000", - "frame.number": "8958", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002e3b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003744", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "23892", - "tcp.ack": "108162", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00008df3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a4:90:87:00:28:86:32", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812579975, TSecr 2655794": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812579975", - "tcp.options.timestamp.tsecr": "2655794" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8957", - "tcp.analysis.ack_rtt": "0.098285000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:24.371489000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496104.371489000", - "frame.time_delta": "0.841641000", - "frame.time_delta_displayed": "0.841641000", - "frame.time_relative": "2512.910803000", - "frame.number": "8959", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "14:91:82:25:10:77", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x000012a7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a599", - "ip.checksum.status": "2", - "ip.src": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.src_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "4472", - "tcp.dstport": "39500", - "tcp.port": "4472", - "tcp.port": "39500", - "tcp.stream": "346", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 39500", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "5840", - "tcp.window_size": "5840", - "tcp.checksum": "0x00009794", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:01", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 1 (multiply by 2)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "1", - "tcp.options.wscale.multiplier": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:24.371977000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496104.371977000", - "frame.time_delta": "0.000488000", - "frame.time_delta_displayed": "0.000488000", - "frame.time_relative": "2512.911291000", - "frame.number": "8960", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "14:91:82:25:10:77", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b840", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.dst_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "39500", - "tcp.dstport": "4472", - "tcp.port": "39500", - "tcp.port": "4472", - "tcp.stream": "346", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 39500", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "14600", - "tcp.window_size": "14600", - "tcp.checksum": "0x00000aca", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:06", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 6 (multiply by 64)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "6", - "tcp.options.wscale.multiplier": "64" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8959", - "tcp.analysis.ack_rtt": "0.000488000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:24.373878000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496104.373878000", - "frame.time_delta": "0.001901000", - "frame.time_delta_displayed": "0.001901000", - "frame.time_relative": "2512.913192000", - "frame.number": "8961", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "14:91:82:25:10:77", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000012a8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a5a4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.src_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "4472", - "tcp.dstport": "39500", - "tcp.port": "4472", - "tcp.port": "39500", - "tcp.stream": "346", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "2920", - "tcp.window_size": "5840", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x0000793b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8960", - "tcp.analysis.ack_rtt": "0.001901000", - "tcp.analysis.initial_rtt": "0.002389000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:24.374715000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496104.374715000", - "frame.time_delta": "0.000837000", - "frame.time_delta_displayed": "0.000837000", - "frame.time_relative": "2512.914029000", - "frame.number": "8962", - "frame.len": "258", - "frame.cap_len": "258", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "14:91:82:25:10:77", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "244", - "ip.id": "0x000012a9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a4d7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.src_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "4472", - "tcp.dstport": "39500", - "tcp.port": "4472", - "tcp.port": "39500", - "tcp.stream": "346", - "tcp.len": "204", - "tcp.seq": "1", - "tcp.nxtseq": "205", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "2920", - "tcp.window_size": "5840", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x0000f717", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002389000", - "tcp.analysis.bytes_in_flight": "204", - "tcp.analysis.push_bytes_sent": "204" - }, - "tcp.segment_data": "4e:4f:54:49:46:59:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:4f:53:54:3a:20:31:39:32:2e:31:36:38:2e:30:2e:32:34:32:3a:33:39:35:30:30:0d:0a:43:4f:4e:54:45:4e:54:2d:54:59:50:45:3a:20:74:65:78:74:2f:78:6d:6c:3b:20:63:68:61:72:73:65:74:3d:22:75:74:66:2d:38:22:0d:0a:43:4f:4e:54:45:4e:54:2d:4c:45:4e:47:54:48:3a:20:31:35:30:0d:0a:4e:54:3a:20:75:70:6e:70:3a:65:76:65:6e:74:0d:0a:4e:54:53:3a:20:75:70:6e:70:3a:70:72:6f:70:63:68:61:6e:67:65:0d:0a:53:49:44:3a:20:75:75:69:64:3a:39:31:61:36:31:31:37:38:2d:31:64:64:32:2d:31:31:62:32:2d:62:65:35:62:2d:62:30:65:66:32:36:30:30:36:38:61:61:0d:0a:53:45:51:3a:20:31:0d:0a:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:24.375179000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496104.375179000", - "frame.time_delta": "0.000464000", - "frame.time_delta_displayed": "0.000464000", - "frame.time_relative": "2512.914493000", - "frame.number": "8963", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "14:91:82:25:10:77", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000010b9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a793", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.dst_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "39500", - "tcp.dstport": "4472", - "tcp.port": "39500", - "tcp.port": "4472", - "tcp.stream": "346", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "205", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "245", - "tcp.window_size": "15680", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x000082e2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8962", - "tcp.analysis.ack_rtt": "0.000464000", - "tcp.analysis.initial_rtt": "0.002389000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:24.377409000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496104.377409000", - "frame.time_delta": "0.002230000", - "frame.time_delta_displayed": "0.002230000", - "frame.time_relative": "2512.916723000", - "frame.number": "8964", - "frame.len": "205", - "frame.cap_len": "205", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml:http:data" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "14:91:82:25:10:77", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "191", - "ip.id": "0x000012aa", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a50b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.src_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "4472", - "tcp.dstport": "39500", - "tcp.port": "4472", - "tcp.port": "39500", - "tcp.stream": "346", - "tcp.len": "151", - "tcp.seq": "205", - "tcp.nxtseq": "356", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "2920", - "tcp.window_size": "5840", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x00004409", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002389000", - "tcp.analysis.bytes_in_flight": "151", - "tcp.analysis.push_bytes_sent": "151" - }, - "tcp.segment_data": "3c:65:3a:70:72:6f:70:65:72:74:79:73:65:74:20:78:6d:6c:6e:73:3a:65:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:65:76:65:6e:74:2d:31:2d:30:22:3e:0a:3c:65:3a:70:72:6f:70:65:72:74:79:3e:0a:3c:45:6e:65:72:67:79:50:65:72:55:6e:69:74:43:6f:73:74:3e:31:7c:31:31:31:7c:31:3c:2f:45:6e:65:72:67:79:50:65:72:55:6e:69:74:43:6f:73:74:3e:0a:3c:2f:65:3a:70:72:6f:70:65:72:74:79:3e:0a:3c:2f:65:3a:70:72:6f:70:65:72:74:79:73:65:74:3e:0a:0a:0d" - }, - "tcp.segments": { - "tcp.segment": "8962", - "tcp.segment": "8964", - "tcp.segment.count": "2", - "tcp.reassembled.length": "354", - "tcp.reassembled.data": "4e:4f:54:49:46:59:20:2f:20:48:54:54:50:2f:31:2e:31:0d:0a:48:4f:53:54:3a:20:31:39:32:2e:31:36:38:2e:30:2e:32:34:32:3a:33:39:35:30:30:0d:0a:43:4f:4e:54:45:4e:54:2d:54:59:50:45:3a:20:74:65:78:74:2f:78:6d:6c:3b:20:63:68:61:72:73:65:74:3d:22:75:74:66:2d:38:22:0d:0a:43:4f:4e:54:45:4e:54:2d:4c:45:4e:47:54:48:3a:20:31:35:30:0d:0a:4e:54:3a:20:75:70:6e:70:3a:65:76:65:6e:74:0d:0a:4e:54:53:3a:20:75:70:6e:70:3a:70:72:6f:70:63:68:61:6e:67:65:0d:0a:53:49:44:3a:20:75:75:69:64:3a:39:31:61:36:31:31:37:38:2d:31:64:64:32:2d:31:31:62:32:2d:62:65:35:62:2d:62:30:65:66:32:36:30:30:36:38:61:61:0d:0a:53:45:51:3a:20:31:0d:0a:0d:0a:3c:65:3a:70:72:6f:70:65:72:74:79:73:65:74:20:78:6d:6c:6e:73:3a:65:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:65:76:65:6e:74:2d:31:2d:30:22:3e:0a:3c:65:3a:70:72:6f:70:65:72:74:79:3e:0a:3c:45:6e:65:72:67:79:50:65:72:55:6e:69:74:43:6f:73:74:3e:31:7c:31:31:31:7c:31:3c:2f:45:6e:65:72:67:79:50:65:72:55:6e:69:74:43:6f:73:74:3e:0a:3c:2f:65:3a:70:72:6f:70:65:72:74:79:3e:0a:3c:2f:65:3a:70:72:6f:70:65:72:74:79:73:65:74:3e:0a:0a:0d" - }, - "http": { - "NOTIFY \/ HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY \/ HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "\/", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.242:39500", - "http.content_type": "text\/xml; charset=\"utf-8\"", - "http.content_length_header": "150", - "http.content_length_header_tree": { - "http.content_length": "150" - }, - "http.unknown_header": "NT: upnp:event\\r\\n", - "http.unknown_header": "NTS: upnp:propchange\\r\\n", - "http.unknown_header": "SID: uuid:91a61178-1dd2-11b2-be5b-b0ef260068aa\\r\\n", - "http.unknown_header": "SEQ: 1\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.242:39500\/", - "http.notification": "1", - "http.file_data": "<e:propertyset xmlns:e=\"urn:schemas-upnp-org:event-1-0\">\n<e:property>\n<EnergyPerUnitCost>1|111|1<\/EnergyPerUnitCost>\n<\/e:property>\n<\/e:propertyset>\n\n\r" - }, - "xml": { - "xml.tag": "<e:propertyset xmlns:e=\"urn:schemas-upnp-org:event-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns:e=\"urn:schemas-upnp-org:event-1-0\"", - "xml.tag": "<e:property>", - "xml.tag_tree": { - "xml.tag": "<EnergyPerUnitCost>", - "xml.tag_tree": { - "xml.cdata": "1|111|1", - "<\/EnergyPerUnitCost>": "" - }, - "<\/e:property>": "" - }, - "<\/e:propertyset>": "" - } - }, - "http": { - "data": { - "data.data": "0a", - "data.len": "1" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:24.377824000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496104.377824000", - "frame.time_delta": "0.000415000", - "frame.time_delta_displayed": "0.000415000", - "frame.time_relative": "2512.917138000", - "frame.number": "8965", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "14:91:82:25:10:77", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000010ba", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a792", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.dst_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "39500", - "tcp.dstport": "4472", - "tcp.port": "39500", - "tcp.port": "4472", - "tcp.stream": "346", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "356", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "262", - "tcp.window_size": "16768", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x0000823a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8964", - "tcp.analysis.ack_rtt": "0.000415000", - "tcp.analysis.initial_rtt": "0.002389000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:24.399246000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496104.399246000", - "frame.time_delta": "0.021422000", - "frame.time_delta_displayed": "0.021422000", - "frame.time_relative": "2512.938560000", - "frame.number": "8966", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "106", - "ip.id": "0x00009744", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007605", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "54", - "tcp.seq": "108162", - "tcp.nxtseq": "108216", - "tcp.ack": "23892", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000ec05", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:86:93:a7:a4:90:87", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2655891, TSecr 2812579975": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2655891", - "tcp.options.timestamp.tsecr": "2812579975" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "54", - "tcp.analysis.push_bytes_sent": "54" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "49", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:e5:48:67:ce:7c:9f:87:4c:9c:fe:62:92:7f:d6:92:0d:46:4d:f9:06:d4:52:b5:09:5e:f6:b9:3e:05:80:0d:56:67:b9:9d:bc:b1:d0:bc:0a:cf:b8" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:24.459470000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496104.459470000", - "frame.time_delta": "0.060224000", - "frame.time_delta_displayed": "0.060224000", - "frame.time_relative": "2512.998784000", - "frame.number": "8967", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002e3c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003743", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "23892", - "tcp.ack": "108216", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00008c74", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a4:91:6f:00:28:86:93", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812580207, TSecr 2655891": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812580207", - "tcp.options.timestamp.tsecr": "2655891" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8966", - "tcp.analysis.ack_rtt": "0.060224000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:24.459996000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496104.459996000", - "frame.time_delta": "0.000526000", - "frame.time_delta_displayed": "0.000526000", - "frame.time_relative": "2512.999310000", - "frame.number": "8968", - "frame.len": "480", - "frame.cap_len": "480", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "466", - "ip.id": "0x00009745", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000749c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "414", - "tcp.seq": "108216", - "tcp.nxtseq": "108630", - "tcp.ack": "23892", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000028b6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:86:99:a7:a4:91:6f", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2655897, TSecr 2812580207": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2655897", - "tcp.options.timestamp.tsecr": "2812580207" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "414", - "tcp.analysis.push_bytes_sent": "414" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "409", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:e6:ef:88:ee:85:c9:4d:8f:b1:f4:24:e1:2c:dc:a8:91:11:c6:10:8b:fd:4b:5a:12:c4:50:8e:f5:0e:ff:8e:cc:0e:61:88:80:01:ee:a1:1d:e0:79:dc:df:93:d2:3e:8c:de:c8:68:80:f9:68:07:07:f3:00:26:c0:cf:ae:92:66:8b:99:34:7a:c9:b7:90:e8:6d:8a:cf:4d:78:7a:03:32:df:58:da:84:a9:2f:28:aa:d3:06:12:83:30:e4:a9:df:b8:4a:37:8b:90:6d:b6:57:1b:4c:73:67:c4:ad:7e:53:d0:5c:7f:22:de:94:e9:cd:70:d8:d7:14:62:7c:99:04:67:31:be:f6:6f:23:95:e0:88:e6:c9:92:2b:cd:89:5d:a2:58:16:28:2e:9e:e6:ad:28:23:2b:93:66:48:59:e0:87:f6:f0:4c:6d:1a:70:4b:8b:97:0b:e0:67:d1:c5:a0:b4:18:a2:8f:51:1b:4f:fa:68:5f:e3:ac:d9:ef:eb:a3:52:0f:a9:c3:03:12:58:0e:c6:cc:13:b5:f1:22:c5:17:f8:ec:a6:df:90:ac:0f:a8:c6:15:e6:4b:16:3a:31:6e:83:47:2c:5b:96:cf:34:97:24:a7:78:3e:d0:b7:5a:f2:29:9c:68:a3:fb:45:ba:87:05:59:6d:0a:c7:81:8f:6d:93:e7:2c:ec:8f:cd:29:25:4e:89:46:7f:5f:7c:c8:d6:18:e4:c9:a3:74:c1:1c:f0:d6:25:08:85:a0:a6:d7:99:e5:8d:41:75:44:27:64:ea:81:de:eb:f5:25:27:89:0f:16:05:79:c7:1b:c1:5a:57:92:29:69:3e:42:af:dc:04:87:a2:1f:07:29:39:d8:bf:e9:12:80:48:57:62:08:26:9e:f8:1f:b3:96:d4:74:8d:29:54:cd:1c:b1:06:35:52:ad:b2:7f:95:a3:f0:8b:5f:c0:fa:c3:f6:2f:17:72:a4:b5:75:db:a3:ca:d2:34:f4:58:20:97:98:eb:e5:61:58:df:b6:b7:b0:9b:fd:2d:f5:0a:b6:4f:28:a7:33:82:45:81:d9" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:24.520484000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496104.520484000", - "frame.time_delta": "0.060488000", - "frame.time_delta_displayed": "0.060488000", - "frame.time_relative": "2513.059798000", - "frame.number": "8969", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002e3d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003742", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "23892", - "tcp.ack": "108630", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00008ac1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a4:91:7e:00:28:86:99", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812580222, TSecr 2655897": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812580222", - "tcp.options.timestamp.tsecr": "2655897" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8968", - "tcp.analysis.ack_rtt": "0.060488000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:24.520990000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496104.520990000", - "frame.time_delta": "0.000506000", - "frame.time_delta_displayed": "0.000506000", - "frame.time_relative": "2513.060304000", - "frame.number": "8970", - "frame.len": "151", - "frame.cap_len": "151", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "137", - "ip.id": "0x00002e3e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x000036ec", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "85", - "tcp.seq": "23892", - "tcp.nxtseq": "23977", - "tcp.ack": "108630", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000324e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a4:91:7e:00:28:86:99", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812580222, TSecr 2655897": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812580222", - "tcp.options.timestamp.tsecr": "2655897" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "85", - "tcp.analysis.push_bytes_sent": "85" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "80", - "ssl.app_data": "34:cd:34:17:47:48:0e:fa:15:f6:29:32:84:90:f1:48:49:d4:5e:7f:d7:db:1d:75:4a:db:a6:d9:e2:bd:84:96:7f:a0:71:7f:08:b1:71:ed:48:80:b4:24:36:e6:85:e5:70:c0:13:4a:c6:7c:7e:08:1d:4c:5d:b6:92:72:c2:69:28:1d:c5:8a:6e:8c:a6:ff:a3:d1:c1:17:72:bd:0f:9f" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:24.525770000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496104.525770000", - "frame.time_delta": "0.004780000", - "frame.time_delta_displayed": "0.004780000", - "frame.time_relative": "2513.065084000", - "frame.number": "8971", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00009746", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000760a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "108630", - "tcp.nxtseq": "108677", - "tcp.ack": "23977", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00003383", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:86:a0:a7:a4:91:7e", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2655904, TSecr 2812580222": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2655904", - "tcp.options.timestamp.tsecr": "2812580222" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8970", - "tcp.analysis.ack_rtt": "0.004780000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:e7:26:f7:8d:5c:2f:d8:67:29:76:8d:cd:55:19:e2:37:aa:1b:9b:38:44:0b:3f:31:14:d8:48:44:3a:c9:56:f3:9f:4f:fd" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:24.528713000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496104.528713000", - "frame.time_delta": "0.002943000", - "frame.time_delta_displayed": "0.002943000", - "frame.time_relative": "2513.068027000", - "frame.number": "8972", - "frame.len": "92", - "frame.cap_len": "92", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "14:91:82:25:10:77", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "78", - "ip.id": "0x000010bb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a76b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.dst_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "39500", - "tcp.dstport": "4472", - "tcp.port": "39500", - "tcp.port": "4472", - "tcp.stream": "346", - "tcp.len": "38", - "tcp.seq": "1", - "tcp.nxtseq": "39", - "tcp.ack": "356", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "262", - "tcp.window_size": "16768", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x00008ec5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002389000", - "tcp.analysis.bytes_in_flight": "38", - "tcp.analysis.push_bytes_sent": "38" - } - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.connection": "close", - "http.response.line": "Connection: close\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:24.530991000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496104.530991000", - "frame.time_delta": "0.002278000", - "frame.time_delta_displayed": "0.002278000", - "frame.time_relative": "2513.070305000", - "frame.number": "8973", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "14:91:82:25:10:77", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000012ab", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a5a1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.src_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "4472", - "tcp.dstport": "39500", - "tcp.port": "4472", - "tcp.port": "39500", - "tcp.stream": "346", - "tcp.len": "0", - "tcp.seq": "356", - "tcp.ack": "39", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "2920", - "tcp.window_size": "5840", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x000077b2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8972", - "tcp.analysis.ack_rtt": "0.002278000", - "tcp.analysis.initial_rtt": "0.002389000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:24.531718000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496104.531718000", - "frame.time_delta": "0.000727000", - "frame.time_delta_displayed": "0.000727000", - "frame.time_relative": "2513.071032000", - "frame.number": "8974", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "14:91:82:25:10:77", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000012ac", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a5a0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.src_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "4472", - "tcp.dstport": "39500", - "tcp.port": "4472", - "tcp.port": "39500", - "tcp.stream": "346", - "tcp.len": "0", - "tcp.seq": "356", - "tcp.ack": "39", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "2920", - "tcp.window_size": "5840", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x000077b1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:24.532332000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496104.532332000", - "frame.time_delta": "0.000614000", - "frame.time_delta_displayed": "0.000614000", - "frame.time_relative": "2513.071646000", - "frame.number": "8975", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "14:91:82:25:10:77", - "eth.dst_tree": { - "eth.dst_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000010bc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a790", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.dst_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "39500", - "tcp.dstport": "4472", - "tcp.port": "39500", - "tcp.port": "4472", - "tcp.stream": "346", - "tcp.len": "0", - "tcp.seq": "39", - "tcp.ack": "357", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "262", - "tcp.window_size": "16768", - "tcp.window_size_scalefactor": "64", - "tcp.checksum": "0x00008212", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8974", - "tcp.analysis.ack_rtt": "0.000614000", - "tcp.analysis.initial_rtt": "0.002389000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:24.536436000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496104.536436000", - "frame.time_delta": "0.004104000", - "frame.time_delta_displayed": "0.004104000", - "frame.time_relative": "2513.075750000", - "frame.number": "8976", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "14:91:82:25:10:77", - "eth.src_tree": { - "eth.src_resolved": "BelkinIn_25:10:77", - "eth.addr": "14:91:82:25:10:77", - "eth.addr_resolved": "BelkinIn_25:10:77", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000012ad", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a59f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.65", - "ip.addr": "192.168.0.65", - "ip.src_host": "192.168.0.65", - "ip.host": "192.168.0.65", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "4472", - "tcp.dstport": "39500", - "tcp.port": "4472", - "tcp.port": "39500", - "tcp.stream": "346", - "tcp.len": "0", - "tcp.seq": "357", - "tcp.ack": "40", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "2920", - "tcp.window_size": "5840", - "tcp.window_size_scalefactor": "2", - "tcp.checksum": "0x000077b0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "8975", - "tcp.analysis.ack_rtt": "0.004104000", - "tcp.analysis.initial_rtt": "0.002389000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:24.586584000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496104.586584000", - "frame.time_delta": "0.050148000", - "frame.time_delta_displayed": "0.050148000", - "frame.time_relative": "2513.125898000", - "frame.number": "8977", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002e3f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003711", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "23977", - "tcp.nxtseq": "24024", - "tcp.ack": "108677", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000d7b2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a4:91:8f:00:28:86:a0", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812580239, TSecr 2655904": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812580239", - "tcp.options.timestamp.tsecr": "2655904" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8971", - "tcp.analysis.ack_rtt": "0.060814000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:fb:f5:e9:d4:66:43:b4:55:9e:f3:ae:58:9c:e6:73:b1:7f:8d:2d:65:0d:b0:c2:06:02:b5:ea:09:48:3a:9d:d5:a7:b8:ec" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:24.587080000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496104.587080000", - "frame.time_delta": "0.000496000", - "frame.time_delta_displayed": "0.000496000", - "frame.time_relative": "2513.126394000", - "frame.number": "8978", - "frame.len": "145", - "frame.cap_len": "145", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "131", - "ip.id": "0x00009747", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000075e9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "79", - "tcp.seq": "108677", - "tcp.nxtseq": "108756", - "tcp.ack": "24024", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00000607", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:86:a6:a7:a4:91:8f", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2655910, TSecr 2812580239": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2655910", - "tcp.options.timestamp.tsecr": "2812580239" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8977", - "tcp.analysis.ack_rtt": "0.000496000", - "tcp.analysis.bytes_in_flight": "79", - "tcp.analysis.push_bytes_sent": "79" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "74", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:e8:39:74:bd:80:d7:b2:60:6a:3b:6b:18:d2:88:c5:7f:24:d3:15:ab:cc:f4:c1:dd:08:5e:cf:77:2e:2f:c9:24:7f:1a:87:87:7c:32:a7:5d:ed:52:65:64:ec:fe:6c:bc:c7:23:82:03:16:59:bc:95:db:a0:dc:88:52:25:e0:17:d1:59:1e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:24.685904000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496104.685904000", - "frame.time_delta": "0.098824000", - "frame.time_delta_displayed": "0.098824000", - "frame.time_relative": "2513.225218000", - "frame.number": "8979", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002e40", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000373f", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "24024", - "tcp.ack": "108756", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00008988", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a4:91:a8:00:28:86:a6", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812580264, TSecr 2655910": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812580264", - "tcp.options.timestamp.tsecr": "2655910" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8978", - "tcp.analysis.ack_rtt": "0.098824000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:24.686396000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496104.686396000", - "frame.time_delta": "0.000492000", - "frame.time_delta_displayed": "0.000492000", - "frame.time_relative": "2513.225710000", - "frame.number": "8980", - "frame.len": "115", - "frame.cap_len": "115", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "101", - "ip.id": "0x00009748", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007606", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "49", - "tcp.seq": "108756", - "tcp.nxtseq": "108805", - "tcp.ack": "24024", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00004a26", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:86:b0:a7:a4:91:a8", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2655920, TSecr 2812580264": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2655920", - "tcp.options.timestamp.tsecr": "2812580264" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "49", - "tcp.analysis.push_bytes_sent": "49" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "44", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:e9:2f:ca:49:7b:de:b3:2f:fe:be:d7:dc:f5:61:db:41:fc:7f:43:f7:67:57:63:de:33:48:f8:70:8a:46:a3:f7:ff:e5:58:bc:f4" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:24.746767000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496104.746767000", - "frame.time_delta": "0.060371000", - "frame.time_delta_displayed": "0.060371000", - "frame.time_relative": "2513.286081000", - "frame.number": "8981", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002e41", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000373e", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "24024", - "tcp.ack": "108805", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000893e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a4:91:b7:00:28:86:b0", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812580279, TSecr 2655920": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812580279", - "tcp.options.timestamp.tsecr": "2655920" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8980", - "tcp.analysis.ack_rtt": "0.060371000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:28.849041000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496108.849041000", - "frame.time_delta": "4.102274000", - "frame.time_delta_displayed": "4.102274000", - "frame.time_relative": "2517.388355000", - "frame.number": "8982", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "3c:ef:8c:6f:79:5a", - "eth.src_tree": { - "eth.src_resolved": "Zhejiang_6f:79:5a", - "eth.addr": "3c:ef:8c:6f:79:5a", - "eth.addr_resolved": "Zhejiang_6f:79:5a", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.isgratuitous": "1", - "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", - "arp.src.proto_ipv4": "192.168.0.71", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.71" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:34.337778000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496114.337778000", - "frame.time_delta": "5.488737000", - "frame.time_delta_displayed": "5.488737000", - "frame.time_relative": "2522.877092000", - "frame.number": "8983", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000583f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a652", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "5357", - "tcp.ack": "865", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000ee72", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive": "", - "_ws.expert.message": "TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:34.496060000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496114.496060000", - "frame.time_delta": "0.158282000", - "frame.time_delta_displayed": "0.158282000", - "frame.time_relative": "2523.035374000", - "frame.number": "8984", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000101e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fd73", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "865", - "tcp.ack": "5358", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f8e7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive_ack": "", - "_ws.expert.message": "ACK to a TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:36.953559000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496116.953559000", - "frame.time_delta": "2.457499000", - "frame.time_delta_displayed": "2.457499000", - "frame.time_relative": "2525.492873000", - "frame.number": "8985", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005fc7", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x00005822", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:40.243249000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496120.243249000", - "frame.time_delta": "3.289690000", - "frame.time_delta_displayed": "3.289690000", - "frame.time_relative": "2528.782563000", - "frame.number": "8986", - "frame.len": "82", - "frame.cap_len": "82", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "68", - "ip.id": "0x00000bd6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ecea", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "48", - "udp.checksum": "0x0000e9e5", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "data": { - "data.data": "28:00:00:54:42:52:4b:52:d0:73:d5:02:41:da:00:00:4c:49:46:58:56:32:00:00:84:a4:37:14:b9:ce:f2:14:96:01:00:00:54:0b:00:00", - "data.len": "40" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:52.995176000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496132.995176000", - "frame.time_delta": "12.751927000", - "frame.time_delta_displayed": "12.751927000", - "frame.time_relative": "2541.534490000", - "frame.number": "8987", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x0000d132", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000f824", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:53.028290000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496133.028290000", - "frame.time_delta": "0.033114000", - "frame.time_delta_displayed": "0.033114000", - "frame.time_relative": "2541.567604000", - "frame.number": "8988", - "frame.len": "213", - "frame.cap_len": "213", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "199", - "ip.id": "0x00009749", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000075a3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "147", - "tcp.seq": "108805", - "tcp.nxtseq": "108952", - "tcp.ack": "24024", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00005a9b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:91:c2:a7:a4:91:b7", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2658754, TSecr 2812580279": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2658754", - "tcp.options.timestamp.tsecr": "2812580279" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "147", - "tcp.analysis.push_bytes_sent": "147" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "142", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:ea:e2:d0:0a:33:e6:08:30:dc:66:cc:e9:80:27:cc:69:db:f3:a9:f3:35:92:4e:ed:01:c4:cd:66:3e:bd:39:d5:bc:ed:40:65:12:28:bc:95:f4:4c:b8:d1:eb:25:b9:d0:b7:17:6b:4d:06:a9:a1:f7:f2:a4:88:17:fd:d5:7f:35:a5:b3:49:cb:5b:24:30:10:fa:84:be:cc:30:9f:49:e0:70:a3:e5:fe:53:98:c5:28:2d:bd:1f:65:4b:8e:23:ae:5f:02:b8:7c:2c:5d:c3:92:06:c6:bc:2f:d3:ff:32:12:f8:c2:be:0a:27:47:16:a4:62:eb:ce:2b:58:a0:62:e5:1f:ab:7e:24:64:04:10" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:53.048327000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496133.048327000", - "frame.time_delta": "0.020037000", - "frame.time_delta_displayed": "0.020037000", - "frame.time_relative": "2541.587641000", - "frame.number": "8989", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x0000d136", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000f820", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:53.088816000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496133.088816000", - "frame.time_delta": "0.040489000", - "frame.time_delta_displayed": "0.040489000", - "frame.time_relative": "2541.628130000", - "frame.number": "8990", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002e42", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000373d", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "24024", - "tcp.ack": "108952", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000061ec", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a4:ad:64:00:28:91:c2", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812587364, TSecr 2658754": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812587364", - "tcp.options.timestamp.tsecr": "2658754" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8988", - "tcp.analysis.ack_rtt": "0.060526000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:53.101235000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496133.101235000", - "frame.time_delta": "0.012419000", - "frame.time_delta_displayed": "0.012419000", - "frame.time_relative": "2541.640549000", - "frame.number": "8991", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x0000d138", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000f815", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:53.121153000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496133.121153000", - "frame.time_delta": "0.019918000", - "frame.time_delta_displayed": "0.019918000", - "frame.time_relative": "2541.660467000", - "frame.number": "8992", - "frame.len": "196", - "frame.cap_len": "196", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "182", - "ip.id": "0x0000974a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000075b3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "130", - "tcp.seq": "108952", - "tcp.nxtseq": "109082", - "tcp.ack": "24024", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000085bd", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:91:cb:a7:a4:ad:64", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2658763, TSecr 2812587364": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2658763", - "tcp.options.timestamp.tsecr": "2812587364" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "130", - "tcp.analysis.push_bytes_sent": "130" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "125", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:eb:65:90:82:f7:ef:88:d5:ad:8d:9c:5e:82:bd:11:1a:ff:42:d9:d9:4c:53:c1:a2:a4:5a:0d:5b:ec:ff:48:65:2b:9e:37:bf:ef:65:45:06:70:b0:cd:5a:11:f9:57:80:1f:ff:26:ac:7a:e7:0f:e5:89:82:d6:fb:75:43:d9:9a:fc:35:ca:3c:de:e1:9a:13:ce:13:75:75:69:da:a1:15:96:a3:d7:4c:8f:4e:14:fa:b2:8c:a8:02:e6:3e:46:c2:79:a4:6b:83:26:57:bc:d5:41:db:42:2a:b4:1b:33:d1:4a:bc:f3:a0:84:79" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:53.154098000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496133.154098000", - "frame.time_delta": "0.032945000", - "frame.time_delta_displayed": "0.032945000", - "frame.time_relative": "2541.693412000", - "frame.number": "8993", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x0000d13a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000f813", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:53.181311000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496133.181311000", - "frame.time_delta": "0.027213000", - "frame.time_delta_displayed": "0.027213000", - "frame.time_relative": "2541.720625000", - "frame.number": "8994", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002e43", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000373c", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "24024", - "tcp.ack": "109082", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000614a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a4:ad:7b:00:28:91:cb", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812587387, TSecr 2658763": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812587387", - "tcp.options.timestamp.tsecr": "2658763" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "8992", - "tcp.analysis.ack_rtt": "0.060158000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:53.206996000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496133.206996000", - "frame.time_delta": "0.025685000", - "frame.time_delta_displayed": "0.025685000", - "frame.time_relative": "2541.746310000", - "frame.number": "8995", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x0000d13b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000f818", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:53.259908000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496133.259908000", - "frame.time_delta": "0.052912000", - "frame.time_delta_displayed": "0.052912000", - "frame.time_relative": "2541.799222000", - "frame.number": "8996", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x0000d13d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000f816", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:54.778673000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496134.778673000", - "frame.time_delta": "1.518765000", - "frame.time_delta_displayed": "1.518765000", - "frame.time_relative": "2543.317987000", - "frame.number": "8997", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00002080", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b770", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00001156", - "udp.checksum.status": "2", - "udp.stream": "150" - }, - "mdns": { - "dns.id": "0x0000029c", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=668", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:54.778730000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496134.778730000", - "frame.time_delta": "0.000057000", - "frame.time_delta_displayed": "0.000057000", - "frame.time_relative": "2543.318044000", - "frame.number": "8998", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1325", - "udp.dstport": "5353", - "udp.port": "1325", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00008017", - "udp.checksum.status": "2", - "udp.stream": "152" - }, - "mdns": { - "dns.id": "0x0000029c", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=668", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:54.778827000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496134.778827000", - "frame.time_delta": "0.000097000", - "frame.time_delta_displayed": "0.000097000", - "frame.time_relative": "2543.318141000", - "frame.number": "8999", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00002081", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000986b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f251", - "udp.checksum.status": "2", - "udp.stream": "151" - }, - "mdns": { - "dns.id": "0x0000029c", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=668", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:55.606997000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496135.606997000", - "frame.time_delta": "0.828170000", - "frame.time_delta_displayed": "0.828170000", - "frame.time_relative": "2544.146311000", - "frame.number": "9000", - "frame.len": "115", - "frame.cap_len": "115", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "101", - "ip.id": "0x0000974b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007603", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "49", - "tcp.seq": "109082", - "tcp.nxtseq": "109131", - "tcp.ack": "24024", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000ec0f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:92:c4:a7:a4:ad:7b", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2659012, TSecr 2812587387": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2659012", - "tcp.options.timestamp.tsecr": "2812587387" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "49", - "tcp.analysis.push_bytes_sent": "49" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "44", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:ec:d7:1c:6e:66:fd:41:1e:b9:9e:cb:d6:4e:1b:c0:8c:57:ec:ce:fb:25:c3:be:3a:ee:75:26:5d:32:b7:20:ca:3d:c3:6b:7b:0f" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:55.667199000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496135.667199000", - "frame.time_delta": "0.060202000", - "frame.time_delta_displayed": "0.060202000", - "frame.time_relative": "2544.206513000", - "frame.number": "9001", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00002e44", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000373b", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "24024", - "tcp.ack": "109131", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00005db2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a4:af:e9:00:28:92:c4", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812588009, TSecr 2659012": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812588009", - "tcp.options.timestamp.tsecr": "2659012" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "9000", - "tcp.analysis.ack_rtt": "0.060202000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:55.667743000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496135.667743000", - "frame.time_delta": "0.000544000", - "frame.time_delta_displayed": "0.000544000", - "frame.time_relative": "2544.207057000", - "frame.number": "9002", - "frame.len": "121", - "frame.cap_len": "121", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "107", - "ip.id": "0x00002e45", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003703", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "55", - "tcp.seq": "24024", - "tcp.nxtseq": "24079", - "tcp.ack": "109131", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000eb24", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a4:af:e9:00:28:92:c4", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812588009, TSecr 2659012": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812588009", - "tcp.options.timestamp.tsecr": "2659012" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "55", - "tcp.analysis.push_bytes_sent": "55" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "50", - "ssl.app_data": "34:cd:34:17:47:48:0e:fc:b2:91:58:4f:13:17:93:90:73:c3:7c:05:3a:88:3c:d9:a2:e4:ff:a3:9a:53:63:6a:50:55:ac:95:6b:ad:50:af:82:17:94:b7:df:cf:74:08:af:14" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:55.702254000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496135.702254000", - "frame.time_delta": "0.034511000", - "frame.time_delta_displayed": "0.034511000", - "frame.time_relative": "2544.241568000", - "frame.number": "9003", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000974c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007633", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "109131", - "tcp.ack": "24079", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00005c82", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:92:ce:a7:a4:af:e9", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2659022, TSecr 2812588009": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2659022", - "tcp.options.timestamp.tsecr": "2812588009" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "9002", - "tcp.analysis.ack_rtt": "0.034511000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:58.090470000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496138.090470000", - "frame.time_delta": "2.388216000", - "frame.time_delta_displayed": "2.388216000", - "frame.time_relative": "2546.629784000", - "frame.number": "9004", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.242" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:58.090904000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496138.090904000", - "frame.time_delta": "0.000434000", - "frame.time_delta_displayed": "0.000434000", - "frame.time_relative": "2546.630218000", - "frame.number": "9005", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "d0:52:a8:a3:60:0f", - "arp.src.proto_ipv4": "192.168.0.242", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:59.736988000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496139.736988000", - "frame.time_delta": "1.646084000", - "frame.time_delta_displayed": "1.646084000", - "frame.time_relative": "2548.276302000", - "frame.number": "9006", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00002082", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b76e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00001156", - "udp.checksum.status": "2", - "udp.stream": "150" - }, - "mdns": { - "dns.id": "0x0000029c", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=668", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:59.737507000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496139.737507000", - "frame.time_delta": "0.000519000", - "frame.time_delta_displayed": "0.000519000", - "frame.time_relative": "2548.276821000", - "frame.number": "9007", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00002083", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009869", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f251", - "udp.checksum.status": "2", - "udp.stream": "151" - }, - "mdns": { - "dns.id": "0x0000029c", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=668", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:28:59.738152000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496139.738152000", - "frame.time_delta": "0.000645000", - "frame.time_delta_displayed": "0.000645000", - "frame.time_relative": "2548.277466000", - "frame.number": "9008", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1325", - "udp.dstport": "5353", - "udp.port": "1325", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00008017", - "udp.checksum.status": "2", - "udp.stream": "152" - }, - "mdns": { - "dns.id": "0x0000029c", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=668", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:04.487739000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496144.487739000", - "frame.time_delta": "4.749587000", - "frame.time_delta_displayed": "4.749587000", - "frame.time_relative": "2553.027053000", - "frame.number": "9009", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005840", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a651", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "5357", - "tcp.ack": "865", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000ee72", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive": "", - "_ws.expert.message": "TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:04.631017000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496144.631017000", - "frame.time_delta": "0.143278000", - "frame.time_delta_displayed": "0.143278000", - "frame.time_relative": "2553.170331000", - "frame.number": "9010", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000101f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fd72", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "865", - "tcp.ack": "5358", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f8e7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive_ack": "", - "_ws.expert.message": "ACK to a TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:04.737268000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496144.737268000", - "frame.time_delta": "0.106251000", - "frame.time_delta_displayed": "0.106251000", - "frame.time_relative": "2553.276582000", - "frame.number": "9011", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00002087", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b769", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00001156", - "udp.checksum.status": "2", - "udp.stream": "150" - }, - "mdns": { - "dns.id": "0x0000029c", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=668", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:04.737786000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496144.737786000", - "frame.time_delta": "0.000518000", - "frame.time_delta_displayed": "0.000518000", - "frame.time_relative": "2553.277100000", - "frame.number": "9012", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00002088", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009864", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f251", - "udp.checksum.status": "2", - "udp.stream": "151" - }, - "mdns": { - "dns.id": "0x0000029c", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=668", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:04.738424000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496144.738424000", - "frame.time_delta": "0.000638000", - "frame.time_delta_displayed": "0.000638000", - "frame.time_relative": "2553.277738000", - "frame.number": "9013", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1325", - "udp.dstport": "5353", - "udp.port": "1325", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00008017", - "udp.checksum.status": "2", - "udp.stream": "152" - }, - "mdns": { - "dns.id": "0x0000029c", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=668", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:06.796011000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496146.796011000", - "frame.time_delta": "2.057587000", - "frame.time_delta_displayed": "2.057587000", - "frame.time_relative": "2555.335325000", - "frame.number": "9014", - "frame.len": "62", - "frame.cap_len": "62", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_02", - "eth.addr": "33:33:00:00:00:02", - "eth.addr_resolved": "IPv6mcast_02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "8", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "::", - "ipv6.addr": "::", - "ipv6.src_host": "::", - "ipv6.host": "::", - "ipv6.dst": "ff02::2", - "ipv6.addr": "ff02::2", - "ipv6.dst_host": "ff02::2", - "ipv6.host": "ff02::2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "133", - "icmpv6.code": "0", - "icmpv6.checksum": "0x00007bb8", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:06.798442000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496146.798442000", - "frame.time_delta": "0.002431000", - "frame.time_delta_displayed": "0.002431000", - "frame.time_relative": "2555.337756000", - "frame.number": "9015", - "frame.len": "174", - "frame.cap_len": "174", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:01", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01", - "eth.addr": "33:33:00:00:00:01", - "eth.addr_resolved": "IPv6mcast_01", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00016898", - "ipv6.plen": "120", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "fe80::b2b9:8aff:fe73:698e", - "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.dst": "ff02::1", - "ipv6.addr": "ff02::1", - "ipv6.dst_host": "ff02::1", - "ipv6.host": "ff02::1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "134", - "icmpv6.code": "0", - "icmpv6.checksum": "0x00006442", - "icmpv6.checksum.status": "1", - "icmpv6.nd.ra.cur_hop_limit": "64", - "icmpv6.nd.ra.flag": "0x000000c0", - "icmpv6.nd.ra.flag_tree": { - "icmpv6.nd.ra.flag.m": "1", - "icmpv6.nd.ra.flag.o": "1", - "icmpv6.nd.ra.flag.h": "0", - "icmpv6.nd.ra.flag.prf": "0", - "icmpv6.nd.ra.flag.p": "0", - "icmpv6.nd.ra.flag.rsv": "0" - }, - "icmpv6.nd.ra.router_lifetime": "0", - "icmpv6.nd.ra.reachable_time": "0", - "icmpv6.nd.ra.retrans_timer": "0", - "icmpv6.opt": { - "icmpv6.opt.type": "1", - "icmpv6.opt.length": "1", - "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", - "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "5", - "icmpv6.opt.length": "1", - "icmpv6.opt.reserved": "", - "icmpv6.opt.mtu": "1500" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "3", - "icmpv6.opt.length": "4", - "icmpv6.opt.prefix.length": "64", - "icmpv6.opt.prefix.flag": "0x000000c0", - "icmpv6.opt.prefix.flag_tree": { - "icmpv6.opt.prefix.flag.l": "1", - "icmpv6.opt.prefix.flag.a": "1", - "icmpv6.opt.prefix.flag.r": "0", - "icmpv6.opt.prefix.flag.reserved": "0" - }, - "icmpv6.opt.prefix.valid_lifetime": "4294967295", - "icmpv6.opt.prefix.preferred_lifetime": "4294967295", - "icmpv6.opt.reserved": "", - "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "24", - "icmpv6.opt.length": "3", - "icmpv6.opt.prefix.length": "48", - "icmpv6.opt.route_info.flag": "0x00000000", - "icmpv6.opt.route_info.flag_tree": { - "icmpv6.opt.route_info.flag.route_preference": "0", - "icmpv6.opt.route_info.flag.reserved": "0" - }, - "icmpv6.opt.route_lifetime": "4294967295", - "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "25", - "icmpv6.opt.length": "3", - "icmpv6.opt.reserved": "", - "icmpv6.opt.rdnss.lifetime": "6000", - "icmpv6.opt.rdnss": "fd1e:4e89:3b7b::1" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "7", - "icmpv6.opt.length": "1", - "icmpv6.opt.reserved": "", - "icmpv6.opt.advertisement_interval": "600000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:06.804943000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496146.804943000", - "frame.time_delta": "0.006501000", - "frame.time_delta_displayed": "0.006501000", - "frame.time_relative": "2555.344257000", - "frame.number": "9016", - "frame.len": "150", - "frame.cap_len": "150", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "96", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000b490", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "4", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::fb" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:06.854983000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496146.854983000", - "frame.time_delta": "0.050040000", - "frame.time_delta_displayed": "0.050040000", - "frame.time_relative": "2555.394297000", - "frame.number": "9017", - "frame.len": "150", - "frame.cap_len": "150", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "96", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000b590", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "4", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::fb" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:07.005954000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496147.005954000", - "frame.time_delta": "0.150971000", - "frame.time_delta_displayed": "0.150971000", - "frame.time_relative": "2555.545268000", - "frame.number": "9018", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005fce", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x0000581b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:07.674830000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496147.674830000", - "frame.time_delta": "0.668876000", - "frame.time_delta_displayed": "0.668876000", - "frame.time_relative": "2556.214144000", - "frame.number": "9019", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" - }, - "eth": { - "eth.dst": "33:33:00:01:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:02", - "eth.addr": "33:33:00:01:00:02", - "eth.addr_resolved": "IPv6mcast_01:00:02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "66", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::1:2", - "ipv6.addr": "ff02::1:2", - "ipv6.dst_host": "ff02::1:2", - "ipv6.host": "ff02::1:2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "546", - "udp.dstport": "547", - "udp.port": "546", - "udp.port": "547", - "udp.length": "66", - "udp.checksum": "0x00007ee8", - "udp.checksum.status": "2", - "udp.stream": "15" - }, - "dhcpv6": { - "dhcpv6.msgtype": "1", - "dhcpv6.xid": "0x00a39d51", - "Elapsed time": { - "dhcpv6.option.type": "8", - "dhcpv6.option.length": "2", - "dhcpv6.option.value": "00:00", - "dhcpv6.elapsed_time": "0" - }, - "Rapid Commit": { - "dhcpv6.option.type": "14", - "dhcpv6.option.length": "0" - }, - "Client Identifier": { - "dhcpv6.option.type": "1", - "dhcpv6.option.length": "14", - "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.type": "1", - "dhcpv6.duidllt.hwtype": "1", - "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", - "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" - }, - "Identity Association for Non-temporary Address": { - "dhcpv6.option.type": "3", - "dhcpv6.option.length": "12", - "dhcpv6.option.value": "30:bf:34:7e:00:00:00:00:00:00:00:00", - "dhcpv6.iaid": "30bf347e", - "dhcpv6.iaid.t1": "0", - "dhcpv6.iaid.t2": "0" - }, - "Option Request": { - "dhcpv6.option.type": "6", - "dhcpv6.option.length": "6", - "dhcpv6.option.value": "00:17:00:18:00:1f", - "dhcpv6.requested_option_code": "23", - "dhcpv6.requested_option_code": "24", - "dhcpv6.requested_option_code": "31" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:07.676382000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496147.676382000", - "frame.time_delta": "0.001552000", - "frame.time_delta_displayed": "0.001552000", - "frame.time_relative": "2556.215696000", - "frame.number": "9020", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:ff:bf:34:7e", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_ff:bf:34:7e", - "eth.addr": "33:33:ff:bf:34:7e", - "eth.addr_resolved": "IPv6mcast_ff:bf:34:7e", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "32", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "fe80::b2b9:8aff:fe73:698e", - "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.dst": "ff02::1:ffbf:347e", - "ipv6.addr": "ff02::1:ffbf:347e", - "ipv6.dst_host": "ff02::1:ffbf:347e", - "ipv6.host": "ff02::1:ffbf:347e", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "135", - "icmpv6.code": "0", - "icmpv6.checksum": "0x00007df7", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00:00:00", - "icmpv6.nd.ns.target_address": "fe80::1ab4:30ff:febf:347e", - "icmpv6.opt": { - "icmpv6.opt.type": "1", - "icmpv6.opt.length": "1", - "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", - "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:07.862602000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496147.862602000", - "frame.time_delta": "0.186220000", - "frame.time_delta_displayed": "0.186220000", - "frame.time_relative": "2556.401916000", - "frame.number": "9021", - "frame.len": "158", - "frame.cap_len": "158", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" - }, - "eth": { - "eth.dst": "33:33:00:01:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:02", - "eth.addr": "33:33:00:01:00:02", - "eth.addr_resolved": "IPv6mcast_01:00:02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "104", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::1:2", - "ipv6.addr": "ff02::1:2", - "ipv6.dst_host": "ff02::1:2", - "ipv6.host": "ff02::1:2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "546", - "udp.dstport": "547", - "udp.port": "546", - "udp.port": "547", - "udp.length": "104", - "udp.checksum": "0x0000fa5a", - "udp.checksum.status": "2", - "udp.stream": "15" - }, - "dhcpv6": { - "dhcpv6.msgtype": "3", - "dhcpv6.xid": "0x00331787", - "Elapsed time": { - "dhcpv6.option.type": "8", - "dhcpv6.option.length": "2", - "dhcpv6.option.value": "00:00", - "dhcpv6.elapsed_time": "0" - }, - "Server Identifier": { - "dhcpv6.option.type": "2", - "dhcpv6.option.length": "10", - "dhcpv6.option.value": "00:03:00:01:b0:b9:8a:73:69:8e", - "dhcpv6.duid.bytes": "00:03:00:01:b0:b9:8a:73:69:8e", - "dhcpv6.duid.type": "3", - "dhcpv6.duidll.hwtype": "1", - "dhcpv6.duidll.link_layer_addr": "b0:b9:8a:73:69:8e" - }, - "Client Identifier": { - "dhcpv6.option.type": "1", - "dhcpv6.option.length": "14", - "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.type": "1", - "dhcpv6.duidllt.hwtype": "1", - "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", - "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" - }, - "Identity Association for Non-temporary Address": { - "dhcpv6.option.type": "3", - "dhcpv6.option.length": "40", - "dhcpv6.option.value": "30:bf:34:7e:00:00:54:60:00:00:87:00:00:05:00:18:fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", - "dhcpv6.iaid": "30bf347e", - "dhcpv6.iaid.t1": "21600", - "dhcpv6.iaid.t2": "34560", - "IA Address": { - "dhcpv6.option.type": "5", - "dhcpv6.option.length": "24", - "dhcpv6.option.value": "fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", - "dhcpv6.iaaddr.ip": "fd1e:4e89:3b7b::101", - "dhcpv6.iaaddr.pref_lifetime": "0", - "dhcpv6.iaaddr.valid_lifetime": "0" - } - }, - "Option Request": { - "dhcpv6.option.type": "6", - "dhcpv6.option.length": "6", - "dhcpv6.option.value": "00:17:00:18:00:1f", - "dhcpv6.requested_option_code": "23", - "dhcpv6.requested_option_code": "24", - "dhcpv6.requested_option_code": "31" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:07.870164000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496147.870164000", - "frame.time_delta": "0.007562000", - "frame.time_delta_displayed": "0.007562000", - "frame.time_relative": "2556.409478000", - "frame.number": "9022", - "frame.len": "78", - "frame.cap_len": "78", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:ff:00:01:01", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_ff:00:01:01", - "eth.addr": "33:33:ff:00:01:01", - "eth.addr_resolved": "IPv6mcast_ff:00:01:01", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "24", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "::", - "ipv6.addr": "::", - "ipv6.src_host": "::", - "ipv6.host": "::", - "ipv6.dst": "ff02::1:ff00:101", - "ipv6.addr": "ff02::1:ff00:101", - "ipv6.dst_host": "ff02::1:ff00:101", - "ipv6.host": "ff02::1:ff00:101", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "135", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000f182", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00:00:00", - "icmpv6.nd.ns.target_address": "fd1e:4e89:3b7b::101" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:07.884823000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496147.884823000", - "frame.time_delta": "0.014659000", - "frame.time_delta_displayed": "0.014659000", - "frame.time_relative": "2556.424137000", - "frame.number": "9023", - "frame.len": "110", - "frame.cap_len": "110", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "56", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000effa", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "2", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:08.205297000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496148.205297000", - "frame.time_delta": "0.320474000", - "frame.time_delta_displayed": "0.320474000", - "frame.time_relative": "2556.744611000", - "frame.number": "9024", - "frame.len": "145", - "frame.cap_len": "145", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "131", - "ip.id": "0x0000974d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000075e3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "79", - "tcp.seq": "109131", - "tcp.nxtseq": "109210", - "tcp.ack": "24079", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00001dee", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:97:b0:a7:a4:af:e9", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2660272, TSecr 2812588009": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2660272", - "tcp.options.timestamp.tsecr": "2812588009" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "79", - "tcp.analysis.push_bytes_sent": "79" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "74", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:ed:4d:7b:f8:23:bb:07:20:5c:6a:c6:aa:e7:85:4b:25:50:31:a5:46:8a:99:49:e8:e6:da:53:1d:99:84:b2:58:69:ff:a2:85:b1:e3:6f:7e:eb:6c:f3:e1:01:1c:5d:50:38:57:62:d7:c1:58:b6:8c:c8:f9:43:86:b1:06:c2:3d:58:0d:89" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:08.267531000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496148.267531000", - "frame.time_delta": "0.062234000", - "frame.time_delta_displayed": "0.062234000", - "frame.time_relative": "2556.806845000", - "frame.number": "9025", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002e46", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x0000370a", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "24079", - "tcp.nxtseq": "24126", - "tcp.ack": "109210", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000d74d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a4:bc:37:00:28:97:b0", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812591159, TSecr 2660272": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812591159", - "tcp.options.timestamp.tsecr": "2660272" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "9024", - "tcp.analysis.ack_rtt": "0.062234000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:fd:9c:02:a1:24:40:e6:3d:cd:44:d0:94:0c:a1:8d:ec:03:25:e7:0f:e4:17:03:4f:3b:4b:a3:31:ac:46:83:17:38:11:a9" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:08.267963000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496148.267963000", - "frame.time_delta": "0.000432000", - "frame.time_delta_displayed": "0.000432000", - "frame.time_relative": "2556.807277000", - "frame.number": "9026", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000974e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00007631", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "109210", - "tcp.ack": "24126", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00004ace", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:97:b6:a7:a4:bc:37", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2660278, TSecr 2812591159": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2660278", - "tcp.options.timestamp.tsecr": "2812591159" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "9025", - "tcp.analysis.ack_rtt": "0.000432000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:08.891214000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496148.891214000", - "frame.time_delta": "0.623251000", - "frame.time_delta_displayed": "0.623251000", - "frame.time_relative": "2557.430528000", - "frame.number": "9027", - "frame.len": "62", - "frame.cap_len": "62", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_02", - "eth.addr": "33:33:00:00:00:02", - "eth.addr_resolved": "IPv6mcast_02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "8", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "::", - "ipv6.addr": "::", - "ipv6.src_host": "::", - "ipv6.host": "::", - "ipv6.dst": "ff02::2", - "ipv6.addr": "ff02::2", - "ipv6.dst_host": "ff02::2", - "ipv6.host": "ff02::2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "133", - "icmpv6.code": "0", - "icmpv6.checksum": "0x00007bb8", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:08.893079000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496148.893079000", - "frame.time_delta": "0.001865000", - "frame.time_delta_displayed": "0.001865000", - "frame.time_relative": "2557.432393000", - "frame.number": "9028", - "frame.len": "174", - "frame.cap_len": "174", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:01", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01", - "eth.addr": "33:33:00:00:00:01", - "eth.addr_resolved": "IPv6mcast_01", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00016898", - "ipv6.plen": "120", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "fe80::b2b9:8aff:fe73:698e", - "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.dst": "ff02::1", - "ipv6.addr": "ff02::1", - "ipv6.dst_host": "ff02::1", - "ipv6.host": "ff02::1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "134", - "icmpv6.code": "0", - "icmpv6.checksum": "0x00006442", - "icmpv6.checksum.status": "1", - "icmpv6.nd.ra.cur_hop_limit": "64", - "icmpv6.nd.ra.flag": "0x000000c0", - "icmpv6.nd.ra.flag_tree": { - "icmpv6.nd.ra.flag.m": "1", - "icmpv6.nd.ra.flag.o": "1", - "icmpv6.nd.ra.flag.h": "0", - "icmpv6.nd.ra.flag.prf": "0", - "icmpv6.nd.ra.flag.p": "0", - "icmpv6.nd.ra.flag.rsv": "0" - }, - "icmpv6.nd.ra.router_lifetime": "0", - "icmpv6.nd.ra.reachable_time": "0", - "icmpv6.nd.ra.retrans_timer": "0", - "icmpv6.opt": { - "icmpv6.opt.type": "1", - "icmpv6.opt.length": "1", - "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", - "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "5", - "icmpv6.opt.length": "1", - "icmpv6.opt.reserved": "", - "icmpv6.opt.mtu": "1500" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "3", - "icmpv6.opt.length": "4", - "icmpv6.opt.prefix.length": "64", - "icmpv6.opt.prefix.flag": "0x000000c0", - "icmpv6.opt.prefix.flag_tree": { - "icmpv6.opt.prefix.flag.l": "1", - "icmpv6.opt.prefix.flag.a": "1", - "icmpv6.opt.prefix.flag.r": "0", - "icmpv6.opt.prefix.flag.reserved": "0" - }, - "icmpv6.opt.prefix.valid_lifetime": "4294967295", - "icmpv6.opt.prefix.preferred_lifetime": "4294967295", - "icmpv6.opt.reserved": "", - "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "24", - "icmpv6.opt.length": "3", - "icmpv6.opt.prefix.length": "48", - "icmpv6.opt.route_info.flag": "0x00000000", - "icmpv6.opt.route_info.flag_tree": { - "icmpv6.opt.route_info.flag.route_preference": "0", - "icmpv6.opt.route_info.flag.reserved": "0" - }, - "icmpv6.opt.route_lifetime": "4294967295", - "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "25", - "icmpv6.opt.length": "3", - "icmpv6.opt.reserved": "", - "icmpv6.opt.rdnss.lifetime": "6000", - "icmpv6.opt.rdnss": "fd1e:4e89:3b7b::1" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "7", - "icmpv6.opt.length": "1", - "icmpv6.opt.reserved": "", - "icmpv6.opt.advertisement_interval": "600000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:08.899059000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496148.899059000", - "frame.time_delta": "0.005980000", - "frame.time_delta_displayed": "0.005980000", - "frame.time_relative": "2557.438373000", - "frame.number": "9029", - "frame.len": "150", - "frame.cap_len": "150", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "96", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000b490", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "4", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::fb" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:09.115683000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496149.115683000", - "frame.time_delta": "0.216624000", - "frame.time_delta_displayed": "0.216624000", - "frame.time_relative": "2557.654997000", - "frame.number": "9030", - "frame.len": "150", - "frame.cap_len": "150", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "96", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000b590", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "4", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::fb" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:09.497664000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496149.497664000", - "frame.time_delta": "0.381981000", - "frame.time_delta_displayed": "0.381981000", - "frame.time_relative": "2558.036978000", - "frame.number": "9031", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "00:17:88:69:ee:e4", - "arp.src.proto_ipv4": "192.168.0.160", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:09.497844000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496149.497844000", - "frame.time_delta": "0.000180000", - "frame.time_delta_displayed": "0.000180000", - "frame.time_relative": "2558.037158000", - "frame.number": "9032", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:17:88:69:ee:e4", - "arp.dst.proto_ipv4": "192.168.0.160" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:09.715769000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496149.715769000", - "frame.time_delta": "0.217925000", - "frame.time_delta_displayed": "0.217925000", - "frame.time_relative": "2558.255083000", - "frame.number": "9033", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" - }, - "eth": { - "eth.dst": "33:33:00:01:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:02", - "eth.addr": "33:33:00:01:00:02", - "eth.addr_resolved": "IPv6mcast_01:00:02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "66", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::1:2", - "ipv6.addr": "ff02::1:2", - "ipv6.dst_host": "ff02::1:2", - "ipv6.host": "ff02::1:2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "546", - "udp.dstport": "547", - "udp.port": "546", - "udp.port": "547", - "udp.length": "66", - "udp.checksum": "0x0000580a", - "udp.checksum.status": "2", - "udp.stream": "15" - }, - "dhcpv6": { - "dhcpv6.msgtype": "1", - "dhcpv6.xid": "0x001cc4b6", - "Elapsed time": { - "dhcpv6.option.type": "8", - "dhcpv6.option.length": "2", - "dhcpv6.option.value": "00:00", - "dhcpv6.elapsed_time": "0" - }, - "Rapid Commit": { - "dhcpv6.option.type": "14", - "dhcpv6.option.length": "0" - }, - "Client Identifier": { - "dhcpv6.option.type": "1", - "dhcpv6.option.length": "14", - "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.type": "1", - "dhcpv6.duidllt.hwtype": "1", - "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", - "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" - }, - "Identity Association for Non-temporary Address": { - "dhcpv6.option.type": "3", - "dhcpv6.option.length": "12", - "dhcpv6.option.value": "30:bf:34:7e:00:00:00:00:00:00:00:00", - "dhcpv6.iaid": "30bf347e", - "dhcpv6.iaid.t1": "0", - "dhcpv6.iaid.t2": "0" - }, - "Option Request": { - "dhcpv6.option.type": "6", - "dhcpv6.option.length": "6", - "dhcpv6.option.value": "00:17:00:18:00:1f", - "dhcpv6.requested_option_code": "23", - "dhcpv6.requested_option_code": "24", - "dhcpv6.requested_option_code": "31" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:09.722342000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496149.722342000", - "frame.time_delta": "0.006573000", - "frame.time_delta_displayed": "0.006573000", - "frame.time_relative": "2558.261656000", - "frame.number": "9034", - "frame.len": "158", - "frame.cap_len": "158", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" - }, - "eth": { - "eth.dst": "33:33:00:01:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:02", - "eth.addr": "33:33:00:01:00:02", - "eth.addr_resolved": "IPv6mcast_01:00:02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "104", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::1:2", - "ipv6.addr": "ff02::1:2", - "ipv6.dst_host": "ff02::1:2", - "ipv6.host": "ff02::1:2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "546", - "udp.dstport": "547", - "udp.port": "546", - "udp.port": "547", - "udp.length": "104", - "udp.checksum": "0x00008a6f", - "udp.checksum.status": "2", - "udp.stream": "15" - }, - "dhcpv6": { - "dhcpv6.msgtype": "3", - "dhcpv6.xid": "0x002a877b", - "Elapsed time": { - "dhcpv6.option.type": "8", - "dhcpv6.option.length": "2", - "dhcpv6.option.value": "00:00", - "dhcpv6.elapsed_time": "0" - }, - "Server Identifier": { - "dhcpv6.option.type": "2", - "dhcpv6.option.length": "10", - "dhcpv6.option.value": "00:03:00:01:b0:b9:8a:73:69:8e", - "dhcpv6.duid.bytes": "00:03:00:01:b0:b9:8a:73:69:8e", - "dhcpv6.duid.type": "3", - "dhcpv6.duidll.hwtype": "1", - "dhcpv6.duidll.link_layer_addr": "b0:b9:8a:73:69:8e" - }, - "Client Identifier": { - "dhcpv6.option.type": "1", - "dhcpv6.option.length": "14", - "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.type": "1", - "dhcpv6.duidllt.hwtype": "1", - "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", - "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" - }, - "Identity Association for Non-temporary Address": { - "dhcpv6.option.type": "3", - "dhcpv6.option.length": "40", - "dhcpv6.option.value": "30:bf:34:7e:00:00:54:60:00:00:87:00:00:05:00:18:fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", - "dhcpv6.iaid": "30bf347e", - "dhcpv6.iaid.t1": "21600", - "dhcpv6.iaid.t2": "34560", - "IA Address": { - "dhcpv6.option.type": "5", - "dhcpv6.option.length": "24", - "dhcpv6.option.value": "fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", - "dhcpv6.iaaddr.ip": "fd1e:4e89:3b7b::101", - "dhcpv6.iaaddr.pref_lifetime": "0", - "dhcpv6.iaaddr.valid_lifetime": "0" - } - }, - "Option Request": { - "dhcpv6.option.type": "6", - "dhcpv6.option.length": "6", - "dhcpv6.option.value": "00:17:00:18:00:1f", - "dhcpv6.requested_option_code": "23", - "dhcpv6.requested_option_code": "24", - "dhcpv6.requested_option_code": "31" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:09.739037000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496149.739037000", - "frame.time_delta": "0.016695000", - "frame.time_delta_displayed": "0.016695000", - "frame.time_relative": "2558.278351000", - "frame.number": "9035", - "frame.len": "78", - "frame.cap_len": "78", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:ff:00:01:01", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_ff:00:01:01", - "eth.addr": "33:33:ff:00:01:01", - "eth.addr_resolved": "IPv6mcast_ff:00:01:01", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "24", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "::", - "ipv6.addr": "::", - "ipv6.src_host": "::", - "ipv6.host": "::", - "ipv6.dst": "ff02::1:ff00:101", - "ipv6.addr": "ff02::1:ff00:101", - "ipv6.dst_host": "ff02::1:ff00:101", - "ipv6.host": "ff02::1:ff00:101", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "135", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000f182", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00:00:00", - "icmpv6.nd.ns.target_address": "fd1e:4e89:3b7b::101" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:09.755349000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496149.755349000", - "frame.time_delta": "0.016312000", - "frame.time_delta_displayed": "0.016312000", - "frame.time_relative": "2558.294663000", - "frame.number": "9036", - "frame.len": "110", - "frame.cap_len": "110", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "56", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000effa", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "2", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:10.759041000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496150.759041000", - "frame.time_delta": "1.003692000", - "frame.time_delta_displayed": "1.003692000", - "frame.time_relative": "2559.298355000", - "frame.number": "9037", - "frame.len": "62", - "frame.cap_len": "62", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_02", - "eth.addr": "33:33:00:00:00:02", - "eth.addr_resolved": "IPv6mcast_02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "8", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "::", - "ipv6.addr": "::", - "ipv6.src_host": "::", - "ipv6.host": "::", - "ipv6.dst": "ff02::2", - "ipv6.addr": "ff02::2", - "ipv6.dst_host": "ff02::2", - "ipv6.host": "ff02::2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "133", - "icmpv6.code": "0", - "icmpv6.checksum": "0x00007bb8", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:10.761687000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496150.761687000", - "frame.time_delta": "0.002646000", - "frame.time_delta_displayed": "0.002646000", - "frame.time_relative": "2559.301001000", - "frame.number": "9038", - "frame.len": "174", - "frame.cap_len": "174", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:01", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01", - "eth.addr": "33:33:00:00:00:01", - "eth.addr_resolved": "IPv6mcast_01", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00016898", - "ipv6.plen": "120", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "fe80::b2b9:8aff:fe73:698e", - "ipv6.addr": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.host": "fe80::b2b9:8aff:fe73:698e", - "ipv6.src_sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.sa_mac": "b0:b9:8a:73:69:8e", - "ipv6.dst": "ff02::1", - "ipv6.addr": "ff02::1", - "ipv6.dst_host": "ff02::1", - "ipv6.host": "ff02::1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "134", - "icmpv6.code": "0", - "icmpv6.checksum": "0x00006442", - "icmpv6.checksum.status": "1", - "icmpv6.nd.ra.cur_hop_limit": "64", - "icmpv6.nd.ra.flag": "0x000000c0", - "icmpv6.nd.ra.flag_tree": { - "icmpv6.nd.ra.flag.m": "1", - "icmpv6.nd.ra.flag.o": "1", - "icmpv6.nd.ra.flag.h": "0", - "icmpv6.nd.ra.flag.prf": "0", - "icmpv6.nd.ra.flag.p": "0", - "icmpv6.nd.ra.flag.rsv": "0" - }, - "icmpv6.nd.ra.router_lifetime": "0", - "icmpv6.nd.ra.reachable_time": "0", - "icmpv6.nd.ra.retrans_timer": "0", - "icmpv6.opt": { - "icmpv6.opt.type": "1", - "icmpv6.opt.length": "1", - "icmpv6.opt.linkaddr": "b0:b9:8a:73:69:8e", - "icmpv6.opt.src_linkaddr": "b0:b9:8a:73:69:8e" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "5", - "icmpv6.opt.length": "1", - "icmpv6.opt.reserved": "", - "icmpv6.opt.mtu": "1500" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "3", - "icmpv6.opt.length": "4", - "icmpv6.opt.prefix.length": "64", - "icmpv6.opt.prefix.flag": "0x000000c0", - "icmpv6.opt.prefix.flag_tree": { - "icmpv6.opt.prefix.flag.l": "1", - "icmpv6.opt.prefix.flag.a": "1", - "icmpv6.opt.prefix.flag.r": "0", - "icmpv6.opt.prefix.flag.reserved": "0" - }, - "icmpv6.opt.prefix.valid_lifetime": "4294967295", - "icmpv6.opt.prefix.preferred_lifetime": "4294967295", - "icmpv6.opt.reserved": "", - "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "24", - "icmpv6.opt.length": "3", - "icmpv6.opt.prefix.length": "48", - "icmpv6.opt.route_info.flag": "0x00000000", - "icmpv6.opt.route_info.flag_tree": { - "icmpv6.opt.route_info.flag.route_preference": "0", - "icmpv6.opt.route_info.flag.reserved": "0" - }, - "icmpv6.opt.route_lifetime": "4294967295", - "icmpv6.opt.prefix": "fd1e:4e89:3b7b::" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "25", - "icmpv6.opt.length": "3", - "icmpv6.opt.reserved": "", - "icmpv6.opt.rdnss.lifetime": "6000", - "icmpv6.opt.rdnss": "fd1e:4e89:3b7b::1" - }, - "icmpv6.opt": { - "icmpv6.opt.type": "7", - "icmpv6.opt.length": "1", - "icmpv6.opt.reserved": "", - "icmpv6.opt.advertisement_interval": "600000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:10.765447000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496150.765447000", - "frame.time_delta": "0.003760000", - "frame.time_delta_displayed": "0.003760000", - "frame.time_relative": "2559.304761000", - "frame.number": "9039", - "frame.len": "150", - "frame.cap_len": "150", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "96", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000b490", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "4", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::fb" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:10.955793000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496150.955793000", - "frame.time_delta": "0.190346000", - "frame.time_delta_displayed": "0.190346000", - "frame.time_relative": "2559.495107000", - "frame.number": "9040", - "frame.len": "150", - "frame.cap_len": "150", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "96", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000b590", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "4", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::fb" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ffbf:347e" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:11.141482000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496151.141482000", - "frame.time_delta": "0.185689000", - "frame.time_delta_displayed": "0.185689000", - "frame.time_relative": "2559.680796000", - "frame.number": "9041", - "frame.len": "120", - "frame.cap_len": "120", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" - }, - "eth": { - "eth.dst": "33:33:00:01:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:02", - "eth.addr": "33:33:00:01:00:02", - "eth.addr_resolved": "IPv6mcast_01:00:02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "66", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::1:2", - "ipv6.addr": "ff02::1:2", - "ipv6.dst_host": "ff02::1:2", - "ipv6.host": "ff02::1:2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "546", - "udp.dstport": "547", - "udp.port": "546", - "udp.port": "547", - "udp.length": "66", - "udp.checksum": "0x0000d9c7", - "udp.checksum.status": "2", - "udp.stream": "15" - }, - "dhcpv6": { - "dhcpv6.msgtype": "1", - "dhcpv6.xid": "0x00104305", - "Elapsed time": { - "dhcpv6.option.type": "8", - "dhcpv6.option.length": "2", - "dhcpv6.option.value": "00:00", - "dhcpv6.elapsed_time": "0" - }, - "Rapid Commit": { - "dhcpv6.option.type": "14", - "dhcpv6.option.length": "0" - }, - "Client Identifier": { - "dhcpv6.option.type": "1", - "dhcpv6.option.length": "14", - "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.type": "1", - "dhcpv6.duidllt.hwtype": "1", - "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", - "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" - }, - "Identity Association for Non-temporary Address": { - "dhcpv6.option.type": "3", - "dhcpv6.option.length": "12", - "dhcpv6.option.value": "30:bf:34:7e:00:00:00:00:00:00:00:00", - "dhcpv6.iaid": "30bf347e", - "dhcpv6.iaid.t1": "0", - "dhcpv6.iaid.t2": "0" - }, - "Option Request": { - "dhcpv6.option.type": "6", - "dhcpv6.option.length": "6", - "dhcpv6.option.value": "00:17:00:18:00:1f", - "dhcpv6.requested_option_code": "23", - "dhcpv6.requested_option_code": "24", - "dhcpv6.requested_option_code": "31" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:11.175002000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496151.175002000", - "frame.time_delta": "0.033520000", - "frame.time_delta_displayed": "0.033520000", - "frame.time_relative": "2559.714316000", - "frame.number": "9042", - "frame.len": "158", - "frame.cap_len": "158", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" - }, - "eth": { - "eth.dst": "33:33:00:01:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:02", - "eth.addr": "33:33:00:01:00:02", - "eth.addr_resolved": "IPv6mcast_01:00:02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "104", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::1:2", - "ipv6.addr": "ff02::1:2", - "ipv6.dst_host": "ff02::1:2", - "ipv6.host": "ff02::1:2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "546", - "udp.dstport": "547", - "udp.port": "546", - "udp.port": "547", - "udp.length": "104", - "udp.checksum": "0x000080eb", - "udp.checksum.status": "2", - "udp.stream": "15" - }, - "dhcpv6": { - "dhcpv6.msgtype": "3", - "dhcpv6.xid": "0x00ce905b", - "Elapsed time": { - "dhcpv6.option.type": "8", - "dhcpv6.option.length": "2", - "dhcpv6.option.value": "00:00", - "dhcpv6.elapsed_time": "0" - }, - "Server Identifier": { - "dhcpv6.option.type": "2", - "dhcpv6.option.length": "10", - "dhcpv6.option.value": "00:03:00:01:b0:b9:8a:73:69:8e", - "dhcpv6.duid.bytes": "00:03:00:01:b0:b9:8a:73:69:8e", - "dhcpv6.duid.type": "3", - "dhcpv6.duidll.hwtype": "1", - "dhcpv6.duidll.link_layer_addr": "b0:b9:8a:73:69:8e" - }, - "Client Identifier": { - "dhcpv6.option.type": "1", - "dhcpv6.option.length": "14", - "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.type": "1", - "dhcpv6.duidllt.hwtype": "1", - "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", - "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" - }, - "Identity Association for Non-temporary Address": { - "dhcpv6.option.type": "3", - "dhcpv6.option.length": "40", - "dhcpv6.option.value": "30:bf:34:7e:00:00:54:60:00:00:87:00:00:05:00:18:fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", - "dhcpv6.iaid": "30bf347e", - "dhcpv6.iaid.t1": "21600", - "dhcpv6.iaid.t2": "34560", - "IA Address": { - "dhcpv6.option.type": "5", - "dhcpv6.option.length": "24", - "dhcpv6.option.value": "fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", - "dhcpv6.iaaddr.ip": "fd1e:4e89:3b7b::101", - "dhcpv6.iaaddr.pref_lifetime": "0", - "dhcpv6.iaaddr.valid_lifetime": "0" - } - }, - "Option Request": { - "dhcpv6.option.type": "6", - "dhcpv6.option.length": "6", - "dhcpv6.option.value": "00:17:00:18:00:1f", - "dhcpv6.requested_option_code": "23", - "dhcpv6.requested_option_code": "24", - "dhcpv6.requested_option_code": "31" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:12.228117000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496152.228117000", - "frame.time_delta": "1.053115000", - "frame.time_delta_displayed": "1.053115000", - "frame.time_relative": "2560.767431000", - "frame.number": "9043", - "frame.len": "158", - "frame.cap_len": "158", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:dhcpv6" - }, - "eth": { - "eth.dst": "33:33:00:01:00:02", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:02", - "eth.addr": "33:33:00:01:00:02", - "eth.addr_resolved": "IPv6mcast_01:00:02", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "104", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::1:2", - "ipv6.addr": "ff02::1:2", - "ipv6.dst_host": "ff02::1:2", - "ipv6.host": "ff02::1:2", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "546", - "udp.dstport": "547", - "udp.port": "546", - "udp.port": "547", - "udp.length": "104", - "udp.checksum": "0x00008080", - "udp.checksum.status": "2", - "udp.stream": "15" - }, - "dhcpv6": { - "dhcpv6.msgtype": "3", - "dhcpv6.xid": "0x00ce905b", - "Elapsed time": { - "dhcpv6.option.type": "8", - "dhcpv6.option.length": "2", - "dhcpv6.option.value": "00:6b", - "dhcpv6.elapsed_time": "1070" - }, - "Server Identifier": { - "dhcpv6.option.type": "2", - "dhcpv6.option.length": "10", - "dhcpv6.option.value": "00:03:00:01:b0:b9:8a:73:69:8e", - "dhcpv6.duid.bytes": "00:03:00:01:b0:b9:8a:73:69:8e", - "dhcpv6.duid.type": "3", - "dhcpv6.duidll.hwtype": "1", - "dhcpv6.duidll.link_layer_addr": "b0:b9:8a:73:69:8e" - }, - "Client Identifier": { - "dhcpv6.option.type": "1", - "dhcpv6.option.length": "14", - "dhcpv6.option.value": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.bytes": "00:01:00:01:21:85:5b:8a:18:b4:30:bf:34:7e", - "dhcpv6.duid.type": "1", - "dhcpv6.duidllt.hwtype": "1", - "dhcpv6.duidllt.time": "Oct 26, 2017 19:50:50.000000000 PDT", - "dhcpv6.duidllt.link_layer_addr": "18:b4:30:bf:34:7e" - }, - "Identity Association for Non-temporary Address": { - "dhcpv6.option.type": "3", - "dhcpv6.option.length": "40", - "dhcpv6.option.value": "30:bf:34:7e:00:00:54:60:00:00:87:00:00:05:00:18:fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", - "dhcpv6.iaid": "30bf347e", - "dhcpv6.iaid.t1": "21600", - "dhcpv6.iaid.t2": "34560", - "IA Address": { - "dhcpv6.option.type": "5", - "dhcpv6.option.length": "24", - "dhcpv6.option.value": "fd:1e:4e:89:3b:7b:00:00:00:00:00:00:00:00:01:01:00:00:00:00:00:00:00:00", - "dhcpv6.iaaddr.ip": "fd1e:4e89:3b7b::101", - "dhcpv6.iaaddr.pref_lifetime": "0", - "dhcpv6.iaaddr.valid_lifetime": "0" - } - }, - "Option Request": { - "dhcpv6.option.type": "6", - "dhcpv6.option.length": "6", - "dhcpv6.option.value": "00:17:00:18:00:1f", - "dhcpv6.requested_option_code": "23", - "dhcpv6.requested_option_code": "24", - "dhcpv6.requested_option_code": "31" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:12.234901000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496152.234901000", - "frame.time_delta": "0.006784000", - "frame.time_delta_displayed": "0.006784000", - "frame.time_relative": "2560.774215000", - "frame.number": "9044", - "frame.len": "78", - "frame.cap_len": "78", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:icmpv6" - }, - "eth": { - "eth.dst": "33:33:ff:00:01:01", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_ff:00:01:01", - "eth.addr": "33:33:ff:00:01:01", - "eth.addr_resolved": "IPv6mcast_ff:00:01:01", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "24", - "ipv6.nxt": "58", - "ipv6.hlim": "255", - "ipv6.src": "::", - "ipv6.addr": "::", - "ipv6.src_host": "::", - "ipv6.host": "::", - "ipv6.dst": "ff02::1:ff00:101", - "ipv6.addr": "ff02::1:ff00:101", - "ipv6.dst_host": "ff02::1:ff00:101", - "ipv6.host": "ff02::1:ff00:101", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "icmpv6": { - "icmpv6.type": "135", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000f182", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00:00:00", - "icmpv6.nd.ns.target_address": "fd1e:4e89:3b7b::101" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:12.245105000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496152.245105000", - "frame.time_delta": "0.010204000", - "frame.time_delta_displayed": "0.010204000", - "frame.time_relative": "2560.784419000", - "frame.number": "9045", - "frame.len": "110", - "frame.cap_len": "110", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:ipv6.hopopts:icmpv6" - }, - "eth": { - "eth.dst": "33:33:00:00:00:16", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_16", - "eth.addr": "33:33:00:00:00:16", - "eth.addr_resolved": "IPv6mcast_16", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "18:b4:30:bf:34:7e", - "eth.src_tree": { - "eth.src_resolved": "NestLabs_bf:34:7e", - "eth.addr": "18:b4:30:bf:34:7e", - "eth.addr_resolved": "NestLabs_bf:34:7e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "56", - "ipv6.nxt": "0", - "ipv6.hlim": "1", - "ipv6.src": "fe80::1ab4:30ff:febf:347e", - "ipv6.addr": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_host": "fe80::1ab4:30ff:febf:347e", - "ipv6.host": "fe80::1ab4:30ff:febf:347e", - "ipv6.src_sa_mac": "18:b4:30:bf:34:7e", - "ipv6.sa_mac": "18:b4:30:bf:34:7e", - "ipv6.dst": "ff02::16", - "ipv6.addr": "ff02::16", - "ipv6.dst_host": "ff02::16", - "ipv6.host": "ff02::16", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "", - "ipv6.hopopts": { - "ipv6.hopopts.nxt": "58", - "ipv6.hopopts.len": "0", - "ipv6.hopopts.len_oct": "8", - "ipv6.opt": { - "ipv6.opt.type": "5", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000005" - }, - "ipv6.opt.length": "2", - "ipv6.opt.router_alert": "0" - }, - "ipv6.opt": { - "ipv6.opt.type": "1", - "ipv6.opt.type_tree": { - "ipv6.opt.type.action": "0", - "ipv6.opt.type.change": "0", - "ipv6.opt.type.rest": "0x00000001" - }, - "ipv6.opt.length": "0", - "ipv6.opt.padn": "" - } - } - }, - "icmpv6": { - "icmpv6.type": "143", - "icmpv6.code": "0", - "icmpv6.checksum": "0x0000effa", - "icmpv6.checksum.status": "1", - "icmpv6.reserved": "00:00", - "icmpv6.mldr.nb_mcast_records": "2", - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "3", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:2" - }, - "icmpv6.mldr.mar": { - "icmpv6.mldr.mar.record_type": "4", - "icmpv6.mldr.mar.aux_data_len": "0", - "icmpv6.mldr.mar.nb_sources": "0", - "icmpv6.mldr.mar.multicast_address": "ff02::1:ff00:101" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:17.107939000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496157.107939000", - "frame.time_delta": "4.862834000", - "frame.time_delta_displayed": "4.862834000", - "frame.time_relative": "2565.647253000", - "frame.number": "9046", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "50:c7:bf:59:d5:84", - "eth.src_tree": { - "eth.src_resolved": "Tp-LinkT_59:d5:84", - "eth.addr": "50:c7:bf:59:d5:84", - "eth.addr_resolved": "Tp-LinkT_59:d5:84", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "50:c7:bf:59:d5:84", - "arp.src.proto_ipv4": "192.168.0.221", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:25.692362000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496165.692362000", - "frame.time_delta": "8.584423000", - "frame.time_delta_displayed": "8.584423000", - "frame.time_relative": "2574.231676000", - "frame.number": "9047", - "frame.len": "20", - "frame.cap_len": "20", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:llc" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.len": "6" - }, - "llc": { - "llc.dsap": "0x00000000", - "llc.dsap_tree": { - "llc.dsap.sap": "0", - "llc.dsap.ig": "0" - }, - "llc.ssap": "0x00000001", - "llc.ssap_tree": { - "llc.ssap.sap": "0", - "llc.ssap.cr": "1" - }, - "llc.control": "0x000000af", - "llc.control_tree": { - "llc.control.u_modifier_resp": "0x0000002b", - "llc.control.ftype": "0x00000003" - } - }, - "basicxid": { - "basicxid.llc.xid.format": "0x00000081", - "basicxid.llc.xid.types": "0x00000001", - "basicxid.llc.xid.wsize": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:25.921633000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496165.921633000", - "frame.time_delta": "0.229271000", - "frame.time_delta_displayed": "0.229271000", - "frame.time_relative": "2574.460947000", - "frame.number": "9048", - "frame.len": "350", - "frame.cap_len": "350", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:bootp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "336", - "ip.id": "0x00000000", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ba9d", - "ip.checksum.status": "2", - "ip.src": "0.0.0.0", - "ip.addr": "0.0.0.0", - "ip.src_host": "0.0.0.0", - "ip.host": "0.0.0.0", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "68", - "udp.dstport": "67", - "udp.port": "68", - "udp.port": "67", - "udp.length": "316", - "udp.checksum": "0x00004f9e", - "udp.checksum.status": "2", - "udp.stream": "3" - }, - "bootp": { - "bootp.type": "1", - "bootp.hw.type": "0x00000001", - "bootp.hw.len": "6", - "bootp.hops": "0", - "bootp.id": "0xabcd0001", - "bootp.secs": "0", - "bootp.flags": "0x00000000", - "bootp.flags_tree": { - "bootp.flags.bc": "0", - "bootp.flags.reserved": "0x00000000" - }, - "bootp.ip.client": "0.0.0.0", - "bootp.ip.your": "0.0.0.0", - "bootp.ip.server": "0.0.0.0", - "bootp.ip.relay": "0.0.0.0", - "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", - "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", - "bootp.server": "", - "bootp.file": "", - "bootp.dhcp": "1", - "bootp.cookie": "99.130.83.99", - "bootp.option.type": "53", - "bootp.option.type_tree": { - "bootp.option.length": "1", - "bootp.option.value": "01", - "bootp.option.dhcp": "1" - }, - "bootp.option.type": "12", - "bootp.option.type_tree": { - "bootp.option.length": "14", - "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", - "bootp.option.hostname": "USR-WIFI232-G2" - }, - "bootp.option.type": "57", - "bootp.option.type_tree": { - "bootp.option.length": "2", - "bootp.option.value": "05:dc", - "bootp.option.dhcp_max_message_size": "1500" - }, - "bootp.option.type": "55", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "01:03:1c:06", - "bootp.option.request_list_item": "1", - "bootp.option.request_list_item": "3", - "bootp.option.request_list_item": "28", - "bootp.option.request_list_item": "6" - }, - "bootp.option.type": "0", - "bootp.option.type_tree": { - "bootp.option.end": "255" - }, - "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:26.030555000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496166.030555000", - "frame.time_delta": "0.108922000", - "frame.time_delta_displayed": "0.108922000", - "frame.time_relative": "2574.569869000", - "frame.number": "9049", - "frame.len": "350", - "frame.cap_len": "350", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:bootp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "336", - "ip.id": "0x00000001", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ba9c", - "ip.checksum.status": "2", - "ip.src": "0.0.0.0", - "ip.addr": "0.0.0.0", - "ip.src_host": "0.0.0.0", - "ip.host": "0.0.0.0", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "68", - "udp.dstport": "67", - "udp.port": "68", - "udp.port": "67", - "udp.length": "316", - "udp.checksum": "0x000080b3", - "udp.checksum.status": "2", - "udp.stream": "3" - }, - "bootp": { - "bootp.type": "1", - "bootp.hw.type": "0x00000001", - "bootp.hw.len": "6", - "bootp.hops": "0", - "bootp.id": "0xabcd0002", - "bootp.secs": "0", - "bootp.flags": "0x00000000", - "bootp.flags_tree": { - "bootp.flags.bc": "0", - "bootp.flags.reserved": "0x00000000" - }, - "bootp.ip.client": "0.0.0.0", - "bootp.ip.your": "0.0.0.0", - "bootp.ip.server": "0.0.0.0", - "bootp.ip.relay": "0.0.0.0", - "bootp.hw.mac_addr": "ac:cf:23:5a:9c:e2", - "bootp.hw.addr_padding": "00:00:00:00:00:00:00:00:00:00", - "bootp.server": "", - "bootp.file": "", - "bootp.dhcp": "1", - "bootp.cookie": "99.130.83.99", - "bootp.option.type": "53", - "bootp.option.type_tree": { - "bootp.option.length": "1", - "bootp.option.value": "03", - "bootp.option.dhcp": "3" - }, - "bootp.option.type": "12", - "bootp.option.type_tree": { - "bootp.option.length": "14", - "bootp.option.value": "55:53:52:2d:57:49:46:49:32:33:32:2d:47:32", - "bootp.option.hostname": "USR-WIFI232-G2" - }, - "bootp.option.type": "57", - "bootp.option.type_tree": { - "bootp.option.length": "2", - "bootp.option.value": "05:dc", - "bootp.option.dhcp_max_message_size": "1500" - }, - "bootp.option.type": "50", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "c0:a8:00:72", - "bootp.option.requested_ip_address": "192.168.0.114" - }, - "bootp.option.type": "54", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "c0:a8:00:01", - "bootp.option.dhcp_server_id": "192.168.0.1" - }, - "bootp.option.type": "55", - "bootp.option.type_tree": { - "bootp.option.length": "4", - "bootp.option.value": "01:03:1c:06", - "bootp.option.request_list_item": "1", - "bootp.option.request_list_item": "3", - "bootp.option.request_list_item": "28", - "bootp.option.request_list_item": "6" - }, - "bootp.option.type": "0", - "bootp.option.type_tree": { - "bootp.option.end": "255" - }, - "bootp.option.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:26.045547000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496166.045547000", - "frame.time_delta": "0.014992000", - "frame.time_delta_displayed": "0.014992000", - "frame.time_relative": "2574.584861000", - "frame.number": "9050", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", - "arp.src.proto_ipv4": "0.0.0.0", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.114" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:26.406268000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496166.406268000", - "frame.time_delta": "0.360721000", - "frame.time_delta_displayed": "0.360721000", - "frame.time_relative": "2574.945582000", - "frame.number": "9051", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", - "arp.src.proto_ipv4": "0.0.0.0", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.114" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:28.733904000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496168.733904000", - "frame.time_delta": "2.327636000", - "frame.time_delta_displayed": "2.327636000", - "frame.time_relative": "2577.273218000", - "frame.number": "9052", - "frame.len": "142", - "frame.cap_len": "142", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:adwin_config" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:02:41:da", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_02:41:da", - "eth.addr": "d0:73:d5:02:41:da", - "eth.addr_resolved": "LifiLabs_02:41:da", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "128", - "ip.id": "0x00000bd9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000ecab", - "ip.checksum.status": "2", - "ip.src": "192.168.0.152", - "ip.addr": "192.168.0.152", - "ip.src_host": "192.168.0.152", - "ip.host": "192.168.0.152", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56700", - "udp.dstport": "56700", - "udp.port": "56700", - "udp.port": "56700", - "udp.length": "108", - "udp.checksum": "0x00002b46", - "udp.checksum.status": "2", - "udp.stream": "2" - }, - "adwin_config": { - "adwin_config.command": "1409286244", - "adwin_config.version": "1380667970", - "adwin_config.mac": "d0:73:d5:02:41:da", - "adwin_config.unused": "", - "adwin_config.server_ip": "88.70.73.76", - "adwin_config.unused": "", - "adwin_config.netmask": "94.114.83.4", - "adwin_config.unused": "", - "adwin_config.gateway": "0.0.0.59", - "adwin_config.unused": "", - "adwin_config.dhcp": "1", - "adwin_config.port": "351456963", - "adwin_config.password": "", - "adwin_config.bootloader": "0", - "adwin_config.unused": "", - "adwin_config.description": "", - "adwin_config.date": "", - "adwin_config.revision": "", - "adwin_config.processor_type_raw": "", - "adwin_config.processor_type": "Unknown", - "adwin_config.system_type_raw": "", - "adwin_config.system_type": "Unknown" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:28.849252000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496168.849252000", - "frame.time_delta": "0.115348000", - "frame.time_delta_displayed": "0.115348000", - "frame.time_relative": "2577.388566000", - "frame.number": "9053", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "3c:ef:8c:6f:79:5a", - "eth.src_tree": { - "eth.src_resolved": "Zhejiang_6f:79:5a", - "eth.addr": "3c:ef:8c:6f:79:5a", - "eth.addr_resolved": "Zhejiang_6f:79:5a", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.isgratuitous": "1", - "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", - "arp.src.proto_ipv4": "192.168.0.71", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.71" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:29.558811000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496169.558811000", - "frame.time_delta": "0.709559000", - "frame.time_delta_displayed": "0.709559000", - "frame.time_relative": "2578.098125000", - "frame.number": "9054", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "3c:ef:8c:6f:79:5a", - "eth.src_tree": { - "eth.src_resolved": "Zhejiang_6f:79:5a", - "eth.addr": "3c:ef:8c:6f:79:5a", - "eth.addr_resolved": "Zhejiang_6f:79:5a", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.isgratuitous": "1", - "arp.src.hw_mac": "3c:ef:8c:6f:79:5a", - "arp.src.proto_ipv4": "192.168.0.71", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.71" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:30.429498000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496170.429498000", - "frame.time_delta": "0.870687000", - "frame.time_delta_displayed": "0.870687000", - "frame.time_relative": "2578.968812000", - "frame.number": "9055", - "frame.len": "168", - "frame.cap_len": "168", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "154", - "ip.id": "0x00002137", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e70d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "52117", - "udp.dstport": "1900", - "udp.port": "52117", - "udp.port": "1900", - "udp.length": "134", - "udp.checksum": "0x00004d48", - "udp.checksum.status": "2", - "udp.stream": "10" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "22", - "http.prev_request_in": "8556" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:30.851195000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496170.851195000", - "frame.time_delta": "0.421697000", - "frame.time_delta_displayed": "0.421697000", - "frame.time_relative": "2579.390509000", - "frame.number": "9056", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000d789", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000dfc1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "305", - "udp.checksum": "0x0000f985", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "127", - "http.prev_response_in": "8613" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:30.854800000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496170.854800000", - "frame.time_delta": "0.003605000", - "frame.time_delta_displayed": "0.003605000", - "frame.time_relative": "2579.394114000", - "frame.number": "9057", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001d66", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005b01", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54931", - "tcp.dstport": "80", - "tcp.port": "54931", - "tcp.port": "80", - "tcp.stream": "347", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x0000c2a4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:30.855338000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496170.855338000", - "frame.time_delta": "0.000538000", - "frame.time_delta_displayed": "0.000538000", - "frame.time_relative": "2579.394652000", - "frame.number": "9058", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54931", - "tcp.port": "80", - "tcp.port": "54931", - "tcp.stream": "347", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00001b8a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "9057", - "tcp.analysis.ack_rtt": "0.000538000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:30.857538000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496170.857538000", - "frame.time_delta": "0.002200000", - "frame.time_delta_displayed": "0.002200000", - "frame.time_relative": "2579.396852000", - "frame.number": "9059", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001d67", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005b0c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54931", - "tcp.dstport": "80", - "tcp.port": "54931", - "tcp.port": "80", - "tcp.stream": "347", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000cd68", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "9058", - "tcp.analysis.ack_rtt": "0.002200000", - "tcp.analysis.initial_rtt": "0.002738000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:30.858192000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496170.858192000", - "frame.time_delta": "0.000654000", - "frame.time_delta_displayed": "0.000654000", - "frame.time_relative": "2579.397506000", - "frame.number": "9060", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001d68", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005a64", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54931", - "tcp.dstport": "80", - "tcp.port": "54931", - "tcp.port": "80", - "tcp.stream": "347", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000e2e1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002738000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:30.858680000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496170.858680000", - "frame.time_delta": "0.000488000", - "frame.time_delta_displayed": "0.000488000", - "frame.time_relative": "2579.397994000", - "frame.number": "9061", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000e27c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d5f6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54931", - "tcp.port": "80", - "tcp.port": "54931", - "tcp.stream": "347", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000bef9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "9060", - "tcp.analysis.ack_rtt": "0.000488000", - "tcp.analysis.initial_rtt": "0.002738000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:30.859249000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496170.859249000", - "frame.time_delta": "0.000569000", - "frame.time_delta_displayed": "0.000569000", - "frame.time_relative": "2579.398563000", - "frame.number": "9062", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000e27d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d5e4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54931", - "tcp.port": "80", - "tcp.port": "54931", - "tcp.stream": "347", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000ff1a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002738000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:30.859748000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496170.859748000", - "frame.time_delta": "0.000499000", - "frame.time_delta_displayed": "0.000499000", - "frame.time_relative": "2579.399062000", - "frame.number": "9063", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000e27e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000d211", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54931", - "tcp.port": "80", - "tcp.port": "54931", - "tcp.stream": "347", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00005184", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002738000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "9062", - "tcp.segment": "9063", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001556000", - "http.request_in": "9060", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:30.863950000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496170.863950000", - "frame.time_delta": "0.004202000", - "frame.time_delta_displayed": "0.004202000", - "frame.time_relative": "2579.403264000", - "frame.number": "9064", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001d69", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005b0a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54931", - "tcp.dstport": "80", - "tcp.port": "54931", - "tcp.port": "80", - "tcp.stream": "347", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000c8d0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "9063", - "tcp.analysis.ack_rtt": "0.004202000", - "tcp.analysis.initial_rtt": "0.002738000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:30.864633000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496170.864633000", - "frame.time_delta": "0.000683000", - "frame.time_delta_displayed": "0.000683000", - "frame.time_relative": "2579.403947000", - "frame.number": "9065", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001d6a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005b09", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54931", - "tcp.dstport": "80", - "tcp.port": "54931", - "tcp.port": "80", - "tcp.stream": "347", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000c8cf", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:30.865066000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496170.865066000", - "frame.time_delta": "0.000433000", - "frame.time_delta_displayed": "0.000433000", - "frame.time_relative": "2579.404380000", - "frame.number": "9066", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000c94c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ef26", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54931", - "tcp.port": "80", - "tcp.port": "54931", - "tcp.stream": "347", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000bb03", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "9065", - "tcp.analysis.ack_rtt": "0.000433000", - "tcp.analysis.initial_rtt": "0.002738000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:30.904080000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496170.904080000", - "frame.time_delta": "0.039014000", - "frame.time_delta_displayed": "0.039014000", - "frame.time_relative": "2579.443394000", - "frame.number": "9067", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000d78a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000dfb7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "314", - "udp.checksum": "0x00000771", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "128", - "http.prev_response_in": "9056" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:30.907286000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496170.907286000", - "frame.time_delta": "0.003206000", - "frame.time_delta_displayed": "0.003206000", - "frame.time_relative": "2579.446600000", - "frame.number": "9068", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001d6b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005afc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54932", - "tcp.dstport": "80", - "tcp.port": "54932", - "tcp.port": "80", - "tcp.stream": "348", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x0000a529", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:30.907869000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496170.907869000", - "frame.time_delta": "0.000583000", - "frame.time_delta_displayed": "0.000583000", - "frame.time_relative": "2579.447183000", - "frame.number": "9069", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54932", - "tcp.port": "80", - "tcp.port": "54932", - "tcp.stream": "348", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000a5c4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "9068", - "tcp.analysis.ack_rtt": "0.000583000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:30.910633000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496170.910633000", - "frame.time_delta": "0.002764000", - "frame.time_delta_displayed": "0.002764000", - "frame.time_relative": "2579.449947000", - "frame.number": "9070", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001d6c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005b07", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54932", - "tcp.dstport": "80", - "tcp.port": "54932", - "tcp.port": "80", - "tcp.stream": "348", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000057a3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "9069", - "tcp.analysis.ack_rtt": "0.002764000", - "tcp.analysis.initial_rtt": "0.003347000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:30.911258000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496170.911258000", - "frame.time_delta": "0.000625000", - "frame.time_delta_displayed": "0.000625000", - "frame.time_relative": "2579.450572000", - "frame.number": "9071", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001d6d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005a5f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54932", - "tcp.dstport": "80", - "tcp.port": "54932", - "tcp.port": "80", - "tcp.stream": "348", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00006d1c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003347000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:30.911731000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496170.911731000", - "frame.time_delta": "0.000473000", - "frame.time_delta_displayed": "0.000473000", - "frame.time_relative": "2579.451045000", - "frame.number": "9072", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000b23e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000635", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54932", - "tcp.port": "80", - "tcp.port": "54932", - "tcp.stream": "348", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00004934", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "9071", - "tcp.analysis.ack_rtt": "0.000473000", - "tcp.analysis.initial_rtt": "0.003347000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:30.912321000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496170.912321000", - "frame.time_delta": "0.000590000", - "frame.time_delta_displayed": "0.000590000", - "frame.time_relative": "2579.451635000", - "frame.number": "9073", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x0000b23f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000623", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54932", - "tcp.port": "80", - "tcp.port": "54932", - "tcp.stream": "348", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00008955", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003347000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:30.912742000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496170.912742000", - "frame.time_delta": "0.000421000", - "frame.time_delta_displayed": "0.000421000", - "frame.time_relative": "2579.452056000", - "frame.number": "9074", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x0000b240", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00000250", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54932", - "tcp.port": "80", - "tcp.port": "54932", - "tcp.stream": "348", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000dbbe", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003347000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "9073", - "tcp.segment": "9074", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001484000", - "http.request_in": "9071", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:30.914778000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496170.914778000", - "frame.time_delta": "0.002036000", - "frame.time_delta_displayed": "0.002036000", - "frame.time_relative": "2579.454092000", - "frame.number": "9075", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001d6e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005b05", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54932", - "tcp.dstport": "80", - "tcp.port": "54932", - "tcp.port": "80", - "tcp.stream": "348", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000530b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "9074", - "tcp.analysis.ack_rtt": "0.002036000", - "tcp.analysis.initial_rtt": "0.003347000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:30.915408000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496170.915408000", - "frame.time_delta": "0.000630000", - "frame.time_delta_displayed": "0.000630000", - "frame.time_relative": "2579.454722000", - "frame.number": "9076", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001d6f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005b04", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54932", - "tcp.dstport": "80", - "tcp.port": "54932", - "tcp.port": "80", - "tcp.stream": "348", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000530a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:30.915838000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496170.915838000", - "frame.time_delta": "0.000430000", - "frame.time_delta_displayed": "0.000430000", - "frame.time_relative": "2579.455152000", - "frame.number": "9077", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000c951", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ef21", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54932", - "tcp.port": "80", - "tcp.port": "54932", - "tcp.stream": "348", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000453e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "9076", - "tcp.analysis.ack_rtt": "0.000430000", - "tcp.analysis.initial_rtt": "0.003347000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:30.956963000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496170.956963000", - "frame.time_delta": "0.041125000", - "frame.time_delta_displayed": "0.041125000", - "frame.time_relative": "2579.496277000", - "frame.number": "9078", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000d78d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000dfba", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "308", - "udp.checksum": "0x00002afb", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "129", - "http.prev_response_in": "9067" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:30.966252000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496170.966252000", - "frame.time_delta": "0.009289000", - "frame.time_delta_displayed": "0.009289000", - "frame.time_relative": "2579.505566000", - "frame.number": "9079", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001d70", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005af7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54933", - "tcp.dstport": "80", - "tcp.port": "54933", - "tcp.port": "80", - "tcp.stream": "349", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x0000cf4a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:30.966793000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496170.966793000", - "frame.time_delta": "0.000541000", - "frame.time_delta_displayed": "0.000541000", - "frame.time_relative": "2579.506107000", - "frame.number": "9080", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54933", - "tcp.port": "80", - "tcp.port": "54933", - "tcp.stream": "349", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000c78d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "9079", - "tcp.analysis.ack_rtt": "0.000541000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:30.968969000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496170.968969000", - "frame.time_delta": "0.002176000", - "frame.time_delta_displayed": "0.002176000", - "frame.time_relative": "2579.508283000", - "frame.number": "9081", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001d71", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005b02", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54933", - "tcp.dstport": "80", - "tcp.port": "54933", - "tcp.port": "80", - "tcp.stream": "349", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000796c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "9080", - "tcp.analysis.ack_rtt": "0.002176000", - "tcp.analysis.initial_rtt": "0.002717000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:30.969596000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496170.969596000", - "frame.time_delta": "0.000627000", - "frame.time_delta_displayed": "0.000627000", - "frame.time_relative": "2579.508910000", - "frame.number": "9082", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001d72", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005a5a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54933", - "tcp.dstport": "80", - "tcp.port": "54933", - "tcp.port": "80", - "tcp.stream": "349", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00008ee5", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002717000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:30.970202000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496170.970202000", - "frame.time_delta": "0.000606000", - "frame.time_delta_displayed": "0.000606000", - "frame.time_relative": "2579.509516000", - "frame.number": "9083", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000003c5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b4ae", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54933", - "tcp.port": "80", - "tcp.port": "54933", - "tcp.stream": "349", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00006afd", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "9082", - "tcp.analysis.ack_rtt": "0.000606000", - "tcp.analysis.initial_rtt": "0.002717000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:30.970670000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496170.970670000", - "frame.time_delta": "0.000468000", - "frame.time_delta_displayed": "0.000468000", - "frame.time_relative": "2579.509984000", - "frame.number": "9084", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x000003c6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b49c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54933", - "tcp.port": "80", - "tcp.port": "54933", - "tcp.stream": "349", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000ab1e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002717000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:30.971102000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496170.971102000", - "frame.time_delta": "0.000432000", - "frame.time_delta_displayed": "0.000432000", - "frame.time_relative": "2579.510416000", - "frame.number": "9085", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x000003c7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b0c9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54933", - "tcp.port": "80", - "tcp.port": "54933", - "tcp.stream": "349", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000fd87", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.002717000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "9084", - "tcp.segment": "9085", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001506000", - "http.request_in": "9082", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:30.977415000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496170.977415000", - "frame.time_delta": "0.006313000", - "frame.time_delta_displayed": "0.006313000", - "frame.time_relative": "2579.516729000", - "frame.number": "9086", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001d73", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005b00", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54933", - "tcp.dstport": "80", - "tcp.port": "54933", - "tcp.port": "80", - "tcp.stream": "349", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000074d4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "9085", - "tcp.analysis.ack_rtt": "0.006313000", - "tcp.analysis.initial_rtt": "0.002717000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:30.978008000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496170.978008000", - "frame.time_delta": "0.000593000", - "frame.time_delta_displayed": "0.000593000", - "frame.time_relative": "2579.517322000", - "frame.number": "9087", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001d74", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005aff", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54933", - "tcp.dstport": "80", - "tcp.port": "54933", - "tcp.port": "80", - "tcp.stream": "349", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x000074d3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:30.978454000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496170.978454000", - "frame.time_delta": "0.000446000", - "frame.time_delta_displayed": "0.000446000", - "frame.time_relative": "2579.517768000", - "frame.number": "9088", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000c954", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000ef1e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54933", - "tcp.port": "80", - "tcp.port": "54933", - "tcp.stream": "349", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00006707", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "9087", - "tcp.analysis.ack_rtt": "0.000446000", - "tcp.analysis.initial_rtt": "0.002717000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:31.130418000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496171.130418000", - "frame.time_delta": "0.151964000", - "frame.time_delta_displayed": "0.151964000", - "frame.time_relative": "2579.669732000", - "frame.number": "9089", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "ac:cf:23:5a:9c:e2", - "eth.src_tree": { - "eth.src_resolved": "Hi-Flyin_5a:9c:e2", - "eth.addr": "ac:cf:23:5a:9c:e2", - "eth.addr_resolved": "Hi-Flyin_5a:9c:e2", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "ac:cf:23:5a:9c:e2", - "arp.src.proto_ipv4": "192.168.0.114", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:31.904077000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496171.904077000", - "frame.time_delta": "0.773659000", - "frame.time_delta_displayed": "0.773659000", - "frame.time_relative": "2580.443391000", - "frame.number": "9090", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000d7cd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000df7d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "305", - "udp.checksum": "0x0000f985", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "130", - "http.prev_response_in": "9078" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:31.907869000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496171.907869000", - "frame.time_delta": "0.003792000", - "frame.time_delta_displayed": "0.003792000", - "frame.time_relative": "2580.447183000", - "frame.number": "9091", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001d76", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005af1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54934", - "tcp.dstport": "80", - "tcp.port": "54934", - "tcp.port": "80", - "tcp.stream": "350", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x00000e12", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:31.908415000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496171.908415000", - "frame.time_delta": "0.000546000", - "frame.time_delta_displayed": "0.000546000", - "frame.time_relative": "2580.447729000", - "frame.number": "9092", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54934", - "tcp.port": "80", - "tcp.port": "54934", - "tcp.stream": "350", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000da4f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "9091", - "tcp.analysis.ack_rtt": "0.000546000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:31.911452000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496171.911452000", - "frame.time_delta": "0.003037000", - "frame.time_delta_displayed": "0.003037000", - "frame.time_relative": "2580.450766000", - "frame.number": "9093", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001d77", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005afc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54934", - "tcp.dstport": "80", - "tcp.port": "54934", - "tcp.port": "80", - "tcp.stream": "350", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00008c2e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "9092", - "tcp.analysis.ack_rtt": "0.003037000", - "tcp.analysis.initial_rtt": "0.003583000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:31.913931000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496171.913931000", - "frame.time_delta": "0.002479000", - "frame.time_delta_displayed": "0.002479000", - "frame.time_relative": "2580.453245000", - "frame.number": "9094", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001d78", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005a54", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54934", - "tcp.dstport": "80", - "tcp.port": "54934", - "tcp.port": "80", - "tcp.stream": "350", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000a1a7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003583000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:31.914420000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496171.914420000", - "frame.time_delta": "0.000489000", - "frame.time_delta_displayed": "0.000489000", - "frame.time_relative": "2580.453734000", - "frame.number": "9095", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00004aa1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006dd2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54934", - "tcp.port": "80", - "tcp.port": "54934", - "tcp.stream": "350", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00007dbf", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "9094", - "tcp.analysis.ack_rtt": "0.000489000", - "tcp.analysis.initial_rtt": "0.003583000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:31.915009000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496171.915009000", - "frame.time_delta": "0.000589000", - "frame.time_delta_displayed": "0.000589000", - "frame.time_relative": "2580.454323000", - "frame.number": "9096", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x00004aa2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00006dc0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54934", - "tcp.port": "80", - "tcp.port": "54934", - "tcp.stream": "350", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000bde0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003583000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:31.915360000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496171.915360000", - "frame.time_delta": "0.000351000", - "frame.time_delta_displayed": "0.000351000", - "frame.time_relative": "2580.454674000", - "frame.number": "9097", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00004aa3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000069ed", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54934", - "tcp.port": "80", - "tcp.port": "54934", - "tcp.stream": "350", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000104a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003583000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "9096", - "tcp.segment": "9097", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001429000", - "http.request_in": "9094", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:31.917780000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496171.917780000", - "frame.time_delta": "0.002420000", - "frame.time_delta_displayed": "0.002420000", - "frame.time_relative": "2580.457094000", - "frame.number": "9098", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x00004aa4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000069ec", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54934", - "tcp.port": "80", - "tcp.port": "54934", - "tcp.stream": "350", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000104a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003583000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995", - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.out_of_order": "", - "_ws.expert.message": "This frame is a (suspected) out-of-order segment", - "_ws.expert.severity": "6291456", - "_ws.expert.group": "33554432" - } - } - } - }, - "_ws.malformed": { - "_ws.expert": { - "_ws.malformed.reassembly": "", - "_ws.expert.message": "New fragment overlaps old data (retransmission?)", - "_ws.expert.severity": "8388608", - "_ws.expert.group": "117440512" - }, - "_ws.malformed": "Malformed Packet" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:31.920374000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496171.920374000", - "frame.time_delta": "0.002594000", - "frame.time_delta_displayed": "0.002594000", - "frame.time_relative": "2580.459688000", - "frame.number": "9099", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001d79", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005afa", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54934", - "tcp.dstport": "80", - "tcp.port": "54934", - "tcp.port": "80", - "tcp.stream": "350", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00008796", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "9097", - "tcp.analysis.ack_rtt": "0.005014000", - "tcp.analysis.initial_rtt": "0.003583000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:31.920847000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496171.920847000", - "frame.time_delta": "0.000473000", - "frame.time_delta_displayed": "0.000473000", - "frame.time_relative": "2580.460161000", - "frame.number": "9100", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001d7a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005af9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54934", - "tcp.dstport": "80", - "tcp.port": "54934", - "tcp.port": "80", - "tcp.stream": "350", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00008795", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:31.921283000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496171.921283000", - "frame.time_delta": "0.000436000", - "frame.time_delta_displayed": "0.000436000", - "frame.time_relative": "2580.460597000", - "frame.number": "9101", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000c996", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000eedc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54934", - "tcp.port": "80", - "tcp.port": "54934", - "tcp.stream": "350", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000079c9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "9100", - "tcp.analysis.ack_rtt": "0.000436000", - "tcp.analysis.initial_rtt": "0.003583000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:31.922046000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496171.922046000", - "frame.time_delta": "0.000763000", - "frame.time_delta_displayed": "0.000763000", - "frame.time_relative": "2580.461360000", - "frame.number": "9102", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001d7b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005aec", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54934", - "tcp.dstport": "80", - "tcp.port": "54934", - "tcp.port": "80", - "tcp.stream": "350", - "tcp.len": "0", - "tcp.seq": "169", - "tcp.ack": "1014", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000d449", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:05:0a:94:8b:28:1d:94:8b:2c:00", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "SACK: 18-1013": { - "tcp.option_kind": "5", - "tcp.option_len": "10", - "tcp.options.sack": "1", - "tcp.options.sack_le": "18", - "tcp.options.sack_re": "1013", - "tcp.options.sack.count": "1" - } - }, - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003583000", - "tcp.analysis.flags": { - "tcp.analysis.duplicate_ack": "" - }, - "tcp.analysis.duplicate_ack_num": "1", - "tcp.analysis.duplicate_ack_frame": "9099", - "tcp.analysis.duplicate_ack_frame_tree": { - "_ws.expert": { - "tcp.analysis.duplicate_ack": "", - "_ws.expert.message": "Duplicate ACK (#1)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:31.957968000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496171.957968000", - "frame.time_delta": "0.035922000", - "frame.time_delta_displayed": "0.035922000", - "frame.time_relative": "2580.497282000", - "frame.number": "9103", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000d7cf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000df72", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "314", - "udp.checksum": "0x00000771", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "131", - "http.prev_response_in": "9090" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:31.967664000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496171.967664000", - "frame.time_delta": "0.009696000", - "frame.time_delta_displayed": "0.009696000", - "frame.time_relative": "2580.506978000", - "frame.number": "9104", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001d7c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005aeb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54935", - "tcp.dstport": "80", - "tcp.port": "54935", - "tcp.port": "80", - "tcp.stream": "351", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x000035d6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:31.968218000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496171.968218000", - "frame.time_delta": "0.000554000", - "frame.time_delta_displayed": "0.000554000", - "frame.time_relative": "2580.507532000", - "frame.number": "9105", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54935", - "tcp.port": "80", - "tcp.port": "54935", - "tcp.stream": "351", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x0000b132", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "9104", - "tcp.analysis.ack_rtt": "0.000554000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:31.970764000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496171.970764000", - "frame.time_delta": "0.002546000", - "frame.time_delta_displayed": "0.002546000", - "frame.time_relative": "2580.510078000", - "frame.number": "9106", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001d7d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005af6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54935", - "tcp.dstport": "80", - "tcp.port": "54935", - "tcp.port": "80", - "tcp.stream": "351", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00006311", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "9105", - "tcp.analysis.ack_rtt": "0.002546000", - "tcp.analysis.initial_rtt": "0.003100000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:31.971717000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496171.971717000", - "frame.time_delta": "0.000953000", - "frame.time_delta_displayed": "0.000953000", - "frame.time_relative": "2580.511031000", - "frame.number": "9107", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001d7e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005a4e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54935", - "tcp.dstport": "80", - "tcp.port": "54935", - "tcp.port": "80", - "tcp.stream": "351", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000788a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003100000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:31.972184000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496171.972184000", - "frame.time_delta": "0.000467000", - "frame.time_delta_displayed": "0.000467000", - "frame.time_relative": "2580.511498000", - "frame.number": "9108", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000082a2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000035d1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54935", - "tcp.port": "80", - "tcp.port": "54935", - "tcp.stream": "351", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000054a2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "9107", - "tcp.analysis.ack_rtt": "0.000467000", - "tcp.analysis.initial_rtt": "0.003100000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:31.972828000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496171.972828000", - "frame.time_delta": "0.000644000", - "frame.time_delta_displayed": "0.000644000", - "frame.time_relative": "2580.512142000", - "frame.number": "9109", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x000082a3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000035bf", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54935", - "tcp.port": "80", - "tcp.port": "54935", - "tcp.stream": "351", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000094c3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003100000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:31.973184000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496171.973184000", - "frame.time_delta": "0.000356000", - "frame.time_delta_displayed": "0.000356000", - "frame.time_relative": "2580.512498000", - "frame.number": "9110", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x000082a4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000031ec", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54935", - "tcp.port": "80", - "tcp.port": "54935", - "tcp.stream": "351", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000e72c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.003100000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "9109", - "tcp.segment": "9110", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001467000", - "http.request_in": "9107", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:31.975899000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496171.975899000", - "frame.time_delta": "0.002715000", - "frame.time_delta_displayed": "0.002715000", - "frame.time_relative": "2580.515213000", - "frame.number": "9111", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001d7f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005af4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54935", - "tcp.dstport": "80", - "tcp.port": "54935", - "tcp.port": "80", - "tcp.stream": "351", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00005e79", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "9110", - "tcp.analysis.ack_rtt": "0.002715000", - "tcp.analysis.initial_rtt": "0.003100000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:31.976467000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496171.976467000", - "frame.time_delta": "0.000568000", - "frame.time_delta_displayed": "0.000568000", - "frame.time_relative": "2580.515781000", - "frame.number": "9112", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001d80", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005af3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54935", - "tcp.dstport": "80", - "tcp.port": "54935", - "tcp.port": "80", - "tcp.stream": "351", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00005e78", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:31.976910000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496171.976910000", - "frame.time_delta": "0.000443000", - "frame.time_delta_displayed": "0.000443000", - "frame.time_relative": "2580.516224000", - "frame.number": "9113", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000c999", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000eed9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54935", - "tcp.port": "80", - "tcp.port": "54935", - "tcp.stream": "351", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000050ac", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "9112", - "tcp.analysis.ack_rtt": "0.000443000", - "tcp.analysis.initial_rtt": "0.003100000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:32.010825000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496172.010825000", - "frame.time_delta": "0.033915000", - "frame.time_delta_displayed": "0.033915000", - "frame.time_relative": "2580.550139000", - "frame.number": "9114", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000d7d1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000df76", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "52117", - "udp.port": "1900", - "udp.port": "52117", - "udp.length": "308", - "udp.checksum": "0x00002afb", - "udp.checksum.status": "2", - "udp.stream": "11" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "132", - "http.prev_response_in": "9103" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:32.015793000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496172.015793000", - "frame.time_delta": "0.004968000", - "frame.time_delta_displayed": "0.004968000", - "frame.time_relative": "2580.555107000", - "frame.number": "9115", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00001d81", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005ae6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54936", - "tcp.dstport": "80", - "tcp.port": "54936", - "tcp.port": "80", - "tcp.stream": "352", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "64240", - "tcp.window_size": "64240", - "tcp.checksum": "0x0000f48b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:03:03:08:01:01:04:02", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 8 (multiply by 256)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "8", - "tcp.options.wscale.multiplier": "256" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:32.016339000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496172.016339000", - "frame.time_delta": "0.000546000", - "frame.time_delta_displayed": "0.000546000", - "frame.time_relative": "2580.555653000", - "frame.number": "9116", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000b867", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54936", - "tcp.port": "80", - "tcp.port": "54936", - "tcp.stream": "352", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00008e43", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "9115", - "tcp.analysis.ack_rtt": "0.000546000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:32.020191000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496172.020191000", - "frame.time_delta": "0.003852000", - "frame.time_delta_displayed": "0.003852000", - "frame.time_relative": "2580.559505000", - "frame.number": "9117", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001d82", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005af1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54936", - "tcp.dstport": "80", - "tcp.port": "54936", - "tcp.port": "80", - "tcp.stream": "352", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00004022", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "9116", - "tcp.analysis.ack_rtt": "0.003852000", - "tcp.analysis.initial_rtt": "0.004398000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:32.020675000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496172.020675000", - "frame.time_delta": "0.000484000", - "frame.time_delta_displayed": "0.000484000", - "frame.time_relative": "2580.559989000", - "frame.number": "9118", - "frame.len": "221", - "frame.cap_len": "221", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "207", - "ip.id": "0x00001d83", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005a49", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54936", - "tcp.dstport": "80", - "tcp.port": "54936", - "tcp.port": "80", - "tcp.stream": "352", - "tcp.len": "167", - "tcp.seq": "1", - "tcp.nxtseq": "168", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "256", - "tcp.window_size": "65536", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x0000559b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004398000", - "tcp.analysis.bytes_in_flight": "167", - "tcp.analysis.push_bytes_sent": "167" - } - }, - "http": { - "GET \/description.xml HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/description.xml HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/description.xml", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "192.168.0.160", - "http.request.line": "Host: 192.168.0.160\r\n", - "http.user_agent": "Spotify\/106600478 Win32\/0 (PC laptop)", - "http.request.line": "User-Agent: Spotify\/106600478 Win32\/0 (PC laptop)\r\n", - "http.request.line": "Keep-Alive: 0\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.accept_encoding": "gzip", - "http.request.line": "Accept-Encoding: gzip\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/192.168.0.160\/description.xml", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:32.021209000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496172.021209000", - "frame.time_delta": "0.000534000", - "frame.time_delta_displayed": "0.000534000", - "frame.time_relative": "2580.560523000", - "frame.number": "9119", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000051d2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000066a1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54936", - "tcp.port": "80", - "tcp.port": "54936", - "tcp.stream": "352", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000031b3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "9118", - "tcp.analysis.ack_rtt": "0.000534000", - "tcp.analysis.initial_rtt": "0.004398000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:32.021804000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496172.021804000", - "frame.time_delta": "0.000595000", - "frame.time_delta_displayed": "0.000595000", - "frame.time_relative": "2580.561118000", - "frame.number": "9120", - "frame.len": "71", - "frame.cap_len": "71", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "57", - "ip.id": "0x000051d3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000668f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54936", - "tcp.port": "80", - "tcp.port": "54936", - "tcp.stream": "352", - "tcp.len": "17", - "tcp.seq": "1", - "tcp.nxtseq": "18", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000071d4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004398000", - "tcp.analysis.bytes_in_flight": "17", - "tcp.analysis.push_bytes_sent": "17" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:32.022156000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496172.022156000", - "frame.time_delta": "0.000352000", - "frame.time_delta_displayed": "0.000352000", - "frame.time_relative": "2580.561470000", - "frame.number": "9121", - "frame.len": "1049", - "frame.cap_len": "1049", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:xml" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1035", - "ip.id": "0x000051d4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000062bc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54936", - "tcp.port": "80", - "tcp.port": "54936", - "tcp.stream": "352", - "tcp.len": "995", - "tcp.seq": "18", - "tcp.nxtseq": "1014", - "tcp.ack": "168", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000019", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x0000c43d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.004398000", - "tcp.analysis.bytes_in_flight": "1013", - "tcp.analysis.push_bytes_sent": "995" - }, - "tcp.segment_data": "43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "tcp.segments": { - "tcp.segment": "9120", - "tcp.segment": "9121", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1012", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:32:30:30:20:4f:4b:0d:0a:43:6f:6e:74:65:6e:74:2d:74:79:70:65:3a:20:74:65:78:74:2f:78:6d:6c:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:4b:65:65:70:2d:41:6c:69:76:65:0d:0a:0d:0a:3c:3f:78:6d:6c:20:76:65:72:73:69:6f:6e:3d:22:31:2e:30:22:20:65:6e:63:6f:64:69:6e:67:3d:22:55:54:46:2d:38:22:20:3f:3e:0a:3c:72:6f:6f:74:20:78:6d:6c:6e:73:3d:22:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:2d:31:2d:30:22:3e:0a:3c:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:6d:61:6a:6f:72:3e:31:3c:2f:6d:61:6a:6f:72:3e:0a:3c:6d:69:6e:6f:72:3e:30:3c:2f:6d:69:6e:6f:72:3e:0a:3c:2f:73:70:65:63:56:65:72:73:69:6f:6e:3e:0a:3c:55:52:4c:42:61:73:65:3e:68:74:74:70:3a:2f:2f:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:3a:38:30:2f:3c:2f:55:52:4c:42:61:73:65:3e:0a:3c:64:65:76:69:63:65:3e:0a:3c:64:65:76:69:63:65:54:79:70:65:3e:75:72:6e:3a:73:63:68:65:6d:61:73:2d:75:70:6e:70:2d:6f:72:67:3a:64:65:76:69:63:65:3a:42:61:73:69:63:3a:31:3c:2f:64:65:76:69:63:65:54:79:70:65:3e:0a:3c:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:28:31:39:32:2e:31:36:38:2e:30:2e:31:36:30:29:3c:2f:66:72:69:65:6e:64:6c:79:4e:61:6d:65:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:52:6f:79:61:6c:20:50:68:69:6c:69:70:73:20:45:6c:65:63:74:72:6f:6e:69:63:73:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:3e:0a:3c:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3c:2f:6d:61:6e:75:66:61:63:74:75:72:65:72:55:52:4c:3e:0a:3c:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:50:68:69:6c:69:70:73:20:68:75:65:20:50:65:72:73:6f:6e:61:6c:20:57:69:72:65:6c:65:73:73:20:4c:69:67:68:74:69:6e:67:3c:2f:6d:6f:64:65:6c:44:65:73:63:72:69:70:74:69:6f:6e:3e:0a:3c:6d:6f:64:65:6c:4e:61:6d:65:3e:50:68:69:6c:69:70:73:20:68:75:65:20:62:72:69:64:67:65:20:32:30:31:35:3c:2f:6d:6f:64:65:6c:4e:61:6d:65:3e:0a:3c:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:42:53:42:30:30:32:3c:2f:6d:6f:64:65:6c:4e:75:6d:62:65:72:3e:0a:3c:6d:6f:64:65:6c:55:52:4c:3e:68:74:74:70:3a:2f:2f:77:77:77:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3c:2f:6d:6f:64:65:6c:55:52:4c:3e:0a:3c:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:73:65:72:69:61:6c:4e:75:6d:62:65:72:3e:0a:3c:55:44:4e:3e:75:75:69:64:3a:32:66:34:30:32:66:38:30:2d:64:61:35:30:2d:31:31:65:31:2d:39:62:32:33:2d:30:30:31:37:38:38:36:39:65:65:65:34:3c:2f:55:44:4e:3e:0a:3c:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:69:6e:64:65:78:2e:68:74:6d:6c:3c:2f:70:72:65:73:65:6e:74:61:74:69:6f:6e:55:52:4c:3e:0a:3c:69:63:6f:6e:4c:69:73:74:3e:0a:3c:69:63:6f:6e:3e:0a:3c:6d:69:6d:65:74:79:70:65:3e:69:6d:61:67:65:2f:70:6e:67:3c:2f:6d:69:6d:65:74:79:70:65:3e:0a:3c:68:65:69:67:68:74:3e:34:38:3c:2f:68:65:69:67:68:74:3e:0a:3c:77:69:64:74:68:3e:34:38:3c:2f:77:69:64:74:68:3e:0a:3c:64:65:70:74:68:3e:32:34:3c:2f:64:65:70:74:68:3e:0a:3c:75:72:6c:3e:68:75:65:5f:6c:6f:67:6f:5f:30:2e:70:6e:67:3c:2f:75:72:6c:3e:0a:3c:2f:69:63:6f:6e:3e:0a:3c:2f:69:63:6f:6e:4c:69:73:74:3e:0a:3c:2f:64:65:76:69:63:65:3e:0a:3c:2f:72:6f:6f:74:3e:0a" - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/xml", - "http.response.line": "Content-type: text\/xml\r\n", - "http.connection": "Keep-Alive", - "http.response.line": "Connection: Keep-Alive\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.001481000", - "http.request_in": "9118", - "http.file_data": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n<specVersion>\n<major>1<\/major>\n<minor>0<\/minor>\n<\/specVersion>\n<URLBase>http:\/\/192.168.0.160:80\/<\/URLBase>\n<device>\n<deviceType>urn:schemas-upnp-org:device:Basic:1<\/deviceType>\n<friendlyName>Philips hue (192.168.0.160)<\/friendlyName>\n<manufacturer>Royal Philips Electronics<\/manufacturer>\n<manufacturerURL>http:\/\/www.philips.com<\/manufacturerURL>\n<modelDescription>Philips hue Personal Wireless Lighting<\/modelDescription>\n<modelName>Philips hue bridge 2015<\/modelName>\n<modelNumber>BSB002<\/modelNumber>\n<modelURL>http:\/\/www.meethue.com<\/modelURL>\n<serialNumber>00178869eee4<\/serialNumber>\n<UDN>uuid:2f402f80-da50-11e1-9b23-00178869eee4<\/UDN>\n<presentationURL>index.html<\/presentationURL>\n<iconList>\n<icon>\n<mimetype>image\/png<\/mimetype>\n<height>48<\/height>\n<width>48<\/width>\n<depth>24<\/depth>\n<url>hue_logo_0.png<\/url>\n<\/icon>\n<\/iconList>\n<\/device>\n<\/root>\n" - }, - "xml": { - "xml.xmlpi.xml": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>", - "xml.xmlpi.xml_tree": { - "xml.xmlpi.xml.version": "1.0", - "xml.xmlpi.xml.encoding": "UTF-8", - "?>": "" - }, - "xml.tag": "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">", - "xml.tag_tree": { - "xml.attribute": "xmlns=\"urn:schemas-upnp-org:device-1-0\"", - "xml.tag": "<specVersion>", - "xml.tag_tree": { - "xml.tag": "<major>", - "xml.tag_tree": { - "xml.cdata": "1", - "<\/major>": "" - }, - "xml.tag": "<minor>", - "xml.tag_tree": { - "xml.cdata": "0", - "<\/minor>": "" - }, - "<\/specVersion>": "" - }, - "xml.tag": "<URLBase>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/192.168.0.160:80\/", - "<\/URLBase>": "" - }, - "xml.tag": "<device>", - "xml.tag_tree": { - "xml.tag": "<deviceType>", - "xml.tag_tree": { - "xml.cdata": "urn:schemas-upnp-org:device:Basic:1", - "<\/deviceType>": "" - }, - "xml.tag": "<friendlyName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue (192.168.0.160)", - "<\/friendlyName>": "" - }, - "xml.tag": "<manufacturer>", - "xml.tag_tree": { - "xml.cdata": "Royal Philips Electronics", - "<\/manufacturer>": "" - }, - "xml.tag": "<manufacturerURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.philips.com", - "<\/manufacturerURL>": "" - }, - "xml.tag": "<modelDescription>", - "xml.tag_tree": { - "xml.cdata": "Philips hue Personal Wireless Lighting", - "<\/modelDescription>": "" - }, - "xml.tag": "<modelName>", - "xml.tag_tree": { - "xml.cdata": "Philips hue bridge 2015", - "<\/modelName>": "" - }, - "xml.tag": "<modelNumber>", - "xml.tag_tree": { - "xml.cdata": "BSB002", - "<\/modelNumber>": "" - }, - "xml.tag": "<modelURL>", - "xml.tag_tree": { - "xml.cdata": "http:\/\/www.meethue.com", - "<\/modelURL>": "" - }, - "xml.tag": "<serialNumber>", - "xml.tag_tree": { - "xml.cdata": "00178869eee4", - "<\/serialNumber>": "" - }, - "xml.tag": "<UDN>", - "xml.tag_tree": { - "xml.cdata": "uuid:2f402f80-da50-11e1-9b23-00178869eee4", - "<\/UDN>": "" - }, - "xml.tag": "<presentationURL>", - "xml.tag_tree": { - "xml.cdata": "index.html", - "<\/presentationURL>": "" - }, - "xml.tag": "<iconList>", - "xml.tag_tree": { - "xml.tag": "<icon>", - "xml.tag_tree": { - "xml.tag": "<mimetype>", - "xml.tag_tree": { - "xml.cdata": "image\/png", - "<\/mimetype>": "" - }, - "xml.tag": "<height>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/height>": "" - }, - "xml.tag": "<width>", - "xml.tag_tree": { - "xml.cdata": "48", - "<\/width>": "" - }, - "xml.tag": "<depth>", - "xml.tag_tree": { - "xml.cdata": "24", - "<\/depth>": "" - }, - "xml.tag": "<url>", - "xml.tag_tree": { - "xml.cdata": "hue_logo_0.png", - "<\/url>": "" - }, - "<\/icon>": "" - }, - "<\/iconList>": "" - }, - "<\/device>": "" - }, - "<\/root>": "" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:32.026218000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496172.026218000", - "frame.time_delta": "0.004062000", - "frame.time_delta_displayed": "0.004062000", - "frame.time_relative": "2580.565532000", - "frame.number": "9122", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001d84", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005aef", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54936", - "tcp.dstport": "80", - "tcp.port": "54936", - "tcp.port": "80", - "tcp.stream": "352", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00003b8a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "9121", - "tcp.analysis.ack_rtt": "0.004062000", - "tcp.analysis.initial_rtt": "0.004398000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:32.026801000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496172.026801000", - "frame.time_delta": "0.000583000", - "frame.time_delta_displayed": "0.000583000", - "frame.time_relative": "2580.566115000", - "frame.number": "9123", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001d85", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "6", - "ip.checksum": "0x00005aee", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "54936", - "tcp.dstport": "80", - "tcp.port": "54936", - "tcp.port": "80", - "tcp.stream": "352", - "tcp.len": "0", - "tcp.seq": "168", - "tcp.ack": "1014", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "252", - "tcp.window_size": "64512", - "tcp.window_size_scalefactor": "256", - "tcp.checksum": "0x00003b89", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:32.027249000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496172.027249000", - "frame.time_delta": "0.000448000", - "frame.time_delta_displayed": "0.000448000", - "frame.time_relative": "2580.566563000", - "frame.number": "9124", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000c99d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000eed5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "54936", - "tcp.port": "80", - "tcp.port": "54936", - "tcp.stream": "352", - "tcp.len": "0", - "tcp.seq": "1014", - "tcp.ack": "169", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00002dbd", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "9123", - "tcp.analysis.ack_rtt": "0.000448000", - "tcp.analysis.initial_rtt": "0.004398000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:33.490502000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496173.490502000", - "frame.time_delta": "1.463253000", - "frame.time_delta_displayed": "1.463253000", - "frame.time_relative": "2582.029816000", - "frame.number": "9125", - "frame.len": "418", - "frame.cap_len": "418", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "404", - "ip.id": "0x0000974f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000074d0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "352", - "tcp.seq": "109210", - "tcp.nxtseq": "109562", - "tcp.ack": "24126", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00005f40", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:a1:90:a7:a4:bc:37", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2662800, TSecr 2812591159": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2662800", - "tcp.options.timestamp.tsecr": "2812591159" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "352", - "tcp.analysis.push_bytes_sent": "352" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "347", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:ee:51:09:e3:f7:5c:7b:35:75:2c:2b:de:00:27:b1:13:40:c6:21:30:44:6a:38:3c:45:5e:59:c7:e0:fd:3c:76:e0:3b:53:8e:0e:48:e9:ff:06:fb:29:64:63:db:1e:d8:13:e1:9d:5b:54:88:4b:8a:94:09:37:d4:53:fa:d8:48:25:f7:af:8d:e1:10:d4:93:96:e1:01:a5:60:f9:4d:a8:39:e1:f4:21:c9:cc:1b:3b:72:0c:e8:c1:43:96:0b:cb:c6:52:b7:8d:69:fe:6c:2e:ac:e4:6d:05:b2:72:e0:9b:86:04:ad:ba:90:e1:8b:0a:65:49:85:10:44:75:40:5a:03:0e:f8:4a:53:ff:45:d2:0b:2a:02:b4:05:fb:29:86:26:49:3b:66:97:06:17:ab:0d:f8:87:67:ca:24:6b:80:40:69:c0:2b:06:3e:44:ee:79:d2:ec:36:dc:75:be:5d:ea:9e:9b:00:5c:79:a0:0e:5c:a9:c2:76:4e:37:56:ba:c3:f4:fb:f0:46:79:68:6f:72:b3:f7:a5:ed:b2:bc:ea:27:51:ee:0a:4b:ff:70:98:38:94:17:a7:3b:67:0c:97:4f:92:1d:9b:b4:7a:0c:fb:44:d0:43:2b:a8:27:15:2c:e9:ec:c1:54:8d:de:4c:13:db:37:dd:bc:d9:5c:6f:74:52:a0:21:50:c5:52:63:19:5a:ee:55:54:b5:3e:8f:8e:56:aa:e7:1e:9e:75:d7:10:a6:25:81:e8:0c:03:c7:28:86:b2:83:7f:c5:eb:13:c4:9e:69:46:00:6e:f4:03:d8:15:57:a8:5f:ba:d2:53:4a:a1:8c:72:ba:74:59:e2:a5:a6:52:c5:4c:d7:71:2d:0b:86:01:08:99:b9:4d:80:87:eb:cc:de:c1" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:33.551737000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496173.551737000", - "frame.time_delta": "0.061235000", - "frame.time_delta_displayed": "0.061235000", - "frame.time_relative": "2582.091051000", - "frame.number": "9126", - "frame.len": "113", - "frame.cap_len": "113", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "99", - "ip.id": "0x00002e47", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003709", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "47", - "tcp.seq": "24126", - "tcp.nxtseq": "24173", - "tcp.ack": "109562", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000597f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a4:d4:e8:00:28:a1:90", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812597480, TSecr 2662800": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812597480", - "tcp.options.timestamp.tsecr": "2662800" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "9125", - "tcp.analysis.ack_rtt": "0.061235000", - "tcp.analysis.bytes_in_flight": "47", - "tcp.analysis.push_bytes_sent": "47" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "42", - "ssl.app_data": "34:cd:34:17:47:48:0e:fe:24:c8:78:e8:d7:15:f6:eb:b9:af:33:35:45:fd:ce:32:01:82:c9:01:a8:b5:02:50:da:4c:4d:1e:f9:41:f5:77:60:e9" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:33.552243000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496173.552243000", - "frame.time_delta": "0.000506000", - "frame.time_delta_displayed": "0.000506000", - "frame.time_relative": "2582.091557000", - "frame.number": "9127", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00009750", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000762f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "109562", - "tcp.ack": "24173", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000026ad", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:a1:97:a7:a4:d4:e8", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2662807, TSecr 2812597480": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2662807", - "tcp.options.timestamp.tsecr": "2812597480" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "9126", - "tcp.analysis.ack_rtt": "0.000506000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:34.627699000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496174.627699000", - "frame.time_delta": "1.075456000", - "frame.time_delta_displayed": "1.075456000", - "frame.time_relative": "2583.167013000", - "frame.number": "9128", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005841", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a650", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "5357", - "tcp.ack": "865", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000ee72", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive": "", - "_ws.expert.message": "TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:34.771431000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496174.771431000", - "frame.time_delta": "0.143732000", - "frame.time_delta_displayed": "0.143732000", - "frame.time_relative": "2583.310745000", - "frame.number": "9129", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00001020", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fd71", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "865", - "tcp.ack": "5358", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000f8e7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.flags": { - "_ws.expert": { - "tcp.analysis.keep_alive_ack": "", - "_ws.expert.message": "ACK to a TCP keep-alive segment", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:36.672051000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496176.672051000", - "frame.time_delta": "1.900620000", - "frame.time_delta_displayed": "1.900620000", - "frame.time_relative": "2585.211365000", - "frame.number": "9130", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x00002138", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e6dc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57452", - "udp.dstport": "1900", - "udp.port": "57452", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x000069f1", - "udp.checksum.status": "2", - "udp.stream": "163" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:37.054401000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496177.054401000", - "frame.time_delta": "0.382350000", - "frame.time_delta_displayed": "0.382350000", - "frame.time_relative": "2585.593715000", - "frame.number": "9131", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00005ff6", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x000057f3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:37.327363000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496177.327363000", - "frame.time_delta": "0.272962000", - "frame.time_delta_displayed": "0.272962000", - "frame.time_relative": "2585.866677000", - "frame.number": "9132", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000d9ac", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000dd9e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "57452", - "udp.port": "1900", - "udp.port": "57452", - "udp.length": "305", - "udp.checksum": "0x0000e4ae", - "udp.checksum.status": "2", - "udp.stream": "164" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:37.380176000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496177.380176000", - "frame.time_delta": "0.052813000", - "frame.time_delta_displayed": "0.052813000", - "frame.time_relative": "2585.919490000", - "frame.number": "9133", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000d9af", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000dd92", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "57452", - "udp.port": "1900", - "udp.port": "57452", - "udp.length": "314", - "udp.checksum": "0x0000f299", - "udp.checksum.status": "2", - "udp.stream": "164" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "2", - "http.prev_response_in": "9132" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:37.432974000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496177.432974000", - "frame.time_delta": "0.052798000", - "frame.time_delta_displayed": "0.052798000", - "frame.time_relative": "2585.972288000", - "frame.number": "9134", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000d9b0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000dd97", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "57452", - "udp.port": "1900", - "udp.port": "57452", - "udp.length": "308", - "udp.checksum": "0x00001624", - "udp.checksum.status": "2", - "udp.stream": "164" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "3", - "http.prev_response_in": "9133" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:37.598229000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496177.598229000", - "frame.time_delta": "0.165255000", - "frame.time_delta_displayed": "0.165255000", - "frame.time_relative": "2586.137543000", - "frame.number": "9135", - "frame.len": "83", - "frame.cap_len": "83", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "69", - "ip.id": "0x0000e5c7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000d2ee", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "39280", - "udp.dstport": "53", - "udp.port": "39280", - "udp.port": "53", - "udp.length": "49", - "udp.checksum": "0x0000f329", - "udp.checksum.status": "2", - "udp.stream": "165" - }, - "dns": { - "dns.id": "0x000000d5", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "diagnostics.meethue.com: type A, class IN": { - "dns.qry.name": "diagnostics.meethue.com", - "dns.qry.name.len": "23", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:37.600242000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496177.600242000", - "frame.time_delta": "0.002013000", - "frame.time_delta_displayed": "0.002013000", - "frame.time_relative": "2586.139556000", - "frame.number": "9136", - "frame.len": "297", - "frame.cap_len": "297", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "283", - "ip.id": "0x0000cd39", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000eaa6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "39280", - "udp.port": "53", - "udp.port": "39280", - "udp.length": "263", - "udp.checksum": "0x0000830a", - "udp.checksum.status": "2", - "udp.stream": "165" - }, - "dns": { - "dns.response_to": "9135", - "dns.time": "0.002013000", - "dns.id": "0x000000d5", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "1", - "dns.count.auth_rr": "3", - "dns.count.add_rr": "6", - "Queries": { - "diagnostics.meethue.com: type A, class IN": { - "dns.qry.name": "diagnostics.meethue.com", - "dns.qry.name.len": "23", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "diagnostics.meethue.com: type A, class IN, addr 130.211.67.12": { - "dns.resp.name": "diagnostics.meethue.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "191", - "dns.resp.len": "4", - "dns.a": "130.211.67.12" - } - }, - "Authoritative nameservers": { - "meethue.com: type NS, class IN, ns ns3.ext.philips.com": { - "dns.resp.name": "meethue.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2563", - "dns.resp.len": "18", - "dns.ns": "ns3.ext.philips.com" - }, - "meethue.com: type NS, class IN, ns ns2.ext.philips.com": { - "dns.resp.name": "meethue.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2563", - "dns.resp.len": "6", - "dns.ns": "ns2.ext.philips.com" - }, - "meethue.com: type NS, class IN, ns ns1.ext.philips.com": { - "dns.resp.name": "meethue.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2563", - "dns.resp.len": "6", - "dns.ns": "ns1.ext.philips.com" - } - }, - "Additional records": { - "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": { - "dns.resp.name": "ns1.ext.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "167074", - "dns.resp.len": "4", - "dns.a": "57.67.40.20" - }, - "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": { - "dns.resp.name": "ns2.ext.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "27847", - "dns.resp.len": "4", - "dns.a": "57.77.21.76" - }, - "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": { - "dns.resp.name": "ns3.ext.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "27847", - "dns.resp.len": "4", - "dns.a": "57.73.36.68" - }, - "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001:0:57:67:40:20": { - "dns.resp.name": "ns1.ext.philips.com", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "170769", - "dns.resp.len": "16", - "dns.aaaa": "2a01:ce89:8001:0:57:67:40:20" - }, - "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": { - "dns.resp.name": "ns2.ext.philips.com", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "85831", - "dns.resp.len": "16", - "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76" - }, - "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1:0:57:73:36:68": { - "dns.resp.name": "ns3.ext.philips.com", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "85831", - "dns.resp.len": "16", - "dns.aaaa": "2a01:ce9d:1:0:57:73:36:68" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:37.601058000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496177.601058000", - "frame.time_delta": "0.000816000", - "frame.time_delta_displayed": "0.000816000", - "frame.time_relative": "2586.140372000", - "frame.number": "9137", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00006b86", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004816", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "130.211.67.12", - "ip.addr": "130.211.67.12", - "ip.dst_host": "130.211.67.12", - "ip.host": "130.211.67.12", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "46284", - "tcp.dstport": "80", - "tcp.port": "46284", - "tcp.port": "80", - "tcp.stream": "353", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x000099cd", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:37.675285000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496177.675285000", - "frame.time_delta": "0.074227000", - "frame.time_delta_displayed": "0.074227000", - "frame.time_relative": "2586.214599000", - "frame.number": "9138", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x00002139", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e6db", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57452", - "udp.dstport": "1900", - "udp.port": "57452", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x000069f1", - "udp.checksum.status": "2", - "udp.stream": "163" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "2", - "http.prev_request_in": "9130" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:37.744503000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496177.744503000", - "frame.time_delta": "0.069218000", - "frame.time_delta_displayed": "0.069218000", - "frame.time_relative": "2586.283817000", - "frame.number": "9139", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000c29c", - "ip.checksum.status": "2", - "ip.src": "130.211.67.12", - "ip.addr": "130.211.67.12", - "ip.src_host": "130.211.67.12", - "ip.host": "130.211.67.12", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "46284", - "tcp.port": "80", - "tcp.port": "46284", - "tcp.stream": "353", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "28400", - "tcp.window_size": "28400", - "tcp.checksum": "0x0000b4d9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:8c:01:01:04:02:01:03:03:07", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1420" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 7 (multiply by 128)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "7", - "tcp.options.wscale.multiplier": "128" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "9137", - "tcp.analysis.ack_rtt": "0.143445000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:37.745028000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496177.745028000", - "frame.time_delta": "0.000525000", - "frame.time_delta_displayed": "0.000525000", - "frame.time_relative": "2586.284342000", - "frame.number": "9140", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00006b87", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004821", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "130.211.67.12", - "ip.addr": "130.211.67.12", - "ip.dst_host": "130.211.67.12", - "ip.host": "130.211.67.12", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "46284", - "tcp.dstport": "80", - "tcp.port": "46284", - "tcp.port": "80", - "tcp.stream": "353", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3650", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00005632", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "9139", - "tcp.analysis.ack_rtt": "0.000525000", - "tcp.analysis.initial_rtt": "0.143970000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:37.745041000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496177.745041000", - "frame.time_delta": "0.000013000", - "frame.time_delta_displayed": "0.000013000", - "frame.time_relative": "2586.284355000", - "frame.number": "9141", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "45", - "ip.id": "0x00006b88", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000481b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "130.211.67.12", - "ip.addr": "130.211.67.12", - "ip.dst_host": "130.211.67.12", - "ip.host": "130.211.67.12", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "46284", - "tcp.dstport": "80", - "tcp.port": "46284", - "tcp.port": "80", - "tcp.stream": "353", - "tcp.len": "5", - "tcp.seq": "1", - "tcp.nxtseq": "6", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3650", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00009281", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.143970000", - "tcp.analysis.bytes_in_flight": "5", - "tcp.analysis.push_bytes_sent": "5" - }, - "tcp.segment_data": "50:4f:53:54:20" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:37.746593000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496177.746593000", - "frame.time_delta": "0.001552000", - "frame.time_delta_displayed": "0.001552000", - "frame.time_relative": "2586.285907000", - "frame.number": "9142", - "frame.len": "1474", - "frame.cap_len": "1474", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1460", - "ip.id": "0x00006b89", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004293", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "130.211.67.12", - "ip.addr": "130.211.67.12", - "ip.dst_host": "130.211.67.12", - "ip.host": "130.211.67.12", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "46284", - "tcp.dstport": "80", - "tcp.port": "46284", - "tcp.port": "80", - "tcp.stream": "353", - "tcp.len": "1420", - "tcp.seq": "6", - "tcp.nxtseq": "1426", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3650", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x000010b3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.143970000", - "tcp.analysis.bytes_in_flight": "1425", - "tcp.analysis.push_bytes_sent": "1420" - }, - "tcp.segment_data": "2f:62:72:69:64:67:65:73:2f:77:73:2f:73:74:61:74:73:3f:73:73:6f:3d:39:31:63:32:62:34:34:65:30:63:63:32:65:32:31:65:64:34:39:35:37:36:61:62:36:37:33:32:63:31:35:62:35:63:38:61:38:36:65:35:66:34:32:31:31:66:65:62:34:61:31:65:39:61:30:38:36:64:64:64:66:39:64:32:36:36:33:65:37:63:36:62:30:33:35:61:33:33:62:34:33:64:64:39:38:63:36:31:36:38:38:34:32:63:36:62:62:65:64:34:66:38:34:66:38:62:61:32:37:63:62:36:65:36:35:39:33:64:63:33:64:65:30:37:61:32:39:30:30:32:33:37:36:62:37:38:39:31:39:64:36:31:30:33:37:66:38:31:62:66:35:39:31:61:33:64:38:32:35:65:61:66:39:37:38:30:63:31:38:63:64:30:37:31:38:34:33:65:64:66:30:61:63:63:31:32:34:32:34:34:30:36:65:66:64:62:62:33:37:30:62:33:66:39:32:39:36:36:65:63:39:62:36:34:34:64:32:31:62:64:62:65:31:64:39:37:65:64:32:38:34:61:31:63:35:35:62:37:63:65:32:30:61:66:39:31:37:64:31:36:39:30:32:34:63:32:35:62:36:33:66:33:32:65:34:37:65:33:61:37:30:31:34:37:65:35:66:32:37:61:62:66:30:37:62:39:36:34:37:63:37:32:64:63:35:31:30:39:39:37:61:39:63:33:64:62:30:65:66:61:31:30:64:39:34:65:36:31:32:37:35:38:37:30:64:33:62:66:61:32:64:39:36:37:33:34:35:37:63:39:34:39:66:30:39:36:31:31:66:34:36:31:35:38:61:33:38:38:65:62:64:31:30:36:65:61:34:33:31:34:34:63:30:34:31:65:32:38:33:35:62:34:32:36:26:69:3d:36:64:66:30:63:36:39:34:32:64:64:37:35:36:34:32:66:35:63:38:32:65:63:35:61:62:34:38:62:66:61:37:26:61:75:74:68:3d:35:30:33:39:65:30:63:65:31:33:62:61:64:61:36:32:31:65:37:33:65:36:38:66:62:30:33:64:62:33:64:64:38:61:63:62:39:30:66:63:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:69:61:67:6e:6f:73:74:69:63:73:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3a:38:30:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:54:72:61:6e:73:66:65:72:2d:65:6e:63:6f:64:69:6e:67:3a:20:63:68:75:6e:6b:65:64:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:74:65:78:74:2f:70:6c:61:69:6e:0d:0a:0d:0a:32:30:0d:0a:61:36:65:34:62:38:34:63:65:39:61:31:32:34:39:64:38:61:36:35:61:34:38:33:37:66:64:64:64:36:61:37:0d:0a:32:30:0d:0a:63:33:63:61:34:32:38:61:36:39:30:30:36:66:32:34:35:63:64:36:33:66:33:32:37:34:36:36:61:38:62:65:0d:0a:32:30:0d:0a:39:62:33:63:37:39:33:30:61:63:33:63:64:37:39:65:39:36:64:61:36:32:35:35:33:32:34:31:66:65:35:33:0d:0a:32:30:0d:0a:39:62:35:64:30:38:65:35:66:30:33:65:62:33:65:35:39:37:36:33:38:33:31:36:32:36:66:30:35:33:63:32:0d:0a:32:30:0d:0a:64:66:33:31:65:64:35:36:36:35:34:65:33:33:32:65:66:33:65:66:30:31:38:30:65:32:38:32:64:30:30:39:0d:0a:32:30:0d:0a:38:32:65:61:36:65:30:34:64:61:61:38:62:62:39:38:37:33:32:31:63:66:63:34:62:35:65:65:32:63:36:30:0d:0a:32:30:0d:0a:65:38:66:65:33:66:62:34:31:66:37:64:36:62:66:65:62:31:63:65:30:37:30:32:33:39:31:66:31:33:65:33:0d:0a:32:30:0d:0a:64:62:36:63:37:32:35:37:33:34:35:31:32:64:33:38:35:36:34:63:37:63:65:37:66:34:37:34:38:62:32:30:0d:0a:32:30:0d:0a:64:30:34:38:66:33:34:65:30:37:32:65:31:63:37:30:65:37:61:35:39:37:38:63:35:32:38:30:37:34:39:30:0d:0a:32:30:0d:0a:34:31:30:32:32:30:33:30:63:37:61:66:35:36:66:63:61:61:37:34:63:38:31:31:66:33:38:66:38:63:63:64:0d:0a:32:30:0d:0a:65:38:33:31:34:37:66:32:33:35:61:35:61:38:63:61:65:64:38:31:37:32:66:61:39:32:36:61:64:37:34:61:0d:0a:32:30:0d:0a:66:36:64:38:31:62:64:61:37:39:61:64:36:65:64:38:61:64:61:37:39:62:65:66:31:34:39:30:30:63:36:39:0d:0a:32:30:0d:0a:35:33:63:65:30:62:33:63:35:33:66:65:66:38:64:65:33:36:39:35:63:61:36:31:31:65:63:39:63:36:65:63:0d:0a:32:30:0d:0a:31:64:61:30:30:33:65:36:65:63:34:65:61:62:31:32:32:32:31:63:32:66:30:66:36:33:64:36:30:32:34:35:0d:0a:32:30:0d:0a:65:33:37:64:64:36:33:66:34:61:37:35:35:31:33:31:32:39:32:61:65:36:63:64:66:64:64:32:37:66:36:63:0d:0a:32:30:0d:0a:30:36:65:32:63:32:66:65:61:39:31:37:66:62:65:36:35:34:34:37:31:36:37:66:64:65:64:34:35:62:31:65:0d:0a:32:30:0d:0a:32:30:32:34:62:33:36:62:32:34:34:66:64:39:34:35:62:37:38:31:62:39:36:63:34:30:39:64:32:64:36:31:0d:0a:32:30:0d:0a:64:66:65:37:32:38:33:61:32:36:37:39:63:37:37:32:39:30:65:66:61:62:35:35:34:33:65:38:37:35:64:62:0d:0a:32:30:0d:0a:34:33:38:63:32:38:30:39:32:65:38:65:30:62:31:33:63:38:32:37:38:34:34:36:31:36:64:65:64:32:65:30:0d:0a:32:30:0d:0a:61:65:63:37:33:36:32:35:33:31:37:32:38:37:61:35:66:38:39:30:34:37:65:39:31:38:30:65:66:37:31:64:0d:0a:32:30:0d:0a:30:37:39:34:33:30:36:31:62:39:35:31:66:30:61:64:65:39:64:66:61:66:33:30:34:36:65:36:36:61:63:64:0d:0a:32:30:0d:0a:65:34:65:37:38:39:37:62:64:33:33" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:37.887831000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496177.887831000", - "frame.time_delta": "0.141238000", - "frame.time_delta_displayed": "0.141238000", - "frame.time_relative": "2586.427145000", - "frame.number": "9143", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002060", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000a248", - "ip.checksum.status": "2", - "ip.src": "130.211.67.12", - "ip.addr": "130.211.67.12", - "ip.src_host": "130.211.67.12", - "ip.host": "130.211.67.12", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "46284", - "tcp.port": "80", - "tcp.port": "46284", - "tcp.stream": "353", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "6", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "222", - "tcp.window_size": "28416", - "tcp.window_size_scalefactor": "128", - "tcp.checksum": "0x00006391", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "9141", - "tcp.analysis.ack_rtt": "0.142790000", - "tcp.analysis.initial_rtt": "0.143970000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:37.888359000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496177.888359000", - "frame.time_delta": "0.000528000", - "frame.time_delta_displayed": "0.000528000", - "frame.time_relative": "2586.427673000", - "frame.number": "9144", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:data:data:data:data:data:data:data:data:data:data:data:data:data:data:data:data:data:data:data:data:data:data:data:data:data:data:data:data:data:data-text-lines" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x00006b8a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000046f8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "130.211.67.12", - "ip.addr": "130.211.67.12", - "ip.dst_host": "130.211.67.12", - "ip.host": "130.211.67.12", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "46284", - "tcp.dstport": "80", - "tcp.port": "46284", - "tcp.port": "80", - "tcp.stream": "353", - "tcp.len": "294", - "tcp.seq": "1426", - "tcp.nxtseq": "1720", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3650", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00005bad", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.143970000", - "tcp.analysis.bytes_in_flight": "1714", - "tcp.analysis.push_bytes_sent": "1714" - }, - "tcp.segment_data": "66:64:66:62:37:64:62:65:36:30:61:61:33:66:62:63:36:36:66:35:62:0d:0a:32:30:0d:0a:64:66:64:36:34:66:39:36:35:39:61:62:38:32:35:32:64:61:36:33:34:65:39:66:66:38:63:34:66:61:63:62:0d:0a:32:30:0d:0a:65:30:32:61:38:37:30:35:34:32:39:30:36:32:36:30:34:37:65:66:62:61:34:32:62:38:37:39:35:34:61:61:0d:0a:32:30:0d:0a:63:63:61:63:36:30:33:63:65:61:63:64:38:38:62:62:34:34:32:34:66:63:66:31:37:33:34:36:62:31:64:35:0d:0a:32:30:0d:0a:33:65:66:35:61:34:61:38:30:32:36:64:30:37:63:36:63:31:36:37:62:30:32:33:32:62:39:64:65:33:32:34:0d:0a:32:30:0d:0a:65:33:64:34:34:66:37:30:64:62:31:33:36:65:30:63:35:32:37:36:39:37:34:31:66:36:36:63:37:64:63:37:0d:0a:32:30:0d:0a:66:32:37:33:37:37:63:31:33:38:65:30:33:66:39:30:31:39:31:63:64:34:64:30:64:38:35:66:62:35:30:35:0d:0a:32:30:0d:0a:38:61:35:35:39:35:33:34:33:36:33:37:32:34:64:35:39:61:31:37:32:32:31:32:62:33:37:30:30:63:35:38:0d:0a:30:0d:0a:0d:0a" - }, - "tcp.segments": { - "tcp.segment": "9141", - "tcp.segment": "9142", - "tcp.segment": "9144", - "tcp.segment.count": "3", - "tcp.reassembled.length": "1719", - "tcp.reassembled.data": "50:4f:53:54:20:2f:62:72:69:64:67:65:73:2f:77:73:2f:73:74:61:74:73:3f:73:73:6f:3d:39:31:63:32:62:34:34:65:30:63:63:32:65:32:31:65:64:34:39:35:37:36:61:62:36:37:33:32:63:31:35:62:35:63:38:61:38:36:65:35:66:34:32:31:31:66:65:62:34:61:31:65:39:61:30:38:36:64:64:64:66:39:64:32:36:36:33:65:37:63:36:62:30:33:35:61:33:33:62:34:33:64:64:39:38:63:36:31:36:38:38:34:32:63:36:62:62:65:64:34:66:38:34:66:38:62:61:32:37:63:62:36:65:36:35:39:33:64:63:33:64:65:30:37:61:32:39:30:30:32:33:37:36:62:37:38:39:31:39:64:36:31:30:33:37:66:38:31:62:66:35:39:31:61:33:64:38:32:35:65:61:66:39:37:38:30:63:31:38:63:64:30:37:31:38:34:33:65:64:66:30:61:63:63:31:32:34:32:34:34:30:36:65:66:64:62:62:33:37:30:62:33:66:39:32:39:36:36:65:63:39:62:36:34:34:64:32:31:62:64:62:65:31:64:39:37:65:64:32:38:34:61:31:63:35:35:62:37:63:65:32:30:61:66:39:31:37:64:31:36:39:30:32:34:63:32:35:62:36:33:66:33:32:65:34:37:65:33:61:37:30:31:34:37:65:35:66:32:37:61:62:66:30:37:62:39:36:34:37:63:37:32:64:63:35:31:30:39:39:37:61:39:63:33:64:62:30:65:66:61:31:30:64:39:34:65:36:31:32:37:35:38:37:30:64:33:62:66:61:32:64:39:36:37:33:34:35:37:63:39:34:39:66:30:39:36:31:31:66:34:36:31:35:38:61:33:38:38:65:62:64:31:30:36:65:61:34:33:31:34:34:63:30:34:31:65:32:38:33:35:62:34:32:36:26:69:3d:36:64:66:30:63:36:39:34:32:64:64:37:35:36:34:32:66:35:63:38:32:65:63:35:61:62:34:38:62:66:61:37:26:61:75:74:68:3d:35:30:33:39:65:30:63:65:31:33:62:61:64:61:36:32:31:65:37:33:65:36:38:66:62:30:33:64:62:33:64:64:38:61:63:62:39:30:66:63:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:69:61:67:6e:6f:73:74:69:63:73:2e:6d:65:65:74:68:75:65:2e:63:6f:6d:3a:38:30:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:54:72:61:6e:73:66:65:72:2d:65:6e:63:6f:64:69:6e:67:3a:20:63:68:75:6e:6b:65:64:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:74:65:78:74:2f:70:6c:61:69:6e:0d:0a:0d:0a:32:30:0d:0a:61:36:65:34:62:38:34:63:65:39:61:31:32:34:39:64:38:61:36:35:61:34:38:33:37:66:64:64:64:36:61:37:0d:0a:32:30:0d:0a:63:33:63:61:34:32:38:61:36:39:30:30:36:66:32:34:35:63:64:36:33:66:33:32:37:34:36:36:61:38:62:65:0d:0a:32:30:0d:0a:39:62:33:63:37:39:33:30:61:63:33:63:64:37:39:65:39:36:64:61:36:32:35:35:33:32:34:31:66:65:35:33:0d:0a:32:30:0d:0a:39:62:35:64:30:38:65:35:66:30:33:65:62:33:65:35:39:37:36:33:38:33:31:36:32:36:66:30:35:33:63:32:0d:0a:32:30:0d:0a:64:66:33:31:65:64:35:36:36:35:34:65:33:33:32:65:66:33:65:66:30:31:38:30:65:32:38:32:64:30:30:39:0d:0a:32:30:0d:0a:38:32:65:61:36:65:30:34:64:61:61:38:62:62:39:38:37:33:32:31:63:66:63:34:62:35:65:65:32:63:36:30:0d:0a:32:30:0d:0a:65:38:66:65:33:66:62:34:31:66:37:64:36:62:66:65:62:31:63:65:30:37:30:32:33:39:31:66:31:33:65:33:0d:0a:32:30:0d:0a:64:62:36:63:37:32:35:37:33:34:35:31:32:64:33:38:35:36:34:63:37:63:65:37:66:34:37:34:38:62:32:30:0d:0a:32:30:0d:0a:64:30:34:38:66:33:34:65:30:37:32:65:31:63:37:30:65:37:61:35:39:37:38:63:35:32:38:30:37:34:39:30:0d:0a:32:30:0d:0a:34:31:30:32:32:30:33:30:63:37:61:66:35:36:66:63:61:61:37:34:63:38:31:31:66:33:38:66:38:63:63:64:0d:0a:32:30:0d:0a:65:38:33:31:34:37:66:32:33:35:61:35:61:38:63:61:65:64:38:31:37:32:66:61:39:32:36:61:64:37:34:61:0d:0a:32:30:0d:0a:66:36:64:38:31:62:64:61:37:39:61:64:36:65:64:38:61:64:61:37:39:62:65:66:31:34:39:30:30:63:36:39:0d:0a:32:30:0d:0a:35:33:63:65:30:62:33:63:35:33:66:65:66:38:64:65:33:36:39:35:63:61:36:31:31:65:63:39:63:36:65:63:0d:0a:32:30:0d:0a:31:64:61:30:30:33:65:36:65:63:34:65:61:62:31:32:32:32:31:63:32:66:30:66:36:33:64:36:30:32:34:35:0d:0a:32:30:0d:0a:65:33:37:64:64:36:33:66:34:61:37:35:35:31:33:31:32:39:32:61:65:36:63:64:66:64:64:32:37:66:36:63:0d:0a:32:30:0d:0a:30:36:65:32:63:32:66:65:61:39:31:37:66:62:65:36:35:34:34:37:31:36:37:66:64:65:64:34:35:62:31:65:0d:0a:32:30:0d:0a:32:30:32:34:62:33:36:62:32:34:34:66:64:39:34:35:62:37:38:31:62:39:36:63:34:30:39:64:32:64:36:31:0d:0a:32:30:0d:0a:64:66:65:37:32:38:33:61:32:36:37:39:63:37:37:32:39:30:65:66:61:62:35:35:34:33:65:38:37:35:64:62:0d:0a:32:30:0d:0a:34:33:38:63:32:38:30:39:32:65:38:65:30:62:31:33:63:38:32:37:38:34:34:36:31:36:64:65:64:32:65:30:0d:0a:32:30:0d:0a:61:65:63:37:33:36:32:35:33:31:37:32:38:37:61:35:66:38:39:30:34:37:65:39:31:38:30:65:66:37:31:64:0d:0a:32:30:0d:0a:30:37:39:34:33:30:36:31:62:39:35:31:66:30:61:64:65:39:64:66:61:66:33:30:34:36:65:36:36:61:63:64:0d:0a:32:30:0d:0a:65:34:65:37:38:39:37:62:64:33:33:66:64:66:62:37:64:62:65:36:30:61:61:33:66:62:63:36:36:66:35:62:0d:0a:32:30:0d:0a:64:66:64:36:34:66:39:36:35:39:61:62:38:32:35:32:64:61:36:33:34:65:39:66:66:38:63:34:66:61:63:62:0d:0a:32:30:0d:0a:65:30:32:61:38:37:30:35:34:32:39:30:36:32:36:30:34:37:65:66:62:61:34:32:62:38:37:39:35:34:61:61:0d:0a:32:30:0d:0a:63:63:61:63:36:30:33:63:65:61:63:64:38:38:62:62:34:34:32:34:66:63:66:31:37:33:34:36:62:31:64:35:0d:0a:32:30:0d:0a:33:65:66:35:61:34:61:38:30:32:36:64:30:37:63:36:63:31:36:37:62:30:32:33:32:62:39:64:65:33:32:34:0d:0a:32:30:0d:0a:65:33:64:34:34:66:37:30:64:62:31:33:36:65:30:63:35:32:37:36:39:37:34:31:66:36:36:63:37:64:63:37:0d:0a:32:30:0d:0a:66:32:37:33:37:37:63:31:33:38:65:30:33:66:39:30:31:39:31:63:64:34:64:30:64:38:35:66:62:35:30:35:0d:0a:32:30:0d:0a:38:61:35:35:39:35:33:34:33:36:33:37:32:34:64:35:39:61:31:37:32:32:31:32:62:33:37:30:30:63:35:38:0d:0a:30:0d:0a:0d:0a" - }, - "http": { - " [truncated]POST \/bridges\/ws\/stats?sso=91c2b44e0cc2e21ed49576ab6732c15b5c8a86e5f4211feb4a1e9a086dddf9d2663e7c6b035a33b43dd98c6168842c6bbed4f84f8ba27cb6e6593dc3de07a29002376b78919d61037f81bf591a3d825eaf9780c18cd071843edf0acc12424406efdbb370": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "POST \/bridges\/ws\/stats?sso=91c2b44e0cc2e21ed49576ab6732c15b5c8a86e5f4211feb4a1e9a086dddf9d2663e7c6b035a33b43dd98c6168842c6bbed4f84f8ba27cb6e6593dc3de07a29002376b78919d61037f81bf591a3d825eaf9780c18cd071843edf0acc12424406efdbb370b3f92966ec9b", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "POST", - "http.request.uri": "\/bridges\/ws\/stats?sso=91c2b44e0cc2e21ed49576ab6732c15b5c8a86e5f4211feb4a1e9a086dddf9d2663e7c6b035a33b43dd98c6168842c6bbed4f84f8ba27cb6e6593dc3de07a29002376b78919d61037f81bf591a3d825eaf9780c18cd071843edf0acc12424406efdbb370b3f92966ec9b644d21bdbe1d97ed284a1c55b7ce20af917d169024c25b63f32e47e3a70147e5f27abf07b9647c72dc510997a9c3db0efa10d94e61275870d3bfa2d9673457c949f09611f46158a388ebd106ea43144c041e2835b426&i=6df0c6942dd75642f5c82ec5ab48bfa7&auth=5039e0ce13bada621e73e68fb03db3dd8acb90fc", - "http.request.uri_tree": { - "http.request.uri.path": "\/bridges\/ws\/stats", - "http.request.uri.query": "sso=91c2b44e0cc2e21ed49576ab6732c15b5c8a86e5f4211feb4a1e9a086dddf9d2663e7c6b035a33b43dd98c6168842c6bbed4f84f8ba27cb6e6593dc3de07a29002376b78919d61037f81bf591a3d825eaf9780c18cd071843edf0acc12424406efdbb370b3f92966ec9b644d21bdbe1d97ed284a1c55b7ce20af917d169024c25b63f32e47e3a70147e5f27abf07b9647c72dc510997a9c3db0efa10d94e61275870d3bfa2d9673457c949f09611f46158a388ebd106ea43144c041e2835b426&i=6df0c6942dd75642f5c82ec5ab48bfa7&auth=5039e0ce13bada621e73e68fb03db3dd8acb90fc", - "http.request.uri.query_tree": { - "http.request.uri.query.parameter": "sso=91c2b44e0cc2e21ed49576ab6732c15b5c8a86e5f4211feb4a1e9a086dddf9d2663e7c6b035a33b43dd98c6168842c6bbed4f84f8ba27cb6e6593dc3de07a29002376b78919d61037f81bf591a3d825eaf9780c18cd071843edf0acc12424406efdbb370b3f92966ec9b644d21bdbe1d97ed284a1c55b7ce20af917d169024c25b63f32e47e3a70147e5f27abf07b9647c72dc510997a9c3db0efa10d94e61275870d3bfa2d9673457c949f09611f46158a388ebd106ea43144c041e2835b426", - "http.request.uri.query.parameter": "i=6df0c6942dd75642f5c82ec5ab48bfa7", - "http.request.uri.query.parameter": "auth=5039e0ce13bada621e73e68fb03db3dd8acb90fc" - } - }, - "http.request.version": "HTTP\/1.1" - }, - "http.host": "diagnostics.meethue.com:80", - "http.request.line": "Host: diagnostics.meethue.com:80\r\n", - "http.connection": "close", - "http.request.line": "Connection: close\r\n", - "http.transfer_encoding": "chunked", - "http.request.line": "Transfer-encoding: chunked\r\n", - "http.content_type": "text\/plain", - "http.request.line": "Content-Type: text\/plain\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/diagnostics.meethue.com:80\/bridges\/ws\/stats?sso=91c2b44e0cc2e21ed49576ab6732c15b5c8a86e5f4211feb4a1e9a086dddf9d2663e7c6b035a33b43dd98c6168842c6bbed4f84f8ba27cb6e6593dc3de07a29002376b78919d61037f81bf591a3d825eaf9780c18cd071843edf0acc12424406efdbb370b3f92966ec9b644d21bdbe1d97ed284a1c55b7ce20af917d169024c25b63f32e47e3a70147e5f27abf07b9647c72dc510997a9c3db0efa10d94e61275870d3bfa2d9673457c949f09611f46158a388ebd106ea43144c041e2835b426&i=6df0c6942dd75642f5c82ec5ab48bfa7&auth=5039e0ce13bada621e73e68fb03db3dd8acb90fc", - "http.request": "1", - "http.request_number": "1", - "HTTP chunked response": { - "Data chunk (32 octets)": { - "http.chunk_size": "32", - "data": { - "data.data": "61:36:65:34:62:38:34:63:65:39:61:31:32:34:39:64:38:61:36:35:61:34:38:33:37:66:64:64:64:36:61:37", - "data.len": "32" - }, - "http.chunk_boundary": "0d:0a" - }, - "Data chunk (32 octets)": { - "http.chunk_size": "32", - "data": { - "data.data": "63:33:63:61:34:32:38:61:36:39:30:30:36:66:32:34:35:63:64:36:33:66:33:32:37:34:36:36:61:38:62:65", - "data.len": "32" - }, - "http.chunk_boundary": "0d:0a" - }, - "Data chunk (32 octets)": { - "http.chunk_size": "32", - "data": { - "data.data": "39:62:33:63:37:39:33:30:61:63:33:63:64:37:39:65:39:36:64:61:36:32:35:35:33:32:34:31:66:65:35:33", - "data.len": "32" - }, - "http.chunk_boundary": "0d:0a" - }, - "Data chunk (32 octets)": { - "http.chunk_size": "32", - "data": { - "data.data": "39:62:35:64:30:38:65:35:66:30:33:65:62:33:65:35:39:37:36:33:38:33:31:36:32:36:66:30:35:33:63:32", - "data.len": "32" - }, - "http.chunk_boundary": "0d:0a" - }, - "Data chunk (32 octets)": { - "http.chunk_size": "32", - "data": { - "data.data": "64:66:33:31:65:64:35:36:36:35:34:65:33:33:32:65:66:33:65:66:30:31:38:30:65:32:38:32:64:30:30:39", - "data.len": "32" - }, - "http.chunk_boundary": "0d:0a" - }, - "Data chunk (32 octets)": { - "http.chunk_size": "32", - "data": { - "data.data": "38:32:65:61:36:65:30:34:64:61:61:38:62:62:39:38:37:33:32:31:63:66:63:34:62:35:65:65:32:63:36:30", - "data.len": "32" - }, - "http.chunk_boundary": "0d:0a" - }, - "Data chunk (32 octets)": { - "http.chunk_size": "32", - "data": { - "data.data": "65:38:66:65:33:66:62:34:31:66:37:64:36:62:66:65:62:31:63:65:30:37:30:32:33:39:31:66:31:33:65:33", - "data.len": "32" - }, - "http.chunk_boundary": "0d:0a" - }, - "Data chunk (32 octets)": { - "http.chunk_size": "32", - "data": { - "data.data": "64:62:36:63:37:32:35:37:33:34:35:31:32:64:33:38:35:36:34:63:37:63:65:37:66:34:37:34:38:62:32:30", - "data.len": "32" - }, - "http.chunk_boundary": "0d:0a" - }, - "Data chunk (32 octets)": { - "http.chunk_size": "32", - "data": { - "data.data": "64:30:34:38:66:33:34:65:30:37:32:65:31:63:37:30:65:37:61:35:39:37:38:63:35:32:38:30:37:34:39:30", - "data.len": "32" - }, - "http.chunk_boundary": "0d:0a" - }, - "Data chunk (32 octets)": { - "http.chunk_size": "32", - "data": { - "data.data": "34:31:30:32:32:30:33:30:63:37:61:66:35:36:66:63:61:61:37:34:63:38:31:31:66:33:38:66:38:63:63:64", - "data.len": "32" - }, - "http.chunk_boundary": "0d:0a" - }, - "Data chunk (32 octets)": { - "http.chunk_size": "32", - "data": { - "data.data": "65:38:33:31:34:37:66:32:33:35:61:35:61:38:63:61:65:64:38:31:37:32:66:61:39:32:36:61:64:37:34:61", - "data.len": "32" - }, - "http.chunk_boundary": "0d:0a" - }, - "Data chunk (32 octets)": { - "http.chunk_size": "32", - "data": { - "data.data": "66:36:64:38:31:62:64:61:37:39:61:64:36:65:64:38:61:64:61:37:39:62:65:66:31:34:39:30:30:63:36:39", - "data.len": "32" - }, - "http.chunk_boundary": "0d:0a" - }, - "Data chunk (32 octets)": { - "http.chunk_size": "32", - "data": { - "data.data": "35:33:63:65:30:62:33:63:35:33:66:65:66:38:64:65:33:36:39:35:63:61:36:31:31:65:63:39:63:36:65:63", - "data.len": "32" - }, - "http.chunk_boundary": "0d:0a" - }, - "Data chunk (32 octets)": { - "http.chunk_size": "32", - "data": { - "data.data": "31:64:61:30:30:33:65:36:65:63:34:65:61:62:31:32:32:32:31:63:32:66:30:66:36:33:64:36:30:32:34:35", - "data.len": "32" - }, - "http.chunk_boundary": "0d:0a" - }, - "Data chunk (32 octets)": { - "http.chunk_size": "32", - "data": { - "data.data": "65:33:37:64:64:36:33:66:34:61:37:35:35:31:33:31:32:39:32:61:65:36:63:64:66:64:64:32:37:66:36:63", - "data.len": "32" - }, - "http.chunk_boundary": "0d:0a" - }, - "Data chunk (32 octets)": { - "http.chunk_size": "32", - "data": { - "data.data": "30:36:65:32:63:32:66:65:61:39:31:37:66:62:65:36:35:34:34:37:31:36:37:66:64:65:64:34:35:62:31:65", - "data.len": "32" - }, - "http.chunk_boundary": "0d:0a" - }, - "Data chunk (32 octets)": { - "http.chunk_size": "32", - "data": { - "data.data": "32:30:32:34:62:33:36:62:32:34:34:66:64:39:34:35:62:37:38:31:62:39:36:63:34:30:39:64:32:64:36:31", - "data.len": "32" - }, - "http.chunk_boundary": "0d:0a" - }, - "Data chunk (32 octets)": { - "http.chunk_size": "32", - "data": { - "data.data": "64:66:65:37:32:38:33:61:32:36:37:39:63:37:37:32:39:30:65:66:61:62:35:35:34:33:65:38:37:35:64:62", - "data.len": "32" - }, - "http.chunk_boundary": "0d:0a" - }, - "Data chunk (32 octets)": { - "http.chunk_size": "32", - "data": { - "data.data": "34:33:38:63:32:38:30:39:32:65:38:65:30:62:31:33:63:38:32:37:38:34:34:36:31:36:64:65:64:32:65:30", - "data.len": "32" - }, - "http.chunk_boundary": "0d:0a" - }, - "Data chunk (32 octets)": { - "http.chunk_size": "32", - "data": { - "data.data": "61:65:63:37:33:36:32:35:33:31:37:32:38:37:61:35:66:38:39:30:34:37:65:39:31:38:30:65:66:37:31:64", - "data.len": "32" - }, - "http.chunk_boundary": "0d:0a" - }, - "Data chunk (32 octets)": { - "http.chunk_size": "32", - "data": { - "data.data": "30:37:39:34:33:30:36:31:62:39:35:31:66:30:61:64:65:39:64:66:61:66:33:30:34:36:65:36:36:61:63:64", - "data.len": "32" - }, - "http.chunk_boundary": "0d:0a" - }, - "Data chunk (32 octets)": { - "http.chunk_size": "32", - "data": { - "data.data": "65:34:65:37:38:39:37:62:64:33:33:66:64:66:62:37:64:62:65:36:30:61:61:33:66:62:63:36:36:66:35:62", - "data.len": "32" - }, - "http.chunk_boundary": "0d:0a" - }, - "Data chunk (32 octets)": { - "http.chunk_size": "32", - "data": { - "data.data": "64:66:64:36:34:66:39:36:35:39:61:62:38:32:35:32:64:61:36:33:34:65:39:66:66:38:63:34:66:61:63:62", - "data.len": "32" - }, - "http.chunk_boundary": "0d:0a" - }, - "Data chunk (32 octets)": { - "http.chunk_size": "32", - "data": { - "data.data": "65:30:32:61:38:37:30:35:34:32:39:30:36:32:36:30:34:37:65:66:62:61:34:32:62:38:37:39:35:34:61:61", - "data.len": "32" - }, - "http.chunk_boundary": "0d:0a" - }, - "Data chunk (32 octets)": { - "http.chunk_size": "32", - "data": { - "data.data": "63:63:61:63:36:30:33:63:65:61:63:64:38:38:62:62:34:34:32:34:66:63:66:31:37:33:34:36:62:31:64:35", - "data.len": "32" - }, - "http.chunk_boundary": "0d:0a" - }, - "Data chunk (32 octets)": { - "http.chunk_size": "32", - "data": { - "data.data": "33:65:66:35:61:34:61:38:30:32:36:64:30:37:63:36:63:31:36:37:62:30:32:33:32:62:39:64:65:33:32:34", - "data.len": "32" - }, - "http.chunk_boundary": "0d:0a" - }, - "Data chunk (32 octets)": { - "http.chunk_size": "32", - "data": { - "data.data": "65:33:64:34:34:66:37:30:64:62:31:33:36:65:30:63:35:32:37:36:39:37:34:31:66:36:36:63:37:64:63:37", - "data.len": "32" - }, - "http.chunk_boundary": "0d:0a" - }, - "Data chunk (32 octets)": { - "http.chunk_size": "32", - "data": { - "data.data": "66:32:37:33:37:37:63:31:33:38:65:30:33:66:39:30:31:39:31:63:64:34:64:30:64:38:35:66:62:35:30:35", - "data.len": "32" - }, - "http.chunk_boundary": "0d:0a" - }, - "Data chunk (32 octets)": { - "http.chunk_size": "32", - "data": { - "data.data": "38:61:35:35:39:35:33:34:33:36:33:37:32:34:64:35:39:61:31:37:32:32:31:32:62:33:37:30:30:63:35:38", - "data.len": "32" - }, - "http.chunk_boundary": "0d:0a" - }, - "End of chunked encoding": { - "http.chunk_size": "0" - }, - "\\r\\n": "" - }, - "http.file_data": "a6e4b84ce9a1249d8a65a4837fddd6a7c3ca428a69006f245cd63f327466a8be9b3c7930ac3cd79e96da62553241fe539b5d08e5f03eb3e59763831626f053c2df31ed56654e332ef3ef0180e282d00982ea6e04daa8bb987321cfc4b5ee2c60e8fe3fb41f7d6bfeb1ce0702391f13e3db6c725734512d38564c7ce7f4748b20d048f34e072e1c70e7a5978c5280749041022030c7af56fcaa74c811f38f8ccde83147f235a5a8caed8172fa926ad74af6d81bda79ad6ed8ada79bef14900c6953ce0b3c53fef8de3695ca611ec9c6ec1da003e6ec4eab12221c2f0f63d60245e37dd63f4a755131292ae6cdfdd27f6c06e2c2fea917fbe65447167fded45b1e2024b36b244fd945b781b96c409d2d61dfe7283a2679c77290efab5543e875db438c28092e8e0b13c827844616ded2e0aec73625317287a5f89047e9180ef71d07943061b951f0ade9dfaf3046e66acde4e7897bd33fdfb7dbe60aa3fbc66f5bdfd64f9659ab8252da634e9ff8c4facbe02a87054290626047efba42b87954aaccac603ceacd88bb4424fcf17346b1d53ef5a4a8026d07c6c167b0232b9de324e3d44f70db136e0c52769741f66c7dc7f27377c138e03f90191cd4d0d85fb5058a559534363724d59a172212b3700c58" - }, - "data-text-lines": { - " [truncated]a6e4b84ce9a1249d8a65a4837fddd6a7c3ca428a69006f245cd63f327466a8be9b3c7930ac3cd79e96da62553241fe539b5d08e5f03eb3e59763831626f053c2df31ed56654e332ef3ef0180e282d00982ea6e04daa8bb987321cfc4b5ee2c60e8fe3fb41f7d6bfeb1ce0702391f13e3db6": "" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:37.892261000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496177.892261000", - "frame.time_delta": "0.003902000", - "frame.time_delta_displayed": "0.003902000", - "frame.time_relative": "2586.431575000", - "frame.number": "9145", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002061", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000a247", - "ip.checksum.status": "2", - "ip.src": "130.211.67.12", - "ip.addr": "130.211.67.12", - "ip.src_host": "130.211.67.12", - "ip.host": "130.211.67.12", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "46284", - "tcp.port": "80", - "tcp.port": "46284", - "tcp.stream": "353", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1426", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "245", - "tcp.window_size": "31360", - "tcp.window_size_scalefactor": "128", - "tcp.checksum": "0x00005dee", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "9142", - "tcp.analysis.ack_rtt": "0.145668000", - "tcp.analysis.initial_rtt": "0.143970000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:38.032418000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496178.032418000", - "frame.time_delta": "0.140157000", - "frame.time_delta_displayed": "0.140157000", - "frame.time_relative": "2586.571732000", - "frame.number": "9146", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002062", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000a246", - "ip.checksum.status": "2", - "ip.src": "130.211.67.12", - "ip.addr": "130.211.67.12", - "ip.src_host": "130.211.67.12", - "ip.host": "130.211.67.12", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "46284", - "tcp.port": "80", - "tcp.port": "46284", - "tcp.stream": "353", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1720", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "267", - "tcp.window_size": "34176", - "tcp.window_size_scalefactor": "128", - "tcp.checksum": "0x00005cb2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "9144", - "tcp.analysis.ack_rtt": "0.144059000", - "tcp.analysis.initial_rtt": "0.143970000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:38.095769000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496178.095769000", - "frame.time_delta": "0.063351000", - "frame.time_delta_displayed": "0.063351000", - "frame.time_relative": "2586.635083000", - "frame.number": "9147", - "frame.len": "231", - "frame.cap_len": "231", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:data-text-lines" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "217", - "ip.id": "0x00002063", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000a194", - "ip.checksum.status": "2", - "ip.src": "130.211.67.12", - "ip.addr": "130.211.67.12", - "ip.src_host": "130.211.67.12", - "ip.host": "130.211.67.12", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "46284", - "tcp.port": "80", - "tcp.port": "46284", - "tcp.stream": "353", - "tcp.len": "177", - "tcp.seq": "1", - "tcp.nxtseq": "178", - "tcp.ack": "1720", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "267", - "tcp.window_size": "34176", - "tcp.window_size_scalefactor": "128", - "tcp.checksum": "0x0000ad4a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.143970000", - "tcp.analysis.bytes_in_flight": "177", - "tcp.analysis.push_bytes_sent": "177" - } - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.content_type": "text\/html; charset=utf-8", - "http.response.line": "Content-Type: text\/html; charset=utf-8\r\n", - "http.content_length_header": "2", - "http.content_length_header_tree": { - "http.content_length": "2" - }, - "http.response.line": "Content-Length: 2\r\n", - "http.response.line": "ETag: W\/\"2-nOO9QiTIwXgNtWtBJezz8kv3SLc\"\r\n", - "http.date": "Wed, 01 Nov 2017 00:29:38 GMT", - "http.response.line": "Date: Wed, 01 Nov 2017 00:29:38 GMT\r\n", - "http.connection": "close", - "http.response.line": "Connection: close\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.207410000", - "http.request_in": "9144", - "http.file_data": "OK" - }, - "data-text-lines": { - "OK": "" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:38.095855000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496178.095855000", - "frame.time_delta": "0.000086000", - "frame.time_delta_displayed": "0.000086000", - "frame.time_relative": "2586.635169000", - "frame.number": "9148", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002064", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000a244", - "ip.checksum.status": "2", - "ip.src": "130.211.67.12", - "ip.addr": "130.211.67.12", - "ip.src_host": "130.211.67.12", - "ip.host": "130.211.67.12", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "46284", - "tcp.port": "80", - "tcp.port": "46284", - "tcp.stream": "353", - "tcp.len": "0", - "tcp.seq": "178", - "tcp.ack": "1720", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "267", - "tcp.window_size": "34176", - "tcp.window_size_scalefactor": "128", - "tcp.checksum": "0x00005c00", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:38.096554000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496178.096554000", - "frame.time_delta": "0.000699000", - "frame.time_delta_displayed": "0.000699000", - "frame.time_relative": "2586.635868000", - "frame.number": "9149", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00006b8b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000481d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "130.211.67.12", - "ip.addr": "130.211.67.12", - "ip.dst_host": "130.211.67.12", - "ip.host": "130.211.67.12", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "46284", - "tcp.dstport": "80", - "tcp.port": "46284", - "tcp.port": "80", - "tcp.stream": "353", - "tcp.len": "0", - "tcp.seq": "1720", - "tcp.ack": "178", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00004e44", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "9147", - "tcp.analysis.ack_rtt": "0.000785000", - "tcp.analysis.initial_rtt": "0.143970000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:38.097216000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496178.097216000", - "frame.time_delta": "0.000662000", - "frame.time_delta_displayed": "0.000662000", - "frame.time_relative": "2586.636530000", - "frame.number": "9150", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00006b8c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000481c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "130.211.67.12", - "ip.addr": "130.211.67.12", - "ip.dst_host": "130.211.67.12", - "ip.host": "130.211.67.12", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "46284", - "tcp.dstport": "80", - "tcp.port": "46284", - "tcp.port": "80", - "tcp.stream": "353", - "tcp.len": "0", - "tcp.seq": "1720", - "tcp.ack": "179", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "3784", - "tcp.window_size": "30272", - "tcp.window_size_scalefactor": "8", - "tcp.checksum": "0x00004e42", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "9148", - "tcp.analysis.ack_rtt": "0.001361000", - "tcp.analysis.initial_rtt": "0.143970000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:38.254383000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496178.254383000", - "frame.time_delta": "0.157167000", - "frame.time_delta_displayed": "0.157167000", - "frame.time_relative": "2586.793697000", - "frame.number": "9151", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00002065", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000a243", - "ip.checksum.status": "2", - "ip.src": "130.211.67.12", - "ip.addr": "130.211.67.12", - "ip.src_host": "130.211.67.12", - "ip.host": "130.211.67.12", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "46284", - "tcp.port": "80", - "tcp.port": "46284", - "tcp.stream": "353", - "tcp.len": "0", - "tcp.seq": "179", - "tcp.ack": "1721", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "267", - "tcp.window_size": "34176", - "tcp.window_size_scalefactor": "128", - "tcp.checksum": "0x00005bff", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "9150", - "tcp.analysis.ack_rtt": "0.157167000", - "tcp.analysis.initial_rtt": "0.143970000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:38.380329000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496178.380329000", - "frame.time_delta": "0.125946000", - "frame.time_delta_displayed": "0.125946000", - "frame.time_relative": "2586.919643000", - "frame.number": "9152", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000da06", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000dd44", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "57452", - "udp.port": "1900", - "udp.port": "57452", - "udp.length": "305", - "udp.checksum": "0x0000e4ae", - "udp.checksum.status": "2", - "udp.stream": "164" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "4", - "http.prev_response_in": "9134" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:38.491932000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496178.491932000", - "frame.time_delta": "0.111603000", - "frame.time_delta_displayed": "0.111603000", - "frame.time_relative": "2587.031246000", - "frame.number": "9153", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000da08", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000dd39", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "57452", - "udp.port": "1900", - "udp.port": "57452", - "udp.length": "314", - "udp.checksum": "0x0000f299", - "udp.checksum.status": "2", - "udp.stream": "164" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "5", - "http.prev_response_in": "9152" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:38.491944000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496178.491944000", - "frame.time_delta": "0.000012000", - "frame.time_delta_displayed": "0.000012000", - "frame.time_relative": "2587.031258000", - "frame.number": "9154", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000da09", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000dd3e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "57452", - "udp.port": "1900", - "udp.port": "57452", - "udp.length": "308", - "udp.checksum": "0x00001624", - "udp.checksum.status": "2", - "udp.stream": "164" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "6", - "http.prev_response_in": "9153" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:38.560174000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496178.560174000", - "frame.time_delta": "0.068230000", - "frame.time_delta_displayed": "0.068230000", - "frame.time_relative": "2587.099488000", - "frame.number": "9155", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.242" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:38.560595000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496178.560595000", - "frame.time_delta": "0.000421000", - "frame.time_delta_displayed": "0.000421000", - "frame.time_relative": "2587.099909000", - "frame.number": "9156", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "d0:52:a8:a3:60:0f", - "arp.src.proto_ipv4": "192.168.0.242", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:38.592639000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496178.592639000", - "frame.time_delta": "0.032044000", - "frame.time_delta_displayed": "0.032044000", - "frame.time_relative": "2587.131953000", - "frame.number": "9157", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x0000e612", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000d2a7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "33609", - "udp.dstport": "53", - "udp.port": "33609", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x000032b9", - "udp.checksum.status": "2", - "udp.stream": "166" - }, - "dns": { - "dns.id": "0x00000f3b", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:38.593256000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496178.593256000", - "frame.time_delta": "0.000617000", - "frame.time_delta_displayed": "0.000617000", - "frame.time_relative": "2587.132570000", - "frame.number": "9158", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x0000cd69", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000eb50", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "33609", - "udp.port": "53", - "udp.port": "33609", - "udp.length": "45", - "udp.checksum": "0x00008230", - "udp.checksum.status": "2", - "udp.stream": "166" - }, - "dns": { - "dns.response_to": "9157", - "dns.time": "0.000617000", - "dns.id": "0x00000f3b", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:38.594091000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496178.594091000", - "frame.time_delta": "0.000835000", - "frame.time_delta_displayed": "0.000835000", - "frame.time_relative": "2587.133405000", - "frame.number": "9159", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x0000e613", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000d2a6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "37240", - "udp.dstport": "53", - "udp.port": "37240", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x00003f89", - "udp.checksum.status": "2", - "udp.stream": "167" - }, - "dns": { - "dns.id": "0x00000f3c", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:38.594520000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496178.594520000", - "frame.time_delta": "0.000429000", - "frame.time_delta_displayed": "0.000429000", - "frame.time_relative": "2587.133834000", - "frame.number": "9160", - "frame.len": "95", - "frame.cap_len": "95", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "81", - "ip.id": "0x0000cd6a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000eb3f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "37240", - "udp.port": "53", - "udp.port": "37240", - "udp.length": "61", - "udp.checksum": "0x00008240", - "udp.checksum.status": "2", - "udp.stream": "167" - }, - "dns": { - "dns.response_to": "9159", - "dns.time": "0.000429000", - "dns.id": "0x00000f3c", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "1", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { - "dns.resp.name": "dcp.cpp.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1199", - "dns.resp.len": "4", - "dns.a": "5.79.62.93" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:38.595290000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496178.595290000", - "frame.time_delta": "0.000770000", - "frame.time_delta_displayed": "0.000770000", - "frame.time_relative": "2587.134604000", - "frame.number": "9161", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x0000f0aa", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004525", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35314", - "tcp.dstport": "80", - "tcp.port": "35314", - "tcp.port": "80", - "tcp.stream": "354", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x000085a0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:38.672846000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496178.672846000", - "frame.time_delta": "0.077556000", - "frame.time_delta_displayed": "0.077556000", - "frame.time_relative": "2587.212160000", - "frame.number": "9162", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x0000213a", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e6da", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57452", - "udp.dstport": "1900", - "udp.port": "57452", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x000069f1", - "udp.checksum.status": "2", - "udp.stream": "163" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "3", - "http.prev_request_in": "9138" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:38.731861000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496178.731861000", - "frame.time_delta": "0.059015000", - "frame.time_delta_displayed": "0.059015000", - "frame.time_relative": "2587.271175000", - "frame.number": "9163", - "frame.len": "62", - "frame.cap_len": "62", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "48", - "ip.id": "0x00001673", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x00007460", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35314", - "tcp.port": "80", - "tcp.port": "35314", - "tcp.stream": "354", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "28", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "4140", - "tcp.window_size": "4140", - "tcp.checksum": "0x0000ade0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:64:04:02:00:00", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1380" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "End of Option List (EOL)": { - "tcp.options.type": "0", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "0" - } - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "9161", - "tcp.analysis.ack_rtt": "0.136571000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:38.732388000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496178.732388000", - "frame.time_delta": "0.000527000", - "frame.time_delta_displayed": "0.000527000", - "frame.time_relative": "2587.271702000", - "frame.number": "9164", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000f0ab", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00004530", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35314", - "tcp.dstport": "80", - "tcp.port": "35314", - "tcp.port": "80", - "tcp.stream": "354", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000776f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "9163", - "tcp.analysis.ack_rtt": "0.000527000", - "tcp.analysis.initial_rtt": "0.137098000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:38.732402000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496178.732402000", - "frame.time_delta": "0.000014000", - "frame.time_delta_displayed": "0.000014000", - "frame.time_relative": "2587.271716000", - "frame.number": "9165", - "frame.len": "654", - "frame.cap_len": "654", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "640", - "ip.id": "0x0000f0ac", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000042d7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35314", - "tcp.dstport": "80", - "tcp.port": "35314", - "tcp.port": "80", - "tcp.stream": "354", - "tcp.len": "600", - "tcp.seq": "1", - "tcp.nxtseq": "601", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00000bf6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.137098000", - "tcp.analysis.bytes_in_flight": "600", - "tcp.analysis.push_bytes_sent": "600" - }, - "tcp.segment_data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:32:30:30:22:2c:20:4e:6f:6e:63:65:3d:22:51:35:55:43:63:76:7a:54:68:68:6d:39:49:4e:55:49:65:31:6e:6f:53:67:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:45:55:6a:55:42:31:68:53:30:48:4a:37:62:4d:57:58:48:38:70:43:36:51:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:33:32:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:38.869634000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496178.869634000", - "frame.time_delta": "0.137232000", - "frame.time_delta_displayed": "0.137232000", - "frame.time_relative": "2587.408948000", - "frame.number": "9166", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005079", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x00003a62", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35314", - "tcp.port": "80", - "tcp.port": "35314", - "tcp.stream": "354", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "601", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4740", - "tcp.window_size": "4740", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000d4a3", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "9165", - "tcp.analysis.ack_rtt": "0.137232000", - "tcp.analysis.initial_rtt": "0.137098000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:38.870265000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496178.870265000", - "frame.time_delta": "0.000631000", - "frame.time_delta_displayed": "0.000631000", - "frame.time_relative": "2587.409579000", - "frame.number": "9167", - "frame.len": "1382", - "frame.cap_len": "1382", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:media" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1368", - "ip.id": "0x0000f0ad", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003ffe", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35314", - "tcp.dstport": "80", - "tcp.port": "35314", - "tcp.port": "80", - "tcp.stream": "354", - "tcp.len": "1328", - "tcp.seq": "601", - "tcp.nxtseq": "1929", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000eaa7", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.137098000", - "tcp.analysis.bytes_in_flight": "1328", - "tcp.analysis.push_bytes_sent": "1328" - }, - "tcp.segment_data": "d3:45:ca:b9:62:f3:cf:3c:7b:0a:12:aa:f4:48:e8:93:07:3d:9b:db:94:e9:54:69:30:68:a7:28:24:0b:18:00:bd:ba:0b:7b:b4:2d:21:6c:c5:d7:5d:d3:a1:31:cb:d7:57:7d:54:4e:91:8c:5c:b7:3f:9f:d1:96:35:17:05:1a:d5:30:f6:33:c6:8b:26:9c:74:5a:77:f7:47:b0:6b:3d:6f:9d:b9:8b:39:d4:29:c1:44:0b:62:28:f8:5e:d6:e7:9b:18:79:6b:e6:04:51:c2:bb:44:e4:bc:10:82:06:29:b8:70:23:82:82:64:fa:2b:d9:aa:c8:f9:cb:db:3d:a3:03:d9:f4:42:3e:ca:c9:51:69:72:b8:62:17:ed:fe:75:58:b6:5b:15:98:10:0e:91:38:f8:09:28:a0:9a:78:bc:d3:aa:a1:03:b4:78:c7:84:54:53:59:85:9c:3a:82:91:fd:9f:84:07:2d:69:c4:4e:12:0a:81:72:da:7c:aa:11:48:22:c0:0a:1f:88:b3:21:c5:a3:0c:9e:d6:1f:ec:94:4e:99:5c:c7:d9:14:44:8f:60:07:24:ee:3a:45:b1:f0:7a:5b:73:06:fe:65:2b:e8:ab:ea:19:e7:79:c9:3d:80:8b:17:aa:ca:03:96:98:7e:ea:39:1d:1c:ed:aa:b2:52:cf:ba:55:fb:5c:db:16:0c:6f:75:12:65:8c:1a:32:73:7e:24:22:b7:9a:a5:5b:ff:0d:82:8c:b8:42:5d:01:18:09:5b:4b:47:9b:68:ae:64:30:a7:d5:89:39:fa:1f:f1:16:0d:62:79:c8:5c:2f:13:76:db:1e:4f:ed:c2:e1:c8:26:02:27:a6:ad:01:55:06:d4:d9:26:69:2d:83:12:c8:27:fb:93:92:63:4e:dc:ba:9c:ad:1a:6f:c9:94:fb:ca:45:d0:6b:6b:e5:81:ea:41:9e:c4:88:e9:fa:8b:b9:20:f5:21:f5:d9:a5:54:dc:d2:33:8e:51:ce:ec:e5:e1:47:3b:96:f6:43:6f:93:c7:de:87:e4:7b:e3:75:bf:64:eb:f8:29:70:4e:38:b8:60:fc:6d:a4:ba:82:97:6a:85:d4:df:f2:65:ae:03:e1:25:7a:44:01:44:20:c3:9f:d8:9d:5c:83:59:45:bb:07:38:22:73:b6:ce:02:25:69:c6:ee:0b:b1:78:d8:7d:72:42:89:c1:a1:f3:df:98:fb:4d:0d:43:5a:e3:03:6f:95:64:23:50:f4:e5:f0:83:c2:1b:98:5e:2a:6d:84:0c:42:9d:f7:37:8e:ea:9c:dc:5f:f8:4f:da:ce:69:2a:a3:8f:ef:84:23:b3:50:c1:f4:46:a0:2a:99:c9:42:8e:e4:22:ed:fe:dc:31:03:1a:32:52:2b:9f:f7:bf:f0:82:15:bb:df:59:3a:e7:41:f0:f1:16:2f:dc:76:50:25:ce:28:f3:d8:6c:75:44:f8:d3:0f:50:01:bd:6f:e9:da:bd:e6:18:e5:89:47:ab:5e:63:29:ba:4e:97:83:f9:8d:f7:e0:62:ca:00:76:fe:9d:dd:e3:5e:94:4d:be:6d:35:ea:63:de:46:17:91:b7:fe:9a:67:37:08:df:f9:16:22:ae:a3:53:d6:47:d3:c0:1b:f7:44:2a:76:39:72:34:64:32:51:a3:23:e9:30:b7:5a:5a:1e:8f:22:97:10:73:91:44:ca:91:5a:dc:da:a5:17:cc:3b:87:7c:c9:7a:02:e3:ee:e6:20:bc:26:c7:cf:f2:b7:9f:54:8d:d4:cb:31:fe:af:bb:5d:ca:e9:ac:8e:9c:3d:b0:35:3f:d1:ed:3f:1f:08:de:29:c1:9f:8e:8c:44:13:fa:9b:a2:9c:84:4a:db:61:70:b2:ee:3a:cd:5c:43:ee:54:5a:71:5f:00:03:66:3e:1a:72:06:ff:6f:2a:10:53:15:25:5e:24:08:0a:e4:89:9a:d9:6e:0b:7b:de:33:e0:15:b8:86:9f:76:5c:36:c2:a7:23:66:8f:ca:25:97:5c:84:90:b0:c2:a3:e2:6d:2e:9e:e7:94:6e:b8:93:62:03:e1:e5:16:6c:bf:36:63:f6:54:b2:96:08:17:ef:a5:d8:a2:36:58:8f:54:40:c8:4e:63:0e:03:1a:9c:65:11:dc:dd:a7:11:49:95:7a:1e:97:e5:52:75:bc:e6:e5:63:bc:be:f4:59:77:e4:c0:5e:9f:34:04:08:92:73:75:34:09:5f:7d:b2:cd:ac:15:59:4d:68:5a:11:32:7d:98:4f:2e:73:f7:f5:88:f0:51:1c:df:f9:1e:f8:d7:f4:11:b3:e1:38:21:7f:2e:fa:30:7e:4d:8c:ea:bb:58:a4:96:17:d8:98:c2:fa:4c:7e:8c:29:0e:31:b1:49:2a:06:e3:8f:85:a9:59:17:c1:02:e2:1f:97:f3:5b:4f:83:76:7a:9d:03:00:c3:c6:26:eb:95:6b:bf:e1:5d:de:c3:11:ec:45:23:ee:33:a4:39:f1:dd:f7:e7:64:2c:7a:01:8d:ae:71:a6:55:7f:5f:21:17:e2:bf:ae:dc:d2:38:aa:96:17:bf:9c:51:86:54:1a:9c:73:a1:70:de:06:2a:d3:c0:fb:e0:93:8a:49:73:3c:ae:3e:68:ee:bf:90:b3:ee:6c:5b:db:64:d9:6d:35:93:69:8e:9a:81:b5:06:0d:32:67:d9:e9:16:d8:ee:cf:48:c6:04:17:ae:73:bb:70:bf:f4:f8:10:05:2f:5a:57:63:1f:ab:55:06:cf:24:28:87:4b:9c:41:0d:3d:b6:ea:53:0f:a1:78:6e:e5:ed:fb:0c:dc:fa:6e:fe:3c:6d:c5:5d:d0:82:a9:f4:d5:a6:eb:54:08:a6:5b:a1:41:d5:02:94:4e:9d:a5:06:1b:99:c7:7e:d8:29:f4:c8:60:11:d6:a4:0e:f4:b0:b5:22:40:65:71:80:5f:4a:74:b3:bb:e3:b1:d9:e8:a6:b5:22:c9:a5:55:fe:9e:bf:2e:a0:1f:54:7f:8e:67:d7:13:76:8f:85:6e:0f:74:49:73:48:0c:0f:98:d6:d9:8e:25:99:36:2a:e2:d9:3d:1d:63:cc:bd:53:66:7c:43:50:ea:d7:3e:26:14:78:77:e0:91:01:b1:9c:31:3f:4a:af:7e:14:43:ca:ed:2b:f7:fb:9b:df:a5:82:aa:28:07:29:d7:50:6f:c5:f0:5b:1a:ea:47:1e:ad:65:4a:f4:f7:dd:9a:31:b4:cc:e7:82:3c:6e:1d:a2:a0:0a:fa:5d:74:0e:ce:7c:47:28:f7:ee:83:4d:59:46:b5:6d:93:54:79:a7:38:d3:df:e0:6f:36:9b:c8:06:ef:67:0a:f1:74:60:c2:cd:3e:a4:30:fe:db:57:2a:31:cb:73:be:73:fe:6b:34:01:7c:b1:f2:c2:02:26:9c:63:4f:8c:37:26:53:13:9b:88:a8:83:a2:15:d8:25:ed:46:f6:b9:e8:22:e8:f6:1e:fa:96:9e:fd:de:61:7e:d4:01:5d:cb:75:3c" - }, - "tcp.segments": { - "tcp.segment": "9165", - "tcp.segment": "9167", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1928", - "tcp.reassembled.data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:32:30:30:22:2c:20:4e:6f:6e:63:65:3d:22:51:35:55:43:63:76:7a:54:68:68:6d:39:49:4e:55:49:65:31:6e:6f:53:67:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:45:55:6a:55:42:31:68:53:30:48:4a:37:62:4d:57:58:48:38:70:43:36:51:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:33:32:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a:d3:45:ca:b9:62:f3:cf:3c:7b:0a:12:aa:f4:48:e8:93:07:3d:9b:db:94:e9:54:69:30:68:a7:28:24:0b:18:00:bd:ba:0b:7b:b4:2d:21:6c:c5:d7:5d:d3:a1:31:cb:d7:57:7d:54:4e:91:8c:5c:b7:3f:9f:d1:96:35:17:05:1a:d5:30:f6:33:c6:8b:26:9c:74:5a:77:f7:47:b0:6b:3d:6f:9d:b9:8b:39:d4:29:c1:44:0b:62:28:f8:5e:d6:e7:9b:18:79:6b:e6:04:51:c2:bb:44:e4:bc:10:82:06:29:b8:70:23:82:82:64:fa:2b:d9:aa:c8:f9:cb:db:3d:a3:03:d9:f4:42:3e:ca:c9:51:69:72:b8:62:17:ed:fe:75:58:b6:5b:15:98:10:0e:91:38:f8:09:28:a0:9a:78:bc:d3:aa:a1:03:b4:78:c7:84:54:53:59:85:9c:3a:82:91:fd:9f:84:07:2d:69:c4:4e:12:0a:81:72:da:7c:aa:11:48:22:c0:0a:1f:88:b3:21:c5:a3:0c:9e:d6:1f:ec:94:4e:99:5c:c7:d9:14:44:8f:60:07:24:ee:3a:45:b1:f0:7a:5b:73:06:fe:65:2b:e8:ab:ea:19:e7:79:c9:3d:80:8b:17:aa:ca:03:96:98:7e:ea:39:1d:1c:ed:aa:b2:52:cf:ba:55:fb:5c:db:16:0c:6f:75:12:65:8c:1a:32:73:7e:24:22:b7:9a:a5:5b:ff:0d:82:8c:b8:42:5d:01:18:09:5b:4b:47:9b:68:ae:64:30:a7:d5:89:39:fa:1f:f1:16:0d:62:79:c8:5c:2f:13:76:db:1e:4f:ed:c2:e1:c8:26:02:27:a6:ad:01:55:06:d4:d9:26:69:2d:83:12:c8:27:fb:93:92:63:4e:dc:ba:9c:ad:1a:6f:c9:94:fb:ca:45:d0:6b:6b:e5:81:ea:41:9e:c4:88:e9:fa:8b:b9:20:f5:21:f5:d9:a5:54:dc:d2:33:8e:51:ce:ec:e5:e1:47:3b:96:f6:43:6f:93:c7:de:87:e4:7b:e3:75:bf:64:eb:f8:29:70:4e:38:b8:60:fc:6d:a4:ba:82:97:6a:85:d4:df:f2:65:ae:03:e1:25:7a:44:01:44:20:c3:9f:d8:9d:5c:83:59:45:bb:07:38:22:73:b6:ce:02:25:69:c6:ee:0b:b1:78:d8:7d:72:42:89:c1:a1:f3:df:98:fb:4d:0d:43:5a:e3:03:6f:95:64:23:50:f4:e5:f0:83:c2:1b:98:5e:2a:6d:84:0c:42:9d:f7:37:8e:ea:9c:dc:5f:f8:4f:da:ce:69:2a:a3:8f:ef:84:23:b3:50:c1:f4:46:a0:2a:99:c9:42:8e:e4:22:ed:fe:dc:31:03:1a:32:52:2b:9f:f7:bf:f0:82:15:bb:df:59:3a:e7:41:f0:f1:16:2f:dc:76:50:25:ce:28:f3:d8:6c:75:44:f8:d3:0f:50:01:bd:6f:e9:da:bd:e6:18:e5:89:47:ab:5e:63:29:ba:4e:97:83:f9:8d:f7:e0:62:ca:00:76:fe:9d:dd:e3:5e:94:4d:be:6d:35:ea:63:de:46:17:91:b7:fe:9a:67:37:08:df:f9:16:22:ae:a3:53:d6:47:d3:c0:1b:f7:44:2a:76:39:72:34:64:32:51:a3:23:e9:30:b7:5a:5a:1e:8f:22:97:10:73:91:44:ca:91:5a:dc:da:a5:17:cc:3b:87:7c:c9:7a:02:e3:ee:e6:20:bc:26:c7:cf:f2:b7:9f:54:8d:d4:cb:31:fe:af:bb:5d:ca:e9:ac:8e:9c:3d:b0:35:3f:d1:ed:3f:1f:08:de:29:c1:9f:8e:8c:44:13:fa:9b:a2:9c:84:4a:db:61:70:b2:ee:3a:cd:5c:43:ee:54:5a:71:5f:00:03:66:3e:1a:72:06:ff:6f:2a:10:53:15:25:5e:24:08:0a:e4:89:9a:d9:6e:0b:7b:de:33:e0:15:b8:86:9f:76:5c:36:c2:a7:23:66:8f:ca:25:97:5c:84:90:b0:c2:a3:e2:6d:2e:9e:e7:94:6e:b8:93:62:03:e1:e5:16:6c:bf:36:63:f6:54:b2:96:08:17:ef:a5:d8:a2:36:58:8f:54:40:c8:4e:63:0e:03:1a:9c:65:11:dc:dd:a7:11:49:95:7a:1e:97:e5:52:75:bc:e6:e5:63:bc:be:f4:59:77:e4:c0:5e:9f:34:04:08:92:73:75:34:09:5f:7d:b2:cd:ac:15:59:4d:68:5a:11:32:7d:98:4f:2e:73:f7:f5:88:f0:51:1c:df:f9:1e:f8:d7:f4:11:b3:e1:38:21:7f:2e:fa:30:7e:4d:8c:ea:bb:58:a4:96:17:d8:98:c2:fa:4c:7e:8c:29:0e:31:b1:49:2a:06:e3:8f:85:a9:59:17:c1:02:e2:1f:97:f3:5b:4f:83:76:7a:9d:03:00:c3:c6:26:eb:95:6b:bf:e1:5d:de:c3:11:ec:45:23:ee:33:a4:39:f1:dd:f7:e7:64:2c:7a:01:8d:ae:71:a6:55:7f:5f:21:17:e2:bf:ae:dc:d2:38:aa:96:17:bf:9c:51:86:54:1a:9c:73:a1:70:de:06:2a:d3:c0:fb:e0:93:8a:49:73:3c:ae:3e:68:ee:bf:90:b3:ee:6c:5b:db:64:d9:6d:35:93:69:8e:9a:81:b5:06:0d:32:67:d9:e9:16:d8:ee:cf:48:c6:04:17:ae:73:bb:70:bf:f4:f8:10:05:2f:5a:57:63:1f:ab:55:06:cf:24:28:87:4b:9c:41:0d:3d:b6:ea:53:0f:a1:78:6e:e5:ed:fb:0c:dc:fa:6e:fe:3c:6d:c5:5d:d0:82:a9:f4:d5:a6:eb:54:08:a6:5b:a1:41:d5:02:94:4e:9d:a5:06:1b:99:c7:7e:d8:29:f4:c8:60:11:d6:a4:0e:f4:b0:b5:22:40:65:71:80:5f:4a:74:b3:bb:e3:b1:d9:e8:a6:b5:22:c9:a5:55:fe:9e:bf:2e:a0:1f:54:7f:8e:67:d7:13:76:8f:85:6e:0f:74:49:73:48:0c:0f:98:d6:d9:8e:25:99:36:2a:e2:d9:3d:1d:63:cc:bd:53:66:7c:43:50:ea:d7:3e:26:14:78:77:e0:91:01:b1:9c:31:3f:4a:af:7e:14:43:ca:ed:2b:f7:fb:9b:df:a5:82:aa:28:07:29:d7:50:6f:c5:f0:5b:1a:ea:47:1e:ad:65:4a:f4:f7:dd:9a:31:b4:cc:e7:82:3c:6e:1d:a2:a0:0a:fa:5d:74:0e:ce:7c:47:28:f7:ee:83:4d:59:46:b5:6d:93:54:79:a7:38:d3:df:e0:6f:36:9b:c8:06:ef:67:0a:f1:74:60:c2:cd:3e:a4:30:fe:db:57:2a:31:cb:73:be:73:fe:6b:34:01:7c:b1:f2:c2:02:26:9c:63:4f:8c:37:26:53:13:9b:88:a8:83:a2:15:d8:25:ed:46:f6:b9:e8:22:e8:f6:1e:fa:96:9e:fd:de:61:7e:d4:01:5d:cb:75:3c" - }, - "http": { - "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "POST", - "http.request.uri": "\/DcpRequestHandler\/index.ashx", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "dcp.cpp.philips.com:80", - "http.request.line": "Host: dcp.cpp.philips.com:80\r\n", - "http.authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"200\", Nonce=\"Q5UCcvzThhm9INUIe1noSg==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"EUjUB1hS0HJ7bMWXH8pC6Q==\"", - "http.request.line": "Authorization: CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"200\", Nonce=\"Q5UCcvzThhm9INUIe1noSg==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"EUjUB1hS0HJ7bMWXH8pC6Q==\"\r\n", - "http.content_length_header": "1328 ", - "http.content_length_header_tree": { - "http.content_length": "1328" - }, - "http.request.line": "Content-Length: 1328 \r\n", - "http.content_type": "application\/CB-Encrypted; cipher=AES", - "http.request.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", - "http.connection": "close", - "http.request.line": "Connection: close\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/dcp.cpp.philips.com:80\/DcpRequestHandler\/index.ashx", - "http.request": "1", - "http.request_number": "1", - "http.file_data": "\u00ef\u00bf\u00bdE\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdb\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd<{\n\u0012\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdH\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0007=\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdTi0h\u00ef\u00bf\u00bd($\u000b\u0018" - }, - "media": { - "media.type": "d3:45:ca:b9:62:f3:cf:3c:7b:0a:12:aa:f4:48:e8:93:07:3d:9b:db:94:e9:54:69:30:68:a7:28:24:0b:18:00:bd:ba:0b:7b:b4:2d:21:6c:c5:d7:5d:d3:a1:31:cb:d7:57:7d:54:4e:91:8c:5c:b7:3f:9f:d1:96:35:17:05:1a:d5:30:f6:33:c6:8b:26:9c:74:5a:77:f7:47:b0:6b:3d:6f:9d:b9:8b:39:d4:29:c1:44:0b:62:28:f8:5e:d6:e7:9b:18:79:6b:e6:04:51:c2:bb:44:e4:bc:10:82:06:29:b8:70:23:82:82:64:fa:2b:d9:aa:c8:f9:cb:db:3d:a3:03:d9:f4:42:3e:ca:c9:51:69:72:b8:62:17:ed:fe:75:58:b6:5b:15:98:10:0e:91:38:f8:09:28:a0:9a:78:bc:d3:aa:a1:03:b4:78:c7:84:54:53:59:85:9c:3a:82:91:fd:9f:84:07:2d:69:c4:4e:12:0a:81:72:da:7c:aa:11:48:22:c0:0a:1f:88:b3:21:c5:a3:0c:9e:d6:1f:ec:94:4e:99:5c:c7:d9:14:44:8f:60:07:24:ee:3a:45:b1:f0:7a:5b:73:06:fe:65:2b:e8:ab:ea:19:e7:79:c9:3d:80:8b:17:aa:ca:03:96:98:7e:ea:39:1d:1c:ed:aa:b2:52:cf:ba:55:fb:5c:db:16:0c:6f:75:12:65:8c:1a:32:73:7e:24:22:b7:9a:a5:5b:ff:0d:82:8c:b8:42:5d:01:18:09:5b:4b:47:9b:68:ae:64:30:a7:d5:89:39:fa:1f:f1:16:0d:62:79:c8:5c:2f:13:76:db:1e:4f:ed:c2:e1:c8:26:02:27:a6:ad:01:55:06:d4:d9:26:69:2d:83:12:c8:27:fb:93:92:63:4e:dc:ba:9c:ad:1a:6f:c9:94:fb:ca:45:d0:6b:6b:e5:81:ea:41:9e:c4:88:e9:fa:8b:b9:20:f5:21:f5:d9:a5:54:dc:d2:33:8e:51:ce:ec:e5:e1:47:3b:96:f6:43:6f:93:c7:de:87:e4:7b:e3:75:bf:64:eb:f8:29:70:4e:38:b8:60:fc:6d:a4:ba:82:97:6a:85:d4:df:f2:65:ae:03:e1:25:7a:44:01:44:20:c3:9f:d8:9d:5c:83:59:45:bb:07:38:22:73:b6:ce:02:25:69:c6:ee:0b:b1:78:d8:7d:72:42:89:c1:a1:f3:df:98:fb:4d:0d:43:5a:e3:03:6f:95:64:23:50:f4:e5:f0:83:c2:1b:98:5e:2a:6d:84:0c:42:9d:f7:37:8e:ea:9c:dc:5f:f8:4f:da:ce:69:2a:a3:8f:ef:84:23:b3:50:c1:f4:46:a0:2a:99:c9:42:8e:e4:22:ed:fe:dc:31:03:1a:32:52:2b:9f:f7:bf:f0:82:15:bb:df:59:3a:e7:41:f0:f1:16:2f:dc:76:50:25:ce:28:f3:d8:6c:75:44:f8:d3:0f:50:01:bd:6f:e9:da:bd:e6:18:e5:89:47:ab:5e:63:29:ba:4e:97:83:f9:8d:f7:e0:62:ca:00:76:fe:9d:dd:e3:5e:94:4d:be:6d:35:ea:63:de:46:17:91:b7:fe:9a:67:37:08:df:f9:16:22:ae:a3:53:d6:47:d3:c0:1b:f7:44:2a:76:39:72:34:64:32:51:a3:23:e9:30:b7:5a:5a:1e:8f:22:97:10:73:91:44:ca:91:5a:dc:da:a5:17:cc:3b:87:7c:c9:7a:02:e3:ee:e6:20:bc:26:c7:cf:f2:b7:9f:54:8d:d4:cb:31:fe:af:bb:5d:ca:e9:ac:8e:9c:3d:b0:35:3f:d1:ed:3f:1f:08:de:29:c1:9f:8e:8c:44:13:fa:9b:a2:9c:84:4a:db:61:70:b2:ee:3a:cd:5c:43:ee:54:5a:71:5f:00:03:66:3e:1a:72:06:ff:6f:2a:10:53:15:25:5e:24:08:0a:e4:89:9a:d9:6e:0b:7b:de:33:e0:15:b8:86:9f:76:5c:36:c2:a7:23:66:8f:ca:25:97:5c:84:90:b0:c2:a3:e2:6d:2e:9e:e7:94:6e:b8:93:62:03:e1:e5:16:6c:bf:36:63:f6:54:b2:96:08:17:ef:a5:d8:a2:36:58:8f:54:40:c8:4e:63:0e:03:1a:9c:65:11:dc:dd:a7:11:49:95:7a:1e:97:e5:52:75:bc:e6:e5:63:bc:be:f4:59:77:e4:c0:5e:9f:34:04:08:92:73:75:34:09:5f:7d:b2:cd:ac:15:59:4d:68:5a:11:32:7d:98:4f:2e:73:f7:f5:88:f0:51:1c:df:f9:1e:f8:d7:f4:11:b3:e1:38:21:7f:2e:fa:30:7e:4d:8c:ea:bb:58:a4:96:17:d8:98:c2:fa:4c:7e:8c:29:0e:31:b1:49:2a:06:e3:8f:85:a9:59:17:c1:02:e2:1f:97:f3:5b:4f:83:76:7a:9d:03:00:c3:c6:26:eb:95:6b:bf:e1:5d:de:c3:11:ec:45:23:ee:33:a4:39:f1:dd:f7:e7:64:2c:7a:01:8d:ae:71:a6:55:7f:5f:21:17:e2:bf:ae:dc:d2:38:aa:96:17:bf:9c:51:86:54:1a:9c:73:a1:70:de:06:2a:d3:c0:fb:e0:93:8a:49:73:3c:ae:3e:68:ee:bf:90:b3:ee:6c:5b:db:64:d9:6d:35:93:69:8e:9a:81:b5:06:0d:32:67:d9:e9:16:d8:ee:cf:48:c6:04:17:ae:73:bb:70:bf:f4:f8:10:05:2f:5a:57:63:1f:ab:55:06:cf:24:28:87:4b:9c:41:0d:3d:b6:ea:53:0f:a1:78:6e:e5:ed:fb:0c:dc:fa:6e:fe:3c:6d:c5:5d:d0:82:a9:f4:d5:a6:eb:54:08:a6:5b:a1:41:d5:02:94:4e:9d:a5:06:1b:99:c7:7e:d8:29:f4:c8:60:11:d6:a4:0e:f4:b0:b5:22:40:65:71:80:5f:4a:74:b3:bb:e3:b1:d9:e8:a6:b5:22:c9:a5:55:fe:9e:bf:2e:a0:1f:54:7f:8e:67:d7:13:76:8f:85:6e:0f:74:49:73:48:0c:0f:98:d6:d9:8e:25:99:36:2a:e2:d9:3d:1d:63:cc:bd:53:66:7c:43:50:ea:d7:3e:26:14:78:77:e0:91:01:b1:9c:31:3f:4a:af:7e:14:43:ca:ed:2b:f7:fb:9b:df:a5:82:aa:28:07:29:d7:50:6f:c5:f0:5b:1a:ea:47:1e:ad:65:4a:f4:f7:dd:9a:31:b4:cc:e7:82:3c:6e:1d:a2:a0:0a:fa:5d:74:0e:ce:7c:47:28:f7:ee:83:4d:59:46:b5:6d:93:54:79:a7:38:d3:df:e0:6f:36:9b:c8:06:ef:67:0a:f1:74:60:c2:cd:3e:a4:30:fe:db:57:2a:31:cb:73:be:73:fe:6b:34:01:7c:b1:f2:c2:02:26:9c:63:4f:8c:37:26:53:13:9b:88:a8:83:a2:15:d8:25:ed:46:f6:b9:e8:22:e8:f6:1e:fa:96:9e:fd:de:61:7e:d4:01:5d:cb:75:3c" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:39.009101000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496179.009101000", - "frame.time_delta": "0.138836000", - "frame.time_delta_displayed": "0.138836000", - "frame.time_relative": "2587.548415000", - "frame.number": "9168", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00008a5b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x00000080", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35314", - "tcp.port": "80", - "tcp.port": "35314", - "tcp.stream": "354", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1929", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "6068", - "tcp.window_size": "6068", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000ca43", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "9167", - "tcp.analysis.ack_rtt": "0.138836000", - "tcp.analysis.initial_rtt": "0.137098000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:39.012290000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496179.012290000", - "frame.time_delta": "0.003189000", - "frame.time_delta_displayed": "0.003189000", - "frame.time_relative": "2587.551604000", - "frame.number": "9169", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000da0d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000dd3d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "57452", - "udp.port": "1900", - "udp.port": "57452", - "udp.length": "305", - "udp.checksum": "0x0000e4ae", - "udp.checksum.status": "2", - "udp.stream": "164" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "7", - "http.prev_response_in": "9154" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:39.012906000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496179.012906000", - "frame.time_delta": "0.000616000", - "frame.time_delta_displayed": "0.000616000", - "frame.time_relative": "2587.552220000", - "frame.number": "9170", - "frame.len": "1434", - "frame.cap_len": "1434", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1420", - "ip.id": "0x00008b56", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x0000fa20", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35314", - "tcp.port": "80", - "tcp.port": "35314", - "tcp.stream": "354", - "tcp.len": "1380", - "tcp.seq": "1", - "tcp.nxtseq": "1381", - "tcp.ack": "1929", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "6068", - "tcp.window_size": "6068", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00000a73", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.137098000", - "tcp.analysis.bytes_in_flight": "1380", - "tcp.analysis.push_bytes_sent": "1380" - }, - "tcp.segment_data": "48:54:54:50:2f:31:2e:31:20:34:30:31:20:55:6e:61:75:74:68:6f:72:69:7a:65:64:0d:0a:43:61:63:68:65:2d:43:6f:6e:74:72:6f:6c:3a:20:70:72:69:76:61:74:65:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:74:65:78:74:2f:68:74:6d:6c:0d:0a:53:65:72:76:65:72:3a:20:4d:69:63:72:6f:73:6f:66:74:2d:49:49:53:2f:37:2e:35:0d:0a:57:57:57:2d:41:75:74:68:65:6e:74:69:63:61:74:65:3a:20:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:52:65:6e:65:77:4e:6f:6e:63:65:3d:22:54:72:75:65:22:2c:20:4e:6f:6e:63:65:3d:22:49:32:4b:38:5a:52:39:53:45:4b:4f:2f:49:4e:55:49:72:77:69:54:65:77:3d:3d:22:0d:0a:58:2d:41:73:70:4e:65:74:2d:56:65:72:73:69:6f:6e:3a:20:34:2e:30:2e:33:30:33:31:39:0d:0a:58:2d:50:6f:77:65:72:65:64:2d:42:79:3a:20:41:53:50:2e:4e:45:54:0d:0a:44:61:74:65:3a:20:57:65:64:2c:20:30:31:20:4e:6f:76:20:32:30:31:37:20:30:30:3a:32:39:3a:33:38:20:47:4d:54:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:39:33:0d:0a:0d:0a:3c:21:44:4f:43:54:59:50:45:20:68:74:6d:6c:20:50:55:42:4c:49:43:20:22:2d:2f:2f:57:33:43:2f:2f:44:54:44:20:58:48:54:4d:4c:20:31:2e:30:20:53:74:72:69:63:74:2f:2f:45:4e:22:20:22:68:74:74:70:3a:2f:2f:77:77:77:2e:77:33:2e:6f:72:67:2f:54:52:2f:78:68:74:6d:6c:31:2f:44:54:44:2f:78:68:74:6d:6c:31:2d:73:74:72:69:63:74:2e:64:74:64:22:3e:0d:0a:3c:68:74:6d:6c:20:78:6d:6c:6e:73:3d:22:68:74:74:70:3a:2f:2f:77:77:77:2e:77:33:2e:6f:72:67:2f:31:39:39:39:2f:78:68:74:6d:6c:22:3e:0d:0a:3c:68:65:61:64:3e:0d:0a:3c:6d:65:74:61:20:68:74:74:70:2d:65:71:75:69:76:3d:22:43:6f:6e:74:65:6e:74:2d:54:79:70:65:22:20:63:6f:6e:74:65:6e:74:3d:22:74:65:78:74:2f:68:74:6d:6c:3b:20:63:68:61:72:73:65:74:3d:69:73:6f:2d:38:38:35:39:2d:31:22:2f:3e:0d:0a:3c:74:69:74:6c:65:3e:34:30:31:20:2d:20:55:6e:61:75:74:68:6f:72:69:7a:65:64:3a:20:41:63:63:65:73:73:20:69:73:20:64:65:6e:69:65:64:20:64:75:65:20:74:6f:20:69:6e:76:61:6c:69:64:20:63:72:65:64:65:6e:74:69:61:6c:73:2e:3c:2f:74:69:74:6c:65:3e:0d:0a:3c:73:74:79:6c:65:20:74:79:70:65:3d:22:74:65:78:74:2f:63:73:73:22:3e:0d:0a:3c:21:2d:2d:0d:0a:62:6f:64:79:7b:6d:61:72:67:69:6e:3a:30:3b:66:6f:6e:74:2d:73:69:7a:65:3a:2e:37:65:6d:3b:66:6f:6e:74:2d:66:61:6d:69:6c:79:3a:56:65:72:64:61:6e:61:2c:20:41:72:69:61:6c:2c:20:48:65:6c:76:65:74:69:63:61:2c:20:73:61:6e:73:2d:73:65:72:69:66:3b:62:61:63:6b:67:72:6f:75:6e:64:3a:23:45:45:45:45:45:45:3b:7d:0d:0a:66:69:65:6c:64:73:65:74:7b:70:61:64:64:69:6e:67:3a:30:20:31:35:70:78:20:31:30:70:78:20:31:35:70:78:3b:7d:20:0d:0a:68:31:7b:66:6f:6e:74:2d:73:69:7a:65:3a:32:2e:34:65:6d:3b:6d:61:72:67:69:6e:3a:30:3b:63:6f:6c:6f:72:3a:23:46:46:46:3b:7d:0d:0a:68:32:7b:66:6f:6e:74:2d:73:69:7a:65:3a:31:2e:37:65:6d:3b:6d:61:72:67:69:6e:3a:30:3b:63:6f:6c:6f:72:3a:23:43:43:30:30:30:30:3b:7d:20:0d:0a:68:33:7b:66:6f:6e:74:2d:73:69:7a:65:3a:31:2e:32:65:6d:3b:6d:61:72:67:69:6e:3a:31:30:70:78:20:30:20:30:20:30:3b:63:6f:6c:6f:72:3a:23:30:30:30:30:30:30:3b:7d:20:0d:0a:23:68:65:61:64:65:72:7b:77:69:64:74:68:3a:39:36:25:3b:6d:61:72:67:69:6e:3a:30:20:30:20:30:20:30:3b:70:61:64:64:69:6e:67:3a:36:70:78:20:32:25:20:36:70:78:20:32:25:3b:66:6f:6e:74:2d:66:61:6d:69:6c:79:3a:22:74:72:65:62:75:63:68:65:74:20:4d:53:22:2c:20:56:65:72:64:61:6e:61:2c:20:73:61:6e:73:2d:73:65:72:69:66:3b:63:6f:6c:6f:72:3a:23:46:46:46:3b:0d:0a:62:61:63:6b:67:72:6f:75:6e:64:2d:63:6f:6c:6f:72:3a:23:35:35:35:35:35:35:3b:7d:0d:0a:23:63:6f:6e:74:65:6e:74:7b:6d:61:72:67:69:6e:3a:30:20:30:20:30:20:32:25:3b:70:6f:73:69:74:69:6f:6e:3a:72:65:6c:61:74:69:76:65:3b:7d:0d:0a:2e:63:6f:6e:74:65:6e:74:2d:63:6f:6e:74:61:69:6e:65:72:7b:62:61:63:6b:67:72:6f:75:6e:64:3a:23:46:46:46:3b:77:69:64:74:68:3a:39:36:25:3b:6d:61:72:67:69:6e:2d:74:6f:70:3a:38:70:78:3b:70:61:64:64:69:6e:67:3a:31:30:70:78:3b:70:6f:73:69:74:69:6f:6e:3a:72:65:6c:61:74:69:76:65:3b:7d:0d:0a:2d:2d:3e:0d:0a:3c:2f:73:74:79:6c:65:3e:0d:0a:3c:2f:68:65:61:64:3e:0d:0a:3c:62:6f:64:79:3e:0d:0a:3c:64:69:76:20:69:64:3d:22:68:65:61:64:65:72:22:3e:3c:68:31:3e:53:65:72:76:65:72:20:45:72:72:6f:72:3c:2f:68:31:3e:3c:2f:64:69:76:3e:0d:0a:3c:64:69:76:20:69:64:3d:22:63:6f:6e:74:65:6e:74:22:3e:0d:0a:20:3c:64:69:76:20:63:6c:61:73:73:3d:22:63:6f:6e:74:65:6e:74:2d:63:6f:6e:74:61:69:6e:65:72:22:3e:3c:66:69:65:6c:64:73" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:39.012932000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496179.012932000", - "frame.time_delta": "0.000026000", - "frame.time_delta_displayed": "0.000026000", - "frame.time_relative": "2587.552246000", - "frame.number": "9171", - "frame.len": "134", - "frame.cap_len": "134", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "120", - "ip.id": "0x00008b57", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x0000ff33", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35314", - "tcp.port": "80", - "tcp.port": "35314", - "tcp.stream": "354", - "tcp.len": "80", - "tcp.seq": "1381", - "tcp.nxtseq": "1461", - "tcp.ack": "1929", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "6068", - "tcp.window_size": "6068", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000055f", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.137098000", - "tcp.analysis.bytes_in_flight": "1460", - "tcp.analysis.push_bytes_sent": "1460" - }, - "tcp.segment_data": "65:74:3e:0d:0a:20:20:3c:68:32:3e:34:30:31:20:2d:20:55:6e:61:75:74:68:6f:72:69:7a:65:64:3a:20:41:63:63:65:73:73:20:69:73:20:64:65:6e:69:65:64:20:64:75:65:20:74:6f:20:69:6e:76:61:6c:69:64:20:63:72:65:64:65:6e:74:69:61:6c:73:2e:3c:2f:68:32:3e" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:39.013009000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496179.013009000", - "frame.time_delta": "0.000077000", - "frame.time_delta_displayed": "0.000077000", - "frame.time_relative": "2587.552323000", - "frame.number": "9172", - "frame.len": "213", - "frame.cap_len": "213", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:data-text-lines" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "199", - "ip.id": "0x00008b58", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x0000fee3", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35314", - "tcp.port": "80", - "tcp.port": "35314", - "tcp.stream": "354", - "tcp.len": "159", - "tcp.seq": "1461", - "tcp.nxtseq": "1620", - "tcp.ack": "1929", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "6068", - "tcp.window_size": "6068", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00005ec2", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.137098000", - "tcp.analysis.bytes_in_flight": "1619", - "tcp.analysis.push_bytes_sent": "159" - }, - "tcp.segment_data": "0d:0a:20:20:3c:68:33:3e:59:6f:75:20:64:6f:20:6e:6f:74:20:68:61:76:65:20:70:65:72:6d:69:73:73:69:6f:6e:20:74:6f:20:76:69:65:77:20:74:68:69:73:20:64:69:72:65:63:74:6f:72:79:20:6f:72:20:70:61:67:65:20:75:73:69:6e:67:20:74:68:65:20:63:72:65:64:65:6e:74:69:61:6c:73:20:74:68:61:74:20:79:6f:75:20:73:75:70:70:6c:69:65:64:2e:3c:2f:68:33:3e:0d:0a:20:3c:2f:66:69:65:6c:64:73:65:74:3e:3c:2f:64:69:76:3e:0d:0a:3c:2f:64:69:76:3e:0d:0a:3c:2f:62:6f:64:79:3e:0d:0a:3c:2f:68:74:6d:6c:3e:0d:0a" - }, - "tcp.segments": { - "tcp.segment": "9170", - "tcp.segment": "9171", - "tcp.segment": "9172", - "tcp.segment.count": "3", - "tcp.reassembled.length": "1619", - "tcp.reassembled.data": "48:54:54:50:2f:31:2e:31:20:34:30:31:20:55:6e:61:75:74:68:6f:72:69:7a:65:64:0d:0a:43:61:63:68:65:2d:43:6f:6e:74:72:6f:6c:3a:20:70:72:69:76:61:74:65:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:74:65:78:74:2f:68:74:6d:6c:0d:0a:53:65:72:76:65:72:3a:20:4d:69:63:72:6f:73:6f:66:74:2d:49:49:53:2f:37:2e:35:0d:0a:57:57:57:2d:41:75:74:68:65:6e:74:69:63:61:74:65:3a:20:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:52:65:6e:65:77:4e:6f:6e:63:65:3d:22:54:72:75:65:22:2c:20:4e:6f:6e:63:65:3d:22:49:32:4b:38:5a:52:39:53:45:4b:4f:2f:49:4e:55:49:72:77:69:54:65:77:3d:3d:22:0d:0a:58:2d:41:73:70:4e:65:74:2d:56:65:72:73:69:6f:6e:3a:20:34:2e:30:2e:33:30:33:31:39:0d:0a:58:2d:50:6f:77:65:72:65:64:2d:42:79:3a:20:41:53:50:2e:4e:45:54:0d:0a:44:61:74:65:3a:20:57:65:64:2c:20:30:31:20:4e:6f:76:20:32:30:31:37:20:30:30:3a:32:39:3a:33:38:20:47:4d:54:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:32:39:33:0d:0a:0d:0a:3c:21:44:4f:43:54:59:50:45:20:68:74:6d:6c:20:50:55:42:4c:49:43:20:22:2d:2f:2f:57:33:43:2f:2f:44:54:44:20:58:48:54:4d:4c:20:31:2e:30:20:53:74:72:69:63:74:2f:2f:45:4e:22:20:22:68:74:74:70:3a:2f:2f:77:77:77:2e:77:33:2e:6f:72:67:2f:54:52:2f:78:68:74:6d:6c:31:2f:44:54:44:2f:78:68:74:6d:6c:31:2d:73:74:72:69:63:74:2e:64:74:64:22:3e:0d:0a:3c:68:74:6d:6c:20:78:6d:6c:6e:73:3d:22:68:74:74:70:3a:2f:2f:77:77:77:2e:77:33:2e:6f:72:67:2f:31:39:39:39:2f:78:68:74:6d:6c:22:3e:0d:0a:3c:68:65:61:64:3e:0d:0a:3c:6d:65:74:61:20:68:74:74:70:2d:65:71:75:69:76:3d:22:43:6f:6e:74:65:6e:74:2d:54:79:70:65:22:20:63:6f:6e:74:65:6e:74:3d:22:74:65:78:74:2f:68:74:6d:6c:3b:20:63:68:61:72:73:65:74:3d:69:73:6f:2d:38:38:35:39:2d:31:22:2f:3e:0d:0a:3c:74:69:74:6c:65:3e:34:30:31:20:2d:20:55:6e:61:75:74:68:6f:72:69:7a:65:64:3a:20:41:63:63:65:73:73:20:69:73:20:64:65:6e:69:65:64:20:64:75:65:20:74:6f:20:69:6e:76:61:6c:69:64:20:63:72:65:64:65:6e:74:69:61:6c:73:2e:3c:2f:74:69:74:6c:65:3e:0d:0a:3c:73:74:79:6c:65:20:74:79:70:65:3d:22:74:65:78:74:2f:63:73:73:22:3e:0d:0a:3c:21:2d:2d:0d:0a:62:6f:64:79:7b:6d:61:72:67:69:6e:3a:30:3b:66:6f:6e:74:2d:73:69:7a:65:3a:2e:37:65:6d:3b:66:6f:6e:74:2d:66:61:6d:69:6c:79:3a:56:65:72:64:61:6e:61:2c:20:41:72:69:61:6c:2c:20:48:65:6c:76:65:74:69:63:61:2c:20:73:61:6e:73:2d:73:65:72:69:66:3b:62:61:63:6b:67:72:6f:75:6e:64:3a:23:45:45:45:45:45:45:3b:7d:0d:0a:66:69:65:6c:64:73:65:74:7b:70:61:64:64:69:6e:67:3a:30:20:31:35:70:78:20:31:30:70:78:20:31:35:70:78:3b:7d:20:0d:0a:68:31:7b:66:6f:6e:74:2d:73:69:7a:65:3a:32:2e:34:65:6d:3b:6d:61:72:67:69:6e:3a:30:3b:63:6f:6c:6f:72:3a:23:46:46:46:3b:7d:0d:0a:68:32:7b:66:6f:6e:74:2d:73:69:7a:65:3a:31:2e:37:65:6d:3b:6d:61:72:67:69:6e:3a:30:3b:63:6f:6c:6f:72:3a:23:43:43:30:30:30:30:3b:7d:20:0d:0a:68:33:7b:66:6f:6e:74:2d:73:69:7a:65:3a:31:2e:32:65:6d:3b:6d:61:72:67:69:6e:3a:31:30:70:78:20:30:20:30:20:30:3b:63:6f:6c:6f:72:3a:23:30:30:30:30:30:30:3b:7d:20:0d:0a:23:68:65:61:64:65:72:7b:77:69:64:74:68:3a:39:36:25:3b:6d:61:72:67:69:6e:3a:30:20:30:20:30:20:30:3b:70:61:64:64:69:6e:67:3a:36:70:78:20:32:25:20:36:70:78:20:32:25:3b:66:6f:6e:74:2d:66:61:6d:69:6c:79:3a:22:74:72:65:62:75:63:68:65:74:20:4d:53:22:2c:20:56:65:72:64:61:6e:61:2c:20:73:61:6e:73:2d:73:65:72:69:66:3b:63:6f:6c:6f:72:3a:23:46:46:46:3b:0d:0a:62:61:63:6b:67:72:6f:75:6e:64:2d:63:6f:6c:6f:72:3a:23:35:35:35:35:35:35:3b:7d:0d:0a:23:63:6f:6e:74:65:6e:74:7b:6d:61:72:67:69:6e:3a:30:20:30:20:30:20:32:25:3b:70:6f:73:69:74:69:6f:6e:3a:72:65:6c:61:74:69:76:65:3b:7d:0d:0a:2e:63:6f:6e:74:65:6e:74:2d:63:6f:6e:74:61:69:6e:65:72:7b:62:61:63:6b:67:72:6f:75:6e:64:3a:23:46:46:46:3b:77:69:64:74:68:3a:39:36:25:3b:6d:61:72:67:69:6e:2d:74:6f:70:3a:38:70:78:3b:70:61:64:64:69:6e:67:3a:31:30:70:78:3b:70:6f:73:69:74:69:6f:6e:3a:72:65:6c:61:74:69:76:65:3b:7d:0d:0a:2d:2d:3e:0d:0a:3c:2f:73:74:79:6c:65:3e:0d:0a:3c:2f:68:65:61:64:3e:0d:0a:3c:62:6f:64:79:3e:0d:0a:3c:64:69:76:20:69:64:3d:22:68:65:61:64:65:72:22:3e:3c:68:31:3e:53:65:72:76:65:72:20:45:72:72:6f:72:3c:2f:68:31:3e:3c:2f:64:69:76:3e:0d:0a:3c:64:69:76:20:69:64:3d:22:63:6f:6e:74:65:6e:74:22:3e:0d:0a:20:3c:64:69:76:20:63:6c:61:73:73:3d:22:63:6f:6e:74:65:6e:74:2d:63:6f:6e:74:61:69:6e:65:72:22:3e:3c:66:69:65:6c:64:73:65:74:3e:0d:0a:20:20:3c:68:32:3e:34:30:31:20:2d:20:55:6e:61:75:74:68:6f:72:69:7a:65:64:3a:20:41:63:63:65:73:73:20:69:73:20:64:65:6e:69:65:64:20:64:75:65:20:74:6f:20:69:6e:76:61:6c:69:64:20:63:72:65:64:65:6e:74:69:61:6c:73:2e:3c:2f:68:32:3e:0d:0a:20:20:3c:68:33:3e:59:6f:75:20:64:6f:20:6e:6f:74:20:68:61:76:65:20:70:65:72:6d:69:73:73:69:6f:6e:20:74:6f:20:76:69:65:77:20:74:68:69:73:20:64:69:72:65:63:74:6f:72:79:20:6f:72:20:70:61:67:65:20:75:73:69:6e:67:20:74:68:65:20:63:72:65:64:65:6e:74:69:61:6c:73:20:74:68:61:74:20:79:6f:75:20:73:75:70:70:6c:69:65:64:2e:3c:2f:68:33:3e:0d:0a:20:3c:2f:66:69:65:6c:64:73:65:74:3e:3c:2f:64:69:76:3e:0d:0a:3c:2f:64:69:76:3e:0d:0a:3c:2f:62:6f:64:79:3e:0d:0a:3c:2f:68:74:6d:6c:3e:0d:0a" - }, - "http": { - "HTTP\/1.1 401 Unauthorized\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 401 Unauthorized\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "401", - "http.response.phrase": "Unauthorized" - }, - "http.cache_control": "private", - "http.response.line": "Cache-Control: private\r\n", - "http.content_type": "text\/html", - "http.response.line": "Content-Type: text\/html\r\n", - "http.server": "Microsoft-IIS\/7.5", - "http.response.line": "Server: Microsoft-IIS\/7.5\r\n", - "http.www_authenticate": "CBAuth Type=\"SSO\", RenewNonce=\"True\", Nonce=\"I2K8ZR9SEKO\/INUIrwiTew==\"", - "http.response.line": "WWW-Authenticate: CBAuth Type=\"SSO\", RenewNonce=\"True\", Nonce=\"I2K8ZR9SEKO\/INUIrwiTew==\"\r\n", - "http.response.line": "X-AspNet-Version: 4.0.30319\r\n", - "http.response.line": "X-Powered-By: ASP.NET\r\n", - "http.date": "Wed, 01 Nov 2017 00:29:38 GMT", - "http.response.line": "Date: Wed, 01 Nov 2017 00:29:38 GMT\r\n", - "http.connection": "close", - "http.response.line": "Connection: close\r\n", - "http.content_length_header": "1293", - "http.content_length_header_tree": { - "http.content_length": "1293" - }, - "http.response.line": "Content-Length: 1293\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.142744000", - "http.request_in": "9167", - "http.file_data": "<!DOCTYPE html PUBLIC \"-\/\/W3C\/\/DTD XHTML 1.0 Strict\/\/EN\" \"http:\/\/www.w3.org\/TR\/xhtml1\/DTD\/xhtml1-strict.dtd\">\r\n<html xmlns=\"http:\/\/www.w3.org\/1999\/xhtml\">\r\n<head>\r\n<meta http-equiv=\"Content-Type\" content=\"text\/html; charset=iso-8859-1\"\/>\r\n<title>401 - Unauthorized: Access is denied due to invalid credentials.<\/title>\r\n<style type=\"text\/css\">\r\n<!--\r\nbody{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}\r\nfieldset{padding:0 15px 10px 15px;} \r\nh1{font-size:2.4em;margin:0;color:#FFF;}\r\nh2{font-size:1.7em;margin:0;color:#CC0000;} \r\nh3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} \r\n#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:\"trebuchet MS\", Verdana, sans-serif;color:#FFF;\r\nbackground-color:#555555;}\r\n#content{margin:0 0 0 2%;position:relative;}\r\n.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}\r\n-->\r\n<\/style>\r\n<\/head>\r\n<body>\r\n<div id=\"header\"><h1>Server Error<\/h1><\/div>\r\n<div id=\"content\">\r\n <div class=\"content-container\"><fieldset>\r\n <h2>401 - Unauthorized: Access is denied due to invalid credentials.<\/h2>\r\n <h3>You do not have permission to view this directory or page using the credentials that you supplied.<\/h3>\r\n <\/fieldset><\/div>\r\n<\/div>\r\n<\/body>\r\n<\/html>\r\n" - }, - "data-text-lines": { - "<!DOCTYPE html PUBLIC \"-\/\/W3C\/\/DTD XHTML 1.0 Strict\/\/EN\" \"http:\/\/www.w3.org\/TR\/xhtml1\/DTD\/xhtml1-strict.dtd\">\\r\\n": "", - "<html xmlns=\"http:\/\/www.w3.org\/1999\/xhtml\">\\r\\n": "", - "<head>\\r\\n": "", - "<meta http-equiv=\"Content-Type\" content=\"text\/html; charset=iso-8859-1\"\/>\\r\\n": "", - "<title>401 - Unauthorized: Access is denied due to invalid credentials.<\/title>\\r\\n": "", - "<style type=\"text\/css\">\\r\\n": "", - "<!--\\r\\n": "", - "body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}\\r\\n": "", - "fieldset{padding:0 15px 10px 15px;} \\r\\n": "", - "h1{font-size:2.4em;margin:0;color:#FFF;}\\r\\n": "", - "h2{font-size:1.7em;margin:0;color:#CC0000;} \\r\\n": "", - "h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} \\r\\n": "", - "#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:\"trebuchet MS\", Verdana, sans-serif;color:#FFF;\\r\\n": "", - "background-color:#555555;}\\r\\n": "", - "#content{margin:0 0 0 2%;position:relative;}\\r\\n": "", - ".content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}\\r\\n": "", - "-->\\r\\n": "", - "<\/style>\\r\\n": "", - "<\/head>\\r\\n": "", - "<body>\\r\\n": "", - "<div id=\"header\"><h1>Server Error<\/h1><\/div>\\r\\n": "", - "<div id=\"content\">\\r\\n": "", - " <div class=\"content-container\"><fieldset>\\r\\n": "", - " <h2>401 - Unauthorized: Access is denied due to invalid credentials.<\/h2>\\r\\n": "", - " <h3>You do not have permission to view this directory or page using the credentials that you supplied.<\/h3>\\r\\n": "", - " <\/fieldset><\/div>\\r\\n": "", - "<\/div>\\r\\n": "", - "<\/body>\\r\\n": "", - "<\/html>\\r\\n": "" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:39.013086000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496179.013086000", - "frame.time_delta": "0.000077000", - "frame.time_delta_displayed": "0.000077000", - "frame.time_relative": "2587.552400000", - "frame.number": "9173", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00008b5a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x0000ff80", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35314", - "tcp.port": "80", - "tcp.port": "35314", - "tcp.stream": "354", - "tcp.len": "0", - "tcp.seq": "1620", - "tcp.ack": "1929", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "6068", - "tcp.window_size": "6068", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000c3ef", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:39.013509000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496179.013509000", - "frame.time_delta": "0.000423000", - "frame.time_delta_displayed": "0.000423000", - "frame.time_relative": "2587.552823000", - "frame.number": "9174", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000f0ae", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000452d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35314", - "tcp.dstport": "80", - "tcp.port": "35314", - "tcp.port": "80", - "tcp.stream": "354", - "tcp.len": "0", - "tcp.seq": "1929", - "tcp.ack": "1381", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "31740", - "tcp.window_size": "31740", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00006097", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "9170", - "tcp.analysis.ack_rtt": "0.000603000", - "tcp.analysis.initial_rtt": "0.137098000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:39.013521000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496179.013521000", - "frame.time_delta": "0.000012000", - "frame.time_delta_displayed": "0.000012000", - "frame.time_relative": "2587.552835000", - "frame.number": "9175", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000f0af", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000452c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35314", - "tcp.dstport": "80", - "tcp.port": "35314", - "tcp.port": "80", - "tcp.stream": "354", - "tcp.len": "0", - "tcp.seq": "1929", - "tcp.ack": "1461", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "31740", - "tcp.window_size": "31740", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00006047", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "9171", - "tcp.analysis.ack_rtt": "0.000589000", - "tcp.analysis.initial_rtt": "0.137098000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:39.013530000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496179.013530000", - "frame.time_delta": "0.000009000", - "frame.time_delta_displayed": "0.000009000", - "frame.time_relative": "2587.552844000", - "frame.number": "9176", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000f0b0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000452b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35314", - "tcp.dstport": "80", - "tcp.port": "35314", - "tcp.port": "80", - "tcp.stream": "354", - "tcp.len": "0", - "tcp.seq": "1929", - "tcp.ack": "1620", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "31740", - "tcp.window_size": "31740", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00005fa8", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "9172", - "tcp.analysis.ack_rtt": "0.000521000", - "tcp.analysis.initial_rtt": "0.137098000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:39.013821000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496179.013821000", - "frame.time_delta": "0.000291000", - "frame.time_delta_displayed": "0.000291000", - "frame.time_relative": "2587.553135000", - "frame.number": "9177", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000f0b1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000452a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35314", - "tcp.dstport": "80", - "tcp.port": "35314", - "tcp.port": "80", - "tcp.stream": "354", - "tcp.len": "0", - "tcp.seq": "1929", - "tcp.ack": "1621", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "31740", - "tcp.window_size": "31740", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00005fa6", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "9173", - "tcp.analysis.ack_rtt": "0.000735000", - "tcp.analysis.initial_rtt": "0.137098000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:39.014708000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496179.014708000", - "frame.time_delta": "0.000887000", - "frame.time_delta_displayed": "0.000887000", - "frame.time_relative": "2587.554022000", - "frame.number": "9178", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x0000e63c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000d27d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "51252", - "udp.dstport": "53", - "udp.port": "51252", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x0000edcb", - "udp.checksum.status": "2", - "udp.stream": "168" - }, - "dns": { - "dns.id": "0x00000f3d", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:39.015261000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496179.015261000", - "frame.time_delta": "0.000553000", - "frame.time_delta_displayed": "0.000553000", - "frame.time_relative": "2587.554575000", - "frame.number": "9179", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x0000cd72", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000eb47", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "51252", - "udp.port": "53", - "udp.port": "51252", - "udp.length": "45", - "udp.checksum": "0x00008230", - "udp.checksum.status": "2", - "udp.stream": "168" - }, - "dns": { - "dns.response_to": "9178", - "dns.time": "0.000553000", - "dns.id": "0x00000f3d", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:39.016046000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496179.016046000", - "frame.time_delta": "0.000785000", - "frame.time_delta_displayed": "0.000785000", - "frame.time_relative": "2587.555360000", - "frame.number": "9180", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x0000e63d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000d27c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "48478", - "udp.dstport": "53", - "udp.port": "48478", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x000013a1", - "udp.checksum.status": "2", - "udp.stream": "169" - }, - "dns": { - "dns.id": "0x00000f3e", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:39.016568000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496179.016568000", - "frame.time_delta": "0.000522000", - "frame.time_delta_displayed": "0.000522000", - "frame.time_relative": "2587.555882000", - "frame.number": "9181", - "frame.len": "95", - "frame.cap_len": "95", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "81", - "ip.id": "0x0000cd73", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000eb36", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "48478", - "udp.port": "53", - "udp.port": "48478", - "udp.length": "61", - "udp.checksum": "0x00008240", - "udp.checksum.status": "2", - "udp.stream": "169" - }, - "dns": { - "dns.response_to": "9180", - "dns.time": "0.000522000", - "dns.id": "0x00000f3e", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "1", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { - "dns.resp.name": "dcp.cpp.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1198", - "dns.resp.len": "4", - "dns.a": "5.79.62.93" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:39.017293000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496179.017293000", - "frame.time_delta": "0.000725000", - "frame.time_delta_displayed": "0.000725000", - "frame.time_relative": "2587.556607000", - "frame.number": "9182", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00000598", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003038", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35315", - "tcp.dstport": "80", - "tcp.port": "35315", - "tcp.port": "80", - "tcp.stream": "355", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x00007804", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4:01:01:04:02:01:03:03:03", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Window scale: 3 (multiply by 8)": { - "tcp.option_kind": "3", - "tcp.option_len": "3", - "tcp.options.wscale.shift": "3", - "tcp.options.wscale.multiplier": "8" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:39.065174000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496179.065174000", - "frame.time_delta": "0.047881000", - "frame.time_delta_displayed": "0.047881000", - "frame.time_relative": "2587.604488000", - "frame.number": "9183", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000da11", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000dd30", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "57452", - "udp.port": "1900", - "udp.port": "57452", - "udp.length": "314", - "udp.checksum": "0x0000f299", - "udp.checksum.status": "2", - "udp.stream": "164" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "8", - "http.prev_response_in": "9169" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:39.117899000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496179.117899000", - "frame.time_delta": "0.052725000", - "frame.time_delta_displayed": "0.052725000", - "frame.time_relative": "2587.657213000", - "frame.number": "9184", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000da13", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000dd34", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "57452", - "udp.port": "1900", - "udp.port": "57452", - "udp.length": "308", - "udp.checksum": "0x00001624", - "udp.checksum.status": "2", - "udp.stream": "164" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "9", - "http.prev_response_in": "9183" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:39.154225000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496179.154225000", - "frame.time_delta": "0.036326000", - "frame.time_delta_displayed": "0.036326000", - "frame.time_relative": "2587.693539000", - "frame.number": "9185", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000c9c8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x0000c112", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35314", - "tcp.port": "80", - "tcp.port": "35314", - "tcp.stream": "354", - "tcp.len": "0", - "tcp.seq": "1621", - "tcp.ack": "1930", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "6068", - "tcp.window_size": "6068", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000c3ee", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "9177", - "tcp.analysis.ack_rtt": "0.140404000", - "tcp.analysis.initial_rtt": "0.137098000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:39.156592000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496179.156592000", - "frame.time_delta": "0.002367000", - "frame.time_delta_displayed": "0.002367000", - "frame.time_relative": "2587.695906000", - "frame.number": "9186", - "frame.len": "62", - "frame.cap_len": "62", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "48", - "ip.id": "0x0000fff1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x00008ae1", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35315", - "tcp.port": "80", - "tcp.port": "35315", - "tcp.stream": "355", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "28", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "4140", - "tcp.window_size": "4140", - "tcp.checksum": "0x0000816b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:64:04:02:00:00", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1380" - }, - "tcp.options.sack_perm": "1", - "tcp.options.sack_perm_tree": { - "tcp.option_kind": "4", - "tcp.option_len": "2" - }, - "End of Option List (EOL)": { - "tcp.options.type": "0", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "0" - } - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "9182", - "tcp.analysis.ack_rtt": "0.139299000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:39.157107000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496179.157107000", - "frame.time_delta": "0.000515000", - "frame.time_delta_displayed": "0.000515000", - "frame.time_relative": "2587.696421000", - "frame.number": "9187", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00000599", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003043", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35315", - "tcp.dstport": "80", - "tcp.port": "35315", - "tcp.port": "80", - "tcp.stream": "355", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00004afa", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "9186", - "tcp.analysis.ack_rtt": "0.000515000", - "tcp.analysis.initial_rtt": "0.139814000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:39.157120000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496179.157120000", - "frame.time_delta": "0.000013000", - "frame.time_delta_displayed": "0.000013000", - "frame.time_relative": "2587.696434000", - "frame.number": "9188", - "frame.len": "654", - "frame.cap_len": "654", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "640", - "ip.id": "0x0000059a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00002dea", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35315", - "tcp.dstport": "80", - "tcp.port": "35315", - "tcp.port": "80", - "tcp.stream": "355", - "tcp.len": "600", - "tcp.seq": "1", - "tcp.nxtseq": "601", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x000079cd", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.139814000", - "tcp.analysis.bytes_in_flight": "600", - "tcp.analysis.push_bytes_sent": "600" - }, - "tcp.segment_data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:32:30:31:22:2c:20:4e:6f:6e:63:65:3d:22:49:32:4b:38:5a:52:39:53:45:4b:4f:2f:49:4e:55:49:72:77:69:54:65:77:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:42:70:6a:67:4f:2b:6b:4a:31:74:70:75:2f:46:62:61:2f:64:4a:6f:51:41:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:33:32:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:39.293298000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496179.293298000", - "frame.time_delta": "0.136178000", - "frame.time_delta_displayed": "0.136178000", - "frame.time_relative": "2587.832612000", - "frame.number": "9189", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00003d52", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x00004d89", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35315", - "tcp.port": "80", - "tcp.port": "35315", - "tcp.stream": "355", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "601", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4740", - "tcp.window_size": "4740", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000a82e", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "9188", - "tcp.analysis.ack_rtt": "0.136178000", - "tcp.analysis.initial_rtt": "0.139814000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:39.293933000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496179.293933000", - "frame.time_delta": "0.000635000", - "frame.time_delta_displayed": "0.000635000", - "frame.time_relative": "2587.833247000", - "frame.number": "9190", - "frame.len": "1382", - "frame.cap_len": "1382", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:media" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "1368", - "ip.id": "0x0000059b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00002b11", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35315", - "tcp.dstport": "80", - "tcp.port": "35315", - "tcp.port": "80", - "tcp.stream": "355", - "tcp.len": "1328", - "tcp.seq": "601", - "tcp.nxtseq": "1929", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000e59b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.139814000", - "tcp.analysis.bytes_in_flight": "1328", - "tcp.analysis.push_bytes_sent": "1328" - }, - "tcp.segment_data": "ef:2b:ea:fe:50:df:84:91:dc:10:8f:74:c5:c9:6e:b9:57:04:72:33:87:d0:8f:2a:35:53:b3:f2:25:33:e0:de:c7:cc:b1:69:72:ed:17:69:74:34:a2:ac:f3:25:f6:6d:74:b2:14:75:eb:c2:eb:ec:31:c9:b4:07:d5:cd:3c:76:e1:20:73:64:19:ed:27:50:fd:5d:c9:09:cf:0e:e7:e4:5a:b0:03:d1:39:03:18:2b:1c:b5:cf:4c:02:b1:ba:83:6e:b8:f1:66:65:54:18:f5:d2:6e:80:4f:e8:5b:0d:a9:37:91:bc:62:14:35:2b:af:5d:df:da:89:89:1c:ee:16:ba:6b:88:ad:b7:6b:e6:74:22:ab:f2:c2:a6:af:5b:a4:d4:3a:65:e2:12:b8:a0:ce:fe:73:46:27:a7:00:ea:72:dc:1a:d3:2f:24:70:96:37:4c:f1:53:ce:1b:f0:45:13:3d:ba:f2:ff:56:9a:da:7b:67:06:d3:e5:de:ea:6c:f6:0e:93:87:c1:97:34:15:74:62:9e:69:04:a6:be:25:80:4b:78:af:e8:47:82:ad:62:e2:45:25:1e:79:0f:cc:52:72:ed:fc:47:ec:f3:65:d7:f8:b0:52:56:de:7c:2e:23:d6:43:5f:f5:94:42:e4:c3:ce:76:b8:81:68:70:8a:36:4c:3e:f4:59:bf:ad:69:26:fd:43:0d:3c:7d:0d:42:8b:89:c3:03:4d:c7:bb:1e:e4:58:53:87:d1:0c:39:4c:5d:2f:6a:70:b6:db:a2:d1:1d:88:51:97:7a:2d:ee:e9:21:7f:bd:0a:b2:e1:0d:0e:a8:a4:67:1a:6b:7c:33:17:9e:03:b3:d6:12:4a:bf:0f:91:db:9b:fb:d0:4b:c4:b6:29:39:4c:bf:e9:46:8f:3f:52:d1:bd:9c:32:86:05:8a:fb:06:cc:f2:49:10:3f:2a:00:fd:12:2e:34:b8:4c:93:45:09:08:91:60:df:9f:a3:60:af:d8:86:e6:da:a7:02:fb:00:f5:ec:cc:9b:aa:e9:23:ad:2f:0f:f1:57:9f:8a:5f:23:dd:01:a9:d3:66:4a:51:f5:30:a5:6d:a5:a8:1f:40:97:21:48:fd:94:4f:46:13:ac:56:00:c1:2b:b4:90:f0:45:ab:95:74:7d:6b:0e:99:91:d2:e2:54:5c:32:63:19:99:e0:58:a0:d5:67:e5:25:b1:84:35:cb:99:1d:b6:72:6b:1f:1b:d4:49:24:61:62:94:64:88:59:95:34:a4:60:45:64:4f:5e:1d:ab:31:59:5a:30:e7:90:a6:05:e1:2a:1d:aa:0b:dd:a2:8d:90:b0:62:89:04:f2:60:f4:b6:43:f4:41:6b:e8:64:d9:f0:0d:28:38:f5:db:33:07:ed:c0:41:aa:d6:36:41:1f:ee:cf:73:f4:57:d2:23:20:02:3a:8a:6d:67:dc:2e:f8:01:05:51:1e:a6:94:b5:46:ce:b2:58:8b:fb:54:98:f3:25:46:1a:20:7e:09:89:72:37:e8:f8:60:a5:2f:69:ac:be:96:41:c4:c1:e2:6b:4f:a6:3b:18:e5:4d:a0:6c:bb:35:b6:54:25:d0:e6:93:87:7f:02:9e:b4:28:c4:06:73:1d:3b:c7:7a:5f:60:76:1f:2d:09:ef:51:e0:a3:50:47:cc:b1:02:ed:36:90:d4:f4:c0:eb:ed:32:01:82:0e:4b:09:16:d1:98:7e:42:7b:4a:2f:a9:72:0d:87:be:a3:52:a6:69:41:3b:1e:9f:df:08:18:70:1c:9e:b2:99:33:0b:e1:3a:7e:90:46:16:7e:94:98:06:6c:21:98:c4:11:f9:6b:51:70:8a:7a:8c:4b:16:55:ef:3c:64:fe:29:f5:0a:90:e7:a2:16:9a:ea:0d:3e:f9:33:ac:23:43:ce:27:cd:c1:77:e3:3d:56:de:1e:5d:08:42:28:b2:13:f6:0b:f1:04:ad:b9:44:34:ad:d3:d1:8e:3e:8e:a4:e5:73:81:97:c8:b8:cc:c8:a8:1a:82:37:a0:4c:7b:79:88:14:86:33:0e:7c:00:2d:29:23:31:f8:e6:75:af:3c:3e:72:7f:ae:7c:98:e4:d2:85:fb:97:66:5d:43:c1:1c:ec:6d:09:de:fc:88:94:9a:a7:2f:8b:7b:fa:45:86:b9:30:83:5f:18:24:bf:4f:b2:a9:58:a0:e7:ee:7e:65:70:41:ae:e1:ae:f8:c3:ba:f2:d0:ca:83:c5:e0:74:26:9e:23:39:e2:2b:85:8c:62:09:c9:a2:f6:e5:b6:5c:73:31:04:65:06:18:dc:12:b6:5d:f9:e2:6f:1e:fb:f6:42:ca:8d:69:31:d4:8b:54:2a:ab:65:91:ce:73:53:7c:55:05:4b:8d:92:14:dd:8a:12:a6:cd:19:96:83:68:3d:ef:0b:48:61:e0:d4:c9:95:c3:fd:1f:1d:71:01:65:eb:0f:74:8b:20:82:e8:0e:e4:63:9d:3e:86:b7:24:14:d8:f3:44:4c:ee:d7:ed:ae:c2:89:55:8c:fc:8e:79:33:bb:26:96:ef:ee:bc:16:ea:be:08:76:c6:a4:49:06:0f:5d:b5:d9:6c:62:9c:5b:80:37:a1:18:c7:5c:c7:7d:0b:d4:35:38:57:06:7e:9d:56:e5:4f:9a:c2:5b:b4:69:15:a9:29:5c:f0:cb:e7:fc:f4:51:bb:2a:50:e0:8e:40:e3:dc:51:58:68:e3:83:03:d8:a1:a0:7d:71:b0:57:fc:90:5b:92:58:0e:0d:66:15:18:0a:64:39:8f:7e:30:13:7a:1c:75:d3:7c:da:73:5b:7c:20:e8:b9:6c:fd:f1:db:e2:a2:da:db:23:32:bd:1e:b6:87:68:71:c3:5c:4f:a0:0d:8a:fd:ff:5d:00:ad:67:33:d6:23:dc:ce:d6:bd:70:bb:58:c6:45:7a:1b:71:b3:a6:0a:59:cb:07:81:48:2c:96:a0:df:98:6d:2f:88:d2:3e:92:23:5b:1e:4d:c0:56:90:07:6f:2f:f2:f7:08:fd:2f:dc:62:21:c8:66:45:4f:47:6a:9b:d6:dd:7e:d2:58:ab:0f:30:bd:e9:7a:f5:71:88:54:08:30:fd:23:eb:2f:5a:0b:a3:94:ed:c7:b6:a4:45:d6:be:64:15:9e:e8:2c:f5:42:bf:ae:fc:6d:6e:39:af:1f:c8:af:6d:65:a4:c6:40:45:4c:9f:64:a1:e5:6d:f9:20:9c:a1:95:f1:cd:ff:89:4b:e8:4d:d7:f0:6f:b1:57:aa:40:9f:75:02:8f:b2:f4:98:89:56:78:40:d0:31:10:c2:12:62:99:76:09:96:7a:08:ec:6d:d6:e1:f8:f1:a2:b4:15:02:81:d5:6e:10:51:38:af:25:e9:92:87:43:5e:e2:3e:11:98:62:97:e3:d9:e2:4a:69:1d:67:c7:79:9a:de:21:da:39:03:e0:54:b5:64:ce:12:8e:81:21:c8:30:7b:6e:0a:d9:69:91:fe:84:b1:6b:0f:47:f1:b5:19:8d:46" - }, - "tcp.segments": { - "tcp.segment": "9188", - "tcp.segment": "9190", - "tcp.segment.count": "2", - "tcp.reassembled.length": "1928", - "tcp.reassembled.data": "50:4f:53:54:20:2f:44:63:70:52:65:71:75:65:73:74:48:61:6e:64:6c:65:72:2f:69:6e:64:65:78:2e:61:73:68:78:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:64:63:70:2e:63:70:70:2e:70:68:69:6c:69:70:73:2e:63:6f:6d:3a:38:30:0d:0a:41:75:74:68:6f:72:69:7a:61:74:69:6f:6e:3a:20:43:42:41:75:74:68:20:54:79:70:65:3d:22:53:53:4f:22:2c:20:43:6c:69:65:6e:74:3d:22:30:30:31:37:38:38:66:66:66:65:36:39:65:65:65:34:22:2c:20:52:65:71:75:65:73:74:4e:72:3d:22:32:30:31:22:2c:20:4e:6f:6e:63:65:3d:22:49:32:4b:38:5a:52:39:53:45:4b:4f:2f:49:4e:55:49:72:77:69:54:65:77:3d:3d:22:2c:20:53:53:4f:54:6f:6b:65:6e:3d:22:6b:63:4b:30:54:67:7a:43:34:68:37:55:6c:58:61:72:5a:7a:4c:42:57:31:79:4b:68:75:58:30:49:52:2f:72:53:68:36:61:43:47:33:64:2b:64:4a:6d:50:6e:78:72:41:31:6f:7a:74:44:33:5a:6a:47:46:6f:68:43:78:72:76:74:54:34:54:34:75:69:66:4c:62:6d:57:54:33:44:33:67:65:69:6b:41:49:33:61:33:69:52:6e:57:45:44:66:34:47:2f:57:52:6f:39:67:6c:36:76:6c:34:44:42:6a:4e:42:78:68:44:37:66:43:73:77:53:51:6b:51:47:37:39:75:7a:63:4c:50:35:4b:57:62:73:6d:32:52:4e:49:62:32:2b:48:5a:66:74:4b:45:6f:63:56:62:66:4f:49:4b:2b:52:66:52:61:51:4a:4d:4a:62:59:2f:4d:75:52:2b:4f:6e:41:55:66:6c:38:6e:71:2f:42:37:6c:6b:66:48:4c:63:55:51:6d:58:71:63:50:62:44:76:6f:51:32:55:35:68:4a:31:68:77:30:37:2b:69:32:57:63:30:56:38:6c:4a:38:4a:59:52:39:47:46:59:6f:34:6a:72:30:51:62:71:51:78:52:4d:42:42:34:6f:4e:62:51:6d:22:2c:20:41:75:74:68:65:6e:74:69:63:61:74:69:6f:6e:3d:22:42:70:6a:67:4f:2b:6b:4a:31:74:70:75:2f:46:62:61:2f:64:4a:6f:51:41:3d:3d:22:0d:0a:43:6f:6e:74:65:6e:74:2d:4c:65:6e:67:74:68:3a:20:31:33:32:38:20:20:20:20:20:20:0d:0a:43:6f:6e:74:65:6e:74:2d:54:79:70:65:3a:20:61:70:70:6c:69:63:61:74:69:6f:6e:2f:43:42:2d:45:6e:63:72:79:70:74:65:64:3b:20:63:69:70:68:65:72:3d:41:45:53:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:63:6c:6f:73:65:0d:0a:0d:0a:ef:2b:ea:fe:50:df:84:91:dc:10:8f:74:c5:c9:6e:b9:57:04:72:33:87:d0:8f:2a:35:53:b3:f2:25:33:e0:de:c7:cc:b1:69:72:ed:17:69:74:34:a2:ac:f3:25:f6:6d:74:b2:14:75:eb:c2:eb:ec:31:c9:b4:07:d5:cd:3c:76:e1:20:73:64:19:ed:27:50:fd:5d:c9:09:cf:0e:e7:e4:5a:b0:03:d1:39:03:18:2b:1c:b5:cf:4c:02:b1:ba:83:6e:b8:f1:66:65:54:18:f5:d2:6e:80:4f:e8:5b:0d:a9:37:91:bc:62:14:35:2b:af:5d:df:da:89:89:1c:ee:16:ba:6b:88:ad:b7:6b:e6:74:22:ab:f2:c2:a6:af:5b:a4:d4:3a:65:e2:12:b8:a0:ce:fe:73:46:27:a7:00:ea:72:dc:1a:d3:2f:24:70:96:37:4c:f1:53:ce:1b:f0:45:13:3d:ba:f2:ff:56:9a:da:7b:67:06:d3:e5:de:ea:6c:f6:0e:93:87:c1:97:34:15:74:62:9e:69:04:a6:be:25:80:4b:78:af:e8:47:82:ad:62:e2:45:25:1e:79:0f:cc:52:72:ed:fc:47:ec:f3:65:d7:f8:b0:52:56:de:7c:2e:23:d6:43:5f:f5:94:42:e4:c3:ce:76:b8:81:68:70:8a:36:4c:3e:f4:59:bf:ad:69:26:fd:43:0d:3c:7d:0d:42:8b:89:c3:03:4d:c7:bb:1e:e4:58:53:87:d1:0c:39:4c:5d:2f:6a:70:b6:db:a2:d1:1d:88:51:97:7a:2d:ee:e9:21:7f:bd:0a:b2:e1:0d:0e:a8:a4:67:1a:6b:7c:33:17:9e:03:b3:d6:12:4a:bf:0f:91:db:9b:fb:d0:4b:c4:b6:29:39:4c:bf:e9:46:8f:3f:52:d1:bd:9c:32:86:05:8a:fb:06:cc:f2:49:10:3f:2a:00:fd:12:2e:34:b8:4c:93:45:09:08:91:60:df:9f:a3:60:af:d8:86:e6:da:a7:02:fb:00:f5:ec:cc:9b:aa:e9:23:ad:2f:0f:f1:57:9f:8a:5f:23:dd:01:a9:d3:66:4a:51:f5:30:a5:6d:a5:a8:1f:40:97:21:48:fd:94:4f:46:13:ac:56:00:c1:2b:b4:90:f0:45:ab:95:74:7d:6b:0e:99:91:d2:e2:54:5c:32:63:19:99:e0:58:a0:d5:67:e5:25:b1:84:35:cb:99:1d:b6:72:6b:1f:1b:d4:49:24:61:62:94:64:88:59:95:34:a4:60:45:64:4f:5e:1d:ab:31:59:5a:30:e7:90:a6:05:e1:2a:1d:aa:0b:dd:a2:8d:90:b0:62:89:04:f2:60:f4:b6:43:f4:41:6b:e8:64:d9:f0:0d:28:38:f5:db:33:07:ed:c0:41:aa:d6:36:41:1f:ee:cf:73:f4:57:d2:23:20:02:3a:8a:6d:67:dc:2e:f8:01:05:51:1e:a6:94:b5:46:ce:b2:58:8b:fb:54:98:f3:25:46:1a:20:7e:09:89:72:37:e8:f8:60:a5:2f:69:ac:be:96:41:c4:c1:e2:6b:4f:a6:3b:18:e5:4d:a0:6c:bb:35:b6:54:25:d0:e6:93:87:7f:02:9e:b4:28:c4:06:73:1d:3b:c7:7a:5f:60:76:1f:2d:09:ef:51:e0:a3:50:47:cc:b1:02:ed:36:90:d4:f4:c0:eb:ed:32:01:82:0e:4b:09:16:d1:98:7e:42:7b:4a:2f:a9:72:0d:87:be:a3:52:a6:69:41:3b:1e:9f:df:08:18:70:1c:9e:b2:99:33:0b:e1:3a:7e:90:46:16:7e:94:98:06:6c:21:98:c4:11:f9:6b:51:70:8a:7a:8c:4b:16:55:ef:3c:64:fe:29:f5:0a:90:e7:a2:16:9a:ea:0d:3e:f9:33:ac:23:43:ce:27:cd:c1:77:e3:3d:56:de:1e:5d:08:42:28:b2:13:f6:0b:f1:04:ad:b9:44:34:ad:d3:d1:8e:3e:8e:a4:e5:73:81:97:c8:b8:cc:c8:a8:1a:82:37:a0:4c:7b:79:88:14:86:33:0e:7c:00:2d:29:23:31:f8:e6:75:af:3c:3e:72:7f:ae:7c:98:e4:d2:85:fb:97:66:5d:43:c1:1c:ec:6d:09:de:fc:88:94:9a:a7:2f:8b:7b:fa:45:86:b9:30:83:5f:18:24:bf:4f:b2:a9:58:a0:e7:ee:7e:65:70:41:ae:e1:ae:f8:c3:ba:f2:d0:ca:83:c5:e0:74:26:9e:23:39:e2:2b:85:8c:62:09:c9:a2:f6:e5:b6:5c:73:31:04:65:06:18:dc:12:b6:5d:f9:e2:6f:1e:fb:f6:42:ca:8d:69:31:d4:8b:54:2a:ab:65:91:ce:73:53:7c:55:05:4b:8d:92:14:dd:8a:12:a6:cd:19:96:83:68:3d:ef:0b:48:61:e0:d4:c9:95:c3:fd:1f:1d:71:01:65:eb:0f:74:8b:20:82:e8:0e:e4:63:9d:3e:86:b7:24:14:d8:f3:44:4c:ee:d7:ed:ae:c2:89:55:8c:fc:8e:79:33:bb:26:96:ef:ee:bc:16:ea:be:08:76:c6:a4:49:06:0f:5d:b5:d9:6c:62:9c:5b:80:37:a1:18:c7:5c:c7:7d:0b:d4:35:38:57:06:7e:9d:56:e5:4f:9a:c2:5b:b4:69:15:a9:29:5c:f0:cb:e7:fc:f4:51:bb:2a:50:e0:8e:40:e3:dc:51:58:68:e3:83:03:d8:a1:a0:7d:71:b0:57:fc:90:5b:92:58:0e:0d:66:15:18:0a:64:39:8f:7e:30:13:7a:1c:75:d3:7c:da:73:5b:7c:20:e8:b9:6c:fd:f1:db:e2:a2:da:db:23:32:bd:1e:b6:87:68:71:c3:5c:4f:a0:0d:8a:fd:ff:5d:00:ad:67:33:d6:23:dc:ce:d6:bd:70:bb:58:c6:45:7a:1b:71:b3:a6:0a:59:cb:07:81:48:2c:96:a0:df:98:6d:2f:88:d2:3e:92:23:5b:1e:4d:c0:56:90:07:6f:2f:f2:f7:08:fd:2f:dc:62:21:c8:66:45:4f:47:6a:9b:d6:dd:7e:d2:58:ab:0f:30:bd:e9:7a:f5:71:88:54:08:30:fd:23:eb:2f:5a:0b:a3:94:ed:c7:b6:a4:45:d6:be:64:15:9e:e8:2c:f5:42:bf:ae:fc:6d:6e:39:af:1f:c8:af:6d:65:a4:c6:40:45:4c:9f:64:a1:e5:6d:f9:20:9c:a1:95:f1:cd:ff:89:4b:e8:4d:d7:f0:6f:b1:57:aa:40:9f:75:02:8f:b2:f4:98:89:56:78:40:d0:31:10:c2:12:62:99:76:09:96:7a:08:ec:6d:d6:e1:f8:f1:a2:b4:15:02:81:d5:6e:10:51:38:af:25:e9:92:87:43:5e:e2:3e:11:98:62:97:e3:d9:e2:4a:69:1d:67:c7:79:9a:de:21:da:39:03:e0:54:b5:64:ce:12:8e:81:21:c8:30:7b:6e:0a:d9:69:91:fe:84:b1:6b:0f:47:f1:b5:19:8d:46" - }, - "http": { - "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "POST \/DcpRequestHandler\/index.ashx HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "POST", - "http.request.uri": "\/DcpRequestHandler\/index.ashx", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "dcp.cpp.philips.com:80", - "http.request.line": "Host: dcp.cpp.philips.com:80\r\n", - "http.authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"201\", Nonce=\"I2K8ZR9SEKO\/INUIrwiTew==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"BpjgO+kJ1tpu\/Fba\/dJoQA==\"", - "http.request.line": "Authorization: CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"201\", Nonce=\"I2K8ZR9SEKO\/INUIrwiTew==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR\/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikAI3a3iRnWEDf4G\/WRo9gl6vl4DBjNBxhD7fCswSQkQG79uzcLP5KWbsm2RNIb2+HZftKEocVbfOIK+RfRaQJMJbY\/MuR+OnAUfl8nq\/B7lkfHLcUQmXqcPbDvoQ2U5hJ1hw07+i2Wc0V8lJ8JYR9GFYo4jr0QbqQxRMBB4oNbQm\", Authentication=\"BpjgO+kJ1tpu\/Fba\/dJoQA==\"\r\n", - "http.content_length_header": "1328 ", - "http.content_length_header_tree": { - "http.content_length": "1328" - }, - "http.request.line": "Content-Length: 1328 \r\n", - "http.content_type": "application\/CB-Encrypted; cipher=AES", - "http.request.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", - "http.connection": "close", - "http.request.line": "Connection: close\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/dcp.cpp.philips.com:80\/DcpRequestHandler\/index.ashx", - "http.request": "1", - "http.request_number": "1", - "http.file_data": "\u00ef\u00bf\u00bd+\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdP\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0010\u00ef\u00bf\u00bdt\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdn\u00ef\u00bf\u00bdW\u0004r3\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd*5S\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd%3\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdir\u00ef\u00bf\u00bd\u0017it4\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd%\u00ef\u00bf\u00bdmt\u00ef\u00bf\u00bd\u0014u\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd1\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0007\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd<v\u00ef\u00bf\u00bd sd\u0019\u00ef\u00bf\u00bd'P\u00ef\u00bf\u00bd]\u00ef\u00bf\u00bd\t\u00ef\u00bf\u00bd\u000e\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdZ\u00ef\u00bf\u00bd\u0003\u00ef\u00bf\u00bd9\u0003\u0018+\u001c\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdL\u0002\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdn\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdfeT\u0018\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdn\u00ef\u00bf\u00bdO\u00ef\u00bf\u00bd[\r\u00ef\u00bf\u00bd7\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdb\u00145+\u00ef\u00bf\u00bd]\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001c\u00ef\u00bf\u00bd\u0016\u00ef\u00bf\u00bdk\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdk\u00ef\u00bf\u00bdt\"\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd[\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd:e\u00ef\u00bf\u00bd\u0012\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdsF'\u00ef\u00bf\u00bd" - }, - "media": { - "media.type": "ef:2b:ea:fe:50:df:84:91:dc:10:8f:74:c5:c9:6e:b9:57:04:72:33:87:d0:8f:2a:35:53:b3:f2:25:33:e0:de:c7:cc:b1:69:72:ed:17:69:74:34:a2:ac:f3:25:f6:6d:74:b2:14:75:eb:c2:eb:ec:31:c9:b4:07:d5:cd:3c:76:e1:20:73:64:19:ed:27:50:fd:5d:c9:09:cf:0e:e7:e4:5a:b0:03:d1:39:03:18:2b:1c:b5:cf:4c:02:b1:ba:83:6e:b8:f1:66:65:54:18:f5:d2:6e:80:4f:e8:5b:0d:a9:37:91:bc:62:14:35:2b:af:5d:df:da:89:89:1c:ee:16:ba:6b:88:ad:b7:6b:e6:74:22:ab:f2:c2:a6:af:5b:a4:d4:3a:65:e2:12:b8:a0:ce:fe:73:46:27:a7:00:ea:72:dc:1a:d3:2f:24:70:96:37:4c:f1:53:ce:1b:f0:45:13:3d:ba:f2:ff:56:9a:da:7b:67:06:d3:e5:de:ea:6c:f6:0e:93:87:c1:97:34:15:74:62:9e:69:04:a6:be:25:80:4b:78:af:e8:47:82:ad:62:e2:45:25:1e:79:0f:cc:52:72:ed:fc:47:ec:f3:65:d7:f8:b0:52:56:de:7c:2e:23:d6:43:5f:f5:94:42:e4:c3:ce:76:b8:81:68:70:8a:36:4c:3e:f4:59:bf:ad:69:26:fd:43:0d:3c:7d:0d:42:8b:89:c3:03:4d:c7:bb:1e:e4:58:53:87:d1:0c:39:4c:5d:2f:6a:70:b6:db:a2:d1:1d:88:51:97:7a:2d:ee:e9:21:7f:bd:0a:b2:e1:0d:0e:a8:a4:67:1a:6b:7c:33:17:9e:03:b3:d6:12:4a:bf:0f:91:db:9b:fb:d0:4b:c4:b6:29:39:4c:bf:e9:46:8f:3f:52:d1:bd:9c:32:86:05:8a:fb:06:cc:f2:49:10:3f:2a:00:fd:12:2e:34:b8:4c:93:45:09:08:91:60:df:9f:a3:60:af:d8:86:e6:da:a7:02:fb:00:f5:ec:cc:9b:aa:e9:23:ad:2f:0f:f1:57:9f:8a:5f:23:dd:01:a9:d3:66:4a:51:f5:30:a5:6d:a5:a8:1f:40:97:21:48:fd:94:4f:46:13:ac:56:00:c1:2b:b4:90:f0:45:ab:95:74:7d:6b:0e:99:91:d2:e2:54:5c:32:63:19:99:e0:58:a0:d5:67:e5:25:b1:84:35:cb:99:1d:b6:72:6b:1f:1b:d4:49:24:61:62:94:64:88:59:95:34:a4:60:45:64:4f:5e:1d:ab:31:59:5a:30:e7:90:a6:05:e1:2a:1d:aa:0b:dd:a2:8d:90:b0:62:89:04:f2:60:f4:b6:43:f4:41:6b:e8:64:d9:f0:0d:28:38:f5:db:33:07:ed:c0:41:aa:d6:36:41:1f:ee:cf:73:f4:57:d2:23:20:02:3a:8a:6d:67:dc:2e:f8:01:05:51:1e:a6:94:b5:46:ce:b2:58:8b:fb:54:98:f3:25:46:1a:20:7e:09:89:72:37:e8:f8:60:a5:2f:69:ac:be:96:41:c4:c1:e2:6b:4f:a6:3b:18:e5:4d:a0:6c:bb:35:b6:54:25:d0:e6:93:87:7f:02:9e:b4:28:c4:06:73:1d:3b:c7:7a:5f:60:76:1f:2d:09:ef:51:e0:a3:50:47:cc:b1:02:ed:36:90:d4:f4:c0:eb:ed:32:01:82:0e:4b:09:16:d1:98:7e:42:7b:4a:2f:a9:72:0d:87:be:a3:52:a6:69:41:3b:1e:9f:df:08:18:70:1c:9e:b2:99:33:0b:e1:3a:7e:90:46:16:7e:94:98:06:6c:21:98:c4:11:f9:6b:51:70:8a:7a:8c:4b:16:55:ef:3c:64:fe:29:f5:0a:90:e7:a2:16:9a:ea:0d:3e:f9:33:ac:23:43:ce:27:cd:c1:77:e3:3d:56:de:1e:5d:08:42:28:b2:13:f6:0b:f1:04:ad:b9:44:34:ad:d3:d1:8e:3e:8e:a4:e5:73:81:97:c8:b8:cc:c8:a8:1a:82:37:a0:4c:7b:79:88:14:86:33:0e:7c:00:2d:29:23:31:f8:e6:75:af:3c:3e:72:7f:ae:7c:98:e4:d2:85:fb:97:66:5d:43:c1:1c:ec:6d:09:de:fc:88:94:9a:a7:2f:8b:7b:fa:45:86:b9:30:83:5f:18:24:bf:4f:b2:a9:58:a0:e7:ee:7e:65:70:41:ae:e1:ae:f8:c3:ba:f2:d0:ca:83:c5:e0:74:26:9e:23:39:e2:2b:85:8c:62:09:c9:a2:f6:e5:b6:5c:73:31:04:65:06:18:dc:12:b6:5d:f9:e2:6f:1e:fb:f6:42:ca:8d:69:31:d4:8b:54:2a:ab:65:91:ce:73:53:7c:55:05:4b:8d:92:14:dd:8a:12:a6:cd:19:96:83:68:3d:ef:0b:48:61:e0:d4:c9:95:c3:fd:1f:1d:71:01:65:eb:0f:74:8b:20:82:e8:0e:e4:63:9d:3e:86:b7:24:14:d8:f3:44:4c:ee:d7:ed:ae:c2:89:55:8c:fc:8e:79:33:bb:26:96:ef:ee:bc:16:ea:be:08:76:c6:a4:49:06:0f:5d:b5:d9:6c:62:9c:5b:80:37:a1:18:c7:5c:c7:7d:0b:d4:35:38:57:06:7e:9d:56:e5:4f:9a:c2:5b:b4:69:15:a9:29:5c:f0:cb:e7:fc:f4:51:bb:2a:50:e0:8e:40:e3:dc:51:58:68:e3:83:03:d8:a1:a0:7d:71:b0:57:fc:90:5b:92:58:0e:0d:66:15:18:0a:64:39:8f:7e:30:13:7a:1c:75:d3:7c:da:73:5b:7c:20:e8:b9:6c:fd:f1:db:e2:a2:da:db:23:32:bd:1e:b6:87:68:71:c3:5c:4f:a0:0d:8a:fd:ff:5d:00:ad:67:33:d6:23:dc:ce:d6:bd:70:bb:58:c6:45:7a:1b:71:b3:a6:0a:59:cb:07:81:48:2c:96:a0:df:98:6d:2f:88:d2:3e:92:23:5b:1e:4d:c0:56:90:07:6f:2f:f2:f7:08:fd:2f:dc:62:21:c8:66:45:4f:47:6a:9b:d6:dd:7e:d2:58:ab:0f:30:bd:e9:7a:f5:71:88:54:08:30:fd:23:eb:2f:5a:0b:a3:94:ed:c7:b6:a4:45:d6:be:64:15:9e:e8:2c:f5:42:bf:ae:fc:6d:6e:39:af:1f:c8:af:6d:65:a4:c6:40:45:4c:9f:64:a1:e5:6d:f9:20:9c:a1:95:f1:cd:ff:89:4b:e8:4d:d7:f0:6f:b1:57:aa:40:9f:75:02:8f:b2:f4:98:89:56:78:40:d0:31:10:c2:12:62:99:76:09:96:7a:08:ec:6d:d6:e1:f8:f1:a2:b4:15:02:81:d5:6e:10:51:38:af:25:e9:92:87:43:5e:e2:3e:11:98:62:97:e3:d9:e2:4a:69:1d:67:c7:79:9a:de:21:da:39:03:e0:54:b5:64:ce:12:8e:81:21:c8:30:7b:6e:0a:d9:69:91:fe:84:b1:6b:0f:47:f1:b5:19:8d:46" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:39.430267000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496179.430267000", - "frame.time_delta": "0.136334000", - "frame.time_delta_displayed": "0.136334000", - "frame.time_relative": "2587.969581000", - "frame.number": "9191", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000077d4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x00001307", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35315", - "tcp.port": "80", - "tcp.port": "35315", - "tcp.stream": "355", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1929", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "6068", - "tcp.window_size": "6068", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00009dce", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "9190", - "tcp.analysis.ack_rtt": "0.136334000", - "tcp.analysis.initial_rtt": "0.139814000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:39.467313000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496179.467313000", - "frame.time_delta": "0.037046000", - "frame.time_delta_displayed": "0.037046000", - "frame.time_relative": "2588.006627000", - "frame.number": "9192", - "frame.len": "925", - "frame.cap_len": "925", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:media" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "911", - "ip.id": "0x00008794", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x0000ffdf", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35315", - "tcp.port": "80", - "tcp.port": "35315", - "tcp.stream": "355", - "tcp.len": "871", - "tcp.seq": "1", - "tcp.nxtseq": "872", - "tcp.ack": "1929", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "6068", - "tcp.window_size": "6068", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00001047", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.139814000", - "tcp.analysis.bytes_in_flight": "871", - "tcp.analysis.push_bytes_sent": "871" - } - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.cache_control": "private", - "http.response.line": "Cache-Control: private\r\n", - "http.content_length_header": "560", - "http.content_length_header_tree": { - "http.content_length": "560" - }, - "http.response.line": "Content-Length: 560\r\n", - "http.content_type": "application\/CB-Encrypted; cipher=AES", - "http.response.line": "Content-Type: application\/CB-Encrypted; cipher=AES\r\n", - "http.server": "Microsoft-IIS\/7.5", - "http.response.line": "Server: Microsoft-IIS\/7.5\r\n", - "http.www_authenticate": "CBAuth Nonce=\"u+X2i87wTqO\/INUInCbsSQ==\"", - "http.response.line": "WWW-Authenticate: CBAuth Nonce=\"u+X2i87wTqO\/INUInCbsSQ==\"\r\n", - "http.response.line": "X-AspNet-Version: 4.0.30319\r\n", - "http.response.line": "X-Powered-By: ASP.NET\r\n", - "http.date": "Wed, 01 Nov 2017 00:29:38 GMT", - "http.response.line": "Date: Wed, 01 Nov 2017 00:29:38 GMT\r\n", - "http.connection": "close", - "http.response.line": "Connection: close\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "0.173380000", - "http.request_in": "9190", - "http.file_data": "\u00ef\u00bf\u00bd+\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdP\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0010\u00ef\u00bf\u00bdt\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdn\u00ef\u00bf\u00bdW\u0004r3\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd*5S\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd%3\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd(\u00ef\u00bf\u00bd\u001e\u001ea\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u000f{\u00ef\u00bf\u00bd:#\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0015{Zy\u0017>\u00ef\u00bf\u00bd\u0002m\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdZ\t,\u00ef\u00bf\u00bd\u0014\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0007\u00ef\u00bf\u00bd$\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdr\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001f\u00ef\u00bf\u00bd\u0017eJZ\u0017%\u00ef\u00bf\u00bdr\u001d\u00ef\u00bf\u00bd[u\u00ef\u00bf\u00bdfL\u00ef\u00bf\u00bd\u001a\\yr\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\r\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd|\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdZ\u00ef\u00bf\u00bdK\u00ef\u00bf\u00bd\\\u0012\u001dw\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0012e\u00ef\u00bf\u00bd,\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd]d\u00ef\u00bf\u00bd\u0011\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdN\u00ef\u00bf\u00bd\u0003n\u00ef\u00bf\u00bd\u000b\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdp\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd4\u00ef\u00bf\u00bd\u0003\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd&\u00ef\u00bf\u00bd\u001b\u00ef\u00bf\u00bd\u0016\u00ef\u00bf\u00bd\u0013\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0011R^\u000e\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdI\u00ef\u00bf\u00bdD'\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd)\u001b\u00ef\u00bf\u00bd']'|}\u00ef\u00bf\u00bd\u0018}]&a\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdB\u0011\u00ef\u00bf\u00bdC\\&\u00ef\u00bf\u00bd@^\u0006\u001ea\u001b\u00ef\u00bf\u00bd\u001aE\u00ef\u00bf\u00bd\u000ec\u00ef\u00bf\u00bd+\u00ef\u00bf\u00bdzO\u00ef\u00bf\u00bd\"5\u0015o>b\/E\u00ef\u00bf\u00bd\u0002\u00ef\u00bf\u00bd(\u000f\u00ef\u00bf\u00bd)\b&jw\u00ef\u00bf\u00bd[\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0011\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u007f\u00ef\u00bf\u00bd\f\n\u000e\u00ef\u00bf\u00bd7.#Cl\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u001d\u00ef\u00bf\u00bdm\u0019\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd6c[\u00ef\u00bf\u00bdX(\u00ef\u00bf\u00bd$\u001cJ\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdm\u00ef\u00bf\u00bdtD\u00ef\u00bf\u00bd2\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdx\u00ef\u00bf\u00bdj\u00ef\u00bf\u00bdp\u00ef\u00bf\u00bdx\u00ef\u00bf\u00bd\u0010ax\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u0014\u0019\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdT\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bduG&\u00ef\u00bf\u00bd\u0016|\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\r\"tB&\u0014\u00ef\u00bf\u00bd\u00ef\u00bf\u00bdB\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd(\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd\u00ef\u00bf\u00bd]" - }, - "media": { - "media.type": "ef:2b:ea:fe:50:df:84:91:dc:10:8f:74:c5:c9:6e:b9:57:04:72:33:87:d0:8f:2a:35:53:b3:f2:25:33:e0:de:28:87:1e:1e:61:fd:d8:85:0f:7b:8c:3a:23:81:de:15:7b:5a:79:17:3e:fc:02:6d:f9:be:5a:09:2c:f9:14:b8:d6:07:e7:24:e4:ed:a1:db:87:72:e9:b4:1f:ef:17:65:4a:5a:17:25:bf:72:1d:f2:5b:75:cc:66:4c:e5:1a:5c:79:72:b7:c1:83:fd:0d:ce:85:da:7c:92:bb:5a:dd:4b:d4:5c:12:1d:77:fe:aa:fc:e1:12:65:ef:2c:9a:fc:5d:64:ff:11:c8:8b:8a:4e:d5:03:6e:b7:0b:f6:85:80:70:e8:b4:a0:ab:a3:89:34:e3:03:9b:d3:e7:90:f1:f8:bc:9f:26:e6:1b:8f:16:d6:13:ce:e2:11:52:5e:0e:fd:c9:cb:db:c0:ab:49:e1:44:27:f8:eb:f9:b2:ce:29:1b:f1:27:5d:27:7c:7d:a2:18:7d:5d:26:61:be:f0:e0:eb:42:11:94:43:5c:26:8a:40:5e:06:1e:61:1b:a4:1a:45:c0:0e:63:81:2b:a2:7a:4f:88:22:35:15:6f:3e:62:2f:45:cd:02:f7:28:0f:91:29:08:26:6a:77:fa:5b:f2:a8:11:d9:90:cd:7f:d0:0c:0a:0e:f4:37:2e:23:43:6c:db:9b:ee:e7:b3:1d:b7:6d:19:e3:82:36:63:5b:ae:58:28:d7:24:1c:4a:ad:e2:c9:dd:6d:f1:74:44:85:32:b0:b7:78:cf:6a:c8:70:8b:78:dc:10:61:78:8e:f0:ce:b6:bb:e0:b6:14:19:a6:b1:c0:54:b1:d9:cd:75:47:26:aa:16:7c:e1:d0:0d:22:74:42:26:14:ac:d2:42:b6:82:28:e1:cf:c6:d7:5d:00:51:63:cb:a9:98:c6:49:d5:df:d7:e4:7e:f7:87:88:3a:0e:36:90:94:f9:07:8b:a3:e5:d5:6b:ac:6c:0d:05:f6:73:a4:c0:98:84:14:14:1b:bb:35:6a:1b:b1:d7:82:f8:a7:d0:6c:d7:45:f0:8f:8f:7c:f1:f9:14:a0:c1:30:13:be:54:ed:53:ff:cf:e1:63:aa:36:1f:b6:82:86:d4:e1:df:a1:7b:e5:cf:b3:f7:b8:1b:f9:ba:be:af:8b:d2:7e:e0:b4:3e:01:ff:61:de:72:f0:d0:36:48:a3:f3:4d:a3:87:e3:1a:55:ba:1e:78:23:4b:e5:77:13:ab:26:7a:da:74:dd:30:e1:9b:a0:64:d4:cd:82:a3:b5:4b:b8:60:d8:c4:ae:a9:77:6e:b9:6e:45:a9:b4:60:30:6e:d2:2f:14:4d:aa:a3:f8:fb:c7:37:3b:4f:ff:a9:82:07:75:9d:bc:3c:e2:7c:3d:2b:44:b9:aa:80:07:75:8d:92:94:aa:90:e1:53:af:9e:0a:c1:a2:b0:5e:32:47:13" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:39.467407000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496179.467407000", - "frame.time_delta": "0.000094000", - "frame.time_delta_displayed": "0.000094000", - "frame.time_relative": "2588.006721000", - "frame.number": "9193", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00008796", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x00000345", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35315", - "tcp.port": "80", - "tcp.port": "35315", - "tcp.stream": "355", - "tcp.len": "0", - "tcp.seq": "872", - "tcp.ack": "1929", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "6068", - "tcp.window_size": "6068", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00009a66", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:39.467889000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496179.467889000", - "frame.time_delta": "0.000482000", - "frame.time_delta_displayed": "0.000482000", - "frame.time_relative": "2588.007203000", - "frame.number": "9194", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000059c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x00003040", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35315", - "tcp.dstport": "80", - "tcp.port": "35315", - "tcp.port": "80", - "tcp.stream": "355", - "tcp.len": "0", - "tcp.seq": "1929", - "tcp.ack": "872", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "30485", - "tcp.window_size": "30485", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00003b06", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "9192", - "tcp.analysis.ack_rtt": "0.000576000", - "tcp.analysis.initial_rtt": "0.139814000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:39.468738000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496179.468738000", - "frame.time_delta": "0.000849000", - "frame.time_delta_displayed": "0.000849000", - "frame.time_relative": "2588.008052000", - "frame.number": "9195", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000059d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000303f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.dst_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.dst_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.dst_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.dst_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.dst_lon": "-0.13", - "ip.geoip.lon": "-0.13" - } - }, - "tcp": { - "tcp.srcport": "35315", - "tcp.dstport": "80", - "tcp.port": "35315", - "tcp.port": "80", - "tcp.stream": "355", - "tcp.len": "0", - "tcp.seq": "1929", - "tcp.ack": "873", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "30485", - "tcp.window_size": "30485", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00003b04", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "9193", - "tcp.analysis.ack_rtt": "0.001331000", - "tcp.analysis.initial_rtt": "0.139814000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:39.604233000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496179.604233000", - "frame.time_delta": "0.135495000", - "frame.time_delta_displayed": "0.135495000", - "frame.time_relative": "2588.143547000", - "frame.number": "9196", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000c425", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "235", - "ip.proto": "6", - "ip.checksum": "0x0000c6b5", - "ip.checksum.status": "2", - "ip.src": "5.79.62.93", - "ip.addr": "5.79.62.93", - "ip.src_host": "5.79.62.93", - "ip.host": "5.79.62.93", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United Kingdom, AS15395 Rackspace Ltd., 51.500000, -0.130000": { - "ip.geoip.src_country": "United Kingdom", - "ip.geoip.country": "United Kingdom", - "ip.geoip.src_asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.asnum": "AS15395 Rackspace Ltd.", - "ip.geoip.src_lat": "51.5", - "ip.geoip.lat": "51.5", - "ip.geoip.src_lon": "-0.13", - "ip.geoip.lon": "-0.13" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "35315", - "tcp.port": "80", - "tcp.port": "35315", - "tcp.stream": "355", - "tcp.len": "0", - "tcp.seq": "873", - "tcp.ack": "1930", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "6068", - "tcp.window_size": "6068", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00009a65", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "9195", - "tcp.analysis.ack_rtt": "0.135495000", - "tcp.analysis.initial_rtt": "0.139814000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:39.673375000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496179.673375000", - "frame.time_delta": "0.069142000", - "frame.time_delta_displayed": "0.069142000", - "frame.time_relative": "2588.212689000", - "frame.number": "9197", - "frame.len": "216", - "frame.cap_len": "216", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "202", - "ip.id": "0x0000213b", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x0000e6d9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57452", - "udp.dstport": "1900", - "udp.port": "57452", - "udp.port": "1900", - "udp.length": "182", - "udp.checksum": "0x000069f1", - "udp.checksum.status": "2", - "udp.stream": "163" - }, - "ssdp": { - "M-SEARCH * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "M-SEARCH * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "M-SEARCH", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.request.line": "HOST: 239.255.255.250:1900\r\n", - "http.request.line": "MAN: \"ssdp:discover\"\r\n", - "http.request.line": "MX: 1\r\n", - "http.request.line": "ST: urn:dial-multiscreen-org:service:dial:1\r\n", - "http.user_agent": "Google Chrome\/61.0.3163.100 Windows", - "http.request.line": "USER-AGENT: Google Chrome\/61.0.3163.100 Windows\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.request": "1", - "http.request_number": "4", - "http.prev_request_in": "9162" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:39.780641000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496179.780641000", - "frame.time_delta": "0.107266000", - "frame.time_delta_displayed": "0.107266000", - "frame.time_relative": "2588.319955000", - "frame.number": "9198", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.160" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:39.781035000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496179.781035000", - "frame.time_delta": "0.000394000", - "frame.time_delta_displayed": "0.000394000", - "frame.time_relative": "2588.320349000", - "frame.number": "9199", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "00:17:88:69:ee:e4", - "arp.src.proto_ipv4": "192.168.0.160", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:40.065788000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496180.065788000", - "frame.time_delta": "0.284753000", - "frame.time_delta_displayed": "0.284753000", - "frame.time_relative": "2588.605102000", - "frame.number": "9200", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000da30", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000dd1a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "57452", - "udp.port": "1900", - "udp.port": "57452", - "udp.length": "305", - "udp.checksum": "0x0000e4ae", - "udp.checksum.status": "2", - "udp.stream": "164" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "10", - "http.prev_response_in": "9184" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:40.118685000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496180.118685000", - "frame.time_delta": "0.052897000", - "frame.time_delta_displayed": "0.052897000", - "frame.time_relative": "2588.657999000", - "frame.number": "9201", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000da32", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000dd0f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "57452", - "udp.port": "1900", - "udp.port": "57452", - "udp.length": "314", - "udp.checksum": "0x0000f299", - "udp.checksum.status": "2", - "udp.stream": "164" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "11", - "http.prev_response_in": "9200" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:40.171439000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496180.171439000", - "frame.time_delta": "0.052754000", - "frame.time_delta_displayed": "0.052754000", - "frame.time_relative": "2588.710753000", - "frame.number": "9202", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000da37", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000dd10", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "57452", - "udp.port": "1900", - "udp.port": "57452", - "udp.length": "308", - "udp.checksum": "0x00001624", - "udp.checksum.status": "2", - "udp.stream": "164" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "12", - "http.prev_response_in": "9201" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:40.382045000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496180.382045000", - "frame.time_delta": "0.210606000", - "frame.time_delta_displayed": "0.210606000", - "frame.time_relative": "2588.921359000", - "frame.number": "9203", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000da49", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000dd01", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "57452", - "udp.port": "1900", - "udp.port": "57452", - "udp.length": "305", - "udp.checksum": "0x0000e4ae", - "udp.checksum.status": "2", - "udp.stream": "164" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "13", - "http.prev_response_in": "9202" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:40.434877000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496180.434877000", - "frame.time_delta": "0.052832000", - "frame.time_delta_displayed": "0.052832000", - "frame.time_relative": "2588.974191000", - "frame.number": "9204", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000da4e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000dcf3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "57452", - "udp.port": "1900", - "udp.port": "57452", - "udp.length": "314", - "udp.checksum": "0x0000f299", - "udp.checksum.status": "2", - "udp.stream": "164" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "14", - "http.prev_response_in": "9203" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:40.487602000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496180.487602000", - "frame.time_delta": "0.052725000", - "frame.time_delta_displayed": "0.052725000", - "frame.time_relative": "2589.026916000", - "frame.number": "9205", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000da53", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000dcf4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "57452", - "udp.port": "1900", - "udp.port": "57452", - "udp.length": "308", - "udp.checksum": "0x00001624", - "udp.checksum.status": "2", - "udp.stream": "164" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "15", - "http.prev_response_in": "9204" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:41.434007000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496181.434007000", - "frame.time_delta": "0.946405000", - "frame.time_delta_displayed": "0.946405000", - "frame.time_relative": "2589.973321000", - "frame.number": "9206", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000da84", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000dcc6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "57452", - "udp.port": "1900", - "udp.port": "57452", - "udp.length": "305", - "udp.checksum": "0x0000e4ae", - "udp.checksum.status": "2", - "udp.stream": "164" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "16", - "http.prev_response_in": "9205" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:41.486782000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496181.486782000", - "frame.time_delta": "0.052775000", - "frame.time_delta_displayed": "0.052775000", - "frame.time_relative": "2590.026096000", - "frame.number": "9207", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000da85", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000dcbc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "57452", - "udp.port": "1900", - "udp.port": "57452", - "udp.length": "314", - "udp.checksum": "0x0000f299", - "udp.checksum.status": "2", - "udp.stream": "164" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "17", - "http.prev_response_in": "9206" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:41.539595000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496181.539595000", - "frame.time_delta": "0.052813000", - "frame.time_delta_displayed": "0.052813000", - "frame.time_relative": "2590.078909000", - "frame.number": "9208", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000da87", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000dcc0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "57452", - "udp.port": "1900", - "udp.port": "57452", - "udp.length": "308", - "udp.checksum": "0x00001624", - "udp.checksum.status": "2", - "udp.stream": "164" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "18", - "http.prev_response_in": "9207" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:42.118545000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496182.118545000", - "frame.time_delta": "0.578950000", - "frame.time_delta_displayed": "0.578950000", - "frame.time_relative": "2590.657859000", - "frame.number": "9209", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000da9e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000dcac", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "57452", - "udp.port": "1900", - "udp.port": "57452", - "udp.length": "305", - "udp.checksum": "0x0000e4ae", - "udp.checksum.status": "2", - "udp.stream": "164" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "19", - "http.prev_response_in": "9208" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:42.171329000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496182.171329000", - "frame.time_delta": "0.052784000", - "frame.time_delta_displayed": "0.052784000", - "frame.time_relative": "2590.710643000", - "frame.number": "9210", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000daa2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000dc9f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "57452", - "udp.port": "1900", - "udp.port": "57452", - "udp.length": "314", - "udp.checksum": "0x0000f299", - "udp.checksum.status": "2", - "udp.stream": "164" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "20", - "http.prev_response_in": "9209" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:42.224132000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496182.224132000", - "frame.time_delta": "0.052803000", - "frame.time_delta_displayed": "0.052803000", - "frame.time_relative": "2590.763446000", - "frame.number": "9211", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000daa3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000dca4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "57452", - "udp.port": "1900", - "udp.port": "57452", - "udp.length": "308", - "udp.checksum": "0x00001624", - "udp.checksum.status": "2", - "udp.stream": "164" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "21", - "http.prev_response_in": "9210" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:43.123358000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496183.123358000", - "frame.time_delta": "0.899226000", - "frame.time_delta_displayed": "0.899226000", - "frame.time_relative": "2591.662672000", - "frame.number": "9212", - "frame.len": "339", - "frame.cap_len": "339", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "325", - "ip.id": "0x0000dac6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000dc84", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "57452", - "udp.port": "1900", - "udp.port": "57452", - "udp.length": "305", - "udp.checksum": "0x0000e4ae", - "udp.checksum.status": "2", - "udp.stream": "164" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: upnp:rootdevice\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "22", - "http.prev_response_in": "9211" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:43.176140000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496183.176140000", - "frame.time_delta": "0.052782000", - "frame.time_delta_displayed": "0.052782000", - "frame.time_relative": "2591.715454000", - "frame.number": "9213", - "frame.len": "348", - "frame.cap_len": "348", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "334", - "ip.id": "0x0000dac7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000dc7a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "57452", - "udp.port": "1900", - "udp.port": "57452", - "udp.length": "314", - "udp.checksum": "0x0000f299", - "udp.checksum.status": "2", - "udp.stream": "164" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "23", - "http.prev_response_in": "9212" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:43.228902000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496183.228902000", - "frame.time_delta": "0.052762000", - "frame.time_delta_displayed": "0.052762000", - "frame.time_relative": "2591.768216000", - "frame.number": "9214", - "frame.len": "342", - "frame.cap_len": "342", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "60:57:18:8e:aa:94", - "eth.dst_tree": { - "eth.dst_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "328", - "ip.id": "0x0000dacd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000dc7a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.dst_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "57452", - "udp.port": "1900", - "udp.port": "57452", - "udp.length": "308", - "udp.checksum": "0x00001624", - "udp.checksum.status": "2", - "udp.stream": "164" - }, - "ssdp": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.host": "239.255.255.250:1900", - "http.response.line": "HOST: 239.255.255.250:1900\r\n", - "http.response.line": "EXT:\r\n", - "http.cache_control": "max-age=100", - "http.response.line": "CACHE-CONTROL: max-age=100\r\n", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.response.line": "LOCATION: http:\/\/192.168.0.160:80\/description.xml\r\n", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.response.line": "SERVER: Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0\r\n", - "http.response.line": "hue-bridgeid: 001788FFFE69EEE4\r\n", - "http.response.line": "ST: urn:schemas-upnp-org:device:basic:1\r\n", - "http.response.line": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "24", - "http.prev_response_in": "9213" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:49.739790000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496189.739790000", - "frame.time_delta": "6.510888000", - "frame.time_delta_displayed": "6.510888000", - "frame.time_relative": "2598.279104000", - "frame.number": "9215", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x0000208e", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b762", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00001055", - "udp.checksum.status": "2", - "udp.stream": "150" - }, - "mdns": { - "dns.id": "0x0000029d", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=669", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:49.740359000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496189.740359000", - "frame.time_delta": "0.000569000", - "frame.time_delta_displayed": "0.000569000", - "frame.time_relative": "2598.279673000", - "frame.number": "9216", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x0000208f", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000985d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f150", - "udp.checksum.status": "2", - "udp.stream": "151" - }, - "mdns": { - "dns.id": "0x0000029d", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=669", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:49.740930000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496189.740930000", - "frame.time_delta": "0.000571000", - "frame.time_delta_displayed": "0.000571000", - "frame.time_relative": "2598.280244000", - "frame.number": "9217", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1325", - "udp.dstport": "5353", - "udp.port": "1325", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00007f16", - "udp.checksum.status": "2", - "udp.stream": "152" - }, - "mdns": { - "dns.id": "0x0000029d", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=669", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:50.566308000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496190.566308000", - "frame.time_delta": "0.825378000", - "frame.time_delta_displayed": "0.825378000", - "frame.time_relative": "2599.105622000", - "frame.number": "9218", - "frame.len": "318", - "frame.cap_len": "318", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http:data-text-lines" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "304", - "ip.id": "0x00008658", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "47", - "ip.proto": "6", - "ip.checksum": "0x00000e82", - "ip.checksum.status": "2", - "ip.src": "54.219.189.242", - "ip.addr": "54.219.189.242", - "ip.src_host": "54.219.189.242", - "ip.host": "54.219.189.242", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.src_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.src_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.src_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49782", - "tcp.port": "80", - "tcp.port": "49782", - "tcp.stream": "320", - "tcp.len": "264", - "tcp.seq": "1", - "tcp.nxtseq": "265", - "tcp.ack": "258", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "15544", - "tcp.window_size": "15544", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000da66", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.018098000", - "tcp.analysis.bytes_in_flight": "264", - "tcp.analysis.push_bytes_sent": "264" - } - }, - "http": { - "HTTP\/1.1 200 OK\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "HTTP\/1.1 200 OK\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.version": "HTTP\/1.1", - "http.response.code": "200", - "http.response.phrase": "OK" - }, - "http.date": "Wed, 01 Nov 2017 00:29:50 GMT", - "http.response.line": "Date: Wed, 01 Nov 2017 00:29:50 GMT\r\n", - "http.content_type": "text\/javascript; charset=\"UTF-8\"", - "http.response.line": "Content-Type: text\/javascript; charset=\"UTF-8\"\r\n", - "http.content_length_header": "24", - "http.content_length_header_tree": { - "http.content_length": "24" - }, - "http.response.line": "Content-Length: 24\r\n", - "http.connection": "keep-alive", - "http.response.line": "Connection: keep-alive\r\n", - "http.cache_control": "no-cache", - "http.response.line": "Cache-Control: no-cache\r\n", - "http.response.line": "Access-Control-Allow-Origin: *\r\n", - "http.response.line": "Access-Control-Allow-Methods: GET\r\n", - "\\r\\n": "", - "http.response": "1", - "http.response_number": "1", - "http.time": "280.033664000", - "http.request_in": "8348", - "http.file_data": "[[],\"15094945528362978\"]" - }, - "data-text-lines": { - "[[],\"15094945528362978\"]": "" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:50.600243000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496190.600243000", - "frame.time_delta": "0.033935000", - "frame.time_delta_displayed": "0.033935000", - "frame.time_relative": "2599.139557000", - "frame.number": "9219", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000107a", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x0000f567", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.219.189.242", - "ip.addr": "54.219.189.242", - "ip.dst_host": "54.219.189.242", - "ip.host": "54.219.189.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49782", - "tcp.dstport": "80", - "tcp.port": "49782", - "tcp.port": "80", - "tcp.stream": "320", - "tcp.len": "0", - "tcp.seq": "258", - "tcp.ack": "265", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "5336", - "tcp.window_size": "5336", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000f95b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "9218", - "tcp.analysis.ack_rtt": "0.033935000", - "tcp.analysis.initial_rtt": "0.018098000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:50.612044000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496190.612044000", - "frame.time_delta": "0.011801000", - "frame.time_delta_displayed": "0.011801000", - "frame.time_relative": "2599.151358000", - "frame.number": "9220", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00008659", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "47", - "ip.proto": "6", - "ip.checksum": "0x00000f89", - "ip.checksum.status": "2", - "ip.src": "54.219.189.242", - "ip.addr": "54.219.189.242", - "ip.src_host": "54.219.189.242", - "ip.host": "54.219.189.242", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.src_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.src_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.src_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49782", - "tcp.port": "80", - "tcp.port": "49782", - "tcp.stream": "320", - "tcp.len": "0", - "tcp.seq": "265", - "tcp.ack": "259", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000011", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "1", - "tcp.flags.fin_tree": { - "_ws.expert": { - "tcp.connection.fin": "", - "_ws.expert.message": "Connection finish (FIN)", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7F" - }, - "tcp.window_size_value": "15544", - "tcp.window_size": "15544", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000d17a", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "9219", - "tcp.analysis.ack_rtt": "0.011801000", - "tcp.analysis.initial_rtt": "0.018098000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:50.617955000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496190.617955000", - "frame.time_delta": "0.005911000", - "frame.time_delta_displayed": "0.005911000", - "frame.time_relative": "2599.157269000", - "frame.number": "9221", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000107b", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x0000f566", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.219.189.242", - "ip.addr": "54.219.189.242", - "ip.dst_host": "54.219.189.242", - "ip.host": "54.219.189.242", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49782", - "tcp.dstport": "80", - "tcp.port": "49782", - "tcp.port": "80", - "tcp.stream": "320", - "tcp.len": "0", - "tcp.seq": "259", - "tcp.ack": "266", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5335", - "tcp.window_size": "5335", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000f95b", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "9220", - "tcp.analysis.ack_rtt": "0.005911000", - "tcp.analysis.initial_rtt": "0.018098000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:51.606768000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496191.606768000", - "frame.time_delta": "0.988813000", - "frame.time_delta_displayed": "0.988813000", - "frame.time_relative": "2600.146082000", - "frame.number": "9222", - "frame.len": "77", - "frame.cap_len": "77", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "63", - "ip.id": "0x0000107c", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x00002968", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "49153", - "udp.dstport": "53", - "udp.port": "49153", - "udp.port": "53", - "udp.length": "43", - "udp.checksum": "0x0000ae31", - "udp.checksum.status": "2", - "udp.stream": "14" - }, - "dns": { - "dns.id": "0x00000000", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "pubsub.pubnub.com: type A, class IN": { - "dns.qry.name": "pubsub.pubnub.com", - "dns.qry.name.len": "17", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:51.608786000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496191.608786000", - "frame.time_delta": "0.002018000", - "frame.time_delta_displayed": "0.002018000", - "frame.time_relative": "2600.148100000", - "frame.number": "9223", - "frame.len": "540", - "frame.cap_len": "540", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "526", - "ip.id": "0x00009ded", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00001928", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "49153", - "udp.port": "53", - "udp.port": "49153", - "udp.length": "506", - "udp.checksum": "0x000083d5", - "udp.checksum.status": "2", - "udp.stream": "14" - }, - "dns": { - "dns.response_to": "9222", - "dns.time": "0.002018000", - "dns.id": "0x00000000", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "2", - "dns.count.auth_rr": "8", - "dns.count.add_rr": "11", - "Queries": { - "pubsub.pubnub.com: type A, class IN": { - "dns.qry.name": "pubsub.pubnub.com", - "dns.qry.name.len": "17", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "pubsub.pubnub.com: type A, class IN, addr 54.241.191.239": { - "dns.resp.name": "pubsub.pubnub.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "171", - "dns.resp.len": "4", - "dns.a": "54.241.191.239" - }, - "pubsub.pubnub.com: type A, class IN, addr 52.9.63.131": { - "dns.resp.name": "pubsub.pubnub.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "171", - "dns.resp.len": "4", - "dns.a": "52.9.63.131" - } - }, - "Authoritative nameservers": { - "pubnub.com: type NS, class IN, ns ns-1979.awsdns-55.co.uk": { - "dns.resp.name": "pubnub.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "51368", - "dns.resp.len": "25", - "dns.ns": "ns-1979.awsdns-55.co.uk" - }, - "pubnub.com: type NS, class IN, ns ns2.p19.dynect.net": { - "dns.resp.name": "pubnub.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "51368", - "dns.resp.len": "20", - "dns.ns": "ns2.p19.dynect.net" - }, - "pubnub.com: type NS, class IN, ns ns-907.awsdns-49.net": { - "dns.resp.name": "pubnub.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "51368", - "dns.resp.len": "19", - "dns.ns": "ns-907.awsdns-49.net" - }, - "pubnub.com: type NS, class IN, ns ns4.p19.dynect.net": { - "dns.resp.name": "pubnub.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "51368", - "dns.resp.len": "6", - "dns.ns": "ns4.p19.dynect.net" - }, - "pubnub.com: type NS, class IN, ns ns1.p19.dynect.net": { - "dns.resp.name": "pubnub.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "51368", - "dns.resp.len": "6", - "dns.ns": "ns1.p19.dynect.net" - }, - "pubnub.com: type NS, class IN, ns ns-22.awsdns-02.com": { - "dns.resp.name": "pubnub.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "51368", - "dns.resp.len": "18", - "dns.ns": "ns-22.awsdns-02.com" - }, - "pubnub.com: type NS, class IN, ns ns-1127.awsdns-12.org": { - "dns.resp.name": "pubnub.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "51368", - "dns.resp.len": "23", - "dns.ns": "ns-1127.awsdns-12.org" - }, - "pubnub.com: type NS, class IN, ns ns3.p19.dynect.net": { - "dns.resp.name": "pubnub.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "51368", - "dns.resp.len": "6", - "dns.ns": "ns3.p19.dynect.net" - } - }, - "Additional records": { - "ns1.p19.dynect.net: type A, class IN, addr 208.78.70.19": { - "dns.resp.name": "ns1.p19.dynect.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3659", - "dns.resp.len": "4", - "dns.a": "208.78.70.19" - }, - "ns2.p19.dynect.net: type A, class IN, addr 204.13.250.19": { - "dns.resp.name": "ns2.p19.dynect.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "55619", - "dns.resp.len": "4", - "dns.a": "204.13.250.19" - }, - "ns3.p19.dynect.net: type A, class IN, addr 208.78.71.19": { - "dns.resp.name": "ns3.p19.dynect.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1929", - "dns.resp.len": "4", - "dns.a": "208.78.71.19" - }, - "ns4.p19.dynect.net: type A, class IN, addr 204.13.251.19": { - "dns.resp.name": "ns4.p19.dynect.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "55620", - "dns.resp.len": "4", - "dns.a": "204.13.251.19" - }, - "ns-22.awsdns-02.com: type A, class IN, addr 205.251.192.22": { - "dns.resp.name": "ns-22.awsdns-02.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "56361", - "dns.resp.len": "4", - "dns.a": "205.251.192.22" - }, - "ns-907.awsdns-49.net: type A, class IN, addr 205.251.195.139": { - "dns.resp.name": "ns-907.awsdns-49.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "56469", - "dns.resp.len": "4", - "dns.a": "205.251.195.139" - }, - "ns-1127.awsdns-12.org: type A, class IN, addr 205.251.196.103": { - "dns.resp.name": "ns-1127.awsdns-12.org", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "56011", - "dns.resp.len": "4", - "dns.a": "205.251.196.103" - }, - "ns-1979.awsdns-55.co.uk: type A, class IN, addr 205.251.199.187": { - "dns.resp.name": "ns-1979.awsdns-55.co.uk", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "55812", - "dns.resp.len": "4", - "dns.a": "205.251.199.187" - }, - "ns-22.awsdns-02.com: type AAAA, class IN, addr 2600:9000:5300:1600::1": { - "dns.resp.name": "ns-22.awsdns-02.com", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "56361", - "dns.resp.len": "16", - "dns.aaaa": "2600:9000:5300:1600::1" - }, - "ns-907.awsdns-49.net: type AAAA, class IN, addr 2600:9000:5303:8b00::1": { - "dns.resp.name": "ns-907.awsdns-49.net", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "56469", - "dns.resp.len": "16", - "dns.aaaa": "2600:9000:5303:8b00::1" - }, - "ns-1127.awsdns-12.org: type AAAA, class IN, addr 2600:9000:5304:6700::1": { - "dns.resp.name": "ns-1127.awsdns-12.org", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "56011", - "dns.resp.len": "16", - "dns.aaaa": "2600:9000:5304:6700::1" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:51.615403000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496191.615403000", - "frame.time_delta": "0.006617000", - "frame.time_delta_displayed": "0.006617000", - "frame.time_relative": "2600.154717000", - "frame.number": "9224", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "44", - "ip.id": "0x0000107d", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x0000f34d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.241.191.239", - "ip.addr": "54.241.191.239", - "ip.dst_host": "54.241.191.239", - "ip.host": "54.241.191.239", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49783", - "tcp.dstport": "80", - "tcp.port": "49783", - "tcp.port": "80", - "tcp.stream": "356", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "0", - "tcp.hdr_len": "24", - "tcp.flags": "0x00000002", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "0", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.syn": "", - "_ws.expert.message": "Connection establish request (SYN): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "5600", - "tcp.window_size": "5600", - "tcp.checksum": "0x00008179", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:78", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1400" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:51.627748000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496191.627748000", - "frame.time_delta": "0.012345000", - "frame.time_delta_displayed": "0.012345000", - "frame.time_relative": "2600.167062000", - "frame.number": "9225", - "frame.len": "58", - "frame.cap_len": "58", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "44", - "ip.id": "0x00000000", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "47", - "ip.proto": "6", - "ip.checksum": "0x000093cb", - "ip.checksum.status": "2", - "ip.src": "54.241.191.239", - "ip.addr": "54.241.191.239", - "ip.src_host": "54.241.191.239", - "ip.host": "54.241.191.239", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.src_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.src_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.src_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49783", - "tcp.port": "80", - "tcp.port": "49783", - "tcp.stream": "356", - "tcp.len": "0", - "tcp.seq": "0", - "tcp.ack": "1", - "tcp.hdr_len": "24", - "tcp.flags": "0x00000012", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "1", - "tcp.flags.syn_tree": { - "_ws.expert": { - "tcp.connection.sack": "", - "_ws.expert.message": "Connection establish acknowledge (SYN+ACK): server port 80", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - } - }, - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7S\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.checksum": "0x000030b4", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "02:04:05:b4", - "tcp.options_tree": { - "tcp.options.mss": { - "tcp.option_kind": "2", - "tcp.option_len": "4", - "tcp.options.mss_val": "1460" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "9224", - "tcp.analysis.ack_rtt": "0.012345000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:51.633506000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496191.633506000", - "frame.time_delta": "0.005758000", - "frame.time_delta_displayed": "0.005758000", - "frame.time_relative": "2600.172820000", - "frame.number": "9226", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x0000107e", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x0000f350", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.241.191.239", - "ip.addr": "54.241.191.239", - "ip.dst_host": "54.241.191.239", - "ip.host": "54.241.191.239", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49783", - "tcp.dstport": "80", - "tcp.port": "49783", - "tcp.port": "80", - "tcp.stream": "356", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5600", - "tcp.window_size": "5600", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000a4a1", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "9225", - "tcp.analysis.ack_rtt": "0.005758000", - "tcp.analysis.initial_rtt": "0.018103000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:51.661672000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496191.661672000", - "frame.time_delta": "0.028166000", - "frame.time_delta_displayed": "0.028166000", - "frame.time_relative": "2600.200986000", - "frame.number": "9227", - "frame.len": "69", - "frame.cap_len": "69", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "55", - "ip.id": "0x0000107f", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x0000f340", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.241.191.239", - "ip.addr": "54.241.191.239", - "ip.dst_host": "54.241.191.239", - "ip.host": "54.241.191.239", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49783", - "tcp.dstport": "80", - "tcp.port": "49783", - "tcp.port": "80", - "tcp.stream": "356", - "tcp.len": "15", - "tcp.seq": "1", - "tcp.nxtseq": "16", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5600", - "tcp.window_size": "5600", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x0000ed1c", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.018103000", - "tcp.analysis.bytes_in_flight": "15", - "tcp.analysis.push_bytes_sent": "15" - }, - "tcp.segment_data": "47:45:54:20:2f:73:75:62:73:63:72:69:62:65:2f" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:51.674048000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496191.674048000", - "frame.time_delta": "0.012376000", - "frame.time_delta_displayed": "0.012376000", - "frame.time_relative": "2600.213362000", - "frame.number": "9228", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000057de", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "47", - "ip.proto": "6", - "ip.checksum": "0x00003bf1", - "ip.checksum.status": "2", - "ip.src": "54.241.191.239", - "ip.addr": "54.241.191.239", - "ip.src_host": "54.241.191.239", - "ip.host": "54.241.191.239", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.src_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.src_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.src_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49783", - "tcp.port": "80", - "tcp.port": "49783", - "tcp.stream": "356", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "16", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "29200", - "tcp.window_size": "29200", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00004862", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "9227", - "tcp.analysis.ack_rtt": "0.012376000", - "tcp.analysis.initial_rtt": "0.018103000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:51.679218000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496191.679218000", - "frame.time_delta": "0.005170000", - "frame.time_delta_displayed": "0.005170000", - "frame.time_relative": "2600.218532000", - "frame.number": "9229", - "frame.len": "296", - "frame.cap_len": "296", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:http" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "282", - "ip.id": "0x00001080", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "6", - "ip.checksum": "0x0000f25c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.src_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "ip.dst": "54.241.191.239", - "ip.addr": "54.241.191.239", - "ip.dst_host": "54.241.191.239", - "ip.host": "54.241.191.239", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.dst_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.dst_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.dst_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - } - }, - "tcp": { - "tcp.srcport": "49783", - "tcp.dstport": "80", - "tcp.port": "49783", - "tcp.port": "80", - "tcp.stream": "356", - "tcp.len": "242", - "tcp.seq": "16", - "tcp.nxtseq": "258", - "tcp.ack": "1", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "5600", - "tcp.window_size": "5600", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x000023b0", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.initial_rtt": "0.018103000", - "tcp.analysis.bytes_in_flight": "242", - "tcp.analysis.push_bytes_sent": "242" - }, - "tcp.segment_data": "73:75:62:2d:63:2d:62:35:62:35:65:61:61:65:2d:38:63:64:39:2d:31:31:65:33:2d:61:35:36:62:2d:30:32:65:65:32:64:64:61:62:37:66:65:2f:63:68:61:6e:6e:65:6c:5f:39:62:63:34:31:61:63:34:2d:37:39:61:36:2d:34:35:65:31:2d:39:37:64:32:2d:34:62:30:65:31:64:62:65:35:39:32:33:2f:30:2f:31:35:30:39:34:39:34:35:35:32:38:33:36:32:39:37:38:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:70:75:62:73:75:62:2e:70:75:62:6e:75:62:2e:63:6f:6d:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:6c:77:73:6f:63:6b:65:74:73:2f:30:2e:31:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:6b:65:65:70:2d:61:6c:69:76:65:0d:0a:43:61:63:68:65:2d:43:6f:6e:74:72:6f:6c:3a:20:6e:6f:2d:63:61:63:68:65:2c:20:6e:6f:2d:73:74:6f:72:65:2c:20:6d:61:78:2d:61:67:65:3d:30:0d:0a:0d:0a" - }, - "tcp.segments": { - "tcp.segment": "9227", - "tcp.segment": "9229", - "tcp.segment.count": "2", - "tcp.reassembled.length": "257", - "tcp.reassembled.data": "47:45:54:20:2f:73:75:62:73:63:72:69:62:65:2f:73:75:62:2d:63:2d:62:35:62:35:65:61:61:65:2d:38:63:64:39:2d:31:31:65:33:2d:61:35:36:62:2d:30:32:65:65:32:64:64:61:62:37:66:65:2f:63:68:61:6e:6e:65:6c:5f:39:62:63:34:31:61:63:34:2d:37:39:61:36:2d:34:35:65:31:2d:39:37:64:32:2d:34:62:30:65:31:64:62:65:35:39:32:33:2f:30:2f:31:35:30:39:34:39:34:35:35:32:38:33:36:32:39:37:38:20:48:54:54:50:2f:31:2e:31:0d:0a:48:6f:73:74:3a:20:70:75:62:73:75:62:2e:70:75:62:6e:75:62:2e:63:6f:6d:0d:0a:55:73:65:72:2d:41:67:65:6e:74:3a:20:6c:77:73:6f:63:6b:65:74:73:2f:30:2e:31:0d:0a:43:6f:6e:6e:65:63:74:69:6f:6e:3a:20:6b:65:65:70:2d:61:6c:69:76:65:0d:0a:43:61:63:68:65:2d:43:6f:6e:74:72:6f:6c:3a:20:6e:6f:2d:63:61:63:68:65:2c:20:6e:6f:2d:73:74:6f:72:65:2c:20:6d:61:78:2d:61:67:65:3d:30:0d:0a:0d:0a" - }, - "http": { - "GET \/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094945528362978 HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "GET \/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094945528362978 HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "GET", - "http.request.uri": "\/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094945528362978", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "pubsub.pubnub.com", - "http.request.line": "Host: pubsub.pubnub.com\r\n", - "http.user_agent": "lwsockets\/0.1", - "http.request.line": "User-Agent: lwsockets\/0.1\r\n", - "http.connection": "keep-alive", - "http.request.line": "Connection: keep-alive\r\n", - "http.cache_control": "no-cache, no-store, max-age=0", - "http.request.line": "Cache-Control: no-cache, no-store, max-age=0\r\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/pubsub.pubnub.com\/subscribe\/sub-c-b5b5eaae-8cd9-11e3-a56b-02ee2ddab7fe\/channel_9bc41ac4-79a6-45e1-97d2-4b0e1dbe5923\/0\/15094945528362978", - "http.request": "1", - "http.request_number": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:51.691563000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496191.691563000", - "frame.time_delta": "0.012345000", - "frame.time_delta_displayed": "0.012345000", - "frame.time_relative": "2600.230877000", - "frame.number": "9230", - "frame.len": "54", - "frame.cap_len": "54", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x000057df", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "47", - "ip.proto": "6", - "ip.checksum": "0x00003bf0", - "ip.checksum.status": "2", - "ip.src": "54.241.191.239", - "ip.addr": "54.241.191.239", - "ip.src_host": "54.241.191.239", - "ip.host": "54.241.191.239", - "ip.dst": "192.168.0.120", - "ip.addr": "192.168.0.120", - "ip.dst_host": "192.168.0.120", - "ip.host": "192.168.0.120", - "Source GeoIP: United States, AS16509 Amazon.com, Inc., San Jose, CA, 37.339401, -121.894997": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.asnum": "AS16509 Amazon.com, Inc.", - "ip.geoip.src_city": "San Jose, CA", - "ip.geoip.city": "San Jose, CA", - "ip.geoip.src_lat": "37.339401", - "ip.geoip.lat": "37.339401", - "ip.geoip.src_lon": "-121.894997", - "ip.geoip.lon": "-121.894997" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "80", - "tcp.dstport": "49783", - "tcp.port": "80", - "tcp.port": "49783", - "tcp.stream": "356", - "tcp.len": "0", - "tcp.seq": "1", - "tcp.ack": "258", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "30016", - "tcp.window_size": "30016", - "tcp.window_size_scalefactor": "-2", - "tcp.checksum": "0x00004440", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "9229", - "tcp.analysis.ack_rtt": "0.012345000", - "tcp.analysis.initial_rtt": "0.018103000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:53.985023000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496193.985023000", - "frame.time_delta": "2.293460000", - "frame.time_delta_displayed": "2.293460000", - "frame.time_relative": "2602.524337000", - "frame.number": "9231", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x0000e7a4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000e1b2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:54.038049000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496194.038049000", - "frame.time_delta": "0.053026000", - "frame.time_delta_displayed": "0.053026000", - "frame.time_relative": "2602.577363000", - "frame.number": "9232", - "frame.len": "352", - "frame.cap_len": "352", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "338", - "ip.id": "0x0000e7a5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000e1b1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "318", - "udp.checksum": "0x0000d568", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: upnp:rootdevice\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4::upnp:rootdevice\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:54.090906000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496194.090906000", - "frame.time_delta": "0.052857000", - "frame.time_delta_displayed": "0.052857000", - "frame.time_relative": "2602.630220000", - "frame.number": "9233", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x0000e7aa", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000e1a3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:54.143838000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496194.143838000", - "frame.time_delta": "0.052932000", - "frame.time_delta_displayed": "0.052932000", - "frame.time_relative": "2602.683152000", - "frame.number": "9234", - "frame.len": "361", - "frame.cap_len": "361", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "347", - "ip.id": "0x0000e7ac", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000e1a1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "327", - "udp.checksum": "0x0000d264", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:54.196674000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496194.196674000", - "frame.time_delta": "0.052836000", - "frame.time_delta_displayed": "0.052836000", - "frame.time_relative": "2602.735988000", - "frame.number": "9235", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x0000e7b0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000e1a3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:54.249534000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496194.249534000", - "frame.time_delta": "0.052860000", - "frame.time_delta_displayed": "0.052860000", - "frame.time_relative": "2602.788848000", - "frame.number": "9236", - "frame.len": "355", - "frame.cap_len": "355", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:ssdp" - }, - "eth": { - "eth.dst": "01:00:5e:7f:ff:fa", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_7f:ff:fa", - "eth.addr": "01:00:5e:7f:ff:fa", - "eth.addr_resolved": "IPv4mcast_7f:ff:fa", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "341", - "ip.id": "0x0000e7b1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "255", - "ip.proto": "17", - "ip.checksum": "0x0000e1a2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "239.255.255.250", - "ip.addr": "239.255.255.250", - "ip.dst_host": "239.255.255.250", - "ip.host": "239.255.255.250", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1900", - "udp.dstport": "1900", - "udp.port": "1900", - "udp.port": "1900", - "udp.length": "321", - "udp.checksum": "0x00005094", - "udp.checksum.status": "2", - "udp.stream": "8" - }, - "ssdp": { - "NOTIFY * HTTP\/1.1\\r\\n": { - "_ws.expert": { - "http.chat": "", - "_ws.expert.message": "NOTIFY * HTTP\/1.1\\r\\n", - "_ws.expert.severity": "2097152", - "_ws.expert.group": "33554432" - }, - "http.request.method": "NOTIFY", - "http.request.uri": "*", - "http.request.version": "HTTP\/1.1" - }, - "http.host": "239.255.255.250:1900", - "http.cache_control": "max-age=100", - "http.location": "http:\/\/192.168.0.160:80\/description.xml", - "http.server": "Linux\/3.14.0 UPnP\/1.0 IpBridge\/1.21.0", - "http.unknown_header": "NTS: ssdp:alive\\r\\n", - "http.unknown_header": "hue-bridgeid: 001788FFFE69EEE4\\r\\n", - "http.unknown_header": "NT: urn:schemas-upnp-org:device:basic:1\\r\\n", - "http.unknown_header": "USN: uuid:2f402f80-da50-11e1-9b23-00178869eee4\\r\\n", - "\\r\\n": "", - "http.request.full_uri": "http:\/\/239.255.255.250:1900*", - "http.notification": "1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:54.740071000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496194.740071000", - "frame.time_delta": "0.490537000", - "frame.time_delta_displayed": "0.490537000", - "frame.time_relative": "2603.279385000", - "frame.number": "9237", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00002090", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b760", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00001055", - "udp.checksum.status": "2", - "udp.stream": "150" - }, - "mdns": { - "dns.id": "0x0000029d", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=669", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:54.740587000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496194.740587000", - "frame.time_delta": "0.000516000", - "frame.time_delta_displayed": "0.000516000", - "frame.time_relative": "2603.279901000", - "frame.number": "9238", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00002091", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000985b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f150", - "udp.checksum.status": "2", - "udp.stream": "151" - }, - "mdns": { - "dns.id": "0x0000029d", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=669", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:54.741222000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496194.741222000", - "frame.time_delta": "0.000635000", - "frame.time_delta_displayed": "0.000635000", - "frame.time_relative": "2603.280536000", - "frame.number": "9239", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1325", - "udp.dstport": "5353", - "udp.port": "1325", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00007f16", - "udp.checksum.status": "2", - "udp.stream": "152" - }, - "mdns": { - "dns.id": "0x0000029d", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=669", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:55.028733000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496195.028733000", - "frame.time_delta": "0.287511000", - "frame.time_delta_displayed": "0.287511000", - "frame.time_relative": "2603.568047000", - "frame.number": "9240", - "frame.len": "92", - "frame.cap_len": "92", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:nbns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "78", - "ip.id": "0x00005ffa", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x000057e9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "137", - "udp.dstport": "137", - "udp.port": "137", - "udp.port": "137", - "udp.length": "58", - "udp.checksum": "0x0000a418", - "udp.checksum.status": "2", - "udp.stream": "28" - }, - "nbns": { - "nbns.id": "0x00009625", - "nbns.flags": "0x00000110", - "nbns.flags_tree": { - "nbns.flags.response": "0", - "nbns.flags.opcode": "0", - "nbns.flags.truncated": "0", - "nbns.flags.recdesired": "1", - "nbns.flags.broadcast": "1" - }, - "nbns.count.queries": "1", - "nbns.count.answers": "0", - "nbns.count.auth_rr": "0", - "nbns.count.add_rr": "0", - "Queries": { - "WPAD<00>: type NB, class IN": { - "nbns.name": "WPAD<00>", - "nbns.type": "32", - "nbns.class": "1" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:55.029896000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496195.029896000", - "frame.time_delta": "0.001163000", - "frame.time_delta_displayed": "0.001163000", - "frame.time_relative": "2603.569210000", - "frame.number": "9241", - "frame.len": "84", - "frame.cap_len": "84", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:llmnr" - }, - "eth": { - "eth.dst": "33:33:00:01:00:03", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:03", - "eth.addr": "33:33:00:01:00:03", - "eth.addr_resolved": "IPv6mcast_01:00:03", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x000439d5", - "ipv6.plen": "30", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::790f:988f:49cf:68ba", - "ipv6.addr": "fe80::790f:988f:49cf:68ba", - "ipv6.src_host": "fe80::790f:988f:49cf:68ba", - "ipv6.host": "fe80::790f:988f:49cf:68ba", - "ipv6.dst": "ff02::1:3", - "ipv6.addr": "ff02::1:3", - "ipv6.dst_host": "ff02::1:3", - "ipv6.host": "ff02::1:3", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "60542", - "udp.dstport": "5355", - "udp.port": "60542", - "udp.port": "5355", - "udp.length": "30", - "udp.checksum": "0x000049f3", - "udp.checksum.status": "2", - "udp.stream": "170" - }, - "llmnr": { - "dns.id": "0x000019c9", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.conflict": "0", - "dns.flags.truncated": "0", - "dns.flags.tentative": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "wpad: type A, class IN": { - "dns.qry.name": "wpad", - "dns.qry.name.len": "4", - "dns.count.labels": "1", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:55.030493000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496195.030493000", - "frame.time_delta": "0.000597000", - "frame.time_delta_displayed": "0.000597000", - "frame.time_relative": "2603.569807000", - "frame.number": "9242", - "frame.len": "64", - "frame.cap_len": "64", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:llmnr" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fc", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fc", - "eth.addr": "01:00:5e:00:00:fc", - "eth.addr_resolved": "IPv4mcast_fc", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "50", - "ip.id": "0x00000582", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x00001229", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "224.0.0.252", - "ip.addr": "224.0.0.252", - "ip.dst_host": "224.0.0.252", - "ip.host": "224.0.0.252", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "60542", - "udp.dstport": "5355", - "udp.port": "60542", - "udp.port": "5355", - "udp.length": "30", - "udp.checksum": "0x00006992", - "udp.checksum.status": "2", - "udp.stream": "171" - }, - "llmnr": { - "dns.id": "0x000019c9", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.conflict": "0", - "dns.flags.truncated": "0", - "dns.flags.tentative": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "wpad: type A, class IN": { - "dns.qry.name": "wpad", - "dns.qry.name.len": "4", - "dns.count.labels": "1", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:55.031647000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496195.031647000", - "frame.time_delta": "0.001154000", - "frame.time_delta_displayed": "0.001154000", - "frame.time_relative": "2603.570961000", - "frame.number": "9243", - "frame.len": "84", - "frame.cap_len": "84", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:llmnr" - }, - "eth": { - "eth.dst": "33:33:00:01:00:03", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:03", - "eth.addr": "33:33:00:01:00:03", - "eth.addr_resolved": "IPv6mcast_01:00:03", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x000fda3c", - "ipv6.plen": "30", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::790f:988f:49cf:68ba", - "ipv6.addr": "fe80::790f:988f:49cf:68ba", - "ipv6.src_host": "fe80::790f:988f:49cf:68ba", - "ipv6.host": "fe80::790f:988f:49cf:68ba", - "ipv6.dst": "ff02::1:3", - "ipv6.addr": "ff02::1:3", - "ipv6.dst_host": "ff02::1:3", - "ipv6.host": "ff02::1:3", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "58912", - "udp.dstport": "5355", - "udp.port": "58912", - "udp.port": "5355", - "udp.length": "30", - "udp.checksum": "0x00008533", - "udp.checksum.status": "2", - "udp.stream": "172" - }, - "llmnr": { - "dns.id": "0x0000e4cb", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.conflict": "0", - "dns.flags.truncated": "0", - "dns.flags.tentative": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "wpad: type AAAA, class IN": { - "dns.qry.name": "wpad", - "dns.qry.name.len": "4", - "dns.count.labels": "1", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:55.032660000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496195.032660000", - "frame.time_delta": "0.001013000", - "frame.time_delta_displayed": "0.001013000", - "frame.time_relative": "2603.571974000", - "frame.number": "9244", - "frame.len": "64", - "frame.cap_len": "64", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:llmnr" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fc", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fc", - "eth.addr": "01:00:5e:00:00:fc", - "eth.addr_resolved": "IPv4mcast_fc", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "50", - "ip.id": "0x00000583", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x00001228", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "224.0.0.252", - "ip.addr": "224.0.0.252", - "ip.dst_host": "224.0.0.252", - "ip.host": "224.0.0.252", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "58912", - "udp.dstport": "5355", - "udp.port": "58912", - "udp.port": "5355", - "udp.length": "30", - "udp.checksum": "0x0000a4d2", - "udp.checksum.status": "2", - "udp.stream": "173" - }, - "llmnr": { - "dns.id": "0x0000e4cb", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.conflict": "0", - "dns.flags.truncated": "0", - "dns.flags.tentative": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "wpad: type AAAA, class IN": { - "dns.qry.name": "wpad", - "dns.qry.name.len": "4", - "dns.count.labels": "1", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:55.440906000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496195.440906000", - "frame.time_delta": "0.408246000", - "frame.time_delta_displayed": "0.408246000", - "frame.time_relative": "2603.980220000", - "frame.number": "9245", - "frame.len": "84", - "frame.cap_len": "84", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:llmnr" - }, - "eth": { - "eth.dst": "33:33:00:01:00:03", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:03", - "eth.addr": "33:33:00:01:00:03", - "eth.addr_resolved": "IPv6mcast_01:00:03", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x000439d5", - "ipv6.plen": "30", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::790f:988f:49cf:68ba", - "ipv6.addr": "fe80::790f:988f:49cf:68ba", - "ipv6.src_host": "fe80::790f:988f:49cf:68ba", - "ipv6.host": "fe80::790f:988f:49cf:68ba", - "ipv6.dst": "ff02::1:3", - "ipv6.addr": "ff02::1:3", - "ipv6.dst_host": "ff02::1:3", - "ipv6.host": "ff02::1:3", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "60542", - "udp.dstport": "5355", - "udp.port": "60542", - "udp.port": "5355", - "udp.length": "30", - "udp.checksum": "0x000049f3", - "udp.checksum.status": "2", - "udp.stream": "170" - }, - "llmnr": { - "dns.id": "0x000019c9", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.conflict": "0", - "dns.flags.truncated": "0", - "dns.flags.tentative": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "wpad: type A, class IN": { - "dns.qry.name": "wpad", - "dns.qry.name.len": "4", - "dns.count.labels": "1", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:55.441463000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496195.441463000", - "frame.time_delta": "0.000557000", - "frame.time_delta_displayed": "0.000557000", - "frame.time_relative": "2603.980777000", - "frame.number": "9246", - "frame.len": "64", - "frame.cap_len": "64", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:llmnr" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fc", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fc", - "eth.addr": "01:00:5e:00:00:fc", - "eth.addr_resolved": "IPv4mcast_fc", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "50", - "ip.id": "0x00000584", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x00001227", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "224.0.0.252", - "ip.addr": "224.0.0.252", - "ip.dst_host": "224.0.0.252", - "ip.host": "224.0.0.252", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "60542", - "udp.dstport": "5355", - "udp.port": "60542", - "udp.port": "5355", - "udp.length": "30", - "udp.checksum": "0x00006992", - "udp.checksum.status": "2", - "udp.stream": "171" - }, - "llmnr": { - "dns.id": "0x000019c9", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.conflict": "0", - "dns.flags.truncated": "0", - "dns.flags.tentative": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "wpad: type A, class IN": { - "dns.qry.name": "wpad", - "dns.qry.name.len": "4", - "dns.count.labels": "1", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:55.442891000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496195.442891000", - "frame.time_delta": "0.001428000", - "frame.time_delta_displayed": "0.001428000", - "frame.time_relative": "2603.982205000", - "frame.number": "9247", - "frame.len": "84", - "frame.cap_len": "84", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:llmnr" - }, - "eth": { - "eth.dst": "33:33:00:01:00:03", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_01:00:03", - "eth.addr": "33:33:00:01:00:03", - "eth.addr_resolved": "IPv6mcast_01:00:03", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x000fda3c", - "ipv6.plen": "30", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::790f:988f:49cf:68ba", - "ipv6.addr": "fe80::790f:988f:49cf:68ba", - "ipv6.src_host": "fe80::790f:988f:49cf:68ba", - "ipv6.host": "fe80::790f:988f:49cf:68ba", - "ipv6.dst": "ff02::1:3", - "ipv6.addr": "ff02::1:3", - "ipv6.dst_host": "ff02::1:3", - "ipv6.host": "ff02::1:3", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "58912", - "udp.dstport": "5355", - "udp.port": "58912", - "udp.port": "5355", - "udp.length": "30", - "udp.checksum": "0x00008533", - "udp.checksum.status": "2", - "udp.stream": "172" - }, - "llmnr": { - "dns.id": "0x0000e4cb", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.conflict": "0", - "dns.flags.truncated": "0", - "dns.flags.tentative": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "wpad: type AAAA, class IN": { - "dns.qry.name": "wpad", - "dns.qry.name.len": "4", - "dns.count.labels": "1", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:55.443515000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496195.443515000", - "frame.time_delta": "0.000624000", - "frame.time_delta_displayed": "0.000624000", - "frame.time_relative": "2603.982829000", - "frame.number": "9248", - "frame.len": "64", - "frame.cap_len": "64", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:llmnr" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fc", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fc", - "eth.addr": "01:00:5e:00:00:fc", - "eth.addr_resolved": "IPv4mcast_fc", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "50", - "ip.id": "0x00000585", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "1", - "ip.proto": "17", - "ip.checksum": "0x00001226", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "224.0.0.252", - "ip.addr": "224.0.0.252", - "ip.dst_host": "224.0.0.252", - "ip.host": "224.0.0.252", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "58912", - "udp.dstport": "5355", - "udp.port": "58912", - "udp.port": "5355", - "udp.length": "30", - "udp.checksum": "0x0000a4d2", - "udp.checksum.status": "2", - "udp.stream": "173" - }, - "llmnr": { - "dns.id": "0x0000e4cb", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.conflict": "0", - "dns.flags.truncated": "0", - "dns.flags.tentative": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "wpad: type AAAA, class IN": { - "dns.qry.name": "wpad", - "dns.qry.name.len": "4", - "dns.count.labels": "1", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:55.570366000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496195.570366000", - "frame.time_delta": "0.126851000", - "frame.time_delta_displayed": "0.126851000", - "frame.time_relative": "2604.109680000", - "frame.number": "9249", - "frame.len": "42", - "frame.cap_len": "42", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "e4:95:6e:b0:20:39", - "eth.dst_tree": { - "eth.dst_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "1", - "arp.src.hw_mac": "b0:b9:8a:73:69:8e", - "arp.src.proto_ipv4": "192.168.0.1", - "arp.dst.hw_mac": "00:00:00:00:00:00", - "arp.dst.proto_ipv4": "192.168.0.120" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:55.575697000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496195.575697000", - "frame.time_delta": "0.005331000", - "frame.time_delta_displayed": "0.005331000", - "frame.time_relative": "2604.115011000", - "frame.number": "9250", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:arp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "e4:95:6e:b0:20:39", - "eth.src_tree": { - "eth.src_resolved": "Iconserv_20:39", - "eth.addr": "e4:95:6e:b0:20:39", - "eth.addr_resolved": "Iconserv_20:39", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000806", - "eth.padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" - }, - "arp": { - "arp.hw.type": "1", - "arp.proto.type": "0x00000800", - "arp.hw.size": "6", - "arp.proto.size": "4", - "arp.opcode": "2", - "arp.src.hw_mac": "e4:95:6e:b0:20:39", - "arp.src.proto_ipv4": "192.168.0.120", - "arp.dst.hw_mac": "b0:b9:8a:73:69:8e", - "arp.dst.proto_ipv4": "192.168.0.1" - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:55.779172000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496195.779172000", - "frame.time_delta": "0.203475000", - "frame.time_delta_displayed": "0.203475000", - "frame.time_relative": "2604.318486000", - "frame.number": "9251", - "frame.len": "92", - "frame.cap_len": "92", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:nbns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "78", - "ip.id": "0x00005ffb", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x000057e8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "137", - "udp.dstport": "137", - "udp.port": "137", - "udp.port": "137", - "udp.length": "58", - "udp.checksum": "0x0000a418", - "udp.checksum.status": "2", - "udp.stream": "28" - }, - "nbns": { - "nbns.id": "0x00009625", - "nbns.flags": "0x00000110", - "nbns.flags_tree": { - "nbns.flags.response": "0", - "nbns.flags.opcode": "0", - "nbns.flags.truncated": "0", - "nbns.flags.recdesired": "1", - "nbns.flags.broadcast": "1" - }, - "nbns.count.queries": "1", - "nbns.count.answers": "0", - "nbns.count.auth_rr": "0", - "nbns.count.add_rr": "0", - "Queries": { - "WPAD<00>: type NB, class IN": { - "nbns.name": "WPAD<00>", - "nbns.type": "32", - "nbns.class": "1" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:56.529384000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496196.529384000", - "frame.time_delta": "0.750212000", - "frame.time_delta_displayed": "0.750212000", - "frame.time_relative": "2605.068698000", - "frame.number": "9252", - "frame.len": "92", - "frame.cap_len": "92", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:nbns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "78", - "ip.id": "0x00005ffc", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x000057e7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "137", - "udp.dstport": "137", - "udp.port": "137", - "udp.port": "137", - "udp.length": "58", - "udp.checksum": "0x0000a418", - "udp.checksum.status": "2", - "udp.stream": "28" - }, - "nbns": { - "nbns.id": "0x00009625", - "nbns.flags": "0x00000110", - "nbns.flags_tree": { - "nbns.flags.response": "0", - "nbns.flags.opcode": "0", - "nbns.flags.truncated": "0", - "nbns.flags.recdesired": "1", - "nbns.flags.broadcast": "1" - }, - "nbns.count.queries": "1", - "nbns.count.answers": "0", - "nbns.count.auth_rr": "0", - "nbns.count.add_rr": "0", - "Queries": { - "WPAD<00>: type NB, class IN": { - "nbns.name": "WPAD<00>", - "nbns.type": "32", - "nbns.class": "1" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:59.740376000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496199.740376000", - "frame.time_delta": "3.210992000", - "frame.time_delta_displayed": "3.210992000", - "frame.time_relative": "2608.279690000", - "frame.number": "9253", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "01:00:5e:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv4mcast_fb", - "eth.addr": "01:00:5e:00:00:fb", - "eth.addr_resolved": "IPv4mcast_fb", - "eth.lg": "0", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00002092", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.ttl_tree": { - "_ws.expert": { - "ip.ttl.lncb": "", - "_ws.expert.message": "\"Time To Live\" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)", - "_ws.expert.severity": "4194304", - "_ws.expert.group": "33554432" - } - }, - "ip.proto": "17", - "ip.checksum": "0x0000b75e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "224.0.0.251", - "ip.addr": "224.0.0.251", - "ip.dst_host": "224.0.0.251", - "ip.host": "224.0.0.251", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00001055", - "udp.checksum.status": "2", - "udp.stream": "150" - }, - "mdns": { - "dns.id": "0x0000029d", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=669", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:59.740882000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496199.740882000", - "frame.time_delta": "0.000506000", - "frame.time_delta_displayed": "0.000506000", - "frame.time_relative": "2608.280196000", - "frame.number": "9254", - "frame.len": "275", - "frame.cap_len": "275", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:mdns" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "261", - "ip.id": "0x00002093", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009859", - "ip.checksum.status": "2", - "ip.src": "192.168.0.84", - "ip.addr": "192.168.0.84", - "ip.src_host": "192.168.0.84", - "ip.host": "192.168.0.84", - "ip.dst": "255.255.255.255", - "ip.addr": "255.255.255.255", - "ip.dst_host": "255.255.255.255", - "ip.host": "255.255.255.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1324", - "udp.dstport": "5353", - "udp.port": "1324", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x0000f150", - "udp.checksum.status": "2", - "udp.stream": "151" - }, - "mdns": { - "dns.id": "0x0000029d", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=669", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:29:59.741505000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496199.741505000", - "frame.time_delta": "0.000623000", - "frame.time_delta_displayed": "0.000623000", - "frame.time_relative": "2608.280819000", - "frame.number": "9255", - "frame.len": "295", - "frame.cap_len": "295", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ipv6:udp:mdns" - }, - "eth": { - "eth.dst": "33:33:00:00:00:fb", - "eth.dst_tree": { - "eth.dst_resolved": "IPv6mcast_fb", - "eth.addr": "33:33:00:00:00:fb", - "eth.addr_resolved": "IPv6mcast_fb", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "d0:73:d5:12:8e:30", - "eth.src_tree": { - "eth.src_resolved": "LifiLabs_12:8e:30", - "eth.addr": "d0:73:d5:12:8e:30", - "eth.addr_resolved": "LifiLabs_12:8e:30", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x000086dd" - }, - "ipv6": { - "ipv6.version": "6", - "ip.version": "6", - "ipv6.tclass": "0x00000000", - "ipv6.tclass_tree": { - "ipv6.tclass.dscp": "0", - "ipv6.tclass.ecn": "0" - }, - "ipv6.flow": "0x00000000", - "ipv6.plen": "241", - "ipv6.nxt": "17", - "ipv6.hlim": "1", - "ipv6.src": "fe80::d273:d5ff:fe12:8e30", - "ipv6.addr": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.host": "fe80::d273:d5ff:fe12:8e30", - "ipv6.src_sa_mac": "d0:73:d5:12:8e:30", - "ipv6.sa_mac": "d0:73:d5:12:8e:30", - "ipv6.dst": "ff02::fb", - "ipv6.addr": "ff02::fb", - "ipv6.dst_host": "ff02::fb", - "ipv6.host": "ff02::fb", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "1325", - "udp.dstport": "5353", - "udp.port": "1325", - "udp.port": "5353", - "udp.length": "241", - "udp.checksum": "0x00007f16", - "udp.checksum.status": "2", - "udp.stream": "152" - }, - "mdns": { - "dns.id": "0x0000029d", - "dns.flags": "0x00000000", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "0", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "2", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "2", - "Queries": { - "_alljoyn._tcp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._tcp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - }, - "_alljoyn._udp.local: type PTR, class IN, \"QU\" question": { - "dns.qry.name": "_alljoyn._udp.local", - "dns.qry.name.len": "19", - "dns.count.labels": "3", - "dns.qry.type": "12", - "dns.qry.class": "0x00000001", - "dns.qry.qu": "1" - } - }, - "Additional records": { - "search.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "search.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "39", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "24", - "dns.txt": "n_1=org.alljoyn.BusNode*", - "dns.txt.length": "3", - "dns.txt": "m=1" - }, - "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local: type TXT, class IN": { - "dns.resp.name": "sender-info.daccb9c1d32eeb2b4c1579b854d2ab20.local", - "dns.resp.type": "16", - "dns.resp.class": "0x00000001", - "dns.resp.cache_flush": "0", - "dns.resp.ttl": "120", - "dns.resp.len": "61", - "dns.txt.length": "9", - "dns.txt": "txtvers=0", - "dns.txt.length": "7", - "dns.txt": "ajpv=10", - "dns.txt.length": "4", - "dns.txt": "pv=2", - "dns.txt.length": "7", - "dns.txt": "sid=669", - "dns.txt.length": "17", - "dns.txt": "ipv4=192.168.0.84", - "dns.txt.length": "11", - "dns.txt": "upcv4=54077" - } - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:30:04.467458000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496204.467458000", - "frame.time_delta": "4.725953000", - "frame.time_delta_displayed": "4.725953000", - "frame.time_relative": "2613.006772000", - "frame.number": "9256", - "frame.len": "94", - "frame.cap_len": "94", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "80", - "ip.id": "0x00005842", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a627", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "40", - "tcp.seq": "5358", - "tcp.nxtseq": "5398", - "tcp.ack": "865", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x000030bc", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "40", - "tcp.analysis.push_bytes_sent": "40" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "35", - "ssl.app_data": "c1:4c:bc:6e:d4:4e:36:f3:37:eb:ed:03:21:4b:d1:cf:de:ec:b8:31:b7:97:9b:1a:36:e9:3a:0d:57:1b:4c:8e:fa:06:e9" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:30:04.562482000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496204.562482000", - "frame.time_delta": "0.095024000", - "frame.time_delta_displayed": "0.095024000", - "frame.time_relative": "2613.101796000", - "frame.number": "9257", - "frame.len": "115", - "frame.cap_len": "115", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "101", - "ip.id": "0x00009751", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x000075fd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "49", - "tcp.seq": "109562", - "tcp.nxtseq": "109611", - "tcp.ack": "24173", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000879d", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:ad:b4:a7:a4:d4:e8", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2665908, TSecr 2812597480": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2665908", - "tcp.options.timestamp.tsecr": "2812597480" - } - }, - "tcp.analysis": { - "tcp.analysis.bytes_in_flight": "49", - "tcp.analysis.push_bytes_sent": "49" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "44", - "ssl.app_data": "13:6b:24:d2:9f:7e:46:ef:c5:bb:55:eb:b3:5f:c6:bf:7f:64:0e:b0:b2:d7:c7:9f:05:18:6b:2b:e2:06:d4:8a:75:14:3a:46:58:48:b6:c7:4a:62:c9:ac" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:30:04.611044000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496204.611044000", - "frame.time_delta": "0.048562000", - "frame.time_delta_displayed": "0.048562000", - "frame.time_relative": "2613.150358000", - "frame.number": "9258", - "frame.len": "90", - "frame.cap_len": "90", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "76", - "ip.id": "0x00001021", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "49", - "ip.proto": "6", - "ip.checksum": "0x0000fd4c", - "ip.checksum.status": "2", - "ip.src": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.src_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.src_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.src_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.src_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "47009", - "tcp.port": "443", - "tcp.port": "47009", - "tcp.stream": "1", - "tcp.len": "36", - "tcp.seq": "865", - "tcp.nxtseq": "901", - "tcp.ack": "5398", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "1337", - "tcp.window_size": "1337", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x00003222", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "9256", - "tcp.analysis.ack_rtt": "0.143586000", - "tcp.analysis.bytes_in_flight": "36", - "tcp.analysis.push_bytes_sent": "36" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "31", - "ssl.app_data": "54:26:79:5a:1e:3d:fa:78:05:8a:0d:a9:dd:24:96:a6:74:3a:61:36:92:25:31:23:89:6c:2d:64:9a:cd:17" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:30:04.611555000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496204.611555000", - "frame.time_delta": "0.000511000", - "frame.time_delta_displayed": "0.000511000", - "frame.time_relative": "2613.150869000", - "frame.number": "9259", - "frame.len": "60", - "frame.cap_len": "60", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800", - "eth.padding": "00:00:00:00:00:00" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "40", - "ip.id": "0x00005843", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000a64e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "104.155.18.91", - "ip.addr": "104.155.18.91", - "ip.dst_host": "104.155.18.91", - "ip.host": "104.155.18.91", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, AS15169 Google Inc., Mountain View, CA, 37.419201, -122.057404": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_asnum": "AS15169 Google Inc.", - "ip.geoip.asnum": "AS15169 Google Inc.", - "ip.geoip.dst_city": "Mountain View, CA", - "ip.geoip.city": "Mountain View, CA", - "ip.geoip.dst_lat": "37.419201", - "ip.geoip.lat": "37.419201", - "ip.geoip.dst_lon": "-122.057404", - "ip.geoip.lon": "-122.057404" - } - }, - "tcp": { - "tcp.srcport": "47009", - "tcp.dstport": "443", - "tcp.port": "47009", - "tcp.port": "443", - "tcp.stream": "1", - "tcp.len": "0", - "tcp.seq": "5398", - "tcp.ack": "901", - "tcp.hdr_len": "20", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "4015", - "tcp.window_size": "4015", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000ee25", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.analysis": { - "tcp.analysis.acks_frame": "9258", - "tcp.analysis.ack_rtt": "0.000511000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:30:04.623329000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496204.623329000", - "frame.time_delta": "0.011774000", - "frame.time_delta_displayed": "0.011774000", - "frame.time_relative": "2613.162643000", - "frame.number": "9260", - "frame.len": "121", - "frame.cap_len": "121", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp:ssl" - }, - "eth": { - "eth.dst": "d0:52:a8:a3:60:0f", - "eth.dst_tree": { - "eth.dst_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "107", - "ip.id": "0x00002e48", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "232", - "ip.proto": "6", - "ip.checksum": "0x00003700", - "ip.checksum.status": "2", - "ip.src": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.src_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "ip.dst": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.dst_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "Source GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.src_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.src_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.src_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.src_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - }, - "Destination GeoIP: Unknown": "" - }, - "tcp": { - "tcp.srcport": "443", - "tcp.dstport": "44970", - "tcp.port": "443", - "tcp.port": "44970", - "tcp.stream": "0", - "tcp.len": "55", - "tcp.seq": "24173", - "tcp.nxtseq": "24228", - "tcp.ack": "109611", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000018", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "1", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "422", - "tcp.window_size": "422", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000c196", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:a7:a4:f3:40:00:28:ad:b4", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2812605248, TSecr 2665908": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2812605248", - "tcp.options.timestamp.tsecr": "2665908" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "9257", - "tcp.analysis.ack_rtt": "0.060847000", - "tcp.analysis.bytes_in_flight": "55", - "tcp.analysis.push_bytes_sent": "55" - } - }, - "ssl": { - "ssl.record": { - "ssl.record.content_type": "23", - "ssl.record.version": "0x00000303", - "ssl.record.length": "50", - "ssl.app_data": "34:cd:34:17:47:48:0e:ff:f1:6e:10:f0:e5:36:4d:f3:8c:4e:1a:46:2c:23:4b:cc:91:d9:69:ec:43:0b:a5:70:3d:28:ef:01:7c:33:9e:7a:db:a6:8f:80:60:1e:99:c2:79:93" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:30:04.623819000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496204.623819000", - "frame.time_delta": "0.000490000", - "frame.time_delta_displayed": "0.000490000", - "frame.time_relative": "2613.163133000", - "frame.number": "9261", - "frame.len": "66", - "frame.cap_len": "66", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:tcp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "d0:52:a8:a3:60:0f", - "eth.src_tree": { - "eth.src_resolved": "Physical_a3:60:0f", - "eth.addr": "d0:52:a8:a3:60:0f", - "eth.addr_resolved": "Physical_a3:60:0f", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "52", - "ip.id": "0x00009752", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "6", - "ip.checksum": "0x0000762d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.242", - "ip.addr": "192.168.0.242", - "ip.src_host": "192.168.0.242", - "ip.host": "192.168.0.242", - "ip.dst": "13.59.94.111", - "ip.addr": "13.59.94.111", - "ip.dst_host": "13.59.94.111", - "ip.host": "13.59.94.111", - "Source GeoIP: Unknown": "", - "Destination GeoIP: United States, Norwalk, CT, 41.127102, -73.441597": { - "ip.geoip.dst_country": "United States", - "ip.geoip.country": "United States", - "ip.geoip.dst_city": "Norwalk, CT", - "ip.geoip.city": "Norwalk, CT", - "ip.geoip.dst_lat": "41.127102", - "ip.geoip.lat": "41.127102", - "ip.geoip.dst_lon": "-73.441597", - "ip.geoip.lon": "-73.441597" - } - }, - "tcp": { - "tcp.srcport": "44970", - "tcp.dstport": "443", - "tcp.port": "44970", - "tcp.port": "443", - "tcp.stream": "0", - "tcp.len": "0", - "tcp.seq": "109611", - "tcp.ack": "24228", - "tcp.hdr_len": "32", - "tcp.flags": "0x00000010", - "tcp.flags_tree": { - "tcp.flags.res": "0", - "tcp.flags.ns": "0", - "tcp.flags.cwr": "0", - "tcp.flags.ecn": "0", - "tcp.flags.urg": "0", - "tcp.flags.ack": "1", - "tcp.flags.push": "0", - "tcp.flags.reset": "0", - "tcp.flags.syn": "0", - "tcp.flags.fin": "0", - "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7A\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7" - }, - "tcp.window_size_value": "661", - "tcp.window_size": "661", - "tcp.window_size_scalefactor": "-1", - "tcp.checksum": "0x0000fbc9", - "tcp.checksum.status": "2", - "tcp.urgent_pointer": "0", - "tcp.options": "01:01:08:0a:00:28:ad:ba:a7:a4:f3:40", - "tcp.options_tree": { - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "No-Operation (NOP)": { - "tcp.options.type": "1", - "tcp.options.type_tree": { - "tcp.options.type.copy": "0", - "tcp.options.type.class": "0", - "tcp.options.type.number": "1" - } - }, - "Timestamps: TSval 2665914, TSecr 2812605248": { - "tcp.option_kind": "8", - "tcp.option_len": "10", - "tcp.options.timestamp.tsval": "2665914", - "tcp.options.timestamp.tsecr": "2812605248" - } - }, - "tcp.analysis": { - "tcp.analysis.acks_frame": "9260", - "tcp.analysis.ack_rtt": "0.000490000" - } - } - } - } - } - - , - { - "_index": "packets-2017-11-01", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 31, 2017 17:30:07.101114000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1509496207.101114000", - "frame.time_delta": "2.477295000", - "frame.time_delta_displayed": "2.477295000", - "frame.time_relative": "2615.640428000", - "frame.number": "9262", - "frame.len": "86", - "frame.cap_len": "86", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:data" - }, - "eth": { - "eth.dst": "ff:ff:ff:ff:ff:ff", - "eth.dst_tree": { - "eth.dst_resolved": "Broadcast", - "eth.addr": "ff:ff:ff:ff:ff:ff", - "eth.addr_resolved": "Broadcast", - "eth.lg": "1", - "eth.ig": "1" - }, - "eth.src": "60:57:18:8e:aa:94", - "eth.src_tree": { - "eth.src_resolved": "IntelCor_8e:aa:94", - "eth.addr": "60:57:18:8e:aa:94", - "eth.addr_resolved": "IntelCor_8e:aa:94", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "72", - "ip.id": "0x00006000", - "ip.flags": "0x00000000", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "0", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "128", - "ip.proto": "17", - "ip.checksum": "0x000057e9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.108", - "ip.addr": "192.168.0.108", - "ip.src_host": "192.168.0.108", - "ip.host": "192.168.0.108", - "ip.dst": "192.168.0.255", - "ip.addr": "192.168.0.255", - "ip.dst_host": "192.168.0.255", - "ip.host": "192.168.0.255", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57621", - "udp.dstport": "57621", - "udp.port": "57621", - "udp.port": "57621", - "udp.length": "52", - "udp.checksum": "0x0000199e", - "udp.checksum.status": "2", - "udp.stream": "1" - }, - "data": { - "data.data": "53:70:6f:74:55:64:70:30:fb:51:3e:9d:68:73:23:53:00:01:00:04:48:95:c2:03:32:d0:2f:5b:95:bc:88:2d:c5:fe:3a:aa:80:f4:96:c1:f5:8d:ba:30", - "data.len": "44" - } - } - } - } - -] diff --git a/parser/parse_packet_frequency.py b/parser/parse_packet_frequency.py index 5c26679..afd5b1c 100644 --- a/parser/parse_packet_frequency.py +++ b/parser/parse_packet_frequency.py @@ -18,6 +18,8 @@ JSON_KEY_ETH_DST = "eth.dst" JSON_KEY_ETH_SRC = "eth.src" JSON_KEY_FRAME = "frame" JSON_KEY_FRAME_TIME = "frame.time" +TABLE_HEADER_X = "Timestamp (hh:mm:ss)" +TABLE_HEADER_Y = "Packet frequency (pps)" def save_to_file(tbl_header, dictionary, filename_out): @@ -30,11 +32,13 @@ def save_to_file(tbl_header, dictionary, filename_out): # Appending, not overwriting! f = open(filename_out, 'a') # Write the table header - f.write("\n\n" + str(tbl_header) + "\n"); + f.write("# " + TABLE_HEADER_X + " " + TABLE_HEADER_Y + "\n"); # Iterate over dictionary and write (key, value) pairs - #for key, value in dictionary.iteritems(): for key in sorted(dictionary): - f.write(str(key) + ", " + str(dictionary[key]) + "\n") + # Comma separated + #f.write(str(key) + ", " + str(dictionary[key]) + "\n") + # Space separated + f.write(str(key) + " " + str(dictionary[key]) + "\n") f.close() print "Writing output to file: ", filename_out diff --git a/ts_analysis_run.sh b/ts_analysis_run.sh new file mode 100755 index 0000000..9cb9435 --- /dev/null +++ b/ts_analysis_run.sh @@ -0,0 +1,31 @@ +#!/bin/sh + +# Check input arguments - we need 2 arguments +if [ $# -ne 2 ] + then + echo "Usage: ts_analysis_run.sh <path-and-json-file, e.g./a/b/c/d.json> <path-to-output-file, e.g. result/>" + exit 1 +fi + +# Check result folder and create one if it does not exist yet +[ -d $2 ] || mkdir $2 + +# Run the analysis +python parser/parse_packet_frequency.py $1 $2/wemo_switch.dat WeMo_Switch 94:10:3e:36:60:09 +python parser/parse_packet_frequency.py $1 $2/wemo_insight.dat WeMo_Insight 14:91:82:25:10:77 +python parser/parse_packet_frequency.py $1 $2/tplink_switch.dat TPLink_Switch 50:c7:bf:33:1f:09 +python parser/parse_packet_frequency.py $1 $2/dlink_switch.dat DLink_Switch 90:8d:78:e3:81:0c +python parser/parse_packet_frequency.py $1 $2/amcrest_camera.dat Amcrest_Camera 3c:ef:8c:6f:79:5a +python parser/parse_packet_frequency.py $1 $2/netgear_arlo_camera.dat Netgear_Arlo_Camera 40:5d:82:2f:50:2a +python parser/parse_packet_frequency.py $1 $2/lifx_lightbulb_1.dat Lifx_LightBulb_1 d0:73:d5:12:8e:30 +python parser/parse_packet_frequency.py $1 $2/lifx_lightbulb_2.dat Lifx_LightBulb_2 d0:73:d5:02:41:da +python parser/parse_packet_frequency.py $1 $2/philips_hue.dat Philips_Hue 00:17:88:69:ee:e4 +python parser/parse_packet_frequency.py $1 $2/tplink_lightbulb.dat TPLink_LightBulb 50:c7:bf:59:d5:84 +python parser/parse_packet_frequency.py $1 $2/nxeco_sprinkler.dat Nxeco_Sprinkler ac:cf:23:5a:9c:e2 +python parser/parse_packet_frequency.py $1 $2/blossom_sprinkler.dat Blossom_Sprinkler e4:95:6e:b0:20:39 +python parser/parse_packet_frequency.py $1 $2/dlink_alarm.dat DLink_Alarm c4:12:f5:de:38:20 +python parser/parse_packet_frequency.py $1 $2/dlink_motion_sensor.dat DLink_Motion_Sensor c4:12:f5:e3:dc:17 +python parser/parse_packet_frequency.py $1 $2/nest_thermostat.dat Nest_Thermostat 18:b4:30:bf:34:7e +python parser/parse_packet_frequency.py $1 $2/amazon_echo_dot.dat Amazon_Echo_Dot 68:37:e9:d2:26:0d +python parser/parse_packet_frequency.py $1 $2/smartthings_hub.dat SmartThings_Hub d0:52:a8:a3:60:0f + -- 2.34.1